Cisco UCM call recording

Cisco active recording (Built-in-Bridge)

This guide describes the configuration procedures required for call recording on Cisco Unified Communication Manager (UCM) platform and phones that have Built-in-Bridge (BiB) capability.

Requirements

The features utilized in this method of recording require the following:

Overview

This guide describes the configuration procedures required for call recording on Cisco Unified Communication Manager (UCM) platform and phones that have Built-in-Bridge (BiB) capability.

How it works

The MiaRec call recording system utilizes Built-in-Bridge call monitoring and recording capability available in 3rd generation of Cisco phones. Cisco UCM establishes SIP trunk connections to MiaRec recording server and notifies the latter when call is started. Cisco IP phone relays RTP media directly to the recorder.

Record Calls on Cisco Unified Communications Manager - Network Diagram

Cisco phones supporting Built-in-Bridge feature

The following table lists Cisco IP phone models, which support Built-in-Bridge feature for call recording and monitoring.

Phone modelSupported protocols
Cisco 6901 not supported
Cisco 12 S not supported
Cisco 12 SP not supported
Cisco 30 SP+ not supported
Cisco 3905 not supported
Cisco 3911 not supported
Cisco 6901 not supported
Cisco 6911 SCCP, SIP
Cisco 6921 SCCP, SIP
Cisco 6941 SCCP, SIP
Cisco 6945 SCCP, SIP
Cisco 6961 SCCP, SIP
Cisco 7811 SIP
Cisco 7821 SIP
Cisco 7841 SIP
Cisco 7861 SIP
Cisco 7902 not supported
Cisco 7905 not supported
Cisco 7906 SCCP, SIP
Cisco 7910 not supported
Cisco 7911 SCCP, SIP
Cisco 7912 not supported
Cisco 7914 Sidecar SCCP
Cisco 7915 Sidecar SCCP, SIP
Cisco CKEM Sidecar SIP
Cisco 7920 not supported
Cisco 7921 SCCP
Cisco 7925 SCCP
Cisco 7926 SCCP
Cisco 7931 SCCP, SIP
Cisco 7935 not supported
Cisco 7936 not supported
Cisco 7937 SCCP
Cisco 7940 not supported
Cisco 7941 SCCP, SIP
Cisco 7941G-GE SCCP, SIP
Cisco 7942 SCCP, SIP
Cisco 7945 SCCP, SIP
Cisco 7960 not supported
Cisco 7961 SCCP, SIP
Cisco 7961G-GE SCCP, SIP
Cisco 7962 SCCP, SIP
Cisco 7965 SCCP, SIP
Cisco 7970 SCCP, SIP
Cisco 7971 SCCP, SIP
Cisco 7975 SCCP, SIP
Cisco 7985 SCCP, SIP
Cisco 8811 SIP
Cisco 8831 SIP
Cisco 8841 SIP
Cisco 8845 SIP
Cisco 8851 SIP
Cisco 8861 SIP
Cisco 8865 SIP
Cisco 8941 SCCP, SIP
Cisco 8945 SCCP, SIP
Cisco 8961 SIP
Cisco 9951 SIP
Cisco 9971 SIP
Cisco DX650 SIP
Cisco E20 not supported
Cisco EX60 not supported
Cisco EX90 not supported
Cisco CTS 500 not supported
Cisco CTS 500-32 not supported
Cisco ATA 186 not supported
Cisco ATA 187 not supported
Cisco ATA 188 not supported
Cisco IP Communicator SCCP, SIP
Cisco Jabber for Windows SCCP, SIP
Cisco Jabber for Mac SCCP, SIP
Cisco Jabber for iPad not supported
Cisco Jabber for Android not supported
Cisco Unified Personal Communicator not supported
Cisco VGC Phone not supported
VG224 not supported
VG248 not supported
CTI Port not supported
CTI Remote Device not supported
CTI Route Point not supported

Last table update: 2015/10/01

Identify phones that support Built-in-Bridge recording

Up to date list of phone models that support Built-in-Bridge recording may be received with the following instructions:

  1. Start Cisco Unified Reporting by choosing Cisco Unified Reporting in the Navigation menu in Cisco Unified Communications Manager Administration and clicking Go.
  2. Click System Reports in the navigation bar.
  3. In the list of reports that displays in the left column, click the Unified CM Phone Feature List option.
  4. Click the Generate a new report link to generate a new report, or click the Unified CM Phone Feature List link if a report already exists.
  5. To generate a report of all devices that support recording, choose these settings from the respective drop-down list boxes and click the Submit button:

    • Product: All
    • Feature: Record
  6. The List Features pane displays a list of all devices that support the recording feature. You can click on the Up and Down arrows next to the column headers (Product or Protocol) to sort the list.

Identify phones supporting built-in-bridge

Configure CUCM

Create SIP profile for recorder

Use the Device > Device Settings > SIP Profile menu option in Cisco Unified Communications Manager Administration to create SIP profile for recorder.

The following figure illustrates creating a SIP profile for the recorder.

Create SIP profile for recorder

Make sure that the Deliver Conference Bridge Identifier option is checked. When enabled it allows to deliver additional information (specifically, the b-number that identifies a conference bridge) to the recorder across the SIP trunk. If the check box is left unchecked, the far-end information for the remote conference remains empty. Check the Deliver Conference Bridge Identifier check box on the remote cluster SIP profile as well.

Create SIP profile for recorder 2

Checking this check box is not required for recording, but the conference bridge identifier helps to group multiple call segments belonging to the same conference into one interaction, like shown in below screenshot:

Group calls into interaction

Configure SIP OPTIONS Ping

In multi-server setup, it is recommended to enable SIP Options Ping feature for each recording server. In a single-server setup, this feature should be disabled (see details below).

  • Single-server setup - disable SIP OPTIONS Ping
  • Multi-server setup - enable SIP OPTIONS Ping

Cisco UCM starting from v.8.5(1) supports SIP OPTIONS Ping feature. Cisco UCM periodically sends a SIP OPTIONS (ping) message to each recording server to detect its availability. If the recording server is unavailable – indicated by either no response, response of “408 Request Timeout” response of “503 Service Unavailable”, Cisco UCM marks this recording server as unavailable. It skips that server in the round-robin or sequential list of recording servers. The SIP Options Ping feature allows to detect availability of the recording server earlier, without having to wait until a call is ready to be recorded.

However, in single-node deployments, SIP Options Ping is not recommended. Not only is it not helpful, but it can result in unnecessary failure recovery delays.

Create SIP OPTIONS Ping

Create SIP Trunk Security Profile

Create SIP Trunk Security Profile for each MiaRec recording server.

Use the System > Security > SIP Trunk Security Profile menu option in Cisco Unified Communications Manager Administration to create SIP Trunk Security profile for recorder.

  • Set Incoming Transport Type to TCP+UDP.
  • Set Outgoing Transport Type to TCP (this setting has to match the configuration of MiaRec). TCP is recommended.
  • Uncheck option Enable Digest Authentication
  • Set Device Security Mode parameter to Non Secure.

Create SIP Trunk Security Profile

Create a SIP Trunk that points to the recorder

Use the Device > Trunk menu option in Cisco Unified Communications Manager Administration to create SIP trunk that points to the recorder.

  • Ensure that the Media Termination Point Required check box is unchecked.
  • Select the Run On All Active Unified CM Nodes check box.

Create SIP Trunk

Make sure the SIP Privacy option is set to None, otherwise you will see in call details a text "Anonymous" instead of user's extension.

Create SIP Trunk

In SIP Information section configure:

  • Destination Address should point to ip-address or DNS name of the recorder server
  • Destination Port should match the port on which MiaRec recorder is listening for messages from CUCM (see configuration of MiaRec below)
  • Select the previously created SIP Trunk Security Profile for the recorder
  • Select the previously created SIP Profile for the recorder

Create SIP Trunk

Create a recording profile

Use the Device > Device Settings > Recording Profile menu option in Cisco Unified Communications Manager Administration to create recording profile.

The following figure illustrates creating a recording profile.

Set Recording Destination Address to the directory number that associates the recorder with this recording profile. The only guideline for this number: it should be possible for UCM to route it to the SIP trunk where the recorder is defined. No user is going to directly call this number, this is internal to the system. Make sure it does not collide with your numbering plan. This is why the example shows '7777'.

Set Recording Calling Search Space to the CSS that includes partitions containing the user phones and the partition that you set up for the MiaRec SIP Trunk. Important! Recording will not work if CSS of the Recording Profile and phones do not match! The screenshot below shows None value, but in most production configuration, it should be explicitly set to the correct CSS.

Create Recording Profile

Create a route pattern/group for the recorder

This configuration step depends on how many recorders are used in a cluster, one or multiple.

For a single recorder, create a route pattern.

For multiple recorders in HA configuration, create a route group.

Single server configuration

Use the Call Routing > Route/Hunt > Route Pattern menu option in Cisco Unified Communications Manager Administration to create a route pattern for the MiaRec recorder SIP trunk:

  • Route Pattern should match to the directory number associated with MiaRec recorder. This DN is used to reach the SIP Trunk of MiaRec recorder. No user is going to directly call this number manually. Make sure it does not collide with your numbering plan. This is why the example shows '7777'.

  • Set Route partition to the partition that includes the user phones.

  • In Gateway/Route List select the SIP trunk that points to the announcement player

Reoute Pattern Configuration

Multiple servers configuration

How it works

Cisco Built-in-Bridge redundant recorder

Each recording server in Cisco UCM is configured as a separate SIP Trunk. Cisco UCM will failover automatically from the primary recording server to the secondary in case of failure.

Create a new Route Group

Use the Call Routing > Route/Hunt > Route Group menu option in Cisco Unified Communications Manager Administration to create a route group for the MiaRec SIP trunk:

  • Assign the previously created SIP trunk(s) to this route group at the Find Device to Add to Route Group pane. Select the desired SIP trunk(s) and click on the Add to Route Group button.
  • Set the Distribution Algorithm setting to Top Down. Note, the Circular algorithm is not suitable for call recording SIP Trunk because it causes CUCM to send one side of audio one recorder and another side to another recorder (during playback, you will hear one side of conversation).

Reoute Pattern Configuration

Create a new route list

Select Call Routing > Route/Hunt > Route List menu item and click on the Add New button.

  • Select the appropriate Cisco Unified Communications Manager Group and click on the Save button.
  • Click on the Add Route Group button at the Route List Member Information panel.
  • Select the previously created route group at the Route Group setting, then click Save.
  • At the Route List Configuration page click on the Save button.

Create a new route pattern

Route Pattern should match to the Recording Destination Address in the previously created recording profile:

  • Set Route partition to the partition that includes the user phones.
  • In Gateway/Route List select the route list of which the recorder is a member.

Reoute Pattern Configuration

Enable Built-in-Bridge for all phones (optional)

Built-in-Bridge setting can be enabled on per-phone basis or on system level (default to all phones).

Access the System > Service Parameters menu option in Cisco Unified Communications Manager Administration, select your CUCM server from the Server list and Cisco CallManager from the Service list:

Service Parameter Configuration

To enable Built-in-Bridge on system level change the option Clusterwide Parameters (Device - Phone) -> Builtin Bridge Enable to On:

Clusterwide Builtin Bridge Enable

Codecs configuration

Codecs iLBC, iSAC, L16 and AAC-LD should be disabled for Recording-Enabled devices as they are not supported by MiaRec recording system at the moment.

Use the System > Service Parameters menu option in Cisco Unified Communications Manager Administration to perform the necessary configuration.

Change the following settings of group Clusterwide Parameters (System - Location and Region):

  • iLBC Codec Enabled to Enabled for All Devices Except Recording-Enabled Devices
  • iSAC Codec Enabled to Enabled for All Devices Except Recording-Enabled Devices
  • Default Intraregion Max Audio Bit Rate to 64 kbps (G.722, G.711)

Codecs Configuration

Disable 256kpbs wideband codec

Latest models of Cisco phones support high quality 256kbps wideband codec for phone-to-phone communications withing the same region. Unfortunately, this codec is not supported by Cisco Built-in-Bridge recording method and it should be disabled otherwise internal calls between users will not be recorded.

Navigate to the System > Region menu option in Cisco Unified Communications Manager Administration and change per-region setting Max Audio Bit Rate to either Use System Default or 64 kbps (G.722, G.711) as shown in below screenshot.

256kbps Codecs Configuration

Recording of conference calls

Recording of conference calls on Cisco platform has the following limitations:

  • Cisco UCM doesn't support re-negotiated of audio codecs for calls which are recorded with Built-in-Bridge method.
  • The Cisco Software Conference Bridge supports only G.711 and 256k wideband codecs.

The following call scenario may occur:

  • One user makes a call to another user. If these two users use Cisco phones, then G.722 wideband codec is chosen for such call.
  • Then one of users tries to create a 3-way conference and add the third user to the conference.
  • CUCM creates a software-based conference to mix audio from three users. The software-based conference doesn’t support G.722 codec.
  • CUCM needs to re-negotiate codec with each of users and change it from G.722 to G.711.
  • But CUCM cannot do that because such call is recorded with BiB method and codec is fixed for such call.
  • As a result a user, who tries to create a conference is dropped from a conference.

There are two workarounds for this situation:

  1. Disable G.722 codec for users, which are recorded with BiB method.

  2. Allocate codec transcoding resources on Cisco platform to automatically convert audio from one codec to another on-flight.

To disable G.722 codec, change the setting G.722 Codec Enabled to Enabled for All Devices Except Recording-Enabled Devices.

G.722 Codecs Configuration

Troubleshooting issues with codecs

Follow the instructions in the following article to determine if issue with call recording is caused by codecs:

Configure phones

Enable Built-in-Bridge on per-phone basis

Note, Built-in-Bridge option may be configured clusterwide for all phones.

Use the Device > Phone menu option in Cisco Unified Communications Manager Administration to enable Built-in-Bridge option.

The following figure illustrates turning on the IP phone Built-in-Bridge to allow monitoring or recording.

Enable Built-in-Bridge

Enable recording for a line appearance

Use the Device > Phone menu option in Cisco Unified Communications Manager Administration to configure line appearance of particular phone.

  • To enable recording of an agent, set the Recording Option in the line appearance of the agent to one of the following options:

    • Automatic Call Recording Enabled
    • Selective Call Recording Enabled
  • In the Recording Profile option select the previously created recording profile from the drop-down list box

The following figure illustrates enabling recording for a line appearance.

Line configuration

Configure MiaRec

In MiaRec web portal navigate to the Administration -> System Configuration -> Recording Interfaces menu.

Click Configure for Cisco Built-in-Bridge recording interface.

Recording interfaces

Inside the opened dialog change the following settings:

Option Description
Signaling UDP port and Signaling TCP port These port values should be set to the same values as configured in step Create a SIP Trunk that points to the recorder
Begin RTP port range and End RTP port range RTP port range should be set to values not conflicting to other recording interfaces or other networking applications running on the same host as MiaRec application. Make sure that the port range is large enough for anticipated number of concurrently recorded calls. One concurrent call requires two UDP ports for receiving media streams from agent's phone.
Public Ip-address Public IP address if MiaRec server is located behind NAT. Make sure that port forwarding is configured properly on your NAT router. If MiaRec server is not behind NAT, then leave this parameter empty.
No-Audio Begin Timeout This timeout value specifies how long to wait for the first RTP media packet before give up.
No-Audio Normal Timeout In case of RTP transmission stop, this timeout value specifies how long to want for RTP restoration before forcibly completing call recording.

Cisco active recording

Configure firewall

If firewall is running on MiaRec recording server, then add exclusion rules for the following ports as described in step Configure MiaRec:

  • Signaling UDP Port and Signaling TCP Port
  • Begin/End RTP port range (UDP)

Optional configuration

Configure tones for recording (optional)

Set the service parameters for playing tone to True to allow tone to be played either to agent only, to customer only, or to both.

Use the System > Service Parameters menu option in Cisco Unified Communications Manager Administration to perform the necessary configuration.

Change corresponding options of group Clusterwide Parameters (Feature – Call Recording).

The following figure illustrates using service parameters to configure tones.

Play Recording Notification Tone

[Howto] Configure SIP/TLS for SIP Trunk (optional)

This guide describes how to configure in Cisco UCM a SIP/TLS encrypted connection for SIP Trunk towards MiaRec recorder.

1. Configure Signaling TLS port in MiaRec

Navigate in MiaRec web portal to Administration -> Recording Interfaces -> Cisco BiB Configuration.

Configure the listening port in parameter Signaling TLS port, for example port 5071.

SIP/TLS for SIP Trunk

Important! If firewall is enabled on MiaRec server, make sure it allows inbound connection to this port.

MiaRec application automatically generates certificate. The location of the certificate file is configured in the same screen in the parameter SSL certificate file. By default, it has name tls_certificate.pem.

SIP/TLS for SIP Trunk

Locate this file on the MiaRec recording server. We will need to import this file into CUCM.

On Windows, the file is located in the same directory as MiaRec.exe file (by default, C:\Program Files (x86)\MiaRec Business\Bin).

On Linux, the file is located in /opt/miarec/shared or in older versions /var/lib/miarec.

2. Import MiaRec SSL certificate into Cisco UCM

Login to Cisco Unfied OS Administration using Cisco UCM admin password. Navigate to Security > Certificate Management and click Upload Certificate/Certificate Chain.

  • Select CallManager-trust for Certificate Purpose
  • Upload the SSL certificate file from MiaRec server

SIP/TLS for SIP Trunk

3. Configure SIP Trunk Security Profile

Create SIP Trunk Security Profile for SIP/TLS connection to MiaRec recording server.

Use the System > Security > SIP Trunk Security Profile menu option in Cisco Unified Communications Manager Administration to create SIP Trunk Security profile for recorder.

  • Set Device Security Mode parameter to Encrypted.
  • Set Incoming Transport Type to TLS.
  • Set Outgoing Transport Type to TLS (this setting has to match the configuration of MiaRec).
  • Uncheck option Enable Digest Authentication
  • Configure Incoming Port. CUCM will send SIP messages to MiaRec from this port. CUCM requires a unique port for each configured SIP Trunk. If the default port 5061 is busy, then try another port like 5062, 5063, etc.

SIP/TLS for SIP Trunk

4. Configure SIP Trunk

Use the Device > Trunk menu option in Cisco Unified Communications Manager Administration to edit the previously created non-secure SIP trunk that points to the MiaRec recorder.

In SIP Information section configure:

  • Destination Port should match the port on which MiaRec recorder is listening for messages from CUCM (5071 in our example)
  • Select the previously created SIP Trunk Security Profile (TLS) for the recorder

SIP/TLS for SIP Trunk

Click Reset button for this Trunk to reload CUCM configuration.

6. Troubleshooting

Enable trace logging in MiaRec (menu Administration -> Maintenance -> Troubleshooting) and look for any error messages related to TLS.

Successful establishment of TLS connection produces the following output in trace.log file:

2018/01/03 09:46:59.028 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(195)   Constructed context: method=SSLv23 ctx=09153A88
2018/01/03 09:46:59.028 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(510)   Constructed channel: ssl=09164AF8 method=SSLv23 context=00747C48
2018/01/03 09:46:59.028 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    General: state=before/accept initialization
2018/01/03 09:46:59.028 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=before/accept initialization
2018/01/03 09:46:59.082 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 read client hello A
2018/01/03 09:46:59.082 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 write server hello A
2018/01/03 09:46:59.082 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 write certificate A
2018/01/03 09:46:59.088 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 write key exchange A
2018/01/03 09:46:59.088 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 write server done A
2018/01/03 09:46:59.088 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 flush data
2018/01/03 09:46:59.136 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 read client key exchange A
2018/01/03 09:46:59.136 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 read finished A
2018/01/03 09:46:59.136 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 write session ticket A
2018/01/03 09:46:59.136 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 write change cipher spec A
2018/01/03 09:46:59.136 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 write finished A
2018/01/03 09:46:59.136 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSLv3 flush data
2018/01/03 09:46:59.136 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    General: state=SSL negotiation finished successfully
2018/01/03 09:46:59.136 09:46:58.835    4         OpalListener:4b64  PSSLChannel.cxx(22)    Accept: state=SSL negotiation finished successfully
2018/01/03 09:46:59.136 09:46:58.835    1         OpalListener:4b64 TransportTLS.cxx(144)   TLS         Started connection to 192.168.1.200:34226 (if=192.168.1.106:5071)
2018/01/03 09:46:59.136 09:46:58.835    4         OpalListener:4b64  ListenerTLS.cxx(49)    TLS Listen  Waiting on socket accept on tls$*:5071
2018/01/03 09:46:59.137 09:46:58.835    3     TransportHandler:467c     Listener.cxx(93)    Listen          Started handler thread on tls$192.168.1.200:34226<if-read=tls$192.168.1.106:5071, if-write=tls$192.168.1.106:5071> 0x09160FC0
2018/01/03 09:46:59.137 09:46:58.835    3     TransportHandler:467c CiscoBiBManager.cpp(185)    CiscoBiB Listener thread started on tls$192.168.1.200:34226<if-read=tls$192.168.1.106:5071, if-write=tls$192.168.1.106:5071> 0x09160FC0
2018/01/03 09:46:59.137 09:46:58.835    3     TransportHandler:467c       SipPdu.cpp(156)   SIP         PDU Created: <<Uninitialised>> CSeq=
2018/01/03 09:46:59.161 09:46:58.835    5     TransportHandler:467c       SipPdu.cpp(671)   SIP         PDU Parsed 399 bytes on tls$192.168.1.200:34226<if-read=tls$192.168.1.106:5071, if-write=tls$192.168.1.106:5071> 0x09160FC0
2018/01/03 09:46:59.161 09:46:58.835    4     TransportHandler:467c       SipPdu.cpp(734)   SIP         PDU Received 399 bytes on tls$192.168.1.200:34226<if-read=tls$192.168.1.106:5071, if-write=tls$192.168.1.106:5071> 0x09160FC0
OPTIONS sip:192.168.1.106:5071 SIP/2.0
Content-Length: 0
Contact: <sip:192.168.1.200:5061;transport=tls>
User-Agent: Cisco-CUCM11.5
Call-ID: 17095a80-a4d11712-19475-c801a8c0@192.168.1.200
CSeq: 101 OPTIONS
Date: Wed, 03 Jan 2018 17:46:58 GMT
Via: SIP/2.0/TLS 192.168.1.200:5061;branch=z9hG4bK1959e66d3ef22
From: <sip:192.168.1.200>;tag=275457321
Max-Forwards: 0
To: <sip:192.168.1.106>

Contact MiaRec representative if you face with any issues.