TANDBERG D14049.04 Network Card User Manual


 
154
D14049.04
JULY 2008
Grey Headline (continued)
TANDBERG VIDEO COMMUNICATIONS SERVER
ADMINISTRATOR GUIDE
Introduction Getting Started
Overview and
Status
System
Conguration
VCS
Conguration
Zones and
Neighbors
Call
Processing
Bandwidth
Control
Firewall
Traversal
Appendices
Applications Maintenance
Firewall Traversal and Authentication
Overview
Client Server
VCS Control or VCS Expressway
The VCS client provides its
Authentication Username and
Authentication Password. These are set on the VCS client via VCS
Conguration > Authentication > Conguration, in the External
Registration Credentials section.
VCS Expressway
The traversal server zone for the VCS client must be congured with the
Client Authentication Username. This is set on the VCS Expressway via
VCS Conguration > Zones > Edit Zone, in the Conguration section.
There must also be an entry in the VCS Expressway’s authentication
database with the corresponding client username and password.
Endpoint
The endpoint client provides its
Authentication ID and Authentication
Password.
VCS Expressway
There must be an entry in the VCS Expressway’s authentication
database with the corresponding client username and password.
TANDBERG Gatekeeper (version 5.2 and earlier)
The Gatekeeper looks up its
System Name in its own authentication
database and retrieves the password for that name. It then provides
this name and password.
VCS Expressway
The traversal server zone for the Gatekeeper client must be congured
with the Gatekeeper’s System Name in the Client Authentication
Username eld. This is set on the VCS Expressway via VCS
Conguration > Zones > Edit Zone, in the Conguration section.
There must be an entry in the VCS Expressway’s authentication
database that has the Gatekeeper’s System name as the username,
along with the corresponding password.
TANDBERG Gatekeeper (version 6.0 and later)
The Gatekeeper provides its
Authentication Username and
Authentication Password. These are set on the Gatekeeper via
Gatekeeper Conguration > Authentication, in the External Registration
Credentials section.
VCS Expressway
The traversal server zone for the Gatekeeper client must be congured
with the Gatekeeper’s Authentication Username. This is set on the
VCS Expressway via VCS Conguration > Zones > Edit Zone, in the
Conguration section
There must also be an entry in the VCS Expressway’s authentication
database with the corresponding client username and password.
VCS Control or VCS Expressway
If Authentication is On on the Border Controller, the VCS client provides
its Authentication Username and Authentication Password. These
are set on the VCS client via VCS Conguration > Authentication >
Conguration, in the External Registration Credentials section.
If the Border Controller is in Assent mode, the VCS client provides
its Authentication Username. This is set on the VCS client via VCS
Conguration > Authentication > Conguration, in the External
Registration Credentials section.
Border Controller
If Authentication is On on the Border Controller, there must be an entry
in the Border Controller’s authentication database that matches the
VCS client’s Authentication Username and Authentication Password.
If the Border Controller is in Assent mode, the traversal zone
congured on the Border Controller to represent the VCS client must
use the VCS’s Authentication Username in the Assent Account name
eld. This is set on the Border Controller via TraversalZone > Assent >
Account name.
In order to control which systems can use the
VCS Expressway as a traversal server, each
VCS Control or Gatekeeper that wishes to be
its client must rst authenticate with it.
Upon receiving the initial connection
request from the traversal client, the VCS
Expressway asks the client to authenticate
itself by providing a username and password.
The VCS Expressway then looks up the
client’s username and password in its own
authentication database. If a match is found,
the VCS Expressway will accept the request
from the client.
The settings used for authentication depend
on the combination of client and server being
used. These are detailed in the table opposite.
All VCS and Gatekeeper traversal
clients must authenticate with the VCS
Expressway, regardless of the VCS
Expressway’s Authentication Mode setting.
However, endpoint clients are only required to
authenticate if the VCS Expressway’s
Authentication Mode is On.
All VCS and Gatekeeper traversal clients
must authenticate with the VCS Expressway.
The authentication process makes use of
timestamps and requires that each system
is using an accurate system time. The
system time on a VCS is provided by a remote
NTP server. Therefore, in order for rewall
traversal to work, all systems involved must be
congured with details of an NTP server.
Authentication and NTP