background image

72

D14049.05 
February 2009

Grey Headline 

(continued)

This section begins with an 

overview

 of all the different types of subzones and zones 

and how these fit into the overall structure of your video communication network.

It then provides information on the pages that appear under the 

Local Zone

zones

 

and 

Alternates

 sub-menus of the VCS Configuration menu.

These pages allow you to:

configure the VCS’s Local Zon

• 

e

 (which is made up of subzones, including the 

Traversal Subzone and Default Subzone) 

create and configure external zone

• 

s

 to communicate with other systems and 

endpoints, including other VCSs, Gatekeepers, Border Controllers or SIP devices, 
and endpoints contactable via DNS or ENUM dialing.

create VCS cluster

• 

s

 to increase the capacity of your local zone, and for resiliency.

Zones and neighbors

TANDBERG

 VIDEO COMMUNICATIONS SERVER 

ADMINISTRATOR GUIDE

Introduction

Getting started

Overview and 

status

System 

configuration

VCS  

configuration

Zones and 

neighbors

Call  

processing

Bandwidth 

control

Firewall 

traversal

Appendices

Applications

Maintenance

Summary of Contents for Video Communication Server

Page 1: ...rver ADMINISTRATOR GUIDE Version X4 1 February 2009 Introduction Getting started Overview and status System configuration VCS configuration Zones and neighbors Call processing Bandwidth control Firewa...

Page 2: ...SSH and Telnet 25 Administrator password security 25 Resetting a forgotten administrator or root password 25 Web interface 26 Using the web interface 26 How page navigation is shown in this guide 26 S...

Page 3: ...SIP overview 59 About SIP on the VCS 59 Using the VCS as a SIP registrar 59 Proxying registration requests 59 Using the VCS as a SIP proxy server 59 Using the VCS as a SIP Presence Server 60 SIP endp...

Page 4: ...81 Client settings 81 Location 81 Configuring traversal server zones 82 Client authentication username 82 Protocol 82 Advanced 82 UDP TCP probes 82 Configuring ENUM zones 83 DNS settings 83 Protocol 8...

Page 5: ...ng domain for dialing to H 323 numbers 99 Combining match types and priorities 100 Never query a zone 100 Always query a zone never apply transforms 100 Filter queries to a zone without transforming 1...

Page 6: ...idth control overview 121 Bandwidth control on the VCS 121 Example network deployment 121 Subzones 122 About subzones and bandwidth control 122 About the Traversal Subzone 122 Traversal calls 122 Band...

Page 7: ...141 Configuring STUN services 141 Applications Conference Factory 143 Overview 143 Process 143 Configuration 143 Presence 144 Overview 144 Presence Server 144 Presence User Agent PUA 145 Overview 145...

Page 8: ...g SCP PSCP 156 Downgrading software 157 Downgrade procedure 157 Prerequisites 157 Backing up current configuration 157 Impact on new features 157 Downgrades to version X3 157 Root account password 157...

Page 9: ...to a local gateway 180 Using the address switch node 180 Using the rule switch node 180 Redirecting failed calls based on status code 181 Regular expression reference 182 Overview 182 Common regular e...

Page 10: ...tandberg com collateral documentation User_Manuals TANDBERG VCS EULA pdf and http www tandberg com collateral documentation User_Manuals TANDBERG VCS Copyrights pdf IMPORTANT USE OF THIS PRODUCT IS SU...

Page 11: ...or any other power source before consulting service personnel The plug connecting the power cord to the product power supply serves as the main disconnect device for this equipment The power cord mus...

Page 12: ...use the appropriate take back systems in your area Those systems will reuse or recycle most of the materials of your end of life equipment in a sound way TANDBERG products put on the market after Augu...

Page 13: ...EO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introduction Getting started Overview and status System configuration VCS configuration Zones and neighbors Call processing Bandwidth control Firewall trav...

Page 14: ...es the video experience and provides seamless communication between SIP and H 323 devices utilizing IETF and ITU standards The VCS is the center of the video communication network and connects all H 3...

Page 15: ...y deployed within your wide area network with endpoints that are behind the same firewalls or NAT devices The VCS Control replaces the need to have separate H 323 gatekeeper SIP registrar and H 323 SI...

Page 16: ...ith other systems such as VCSs Border Controllers gatekeepers and SIP proxies Can be part of a cluster of up to 6 VCSs for increased capacity and redundancy Intelligent Route Director for single numbe...

Page 17: ...nfiguration data is managed in TMS and distributed to the clients through the TMS Agent running on the VCS The TMS Agent on the VCS also provides TMS with the Movi client s status There is no configur...

Page 18: ...lls or registrations This feature is managed using the CLI only using the command ResourceUsage Warning Activation Level 0 100 Clustering The replication of configuration information including FindMe...

Page 19: ...eeds Please let us know how well we succeeded Using this Administrator Guide Typographical conventions Most configuration tasks on the VCS can be performed by using either the web interface or a comma...

Page 20: ...ation settings and describes how to access the VCS using either the command line interface CLI or the web interface Getting started TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introductio...

Page 21: ...rted Guide accompanying your TANDBERG product Make sure that the VCS is accessible and that all cables can be easily connected For ventilation leave a space of at least 10cm 4 inches behind the VCS s...

Page 22: ...OK You must now reboot the system in order 9 for the new settings take effect To do this type the command xCommand boo t Once it has rebooted the VCS is ready to use You can continue to use the serial...

Page 23: ...alled the LAN 2 settings you must use the web interface or CLI IP Settings Commands IP Information IP Address IP Default GW IP Netmask Reboot IP Address Main Menu IP Settings Commands IP Information U...

Page 24: ...as well and use the serial port to manage the system Because access to the serial port allows the password to be reset it is recommended that you install the VCS in a physically secure environment Con...

Page 25: ...ion should not be conducted using this account Use the admin account instead Changing the root account password To change the password for the root account Log in to the VCS as 1 root By default you c...

Page 26: ...inistrator 3 username and password and select Login You will be presented with the Overview page When logging in using the VCS web interface you may receive a warning message regarding the VCS s secur...

Page 27: ...age which gives information about the warning and its suggested resolution Information box A yellow information box will appear on the configuration pages whenever you either click on the Information...

Page 28: ...ystem Information such as current calls and registrations is available through this command group xConfiguration These commands allow you to add and edit single items of data such as IP address and zo...

Page 29: ...web interface These pages provide information on the current status and configuration of the VCS Overview and status TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introduction Getting start...

Page 30: ...4 address es IPv6 address The VCS s IPv6 address es Options The maximum number of calls and registrations and the availability of additional VCS features such as User Policy Device Provisioning TMS Ag...

Page 31: ...er of the hardware on which the VCS software is installed Hardware serial number The serial number of the hardware on which the VCS software is installed Time Information Up time The amount of time th...

Page 32: ...ress and subnet mask and IPv6 address of the LAN 2 port DNS Server 1 5 address The IP address es of each of the DNS servers that will be queried when resolving domain names Up to 5 DNS servers may be...

Page 33: ...ice from automatically re registering Filter To limit the list of registrations enter one or more characters in the Filter field and select Filter Only those registrations that contain in any of the d...

Page 34: ...rmation about an individual device s registration The exact details and options shown here will depend on the device s protocol whether the registration is still current and whether a Deny List is in...

Page 35: ...S has no authority over the endpoints Although releasing the resources may have the side effect of disconnecting the SIP call it is also possible that the call signaling media or both may stay up depe...

Page 36: ...ual media channels audio video data etc that made up the call View all details of this call takes you to the Call details page where you can view full information about this call View search details f...

Page 37: ...up which sends a request to the device asking it to accept the call Each message shows up as a separate search in the Search history page but only the Setup message will be associated with a particula...

Page 38: ...e total amount of bandwidth used by all calls passing through the subzone Local Zone The Zone status page lists all the zones that are currently configured on your VCS the number of calls and amount o...

Page 39: ...ipes The Pipe status page lists all the pipes currently configured on your VCS along with the number of calls and the bandwidth being used by each pipe To view the Pipe status page Status Bandwidth Pi...

Page 40: ...e configured from the STUN page VCS configuration Expressway STUN To view the STUN Relays page Status STUN Relays The page displays the following information Relay The index number of the relay Client...

Page 41: ...being handled by the OCS Relay application and shows the current status of each The OCS Relay application is required in deployments that use both Microsoft Office Communicator MOC clients and FindMe...

Page 42: ...cent being shown first Most tvcs events contain hyperlinks in one or more of the fields such fields will change color when you hover over them You can click on the hyperlink to show only those events...

Page 43: ...date time process _ name message _ details where Field Description date the local date on which the message was logged time the local time at which the message was logged process _ name the name of th...

Page 44: ...present the first H 323 Alias associated with the recipient of the message If present the first E 164 Alias associated with the recipient of the message Detail Descriptive detail of the Event Auth Whe...

Page 45: ...ystem Backup A system backup has started 1 Beginning System Restore A system restore has started 1 Call Answer Attempted An attempt to answer a call has been made 1 Call Attempted A call has been atte...

Page 46: ...a message such as a registration request to the VCS This could be either because the endpoint has not supplied any authentication credentials or because its credentials do not match those expected by...

Page 47: ...nse Received A call related SIP response has been received 2 Response Received A non call related SIP response has been received 3 Response Sent A call related SIP response has been sent 2 Response Se...

Page 48: ...User session finish A FindMe user has logged out of the system 1 User session Login failure An unsuccessful attempt has been made to log in as a FindMe user This could be because either an incorrect...

Page 49: ...he search so that only those events that contain that same text string are shown For example clicking on the text that appears after Event will filter the list to show all the events of that particula...

Page 50: ...lation to the network in which it is located for example its IP settings and the external services used by the VCS e g DNS NTP and SNMP System configuration TANDBERG VIDEO COMMUNICATIONS SERVER ADMINI...

Page 51: ...or Telnet By default access via HTTPS and SSH is enabled access via Telnet is disabled You can also enable access via HTTP However this mode works by redirecting HTTP calls to the HTTPS port so HTTPS...

Page 52: ...CS to your network and access it via the default address so that you can configure it remotely You should configure the LAN 1 port and restart the VCS before configuring the LAN 2 port About Dual Netw...

Page 53: ...to set the timestamp that appears at the start of each line in the Event Log and Configuration Log To go to the Time page System configuration Time To configure these settings using the CLI xConfigur...

Page 54: ...the SNMP community within which it resides You may optionally provide the name of a System contact and the physical Location of the system for reference by administrators when following up on queries...

Page 55: ...s plus SIP messages Setting the Event Log level You can control which events are logged by the VCS by setting the log level All events with a level numerically equal to and lower than the specified lo...

Page 56: ...23 and the H 323 configuration options available on the VC S an overview of SIP and the SIP configuration options available on the VCS how to configure the VCS to act as a SIP to H 323 gateway how to...

Page 57: ...on control To enable the VCS as an H 323 Gatekeeper you must ensure that H 323 mode is set to On VCS configuration Protocols H 323 This is the default setting so the VCS will work as an H 323 gatekeep...

Page 58: ...using the same alias a single endpoint has previously registered using a particular alias The IP address allocated to the endpoint then changes and the endpoint is attempting to re register using the...

Page 59: ...uests such as REGISTER and INVITE from endpoints or other proxy servers These requests are forwarded on to other proxy servers or to the destination endpoint Whether or not the VCS acts as a SIP proxy...

Page 60: ...ess or FQDN of the SIP Registrar into your SIP endpoint To enable the VCS to be used as the SIP Registrar for a particular endpoint the VCS must be configured with the SIP domain used by the endpoint...

Page 61: ...ng Route Sets will be rejected Proxy to known only Registration requests will be proxied and invite requests will be proxied only if the Route Set contains the URI s of neighbors including traversal c...

Page 62: ...23 gateway are traversal calls They will therefore require a traversal call licence Overview Configuring interworking The Interworking page allows you to allows you to determine whether or not the VCS...

Page 63: ...ese systems are configured with their own prefix which they provide to the VCS when registering The VCS will then know to route all calls that begin with that prefix to the gateway MCU or Content Serv...

Page 64: ...address or FQDN of the Registrar with which they wish to register and the endpoint will attempt to register with that Registrar only The VCS is a SIP Server for endpoints in its local zone and can als...

Page 65: ...VCS Authentication database When Authentication Mode is On endpoints must authenticate with the VCS before they can register In order to authenticate successfully the endpoint must supply the VCS wit...

Page 66: ...AOR does not match that in the LDAP database Configuring the LDAP server directory The directory on the LDAP server should be configured to implement the ITU H 350 specification 2 to store credential...

Page 67: ...side Alias origin This setting determines the alias es with which the endpoint will attempt to register The options are as follows LDAP The alias es presented by the endpoint will be used as long as t...

Page 68: ...CS Password The password used by the endpoint when authenticating with the VCS Authentication using a local database Configuring the local authentication database The Local Authentication Database pag...

Page 69: ...e VCS using an alias that has already been registered on the VCS from another IP address The reasons for this could include two endpoints at different IP addresses are attempting to register using the...

Page 70: ...Configuration page VCS configuration Registration Configuration To configure this using the CLI xConfiguration Registration RestrictionPolic y The Restriction policy option specifies the policy to be...

Page 71: ...the Allow List You will be taken to the Create Allow Pattern page Delete Select Delete to remove the pattern from the list After configuring the Allow List you must set the restriction policy to Allow...

Page 72: ...p of subzones including the Traversal Subzone and Default Subzone create and configure external zone s to communicate with other systems and endpoints including other VCSs Gatekeepers Border Controlle...

Page 73: ...used by and between different parts of your network This section will give you an overview of the different parts of the video communications network and the ways in which they can be connected This...

Page 74: ...for more information Overview Bandwidth management The Local Zone s subzones exist for the purposes of bandwidth management Once you have set up your subzones you can apply bandwidth limits to indivi...

Page 75: ...ersal calls as these can be particularly resource intensive See the chapter on Bandwidth control and the section Bandwidth consumption of traversal calls for more information on controlling the bandwi...

Page 76: ...ay must have a special type of two way relationship with each traversal client To create this connection you create a traversal server zone on your local VCS Expressway and configure it with the detai...

Page 77: ...ault Zone and default links between it and both the Default Subzone and the Traversal Subzone The purpose of the Default Zone is to allow you to manage incoming calls from unrecognized endpoints to th...

Page 78: ...n this zone These features are described in full in the section Zone searching and transforming You can test whether a pattern will match a particular alias by using the Check pattern page Maintenance...

Page 79: ...for connections to a Microsoft OCS 2007 server Refer to the relevant TANDBERG VCS Deployment Guide at http www tandberg com support documentation php full details on how to configure the VCS and OCS...

Page 80: ...must be set to On for connections to these systems SIP SDP attribute line limit length If SIP SDP attribute line limit mode is set to On sets the maximum line length of a fmtp SDP lines The default i...

Page 81: ...SIP mode Determines whether SIP calls will be allowed to and from the traversal server SIP port Specifies the port on the traversal server to be used for SIP calls to and from the VCS SIP transport De...

Page 82: ...3 calls will be allowed to and from the traversal client H 323 protocol Determines the protocol Assent or H 460 18 to be used to traverse the firewall NAT See Firewall traversal protocols for more inf...

Page 83: ...ialed alias via this zone the VCS will then query for A and AAAA DNS records before moving on to query lower priority zones If A and AAAA records exist at the same domain for systems other than those...

Page 84: ...er priority zones and the call will be forwarded to this zone even if it cannot support it Empty INVITE allowed Determines whether the VCS will generate a SIP INVITE message with no SDP to send via th...

Page 85: ...ge VCS Local Zone The diagram opposite shows four peers clustered together to form one large Local Zone About the configuration master All peers in a cluster must be configured identically for subzone...

Page 86: ...eers 27 Setting configuration for the cluster You must make all configuration changes on the master only Any changes made on other peers will not be reflected across the cluster and will be overwritte...

Page 87: ...s of bandwidth control including subzones links and pipes Peers share their bandwidth usage information with all other peers in the cluster so when one peer is consuming part or all of the bandwidth a...

Page 88: ...rmation If you are using FindMe on your VCS version X4 cluster FindMe databases will be automatically replicated between peers Enabling SSH The replication of all configuration including FindMe data b...

Page 89: ...zone will ensure that the call is passed to that cluster regardless of the status of the individual peers Note that when you are configuring a connection to a remote cluster you need to enter the IP...

Page 90: ...An alternative deployment would use a structured dial plan whereby endpoints are assigned an alias based on the system they are registering with If you are using E 164 aliases each VCS would be assign...

Page 91: ...to initiate a cal l how to apply transforms to the address that was diale d either before searching on the local VCS or when sending the search request to the Local Zone and external zones how to use...

Page 92: ...arches in order of priority all its zone matches including those configured on the Local Zone which includes any cluster peers At each priority zones are searched first in the native protocol and then...

Page 93: ...route through the VCS Expressway The call will therefore be subject to any restrictions configured on that system About the different address types No special configuration is required in order to pla...

Page 94: ...further For search requests initiated by the local VCS the hop count assigned to the request is configurable on a zone by zone basis The zone s hop count will apply to all search requests originating...

Page 95: ...epending on where the search came from and the Interworking mode VCS configuration Protocols Interworking If that search was unsuccessful the VCS will then move on to the next highest priority zones s...

Page 96: ...he pre search transform function allows you to modify the alias in an incoming search request The transformation is applied by the VCS before any searches take place either locally or to external zone...

Page 97: ...tern match that matches the alias If the pattern match has a transform the search alias will be transformed before being sent to the zone and the zone will be queried using the new alias Each zone has...

Page 98: ...ich the string must match the alias Options are Exact the string must match the alias character for character Prefix the string must appear at the beginning of the alias Suffix the string must appear...

Page 99: ...23 endpoints that register using a number you will need to set up the following pre search and local zone transforms This will enable users to place calls from SIP and H 323 endpoints to H 323 endpoin...

Page 100: ...termining if and when the zone will be queried and whether any transforms will be applied Some example configurations are given here The AlwaysMatch mode does not support alias transforms Should you w...

Page 101: ...search requests sent to a zone so that it is only queried for aliases that match certain criteria For example assume all endpoints in your regional sales office are registered to their local VCS with...

Page 102: ...ginal and transformed alias You may wish to query a zone for the original alias at the same time as you query it for a transformed alias To do this configure one match with a mode of AlwaysMatch and a...

Page 103: ...of the matches configured within them It is possible to configure a single zone with up to five PatternMatch matches each with the same Priority and with an identical Pattern String to be matched but...

Page 104: ...d Authentication mode on When Authentication mode is set to On on the VCS all endpoints and neighbors are required to authenticate with it before calls will be accepted If a call is received from an u...

Page 105: ...e is already in place If this is the case on the Call Policy configuration page VCS configuration Call Policy Configuration you will have the option to Delete uploaded file Doing so will delete the ex...

Page 106: ...er to take a backup copy of the Call Policy or if Call Policy has been configured using the Call Policy rules page you may want to take a copy of this CPL file to use as a starting point for a more ad...

Page 107: ...articular system e g a VCS Expressway If you do not wish to use DNS as part of URI dialing within your network then no special configuration is required Endpoints will register with an alias in the fo...

Page 108: ...ill still forward the call to this zone and the call will therefore fail For this reason we recommend that this setting is left as the default Off If the Include address record setting for the DNS zon...

Page 109: ...ether if no NAPTR SIP or SRV SIP and H 323 records have been found for the dialed alias via this zone the VCS will then query for A and AAAA DNS records before moving on to query lower priority zones...

Page 110: ...g used Name is the domain in the URI that the VCS is hosting e g example com Port is the IP port on the VCS that has been configured to listen for that particular service and protocol combination Targ...

Page 111: ...register with the VCS using an address in the format of a URI an appropriate transform should be written to convert URIs into the format used by the H 323 registrations An example would be a deployme...

Page 112: ...g ENUM you must configure at least one ENUM zone and configure at least one DNS Server This is described in the section Configuring ENUM Dialing for outgoing calls Incoming Calls To enable endpoints i...

Page 113: ...will trigger the VCS to attempt to locate the endpoint through ENUM As and when each ENUM zone configured on the VCS is queried the E 164 number is transformed into an ENUM domain as follows the digit...

Page 114: ...records for endpoints that callers in your enterprise might wish to dial Once these ENUM zones have been created you can filter the queries that are sent to each as follows configure a match that has...

Page 115: ...R 10 100 u E2U h323 h323 1 example com would be interpreted as follows 10 is the order 100 is the preference u is the flag E2U h323 states that this record is for an H 323 URI h323 1 example com descr...

Page 116: ...at IP address the VCS will pass the call to that neighbor for completion Off The VCS will not attempt to place the call either directly or to any of its neighbors If the IP address either belongs to a...

Page 117: ...o to the Calls page VCS configuration Calls To configure this setting from the CLI xConfiguration Call Routed Mod e The options for this setting are Always The VCS will always handle the call signalin...

Page 118: ...n a VCS will ever have the same Call Serial Number A single call passing between two or more VCSs will be identified by a different Call Serial Number on each system Call Tag Call Tags are used to tra...

Page 119: ...l to be disconnected there is a risk that in the meantime the call has already been disconnected and the call ID assigned to a new call For this reason the VCS also allows you to reference the call us...

Page 120: ...e pages allow you to control the bandwidth that is used for calls within your local zone as well as calls out to other zones Bandwidth control TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE...

Page 121: ...nt of bandwidth used by endpoints on your network This is done by grouping endpoints into subzones and then applying limits to the bandwidth that can be used within each subzone between a subzone and...

Page 122: ...the control of bandwidth used by traversal calls All traversal calls are deemed to pass through the Traversal Subzone so by applying bandwidth limitations to the Traversal Subzone you can control how...

Page 123: ...Up to 4 further subnets can be configured once the subzone has been created by using the Edit subzone page Bandwidth See Applying bandwidth limitations to subzones for a description of these fields Co...

Page 124: ...pes if you want to configure the bandwidth available between one specific subzone and another specific subzone or zone If your bandwidth configuration is such that multiple types of bandwidth restrict...

Page 125: ...wish to apply bandwidth limitations to this link select the pipe s to be applied For more information see Applying pipes to links Default links About default links If a subzone has no links configured...

Page 126: ...to the Pipes page Select New You will be taken to the Create pipe page xCommand PipeAd d Editing an existing pipe To configure details of a pipe VCS configuration Bandwidth Pipes You will be taken to...

Page 127: ...h options for calls in and out of that site Example In the diagram opposite Pipe A has been applied to two links the link between the Default Subzone and the Home Office subzone and the link between t...

Page 128: ...ll get one of the following messages depending on the message that initiated the search Exceeds Call Capacity Gatekeeper Resources Unavailable About the default call bandwidth To configure the default...

Page 129: ...ces is represented as a separate subzone on the VCS with bandwidth configured according to local policy The enterprise s leased line connection to the Internet and the DSL connections to the remote of...

Page 130: ...ion The VCS Expressway has subzones configured for the Home Office and Branch Office These are linked to the VCS Expressway s Traversal Subzone with pipes placed on each link All calls from the VCS Ex...

Page 131: ...to configure the additional firewall traversal server functions of a VCS Expressway including STUN services Firewall traversal TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introduction Get...

Page 132: ...ed in a different way Likewise each VCS client must have one traversal client zone configured on it for each server that it is connecting to The ports and protocols configured for each pair of client...

Page 133: ...Edit Authentication Username Password link in the Edit zone page for an existing traversal client zone On the VCS Expressway create a traversal server zone this represents the incoming connection from...

Page 134: ...the range of ports it uses for outgoing connections the firewall administrator may need to know this information so that if necessary they can configure the firewall to allow outgoing connections fro...

Page 135: ...multiplex media port range For connections to the VCS Expressway using the Assent protocol the default ports are Call signaling UDP 1719 listening port for RAS messages TCP 2776 listening port for H 2...

Page 136: ...it zone in the Configuration section There must also be an entry in the VCS Expressway s authentication database with the corresponding client username and password VCS Control or VCS Expressway If Au...

Page 137: ...ely for each IP address Firewall traversal and Dual Network Interfaces In order for Expressway firewall traversal to function correctly the firewall must be configured to allow initial outbound traffi...

Page 138: ...er You do this by adding a new traversal client zone on the VCS client and configuring it with the details of the traversal server To add a new traversal client zone VCS configuration Zones You will b...

Page 139: ...rsal server zones see the section Configuring traversal server zones Adding and configuring a traversal server zone Configuring traversal for endpoints Overview Traversal enabled H 323 endpoints can r...

Page 140: ...ault ports should be used However you have the option to change these ports if necessary Configuration To configure the VCS Expressway ports VCS configuration Expressway Ports You will be taken to the...

Page 141: ...tion about the allocated NAT binding i e the public IP address and the ports being used The client can then provide this information to other systems which may want to reach it allowing it to be found...

Page 142: ...urchase the appropriate option key in order to use each of these applications They are Conference Factory Presence service s OCS Rela y FindMe User Policy TANDBERG VIDEO COMMUNICATIONS SERVER ADMINIST...

Page 143: ...and configured using the Conference Factory page Applications Conference Factory Mode The Mode option allows you to enable or disable the Conference Factory application Alias The alias that will be d...

Page 144: ...for managing the presence information for all presentities in the SIP domain s for which the VCS is authoritative refer to the SIP Domains section for more information The Presence Server can manage t...

Page 145: ...d this information is more accurate Where presence information is provided by the PUA and two or more other sources the Presence Server will aggregate the presence information from all presentities to...

Page 146: ...s SIP routing rules SIP routes are configured using the CLI only See xConfiguration SIP Routes Route 1 20 for details Disabled If the local Presence Server is disabled the VCS will proxy on all PUBLI...

Page 147: ...whether they are registered locally or to a remote server Note FindMe users will not be listed here as a FindMe entity cannot subscribe to presence information However one or more of the endpoints th...

Page 148: ...he domain to be used must already be configured on the VCS VCS configuration Protocols SIP Domains You can then select the domain from the drop down menu OCS Relay routing prefix To create a connectio...

Page 149: ...as not been enabled or the alias is not present in the User Policy Manager the VCS will continue to search for the alias in the usual manner i e first locally and then sending the request out to neigh...

Page 150: ...y The options are Mode Determines whether or not User Policy will be enabled and if so the location of the User Policy Manager Off User Policy is not enabled Local User Policy is enabled and the VCS s...

Page 151: ...pplications FindMe User accounts You will be taken to the User accounts page Click on the user account whose information you wish to view 2 You will be taken to the Edit user account page This page sh...

Page 152: ...Once this has been done you can log in to your account using a web interface and configure it with details of the device s on which you want to be contacted when a call is first placed to your FindMe...

Page 153: ...evice s that will ring when your FindMe name is first dialed If more than one device is listed here they will all ring at the same time Busy Devices For an individual list all the device s that will r...

Page 154: ...nd restore backups create a system snapshot view incidents and configure incident reporting use built in tools to check patterns and locate aliase s view a list of all ports used by the VC S restart t...

Page 155: ...sulting output to a file using cut and paste or some 3 other means provided by your terminal emulator To restore your configuration Remove the 1 c from in front of each command Paste this information...

Page 156: ...ll show the message Software successfully upgraded You will now need to restart the VCS in order for the new version to take effect Restarting will cause all current calls to terminate and all current...

Page 157: ...ssword for the default admin administrator account will revert to the default of TANDBERG Clustering After downgrading from X4 to a version prior to X3 peers in a cluster will no longer share informat...

Page 158: ...l licence depending on the Call routed mode setting Registrations the number of concurrent registrations allowed on the VCS An endpoint can register with more than one alias and this will be considere...

Page 159: ...sted CA certificate The Select the file containing trusted CA certificates field allows you to upload a PEM file that identifies the list of Certificate Authorities trusted by the VCS The VCS will onl...

Page 160: ...ce Administrators Administrator accounts and then click New or View Edit If Enforce strict passwords is set to On all subsequently configured administrator passwords and root passwords must contain at...

Page 161: ...process but you will be allowed to continue Backups should not be used to copy configuration between VCSs Overview Creating a backup of your VCS configuration To create a backup of the VCS s current c...

Page 162: ...used for diagnostic purposes It is a file that can be sent to your TANDBERG support representative at their request to assist them in troubleshooting issues you may be experiencing To create a system...

Page 163: ...and any other information that either alone or in combination with other data could provide information specific to a particular person PLEASE BE SURE THAT PRIVACY PROTECTED PERSONAL DATA IS NOT SENT...

Page 164: ...DBERG customer support Maintenance Incident Reporting Configuration You will be taken to the Incident Reporting Configuration page xConfiguration Error Report s The options are Incident reports sendin...

Page 165: ...Policy that were applied and if found the zone in which the alias was located This tool is useful when diagnosing dial plan and network deployment issues To use this tool Alias Enter the alias you wis...

Page 166: ...our firewall must allow inbound traffic to the IP port on the VCS from the source of the inbound communications and return traffic from that same VCS IP port back out to the source of the inbound comm...

Page 167: ...e Check the number of calls and registrations currently in place 2 Click 3 Restart system The Restarting page will appear with an orange bar indicating progress Restarting using the CLI Once the syste...

Page 168: ...longer be able to access the system over IP It also deletes all option keys including pre installed options such as Expressway and the number of calls xCommand DefaultValuesSet Level 3 also deletes a...

Page 169: ...blank ExternalManager Path tms public external management SystemManagementService asmx ExternalManager Protocol HTTP ExternalManager Server Certificate Verification Mode On IPProtocol IPv4 IP DNS Dom...

Page 170: ...ppendices Applications Maintenance Restoring default configuration Configuration item Default value after xCommand DefaultValuesSet Level 3 SNMP SystemContact blank SNMP SystemLocation blank SystemUni...

Page 171: ...nterface you will see placeholder characters e g dots or stars depending on your browser instead of the characters you are typing Command line interface CLI When entering passwords using the command l...

Page 172: ...ontrol Firewall traversal Appendices Applications Maintenance This section includes the following appendices which provide supplementary information regarding the administration of the VCS CPL referen...

Page 173: ...cpl extensions xmlns xsi http www w3 org 2001 XMLSchema instance xsi schemaLocation urn ietf params xml ns cpl cpl xsd taa routed address switch field destination address is reception example com pro...

Page 174: ...om the SETUP The From and ReplyTo fields of the incoming message The source aliases from the original LRQ or ARQ that started the call If a SETUP is received without a preceding RAS message then the o...

Page 175: ...host For URI aliases this selects the domain name part If the alias is an IP address then this subfield is the complete address in dotted decimal form tel For E 164 numbers this selects the entire str...

Page 176: ...n com H 323 ID or an E 164 number priority 0 0 1 0 random Specified either as a floating point number in the range 0 0 to 1 0 or random which assigns a random number within the same range 1 0 is the h...

Page 177: ...origin not present Reject call with a status code of 403 Forbidden reject status 403 reason Denied by policy not present address switch taa routed cpl CPL examples Call screening based on alias In th...

Page 178: ...act using example com retry the request with example net taa location clear yes regex example com replace 1 example net proxy taa location failure proxy address address switch taa routed cpl CPL examp...

Page 179: ...resent reject status 403 reason Only local endpoints can use this Tandberg VCS not present address switch taa routed cpl CPL examples Block calls from Default Zone and Default Subzone The same script...

Page 180: ...ma instance xsi schemaLocation urn ietf params xml ns cpl cpl xsd taa routed address switch field destination address regex 9 address switch field originating zone Calls coming from the traversal zone...

Page 181: ...VCS allows multiple failure outputs to be specified within a single proxy node This allows a script to redirect the call to different locations e g different recorded messages based on the exact reas...

Page 182: ...ving the first character in the range followed by the character and then the last character in the range You can not use special characters within the they will be taken literally a z will match again...

Page 183: ...red on the VCS not applicable ipv4 xConfiguration Ethernet 1 IP V4 Address xConfiguration Ethernet 2 IP V4 Address Matches the IPv4 addresses currently configured on the VCS for LAN 1 and LAN 2 not ap...

Page 184: ...o replicate FindMe data if the VCS is part of a cluster with FindMe enabled 22 TCP inbound not configurable Telnet Used for unencrypted command line administration 23 TCP inbound not configurable HTTP...

Page 185: ...n the VCS Expressway for STUN discovery services 3478 UDP inbound 1024 65534 VCS configuration Expressway STUN xConfiguration Traversal Server STUN Discovery Port STUN relay Used on the VCS Expressway...

Page 186: ...Traversal media port range For traversal calls i e where the VCS is taking the media as well as the signaling the range of ports to be used for the media Ports are allocated from this range in pairs t...

Page 187: ...omain into which you wish to insert the record service _ name is the name of the service you re adding Priority is the priority as defined by RFC 2782 3 Weight is the weight as defined by RFC 2782 3 P...

Page 188: ...esent endpoints on the network H 350 1 Directory services architecture for H 323 An LDAP schema to represent H 323 endpoints H 350 2 Directory services architecture for H 235 An LDAP schema to represe...

Page 189: ...reate the organizational hierarchy Open up the Active Directory 1 Users and Computers MMC snap in Under your BaseDN right click and select 2 New Organizational Unit Create an Organizational unit calle...

Page 190: ...Linux platform For installations on other platforms the location of the OpenLDAP configuration files may be different See the OpenLDAP installation documentation for details Installing the H 350 schem...

Page 191: ...n the H 350 objects dn ou h350 dc my domain dc com objectClass organizationalUnit ou h350 Add the ldif file to the server using the command 2 slapadd l ldif _ file This organizational unit will form t...

Page 192: ...ements type xConfiguration element sub element to return all current configuration for that group of sub elements To obtain information about using each of the xConfiguration commands type xConfigurat...

Page 193: ...be accessed via SSH and SCP Note You must restart the system for any changes to take effect Default On Example xConfiguration Administration SSH Mode On Administration Telnet Mode On Off Determines w...

Page 194: ...ote this alias must route to the MCU as a fully qualified SIP alias Example Applications ConferenceFactory Template 563 example com Applications External Status 1 10 Filename S 0 255 XML file containi...

Page 195: ...n ExpireDelta 120 Applications Presence Server Subscription ExpireDelta 30 7200 Specifies the maximum time in seconds within which a subscriber must refresh its subscription Default 300 Example xConfi...

Page 196: ...be registered both with the aliases which it has presented and with those configured in the LDAP repository Default LDAP Example xConfiguration Authentication LDAP AliasOrigin LDAP Authentication LDAP...

Page 197: ...nspeed Total Mode On Off Determines whether or not the VCS will attempt to downspeed a call if there is insufficient total bandwidth available to fulfill the request On the VCS will attempt to place t...

Page 198: ...Bandwidth Total Limit 1 100000000 If this pipe has limited bandwidth sets the maximum bandwidth in kbps available at any one time on the pipe Default 500000 Example xConfiguration Bandwidth Pipe 1 Ban...

Page 199: ...ere the IP address or domain name of the VCS has been given but no callee alias has been specified Example xConfiguration Call Services Fallback Alias reception example com Error Reports Mode On Off D...

Page 200: ...figure the speed Note You must restart the system for any changes to take effect Default Auto Example xConfiguration Ethernet 1 Speed Auto ExternalManager Address S 0 128 Sets the IP address or Fully...

Page 201: ...mple xConfiguration H323 Gatekeeper CallSignaling TCP Port 1720 H323 Gatekeeper CallTimeToLive 60 65534 Specifies the interval in seconds at which the VCS polls the endpoints in a call to verify that...

Page 202: ...ateway but only if at least one of the endpoints is locally registered On the VCS will act as SIP H 323 gateway regardless of whether the endpoints are locally registered Default RegisteredOnly Exampl...

Page 203: ...e 1 Gateway 192 168 0 0 IP Route 1 50 Interface Auto LAN1 LAN2 Specifies the LAN interface to use for this route Auto The VCS will select the most appropriate interface to use Default Auto Example xCo...

Page 204: ...ser distinguished name to be used when binding to the LDAP server Example xConfiguration LDAP UserDN user123 Log Level 1 4 Controls the granularity of Event Logging 1 is the least verbose 4 the most N...

Page 205: ...ess userpolicy server example com Policy UserPolicy Server Password S 0 82 Specifies the password used by the VCS to log in and query the remote User Policy Manager The maximum plaintext length is 30...

Page 206: ...r must be matched exactly Exact the string must match the alias character for character Prefix the string must appear at the beginning of the alias Suffix the string must appear at the end of the alia...

Page 207: ...ions should be handled Off Registration requests will not be proxied ProxyToKnownOnly Registration requests will be proxied to neighbors only ProxyToAny Registration requests will be proxied in accord...

Page 208: ...next hop for this route to which matching SIP requests will be routed Default 5060 Note this command is intended for developer use only Example xConfiguration SIP Routes Route 1 Port 22400 SIP Routes...

Page 209: ...le xConfiguration SIP TCP Outbound Port Start 25000 SIP TCP Port 1024 65534 Specifies the listening port for incoming SIP TCP calls Default 5060 Example xConfiguration SIP TCP Port 5060 SIP TLS Mode O...

Page 210: ...istrator user who can login to the VCS web interface The access determines whether the user can access the VCS and if so whether they can change the configuration or just view it Default ReadWrite Exa...

Page 211: ...le xConfiguration TimeZone Name GMT Transform 1 100 Pattern Behavior Strip Replace Determines how the matched part of the alias will be modified Strip the matching prefix or suffix will removed from t...

Page 212: ...edia as well as the signaling specifies the lower port in the range to be used for the media Ports are allocated from this range in pairs the first of each being even Therefore the range must start wi...

Page 213: ...ower port in the range to be used for STUN media relay Default 60000 Example xConfiguration Traversal Server STUN Relay Media Port Start 60000 Traversal Server STUN Relay Mode On Off Determines whethe...

Page 214: ...t Subzone applies only if Mode is set to Limited Default 500000 Example xConfiguration Zones LocalZone DefaultSubZone Bandwidth Total Limit 500000 Zones LocalZone DefaultSubZone Bandwidth Total Mode L...

Page 215: ...gular expression Default Prefix Example xConfiguration Zones LocalZone Match 1 Pattern Type suffix Zones LocalZone Match 1 5 Priority 1 65534 Determines the order in which the zone will be sent a sear...

Page 216: ...an be made to from or within this subzone Default Unlimited Example xConfiguration Zones LocalZone SubZone 1 Bandwidth Total Mode Limited Zones LocalZone SubZone 1 100 Name S 1 50 Assigns a name to th...

Page 217: ...a TCP probe to the VCS once a call is established in order to keep the firewall s NAT bindings open Default 20 Example xConfiguration Zones LocalZone Traversal H323 TCPProbe KeepAliveInterval 20 Zone...

Page 218: ...ted Example xConfiguration Zones LocalZone TraversalSubZone Bandwidth PerCall Mode Limited Zones LocalZone TraversalSubZone Bandwidth Total Limit 1 100000000 Specifies the total bandwidth in kbps allo...

Page 219: ...g SIP Video DefaultCodec None H261 H263 H263p H263pp H264 Specifies which video codec to use when empty INVITEs are not allowed Default H263 Example xConfiguration Zones Zone 1 DNS Interworking SIP Vi...

Page 220: ...a Microsoft Office Communications Server 2007 server Default Default Example xConfiguration Zones Zone 1 DNS ZoneProfile Default Zones Zone 1 200 ENUM DNSSuffix S 0 128 Specifies the DNS zone to be a...

Page 221: ...ample com Zones Zone 1 200 Match 1 5 Pattern String S 0 60 Applies only if the Match mode is Pattern Match Specifies the pattern against which the alias is compared Example xConfiguration Zones Zone 2...

Page 222: ...ghbor Interworking SIP EmptyInviteAllowed On Zones Zone 1 200 Neighbor Interworking SIP Search Strategy Options Info Determines how the VCS will search for SIP endpoints when interworking an H 323 cal...

Page 223: ...e media is always taken for calls to and from this neighbor It will be forwarded as signaled in the SDP received from this neighbor Latching The media is always taken for calls to and from this neighb...

Page 224: ...y without being forwarded to the zone Default Off Example xConfiguration Zones Zone 3 Neighbor SIP SearchAutoResponse Off Zones Zone 1 200 Neighbor SIP Transport UDP TCP TLS Determines which transport...

Page 225: ...0 192 168 1 Zones Zone 1 200 TraversalClient RetryInterval 1 65534 Specifies the interval in seconds with which a failed attempt to establish a connection to the traversal server should be retried Def...

Page 226: ...calls to and from the traversal client Note the same protocol must be set on the client for calls to and from this traversal server Default Assent Example xConfiguration Zones Zone 5 TraversalServer H...

Page 227: ...the firewall s NAT bindings open Default 20 Example xConfiguration Zones Zone 5 TraversalServer UDPProbe KeepAliveInterval 20 Zones Zone 1 200 TraversalServer UDPProbe RetryCount 1 65534 Sets the numb...

Page 228: ...mation about using each of the xCommand commands from within the CLI type xCommand or xCommand to return all current xCommand commands available on the VCS type xCommand to return all current xCommand...

Page 229: ...me guest Password password123 Access readonly AdminAccountDelete Deletes an administrator account AdminAccountId r 1 15 The index of the administrator account to be deleted Example xCommand AdminAccou...

Page 230: ...ersal CheckPattern A diagnostic tool that allows you to check the result of an alias transform local or zone before you configure it on the system Note that this command does not change any existing s...

Page 231: ...at level has the same effect as setting level 1 Level 3 resets all level 1 and 2 parameters as well as additional parameters See the section Restoring default configuration for full details Example xC...

Page 232: ...ct as a SIP Registrar and Presence Server for this domain and will accept registration requests for any SIP endpoints attempting to register with an alias that includes this domain Example xCommand Do...

Page 233: ...nt in XML format to the specified URL Up to 15 Expressions may be registered for each of 3 feedback IDs ID 1 3 The ID of this particular feedback request URL r S 1 256 The URL to which notifications a...

Page 234: ...to match that of the cluster master PeerId 1 6 The index of the cluster Peer to be updated Example xCommand ForceConfigUpdate PeerId 1 LinkAdd Adds and configures a new link LinkName r S 1 50 Assigns...

Page 235: ...mand e g xFeedback register event locate Alias r S 1 60 The alias associated with the endpoint you wish to locate HopCount r 0 255 The hop count to be used in the search Protocol r H323 SIP The protoc...

Page 236: ...00000000 If this pipe has limited bandwidth sets the maximum bandwidth in kbps available at any one time on the pipe Default 500000 PerCallMode Unlimited Limited NoBandwidth Determines whether or not...

Page 237: ...junction with the Prefix Length to determine the network to which this route applies Default 32 PrefixLength r 1 128 Specifies the number of bits of the IP address which must match when determining th...

Page 238: ...ests along route if incoming message has been authenticated Off always forward messages that match this route Default Off Address r S 0 39 Specifies the IP address of the next hop for this route where...

Page 239: ...ubzone applies only if Mode is set to Limited Default 500000 PerCallInterMode Unlimited Limited NoBandwidth Determines whether there is a limit on the bandwidth for any one call to or from an endpoint...

Page 240: ...as Replace the matching part of the alias will be substituted with the text in the Replace string Default Strip Replace S 0 60 Applies only if pattern behavior is set to Replace Specifies the string t...

Page 241: ...e specified zone in relation to the Local VCS Neighbor the new zone will be a neighbor of the Local VCS TraversalClient there is a firewall between the zones and the Local VCS is a traversal client of...

Page 242: ...us element returns information about one or more sub elements The following pages list all the xStatus commands currently available on the VCS and the information that is returned by each To obtain in...

Page 243: ...mmand reference xStatus Alternates Peer 1 6 Hidden for Peer n when Peer n is self Status Active Failed Unknown Cause Visible if status is Failed No response from gatekeeper DNS resolution failed Inval...

Page 244: ...traversal Appendices Applications Maintenance Command reference xStatus Subscriptions Subscribers Count 0 n Max 0 n Subscriber 1 2500 URI S 1 255 Subscription Count 1 100 Count 1 2500 Max 1 2500 Expir...

Page 245: ...ubscription successful Subscription error response Failed Notification received Active Registration State Registered Not Registered Presence OCS Machine State Offline Available Undefined User State Un...

Page 246: ...23Id Value S 1 60 SIP visible if Protocol SIP Address IPv4Addr IPv6Addr 1 65534 Transport UDP TCP TLS undefined Aliases Alias 1 50 Type URL Value S 1 60 EncryptionType None DES AES 128 CheckCode S 1 6...

Page 247: ...Command reference xStatus Bandwidth Requested 0 100000000 kbps Allocated 0 100000000 kbps Route Zone Link S 1 50 Node name 0 150 entries Media visible if MediaRouted True Channels Channel 1 n Type AU...

Page 248: ...se from external manager Failed to register to external manager DNS resolution failed Address IPv4Addr IPv6Addr Protocol HTTP URL S 0 255 Feedback 1 3 Status On Off URL S 1 255 Expression S 1 127 0 15...

Page 249: ...us Active Address IPv6Addr 1 2 entries IP Protocol IPv4 IPv6 Both IPv4 Gateway IPv4Addr IPv6 Gateway IPv6Addr DNS Server 1 5 Address IPv4Addr IPv6Addr Domain S 0 128 LDAP Status Inactive Initializing...

Page 250: ...mand reference xStatus Links Link 1 100 Name S 1 50 Link name Bandwidth LocalUsage 0 100000000 ClusterUsage 0 100000000 Calls Call 0 900 0 900 entries CallSerialNumber S 1 255 Loggers Logger 1 6 Modul...

Page 251: ...usterUsage 0 100000000 Calls Call 0 900 0 900 entries CallID S 1 255 Registrations Registration 1 3750 Protocol H323 SIP Node S 1 50 Node name SerialNumber S 1 255 CreationTime Date Time Duration Time...

Page 252: ...ntenance Command reference xStatus Aliases Alias 1 50 Type E164 H323Id URL Email GW Prefix MCU Prefix Prefix Suffix IPAddress Origin Endpoint LDAP Combined Value S 1 60 Traversal Assent H46018 Visible...

Page 253: ...Bandwidth control Firewall traversal Appendices Applications Maintenance Command reference xStatus SIP Ethernet 1 2 IPv4 UDP Status Active Inactive Failed Address IPv4Addr TCP Status Active Inactive...

Page 254: ...tatus STUN Servers Discovery Status Active Inactive Address IPv4Addr IPv6Addr Relay Status Active Inactive Address IPv4Addr IPv6Addr Allocations Count 0 800 Relay 1 800 Client IPv4Addr IPv6Addr RelayA...

Page 255: ...d reference xStatus Configuration NonTraversalCalls 0 500 TraversalCalls 0 100 Registrations 0 2500 Expressway True False Encryption True False Interworking True False UserPolicy True False DeviceProv...

Page 256: ...ClusterUsage 0 100000000 Calls Section visible only if there are calls Call 0 900 0 900 entries CallId S 1 255 LocalZone DefaultSubZone Name DefaultSubZone Bandwidth LocalUsage 0 100000000 ClusterUsag...

Page 257: ...ly if there are calls Call 0 900 0 900 entries CallId S 1 255 SubZone 0 100 Name S 1 50 Node name Bandwidth LocalUsage 0 100000000 ClusterUsage 0 100000000 Registrations 0 3750 entries Section visible...

Page 258: ...us Unknown Active Failed Cause Visible if Status is Failed No response from gatekeeper DNS resolution failed Invalid IP address Address IPv4Addr IPv6Addr One Address line per address from DNS lookup P...

Page 259: ...ence xStatus TraversalServer Visible if Type is TraversalServer SIP Port Active Inactive H323 Port Active Inactive Peer 1 6 H323 Visible if H323 Mode On for Zone Status Active Address IPv4Addr IPv6Add...

Page 260: ...aining Relay Addresses from Simple Traversal Underneath NAT STUN http tools ietf org html draft ietf behave turn 03 13 RFC 4787 Network Address Translation NAT Behavioral Requirements for Unicast UDP...

Page 261: ...ine interface A text based user interface used to access the VCS Cluster A collection of between two and six VCSs that have been configured to work together as a single Local Zone in order to provide...

Page 262: ...oints gateways and MCUs managed by a single gatekeeper H 323 A standard that defines the protocols used for packet based multimedia communications systems HTTP Hypertext Transfer Protocol A protocol u...

Page 263: ...ications server providing the infrastructure to allow instant messaging presence audio video conferencing and web conferencing functionality Microsoft Office Communications MOC client The client appli...

Page 264: ...requests into the location service for the domain it handles This information is used to advise other SIP Proxies Registrars where to send calls for that endpoint Regex Regular expression A pattern u...

Page 265: ...zone A zone on a VCS Expressway that has been used to configure a connection to a particular traversal client Traversal Subzone A conceptual subzone through which all traversal calls are deemed to pa...

Page 266: ...1212 Avenue of the Americas 24th Floor New York NY 10036 Telephone 1 212 692 6500 Fax 1 212 692 6501 Video 1 212 692 6535 Email tandberg tandberg com TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATO...

Reviews: