The Cisco TelePresence Video Communication Server (VCS) software simplifies session management and control of telepresence conferences. It provides flexible and extensible conferencing applications, enabling organizations to benefit from increased employee productivity and enhanced communication with partners and customers.
The VCS delivers exceptional scalability and resiliency, secure communications, and simplified large-scale provisioning and network administration in conjunction with Cisco TelePresence Management Suite (Cisco TMS).
The VCS interworks transparently with Cisco Unified Communications Manager (Unified CM), bringing rich telepresence services to organizations with Unified CM. It also offers interoperability with third-party unified communications, IP telephony networks, and voice-over-IP (VoIP) systems.
The VCS supports on-premises and cloud applications and is available as a dedicated appliance or as a virtualized application on VMware, with additional support for Cisco Unified Computing System (Cisco UCS) platforms.
You can deploy the VCS as the VCS Control for use within an enterprise and as the VCS Expressway for business-to-business and remote and mobile worker external communication. An alternative solution, suited to small to medium-sized businesses (SMBs), is the VCS Starter Pack Express.
Optional packages that you can deploy include FindMe, Device Provisioning, and Advanced Networking (VCS Expressway only).
This report was generated with the following settings.
The following section provides details of the software, hardware, and time settings of the Expressway.
This section shows network services and settings related options that appear under the System menu of the web interface. These options help to configure the VCS in relation to the network in which it is located, for example its IP settings, firewall rules, intrusion protection and the external services used by the VCS (for example DNS, NTP and SNMP).
The System Administration shows the name of the Cisco TelePresence Video Communication Server system and methods by which the system may be accessed by administrators. Although you can administer the Cisco TelePresence Video Communication Server through a PC connected directly to the unit with a serial cable, you may want to access the system remotely over IP. You can do this using the web interface via HTTPS, or through a command line interface via SSH. Configurable options are for:
1 Report Information
1.1 Report Summary
Report Info Report Date Report generated for Description Server Info Expressway version Expressway IP Report Settings Report Type Visual Style Report Content Template HTML Template Word Report Tool Info Report Tool Version Report Tool License 1.2 Presenter
Presenter Information Company Name Title Address Telephone Email 1.3 Client
Client Information Company Name Title Address Telephone Email 2 Information
System Information General System name Product Software Software version Software build Software release date Software name Software Release Key Hardware Hardware version Serial number Time Information System time (UTC) Time zone Local time Uptime Options Non-Traversal Calls Traversal Calls Registrations TPRoom TURN Relays Expressway Encryption Interworking FindMe Dual Network Interfaces Advanced Account Security Starter Pack Enhanced OCS Collaboration ExpresswaySeries 3 System
3.1 Administration
| Administration | |
| System Name | |
| System name | |
| Ephemeral Port Range | |
| Start | |
| End | |
| Services | |
| Serial port / console | |
| SSH service | |
| Web interface (over HTTPS) | |
| Session Limits | |
| Session time out (minutes) | |
| Per-account session limit | |
| System session limit | |
| System Protection | |
| Automatic discovery protection | |
| Web Server Configuration | |
| Redirect HTTP requests to HTTPS | |
| HTTP strict transport security (HSTS) | |
| Client certificate-based security | |
This section shows settings for:
This section shows configuration of speed for the connections between the Expressway and the Ethernet networks to which it is connected. The speed and duplex mode must be the same at both ends of the connection. If you installed the Advanced Networking option, you can configure the speed and duplex mode for each Ethernet port. The default Speed is Auto, which means that the Expressway and the connected switch will automatically negotiate the speed and duplex mode.
| Ethernet | |||||||||
| |||||||||
The IP section shows configuration of the IP protocols and network interface settings of the Expressway. Expressway can be configured to use IPv4, IPv6 or Both protocols. The default is Both.
All IPv6 addresses configured on the Expressway are treated as having a /64 network prefix length.
| Ethernet | |||||||||
| |||||||||
| |||||||||
This section shows Static Routes from the Expressway to an IPv4 or IPv6 address range.
Static routes are sometimes required when using the Advanced Networking option and deploying the Expressway in a DMZ. They may also be required in other complex network deployments.
| Static Routes | |||||||||
| |||||||||
| |||||||||
| |||||||||
The Domain name is used when attempting to resolve unqualified server addresses (for example ldapserver). It is appended to the unqualified server address before the query is sent to the DNS server. If the server address is fully qualified (for example ldapserver.mydomain.com) or is in the form of an IP address, the domain name is not appended to the server address before querying the DNS server.
| DNS | |||||||
| DNS Settings | |||||||
| System host name | |||||||
| Domain name | |||||||
| DNS requests port range | |||||||
| Default DNS servers | |||||||
| Address 1 | |||||||
| Address 2 | |||||||
| Address 3 | |||||||
| Address 4 | |||||||
| Address 5 | |||||||
| Per-domain DNS Servers | |||||||
| Per-domain DNS servers | |||||||
The Time section shows configuration of the Expressway's NTP servers and the local time zone. An NTP server is a remote server with which the Expressway synchronizes in order to ensure its time is accurate. The NTP server provides the Expressway with UTC time. Accurate time is necessary for correct system operation.
| Time | |||||||||||
| NTP Servers | |||||||||||
| Time Zone | |||||||||||
This section shows the Expressway's SNMP settings. Tools such as Cisco TelePresence Management Suite (Cisco TMS) or HP OpenView may act as SNMP Network Management Systems (NMS). They allow monitoring of network devices, including the Expressway, for conditions that might require administrative attention. The Expressway supports the most basic MIB-II tree (.1.3.6.1.2.1) as defined in RFC 1213. The information made available by the Expressway includes the following:
By default, SNMP is Disabled, therefore to allow the Expressway to be monitored by an SNMP NMS (including Cisco TMS), alternative SNMP mode must be selected.
| SNMP | |
| Configuration | |
| SNMP mode | |
| Description | |
| Community name | |
| System contact | |
| Location | |
| Username | |
| v3 Authentication | |
| Authentication mode | |
An Expressway can be part of a cluster of up to six Expressways. Each Expressway in the cluster is a peer of every other Expressway in the cluster. When creating a cluster, the cluster name should be defined and one peer must be nominated as the master from which all relevant configurations are replicated to the other peers in the cluster. Clusters are used to:
| Clustering | |
| Configuration | |
| Cluster name (FQDN for provisioning) | |
| Configuration master | |
| Peer 1 IP address | |
| Peer 2 IP address | |
| Peer 3 IP address | |
| Peer 4 IP address | |
| Peer 5 IP address | |
| Peer 6 IP address | |
| Cluster Address Mapping | |
| Cluster address mapping enabled | |
The Protection section shows settings for intruder protection, used to detect and block malicious traffic and to help protect the VCS from dictionary-based attempts to breach login security.
The Automatic Detection works by parsing the system log files to detect repeated failures to access specific service categories, such as SIP, SSH and web/HTTPS access. When the number of failures within a specified time window reaches the configured threshold, the source host address (the intruder) and destination port are blocked for a specified period of time. The host address is automatically unblocked after that time period so as not to lock out any genuine hosts that may have been temporarily misconfigured.
The report shows the Automated Detection Configuration, Exemptions and Blocked Addresses.
The automated protection service can be used to detect and block malicious traffic and to help protect the VCS from dictionary-based attempts to breach login security.
It works by parsing the system log files to detect repeated failures to access specific service categories, such as SIP, SSH and web/HTTPS access. When the number of failures within a specified time window reaches the configured threshold, the source host address (the intruder) and destination port are blocked for a specified period of time. The host address is automatically unblocked after that time period so as not to lock out any genuine hosts that may have been temporarily misconfigured.
The Configuration is used to enable and configure the VCS's protection categories, and to view current activity.
Automated protection should be used in combination with the Firewall Rules feature - use automated protection to dynamically detect and temporarily block specific threats, and use firewall rules to permanently block a range of known host addresses.
| Automated detection overview | ||||||||||
The Exemptions section shows IP addresses that are to be exempted always from one or more protection categories.
The Quality of Service (QoS) shows configuration of QoS options for outbound traffic from the Expressway. This allows the network administrator to tag all signalling and media packets flowing through the Expressway with one specific QoS tag and hence provide the ability to prioritize video traffic over normal data traffic. Management traffic, for example SNMP messages, is not tagged.
| Quality of Service | |
| Configuration | |
| DSCP Signaling value | |
| DSCP Audio value | |
| DSCP Video value | |
| DSCP XMPP value | |
The External Manager shows the configuration of Expressway's connection to an external management system. An external manager is a remote system, such as the Cisco TelePresence Management Suite (Cisco TMS), used to monitor events occurring on the Expressway, for example call attempts, connections and disconnections, and as a place for where the Expressway can send alarm information. The use of an external manager is optional.
| External Manager | |
| Configuration | |
| Address | |
| Path | |
| Protocol | |
| Certificate verification mode | |
This section shows settings for:
This section provides information about how to configure the Expressway to support the SIP and H.323 protocols.
The H.323 shows configuration for H.323 settings on the Expressway, including whether H.323 is enabled or not, Gatekeeper and Gateway settings.
| H.323 | |
| Configuration | |
| H.323 mode | |
| Gatekeeper | |
| Registration UDP port | |
| Registration conflict mode | |
| Call signaling TCP port | |
| Call signaling port range start | |
| Call signaling port range end | |
| Time to live | |
| Call time to live | |
| Auto discover | |
| Gateway | |
| Caller ID | |
The SIP section shows the configuration for SIP settings on the Expressway, including:
| SIP | |
| Configuration | |
| SIP mode | |
| UDP mode | |
| UDP port | |
| TCP mode | |
| TCP port | |
| TLS mode | |
| TLS port | |
| Mutual TLS mode | |
| Mutual TLS port | |
| TCP outbound port start | |
| TCP outbound port end | |
| Session refresh interval (seconds) | |
| Minimum session refresh interval (seconds) | |
| TLS handshake timeout (seconds) | |
| Certificate Revocation Checking | |
| Certificate revocation checking mode | |
| Registration Controls | |
| Standard registration refresh strategy | |
| Standard registration refresh minimum (seconds) | |
| Standard registration refresh maximum (seconds) | |
| Outbound registration refresh strategy | |
| Outbound registration refresh minimum (seconds) | |
| Outbound registration refresh maximum (seconds) | |
| SIP registration proxy mode | |
| Advanced | |
| SIP max size | |
| SIP TCP connect timeout | |
| SIP Tls DH key size | |
| SIP Tls versions | |
The Interworking section contains configurations indicating whether or not the Expressway acts as a gateway between SIP and H.323 calls. The translation of calls from one protocol to the other is known as "interworking".
| Interworking | |
| Configuration | |
| H.323 <-> SIP interworking mode | |
For an endpoint to use the VCS as its H.323 gatekeeper or SIP registrar, the endpoint must first register with the VCS. The VCS can be configured to control which devices are allowed to register with it by using the following mechanisms:
These mechanisms can be used together. For example, authentication can be used to verify an endpoint's identity from a corporate directory, and registration restriction to control which of those authenticated endpoints may register with a particular VCS.
The Registration configuration page is used to control how the VCS manages its registrations, with the Registration Policy setting to be used while determining which endpoints may register with the system.
| Registration Configuration | |
| Configuration | |
| Restriction Policy | |
| Protocol | |
| Certificate verification mode | |
| HTTPS certificate revocation list (CRL) checking | |
| Server 1 address | |
| Server 2 address | |
| Server 3 address | |
| Path | |
| Status path | |
| Username | |
| Default CPL | |
The Registration Allow List shows the endpoint aliases and alias patterns that are allowed to register with the VCS. Only one of an endpoint's aliases needs to match an entry in the Allow List for the registration to be allowed. A Restriction policy must be selected to use the Allow List.
| Registration Allow List | ||
The Registration Deny List section shows the endpoint aliases and alias patterns that are not allowed to register with the VCS. Only one of an endpoint's aliases needs to match an entry in the Deny List for the registration to be denied. A Restriction policy must be selected to use the Deny List.
| Registration Deny List | ||
This section provides information about the VCS's authentication policy with the Outbound Connection Credentials and Devices.
The Outbound Connection Credentials section shows the username that VCS will use whenever it is required to authenticate with external systems.
| Outbound Connection Credentials | |
| Configuration | |
| Authentication username | |
Device authentication is the verification of the credentials of an incoming request to the Cisco TelePresence Video Communication Server (VCS) from a device or external system. It is used so that certain functionality may be reserved for known and trusted users, for example the publishing of presence status, collection of provisioning data, or the ability to use resources that cost money like ISDN gateway calling.
When device authentication is enabled on a VCS, any device that attempts to communicate with the VCS is challenged to present its credentials (typically based on a username and password). The VCS will then verify those credentials, or have them verified, according to the authentication method, and then accept or reject the message accordingly.
VCS authentication policy can be configured separately for each zone and subzone. This means that both authenticated and unauthenticated devices could be allowed to register to, and communicate with, the same VCS if required. Subsequent call routing decisions can then be configured with different rules based upon whether a device is authenticated or not. See Configuring VCS authentication policy for more information.
The local authentication database is included as part of VCS system and does not require any specific connectivity configuration. It is used to store user account authentication credentials. Each set of credentials consists of a name and password.
The credentials in the local database can be used for device (SIP and H.323), traversal client and TURN client authentication.
Same credentials can be used by more than one device.
| Local Database |
Active Directory database (direct) authentication uses NTLM protocol challenges and authenticates credentials via direct access to an Active Directory server using a Kerberos connection.
It can be enabled at the same time as local database and H.350 directory service authentication. This is because NTLM authentication is only supported by certain endpoints. Therefore, for example, Active Directory (direct) server method can be used for Jabber Video, and the local database or H.350 directory service authentication for the other devices that do not support NTLM.
If Active Directory (direct) authentication has been configured and NTLM protocol challenges is set to Auto, then NTLM authentication challenges are offered to those devices that support NTLM. Devices that do not support NTLM will continue to receive a standard Digest challenge.
The VCS embeds NTLMv2 authentication protocol messages within standard SIP messages when communicating with endpoint devices, and uses a secure RPC channel when communicating with the AD Domain Controller. Users' Windows domain credentials and the AD domain administrator credentials are not stored on the VCS.
| Active Directory Service | |
| Configuration | |
| Connect to active directory service | |
| NTLM protocol challenges | |
This section shows the Device authentication H.350 configuration for connection via LDAP to an H.350 directory service. An H.350 directory service lookup can be used for authenticating any endpoint, SIP and H.323.
| H.350 Directory Service | |
| H.350 Directory Service Configuration | |
| H.350 device authentication | |
| Source of aliases for registration | |
| LDAP Server Configuration | |
| Server address | |
| FQDN address resolution | |
| Port | |
| Encryption | |
| Authentication Configuration | |
| Bind DN | |
| Directory Configuration | |
| Base DN for devices | |
One of the functions of the VCS is to route calls to their appropriate destination. It does this by processing incoming search requests in order to locate the given target alias. These search requests are received from:
There are a number of steps involved in determining the destination of a call, and some of these steps can involve transforming the alias or redirecting the call to other aliases.
It is important to understand the process before setting up dial plan so that circular references can be avoided, where an alias is transformed from its original format to a different format, and then back to the original alias. The VCS is able to detect circular references. If it identifies one it will terminate that branch of the search and return a "policy loop detected" error message.
| Call Routing | |
| Configuration | |
| Call signaling optimization | |
| Call loop detection mode | |
This section shows collection of all endpoints, gateways, MCUs and Content Servers registered with the VCS makes up its Local Zone. The Local Zone is divided into subzones. These include an automatically created Default Subzone and up to 1000 manually configurable subzones. When an endpoint registers with the VCS it is allocated to an appropriate subzone based on subzone membership rules. These rules specify the range of IP addresses or alias pattern matches for each subzone. If an endpoint's IP address or alias does not match any of the membership rules, it is assigned to the Default Subzone. The Local Zone may be independent of network topology, and may comprise multiple network segments. The VCS also has two special types of subzones:
This section shows Default Subzones used to place bandwidth restrictions on calls involving endpoints in the Default Subzone, and to specify the Default Subzone's registration, authentication and media encryption policies.
When an endpoint registers with the VCS, its IP address and alias is checked against the subzone membership rules and it is assigned to the appropriate subzone. If no subzones have been created, or the endpoint's IP address or alias does not match any of the subzone membership rules, it is assigned to the Default Subzone (subject to the Default Subzone's Registration policy and Authentication policy).
The use of a Default Subzone on its own (without any other manually created subzones) is suitable only if uniform bandwidth available between all endpoints. Note that if a Local Zone contains two or more different networks with different bandwidth limitations, separate subzones for each different part of the network should be configured.
| Default Subzone | |
| Policy | |
| Registration policy | |
| Authentication policy | |
| SIP | |
| Media encryption mode | |
| ICE supports | |
| Multistream mode | |
| AES GCM support | |
| SIP UPDATE for session refresh | |
| Total Bandwidth Available | |
| Bandwidth restriction | |
| Bandwidth limit (kbps) | |
| Calls Into or Out of the Default Subzone | |
| Bandwidth restriction | |
| Per call bandwidth limit (kbps) | |
| Calls Entirely Within This Subzone | |
| Bandwidth restriction | |
| Per call bandwidth limit (kbps) | |
The Traversal Subzone is a conceptual subzone. No endpoints can be registered to the Traversal Subzone; its sole purpose is to control the bandwidth used by traversal calls.
The Traversal Subzone allows to place bandwidth restrictions on calls being handled by the Traversal Subzone and to configure the range of ports used for the media in traversal calls.
| Traversal Subzone | |
| Ports | |
| Traversal media port start | |
| Traversal media port end | |
| Total Bandwidth Available | |
| Bandwidth restriction | |
| Bandwidth limit (kbps) | |
| Calls Handled by Traversal Subzone | |
| Bandwidth restriction | |
| Per call bandwidth limit (kbps) | |
The Local Zone's subzones are used for bandwidth management and to control registration and authentication policies.
The Subzones lists all the subzones that have been configured on the VCS, and allows one to create, edit and delete subzones. For each subzone, it shows how many membership rules it has, how many devices are currently registered to it, and the current number of calls and bandwidth in use. Up to 1000 subzones can be configured.
After configuring a subzone, the Subzone membership rules should be set up to control which subzone an endpoint device is assigned to when it registers with the VCS as opposed to defaulting to the Default Subzone.
| Subzones | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
The Subzone membership rules section shows configuration of the rules that determine, based on the address of the device, to which subzone an endpoint is assigned when it registers with the VCS.
The page lists all the subzone membership rules that have been configured on the VCS, and lets one to create, edit, delete, enable and disable rules. Rule properties include:
Note that if an endpoint's IP address or registration alias does not match any of the membership rules, it is assigned to the Default Subzone. Up to 3000 subzone membership rules can be configured.
| Subzone Membership Rules | |||||||||||||||||||
| |||||||||||||||||||
The Zone status lists all of the external zones on the VCS. It shows the number of calls and amount of bandwidth being used by each zone.
The list of zones always includes the Default Zone, plus any other zones that have been created.
A zone is a collection of endpoints, either all registered to a single system or located in a certain way such as via an ENUM or DNS lookup. Zones are used to:
| Zones | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The Domains lists the SIP domains managed by this VCS.
A domain name can comprise multiple levels. Each level's name can only contain letters, digits and hyphens, with each level separated by a period (dot). A level name cannot start or end with a hyphen, and the final level name must start with a letter. An example valid domain name is 100.example-name.com.
Note that values shown in the Index column correspond to the numeric elements of the %localdomain1%, %localdomain2%, . . . %localdomain200% pattern matching variables.
Up to 200 domains can be configured.
| Domains | |||||||||||||||
| |||||||||||||||
| |||||||||||||||
| |||||||||||||||
This section shows configuration for the VCS Control and VCS Expressway for Unified Communications functionality, a core part of the Cisco Collaboration Edge Architecture. The section show settings for:
This section shows the settings for Unified Communications mode and related attributes.
| Unified Communications | |
| Configuration | |
| Unified Communications mode | |
| MRA Access Control | |
| Authentication path | |
| Authorize by OAuth token with refresh | |
| Authorize by user credential | |
| Allow Jabber iOS clients to use embedded Safari browser | |
| Check for internal authentication availability | |
| Allow activation code onboarding | |
| Authorize by OAuth token | |
| Advanced | |
| Maximum authorizations per period | |
| Rate control period (seconds) | |
A deployment is an abstract boundary used to enclose a domain and one or more Unified Communications service providers, such as Unified CM, Cisco Unity Connection, and IM and Presence Service nodes.
The purpose of multiple deployments is to partition the Unified Communications services available to mobile and remote access (MRA) users. This enables different subsets of MRA users to access different sets of services over the same VCS pair.
| Deployments |
The VCS Control must be configured with the address details of the Unified Communications services/nodes that are going to provide registration, call control, provisioning, voicemail, messaging, and presence services to MRA users.
| Unified Communications | |
This section lists any IM and Presence Service nodes that have already been discovered.
| IM and Presence Service Nodes | |
This section lists any Cisco Unity Connection nodes that have already been discovered.
| Unity Connection Servers | |
Cisco Jabber Guest is a consumer to business (C2B) solution that extends the reach of Cisco's enterprise telephony to people outside of a corporate firewall who do not have phones registered with Cisco Unified Communications Manager.
It allows an external user to click on a hyperlink (in an email or a web page) that will download and install (on first use) a H.264 plugin into the user's browser. It then uses http-based call control to "dial" a URL to place a call to a predefined destination inside the enterprise. The user is not required to open an account, create a password, or otherwise authenticate.
To enable the call to be placed, it uses the Expressway solution (a secure traversal zone between the VCS Control and VCS Expressway) as a Unified Communications gateway to traverse the firewall between the Jabber Guest client in the internet and the Jabber Guest servers inside the enterprise to reach the destination user agent (endpoint).
This section shows the structure of the Dial Plan. The Dial Plan determines the aliases assigned to the endpoints, and the way in which the VCSs are neighboured together. The choice of solution will depend on the complexity of the system. The section is divided into:
The simplest approach to configure dial plan is to assign each endpoint a unique alias and divide the endpoint registrations between the VCSs. Each VCS is then configured with all the other VCS as neighbour zones. When one VCS receives a call for an endpoint which is not registered with it, it will send out a Location Request to all the other neighbour VCSs.
While conceptually simple, this sort of flat dial plan does not scale very well. Adding or moving a VCS requires changing the configuration of every VCS, and one call attempt can result in a large number of location requests. This option is therefore most suitable for a deployment with just one or two VCSs plus its peers.
| Dial Plan Configuration | |
| Configuration | |
| Calls to unknown IP addresses | |
| Fallback alias | |
Transforms are used to modify the alias in a search request if it matches certain criteria. An alias can be transformed by removing or replacing its prefix, suffix, or the entire string, and by the use of regular expressions.
This transformation can be applied to the alias at two points in the routing process: as a pre-search transform and as a zone transform.
| Transforms | ||||||
The Search rules section contains configuration showing how the VCS routes incoming search requests to the appropriate target zones (including the Local Zone) or policy services.
| Search Rules | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
This section shows the media encryption policy settings which enables one to selectively add or remove media encryption capabilities for SIP calls flowing through the VCS. The system is configured such that, for example, all traffic arriving or leaving a VCS Expressway from the public internet is encrypted, but is unencrypted when in private network.
| Policy Services | |||||||||||||||||||||||||||
| |||||||||||||||||||||||||||
This section describes how to control the bandwidth that is used for calls within your Local Zone, as well as calls out to other zones. The section includes:
The Bandwidth configuration is used to specify how the VCS behaves in situations when it receives a call with no bandwidth specified, and when it receives a call that requests more bandwidth than is currently available.
| Bandwidth Configuration | |
| Configuration | |
| Default call bandwidth (kbps) | |
| Downspeed per call mode | |
| Downspeed total mode | |
Links connect local subzones with other subzones and zones. For a call to take place, the endpoints involved must each reside in subzones or zones that have a link between them. The link does not need to be direct; the two endpoints may be linked via one or more intermediary subzones.
Links are used to calculate how a call is routed over the network and therefore which zones and subzones are involved and how much bandwidth is available. If multiple routes are possible, your VCS will perform the bandwidth calculations using the one with the fewest links.
| Links | ||||
Pipes are used to control the amount of bandwidth used on calls between specific subzones and zones. The limits can be applied to the total concurrent bandwidth used at any one time, or to the bandwidth used by any individual call.
To apply these limits, you must first create a pipe and configure it with the required bandwidth limitations. Then when configuring links you assign the pipe to one or more links. Calls using the link will then have the pipe's bandwidth limitations applied to them.
| Pipes | |||||||||||||||||
| |||||||||||||||||
This section contains the rules used to control which calls are allowed, which calls are rejected, and which calls are to be redirected to a different destination. These rules are known as Call Policy (or Administrator Policy).
If Call Policy is enabled and has been configured, each time a call is made the VCS will execute the policy in order to decide, based on the source and destination of the call, whether to:
The Call Policy mode controls from where the VCS obtains its Call Policy configuration. The options are:
| Configuration | |
| Call Policy mode | |
To traverse a firewall, the Expressway must be connected with a traversal server (typically, an Expressway-E).
In this situation your local Expressway is a traversal client, so you create a connection with the traversal server by creating a traversal client zone on your local Expressway. You then configure the client zone with details of the corresponding zone on the traversal server. (The traversal server must also be configured with details of the Expressway client zone.)
This section shows settings for:
The Expressway-E has specific listening ports used for firewall traversal. The correct ports must be set on the Expressway-E, traversal client and firewall in order for connections to be permitted. Rules must be set on your firewall to allow connections to these ports. In most cases the default ports should be used.
The following ports are configured:
| Ports | |
| Demultiplexing Ports | |
| Use configured demultiplexing ports | |
| Call Signaling Ports | |
| H.323 Assent call signaling port | |
| H.323 H.460.18 call signaling port | |
TURN (Traversal Using Relays around NAT) services are relay extensions to the STUN network protocol that enable a SIP or H.323 client to communicate via UDP or TCP from behind a NAT device.
TURN relay services are only available on the Expressway-E. To use TURN services you need the TURN Relay option key (this controls the number of TURN relays that can be simultaneously allocated by the TURN server). This section lists the Expressway-E's TURN settings.
| TURN | |
| Server | |
| TURN services | |
| TURN requests port | |
| Authentication realm | |
| Media port range start | |
| Media port range end | |
For an endpoint to use the Expressway as its H.323 gatekeeper or SIP registrar, the endpoint must first register with the Expressway. The Expressway can be configured to control which devices are allowed to register.
The following are the settings for endpoints to register.
| Locally Registered Endpoints | |
| Configuration | |
| H.323 Assent mode | |
| H.460.18 mode | |
| H.460.19 demultiplexing mode | |
| H.323 preference | |
| UDP probe retry interval | |
| UDP probe retry count | |
| UDP probe keep alive interval | |
| TCP probe retry interval | |
| TCP probe retry count | |
| TCP probe keep alive interval | |
This section provides information about each of the additional services that are available under the Applications menu of the VCS. The report shows:
The Conference Factory shows whether the Conference Factory application is enabled and disabled, and the alias and template it uses.
The Conference Factory application allows the VCS to support the Multiway feature. Multiway enables endpoint users to create a conference while in a call even if their endpoint does not have this functionality built in.
Multiway is supported in Cisco TelePresence endpoints including the E20 (software version TE1.0 or later) and MXP range (software version F8.0 or later).
| Conference Factory | |
| Configuration | |
| Mode | |
| Alias | |
| Template | |
| Number range start | |
| Number range end | |
Presence is the ability of endpoints to provide information to other users about their current status - such as whether they are offline, online, or in a call. Any entity which provides presence information, or about whom presence information can be requested, is known as a presentity. Presentities publish information about their own presence status, and also subscribe to the information being published by other presentities and FindMe users.
Endpoints that support presence, such as Jabber Video, can publish their own status information. The VCS can also provide basic presence information on behalf of endpoints that do not support presence, including H.323 endpoints, as long as they have registered with an alias in the form of a URI.
| Presence | |
| PUA | |
| SIP SIMPLE Presence user agent | |
| Default published status for registered endpoints | |
| Presence Server | |
| SIP SIMPLE Presence server | |
FindMe is a form of User Policy, which is the set of rules that determines what happens to a call for a particular user or group when it is received by the Expressway.
The FindMe feature lets you assign a single FindMe ID to individuals or teams in your enterprise. By logging into their FindMe account, users can set up a list of locations such as "at home" or "in the office" and associate their devices with those locations. They can then specify which devices are called when their FindMe ID is dialled, and what happens if those devices are busy or go unanswered. Each user can specify up to 15 devices and 10 locations.
| FindMe | |
| FindMe mode | |
This section provides information about how to configure administrator and FindMe user accounts, and how to display the details of all active administrator and FindMe sessions. This section shows the following:
The Password security controls whether or not local administrator account passwords must meet a minimum level of complexity before they are accepted.
If Enforce Strict Passwords is set to On, all subsequently configured local administrator account passwords must conform to the following rules for what constitutes a strict password.
| Password Security | |
| Strict Passwords | |
| Enforce strict passwords | |
The Administrator Accounts section lists all the local administrator accounts on the VCS.
In general, local administrator accounts are used to access the VCS on its web interface or API interface, but are not permitted to access the CLI.
| Administrator Accounts | |||||||||
| |||||||||
The Administrator Groups section lists all the administrator groups that have been configured on the VCS, and allows to add, edit and delete groups.
Administrator groups only apply if remote account authentication is enabled.
When logged in to the VCS web interface, the credentials are authenticated against the remote directory service and assigned access rights associated with the group to which one belongs. If the administrator account belongs to more than one group, the highest level permission is assigned.
| Administrator Groups | |||||||
| |||||||
The LDAP configuration is used to configure an LDAP connection to a remote directory service for administrator account authentication. It can also provide user account authentication if using FindMe without Cisco TMS.
| LDAP Configuration | |
| Remote Account Authentication | |
| Administrator authentication source | |
| FindMe authentication source | |
The Maintenance section of the report contains:
The VCS provides syslogging features for troubleshooting and auditing purposes.
The Event Log is a rotating local log that records information about such things as calls, registrations, and messages sent and received.
| Logging Configuration | |
| Event Logging | |
| Local event log verbosity | |
| Media statistics | |
| Call Detail Records (CDR) | |
| System Metrics | |
| System metrics collection | |
| Collection interval (seconds) | |
| Collection server address | |
| Collection server port | |
Maintenance mode is typically used to upgrade or take out of service a VCS peer that is part of a cluster. It allows the other cluster peers to continue to operate normally while the peer that is in maintenance mode is upgraded or serviced.
| Maintenance Mode | |
| Maintenance mode | |
The Language controls which language is used for text displayed in the web user interface. The default language used on the web interface.
| Language | |
| Default system language | |
This section shows diagnostic log configuration.
The incident reporting feature of the VCS automatically saves information about critical system issues such as application failures.
This section shows the Incident Reporting settings.
| Incident Reporting Configuration | |
| Configuration | |
| Incident reports sending mode | |
| Incident reports URL | |
| Contact email address | |
| Proxy server | |
| Create core dumps | |
This section shows settings for the following:
This section shows the Network Log configuration used to configure the log levels for the range of Network Log message modules.
| Network Log Configuration | |
This section shows Support Log configuration used to configure the log levels for the range of Support Log message modules.
| Support Log Configuration | |