Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 12 — Example AD direct authentication deployments
VCS Deployment Guide: Device authentication on Cisco VCS (VCS X7.1)
Page 37 of 47
Appendix 12 — Example AD direct
authentication deployments
authentication deployments
When enabling authentication, there are a number of configuration architectures that may be
considered.
considered.
VCS Control with Active Directory (direct) authentication
VCS Control and VCS Expressway, each with Active Directory (direct) authentication
VCS Control and VCS Expressway with Active Directory (direct) authentication on VCS Control
VCS Control and VCS Expressway with Active Directory (direct) authentication for proxy
registration
registration
VCS Control with Active Directory (direct)
authentication
authentication
The SIP UA sends a request to the VCS Control and it challenges for authentication, sending the
authentication details to the AD server for validation.
authentication details to the AD server for validation.
Setting
VCS Control
Setting
Cisco TMS
Provisioning
SIP Server
VCS Control IP
address or FQDN
AD configuration
Default Zone
Check credentials
Default Subzone
Check credentials
SIP domain
Domain for SIP account
This example shows a subscribe for provisioning that is challenged using AD (direct) authentication:
SIP UA
VCS Control
Provisioning
server
Active
Directory
Subscribe
CSeq: <xx> SUBSCRIBE
407 Proxy Authentication Required
with SIP header: ‘Proxy-Authenticate: NTLM
realm="<VCSHostID>", qop="auth",
targetname="<VCSHostID>"’
Subscribe
CSeq: <xx + 1> SUBSCRIBE
AD
Database
VCS Control
Cisco TMS
Register
SIP UA