Cisco Cisco TelePresence Video Communication Server Expressway
Example AD Direct Authentication Deployments
When enabling authentication, there are a number of configuration architectures that may be considered.
■
VCS Control with Active Directory (direct) authentication
■
VCS Control and VCS Expressway, each with Active Directory (direct) authentication
■
VCS Control and VCS Expressway with Active Directory (direct) authentication delegated to the VCS Control
VCS Control with Active Directory (Direct) Authentication
The SIP UA sends a request to the VCS Control and it challenges for authentication, sending the authentication
details to the AD server for validation.
details to the AD server for validation.
Setting
VCS Control
Provisioning
AD configuration
Default Zone
Check credentials
Default Subzone
Check credentials
SIP domain
Domain for SIP account
Setting Cisco TMS
SIP
Server
Server
VCS Control IP
address or FQDN
address or FQDN
This example call flow diagram shows a subscribe for provisioning that is challenged using AD (direct) authentication:
SIP UA VCS Control Provisioning server Active Directory
Subscribe
CSeq: <xx> SUBSCRIBE
407 Proxy Authentication Required
with SIP header: ‘Proxy-Authenticate:
NTLM realm="<VCSHostID>",
qop="auth",
targetname="<VCSHostID>"’
Subscribe
45
Cisco VCS Authenticating Devices Deployment Guide