Cisco Cisco TelePresence Video Communication Server Expressway
VCS Expressway with Active Directory (direct) authentication
delegated to the VCS Control
delegated to the VCS Control
If the VCS Expressway cannot be connected directly to the AD server, then authentication can be delegated
to the VCS Control.
to the VCS Control.
n
The SIP UA sends a request to the VCS Expressway and the VCS Expressway challenges for
authentication.
authentication.
n
The VCS Expressway delegates the checking of the SIP UA's credentials to the VCS Control, passing the
authentication details to the VCS Control via the traversal zone.
authentication details to the VCS Control via the traversal zone.
n
The VCS Control sends the authentication details to the AD server for validation and passes the result
back to the VCS Expressway.
back to the VCS Expressway.
n
The authenticated registration takes place on the VCS Expressway and does not have to be proxied to the
VCS Control. This means media does not have to traverse the firewall in calls between SIP UAs that are
both registered to the VCS Expressway.
VCS Control. This means media does not have to traverse the firewall in calls between SIP UAs that are
both registered to the VCS Expressway.
Setting
VCS
Expressway
Expressway
VCS Control
Provisioning
X
AD configuration
X
Default Zone
Check
credentials
credentials
Check
credentials
credentials
Default Subzone
Check
credentials
credentials
Check
credentials
credentials
Traversal Zone
Check
credentials
credentials
Check
credentials
credentials
SIP domain
Domain for SIP
account
account
Domain for SIP
account
account
SIP registration proxy
mode
mode
Off
Off
SIP delegated credential
checking
checking
On
On
Setting
Cisco TMS
SIP
Server
Server
VCS Control IP
address or FQDN
address or FQDN
Public SIP
Server
Server
VCS Expressway IP
address or FQDN
address or FQDN
Cisco TelePresence Device Authentication on Cisco VCS Deployment Guide (X8.2)
Page 51 of 55
Appendix 3: Active Directory (direct)