Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Unified Communications mobile and remote access devices
You do not have to make any explicit configuration on the VCS regarding the authentication of devices that are
registering to Unified CM via the VCS. The VCS automatically handles the authentication of these devices against its
home Unified CM cluster.
registering to Unified CM via the VCS. The VCS automatically handles the authentication of these devices against its
home Unified CM cluster.
Configuring VCS Authentication Policy
Authentication policy is applied by the VCS at the zone and subzone levels. It controls how the VCS challenges
incoming messages (for provisioning, registration, presence, phone books and calls) from that zone or subzone and
whether those messages are rejected, treated as authenticated, or treated as unauthenticated within the VCS.
incoming messages (for provisioning, registration, presence, phone books and calls) from that zone or subzone and
whether those messages are rejected, treated as authenticated, or treated as unauthenticated within the VCS.
Each zone and subzone can set its Authentication policy to either Check credentials, Do not check credentials, or
Treat as authenticated.
Treat as authenticated.
■
Registration authentication is controlled by the Default Subzone (or relevant alternative subzone)
configuration.
configuration.
■
Initial provisioning subscription request authentication is controlled by the Default Zone configuration.
■
Call, presence, and phone book request authentication is controlled by the Default Subzone (or relevant
alternative subzone) if the endpoint is registered, or by the Default Zone if the endpoint is not registered.
alternative subzone) if the endpoint is registered, or by the Default Zone if the endpoint is not registered.
Note that the exact authentication policy behavior depends on whether the messages are H.323 messages, SIP
messages received from local domains, or SIP messages received from non-local domains. See
messages received from local domains, or SIP messages received from non-local domains. See
for a full description of the various authentication policy behaviors.
Zone-level authentication policy
Authentication policy is selectively configurable for different zone types, based on whether they receive messaging:
■
The Default Zone, Neighbor zones, traversal client zones, traversal server zones and Unified Communications
traversal zones all allow configuration of authentication policy
traversal zones all allow configuration of authentication policy
■
DNS and ENUM zones do not receive messaging and so have no authentication policy configuration.
To edit a zone's Authentication policy, go to Configuration > Zones > Zones and click the name of the zone. The
policy is set to Do not check credentials by default when you create a new zone.
policy is set to Do not check credentials by default when you create a new zone.
119
Cisco TelePresence Video Communication Server Administrator Guide