Cisco Cisco TelePresence Video Communication Server Expressway Maintenance Manual
n
System-wide SIP transport mode settings must be TLS: On, TCP: Off and UDP: Off.
n
All SIP zones must use TLS.
n
The VCS cannot be a part of a cluster.
n
SNMP and NTP server configuration cannot use MD5 hashing or DES encryption.
If your system is running as a virtualized application and has never been through an upgrade process:
1. Ensure it has a valid release key (check this via
Maintenance > Option keys
).
2. Perform a system upgrade. You can upgrade the system to the same software release version that it is
currently running.
If you do not complete this step, the activation process described below will fail.
If you do not complete this step, the activation process described below will fail.
Enabling FIPS140-2 cryptographic mode
CAUTION
: The transition to FIPS140-2 cryptographic mode requires a system reset to be performed. This
will remove all existing configuration data except IP addresses and option keys. To preserve your data you
should take a backup immediately prior to performing the reset, and then restore the backup file when the
reset has completed.
The reset removes all administrator account information and reinstates the default security certificates. To
log in after the reset has completed you will have to use the default admin/TANDBERG credentials. We
recommend that you limit network access to the system during this process until you have secured your
system by restoring previous data or by changing the admin account password from its default value. The
root account password will also be reset to TANDBERG.
should take a backup immediately prior to performing the reset, and then restore the backup file when the
reset has completed.
The reset removes all administrator account information and reinstates the default security certificates. To
log in after the reset has completed you will have to use the default admin/TANDBERG credentials. We
recommend that you limit network access to the system during this process until you have secured your
system by restoring previous data or by changing the admin account password from its default value. The
root account password will also be reset to TANDBERG.
To turn your system into a compliant FIPS140-2 cryptographic system:
1. Enable FIPS140-2 cryptographic mode:
a. Go to
Maintenance > Advanced security
.
b. Set FIPS140-2 cryptographic mode to On.
c. Click Save.
c. Click Save.
2. Fix any alarms that have been raised that report non-compliant configuration.
Note that backups taken while in FIPS140-2 mode require password protection.
4. Reset the system and complete the activation of FIPS140-2 mode:
a. Log in to VCS as root.
b. Type fips-activate
b. Type fips-activate
The reset takes approximately 30 minutes to complete.
5. When the system has restarted, log in using the default admin/TANDBERG credentials.
You will see several alarms related to non-FIPS140-2 compliance, insecure passwords and missing
default links. You can ignore these alarms if you intend to restore the backup taken prior to the reset.
default links. You can ignore these alarms if you intend to restore the backup taken prior to the reset.
6.
Note that while in FIPS140-2 mode, you can only restore backup files that were taken when FIPS140-2
cryptographic mode was set On. Any previous administrator account information and passwords will be
restored, however the previous root account password will not be restored. If the data you are restoring
contains untrusted security certificates, the restart that occurs as part of the restore process may take up
to 6 minutes to complete.
cryptographic mode was set On. Any previous administrator account information and passwords will be
restored, however the previous root account password will not be restored. If the data you are restoring
contains untrusted security certificates, the restart that occurs as part of the restore process may take up
to 6 minutes to complete.
FIPS140-2 compliant features
The following VCS features are FIPS140-2 compliant / use FIPS140-2 compliant algorithms:
Cisco TelePresence Video Communication Server Administrator Guide (X8.5.1)
Page 337 of 563
Maintenance
Advanced security