The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Cisco Converged EdgeQAM Manager (CEM) is a Java application that runs on Windows/Linux Systems. It communicates with the Encryption Renewal System (ERS) over the Internet and obtains the ECM messages, then forwards the ECM messages to Cisco Edge QAM devices in the site.
The VOD Privacy Mode Encryption (VPME) system integrates encrypted VOD content within an ARRIS (Motorola) digital cable headend.
The table below shows the hardware requirements of CEM.
Component |
Minimum Requirements |
---|---|
Processor |
Intel Core 2 Duo or equivalent with the clock speed of 2.4 GHz |
RAM |
4 GB |
Hard Drive |
40 GB |
CD/DVD-ROM Drive |
CD ROM or DVD ROM |
Video Adapter |
PCI or on-board VGA, resolution: 1024x768 |
Video Display |
Resolution: 1024x768 |
Network Adapter |
1 port, 10/100 Base-T |
The table below shows the software requirements of CEM.
Component |
Details |
---|---|
Operating System |
Windows 7 64-bit (or) Windows Server 2008 64-bit (or) Linux |
Java Runtime Environment |
Java Runtime Environment v1.8.0_151 |
Other requirements include:
The CEM application must connect to Cisco Edge QAM device as well as the ERS (via the Internet). If a firewall is used, the standard HTTPS port (443) and the port that is set for listening to the connections from Cisco Edge QAM device must be unblocked for accessing the ERS and Cisco Edge QAM device respectively.
The Java Runtime environment (JRE version 1.8.0_151 or newer) must be installed on the machine before running the CEM application.
The CcadTrustStore file containing the ERS server's Public Key Certificates must be in the same folder as the CEM application.
The system time on the PC must be synchronized with UTC, preferably by connecting to an NTP (Network Time Protocol) server to keep it accurate.
It is recommended to refer the following informative guides to harden the system/virtual machine and reduce the attack surface:
Red Hat: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/
Security_Guide/Red_Hat_Enterprise_Linux-6-Security_Guide-en-US.pdf
Microsoft Windows: http://technet.microsoft.com, search for "hardening"
NSA hardening guide collection: https://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml
It is also recommended to ensure that all the non-commonly used ports are closed. The listening port that is configured on the CEM application must be controlled by the administrator and it must be unblocked so that each of the Cisco Edge QAM device that are configured on the CEM can establish connection with the CEM.