Call Policy; About Call Policy; Administrator Policy And Authentication; Authentication Mode On - TANDBERG VCS Administrator's Manual

Video communication server

Hide thumbs Also See for VCS:

Administration manual (187 pages)

Getting started (10 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

page of 276

/ 276
Contents
Table of Contents
Bookmarks

Table of Contents

Grey Headline (continued)

Call Policy

About Call Policy

The VCS allows you to set up a set of rules to control which calls

are allowed, which calls are rejected, and which calls are to be

redirected to a different destination. These rules are known as

Call Policy, or Administrator Policy

If Administrator Policy is enabled and has been configured, each

time a call is made the VCS will execute the policy in order to

decide, based on the source and destination of the call, whether

•

proxy the call to its original destination

•

redirect the call to a different destination or set of

destinations

•

reject the call.

You can set up an Administrator Policy in either of two ways:

•

configuring basic administrator policy using the web

interface. (Note that this will only allow you to Allow or Reject

specified calls)

•

uploading a script written in the Call Processing Language

(CPL).

Only one of these two methods can be used at any one

time to specify Administrator Policy. If a CPL script has

been uploaded, this will disable use of the web interface

to configure administrator policy. In order to use the web

interface, you must delete the CPL script that has been

uploaded.

When enabled, Administrator Policy is executed for all

calls going through the VCS.

Use

Administrator Policy

to determine which callers can

make or receive calls via the VCS. Use

lists

to determine which aliases can or cannot register

with the VCS.

Overview and

Introduction

Getting Started

Status

D14049.04

JULY 2008

Administrator Policy uses the source and destination of a call to determine the action to be taken. Policy interacts with

when considering the source alias of the call. If your VCS is part of a secure environment, any policy decisions based on the source

of the call should only be made when that source can be authenticated. Whether or not the VCS considers an endpoint to be

authenticated depends on the Authentication Mode setting of the VCS.

Authentication Mode On

When

Authentication Mode

will be accepted. If a call is received from an unauthenticated source (e.g. neighbor or endpoint) the call's source aliases will

be removed from the call request and replaced with an empty field before the Administrator Policy is executed. This is because

there is a possibility that the source aliases could be forged and therefore they should not be used for policy decisions in a secure

environment. This means that, when Authentication Mode is On and you configure policy based on the source alias, it will only apply to

authenticated sources.

The VCS determines whether or not an endpoint is authenticated as follows:

H.323

An H.323 endpoint is considered to be

•

it is a locally registered endpoint. (Because Authentication Mode is On, the registration will have been accepted only after the

endpoint authenticated successfully with the VCS.)

•

it is a remote endpoint that is registered to and authenticated with a Neighbor VCS, and that Neighbor in turn has authenticated

with the local VCS.

An H.323 endpoint is considered to be

•

it is a remote endpoint registered to a neighbor and that neighbor has not authenticated with the VCS. This is regardless of

whether or not the endpoint authenticated with the neighbor.

SIP

A SIP endpoint is considered to be

•

it falls within one of the domains for which the VCS is authoritative and has successfully responded to an authentication challenge.

A SIP endpoint is considered to be

•

it does not fall within one of the domains for which the VCS is authoritative, or

•

it has failed to successfully respond to an authentication challenge, or

•

it has successfully responded to an authentication challenge but its

origin settings.

Authentication Mode Off

Allow and Deny

When

Authentication Mode

source alias is trusted, so authentication is not required.

System

VCS

Zones and

Configuration

Neighbors

Administrator Policy and Authentication

is set to

on the VCS, all endpoints and neighbors are required to authenticate with it before calls

authenticated

if either of the following conditions apply:

unauthenticated

when:

authenticated

when:

unauthenticated

if any of the following conditions apply:

is set to

Off

on the VCS, calls will be accepted from any endpoint or neighbor. The assumption is that the

Call

Bandwidth

Processing

Control

114

TANDBERG

VIDEO COMMUNICATIONS SERVER

From

Reply-To

addresses are not compatible with the alias

Firewall

Applications

Maintenance

Traversal

ADMINISTRATOR GUIDE

Authentication

Appendices

Table of Contents

Call Policy; About Call Policy; Administrator Policy And Authentication; Authentication Mode On - TANDBERG VCS Administrator's Manual

Call Policy

About Call Policy

D14049.04

Authentication Mode On

SIP

Authentication Mode Off

Administrator Policy and Authentication

Related Manuals for TANDBERG VCS

Related Content for TANDBERG VCS

Table of Contents