RADVision Scopia TIP Gateway Скачать руководство пользователя | Manualshive

Страница: 48 / 77

background image

You can configure your video network, whether it is a SCOPIA Solution or a third party
deployment, to support Transport Layer Security (TLS) for the SIP signaling protocol. If you
have the SCOPIA Management redundant solution, it is important to configure redundancy
before proceeding with TLS configuration. See the Administrator Guide for SCOPIA
Management for details.

Note

Using encryption is subject to local regulation. In some countries it is restricted or limited for
usage. For more information, consult your local reseller.

The TLS protocol is based on a public and private keys for authorization and encryption,
exchanged between SCOPIA Management and different components to allow an authenticated
and secure connection. Generating the CSR creates a pair of keys, public and private. The
public key is placed in a certificate and signed by a certification authority (CA).
As you configure your deployment for TLS, you need to generate a certificate signed request
for every component that uses TLS in your deployment and send it to your network
administrator for creating a CA signed certificate. A CA has its own certificate—the CA root
certificate. When the CA signed certificate is ready, you upload it into the component for
which it was created, together with the CA root certificate.
In some cases, when the CA signing the certificate is not a known trusted source, you must
obtain an additional certificate vouching for the trustworthiness of the CA. These certificates
are known as intermediary certificates, and must be signed by a trusted CA.
Some third-party components of your deployment may have pre-installed certificates.
Each time a TLS connection is established, a deployment component that starts the TLS
communication session requests another component to produce its signed certificate together
with the CA root certificate if not already available. After the second component verifies its
identity with these certificates, a secure connection can be established. Exchanging
certificates between components is part of the TLS protocol; it happens in the background
and is transparent to a user.
TLS is used to secure the connection between SCOPIA Management and the SCOPIA TIP
Gateway.

6

Securing Your Video Network Using TLS

RADVISION | Deployment Guide for SCOPIA TIP Gateway Version 8.0

Securing Your Video Network Using TLS | 43

«
...
46
47
48
49
50
...
»

Содержание Scopia TIP Gateway

Страница 1: ...Deployment Guide Version 8 0 For Solution 8 0 SCOPIA TIP Gateway...

Страница 2: ...ISION Ltd reserves the right to revise this publication and make changes without obligation to notify any person of such revisions or changes RADVISION Ltd may make improvements or changes in the prod...

Страница 3: ...etup Checking Site Suitability 8 Unpacking the Device 8 Inspecting for Damage 9 Verifying Rack Suitability 10 Choosing the Type of Rack 10 Making Space for the SCOPIA TIP Gateway 10 4 Setting up the S...

Страница 4: ...Gateway 27 Configuring TCP Port for Q 931 on the SCOPIA TIP Gateway 27 Configuring the SCOPIA TIP Gateway in SCOPIA Management 28 Adding a gateway in SCOPIA Management 28 Configuring the SCOPIA TIP Ga...

Страница 5: ...ploading Certificates for Other Devices 61 Enabling Encryption with SCOPIA TIP Gateway 63 Enabling the TLS Connection in SCOPIA Management 65 7 Performing Maintenance Procedures Upgrading the Software...

Страница 6: ...he endpoint screen With the TIP Gateway you see all the participants on the screens giving the full telepresence experience With a SCOPIA TIP Gateway deployed into your existing SCOPIA Solution Cisco...

Страница 7: ...small workgroup to an entire enterprise Unlimited scalability is achieved by simply stacking multiple gateways For more information on the TIP Gateway deployment see Planning your Topology for the TIP...

Страница 8: ...so Call capacity in this topic Supported audio codecs AAC LD G 722 G 722 1 G 711 A Law Law DTMF Translation In band to out of band translation Video support Video codec H 264 Video resolution 720p at...

Страница 9: ...te MCU for housing telepresence meetings with multiple endpoints both H 323 and SIP H 323 SIP endpoints CUCM Cisco Unified Communications Manager This is the central communication server for all Cisco...

Страница 10: ...lled the Cisco services or by the customer s network administrator Cisco Telepresence Systems can dial into a telepresence conference as follows By dialing directly into to the SCOPIA Elite MCU via SC...

Страница 11: ...r gateway and your other SCOPIA Solution products are deployed Table 2 1 Bidirectional Ports to Open on the SCOPIA TIP Gateway Port Range Protocol Destination Functionality Result of Blocking Port Req...

Страница 12: ...e Configuring RTP RTCP SRTP Ports on the SCOPIA TIP Gateway on page 26 16384 17280 RTP RTCP SRTP UDP UDP for any H 323 or SIP media connection Audio Enables real time delivery of audio media Cannot tr...

Страница 13: ...ents Ensure to make necessary changes in case you find that the site does not meet any of the requirements described in that section Unpacking the Device We strongly recommend that you follow safety g...

Страница 14: ...it out of the shipping box Step 7 Take the device out of the shipping box Step 8 Carefully open the additional boxes remove the packing material and remove the drives and other contents Note We recomm...

Страница 15: ...ard includes precise definitions of the shape of the holes their size the depth of the rack and other features For more information on the EIA 310 standard see http electronics ihs com collections eia...

Страница 16: ...on the rack which is at least 7 empty square holes in height on the rack posts The SCOPIA TIP Gateway takes up 3 holes 1U on the posts You need at least 2 additional holes to slide the device into th...

Страница 17: ...Figure 3 4 Width between inner sides of posts RADVISION Deployment Guide for SCOPIA TIP Gateway Version 8 0 Preparing the SCOPIA TIP Gateway Setup 12...

Страница 18: ...hecking the Accessories Required for Mounting page 14 Attaching Brackets to the SCOPIA TIP Gateway page 15 Marking the Location of the Device fixing Cage Nuts page 16 Removing the Cage Nut Screws page...

Страница 19: ...erify a hole is present 0 75 inches 2 cm above the shelf measured from the center of the hole Figure 4 1 Checking the location of the shelf in the rack Step 4 Ensure the shelf is positioned horizontal...

Страница 20: ...the rack s front posts Procedure Step 1 Position the device on a flat horizontal surface Make sure the device front panel faces toward you Step 2 Unscrew the two Phillips screws on either side of the...

Страница 21: ...eway front panel Marking the Location of the Device fixing Cage Nuts There is a pair of cage nuts one for each front facing rack post You need these cage nuts to fix the device brackets to the post Be...

Страница 22: ...ng the Cage Nut Screws The cage nuts are supplied with pre mounted screws Remove the screws and put them aside for later See Figure 4 6 on page 17 Figure 4 6 Removing the cage nut screw Mounting the D...

Страница 23: ...ount the device onto the rack Before mounting the device read the Safety Guidelines described in the Safety Guide Secure the device on the rack s posts to prevent it from moving around or falling Caut...

Страница 24: ...ring the SCOPIA TIP Gateway to the rack Connecting Cables to the Device Follow the safety guidelines described in the Safety Guide during this procedure and use the power and serial cables supplied wi...

Страница 25: ...to the network Before you begin Make sure you have these items Dedicated IP address for the device Dedicated subnet mask for the device IP address of the default router which the device uses to commu...

Страница 26: ...s any key to start configuration appears on the screen press a key and wait for the following message Main menu If you do not see this output contact customer support Step 7 Enter N at the prompt to c...

Страница 27: ...tting in the MCU whose default value is also 1Gbps You can change the default value from the MCU web administrator interface by navigating to Configuration Network Port Settings Verifying the SCOPIA T...

Страница 28: ...the CUCM Settings for SCOPIA Management page 23 2 Configuring Ports on the SCOPIA TIP Gateway page 25 3 Configuring the SCOPIA TIP Gateway in SCOPIA Management page 28 4 Configuring Cisco Telepresence...

Страница 29: ...t to receive the expected number of digits for a SCOPIA Elite MCU conference a Select the relevant route pattern in the Call Routing Route Hunt Route Pattern tab b In the Route Pattern Configuration p...

Страница 30: ...for H 245 signaling H 245 is a control protocol used for multimedia communications that enables transferring information about the device capabilities as well as opening closing the logical channels...

Страница 31: ...the SCOPIA Management administrator portal Step 2 Select Devices Step 3 Select Gateways in the sidebar menu Step 4 Select the relevant gateway from the Gateways list Step 5 Select the Configure tab s...

Страница 32: ...p 4 Select the relevant gateway from the Gateways list Step 5 Select the Configure tab see Figure 5 4 on page 25 Step 6 Select Advanced Parameters Settings The Advanced Parameters dialog box appears s...

Страница 33: ...rk in SCOPIA Management After you add a device SCOPIA Management connects to it and retrieves additional information You can then configure additional settings for your device such as managing your ba...

Страница 34: ...umber Figure 5 6 Adding a new gateway Table 5 1 Configuring your device s basic settings Field Name Description Name Enter the name used to identify the device This name will be displayed in the list...

Страница 35: ...n SCOPIA Management Since the SCOPIA Gateway does not have its own web interface its configuration is performed in SCOPIA Management SCOPIA Management and gateways communicate in XML over TCP for cont...

Страница 36: ...t Note Before selecting TLS you must generate the SCOPIA Management and SCOPIA Gateway certificates After you select that checkbox click Test Connection Registration Name The name of this SCOPIA Gatew...

Страница 37: ...SIP server Default SIP Domain The SIP domain of your organization NTP IP Address The IP address of a Network Time Protocol server which sets the time for the gateway s clock External NTP servers ensur...

Страница 38: ...ent page 34 Adding Cisco Telepresence Systems CTS in SCOPIA Management page 38 Adding the CUCM to SCOPIA Management To enable SCOPIA Management to operate with Cisco telepresence configure SCOPIA Mana...

Страница 39: ...eway allows to connect Cisco Telepresence Systems directly into a conference on the SCOPIA Elite MCU it also supports connecting these endpoints through the CTMS for organizations using this Cisco MCU...

Страница 40: ...Configuration screen Step 5 Configure the CTMS as described in this table Table 5 4 Configuring the CTMS Field Name Description Name Enter a name used to identify the CTMS This name is displayed in t...

Страница 41: ...8 You can modify these settings at any time by selecting the CTMS name link in the All endpoints list Step 9 If the CTMS used in your telepresence is defined in the LDAP server import the CTMS into SC...

Страница 42: ...to retrieve CTMS information from the relevant Cisco devices Note This number is configured only by the personnel that installed the Cisco services or by the customer s network administrator Procedure...

Страница 43: ...resence note the following restrictions and guidelines Telepresence endpoints cannot be associated with a specific user Telepresence endpoints cannot be set as VIP an important endpoint whose video re...

Страница 44: ...the Telepresence System from the SCOPIA Elite MCU Location Select the location of the telepresence system from the list Visible in the directory of other endpoints Select to display the telepresence s...

Страница 45: ...e MCU page 40 2 Defining Allowed Bandwidth in the MCU page 41 3 Selecting the MCU Presentation Resolution page 41 Enabling H 264 Presentation in SCOPIA Elite MCU To enable a participant to start or re...

Страница 46: ...rate Kbps Figure 5 14 Adjusting the bandwidth Step 7 Select Apply Selecting the MCU Presentation Resolution Configure the MCU to allow presentation and video clips to be shared with the Cisco telepres...

Страница 47: ...eo resolution Step 6 Enter the service number in the Parameter field Step 7 Select Apply RADVISION Deployment Guide for SCOPIA TIP Gateway Version 8 0 Configuring your SCOPIA Solution for Interoperabi...

Страница 48: ...ting a CA signed certificate A CA has its own certificate the CA root certificate When the CA signed certificate is ready you upload it into the component for which it was created together with the CA...

Страница 49: ...IA Management on page 53 5 Generate certificate signed requests CSR for other deployment components which is done via the device itself For details about generating CSRs for SCOPIA Solution products s...

Страница 50: ...rtificate which identifies the CA and is self signed by that CA When a device receives a certificate as part of TLS negotiations it must verify that the CA signing the certificate is trusted so it mus...

Страница 51: ...6 2 TLS connection using certificates signed by different CAs When each certificate is signed by a different CA Figure 6 2 on page 46 upload the following certificates to the SCOPIA Management A cert...

Страница 52: ...Certificate from Unknown CA When CA3 is untrusted Figure 6 3 on page 47 the certificates to upload to the SCOPIA Management are A certificate identifying SCOPIA Management signed by trusted CA1 This i...

Страница 53: ...upload to the SCOPIA Management are A certificate identifying SCOPIA Management signed by CA3 a CA unknown to the gateway This is sent to the gateway as part of the TLS negotiation An intermediate ce...

Страница 54: ...are from Untrusted CAs When CA3 is untrusted by the gateway and CA4 is untrusted by SCOPIA Management Figure 6 4 on page 48 the certificates to upload to the SCOPIA Management are A certificate ident...

Страница 55: ...enerate a certificate signing request for SCOPIA Management that must be signed by a CA using a certificate authority CA application Once properly signed the certificate would confirm the identity of...

Страница 56: ...y this certificate in the Name field Step 4 If necessary enter a description of the certificate in the Description field Step 5 Select Create The Generate CSR window appears RADVISION Deployment Guide...

Страница 57: ...ization Step 7 Select Generate CSR Step 8 Select Save to view the certificate content The certificate content is displayed in the Download window Step 9 Save the certificate in an appropriate folder T...

Страница 58: ...OPIA Solution and third party devices see Uploading Certificates for Other Devices on page 61 and Uploading Certificates for the TIP Gateway on page 58 Note Using encryption is subject to local regula...

Страница 59: ...ou have the signed certificate from the CA for SCOPIA Management see Generating the Certificate Signing Request for SCOPIA Management on page 50 for details on generating the CSR Procedure Step 1 Copy...

Страница 60: ...signed certificate d Select Open e Select Upload Verify that the upload success message is displayed The CA signed certificate is uploaded into SCOPIA Management Step 6 Select Apply Step 7 To finish a...

Страница 61: ...l certificates for SCOPIA Management including certificates signed by the CA to identify SCOPIA Management and root and intermediate certificates to identify the CA See Generating the Certificate Sign...

Страница 62: ...for the gateway Step 4 Select Create a new CSR The Save Certificate Request window opens displaying the certificate request RADVISION Deployment Guide for SCOPIA TIP Gateway Version 8 0 Securing Your...

Страница 63: ...ates identifying SCOPIA TIP Gateway continue with Uploading Certificates for the TIP Gateway on page 58 To upload certificates identifying other devices see the product s Administrator Guide for detai...

Страница 64: ...the root certificate for the certificate authority that your organization uses The CA root certificate must be compatible with the Base 64 ASCII code 2 Ensure that the certificates confirming the ide...

Страница 65: ...the second CA to verify it is trusted Select Upload under the CA intermediate section of the window to upload the intermediate s root certificate Step 9 Paste the content of the intermediate CA s root...

Страница 66: ...limited for usage For more information consult your local reseller Before you begin Ensure that you have the root certificate including all intermediate certificates for the certificate authority that...

Страница 67: ...ep 5 Select Add to browse each root and intermediate certificate required Figure 6 16 Importing certificates for other devices into SCOPIA Management Step 6 Select Upload RADVISION Deployment Guide fo...

Страница 68: ...63 Note Using encryption is subject to local regulation In some countries it is restricted or limited for usage For more information consult your local reseller Figure 6 17 Encryption in SCOPIA Manage...

Страница 69: ...and the SIP network select one of these settings for the Service Encryption field Table 6 1 Configuring the encryption Field Name Description Best effort When selected indicates the gateway supports...

Страница 70: ...nagement Perform this procedure only if you want to secure your video network using TLS Note Using encryption is subject to local regulation In some countries it is restricted or limited for usage For...

Страница 71: ...DNSServerList element as shown in Figure 6 20 on page 66 Figure 6 20 Adding the DNSServerList element Step 5 Save and close the file Step 6 Start the SCOPIA Management service and the SCOPIA Manageme...

Страница 72: ...rade to The next major version Upgrading a major version requires a new license This kind of upgrade changes one of the first two digits in a version number For example upgrading from version 8 0 to v...

Страница 73: ...ccess tab Enter a name and password for automatic login to the video device during the upgrade process We recommend using the same name across the deployment Procedure Step 1 Access the SCOPIA Managem...

Страница 74: ...upgrading too Step 9 Select Apply to save the upgrade file and its information in SCOPIA Management Step 10 If required enter license keys Step 11 Select Apply The system notifies that the video devi...

Страница 75: ...Search for an online network device as explained in Step 3 Select Devices Devices by Type Gateways Step 4 Select the network device whose software version you want to restore Step 5 Select Manage Res...

Страница 76: ...on page 69 To downgrade to a version earlier than the previous version see Upgrading the Software File of a Video Device on page 67 Changing the IP Address of your Gateway You may need to change the...

Страница 77: ...n video conferencing systems innovative converged mobile services and highly scalable video enabled desktop platforms on IP 3G and emerging next generation networks For more information about RADVISIO...

Отзывы:

Нет отзывов

Похожие инструкции для Scopia TIP Gateway

Бренд: Quintum Страницы: 4

Q gateway 5.5 direct

Бренд: QUNDIS Страницы: 80

Бренд: RTA Страницы: 72

Бренд: Pace Страницы: 2

Бренд: Nitgen Страницы: 66

Бренд: TANDBERG Страницы: 54

IZAR IoT GATEWAY Compact

Бренд: Diehl Страницы: 4

Бренд: Hirschmann Страницы: 44

RB924i-2nD-BT5&BG77

Бренд: MikroTik Страницы: 16

Бренд: ZyXEL Communications Страницы: 2

P-661HNU Series

Бренд: ZyXEL Communications Страницы: 2

Бренд: ZyXEL Communications Страницы: 361

Бренд: ZyXEL Communications Страницы: 206

Бренд: ZyXEL Communications Страницы: 466

Бренд: Planet Страницы: 8

Бренд: Planet Страницы: 16

Бренд: Planet Страницы: 16

Бренд: Planet Страницы: 131

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды