Cisco Cisco TelePresence Management Suite (TMS) Version 15 Installation Guide
Configuring IIS for improved security
In IIS Manager:
1. Disable the Polycom phonebook component if not using Polycom systems:
a. Expand the tree view for your Default Web Site.
b. Right-click the /pwx component and select Remove.
b. Right-click the /pwx component and select Remove.
2. Disable HTTP for web and API transactions:
a. Click on the /tms component to select it.
b. In the
b. In the
IIS
section, double-click on SSL Settings.
c. Check Require SSL and, in the
Actions
panel, click Apply.
d. Expand the /tms component and click on /public to select it.
e. In the
e. In the
IIS
section, double-click on SSL Settings.
f. Uncheck Require SSL and, in the
Actions
panel, click Apply.
instructions.
Communication with systems
Cisco TMS will as a default use HTTP to communicate with systems, or SNMP for some legacy systems.
If not using legacy systems, you can disable SNMP by disabling the TMSSnmpService Windows service
on the server. Note that this will slow down automatic system discovery.
on the server. Note that this will slow down automatic system discovery.
Setting up Cisco TMS for secure communication with systems
Enabling the setting Secure-Only Device Communication makes Cisco TMS communicate exclusively
using HTTPS with any system that supports it.
using HTTPS with any system that supports it.
Beware that HTTPS must be enabled on the system, or communication will fail. HTTP will still be used for
any systems in your deployment that do not support this setting.
any systems in your deployment that do not support this setting.
In order to further ensure that the communication is secure, you can also enable certificate validation for
Cisco TMS.
Cisco TMS.
In
Administrative Tools > Configuration > Network Settings
:
1. Scroll to the bottom section and set Secure-Only Device Communication to On.
2. Check Validate Certificates.
3. Click Save.
The setting is supported for the following infrastructure systems:
n
TelePresence Conductor (all versions)
n
Cisco VCS (X4 and later)
n
Cisco TelePresence Server (2.3 and later)
n
Cisco TelePresence MCU Series (2.3 and later)
n
Cisco TelePresence ISDN Gateway (2.2 and later)
n
Cisco TelePresence MPS (J4.2 and later)
The following endpoints support the setting:
Cisco TelePresence Management Suite Installation and Upgrade Guide (14.5)
Page 21 of 56
Deployment best practices