Cisco TelePresence Administrator's Manual page 70

Unified Communications
SIP registrations and provisioning on Unified CM: endpoint registration, call control and
l
provisioning for this SIP domain is serviced by Unified CM. The VCS acts as a Unified
Communications gateway to provide secure firewall traversal and line-side support for Unified CM
registrations. The default is Off.
IM and Presence services on Unified CM: instant messaging and presence services for this SIP
l
domain are provided by the Unified CM IM and Presence service. The default is Off.
Turn On all of the applicable services for each domain. For example, the same domain may be used by
endpoints such as Jabber or EX Series devices that require line-side Unified Communications support,
and by other endpoints such as third-party SIP or H.323 devices that require VCS support. (In this
scenario, the signaling messages sent from the endpoint indicate whether line-side unified
communications or VCS support is required.)
Discovering IM&P and Unified CM servers
The VCS Control must be configured with the address details of the IM&P servers and Unified CM servers
that are to provide registration, call control, provisioning, messaging and presence services.
Note that IM&P server configuration is not required in the hybrid deployment model.
Uploading the IM&P / Unified CM tomcat certificate to the VCS Control trusted CA list
If you intend to have TLS verify mode set to On (the default and recommended setting) when discovering
the IM&P and Unified CM servers, the VCS Control must be configured to trust the tomcat certificate
presented by those IM&P and Unified CM servers.
1. Determine the relevant CA certificates to upload:
If the servers are using self-signed certificates, the VCS Control's trusted CA list must include a copy
l
of the tomcat certificate from every IM&P / Unified CM server.
If the servers are using CA-signed certificates, the VCS Control's trusted CA list must include the root
l
CA of the issuer of the tomcat certificates.
2. Upload the trusted Certificate Authority (CA) certificates to the VCS Control
certificates > Trusted CA
3. Restart the VCS Control for the new trusted CA certificates to take effect
options).
Configuring IM&P servers
To configure the IM&P servers used for remote access:
1. On VCS Control, go to
The resulting page displays any existing servers that have been configured.
2. Add the details of an IM&P publisher:
a. Click New.
b. Enter the IM and Presence publisher address and the Username and Password credentials
required to access the server. The address can be specified as an FQDN or as an IP address; we
recommend using FQDNs when TLS verify mode is On.
Note that these credentials are stored permanently in the VCS database. The IM&P user must have
the Standard AXL API Access role.
c. We recommend leaving TLS verify mode set to On to ensure VCS verifies the tomcat certificate
presented by the IM&P server for XMPP-related communications.
If the IM&P server is using self-signed certificates, the VCS Control's trusted CA list must include a
o
copy of the tomcat certificate from every IM&P server.
Cisco VCS Administrator Guide (X8.1.1)
certificate).
Configuration > Unified Communications > IM and Presence
Configuring mobile and remote access on VCS
(Maintenance > Security
(Maintenance > Restart
servers.
Page 70 of 507