We have upgrade both VCS control and expressway to 7.2, and TMS to 13.2, however, we have a question in the Cisco TelePresenceManagement Suite Provisioning Extension Deployment Guide.
In the Provisioning extnesion mode, is it essentail to setup the communciation between cisco TMS and VCS expressway?
In short : if you have provisioning setup on your control its not recommended to enable provisioning on the exress as with the correct search rules the provisioning request will be forwarded to the control by the expressway.
From the TMSPE deployment guide page 11
Provisioning within your network
There are two types of Cisco VCS:
n CiscoVCSControl:thisisdesignedtobeinstalledintheorganization'sprivatenetworktoprovide registration and routing capabilities to H.323 and SIP based endpoints used within the business or connected into the business over a VPN .
n CiscoVCSExpressway:thisisdesignedtobeinstalledintheorganization'sDMZtoprovideregistration and routing capabilities for public and home based H.323 and SIP based endpoints. The VCS Expressway also provides firewall traversal capabilities to allow communication with the internal VCS Control and endpoints that are registered to it.
In a network which only has Cisco VCS Expressways, you can configure your system with provisioning enabled on the Cisco VCS Expressway, however, you should consider the security aspects of storing user data on an appliance that is located in a DMZ.
User accounts can only reside on one Cisco VCS (or Cisco VCS cluster). Therefore if your network has a combination of Cisco VCS Expressways and Cisco VCS Controls (where some endpoints - such as soft clients - may register to either the Control or the Expressway), we recommend that you configure and enable provisioning only on the Cisco VCS Control (or Control cluster). If a soft client or other endpoint registers to a Cisco VCS Expressway, provisioning requests will be routed (using search rules) to the Cisco VCS Control associated with the Expressway via the appropriate traversal zone.
In hierarchical Cisco VCS deployments you could use one or more dedicated Cisco VCS clusters for provisioning—all other Cisco VCSs could be configured to route provisioning requests to those dedicated provisioning servers. However, each provisioning Cisco VCS cluster is still subject to the 10,000 user capacity limits that would apply to a any Cisco VCS cluster. If you need to provision more than 10,000 users, your network will require additional Cisco VCS clusters with an appropriately designed and configured dial plan.
If provisioning is enabled on any Cisco VCS (Control or Expressway) that does not need to have provisioning enabled, be sure to disable it by using the process specified in Removing provisioning from a Cisco VCS.
Sent from Cisco Technical Support iPad App
Can you please give an example for the search rule we need to create. Is it enough to have a search rule for the calls?
On the VCS-E, you just need a search rule that sends anything with a suffix of @your.sip.domain to the VCS control, assuming you want to register with the VCS control via the VCS-E rather than registering with the VCS-E itself.
Make sure you have the correct zone and subzone configurations regarding the checking of credentials as per the VCS provisioning deployment guide.
TMS doesn't need to manage VCS-E.
I'm trying to close the ability to call from external systems (such like any SIP provider) to my subscribers via DNS zone. Now I don't have any restrictions for that, because traversal zone of Expressway passes all calls to VCS Control.
If I'm set "Source" from "Any" to "AllZones" in traversal zone, calls from external systems do not processing, but provisioning requests did not pass to VCS control, and registration on Expressway becomes impossible. How I can solve this problem?