Cisco Cisco TelePresence Video Communication Server Expressway
3.
The Phone Security Profiles in Unified CM (System > Security > Phone Security Profile) that are configured
for TLS and are used for devices requiring remote access must have a Name in the form of an FQDN that
includes the enterprise domain, for example jabber.secure.example.com. (This is because those names must
be present in the list of Subject Alternate Names in the VCS Control's server certificate.)
for TLS and are used for devices requiring remote access must have a Name in the form of an FQDN that
includes the enterprise domain, for example jabber.secure.example.com. (This is because those names must
be present in the list of Subject Alternate Names in the VCS Control's server certificate.)
Note:
Your secure profiles must set Device Security Mode to Encrypted because the VCS does not allow
unencrypted TLS connections. When Device Security Mode is set to Authenticated, Unified CM only offers
the NULL-SHA cipher suite, which the VCS rejects.
the NULL-SHA cipher suite, which the VCS rejects.
4.
If Unified CM servers (System > Server) are configured by Host Name (rather than IP address), then ensure
that those host names are resolvable by the VCS Control.
that those host names are resolvable by the VCS Control.
5.
If you are using secure profiles, ensure that the root CA of the authority that signed the VCS Control certificate
is installed as a CallManager-trust certificate (Security > Certificate Management in the Cisco Unified OS
Administration application).
is installed as a CallManager-trust certificate (Security > Certificate Management in the Cisco Unified OS
Administration application).
6.
Ensure that the Cisco AXL Web Service is active on the Unified CM publishers you will be using to discover
the Unified CM servers that are to be used for remote access. To check this, select the Cisco Unified
Serviceability application and go to Tools > Service Activation.
the Unified CM servers that are to be used for remote access. To check this, select the Cisco Unified
Serviceability application and go to Tools > Service Activation.
7.
We recommend that remote and mobile devices are configured (either directly or by Device Mobility) to use
publicly accessible NTP servers.
publicly accessible NTP servers.
a.
Configure a public NTP server System > Phone NTP Reference.
b.
Add the Phone NTP Reference to a Date/Time Group (System > Date/Time Group).
c.
Assign the Date/Time Group to the Device Pool of the endpoint (System > Device Pool).
IM and Presence Service
Ensure that the Cisco AXL Web Service is active on the IM and Presence Service publishers that will discover other
IM and Presence Service nodes for remote access. To check this, select the Cisco Unified Serviceability application
and go to Tools > Service Activation.
IM and Presence Service nodes for remote access. To check this, select the Cisco Unified Serviceability application
and go to Tools > Service Activation.
11
Mobile and Remote Access Through Cisco Video Communication Server Deployment Guide
Configuration Overview