Cisco Cisco TelePresence Management Suite (TMS) Version 15
For details on how to create and set up search rules for a DNS zone, refer to the "Cisco TelePresence
Video Communication Server Basic Configuration (Control with Expressway) Deployment Guide" at:
Video Communication Server Basic Configuration (Control with Expressway) Deployment Guide" at:
.
3. Configure a valid Client/Server Certificate for your company. Typically the CName of the certificate is the
routable domain to your company's Cisco VCS Expressway. It must be a CA-level certificate name
issued by a public CA that is supported by WebEx. For a list of supported public CAs, see the list below.
issued by a public CA that is supported by WebEx. For a list of supported public CAs, see the list below.
Note: Self-signed certificates are NOT supported.
For a list of supported certificates and details on how to configure a certificate on Cisco VCS Expressway,
refer to:
refer to:
.
Configuring Traversal Zones for MCUs with Encryption
Enabled
Enabled
This section details the configuration necessary in VCS to support MCUs that have encryption enabled (the
default setting).
default setting).
If you choose not to do the following configuration, MCUs with encryption enabled will deliver the
presentation content in the main video channel, instead of a separate stream.
presentation content in the main video channel, instead of a separate stream.
Note: In the following procedure, tasks for VCS Control are the same as for Expressway-C and tasks for
Expressway-E or the same as for VCS Expressway.
Expressway-E or the same as for VCS Expressway.
To support MCUs that have encryption enabled, do the following
1. Set up a new traversal client zone from Cisco VCS Control to Cisco VCS Expressway
Note: Make sure the new zone uses a different port number.
2. Configure the media encryption setting on the traversal client to be Force unencrypted or Best effort.
3. On Cisco VCS Expressway, set up a new traversal server zone that connects to the Cisco VCS Control
traversal zone set up in the previous step.
4. In this new Cisco VCS Expressway traversal server zone, set media encryption to Force unencrypted.
5. On Cisco VCS Control set up a search rule (at higher priority than the search rule that uses the default
traversal zone) that matches WebEx traffic e.g. match = .*@example.webex.com
Note: The above configuration ensures that whether the MCU encryption is enabled or not, that the video and
the presentation stay on separate channels. It also ensures the content from WebEx is not encrypted when
sent to the MCU (even though it is encrypted across the internet).
the presentation stay on separate channels. It also ensures the content from WebEx is not encrypted when
sent to the MCU (even though it is encrypted across the internet).
Cisco Collaboration Meeting Rooms (CMR) Hybrid Configuration Guide (TMS 14.4 - WebEx WBS29)
Page 63 of 186
Configuring Call Control
Configuring Cisco Expressway and TelePresence Video Communication Server