Cisco Cisco TelePresence Video Communication Server Expressway
2.
Add the details of a Cisco Unity Connection publisher node:
a.
Click New.
b.
Enter the Unity Connection address.
You must enter an FQDN when TLS verify mode is On.
c.
Enter the Username and Password of an account that can access this server.
Note:
These credentials are stored permanently in the VCS database.
d.
[Recommended] Leave TLS verify mode switched On to ensure VCS verifies the node's tomcat
certificate.
certificate.
e.
[Optional] Select which deployment this node/cluster will belong to.
The Deployment field does not show if you have not created multiple deployments. All nodes belong to the
default deployment if you choose not to use multiple deployments.
default deployment if you choose not to use multiple deployments.
f.
Click Add address.
If you enabled TLS verify mode, then the VCS tests whether a secure connection can be established. It
does this so you can find any TLS configuration errors before it continues the discovery process.
does this so you can find any TLS configuration errors before it continues the discovery process.
If the secure connection test was successful, or if you did not enable TLS verify mode, then the system
attempts to contact the publisher and retrieve details of its associated nodes.
attempts to contact the publisher and retrieve details of its associated nodes.
3.
Repeat the discovery procedure for other Cisco Unity Connection nodes/clusters, if required.
4.
Click Refresh servers to refresh all the node details after configuring multiple publisher addresses.
Automatically Generated Zones and Search Rules
VCS Control automatically generates non-configurable neighbor zones between itself and each discovered Unified
CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is configured with a
Cluster Security Mode (System > Enterprise Parameters > Security Parameters) of 1 (Mixed) (so that it can support
devices provisioned with secure profiles). The TLS zone is configured with its TLS verify mode set to On if the Unified
CM discovery had TLS verify mode enabled. This means that the VCS Control will verify the CallManager certificate
for subsequent SIP communications. Each zone is created with a name in the format 'CEtcp-<node name>' or 'CEtls-
<node name>'.
CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is configured with a
Cluster Security Mode (System > Enterprise Parameters > Security Parameters) of 1 (Mixed) (so that it can support
devices provisioned with secure profiles). The TLS zone is configured with its TLS verify mode set to On if the Unified
CM discovery had TLS verify mode enabled. This means that the VCS Control will verify the CallManager certificate
for subsequent SIP communications. Each zone is created with a name in the format 'CEtcp-<node name>' or 'CEtls-
<node name>'.
A non-configurable search rule, following the same naming convention, is also created automatically for each zone.
The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has a long name,
the search rule will use a regex for its address pattern match.
The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has a long name,
the search rule will use a regex for its address pattern match.
Note that load balancing is managed by Unified CM when it passes routing information back to the registering
endpoints.
endpoints.
Why Should I Refresh the Discovered Nodes?
When the VCS Control "discovers" a Unified Communications node, it establishes a connection to read the
information required to create zones and search rules to proxy requests originating from outside of the network in
towards that node.
information required to create zones and search rules to proxy requests originating from outside of the network in
towards that node.
This configuration information is static. That is, the VCS only reads it when you manually initiate discovery of a new
node, or when you refresh the configuration of previously discovered nodes. If any related configuration has changed
on a node after you discover it, the mismatch between the new configuration and what the VCS Control knows of that
node will probably cause some kind of failure.
node, or when you refresh the configuration of previously discovered nodes. If any related configuration has changed
on a node after you discover it, the mismatch between the new configuration and what the VCS Control knows of that
node will probably cause some kind of failure.
The information that the VCS Control reads from the Unified Communications node is different for each node type and
its role. The following list contains examples of UC configuration that you can expect to require a refresh from the
VCS. The list is not exhaustive; if you suspect that a configuration change on a node is affecting MRA services, you
should refresh those nodes to eliminate one known source of potential problems.
its role. The following list contains examples of UC configuration that you can expect to require a refresh from the
VCS. The list is not exhaustive; if you suspect that a configuration change on a node is affecting MRA services, you
should refresh those nodes to eliminate one known source of potential problems.
■
Changing cluster (e.g. adding or removing a node)
■
Changing security parameters (e.g. Enabling Mixed Mode)
22
Mobile and Remote Access Through Cisco Video Communication Server Deployment Guide
Configuring Mobile and Remote Access on VCS