Cisco Cisco TelePresence Management Suite (TMS) Version 15 Document
Endpoint Products
Provisioning ExternalManager Protocol
– set to HTTP (will be set to HTTPS if Secure-Only
mode is enabled in Cisco TMS)
Network Requirements
To be managed by Cisco TMS
in the traditional ‘Managed by Cisco TMS’ mode, a system requires full bi-
directional communication over the IP network to Cisco TMS with the following ports and protocols.
Service
Protocol
Port
Number
Number
Allows Connections
(relative to system)
(relative to system)
HTTP
Or
HTTPS
Or
HTTPS
TCP
TCP
TCP
80
443
443
Inbound
HTTP
Or
HTTPS*
Or
HTTPS*
TCP
TCP
TCP
80
443
443
Outbound
SNMP
UDP
161
Inbound
* Only used when Secure-Only Management is enabled, otherwise provisioning/feedback/phonebooks
must use HTTP for connections to Cisco TMS and HTTP must not be blocked on the network.
must use HTTP for connections to Cisco TMS and HTTP must not be blocked on the network.
Note: Network systems that rewrite source addresses will interfere with communications to Cisco TMS
and proxies that require authentication may also hinder communications from systems to Cisco TMS.
and proxies that require authentication may also hinder communications from systems to Cisco TMS.
Cisco TMS Behind Firewall mode
Supported
Yes
Changes to
Requirements
Requirements
When configured for Behind Firewall connectivity, the network requirements change to only
require outbound connectivity via HTTP (TCP Port 80) or HTTPS (TCP Port 443) to Cisco
TMS. The managed device can also be behind a NAT device.
require outbound connectivity via HTTP (TCP Port 80) or HTTPS (TCP Port 443) to Cisco
TMS. The managed device can also be behind a NAT device.
Cisco TMS Secure-Only mode
Supported
Yes
Changes to
Requirements
Requirements
The network requirements change in that HTTP and SNMP will not be used and no longer are
required. All connectivity to the system will be via HTTPS (TCP Port 443) inbound and
outbound with the system. This mode can also be combined with Behind Firewall Connectivity
to require only HTTPS (TCP Port 443) outbound from the system. When enabled, protocol and
URL settings in the managed systems will be changed to HTTPS instead of HTTP.
required. All connectivity to the system will be via HTTPS (TCP Port 443) inbound and
outbound with the system. This mode can also be combined with Behind Firewall Connectivity
to require only HTTPS (TCP Port 443) outbound from the system. When enabled, protocol and
URL settings in the managed systems will be changed to HTTPS instead of HTTP.
Device Notes/Limitations
The enhanced security rules settings of the system can be used, but the admin user account must be
available for TMS to use, and must retain an admin
available for TMS to use, and must retain an admin
level privilege. Using the ‘strong security’ or JITC
policy settings in the managed system will block some functionality from Cisco TMS including
software upgrades.
software upgrades.
To use pre-registration features, the Provisioning ExternalManager settings must be configured in
the device for it to announce itself to Cisco TMS. The values can be set in the endpoint by an
administrator, through the setup wizard on the endpoint, or automatically via DHCP options.
the device for it to announce itself to Cisco TMS. The values can be set in the endpoint by an
administrator, through the setup wizard on the endpoint, or automatically via DHCP options.