Cisco Cisco TelePresence Management Suite (TMS) Version 15 Installation Guide
certificates signed by a certificate authority.
Configuring IIS for Improved Security
In IIS Manager:
1.
Disable the Polycom phonebook component if not using Polycom systems:
a.
Expand the tree view for your Default Web Site.
b.
Right-click the /pwx component and select Remove.
2.
Disable HTTP for web and API transactions:
a.
Click on the /tms component to select it.
b.
In the
IIS
section, double-click on SSL Settings.
c.
Check Require SSL and, in the Actions panel, click Apply.
d.
Expand the /tms component and click on /public to select it.
e.
In the
IIS
section, double-click on SSL Settings.
f.
Uncheck Require SSL and, in the Actions panel, click Apply.
3.
instructions.
Communication with Systems
Cisco TMS will as a default use HTTP to communicate with systems, or SNMP for some legacy systems.
If using legacy systems, you can enable SNMP by enabling the Windows SNMP Service on the server.
Setting up Cisco TMS for Secure Communication with Systems
Enabling the setting Secure-Only Device Communication makes Cisco TMS communicate exclusively using HTTPS
with any system that supports it.
with any system that supports it.
Beware that HTTPS must be enabled on the system, or communication will fail. HTTP will still be used for any systems
in your deployment that do not support this setting.
in your deployment that do not support this setting.
In order to further ensure that the communication is secure, you can also enable certificate validation for Cisco TMS.
In
Administrative Tools > Configuration > Network Settings
:
1.
Scroll to the bottom section and set Secure-Only Device Communication to On.
2.
Check Validate Certificates.
3.
Click Save.
The setting is supported for the following infrastructure systems:
■
TelePresence Conductor (all versions)
■
Cisco VCS (X4 and later)
■
Cisco TelePresence Server (2.3 and later)
■
Cisco TelePresence MCU Series (2.3 and later)
■
Cisco TelePresence ISDN Gateway (2.2 and later)
■
Cisco TelePresence MPS (J4.2 and later)
The following endpoints support the setting:
20
Cisco TelePresence Management Suite Installation and Upgrade Guide
Deployment best practices