cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
525
Views
20
Helpful
4
Replies
Highlighted
Enthusiast

Separating Proximity and Admin-Interface

Hello,

is there a way to let our users use proxmity without exposing the admin-interface of our telepresence-systems?

Because all our telepresence systems are registered on our CUCMs the share the network as DHCP-clients with normal ip-phones.

To get Proximity working, we need to give the clients access to port 443 (https) to this network. This means, that users cannot only use proximity, but also access the administrative interface of the telepresence-systems and IP-Phones. I think, that this is unacceptable, not only in our company.

Is there a way to separate this? So the proximity service listens on different port, then the admin-interfaces?

Thanks for help

regards

Florian

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

If you have admin username

If you have admin username/password combinations on your endpoints, then the users, unless they know the credentials will not be able to change any settings on the endpoints by accessing the web browser interfaces.

If you don't have your endpoints web interfaces protected with something other than the default admin username and password, it's strongly recommended to do so.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

View solution in original post

4 REPLIES 4
VIP Advisor

If you have admin username

If you have admin username/password combinations on your endpoints, then the users, unless they know the credentials will not be able to change any settings on the endpoints by accessing the web browser interfaces.

If you don't have your endpoints web interfaces protected with something other than the default admin username and password, it's strongly recommended to do so.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

View solution in original post

Beginner

Although restricting access

Although restricting access via auth is possible, it would be preferential to block this further upstream. This is particularly relevant for any environments where there is a desire to provide proximity access from guest networks.

I'm sure the problem is already being considered, but it appears a simple solution would be to have the proximity server operate on an alternative port in future firmware.

Enthusiast

Hi Wayne,

Hi Wayne,

i do not agree to that. It was and it is always best practice to hide administrative interfaces from normal users. Nobody can hack into a system, that he is unable to access at all. Deployingn Proximity in a typical enterprise environment means giving access from internal networks and guest networks as well, so also guests can share their screens via proximity.

So in my opinion its not acceptable to have the admin-page also reachable for guests...

Perhaps Cisco should reconsider, if this is really a good idea and not a showstopper for many enterprises to deploy Proximity within their networks.

Regards

Florian

Cisco Employee

This is actually a planned

This is actually a planned feature, just not a prioritized one right now. Sorry about that.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards