Table of Contents
Advertisement
Grey Headline (continued)
Registration control
The
Authentication Configuration
page allows you determine
whether systems attempting to communicate with the VCS must
authenticate with it first, and if so, the type of database used by
the VCS to store the authentication credentials used by these
systems.
This page also allows you to configure a username and password
that the VCS will use whenever it is required to authenticate with
external systems.
To go to the
Authentication Configuration
•
VCS configuration > Authentication > Configuration
To configure authentication using the CLI:
•
xConfiguration Authenticatio
n
Authentication mode
The VCS can be configured to use a username and password-
based challenge-response scheme to determine whether it
will permit communications from other systems. This process
is known as authentication, and is controlled using the
Authentication Mode
setting.
The options are:
On: Systems attempting to communicate with the VCS, including
endpoints attempting to send registration requests to the VCS,
must first authenticate with it.
For H.323, any credentials in the message are checked against
the authentication database. The message is allowed if the
credentials match, or if there are no credentials in the message.
For SIP, any messages originating from an endpoint in a local
domain will be authenticated.
Off: incoming messages are not authenticated.
The default is Off.
Accurate timestamps play an important part in
!
authentication, helping to guard against replay attacks.
For this reason, if you are using authentication, both the
VCS and the endpoints must use an NTP server to synchronize
their system time. See the
About the NTP server
information on how to configure this for the VCS.
Overview and
Introduction
Getting started
status
D14049.05
February 2009
Authentication database
When
Authentication Mode
with the VCS before they can register. In order to authenticate
successfully, the endpoint must supply the VCS with a username.
For TANDBERG endpoints using H.323, the username is the
endpoint's
Authentication
it is the endpoint's
For details of how to configure endpoints with a
page:
username and password, please consult the endpoint
manual.
In order to verify the identity of the device, the VCS needs access
to a database on which all authentication credential information
(usernames, passwords, and other relevant information) is
stored. This database may be located either locally on the VCS,
or on an LDAP Directory Server. The VCS looks up the endpoint's
username in the database and retrieves the authentication
credentials for that entry. If the credentials match those
supplied by the endpoint, the registration is allowed to proceed.
The
Database type
will use during authentication:
LocalDatabase: the local authentication database is used. You
must
configure the local authentication database
option.
LDAP: A remote LDAP database is used. You must
LDAP server
to use this option.
The default is LocalDatabase.
If the VCS is a traversal server, you must ensure that
!
each traversal client's authentication credentials are
entered into the selected database.
The VCS supports the
authenticating the identity of H.323 network devices with
which it communicates.
section for
System
VCS
configuration
configuration
Authentication
is On, endpoints must authenticate
ID; for TANDBERG endpoints using SIP
Authentication
Username.
setting determines which database the VCS
to use this
configure the
ITU H.235 specification [1]
for
Zones and
Call
Bandwidth
neighbors
processing
control
65
TANDBERG
VIDEO COMMUNICATIONS SERVER
External registration credentials
The VCS may be required to authenticate itself with another
system. For example, when the VCS is forwarding an invite
from an endpoint to another VCS, that other system may have
authentication enabled and will therefore require your local VCS
to provide it with a username and password.
Additionally, traversal clients must always successfully
authenticate with traversal servers before they can connect.
The username and password that your VCS provides when
authenticating with other systems is configured from the
External Registration Credentials
section of the
Configuration
page.
Firewall
Applications
Maintenance
traversal
ADMINISTRATOR GUIDE
Authentication
Appendices
Advertisement
Table of Contents
