Cisco Unified Presence, Release 7.x -- How to Configure Security Between Cisco Unified Presence and Microsoft OCS

From DocWiki

Revision as of 12:58, 21 December 2009 by Sicoughl (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Main page: Cisco Unified Presence, Release 7.x

Contents

Previous Topic


This topic is only applicable if you require a secure connection between Cisco Unified Presence and Microsoft OCS.



Configuring a TLS Route for Cisco Unified Presence on Microsoft OCS

Procedure

1. Launch the Microsoft Office Communications Server 2007 application.

2. Right-click on Microsoft OCS Server pool in the right pane.

3. Select Properties > Front End Properties.

4. Select the Routing tab from the Front End Server Properties dialog box.

5. Select Add.

6. Perform the following actions to add a static route:

  • Enter the hostname/FQDN for Cisco Unified Presence in the Domain field.
Note: This should match with Subject CN of the Cisco Unified Presence certificate otherwise Microsoft OCS will not establish a TLS connection with Cisco Unified Presence.
  • Select TLS from the Transport menu.
  • Enter 5062 in the Port field. The port number 5062 is the default Cisco Unified Presence port where it listens for peer authentication TLS connections.
  • Check Replace host in request URI.
  • Select OK.


Troubleshooting Tips

You can check Subject CN of a Cisco Unified Presence certificate by selecting Cisco Unified Operating System Administration > Security > Certificate Management, and selecting on a certificate entry in the certificate list.


What To Do Next

Configuring Cisco Unified Presence as an Authenticated Host on Microsoft OCS




Configuring Cisco Unified Presence as an Authenticated Host on Microsoft OCS

Procedure
  1. Launch the Microsoft Office Communications Server 2007 application.
  2. Right-click on Microsoft OCS Server pool in the right pane.
  3. Select Properties > Front End Properties.
  4. Select the Host Authorization tab.
  5. Select Add.
  6. Select on FQDN and enter the CUP X.509 Subject Common Name as it appears in its certificate.
  7. Check Throttle as server.
  8. Check Treat as Authenticated.
  9. Select OK.
  10. Reboot the Microsoft OCS server. When the server reboots, the Microsoft OCS server pool should display the outbound static route just configured.


What To Do Next

Configuring Microsoft OCS to use TLSv1





Configuring Microsoft OCS to use TLSv1

Cisco Unified Presence only supports TLSv1 so you must configure Microsoft OCS to use TLSv1. This procedure describes how to configure FIPS-compliant algorithms on Microsoft OCS to ensure that Microsoft OCS sends TLSv1 with TLS cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA. In this procedure Microsoft OCS is configured on a domain controller.


Procedure
  1. Select Start > Administrative Tools > Domain Controller Security Policy.
  2. Select Security Settings in the console tree.
  3. Select Local Policies.
  4. Select Security Options.
  5. Double-click the FIPS security setting in the Details pane.
  6. Modify the security setting.
  7. Select OK.


What To Do Next

Creating a new TLS Peer Subject for Microsoft OCS on Cisco Unified Presence



Creating a new TLS Peer Subject for Microsoft OCS on Cisco Unified Presence

Procedure
  1. Select Cisco Unified Presence Administration > Cisco Unified Presence > Security > TLS Peer Subjects.
  2. Select Add New.
  3. Enter the subject CN of the certificate that Microsoft OCS presents in the Peer Subject Name field.
  4. Enter the name of the Microsoft OCS server in the Description field.
  5. Select Save.


What To Do Next

Adding the TLS Peer to the Selected TLS Peer Subjects List on Cisco Unified Presence



Adding the TLS Peer to the Selected TLS Peer Subjects List on Cisco Unified Presence

Before You Begin

Create a new TLS Peer Subject for Microsoft OCS on Cisco Unified Presence.


Procedure
  1. Select Cisco Unified Presence Administration > System > Security > TLS Context Configuration.
  2. Select Find.
  3. Select Default_Cisco_UPS_SIP_Proxy_Peer_Auth_TLS_Context.
The TLS Context Configuration window displays.
  1. From the list of available TLS ciphers, select TLS_RSA_WITH_3DES_EDE_CBC_SHA.
  2. Select the right arrow to move this cipher to Selected TLS Ciphers.
  3. Check Disable Empty TLS Fragments.
  4. From the list of available TLS peer subjects, select the TLS peer subject that you configured.
  5. Select the right arrow to move it to Selected TLS Peer Subjects.
  6. Select Save.

Rating: 0.0/5 (0 votes cast)

Personal tools