Cisco Cisco TelePresence Video Communication Server Expressway Maintenance Manual
■
Chinese
■
French
■
German
■
Spanish
■
Japanese
■
Korean
■
Russian
Note:
These localizations apply to the X8.5.1 versions of UI and help.
Important behavior changes
MRA authorizations are now rate controlled by default, to reduce the load of unnecessary authorizations on the VCS.
Take care when you upgrade because your current endpoint software may be reauthorizing more often than
necessary, which could result in the VCS issuing HTTP 429 "Too Many Requests". If you routinely see this error after
upgrade, you can edit the rate control settings at Configuration > Unified Communications > Configuration
> Advanced.
Take care when you upgrade because your current endpoint software may be reauthorizing more often than
necessary, which could result in the VCS issuing HTTP 429 "Too Many Requests". If you routinely see this error after
upgrade, you can edit the rate control settings at Configuration > Unified Communications > Configuration
> Advanced.
Software enhancements
■
This release introduces rate control for successful authorisations, via MRA, of users accessing collaboration
services; this feature applies to SSO-authenticated users as well as non-SSO-authenticated users.
services; this feature applies to SSO-authenticated users as well as non-SSO-authenticated users.
■
The Single Sign-On feature introduced in X8.5.1 has been further improved in this release. The status
information concerning user tokens has been improved. You can also purge tokens issued to a user, or to all
users, if necessary. The UI for the SAML export feature has been improved.
information concerning user tokens has been improved. You can also purge tokens issued to a user, or to all
users, if necessary. The UI for the SAML export feature has been improved.
■
The cluster database (CDB) resiliency has been improved.
X8.5.1
SSO over MRA
The VCS Control now defaults to SHA-256 for signing SSO requests it gives to clients, and you can change it to use
SHA-1 if required. In version X8.5, when the SSO feature was previewed, the VCS Control defaulted to SHA-1 and
there was no way to select a different algorithm.
SHA-1 if required. In version X8.5, when the SSO feature was previewed, the VCS Control defaulted to SHA-1 and
there was no way to select a different algorithm.
Note:
If you were using the SSO feature with X8.5, this change may cause it to stop working after upgrade to X8.5.1.
You have two options to resolve this: leave the new default on the VCS Control, and you may need to reconfigure the
IdP to expect requests to be signed with SHA-256 (recommended for better security); the other option is to revert the
VCS Control's signing algorithm to SHA-1 for your IdP (go to Configuration > Unified Communications > Identity
Providers (IdP), locate your IdP row, then in Actions column click Configure Digest).
IdP to expect requests to be signed with SHA-256 (recommended for better security); the other option is to revert the
VCS Control's signing algorithm to SHA-1 for your IdP (go to Configuration > Unified Communications > Identity
Providers (IdP), locate your IdP row, then in Actions column click Configure Digest).
Jabber 10.6 File Transfer support
The Cisco Jabber file transfer over MRA limitation, which was previously documented in VCS documents, has now
changed as follows:
changed as follows:
■
Peer-to-peer file transfer when using IM and Presence Service and Jabber is unsupported via MRA.
■
Managed File Transfer (MFT) with IM and Presence Service 10.5.2 (and later) and Jabber 10.6 (and later)
clients is supported via MRA.
clients is supported via MRA.
■
File transfer with WebEx Messenger Service and Cisco Jabber is supported via MRA.
Jabber 10.6 can be deployed into an infrastructure where users are organized into more than one domain, or into
domains with subdomains. This requires IM and Presence Service 10.0.x (or later).
domains with subdomains. This requires IM and Presence Service 10.0.x (or later).
Limited testing has shown that this feature works via MRA. Hence this feature is in preview with VCS X8.5.1 and
later, pending further testing and full support in a future version of VCS.
later, pending further testing and full support in a future version of VCS.
500
Cisco TelePresence Video Communication Server Administrator Guide