Firewall traversal and authentication, Overview, Authentication and ntp – TANDBERG Security Camera User Manual

Page 150: Overview authentication and ntp

Advertising
background image

150

D14049.03
MAY 2008

Grey Headline (continued)

TANDBERG

VIDEO COMMUNICATIONS SERVER

ADMINISTRATOR GUIDE

Introduction

Getting Started

Overview and

Status

System

Configuration

VCS

Configuration

Zones and

Neighbors

Call

Processing

Bandwidth

Control

Firewall

Traversal

Maintenance

Appendices

Firewall Traversal and Authentication

Overview

Client

Server

VCS Control or VCS Expressway

The VCS client provides its

Authentication Username

and

Authentication Password

. These are set on the VCS client via

VCS

Configuration > Authentication > Configuration

,

in the

External

Registration Credentials

section.

VCS Expressway

The traversal server zone for the VCS client must be configured with the

Client Authentication Username

. This is set on the VCS Expressway via

VCS Configuration > Zones > Edit Zone

, in the

Configuration

section.

There must also be an entry in the VCS Expressway’s authentication

database with the corresponding client username and password.

Endpoint

The endpoint client provides its

Authentication ID

and

Authentication

Password

.

VCS Expressway

There must be an entry in the VCS Expressway’s authentication

database with the corresponding client username and password.

TANDBERG Gatekeeper (version 5.2 and earlier)

The Gatekeeper looks up its

System Name

in its own authentication

database and retrieves the password for that name. It then provides
this name and password.

VCS Expressway

The traversal server zone for the Gatekeeper client must be configured

with the Gatekeeper’s

System Name

in the

Client Authentication

Username

field. This is set on the VCS Expressway via

VCS

Configuration > Zones > Edit Zone

, in the

Configuration

section.

There must be an entry in the VCS Expressway’s authentication

database that has the Gatekeeper’s System name as the username,
along with the corresponding password.

TANDBERG Gatekeeper (version 6.0 and later)

The Gatekeeper provides its

Authentication Username

and

Authentication Password

. These are set on the Gatekeeper via

Gatekeeper Configuration > Authentication

, in the

External Registration

Credentials

section.

VCS Expressway

The traversal server zone for the Gatekeeper client must be configured

with the Gatekeeper’s

Authentication Username

. This is set on the

VCS Expressway via

VCS Configuration > Zones > Edit Zone

, in the

Configuration

section

There must also be an entry in the VCS Expressway’s authentication

database with the corresponding client username and password.

VCS Control or VCS Expressway

If Authentication is On on the Border Controller, the VCS client provides

its

Authentication Username

and

Authentication Password

. These

are set on the VCS client via

VCS Configuration > Authentication >

Configuration

, in the

External Registration Credentials

section.

If the Border Controller is in Assent mode, the VCS client provides

its

Authentication Username

. This is set on the VCS client via

VCS

Configuration > Authentication > Configuration

, in the

External

Registration Credentials

section.

Border Controller

If Authentication is On on the Border Controller, there must be an entry

in the Border Controller’s authentication database that matches the
VCS client’s

Authentication Username

and

Authentication Password

.

If the Border Controller is in Assent mode, the traversal zone

configured on the Border Controller to represent the VCS client must
use the VCS’s

Authentication Username

in the Assent

Account name

field. This is set on the Border Controller via

TraversalZone > Assent >

Account name

.

In order to control which systems can use the
VCS Expressway as a traversal server, each
VCS Control or Gatekeeper that wishes to be
its client must first authenticate with it.
Upon receiving the initial connection
request from the traversal client, the VCS
Expressway asks the client to authenticate
itself by providing a username and password.
The VCS Expressway then looks up the
client’s username and password in its own
authentication database. If a match is found,
the VCS Expressway will accept the request
from the client.
The settings used for authentication depend
on the combination of client and server being
used. These are detailed in the table opposite.

All VCS and Gatekeeper traversal
clients must authenticate with the VCS
Expressway, regardless of the VCS

Expressway’s Authentication Mode setting.
However, endpoint clients are only required to
authenticate if the VCS Expressway’s
Authentication Mode is On.

All VCS and Gatekeeper traversal clients
must authenticate with the VCS Expressway.
The authentication process makes use of
timestamps and requires that each system
is using an accurate system time. The
system time on a VCS is provided by a remote
NTP server. Therefore, in order for firewall
traversal to work, all systems involved must be

configured with details of an NTP server

.

Authentication and NTP

Advertising
Popular Brands
Popular manuals