telepresence vcs x7.2 - cisco support community - cisco … · 2013-09-10 · cisco telepresence...

Cisco TelePresenceVideo Communication ServerX7.2 Introduction

• Intelligent Conference Control and Management

• Flexible and Scalable to suit any Environment

• Standards-based, industry leading Interoperability

• Communicating across the Firewall

• Seamless interworking with Microsoft Lync/OCS and VoIP

Enhanced Solution for New and Existing Customers

• Greater Flexibility, Scalability and ResilienceMedia encryption policyNew filter mechanism for call and registration management

• Secure System ManagementAccount Security EnhancementFirewall rule system access control

• Simpler DeploymentCertificate request generator

• Enhancement and usability ImprovementEnhanced DiagnosticsEnhanced Search rules

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44© 2011 Cisco and/or its affiliates. All rights reserved.

• System Feature Enhancement and Improvement

• Account Security Enhancement

• Enhanced Diagnostics

• Controls the media encryption policy applied by the VCS for SIP calls (including H.323 to SIP interworked calls) to and from this zone (SIP on the Zone). Media encryption can be:

• Only allow encrypted media (configured on SIP-only zone)• Only allow unencrypted media (configured on SIP-only zone)• Force best effort encryption• Allow endpoints to decide (same as pre X7.2)IMPORTANT• SIP & Interworked call feature only (not H323 native)

• Interworking function keeps encryption state the same H.323 same as SIP

• TLS needed for media encryption• VCS will strip crypto “a=crypto” encryption key line(s) if transport protocol not TLS

• Controls the media encryption policy applied by the VCS for SIP calls (including H.323 to SIP interworked calls) to and from this zone.

Parameter DefinitionOn All media must be encrypted

Off All media must be unencrypted

Best effort Use encryption if available, otherwise fall back to unencrypted media.

Auto no specific media encryption policy is applied by the VCS. Media encryption is purely dependent on endpoint requests.

• Controls the media encryption policy applied by the VCS for SIP calls (including H.323 to SIP interworked calls) to and from this zone. Uses B2BUA functionality

• Any encryption setting other than Auto will force call through B2BUA• 100 calls limit

• Encryption can be different on each side of B2BUA

Encryption Media Mode: OnEncryption: Off Encryption: AutoEncryption Media Mode: AutoChannels 1 (type=Incoming):

Rate: 512Restrict: OffIPLR: OffEncryption (status=On):

Type: AES-128CheckCode: "FB58AE4309657BEA"

Channels 2 (type=Outgoing):Rate: 512Restrict: OffIPLR: OffEncryption (status=On):

Type: AES-128CheckCode: "FB58AE4309657BEA"

Channels 1 (type=Incoming):Rate: 512Restrict: OffIPLR: OffEncryption (status=Off): /

Channels 2 (type=Outgoing):Rate: 512Restrict: OffIPLR: OffEncryption (status=Off): /

Non EncryptionCall

EncryptionCall

• Controls the media encryption policy applied by the VCS for SIP calls (including H.323 to SIP interworked calls) to and from this zone. Configure on a per zone/subzone basis & available on Expressway & Control

• Including DNS zone for calls to internet• Including Default zone and default subzone for incoming calls

• Controls the media encryption policy applied by the VCS for SIP calls (including H.323 to SIP interworked calls) to and from this zone. Diagnostic:

• SIP-SIP call: Debug level logging on “Network log” and “B2BUA calls log”• SIP-H323 call: Debug level logging on “Network log”, “Interworking log” and

“B2BUA calls log”

• Controls the media encryption policy applied by the VCS for SIP calls (including H.323 to SIP interworked calls) to and from this zone. SIP-UA1 registered on VCS-C making non-encrypt call to SIP UA-2 on public

network VCS-E force for encrypt call on public SIP UA

Encryption Media Mode: Off Encryption: AutoEncryption Media Mode: Auto

Non EncryptionCall

Non-EncryptionCall

Non EncryptionCall

EncryptionCall

Encryption: Off

• Default traversal media port range update The default Traversal Subzone media port range is now 50000 - 54999

(previously 50000 - 52399), In order to support the new media encryption policy feature.

To reflect this change, system administrators may need to modify the rules configured in their firewall devices.

• Control whether the certificate should be checked when TLS connection is made to the Default Zone of a VCS. If enabled, the certificate hostname (also known as the Common Name) is

checked against the patterns specified in the Default Zone access rules.

• Checking of certificates for incoming TLS connection Note: this setting does not affect (VCS will not check) other connections to the

Default Zone (H.323 and SIP UDP/TCP).IMPORTANT: This feature works for SIP-TLS signal only

• Checking of certificates for incoming TLS connection Following alarm will raise when enable this feature:

“Either disable UDP and TCP on the SIP configuration page to enforce certificate identity checking using TLS, or disable the access rules for the Default Zone.”

• Define rules identifying what certificate hostnames should be allowed / denied. Configure who is allowed to connect to the Default Zone via regex matching

on certificate C Name / Alt names Support up to a maximum of 10,000 regex's on the default zone

• Ability to specify a TLS verify subject name to use when verifying the destination system server's certificate. The certificate holder's name to look for in the destination system server's

X.509 certificate

• DNS queries can now be configured to use the ephemeral port range or to use a customized range

• VCS now supports UPDATE message before answer During the set-up phase of a call, devices (like CUCM) may send SIP

UPDATE messages containing information relating to the remote device, for example

• routing a call to an alternative location to the original request• providing far end destination ID Note:

• CUCM zone has updated and SIP UPDATE strip mode is “Off”

• Ability to interwork between H.323 flowControlCommandmessages into TMMBR TMMBR: RFC5104 Temporary Maximum Media Stream Bit Rate Request This provides the ability to stem the flow of data from a remote participant

which provides a better user experience when a call participant wishes to rate limit a particular media stream.

Note:• SIP: Client (Endpoint/MCU) needs to support TMMBR to work• Look for it being negotiated in the SDP offer answer. • The SIP negotiation must have the following attribute in the

sdp: a=rtcp-fb:* ccm tmmbr

• Sample SDP with TMMBR capability (from VCS)2012-04-09T11:48:39+09:00 tkyvcs30 tvcs: UTCTime="2012-04-09 02:48:39,876" Module="developer.iwf" Level="DEBUG" CodeLocation="ppcmains/oak/calls/iwf/IIWFTarget.cpp(327)" Method="IIWFTarget::sendSipRequestToLeg" Thread="0x7f0a87ffd700": State="IWFConnectingSipOutLegState" Global-CallId="823d53e4-81ee-11e1-b4c3-0010f31fa8f4" Local-CallId="823ed5de-81ee-11e1-baa8-000c29ef4dd3" rRequest="ACK sip:8000@ciscotp.com;gr=urn:uuid:aa0deab8-d842-5307-a336-a0f7a221cb79 SIP/2.0Via: SIP/2.0/TCP 127.0.0.1;branch=z9hG4bKd7f3b0ed98a0069e1deb0ea384b402181794Call-ID: 0493aae26f5ba5d8@127.0.0.1CSeq: 30620 ACKFrom: <sip:20013@172.16.1.30>;tag=a6dbc21c60ceb4eaTo: <sip:8000@ciscotp.com>;tag=F6C3AB40C0020001Max-Forwards: 70Route: <sip:proxy-call-id=823ed5de-81ee-11e1-baa8-000c29ef4dd3@172.16.1.30:5060;transport=tcp;lr>User-Agent: TANDBERG/4120 (X7.2PreAlpha6)Content-Type: application/sdpContent-Length: 974v=0

o=tandberg 0 1 IN IP4 127.0.0.1s=-c=IN IP4 127.0.0.1b=AS:512t=0 0m=audio 1024 RTP/AVP 9 8 0 101b=TIAS:64000a=rtpmap:9 G722/8000a=rtpmap:8 PCMA/8000a=rtpmap:0 PCMU/8000a=rtpmap:101 telephone-event/8000a=fmtp:101 0-15a=sendrecv

a=rtcp:1024 IN IP4 127.0.0.1m=video 1024 RTP/AVP 97 98 34 31b=TIAS:512000a=rtpmap:97 H264/90000a=fmtp:97 profile-level-id=42800c;max-br=425;max-mbps=12000;max-fs=768;max-smbps=36000a=rtpmap:98 H263-1998/90000a=fmtp:98

custom=1024,768,4;custom=1024,576,2;custom=800,600,3;cif4=2;custom=720,480,2;custom=640,480,2;custom=512,288,1;cif=1;custom=352,240,1;qcif=1;maxbr=5120a=rtpmap:34 H263/90000a=fmtp:34 cif4=2;cif=1;qcif=1;maxbr=5120a=rtpmap:31 H261/90000a=fmtp:31 cif=1;qcif=1;maxbr=5120a=rtcp-fb:* ccm tmmbra=sendrecva=content:maina=label:11a=rtcp:1024 IN IP4 127.0.0.1m=application 0 UDP/BFCP *m=application 1024 RTP/AVP 100a=rtpmap:100 H224/4800a=sendrecvm=video 0 RTP/AVP 0

• Sample SDP with TMMBR capability (from SIP UA)2012-04-09T11:48:39+09:00 tkyvcs30 tvcs: UTCTime="2012-04-09 02:48:39,739" Module="network.sip" Level="DEBUG": Src-ip="172.16.1.90" Src-port="65530" SIPMSG:|SIP/2.0 200 OKVia: SIP/2.0/TCP 172.16.1.30:5060;egress-

zone=DefaultSubZone;branch=z9hG4bK55f9c8b90523a2a62675809c1ee5fd531793.c992b45fe41c2748b5852249f1a704f1;proxy-call-id=823ed5de-81ee-11e1-baa8-000c29ef4dd3;rportVia: SIP/2.0/TCP 127.0.0.1;branch=z9hG4bK32adf1819b38e97a65a0166fe728ef701792Call-ID: 0493aae26f5ba5d8@127.0.0.1CSeq: 30620 INVITEContact: <sip:8000@ciscotp.com;gr=urn:uuid:aa0deab8-d842-5307-a336-a0f7a221cb79>;isfocusFrom: <sip:20013@172.16.1.30>;tag=a6dbc21c60ceb4eaTo: <sip:8000@ciscotp.com>;tag=F6C3AB40C0020001Record-Route: <sip:proxy-call-id=823ed5de-81ee-11e1-baa8-000c29ef4dd3@172.16.1.30:5060;transport=tcp;lr>Allow: INVITE,ACK,CANCEL,OPTIONS,UPDATE,INFO,NOTIFY,BYE,REFERUser-Agent: Codian MCU 4210 v4.5 (0.70)Supported: timerSession-Expires: 1800;refresher=uasContent-Type: application/sdpContent-Length: 2058v=0o=CODIAN 381942 381942 IN IP4 172.16.1.90s=-i=Codian MCU 4210 v4.5 (0.70)c=IN IP4 172.16.1.90b=AS:1000t=0 0m=audio 65490 RTP/AVP 96 99 100 102 9 0 8 101a=rtpmap:96 MP4A-LATM/32000a=fmtp:96 profile-level-id=2;object=2;bitrate=96000

a=rtpmap:9 G722/8000a=rtpmap:0 PCMU/8000/1a=rtpmap:8 PCMA/8000/1a=rtpmap:101 telephone-event/8000a=fmtp:101 0-15a=sendrecvm=video 65488 RTP/AVP 126 97 98 34 31

b=AS:1000a=rtpmap:126 H264/90000

a=fmtp:126 profile-level-id=42e00d;max-mbps=30000;max-fs=3600;max-br=1000;max-dpb=1350;max-smbps=144000;max-fps=3000;packetization-mode=1a=rtpmap:97 H264/90000a=fmtp:97 profile-level-id=42e00d;max-mbps=30000;max-fs=3600;max-br=1000;max-dpb=1350;max-smbps=144000;max-

fps=3000a=rtpmap:98 H263-1998/90000a=fmtp:98

CUSTOM=1280,720,2;CUSTOM=1024,768,2;CUSTOM=1024,576,2;CUSTOM=848,480,1;CIF4=1;CUSTOM=512,288,1;CIF=1;QCIF=1a=rtpmap:34 H263/90000

a=fmtp:34 CIF4=1;CIF=1;QCIF=1a=rtpmap:31 H261/90000a=fmtp:31 CIF=1;QCIF=1a=rtcp-fb:* nack plia=rtcp-fb:* ccm fira=rtcp-fb:* ccm tmmbra=sendrecva=content:maina=label:11m=application 65484 UDP/BFCP *a=floorctrl:s-onlya=confid:1804289383a=floorid:2 mstrm:12a=userid:1025a=connection:newm=application 65482 RTP/AVP 100a=rtpmap:100 H224/4800a=sendrecvm=video 65486 RTP/AVP 98 126 97b=AS:1000

• Sample negotiation2012-04-09T11:51:20+09:00 tkyvcs30 tvcs: UTCTime="2012-04-09 02:51:20,891" Module="network.h323" Level="DEBUG": Src-ip="122.208.146.198" Src-port="2776" Received H.245 PDU:value MultimediaSystemControlMessage ::= command : flowControlCommand : {

scope logicalChannelNumber : 3,restriction maximumBitRate : 2640

2012-04-09T11:51:20+09:00 tkyvcs30 tvcs: UTCTime="2012-04-09 02:51:20,891" Module="developer.iwf" Level="DEBUG" CodeLocation="ppcmains/oak/calls/iwf/IWFFlowControlMgr.cpp(97)" Method="IWFFlowControlMgr::handleH323FlowControlCommand" Thread="0x7f0a87ffd700": State="IWFConnectedState" Global-CallId="823d53e4-81ee-11e1-b4c3-0010f31fa8f4" Local-CallId="823ed5de-81ee-11e1-baa8-000c29ef4dd3" value MultimediaSystemControlMessage ::= command : flowControlCommand : { scope logicalChannelNumber : 3, restriction maximumBitRate : 2640 }

2012-04-09T11:51:20+09:00 tkyvcs30 tvcs: UTCTime="2012-04-09 02:51:20,891" Module="developer.iwf" Level="DEBUG" CodeLocation="ppcmains/oak/calls/iwf/IWFMediaManager.cpp(543)" Method="IWFMediaManager::sendSipRTCPMsg" Thread="0x7f0a87ffd700": State="IWFConnectedState" Global-CallId="823d53e4-81ee-11e1-b4c3-0010f31fa8f4" Local-CallId="823ed5de-81ee-11e1-baa8-000c29ef4dd3" sendRTCPPacket pAddr="['IPv4''UDP''172.16.1.90:65489']" rtcpMsg="=============RTCP MsgStart=============

Version: 2Padding: false

fmt: TMMBRPacketType: Transport layer FB message (RTPFB)

Length: 20 bytesSSRCPacketSender: 0SSRCMediaSource: 614795473

<----FCI Msg---->SSRCSource: 614795473

MxTBRExp: 2MxTBRMantissa: 66000

MeasuredOverhead: 0

==============RTCP MsgEnd==============

• Ability to configure rules to control access to the VCS Specify the source subnet to allow/deny traffic from Specify which interface on the VCS the rule applies to (LAN 1 / LAN 2) Configure well-known services such as SSH, HTTP/HTTPS Custom services based on port range & protocol type The priority of a rule can be specified and the VCS will then apply the rules

in priority order.

• Ability to configure rules to control access to the VCS Configuration

• Ability to configure rules to control access to the VCS Configuration:

• Safety mechanism - after activating any new rules they have to be positively confirmed – 15 second roll back timer

• Firewall Configuration Step 1: Click “New”

• Firewall Configuration Step 2: Fill out parameter and then click “Create firewall rule”

• Field with * is mandatory parameter to configure• Priority, with 1 being the highest priority

• Firewall Configuration Step 3: Confirm newly configure firewall parameter (status = pending) and

then click “Activate firewall rules”

• Firewall Configuration Step 4: Wait VCS to temperately activating firewall rules

• Firewall Configuration Step 5: Confirm new firewall change by click “Accept changes” to activate

firewall rules permanently

• Firewall Configuration If not accept the change in Step 6 within 15 seconds, firewall rule change

automatically rolled back and place back to “Pending” status.

• Firewall Configuration Now firewall rule become active (State = Active)

• Firewall Configuration Same “Activate firewall rules” -> “Accept changes” step will require for

deleting any firewall rule which in active status. Select firewall rule(s) and click “Delete” will bring those firewall rule to be

State = “Pending Delete” but yet deactivate/delete the rule(s).

• Ability to configure rules to control access to the VCS Note:

• The default setting for the Firewall rules will be to allow everything• Need to configure rules to lock down the VCS as required

• Ability to provide a TURN server listening on the IPv6address of the VCS to allocate TURN addresses If the Expressway is in IP Both mode, an IPv4 client can request an IPv6

relay (to do 4to6 relaying) and vice versa.

• Search rules can now be configured on … Protocol Source Zone/Subzone

• Large conference call with specific speaker sites Setup cascading conference with “speaker site” MCU and “listener site” MCU. Define “speaker site” MCU as conference master MCU Connect all important/speaker sites connect on Master MCU Have more flexible video mode selection how to display speaker sites

TelePresenceConductor

“Speaker Site” MCU

“Listener Site” MCU

Speaker-1

Speaker-2

Speaker-3

Speaker-1 Speaker-2

Speaker-3 Questioner

Example with CP4

SubZoneSpeaker

SubZoneListener

• Large conference call with mix HD and SD Endpoint Maximize conference size and Endpoint capability Setup cascading conference with “HD” MCU and “SD” MCU.Note: Need to be design carefully which MCU to be conference master MCU

TelePresenceConductor

“HD” MCU

“SD” MCU1

“SD” MCU2

HD Endpoint

EP-HD MCU EP-SD MCU1

Example with CP4

EP-HD MCU EP-SD MCU2HD Endpoint

HD Endpoint

SubZoneHD-EP

SubZoneSD-EP

• The number of policy services that can be configured on the Cisco VCS has been increased from 5 to 20. This enables bigger VCS <-> Conductor deployments More External policy services

• The number of policy services that can be configured on the Cisco VCS has been increased from 5 to 20. VCS will reject when try to create 21st policy server configuration.

• Removed Device authentication configuration page Selection of either Local database authentication or LDAP (H.350) database

authentication has gone – Local is always checked, along with H.350 lookups The NTLM protocol challenges setting is now configured on the Active

Directory Service page – note this is Movi only authentication – other devices can use Local / H.350

• Renamed Device authentication configuration Device LDAP configuration page Device authentication H.350 configuration Device LDAP schemas page Device authentication H.350 schemasclarification that LDAP connection uses H.350 schema

• Renamed Device authentication configuration parameter The Alias origin field on the Device authentication H.350 configuration page is

now called Source of aliases for registration

• Ability to be configured to authenticate registered devices against multiple remote H.350 directory servers via DNS SRV Address record: DNS A or AAAA record lookup SRV record: DNS SRV record lookup

• System backup files can now be password protected System data includes: system configuration settings, Call Policy, clustering

configuration, security certificates, administrator account details TMS Agent data includes: FindMe user accounts and settings, TMS Agent

provisioning accounts and settings

• Support Authentication for NTP server Utilize the security features available in NTPv4

• Disabled mode retains compatibility with previous NTP operationIMPORTANT Time authentication importance

• H.323 authentication relies on accurate time• Faked time could cause H.323 denial of service.

• Support Authentication for NTP server

Parameter DefinitionDisabled No authentication method

Private key Private key authentication. Using this method automatically generates a private key in the background, with which messages sent to the NTP server are authenticated.

Symmetric key

Symmetric key authentication. When using this method the Key ID, Hash method (MD5 or SHA-1) and Pass phrase need to be specified. The values must match exactly the values on the NTP server. Several or all NTP servers configured can have the same combination of values. If a different Pass phrase is specified, the Key ID must also be unique and cannot be the same value as any Key ID already used on this device.

• Support additional NTP status information

Parameter Definition

AuthenticationIndicates the status of the current authentication method. One of ok, bad or none. none is specified when the Authentication method is Disabled.

Shows the last event as determined by NTP:mobilize - trying to obtain time signal from configured serversys_peer - this server is being used as the time sourcereachable - server is availablereject - server is available but time signal received is not acceptable

• Enhanced certificate checking SIP TLS (RFC5922) (not UDP or TCP) HTTPS LDAP over TLS

x509 revocation list checking • Using OCSP (Online Certificate Status Protocol), automatic CRL download

and manual CRL upload.

• Automatic CRL updates can now use HTTPS distribution points.

• New mechanism to generate a certificate signing request VCS now has separate pages for uploading the trusted CA certificate, and

for the server certificate loading/requests Simplify the process of creating CSR, e.g.

• Needed for VCS and Microsoft Lync deployments• Needed where VCS has an official certificate (always!!!) Removing the need for external/out-of-band steps to generate certificate

requests

• Generate a certificate signing request

• The Microsoft B2BUA now supports up to 100 simultaneous calls

• previous limit was 50

• Note: calls that use transcoder resources count as 2 calls

• When upgrading software components, the MD5 and SHA1 hash values of the software image file being uploaded are displayed for user verification (when upgrading from X7.2 or later). www.cisco.com shows MD5

• during mouse-over of the software• in cart selection of software

• How to verify? Number of MD5 checksum verification tool and application are

available as free tool. Run MD5 checksum tool on download software and compare result

MD5 key with MD5 key on Cisco.com.

MD5 key with MD5 key on Cisco.com.Example using md5sums.exe

Example using md5sums.exe

• Administrator login authentication source configuration “Remote only” disables all local accounts, including “admin” “Both” will supports all local accounts and remote lookup Note: “xConfiguration Login Administrator: ” CLI commands are no longer

supported

Parameter DefinitionLocal only Credentials are verified against a local database stored on the VCS.

Remote only Credentials are verified against an external credentials directory, for example Windows Active Directory.

BothCredentials are verified first against a local database stored on the VCS, and then if no matching account is found the external credentials directory is used instead.

• Ability to temporarily disable administrator account

• Ability to configure Web/API access permission per account

Web access Determines whether this user is allowed to log onto the VCS using the web interface.

API access Determines whether this user is allowed to access the VCS' status and configuration using the Application Programming Interface (API).

• Ability to configure Web/API access permission per account Note: if an administrator account belongs to more than one administrator

group, the effective settings for Access level, Web access and API access will be the highest of each group to which the account belongs

• Support strict password checking Ability to define strict level (Default: Off)

Account won’t create if password does not meet configured strict level

• Ability to temporarily disable administrator groups

• Ability to configure Web/API access permission per group

Web access Determines whether this group is allowed to log onto the VCS using the web interface.

API access Determines whether this group is allowed to access the VCS' status and configuration using the Application Programming Interface (API).

• Ability to disable TTY Logins Determines whether the system can be accessed locally via the serial DATA

port (or VMware console for a virtual machine) or USB keyboard.

• Improved password encryption & storage Internally the account passwords are now hashed with SHA512.

• Administrator account passwords are rehashed automatically on upgrade• Root password will not rehash automatically on upgrade (remain hashed

with MD5), an alarm is raised saying it's still MD5, and needs to be changed.

• Improved authentication to XML & REST API's HTTP access to the XML and REST APIs now uses HTTP Basic

authentication instead of HTTP Digest (which was MD5-only).

• Support HTTP Strict Transport Security header (HSTS) Determines whether web browsers are instructed to only ever use a secure

connection to access this server. Enabling this features gives added protection against man-in-the-middle (MITM) attacks.

• Automatically turn any insecure links to the website into secure links (for example, http://example.com/page/ is modified to https://example.com/page/ before accessing it).

• Only allows access to the server if the connection is secure (for example, the server's TLS certificate is valid, trusted and not expired).

• HSTS has one-year expiry time

• Support filter mechanism for searching Calls Same filter mechanism support on Call Status and Call History Ability to filter the call by

• Source, Destination, Start time• Peer (all VCS within cluster or single VCS)

• Additional call history information Call history records count End time

• Support filter mechanism for searching Registrations Same filter mechanism support on Registration Status and Registration History Ability to filter the call by

• Name, Protocol, Creation time, Address, Reason, and Peer

• Search rule overview per zone is available Same information available from Zone Status and Zones Configuration GUI

• Support tracepath in addition to traceroute Traces a path to a designated network address, reporting on the "time to live"

or TTL lag and maximum transmission units (MTU) along the way. “asymm” in report indicating asymmetric link in specific path.

• The Locate tool now allows to specify a specific subzone (or zone) as the source of the search request

• The Logging page is now located under the Maintenance menu To make VCS consistent with TelePresence Conductor

Nowunder

Maintenance

• The Cisco VCS can now utilize multiple syslog servers.

• Message formats now include Legacy BSD format New IETF formats (with/without TLS connection) Customized parameter (support UDP, TCP and TLS as transport protocol)

• Logging level

• Events and levels For more detail of each logging level, please refer to “Events and levels”

section in administrator guide under Reference Material chapter.

Level Capturing Events

Level 1

• High-level events such as registration requests and call attempts. Easily human readable. For example: call attempt/connected/disconnected

• Registration attempt/accepted/rejected

Level 2• All Level 1 Events, plus: logs of protocol messages sent and received (SIP,

H.323, LDAP and so on) excluding noisy messages such as H.460.18 keepalives and H.245 video fast-updates

Level 3 • All Level 1 and Level 2 Events, plus: protocol keepalives• Call-related SIP signaling messages

Level 4 • The most verbose level: all Level 1, Level 2 and Level 3 Events, plus: network level SIP messages

• Adding host name on diagnostic log file The diagnostic filename now includes the local host name This helps distinguish it from diagnostic files downloaded from other cluster

peers.

Cluster

diagnostic_log_vcs30_2012-04-24_02_09_26.txt

diagnostic_log_vcs31_2012-04-24_02_15_42.txt

download

• Core dump mode is now enabled by default. Configurable on the Incident reporting configuration page Note: It can no longer be configured via the CLI.

• System snapshot files now include a list of active alarms.

Date and time not validated - The system is unable to obtain the correct time and date from any of the NTP servers UUID: 992bace4-fac4-11de-91d1-00223ff026c1 Severity: warning Short ID: 25002 Status: raised First raised: Tue Apr 24 01:30:04 2012 Raised: 1 time Last raised: Tue Apr 24 01:30:04 2012

Security alert - The TMS agent database has the default LDAP password set UUID: 3343b141-943f-46a7-9c83-077eca2bce18 Severity: warning Short ID: 40010 Status: raised First raised: Tue Apr 24 01:30:22 2012 Raised: 1 time Last raised: Tue Apr 24 01:30:22 2012

Security alert - The TMS agent database has the default replication password set UUID: b29f9960-b761-47f0-ab26-ef716f0e1f40 Severity: warning Short ID: 40023 Status: raised First raised: Tue Apr 24 01:30:39 2012 Raised: 1 time Last raised: Tue Apr 24 01:30:39 2012

Verbose log levels configured - One or more modules of the Network Log or Support Log have been set to a level of Debug or Trace UUID: 38c9ca26-fd25-4bac-b5e7-83b1052fd131 Severity: warning Short ID: 25019 Status: raised First raised: Tue Apr 24 02:59:44 2012 Raised: 1 time Last raised: Tue Apr 24 02:59:44 2012

• Greater Flexibility, Scalability and ResilienceMedia encryption policyNew filter mechanism for call and registration management

• Secure System ManagementAccount Security EnhancementFirewall rule system access control

• Simpler DeploymentCertificate request generator

• Enhancement and usability ImprovementEnhanced DiagnosticsEnhanced Search rules

telepresence vcs x7.2 - cisco support community - cisco … · 2013-09-10 · cisco telepresence...

Documents

cisco telepresence fundamentals

hands-on cisco telepresence training · cisco telepresence...

cisco telepresence sx20 wall mount / montage mural ·...

cisco telepresence endpointtechnical handbook · cisco...

cisco telepresence mx700 and mx800 …...cisco telepresence...

cisco video and telepresence

telepresence management suite - cisco€¦ · 15.5 open...

dizajn cisco telepresence infrastrukture i primer iz ... ·...

cisco telepresence healthcare-esanidad2012

cisco telepresence solution 2012

cisco telepresence guide

cisco telepresence sx80 administrator guide collaboration...

understanding cisco telepresence conductor - … live 2013...

cisco telepresence product catalog - videonations · 2016....

cisco telepresence multiway · update vcs x7.2, mcu 4.3 and...

cisco telepresence application - terena · pdf filehd pc...

supporting cisco telepresence manager€¦ · cisco...

cisco telepresence recorder

cisco telepresence management suite extension for ibm...

telepresence perspectives and interoperability€¦ ·...