manualshive.com logo in svg

TANDBERG D14049.04, Administrator'S Manual

Share
Download
TANDBERG D14049.04 Administrator'S Manual Download Page 55

55

D14049.07 
March 2010

Grey Headline 

(continued)

TANDBERG

 VIDEO COMMUNICATION SERVER

ADMINISTRATOR GUIDE

Introduction

Overview and 

status

System 

configuration

VCS  

configuration

Zones and 

neighbors

Clustering and 

peers

Call  

processing

Bandwidth 

control

Firewall 

traversal

Appendices

Applications

Maintenance

Registration control

Device authentication

The 

Device authentication configuration 

page controls whether systems attempting to 

communicate with the VCS must authenticate with it first, and if so, the type of database used by 
the VCS to store the authentication credentials used by these systems.
To go to the 

Device authentication configuration

 page:

• 

VCS configuration > Authentication > Devices > Configuration

To configure authentication using the CLI:

• 

xConfiguration Authentication

Authentication mode

The VCS can be configured to use a username and password-based challenge-response scheme 
to determine whether it will permit communications from other systems. This process is known as 
authentication, and is controlled using the 

Authentication mode 

setting.

The options are:

On

: systems attempting to communicate with the VCS, including endpoints attempting to send 

registration requests to the VCS, must first authenticate with it.
For H.323, any credentials in the message are checked against the authentication database. The 
message is allowed if the credentials match, or if there are no credentials in the message. For SIP, 
any messages originating from an endpoint in a local domain will be authenticated.

Off

: incoming messages are not authenticated.

The default is 

Off

.

!

Accurate timestamps play an important part in authentication, helping to guard against 
replay attacks. For this reason, if you are using authentication, both the VCS and the 
endpoints must use an NTP server to synchronize their system time. See the 

About the 

NTP server

 section for information on how to configure this for the VCS.

Authentication database

When 

Authentication mode 

is 

On

, endpoints must authenticate with the VCS before they can 

register. In order to authenticate successfully, the endpoint must supply the VCS with a username. 
For TANDBERG endpoints using H.323, the username is the endpoint’s 

Authentication ID

; for 

TANDBERG endpoints using SIP it is the endpoint’s 

Authentication username

.

For details of how to configure endpoints with a username and password, please consult 
the endpoint manual. 

To verify the identity of the device, the VCS needs access to a database on which all authentication 
credential information (usernames, passwords, and other relevant information) is stored. This 
database may be located either locally on the VCS, or on an LDAP Directory Server. The VCS looks 
up the endpoint’s username in the database and retrieves the authentication credentials for 
that entry. If the credentials match those supplied by the endpoint, the registration is allowed to 
proceed. 
The 

Database type 

setting determines which database the VCS will use during authentication:

Local database

: the local authentication database is used. You must 

configure the local 

authentication database

 to use this option.

LDAP database

: a remote LDAP database is used. You must 

configure the LDAP server

 to use this 

option.
The default is 

LocalDatabase

.

!

If the VCS is a traversal server, you must ensure that each traversal client’s authentication 
credentials are entered into the selected database.

The VCS supports the 

ITU H.235 specification [1]

 for authenticating the identity of H.323 

network devices with which it communicates. 

Summary of Contents for D14049.04

Page 1: ...MINISTRATOR GUIDE Software version X5 1 March 2010 Introduction Overview and status System configuration VCS configuration Zones and neighbors Clustering and peers Call processing Bandwidth control Fi...

Page 2: ...41 About Ethernet speed 41 IP 42 About IP protocols 42 IPv4 to IPv6 gatewaying interworking 42 External LAN interface 42 About IP routes static routes 42 About LAN configuration 42 About Dual Network...

Page 3: ...neighbor zones 68 Configuring traversal client zones 69 Configuring traversal server zones 70 Configuring ENUM zones 71 Configuring DNS zones 71 Zone configuration advanced settings 72 Zone configura...

Page 4: ...ones 107 Configuring search rules for DNS zones 107 Configuring DNS servers 107 URI dialing via DNS for incoming calls 108 Types of DNS records required 108 Incoming call process 108 SRV record format...

Page 5: ...Server 141 Presence User Agent PUA 142 Aggregation of presence information 142 FindMe presence 142 Registration refresh period 142 Configuring Presence 143 Enabling and disabling Presence Services 14...

Page 6: ...he report 171 Sending incident reports automatically 171 Tools 172 Check pattern 172 Locate 172 Port usage 173 Local VCS inbound ports 173 Local VCS outbound ports 173 Remote listening ports 173 Resta...

Page 7: ...91 Pattern variable reference 192 VCS port reference 193 DNS configuration 196 Overview 196 Verifying the SRV record 196 Microsoft DNS server 196 BIND 8 9 196 LDAP configuration for device authenticat...

Page 8: ...ing Gateways and IVR Interoperability INDUSTRY SOLUTIONS The TANDBERG Total Solution TANDBERG delivers the most comprehensive and reliable total solution of video products in the industry including te...

Page 9: ...deployed within your wide area network with endpoints that are behind the same firewalls or NAT devices The VCS Control replaces the need to have separate H 323 gatekeeper SIP registrar and H 323 SIP...

Page 10: ...keepers and SIP proxies n 1 redundancy can be part of a cluster of up to 6 VCSs for increased capacity and redundancy Intelligent Route Director for single number dialing and network failover faciliti...

Page 11: ...is managed in TMS and distributed to the clients through the TMS Agent running on the VCS The TMS Agent on the VCS also provides TMS with the provisioned client s status There is no configuration asso...

Page 12: ...using Allow Lists and Deny Lists registrations can be controlled at the subzone level Each subzone can be configured to allow or deny registrations assigned to it via the subzone membership rules See...

Page 13: ...fully allocated Hardware failure warnings Improved hardware failure detection warnings and status display Auditor account access level An Auditor access level can be assigned to administrator account...

Page 14: ...needs Please let us know how well we succeeded How to use this Administrator Guide Typographical conventions Most configuration tasks on the VCS can be performed by using either the web interface or...

Page 15: ...dministrator Login 3 Enter a valid administrator username and password and click Login See the Login accounts section for details on setting up administrator accounts You are presented with the Overvi...

Page 16: ...ing and its suggested resolution Information box An information box appears on the configuration pages whenever you either click on the Information icon or click inside a field This box gives you info...

Page 17: ...a username of admin and your system password You will see a screen similar to that shown below You can now start using the CLI by typing the appropriate commands Command types Commands are divided int...

Page 18: ...interface These pages provide information on the current status and configuration of the VCS Overview and status TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Introduction Overview and stat...

Page 19: ...dditional VCS features such as TURN Relays FindMe Device Provisioning and Dual Network Interfaces are controlled through the use of option keys This section shows all the options that are currently in...

Page 20: ...ardware on which the VCS software is installed Hardware serial number The serial number of the hardware on which the VCS software is installed Time Information Up time The amount of time that has elap...

Page 21: ...and subnet mask and IPv6 address of the LAN 2 port DNS Server 1 5 address The IP address es of each of the DNS servers that will be queried when resolving domain names Up to 5 DNS servers may be conf...

Page 22: ...m automatically re registering Filter To limit the list of registrations enter one or more characters in the Filter field and select Filter Only those registrations that contain in any of the displaye...

Page 23: ...tion about an individual device s registration The exact details and options shown here will depend on the device s protocol whether the registration is still current and whether a Deny List is in use...

Page 24: ...ry page lists all the calls that are no longer active that have taken place since the VCS was last restarted To view the Call history page Status Calls History The page displays the following informat...

Page 25: ...device asking it to accept the call Each message shows up as a separate search in the Search history page but only the Setup message will be associated with a particular call For H 323 searches origin...

Page 26: ...l amount of bandwidth used by all calls passing through the subzone Local Zone The Zone status page lists all the zones that are currently configured on your VCS the number of calls and amount of band...

Page 27: ...The Pipe status page lists all the pipes currently configured on your VCS along with the number of calls and the bandwidth being used by each pipe To view the Pipe status page Status Bandwidth Pipes...

Page 28: ...ent if there is no NAT that requested the relay Creation time The date and time the relay became active Expiry time The date and time the relay will become inactive Click View to go to the TURN relay...

Page 29: ...Relay application is required in deployments that use both Microsoft Office Communicator MOC clients and FindMe if they both use the same SIP domain Its purpose is to enable the VCS to share FindMe p...

Page 30: ...ng icon from the web interface but the warning will still be listed on the Warnings page with a status of Acknowledged If a new warning occurs the warning icon will reappear You cannot delete warnings...

Page 31: ...up a remote server to which the Event Log can be copied See the sections on Setting the Event Log level and About remote logging for more information Results This section shows all the events with th...

Page 32: ...and neighbors Clustering and peers Call processing Bandwidth control Firewall traversal Appendices Applications Maintenance Status Event Log format The Event Log is displayed in an extension of the UN...

Page 33: ...e detail of the Event Name Description Auth Whether the call attempt has been authenticated successfully Method SIP method INVITE BYE UPDATE REGISTER SUBSCRIBE etc Contact Contact header from REGISTER...

Page 34: ...Detail event parameter 1 Authorization Failure The user has either entered invalid credentials does not belong to an access group or belongs to a group that has an access level of None Applies when re...

Page 35: ...erver failed unexpectedly The Detail event parameter should differentiate between no response and request rejected Servers concerned are DNS LDAP servers Neighbor Gatekeeper NTP servers Peers 1 FindMe...

Page 36: ...another system over TLS Refer to the event parameters for more information 1 Policy Change A policy file has been updated 1 POST request failed A HTTP POST request was submitted from an unauthorized s...

Page 37: ...d A system restart has been requested Refer to the Reason event parameter for specific information 1 Search Attempted A search has been attempted 1 Search Cancelled A search has been cancelled 1 Searc...

Page 38: ...Agent restore completed The TMS Agent restore process has completed 1 TMS Agent Restore error An error occurred while attempting a TMS Agent restore 1 TMS Agent restore started The TMS Agent restore...

Page 39: ...his section shows all the web based events with the most recent being shown first Most events contain hyperlinks in one or more of the fields such fields will change color when you hover over them You...

Page 40: ...on to the network in which it is located for example its IP settings and the external services used by the VCS e g DNS NTP and SNMP System configuration TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRAT...

Page 41: ...net is disabled You can also enable access via HTTP However this mode works by redirecting HTTP calls to the HTTPS port so HTTPS must also be enabled for access via HTTP to function The Session time o...

Page 42: ...plex network deployments You can configure routes for up to 50 networks and host combinations IP routes can be configured using the CLI only xConfiguration IP Route xCommand RouteAdd About LAN configu...

Page 43: ...e log server a default name of TANDBERG is used if the Local host name is not specified Domain name The Domain name is used when attempting to resolve unqualified server addresses for example ldap or...

Page 44: ...figured of the NTP server to be used when synchronizing system time The NTP server field defaults to one of four NTP servers provided by TANDBERG either 0 ntp tandberg com 1 ntp tandberg com 2 ntp tan...

Page 45: ...sensitive nature of the information involved Do not enable SNMP on a VCS on the public internet or in any other environment where you do not want to expose internal system information The VCS does not...

Page 46: ...vents plus network level SIP messages Setting the Event Log level You can control which events are logged by the VCS by setting the log level All events with a level numerically equal to and lower tha...

Page 47: ...and the H 323 configuration options available on the VCS an overview of SIP and the SIP configuration options available on the VCS how to configure the VCS to act as a SIP to H 323 gateway how to cont...

Page 48: ...on control To enable the VCS as an H 323 Gatekeeper you must ensure that H 323 mode is set to On VCS configuration Protocols H 323 This is the default setting so the VCS will work as an H 323 gatekeep...

Page 49: ...t then changes and the endpoint attempts to re register using the same alias You can determine how the VCS will behave in this situation by configuring the Registration conflict mode The options are R...

Page 50: ...3327 10 When the VCS proxies a request that contains Route Set information it forwards it directly to the URI specified in the path Any call processing rules configured on the VCS are bypassed This ma...

Page 51: ...ports The VCS supports SIP over UDP TCP and TLS transport protocols You can configure whether or not incoming and outgoing connections using each protocol are supported and if so the ports on which th...

Page 52: ...uring interworking The Interworking page is used to configure whether or not the VCS acts as a gateway between SIP and H 323 calls To go to the Interworking page VCS configuration Protocols Interworki...

Page 53: ...ister with a VCS They are known as locally registered services These systems are configured with their own prefix which they provide to the VCS when registering The VCS will then know to route all cal...

Page 54: ...cify the IP address or FQDN of the registrar with which they wish to register and the endpoint will attempt to register with that registrar only The VCS is a SIP Server for endpoints in its local zone...

Page 55: ...uard against replay attacks For this reason if you are using authentication both the VCS and the endpoints must use an NTP server to synchronize their system time See the About the NTP server section...

Page 56: ...LS TLS TLS encryption is used for the connection to the LDAP server Off no encryption is used The default is Off The link Upload a CA Certificate file for TLS takes you to the Security certificates pa...

Page 57: ...View Edit to make changes to an existing entry You are taken to the Edit credential page Delete Click Delete to remove a credential from the list New Select New to add a new entry to the local authent...

Page 58: ...he VCS using an alias that has already been registered on the VCS from another IP address The reasons for this could include two endpoints at different IP addresses are attempting to register using th...

Page 59: ...ionPolicy The Restriction policy option specifies the policy to be used when determining which endpoints may register with the VCS The options are None any endpoint may register AllowList only those e...

Page 60: ...nfiguration Registration DenyList Managing entries in the Allow and Deny Lists The Registration Allow List and Registration Deny List pages both work in the same way Pattern The pattern against which...

Page 61: ...ocal Zone which is made up of subzones including the Traversal Subzone and Default Subzone create and configure external zones to communicate with other systems and endpoints including other VCSs Gate...

Page 62: ...h used by and between different parts of your network This section will give you an overview of the different parts of the video communications network and the ways in which they can be connected This...

Page 63: ...cluster see the Cluster Subzone section for more information Overview Bandwidth management The Local Zone s subzones are used for bandwidth management After you have set up your subzones you can apply...

Page 64: ...particularly resource intensive See the chapter on Bandwidth control and the section on Bandwidth consumption of traversal calls for more information on controlling the bandwidth of traversal calls W...

Page 65: ...le VCS Controls or gatekeepers In order to act as a traversal server the VCS Expressway must have a special type of two way relationship with each traversal client To create this connection you create...

Page 66: ...red with the Default Zone and default links between it and both the Default Subzone and the Traversal Subzone The purpose of the Default Zone is to manage incoming calls from unrecognized endpoints to...

Page 67: ...he connecting traversal client is not configured so the required certificate holder s name is specified separately If the neighbor system is another VCS or it is a traversal client traversal server re...

Page 68: ...neighbor system Systems that are configured as cluster peers formerly known as Alternates must not be configured as neighbors to each other H 323 Mode Determines whether H 323 calls are allowed to an...

Page 69: ...on the traversal server to use for H 323 calls to and from the local VCS For firewall traversal to work via H 323 the traversal server must have a traversal server zone configured on it to represent...

Page 70: ...ports for media Off each call from the traversal client uses a separate pair of ports for media SIP Mode Determines whether SIP calls are allowed to and from the traversal client Port The port on the...

Page 71: ...fy mode Controls whether the VCS performs X 509 certificate checking against the destination system server returned by the DNS lookup This setting only applies if the DNS lookup specifies TLS as requi...

Page 72: ...y responded to Determines what happens when the VCS receives a SIP search that originated as an H 323 search Off a SIP OPTION or SIP INFO message is sent On searches are responded to automatically wit...

Page 73: ...tribute line limit option should normally be left as the default of Off However some systems such as Microsoft OCS 2007 cannot handle attribute lines longer than 130 characters so it must be set to On...

Page 74: ...VITE request is removed Off INVITE requests are not modified Off Neighbor zones DNS zones SIP record route address type Controls whether the VCS uses its IP address or host name in the record route or...

Page 75: ...Manager Nortel Communication Server 1000 TANDBERG Advanced Media Gateway Searches are automatically responded to Off Off Off Off Empty INVITE allowed Off On On On SIP poison mode On Off Off Off SIP en...

Page 76: ...tern type of Prefix That neighbor would then only be queried for calls to numbers which begin with its prefix In a URI based dial plan similar behavior may be obtained by configuring search rules for...

Page 77: ...peers a troubleshooting guide for cluster replication problems how registrations and bandwidth are shared across peers how clustering works with FindMe Presence and TMS the purpose of the cluster subz...

Page 78: ...cally for subzones zones links pipes authentication bandwidth control and call policy To achieve this you define a cluster name and nominate one peer as the configuration master Approximately every mi...

Page 79: ...ot replicated user account details you can maintain these on any peer FindMe data uses a different replication mechanism You may need to wait up to one minute before changes are updated across all pee...

Page 80: ...ng section for further details Certificates The security certificates and certificate revocation lists CRLs used by the VCS must be uploaded individually per peer Configuration data that is replicated...

Page 81: ...re registrations only The SIP standard currently has no direct equivalent but some SIP UAs including TANDBERG Movi v2 0 or later clients support similar functionality If you configure such endpoints...

Page 82: ...icate configuration information Configuration information must be changed on the master peer only but changes to FindMe information can be made on any peer and will be shared with all other peers If y...

Page 83: ...ill ensure that the call is passed to that cluster regardless of the status of the individual peers Note that when you are configuring a connection to a remote cluster you need to enter the IP address...

Page 84: ...that can be dialed to initiate a call how hop counts affect the search process the searching and transform process how to use Call Policy to manage calls routing calls via the Advanced Media Gateway h...

Page 85: ...arch transforms and Call Policy 6 The VCS then applies its search rules in priority order At each priority zones are searched first in the native protocol and then if the VCS interworking configuratio...

Page 86: ...Expressway will be forced to route through the VCS Expressway The call will therefore be subject to any restrictions configured on that system About the different address types No special configuratio...

Page 87: ...warded on any further and the search will fail For search requests initiated by the local VCS the hop count assigned to the request is configurable on a zone by zone basis The zone s hop count applies...

Page 88: ...request is sent to the Local Zone or out to an external zone see the Zone searching and transform process right Zone transforms are specified as a part of the search rules configuration You can transf...

Page 89: ...are applied prior to any possible CPL modification and Zone transforms All peers in a cluster should be configured identically including any pre search transforms A VCS in a cluster treats search requ...

Page 90: ...ms are applied in order of priority and the priority must be unique for each transform Description An optional free form description of the transform Pattern type The way in which the Pattern string m...

Page 91: ...of the subzone membership rules configured on the VCS Calls to these IP addresses are not affected by the Calls to Unknown IP addresses setting the VCS will always attempt to place the call providing...

Page 92: ...rules list but are ignored by the VCS when processing search requests Configuration options The configurable options are Rule name A descriptive name for the search rule Description An optional free f...

Page 93: ...lace the matching part of the alias is substituted with the text in the Replace string The Target zone is then queried using the revised alias Note that if you want to transform the alias before apply...

Page 94: ...323 endpoints that register using a number you will need to set up the following pre search and zone transforms This will let users place calls from SIP and H 323 endpoints to H 323 endpoints register...

Page 95: ...ed whether they have registered with an H 323 ID or a full URI but uses a different regex regular expression that supports alphanumeric characters Explanation The pre search transform example below ta...

Page 96: ...rms are applied Some example configurations are given here The Any Alias mode does not support alias transforms If you want to always query a zone using a different alias to that received you need to...

Page 97: ...ch requests to this particular VCS would take up resources unnecessarily To achieve this on your Head Office VCS create a zone to represent the Sales Office VCS and set up an associated search rule wi...

Page 98: ...query a zone for the original alias at the same time as you query it for a transformed alias To do this configure one search rule example top right with a mode of Any Alias and a second search rule e...

Page 99: ...for the same zone each with for example the same Priority and an identical Pattern String to be matched but with a different replacement patterns In this situation the VCS queries that zone for each...

Page 100: ...ation mode on When Authentication mode is set to On all endpoints and neighbors are required to authenticate with it before calls will be accepted If a call is received from an unauthenticated source...

Page 101: ...is already in place If this is the case on the Call Policy configuration page VCS configuration Call Policy Configuration you will have the option to Delete uploaded file Doing so will delete the exis...

Page 102: ...he Call Policy or if Call Policy has been configured using the Call Policy rules page you could take a copy of this CPL file to use as a starting point for a more advanced CPL script If Call Policy ha...

Page 103: ...if you want to control which calls go through the AM gateway you have to set up policy rules To do this set Policy mode to On and then follow the related task link to Configure Advanced Media Gateway...

Page 104: ...d disabling policy rules When you are making or testing configuration changes to your AM gateway policy rules you may want to temporarily enable or disable certain rules You may also want to configure...

Page 105: ...o be made via one particular system such as a VCS Expressway If you do not want to use DNS as part of URI dialing within your network then no special configuration is required Endpoints will register...

Page 106: ...ill still forward the call to this zone and the call will therefore fail For this reason we recommend that this setting is left as the default Off If the Include address record setting for the DNS zon...

Page 107: ...f no NAPTR SIP or SRV SIP and H 323 records have been found for the dialed alias via this zone the VCS will then query for A and AAAA DNS records before moving on to query lower priority zones We reco...

Page 108: ...t type being used Name is the domain in the URI that the VCS is hosting e g example com Port is the IP port on the VCS that has been configured to listen for that particular service and protocol combi...

Page 109: ...VCS using an address in the format of a URI an appropriate transform should be written to convert URIs into the format used by the H 323 registrations An example would be a deployment where H 323 end...

Page 110: ...using ENUM you must configure at least one ENUM zone and configure at least one DNS Server This is described in the ENUM dialing for outgoing calls section Incoming Calls To enable endpoints in your...

Page 111: ...As and when each ENUM zone configured on the VCS is queried the E 164 number is transformed into an ENUM domain as follows a The digits are reversed and separated by a dot b The DNS Suffix configured...

Page 112: ...s for endpoints that callers in your enterprise might want to dial You can then set up search rules that filter the queries sent to each ENUM zone as follows use a Mode of Alias Pattern Match use the...

Page 113: ...10 100 u E2U h323 h323 1 example com would be interpreted as follows 10 is the order 100 is the preference u is the flag E2U h323 states that this record is for an H 323 URI h323 1 example com describ...

Page 114: ...onsume a call license for any such calls and the call signaling path will be simplified This setting is useful in a hierarchical dial plan when used on the directory VCS In such deployments the direct...

Page 115: ...S will ever have the same Call Serial Number A single call passing between two or more VCSs will be identified by a different Call Serial Number on each system Call Tag Call Tags are used to track cal...

Page 116: ...to be disconnected there is a risk that in the meantime the call has already been disconnected and the call ID assigned to a new call For this reason the VCS also allows you to reference the call usi...

Page 117: ...ages allow you to control the bandwidth that is used for calls within your local zone as well as calls out to other zones Bandwidth control TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Intr...

Page 118: ...amount of bandwidth used by endpoints on your network This is done by grouping endpoints into subzones and then applying limits to the bandwidth that can be used within each subzone between a subzone...

Page 119: ...ion you should configure separate subzones for each different part of the network Use the Default Subzone page VCS configuration Local Zone Default Subzone to place bandwidth restrictions on calls inv...

Page 120: ...disable certain rules You can do this by selecting the rule s check box and clicking Enable or Disable as appropriate Any disabled rules still appear in the rules list but are ignored by the VCS when...

Page 121: ...ure the bandwidth available between one specific subzone and another specific subzone or zone If your bandwidth configuration is such that multiple types of bandwidth restrictions are placed on a call...

Page 122: ...to apply bandwidth limitations to this link select the pipe s to be applied For more information see the Applying pipes to links section Default links About default links If a subzone has no links co...

Page 123: ...Pipes You will be taken to the Pipes page Select New You will be taken to the Create pipe page xCommand PipeAdd Editing an existing pipe To configure details of a pipe VCS configuration Bandwidth Pip...

Page 124: ...options for calls in and out of that site Example In the diagram opposite Pipe A has been applied to two links the link between the Default Subzone and the Home Office subzone and the link between th...

Page 125: ...sers will get one of the following messages depending on the system that initiated the search Exceeds Call Capacity Gatekeeper Resources Unavailable About the default call bandwidth To configure the d...

Page 126: ...ted as a separate subzone on the VCS with bandwidth configured according to local policy The enterprise s leased line connection to the Internet and the DSL connections to the remote offices are model...

Page 127: ...ion The VCS Expressway has subzones configured for the Home Office and Branch Office These are linked to the VCS Expressway s Traversal Subzone with pipes placed on each link All calls from the VCS Ex...

Page 128: ...configure the additional firewall traversal server functions of a VCS Expressway including TURN services Firewall traversal TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Introduction Overvie...

Page 129: ...ferent way Likewise each VCS client must have one traversal client zone configured on it for each server that it is connecting to The ports and protocols configured for each pair of client server zone...

Page 130: ...nnection from the VCS Control In the Client authentication username field enter the VCS Control s authentication username On the VCS Expressway add the VCS Control s authentication username and passwo...

Page 131: ...uses for outgoing connections the firewall administrator may need to know this information so that if necessary they can configure the firewall to allow outgoing connections from those ports The page...

Page 132: ...P 50000 52399 demultiplex media port range For connections to the VCS Expressway using the Assent protocol the default ports are Call signaling UDP 1719 listening port for RAS messages TCP 2776 listen...

Page 133: ...figuration Zones Edit zone in the Configuration section There must also be an entry in the VCS Expressway s authentication database with the corresponding client username and password VCS Control or V...

Page 134: ...for each IP address Firewall traversal and Dual Network Interfaces In order for Expressway firewall traversal to function correctly the firewall must be configured to allow initial outbound traffic f...

Page 135: ...Controller You do this by adding a new traversal client zone on the VCS client and configuring it with the details of the traversal server To add a new traversal client zone VCS configuration Zones Y...

Page 136: ...e for traversal server zones see the Configuring traversal server zones section Adding and configuring a traversal server zone Configuring traversal for endpoints Overview Traversal enabled H 323 endp...

Page 137: ...t cases the default ports should be used However you have the option to change these ports if necessary Configuration To configure the VCS Expressway ports VCS configuration Expressway Ports You are t...

Page 138: ...ks through ICE how they are going to communicate Depending upon how the NAT devices are configured the endpoints may be able to communicate between their public facing addresses on the NAT devices or...

Page 139: ...in order to use each of these applications They are Conference Factory Presence services OCS Relay FindMe Provisioning Starter Pack This section also provides information on TMS Agent TANDBERG VIDEO C...

Page 140: ...cation Alias The alias that will be dialed by the endpoints when the Multiway feature is activated This must also be configured on all endpoints that may be used to initiate the Multiway feature An ex...

Page 141: ...e for managing the presence information for all presentities in the SIP domain s for which the VCS is authoritative refer to the SIP domains section for more information The Presence Server can manage...

Page 142: ...d this information is more accurate Where presence information is provided by the PUA and two or more other sources the Presence Server will aggregate the presence information from all presentities to...

Page 143: ...he CLI only See xConfiguration SIP Routes Route 1 20 for details Disabled If the local Presence Server is disabled the VCS will proxy on all PUBLISH messages to one or more of its neighbor zones in ac...

Page 144: ...whether they are registered locally or to a remote server Note FindMe users will not be listed here as a FindMe entity cannot subscribe to presence information However one or more of the endpoints th...

Page 145: ...S Relay routing prefix To create a connection between the VCS and the OCS you must have already configured a neighbor zone on the VCS with details of the OCS In order for the OCS Relay application to...

Page 146: ...its User Policy as follows It first checks to see if FindMe is enabled If so it checks if the alias is a FindMe ID and if it is the call is forwarded to the aliases associated with the active locatio...

Page 147: ...sup ins del br a href is also supported but the URL can only contain A Z 0 9 dot and note that the URL is relative to the current page so you must prefix it with for example http if you want to refer...

Page 148: ...FindMe ID has an associated user account After the system administrator has set up your account you can log in to it using a web interface and configure it with details of your work locations and the...

Page 149: ...e not answered after a specified time Click Edit next to the location whose details you want to change to open a new window where you can select the primary devices associated with that location and t...

Page 150: ...e number along with any prefixes required by your dial plan for external calls telephones enter the extension number for internal calls or the full telephone number along with any necessary prefixes I...

Page 151: ...ace or mode of working such as Office or Home This name is not seen by the people that call you If the primary devices are busy Select the devices to call if any of your primary devices are busy Save...

Page 152: ...ion keys will have no effect while the Starter Pack option key is present Device authentication The provisioning server supports device authentication Provisioned devices credentials can be authentica...

Page 153: ...on the VCS Device Provisioning The TMS Agent works with the TMS Provisioning Directory to replicate and distribute the provisioning information and phonebook from TMS via VCSs to endpoint devices VCS...

Page 154: ...d passwords create and restore backups create a system snapshot view incidents and configure incident reporting use built in tools to check patterns and locate aliases view a list of all ports used by...

Page 155: ...dditional manual steps may be required Contact your TANDBERG representative for more information on how to obtain these Backing up before upgrading You should backup your system configuration before u...

Page 156: ...CP part of the PuTTY free Telnet SSH package you need to transfer two files to the VCS A text file containing just the 16 character Release Key required for the VCS platform component only Ensure ther...

Page 157: ...will consume a traversal license if there are no non traversal call licenses available Registrations the number of concurrent registrations allowed on the VCS An endpoint can register with more than o...

Page 158: ...or account authentication is enabled the necessary PEM encoded CRL data must be included within the trusted CA certificate file Click Reset to default CA certificate to replace the currently uploaded...

Page 159: ...nality apply access over SSH Telnet and through the serial port is disabled and cannot be turned on access over HTTPS is enabled and cannot be turned off the command line interface CLI is unavailable...

Page 160: ...accessed using a username and password If local user account authentication is selected each user account must be created locally by a VCS administrator If remote user account authentication is select...

Page 161: ...not administrator passwords and the root password must meet a minimum level of complexity before they are accepted If Enforce strict passwords is set to On all subsequently configured administrator p...

Page 162: ...the Username when logging into this account Enter the Initial password and then enter it again in the Confirm password field Users can change their password after they have logged in Note that passwo...

Page 163: ...ons associated with the account Close the window when you have finished making changes Note that this is the same interface that users use when they log in to their own account to configure their Find...

Page 164: ...e of the administrator group Access Read Write allows all configuration to be viewed and changed This provides the same rights as the default admin account Read Only allows status and configuration in...

Page 165: ...tificate chain of the CA that issued the LDAP server s certificate are checked The default is None Authentication configuration This section specifies the VCS s authentication credentials to use when...

Page 166: ...end this To enable and disable access to the root account using SSH and Telnet 1 Log in to the VCS as root 2 Type one of the following commands rootaccess t on to enable access using Telnet rootaccess...

Page 167: ...ell and use the serial port to manage the system Because access to the serial port allows the password to be reset it is recommended that you install the VCS in a physically secure environment Configu...

Page 168: ...window appears and prompts you to save the file the exact wording depends on your browser The default name is in the format hardware serial number _ date _ time _ backup tar gz 4 Save the file to a d...

Page 169: ...hot is used for diagnostic purposes It is a file that can be sent to your TANDBERG support representative at their request to assist them in troubleshooting issues you may be experiencing To create a...

Page 170: ...mation and any other information that either alone or in combination with other data could provide information specific to a particular person PLEASE BE SURE THAT PRIVACY PROTECTED PERSONAL DATA IS NO...

Page 171: ...customer support Maintenance Incident Reporting Configuration You will be taken to the Incident Reporting Configuration page xConfiguration Error Reports The options are Incident reports sending mode...

Page 172: ...tches the pattern The Result section shows whether the alias matched the pattern and displays the transformed alias if appropriate The Locate page Maintenance Tools Locate lets you test whether the VC...

Page 173: ...ce of the inbound communications your firewall must allow inbound traffic to the IP port on the VCS from the source of the inbound communications and return traffic from that same VCS IP port back out...

Page 174: ...m has been shut down the only way it can be restarted is by pressing the soft power button on the unit itself You must therefore have physical access to the unit if you want to restart it after it has...

Page 175: ...le shows a full list of all configuration items and where applicable their default values xCommand DefaultValuesSet Level 3 must be used with caution as it resets the system s IPv4 and IPv6 addresses...

Page 176: ...blank Option 1 64 Key all option keys are deleted SystemUnit AdminAccount 1 15 Access ReadWrite SystemUnit AdminAccount 1 15 Name blank SystemUnit AdminAccount 1 15 Password blank SystemUnit Maintena...

Page 177: ...tenance Restoring default configuration Configuration items reset by DefaultValuesSet level 2 cont Configuration item Default value after xCommand DefaultValuesSet Level 2 Login Remote LDAP Server Add...

Page 178: ...g dots or stars depending on your browser instead of the characters you are typing Command line interface CLI When entering passwords using the command line interface CLI you will type the password i...

Page 179: ...rsal Appendices Applications Maintenance This section includes the following appendices which provide supplementary information regarding the administration of the VCS CPL reference Regular expression...

Page 180: ...lns urn ietf params xml ns cpl xmlns taa http www tandberg net cpl extensions xmlns xsi http www w3 org 2001 XMLSchema instance xsi schemaLocation urn ietf params xml ns cpl cpl xsd taa routed address...

Page 181: ...is taken from the SETUP The From and ReplyTo fields of the incoming message The source aliases from the original LRQ or ARQ that started the call If a SETUP is received without a preceding RAS message...

Page 182: ...r host For URI aliases this selects the domain name part If the alias is an IP address then this subfield is the complete address in dotted decimal form tel For E 164 numbers this selects the entire s...

Page 183: ...is the highest priority Locations with the same priority are searched in parallel regex regular expression replace string Specifies the way in which a location matching the regular expression is to be...

Page 184: ...a forked call If the current location set is empty the call is forwarded to its original destination The proxy node supports the following optional parameters timeout 1 86400 Timeout duration specifie...

Page 185: ...eld origin not present Reject call with a status code of 403 Forbidden reject status 403 reason Denied by policy not present address switch taa routed cpl CPL examples Call screening based on alias In...

Page 186: ...act using example com retry the request with example net taa location clear yes regex example com replace 1 example net proxy taa location failure proxy address address switch taa routed cpl CPL examp...

Page 187: ...present reject status 403 reason Only local endpoints can use this Tandberg VCS not present address switch taa routed cpl CPL examples Block calls from Default Zone and Default Subzone The same script...

Page 188: ...hema instance xsi schemaLocation urn ietf params xml ns cpl cpl xsd taa routed address switch field destination address regex 9 address switch field originating zone Calls coming from the traversal zo...

Page 189: ...multiple failure outputs to be specified within a single proxy node This allows a script to redirect the call to different locations e g different recorded messages based on the exact reason for call...

Page 190: ...s example attempts to subscribe the presence of user example com are rejected xml version 1 0 encoding UTF 8 cpl xmlns urn ietf params xml ns cpl xmlns taa http www tandberg net cpl extensions xmlns x...

Page 191: ...iving the first character in the range followed by the character and then the last character in the range You can not use special characters within the they will be taken literally a z will match agai...

Page 192: ...currently configured on the VCS not applicable ipv4 xConfiguration Ethernet 1 IP V4 Address xConfiguration Ethernet 2 IP V4 Address Matches the IPv4 addresses currently configured on the VCS for LAN...

Page 193: ...ration Also used to replicate FindMe data if the VCS is part of a cluster with FindMe enabled 22 TCP inbound not configurable Telnet Used for unencrypted command line administration 23 TCP inbound not...

Page 194: ...port for TURN relay requests 3478 UDP inbound 1024 65534 VCS configuration Expressway TURN xConfiguration Traversal Server TURN Port VCS database and TMS Agent for clusters or TMS Encrypted administr...

Page 195: ...range of ports to be used for the media Ports are allocated from this range in pairs with the first port number of each pair being an even number See Configuring the Traversal Subzone ports for more...

Page 196: ...ain into which you wish to insert the record service _ name is the name of the service you re adding Priority is the priority as defined by RFC 2782 3 Weight is the weight as defined by RFC 2782 3 Por...

Page 197: ...e for H 323 an LDAP schema to represent H 323 endpoints H 350 2 Directory services architecture for H 235 an LDAP schema to represent H 235 elements H 350 4 Directory services architecture for SIP an...

Page 198: ...s Adding H 350 objects Create the organizational hierarchy 1 Open up the Active Directory Users and Computers MMC snap in 2 Under your BaseDN right click and select New Organizational Unit 3 Create an...

Page 199: ...lation on the Linux platform For installations on other platforms the location of the OpenLDAP configuration files may be different See the OpenLDAP installation documentation for details Installing t...

Page 200: ...izational unit to contain the H 350 objects dn ou h350 dc my domain dc com objectClass organizationalUnit ou h350 2 Add the ldif file to the server using the command slapadd l ldif _ file This organiz...

Page 201: ...lements type xConfiguration element sub element to return all current configuration for that group of sub elements To obtain information about using each of the xConfiguration commands type xConfigura...

Page 202: ...ample xConfiguration Administration HTTPS Mode On Administration HTTPS RequireClientCertificate On Off Determines whether the VCS requires a valid client certificate from your web browser before setti...

Page 203: ...ongs A cluster consists of up to 6 peers including the local VCS Note this must be a valid IPv4 or IPv6 address Example xConfiguration Alternates 1 Peer Address 10 13 0 2 Applications ConferenceFactor...

Page 204: ...domains already configured on the VCS and must be the same domain used by all FindMe names Example xConfiguration Applications OCS Relay OCS Domain example com Applications OCS Relay OCS Routing Prefi...

Page 205: ...will occur if the original attempt failed due to resource issues or other transitory errors Default 5 Example xConfiguration Applications Presence User Agent RetryDelta 5 Authentication Credential 1 2...

Page 206: ...nfiguration Authentication Password password123 Authentication UserName S 0 128 The username used by the VCS when authenticating with another system Note this does not apply to traversal client zones...

Page 207: ...ndwidth Link 1 Pipe2 Name 2Gb Broadband Bandwidth Pipe 1 1000 Bandwidth PerCall Limit 1 100000000 If this pipe has limited per call bandwidth sets the maximum amount of bandwidth in kbps available for...

Page 208: ...neighbors Direct allows an endpoint to make a call to an unknown IP address without the VCS querying any neighbors The call setup would occur just as it would if the far end were registered directly...

Page 209: ...address of that static NAT Note you must restart the system for any changes to take effect Example xConfiguration Ethernet 1 IP V4 StaticNAT Address 64 22 64 85 Ethernet 1 2 IP V4 StaticNAT Mode On O...

Page 210: ...Server Certificate Verification Mode On H323 Gatekeeper AutoDiscovery Mode On Off Determines whether or not the VCS responds to gatekeeper discovery requests from endpoints Default On Example xConfig...

Page 211: ...Live 60 65534 Specifies the interval in seconds at which an H 323 endpoint must re register with the VCS in order to confirm that it is still functioning Default 1800 Example xConfiguration H323 Gatek...

Page 212: ...servers Example xConfiguration IP DNS Domain Name example com IP DNS Hostname S 0 63 Defines the DNS host name that this system is known by Note that this is not the fully qualified domain name just t...

Page 213: ...S Value 0 63 The value to be stamped onto all signaling and media traffic routed through the VCS Note you must restart the system for any changes to take effect Example xConfiguration IP QoS Value 16...

Page 214: ...P Password password123 LDAP Server Address S 0 128 Sets the IP address or Fully Qualified Domain Name FQDN of the LDAP server to use when making LDAP queries Example xConfiguration LDAP Server Address...

Page 215: ...dministrator login credentials are authenticated before access is allowed to the VCS Remote credentials are verified against an external credentials directory for example Windows Active Directory Loca...

Page 216: ...e when binding to the LDAP server None no mechanism is used DIGEST MD5 The DIGEST MD5 mechanism is used Default DIGEST MD5 Example xConfiguration Login Remote LDAP SASL DIGEST MD5 Login Remote LDAP Se...

Page 217: ...ed ReadWrite configuration can be viewed and changed Default ReadWrite Example xConfiguration Login User Groups Group 1 Access ReadWrite Login User Groups Group 1 15 Name S 0 128 Defines the name of a...

Page 218: ...y FindMe Mode Off On ThirdPartyManager Configures how the FindMe application operates Off disables FindMe On enables FindMe ThirdPartyManager uses an off box third party FindMe manager Default Off Exa...

Page 219: ...uffix regular expression or must be matched exactly Exact the string must match the alias character for character Prefix the string must appear at the beginning of the alias Suffix the string must app...

Page 220: ...el 90 Services AdvancedMediaGateway Policy Mode On Off Controls whether the policy rules are used to control access to the Advanced Media Gateway Default Off Example xConfiguration Services AdvancedMe...

Page 221: ...200 State Enabled Disabled Indicates if the policy rule is enabled or disabled Disabled policy rules are ignored Default Enabled Example xConfiguration Services AdvancedMediaGateway Policy Rules Rule...

Page 222: ...nts that support it Default On Example xConfiguration SIP Require Duo Video Mode On SIP Require UDP BFCP Mode On Off Controls whether the VCS will require the use of the com tandberg udp bfcp extensio...

Page 223: ...be routed Default 5060 Note this command is intended for developer use only Example xConfiguration SIP Routes Route 1 Port 22400 SIP Routes Route 1 20 Request Line Pattern S 0 128 Regular expression...

Page 224: ...bound Port End 1024 65534 Specifies the upper port in the range to be used by outbound TCP TLS SIP connections Default 29999 Example xConfiguration SIP TCP Outbound Port End 29999 SIP TCP Outbound Por...

Page 225: ...Smith SNMP SystemLocation S 0 70 Specifies the physical location of the VCS Example xConfiguration SNMP SystemLocation Server Room 128 SystemUnit AdminAccount 1 15 Access AccountDisabled ReadOnly Rea...

Page 226: ...guration SystemUnit Password password123 SystemUnit StrictPassword Enforce On Off Determines whether or not administrator passwords must meet a certain level of complexity before they are accepted Def...

Page 227: ...n order of priority and the priority must be unique for each transform Default 1 Example xConfiguration Transform 1 Priority 10 Transform 1 100 State Enabled Disabled Indicates if the transform is ena...

Page 228: ...the port on the VCS to be used for demultiplexing RTP media Note You must restart the system for any changes to take effect Default 2776 Example xConfiguration Traversal Server Media Demultiplexing RT...

Page 229: ...ubzone applies only if the mode is set to Limited Default 1920 Example xConfiguration Zones LocalZone DefaultSubZone Bandwidth PerCall Intra Limit 1920 Zones LocalZone DefaultSubZone Bandwidth PerCall...

Page 230: ...ied and thus to which subzone the endpoint is assigned if an endpoint s address satisfies multiple rules The rules with the highest priority 1 then 2 then 3 and so on are applied first If multiple Sub...

Page 231: ...this subzone Default Unlimited Example xConfiguration Zones LocalZone SubZones SubZone 1 Bandwidth PerCall Inter Mode Limited Zones LocalZone SubZones SubZone 1 1000 Bandwidth PerCall Intra Limit 1 1...

Page 232: ...or not H 323 calls using H460 18 mode for firewall traversal will be allowed Applies to traversal enabled endpoints registered directly with the VCS Default On Example xConfiguration Zones LocalZone T...

Page 233: ...irewall s NAT bindings open Default 20 Example xConfiguration Zones LocalZone Traversal H323 UDPProbe KeepAliveInterval 20 Zones LocalZone Traversal H323 UDPProbe RetryCount 1 65534 Sets the number of...

Page 234: ...query to the DNS zone Zones Policy SearchRules Rule 1 2000 Mode AliasPatternMatch AnyAlias AnyIPAddress Determines whether a query is sent to the target zone AliasPatternMatch queries the zone only i...

Page 235: ...ared to the priority of the other search rules All Priority 1 search rules are applied first followed by all Priority 2 search rules and so on Default 100 Example xConfiguration Zones Policy SearchRul...

Page 236: ...G711u Zones Zone 1 1000 DNS Interworking SIP EmptyInviteAllowed On Off Determines whether the VCS will generate a SIP INVITE message with no SDP to send to this zone INVITEs with no SDP mean that the...

Page 237: ...e 1 1000 DNS SIP Record Route Address Type IP Hostname Controls whether the VCS uses its IP address or host name in the record route or path headers of outgoing SIP requests to this zone Note setting...

Page 238: ...SIP UDP BFCP Filter Mode Off Zones Zone 1 1000 DNS ZoneProfile Default Custom MicrosoftOCS2007 CiscoUnifiedCommunicationsManager NortelCS1000 AdvancedMediaGateway Determines how the zone s advanced s...

Page 239: ...Determines whether the VCS will generate a SIP INVITE message with no SDP to send to this zone INVITEs with no SDP mean that the destination device is asked to initiate the codec selection and are us...

Page 240: ...Mode On Off Controls whether authenticated SIP messages ones containing a P Asserted Identity header from this zone are trusted On messages are trusted without further challenge Off messages are chal...

Page 241: ...hat if they are received by the local VCS again they will be rejected On SIP requests sent out via this zone that are received again by this VCS will be rejected Off SIP requests sent out via this zon...

Page 242: ...On Off Controls X 509 certificate checking and mutual authentication for inbound and outbound connections between this VCS and the neighbor system When enabled the neighbor system s FQDN or IP address...

Page 243: ...Zones Zone 1 1000 TraversalClient Authentication UserName S 0 128 The user name used by the VCS when connecting to the traversal server Example xConfiguration Zones Zone 1 TraversalClient Authenticati...

Page 244: ...ne 4 TraversalClient SIP Port 5061 Zones Zone 1 1000 TraversalClient SIP TLS Verify Mode On Off Controls X 509 certificate checking and mutual authentication between this VCS and the traversal server...

Page 245: ...Zones Zone 1 1000 TraversalServer SIP Poison Mode On Off Determines whether SIP requests sent out to this zone will be poisoned such that if they are received by the local VCS again they will be reje...

Page 246: ...traversal client will attempt to send a TCP probe to the VCS Default 5 Example xConfiguration Zones Zone 5 TraversalServer TCPProbe RetryCount 5 Zones Zone 1 1000 TraversalServer TCPProbe RetryInterv...

Page 247: ...TraversalClient TraversalServer ENUM DNS Determines the nature of the specified zone in relation to the local VCS Neighbor the new zone will be a neighbor of the local VCS TraversalClient there is a...

Page 248: ...mation about using each of the xCommand commands from within the CLI type xCommand or xCommand to return all current xCommand commands available on the VCS type xCommand to return all current xCommand...

Page 249: ...Example xCommand AMGWPolicyRuleDelete AMGWPolicyRuleId 1 AdminAccountAdd Creates a new administrator account Name r S 0 25 Defines the name of an administrator user who can login to the VCS web interf...

Page 250: ...dministrator login group AdminLoginGroupId r 1 30 The index of the administrator login group to be deleted Example xCommand AdminLoginGroupDelete AdminLoginGroupId 1 AllowListAdd Adds an entry to the...

Page 251: ...h 512 CallType nontraversal CheckPattern A diagnostic tool that allows you to check the result of an alias transform local or zone before you configure it on the system Note that this command does not...

Page 252: ...tems to their default value Level 3 resets all critical configuration items plus Level 1 and Level 2 items to their default value See the Restoring default configuration section for full details Examp...

Page 253: ...and Presence Server for this domain and will accept registration requests for any SIP endpoints attempting to register with an alias that includes this domain The domain name can comprise multiple le...

Page 254: ...XML format to the specified URL Up to 15 expressions may be registered for each of 3 feedback IDs ID 1 3 The ID of this particular feedback request URL r S 1 256 The URL to which notifications are to...

Page 255: ...to which this link will be applied Node2 S 1 50 Specifies the second zone or subzone to which this link will be applied Pipe1 S 1 50 Specifies the first pipe to be associated with this link Pipe2 S 1...

Page 256: ...from which to simulate the search request Choose from the Default Zone an unknown remote system the Local Zone a locally registered endpoint or any other configured neighbor traversal client or trave...

Page 257: ...ximum bandwidth in kbps available at any one time on the pipe Default 500000 PerCallMode Unlimited Limited NoBandwidth Determines whether or not this pipe is limiting the bandwidth of individual calls...

Page 258: ...es the IP address of the gateway for this route Interface Auto LAN1 LAN2 Specifies the LAN interface to use for this route Auto the VCS will select the most appropriate interface to use Default Auto E...

Page 259: ...select this route e g INVITE SUBSCRIBE RequestLinePattern r S 0 128 Regular expression to match against the SIP request line HeaderName r S 0 64 Name of SIP header field to match e g Event HeaderPatt...

Page 260: ...vailable No calls can be made to from or within this subzone Default Unlimited Total 1 100000000 Sets the total bandwidth limit in kbps of this subzone applies only if the mode is set to Limited Defau...

Page 261: ...membership rule Type r Subnet AliasPatternMatch The type of address that applies to this rule Subnet assigns the device if its IP address falls within the configured IP address subnet Alias Pattern M...

Page 262: ...ppends the replace string to the alias Default Strip Replace S 0 60 The text string to use in conjunction with the selected Pattern behavior Priority 1 65534 Assigns a priority to the specified transf...

Page 263: ...Example xCommand WarningLower WarningID ab3d63f6 c0bb 4a9c a121 e683abfedff0 WarningRaise Raises a warning Note this command is intended for developer use only WarningID r S 36 36 The warning ID Warni...

Page 264: ...aintenance Command reference xCommand ZoneDelete Deletes a zone ZoneId r 1 1000 The index of the zone to be deleted Example xCommand ZoneDelete ZoneId 2 ZoneList A diagnostic tool that returns the lis...

Page 265: ...us element returns information about one or more sub elements The following pages list all the xStatus commands currently available on the VCS and the information that is returned by each To obtain in...

Page 266: ...ommand reference xStatus Alternates Peer 1 6 Hidden for Peer n when Peer n is self Status Active Failed Unknown Cause Visible if status is Failed No response from gatekeeper DNS resolution failed Inva...

Page 267: ...traversal Appendices Applications Maintenance Command reference xStatus Subscriptions Subscribers Count 0 n Max 0 n Subscriber 1 2500 URI S 1 255 Subscription Count 1 100 Count 1 2500 Max 1 2500 Expi...

Page 268: ...Subscription successful Subscription error response Failed Notification received Active Registration State Registered Not Registered Presence OCS Machine State Offline Available Undefined User State U...

Page 269: ...323Id Value S 1 60 SIP visible if Protocol SIP Address IPv4Addr IPv6Addr 1 65534 Transport UDP TCP TLS undefined Aliases Alias 1 50 Type URL Value S 1 60 EncryptionType None DES AES 128 CheckCode S 1...

Page 270: ...Command reference xStatus Bandwidth Requested 0 100000000 kbps Allocated 0 100000000 kbps Route Zone Link S 1 50 Node name 0 150 entries Media visible if MediaRouted True Channels Channel 1 n Type AU...

Page 271: ...from external manager Failed to register to external manager DNS resolution failed Address IPv4Addr IPv6Addr Protocol HTTP URL S 0 255 Feedback 1 3 Status On Off URL S 1 255 Expression S 1 127 0 15 en...

Page 272: ...tenance Command reference xStatus Assent CallSignaling Status Active Inactive Failed IPv4 Visible if Status Active Address IPv4Addr 1 2 entries IPv6 Visible if Status Active Address IPv6Addr 1 2 entri...

Page 273: ...e LDAP server certificate is signed by a CA and that CA is included on the CA certificate installed on the VCS Failed to authenticate with LDAP server A valid CA certificate for the LDAP database has...

Page 274: ...1 128 Pipes Pipe 1 1000 Name S 1 50 Pipe name Bandwidth LocalUsage 0 100000000 ClusterUsage 0 100000000 Calls Call 0 900 0 900 entries CallID S 1 255 Registrations Registration 1 3750 Protocol H323 SI...

Page 275: ...s IPv4Addr IPv6Addr 1 65534 Apparent IPv4Addr IPv6Addr 1 65534 Prefix S 1 20 0 50 entries Aliases Alias 1 50 Type E164 H323Id URL Email GW Prefix MCU Prefix Prefix Suffix IPAddress Origin Endpoint LDA...

Page 276: ...traversal Appendices Applications Maintenance Command reference xStatus TURN Relays Current 0 1400 Max 0 1400 Total 0 4294967295 SIP Ethernet 1 2 IPv4 UDP Status Active Inactive Failed Address IPv4Add...

Page 277: ...time Time in seconds SystemTime Time not set date time TimeZone GMT or one of 300 other timezones LocalTime local date time Software Version X5 1 Build Number Uncontrolled Name Release ReleaseDate Dat...

Page 278: ...aintenance Command reference xStatus TURN Server Status Active Inactive Interface 1 2 Address IPv4Addr IPv6Addr Relays Count 0 1400 Relay 1 1400 Address IPv4Addr IPv6Addr Client Address IPv4Addr IPv6A...

Page 279: ...pplications Maintenance Command reference xStatus Received Requests Total 0 65535 Allocate 0 65535 Refresh 0 65535 Permission 0 65535 ChannelBind 0 65535 Sent Responses Total 0 65535 Allocate 0 65535...

Page 280: ...535 NoPermission 0 65535 InvalidType 0 65535 FilterFailure 0 65535 Warnings Warning 1 n ID S 36 36 Reason S 0 255 State Acknowledged Unacknowledged Zones DefaultZone Name DefaultZone Bandwidth LocalUs...

Page 281: ...e TraversalSubZone Bandwidth LocalUsage 0 100000000 ClusterUsage 0 100000000 Calls Section visible only if there are calls Call 0 900 0 900 entries CallId S 1 255 ClusterSubZone Name ClusterSubZone Ba...

Page 282: ...Peer 1 6 H323 Visible if H323 Mode On for Zone Status Unknown Active Failed Cause Visible if Status is Failed No response from gatekeeper DNS resolution failed Invalid IP address Address IPv4Addr IPv6...

Page 283: ...iled Cause Visible if Status is Failed No response from neighbor DNS resolution failed Address IPv4Addr IPv6Addr One Address line per address from DNS lookup Port 1 65534 LastStatusChange Time not set...

Page 284: ...as been temporarily disabled because an upgrade is in progress Wait until the upgrade has completed Cluster replication error cannot find master or this peer s configuration file manual synchronizatio...

Page 285: ...ount security mode Configure login account LDAP server HTTPS client certificate checking client certificate checking mode has changed however a restart is required for this to take effect Restart the...

Page 286: ...more administrators has a password that does not meet strictness requirements View and edit administrator accounts Security alert the admin user has the default password set Change the admin password...

Page 287: ...9 12 Traversal Using Relays around NAT TURN Relay Extensions to Session Traversal Utilities for NAT STUN http tools ietf org html draft ietf behave turn 16 13 RFC 4787 Network Address Translation NAT...

Page 288: ...0 TANDBERG Deployment Guide Authenticating VCS accounts using LDAP document number D14526 www tandberg com support documentation php 31 TANDBERG Deployment Guide VCS and ENUM dialing document number D...

Page 289: ...face or CPL script that determine the action s to be applied to calls matching a given criteria Also referred to as Administrator Policy CLI Command line interface A text based user interface used to...

Page 290: ...ng FQDN Fully Qualified Domain Name A domain name that specifies the node s position in the DNS tree absolutely uniquely identifying the system or device Note that in order to use FQDNs instead of IP...

Page 291: ...ll endpoints and other systems registered to all peers in that cluster LRQ Location Request A RAS query between gatekeepers to determine the location of an endpoint MCU Multipoint Control Unit A netwo...

Page 292: ...SIP endpoints it does not participate in the call after it is set up QoS Quality of Service Mechanisms that give a network administrator the ability to provide different priorities to an applications...

Page 293: ...where both signaling and media are routed through the local VCS See the What are traversal calls section for more information Traversal client A traversal entity on the private side of a firewall Exam...

Page 294: ...l Zone Zones are used on the VCS to define and configure connections to locally registered and external systems and endpoints The Local Zone refers to all the locally registered endpoints and systems...

Page 295: ...atent and other intellectual property rights of various jurisdictions This product is Copyright 2010 Tandberg Telecom AS All rights reserved This product includes copyrighted software licensed from ot...

Page 296: ...2 Avenue of the Americas 24th Floor New York NY 10036 Telephone 1 212 692 6500 Fax 1 212 692 6501 Video 1 212 692 6535 Email tandberg tandberg com TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUI...

Reviews:

No comments

Brands by name

Popular brands

Load more brands