What's New In This Version; Controlled Sip Tls Connections To The Default Zone; Device Authentication; Enhanced Account Security - Cisco TelePresence Administrator's Manual

What's new in this version?

The new features introduced in this release of VCS software are described below.

Controlled SIP TLS connections to the Default Zone

Default Zone access rules that control which external systems are allowed to connect over SIP TLS to the
VCS via the Default Zone can now be configured.
Each rule specifies a pattern type and string that is compared to the identities (Subject Common Name and
any Subject Alternative Names) contained within the certificate presented by the external system. You can
then allow or deny access to systems whose certificates match the specified pattern.

Device authentication

The VCS can now be configured to authenticate devices against multiple remote H.350 directory servers.
n
This provides a redundancy mechanism in the event of reachability problems to an H.350 directory server.
As from version X7.2, the VCS attempts to verify device credentials presented to it (for Digest
n
authentication) by first checking against its on-box local database of usernames and passwords, before
checking against any configured H.350 directory server. As a result of this:
The Device authentication configuration
l
between an authentication database type of Local database or LDAP database.
The NTLM protocol challenges setting is now configured on the
l
The Device LDAP configuration
n
authentication H.350 configuration
The Alias origin field on the
n
aliases for registration.

Enhanced account security

Administrator accounts can now be configured to authenticate first against the local database and then if no
n
matching account is found to fall back to a check against the external credentials directory.
When defining administrator accounts and groups, you can now also specify if the account/group can
n
access the web interface and/or the XML/REST APIs.
When strict passwords are enforced for administrator accounts, you can now customize the rules for what
n
constitutes a strict password.
Local administrator passwords are now stored using a SHA512 hash.
n
In a cluster, the default admin account password is now replicated across all peers.
n
Note that the Login Administrator set of xConfiguration CLI commands are no longer
n
supported.
Cisco VCS Administrator Guide (X7.2)
page no longer exists; there is no longer an option to switch
and Device LDAP schemas
and Device authentication H.350 schemas
Device authentication H.350 configuration page
Active Directory Service
pages are now called Device
respectively.
is now called Source of
Introduction
page.
Page 21 of 498