cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10140
Views
230
Helpful
95
Replies

TC7.3.0 websnapshots broken even further (by design)

Wayne DeNardi
VIP Alumni
VIP Alumni

Just a heads-up warning to anyone considering upgrading to TC7.3.0 - the websnapshots now include a "privacy feature" where the snapshot of the camera(s) no longer displays on the web interface screen until you specifially click to activate the video source (see attached image).  The websnapshot only shows around 5 seconds once clicked before requiring another activation.  A large message also appears on the display of the endpoint stating that the video is being monitored by an administrator.

This warning message shrinks after a short period of time to just an icon, but the icon stays on the screen for approximately 10 minutes (even after disconnecting any browser session to the endpoint).

This is in addition to the previous issue where websnpshots were disabled while the unit was in standby (no-websnapshots-when-system-standby-tc71x).

Update: TC7.3.3 returned some of the functionality, and the removal of the large message, but you need to obtain a "Remote Monitoring" option key for each endpoint.  However, this has introduced a range of other bugs which Cisco have not fully addressed yet.

Wayne
--
Please remember to mark helpful responses and to set your question as answered if appropriate.
95 Replies 95

I did - but under strict NDA ;)

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Similar to Jens, I've received (probably from the exact same people) an NDA update.  All I can say is that they're considering a few different options on how they may fix it, but what those options are I can't say but a number of them appear to be quite suitable.

And, you're correct, they're not in the recent TC7.3.2 release.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to mark helpful responses and to set your question as answered if appropriate.

Wayne/Jens,

Is Cisco "well aware" that people are refusing to update because of this? I'm sure they are, just curious how seriously they are taking the refusals to upgrade.

-Aaron

Yes, there are a number of people in Cisco who are very aware of the situation and that people are unable to update because of this issue,  

There are quite a few of us worldwide who have voiced our concerns directly to our local Cisco Account Team and SMEs - and I encourage everyone who is unhappy with this change to functionality to do the same.

As I said earlier, there are likely some changes yet to come, but I can't discuss these further due to NDA - but I had a good information sharing / feedback session with a number of people at Cisco Live Melbourne last week on this issue.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate. 

Wayne
--
Please remember to mark helpful responses and to set your question as answered if appropriate.

As I’m dealing with a global operation and have informed several Cisco Account Team and SMEs however none can tell me if the snapshot feature without the display warning will ever return.

Even if we use the TMS to check if an endpoint is in a call and of course you like to know to who they are connected this will automatically trigger admin message on the display.  It’s a disaster.

People say the introduction of software functionality is a feature unless it limits operations than it’s a bug.

 

I came across some conversations that this had to do with a legal issue.

Al that needed is a legal disclaimer and we can introduce web snapshot again without the annoying display warning and freaking out my users every time.

Please Cisco don't break the functionality even more. (I miss the Tandberg days)

The whole idea with Proximity is that you have to be in the room, once you leave the room, the token will not be renewed and you will loose the connection.

The security aspect around Proximity is maintained through the proximity to the system.

Yes, but again, Proximity is pretty much useless in an education scenario as long as you actually allow Proximity users to also have call control..... :(

/jens

Please rate replies and mark question(s) as "answered" if applicable.

I agree Jens, until they lock down the call control portion of Proximity behind either the use of a passcode or user login, I won't be deploying it. There is too much risk with the codec's call control being avaliable to anyone who uses Proximity without some way to lock it down. 

We have had a lot of good feedback on Proximity. This feature is a beta feature until TC8 is released and you will see some changes by then.

The problem with allowing to turn this off, means it can be used without the users knowledge. In worst case you can imagine someone previewing confidential information on their PC and they don't know that others are watching. In the past this feature has been more hidden, but now as we open it up for more usage we would like it to be secure.

Some countries also have legislation around video surveillance, where it is not legal to do any type of video surveillance unless the people being under surveillance are notified.

But this is the question, where does it start, where does it stop.

 

I know some people which were shocked that people can save their

shared presentation so easy via an ipad.

And there is no alert that someone had access or saved slides, ...

 

There are many things which are restricted in countries and I guess if you would implement all possible limitations for all countries worldwide in your codecs they would simply not be usable anymore.

Some regulations will simply conflict with each other.

 

Sure, some parts should have options and improved information capabilities.

But a lot of things have to be handled by policy and by trust.

 

Will you also use HDCP towards the screen so no one can connect a splitter with a recording device and ban analog in and outputs so you have more control?

 

I think it is important to have the capability to strip lock things up, but that should be an option like the FIPS mode on the VCS.

 

Talking about the VCS (or endpoints) I would have preferred more a configurable log file retention policy to make sure stored log data is only kept within the legal allowed time limits, ...

 

What could be handy is an audit log, who accessed when information or a security info tab on the endpoint to check that web snapshots or other things are enable or disabled.

 

Please remember to rate helpful responses and identify

There is a lot of good information in the Proximity forum section. An icon is displayed when someone is connected. When this feature is finally released in TC8, you can turn it off for each call.

I do understand what you are saying Roger, but it doesn't work in a distant education scenario like ours. :(

As it is, web snapshots can only be activated manually with physical access to the system in question anyway.

Having this "new" "feature" turned on by default should be enough in most scenarios to prevent snooping, but give us the option to at least turn off the warning message using the Remote Support User account - which means having access to the web-gui and being able to generate a token, then open a case with TAC to obtain a password before I can log in to turn it off - seriously - that isn't enough obstacles????

By all means, leave the icon in place, but let us disable the warning message.

I guess, if this is the way it's going to stay, that means we will never be able to upgrade past TC7.2.1 - which means no need for service contracts, which will save us a heap of money -  and moving away from Cisco now becomes a real possibility. Guess it's time to talk to Polycom.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

In the past you needed to have physical access to the system to turn on Web Snapshots, however this has changed and you can now do this remotely.

With this apparent paranoia re use of snapshots, wouldn't it in this case be better not being able to do this remotely?

I find it rather ironic that if people don't upgrade to TC7.3 the warning is not displayed - and all Cisco has achieved is to alienate a large chunk of their users...

/jens

Please rate replies and mark question(s) as "answered" if applicable.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: