05-11-2012 12:02 AM - last edited on 03-25-2019 09:03 PM by ciscomoderator
I've turned Presence on my VCS-C and VCS-E, but depending on if I am VPNed in or not, I can only see the presence status on my side of the firewall.
I've checked the admin guide for x7.1, I've looked in the Authenticating Devices guide, and I'm at a bit of a loss.
Is what I am trying to do possible, and if so, what do I need to do to make it work?
Solved! Go to Solution.
05-11-2012 10:33 PM
I've got a rather simple set-up - which works great, might give you some ideas;
Two stand-alone VCS-C (soon to be clustered) and a VCS-E;
all internal JabberVideo clients register with one VCS-C, and when external registers with the VCS-E (all my Singapore users also registers with the VCS-E).
Authentication is direct with AD and is done on the one VCS-C regardless of the user is registered with the VCS-C or the VCS-E.
PUA and Presence disabled on VCS-E and enabled on the VCS-C which is used as SIP registrar.
Authentication on VCS-E:
Default SubZone "Do not check"
Default Zone "Do not check"
Traversal Server Zone "Do not check"
Authentication on VCS-C:
Default SubZone "Check credentials"
Movi Zone "Check credentials"
End-point SIP Registration Zone "Treat as authenticated"
Traversal Client Zone "Check credentials"
Authentication works nicely, users cannot register to the VCS-E with incorrect username nor password, and presence works nicely too - both inside and outside.
/jens
05-11-2012 02:18 AM
Michael,
in general, you should only enable the presence server on one of the VCS's (or VCS clusters) in your video network, while all VCS's should have the presence user agent enabled.
From what you describe, it seems that you have enabled the presence server on multiple VCS's, which will create "presence islands".
As for search rules, the only thing you need to make sure of in terms of presence is that your search rules will allow for SIP requests for your local SIP domains to be passed from your VCS's towards the VCS which is acting as the presence server.
SIP devices which can generate their own presence (Movi and Jabber Video) have to be authenticated for the presence server to accept their presence publications and notifications, meaning that these devices should be registered in a subzone which has its authentication setting set to 'Check credentials' or 'Treat as authenticated'.
Hope this helps,
Andreas
05-11-2012 10:33 PM
I've got a rather simple set-up - which works great, might give you some ideas;
Two stand-alone VCS-C (soon to be clustered) and a VCS-E;
all internal JabberVideo clients register with one VCS-C, and when external registers with the VCS-E (all my Singapore users also registers with the VCS-E).
Authentication is direct with AD and is done on the one VCS-C regardless of the user is registered with the VCS-C or the VCS-E.
PUA and Presence disabled on VCS-E and enabled on the VCS-C which is used as SIP registrar.
Authentication on VCS-E:
Default SubZone "Do not check"
Default Zone "Do not check"
Traversal Server Zone "Do not check"
Authentication on VCS-C:
Default SubZone "Check credentials"
Movi Zone "Check credentials"
End-point SIP Registration Zone "Treat as authenticated"
Traversal Client Zone "Check credentials"
Authentication works nicely, users cannot register to the VCS-E with incorrect username nor password, and presence works nicely too - both inside and outside.
/jens
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide