Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Cluster Communication Security (CCS) is a secure shell service similar to a 
regular SSH service. IronPort implemented CCS in response to concerns 
regarding using regular SSH for cluster communication. SSH communication 
between two machines opens regular logins (admin, etc.) on the same port. Many 
administrators prefer not to open regular logins on their clustered machines.

Tip: never enable Cluster Communication Services, even though it is the default, 
unless you have firewalls blocking port 22 between some of your clustered 
machines. Clustering uses a full mesh of SSH tunnels (on port 22) between all 
machines. If you have already answered Yes to enabling CCS on any machine, 
remove all machines from the cluster and start again.  Removing the last machine 
in the cluster removes the cluster.

CCS provides an enhancement where the administrator can open up cluster 
communication, but not CLI logins. By default, the service is disabled. If the 
centralized management feature is enabled on the appliance, then you will be 
prompted to enable CCS from the 

interfaceconfig

 command when you are 

prompted to enable other services. For example:

Do you want to enable SSH on this interface?  [Y]>

Which port do you want to use for SSH?

[22]>

Do you want to enable Cluster Communication Service on this 

interface?

[N]> y

Which port do you want to use for Cluster Communication Service?

[2222]>