About Device Authentication; Authentication Policy - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
About device authentication
Device authentication controls whether systems attempting to communicate with the VCS must
authenticate with it first.
The VCS can be configured to allow both authenticated and unauthenticated endpoints to register to the
same VCS, but to subsequently control what those endpoints can do based upon their authentication status.
Authentication Policy
The VCS's Authentication Policy is applied at the zone and subzone levels. It controls how the VCS
authenticates incoming messages from that zone or subzone and whether those messages are rejected or
are subsequently treated as authenticated or unauthenticated within the VCS.
The Authentication Policy settings allow you to:
control registrations via subzones: when authentication is enabled for a particular subzone, endpoints
n
must authenticate with the VCS before they can register
limit the services available to unregistered or unauthenticated endpoints and devices: search rules
n
and CPL can be restricted to only apply to authenticated requests
cater for endpoints from third-party suppliers that do not support authentication within their
n
registration mechanism: assign registrations requests for particular devices into a subzone that is
configured to treat all such trusted endpoints registered within that subzone as authenticated
See
Authentication Policy configuration options
subzone, and how its behavior varies depending on message protocol.
Provisioning and device authentication
The VCS's Provisioning Server requires that any provisioning or phone book requests it receives have
already been authenticated (the Provisioning Server does not do its own authentication challenge):
You must ensure that the Default Zone and any traversal client zone's Authentication policy is set to
n
either Check credentials or Treat as authenticated, otherwise provisioning requests will fail.
The authentication of phone book requests is controlled by the authentication policy setting on the Default
n
Subzone (or relevant alternative subzone) if the endpoint is registered (which is the usual case), or by the
authentication policy setting on the Default Zone if the endpoint is not registered. The relevant
Authentication policy must be set to either Check credentials or Treat as authenticated, otherwise phone
book requests will fail.
Presence and device authentication
The VCS's Presence Server only accepts presence PUBLISH messages if they have already been
authenticated:
The authentication of presence messages by the VCS is controlled by the authentication policy setting on
n
the Default Subzone (or relevant alternative subzone) if the endpoint is registered (which is the usual case),
or by the authentication policy setting on the Default Zone if the endpoint is not registered. The relevant
Authentication policy must be set to either Check credentials or Treat as authenticated, otherwise
PUBLISH messages will fail.
Hierarchical dial plan (directory VCS) deployments and device authentication
Cisco VCS Administrator Guide (X7.1)
for a full description of how the policy is applied per zone and
Device authentication
Page 96 of 479
Advertisement
Table of Contents
