Table of Contents
Advertisement
Administrator Policy
About Administrator Policy
The VCS allows you to set up a set of rules to control which calls are allowed, which are rejected,
and which are to be redirected to a different destination. These rules are known as Administrator
Policy.
If Administrator Policy is enabled and has been configured, each time a call is made the VCS will
execute the policy in order to decide, based on the source and destination of the call, whether to
•
proxy the call to its original destination
•
redirect the call to a different destination
•
reject the call.
You can set up an Administrator Policy in either of two ways:
•
by configuring basic administrator policy using the web interface. (Note that this will only allow
you to Allow or Reject specified calls)
•
by uploading a script written in the Call Processing Language (CPL).
Only one of these two methods can be used at any one time to specify Administrator
Policy. If a CPL script has been uploaded, this will disable use of the web interface to
configure administrator policy. In order to use the web interface, you must delete the CPL
script that has been uploaded.
When enabled, Administrator Policy is executed for all calls going through the VCS.
Use
Administrator Policy
to determine which callers can make or receive calls via the VCS.
Use
Allow and Deny lists
to determine which aliases can or cannot register with the VCS.
Getting
System
Introduction
Started
Overview
D 14049.01
07.2007
System
H.323 & SIP
Registration
Configuration
Configuration
Control
Overview
Administrator Policy and Authentication
Administrator Policy uses the source and destination of a call to determine the action to be taken.
Policy interacts with
Authentication
part of a secure environment, any policy decisions based on the source of the call should only be
made when that source can be authenticated. Whether or not the VCS considers an endpoint to
be authenticated depends on the Authentication Mode setting of the VCS.
Authentication Mode On
When
Authentication Mode
is set to
authenticate with it before calls will be accepted. In this situation, the VCS acts as follows:
An endpoint is considered to be authenticated when:
•
it is a locally registered endpoint. (Because Authentication Mode is On, the registration will
have been accepted only after the endpoint authenticated successfully with the VCS.)
•
it is a remote endpoint that is registered to and authenticated with a Neighbor VCS, and that
Neighbor in turn has authenticated with the local VCS.
An endpoint is considered to be unauthenticated when:
•
it is a remote endpoint registered to a neighbor and that neighbor has not authenticated with
the VCS. This is regardless of whether or not the endpoint authenticated with the neighbor.
If a call is received from an unauthenticated neighbor or endpoint the call's source aliases will be
removed from the call request and replaced with an empty field before the Administrator Policy
is executed. This is because there is a possibility that the source aliases could be forged and
therefore they should not be used for policy decisions in a secure environment. This means that,
when
Authentication Mode
is
On
and you configure policy based on the source alias, it will only
apply to authenticated sources.
Authentication Mode Off
When
Authentication Mode
is set to
neighbor. The assumption is that the source alias is trusted, so authentication is not required.
Zones and
Call
Call
Neighbors
Processing
Processing
63
TANDBERG
TANDBERG
VIDEO COMMUNICATION SERVER
VIDEO COMMUNICATION SERVER
when considering the source alias of the call. If your VCS is
On
on the VCS, all endpoints and neighbors are required to
Off
on the VCS, calls will be accepted from any endpoint or
Firewall
Bandwidth
Maintenance
Traversal
Control
ADMINISTRATOR GUIDE
ADMINISTRATOR GUIDE
Appendices
Advertisement
Table of Contents
