Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
■
The Login account authentication configuration page has been removed, and the Administrator
authentication source and FindMe authentication source settings are now on the Login account LDAP
configuration page.
authentication source and FindMe authentication source settings are now on the Login account LDAP
configuration page.
■
The
xConfiguration Interworking Require Invite Header Mode
is now
Off
by default.
■
The Directory option has been removed from the list of restriction policies on the Registration configuration
page and the list of Call Policy modes on the Call Policy configuration page.
page and the list of Call Policy modes on the Call Policy configuration page.
■
The DNS lookup tool includes Unified Communications SRV services.
X7.2.1
The VCS Starter Pack Express supports Cisco Jabber for iPad.
X7.2
Controlled SIP TLS connections to the Default Zone
Default Zone access rules that control which external systems are allowed to connect over SIP TLS to the VCS via
the Default Zone can now be configured.
the Default Zone can now be configured.
Each rule specifies a pattern type and string that is compared to the identities (Subject Common Name and any
Subject Alternative Names) contained within the certificate presented by the external system. You can then allow or
deny access to systems whose certificates match the specified pattern.
Subject Alternative Names) contained within the certificate presented by the external system. You can then allow or
deny access to systems whose certificates match the specified pattern.
Device authentication
■
The VCS can now be configured to authenticate devices against multiple remote H.350 directory servers. This
provides a redundancy mechanism in the event of reachability problems to an H.350 directory server.
provides a redundancy mechanism in the event of reachability problems to an H.350 directory server.
■
As from version X7.2, the VCS attempts to verify device credentials presented to it (for Digest authentication)
by first checking against its on-box local database of usernames and passwords, before checking against any
configured H.350 directory server. As a result of this:
by first checking against its on-box local database of usernames and passwords, before checking against any
configured H.350 directory server. As a result of this:
—
The Device authentication configuration page no longer exists; there is no longer an option to switch
between an authentication database type of Local database or LDAP database.
between an authentication database type of Local database or LDAP database.
—
The NTLM protocol challenges setting is now configured on the Active Directory Service page.
■
The Device LDAP configuration and Device LDAP schemas pages are now called Device authentication
H.350 configuration and Device authentication H.350 schemas respectively.
H.350 configuration and Device authentication H.350 schemas respectively.
■
The Alias origin field on the Device authentication H.350 configuration page is now called Source of aliases
for registration.
for registration.
Enhanced account security
■
Administrator accounts can now be configured to authenticate first against the local database and then if no
matching account is found to fall back to a check against the external credentials directory.
matching account is found to fall back to a check against the external credentials directory.
■
When defining administrator accounts and groups, you can now also specify if the account/group can access
the web interface and/or the XML/REST APIs.
the web interface and/or the XML/REST APIs.
■
When strict passwords are enforced for administrator accounts, you can now customize the rules for what
constitutes a strict password.
constitutes a strict password.
■
Local administrator passwords are now stored using a SHA512 hash.
■
In a cluster, the default admin account password is now replicated across all peers.
■
Note that the
Login Administrator
set of
xConfiguration
CLI commands are no longer supported.
508
Cisco TelePresence Video Communication Server Administrator Guide