Grey Headline (continued)

Registration Control

TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE

Registration Overview

Endpoint Registration

In order for an endpoint to use the TANDBERG VCS as its H.323 gatekeeper or SIP Registrar, the endpoint must first register with the VCS. The VCS can be configured to control which devices are allowed to register with it. Two separate mechanisms are provided:

an authentication process based on the username and password supplied by the endpoint

a simple Registration Restriction Policy that uses Allow Lists or Deny Lists to specify which aliases can and cannot register with the VCS.

It is possible to use both mechanisms together. For example, you can use authentication to verify an endpoint’s identity from a corporate directory, and registration restriction to control which of those authenticated endpoints may register with a particular VCS.

This section gives an overview of how endpoints and other devices register with the VCS, and then describes the two mechanisms by which registrations can be restricted.

For specific information about how registrations are managed across Peers in a cluster, refer to the section Sharing Registrations Across Peers.

Registrations on a VCS Expressway

If a traversal-enabled endpoint registers directly with a VCS Expressway, the VCS Expressway will provide the same services to that endpoint as a VCS Control, with the addition of firewall traversal. Traversal-enabled endpoints include all TANDBERG Expressway™ endpoints and third party endpoints which support the ITU H.460.18 and H.460.19 standards.

Endpoints that are not traversal-enabled can still register with a VCS Expressway, but they may not be able to make or receive calls through the firewall successfully. This will depend on a number of factors:

whether the endpoint is using SIP or H.323

the endpoint’s position in relation to the firewall

whether there is a NAT in use

whether the endpoint is using a public IP address.

For example, if an endpoint is behind a NAT or firewall, it may not be able to receive incoming calls and may not be able to receive media for calls it has initiated. SIP endpoints can also work behind a NAT but can only receive video if they send it as well.

To ensure firewall traversal will work successfully for H.323 endpoints behind a NAT, the endpoint must be traversal-enabled.

MCU, Gateway and Content Server Registration

H.323 systems such as gateways, MCUs and Content Servers can also register with a VCS. They are known as locally registered services. These systems are configured with their own prefix, which they provide to the VCS when registering. The VCS will then know to route all calls that begin with that prefix to the gateway, MCU or Content Server as appropriate. These prefixes can also be used to control registrations.

SIP devices cannot register prefixes. If your dial plan dictates that a SIP device should be reached via a particular prefix, then you should add the device as a neighbor zone with a pattern match equal to the prefix to be used.

The TANDBERG MPS and TANDBERG Content Server (TCS) both support Expressway. They can therefore

register directly with a VCS Expressway for firewall traversal.

Introduction

Getting Started

 

Overview and

 

System

VCS

Zones and

 

Call

 

Bandwidth

 

Firewall

 

Applications

 

Maintenance

 

Appendices

 

Status

 

Configuration

Configuration

Neighbors

 

Processing

 

Control

 

Traversal

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

D14049.04

 

 

 

 

 

 

72

 

 

 

 

 

 

 

 

 

 

JULY 2008

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Page 72
Image 72
TANDBERG D14049.04 Registration Control, Registration Overview, Endpoint Registration, Registrations on a VCS Expressway