Controlling System Behavior For Authenticated And Non-Authenticated Devices - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
The authentication of presence messages by the VCS is controlled by the authentication policy setting on
n
the Default Subzone (or relevant alternative subzone) if the endpoint is registered (which is the usual case),
or by the authentication policy setting on the Default Zone if the endpoint is not registered.
The relevant Authentication policy must be set to either Check credentials or Treat as authenticated,
n
otherwise PUBLISH messages will fail, meaning that endpoints will not be able to publish their presence
status.
See
Presence and authentication policy
Controlling system behavior for authenticated and non-
authenticated devices
How calls and other messaging from authenticated and non-authenticated devices are handled depends on
how search rules, external policy services and CPL are configured.
Search rules
When configuring a search rule, use the Request must be authenticated attribute to specify whether the
search rule applies only to authenticated search requests or to all requests.
External policy services
External policy services are typically used in deployments where policy decisions are managed through an
external, centralized service rather than by configuring policy rules on the VCS itself.
You can configure the VCS to use policy services in the following areas:
Registration Policy
n
Search rules (dial plan)
n
Call Policy
n
User Policy (FindMe)
n
When the Cisco VCS uses a policy service it sends information about the call or registration request to the
service in a POST message using a set of name-value pair parameters. Those parameters include
information about whether the request has come from an authenticated source or not.
More information about policy services, including example CPL, can be found in External policy on VCS
deployment guide.
CPL
If you are using the Call Policy rules generator on the VCS, source matches are carried out against
authenticated sources. To specify a match against an unauthenticated source, just use a blank field. (If a
source is not authenticated, its value cannot be trusted).
If you use uploaded, handcrafted local CPL to manage your Call Policy, you are recommended to make your
CPL explicit as to whether it is looking at the authenticated or unauthenticated origin.
If CPL is required to look at the unauthenticated origin (for example, when checking non-authenticated
n
callers) the CPL must use unauthenticated-origin. (However, if the user is unauthenticated, they
can call themselves whatever they like; this field does not verify the caller.)
To check the authenticated origin (only available for authenticated or "treat as authenticated" devices) the
n
CPL should use authenticated-origin.
Cisco VCS Administrator Guide (X7.2)
for more information.
Device authentication
Page 100 of 498
Hide quick links:
Advertisement
Table of Contents
