n Administration over the web interface
n XML and REST APIs
n SSH access (restricted to only use AES or 3DES ciphers)
n Login authentication via a remote LDAP server (must use TLS if using SASL binding)
n Client certificate verification
n SNMP (SNMPv3 authentication is restricted to SHA1, and SNMPv3 privacy is restricted to AES)
n NTP (NTP server authentication using symmetric key is restricted to SHA1)
n Device authentication against the local database
n SIP connections to/from the VCS providing they use TLS
n H.323 connections to/from the VCS
n Delegated credential checking
n SRTP media encryption
n SIP/H.323 interworking
n TURN server authentication
n Encrypted backup/restore operations
n Connections to an external manager
n Connections to external policy services
n Remote logging
n Incident reporting
n CSR generation
Other VCS features are not FIPS140-2 compliant, including:
n SIP certificate revocation features
n Any SIP media encryption policy other than Auto
n SIP authentication over NTLM / Active Directory
n SIP/H.323 device authentication against an H.350 directory service
n Microsoft Lync B2BUA
n Unified Communications mobile and remote access
n Clustering
n Use of Cisco TMSPE
Cisco VCS Administrator Guide (X8.1.1) Page 298 of 507
Maintenance
Advanced security