Cisco Cisco TelePresence Video Communication Server Expressway 릴리즈 노트
Introduction
Cisco TelePresence Video Communication Server X7.1 Software Release Notes
Page 6 of 37
Device authentication
You should review your whole network and consider whether authentication should be enabled for all
endpoints and enable authentication where possible.
endpoints and enable authentication where possible.
Upgrades from release X5.2 or earlier to X7.n
Cisco VCS upgrades where authentication is not enabled
If device authentication is not enabled when the Cisco VCS is upgraded from X5.2 or earlier to X7.n,
the upgrade process will configure all zones and subzones (except the Default Zone) on the Cisco
VCS with authentication set to ‘Treat as authenticated’. This ensures that:
the upgrade process will configure all zones and subzones (except the Default Zone) on the Cisco
VCS with authentication set to ‘Treat as authenticated’. This ensures that:
CPL continues to work as expected
Caller ID can be set to the FindMe ID for calls originating from endpoints specified in a FindMe
The provisioning request is challenged by the provisioning server (if in TMS Agent Legacy mode)
If you are upgrading from X6.n to X7.n your existing authentication configuration will not be changed.
Note that if TMS Agent (rather than the Cisco VCS) challenges for authentication of provisioning data,
the initial presence publication by Movi (if running Movi version 4.1 or earlier) will fail; to publish Movi
presence, users must manually set their presence status after logging in.
the initial presence publication by Movi (if running Movi version 4.1 or earlier) will fail; to publish Movi
presence, users must manually set their presence status after logging in.
Cisco VCS upgrades where authentication is already enabled
If device authentication is enabled when the Cisco VCS is upgraded from X5.2 or earlier to X7.n, the
upgrade process will configure the Cisco VCS with authentication set to ‘Check credentials’. This
means that:
upgrade process will configure the Cisco VCS with authentication set to ‘Check credentials’. This
means that:
CPL continues to work as expected
Caller ID can be set to the FindMe ID for calls originating from endpoints specified in a FindMe
The provisioning request is challenged by the Cisco VCS (if in TMS Agent Legacy mode)
TMS Provisioning Extension mode / Cisco VCS Starter Pack Express
When TMS and VCS are running in Provisioning Extension mode, or you are running a Cisco VCS
Starter Pack Express, the VCS's Provisioning Server requires that any provisioning or phone book
requests it receives have already been authenticated (the Provisioning Server does not do its own
authentication challenge):
Starter Pack Express, the VCS's Provisioning Server requires that any provisioning or phone book
requests it receives have already been authenticated (the Provisioning Server does not do its own
authentication challenge):
You must ensure that the Default Zone and any traversal client zone's Authentication policy is
set to either Check credentials or Treat as authenticated, otherwise provisioning requests will fail.
set to either Check credentials or Treat as authenticated, otherwise provisioning requests will fail.
The authentication of phone book requests is controlled by the Authentication policy setting on
the Default Subzone (or relevant alternative subzone) if the endpoint is registered (which is the
usual case), or by the Authentication policy setting on the Default Zone if the endpoint is not
registered. The relevant Authentication policy must be set to either Check credentials or Treat
as authenticated, otherwise phone book requests will fail.
the Default Subzone (or relevant alternative subzone) if the endpoint is registered (which is the
usual case), or by the Authentication policy setting on the Default Zone if the endpoint is not
registered. The relevant Authentication policy must be set to either Check credentials or Treat
as authenticated, otherwise phone book requests will fail.
Presence and device authentication
The VCS's Presence Server only accepts presence PUBLISH messages if they have already been
authenticated (the Presence Server does not do its own authentication challenge):
authenticated (the Presence Server does not do its own authentication challenge):
The authentication of presence messages by the VCS is controlled by the Authentication policy
setting on the Default Subzone (or relevant alternative subzone) if the endpoint is registered
(which is the usual case), or by the Authentication policy setting on the Default Zone if the
endpoint is not registered. The relevant Authentication policy must be set to either Check
credentials or Treat as authenticated, otherwise PUBLISH messages will fail.
setting on the Default Subzone (or relevant alternative subzone) if the endpoint is registered
(which is the usual case), or by the Authentication policy setting on the Default Zone if the
endpoint is not registered. The relevant Authentication policy must be set to either Check
credentials or Treat as authenticated, otherwise PUBLISH messages will fail.