74
D14049.04
JULY 2008
Grey Headline (continued)
TANDBERG VIDEO COMMUNICATIONS SERVER
ADMINISTRATOR GUIDE
Introduction Getting Started
Overview and
Status
System
Conguration
VCS
Conguration
Zones and
Neighbors
Call
Processing
Bandwidth
Control
Firewall
Traversal
Appendices
Applications Maintenance
Registration Control
Authentication for Local Registrations
When Authentication Mode is On, endpoints must authenticate
with the VCS before they can register. In order to authenticate
successfully, the endpoint must supply the VCS with a
username. For TANDBERG endpoints using H.323, the
username is the endpoint’s Authentication ID; for TANDBERG
endpoints using SIP it is the endpoint’s Authentication
Username.
For details of how to congure endpoints with a
username and password, please consult the endpoint
manual.
In order to verify the identity of the device, the VCS needs
access to a database on which all authentication credential
information (usernames, passwords, and other relevant
information) is stored. This database may be located either
locally on the VCS, or on an LDAP Directory Server. The VCS
looks up the endpoint’s username in the database and retrieves
the authentication credentials for that entry. If the credentials
match those supplied by the endpoint, the registration is allowed
to proceed.
The VCS supports the ITU H.235 specication [1] for
authenticating the identity of H.323 network devices with which
it communicates.
Authentication
Mode
Determines whether systems attempting to
communicate with the VCS must authenticate
with it rst.
On: For H.323, any credentials in the message
are checked against the authentication
database. The message is allowed if
the credentials match, or if there are no
credentials in the message. For SIP, any
messages originating from an endpoint in a
local domain will be authenticated.
Off: no authentication is required for
endpoints.
The default is Off.
Database type
Determines which database the VCS will use
during authentication.
LocalDatabase: the local database is used.
You must congure the Local database to use
this option.
LDAP: A remote LDAP database is used. You
must congure the LDAP server to use this
option.
The default is LocalDatabase.
!
If the VCS is a traversal server, you
must ensure that each traversal
client’s authentication credentials are
entered into the selected database.
Conguring Authentication
To congure the Authentication Mode of the VCS, and the Database it will use:
VCS Conguration > Authentication > Conguration
•
You will be taken to the Authentication Conguration page.
xConguration Authenticatio
•
n
!
Accurate timestamps play an important part in authentication, helping to
guard against replay attacks. For this reason, if you are using
authentication, both the VCS and the endpoints must use an NTP server
to synchronize their system time. See the NTP section for information on how to
congure this for the VCS.
Authentication Mode
The VCS can be congured to use a username and password-
based challenge-response scheme to determine whether it will
permit communications from other systems. This process is
known as authentication. When Authentication Mode is On,
systems attempting to communicate with the VCS, including
endpoints attempting to send registration requests to the VCS,
must rst authenticate with it.