Cisco Cisco TelePresence Video Communication Server Expressway
Unified Communications prerequisites
Configuring a secure traversal zone connection for Unified
Communications
Communications
To support Unified Communications features (such as mobile and remote access or Jabber Guest), there
must be a Unified Communications traversal zone connection between the VCS Control and the VCS
Expressway. This involves:
must be a Unified Communications traversal zone connection between the VCS Control and the VCS
Expressway. This involves:
n
Installing suitable security certificates on the VCS Control and the VCS Expressway.
n
Configuring a Unified Communications traversal zone between the VCS Control and the VCS Expressway
Note: You should configure only one Unified Communications traversal zone per VCS.
Installing VCS security certificates
You must set up trust between the VCS Control and the VCS Expressway:
1. Install a suitable server certificate on both the VCS Control and the VCS Expressway.
l
The certificate must include the Client Authentication extension. The system will not allow you to
upload a server certificate without this extension when Unified Communications features have been
enabled.
upload a server certificate without this extension when Unified Communications features have been
enabled.
l
The VCS includes a built-in mechanism to generate a certificate signing request (CSR) and is the
recommended method for generating a CSR:
recommended method for generating a CSR:
o
Ensure that the CA that signs the request does not strip out the client authentication extension.
o
The generated CSR includes the client authentication request and any relevant subject alternate
names for the Unified Communications features that have been enabled (see
names for the Unified Communications features that have been enabled (see
if appropriate).
l
To generate a CSR and /or to upload a server certificate to the VCS, go to
Maintenance > Security
certificates > Server certificate
. You must restart the VCS for the new server certificate to take effect.
2. Install on both VCSs the trusted Certificate Authority (CA) certificates of the authority that signed the
VCS's server certificates.
There are additional trust requirements, depending on the Unified Communications features being
deployed.
For mobile and remote access deployments:
There are additional trust requirements, depending on the Unified Communications features being
deployed.
For mobile and remote access deployments:
l
The VCS Control must trust the Unified CM and IM&P tomcat certificate.
l
If appropriate, both the VCS Control and the VCS Expressway must trust the authority that signed the
endpoints' certificates.
endpoints' certificates.
For Jabber Guest deployments:
l
When the Jabber Guest server is installed, it uses a self-signed certificate by default. However, you
can install a certificate that is signed by a trusted certificate authority. You must install on the VCS
Control either the self-signed certificate of the Jabber Guest server, or the trusted CA certificates of the
authority that signed the Jabber Guest server's certificate.
can install a certificate that is signed by a trusted certificate authority. You must install on the VCS
Control either the self-signed certificate of the Jabber Guest server, or the trusted CA certificates of the
authority that signed the Jabber Guest server's certificate.
To upload trusted Certificate Authority (CA) certificates to the VCS, go to
Maintenance > Security
certificates > Trusted CA certificate
. You must restart the VCS for the new trusted CA certificate to
take effect.
for full information about how to create and
upload the VCS’s server certificate and how to upload a list of trusted certificate authorities.
Unified Communications Mobile and Remote Access via Cisco VCS Deployment Guide (X8.5.1)
Page 15 of 50
Unified Communications prerequisites