Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Device authentication
Device authentication configuration
The Device authentication configuration page (
VCS configuration > Authentication > Devices
> Configuration
) is used to control the type of database used by the VCS to store the authentication
credentials used by systems and devices that attempt to communicate with the VCS.
Authentication database
To verify the identity of a device, the VCS needs access to a database on which all authentication
credential information (usernames, passwords, and other relevant information) is stored. This
database may be located either locally on the VCS, or on an LDAP Directory Server. The VCS looks
up the endpoint’s username in the database and retrieves the authentication credentials for that entry.
If the credentials match those supplied by the endpoint, the registration is allowed to proceed.
credential information (usernames, passwords, and other relevant information) is stored. This
database may be located either locally on the VCS, or on an LDAP Directory Server. The VCS looks
up the endpoint’s username in the database and retrieves the authentication credentials for that entry.
If the credentials match those supplied by the endpoint, the registration is allowed to proceed.
The Database type setting determines which database the VCS uses during authentication:
n
Local database: the local authentication database is used. You must configure the
to use this option.
n
LDAP database: a remote LDAP database is used. You must configure the
to use this
option.
The default is Local database.
Note that:
n
If the VCS is a traversal server, you must ensure that each traversal client’s authentication
credentials are entered into the selected database.
credentials are entered into the selected database.
n
The VCS supports the ITU H.235 [
] specification for authenticating the identity of H.323 network
devices with which it communicates.
Endpoint credentials used for authentication
An endpoint must supply the VCS with a username and password if it is required to authenticate with
the VCS, for example when attempting to register and the relevant subzone's Authentication Policy
is set to Check credentials.
the VCS, for example when attempting to register and the relevant subzone's Authentication Policy
is set to Check credentials.
For Cisco endpoints using H.323, the username is typically the endpoint’s Authentication ID; for
Cisco endpoints using SIP it is typically the endpoint’s Authentication username.
Cisco endpoints using SIP it is typically the endpoint’s Authentication username.
For details of how to configure endpoints with a username and password, please consult the endpoint
manual.
manual.
Device authentication using LDAP
The Device LDAP configuration page (
VCS configuration > Authentication > Devices > LDAP
configuration
) is used to configure a connection to the LDAP database used during device
authentication.
Authentication process
If the VCS is using an LDAP server for authentication, the process is as follows:
1. The endpoint presents its username and authentication credentials (these are generated using its
password) to the VCS, and the aliases with which it wants to register.
2. The VCS looks up the username in the LDAP database and obtains the authentication and alias
information for that entry.
3. If the authentication credentials match those supplied by the endpoint, the registration will
continue.
Cisco VCS Administrator Guide (X6.1)
Page 75 of 401