Device Authentication Configuration; Authentication Database; Endpoint Credentials Used For Authentication; Device Authentication Using Ldap - Cisco TelePresence Video Communication Server Administrator's Manual

Device authentication configuration

The Device authentication configuration page
> Configuration) is used to control the type of database used by the VCS to store the authentication
credentials used by systems and devices that attempt to communicate with the VCS.

Authentication database

To verify the identity of a device, the VCS needs access to a database on which all authentication
credential information (usernames, passwords, and other relevant information) is stored. This
database may be located either locally on the VCS, or on an LDAP Directory Server. The VCS looks
up the endpoint's username in the database and retrieves the authentication credentials for that entry.
If the credentials match those supplied by the endpoint, the registration is allowed to proceed.
The Database type setting determines which database the VCS uses during authentication:
Local database: the local authentication database is used. You must configure the
n
authentication database
LDAP database: a remote LDAP database is used. You must configure the
n
option.
The default is Local database.
Note that:
If the VCS is a traversal server, you must ensure that each traversal client's authentication
n
credentials are entered into the selected database.
The VCS supports the ITU H.235 [1] specification for authenticating the identity of H.323 network
n
devices with which it communicates.

Endpoint credentials used for authentication

An endpoint must supply the VCS with a username and password if it is required to authenticate with
the VCS, for example when attempting to register and the relevant subzone's Authentication Policy
is set to Check credentials.
For Cisco endpoints using H.323, the username is typically the endpoint's Authentication ID; for
Cisco endpoints using SIP it is typically the endpoint's Authentication username.
For details of how to configure endpoints with a username and password, please consult the endpoint
manual.

Device authentication using LDAP

The Device LDAP configuration page
configuration) is used to configure a connection to the LDAP database used during device
authentication.

Authentication process

If the VCS is using an LDAP server for authentication, the process is as follows:
1. The endpoint presents its username and authentication credentials (these are generated using its
password) to the VCS, and the aliases with which it wants to register.
2. The VCS looks up the username in the LDAP database and obtains the authentication and alias
information for that entry.
3. If the authentication credentials match those supplied by the endpoint, the registration will
continue.
Cisco VCS Administrator Guide (X6.1)
(VCS configuration > Authentication > Devices
to use this option.
(VCS configuration > Authentication > Devices > LDAP
Device authentication
Local
LDAP server to use this
Page 75 of 401