Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
relationships between the internal service providers and the externally resolvable identity provider (IdP).
The endpoints do not need to connect via VPN; they use one identity and one authentication mechanism to access
multiple Unified Communications services. Authentication is owned by the IdP, and there is no authentication at the
VCS, nor at the internal Unified CM services.
multiple Unified Communications services. Authentication is owned by the IdP, and there is no authentication at the
VCS, nor at the internal Unified CM services.
Supported endpoints
■
Cisco Jabber 10.6 or later
Supported Unified Communications services
■
Cisco Unified Communications Manager 10.5(2) or later
■
Cisco Unity Connection 10.5(2) or later
■
Cisco Unified Communications Manager IM and Presence Service 10.5(2) or later
■
Other internal web servers, for example intranet
How it works
Cisco Jabber determines whether it is inside the organization's network before it requests a Unified Communications
service. If it is outside the network, then it requests the service from the VCS Expressway on the edge of the network.
If single sign-on is enabled at the edge, the VCS Expressway redirects Jabber to the IdP with a signed request to
authenticate the user.
service. If it is outside the network, then it requests the service from the VCS Expressway on the edge of the network.
If single sign-on is enabled at the edge, the VCS Expressway redirects Jabber to the IdP with a signed request to
authenticate the user.
The IdP challenges the client to identify itself. When this identity is authenticated, the IdP redirects Jabber's service
request back to the VCS Expressway with a signed assertion that the identity is authentic.
request back to the VCS Expressway with a signed assertion that the identity is authentic.
The VCS Expressway trusts the IdP, so it passes the request to the appropriate service inside the network. The Unified
Communications service trusts the IdP and the VCS Expressway, so it provides the service to the Jabber client.
Communications service trusts the IdP and the VCS Expressway, so it provides the service to the Jabber client.
Figure 16 Single sign-on for on-premises UC services
Improved line-side capabilities
The line-side SIP capabilities of the VCS have been extended to improve the support that MRA offers for endpoints
registering to Unified CM. The improvements are:
registering to Unified CM. The improvements are:
530
Cisco TelePresence Video Communication Server Administrator Guide
Reference Material