Cisco Cisco TelePresence Video Communication Server Expressway
Enabling endpoints registered on the video network to call MOC/Lync clients registered on OCS/Lync
Cisco VCS Deployment Guide: Microsoft OCS 2007 R2, Lync 2010 and Cisco VCS X7.0
Page 35 of 104
You are recommended to use TLS connectivity between VCS and OCS/Lync. (TCP may not work for
OCS/Lync configurations that include HLBs and / or OCS/Lync Director and use of TCP prevents use
of encryption).
OCS/Lync configurations that include HLBs and / or OCS/Lync Director and use of TCP prevents use
of encryption).
To configure an “OCS/Lync gateway” VCS Control:
1. Generate and load private key, root certificate and server certificate onto Cisco VCS.
2. Set up the SIP domain of the “OCS/Lync gateway” VCS.
3. Configure DNS.
4. Ensure that cluster name is configured.
5. Configure an NTP server.
6. Switch on TLS in SIP configuration.
“OCS/Lync gateway”: Generate and load private key, root certificate,
and server certificate onto “OCS/Lync gateway” VCS Control (not
needed if using a TCP connection)
and server certificate onto “OCS/Lync gateway” VCS Control (not
needed if using a TCP connection)
Obtain and load Root CA certificate, server certificate and private key into the Cisco VCS.
Note: For mutual TLS authentication the server certificate must be capable of being used as a client
certificate as well.
certificate as well.
Either a single server certificate can be created to cover the “OCS/Lync gateway” cluster, or a server
certificate can be created for each Cisco VCS. If the “OCS/Lync gateway” is a non-clustered VCS then
use the section “Server certificate for each Cisco VCS”
certificate can be created for each Cisco VCS. If the “OCS/Lync gateway” is a non-clustered VCS then
use the section “Server certificate for each Cisco VCS”
Details on how to create certificates for VCS are documented in “Cisco VCS Deployment Guide –
Certificate creation and use with Cisco VCS”.
Certificate creation and use with Cisco VCS”.
Single server certificate that can be loaded into each cluster peer:
The certificate must specify:
Subject name: the VCS cluster’s FQDN (DNS Local hostname concatenated with DNS Domain),
e.g.ocsvcs.ciscotp.com
e.g.ocsvcs.ciscotp.com
Subject Alternate Name: a comma separated list of the VCS peers’ routable FQDNs
e.g. vcs01.ciscotp.com, vcs02.ciscotp.com
e.g. vcs01.ciscotp.com, vcs02.ciscotp.com
Server certificate for each Cisco VCS:
A certificate must be created for each “OCS/Lync gateway” VCS; the certificate must specify:
Subject name: the VCS peer’s FQDN e.g. vcs01.ciscotp.com
and if it is part of a cluster:
Subject Alternate Name: the VCS cluster’s FQDN, e.g. ocsvcs.ciscotp.com
Load the certificates:
Load the certificates on the
Security certificates
page (
Maintenance > Certificate management >
Security certificates
):