System Status Application will always attempt to connect to the IP Office using the secure TLS service first if the login page setting Secure Connection is selected. However, if the TLS connection attempt fails, it will offer the user the option to connect over the unsecure connection.
Procedure
To prevent the use of the unsecure connection, the IP Office Manager security setting Services > System Status Application Interface > Service Security Level should be set to Secure, Low or Secure, Medium.
Note: The use of SSA with a TLS connection limits the status monitoring capacity, particularly on the IP500 V2 platform. If high SSA events or call rates are anticipated, the unsecure connection should be used with alternative security arrangements.
There is no checking of the IP Office certificate by SSA when the TLS connection is used hence no certificate configuration is possible on SSA.
If not required by support personnel using SSA, the rights: Rights Groups > System Status Application > Read all configuration and Rights Groups > System Status Application > System control should be removed from the Service User account.
Any snapshot file saved by SSA may be read by any other SSA instance without authorization. This file can include configuration and other sensitive information and therefore access to the file must be controlled.
