Installation and Administration Guide for the Cisco TelePresence Exchange System Release 1.1
Configuring the Cisco TelePresence Multipoint Switch
Downloads: This chapterpdf (PDF - 195.0KB) The complete bookPDF (PDF - 3.66MB) | Feedback

Configuring the Cisco TelePresence Multipoint Switch

Table Of Contents

Configuring the Cisco TelePresence Multipoint Switch

Configuring System Settings

Configuring IP Settings

Editing Route Pattern Settings

Configuring QoS Settings

Configuring Resource Management

About SNMP Settings

Configuring Unified CM Settings

Configuring Unified CM Settings on the Cisco TelePresence Multipoint Switch

Configuring SIP Profile Settings

Configuring Meeting Parameters

Configuring the Meet-Me User and Password

Creating Static Meetings

Static Meeting Fields

Configuring Security Settings

Configuring CAPF Profiles on Unified CM

Downloading CAPF Root Certificates from Unified CM

Downloading Root Certificates from Unified CM

Uploading CAPF and Unified CM Root Certificates

Downloading LSC to Cisco TelePresence Multipoint Switch

Creating a SIP Trunk Security Profile

Setting Cisco TelePresence Multipoint Switch as Secure

Configuring the Conference Control Protocol (CCP) VPN Security Solution

Creating the CCP VPN Configuration File

Uploading the Configuration File to the Cisco Unified Communications Manager TFTP Server

Configuring the External URL for the Cisco TelePresence Multipoint Switch

Restarting the CTS Endpoint

Enabling Cisco TelePresence Endpoints Running TC Release 5.x to Join Meetings Hosted on the Cisco TelePresence Multipoint Switch


Configuring the Cisco TelePresence Multipoint Switch


Revised July 3, 2012

The following sections describe how to configure the Cisco TelePresence Multipoint Switch:

Configuring System Settings

Configuring Unified CM Settings

Configuring Meeting Parameters

Configuring Security Settings

Configuring the Conference Control Protocol (CCP) VPN Security Solution

Enabling Cisco TelePresence Endpoints Running TC Release 5.x to Join Meetings Hosted on the Cisco TelePresence Multipoint Switch

Additional information about Cisco TelePresence Multipoint Switch configuration is available at http://www.cisco.com/en/US/docs/telepresence/multipoint_switch/1_8/administration/guide/config.html.

Configuring System Settings

You configure system settings for the Cisco TelePresence Multipoint Switch Administration during software setup. The following sections describe how to make changes to the system settings:

Configuring IP Settings

Editing Route Pattern Settings

Configuring QoS Settings

Configuring Resource Management

About SNMP Settings

Configuring IP Settings

Procedure

To configure the IP settings, do the following procedure:


Step 1 From the left navigation pane, choose Configure > System Settings.

Step 2 Click the IP tab.

A table with IP Settings configuration fields is displayed. Table 16-1 describes the fields.

Step 3 Configure the required IP Setting fields, and then do one of the following:

To register new or modified settings, click Apply.

To restore the original settings, click Cancel.


Table 16-1 IP Settings 

Field or Button
Setting

MAC Address

View only. MAC address of the Cisco 7800 Series Media Convergence Server (MCS) on which the Cisco TelePresence Multipoint Switch is located.

Hostname

View only. Hostname configured for the MCS server on which the Cisco TelePresence Multipoint Switch is located.

Domain Name

Domain name for the MCS server on which the Cisco TelePresence Multipoint Switch is located.

Primary DNS

IP address of the primary Domain Name System (DNS) server for the MCS server on which the Cisco TelePresence Multipoint Switch is located.

Secondary DNS

IP address of the secondary Domain Name System (DNS) server for the MCS server on which the Cisco TelePresence Multipoint Switch is located.

Ethernet Card

View only. Ethernet card on the MCU server that connects to the network.

IP Address

IP address of the Cisco TelePresence Multipoint Switch.

Note After changing the IP address, close your browser window, and then log in to the Cisco TelePresence Multipoint Switch again using your new IP address.

Subnet Mask

Subnet mask associated with the IP Address.

Default Gateway

Default gateway IP address for the Cisco TelePresence Multipoint Switch.


Editing Route Pattern Settings

Route pattern settings define route patterns (strings of digits that can direct calls for specific systems) and access numbers that are associated with the Cisco TelePresence Multipoint Switch.

Procedure

To edit the route pattern settings, do the following procedure:


Step 1 From the left navigation pane, choose Configure > System Settings.

Step 2 Click the Route Pattern tab.

The Route Pattern window is displayed. Table 16-2 describes the fields.

Step 3 Modify the route pattern settings as required, and then do one of the following:

To register new or modified settings, click Apply.

To restore the original settings, click Cancel.


Table 16-2 Route Pattern Settings 

Field or Button
Setting

Route Pattern Start

Defines the first number in your route pattern. Use this number in the Vendor Config—Min Static Meeting ID field when you configure the CTMS resource for this server in the Cisco TelePresence Exchange System.

Route Pattern End

Defines the last number in your route pattern. Use this number in the Vendor Config—Max Static Meeting ID field when you configure the CTMS resource for this server in the Cisco TelePresence Exchange System.

Access Number

Displays the first number in the route pattern. The Cisco TelePresence Multipoint Switch (CTMS) automatically chooses the first number in the range.

The access number serves as the dial-in number for all scheduled meetings. This number also acts as the caller ID when the CTMS dials out for meetings.

Access Name

Descriptive name for the access number. The maximum number of characters is 20. Use this Access Name when provisioning this CTMS in Cisco TelePresence Exchange System under Media Resources > CTMS Resources.


Configuring QoS Settings

Differentiated Services Code Point (DSCP) markings are used by the network to classify traffic priority, enabling a common queuing strategy throughout the network. Quality of Service (QoS) values define the DSCP traffic marking values that are used for network queuing for Cisco TelePresence Systems (CTS) and signaling.


Note Cisco recommends that the QoS settings for CTMS be consistent with the QoS settings for Unified CM and for Cisco TelePresence Systems endpoints, and that they align with your enterprise-wide queuing strategy.


Procedure

To configure QoS settings, do the following procedure:


Step 1 From the left navigation pane, choose Configure > System Settings.

Step 2 Click the QoS tab.

A table with QoS Settings configuration fields is displayed.

Step 3 Choose from the drop-down list or enter the following values for the QoS settings:

DSCP for CTS Media—CS5(precedence 5) DSCP (101000)

DSCP for CUCV Media—AF41 DSCP (100010)

DSCP for Signaling—CS5(precedence 5) DSCP (101000)

Step 4 After choosing the QoS settings, do one of the following:

To register new or modified settings, click Apply.

To restore the original settings, click Cancel.


Configuring Resource Management

Procedure

To configure or edit Resource Management settings, do the following procedure:


Step 1 From the left navigation pane, choose Configure > System Settings.

Step 2 Click the Resources tab.

A table with the Resources configuration fields is displayed. Table 16-3 describes the fields.

Step 3 For the Maximum Segments setting, enter a value of 48.

Step 4 For the Adhoc Segments setting, enter a value of 48.

Step 5 After entering the settings, do one of the following:

To register new or modified settings, click Apply.

To restore the original settings, click Cancel.


Table 16-3 Resource Management Settings 

Field or Button
Setting

Maximum Segments

Defines the total number of table segments (individual video displays) that the Cisco TelePresence Multipoint Switch supports. Enter a value of 48.

Adhoc Segments

Defines the maximum number of table segments that are available for impromptu meetings. Enter a value of 48.

Schedulable Segments

View only. Displays the number of table segments that are available at any one time for scheduled meetings. Cisco TelePresence Multipoint Switch automatically derives this value by subtracting the defined number of Ad Hoc Table Segments from the defined number of Maximum Table Segments.


About SNMP Settings

You configure all SNMP settings through the Cisco TelePresence Multipoint Switch command line interface.

SNMP monitors the system status (choose Monitoring > System Status for system status details). You can designate a particular server on which the system gathers and stores SNMP trap messages. Configuration requires username and password authentication.

By default, the system enables the SNMP service and the following SNMP settings:

SNMPv3 username set to mrtg.

SNMPv2c username set to public. This name is for internal use of the system and should not be deleted.


Caution Do not delete the SNMPv2c and SNMPv3 usernames that are set by the system.


Note By default, the system does not configure a trap receiver. Use CLI commands to configure SNMP trap receiver information.


For additional information about configuring SNMP on the Cisco TelePresence Multipoint Switch, see the Cisco TelePresence Multipoint Switch Release 1.8 Administration Guide, at http://www.cisco.com/en/US/docs/telepresence/multipoint_switch/1_8/administration/guide/CTMS_Release1_8.html.

The Cisco TelePresence Multipoint Switch MIBs are listed at ftp://ftp-sj.cisco.com/pub/mibs/supportlists/ctms/ctms-supportlist.html.

Configuring Unified CM Settings

The following sections describe how to make changes to the Cisco Unified Communications Manager (Unified CM) settings by using the Cisco TelePresence Multipoint Switch administration user interface:

Configuring Unified CM Settings on the Cisco TelePresence Multipoint Switch

Configuring SIP Profile Settings

Configuring Unified CM Settings on the Cisco TelePresence Multipoint Switch

In order for the Cisco TelePresence Multipoint Switch to interoperate with the Cisco TelePresence Exchange System, you must configure a Unified CM entry in CTMS for the virtual IP address of the Cisco Application Control Engine, and an entry for each of the Cisco TelePresence Exchange System call engine servers.

Procedure

To configure Unified CM settings, do the following procedure:


Step 1 From the left navigation pane, choose Configure > Unified CM.

Step 2 Click the Unified CM tab.

A table with the Unified CM configuration fields is displayed. Table 16-4 describes the fields.

Step 3 Configure the Unified CM settings, and then do one of the following:

To register new or modified settings, click Apply.

To restore the original settings, click Cancel.


Table 16-4 Unified CM Settings 

Field or Button
Setting

Unified CM 1 through 5

Hostnames or IP address(es) of the Unified CM server.

Note In the first field, enter the ACE virtual IP (VIP). Enter either the hostname or IP address of the two call engines of the Cisco TelePresence Exchange System in the second and third fields. Leave the fourth and fifth fields blank.

SIP Port

Use the default setting of 5060.


Configuring SIP Profile Settings

Procedure

To configure SIP Profile settings, do the following procedure:


Step 1 From the left navigation pane, choose Configure > Unified CM.

Step 2 Click the SIP Profile Settings tab.

Step 3 From the Transport Layer Protocol drop-down list, choose TCP.

Step 4 Do one of the following:

To register new or modified settings, click Apply.

To restore the original settings, click Cancel.


Configuring Meeting Parameters

The following topics describe the configurations necessary on the Cisco TelePresence Multipoint Switch to support Meet-Me meetings and static meetings:

Configuring the Meet-Me User and Password

Creating Static Meetings

Static Meeting Fields

Configuring the Meet-Me User and Password

To enable the two-minute warning functionality for Meet-Me meetings, you must create a specific Meet-Me user and password on the Cisco TelePresence Multipoint Switch.

Procedure


Step 1 In the left navigation pane, select Configure > Access Management.

Step 2 Click New.

Step 3 Enter the username and password for the Meet-Me user.

Step 4 Check the Conference-Scheduler check box.

Step 5 Click Apply.


Creating Static Meetings

You must create a minimum of 50 static meetings on the Cisco TelePresence Multipoint Switch to enable it to host Cisco TelePresence Exchange System meetings.

Static meetings are permanently available after you configure them. Each static meeting has its own associated meeting number, which the meeting attendees dial to attend the static meeting. You can also add participants to a static meeting through the Active Meetings page.

Static meetings must be contiguous values within a range of numbers such as 4085551000 through 4085551009. The range should be within the configured route pattern range. However, you cannot use the Route Pattern Start value as a static meeting value.


Note You must enter the same range of static meeting in the Vendor Config fields when you add a new CTMS resource to the Cisco TelePresence Exchange System by using the Administration Console. See the "Configuring CTMS Resources" section.


Before You Begin

Ensure that you have one contiguous range of access numbers that you can use for static meetings.

Procedure

To create a static meeting, do the following procedure:


Step 1 From the left navigation pane, choose Manage > Static Meetings.

The Static Meetings window displays all previously-configured static meetings.

Step 2 To add a static meeting entry, click New.

The Static Meetings entry window is displayed. Table 16-5 describes the fields.

Step 3 Enter values in the New Static Meetings window.

Step 4 To save new or modified settings, click Apply.

Step 5 Repeat Step 2 through Step 4 for each static meeting entry.


Static Meeting Fields

Table 16-5 Static Meeting Field Descriptions 

Field or Button
Description

Access Number

Defines the phone number that participants call to attend this static meeting.

Meeting Description

Text describing or identifying this static meeting. The maximum number of characters for this field is 62 characters.

Switching Policy

Defines how Cisco TelePresence Multipoint Switch calls display during a meeting. Cisco TelePresence Multipoint Switch displays active speakers on screen. There are two active speaker display options; click the appropriate radio button to select:

Speaker—Each speaker is displayed on the screen as that speaker becomes the active speaker.

Room—All table segments for a particular room display on screen when any speaker in that room becomes the active speaker.

If you are running CTS 1.3 or later, you can control how Cisco TelePresence calls display from the Cisco TelePresence phone interface. Press the Speaker softkey to display the active speaker; press the Room softkey to display all table segments from a particular room.

Maximum Rooms

Defines the maximum number of Cisco TelePresence rooms that can dial in to in a static multi-point meeting. The range for this setting is from 2 to 48.

Video Announce

When a new attendee joins the meeting, the new attendee appears on the screen for 2 seconds. Options are Yes and No.

Hosted Meeting

Identifies one room as the host for a meeting; other meeting rooms are not added to the meeting until the host room dials in. When you select Video Announce as an option, each meeting room is displayed in 2-second intervals in the order in which they join the meeting.

Options are Yes and No. Click the appropriate radio button to select.

Host Room Number

Defines the host Cisco TelePresence System room number.

Interop

Determines whether the Cisco TelePresence Multipoint Switch handles interop meetings.

Click the No radio button.

Cisco TelePresence Server MSE 8710 and Cisco TelePresence MCU MSE 8510 manage interop meetings in the Cisco TelePresence Exchange Solution.

Interop meetings include any standards-based H323 and ISDN endpoints.

Quality

This field sets the maximum default video quality for multipoint meetings:

Highest Detail, Best Motion: 1080p

Highest Detail, Better Motion: 1080p

Highest Detail, Good Motion: 1080p

High Detail, Best Motion: 720p

High Detail, Better Motion: 720p

High Detail, Good Motion: 720p

The default is Highest Detail, Best Motion: 1080p

Meeting Security Policy

Click the appropriate radio button to select:

Secure—Only secure Cisco TelePresence systems (and secure audio add-in attendees) can join this meeting; if non-secured Cisco TelePresence systems try to join, they are rejected. If a non-secure audio attendee joins the meeting (Conf/Join from the phone UI), that CTS will be dropped from the meeting.

Non-Secure—Any Cisco TelePresence system can join the meeting.

Best-Effort—The meeting is secure as long as all CTS and audio add-in attendees are secure. The meeting is downgraded to non-secured if a non-secured CTS or audio-add-in joins the meeting.

Note Cisco recommends selecting Best-Effort and completing the procedures in the "Configuring Security Settings" section.

Maximum Presentation Bit Rate

Defines the maximum bit rate at which presentation video can be sent. Use the default setting of 30 FPS.


Configuring Security Settings

Cisco TelePresence Multipoint Switch provides support for secure communication between Cisco TelePresence devices by using Certificate Authority Proxy Function (CAPF). Each Cisco TelePresence product downloads a Locally Significant Certificate (LSC) from a CAPF server; communication between devices is then authenticated by using LSCs, Unified CM Root Certificates, and a CAPF Root Certificate.

To configure Cisco TelePresence Multipoint Switch for security, complete the following steps from the Unified CM administration window:

1. Activate and start the CAPF service.

2. Create application users.

3. Create Cisco Unified CM root certificates for every Unified CM server that is associated with the Cisco TelePresence Exchange System.

4. Create a CAPF root certificate.

After configuring security, complete the following steps from the Cisco TelePresence Multipoint Switch Security Settings window:

1. Upload the applicable Unified CM and CAPF root certificates.

2. Download the appropriate LSCs.

When all certificates are in place and the LSC is downloaded, the Cisco TelePresence Multipoint Switch reboots so that the security settings can take effect.

Security setting configuration is described in the following topics:

Configuring CAPF Profiles on Unified CM

Downloading CAPF Root Certificates from Unified CM

Downloading Root Certificates from Unified CM

Uploading CAPF and Unified CM Root Certificates

Downloading LSC to Cisco TelePresence Multipoint Switch

Creating a SIP Trunk Security Profile

Setting Cisco TelePresence Multipoint Switch as Secure

Configuring CAPF Profiles on Unified CM

Procedure

To configure CAPF profiles for the Cisco TelePresence Multipoint Switch, do the following procedure from the Unified CM administration software:


Step 1 Browse to https:// <Unified CM-server-name>:[8443]/ccmadmin/showHome.do.

For the Unified CM server, you can enter either its server name (if DNS is active) or its IP address. Optionally, you can also specify the port number (8443).

Step 2 From the Unified CM administration window, enter the username and password that you specified during Unified CM installation.

Step 3 Click Login.

Step 4 To create an application user in Unified CM, do the following:

a. In the administration window, from the User Management drop-down menu, choose Application User.

b. Click Add New.

The Application User Information window appears.

c. Enter data in all necessary fields.

Ensure that the user is included in the Standard CTI Enabled and Standard CTI Secure Connection groups. Under Permission Information, verify that the user also has the Standard AXL API Access and Standard CCM Admin Users roles.

d. To save your changes, click Save.

e. Repeat Step 4a to Step 4d to create an application user for each Cisco TelePresence Multipoint Switch in your network.

Step 5 To create an Application User CAPF profile in Unified CM, do the following:

a. In the administration window, from the User Management drop-down menu, choose Application User CAPF Profile.

b. Click Add New.

c. From the Application User drop-down list, choose the application user that you created in Step 4 and enter the appropriate CAPF profile fields for that user:

Instance ID—Enter a unique identifier (alphanumeric) for each Cisco TelePresence Multipoint Switch.

Certificate Operation—Choose Install/Upgrade.


Note Certificate Operation resets automatically to No Pending Operation after the system downloads a certificate. You must reset this field to Install/Upgrade for additional certificate downloads.


Authentication Mode—Choose By Authentication String (default).

Authentication String—Choose Generate String to create a randomly generated authentication string.


Note Make a note of the authentication string. You will use this information in the "Downloading LSC to Cisco TelePresence Multipoint Switch" section later in this chapter.


Key size—Leave this field with the default value of 1024.

d. To save your configuration, click Save.

e. To create an Application User CAPF Profile for each Cisco TelePresence Multipoint Switch in your network, click Copy, and then increment the Instance ID value by one for each Cisco TelePresence Multipoint Switch.


Downloading CAPF Root Certificates from Unified CM

Procedure

To download the CAPF root certificate from Unified CM, do the following procedure:


Step 1 In the Cisco Unified OS Administration in Cisco Unified CM, from the Security drop-down menu, choose Certificate Management.

Step 2 To display a list of certificates, click Find.

Step 3 Find the CAPF Root Certificate (for example, CAPF.der), and click the hypertext link for that certificate.

Step 4 To download the certificate, click Download and follow the download instructions.

Step 5 Save the CAPF Root Certificate to your desktop with the following name: CAPF.der.


Note The file name is case-sensitive.



Downloading Root Certificates from Unified CM

Procedure

To download Root certificates from Unified CM, do the following procedure:


Step 1 In the Cisco Unified OS Administration in Cisco Unified CM, from the Security drop-down menu, choose Certificate Management.

Step 2 To display a list of certificates, click Find.

Step 3 Find the Cisco Unified CM Root Certificate (for example, CallManager.der), and click the hypertext link for that certificate.

Step 4 To download the certificate, click Download and follow the download instructions.

Step 5 Save the Cisco Unified CM Root Certificate for the Publisher as CUCM0.der.


Note The file name is case-sensitive, and must be in the following format: CUCM#.der, where # is 0 for Publisher and 1 through 6 for Subscribers. If you have only one Cisco Unified CM server, download the certificate twice, and save the second copy as CUCM1.der.



Uploading CAPF and Unified CM Root Certificates

Procedure

To upload CAPF and root certificates to the Cisco TelePresence Multipoint Switch, do the following procedure from the Cisco TelePresence Multipoint Switch administration software:


Step 1 From the Cisco TelePresence Multipoint Switch administration window, choose Configure > Security.

Step 2 At the Security window, click Install.

Step 3 In the Certificate Upload panel that appears, do the following:

a. From the Unit drop-down list, choose CAPF-Trust.

b. From the Category drop-down list, choose TRUST.

c. Select the CAPF Root certificate that you downloaded from Cisco Unified CM (CAPF.der).


Note The file name is case-sensitive.


d. To upload the file onto the Cisco TelePresence Multipoint Switch, click Install.

Refresh the browser window to verify that the certificates have loaded.

Step 4 Upload the CUCM0.der file from your local machine by completing the following steps:

a. Return to the Security Settings window.

b. Click Install.

c. From the Unit drop-down list, choose CTM-Trust.

d. From the Category drop-down list, choose TRUST.

e. Select the Unified CM Root certificate that you downloaded from Cisco Unified CM (CUCM0.der).


Note The file name is case-sensitive.


f. To upload the file onto the Cisco TelePresence Multipoint Switch, click Install.

Refresh the browser window to verify that the certificates have loaded.

Step 5 Repeat Step 4 for the remaining CUCM#.der files.


Downloading LSC to Cisco TelePresence Multipoint Switch

Procedure

To download the LSC to the Cisco TelePresence Multipoint Switch, do the following procedure:


Step 1 From the Cisco TelePresence Multipoint Switch administration window, choose Configure > Security.

Step 2 At the Security window, click Download LSC.

Step 3 In the panel that appears, do the following:

a. In the CAPF Instance ID field, enter the CAPF instance ID that you created in Unified CM.

b. In the CAPF Auth String field, enter the CAPF Auth String that you generated in Unified CM.

c. In the TFTP Server Host field, enter the Unified CM TFTP server host.

d. In the TFTP Server Port field, enter 69, which is the default value.

e. In the CAPF Server Host field, enter the Unified CM CAPF server host.

f. In the CAPF Server Port field, enter 3804, which is the default value.

Step 4 To download LSC, click Download LSC.

Step 5 Click OK to confirm your choice. The LSCs are created.

After the LSC successfully downloads, the Cisco TelePresence Multipoint Switch reboots automatically.

Step 6 After the infrastructure device restarts, from the device administration interface, choose Configure > Security.

Verify that the Inter-Device Security field is set to secure, and that the Digital Security Certificate window displays the LSC certificates that were created, as listed in Table 16-1.

Table 16-6 LSC Certificate File Names

CTMS LSC Certificates
CTRS LSC Certificates
CTS-Man LSC Certificates

CTMS_Cert_Chain.pem

CTMS.pem

CTRS_Cert_Chain.pem

CTRS.pem

CTM_Cert_Chain.pem

CTM.pem


Step 7 Obtain the SIP security trunk information by completing the following steps:

a. Click the radio button for the device .pem file.

b. Click the View button.

c. Note the information under Subject: in the file. You will use this information in the "Creating a SIP Trunk Security Profile" section that follows.

In the following example, you would note the subject name of XXX-000. (This is the X.509 Subject Name.)

Version: V3
  Subject: CN=XXX-000, O=cisco
  Signature Algorithm: SHA1withRSA, OID = 0.0.000.000000.0.0.0

Creating a SIP Trunk Security Profile

Procedure

To create a SIP trunk security profile, do the following procedure:


Step 1 Choose System > Security Profile > SIP Trunk Security Profile.

Step 2 To add a new profile, click Add New at the bottom of the page or click the + sign at the top of the page.

Step 3 Enter the settings as indicated in Table 16-7 to configure the SIP trunk security profile.

Step 4 To save your configuration, click Save.


.

Table 16-7 SIP Trunk Security Profile Settings 

Field
Required
Setting

Name

Yes

Enter a text string that identifies this SIP trunk security profile.

Description

Enter a text string that describes this SIP trunk security profile.

Device Security Mode

Yes

Drop-down list. Choose Encrypted.

Incoming Transport Type

Yes

Drop-down list. Choose TCP+UDP.

Outgoing Transport Type

Yes

Drop-down list. Select TCP.

X.509 Subject Name

Yes

Enter the subject name of the Cisco TelePresence Multipoint Switch Root Certificate that you noted in Step 7 of the previous procedure.

Incoming Port

Yes

Enter 5060 for non-secure trunk.

If using SIP security, enter a different unused port (such as 5275).


Setting Cisco TelePresence Multipoint Switch as Secure

Procedure

To set the Cisco TelePresence Multipoint Switch as secure, do the following procedure:


Step 1 Choose Configure > Security Settings.

Step 2 In the Meeting Security Policy field, choose Best Effort.

Step 3 Click Apply.

Step 4 Choose Configure > Cisco Unified CM.

The Unified CM window is displayed.

Step 5 Click the SIP Profile Settings tab.

Step 6 From the Device Security drop-down list, select Trusted Trunk and check the Media Encryption check box.

Step 7 From the Transport Layer Protocol drop-down list, choose TCP.

Step 8 To save your changes, click Apply.

Step 9 After reading the notice that is displayed, click OK.

Step 10 To check the Meeting Security Policy of the static meetings on the system, choose Manage > Static Meetings.

The Static Meetings page is displayed. The Security Policy column indicates the value of the Meeting Security Policy field.

Step 11 If you have static meetings that have not been set up to use a Meeting Security Policy of Best-Effort, do the following sub-steps to edit the meetings.

d. Check the check box next to a meeting, and click Edit.

e. For Meeting Security Policy, select Best-Effort.

f. To save the modified setting, click Apply.


Configuring the Conference Control Protocol (CCP) VPN Security Solution

The Cisco TelePresence Multipoint Switch uses the Conference Control Protocol (CCP) to provide CTS endpoints with access to in-meeting functions, such as the participant list; room or speaker switching policies; and the lock meeting feature. CCP is delivered over HTTP or HTTPS.

The VPN security solution for CCP allows you to specify a default route (via an outbound http proxy) for CCP traffic, so that the traffic between the CTS and a remote CTMS can be routed hop-by-hop across one or more HTTP proxies.

In the CCP VPN model (fixed path) solution, the administrator configures the enterprise by adding a static (fixed path) configuration file to the Cisco Unified Communications Manager. When the CTS endpoint joins a meeting on the Cisco TelePresence Multipoint Switch, the endpoint attempts to route CCP traffic based on this configuration file. Typically, you set up the file so that all CCP HTTP traffic first attempts to go to a local CTMS. If no local CTMS matches, packet traffic is routed to the HTTP proxy.


Note This feature is only active if the enterprise configuration file is configured on the Cisco Unified Communications Manager TFTP server. If there is no TFTP configuration file present on the system, conference control uses the Internet model (free path).


Do the following tasks to configure the CCP VPN security solution:

1. Configure a proxy server, such as a Cisco Application Control Engine (ACE), to route the CCP traffic from the CTS to the remote Cisco TelePresence Multipoint Switch.

Refer to the documentation of your specific proxy server for instructions, or see https://supportforums.cisco.com/community/netpro/collaboration-voice-video/telepresence/blog/2012/06/21/conference-control-protocol-ccp-for-telepresence-exchange-system for an example ACE configuration.

2. Create the cts-ccp-servers.txt configuration file.

3. Upload the configuration file to the Cisco Unified Communications Manager TFTP server.

4. Configure the External URL for the CCP service on the Cisco TelePresence Multipoint Switch.

5. Restart the CTS endpoint.

6. Join a meeting on the Cisco TelePresence Multipoint Switch and verify that the CCP HTTP traffic routes through the proxy server.

See the following topics for more information on the tasks:

Creating the CCP VPN Configuration File

Uploading the Configuration File to the Cisco Unified Communications Manager TFTP Server

Configuring the External URL for the Cisco TelePresence Multipoint Switch

Restarting the CTS Endpoint

Creating the CCP VPN Configuration File

The CCP VPN configuration file contains a list of local Cisco TelePresence Multipoint Switch servers and/or a default HTTP proxy in the format <IP address> [<hostname>]. Use a text file editor to create a file named cts-ccp-servers.txt.

The following text is an example of a cts-ccp-servers.txt file which specifies a list of local CTMS servers followed by the default HTTP proxy path for secure routing outside of the enterprise.

192.0.2.10        ctms-SanJose.example.com
192.0.2.20        ctms-RCDN.example.com
203.0.113.1       ctms-HK.example.com
# default
198.51.100.10     default

Uploading the Configuration File to the Cisco Unified Communications Manager TFTP Server

Procedure

Do the following procedure to upload the cts-ccp-servers.txt file to the Cisco Unified Communications Manager TFTP directory.


Step 1 Log in to the Cisco Cisco Unified Communications Manager Administration interface.

Step 2 From the Navigation drop-down menu in the upper right corner, choose Cisco Unified OS Administration and click Go.

Step 3 From the Cisco Unified Communications Operating System Administration window, navigate to Software Upgrades > TFTP File Management.

The TFTP File Management window displays and shows a listing of the current uploaded files. You can filter the file list by using the Find controls.

Step 4 To upload the cts-ccp-servers.txt file, do the following substeps:

a. Click Upload File.

The Upload File dialog box opens.

b. To upload the file, click Browse and then choose the cts-ccp-servers.txt file.

c. To start the upload, click Upload File.

The Status area indicates when the file uploads successfully.

Step 5 After the file uploads, do the following substeps to restart the Cisco TFTP service:

a. From the Navigation drop-down menu in the upper right corner, choose Cisco Unified Serviceability and click Go.

b. Log in to Cisco Unified Serviceability.

c. From the Tools drop-down menu, choose Control Center - Feature Services.

d. From the Select Server drop-down menu, choose the TFTP server and click Go.

e. From the CM Services menu, click the Cisco TFTP radio button.

f. Click the Restart button.

g. Repeat Step c. through Step f. for all TFTP servers.


Configuring the External URL for the Cisco TelePresence Multipoint Switch

The external URL is an HTTP proxy URL that CTMS advertises to the CTS endpoints in a meeting. The URL enables a reverse proxy to parse requests for more than one CTMS, even though the CTS client uses a single default proxy IP address for all remote CTMS servers.

Procedure

Do the following procedure to configure the HTTP proxy URL.


Step 1 In the Cisco TelePresence Multipoint Switch Administration software, use the left navigation to choose Services.

The Services page displays.

Step 2 In the External URL field, enter the routable service location, in a format such as https://<proxy-default-ip-address>/<ServiceProvider-identifier>/<Enterprise-identifier>/<ctms-identifier>. For example, https://198.51.100.10:9501/cisco/sj/ctms1.

Step 3 Click Apply.

The Web UI automatically restarts all CTMS processes to have Confgmr/CCS reload the new URL.


Restarting the CTS Endpoint

When you restart the CTS, the endpoint downloads the configuration file from the Cisco Unified Communications Manager TFTP server. The endpoint performs error checking on the configuration file. If the file passes the error check, the CTS confctrl component loads the file when it comes up.

When the CTS comes up after the restart, check the SYSOP log to verify that the cts-ccp-server file was found. The log should include the following message: "CTS is configured with appropriate file to perform B2B conference control."

Enabling Cisco TelePresence Endpoints Running TC Release 5.x to Join Meetings Hosted on the Cisco TelePresence Multipoint Switch

Cisco TelePresence endpoints running TC release 5.x require a configuration change to a default setting on Cisco TelePresence Multipoint Switch version 1.8 in order to join meetings hosted on the switch.

Procedure

To enable Cisco TelePresence TC5.x endpoints to join meetings hosted on the Cisco TelePresence Multipoint Switch, do the following procedure:


Step 1 From the left navigation pane, choose Manage > Default Meeting Settings.

The Default Settings window displays.

Step 2 For Supported Endpoint Types, select Cisco TelePresence TC 5.0 (and later) and CTS 1.8 (and later) endpoints.

Step 3 To save the modified setting, click Apply.