Cisco Cisco TelePresence Video Communication Server Expressway
VCS Control automatically generates non-configurable neighbor zones between itself and each discovered Unified
CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is configured with a
Cluster Security Mode (System > Enterprise Parameters > Security Parameters) of 1 (Mixed) (so that it can support
devices provisioned with secure profiles). The TLS zone is configured with its TLS verify mode set to On if the Unified
CM discovery had TLS verify mode enabled. This means that the VCS Control will verify the CallManager certificate
for subsequent SIP communications.
CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is configured with a
Cluster Security Mode (System > Enterprise Parameters > Security Parameters) of 1 (Mixed) (so that it can support
devices provisioned with secure profiles). The TLS zone is configured with its TLS verify mode set to On if the Unified
CM discovery had TLS verify mode enabled. This means that the VCS Control will verify the CallManager certificate
for subsequent SIP communications.
Note:
Secure profiles are downgraded to use TCP if Unified CM is not in mixed mode.
The VCS neighbor zones to Unified CM use the names of the Unified CM nodes that were returned by Unified CM
when the Unified CM publishers were added (or refreshed) to the VCS. The VCS uses those returned names to
connect to the Unified CM node. If that name is just the host name then:
when the Unified CM publishers were added (or refreshed) to the VCS. The VCS uses those returned names to
connect to the Unified CM node. If that name is just the host name then:
■
it needs to be routable using that name
■
this is the name that the VCS expects to see in the Unified CM's server certificate
If you are using secure profiles, ensure that the root CA of the authority that signed the VCS Control certificate is
installed as a CallManager-trust certificate (Security > Certificate Management in the Cisco Unified OS
Administration application).
installed as a CallManager-trust certificate (Security > Certificate Management in the Cisco Unified OS
Administration application).
Media Encryption
Media encryption is enforced on the call legs between the VCS Control and the VCS Expressway, and between the
VCS Expressway and endpoints located outside the enterprise.
VCS Expressway and endpoints located outside the enterprise.
The encryption is physically applied to the media as it passes through the B2BUA on the VCS Control.
Limitations
■
The IPV4 protocol only is supported for mobile and remote access users
■
In VCS Expressway systems that use dual network interfaces, XCP connections (for IM&P XMPP traffic)
always use the non-external (i.e. internal) interface. This means that XCP connections may fail in
deployments where the VCS Expressway internal interface is on a separate network segment and is used for
system management purposes only, and where the traversal zone on the VCS Control connects to the VCS
Expressway's external interface.
always use the non-external (i.e. internal) interface. This means that XCP connections may fail in
deployments where the VCS Expressway internal interface is on a separate network segment and is used for
system management purposes only, and where the traversal zone on the VCS Control connects to the VCS
Expressway's external interface.
Unsupported Endpoint Features when Using Mobile and Remote Access
■
Calls to/from additional lines on IP phones and endpoints that support multiple lines; only the primary line is
supported via Mobile and Remote Access
supported via Mobile and Remote Access
■
Directory access mechanisms other than UDS
■
Certificate provisioning to remote endpoints e.g. CAPF
■
Features that rely on the SIP UPDATE method (
) will not work as expected because the VCS does not
support this method. For example, CUCM and endpoints use UPDATE to implement blind transfer, which does
not work correctly via MRA.
not work correctly via MRA.
■
Peer-to-peer file transfer when using IM and Presence Service and Jabber is unsupported via MRA
—
Managed File Transfer (MFT) with IM and Presence Service 10.5.2 (and later) and Jabber 10.6 (and later)
clients is supported via MRA
clients is supported via MRA
—
File transfer with WebEx Messenger Service and Cisco Jabber is supported via MRA
■
Deskphone control (QBE/CTI)
■
Additional mobility features including GSM handoff and session persistency
■
Hunt group/hunt pilot/hunt list
■
Self-care portal
38
Mobile and Remote Access Through Cisco Video Communication Server Deployment Guide
Additional Information