Configuration Prerequisites - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Note that the VCS embeds NTLMv2 authentication protocol messages within standard SIP messages when
communicating with Movi / Jabber Video, and uses a secure RPC channel when communicating with the AD
Domain Controller. Users' Windows domain credentials and the AD domain administrator credentials are not
stored on the VCS.
Configuration prerequisites
Active Directory
A username and password of an AD user account with either "account operator" or "administrator" access
n
rights must be available for the VCS to use for joining and leaving the domain.
Entries must exist in the Active Directory server for all devices that are to be authenticated through this
n
method. Each entry must have an associated password.
The device entries (in all domains) must be accessible by the user account that is used by VCS to join the
n
domain. If the VCS is in a domain that is part of a forest, and there is trust between domains in the forest,
the VCS can authenticate device entries from different domains providing the user account has appropriate
rights to authenticate devices against the other domains.
Kerberos Key Distribution Center
The KDC (Kerberos Key Distribution Center) server must be synchronized to a time server.
DNS server
If a DNS name or DNS SRV name is used to identify the AD servers, a DNS server must be configured with
the relevant details. (Note that the VCS must be configured to use a DNS server even if you are not using
DNS / DNS SRV to specify the AD servers.)
VCS
The VCS must be configured to use a DNS server
n
The VCS's Local host name
l
(Microsoft NetBIOS names are capped at 15 characters.)
When part of a cluster, ensure that each VCS peer has a unique Local host name.
l
Ensure that an NTP server
n
If the connection is going to use TLS encryption, a valid CA certificate, private key and server certificate
n
must be uploaded to the VCS.
Ensure that the VCS is configured to challenge for authentication on the relevant zones and subzones:
n
The Default Zone
(VCS configuration > Zones >
l
with an Authentication policy of Check credentials. This ensures that provisioning requests (and any
call requests from non-registered devices) are challenged.
The Default Subzone
l
subzones - must be configured with an Authentication policy of Check credentials. This ensures that
registration, presence, phone book and call requests from registered devices are challenged.
Note that setting up your VCS's authentication policy to check credentials will affect all devices
(not just Movi / Jabber Video) that send provisioning, registration, presence, phone book and call
requests to the VCS.
Endpoint
Cisco VCS Administrator Guide (X7.2)
(System >
DNS) must be 15 or fewer characters long.
(System >
Time) has been configured and is active.
(VCS configuration > Local Zone > Default
(System >
DNS).
Zones, then select Default Zone) must be configured
Subzone) – or the relevant
Device authentication
Page 117 of 498
Hide quick links:
Advertisement
Table of Contents
