manualshive.com logo in svg

TANDBERG Security Camera, Administrator'S Manual

Introducing the Sanyo Security Camera, a reliable surveillance solution designed to safeguard your property. Capture crystal-clear footage with ease using this advanced system. Ensure seamless installation and effortless usage with our comprehensive Instruction Manual, available for free download exclusively at manualshive.com. Experience peace of mind knowing your security needs are covered.

Share
Download

Summary of Contents for Security Camera

Page 1: ...ion Server ADMINISTRATOR GUIDE Version X2 1 May 2008 Introduction Getting Started Overview and Status System Configuration VCS Configuration Zones and Neighbors Call Processing Bandwidth Control Firew...

Page 2: ...g the IP Status Page 28 Resource Usage 29 Viewing the Resource Usage Page 29 Understanding the Resource Usage Page 29 Registrations 30 Viewing the Registrations Page 30 Understanding the Registrations...

Page 3: ...7 About Remote Logging 57 Enabling Remote Logging 57 Log Levels 58 About Event Log Levels 58 Setting the Event Log Level 58 VCS Configuration H 323 60 H 323 Overview 60 About H 323 on the VCS 60 Using...

Page 4: ...Structured Dial Plan 90 Hierarchical Dial Plan 90 Call Processing Introduction 92 Call Processing Diagram 92 Search Process 92 Dialing by Address Types 93 About the Different Address Types 93 Dialing...

Page 5: ...Configuration 119 URI Dialing and Firewall Traversal 119 Recommended Configuration 119 ENUM Dialing 120 Overview 120 Process 120 Enabling ENUM Dialing 120 ENUM Dialing for Outgoing Calls 121 Prerequi...

Page 6: ...a Firewall Traversal Server 146 Quick Guide to VCS Traversal Client Server Configuration 147 Overview 147 VCS Control Client 147 VCS Expressway Server 147 Firewall Traversal Protocols and Ports 148 O...

Page 7: ...eening Based on Alias 176 Call Screening Based on Domain 177 Change of Domain Name 177 Allow Calls from Locally Registered Endpoints Only 178 Block Calls from Default Zone and Default Subzone 178 Rest...

Page 8: ...Organizational Hierarchy 187 Add the H 350 Objects 187 Securing with TLS 187 OpenLDAP 188 Prerequisites 188 Installing the H 350 Schemas 188 Adding H 350 Objects 189 Create the Organizational Hierarc...

Page 9: ...rg com collateral documentation User_Manuals TANDBERG VCS EULA pdf and http www tandberg com collateral documentation User_Manuals TANDBERG VCS Copyrights pdf IMPORTANT USE OF THIS PRODUCT IS SUBJECT...

Page 10: ...o connect mains power or any other power source before consulting service personnel The plug connecting the power cord to the product power supply serves as the main disconnect device for this equipme...

Page 11: ...ropriate take back systems in your area Those systems will reuse or recycle most of the materials of your end of life equipment in a sound way TANDBERG products put on the market after August 2005 are...

Page 12: ...ation Zones and Neighbors Call Processing Bandwidth Control Firewall Traversal Maintenance Appendices Environmental Issues 12 TANDBERG CONTENT SERVER USER GUIDE Table of Contents What s New in this Ve...

Page 13: ...des internal video control and administration for all SIP and H 323 devices It is normally deployed within your wide area network with endpoints that are behind the same firewalls or NAT devices The V...

Page 14: ...one VCS or be neighbored with other systems such as VCSs Border Controllers gatekeepers and SIP proxies Supports up to 5 Alternate VCSs for redundancy purposes Optional endpoint authentication Control...

Page 15: ...eb interface are shown in the format Menu Submenu followed by the Name of the page that you will be taken to In most cases a screenshot of the page will be shown adjacent with callouts describing each...

Page 16: ...dministrator settings and describes how to access it via either the Command Line Interface CLI or the web interface Getting Started TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introductio...

Page 17: ...umidity Do not place heavy objects directly on top of the VCS Do not place hot objects directly on top or directly beneath the VCS Use a grounded AC power outlet for the VCS Connecting the Cables Powe...

Page 18: ...ure the following The system name of the VCS This is used by the TANDBERG Management Suite TMS to identify the system See About the System Name for more information Automatic discovery If you have mul...

Page 19: ...gain to produce the cursor Use the up down keys to move left and right between the digits of the number When you reach a digit you wish to change press ENTER Use UP DOWN to increase or decrease the di...

Page 20: ...er the 1 instructions in steps 1 and 2 of Initial Configuration via Serial Cable Reboot the VCS 2 Login from the PC with the username 3 pwrec No password is required You will be prompted for a new pas...

Page 21: ...s of the system the FQDN of the system Select 2 Administrator Login Enter the Username 3 admin and your system password and select Login You will be presented with the Overview page Supported Browsers...

Page 22: ...ck on the Information icon or click inside a field This box gives you information about the particular field including where applicable the valid ranges and default value To close the information box...

Page 23: ...such as calls and registrations See the Command Reference Appendix for a full description of commands available on the VCS How Command are Shown in this Guide In this Guide instructions for performing...

Page 24: ...the web interface These pages provide information on the current status and configuration of the VCS Overview and Status TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introduction Getting S...

Page 25: ...e version The version of software that is currently installed on the VCS IPv4 address The VCS s IPv4 address es Viewing the Overview Page Understanding the Overview Page Options The maximum number of...

Page 26: ...ERG VCS Software release The version of software that is currently installed on the VCS Software build The build number of this software version Software options All the extra features installed on th...

Page 27: ...tion key has been installed this will show the ethernet speed for both the LAN1 port and the LAN2 port MAC address The MAC address of the VCS s ethernet device If the Dual Network Interfaces option ke...

Page 28: ...en two endpoints or devices communicating via IPv4 It will communicate with other systems via IPv4 only IPv6 The VCS will only accept registrations from endpoints using an IPv6 address and will only t...

Page 29: ...started Non traversal calls Current The number of non traversal calls going through the VCS at this moment Max peak The highest number of concurrent non traversal calls handled by the VCS since it was...

Page 30: ...time at which the registration was accepted If an NTP server has not been configured this will say Time not set IP Address For H 323 devices this is the RAS address For SIP UAs it is the Contact addre...

Page 31: ...ist of registrations enter one or more characters in the Filter field and select Filter Only those registrations that contain in any of the displayed fields the string you entered will be shown To ret...

Page 32: ...l details of this call Filter To limit the list of calls enter one or more characters in the Filter field and select Filter Only those calls that contain in any of the displayed fields the characters...

Page 33: ...call Actions Click View to go to the Call Details page which lists full details of this call Filter To limit the list of calls enter one or more characters in the Filter field and select Filter Only...

Page 34: ...lter To limit the list of calls enter one or more characters in the Filter field and select Filter Only those calls that contain in any of the displayed fields the characters you entered will be shown...

Page 35: ...the configuration page for that subzone To configure the subzone click on the subzone name Bandwidth Used The total amount of bandwidth used by all calls passing through each subzone Calls The number...

Page 36: ...her zones that you have created To view the Zones page Status Zones Viewing the Zones Page Name The names of each zone currently configured on this VCS Type The type of zone See About Zones for a full...

Page 37: ...Links status page gives you an overview of all the links currently configured on your VCS along with the number of calls and the bandwidth being used by each link To view the Links status page Status...

Page 38: ...tly traversing each pipe Viewing the Pipes Page The Pipes page provides a list of all the pipes currently configured on your VCS along with the number of calls and the bandwidth being used by each pip...

Page 39: ...requesting client address and port and the corresponding VCS address and port To view the STUN Relays page Status STUN RElays Expiry Time The date and time at which the STUN Relay will become inactiv...

Page 40: ...hange has taken place on the VCS that requires some manual Administrator intervention such as a reboot When there are warnings in place on the VCS a warning icon will appear at the top right of the pa...

Page 41: ...Most tvcs events contain hyperlinks in one or more of the fields You can click on the hyperlink to show only those events that contain the same text string For example clicking on the text that appear...

Page 42: ...the log message This will be tvcs for all messages originating from TANDBERG VCS processes but will differ for messages from third party processes which are used in the VCS product message _ details...

Page 43: ...ge Auth Whether call attempt has been authenticated successfully Method SIP method INVITE BYE UPDATE REGISTER SUBSCRIBE etc Contact Contact header from REGISTER AOR Address of record Call Id The Call...

Page 44: ...r H 323 message Eventlog Cleared An operator cleared the event log External Server Communication Failure Communication with an external server failed unexpectedly The event detail data should differen...

Page 45: ...cting zones Operator forced removal Operator forced removal all registrations removed Registration Requested A registration has been requested System Shutdown The operating system was shutdown System...

Page 46: ...esponse has been sent All Level 1 and Level 2 events plus Event Description Keepalive Registration Accepted A keepalive RRQ requesting that an existing H 323 registration is refreshed has been accepte...

Page 47: ...n relation to the network in which it is located for example its IP settings and the external services used by the VCS e g DNS NTP and SNMP System Configuration TANDBERG VIDEO COMMUNICATIONS SERVER AD...

Page 48: ...S can be accessed via SSH and SCP About Administrator Access settings While it is possible to administer the TANDBERG VCS via a PC connected directly to the unit via a serial cable you may wish to acc...

Page 49: ...settings between the VCS and ethernet switch will at best result in packet loss at worst it will make the system inaccessible for endpoints and system administrators Ethernet speed Sets the speed of...

Page 50: ...refore require a traversal call licence Some endpoints support both IPv4 and IPv6 however an endpoint can use only one protocol when registering with the VCS Which protocol it uses will be determined...

Page 51: ...es the LAN 2 port on the VCS for both management and call signaling This allows you to have a secondary IP address for your VCS This configuration is intended for high security deployments where the V...

Page 52: ...d when resolving domain names Domain name Specifies the name to be appended to an unqualified server address before a query to the DNS server is executed Configuration Overview About DNS Servers You m...

Page 53: ...e The NTP server provides the VCS with UTC time You can also determine the local time to be used on your system by configuring the Time Zone This takes the UTC time and offsets it by the number of hou...

Page 54: ...following up on queries By default SNMP is Enabled with a SNMP community name of public Note the VCS does not support SNMP traps or SNMP sets therefore it cannot be managed via SNMP To configure the V...

Page 55: ...anager use the default path of tms public external management SystemManagementService asmx To configure the VCS s External Manager settings System Configuration External Manager You will be taken to t...

Page 56: ...ome other means provided by your 3 terminal emulator To restore your configuration Remove the 1 c from in front of each command Paste this information back in to the command line interface 2 Backing u...

Page 57: ...Click here to save your changes About Logging The VCS provides an event logging facility for troubleshooting and auditing purposes The event log records information about such things as calls registr...

Page 58: ...ages sent and received H 323 LDAP etc excluding noisy messages such as H 460 18 keepalives and H 245 video fast updates Level 3 Protocol Verbose Protocol keepalives are suppressed at Level 2 At loggin...

Page 59: ...of H 323 and SIP and the configuration options available on the VCS for each of these protocols how to configure the VCS to act as a SIP to H 323 gateway how to restrict registrations using Allow List...

Page 60: ...e endpoint to verify that it is still functioning The system will poll endpoints in a call regardless of whether the call type is traversal or non traversal H 323 Endpoint Registration Auto Discover T...

Page 61: ...ster an alias currently registered from another IP address Reject denies the registration Overwrite deletes the original registration and replaces it with the new registration The default is Reject Re...

Page 62: ...is depends on the SIP Registration Proxy Mode setting as follows Off the VCS will not proxy any registration requests The request will be rejected with a 403 Forbidden message Proxy to Known Only the...

Page 63: ...e VCS adds a Path header component to the request which signals that the VCS must be included on any call to that endpoint The information is usually required in situations where firewalls exist and t...

Page 64: ...rsal clients and traversal servers Proxy to any Registration requests and invite requests will always be proxied UDP mode Determines whether or not incoming SIP calls using the UDP protocol will be al...

Page 65: ...in the Name field and click Create Domain The new domain will be added and you will be returned to the Domains page To edit the name of an existing domain click View Edit You will be taken to the Edit...

Page 66: ...ill be taken to the Interworking page xConfiguration Interworking Mod e H 323 SIP interworking mode Determines whether or not the VCS will act as a gateway between SIP and H 323 calls Off the VCS will...

Page 67: ...e to the VCS when registering The VCS will then know to route all calls that begin with that prefix to the gateway MCU or Content Server as appropriate These prefixes can also be used to control regis...

Page 68: ...address or FQDN of the Registrar with which they wish to register and the endpoint will attempt to register with that Registrar only The VCS is a SIP Server for endpoints in its local zone and can als...

Page 69: ...ation usernames passwords and other relevant information is stored This database may be located either locally on the VCS or on an LDAP Directory Server The VCS looks up the endpoint s username in the...

Page 70: ...nally traversal clients must always successfully authenticate with traversal servers before they can connect The username and password that your VCS provides when authenticating with other systems is...

Page 71: ...lias but none are listed in the LDAP database it will not be allowed to register If no aliases are presented by the endpoint it will be registered with all the aliases listed in the LDAP database for...

Page 72: ...sented by the endpoint will be ignored Endpoint The aliases presented by the endpoint will be used any in the LDAP database will be ignored Combined The endpoint will be registered both with the alias...

Page 73: ...ntial to add the new entry to the Local Database and return to the Credentials page Save Saves the changes you have made Delete Removes the entry from the Local Database and returns you to the Credent...

Page 74: ...registered from another IP address Reject The registration from the new IP address will be rejected This is useful if your priority is to prevent two users registering with the same alias Overwrite T...

Page 75: ...Likewise if the Registration Restriction policy is set to AllowList only one of the endpoint s aliases needs to match a pattern on the Allow list for it to be allowed to register using all its aliases...

Page 76: ...return to the Registration Allow List page Type Select the way in which the Pattern must match the alias for the registration to be allowed Options are Exact the alias must match the Pattern exactly P...

Page 77: ...changes to an existing entry You will be taken to the Edit Deny Pattern page Delete Select Delete to remove the registration from the list Pattern Edit the pattern Type Edit the type You can sort the...

Page 78: ...systems including other VCSs Gatekeepers Border Controllers or SIP devices via the use of zones You can also configure up to 5 Alternates for resiliency This section includes an overview on all the d...

Page 79: ...network This section will give you an overview of the different parts of the video communications network and the ways in which they can be connected This information should allow you to configure yo...

Page 80: ...d outbound portions of a call A single traversal call can therefore take up to 20 ports The default range for the ports to be used for media is 50000 51119 UDP but these can be changed to anywhere bet...

Page 81: ...S Expressway must have a special type of two way neighbor relationship with each traversal client To do this you create a traversal server zone on your local VCS Expressway and configure it with the d...

Page 82: ...ured with the Default Zone and default links between it and both the Default Subzone and the Traversal Subzone The purpose of the Default Zone is to allow you to manage incoming calls from unrecognize...

Page 83: ...it Zone page xConfiguration Zones Zone 1 200 The sections that follow describe the configuration options available for each zone type Adding Zones Name Enter the name you wish to give to this zone The...

Page 84: ...information This field specifies the hop count to be used when sending an alias search request to this particular zone Name Assigns a name to the zone The name acts as a unique identifier allowing you...

Page 85: ...used for H 323 calls from the local VCS SIP transport Determines which transport type will be used for SIP calls to and from the neighbor zone Configuring Neighbor Zones SIP mode Determines whether S...

Page 86: ...r FQDN of the traversal server Alternate 1 to Alternate 5 address Specifies the IP addresses or FQDNs of any alternates configured on the traversal server H 323 mode Determines whether H 323 calls wil...

Page 87: ...l Assent or H 460 18 to be used to traverse the firewall NAT See Firewall Traversal Protocols for more information H 460 19 demultiplexing Mode Determines whether or not the same two ports will be use...

Page 88: ...med E 164 number to create an ENUM domain for which this zone is queried Configuring ENUM Zones Configuring DNS Zones SIP mode Determines whether SIP records will be looked up for this zone H 323 mode...

Page 89: ...ve to save your changes Configuring Alternates Alternates are not used to increase the capacity of your network they are to provide redundancy To increase capacity add one or more additional VCSs to y...

Page 90: ...ative deployment would use a structured dial plan whereby endpoints are assigned an alias based on the system they are registering with If you are using E 164 aliases each VCS would be assigned an are...

Page 91: ...estination endpoint how to apply transforms to the address that was dialed before searching on the local VCS and before sending the search request out to neighboring zones how to use Administrator Pol...

Page 92: ...one transforms Administrator Policy and User Policy If the alias is found by one of the neighbor zones the call will 8 be placed to that zone Call Processing Diagram One of the functions of the VCS is...

Page 93: ...sing its IP address The presence of a firewall may disrupt the call Instead place the call to the VCS to which the destination endpoint is registered as described in Calls from an Unregistered Endpoin...

Page 94: ...op count assigned When the request is subsequently forwarded on to a neighbor zone the lower of the two values i e the original hop count or the hop count configured for that zone will be used For H 3...

Page 95: ...ironment This means that when Authentication Mode is On and you configure policy based on the source alias it will only apply to authenticated sources The VCS determines whether or not an endpoint is...

Page 96: ...olicy AdministratorPolicy Mode Administrator Policy Mode On Administrator Policy is enabled If a CPL script has been uploaded this policy will be used Otherwise the policy configured via the Administr...

Page 97: ...more line items from the list check the box to the left of the item and then click Delete Add New Click to add the new item to the Policy A new row with empty fields for you to complete will appear Ca...

Page 98: ...was uploaded if Administrator Policy has been configured using the web interface this will show you the CPL version of the policy if Administrator Policy is On but a policy has not been configured thi...

Page 99: ...aliases according to configuration for that FindMe alias If User Policy has not been enabled or the alias is not present in the User Policy Manager the VCS will continue to search for the alias in th...

Page 100: ...Remote User Policy is enabled and a User Policy Manager located on another system is used If you select this option further configuration options will appear see below Configuring User Policy Manager...

Page 101: ...d The password to be used along with the Username when logging into this account Users will be able to change the password for their account once they have logged in FindMe name The FindMe name on whi...

Page 102: ...page New password Type the new password to be used along with the Username when logging into this account Cancel Click here to return to the User Accounts page without changing the password Confirm pa...

Page 103: ...Maintenance Appendices User Policy FindMe Managing FindMe User Accounts Deleting a User Account To delete a FindMe user account VCS Configuration Policy User Accounts You will be taken to the User Ac...

Page 104: ...as been done you can log in to your account via a web interface and configure it with details of the device s on which you want to be contacted when a call is first placed to your FindMe name if any o...

Page 105: ...will ring when your FindMe name is first dialled If more than one device is listed here they will all ring at the same time Busy Devices For an individual list all the device s that will ring immedia...

Page 106: ...ng against which an alias is compared and the changes to make to the alias if it matches that string Once the alias has been transformed in this way it remains changed and all further processing is ap...

Page 107: ...which the alias is compared Priority Assigns a priority to this transform Transforms are applied in order of priority and the priority must be unique for each transform Pattern behavior Determines how...

Page 108: ...match specify the way in which the alias will be transformed All searches sent to the zone that match the specified pattern will then be transformed and the zone will be queried using the new alias Ab...

Page 109: ...lias will be modified Options are Leave the alias will not be modified Strip the matching prefix or suffix will be removed from the alias Replace the matching part of the alias will be substituted wit...

Page 110: ...if and when the zone will be queried and whether any transforms will be applied Some example configurations are given here Examples Always Query a Zone Never Apply Transforms To configure the zone so...

Page 111: ...h requests sent to a zone so that it is only queried for aliases that match certain criteria For example assume all endpoints in your regional sales office are registered to their local VCS with a suf...

Page 112: ...Transformed Alias You may wish to query a zone for the original alias at the same time as you query it for a transformed alias To do this configure one match with a mode of AlwaysMatch and a second m...

Page 113: ...tches configured within them It is possible to configure a single zone with up to five PatternMatch matches each with the same Priority and with an identical Pattern String to be matched but each with...

Page 114: ...articular system e g a VCS Expressway When a system is attempting to locate a destination URI address using the DNS system the general process is as follows H323 The system will send a query via its D...

Page 115: ...dress was resolved successfully using an H 323 Location SRV 5 record i e for _ h323ls then the address returned is queried via an LRQ for the full URI address If the domain part of the URI address was...

Page 116: ...onfiguration Zones You will be taken to the Zones page Click New You will be taken to the Create Zone page Enter a Name for the zone and select a Type of DNS Click Create Zone You will be taken to the...

Page 117: ...ing calls using URI dialing to endpoints that are not registered to the local VCS or one of its neighbors you must configure at least one DNS server for the VCS to query For resilience you can specify...

Page 118: ...ured via VCS Configuration Protocols H 323 as the Registration UDP port Call SRV Records Call SRV records and A AAAA records are intended primarily for use by endpoints which cannot participate in a l...

Page 119: ...ation Recommended Configuration If URI dialing is being used in conjunction with firewall traversal DNS zones and DNS Servers should be configured on the VCS Expressway and any VCSs on the public netw...

Page 120: ...calls for instructions on how to do this Overview The VCS supports outward ENUM dialing by allowing you to configure ENUM zones on the VCS When an ENUM zone is queried this triggers the VCS to transfo...

Page 121: ...he zones that contain a match is an 5 ENUM zone this will trigger the VCS to attempt to locate the endpoint through ENUM As and when each ENUM zone configured on the VCS is queried the E 164 number is...

Page 122: ...trigger an ENUM lookup Example For example you want to enable ENUM dialing from your network to a remote office in the UK where the endpoints E 164 numbers start with 44 You would configure an ENUM zo...

Page 123: ...gure at least one ENUM zone for each DNS suffix that your endpoints may use Normal zone pattern matching and prioritization rules will apply to ENUM zones Name Assigns a name to this zone Type For ENU...

Page 124: ...VCS will query when attempting to locate a domain In order for endpoints registered to the VCS to make outgoing calls using ENUM dialing you must configure at least one DNS server for the VCS to quer...

Page 125: ...uite of documents that define the ENUM standard specifies that the domain for ENUM where the NAPTR records should be located for public ENUM deployments is e164 arpa However use of this domain require...

Page 126: ...sary to place a call to or receive a call from an unregistered endpoint Calls to an Unregistered Endpoint Recommended Configuration for Firewall Traversal When the VCS Expressway is neighbored with an...

Page 127: ...onfigure your Fallback Alias to be that of your receptionist so that all calls that do not specify an alias will still be answered personally and can then be redirected appropriately For example Examp...

Page 128: ...1 the next call will be assigned an ID of 2 If call 1 is then disconnected the third call to be made will be assigned an ID of 1 The call ID number is not therefore a unique identifier while no two ca...

Page 129: ...rence the call using the longer but unique call serial number Disconnecting a Call via the CLI The call disconnection API works differently for H 323 and SIP calls due to differences in the way the pr...

Page 130: ...These pages allow you to control the bandwidth that is used for calls within your local zone as well as calls out to other zones Bandwidth Control TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GU...

Page 131: ...onnections The TANDBERG VCS allows you to control the amount of bandwidth used by endpoints on your network This is done by grouping endpoints into subzones and then applying limits to the bandwidth t...

Page 132: ...IP address is checked and it is assigned to the appropriate subzone If no subzones have been created or the endpoint s IP address does not match any of the configured subzones it will be assigned to...

Page 133: ...een configured Prefix length Enter the number of bits of the Subnet IP Address which must match for an IP address to belong in this subzone Create Subzone Click here to create the subzone and return t...

Page 134: ...esses that will belong to the first subnet in this subzone Subnet 2 5 Use these fields to define up to 4 further subnets for this Subzone Save Click here to save your changes Bandwidth See Applying Ba...

Page 135: ...u want to configure the bandwidth available between one specific subzone and another specific subzone or zone If your bandwidth configuration is such that multiple types of bandwidth restrictions are...

Page 136: ...ible your VCS will perform the bandwidth calculations using the one with the fewest links Creating Links Name Enter the name you wish to assign to this link Node 1 Node 2 Select the names of the two s...

Page 137: ...ames of the two subzones or the subzone and zone between which you wish to create a link Pipe 1 Pipe 2 If you wish to apply bandwidth limitations to this link select the pipe s to be applied For more...

Page 138: ...ll succeed and what bandwidth will be allocated to it using the command xCommand CheckBandwidth Pre Configured Links The VCS is shipped with the Default Subzone Traversal Subzone and Default Zone alre...

Page 139: ...the name you wish to give to this pipe You will refer to this name when creating links Create Pipe Click here to create the pipe and return to the Pipes page About Pipes To create a pipe VCS Configur...

Page 140: ...his name when creating links Save Click here to save the changes Bandwidth restriction Determines whether there is a limit on the total concurrent bandwidth of this pipe Unlimited no limitations are i...

Page 141: ...for calls in and out of that site Example In the diagram opposite Pipe A has been applied to two links the link between the Default Subzone and the Home Office subzone and the link between the Defaul...

Page 142: ...on users will get one of the following messages depending on the message that initiated the search Exceeds Call Capacity Gatekeeper Resources Unavailable About the Default Call Bandwidth The default c...

Page 143: ...presented as a separate subzone on the VCS with bandwidth configured according to local policy The enterprise s leased line connection to the Internet and the DSL connections to the remote offices are...

Page 144: ...ressway has subzones configured for the Home Office and Branch Office These are linked to the VCS Expressway s Traversal Subzone with pipes placed on each link All calls from the VCS Expressway to the...

Page 145: ...how to configure the additional firewall traversal server functions of a VCS Expressway including STUN services Firewall Traversal TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introduction...

Page 146: ...and STUN relay services to endpoints with STUN clients These features are enabled as follows In order for the VCS Expressway to act as a firewall traversal server for TANDBERG systems you must create...

Page 147: ...entication Username Password link in the Edit Zone page for an existing Traversal Client Zone On the VCS Expressway create a Traversal Server Zone this represents the incoming connection from the VCS...

Page 148: ...and they then must then configure their systems to connect to these specific ports on the server The only port configuration that is done on the client is the range of ports it uses for outgoing conne...

Page 149: ...d H 245 protocols Media UDP 2776 RTP media port UDP 2777 RTCP media control port Ports for Initial Connections from Traversal Clients Assent Ports H 460 18 19 Ports SIP Ports In situations where the V...

Page 150: ...ection There must also be an entry in the VCS Expressway s authentication database with the corresponding client username and password VCS Control or VCS Expressway If Authentication is On on the Bord...

Page 151: ...ed on the VCS including those relating to firewall traversal will apply to both IP addresses it is not possible to configure these ports separately for each IP address Firewall Traversal and Dual Netw...

Page 152: ...ier allowing you to distinguish between zones of the same type Type From the Type drop down menu select TraversalClient Create Zone Click here to create the zone You will be taken directly to the Edit...

Page 153: ...r calls to the traversal server SIP mode Determines whether SIP calls will be allowed to and from this zone SIP port Specifies the port on the traversal server to be used for SIP calls from this VCS S...

Page 154: ...oints i e TANDBERG MXP endpoints and any other endpoints that support the ITU H 460 18 and H 460 19 standards registered directly with it You can configure the protocols and ports that will be used En...

Page 155: ...calls to and from the traversal client Client authentication username If the traversal client is a VCS this must be the VCS s Authentication Username You must also add the client s Authentication use...

Page 156: ...ts On allows use of the same two ports for all calls Off Each call will use a separate pair of ports for media H 323 preference If an endpoint supports both Assent and H 460 18 protocols this setting...

Page 157: ...es the default ports should be used However you have the option to change these ports if necessary Media demultiplexing RTP port Specifies the port on the VCS to be used for demultiplexing RTP media M...

Page 158: ...n back to the client about the binding allocated by the NAT firewall being traversed How it works A client behind a NAT firewall sends a STUN discovery request via the firewall to the VCS Expressway w...

Page 159: ...xConfiguration Traversal Server STUN STUN Services STUN discovery mode Determines whether the VCS will offer STUN Discovery services to traversal clients Save Click here to save your changes STUN rel...

Page 160: ...elete Option Keys manage security certificates change and delete the Administrator password create a system snapshot restart the VCS shut down the VC S restore the system to its default setting s Main...

Page 161: ...figuration Save the resulting output to a file using cut and paste or 3 some other means provided by your terminal emulator To restore your configuration Remove the 1 c from in front of each command P...

Page 162: ...estart the system for the upgrade to take effect Select the software file Enter the path of the software image file or click Browse to locate it on the network System Information This section tells yo...

Page 163: ...endpoint in the call is locally registered will still be counted as one non traversal call Registrations the number of concurrent registrations allowed on the VCS An endpoint can register with more th...

Page 164: ...ng with a description of the options they provide Add option key Enter the 20 character Option Key that has been provided to you for the option you wish to add Add Option Click Add Option Adding Optio...

Page 165: ...P database using TLS encryption the certificate used by the LDAP database must be signed by a CA on this list Upload CA certificate Click here once you have selected the file to upload it Select the s...

Page 166: ...le We recommend that you choose a strong password particularly if administration over IP is enabled The maximum password length is 16 characters Both the username and password are case sensitive New p...

Page 167: ...Snapshot page Overview Create System Snapshot Clicking on this button will initiate the download of the system snapshot file You will then be asked whether and where you would like to save the file S...

Page 168: ...eceive a warning telling you the system needs to be restarted Restarting will cause any active calls and registrations to be terminated For this reason the Restart page displays the number of current...

Page 169: ...you wish to be able to restart it after it has been shut down Shutting down will cause any active calls and registrations to be terminated For this reason the Shutdown page displays the number of curr...

Page 170: ...le opposite Configuration item Default value after xCommand DefaultValuesSet Level 3 SystemUnit Name blank field SystemUnit Password TANDBERG Option 1 64 Key all option keys are deleted IPProtocol IPv...

Page 171: ...th Control Firewall Traversal Maintenance Appendices This section includes the following appendices which provide supplementary information regarding the administration of the VCS CPL Referenc e Regul...

Page 172: ...of the CPL language and should be read in conjunction with the CPL standard RFC 3880 5 and the TANDBERG guide to writing CPL 22 The VCS supports most of the CPL standard along with some TANDBERG defi...

Page 173: ...TUP The From and ReplyTo fields of the incoming message The source aliases from the original LRQ or ARQ that started the call If a SETUP is received without a preceding RAS message then the origin is...

Page 174: ...URI aliases this selects the domain name part If the alias is an IP address then this subfield is the complete address in dotted decimal form tel For E 164 numbers this selects the entire string of di...

Page 175: ...or an E 164 number priority 0 0 1 0 random Specified either as a floating point number in the range 0 0 to 1 0 or random which assigns a random number within the same range 1 0 is the highest priorit...

Page 176: ...ot present Reject call with a status code of 403 Forbidden reject status 403 reason Denied by policy not present address switch taa routed cpl CPL Examples Call Screening Based on Alias In this exampl...

Page 177: ...example com retry the request with example net taa location clear yes regex example com replace 1 example net proxy taa location failure proxy address address switch taa routed cpl CPL Examples Call...

Page 178: ...ject status 403 reason Only local endpoints can use this Tandberg VCS not present address switch taa routed cpl CPL Examples Block Calls from Default Zone and Default Subzone The same script can be ex...

Page 179: ...ce xsi schemaLocation urn ietf params xml ns cpl cpl xsd taa routed address switch field destination address regex 9 address switch field originating zone Calls coming from the traversal zone are not...

Page 180: ...character in the range You can not use special characters within the they will be taken literally a z will match against any lower case alphabetical character a zA Z will match against any alphabetic...

Page 181: ...thernet 2 IP V4 Address Matches the IPv4 addresses currently configured on the VCS for LAN 1 and LAN 2 not applicable ipv4 _ 1 xConfiguration Ethernet 1 IP V4 Address Matches all IPv4 address currentl...

Page 182: ...Logging used to send message to the remote syslog server 514 UDP not configurable Gatekeeper discovery Multicast Gatekeeper discovery 1718 UDP not configurable H323 Registration and Alternate communi...

Page 183: ...figuration SIP TCP Port SIP TLS listens for incoming SIP TLS calls 5061 TLS 1024 65534 VCS Configuration Protocols SIP Configuration xConfiguration SIP TLS Port Traversal Server Zone H323 Port the por...

Page 184: ...the range must start with an even number See Configuring the Traversal Subzone Ports for more information 50000 51199 UDP 1024 65533 VCS Configuration Local Zone Traversal Subzone xConfiguration Trave...

Page 185: ...SRV Record There are a range of tools available to investigate DNS records One commonly found on Microsoft Windows and UNIX platforms is nslookup Use this to verify that everything is working as expec...

Page 186: ...points on the network H 350 1 Directory services architecture for H 323 An LDAP schema to represent H 323 endpoints H 350 2 Directory services architecture for H 235 An LDAP schema to represent H 235...

Page 187: ...Organizational Hierarchy Open up the Active Directory 1 Users and Computers MMC snap in Under your BaseDN right click and select 2 New Organizational Unit Create an Organizational unit called 3 h350...

Page 188: ...tform For installations on other platforms the location of the OpenLDAP configuration files may be different See the OpenLDAP installation documentation for details Installing the H 350 Schemas Copy t...

Page 189: ...50 objects dn ou h350 dc my domain dc com objectClass organizationalUnit ou h350 Add the ldif file to the server using the command 2 slapadd l ldif _ file This organizational unit will form the BaseDN...

Page 190: ...return a list of all elements available under the xConfiguration command type xConfiguration element to return all available sub elements along with the valuespace and description and default values...

Page 191: ...must restart the system for any changes to take effect Default Off Example xConfiguration Administration Telnet Mode Off Administration TimeOut 0 10000 Sets the number of minutes that an administrati...

Page 192: ...cation LDAP BaseDN dc example dc company dc com Authentication Mode On Off Determines whether or not to enforce authentication for H 323 and SIP registrations Default Off Example xConfiguration Authen...

Page 193: ...or subzone to which this link will be applied Example xConfiguration Bandwidth Link 1 Node1 Name HQ Bandwidth Link 1 600 Node2 Name S 0 50 Specifies the second zone or subzone to which this link will...

Page 194: ...ts neighbors Direct Allows an endpoint to make a call to an unknown IP Address without the VCS querying any neighbors The call setup would occur just as it would if the far end were registered directl...

Page 195: ...full 100half 100full 1000full Sets the speed of the Ethernet link from the specified LAN port Use Auto to automatically configure the speed Note You must restart the system for any changes to take eff...

Page 196: ...imeToLive 120 H323 Gatekeeper Registration ConflictMode Reject Overwrite Determines how the system will behave if an endpoint attempts to register an alias currently registered from another IP Address...

Page 197: ...e RegisteredOnly IP DNS Domain Name S 0 128 Specifies the name to be appended to the host name before a query to the DNS server is executed Used only when attempting to resolve a domain name which is...

Page 198: ...e You must restart the system for any changes to take effect Default IPv4 Example xConfiguration IPProtocol IPv4 LDAP Encryption Off TLS Sets the encryption to be used for the connection to the LDAP s...

Page 199: ...software option These are added to the VCS in order to add extra functionality such as increasing the VCS s capacity Contact your TANDBERG representative for further information Example xConfiguratio...

Page 200: ...ple com Registration AllowList 1 2500 Pattern Type Exact Prefix Suffix Regex Specifies whether the entry in the Allow List is a prefix suffix regular expression or must be matched exactly Default Exac...

Page 201: ...eighbors only ProxyToAny Registration requests will be proxied in accordance with the VCS s existing call processing rules Default Off Example xConfiguration SIP Registration Proxy Mode Off SIP TCP Mo...

Page 202: ...Specifies the listening port for incoming SIP UDP calls Default 5060 Example xConfiguration SIP UDP Port 5060 SNMP CommunityName S 0 16 Sets the VCS s SNMP community name Default public Example xConfi...

Page 203: ...Pattern Replace string Example xConfiguration Transform 1 Pattern Behavior Replace Transform 1 100 Pattern Replace S 0 60 Applies only if pattern behavior is set to Replace Specifies the string to be...

Page 204: ...ignaling Default 2776 Example xConfiguration Traversal Server H323 Assent CallSignaling Port 2777 Traversal Server H323 H46018 CallSignaling Port 1024 65534 Specifies the port on the VCS to be used fo...

Page 205: ...Limit 1 100000000 Specifies the bandwidth limit in kbps for any one call to or from an endpoint in the Default Subzone applies only if Mode is set to Limited Default 1920 Example xConfiguration Zones...

Page 206: ...zone applies only if Mode is set to Limited Default 1920 Example xConfiguration Zones LocalZone SubZone 1 Bandwidth PerCall Inter Limit 1920 Zones LocalZone SubZone 1 100 Bandwidth PerCall Inter Mode...

Page 207: ...0 Example xConfiguration Zones LocalZone SubZone 1 Subnet 1 IP Address 192 168 0 0 Zones LocalZone SubZone 1 100 Subnet 1 5 IP PrefixLength 0 128 Specifies the number of bits of the Subnet IP Address...

Page 208: ...versal enabled endpoints registered directly with the VCS will attempt to send a TCP probe to the VCS Default 5 Example xConfiguration Zones LocalZone Traversal H323 TCPProbe RetryCount 5 Zones LocalZ...

Page 209: ...ifies the total bandwidth in kbps allowed for all traversal calls being handled by the VCS applies only if Mode is set to Limited Default 500000 Example xConfiguration Zones LocalZone TraversalSubZone...

Page 210: ...xt in the Replace string Default Leave Example xConfiguration Zones Zone 1 Match 1 Pattern Behavior Replace Zones Zone 1 200 Match 1 5 Pattern Replace S 0 60 Applies only if the Pattern Behavior is Re...

Page 211: ...f this neighbor Example xConfiguration Zones Zone 1 Neighbor Primary Address 192 168 8 1 Zones Zone 1 200 Neighbor SIP Port 1024 65534 Specifies the port on the neighbor to be used for SIP calls to an...

Page 212: ...ld be retried Default 120 Example xConfiguration Zones Zone 2 TraversalClient RetryInterval 120 Zones Zone 1 200 TraversalClient SIP Port 1024 65534 Specifies the port on the traversal server to be us...

Page 213: ...34 Specifies the port on the VCS being used for SIP firewall traversal from this traversal client Default 7001 incrementing by 1 for each new zone Example xConfiguration Zones Zone 3 TraversalServer S...

Page 214: ...r UDPProbe RetryInterval 1 65534 Sets the frequency in seconds with which the traversal client will send a UDP probe to the VCS Default 2 Example xConfiguration Zones Zone 3 TraversalServer UDPProbe R...

Page 215: ...or xCommand command to return all parameters for that command along with the valuespace and a description for each The valid value for this parameter is a string The minimum and maximum number of cha...

Page 216: ...ple xCommand boot CheckBandwidth A diagnostic tool that returns the status and route as a list of nodes and links that a call of the specified type and bandwidth would take between two nodes Note that...

Page 217: ...or replace Replace example com CredentialAdd Adds an entry to the local authentication database CredentialName r S 1 128 Defines the name for this entry in the local authentication database Credential...

Page 218: ...ion or must be matched exactly Example xCommand DenyListAdd PatternString sally jones example com PatternType exact DenyListDelete Deletes an entry from the Deny List DenyListId r 1 2500 The index of...

Page 219: ...tes a particular feedback request ID 1 3 The ID of the feedback request to be deactivated Example xCommand FeedbackDeregister ID 1 TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introduction...

Page 220: ...ilure Event RegistrationAdded Event RegistrationRemoved Event RegistrationFailure Event RegistrationChanged Event Bandwidth Event Locate Event ResourceUsage Event AuthenticationFailure Example xComman...

Page 221: ...e specified number of hops Results are reported back through the xFeedback mechanism which must therefore be activated before issuing this command e g xFeedback register event locate Alias r S 1 60 Th...

Page 222: ...vailable no calls can be made using this pipe PerCall 1 100000000 If this pipe has limited per call bandwidth sets the maximum amount of bandwidth in kbps available for any one call Example xCommand P...

Page 223: ...Subzone has a limit on the total bandwidth being used by its endpoints at any one time Total 1 100000000 Sets the total bandwidth limit in kbps of the Default Subzone applies only if Mode is set to L...

Page 224: ...nsforms are applied in order of priority and the priority must be unique for each transform Example xCommand TransformAdd Pattern example net Type suffix Behavior replace Replace example com Priority...

Page 225: ...ould be applied in a search for a given alias Note that this command does not change any existing system configuration Alias r S 1 60 The alias to be searched for Example xCommand ZoneList Alias john...

Page 226: ...rrent status of all status elements on the VCS type xStatus element to return the current status for that particular element and all its sub elements type xStatus element sub element to return the cur...

Page 227: ...TraversalCalls 0 100 Registrations 0 2500 Expressway True False Encryption True False Interworking True False UserPolicy True False DeviceProvisioning True False DualNetworkInterfaces True False Hardw...

Page 228: ...90 Description S 1 128 IP Protocol IPv4 IPv6 Both IPv4 Gateway IPv4Addr IPv6 Gateway IPv6Addr DNS Server 1 5 Address IPv4Addr IPv6Addr Domain S 0 128 TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATO...

Page 229: ...ailed to authenticate with LDAP server A valid CA certificate for the LDAP database has not been uploaded this is required for connections via TLS No server address configured Address IPv4Addr IPv6Add...

Page 230: ...ng StartTime Seconds since boot Date Time Duration Time in seconds precision in seconds Legs Leg 1 300 Protocol H323 SIP H323 visible if Protocol H323 CallSignalAddress IPv4Addr IPv6Addr 1 65534 Alias...

Page 231: ...tration ID 1 2500 SerialNumber S 1 255 Sessions Session 1 300 Status Unknown Searching Failed Cancelled Completed Active Connected MediaRouted True False Participants Leg 1 300 2 entries Bandwidth Req...

Page 232: ...es Address IPv4Addr IPv6Addr 1 65534 Apparent IPv4Addr IPv6Addr 1 65534 Prefix S 1 20 0 50 entries Aliases Alias 1 50 Type E164 H323Id URL Email GW Prefix MCU Prefix Prefix Suffix IPAddress Origin End...

Page 233: ...S 1 255 Calls Section visible only if there are calls Call 0 900 0 900 entries CallId S 1 255 TraversalSubZone Name TraversalSubZone Bandwidth Used 0 100000000 Calls Section visible only if there are...

Page 234: ...Unknown Active Failed Cause Visible if Status is Failed No response from system DNS resolution failed Invalid IP address Address IPv4Addr IPv6Addr One Address line per address from DNS lookup Port 1 6...

Page 235: ...rsalClient Primary H323 Visible if H323 Mode On for Zone Status Unknown Active Failed Cause Visible if Status is Failed No response from gatekeeper DNS resolution failed Invalid alias Authentication F...

Page 236: ...rom DNS lookup Port 1 65534 LastStatusChange Time not set Date Time TraversalServer Visible if Type is TraversalServer SIP Port Active Inactive H323 Port Active Inactive Primary H323 Visible if H323 M...

Page 237: ...s line per address from DNS lookup Port 1 65534 LastStatusChange Time not set Date Time Calls 0 900 entries Call 0 900 CallID S 1 255 Links Link 1 100 Name S 1 50 Link name Bandwidth Used 0 100000000...

Page 238: ...d Invalid IP address Address IPv4Addr IPv6Addr Port 1 65534 LastStatusChange Seconds since boot Date Time UserPolicyManager Mode Off Local Remote Status Active Inactive Unknown Visible if Remote Addre...

Page 239: ...aling Status Active Inactive Failed IPv4 Visible if Status Active Address IPv4Addr 1 2 entries IPv6 Visible if Status Active Address IPv6Addr 1 2 entries H46018 CallSignaling Status Active Inactive Fa...

Page 240: ...Pv6 UDP Status Active Inactive Failed Address IPv6Addr TCP Status Active Inactive Failed Address IPv6Addr TLS Status Active Inactive Failed Address IPv6Addr TANDBERG VIDEO COMMUNICATIONS SERVER ADMINI...

Page 241: ...800 Client IPv4Addr IPv6Addr RelayAddress IPv4Addr IPv6Addr CreationTime Date Time ExpireTime Date Time Warnings Warning 1 n Value S 1 255 TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Intr...

Page 242: ...2 257 3 10 RFC 3327 Session Initiation Protocol SIP Extension Header Field for Registering Non Adjacent Contacts http www ietf org rfc rfc3327 txt 11 Session Traversal Utilities for NAT STUN http www...

Page 243: ...g Defined by RFC 3880 5 DNS Domain Name System A distributed database linking domain names to IP addresses DNS zone On the VCS a zone used to configure access to endpoints located via a DNS lookup E 1...

Page 244: ...of the internet Interworking Allowing H 323 systems to connect to SIP systems IPv4 Internet Protocol version 4 Version 4 of the Internet Protocol defined in RFC 791 18 IPv6 Internet Protocol version...

Page 245: ...call once it is set up RAS Registration Admission and Status A protocol used between H 323 endpoints and a gatekeeper to register and place calls Registrar In SIP a server that accepts REGISTER reque...

Page 246: ...CS Control Traversal Server A traversal entity on the public side of a firewall Examples are the TANDBERG Border Controller and the TANDBERG VCS Expressway Traversal enabled endpoint Any endpoint that...

Page 247: ...enue of the Americas 24th Floor New York NY 10036 Telephone 1 212 692 6500 Fax 1 212 692 6501 Video 1 212 692 6535 E mail tandberg tandberg com TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE...

Reviews:

No comments

Related manuals for Security Camera

DAGE-MTI DC-200 User Manual preview
DC-200
Brand: DAGE-MTI Pages: 16
NA-DE 10550 Quick Start Manual preview
10550
Brand: NA-DE Pages: 7
Safety 1st Perfect Fit User Manual preview
Perfect Fit
Brand: Safety 1st Pages: 4
Q-See QSDR744KRTS Quick Installation Manual preview
QSDR744KRTS
Brand: Q-See Pages: 9
Okina WDEM-7680LPDN-IO User Manual preview
WDEM-7680LPDN-IO
Brand: Okina Pages: 36
ZKTeco PS-55B Series User Manual preview
PS-55B Series
Brand: ZKTeco Pages: 55
Weir SPM Flow Line Installation Manual preview
SPM Flow Line
Brand: Weir Pages: 42
Tracker BX811 User Manual preview
BX811
Brand: Tracker Pages: 18
LaView LV-PB784F2 User Manual preview
LV-PB784F2
Brand: LaView Pages: 26
Nice HSSOC Instructions And Installation For Use preview
HSSOC
Brand: Nice Pages: 12
Comelit 41CPE012 Installation Manual preview
41CPE012
Brand: Comelit Pages: 56
United Security Products AD-2000 Instructions Manual preview
AD-2000
Brand: United Security Products Pages: 16
Diginet DGEMSR360P1 User And Installation Manual preview
DGEMSR360P1
Brand: Diginet Pages: 16
DSE RE-TCC5E Owner'S Manual preview
RE-TCC5E
Brand: DSE Pages: 2
MetalTech I-CISGRJP Assembly Instructions Manual preview
I-CISGRJP
Brand: MetalTech Pages: 12
Hanna Mail Chime User Manual preview
Mail Chime
Brand: Hanna Pages: 4
360 Vision Predator Ultra Installation & Configuration Manual preview
Predator Ultra
Brand: 360 Vision Pages: 68
Swisscom TeleAlarm S12 User Manual preview
TeleAlarm S12
Brand: Swisscom Pages: 40

Brands by name

Popular brands

Load more brands