Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

On premise personal CMR security

Hello,

I am testing the personal CMR (TMS 14.5, TMSPE 1.3, Conductor XC2.4.1 with one TS 4.0).

I have setup the TS under the Conductor, setup the service preference and a "mmet-me" location with a specific IP address. On the CUCM setup a SIP trunk to that Conductor "meet-me" IP address. On the TMS, I provissionned my user with TMSPE and on my group settings, added the Conductor and created a CMR Template. I went on my personal CMR page and created my conference.

I am wondering if I am missing something but: is the conference PIN, the only security available for personal CMR on-premise?

  • No Host AND participant PIN/passcodes to make sure the conference doesn't start until the Host has joined ?
  • No mechanism to block extra people to join when running back-to-back meeting to make sure participant of the later meeting will not join onto the first meeting until it is unlocked?
  • No way to force the user to change the PIN after each conference/several use of the conference?
  • No automatic report to the host after a conference

If there's only a conference PIN (which nobody will ever bother to change), what prevents anyone from using my personal meeting room to host his/her own meeting, without me being aware of it, once told the conference address and PIN ?

Am I missing something or this type of security features do not exist in the on-premise CMR version ?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

With your current software

With your current software versions, the only thing available is the single PIN that you noted.  As you mention, if you upgrade to TMS 14.6 and TMSPE 1.4, you can use separate host and guest PINs when configured with a TelePresence Server when using Conductor.

There is no method to block someone from joining a conference once they know someone's CMR address and PIN, unless the PIN is changed by the user.  With that said, there is no way to force a user to change their PIN, it's something the user would have to get in the habit of if they would like to do so for the extra security.  No reporting of any kind, a TMS admin might be able to pull some CDR data for the user, but I'm not 100% sure on that.

7 REPLIES
Cisco Employee

Please, move this question

Please, move this question into Telepresence community to get the visibility with TMS experts. This community is for Cisco Unified MeetingPlace and Cisco WebEx Meetings Server products.

 

I hope this will help.

 

-Dejan

New Member

Host and Guest PINs are now

Host and Guest PINs are now available in the new TMS suite:

TMS 14.6 & TMSPE 1.4 & XC 3.0 &TS 4.1

VIP Purple

With your current software

With your current software versions, the only thing available is the single PIN that you noted.  As you mention, if you upgrade to TMS 14.6 and TMSPE 1.4, you can use separate host and guest PINs when configured with a TelePresence Server when using Conductor.

There is no method to block someone from joining a conference once they know someone's CMR address and PIN, unless the PIN is changed by the user.  With that said, there is no way to force a user to change their PIN, it's something the user would have to get in the habit of if they would like to do so for the extra security.  No reporting of any kind, a TMS admin might be able to pull some CDR data for the user, but I'm not 100% sure on that.

New Member

Patrick,Yes, I replied to my

Patrick,

Yes, I replied to my own discussion after Cisco released all the new TMS, TMSPE, XC, TS and TMSXE versions.

I understand that I can't prevent anyone to connect to the CMR once you know the SIP URI and PIN, but what I wanted to at least avoid is that guests could run their own meeting using the host CMR without him/her being aware of it in other words stealing someone else CMR.

The new version answers that as it introduces the host and guest concepts and PIN codes for both. So even if multiple guests connects to a host CMR, they'll stay in lobby until the host starts a meeting.

However, once the meeting is ended it would be nice to be able to setup the system to send meeting report emails with the meeting details, duration, list of participants, when the connected and disconnected

VIP Purple

Yeah, I didn't realize it

Yeah, I didn't realize it when I first replied that you were just updating your own discussion with the answer you found, which is good for others that might have the same question.

As far as the CMR reports, you probably should reach out to your Cisco Account Manger and see if they can file a feature request for you or see if somwthing is in the works already.

New Member

Hi Patrick,

Hi Patrick,

I have project where we deploy CUCM , Expressway for B2B Call and Cisco Conductor with PMP Licence only and VTP now our requirement is for "Personal CRM" but we dont have TMS/TMSPE and not having any SQL server and Not having LDAP , my all participant for Conference are from B2B Call but we have User in CUCM with DX Serice Phone and this user want to use "Personal CMR" can it be possible?? or ales Guide what to do next. 

VIP Purple

PMP requires the use of TMSPE

PMP requires the use of TMSPE, which needs TMS and SQL, along with LDAP.  You might be able to get away with using TMS unlicensed, as you just need it to run TMSPE which is free for the use of CMRs.  Without TMSPE and LDAP, there is no way to assign the PMP licenses to users, as the user's GUID within LDAP is matched when the user calls into Conductor with the user's CMR configured within TMSPE to verify if they are a PMP user.

Take a look at the "About Personal CMRs" section of the CMR Premises Deployment Guide Release 7.0 - Primary (for Unified CM) starting on pg 53, and the How Does Conductor Determine the Multiparty License Type.

355
Views
10
Helpful
7
Replies
CreatePlease to create content