Inter-Device Security Overview

Cisco TelePresence devices support secure communication between devices using Certificate Authority Proxy Function (CAPF). Cisco TelePresence is part of Cisco Unified Communications and shares security architecture using CAPF. This functionality is similar to Cisco Unified IP phone security architecture. Other key architectural elements that are used include the Certificate Trust List (CTL), Locally Significant Certificate (LSC), and Computer Telephony Integration (CTI).

The following is an overview of how CAPF is configured on Cisco TelePresence components:

1. CAPF service is started in Cisco Unified CM so that the Cisco Unified CM becomes the CAPF server.

2. The Cisco TelePresence Multipoint Switch (CTMS), Cisco TelePresence Recording Server (CTRS), and Cisco TelePresence Manager (CTS-Manager) are configured as CAPF clients.

3. A common application user ID is configured for each CAPF client, and separate instance IDs are created for the CTMS, CTRS, and Cisco TelePresence Manager.

4. CAPF authenticates information between the Cisco TelePresence devices using a Locally Significant Certificate (LSC).

The LCS can be downloaded from the CAPF Server (same as the Cisco Unified CM host in most cases) using CTI secured connections over TLS. As part of the Cisco Unified Communications architecture, Cisco TelePresence endpoints follow the configuration on the Cisco Unified CM to automatically download their LSC during initial setup. CTMS, CRTS, and CTS-Manager, on the other hand, do not register to the Cisco Unified CM and therefore require manual steps to obtain the LCS from the CAPF server.

To create secure services, you must activate and start CAPF service, create application users, create Cisco Unified CM root certificates for every Cisco Unified CM server associated with a Cisco TelePresence service, and create a CAPF root certificate. Then in the administration interface for each Cisco TelePresence device, you must upload the applicable Cisco Unified CM and CAPF root certificates and download the appropriate LSCs. When all certificates are in place and the LSC is downloaded, the Cisco TelePresence device reboots so that the security settings take effect.

See the Cisco Unified Communications Manager Security Guide for overall operational details.

Browser Security Overview

You can set up an encrypted link between the web server of a Cisco TelePresence infrastructure device (a CTMS, CTRS, or CTS-Manager), and the browser through which you access the Administrative UI. If multiple infrastructure devices exist in your Cisco TelePresence topology, you can optionally set up browser security for each one.

Setting up browser security is comprised of these steps, which can be performed over one or more days:

5. Request a Secure Sockets Layer (SSL) certificate from a certificate authority (CA), which is comprised of these substeps:

a. Generate a Certificate Signing Request (CSR).

b. Apply for the SSL certificate from a CA.

c. Wait for the SSL certificate from the CA, which can take a few seconds to a few days.

6. Install the certificate on the device.

Cisco.com

Cisco.com is a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at any time, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.

Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.

Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.

To access Cisco.com, go to the following website:

http://www.cisco.com

Technical Assistance Center

The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.

Contacting TAC by Using the Cisco TAC Website

If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website:

http://www.cisco.com/en/US/customer/support/index.html

P3 and P4 level problems are defined as follows:

• P3—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
• P4—You need information or assistance on Cisco product capabilities, product installation, or basic product configuration.

In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.

To register for Cisco.com, go to the following website:

https://tools.cisco.com/RPF/register/register.do

If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website:

http://tools.cisco.com/ServiceRequestTool/create/

Contacting TAC by Telephone

If you have a priority level 1 (P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website:

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

P1 and P2 level problems are defined as follows:

• P1—Your production network is down, causing a critical impact to business operations if service is not restored quickly. No workaround is available.
• P2—Your production network is severely degraded, affecting significant aspects of your business operations. No workaround is available.