manualshive.com logo in svg

Avaya Scopia XT Camera Switch, Installation Manual, Page: 44 / 64

Share
Download
Avaya Scopia XT Camera Switch Installation Manual Download Page 44

Generating a Unique TLS Certificate for Scopia

®

 XT Desktop

server

About this task

You can secure Scopia

®

 XT Desktop's media and signaling between Scopia

®

 XT Desktop server

and Avaya Scopia

®

 Management using TLS encryption. TLS enables network devices to

communicate securely using certificates, to provide authentication of the devices and encryption of

the communication between them. This method also checks the data integrity of messages.

By default, audio and video between Scopia

®

 XT Desktop server and Scopia

®

 XT Desktop Client

are transmitted using the UDP protocol. If Scopia

®

 XT Desktop server fails to establish the UDP

connection with its client, it sends media over TCP. If this is the case your media is protected using

TLS together with other data streams between Scopia

®

 XT Desktop server and Scopia

®

 XT

Desktop Client.

Important:

Using encryption is subject to local regulation. In some countries it is restricted or limited for

usage. For more information, consult your local reseller.

Figure 32: Encrypting communications using TLS

Each time a video network device starts the TLS communication session, it sends its own signed

certificate together with the CA root certificate and requests the same certificates from the other

devices to which it wants to connect. After both devices verify each other's identity, a secure TLS

connection can be established. Exchanging certificates between devices is part of the TLS protocol;

it happens in the background and is transparent to a user.

Securing Your Scopia

®

 XT Desktop Deployment

44

     Avaya Scopia

®

 XT Desktop Server Installation Guide

August 2015

Comments on this document? [email protected]

Summary of Contents for Scopia XT Camera Switch

Page 1: ...Avaya Scopia XT Desktop Server Installation Guide Release 8 3 3 Issue 1 August 2015...

Page 2: ......

Page 3: ...U DO NOT WISH TO ACCEPT THESE TERMS OF USE YOU MUST NOT ACCESS OR USE THE HOSTED SERVICE OR AUTHORIZE ANYONE TO ACCESS OR USE THE HOSTED SERVICE YOUR USE OF THE HOSTED SERVICE SHALL BE LIMITED BY THE...

Page 4: ...nux OS source code for those products that have distributed Linux OS source code and identifying the copyright holders of the Third Party Components and the Third Party Terms that apply is available i...

Page 5: ...Verifying Scopia XT Desktop server Installation and Connection with Other Components 28 Defining a Local Directory of Endpoints 29 Defining Bandwidth Settings in Scopia XT Desktop server 30 Defining S...

Page 6: ...esses SMB Built on the XT Series HD room system with the highest capacity embedded MCU in the industry today the Avaya Scopia XT Series SMB Edition combines HD room system capabilities embedded multi...

Page 7: ...ktop web server and application server is implemented by Tomcat It serves as the update server the Scopia Content Slider server and the Scopia XT Desktop web portal Scopia Content Slider server Part o...

Page 8: ...ollowing sections for details on the different deployment options and how to plan your bandwidth Related Links Minimum Requirements and Specifications of Scopia XT Desktop server on page 8 Planning th...

Page 9: ...ations Scopia XT Desktop interoperates with both SIP and H 323 endpoints to provide a seamless user experience joining the ease of use of Scopia XT DesktopClients and Scopia Mobile devices with dedica...

Page 10: ...ly host videoconferences using its built in MCU and extends your videoconferences to participants joining from a computer with Scopia XT Desktop Client or a mobile device using Scopia Mobile For examp...

Page 11: ...nt if you deploy the XT Series as a video server Important The Scopia XT Executive and Avaya Scopia XT4300 can host up to four participants Figure 4 Avaya Scopia XT Series SMB Edition Deployment on pa...

Page 12: ...re the Scopia XT Desktop IP address to represent the NIC behind the firewall For the Scopia XT Desktop public address use a DNS name which resolves to the NIC outside the firewall and is accessible bo...

Page 13: ...assess the overall bandwidth for the videoconferencing solution including other types of endpoints refer to the Avaya Scopia Solution Guide Related Links Planning your Avaya Scopia XT Desktop Deploym...

Page 14: ...s 7680 kbps This is the rough estimation of the bandwidth required for videoconference participants 4 Add margins to make sure that even in poor network conditions video quality does not drop below th...

Page 15: ...o Open from the Enterprise to the Scopia XT Desktop server on page 17 When opening ports between the DMZ and the public on the Scopia XT Desktop server use the following as a reference When opening po...

Page 16: ...via TCP port 443 resulting in a drop in performance Mandatory To limit range see Limiting the UDP Port Range for RTP RTCP on the Scopia XT Desktop server on page 18 Table 2 Outbound Ports to Open fro...

Page 17: ...top server Mandatory Table 4 Bidirectional Ports to Open Between the Scopia XT Desktop server and the Public Port Range Protocol Destination Functionality Result of Blocking Port Required 10000 65535...

Page 18: ...lowing port ranges on the Scopia XT Desktop server Related Links Ports to Open on Avaya Scopia XT Desktop on page 14 Limiting the UDP Port Range for RTP RTCP on the Scopia XT Desktop server on page 18...

Page 19: ...your firewall you can limit this range For each conference the Scopia XT Desktop server uses 2 ports In addition add extra ports for Add 2 ports for each participating Scopia XT Desktop Client client...

Page 20: ...ting Port Ranges on the Scopia XT Desktop server on page 18 Planning your Avaya Scopia XT Desktop Deployment 20 Avaya Scopia XT Desktop Server Installation Guide August 2015 Comments on this document...

Page 21: ...license the Basic MCU license which allows a limited number of participants and the Extended MCU license for the maximum number of participants You can use either of these licenses for your XT Series...

Page 22: ...ect Next Figure 9 Specifying the XT Series with built in MCU 5 In the Network Configuration window select the IP address used for communicating with the Avaya Scopia XT Series SMB Edition If the serve...

Page 23: ...ostname Configuration window specify the public name of the d to be used later as part of the URL sent to Scopia XT Desktop Clients to connect to videoconferences Figure 11 Defining the public address...

Page 24: ...opia Desktop server two core services which must have permission to communicate through the firewall Navigate to the Windows Firewall Control Panel Figure 12 Enabling public access for essential servi...

Page 25: ...ther Client Connection Settings on page 31 Enabling Scopia XT Desktop Client Features on page 32 Rolling Out Scopia XT Desktop Client to End Users on page 34 Accessing the Scopia XT Desktop server Web...

Page 26: ...cation in the sidebar The Settings tab is displayed Figure 13 Configuring the local administrator credentials 2 Enter a User Name and Password in the Local Administrator section 3 Select OK Related Li...

Page 27: ...agement messages with the Avaya Scopia XT Series like configuring via the administration web interface Scopia XT Desktop Control Interface Select the NIC address used for signaling and control in your...

Page 28: ...ted to the Avaya Scopia XT Series select Status in the sidebar 2 View the connection status for each server or component If necessary select any red indicators to view further error information Figure...

Page 29: ...esktop Client Procedure 1 Access the Scopia XT Desktop server Administration web interface 2 Select Directory and Authentication icon in the sidebar 3 Select the Directory tab Figure 17 Local database...

Page 30: ...g and downloading media during a videoconference A webcast viewer uses half of this bandwidth because media is only downloaded from the Scopia XT Desktop server when a videoconference is streamed Befo...

Page 31: ...nt Use a FQDN which Scopia XT Desktop Clients can resolve from their location to arrive at the correct IP address of the server If a DNS name is not specified in the Public Address field the Scopia XT...

Page 32: ...es you make in this procedure are global and affect all Scopia XT Desktop Clients connecting to this Scopia XT Desktop server You can decide to encrypt the media sent over UDP between the Scopia XT De...

Page 33: ...The parameters added are meetingid NNN nickname XXX If your external web content already takes different parameters in its URL these parameters are appended to the URL string Use standard URL encoding...

Page 34: ...mended procedures for rolling out your deployment to end users The section includes these topics Related Links Configuring Your Deployment on page 25 Minimum Requirements for Scopia XT Desktop Client...

Page 35: ...eron Mac with Intel Core 2 Duo 2 7 GHz or faster Minimum 2GB of RAM 3GB of RAM or more recommended The minimum software requirements of the Scopia XT Desktop Client are Operating systems Windows XP SP...

Page 36: ...ktop Client web portal provides an automatic download and update manager When you select the Updates link it displays any currently installed components and versions and enables you to install compone...

Page 37: ...dialog box 6 Install the Conference Client to install or update the Scopia XT Desktop Client When the Scopia XT Desktop Client installation is complete you should see the Scopia XT Desktop icon in th...

Page 38: ...tools Microsoft Active Directory AD Microsoft Systems Management Server SMS Contact Customer Support to obtain pre prepared scripts which can run using either of these infrastructures There is also a...

Page 39: ...ng Scopia XT Desktop server Communications on page 39 Protecting Meetings with a PIN on page 48 Encrypting Scopia XT Desktop server Communications You can secure Scopia XT Desktop server communication...

Page 40: ...have a secure environment as shown in Figure 27 Protocols used in a secure environment on page 40 Figure 27 Protocols used in a secure environment Related Links Securing Your Scopia XT Desktop Deploy...

Page 41: ...however we recommend that you use a unique certificate for stronger authentication as described in the procedure below Before you begin For stronger authentication make sure you have a unique HTTPS c...

Page 42: ...For stronger authentication use a unique certificate by following the rest of this procedure 5 Select Add Certificate to upload an existing signed certificate 6 If the certificate is installed in the...

Page 43: ...al deletion during an upgrade Figure 31 Configuring certificate using the file name b Browse to the PKCS12 certificate and select it c Enter the private key password for the certificate 8 Select OK 9...

Page 44: ...sing TLS together with other data streams between Scopia XT Desktop server and Scopia XT Desktop Client Important Using encryption is subject to local regulation In some countries it is restricted or...

Page 45: ...ols windows keytool html Procedure 1 Stop the Scopia XT Desktop Apache Tomcat service 2 Copy the keystore file located in SD_install_dir data sds keystore to a temporary working folder for example C c...

Page 46: ...eystore storepass radvision where root_cert crt is the trusted root certificate The trustcacerts parameter instructs keytool to check both the specific and the system keystore file for the root certif...

Page 47: ...key If Scopia XT Desktop server fails to establish the UDP connection with its client it sends media over TCP If this is the case and you enabled HTTPS on the Scopia XT Desktop server your media is p...

Page 48: ...ct the Require attendees to enter a PIN to gain access to the meeting check box in the Meeting PIN section Figure 36 Meeting PIN Section 4 Enter a PIN in the PIN field 5 Enter the PIN again in the Con...

Page 49: ...ing sounds which are too strong and strengthening sounds which are too weak This is relevant with microphones situated at some distance from the speaker like room systems The result is a more consiste...

Page 50: ...ting capacity by combining the resources of several MCUs This can be especially useful for distributed deployments across several locations reducing bandwidth usage CIF CIF or Common Intermediate Form...

Page 51: ...DNS server is responsible for resolving domain names in your network by translating them into IP addresses DTMF DTMF or touch tone is the method of dialing on touch tone phones where each number is tr...

Page 52: ...ile Transfer Protocol FTP is a standard network protocol used to transfer computer files from one host to another host over a TCP based network such as the Internet FTP is built on a client server arc...

Page 53: ...ween endpoints and can control a remote endpoint from your local endpoint It is part of the H 323 set of protocols H 261 H 261 is an older protocol used to compress CIF and QCIF video resolutions This...

Page 54: ...municate directly with the PathFinder server where the endpoint acts as an H 460 client to the PathFinder server which acts as an H 460 server HD A HD ready device describes its high definition resolu...

Page 55: ...e all the participants while they see only the lecturer All participants are muted except the lecturer unless a participant asks permission to speak and is unmuted by the lecturer This mode is tailore...

Page 56: ...eo layout the type of encryption PIN protection and many other features You can invoke a meeting type by dialing its prefix in front of the meeting ID Meeting types are created and stored in the MCU w...

Page 57: ...then reduces or improves the video resolution to maximize quality with the available bandwidth Packet Loss Packet loss occurs when some of the data transmitted from one endpoint is not received by th...

Page 58: ...ower Quality of Service QoS Quality of Service QoS determines the priorities of different types of network traffic audio video and control signaling so in poor network conditions prioritized traffic i...

Page 59: ...ime Streaming Protocol controls the delivery of streamed live or playback video over IP with functions like pause fast forward and reverse While the media itself is sent via RTP these control function...

Page 60: ...han H 323 SIP Registrar See Registrar on page 58 SIP Server A SIP server is a network device communicating via the SIP protocol SIP URI See URI on page 62 Slider See Content Slider on page 50 SNMP Sim...

Page 61: ...ty when the bandwidth is high and adequate quality when available bandwidth is poor SVGA SVGA defines a video resolution of 800 x 600 pixels Switched video Switching is the process of redirecting vide...

Page 62: ...tream of a videoconference to each viewer This is the default method of streaming in Scopia Desktop server To save bandwidth consider multicast streaming URI URI is an address format used to locate a...

Page 63: ...An administrator can assign a virtual room to each member of the organization Users can send invitations to each other via a web link which brings you directly into their virtual room Virtual meeting...

Page 64: ...Gatekeeper split endpoints into zones where a group of endpoints in a zone are registered to a gatekeeper Often a zone is assigned a dial prefix and usually corresponds to a physical location like an...

Reviews:

No comments