The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||||||||||||||||||||||||
Step 2 | (Optional)
To change the
Language setting, select
Turn On
Maintenance Mode.
You do not have to turn on maintenance mode when modifying the other settings on the Company Info page. If the data center is part of a Multidata Center (MDC) system, in-progress meetings fail over to an active data center. The failover can cause a brief interruption in active meetings. See About Maintenance Mode for information. Turning on Maintenance Mode for all active data centers shuts down all conference functionality. No one can sign in to the WebEx site, schedule meetings, join meetings, or play meeting recordings. | ||||||||||||||||||||||||
Step 3 | Select Settings. If you are viewing one of the other settings pages, you can also select Company Information under the Settings section. | ||||||||||||||||||||||||
Step 4 | Complete the
fields on the page and select
Save.
| ||||||||||||||||||||||||
Step 5 | (Optional)
If you changed the language,
select
Turn Off
Maintenance Mode and
Continue to confirm.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. |
Prepare the following before configuring general branding:
A 120x32 PNG, GIF, or JPEG image containing your company logo
Your company privacy statement URL
Your company terms of service statement URL
Your company support URL
When customizing your site, make the necessary updates to each section and then select Save only after all branding changes are complete. Saving updates one section at a time might cancel some of your changes.
Create a transparent 120x32 PNG or GIF file.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | For the Company Logo field, select Browse and choose the transparent 120x32 PNG or GIF file. |
Step 4 | Select
Save.
Your previous company logo is replaced by your blank PNG or GIF file. Confirm that the original logo has been removed. |
Configure your meeting settings to control which features participants can use:
The configuration of the meeting size does not limit the number of call-in, audio-only participants. If the meeting size limit is 2, only 2 attendees can join by using the Web, VoIP, or call-out options. However, more attendees can join the meeting on an audio-only basis up to the capacity of the system. See Confirming the Size of Your System.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||||||||||
Step 2 | Select . | ||||||||||
Step 3 | In the Join
meeting settings section, select your options.
| ||||||||||
Step 4 | Select the maximum
participants per meeting by dragging the slider:
| ||||||||||
Step 5 | In the
Participant
privileges section, select your options.
Chat, Polling, Document review and presentation, and Sharing and Remote Control are selected by default. The selected participant privileges appear in the users' controls. | ||||||||||
Step 6 | Select
Record to record and store meetings on the storage
server.
Recording is disabled by default. Also, you must configure a storage server to enable recording. See Adding an NFS or SSH Storage Server for more information. | ||||||||||
Step 7 | Select File transfer to allow users to share files during a meeting. | ||||||||||
Step 8 | Select Save. |
Cisco WebEx Meetings Server enables different meeting security features depending on the following factors:
User type: host, alternate host, user (signed in), and guest.
Meeting has a password or no password.
Password is hidden or visible in the meeting invitation.
Password is hidden or visible in the email meeting invitation.
Behavior displayed on the meeting join page (see the following tables).
User Type | Password Displayed in Email Invitation and Reminder | Meeting Detail Page |
---|---|---|
Host | Yes | Yes |
Alternate host | Yes | Yes |
Invitee | No | No |
Forwarded invitee | No | No |
User Type | Password Displayed in Email Invitation and Reminder | Meeting Detail Page |
---|---|---|
Host | Yes | Yes |
Alternate host | Yes | Yes |
Invitee | Yes | Yes |
Forwarded invitee | Yes | Yes |
Join Before Host feature is on or off:
Join Teleconference before Host feature is on or off:
First participant can Present feature is on or off:
The first time you configure your audio settings, you are guided through the process by a wizard that helps you set your CUCM SIP configuration and call-in access numbers. After you have completed the wizard and configured your initial audio settings, you can configure all other audio settings.
You must enable teleconferencing and configure CUCM before you proceed with your audio configuration. You must configure CUCM on two systems if you plan to provide teleconferencing high availability. Refer to the Planning Guide for more information. To proceed you must obtain the following information:
A list of call-in access numbers that your participants use to call into meetings.
The CUCM IP address.
Note | This feature is not available in Russia or Turkey. |
The first time you configure your audio settings, a wizard guides you through the installation procedure. You must configure Cisco Unified Communications Manager (CUCM) as part of this process.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||
Step 2 | Turn on Maintenance Mode. See Turning Maintenance Mode On or Off.
If the data center is part of a Multidata Center (MDC) system, in-progress meetings fail over to an active data center. The failover can cause a brief interruption in active meetings. See About Maintenance Mode for information. Turning on Maintenance Mode for all active data centers shuts down all conference functionality. No one can sign in to the WebEx site, schedule meetings, join meetings, or play meeting recordings. | ||
Step 3 | Select
.
The CUCM Setting page appears. | ||
Step 4 | (Optional) Select Edit to modify the CUCM IP addresses. | ||
Step 5 | Select
Save.
The Enable Teleconference: CUCM Setting page appears, displaying your current settings. | ||
Step 6 | Select
Edit to change the settings.
The CUCM (Cisco Unified Communications Manager) dialog box appears. | ||
Step 7 | Complete the
fields in the
CUCM
(Cisco Unified Communications Manager) dialog box as follows:
Your new or updated CUCM settings appear on the Enable Teleconference: CUCM Setting page. | ||
Step 8 | Select
Next.
The Enable Teleconference: Access Number Setting page appears. | ||
Step 9 | Select
Edit.
The Call-in Access Numbers dialog box appears. | ||
Step 10 | Select
Add to add a call-in access number.
A line is added in the dialog box for the phone label and number. Each time you select Add, an additional line appears in the dialog box. | ||
Step 11 | Enter the
Phone
Label and
Phone
Number for each access number that you add and select
Continue after you have finished adding numbers.
Make sure you only add numbers that you have configured in CUCM. The numbers you add appear in email invitations and your Cisco WebEx Meetings client. Example:Enter "Headquarters" for the Phone Label and 888-555-1212 for the Phone Number. The access numbers you entered are added to your system and you are returned to the Enable Teleconference: Access Number Setting page. The page now indicates how many access numbers have been configured. | ||
Step 12 | Select
Save.
The wizard informs you that you have successfully configured your teleconferencing features. | ||
Step 13 | (Optional) Enter a display name in the Display Name dialog box. | ||
Step 14 | (Optional) Enter a
valid caller ID in the
Caller
ID dialog box.
The caller ID is limited to numerical characters and dash (-) and has a maximum length of 32 characters. | ||
Step 15 | (Optional)
Configure your
WebEx Call Me setting (Default: Press 1 to connect to meeting). Select this option
to bypass the requirement to press
1 to connect
to a meeting.
| ||
Step 16 | (Optional) Select your Telephone entry and exit tone. | ||
Step 17 | (Optional) If IPv6 is supported and configured on your system, set your IPv6 Teleconferencing setting to On or Off. (Default: Off. A setting of Off indicates that IPv4 is the setting.) | ||
Step 18 | Select the System Audio Language users hear when they dial in to the audio portion of a WebEx meeting or when they use the Call Me service. | ||
Step 19 | Select Save. | ||
Step 20 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
If you are configuring your audio settings for the first time, see Configuring Your Audio Settings for the First Time.
Note | Turning on Maintenance Mode is not required to configure or change the Blast Dial, Call-in Service Languages, Display Name, or Caller ID audio settings. |
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||||||||
Step 2 | Turn on Maintenance Mode. See Turning Maintenance Mode On or Off.
If the data center is part of a Multidata Center (MDC) system, in-progress meetings fail over to an active data center. The failover can cause a brief interruption in active meetings. See About Maintenance Mode for information. Turning on Maintenance Mode for all active data centers shuts down all conference functionality. No one can sign in to the WebEx site, schedule meetings, join meetings, or play meeting recordings. | ||||||||
Step 3 | Select . | ||||||||
Step 4 | Select
Global
Settings.
Configure your audio feature settings.
For audio configuration, there are global settings and each data center has local settings. Global settings are applied to all data centers. Local settings apply to individual data centers.
| ||||||||
Step 5 | Configure Blast Dial as described in About WebEx Blast Dial. | ||||||||
Step 6 | Select
Edit in Call-In Access Numbers section to add,
change, or delete your access numbers.
| ||||||||
Step 7 | Select Edit in the Call-in Service Languages section to add, change, or delete languages available for users calling in to the audio portion of a meeting. | ||||||||
Step 8 | Use the Transport drop-down list to select the transport type for your system and port number for each server. (Default: TCP)
If you select TLS as your transport type, you must import a valid, secure conferencing certificate for each of your CUCM servers, export the SSL certificate, upload it into CUCM, and configure your system fully qualified domain name (FQDN) as the SIP domain name on each CUCM server. See Importing Secure Teleconferencing Certificates for more information about importing your certificates, and "Configuring Cisco Unified Communications Manager (CUCM)" in the Planning Guide for more information about managing call control on CUCM. Make sure the port number matches the setting in CUCM. | ||||||||
Step 9 | Enter a display
name in the
Display
Name dialog box.
This is the name displayed on a meeting participant's IP phone when using the Call Me service or calling into Cisco WebEx Meeting Server (CWMS). | ||||||||
Step 10 | Enter a valid
caller ID in the
Caller
ID dialog box.
The caller ID is limited to numerical characters and dashes (-), and has a maximum length of 32 characters. | ||||||||
Step 11 | Configure your
WebEx Call Me setting (Default: Press 1 to connect to meeting). Optionally select
this option to bypass the requirement to press
1 to connect
to a meeting.
We do not recommend that you select this option unless your phone system is incapable of sending a 1 digit. | ||||||||
Step 12 | Select your Telephone entry and exit tone. | ||||||||
Step 13 | If IPv6 is supported and configured on your system, set your IPv6 Teleconferencing setting to On or Off. (Default: Off indicates that IPv4 is the setting.) | ||||||||
Step 14 | Select Show call-in user phone numbers in Participant Report to display user phone numbers in the report. To include all phone numbers in a Multi-data Center environment, this parameter must be set on each data center. | ||||||||
Step 15 | Select the
System
Audio Language users hear when they dial in to the audio portion of
a Cisco WebEx meeting or when they use the Call Me service.
This setting appears as the default language for the Call-in Service Languages. | ||||||||
Step 16 | Select Save. | ||||||||
Step 17 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Turn on Maintenance Mode. See Turning Maintenance Mode On or Off.
If the data center is part of a Multidata Center (MDC) system, in-progress meetings fail over to an active data center. The failover can cause a brief interruption in active meetings. See About Maintenance Mode for information. Turning on Maintenance Mode for all active data centers shuts down all conference functionality. No one can sign in to the WebEx site, schedule meetings, join meetings, or play meeting recordings. |
Step 3 | Select . |
Step 4 | Select
Edit CUCM (Cisco Unified Communications Manager) to
change the settings.
|
Step 5 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
Cisco WebEx Blast Dial lets users identified as meeting hosts, call a phone number and enter a host PIN (if necessary) to instantly start the audio portion of a meeting. At the same time, the system automatically places calls to a list of participants defined for that Blast Dial group.
Within minutes, the host can begin discussing an urgent matter or provide detailed instructions for handling an important issue with the people who have approval authority or are trained for emergency situations. In addition to starting the audio portion of the meeting, the host can access an automatically generated email to start the online portion of the meeting to share images, video, or electronic information with the meeting participants.
The calls are initiated in a block, depending on the size of the system. A 50-user system initates 3 calls. A 250-user system initates 15 calls. An 800-user system initates 48 calls. A 2000-user system initates 40 calls. The delay is by design. It prevents dialing out to a large number of users at the same time to avoid affecting normal system operations.
When a call in the initial block is answered or times out, the system calls the next participant. This continues until all participants have been contacted. For example, if the system is configured for 3 attempts, the system does not initiate the 4th call; it calls the next participant. Each call attempt lasts 20 seconds. (See Editing Blast Dial Group Settings for information on setting the number of call retries.)
When the system calls a person on a participants list, that person answers the call and enters a participant PIN (if necessary) to join the audio portion of the meeting. Once the audio portion of the meeting is in progress, a host can press *# to hear the names of the people who have joined the meeting. (The host can also look at the Participants list in the online portion of the meeting.) Any participant can choose not to answer the call or remove themselves from a Blast Dial group. An administrator can delete a person from a Blast Dial group at any time.
Each Blast Dial group can have the maximum number of participants supported by each size CWMS system (see the "System Capacity Matrix" section in the Cisco WebEx Meetings Server Planning Guide and System Requirements for details). An administrator configures the Blast Dial group and its participants, but relies on the meeting host to provide the group settings and the information for the Participants list. An administrator can add participants to a Blast Dial group by entering them manually on the Blast Dial page, or by importing a ParticipantsTemplate file completed by a host.
Use the link provided to download a Group Template to send to the person who will host meetings for a Blast Dial group.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Select the GroupTemplate link to download the template a host uses to provide the general settings, such as group name and host PIN, for the new Blast Dial group. |
Step 4 | Email the Group Template to the host of the Blast Dial group. Ask the host to complete the template and return it to you. |
If you have the information to create a new group, go to Adding a Blast Dial Group.
To import participants, delete the instructions and rows with example text in the Participants template file and go to Importing a Participants List.
To manually add participants for a group, go to Adding Blast Dial Participants.
For each Blast Dial group, specify a group name, a route pattern, and a call-in number. Both the route pattern and the call-in number must be defined in CUCM and copied into the Blast Dial page. To provide a level of security for the meetings, configure a host PIN and a participant PIN. For each group, select the Host check box for at least one of the internal participants to make that user a host. There must be at least one host for each Blast Dial group. You can designate several internal participants as hosts for a Blast Dial group and all hosts can start the audio portion of a Blast Dial meeting. However, a meeting host requires a license to start the online portion of a Blast Dial meeting.
Note |
When the Blast Dial group is configured, the system sends an email to the host with the host PIN and Call-in number. All participants receive an email with the participant PIN and Call-in number. A host calls the Call-in number and enters a host PIN to start a meeting. Participants answer the Blast Dial call (or call the call-in number if they miss the call) and enter a participant PIN (if required). Unlike other types of Cisco WebEx meetings that automatically end after 24 hours, a Blast Dial meeting continues until the last person ends his or her call or leaves the online portion of the meeting. When there is only one person in the meeting, a warning message appears every 15 minutes, "You are the only participant in this meeting. The meeting will automatically end in:". The clock decrements from 2 to 0 minutes. The user can select Continue to extend the meeting.
Note | When a host starts the online portion of a Blast Dial meeting, DTMF tones are disabled. |
Configure a route pattern and corresponding call-in number in the Cisco Unified Communications Manager for every Blast Dial group. Each Blast Dial group requires its own dedicated call-in number. See "Call Routing Setup" in the Cisco Unified Communications Manager Administration Guide for details about route patterns.
Download the Group Template file and send it to the host of the Blast Dial group. The host should complete the template and return it. Use the information in the template to create the Blast Dial group.
When you create a Blast Dial Group you have an option to upload a Custom Greeting in the form of a .WAV file. All custom audio prompts, including Blast Dial prompts, are 8KHz, 16-bit, 64kbps, momo, CCITT u-law (G.711).
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||||
Step 2 | Select . | ||||
Step 3 | In the Blast Dial section, select Add Group. | ||||
Step 4 | Enter a Group Name. | ||||
Step 5 | Type a
Route
Pattern.
One route pattern must be configured in Cisco Unified Communications Manager for each Blast Dial group. | ||||
Step 6 | Type the
Call-in Number associated with the route pattern
configured for this Blast Dial group.
Each Blast Dial group needs a dedicated call-in number. A host dials the call-in number to initiate a Blast Dial meeting.
| ||||
Step 7 | (Optional)
Type an
alphanumeric password in the
Meeting Password field.
If
configured, participants enter this password to join the online portion of a
Blast Dial meeting.
| ||||
Step 8 | Choose one of
the
Host
PIN options:
| ||||
Step 9 | Choose one of
the
Participant PIN options:
| ||||
Step 10 | Select the
number of
Call
Attempts the system should make to call a participant.
The system calls each participant the number of times selected for Call Attempts. If a user lists four phone numbers on their My Accounts page (for internal users) or an administrator enters four phone numbers in the CSV file imported into the system, the system dials the first number the number of times selected for Call Attempts, then calls the second number the number of times selected for Call Attempts, and so on. After the system dials each phone number the number of times selected for Call Attempts, the system stops calling the participant. If Unlimited is selected for this field, the system continues to call the participants until they answer the call or until the Blast Dial meeting ends. | ||||
Step 11 | Select the Add Participants link in the Internal List section. | ||||
Step 12 | In the Internal List, enter an email address for at least one host and select + to add each person to the Participants list. | ||||
Step 13 | Select the Host check box to designate the internal user as a meeting host. | ||||
Step 14 | (Optional) Select the Add Participants link in the External List section. | ||||
Step 15 | (Optional) For external users, enter a name, email address, and a phone number, and then select Add to add the person to the Participants list. See Adding Blast Dial Participants for details about external users. | ||||
Step 16 | Select Save to save your changes. The Blast Dial group is added to the system. |
To import a list of participants, export a CSV file with pre-configured column headings. See Exporting a Participants List and Importing a Participants List for details.
To create a small blast dial list or to add a few new people to an existing list, see Adding Blast Dial Participants.
To delete a blast dial group, see Deleting a Blast Dial Group.
You can change the blast dial group settings, including the participants list.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | In the Blast Dial section, select a Group Name. |
Step 4 | Change the editable fields. Fields marked with an asterisk are required. |
Step 5 | To make changes to an entry in the participants list, select X to delete an entry, and then add the entry again with the updated data. |
Step 6 | Select Update to save the changes. |
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | In the Blast Dial section, select X next to the group you want to delete. |
Step 4 | Select
OK to confirm.
The Blast Dial group and related participants lists are deleted from the system. |
After you configure the settings for a Blast Dial group, create the internal and external Participants list. The system calls the members of the internal and external participants lists when a host initiates a WebEx Blast Dial meeting, dialing the members of the internal list first followed by the members of the external list.
Internal participants' company email addresses are associated with the information on their My Account pages. The system uses the internal user's email address to gather a user's name and phone numbers from their My Account page. (If the phone number of an internal user is listed in the template, it is ignored.)
If there is more than one number is listed on the My Account page, the system dials the first non-empty phone number, typically the participant's office number. If the call is not answered, the system calls the second phone number in the list, such as the mobile number. This is repeated until it reaches the last configured phone at end of list in My Account page. The number of cycles depends on the number of call attempts set in Blast dial group on the Administration page. (See Editing Blast Dial Group Settings and "Updating Your Account Information" in the Cisco WebEx Meetings Server User Guide.) The default is three call attempts.
External participants can participate in WebEx Blast Dial meetings as guests. However, because they do not have company email addresses and associated My Account pages, a name, email address, and a phone number must be entered on the Blast Dial dialog for external participants. The system dials the participant phone numbers in consecutive order.
External participants cannot host a WebEx Blast Dial meeting.
Enter a participant's information in the fields provided in the Internal List or External List sections of the template.
Or ask the person who will host the Blast Dial meetings to select the Participants Template link on their My Account page and download the template file. The host enters the participants' information and sends the complete template to an administrator to import into the system.
Or export a participants list to a CSV file, enter the required information, and import the updated CSV file.
The system checks all participant entries and automatically moves entries between participants lists if an internal user's email address is entered in the external participants list. If the system cannot locate the email address for an entry in the internal participants list in the database, that entry is moved to the external list. To make the relocated entry valid, a user name and phone number must be entered.
Contact the person who will host the Blast Dial meetings and ask the host to select the Participants Template link on the My Account page to download a template file. The host should enter the participants' information and send the complete template to an administrator. See "Downloading the Group and Participants Templates" section in the Cisco WebEx Meetings Server User Guide.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||
Step 2 | Select . | ||
Step 3 | In the Blast Dial section, select a Group Name link. | ||
Step 4 | You can export the existing Participants list, modify the CSV
file, and import the file to add or change participant's information.
| ||
Step 5 | To import participants: | ||
Step 6 | To add
individual entries in the provided fields:
The newly added participants appear in the Internal List or External List. | ||
Step 7 | (Optional)
Select the
Host check box to designate a person as a host.
| ||
Step 8 | Select Save to save the blast dial group settings and the newly added entries in the participants list. A person designated as a host receives an email notification which includes the host PIN, participant PIN, meeting password (if configured), and blast dial call-in number. All other participants receive an email notification which includes the participant PIN and meeting password (if configured). |
To modify an entry in a participants list, see Editing Blast Dial Group Settings.
To import a participants list, see Importing a Participants List.
To export a participants list, see Exporting a Participants List.
Before you create a participants list, select Export List to export a blank CSV file with the proper column headings. Otherwise, the system exports all participant information for this Blast Dial group. The exported list that contains both internal and external participants contains: NAME, EMAIL, PHONENUMBER1, PHONENUMBER2, PHONENUMBER3, PHONENUMBER4, and ISHOST.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||
Step 2 | Select . | ||
Step 3 | Select a Group Name in the Blast Dial section. | ||
Step 4 | Select Export List in the Participants section. The participant data is exported as a CSV file. | ||
Step 5 | On the export dialog, select to open the file with a specific application or save the file and download it. | ||
Step 6 | Access the
exported CSV file and add, change, or delete participant data.
For external participants, the system requires a name, email address, and one phone number. For internal participants, the system requires only a user's company email address. At least one internal user must be assigned a host role.
|
Prepare a comma-delimited or tab-delimited (CSV) file containing the participant information. You can export the current participant list values to a CSV file, modify the file, and import it to add or change participant information.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Select a Group Name in the Blast Dial section. |
Step 4 | Select Tab or Comma to indicate the type of CSV file you are importing. |
Step 5 | Select Browse and then select the CSV file to be imported. |
Step 6 | Select
Import.
The file is imported to the system. |
Step 7 | Select Update to save the participant information. The imported participants' information is saved to the database. |
Scroll through the participants lists to view the participants' information and verify that the values were imported correctly.
Go to Exporting a Participants List to export a participants list.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select Settings > Video. |
Step 3 | Select 360p, 180p or Off and then select Save.
Refer to the "About Meeting Recordings" section of the CWMS Planning Guide for approximate storage requirements. |
If your system is configured to permit more than one call-in access number, the system assumes that the first number is a toll-free access number and attempts this number first. The application does not connect if this number is not reachable from the mobile network. Make sure that this number is accessible from the mobile network.
When using an iOS mobile device and the data center certificates are not from a well-known certificate authority, it is necessary to import both data center SSL certificates into the iOS mobile device. Otherwise, iOS mobile device displays an error when trying to launch a meeting.
We recommend that Android mobile device users import both data center certificates before attempting to launch a meeting. After importing certificates into the Android device, the device shall trust the WebEx sites and does not show a warning message when starting a meeting from this site.
Note | Android is supported in Cisco WebEx Meetings Server 2.0 and higher. Both the iOS and Android WebEx applications are enabled by default. |
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select Settings > Mobile. |
Step 3 | Configure your mobile settings
by selecting which mobile platforms your system supports and then select
Save.
Default: iOS WebEx application and Android WebEx applications. The iOS and Android WebEx applications work the same as the Cisco WebEx desktop application; from an internal intranet or external Internet. |
For Cisco WebEx Meetings Server Release 2.0 and later, see Exporting an SSL Certificate for Mobile Devices for information about exporting certificates to email to your mobile device users.
Differentiated Services (DiffServ) code point (DSCP) settings determine the QoS for the audio and video media signaling, as defined in RFC 2475. Cisco recommends that you retain the default value. The other values are available for the rare instances when the network requires a different DSCP setting. For more information, see the "Network Infrastructure" chapter of the Cisco Unified Communications Solution Reference Network Design (SRND) that applies to your version of Cisco Unified Communications Manager.
Following are the default values:
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select Settings > Quality of Service. |
Step 3 | Select QoS marking settings using the appropriate drop-down menus and then select Save. |
Traffic | QoS Marking |
---|---|
SIP Audio—media—CWMS to Endpoint | Yes |
SIP Audio—signalling—CWMS to Endpoint | Yes |
PC Audio—media—CWMS to Client | No |
PC Audio—signalling—CWMS to Client | No |
PC Audio—media—Client to CWMS | No |
PC Audio—signalling—Client to CWMS | No |
PC Video—media—CWMS to Client | No |
PC Video—signalling—CWMS to Client | No |
PC Video—media—Client to CWMS | No |
PC Video—signalling—Client to CWMS | No |
Traffic | QoS Marking |
---|---|
SIP Audio—media—CWMS to Endpoint | Yes |
SIP Audio—signalling—CWMS to Endpoint | Yes |
PC Audio—media—CWMS to Client | Yes |
PC Audio—signalling—CWMS to Client | Yes |
PC Audio—media—Client to CWMS | No |
PC Audio—signalling—Client to CWMS | No |
PC Video—media—CWMS to Client | Yes |
PC Video—signalling—CWMS to Client | Yes |
PC Video—media—Client to CWMS | No |
PC Video—signalling—Client to CWMS | No |
You can configure password settings for the following:
General Passwords—Controls password expiration periods and enables you to force users to change their passwords either immediately or at a specified interval.
User Passwords—Configures password strength for user accounts including mixed case, length, character types and usage, dynamic web page text controls, and setting up a list of unacceptable passwords.
Meeting Passwords—Enforces password usage for meetings and configures password strength for meetings, including mixed case, length, character types and usage, dynamic web page text controls, and setting up a list of unacceptable passwords.
Note | If SSO or LDAP is enabled on your system:
|
All password settings on this page are optional and can be toggled on (checked) or off (unchecked).
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Select Force all users to change password every number day(s) and enter the number of days in the text field. (Default: Unchecked)
Password aging is disabled if users are authenticated by using LDAP. |
Step 4 | Select Force all users to change password on next login. (Default: Unchecked)
Forcing password change is disabled if users are authenticated by using LDAP. |
Step 5 | Select Enable user account locking. (Default: Unchecked)
To prevent unauthorized access to a system, the system automatically locks an account after a number of failed sign-in attempts. When an account is locked, email with unlock instructions is sent to all administrators and the locked account holder.Administrators can unlock another administrator's locked account (see Unlocking an Account). More parameters display: |
Step 6 | Select Save. |
These settings apply to both the administrator and the end users when the system uses default authentication. These settings apply only to the administrator when the system uses Lightweight Directory Access Protocol (LDAP) authentication or single sign-on (SSO) authentication; end user passwords are managed by an AD server or an IdP server.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||||||||||||||||||||||
Step 2 | Select . | ||||||||||||||||||||||
Step 3 | Change your user
password settings by configuring the fields on the page.
When creating a password, users are advised to not: | ||||||||||||||||||||||
Step 4 | Select Save. |
Use this feature to configure meeting password parameters. The table describes when users must enter a password to attend a meeting.
Password Configured | Password Excluded from Email Invitation | Meeting Creator Signed In | Host Signed In | Invitee Signed In | Guest Signed In | Guest Not Signed In |
---|---|---|---|---|---|---|
No | n/a | Password is not required. | Password is not required. | Password is not required. | Password is not required. | Password is not required. |
Yes | Yes | Password is not required. | Password is not required. | Password is not required. | Password is required. | Password is required. |
Yes | No | Password is not required. | Password is not required. | Password is not required. | Password is required and the field is automatically filled. | Password is required. |
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Change your
meeting password settings by configuring the fields on the page.
|
Step 4 | Select Save. The change is applied to future meetings when they are scheduled; meetings scheduled prior to the parameter changes are not affected. |
You can configure your email settings and templates. Your email templates have default settings that you can optionally change.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select
Settings >
Email.
The Variables page opens. |
Step 3 | Enter your
From
Name, your
From Email
Address, your
Reply-To email address, and then select
Save.
The system derives the default From Name, From Email Address, and Reply-To values from the settings that you configure on the Variables page. You can enter a person's name in the From Name on the Variables page, but meeting invitations use the host's email address. |
Step 4 | Select Templates.
The Templates page appears. Select the Common or Meetings tab. Common is the default. |
Step 5 | To configure email templates, select the desired template link on the Common and Meetings tab. |
Step 6 | Make changes (if
any) to the email template you selected and select
Save.
Example:Select the Account Reactivated template link on the Common tab. Update the fields in the Account Reactivated dialog box and select Save. |
Use the email templates to communicate important events to users. Each email template has variables that you must configure. See the table below for descriptions of the variables in each template.
There are two types of email templates:
Common–Including lost password, host and invitee notifications, recording availability, and other general notices.
Meetings–Including meeting invitations, cancellations, updates, reminders, and information notices.
Title | Description | Variables |
---|---|---|
AD Activation |
Sent to a user after an AD account has been activated. |
|
AD-Sync Failed |
Sent to an administrator after a failed synchronization. |
|
AD-Sync Success |
Sent to an administrator after a successful synchronization. |
|
Account Reactivated |
Sent to a user after an administrator reactivates the user's account. |
|
Forgot Password–Password Changed |
Sent to a user after he has reset his password from the end-user site. |
|
Forgot Password–Reset Password |
Sent to a user after he has reset his password from the end-user site. This email asks the user to create a new password. |
|
PT PCN Meeting Invitation—Invitee |
Sent to meeting invitees after a meeting is scheduled by using Productivity Tools from a Personal Conference account. |
|
PT Meeting Invitation—Invitee |
Sent to meeting invitees after a meeting is scheduled by using Productivity Tools. |
|
Recording Available for Host |
Sends the host a link to a meeting recording. |
|
SSO Activation Email |
Sent after Single Sign-On (SSO) is enabled. |
|
Send Email To All Users |
Sends an email to all users on the system. |
|
Setup Cisco WebEx—Mobile Device |
Informs users about the Cisco WebEx app for mobile devices and provides a download link for the app. |
|
Share Recording |
Sends selected meeting invitees a link to a meeting recording. |
|
Share Recording from MC |
Sends selected meeting invitees a link to a meeting recording. Participants selected by the host in Meeting Center after selecting Leave Meeting. |
|
Users—Password Changed |
Sends users an email when their password has been changed. |
|
Welcome Email |
Sent to a new administrator after his or her account is created. |
Title | Description | Variables |
---|---|---|
Blast Dial Meeting Invite for Host |
Sent to the host when a host dials a Blast Dial call-in number to start a meeting. |
|
Blast Dial Meeting Invite for Attendee |
Sent to participants when a host dials a Blast Dial call-in number to start a meeting. |
|
Blast Dial Meeting Group Deleted |
Sent to the members of the Blast Dial group when an administrator deletes the group. |
|
In-Progress Blast Dial Meeting Invite for Host |
Sent to other hosts when a host invites them to a meeting while the meeting is in progress. |
|
In-Progress Blast Dial Meeting Invite for Attendee |
Sent to users when a host invites them to a meeting while the meeting is in progress. |
|
Blast Dial Meeting Information Updated for Host |
Provides meeting information to a host when the meeting settings have been changed. |
|
Blast Dial Meeting Information Updated for Attendee |
Provides meeting information to participants when the meeting settings have been changed. |
|
In-Progress Meeting Invite for Attendee |
Sent to users when a host invites them to a meeting while the meeting is in progress. |
|
Instant Meeting Invite for Host | Sent to the host and invitees when the host selects Meet Now. | |
Meeting Canceled for Attendee | Informs a user that a scheduled meeting has been canceled. | |
Meeting Canceled for Host | Sent to the meeting host to confirm cancellation of a meeting. | |
Meeting Information Updated for Alternate Host |
Provides meeting information to the alternate host when the meeting settings have been changed. |
|
Meeting Information Updated for Attendee | Provides meeting information for a meeting invitee when the meeting settings have been changed. | |
Meeting Information Updated for Host | Provides meeting information to the host when the meeting settings have been changed. | |
Meeting Reminder for Alternate Host | Sends a meeting reminder to the meeting alternate host. | |
Meeting Reminder for Host | Sends a meeting reminder to the meeting host. | |
Meeting Rescheduled for Alternate Host | Sends updated meeting information to the alternate host. | |
Meeting Rescheduled for Attendee | Sends updated meeting information to invitees. | |
MeetingInfo for Alternate Host | Sends a meeting confirmation to the alternate host. | |
MeetingInfo for Attendee | Sends a meeting invitation to invitees. | |
MeetingInfo for Host | Sends a meeting confirmation to the host. | |
PCN Meeting Auto Reminder—Host |
Sends an automatic meeting reminder to the meeting host (Personal Conference accounts only). |
|
PT PCN Meeting Manual Reminder—Host |
Sends a manual meeting reminder to the meeting's host (PCN accounts only). |
|
PT PCN Meeting Manual Reminder—Invitee |
Sends a manual meeting reminder to invitees (Personal Conference accounts only). |
|
PT PCN Meeting Notification—Host |
Sends a meeting notification to the host (Personal Conference accounts only). |
|
PCN Meeting Instant Invitation—Host |
Sends an instant meeting notification to the host (Personal Conference accounts only). |
|
PCN Meeting In Progress Invitation—Invitee |
Sends an instant meeting notification to an invitee (Personal Conference accounts only). |
|
PCN Meeting Schedule Change—Host |
Sends a schedule change notification to the host (Personal Conference accounts only). |
|
PCN Meeting Schedule Change—Invitee |
Sends a schedule change notification to an invitee (Personal Conference accounts only). |
|
PCN Meeting Rescheduled—Invitee |
Sends a meeting rescheduled notification to an invitee (Personal Conference accounts only). |
|
PCN Meeting Canceled—Host |
Sends a meeting cancellation notification to a host (Personal Conference accounts only). |
|
PCN Meeting Canceled—Invitee |
Sends a meeting cancellation notification to an invitee (Personal accounts only). |
You can mass-deploy CWMS applications by using the tools available to you on the Administration site. The applications available for download include are:
WebEx Meetings Application—The core application for scheduling, attending, or hosting meetings.
Running the WebEx Meetings application on a virtualized operating system is not supported.
If a user does not have the WebEx Meetings application installed, the first time a user joins a meeting it is downloaded to the PC. This can be configured to be done on-demand or silently. The user has the option of using the Cisco WebEx Meetings application for the duration of the meeting and having it removed when the meeting is over or performing an installation of the application to speed up the process of starting or joining future meetings. This might fail because the user does not have administrator privileges.
WebEx Productivity Tools—Provides an interface between other applications, such as Microsoft™ Outlook®, allowing the management of meetings through those applications.
After an update or upgrade to a system, any old versions of WebEx Productivity Tools should be removed and the latest version installed.
WebEx Network Recording Player—Plays back the recordings of meetings. This can include any material displayed during the meeting.
In CWMS the .MSI installer for the applications is available from the
page. See "Downloading Applications from the Administration Site" in the CWMS Planning Guide for more information.We recommend that you push the applications to user computers offline, before you inform those end-users that accounts have been created for them. This ensures that your users can start and join meetings and play network recordings the first time they sign in.
Where users have administrator privileges, you can enable users to download the applications from the end-user Downloads page and install the applications themselves. No additional administrator action is required.
When upgrading to Cisco WebEx Meetings Server Release 1.5MR3 or later in a locked-down environment where user PCs do not have administrator privileges, before you start the upgrade procedure push the new version of the WebEx Meetings application to all user PCs.
You can configure your system so that administrators can manually download Cisco WebEx desktop applications to users, or you can enable users to perform their own downloads.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||
Step 2 | Select Settings > Downloads. | ||
Step 3 | Select the
Auto
update WebEx Productivity Tools check box to configure periodic
automatic updates. (Default: checked.)
| ||
Step 4 | Select your
download method:
If you select Permit users to download WebEx desktop applications, you can select Save to finish your download configuration. No further action is necessary. If you select Manually push WebEx Meetings and Productivity Tools to user’s desktop, the WebEx Meetings Application, Productivity Tools, and WebEx Network Recording Player sections appear on the page. Proceed to the next step. | ||
Step 5 | For each
application that you want to download and install, select
Download and select
Save to save a ZIP file to your system that contains
installers for the corresponding application.
Each ZIP file contains application installers for all supported languages and platforms. | ||
Step 6 | Select Save to save your download settings. |
Certificates ensure secure communication between the components of your system. When your system is deployed, it is configured with a self-signed certificate. While a self-signed certificate can last for up to five years, we recommend that you configure certificates that are validated by a certificate authority. A certificate authority ensures that communication between your virtual machines is authenticated. A system can have multiple virtual machines. Only one certificate is required for a data center. Except for the IRP virtual machine, the system certificate includes the fully qualified domain names (FQDNs) for all other virtual machines, site URLs, and administration URLs.
After performing a major upgrade, for example from 1.x to 2.6.1.39 by using the OVA file, the system has only a self signed internal SSL certificate installed. This self signed internal SSL certificate has a common name/subject as the Admin Site URL; the old SSL certificate has the common name/subject set to the Site URL. Since the Internal SSL Certificate only allows certificates with the common name set as the Admin Site URL, the old certificate cannot be re-applied and you must generate new certificates immediately after the upgrade. You can either use the old SSL certificate as an external certificate and generate another Internal SSL Certificate for internal users or generate a new SAN certificate with the common name changed from the Site URL to the Admin Site URL.
The following certificate types are supported:
SSL—Required on all systems.
SSO IdP—For SSO with identity provider (IdP) certificates. (See Importing SSO IdP Certificates.)
Secure teleconferencing—Required for TLS teleconferencing. You can configure up to two secure teleconferencing certificates, one for each CUCM system that you choose to configure.
SMTP—Required if your email server is TLS-enabled.
You cannot update your certificates or Certificate Signing Request (CSR), but you can generate a certificate or a CSR at any time. If you add virtual machines to your system or change any of your existing virtual machines, generate new certificates for each virtual machine on your system.
SSL certificates can become invalid for the following reasons:
A data center is joined to the system.
Your system size has been expanded, resulting in the deployment of new virtual machines. The FQDNs of these new virtual machines are not present in your original SSL certificate.
A high-availability system has been added, resulting in the deployment of new virtual machines. The FQDNs of these new virtual machines are not present in your original SSL certificate.
The Cisco WebEx site URL has changed. This URL is not present in your original SSL certificate.
The Administration site URL has changed. This URL is not present in your original SSL certificate.
The FQDN of the administration virtual machine has changed. This FQDN is not present in your original SSL certificate.
Your current SSL certificate has expired.
If your SSL certificate becomes invalid for any reason, your system automatically generates new self-signed certificates. You receive notification of this change; a global warning message appears at the top of the Administration site page indicating that SSL has become invalidated.
Certificates contain names, representing to whom they are issued. The Common Name (CN) is always there and considered the "official name." Other names are aliases or in certificate terminology, Subject Alternative Names (SANs). These are not mandatory, but are used when a group of entities (persons, servers). share a certificate, such as in CWMS.
In CWMS certificates, those are the DNS names of the CWMS pieces (VM FQDNs, WebEx Site URL, and WebEx Administration URL). Prior to CWMS version 2.5MR5 there was one certificate set for all machines in CWMS. Those certificate names are based on the WebEx Site URL. Alternative names were everything else except the FQDNs of the Internet Reverse Proxies.
In CWMS version 2.5MR5 and higher, there are internal certificates and optionally external certificates. If you do not have IRPs (public access is not enabled), then external certificates are not available. If you do have IRPs (public access is enabled), then you optionally can have an external certificate just for IRPs. If there are no external certificates, then the Internal Certificate is used for all.
With this change, internal certificates have a CN based on the common Administration URL. SANs are based on the local WebEx Administration URL, WebEx Site URL, and internal FQDNs.
External certificates have a CN based on the WebEx Common Site URL. SANs are based on the Local Site URL and the Common Site URL.
For CWMS 2.5MR5 and later, when you upload new certificates, CWMS validates only the CN. The CN for internal certificates must match the Administration Site URL and the CN for external certificates must match the WebEx Common Site URL. After you upgrade to CWMS 2.5MR5 or later, your existing certificates still work. However, if you want to upload new certificates, the CNs for the new certificates must follow these guidelines.
Because CWMS 2.5MR5 and later validate only the CN for certificates, the following rules apply to wildcard certificates:
For example, if you generate a certificate with CN = cisco.com and SAN, DNS = *.cisco.com, the certificate upload fails with the following message:
Server domains in the certificate do not match the WebEx site URL.Your system must have an SSL certificate configured. This product supports the following types of SSL certificates:
Before 2.5MR5, a single certificate was used for the whole system. For 2.5MR5 and later, both internal and external certificates can be used.
To use a single certificate to support all hostnames internally and externally, generate and upload only the Internal certificate. This internal certificate uses the Admin URL as the common name, but it includes all system hostnames.
An external certificate is not necessary, as it only supports the Site URL. If the external certificate is updated, the internal certificate is not used externally.
When manually generating a self-signed certificate, you can choose between the Common URL and the Local Administration URL for the Common Name (CN).
When generating a Certificate Signing Request (CSR), you can choose between wildcard, local, or common URL (Site URL or Administration URL). The List of Subject Alternative Names (SANs) is:
The hashing method used to generate Certificate Signing Request (CSR) and private key for SSL certificates in CWMS 2.0 and earlier versions use SHA1. CWMS 2.5 and above uses SHA2 (SHA256).
Both internal and external application certificates and CSRs have the following options:
Key types:
For RSA key type key length is 2048.
RSA Hash algorithms:
Key sizes and hash algorithms for EC certificates:
Some Certification Authorities do not support the Key Agreement extension. Cisco WebEx Meetings Server does not require this extension.
External and Internal certificates must be the same type. The external certificate depends on the internal certificate. For example, if a system has an RSA Internal certificate then the Generate External Self-signed page has just one Key type option, RSA (same as the external certificate key type). You cannot generate or upload external certificates with a different key type than the installed internal key type.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||||||||||||||||||
Step 2 | Select
.
On a Multi-data Center system, continue with | ||||||||||||||||||
Step 3 | Select Generate CSR for the desired type of CSR.
On November 1, 2015, Certification Authorities (e.g. VeriSign, GoDaddy, and so forth) will stop issuing certificates for internal domain names (e.g. domain.local, domain.internal). Before CWMS version 2.0MR9, you could upload only a single SSL certificate with Subject Alternative Names for all components in the deployment, but this requires you to purchase expensive SAN SSL certificates for a complete solution. As of CWMS version 2.5MR5 you can purchase on WebEx Site URL SSL a certificate from Certification Authority for use on IRP servers, and use Self-signed SSL certificates for the internal network virtual machines. | ||||||||||||||||||
Step 4 | Complete the
fields on the
Generate
CSR (Certificate Signing Request) page.
| ||||||||||||||||||
Step 5 | Select
Generate
CSR.
The Download CSR dialog box appears. | ||||||||||||||||||
Step 6 | Select
Download.
You receive a ZIP file that contains the CSR and the associated private key. The CSR file is called csr.pem and the private key file is called csr_private_key.pem. | ||||||||||||||||||
Step 7 | Back up your
system by using VMware Data Recovery or VMware vSphere Data Protection.
Backing up your system preserves the private key if it becomes necessary to restore it. |
Cisco WebEx Meetings Server supports X.509 certificates with PEM and DER encoding, and PKCS12 archives.
Users might have problems joining meetings if their system uses a self-signed certificate. To avoid this, configure the client side to use self-signed certificates.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Turn on Maintenance Mode. See Turning Maintenance Mode On or Off.
If the data center is part of a Multidata Center (MDC) system, in-progress meetings fail over to an active data center. The failover can cause a brief interruption in active meetings. See About Maintenance Mode for information. Turning on Maintenance Mode for all active data centers shuts down all conference functionality. No one can sign in to the WebEx site, schedule meetings, join meetings, or play meeting recordings. |
Step 3 | Select
.
On a Multi-data Center system, continue with |
Step 4 | Select
.
If you already have a certificate installed, the system warns you that importing a new certificate will overwrite it. |
Step 5 | Select
Browse and choose your certificate.
You must choose an X.509-compliant certificate or certificate chain. Valid types include: You can import a certificate chain using a PKCS#12 file or a single file of PEM blocks. If you use a PEM file, it must be formatted as follows:
All the certificates must be uploaded together in one file; you cannot upload one certificate and then add the intermediate certificates later. You can upload the intermediate certificates to prevent certificate warnings if you are using a certificate authority that uses intermediate certificates and the intermediate certificates are not distributed in their clients. If the certificates come with a certificate chain, you must combine an intermediate certificate and an end-user certificate into one file. The sequence is that the intermediate certificate is first, and the end user certificate is next. The two certificates are back to back; there is no space between them. PKCS#12 files must have a .p12 extension. They should only contain the certificates and private key (optional). |
Step 6 | Select
Upload.
The system determines if the certificate is valid. A certificate might be invalid for the following reasons:
|
Step 7 | (Optional)
Enter the
Passphrase.
A passphrase is required to decrypt PKCS12 archives or an encrypted private key (if the uploaded PEM files contain the private key). |
Step 8 | Select
Continue.
Your system imports your SSL certificate and displays it in a scrollable certificate file dialog box. |
Step 9 | Select Done. |
Step 10 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
Download the Secure Socket Layer (SSL) certificate:
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select
.
On a Multi-data Center system, continue with |
Step 3 | Select An option to open or save the certificate appears. . |
Step 4 | Save the certificate file. |
Verify that administrators and end users are able to sign in to the administration or common web pages without seeing any site not trusted warnings.
Apple iPhones or iPads running Apple iOS 5.0 or later have a built-in, trusted root certificate. If your company uses a self-signed certificate or if the root certificate installed on your Cisco WebEx Meetings Server is not on the Apple Trusted Certificate Authority list, you must export a SSL certificate and email it to your users to install on their mobile devices before they can join a WebEx meeting.
Exporting an SSL certificate is required only if you are using a self-signed certificate. If you are using a trusted Certificate Authority-signed certificate, exporting a SSL certificate is not required.
Verify that the trusted root certificate pre-installed on a user's Apple iPhone or iPad is on the Apple Trusted Certificate Authority list. See http://support.apple.com/kb/ht5012 for details.
Verify that users have an active, high-speed internet connection for their mobile devices.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select
.
On a Multi-data Center system, continue with |
Step 3 | Select An option to open or save the certificate appears. . |
Step 4 | Save the certificate file to your local hard drive. |
Step 5 | Attach the saved certificate file to an email and send it to each authorized user iOS email account. |
Step 6 | Users open the email on their mobile devices, save the file, and install the certificate file on their mobile devices: |
You can use this procedure to obtain the private key from the CWMS. If you do not own the file, contact the Cisco Technical Assistance Center for assistance.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select
.
On a Multi-data Center system, continue with |
Step 3 | Select
.
A dialog box appears asking you to save the CSR.zip file that contains the CSR and private key. |
Step 4 | Select a location on your system to save the file and select OK. |
Step 5 | Back up your private key file, csr-private-key.pem, in case you need it later. |
A self signed certificate is automatically generated after you deploy your system. We recommend that you install a certificate that is signed by a certificate authority. You can generate a new self-signed certificate at any time by using this feature.
Note | Users might have problems joining meetings if their system uses a self-signed certificate, unless the administrator on the client side has configured the system to use self-signed certificates. |
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||||||||||||||||
Step 2 | Select
.
On a Multi-data Center system, continue with | ||||||||||||||||
Step 3 | Select . | ||||||||||||||||
Step 4 | Complete the
fields on the
General
Self Signed Certificate page.
| ||||||||||||||||
Step 5 | Select
Generate
Certificate and Private Key.
If you need to use the same SSL certificate after a major upgrade, you must upload the private key generated with the CSR that is used to get the certificate. The private key must be the first block in the certificate file. Your certificate file is generated and displayed. | ||||||||||||||||
Step 6 | Select Done. |
If your certificate becomes invalid or you perform a disaster recovery on your system, you can restore SSL certificates. Cisco WebEx Meetings Server supports X.509 certificates with PEM and DER encoding, and PKCS12 archives.
You have a backup of the certificates and the private key (if used by your system).
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Turn on Maintenance Mode. See Turning Maintenance Mode On or Off.
If the data center is part of a Multidata Center (MDC) system, in-progress meetings fail over to an active data center. The failover can cause a brief interruption in active meetings. See About Maintenance Mode for information. Turning on Maintenance Mode for all active data centers shuts down all conference functionality. No one can sign in to the WebEx site, schedule meetings, join meetings, or play meeting recordings. |
Step 3 | Select
.
On a Multi-data Center system, continue with |
Step 4 | Select
.
If you already have a certificate installed, the system warns you that importing a new certificate overwrites the existing certificate. |
Step 5 | Select Continue. |
Step 6 | Select
Browse and choose your certificate file.
Choose an X.509-compliant certificate or a certificate chain. Valid types include: You can import a certificate chain using a PKCS#12 file or a single file of PEM blocks. Format PEM files as follows:
Upload all certificates together in one file. You cannot upload one certificate and then add the intermediate certificates later. You can upload the intermediate certificates if you are using a certificate authority that uses intermediate certificates and the intermediate certificates are not distributed in their clients. Uploading the intermediate certificates prevents certificate warnings. PKCS#12 files must have a .p12 extension and contain only the certificates and optionally, the private key. |
Step 7 | Select
Upload.
After you select Upload, the system will determine whether your certificate is valid. A certificate can be invalid for the following reasons:
If the certificate is valid, proceed to the next step. If the certificate is invalid, you cannot upload it. To continue, select a valid certificate. |
Step 8 | (Optional)
Enter a
Passphrase.
A passphrase is required to decrypt PKCS12 archives or an encrypted private key (if uploaded .pem files contain the private key). |
Step 9 | Select
Continue.
Your system imports your SSL certificate and displays it in a certificate file dialog box. |
Step 10 | Select Continue on the SSL Certificate page to complete the import. |
Step 11 | Select Done. |
Step 12 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
For service provider-initiated single sign-on (SSO) with a signed authentication request in a Multi-data Center (MDC) system, you must import the certificate from each data center into the Identity Provider (IdP). The certificate must be a Token-Signing certificate, in Base-64 encoded X.509 format. (Cisco WebEx Meeting Server cannot use its private key to decrypt the assertion.)
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Select Browse and choose your SSO IdP certificate. |
Step 4 | Select
Upload.
Your certificate file is displayed. |
Step 5 | Select Done to submit your certificate. |
Importing SMTP certificates from a local computer to the CWMS system.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Select Browse and choose your SMTP certificate. |
Step 4 | Select
Upload.
Your certificate file is displayed. |
Step 5 | If your system is not in Maintenance Mode, select Continue to enter Maintenance Mode. |
Step 6 | Select Done to submit your certificate. |
Step 7 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
Step 8 | Select Continue. The system restarts. |
Secure teleconferencing certificates are only required if TLS conferencing is enabled. If TLS conferencing is not enabled, this option is not available.
Secure teleconferencing certificates are required for your CUCM servers when TLS is selected as the transport type in your audio settings. See Configuring Your Audio Settings for more information.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||
Step 2 | Turn on Maintenance Mode. See Turning Maintenance Mode On or Off.
If the data center is part of a Multidata Center (MDC) system, in-progress meetings fail over to an active data center. The failover can cause a brief interruption in active meetings. See About Maintenance Mode for information. Turning on Maintenance Mode for all active data centers shuts down all conference functionality. No one can sign in to the WebEx site, schedule meetings, join meetings, or play meeting recordings. | ||
Step 3 | Select
Settings >
Security >
Certificates.
If secure teleconferencing certificates are required, an Import Certificate button is shown for each CUCM server that must be configured. | ||
Step 4 | Select Import Certificate for CUCM n. | ||
Step 5 | Enter a certificate name. | ||
Step 6 | Select
Browse and choose your certificate file.
| ||
Step 7 | Select
Upload.
After you select Upload, the system will determine if your certificate is valid. If the certificate is valid, proceed to the next step. If the certificate is invalid, you cannot upload it. You must select a valid certificate before you can continue. | ||
Step 8 | Select
Continue.
Your system imports your SSL certificate and displays it in a scrollable certificate file dialog box. You are notified that you have imported an SSL certificate. | ||
Step 9 | Select Done. | ||
Step 10 | Return to step 4 and repeat the process for the next CUCM server. | ||
Step 11 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
You can configure how long sessions can remain inactive before users are automatically signed out.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||||||||||||||
Step 2 | Select . | ||||||||||||||
Step 3 | Complete the
fields on the
User
Sessions page to set the web page expiration time.
| ||||||||||||||
Step 4 | Select Save. |
When enabled, shows a warning if the certificate authority server is not reachable or the certificate has been revoked.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Enable or
disable
Certificate
Revocation Checking
Checked: A warning displays if the certificate authority server is not reachable or the certificate has been revoked. Unchecked: If a server certificate has been revoked or the certificate authority server is not reachable, there is no warning. |
Step 4 | Select Save. |
You can encrypt meeting content between the Cisco WebEx Meetings Server and the users.
The client application must be compatible with this feature. Older client applications can still connect to Cisco WebEx Meetings Server for backward compatibility.
Step 1 | Sign in to the Administration site. In a Multi-data Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all data centers for the system. |
Step 2 | Select . |
Step 3 | Select Encrypt meeting content between the Cisco WebEx Meetings Server and the users. Once you enable this option, you cannot disable it. |
Step 4 | Confirm that you want to proceed. |
Step 5 | Select Save. |
You can block unencrypted meeting content between the Cisco WebEx Meetings Server and the users. You can disable this option at any time.
When you enable this option, synchronize all of the data centers in Maintenance Mode.
After you enable this option, older client applications will not connect to the Cisco WebEx Meetings Server.
Encrypt meeting content between the Cisco WebEx Meetings Server and the users must be enabled. Otherwise, the option to block unencrypted meeting content is dimmed.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Select Block unencrypted meeting content between the Cisco WebEx Meetings Server and the users. On Jabber versions 11.5 and earlier, when this feature is enabled the Jabber client displays the error "The WebEx meeting is not available. Cannot start the meeting, error code: 47." The meeting room does not launch; however, the meeting is created on CWMS. |
Step 4 | Select Save. |
Step 5 | Select
Continue to confirm putting system in to Maintenance
Mode.
Turning on Maintenance Mode on all of the active data centers shuts down conferencing activity. Users cannot sign in to the WebEx site, schedule meetings, join meetings, or play meeting recordings. If this data center is part of a Multidata Center (MDC) system, in-progress meetings fail over to an active data center. The failover could cause a brief interruption in active meetings. |
Step 6 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
When the elimination of un-secure data is enabled, links use only short URLs (one UUID parameter); all meeting, recording, and user links only accept short URLs:
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select |
Step 3 | Select
Eliminate unsecure data from URL links.
New meeting, recording, and user link URLs are in a short URL format (no more than one UUID parameter) that eliminates insecure data. Long URL links (more than one UUID parameter) that existed before un-secure URL data was enabled are allowed to pass. Long URLs created after the blocking of un-secure data was enabled are not allowed to pass. |
Step 4 | (Optional)
Select
Block
all long URL links.
All long URLs are blocked, no matter when they were originated. Once enabled this feature cannot be disabled. Any long meeting link URLs that contains insecure data are no longer valid. Users must update meetings scheduled before this parameter was enabled for them to comply with the short URL requirement and be passed by the system. |
Step 5 | Select Save. |
The CWMS system supports Single Sign-on (SSO) systems based on the industry standard Security Assertion Markup Language (SAML) 2.0 protocol.
SSO allows clients to use their on-premises SSO system to simplify the management of their CWMS system. With SSO, users securely sign into the system by using their corporate sign-in credentials. You can also configure SSO to create or manage user accounts on the fly when users attempt to sign in. User login credentials are not sent to Cisco, protecting corporate sign-in information.
Note | Enabling SSO overrides users login settings. Make sure you inform users before you enable SSO. After making a change to an existing user's email address, that user must wait until the Exchange server, Outlook, and CWMS server are synchronized before the scheduling of a meeting by a delegate (proxy) user hosted by that user with the modified email. Also attempting to schedule an alternate host with a recently modified email address will fail. The address book in Outlook is synchronized with the Exchange server once a day. When an email address is changed on the Exchange server, that change is not immediately propagated to Outlook. If, prior to synchronization, a user attempts to schedule a meeting for a user with a modified email address or identify them as an alternate host, the system receives the old email address and issues a notice that the user cannot be found. Manually synchronizing the systems does not solve this issue. Note that this is not a CWMS issue, but a result of the way Outlook and Exchange are designed. Configuring SSO can be a complex operation and we strongly recommend that you contact your Cisco Channel Partner or Cisco Advanced Services before you continue. |
Note | After you have enabled SSO, user credentials are managed by the authentication system. Certain password management features no longer apply to your users. See Configuring Passwords and Editing Users for more information. |
Configure a SSO IdP certificate to use this feature. See Importing SSO IdP Certificates for more information.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. | ||||||||||||||||||||||||||||||||||||||||||||||||
Step 2 | Select . | ||||||||||||||||||||||||||||||||||||||||||||||||
Step 3 | After you have generated public and private keys and an X.509 certificate as described in the pre-requisites, select Continue. | ||||||||||||||||||||||||||||||||||||||||||||||||
Step 4 | Select your
initiation method:
| ||||||||||||||||||||||||||||||||||||||||||||||||
Step 5 | Complete the
fields and select your options on the
SSO
Configuration page:
| ||||||||||||||||||||||||||||||||||||||||||||||||
Step 6 | Select
Enable
SSO.
The Review SSO Settings page appears. Review your settings and select Save. |
Disabling SSO disables a user's ability to sign in with their company credentials. Make sure you inform your users that you are disabling SSO and that they can still sign in with their Cisco WebEx credentials.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select Settings > Security > Federated SSO. |
Step 3 | Find the sentence, "If you would like to disable SSO please click here." Select the click here link. |
Step 4 | Select
Disable
SSO to confirm.
The Federated SSO page appears with a banner that confirms you have disabled SSO. |
Your virtual machine security features include the ability to update your encryption keys and enable or disable FIPS-compliant encryption.
Cisco WebEx Meetings Server uses internally generated encryption keys to secure all communications between the virtual machines on your system. Use this feature to update your encryption keys periodically.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Turn on Maintenance Mode. See Turning Maintenance Mode On or Off.
If the data center is part of a Multidata Center (MDC) system, in-progress meetings fail over to an active data center. The failover can cause a brief interruption in active meetings. See About Maintenance Mode for information. Turning on Maintenance Mode for all active data centers shuts down all conference functionality. No one can sign in to the WebEx site, schedule meetings, join meetings, or play meeting recordings. |
Step 3 | Select Settings > Security > Virtual Machines. |
Step 4 | Select Update Encryption Keys. |
Step 5 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
At a very high level, the FIPS 140 requirements apply to the following module characteristics:
Implementation of FIPS-approved algorithms
Specific management of the key life cycle
Approved generation of random numbers
Self-tests of cryptographic algorithms, image integrity, and random number generators (RNGs)
Cisco WebEx Meetings Server uses CiscoSSL 2.0 to achieve FIPS 140-2 Level 2 compliance.
Enabling FIPS might result in reduced compatibility with popular web-browsers and operating systems. Symptoms can include, but are not limited to, 404 errors, problems signing into the system, and starting and joining meetings.
Cisco recommends that you take the following actions:
Ensure that your Windows PCs are running Windows 7 or later.
Update all Windows computers to Microsoft Internet Explorer 11 regardless of the browsers actually used: Internet Explorer, Mozilla Firefox, or Google Chrome. Internet Explorer 11is required on all computers. Our FIPS-enabled clients (Cisco WebEx Meetings, Productivity Tools, and WebEx Recording Player) use FIPS-enabled system libraries available only with Internet Explorer 11.
Configure Internet settings on all computers to use TLS encryption. Open and Use TLS 1.2. We recommend that select both options for maximum compatibility, but Use TLS 1.0 is required.
These steps apply to guest attendees (for example, people who do not work for your company). If guests do not complete these steps, they can experience compatibility issues. We recommend that you include these steps in your meeting invitations. You can do this by editing the appropriate meeting invitations available on your Administration site at
.Use this feature to enable your Federal Information Processing Standard (FIPS) compliant encryption setting.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Turn on Maintenance Mode. See Turning Maintenance Mode On or Off.
If the data center is part of a Multidata Center (MDC) system, in-progress meetings fail over to an active data center. The failover can cause a brief interruption in active meetings. See About Maintenance Mode for information. Turning on Maintenance Mode for all active data centers shuts down all conference functionality. No one can sign in to the WebEx site, schedule meetings, join meetings, or play meeting recordings. |
Step 3 | Select . |
Step 4 | Select
Enable to enable FIPS compliant encryption and
Continue to confirm.
FIPS compliant encryption is configured on your system. |
Step 5 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
Use this feature to disable Federal Information Processing Standard (FIPS) compliant encryption on your system.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Turn on Maintenance Mode. See Turning Maintenance Mode On or Off.
If the data center is part of a Multidata Center (MDC) system, in-progress meetings fail over to an active data center. The failover can cause a brief interruption in active meetings. See About Maintenance Mode for information. Turning on Maintenance Mode for all active data centers shuts down all conference functionality. No one can sign in to the WebEx site, schedule meetings, join meetings, or play meeting recordings. |
Step 3 | Select . |
Step 4 | Select
Disable to disable FIPS compliant encryption and
Continue to confirm.
FIPS compliant encryption is disabled on your system. |
Step 5 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
Next Generation Encryption (NGE) groups together the algorithms and specifications (e.g. key sizes) that are considered strong enough to provide protection for at least the coming decade. It is a set of advanced cryptographic technologies that updates all areas of cryptography components.
In multi-data center environments, all data centers must have the same kind of certificate. When certificate type is changed on only one data center, a warning is shown recommending that the administrator modify the certificate type on the other data centers.
When a system is using external certificates, the external certificates must be the same kind as the internal certificates. If there is a mismatch, a warning is shown indicating the mismatch.
Note | Integration with Jabber releases before 11.5 does not work with CWMS 2.6 if there are EDCSA certificates on CWMS. |
Suite B is a set of cryptographic algorithms promulgated by the National Security Agency as part of the Cryptographic Modernization Program that serve as an interoperable cryptographic base for both unclassified information and most classified information.
All browser interfaces.
Meeting scheduling works from the browser and productivity tools.
Jabber 11.5 and higher.
Secure teleconferencing with CUCM 11 and higher.
Directory integration with CUCM 11 and higher works with ECDSA on the CWMS side and RSA on the CUCM side. Starting in CUCM version 11.5, both sides will support ECDSA.
Enabling NGE restricts the system to only new cryptographic suites, and disables older, weaker cryptographic suites.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Select Enable in the Suite B Encryption section. |
Step 4 | Select Save. All data centers are automatically put into Maintenance Mode and FIPS is enabled. |
Step 5 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
FIPS is automatically enabled.
Disabling NGE opens the system to all cryptographic suites including older, weaker suites.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Select Disable in the Suite B Encryption section. |
Step 4 | Select Save. All data centers are automatically put into Maintenance Mode. |
Step 5 | Turn off Maintenance Mode.
When you turn off Maintenance Mode, the system determines whether a restart or a reboot is required, and displays the appropriate message. A restart takes approximated 3 to 5 minutes and a reboot takes approximately 30 minutes. If the data center is part of a Multidata Center (MDC) system, you are redirected to the global admin URL. The DNS resolution policy determines which data center you see. If Key Regeneration is enabled, taking one data center out of Maintenance Mode automatically takes all data centers in the system out of Maintenance Mode. Meeting service on the data center is restored. |
FIPS remains enabled.
For secure sites that require users to read a security message and accept an agreement before signing in to the site, upload a file that contains warning text.
To remove the sign-in warning message, go to Configuring a Security Sign-in Warning.
Create a text file (.txt) with the warning to be displayed before a user signs in to a WebEx Common site or an Administration site. The text file must use UTF-8 characters and encoding.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Select Browse and the text file to be uploaded. |
Step 4 | Select
Upload.
The file is uploaded and immediately appears on all sign-in pages. |
If your site is required to store audit information about system changes, configure the Application Audit Log settings.
If a person is identified as an Auditor, the Meeting Logging Settings and the Logging Settings options are visible and configurable only by the Auditor. If your system does not have a person with the Auditor role, the Meeting Logging Settings and the Logging Settings options are visible and configurable by a System Administrator, SSO Administrator, or LDAP Administrator.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select
. Two files are generated on the system, admin_audit.log for Administration Application and end_user_audit.log for the End-user Application. |
Step 3 | Select
Enable
Audit Log to enable the creation of the audit logs.
The Administration Application audit log documents the actions that change the state of the CWMS system, administrator authentication, changes in settings, actions taken by the administrator (such as importing users), and so forth. (It does not show general application errors.) The End-user Application includes information about the user authentication, profile, meeting changes, and so forth. If there is a Remote Syslog Server, audit logs are backed up. All audit logs are synchronized to the Remote Syslog Server, regardless of the selected Remote Syslog Event Level. |
Step 4 | To backup
application syslog information to a remote syslog server, enter the parameters
for the
Primary Remote
Syslog Server.
The events in
the Remote Syslog Event Level menu are organized in order of importance.
|
Step 5 | (Optional) To backup application syslog information to a secondary remote syslog server, enter the parameters for the Secondary Remote Syslog Server. |
Step 6 | (Optional) To delete old log archives, select the date to purge prior log archives in Log Purging Settings and select Purge Log Archive. |
Step 7 | Set the
Minimum
percentage of free space on the log partition, by moving the slide
bar.
The parameter for the logging service makes sure the selected percentage of free space on the log partition is available. The default is 20 percent. When an Auditor accesses this window from the Auditor tab, the configuration for the Log Partition Alarm appears. |
Step 8 | Set the
Retain
log archives for no more than the selected number of days.
The default is 40 days. |
Step 9 | Select Save. |
See Viewing and Editing Alarms for details about setting alarm thresholds.
The Security Sign-in Warning displays the warning message on the Common WebEx site, Administration WebEx site, and CLI sign-in pages.
Step 1 | Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system. |
Step 2 | Select . |
Step 3 | Browse in
message and select
Upload or select
Remove
Message.
Message is added to the system and will display on sign-in pages or the file is removed from the system and will not appear on sign-in pages. |