Firewall Traversal And Authentication; Overview; Authentication And Ntp - TANDBERG Video Communication Server Administrator's Manual

page of 266

/ 266
Contents
Table of Contents
Bookmarks

Table of Contents

Grey Headline (continued)

Firewall traversal and authentication

In order to control which systems can use the

VCS Expressway as a traversal server, each

VCS Control or Gatekeeper that wishes to be

its client must ﬁrst authenticate with it.

Upon receiving the initial connection request

from the traversal client, the VCS Expressway

asks the client to authenticate itself by

providing its authentication credentials. The

VCS Expressway then looks up the client's

credentials in its own authentication database.

If a match is found, the VCS Expressway will

accept the request from the client.

The settings used for authentication depend

on the combination of client and server being

used. These are detailed in the table opposite.

All VCS and Gatekeeper traversal

clients must authenticate with the VCS

Expressway, regardless of the VCS

Expressway's Authentication Mode setting.

However, endpoint clients are only required to

authenticate if the VCS Expressway's

Authentication Mode is On.

Authentication and NTP

All VCS and Gatekeeper traversal clients that

support H.323 must authenticate with the

VCS Expressway. The authentication process

makes use of timestamps and requires that

each system is using an accurate system

time. The system time on a VCS is provided

by a remote NTP server. Therefore, in order

for ﬁrewall traversal to work, all systems

involved must be

conﬁgured with details of an

NTP

server.

Overview and

Introduction

Getting started

status

D14049.05

February 2009

Client

VCS Control or VCS Expressway

•

The VCS client provides its

Authentication Username

Authentication

Password. These are set on the VCS client by using

VCS conﬁguration > Authentication >

Conﬁguration, in the

Registration Credentials

section.

Endpoint

•

The endpoint client provides its

Authentication ID

Password.

TANDBERG Gatekeeper (version 5.2 and earlier)

•

The Gatekeeper looks up its

System Name

database and retrieves the password for that name. It then provides

this name and password.

TANDBERG Gatekeeper (version 6.0 and later; 6.1 and later is the

recommended version)

•

The Gatekeeper provides its

Authentication Username

Authentication

Password. These are set on the Gatekeeper by using

Gatekeeper Conﬁguration >

Authentication, in the

Credentials

section.

VCS Control or VCS Expressway

•

If Authentication is On on the Border Controller, the VCS client provides

its

Authentication Username

and

Authentication

are set on the VCS client via

VCS conﬁguration > Authentication >

Conﬁguration, in the

External Registration Credentials

•

If the Border Controller is in Assent mode, the VCS client provides

its

Authentication

Username. This is set on the VCS client via

conﬁguration > Authentication >

Conﬁguration, in the

Registration Credentials

section.

System

VCS

Zones and

conﬁguration

neighbors

Overview

Server

VCS Expressway

•

and

The traversal server zone for the VCS client must be conﬁgured

with the

External

Expressway by using

Conﬁguration

•

There must also be an entry in the VCS Expressway's authentication

database with the corresponding client username and password.

VCS Expressway

and

Authentication

•

There must be an entry in the VCS Expressway's authentication

database with the corresponding client username and password.

VCS Expressway

•

in its own authentication

The traversal server zone for the Gatekeeper client must be conﬁgured

with the Gatekeeper's

Username

conﬁguration > Zones > Edit

•

There must be an entry in the VCS Expressway's authentication

database that has the Gatekeeper's System name as the username,

along with the corresponding password.

VCS Expressway

•

The traversal server zone for the Gatekeeper client must be conﬁgured

and

with the Gatekeeper's

VCS Expressway by using

External Registration

Conﬁguration

•

There must also be an entry in the VCS Expressway's authentication

database with the corresponding client username and password.

TANDBERG Border Controller

•

If Authentication is On on the Border Controller, there must be an entry

Password. These

in the Border Controller's authentication database that matches the

VCS client's

section.

•

If the Border Controller is in Assent mode, the traversal zone

conﬁgured on the Border Controller to represent the VCS client must

VCS

use the VCS's

External

ﬁeld. This is set on the Border Controller via

Account

Call

Bandwidth

processing

control

136

TANDBERG

VIDEO COMMUNICATIONS SERVER

Client Authentication

Username. This is set on the VCS

VCS conﬁguration > Zones > Edit

section.

System Name

in the

Client Authentication

ﬁeld. This is set on the VCS Expressway by using

zone, in the

Conﬁguration

Authentication

Username. This is set on the

VCS conﬁguration > Zones > Edit

section

Authentication Username

and

Authentication

Authentication Username

in the Assent

TraversalZone > Assent >

name.

Firewall

Applications

Maintenance

traversal

ADMINISTRATOR GUIDE

zone, in the

VCS

section.

zone, in the

Password.

Account name

Appendices

Table of Contents

Need help?

Do you have a question about the Video Communication Server and is the answer not in the manual?

Firewall Traversal And Authentication; Overview; Authentication And Ntp - TANDBERG Video Communication Server Administrator's Manual

Firewall traversal and authentication

Authentication and NTP

Overview

Need help?

Related Manuals for TANDBERG Video Communication Server

Related Content for TANDBERG Video Communication Server

Table of Contents