Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Introduction
Cisco VCS Administrator Guide (X7.2)
Page 21 of 498
What’s new in this version?
The new features introduced in this release of VCS software are described below.
Controlled SIP TLS connections to the Default Zone
Default Zone access rules that control which external systems are allowed to connect over SIP TLS to the
VCS via the Default Zone can now be configured.
VCS via the Default Zone can now be configured.
Each rule specifies a pattern type and string that is compared to the identities (Subject Common Name and
any Subject Alternative Names) contained within the certificate presented by the external system. You can
then allow or deny access to systems whose certificates match the specified pattern.
any Subject Alternative Names) contained within the certificate presented by the external system. You can
then allow or deny access to systems whose certificates match the specified pattern.
Device authentication
n
The VCS can now be configured to authenticate devices against multiple remote H.350 directory servers.
This provides a redundancy mechanism in the event of reachability problems to an H.350 directory server.
This provides a redundancy mechanism in the event of reachability problems to an H.350 directory server.
n
As from version X7.2, the VCS attempts to verify device credentials presented to it (for Digest
authentication) by first checking against its on-box local database of usernames and passwords, before
checking against any configured H.350 directory server. As a result of this:
authentication) by first checking against its on-box local database of usernames and passwords, before
checking against any configured H.350 directory server. As a result of this:
l
The
Device authentication configuration
page no longer exists; there is no longer an option to switch
between an authentication database type of Local database or LDAP database.
l
The NTLM protocol challenges setting is now configured on the
Active Directory Service
page.
n
The
Device LDAP configuration
and
Device LDAP schemas
pages are now called
Device
authentication H.350 configuration
and
Device authentication H.350 schemas
respectively.
n
The Alias origin field on the
Device authentication H.350 configuration page
is now called Source of
aliases for registration.
Enhanced account security
n
Administrator accounts can now be configured to authenticate first against the local database and then if no
matching account is found to fall back to a check against the external credentials directory.
matching account is found to fall back to a check against the external credentials directory.
n
When defining administrator accounts and groups, you can now also specify if the account/group can
access the web interface and/or the XML/REST APIs.
access the web interface and/or the XML/REST APIs.
n
When strict passwords are enforced for administrator accounts, you can now customize the rules for what
constitutes a strict password.
constitutes a strict password.
n
Local administrator passwords are now stored using a SHA512 hash.
n
In a cluster, the default admin account password is now replicated across all peers.
n
Note that the Login Administrator set of xConfiguration CLI commands are no longer
supported.
supported.