Cisco Cisco TelePresence Video Communication Server Expressway
VCS Expressway with Active Directory (direct) Authentication Delegated to the VCS
Control
Control
If the VCS Expressway cannot be connected directly to the AD server, then authentication can be delegated to the
VCS Control.
VCS Control.
■
The SIP UA sends a request to the VCS Expressway and the VCS Expressway challenges for authentication.
■
The VCS Expressway delegates the checking of the SIP UA's credentials to the VCS Control, passing the
authentication details to the VCS Control via the traversal zone.
authentication details to the VCS Control via the traversal zone.
■
The VCS Control sends the authentication details to the AD server for validation and passes the result back to
the VCS Expressway.
the VCS Expressway.
■
The authenticated registration takes place on the VCS Expressway and does not have to be proxied to the
VCS Control. This means media does not have to traverse the firewall in calls between SIP UAs that are both
registered to the VCS Expressway.
VCS Control. This means media does not have to traverse the firewall in calls between SIP UAs that are both
registered to the VCS Expressway.
Setting
VCS Expressway
VCS Control
Provisioning
X
AD configuration
X
Default Zone
Check
credentials
credentials
Check
credentials
credentials
Default Subzone
Check
credentials
credentials
Check
credentials
credentials
Traversal Zone
Check
credentials
credentials
Check
credentials
credentials
SIP domain
Domain for SIP
account
account
Domain for SIP
account
account
SIP registration proxy
mode
mode
Off
Off
SIP delegated credential
checking
checking
On
On
Setting
Cisco TMS
SIP Server
VCS Control IP address
or FQDN
or FQDN
Public SIP
Server
Server
VCS Expressway IP
address or FQDN
address or FQDN
This example shows a subscribe for provisioning that is challenged using an AD (direct) authentication challenge by
the VCS Expressway. Credential checking is delegated to the VCS Control. The authenticated request is then
forwarded on to the VCS Control which in turn passes it to the provisioning server:
the VCS Expressway. Credential checking is delegated to the VCS Control. The authenticated request is then
forwarded on to the VCS Control which in turn passes it to the provisioning server:
SIP UA VCS Expressway VCS Control Prov. server AD
50
Cisco VCS Authenticating Devices Deployment Guide