Cisco Cisco TelePresence Video Communication Server Expressway
Note: These credentials are stored permanently in the VCS database. The corresponding Unified CM
user must have the Standard AXL API Access role.
user must have the Standard AXL API Access role.
d. [Recommended] Leave TLS verify mode switched On to ensure VCS verifies the node's certificates.
The Unified CM node presents its tomcat certificate for AXL and UDS queries, and its CallManager
certificate for subsequent SIP traffic. If the Unified CM server is using self-signed certificates, the
VCS Control's trusted CA list must include a copy of the tomcat certificate and the CallManager
certificate from every Unified CM server.
certificate for subsequent SIP traffic. If the Unified CM server is using self-signed certificates, the
VCS Control's trusted CA list must include a copy of the tomcat certificate and the CallManager
certificate from every Unified CM server.
e. Click Add address.
The system attempts to contact the publisher and retrieve details of its associated nodes.
3. Repeat the discovery procedure for other Unified CM nodes/clusters, if required.
4. Click Refresh servers to refresh all the node details after configuring multiple publisher addresses.
Automatically generated zones and search rules
VCS Control automatically generates non-configurable neighbor zones between itself and each discovered
Unified CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is
configured with a Cluster Security Mode (
Unified CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is
configured with a Cluster Security Mode (
System > Enterprise Parameters > Security Parameters
) of 1
(Mixed) (so that it can support devices provisioned with secure profiles). The TLS zone is configured with its
TLS verify mode set to On if the Unified CM discovery had TLS verify mode enabled. This means that the
VCS Control will verify the CallManager certificate for subsequent SIP communications. Each zone is
created with a name in the format 'CEtcp-<node name>' or 'CEtls-<node name>'.
TLS verify mode set to On if the Unified CM discovery had TLS verify mode enabled. This means that the
VCS Control will verify the CallManager certificate for subsequent SIP communications. Each zone is
created with a name in the format 'CEtcp-<node name>' or 'CEtls-<node name>'.
A non-configurable search rule, following the same naming convention, is also created automatically for each
zone. The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has
a long name, the search rule will use a regex for its address pattern match.
zone. The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has
a long name, the search rule will use a regex for its address pattern match.
Note that load balancing is managed by Unified CM when it passes routing information back to the registering
endpoints.
endpoints.
Configuring the HTTP server allow list (whitelist) on VCS
Control
Control
Jabber client endpoints may need to access additional web services inside the enterprise. This requires an
"allow list" of servers to be configured to which the VCS will grant access for HTTP traffic originating from
outside the enterprise.
"allow list" of servers to be configured to which the VCS will grant access for HTTP traffic originating from
outside the enterprise.
Unified Communications Mobile and Remote Access via Cisco VCS Deployment Guide (X8.2)
Page 18 of 40
Configuring mobile and remote access on VCS