Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
■
The default option is Yes to Check for internal SSO availability:
The VCS Expressway passes the request to the VCS Control. The VCS Control uses a round-robin algorithm to
select a Unified CM node, and makes a UDS query for the supplied identity against that node. The Unified CM
determines which node is the user's home node, and whether it is capable of doing SSO for the user, and then
tells the VCS Control the outcome. The VCS Control then tells the VCS Expressway which responds
select a Unified CM node, and makes a UDS query for the supplied identity against that node. The Unified CM
determines which node is the user's home node, and whether it is capable of doing SSO for the user, and then
tells the VCS Control the outcome. The VCS Control then tells the VCS Expressway which responds
true
or
false
to the client.
■
If you select No to Check for internal SSO availability:
The VCS Expressway always responds
true
to
/get_edge_sso
requests. It does not make the inwards request to
the user's home Unified CM, and thus cannot know whether SSO is really available there.
When the client receives a
true
response from VCS Expressway, it will try to
/get_edge_config
via SSO. If it gets
false
, it will try
/get_edge_config
using whatever credentials it has - credentials which are independent from the
identity managed by UDS inside the enterprise. If it gets
true
and SSO is not actually enabled on the user's home
node, then
/get_edge_config
will fail and the client will not try the other authentication option.
The option you should choose depends entirely on your implementation. If you have a homogenous environment, in
which all Unified CM nodes are capable of SSO, you can reduce response time and overall network traffic by
selecting No. By contrast, if you want clients to use either mode of getting the edge configuration - during rollout or
because you cannot guarantee that SSO is available on all nodes - you should select Yes.
which all Unified CM nodes are capable of SSO, you can reduce response time and overall network traffic by
selecting No. By contrast, if you want clients to use either mode of getting the edge configuration - during rollout or
because you cannot guarantee that SSO is available on all nodes - you should select Yes.
Checking the Status of Unified Communications Services
You can check the status of the Unified Communications services on both VCS Control and VCS Expressway.
1.
Go to Status > Unified Communications.
2.
Review the list and status of domains, zones and (VCS Control only) Unified CM and IM&P servers.
Any configuration errors will be listed along with links to the relevant configuration page from where you can
address the issue.
address the issue.
Mobile and Remote Access Port Reference
This section summarizes the ports that could potentially be used between your internal network (where the VCS
Control is located) and the DMZ (where the VCS Expressway is located) and between the DMZ and the public
internet.
Control is located) and the DMZ (where the VCS Expressway is located) and between the DMZ and the public
internet.
Outbound from VCS Control (private) to VCS Expressway (DMZ)
Purpose
Protocol
VCS Control (source)
VCS Expressway (listening)
XMPP (IM and Presence)
TCP
Ephemeral port
7400
SSH (HTTP/S tunnels)
TCP
Ephemeral port
2222
Traversal zone SIP signaling
TLS
25000 to 29999
7001
Traversal zone SIP media
(for small/medium systems on X8.1 or
later)
later)
UDP
36000 to 59999*
36000 (RTP), 36001
(RTCP) (defaults)
(RTCP) (defaults)
2776 (RTP), 2777 (RTCP)
(old defaults*)
(old defaults*)
Traversal zone SIP media
(for large systems)
UDP
36000 to 59999*
36000 to 36011 (6 pairs of
RTP and RTCP ports for
multiplexed media
traversal)
RTP and RTCP ports for
multiplexed media
traversal)
73
Cisco TelePresence Video Communication Server Administrator Guide