Cisco Cisco TelePresence Video Communication Server Expressway Maintenance Manual
Network and system settings
Cisco VCS Administrator Guide (X7.0)
Page 71 of 488
Field
Description
Usage tips
SSH
service
service
Determines whether the VCS
can be accessed via SSH
and SCP. Default is On.
can be accessed via SSH
and SCP. Default is On.
Web
interface
(over
HTTPS)
interface
(over
HTTPS)
Determines whether the VCS
can be accessed via the web
interface. Default is On.
can be accessed via the web
interface. Default is On.
TMS accesses the VCS via the web server. If HTTPS mode is
turned off, TMS will not be able to access it.
turned off, TMS will not be able to access it.
Client
certificate-
based
security
certificate-
based
security
Controls the level of security
required to allow client
systems (typically web
browsers) to communicate
with the VCS over HTTPS.
required to allow client
systems (typically web
browsers) to communicate
with the VCS over HTTPS.
Not required: the client
system does not have to
present any form of
certificate.
system does not have to
present any form of
certificate.
Certificate validation: the
client system must present a
valid certificate that has
been signed by a trusted
certificate authority (CA).
Note that a restart is
required if you are changing
from Not required to
Certificate validation.
client system must present a
valid certificate that has
been signed by a trusted
certificate authority (CA).
Note that a restart is
required if you are changing
from Not required to
Certificate validation.
Certificate-based
authentication: the client
system must present a valid
certificate that has been
signed by a trusted CA and
contains the client's
authentication credentials.
authentication: the client
system must present a valid
certificate that has been
signed by a trusted CA and
contains the client's
authentication credentials.
Default: Not required
Important:
Enabling Certificate validation means that your browser can
use the VCS web interface only if it has a valid client certificate
signed by a CA in the VCS's trusted CA certificate list.
use the VCS web interface only if it has a valid client certificate
signed by a CA in the VCS's trusted CA certificate list.
n
Ensure your browser (the client system) has a valid (in date
and not revoked by a CRL) client certificate before enabling
this feature. The procedure for uploading a certificate to your
browser may vary depending on the browser type and you
may need to restart your browser for the certificate to take
effect.
and not revoked by a CRL) client certificate before enabling
this feature. The procedure for uploading a certificate to your
browser may vary depending on the browser type and you
may need to restart your browser for the certificate to take
effect.
n
You can upload trusted CA certificates on the
page, manage client certificate revocation lists on
the
page, and test client certificates on the
page.
Enabling Certificate-based authentication means that the
standard login mechanism is no longer available. You can log
in only if your browser certificate — typically provided via a
smart card (also referred to as a Common Access Card or CAC)
— is valid and the credentials it provides have the appropriate
authorization levels. You can configure how the VCS extracts
credentials from the browser certificate on the
standard login mechanism is no longer available. You can log
in only if your browser certificate — typically provided via a
smart card (also referred to as a Common Access Card or CAC)
— is valid and the credentials it provides have the appropriate
authorization levels. You can configure how the VCS extracts
credentials from the browser certificate on the
page.
Note that this setting does not affect client verification of the
VCS's server certificate.
VCS's server certificate.
Redirect
HTTP
requests
to HTTPS
HTTP
requests
to HTTPS
Determines whether HTTP
requests are redirected to the
HTTPS port. Default is On.
requests are redirected to the
HTTPS port. Default is On.
HTTPS must also be enabled for access via HTTP to function.
Note: by default, access via HTTPS and SSH is enabled; access via Telnet is disabled. To securely
manage the VCS you should disable Telnet, using the encrypted HTTPS and SSH protocols instead. For
further security, disable HTTPS and SSH as well and use the serial port to manage the system.
manage the VCS you should disable Telnet, using the encrypted HTTPS and SSH protocols instead. For
further security, disable HTTPS and SSH as well and use the serial port to manage the system.
Because access to the serial port allows the password to be reset, it is recommended that you install the
VCS in a physically secure environment.
VCS in a physically secure environment.