Cisco TelePresence Administrator's Manual page 66

Field Description
SSH Determines whether the VCS
service can be accessed via SSH and
SCP. Default is On.
Web Determines whether the VCS
interface can be accessed via the web
(over interface. Default is On.
HTTPS)
Client Controls the level of security
certificate- required to allow client
based systems (typically web
security browsers) to communicate
with the VCS over HTTPS.
Not required: the client
system does not have to
present any form of certificate.
Certificate validation: the
client system must present a
valid certificate that has been
signed by a trusted certificate
authority (CA). Note that a
restart is required if you are
changing from Not required to
Certificate validation.
Certificate-based
authentication: the client
system must present a valid
certificate that has been
signed by a trusted CA and
contains the client's
authentication credentials.
Default: Not required
Redirect Determines whether HTTP
HTTP requests are redirected to the
requests HTTPS port. Default is On.
to HTTPS
Note: by default, access via HTTPS and SSH is enabled; access via Telnet is disabled. To securely manage
the VCS you should disable Telnet, using the encrypted HTTPS and SSH protocols instead. For further
security, disable HTTPS and SSH as well and use the serial port to manage the system.
Because access to the serial port allows the password to be reset, it is recommended that you install the
VCS in a physically secure environment.
VCS unit front panel
The LCD panel on the front of the VCS hardware unit has a rotating display of the VCS's system name, IP
addresses, alarms, and the number of current traversal calls, non-traversal calls and registrations.
To control the display of status items:
Cisco VCS Administrator Guide (X7.1)
Usage tips
TMS accesses the VCS via the web server. If HTTPS mode is
turned off, TMS will not be able to access it.
Important:
Enabling Certificate validation means that your browser can use
the VCS web interface only if it has a valid client certificate signed
by a CA in the VCS's trusted CA certificate list.
Ensure your browser (the client system) has a valid (in date and
n
not revoked by a CRL) client certificate before enabling this
feature. The procedure for uploading a certificate to your
browser may vary depending on the browser type and you
may need to restart your browser for the certificate to take effect.
You can upload trusted CA certificates on the
n
certificates page, manage client certificate revocation lists on the
CRL management page, and test client certificates on the
certificate testing page.
Enabling Certificate-based authentication means that the standard
login mechanism is no longer available. You can log in only if your
browser certificate — typically provided via a smart card (also
referred to as a Common Access Card or CAC) — is valid and the
credentials it provides have the appropriate authorization levels.
You can configure how the VCS extracts credentials from the
browser certificate on the Certificate-based authentication
configuration page.
Note that this setting does not affect client verification of the VCS's
server certificate.
HTTPS must also be enabled for access via HTTP to function.
Network and system settings
security
Client
Page 66 of 479