Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Device Provisioning and Authentication Policy
The Provisioning Server requires that any provisioning or phone book requests it receives have already been
authenticated at the zone or subzone point of entry into the VCS. The Provisioning Server does not do its own
authentication challenge and will reject any unauthenticated messages.
authenticated at the zone or subzone point of entry into the VCS. The Provisioning Server does not do its own
authentication challenge and will reject any unauthenticated messages.
The following diagram shows the flow of provisioning messages from an endpoint to the Provisioning Server, together
with the credential checking processes:
with the credential checking processes:
The VCS must be configured with appropriate device authentication settings, otherwise provisioning-related
messages will be rejected:
messages will be rejected:
■
Initial provisioning authentication (of a subscribe message) is controlled by the authentication policy setting
on the Default Zone. (The Default Zone is used as the device is not yet registered.)
on the Default Zone. (The Default Zone is used as the device is not yet registered.)
The Default Zone and any traversal client zone's authentication policy must be set to either Check credentials
or Treat as authenticated, otherwise provisioning requests will fail.
or Treat as authenticated, otherwise provisioning requests will fail.
■
The authentication of subsequent messages, including registration requests, phone book requests and call
signaling messages is controlled by the authentication policy setting on the Default Subzone (or relevant
alternative subzone) if the endpoint is registered (which is the usual case), or by the authentication policy
setting on the Default Zone if the endpoint is not registered.
signaling messages is controlled by the authentication policy setting on the Default Subzone (or relevant
alternative subzone) if the endpoint is registered (which is the usual case), or by the authentication policy
setting on the Default Zone if the endpoint is not registered.
The relevant authentication policy must be set to either Check credentials or Treat as authenticated,
otherwise phone book requests will fail.
otherwise phone book requests will fail.
In each case, the VCS performs its authentication checking against the appropriate credential store, according to
whichever authentication methods are configured. Note that if the VCS is using the local database, this will include
all credentials supplied by Cisco TMS.
whichever authentication methods are configured. Note that if the VCS is using the local database, this will include
all credentials supplied by Cisco TMS.
131
Cisco TelePresence Video Communication Server Administrator Guide
Device Authentication