Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
By default, access via HTTPS and SSH is enabled. For optimum security, disable HTTPS and SSH and use
the serial port to manage the system. Because access to the serial port allows the password to be reset, we
recommend that you install the VCS in a physically secure environment.
the serial port to manage the system. Because access to the serial port allows the password to be reset, we
recommend that you install the VCS in a physically secure environment.
HTTP Strict Transport Security (HSTS)
HTTP Strict Transport Security (HSTS) provides a mechanism where a web server forces a web browser to
communicate with it using secure connections only.
communicate with it using secure connections only.
As of October 2012, this mechanism is supported by the following browsers:
n
Chrome, versions 4.0.211.0 and later
n
Firefox, versions 4 and later
When HSTS is enabled, a browser that supports HSTS will:
n
Automatically turn any insecure links to the website into secure links (for example,
http://example.com/page/
http://example.com/page/
is modified to https://example.com/page/ before accessing the
server).
n
Only allow access to the server if the connection is secure (for example, the server's TLS certificate is
valid, trusted and not expired).
valid, trusted and not expired).
Browsers that do not support HSTS will ignore the Strict-Transport-Security header and work as before. They
will still be able to access the server.
will still be able to access the server.
Note that compliant browsers only respect Strict-Transport-Security headers if they access the server
through its fully qualified name (rather than its IP address).
through its fully qualified name (rather than its IP address).
VCS unit front panel
The LCD panel on the front of the VCS hardware unit has a rotating display of the VCS's system name, IP
addresses, alarms, and the number of current traversal calls, non-traversal calls and registrations.
addresses, alarms, and the number of current traversal calls, non-traversal calls and registrations.
To control the display of status items:
n
ENTER
stops the display from automatically rotating through the status items. This is useful if you need to
review all of the alarms or read a long IPv6 address. Press ENTER again to resume the rotating display.
n
UP/DOWN
displays the previous or next status item.
You can configure the front panel to hide this identifying information, if required for security reasons for
example, by using the CLI command xConfiguration Administration LCDPanel Mode. If the
mode is set to Off the front panel only displays "Cisco".
example, by using the CLI command xConfiguration Administration LCDPanel Mode. If the
mode is set to Off the front panel only displays "Cisco".
Configuring SNMP settings
The
SNMP
page (
System > SNMP
) is used to configure the VCS's SNMP settings.
Tools such as Cisco TMS or HP OpenView may act as SNMP Network Management Systems (NMS). They
allow you to monitor your network devices, including the VCS, for conditions that might require administrative
attention.
allow you to monitor your network devices, including the VCS, for conditions that might require administrative
attention.
.
The information made available by the VCS includes the following:
Cisco VCS Administrator Guide (X8.1.1)
Page 43 of 507
Network and system settings
Network services