Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Device provisioning and authentication policy
The Provisioning Server requires that any provisioning or phone book requests it receives have already been
authenticated at the zone or subzone point of entry into the VCS. The Provisioning Server does not do its
own authentication challenge and will reject any unauthenticated messages.
authenticated at the zone or subzone point of entry into the VCS. The Provisioning Server does not do its
own authentication challenge and will reject any unauthenticated messages.
The following diagram shows the flow of provisioning messages from an endpoint to the Provisioning Server,
together with the credential checking processes:
together with the credential checking processes:
The VCS must be configured with appropriate device authentication settings, otherwise provisioning-related
messages will be rejected:
messages will be rejected:
n
Initial provisioning authentication (of a subscribe message) is controlled by the authentication policy
setting on the Default Zone. (The Default Zone is used as the device is not yet registered.)
The Default Zone and any traversal client zone's authentication policy must be set to either Check
credentials or Treat as authenticated, otherwise provisioning requests will fail.
setting on the Default Zone. (The Default Zone is used as the device is not yet registered.)
The Default Zone and any traversal client zone's authentication policy must be set to either Check
credentials or Treat as authenticated, otherwise provisioning requests will fail.
n
The authentication of subsequent messages, including registration requests, phone book requests and
call signaling messages is controlled by the authentication policy setting on the Default Subzone (or
relevant alternative subzone) if the endpoint is registered (which is the usual case), or by the
authentication policy setting on the Default Zone if the endpoint is not registered.
The relevant authentication policy must be set to either Check credentials or Treat as authenticated,
otherwise phone book requests will fail.
call signaling messages is controlled by the authentication policy setting on the Default Subzone (or
relevant alternative subzone) if the endpoint is registered (which is the usual case), or by the
authentication policy setting on the Default Zone if the endpoint is not registered.
The relevant authentication policy must be set to either Check credentials or Treat as authenticated,
otherwise phone book requests will fail.
In each case, the VCS performs its authentication checking against the appropriate credential store,
according to whichever authentication methods are configured. Note that if the VCS is using the local
database, this will include all credentials supplied by Cisco TMS.
according to whichever authentication methods are configured. Note that if the VCS is using the local
database, this will include all credentials supplied by Cisco TMS.
Cisco TelePresence Video Communication Server Administrator Guide (X8.2)
Page 137 of 542
Device authentication
About device authentication