Device provisioning and authentication policy
VCS X7.1 and X7.2 supports two provisioning modes:
TMS Provisioning Extension mode
n
TMS Agent legacy mode
n
The Provisioning Server (hosted on the VCS) has different device authentication requirements depending on
the provisioning mode.
TMS Provisioning Extension mode
The Provisioning Server requires that any provisioning or phone book requests it receives have already been
authenticated at the zone or subzone point of entry into the VCS. The Provisioning Server does not do its
own authentication challenge and will reject any unauthenticated messages.
The following diagram shows the flow of provisioning messages from an endpoint to the Provisioning Server,
together with the credential checking processes:
The VCS must be configured with appropriate device authentication settings, otherwise provisioning-related
messages will be rejected:
Initial provisioning authentication (of a subscribe message) is controlled by the authentication policy setting
n
on the Default Zone. (The Default Zone is used as the device is not yet registered.)
Cisco VCS Administrator Guide (X7.2)
Device authentication
Page 105 of 498