Table of Contents
Advertisement
Grey Headline (continued)
Login accounts
About VCS login accounts
The VCS has two types of login account for normal operation:
•
Administrator accounts: used to configure the VCS.
•
User accounts: used by individuals in an enterprise to
configure their FindMe profile. They can also be used to enable
basic device provisioning for registered Movi users when the
Starter Pack option key is installed.
Account authentication
Administrator and user accounts must be authenticated before
access is allowed to the VCS.
The VCS can authenticate accounts either locally or against a
remote directory service, such as Windows Active Directory, using
LDAP. The remote option allows administration groups to be set
up in the directory service for all VCSs in an enterprise, removing
the need to have separate accounts on each VCS.
If a remote source is used for either administrator or user
account authentication you also need to configure the VCS with:
•
appropriate LDAP server connection settings (see
authentication using
LDAP)
•
administrator groups and/or user groups that match the
corresponding group names already set up in the remote
directory service to manage administrator and user access to
this VCS (see
Administrator and user
Administrator accounts
Administrator accounts are used to configure the VCS. The VCS
has a default admin administrator account with full read-write
access and can be used to log in to the VCS using the web
interface or the CLI.
You can add additional administrator accounts which can only be
used to log in through the web interface.
The default admin account is managed locally and is always
accessible, even if remote administrator account authentication
is selected.
See the
Administrator accounts
section for more information.
Overview and
System
Introduction
status
configuration
D14049.07
March 2010
Accounts overview
User accounts
User accounts are used by individuals in an enterprise to
configure the devices and locations on which they can be
contacted through their FindMe ID.
Each user account is accessed using a username and password.
•
If local user account authentication is selected, each user
account must be created locally by a VCS administrator.
•
If remote user account authentication is selected, a
VCS administrator must set up user groups to match the
corresponding group names in the remote directory service.
Note that if remote user account authentication is selected, only
the username and password details are managed remotely. All
other properties of the user account, such as the FindMe ID,
devices and locations are stored in the local VCS database.
See the
Maintaining user accounts
about defining user account details and their associated FindMe
devices and locations, and for enabling basic Starter Pack
provisioning.
Use TMS if you need to provision a large number of user
Account
accounts.
See the
more details on configuring FindMe and user accounts.
groups)
Root accounts
The VCS provides a root account which can be used to log in
to the VCS operating system. The root account should not be
used in normal operation, and in particular system configuration
should not be conducted using this account. Use the admin
account instead.
See the
Root account
Remember to change the passwords for the admin and
!
root accounts from their default values.
VCS
Zones and
configuration
neighbors
section for more information
TANDBERG Deployment Guide - FindMe [29]
section for more information.
Clustering and
Call
Bandwidth
peers
processing
control
160
TANDBERG
Account authentication configuration
To specify where administrator and user accounts are
authenticated before access is allowed to the VCS:
•
Maintenance > Login accounts > Configuration.
You are taken to the Login account authentication
configuration page.
To specify authentication sources using the CLI:
xConfiguration Login Administrator Source
•
xConfiguration Login User Source
•
Administrator authentication source
Defines where administrator login credentials are authenticated.
User authentication source:
Defines where user login credentials are authenticated.
The authentication source options are:
Remote: credentials are verified against an external credentials
directory, for example Windows Active Directory.
Local: credentials are verified against a local database stored
on the VCS.
After specifying where accounts are authenticated you must set
for
up the appropriate account details or directory service group
details. The Related tasks section at the bottom of the page
provides links to the relevant pages.
See the
TANDBERG Deployment Guide - Authenticating
VCS accounts using LDAP [30]
configuring a remote directory service.
Firewall
Applications
traversal
VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
for more details on
Maintenance
Appendices
Advertisement
Table of Contents
