Cisco Cisco TelePresence Management Suite (TMS) Version 15
DNS setup for provisioning E20
Cisco TMS Provisioning Deployment Guide
Page 41 of 47
DNS setup for provisioning E20
This section describes the DNS setup necessary for provisioning E20 outside the firewall.
In standard Cisco VCS/Cisco TMS deployments for enterprises, some endpoints are connected to the
intranet while others are connected to a variety of home networks outside the firewall. In the latter case,
the E20 needs to connect to the Cisco VCS/Cisco TMS infrastructure through a Cisco VCS Expressway
located outside the company firewall. Consequently, the E20 must be provisioned with a Cisco VCS
Expressway as the SIP proxy. This is only possible if the external manager entered into the E20 wizard
is resolved through DNS.
intranet while others are connected to a variety of home networks outside the firewall. In the latter case,
the E20 needs to connect to the Cisco VCS/Cisco TMS infrastructure through a Cisco VCS Expressway
located outside the company firewall. Consequently, the E20 must be provisioned with a Cisco VCS
Expressway as the SIP proxy. This is only possible if the external manager entered into the E20 wizard
is resolved through DNS.
If provisioning is done internally, this setup is optional; however, it will allow for a flexible failover/load-
balancing scheme for the Cisco VCS cluster.
balancing scheme for the Cisco VCS cluster.
NAPTR records
A Name Authority Pointer (NAPTR) record is a DNS record used for regular expression rewrite rules for
domain names.
domain names.
Setting up these DNS entries can be done in two ways. The DNS infrastructure could return different
NAPTR records depending on whether the external manager is located inside or outside the firewall. If
this is not possible, the DNS names of the external manager addresses must be different and resolve to
two different NAPTR records on the same DNS server.
NAPTR records depending on whether the external manager is located inside or outside the firewall. If
this is not possible, the DNS names of the external manager addresses must be different and resolve to
two different NAPTR records on the same DNS server.
Flags
The E20 bases its provisioning request on the NAPTR record flag:
n
"s" indicates that the NAPTR response is an SRV record. If the flag is "s" only, the E20 will be
provisioned from the internal Cisco VCS.
provisioned from the internal Cisco VCS.
n
"e" indicates that the SIP proxy is located outside the firewall (e=external). This indicator is Cisco
proprietary. If the flag is "se", the E20 will be provisioned from the external Cisco VCS.
proprietary. If the flag is "se", the E20 will be provisioned from the external Cisco VCS.
Required NAPTR record for external endpoint provisioning
For an encrypted TCP connection, use the following type of record to point to the SIP secure service:
example.com. IN NAPTR 50
50 "se" "SIPS+D2T" "" _sips._
tcp.example.com.
For a non-encrypted TCP connection, use the following type of record to point to the TCP SIP service:
example.com. IN NAPTR 90
50 "se" "SIP+D2T" "" _sip._
tcp.example.com.
For a non-encrypted UDP connection, use the following type of record to point to the TCP SIP service:
example.com. IN NAPTR 100 50 "se" "SIP+D2U" "" _sip._
udp.example.com.
udp.example.com.
Optional NAPTR record for internal endpoint provisioning
For an encrypted TCP connection, use the following type of record to point to the SIP secure service:
example.com. IN NAPTR 50
50 "s" "SIPS+D2T" "" _sips._
tcp.example.com.