Cisco TelePresence MCU Series 4.4 (3.42) Software Release Notes December 2012 Contents Product documentation New features in 4.4 Resolved issues Open issues Limitations Interoperability Updating to 4.
New features in 4.4 New features in 4.4 Version 4.4 introduces a number of new security measures such as better password management, mutual authentication, certificate-based login, and optional Online Certificate Status Protocol (OCSP) validation of client certificates for HTTPS connections.
New features in 4.4 The MCU always uses its known OCSP server and does not check any OCSP servers specified by the client certificate. The feature is configurable to include a nonce. Static Certificate Revocation Lists are not supported. Certificate-based login Users can now authenticate and log in using a client certificate, where previously they would always need to enter a username and password.
New features in 4.4 If certificate-based authentication is required (option 4 above), the standard authentication parameters are ignored altogether and a client certificate must be used for login purposes, meaning that only HTTPS access is possible. Persistent calls The MCU's redial behavior has been extended to have greater scope and flexibility. You can now apply call persistence on a per participant basis.
New features in 4.4 The MCU shows the replacement video by default whenever the original participant's video would previously have been shown. For example, if the original participant becomes the active speaker, then by default the replacement video becomes the most prominent pane in the layout. The original participant's video never shows in the conference while the replacement video is available, unless you explicitly choose to show the original participant's video in a specified pane in the layout.
Resolved issues The MCU can tag these traffic types: n Video - all main video and content video (RTP streams and RTCP information, ConferenceMe video over UDP, BFCP, and FECC) can be tagged with a single QoS value n Audio - all audio (RTP streams and RTCP information, ConferenceMe audio over UDP) can be tagged with a single QoS value n Streaming - all unicast and multicast RTP and RTSP streams can be tagged with a single QoS value n Signaling - all H.225, H.245, Q.
Resolved issues Identifier Description CSCuc57928 In previous releases, the MCU 4200 Series models could experience an unexpected restart with an H.264 decoder marker check failure message when invalid bitstream was sent to the DSP. This is resolved in this release. CSCuc46770 In previous releases, when content mode was set to passthrough, content transmission could fail from a C-series endpoint when an MXP endpoint was present in the same conference and the call bandwidth was less than 1Mbps.
Open issues Identifier Description CSCub18878 In previous releases, there were a number of areas within the H.264 decoder code where invalid (non-H.264) data could potentially cause an error and as a consequence the DSP could crash or timeout. The H.264 decoder resiliency has been vastly improved in this release. CSCub15957 In previous releases, the MCU would not refresh its registration to a SIP registrar if the contact header field of the 200 OK message from the registrar exceeded 256 characters.
Limitations Limitations Google Chrome on Microsoft Windows 7 fails to provide client certificate Certificate-based authentication and login will fail if the user attempts to access the MCU web interface using Google Chrome on Microsoft Windows 7. This issue only occurs when the client certificate is generated by the Microsoft Certification Authority. To work around the issue, use a different browser, operating system, or certification authority.
Limitations browsers include: IE6; Firefox 1.5 (Mac and PC); Safari 2.0.3 and earlier, and Camino. IE7 and Safari 2.0.4 do not appear to be affected by this. Using the QuickTime 6.5 plus later option for the Player format on the MCU will allow streaming to QuickTime using any browser that supports a QuickTime plug-in. Clustering limitations Cisco TelePresence MCU Conference Director will only work with the master blade in a cluster. If you are using Cisco Telepresence Management Server Version 12.
Interoperability Interoperability We endeavor to make the MCU interoperable with all relevant standards-based equipment. While it is not possible to test all scenarios, the testing that the data below is based on covers all the most common functions of the listed endpoints and infrastructure. Version 4.4 of the MCU software was used for this interoperability testing. Note: Unless otherwise stated, Cisco Unified Communications Manager (CUCM) version 9.0.
Interoperability Cisco TelePresence System 1300 Series 1.9.2(19) Cisco TelePresence System 500-37 1.9.2(19) Cisco TelePresence System 500-32 Tested CUCM to VCS and CUCM to MCU. n 1.9.2(19) Cisco Unified Video Advantage 2.2(2) Cisco Jabber Video for TelePresence (Windows) 4.5(16582) Cisco Jabber Video for TelePresence (Mac OSX) 4.5(16582) The CTS 1300-47 endpoint does not respond properly to commands to mute/unmute audio/video from MCU.
Interoperability Cisco UC Integration (TM) for Microsoft Lync 8.5 (229.20137) Tested CUCM to VCS and CUCM to MCU. Cisco Unified Personal Communicator 8.6.3.20802-1.2.148 Cisco Jabber for Windows 9.0.5 (11368) Tested CUCM to VCS and CUCM to MCU. Cisco Jabber for iPad 9.1 (20014) Tested SIP and SIP to H.323 interworking. Cisco Unified IP Phone 9971 9-3-1-33 Tested CUCM to VCS and CUCM to MCU. n Pressing hold resume on the endpoint may result in lower resolution video transmission from the MCU.
Interoperability PCS-G50 PCS-XG80 2.72 2.36 Tested H.323 and H.323 to SIP interworking. n At low bandwidths this endpoint may not handle audio properly. You can mitigate this by disabling AAC codec for this endpoint. n The endpoint does not correctly signal a deliberate disconnection, so the MCU treats it as an unexpected disconnection and may redial if configured to redial on unexpected disconnections. Tested H.323 and SIP. n An H.
Interoperability VVX 1500 4.0.2.11307 Tested H.323 and SIP. n Due to inaccurate timestamps sent by this endpoint, lip synchronization cannot be guaranteed. n When calling over SIP, this endpoint only supports the first audio and video codecs that it advertises. If the MCU chooses a different audio or video codec from the advertised set, the endpoint may not be able to decode the audio or video from the MCU. n The endpoint does not respond properly to commands to mute/unmute audio/video from MCU.
Updating to 4.4 Cisco Unified Communications Manager Cisco TelePresence Content Server 9.0.1 S5.3 n Calls from Cisco Unified IP Phone 9971 via the CUCM to VCS path result in no audio/video from the endpoint. (CSCub97604). n 60fps capable endpoints may not be able to negotiate 60fps with the MCU when the call is made via the CUCM to VCS path. n CUCM may not correctly respond to mid-call renegotiation from the MXP on a call to the MCU via the CUCM to MCU path (CSCtx16122). Tested H.323 and SIP.
Updating to 4.4 n The administrator user name and password for the backup file. n If your deployment uses CDR data, make sure that all CDR data has been downloaded and saved. CAUTION: You must back up the MCU configuration (the configuration.xml file) before you upgrade the software. This release reformats the configuration file in a way that is not compatible with earlier software versions, including changes to all existing user IDs.
Updating to 4.4 6. Click Upload software image. A progress bar is displayed in a separate pop-up window while the web browser uploads the file to the MCU. This takes some time – dependent on your network connection. Do not navigate away from or refresh the Upgrade software page during the upload process; otherwise, it will abort. After a number of minutes, the web browser refreshes automatically and displays “Main image upload completed successfully”. 7. Click Close Status window. 8.
Using the Bug Search Tool 1. Go to Settings > Upgrade. 2. In the Restore configuration area, locate a configuration.xml file that is compatible with the release to which you want to downgrade. 3. Check the User settings check box. 4. If required, check the Network settings check box. 5. Click Restore backup file. 6. When the configuration has been restored, follow the instructions as detailed in Upgrade instructions [p.17].
Appendix: Mutual authentication connections and certificate identity requirements Appendix: Mutual authentication connections and certificate identity requirements Local certificate The MCU can only have one local certificate. In all cases where the MCU needs to present a certificate to another party, the MCU uses the certificate listed in the Local certificate section of the Network > SSL certificates page.
Appendix: Mutual authentication connections and certificate identity requirements Incoming SIP calls (MCU acting as a server) The MCU performs a SIP TLS handshake with the calling party, and the parties must be able to verify each other's certificates. The MCU verifies that the received certificate is trusted by checking against its SIP trust store. The certificate must be signed by an authority that is in the MCU's SIP trust store.
Appendix: Transitioning to certificate-based security Appendix: Transitioning to certificate-based security Certificate-based security methods carry a risk of inadvertently blocking all login access to the MCU. (If problems occur with the client certificate or the trust store, you will need to fall back to HTTP. If you cannot fall back—because HTTP is disabled or because HTTP to HTTPS redirection is set—then all access methods will be blocked.
Document revision history 1. Ensure that an appropriate HTTPS trust store has been installed on the MCU (Network > SSL certificates). 2. Go to Network > Services and enable both HTTP and HTTPS. 3. Go to Settings > Security and disable Redirect HTTP requests to HTTPS. This ensures that you can fall back to HTTP if problems occur. 4. Go to Network > SSL certificates. a. Scroll to the Online certificate status protocol (OCSP) section. b. Set Certificate to check to HTTPS client certificates. c.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
