TANDBERG Security Camera страница 176 Скачать руководство пользователя | Manualshive

Страница: 176 / 247

background image

176

D14049.03
MAY 2008

Grey Headline

(continued)

TANDBERG

VIDEO COMMUNICATIONS SERVER

ADMINISTRATOR GUIDE

Getting Started

CPL Reference

Call Screening of Authenticated Users

In this example, only calls from users with authenticated source addresses are allowed.

See the section on

for details on how to enable authentication.

<?xml version="1.0" encoding="UTF-8" ?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl"
xmlns:taa="http://www.tandberg.net/cpl-extensions"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
<address-switch field="origin">
<not-present>

<reject status="403" reason="Denied by policy"/>
</not-present>
</address-switch>
</taa:routed>
</cpl>

CPL Examples

Call Screening Based on Alias

In this example, user

ceo

will only accept calls from users

vpsales

,

vpmarketing

or

vpengineering

.

<?xml version="1.0" encoding="UTF-8" ?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl"
xmlns:taa="http://www.tandberg.net/cpl-extensions"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
<address-switch field="destination">
<address is="ceo">
<address-switch field="origin">
<address regex="vpsales|vpmarketing|vpengineering">

<proxy/>
</address>
<not-present>


<reject status="403" reason="Denied by policy"/>
</not-present>
<otherwise>

<reject status="403" reason="Denied by policy"/>
</otherwise>
</address-switch>
</address>
</address-switch>
</taa:routed>
</cpl>

«
...
174
175
176
177
178
...
»

Содержание Security Camera

Страница 1: ...ion Server ADMINISTRATOR GUIDE Version X2 1 May 2008 Introduction Getting Started Overview and Status System Configuration VCS Configuration Zones and Neighbors Call Processing Bandwidth Control Firew...

Страница 2: ...g the IP Status Page 28 Resource Usage 29 Viewing the Resource Usage Page 29 Understanding the Resource Usage Page 29 Registrations 30 Viewing the Registrations Page 30 Understanding the Registrations...

Страница 3: ...7 About Remote Logging 57 Enabling Remote Logging 57 Log Levels 58 About Event Log Levels 58 Setting the Event Log Level 58 VCS Configuration H 323 60 H 323 Overview 60 About H 323 on the VCS 60 Using...

Страница 4: ...Structured Dial Plan 90 Hierarchical Dial Plan 90 Call Processing Introduction 92 Call Processing Diagram 92 Search Process 92 Dialing by Address Types 93 About the Different Address Types 93 Dialing...

Страница 5: ...Configuration 119 URI Dialing and Firewall Traversal 119 Recommended Configuration 119 ENUM Dialing 120 Overview 120 Process 120 Enabling ENUM Dialing 120 ENUM Dialing for Outgoing Calls 121 Prerequi...

Страница 6: ...a Firewall Traversal Server 146 Quick Guide to VCS Traversal Client Server Configuration 147 Overview 147 VCS Control Client 147 VCS Expressway Server 147 Firewall Traversal Protocols and Ports 148 O...

Страница 7: ...eening Based on Alias 176 Call Screening Based on Domain 177 Change of Domain Name 177 Allow Calls from Locally Registered Endpoints Only 178 Block Calls from Default Zone and Default Subzone 178 Rest...

Страница 8: ...Organizational Hierarchy 187 Add the H 350 Objects 187 Securing with TLS 187 OpenLDAP 188 Prerequisites 188 Installing the H 350 Schemas 188 Adding H 350 Objects 189 Create the Organizational Hierarc...

Страница 9: ...rg com collateral documentation User_Manuals TANDBERG VCS EULA pdf and http www tandberg com collateral documentation User_Manuals TANDBERG VCS Copyrights pdf IMPORTANT USE OF THIS PRODUCT IS SUBJECT...

Страница 10: ...o connect mains power or any other power source before consulting service personnel The plug connecting the power cord to the product power supply serves as the main disconnect device for this equipme...

Страница 11: ...ropriate take back systems in your area Those systems will reuse or recycle most of the materials of your end of life equipment in a sound way TANDBERG products put on the market after August 2005 are...

Страница 12: ...ation Zones and Neighbors Call Processing Bandwidth Control Firewall Traversal Maintenance Appendices Environmental Issues 12 TANDBERG CONTENT SERVER USER GUIDE Table of Contents What s New in this Ve...

Страница 13: ...des internal video control and administration for all SIP and H 323 devices It is normally deployed within your wide area network with endpoints that are behind the same firewalls or NAT devices The V...

Страница 14: ...one VCS or be neighbored with other systems such as VCSs Border Controllers gatekeepers and SIP proxies Supports up to 5 Alternate VCSs for redundancy purposes Optional endpoint authentication Control...

Страница 15: ...eb interface are shown in the format Menu Submenu followed by the Name of the page that you will be taken to In most cases a screenshot of the page will be shown adjacent with callouts describing each...

Страница 16: ...dministrator settings and describes how to access it via either the Command Line Interface CLI or the web interface Getting Started TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introductio...

Страница 17: ...umidity Do not place heavy objects directly on top of the VCS Do not place hot objects directly on top or directly beneath the VCS Use a grounded AC power outlet for the VCS Connecting the Cables Powe...

Страница 18: ...ure the following The system name of the VCS This is used by the TANDBERG Management Suite TMS to identify the system See About the System Name for more information Automatic discovery If you have mul...

Страница 19: ...gain to produce the cursor Use the up down keys to move left and right between the digits of the number When you reach a digit you wish to change press ENTER Use UP DOWN to increase or decrease the di...

Страница 20: ...er the 1 instructions in steps 1 and 2 of Initial Configuration via Serial Cable Reboot the VCS 2 Login from the PC with the username 3 pwrec No password is required You will be prompted for a new pas...

Страница 21: ...s of the system the FQDN of the system Select 2 Administrator Login Enter the Username 3 admin and your system password and select Login You will be presented with the Overview page Supported Browsers...

Страница 22: ...ck on the Information icon or click inside a field This box gives you information about the particular field including where applicable the valid ranges and default value To close the information box...

Страница 23: ...such as calls and registrations See the Command Reference Appendix for a full description of commands available on the VCS How Command are Shown in this Guide In this Guide instructions for performing...

Страница 24: ...the web interface These pages provide information on the current status and configuration of the VCS Overview and Status TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introduction Getting S...

Страница 25: ...e version The version of software that is currently installed on the VCS IPv4 address The VCS s IPv4 address es Viewing the Overview Page Understanding the Overview Page Options The maximum number of...

Страница 26: ...ERG VCS Software release The version of software that is currently installed on the VCS Software build The build number of this software version Software options All the extra features installed on th...

Страница 27: ...tion key has been installed this will show the ethernet speed for both the LAN1 port and the LAN2 port MAC address The MAC address of the VCS s ethernet device If the Dual Network Interfaces option ke...

Страница 28: ...en two endpoints or devices communicating via IPv4 It will communicate with other systems via IPv4 only IPv6 The VCS will only accept registrations from endpoints using an IPv6 address and will only t...

Страница 29: ...started Non traversal calls Current The number of non traversal calls going through the VCS at this moment Max peak The highest number of concurrent non traversal calls handled by the VCS since it was...

Страница 30: ...time at which the registration was accepted If an NTP server has not been configured this will say Time not set IP Address For H 323 devices this is the RAS address For SIP UAs it is the Contact addre...

Страница 31: ...ist of registrations enter one or more characters in the Filter field and select Filter Only those registrations that contain in any of the displayed fields the string you entered will be shown To ret...

Страница 32: ...l details of this call Filter To limit the list of calls enter one or more characters in the Filter field and select Filter Only those calls that contain in any of the displayed fields the characters...

Страница 33: ...call Actions Click View to go to the Call Details page which lists full details of this call Filter To limit the list of calls enter one or more characters in the Filter field and select Filter Only...

Страница 34: ...lter To limit the list of calls enter one or more characters in the Filter field and select Filter Only those calls that contain in any of the displayed fields the characters you entered will be shown...

Страница 35: ...the configuration page for that subzone To configure the subzone click on the subzone name Bandwidth Used The total amount of bandwidth used by all calls passing through each subzone Calls The number...

Страница 36: ...her zones that you have created To view the Zones page Status Zones Viewing the Zones Page Name The names of each zone currently configured on this VCS Type The type of zone See About Zones for a full...

Страница 37: ...Links status page gives you an overview of all the links currently configured on your VCS along with the number of calls and the bandwidth being used by each link To view the Links status page Status...

Страница 38: ...tly traversing each pipe Viewing the Pipes Page The Pipes page provides a list of all the pipes currently configured on your VCS along with the number of calls and the bandwidth being used by each pip...

Страница 39: ...requesting client address and port and the corresponding VCS address and port To view the STUN Relays page Status STUN RElays Expiry Time The date and time at which the STUN Relay will become inactiv...

Страница 40: ...hange has taken place on the VCS that requires some manual Administrator intervention such as a reboot When there are warnings in place on the VCS a warning icon will appear at the top right of the pa...

Страница 41: ...Most tvcs events contain hyperlinks in one or more of the fields You can click on the hyperlink to show only those events that contain the same text string For example clicking on the text that appear...

Страница 42: ...the log message This will be tvcs for all messages originating from TANDBERG VCS processes but will differ for messages from third party processes which are used in the VCS product message _ details...

Страница 43: ...ge Auth Whether call attempt has been authenticated successfully Method SIP method INVITE BYE UPDATE REGISTER SUBSCRIBE etc Contact Contact header from REGISTER AOR Address of record Call Id The Call...

Страница 44: ...r H 323 message Eventlog Cleared An operator cleared the event log External Server Communication Failure Communication with an external server failed unexpectedly The event detail data should differen...

Страница 45: ...cting zones Operator forced removal Operator forced removal all registrations removed Registration Requested A registration has been requested System Shutdown The operating system was shutdown System...

Страница 46: ...esponse has been sent All Level 1 and Level 2 events plus Event Description Keepalive Registration Accepted A keepalive RRQ requesting that an existing H 323 registration is refreshed has been accepte...

Страница 47: ...n relation to the network in which it is located for example its IP settings and the external services used by the VCS e g DNS NTP and SNMP System Configuration TANDBERG VIDEO COMMUNICATIONS SERVER AD...

Страница 48: ...S can be accessed via SSH and SCP About Administrator Access settings While it is possible to administer the TANDBERG VCS via a PC connected directly to the unit via a serial cable you may wish to acc...

Страница 49: ...settings between the VCS and ethernet switch will at best result in packet loss at worst it will make the system inaccessible for endpoints and system administrators Ethernet speed Sets the speed of...

Страница 50: ...refore require a traversal call licence Some endpoints support both IPv4 and IPv6 however an endpoint can use only one protocol when registering with the VCS Which protocol it uses will be determined...

Страница 51: ...es the LAN 2 port on the VCS for both management and call signaling This allows you to have a secondary IP address for your VCS This configuration is intended for high security deployments where the V...

Страница 52: ...d when resolving domain names Domain name Specifies the name to be appended to an unqualified server address before a query to the DNS server is executed Configuration Overview About DNS Servers You m...

Страница 53: ...e The NTP server provides the VCS with UTC time You can also determine the local time to be used on your system by configuring the Time Zone This takes the UTC time and offsets it by the number of hou...

Страница 54: ...following up on queries By default SNMP is Enabled with a SNMP community name of public Note the VCS does not support SNMP traps or SNMP sets therefore it cannot be managed via SNMP To configure the V...

Страница 55: ...anager use the default path of tms public external management SystemManagementService asmx To configure the VCS s External Manager settings System Configuration External Manager You will be taken to t...

Страница 56: ...ome other means provided by your 3 terminal emulator To restore your configuration Remove the 1 c from in front of each command Paste this information back in to the command line interface 2 Backing u...

Страница 57: ...Click here to save your changes About Logging The VCS provides an event logging facility for troubleshooting and auditing purposes The event log records information about such things as calls registr...

Страница 58: ...ages sent and received H 323 LDAP etc excluding noisy messages such as H 460 18 keepalives and H 245 video fast updates Level 3 Protocol Verbose Protocol keepalives are suppressed at Level 2 At loggin...

Страница 59: ...of H 323 and SIP and the configuration options available on the VCS for each of these protocols how to configure the VCS to act as a SIP to H 323 gateway how to restrict registrations using Allow List...

Страница 60: ...e endpoint to verify that it is still functioning The system will poll endpoints in a call regardless of whether the call type is traversal or non traversal H 323 Endpoint Registration Auto Discover T...

Страница 61: ...ster an alias currently registered from another IP address Reject denies the registration Overwrite deletes the original registration and replaces it with the new registration The default is Reject Re...

Страница 62: ...is depends on the SIP Registration Proxy Mode setting as follows Off the VCS will not proxy any registration requests The request will be rejected with a 403 Forbidden message Proxy to Known Only the...

Страница 63: ...e VCS adds a Path header component to the request which signals that the VCS must be included on any call to that endpoint The information is usually required in situations where firewalls exist and t...

Страница 64: ...rsal clients and traversal servers Proxy to any Registration requests and invite requests will always be proxied UDP mode Determines whether or not incoming SIP calls using the UDP protocol will be al...

Страница 65: ...in the Name field and click Create Domain The new domain will be added and you will be returned to the Domains page To edit the name of an existing domain click View Edit You will be taken to the Edit...

Страница 66: ...ill be taken to the Interworking page xConfiguration Interworking Mod e H 323 SIP interworking mode Determines whether or not the VCS will act as a gateway between SIP and H 323 calls Off the VCS will...

Страница 67: ...e to the VCS when registering The VCS will then know to route all calls that begin with that prefix to the gateway MCU or Content Server as appropriate These prefixes can also be used to control regis...

Страница 68: ...address or FQDN of the Registrar with which they wish to register and the endpoint will attempt to register with that Registrar only The VCS is a SIP Server for endpoints in its local zone and can als...

Страница 69: ...ation usernames passwords and other relevant information is stored This database may be located either locally on the VCS or on an LDAP Directory Server The VCS looks up the endpoint s username in the...

Страница 70: ...nally traversal clients must always successfully authenticate with traversal servers before they can connect The username and password that your VCS provides when authenticating with other systems is...

Страница 71: ...lias but none are listed in the LDAP database it will not be allowed to register If no aliases are presented by the endpoint it will be registered with all the aliases listed in the LDAP database for...

Страница 72: ...sented by the endpoint will be ignored Endpoint The aliases presented by the endpoint will be used any in the LDAP database will be ignored Combined The endpoint will be registered both with the alias...

Страница 73: ...ntial to add the new entry to the Local Database and return to the Credentials page Save Saves the changes you have made Delete Removes the entry from the Local Database and returns you to the Credent...

Страница 74: ...registered from another IP address Reject The registration from the new IP address will be rejected This is useful if your priority is to prevent two users registering with the same alias Overwrite T...

Страница 75: ...Likewise if the Registration Restriction policy is set to AllowList only one of the endpoint s aliases needs to match a pattern on the Allow list for it to be allowed to register using all its aliases...

Страница 76: ...return to the Registration Allow List page Type Select the way in which the Pattern must match the alias for the registration to be allowed Options are Exact the alias must match the Pattern exactly P...

Страница 77: ...changes to an existing entry You will be taken to the Edit Deny Pattern page Delete Select Delete to remove the registration from the list Pattern Edit the pattern Type Edit the type You can sort the...

Страница 78: ...systems including other VCSs Gatekeepers Border Controllers or SIP devices via the use of zones You can also configure up to 5 Alternates for resiliency This section includes an overview on all the d...

Страница 79: ...network This section will give you an overview of the different parts of the video communications network and the ways in which they can be connected This information should allow you to configure yo...

Страница 80: ...d outbound portions of a call A single traversal call can therefore take up to 20 ports The default range for the ports to be used for media is 50000 51119 UDP but these can be changed to anywhere bet...

Страница 81: ...S Expressway must have a special type of two way neighbor relationship with each traversal client To do this you create a traversal server zone on your local VCS Expressway and configure it with the d...

Страница 82: ...ured with the Default Zone and default links between it and both the Default Subzone and the Traversal Subzone The purpose of the Default Zone is to allow you to manage incoming calls from unrecognize...

Страница 83: ...it Zone page xConfiguration Zones Zone 1 200 The sections that follow describe the configuration options available for each zone type Adding Zones Name Enter the name you wish to give to this zone The...

Страница 84: ...information This field specifies the hop count to be used when sending an alias search request to this particular zone Name Assigns a name to the zone The name acts as a unique identifier allowing you...

Страница 85: ...used for H 323 calls from the local VCS SIP transport Determines which transport type will be used for SIP calls to and from the neighbor zone Configuring Neighbor Zones SIP mode Determines whether S...

Страница 86: ...r FQDN of the traversal server Alternate 1 to Alternate 5 address Specifies the IP addresses or FQDNs of any alternates configured on the traversal server H 323 mode Determines whether H 323 calls wil...

Страница 87: ...l Assent or H 460 18 to be used to traverse the firewall NAT See Firewall Traversal Protocols for more information H 460 19 demultiplexing Mode Determines whether or not the same two ports will be use...

Страница 88: ...med E 164 number to create an ENUM domain for which this zone is queried Configuring ENUM Zones Configuring DNS Zones SIP mode Determines whether SIP records will be looked up for this zone H 323 mode...

Страница 89: ...ve to save your changes Configuring Alternates Alternates are not used to increase the capacity of your network they are to provide redundancy To increase capacity add one or more additional VCSs to y...

Страница 90: ...ative deployment would use a structured dial plan whereby endpoints are assigned an alias based on the system they are registering with If you are using E 164 aliases each VCS would be assigned an are...

Страница 91: ...estination endpoint how to apply transforms to the address that was dialed before searching on the local VCS and before sending the search request out to neighboring zones how to use Administrator Pol...

Страница 92: ...one transforms Administrator Policy and User Policy If the alias is found by one of the neighbor zones the call will 8 be placed to that zone Call Processing Diagram One of the functions of the VCS is...

Страница 93: ...sing its IP address The presence of a firewall may disrupt the call Instead place the call to the VCS to which the destination endpoint is registered as described in Calls from an Unregistered Endpoin...

Страница 94: ...op count assigned When the request is subsequently forwarded on to a neighbor zone the lower of the two values i e the original hop count or the hop count configured for that zone will be used For H 3...

Страница 95: ...ironment This means that when Authentication Mode is On and you configure policy based on the source alias it will only apply to authenticated sources The VCS determines whether or not an endpoint is...

Страница 96: ...olicy AdministratorPolicy Mode Administrator Policy Mode On Administrator Policy is enabled If a CPL script has been uploaded this policy will be used Otherwise the policy configured via the Administr...

Страница 97: ...more line items from the list check the box to the left of the item and then click Delete Add New Click to add the new item to the Policy A new row with empty fields for you to complete will appear Ca...

Страница 98: ...was uploaded if Administrator Policy has been configured using the web interface this will show you the CPL version of the policy if Administrator Policy is On but a policy has not been configured thi...

Страница 99: ...aliases according to configuration for that FindMe alias If User Policy has not been enabled or the alias is not present in the User Policy Manager the VCS will continue to search for the alias in th...

Страница 100: ...Remote User Policy is enabled and a User Policy Manager located on another system is used If you select this option further configuration options will appear see below Configuring User Policy Manager...

Страница 101: ...d The password to be used along with the Username when logging into this account Users will be able to change the password for their account once they have logged in FindMe name The FindMe name on whi...

Страница 102: ...page New password Type the new password to be used along with the Username when logging into this account Cancel Click here to return to the User Accounts page without changing the password Confirm pa...

Страница 103: ...Maintenance Appendices User Policy FindMe Managing FindMe User Accounts Deleting a User Account To delete a FindMe user account VCS Configuration Policy User Accounts You will be taken to the User Ac...

Страница 104: ...as been done you can log in to your account via a web interface and configure it with details of the device s on which you want to be contacted when a call is first placed to your FindMe name if any o...

Страница 105: ...will ring when your FindMe name is first dialled If more than one device is listed here they will all ring at the same time Busy Devices For an individual list all the device s that will ring immedia...

Страница 106: ...ng against which an alias is compared and the changes to make to the alias if it matches that string Once the alias has been transformed in this way it remains changed and all further processing is ap...

Страница 107: ...which the alias is compared Priority Assigns a priority to this transform Transforms are applied in order of priority and the priority must be unique for each transform Pattern behavior Determines how...

Страница 108: ...match specify the way in which the alias will be transformed All searches sent to the zone that match the specified pattern will then be transformed and the zone will be queried using the new alias Ab...

Страница 109: ...lias will be modified Options are Leave the alias will not be modified Strip the matching prefix or suffix will be removed from the alias Replace the matching part of the alias will be substituted wit...

Страница 110: ...if and when the zone will be queried and whether any transforms will be applied Some example configurations are given here Examples Always Query a Zone Never Apply Transforms To configure the zone so...

Страница 111: ...h requests sent to a zone so that it is only queried for aliases that match certain criteria For example assume all endpoints in your regional sales office are registered to their local VCS with a suf...

Страница 112: ...Transformed Alias You may wish to query a zone for the original alias at the same time as you query it for a transformed alias To do this configure one match with a mode of AlwaysMatch and a second m...

Страница 113: ...tches configured within them It is possible to configure a single zone with up to five PatternMatch matches each with the same Priority and with an identical Pattern String to be matched but each with...

Страница 114: ...articular system e g a VCS Expressway When a system is attempting to locate a destination URI address using the DNS system the general process is as follows H323 The system will send a query via its D...

Страница 115: ...dress was resolved successfully using an H 323 Location SRV 5 record i e for _ h323ls then the address returned is queried via an LRQ for the full URI address If the domain part of the URI address was...

Страница 116: ...onfiguration Zones You will be taken to the Zones page Click New You will be taken to the Create Zone page Enter a Name for the zone and select a Type of DNS Click Create Zone You will be taken to the...

Страница 117: ...ing calls using URI dialing to endpoints that are not registered to the local VCS or one of its neighbors you must configure at least one DNS server for the VCS to query For resilience you can specify...

Страница 118: ...ured via VCS Configuration Protocols H 323 as the Registration UDP port Call SRV Records Call SRV records and A AAAA records are intended primarily for use by endpoints which cannot participate in a l...

Страница 119: ...ation Recommended Configuration If URI dialing is being used in conjunction with firewall traversal DNS zones and DNS Servers should be configured on the VCS Expressway and any VCSs on the public netw...

Страница 120: ...calls for instructions on how to do this Overview The VCS supports outward ENUM dialing by allowing you to configure ENUM zones on the VCS When an ENUM zone is queried this triggers the VCS to transfo...

Страница 121: ...he zones that contain a match is an 5 ENUM zone this will trigger the VCS to attempt to locate the endpoint through ENUM As and when each ENUM zone configured on the VCS is queried the E 164 number is...

Страница 122: ...trigger an ENUM lookup Example For example you want to enable ENUM dialing from your network to a remote office in the UK where the endpoints E 164 numbers start with 44 You would configure an ENUM zo...

Страница 123: ...gure at least one ENUM zone for each DNS suffix that your endpoints may use Normal zone pattern matching and prioritization rules will apply to ENUM zones Name Assigns a name to this zone Type For ENU...

Страница 124: ...VCS will query when attempting to locate a domain In order for endpoints registered to the VCS to make outgoing calls using ENUM dialing you must configure at least one DNS server for the VCS to quer...

Страница 125: ...uite of documents that define the ENUM standard specifies that the domain for ENUM where the NAPTR records should be located for public ENUM deployments is e164 arpa However use of this domain require...

Страница 126: ...sary to place a call to or receive a call from an unregistered endpoint Calls to an Unregistered Endpoint Recommended Configuration for Firewall Traversal When the VCS Expressway is neighbored with an...

Страница 127: ...onfigure your Fallback Alias to be that of your receptionist so that all calls that do not specify an alias will still be answered personally and can then be redirected appropriately For example Examp...

Страница 128: ...1 the next call will be assigned an ID of 2 If call 1 is then disconnected the third call to be made will be assigned an ID of 1 The call ID number is not therefore a unique identifier while no two ca...

Страница 129: ...rence the call using the longer but unique call serial number Disconnecting a Call via the CLI The call disconnection API works differently for H 323 and SIP calls due to differences in the way the pr...

Страница 130: ...These pages allow you to control the bandwidth that is used for calls within your local zone as well as calls out to other zones Bandwidth Control TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GU...

Страница 131: ...onnections The TANDBERG VCS allows you to control the amount of bandwidth used by endpoints on your network This is done by grouping endpoints into subzones and then applying limits to the bandwidth t...

Страница 132: ...IP address is checked and it is assigned to the appropriate subzone If no subzones have been created or the endpoint s IP address does not match any of the configured subzones it will be assigned to...

Страница 133: ...een configured Prefix length Enter the number of bits of the Subnet IP Address which must match for an IP address to belong in this subzone Create Subzone Click here to create the subzone and return t...

Страница 134: ...esses that will belong to the first subnet in this subzone Subnet 2 5 Use these fields to define up to 4 further subnets for this Subzone Save Click here to save your changes Bandwidth See Applying Ba...

Страница 135: ...u want to configure the bandwidth available between one specific subzone and another specific subzone or zone If your bandwidth configuration is such that multiple types of bandwidth restrictions are...

Страница 136: ...ible your VCS will perform the bandwidth calculations using the one with the fewest links Creating Links Name Enter the name you wish to assign to this link Node 1 Node 2 Select the names of the two s...

Страница 137: ...ames of the two subzones or the subzone and zone between which you wish to create a link Pipe 1 Pipe 2 If you wish to apply bandwidth limitations to this link select the pipe s to be applied For more...

Страница 138: ...ll succeed and what bandwidth will be allocated to it using the command xCommand CheckBandwidth Pre Configured Links The VCS is shipped with the Default Subzone Traversal Subzone and Default Zone alre...

Страница 139: ...the name you wish to give to this pipe You will refer to this name when creating links Create Pipe Click here to create the pipe and return to the Pipes page About Pipes To create a pipe VCS Configur...

Страница 140: ...his name when creating links Save Click here to save the changes Bandwidth restriction Determines whether there is a limit on the total concurrent bandwidth of this pipe Unlimited no limitations are i...

Страница 141: ...for calls in and out of that site Example In the diagram opposite Pipe A has been applied to two links the link between the Default Subzone and the Home Office subzone and the link between the Defaul...

Страница 142: ...on users will get one of the following messages depending on the message that initiated the search Exceeds Call Capacity Gatekeeper Resources Unavailable About the Default Call Bandwidth The default c...

Страница 143: ...presented as a separate subzone on the VCS with bandwidth configured according to local policy The enterprise s leased line connection to the Internet and the DSL connections to the remote offices are...

Страница 144: ...ressway has subzones configured for the Home Office and Branch Office These are linked to the VCS Expressway s Traversal Subzone with pipes placed on each link All calls from the VCS Expressway to the...

Страница 145: ...how to configure the additional firewall traversal server functions of a VCS Expressway including STUN services Firewall Traversal TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introduction...

Страница 146: ...and STUN relay services to endpoints with STUN clients These features are enabled as follows In order for the VCS Expressway to act as a firewall traversal server for TANDBERG systems you must create...

Страница 147: ...entication Username Password link in the Edit Zone page for an existing Traversal Client Zone On the VCS Expressway create a Traversal Server Zone this represents the incoming connection from the VCS...

Страница 148: ...and they then must then configure their systems to connect to these specific ports on the server The only port configuration that is done on the client is the range of ports it uses for outgoing conne...

Страница 149: ...d H 245 protocols Media UDP 2776 RTP media port UDP 2777 RTCP media control port Ports for Initial Connections from Traversal Clients Assent Ports H 460 18 19 Ports SIP Ports In situations where the V...

Страница 150: ...ection There must also be an entry in the VCS Expressway s authentication database with the corresponding client username and password VCS Control or VCS Expressway If Authentication is On on the Bord...

Страница 151: ...ed on the VCS including those relating to firewall traversal will apply to both IP addresses it is not possible to configure these ports separately for each IP address Firewall Traversal and Dual Netw...

Страница 152: ...ier allowing you to distinguish between zones of the same type Type From the Type drop down menu select TraversalClient Create Zone Click here to create the zone You will be taken directly to the Edit...

Страница 153: ...r calls to the traversal server SIP mode Determines whether SIP calls will be allowed to and from this zone SIP port Specifies the port on the traversal server to be used for SIP calls from this VCS S...

Страница 154: ...oints i e TANDBERG MXP endpoints and any other endpoints that support the ITU H 460 18 and H 460 19 standards registered directly with it You can configure the protocols and ports that will be used En...

Страница 155: ...calls to and from the traversal client Client authentication username If the traversal client is a VCS this must be the VCS s Authentication Username You must also add the client s Authentication use...

Страница 156: ...ts On allows use of the same two ports for all calls Off Each call will use a separate pair of ports for media H 323 preference If an endpoint supports both Assent and H 460 18 protocols this setting...

Страница 157: ...es the default ports should be used However you have the option to change these ports if necessary Media demultiplexing RTP port Specifies the port on the VCS to be used for demultiplexing RTP media M...

Страница 158: ...n back to the client about the binding allocated by the NAT firewall being traversed How it works A client behind a NAT firewall sends a STUN discovery request via the firewall to the VCS Expressway w...

Страница 159: ...xConfiguration Traversal Server STUN STUN Services STUN discovery mode Determines whether the VCS will offer STUN Discovery services to traversal clients Save Click here to save your changes STUN rel...

Страница 160: ...elete Option Keys manage security certificates change and delete the Administrator password create a system snapshot restart the VCS shut down the VC S restore the system to its default setting s Main...

Страница 161: ...figuration Save the resulting output to a file using cut and paste or 3 some other means provided by your terminal emulator To restore your configuration Remove the 1 c from in front of each command P...

Страница 162: ...estart the system for the upgrade to take effect Select the software file Enter the path of the software image file or click Browse to locate it on the network System Information This section tells yo...

Страница 163: ...endpoint in the call is locally registered will still be counted as one non traversal call Registrations the number of concurrent registrations allowed on the VCS An endpoint can register with more th...

Страница 164: ...ng with a description of the options they provide Add option key Enter the 20 character Option Key that has been provided to you for the option you wish to add Add Option Click Add Option Adding Optio...

Страница 165: ...P database using TLS encryption the certificate used by the LDAP database must be signed by a CA on this list Upload CA certificate Click here once you have selected the file to upload it Select the s...

Страница 166: ...le We recommend that you choose a strong password particularly if administration over IP is enabled The maximum password length is 16 characters Both the username and password are case sensitive New p...

Страница 167: ...Snapshot page Overview Create System Snapshot Clicking on this button will initiate the download of the system snapshot file You will then be asked whether and where you would like to save the file S...

Страница 168: ...eceive a warning telling you the system needs to be restarted Restarting will cause any active calls and registrations to be terminated For this reason the Restart page displays the number of current...

Страница 169: ...you wish to be able to restart it after it has been shut down Shutting down will cause any active calls and registrations to be terminated For this reason the Shutdown page displays the number of curr...

Страница 170: ...le opposite Configuration item Default value after xCommand DefaultValuesSet Level 3 SystemUnit Name blank field SystemUnit Password TANDBERG Option 1 64 Key all option keys are deleted IPProtocol IPv...

Страница 171: ...th Control Firewall Traversal Maintenance Appendices This section includes the following appendices which provide supplementary information regarding the administration of the VCS CPL Referenc e Regul...

Страница 172: ...of the CPL language and should be read in conjunction with the CPL standard RFC 3880 5 and the TANDBERG guide to writing CPL 22 The VCS supports most of the CPL standard along with some TANDBERG defi...

Страница 173: ...TUP The From and ReplyTo fields of the incoming message The source aliases from the original LRQ or ARQ that started the call If a SETUP is received without a preceding RAS message then the origin is...

Страница 174: ...URI aliases this selects the domain name part If the alias is an IP address then this subfield is the complete address in dotted decimal form tel For E 164 numbers this selects the entire string of di...

Страница 175: ...or an E 164 number priority 0 0 1 0 random Specified either as a floating point number in the range 0 0 to 1 0 or random which assigns a random number within the same range 1 0 is the highest priorit...

Страница 176: ...ot present Reject call with a status code of 403 Forbidden reject status 403 reason Denied by policy not present address switch taa routed cpl CPL Examples Call Screening Based on Alias In this exampl...

Страница 177: ...example com retry the request with example net taa location clear yes regex example com replace 1 example net proxy taa location failure proxy address address switch taa routed cpl CPL Examples Call...

Страница 178: ...ject status 403 reason Only local endpoints can use this Tandberg VCS not present address switch taa routed cpl CPL Examples Block Calls from Default Zone and Default Subzone The same script can be ex...

Страница 179: ...ce xsi schemaLocation urn ietf params xml ns cpl cpl xsd taa routed address switch field destination address regex 9 address switch field originating zone Calls coming from the traversal zone are not...

Страница 180: ...character in the range You can not use special characters within the they will be taken literally a z will match against any lower case alphabetical character a zA Z will match against any alphabetic...

Страница 181: ...thernet 2 IP V4 Address Matches the IPv4 addresses currently configured on the VCS for LAN 1 and LAN 2 not applicable ipv4 _ 1 xConfiguration Ethernet 1 IP V4 Address Matches all IPv4 address currentl...

Страница 182: ...Logging used to send message to the remote syslog server 514 UDP not configurable Gatekeeper discovery Multicast Gatekeeper discovery 1718 UDP not configurable H323 Registration and Alternate communi...

Страница 183: ...figuration SIP TCP Port SIP TLS listens for incoming SIP TLS calls 5061 TLS 1024 65534 VCS Configuration Protocols SIP Configuration xConfiguration SIP TLS Port Traversal Server Zone H323 Port the por...

Страница 184: ...the range must start with an even number See Configuring the Traversal Subzone Ports for more information 50000 51199 UDP 1024 65533 VCS Configuration Local Zone Traversal Subzone xConfiguration Trave...

Страница 185: ...SRV Record There are a range of tools available to investigate DNS records One commonly found on Microsoft Windows and UNIX platforms is nslookup Use this to verify that everything is working as expec...

Страница 186: ...points on the network H 350 1 Directory services architecture for H 323 An LDAP schema to represent H 323 endpoints H 350 2 Directory services architecture for H 235 An LDAP schema to represent H 235...

Страница 187: ...Organizational Hierarchy Open up the Active Directory 1 Users and Computers MMC snap in Under your BaseDN right click and select 2 New Organizational Unit Create an Organizational unit called 3 h350...

Страница 188: ...tform For installations on other platforms the location of the OpenLDAP configuration files may be different See the OpenLDAP installation documentation for details Installing the H 350 Schemas Copy t...

Страница 189: ...50 objects dn ou h350 dc my domain dc com objectClass organizationalUnit ou h350 Add the ldif file to the server using the command 2 slapadd l ldif _ file This organizational unit will form the BaseDN...

Страница 190: ...return a list of all elements available under the xConfiguration command type xConfiguration element to return all available sub elements along with the valuespace and description and default values...

Страница 191: ...must restart the system for any changes to take effect Default Off Example xConfiguration Administration Telnet Mode Off Administration TimeOut 0 10000 Sets the number of minutes that an administrati...

Страница 192: ...cation LDAP BaseDN dc example dc company dc com Authentication Mode On Off Determines whether or not to enforce authentication for H 323 and SIP registrations Default Off Example xConfiguration Authen...

Страница 193: ...or subzone to which this link will be applied Example xConfiguration Bandwidth Link 1 Node1 Name HQ Bandwidth Link 1 600 Node2 Name S 0 50 Specifies the second zone or subzone to which this link will...

Страница 194: ...ts neighbors Direct Allows an endpoint to make a call to an unknown IP Address without the VCS querying any neighbors The call setup would occur just as it would if the far end were registered directl...

Страница 195: ...full 100half 100full 1000full Sets the speed of the Ethernet link from the specified LAN port Use Auto to automatically configure the speed Note You must restart the system for any changes to take eff...

Страница 196: ...imeToLive 120 H323 Gatekeeper Registration ConflictMode Reject Overwrite Determines how the system will behave if an endpoint attempts to register an alias currently registered from another IP Address...

Страница 197: ...e RegisteredOnly IP DNS Domain Name S 0 128 Specifies the name to be appended to the host name before a query to the DNS server is executed Used only when attempting to resolve a domain name which is...

Страница 198: ...e You must restart the system for any changes to take effect Default IPv4 Example xConfiguration IPProtocol IPv4 LDAP Encryption Off TLS Sets the encryption to be used for the connection to the LDAP s...

Страница 199: ...software option These are added to the VCS in order to add extra functionality such as increasing the VCS s capacity Contact your TANDBERG representative for further information Example xConfiguratio...

Страница 200: ...ple com Registration AllowList 1 2500 Pattern Type Exact Prefix Suffix Regex Specifies whether the entry in the Allow List is a prefix suffix regular expression or must be matched exactly Default Exac...

Страница 201: ...eighbors only ProxyToAny Registration requests will be proxied in accordance with the VCS s existing call processing rules Default Off Example xConfiguration SIP Registration Proxy Mode Off SIP TCP Mo...

Страница 202: ...Specifies the listening port for incoming SIP UDP calls Default 5060 Example xConfiguration SIP UDP Port 5060 SNMP CommunityName S 0 16 Sets the VCS s SNMP community name Default public Example xConfi...

Страница 203: ...Pattern Replace string Example xConfiguration Transform 1 Pattern Behavior Replace Transform 1 100 Pattern Replace S 0 60 Applies only if pattern behavior is set to Replace Specifies the string to be...

Страница 204: ...ignaling Default 2776 Example xConfiguration Traversal Server H323 Assent CallSignaling Port 2777 Traversal Server H323 H46018 CallSignaling Port 1024 65534 Specifies the port on the VCS to be used fo...

Страница 205: ...Limit 1 100000000 Specifies the bandwidth limit in kbps for any one call to or from an endpoint in the Default Subzone applies only if Mode is set to Limited Default 1920 Example xConfiguration Zones...

Страница 206: ...zone applies only if Mode is set to Limited Default 1920 Example xConfiguration Zones LocalZone SubZone 1 Bandwidth PerCall Inter Limit 1920 Zones LocalZone SubZone 1 100 Bandwidth PerCall Inter Mode...

Страница 207: ...0 Example xConfiguration Zones LocalZone SubZone 1 Subnet 1 IP Address 192 168 0 0 Zones LocalZone SubZone 1 100 Subnet 1 5 IP PrefixLength 0 128 Specifies the number of bits of the Subnet IP Address...

Страница 208: ...versal enabled endpoints registered directly with the VCS will attempt to send a TCP probe to the VCS Default 5 Example xConfiguration Zones LocalZone Traversal H323 TCPProbe RetryCount 5 Zones LocalZ...

Страница 209: ...ifies the total bandwidth in kbps allowed for all traversal calls being handled by the VCS applies only if Mode is set to Limited Default 500000 Example xConfiguration Zones LocalZone TraversalSubZone...

Страница 210: ...xt in the Replace string Default Leave Example xConfiguration Zones Zone 1 Match 1 Pattern Behavior Replace Zones Zone 1 200 Match 1 5 Pattern Replace S 0 60 Applies only if the Pattern Behavior is Re...

Страница 211: ...f this neighbor Example xConfiguration Zones Zone 1 Neighbor Primary Address 192 168 8 1 Zones Zone 1 200 Neighbor SIP Port 1024 65534 Specifies the port on the neighbor to be used for SIP calls to an...

Страница 212: ...ld be retried Default 120 Example xConfiguration Zones Zone 2 TraversalClient RetryInterval 120 Zones Zone 1 200 TraversalClient SIP Port 1024 65534 Specifies the port on the traversal server to be us...

Страница 213: ...34 Specifies the port on the VCS being used for SIP firewall traversal from this traversal client Default 7001 incrementing by 1 for each new zone Example xConfiguration Zones Zone 3 TraversalServer S...

Страница 214: ...r UDPProbe RetryInterval 1 65534 Sets the frequency in seconds with which the traversal client will send a UDP probe to the VCS Default 2 Example xConfiguration Zones Zone 3 TraversalServer UDPProbe R...

Страница 215: ...or xCommand command to return all parameters for that command along with the valuespace and a description for each The valid value for this parameter is a string The minimum and maximum number of cha...

Страница 216: ...ple xCommand boot CheckBandwidth A diagnostic tool that returns the status and route as a list of nodes and links that a call of the specified type and bandwidth would take between two nodes Note that...

Страница 217: ...or replace Replace example com CredentialAdd Adds an entry to the local authentication database CredentialName r S 1 128 Defines the name for this entry in the local authentication database Credential...

Страница 218: ...ion or must be matched exactly Example xCommand DenyListAdd PatternString sally jones example com PatternType exact DenyListDelete Deletes an entry from the Deny List DenyListId r 1 2500 The index of...

Страница 219: ...tes a particular feedback request ID 1 3 The ID of the feedback request to be deactivated Example xCommand FeedbackDeregister ID 1 TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Introduction...

Страница 220: ...ilure Event RegistrationAdded Event RegistrationRemoved Event RegistrationFailure Event RegistrationChanged Event Bandwidth Event Locate Event ResourceUsage Event AuthenticationFailure Example xComman...

Страница 221: ...e specified number of hops Results are reported back through the xFeedback mechanism which must therefore be activated before issuing this command e g xFeedback register event locate Alias r S 1 60 Th...

Страница 222: ...vailable no calls can be made using this pipe PerCall 1 100000000 If this pipe has limited per call bandwidth sets the maximum amount of bandwidth in kbps available for any one call Example xCommand P...

Страница 223: ...Subzone has a limit on the total bandwidth being used by its endpoints at any one time Total 1 100000000 Sets the total bandwidth limit in kbps of the Default Subzone applies only if Mode is set to L...

Страница 224: ...nsforms are applied in order of priority and the priority must be unique for each transform Example xCommand TransformAdd Pattern example net Type suffix Behavior replace Replace example com Priority...

Страница 225: ...ould be applied in a search for a given alias Note that this command does not change any existing system configuration Alias r S 1 60 The alias to be searched for Example xCommand ZoneList Alias john...

Страница 226: ...rrent status of all status elements on the VCS type xStatus element to return the current status for that particular element and all its sub elements type xStatus element sub element to return the cur...

Страница 227: ...TraversalCalls 0 100 Registrations 0 2500 Expressway True False Encryption True False Interworking True False UserPolicy True False DeviceProvisioning True False DualNetworkInterfaces True False Hardw...

Страница 228: ...90 Description S 1 128 IP Protocol IPv4 IPv6 Both IPv4 Gateway IPv4Addr IPv6 Gateway IPv6Addr DNS Server 1 5 Address IPv4Addr IPv6Addr Domain S 0 128 TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATO...

Страница 229: ...ailed to authenticate with LDAP server A valid CA certificate for the LDAP database has not been uploaded this is required for connections via TLS No server address configured Address IPv4Addr IPv6Add...

Страница 230: ...ng StartTime Seconds since boot Date Time Duration Time in seconds precision in seconds Legs Leg 1 300 Protocol H323 SIP H323 visible if Protocol H323 CallSignalAddress IPv4Addr IPv6Addr 1 65534 Alias...

Страница 231: ...tration ID 1 2500 SerialNumber S 1 255 Sessions Session 1 300 Status Unknown Searching Failed Cancelled Completed Active Connected MediaRouted True False Participants Leg 1 300 2 entries Bandwidth Req...

Страница 232: ...es Address IPv4Addr IPv6Addr 1 65534 Apparent IPv4Addr IPv6Addr 1 65534 Prefix S 1 20 0 50 entries Aliases Alias 1 50 Type E164 H323Id URL Email GW Prefix MCU Prefix Prefix Suffix IPAddress Origin End...

Страница 233: ...S 1 255 Calls Section visible only if there are calls Call 0 900 0 900 entries CallId S 1 255 TraversalSubZone Name TraversalSubZone Bandwidth Used 0 100000000 Calls Section visible only if there are...

Страница 234: ...Unknown Active Failed Cause Visible if Status is Failed No response from system DNS resolution failed Invalid IP address Address IPv4Addr IPv6Addr One Address line per address from DNS lookup Port 1 6...

Страница 235: ...rsalClient Primary H323 Visible if H323 Mode On for Zone Status Unknown Active Failed Cause Visible if Status is Failed No response from gatekeeper DNS resolution failed Invalid alias Authentication F...

Страница 236: ...rom DNS lookup Port 1 65534 LastStatusChange Time not set Date Time TraversalServer Visible if Type is TraversalServer SIP Port Active Inactive H323 Port Active Inactive Primary H323 Visible if H323 M...

Страница 237: ...s line per address from DNS lookup Port 1 65534 LastStatusChange Time not set Date Time Calls 0 900 entries Call 0 900 CallID S 1 255 Links Link 1 100 Name S 1 50 Link name Bandwidth Used 0 100000000...

Страница 238: ...d Invalid IP address Address IPv4Addr IPv6Addr Port 1 65534 LastStatusChange Seconds since boot Date Time UserPolicyManager Mode Off Local Remote Status Active Inactive Unknown Visible if Remote Addre...

Страница 239: ...aling Status Active Inactive Failed IPv4 Visible if Status Active Address IPv4Addr 1 2 entries IPv6 Visible if Status Active Address IPv6Addr 1 2 entries H46018 CallSignaling Status Active Inactive Fa...

Страница 240: ...Pv6 UDP Status Active Inactive Failed Address IPv6Addr TCP Status Active Inactive Failed Address IPv6Addr TLS Status Active Inactive Failed Address IPv6Addr TANDBERG VIDEO COMMUNICATIONS SERVER ADMINI...

Страница 241: ...800 Client IPv4Addr IPv6Addr RelayAddress IPv4Addr IPv6Addr CreationTime Date Time ExpireTime Date Time Warnings Warning 1 n Value S 1 255 TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE Intr...

Страница 242: ...2 257 3 10 RFC 3327 Session Initiation Protocol SIP Extension Header Field for Registering Non Adjacent Contacts http www ietf org rfc rfc3327 txt 11 Session Traversal Utilities for NAT STUN http www...

Страница 243: ...g Defined by RFC 3880 5 DNS Domain Name System A distributed database linking domain names to IP addresses DNS zone On the VCS a zone used to configure access to endpoints located via a DNS lookup E 1...

Страница 244: ...of the internet Interworking Allowing H 323 systems to connect to SIP systems IPv4 Internet Protocol version 4 Version 4 of the Internet Protocol defined in RFC 791 18 IPv6 Internet Protocol version...

Страница 245: ...call once it is set up RAS Registration Admission and Status A protocol used between H 323 endpoints and a gatekeeper to register and place calls Registrar In SIP a server that accepts REGISTER reque...

Страница 246: ...CS Control Traversal Server A traversal entity on the public side of a firewall Examples are the TANDBERG Border Controller and the TANDBERG VCS Expressway Traversal enabled endpoint Any endpoint that...

Страница 247: ...enue of the Americas 24th Floor New York NY 10036 Telephone 1 212 692 6500 Fax 1 212 692 6501 Video 1 212 692 6535 E mail tandberg tandberg com TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE...

Отзывы:

Нет отзывов

Похожие инструкции для Security Camera

MyDlink DCS-8515LH

Бренд: D-Link Страницы: 12

Бренд: PRODIS Страницы: 12

Motion Sensor Alarm

Бренд: Tiiwee Страницы: 35

Бренд: usi Страницы: 10

GLASS BREAK DETECTOR

Бренд: Tattletale Страницы: 2

Бренд: safer guard Страницы: 7

Бренд: FLIR Страницы: 2

Бренд: Revo Страницы: 7

Бренд: Dorlen Страницы: 2

Бренд: UEi Страницы: 12

Бренд: Tamron Страницы: 8

Бренд: UniFi Страницы: 42

Бренд: EverFocus Страницы: 15

Бренд: Maxouttech Страницы: 3

Бренд: G-Lenz Security Страницы: 14

Бренд: ACTi Страницы: 37

Бренд: urmet domus Страницы: 40

G-Cam/EWPC-5240

Бренд: Geutebruck Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды