Cisco Cisco TelePresence Video Communication Server Expressway
Example AD direct authentication deployments
When enabling authentication, there are a number of configuration architectures that may be considered.
n
VCS Control with Active Directory (direct) authentication
n
VCS Control and VCS Expressway, each with Active Directory (direct) authentication
n
VCS Control and VCS Expressway with Active Directory (direct) authentication delegated to the VCS
Control
Control
VCS Control with Active Directory (direct) authentication
The SIP UA sends a request to the VCS Control and it challenges for authentication, sending the
authentication details to the AD server for validation.
authentication details to the AD server for validation.
Setting
VCS Control
Provisioning
AD configuration
Default Zone
Check credentials
Default Subzone
Check credentials
SIP domain
Domain for SIP account
Setting
Cisco TMS
SIP
Server
Server
VCS Control IP
address or FQDN
address or FQDN
This example call flow diagram shows a subscribe for provisioning that is challenged using AD (direct)
authentication:
authentication:
SIP UA VCS Control Provisioning server Active Directory
Subscribe
CSeq: <xx> SUBSCRIBE
407 Proxy Authentication Required
with SIP header: ‘Proxy-Authenticate:
NTLM realm="<VCSHostID>",
qop="auth",
targetname="<VCSHostID>"’
Cisco TelePresence Device Authentication on Cisco VCS Deployment Guide (X8.5)
Page 46 of 55
Appendix 3: Active Directory (direct)