l
SIP registrations and provisioning on Unified CM
: endpoint registration, call control and
provisioning for this SIP domain is serviced by Unified CM. The VCS acts as a Unified
Communications gateway to provide secure firewall traversal and line-side support for Unified CM
registrations. The default is
Off
.
l
IM and Presence services on Unified CM
: instant messaging and presence services for this SIP
domain are provided by the Unified CM IM and Presence service. The default is
Off
.
Turn
On
all of the applicable services for each domain. For example, the same domain may be used by
endpoints such as Jabber or EX Series devices that require line-side Unified Communications support,
and by other endpoints such as third-party SIP or H.323 devices that require VCS support. (In this
scenario, the signaling messages sent from the endpoint indicate whether line-side unified
communications or VCS support is required.)
Discovering IM&P and Unified CM servers
The VCS Control must be configured with the address details of the IM&P servers and Unified CM servers
that are to provide registration, call control, provisioning, messaging and presence services.
Note that IM&P server configuration is not required in the hybrid deployment model.
Uploading the IM&P / Unified CM tomcat certificate to the VCS Control trusted CA list
If you intend to have
TLS verify mode
set to
On
(the default and recommended setting) when discovering
the IM&P and Unified CM servers, the VCS Control must be configured to trust the tomcat certificate
presented by those IM&P and Unified CM servers.
1. Determine the relevant CA certificates to upload:
l
If the servers are using self-signed certificates, the VCS Control's trusted CA list must include a copy
of the tomcat certificate from every IM&P / Unified CM server.
l
If the servers are using CA-signed certificates, the VCS Control's trusted CA list must include the root
CA of the issuer of the tomcat certificates.
2. Upload the trusted Certificate Authority (CA) certificates to the VCS Control (
Maintenance > Security
certificates > Trusted CA certificate
).
3. Restart the VCS Control for the new trusted CA certificates to take effect (
Maintenance > Restart
options
).
Configuring IM&P servers
To configure the IM&P servers used for remote access:
1. On VCS Control, go to
Configuration > Unified Communications > IM and Presence servers
.
The resulting page displays any existing servers that have been configured.
2. Add the details of an IM&P publisher:
a. Click
New
.
b. Enter the
IM and Presence publisher address
and the
Username
and
Password
credentials
required to access the server. The address can be specified as an FQDN or as an IP address; we
recommend using FQDNs when
TLS verify mode
is
On
.
Note that these credentials are stored permanently in the VCS database. The IM&P user must have
the
Standard AXL API Access
role.
c. We recommend leaving
TLS verify mode
set to
On
to ensure VCS verifies the tomcat certificate
presented by the IM&P server for XMPP-related communications.
o
If the IM&P server is using self-signed certificates, the VCS Control's trusted CA list must include a
copy of the tomcat certificate from every IM&P server.
Cisco VCS Administrator Guide (X8.1.1)
Page 70 of 507
Unified Communications
Configuring mobile and remote access on VCS