Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
632
Views
0
Helpful
3
Replies

VCS Expressway to Multiple Controls

John Faltys
Level 1
Level 1

‎04-22-2013 11:05 AM - edited ‎03-18-2019 12:58 AM

Is it possible to have a VCS Expressway to authenticate Jabber Accounts against different Control/TMS's with the Jabber users dropping in the same zone?

Example:

Jabber user from the outside john.smith@domain.com may have an account on TMS1 or TMS2.  They are attempting to authenticate from the outside through the express.

The VCS Express has a traversal relationship with 2 different Controls that are managed by 2 different TMS's.

A secondary question is; Is there anyway to have a VCS Control to use presence server on a separate VCS Control?

VCS 7.2.x, TMS 14.x.
Thank you

Labels:
0 Helpful
3 Replies 3

ahmashar
Level 4
Level 4

‎04-22-2013 02:33 PM

Hi John,

yes, it's possible to proxy authentication to VCSC via VCSE. you either register john.smith@domain.com on VCSC1 or VCSC2 or VCSE. By right configuration you can achieve that.

yes to the second question also. if you have neighbor zone configured correctly between two VCSCs and zones authentication is either treat as authenticated or check credential and presence server is turned off on one (presence agent is on) and turned on on the other and domains are configured correctly, yes you can achieve this. (more data required on more specific configuration assistance).

see also this (page 39 onwards)

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-2.pdf

regards,Ahmad

0 Helpful

Martin Koch
VIP Alumni
VIP Alumni
In response to ahmashar

‎04-22-2013 09:17 PM

It depends a bit on what exactly needs to be archived. With the current VCS it is quite limited.

Authentication:

provisioning and proxied registrations might be handled using different domains and responsible

VCSs, but you would run in trouble if you want/need to handle registrations on the VCS-E or

you want to limit calls on the VCS-E based on authorization.

Presence:

If you have different domains maybe keep them running on the dedicated VCS-Cs makes more sense.

A centralized presence server would be great, but you might face issues if you need authentication,

need presence for findme or the lync integration as this requires the presence server to be run on the

VCS with this feature.

There might be additional limitations as well. So its more a yes, its possible, but it might not be possible

in all deployments.

Please remember to rate helpful responses and identify

0 Helpful

John Faltys
Level 1
Level 1
In response to ahmashar

‎04-23-2013 04:17 PM

To be a little more precise.  It was two domains that we would like to consolidate into 1. 

However, one group has a TMS and Control and want to manage their systems.

The other group has a VCSE Cluster, Control Cluster and TMS and want to manage their systems.

So provisioning can happen from either TMS.

And there would be a traversal zone between E and C1 and also between E and C2.

Currently authentication is to AD through TMS.  So when a user on the outside wants to authenticate, would it check it's first traversal zone and then if authentication fails, check it's second traversal zone?

Or would it be better to have direct authentication from the VCS Control's to AD.  This way either control that the express asks for authentication should succeed.

Regarding presence.

User A registered to VCSC1

User B registered to VCSC2

VCSC1 has a neighbor relationship to VCSC2.

VCSC1 has no presence server.

VCSC2 has the presnece server on. Meaning VCSC2 would be the authoritative presence server.

This would allow either User A or B to see each other's presence, correct?

0 Helpful
Customers Also Viewed These Support Documents