TANDBERG Gatekeeper User Manual
  1. Manuals
  2. Brands
  3. TANDBERG Manuals
  4. Conference System
  5. Gatekeeper
  6. User manual

TANDBERG Gatekeeper User Manual

Tandberg gatekeeper user manual
Hide thumbs Also See for Gatekeeper:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
TANDBERG Gatekeeper

User Manual

Software version N5.0
D13381.05
This document is not to be reproduced in whole or in part without permission in writing from:

Advertisement

Table of Contents
loading

Related Manuals for TANDBERG Gatekeeper

Summary of Contents for TANDBERG Gatekeeper

  • Page 1: User Manual

    TANDBERG Gatekeeper User Manual Software version N5.0 D13381.05 This document is not to be reproduced in whole or in part without permission in writing from:...

  • Page 2: Trademarks And Copyright

    Portions of this software are licensed under 3rd party licenses. See the CD accompanying this product for details. 3rd party license information may also be obtained from the Gatekeeper itself — see the license command in section 14.6 for details.

  • Page 3: Environmental Issues

    Our products are low energy consuming products. TANDBERG’s Environmental Policy Environmental stewardship is important to TANDBERG’s culture. As a global company with strong corporate values, TANDBERG is committed to being an environmental leader and embracing technologies that help companies, individuals and communities creatively address environmental challenges.

  • Page 4: Digital User Guides

    Guides with a digital CD version. Instead of a range of different user manuals, there is now one CD — which can be used with all TANDBERG products — in a variety of languages. The environmental benefits of this are significant. The CDs are recyclable and the savings on paper are huge.
  • Page 5 TANDBERG’s products, the environment will benefit from less use of polluting transport. TANDBERG’s wide use of the concepts of outsourcing makes the company itself a company with a low rate of emissions and effects on the environment.

  • Page 6: Operator Safety Summary

    TANDBERG Gatekeeper User Manual Operator Safety Summary For your protection please read these safety instructions completely before you connect the equipment to the power source. Carefully observe all warnings, precautions and instructions both on the apparatus and in these operating instructions.

  • Page 7: Power Connection And Hazardous Voltage

    TANDBERG Gatekeeper User Manual Dust Do not operate the apparatus in areas with high concentration of dust. Vibration Do not operate the apparatus in areas with vibration or place it on an unstable surface. Power connection and Hazardous voltage The product may have hazardous voltage inside. Never attempt to open this product, or any peripherals connected to the product, where this action requires a tool.

  • Page 8: Communication Lines

    TANDBERG Gatekeeper User Manual – If the apparatus seems to be overheated. – If the apparatus emits smoke or abnormal odor. – If the apparatus fails to operate in accordance with the operating instructions Accessories Use only accessories specified by the manufacturer, or sold with the apparatus.

  • Page 9: Table Of Contents

    2.5 Switching on the System ....... . 2.6 Gatekeeper Initial Configuration ......
  • Page 10 TANDBERG Gatekeeper User Manual 10 Third Party Call Control 10.1 Placing a call ........
  • Page 11 TANDBERG Gatekeeper User Manual...

  • Page 12: Introduction

    TANDBERG Gatekeeper User Manual 1 Introduction This User Manual is provided to help you make the best use of your TANDBERG Gatekeeper. The main features of the TANDBERG Gatekeeper are: IPv4 and IPv6 support Supports up to 100 neighboring zones.

  • Page 13: Tandberg Gatekeeper Overview

    1.1 TANDBERG Gatekeeper Overview On the front of the Gatekeeper there are three LAN interfaces, a serial port (Data 1) and an LED showing the power status of the system. The LAN 1 interface is used for connecting the system to your network, LAN interface 2 and 3 are disabled.

  • Page 14: Installation

    This product complies with directives: LVD 73/23/EC and EMC 89/366/EEC. Power must be switched off before power supplies can be removed from or installed into the unit. 2.2 Unpacking The TANDBERG Gatekeeper is delivered in a special shipping box which should contain the following components: Gatekeeper unit Installation sheet...

  • Page 15: Mounting

    TANDBERG Gatekeeper User Manual 2.2.1 Installation site preparations Make sure that the Gatekeeper is accessible and that all cables can be easily connected. For ventilation: Leave a space of at least 10cm (4 inches) behind the Gatekeeper’s rear and 5cm (2 inches) on the sides.

  • Page 16: Gatekeeper Initial Configuration

    PC connected to the serial port (Data 1) or by connecting to the system’s default IP address: 192.168.0.100. The IP address, subnet mask and gateway must be configured before use. The Gatekeeper has to be configured with a static IP address. Consult your network administrator for information on which addresses to use.
  • Page 17 HTTPS and SSH protocols instead. For increased security, disable HTTPS and SSH as well, using the serial port to manage the system. NOTE If you do not have an IP gateway, configure the Gatekeeper with an unused IP address that is valid in your subnet.

  • Page 18: Getting Started

    The pwrec account is only active for one minute following a restart. Beyond that time you will have to restart the system again to change the password. Because access to the serial port allows the password to be reset, it is recommended that you install the Gatekeeper in a physically secure environment.

  • Page 19: Backups

    System Configuration IP shown in figure 3 3.4 Registration Before an endpoint can use the Gatekeeper it must first register with it. There are two ways an endpoint can register: Automatically. Manually by specifying the IP address of the Gatekeeper.

  • Page 20: Neighbor Gatekeepers

    When it tries to register, it may be rejected because the Gatekeeper still has a registration from its old IP address. The Gatekeeper may be configured to allow an endpoint to overwrite the old IP address with the command: xConfiguration Gatekeeper Registration ConflictMode: <Overwrite/Reject>...
  • Page 21 When an incoming call request is received a Gatekeeper will first search all of its registered endpoints. If no match is found, all strongly matching neighbor and traversal zones will be queried concurrently.

  • Page 22: Alternate Gatekeepers

    Gatekeeper, it is presented with the IP addresses of all the Alternates. If the endpoint loses contact with its initial Gatekeeper, it will seek to register with one of the Alternates. This may result in your endpoint community’s registrations being spread over all the Alternates.

  • Page 23: Call Signaling

    IP address, H.323 ID, E.164 alias or a full H.323 URI. When an H.323 ID or E.164 alias is used, the Gatekeeper looks for a match between the dialed address and the aliases registered by its endpoints. If no match is found, it may query other Gatekeepers and Border Controllers.
  • Page 24 When one endpoint calls another, the Gatekeeper is involved in locating the called endpoint. By default, once the endpoint is located, the Gatekeeper takes no further part in the call signaling. By enabling call routed mode, all call signaling will be routed through the Gatekeeper. This is useful if you need accurate information about call start and stop times.
  • Page 25 TANDBERG Gatekeeper User Manual Figure 6: Location decision flow diagram...

  • Page 26: Unregistered Endpoints

    Not all endpoints allow you to enter an alias and an IP address to which the call should be placed. In that case you can simply place the call to the IP address of the Gatekeeper, with no alias information. The Gatekeeper may be configured to associate all such anonymous calls with a single destination alias.
  • Page 27 Off: this will not allow any endpoint registered directly to the Gatekeeper to call an IP address of any system not also registered directly to that Gatekeeper.

  • Page 28: Bandwidth Control

    Figure 8: Typical network deployment All endpoints registered with your Gatekeeper are part of its local zone. As shown in Figure 8, the local zone can contain many different networks with different bandwidth limitations. In order to model this, the local zone is made up of one or more subzones. When an endpoint registers with the Gatekeeper it is assigned to a subzone, based on its IP address.
  • Page 29 TANDBERG Gatekeeper User Manual Figure 9: Configuring a SubZone Links may be configured through the web interface on the Gatekeeper Configuration Links page, or through the command line using the following commands: xConfiguration Links Link [1..100] Name xConfiguration Links Link [1..100] Node1 Name xConfiguration Links Link [1..100] Node2 Name...
  • Page 30 When a Gatekeeper is neighbored with another Gatekeeper or a Border Controller, the neighbor is placed in its own zone. This allows you to control the bandwidth used by calls to and from endpoints controlled by the other Gatekeeper.
  • Page 31 TANDBERG Gatekeeper User Manual xConfiguration Gatekeeper Downspeed PerCall Mode: <On/Off> xConfiguration Gatekeeper Downspeed Total Mode: <On/Off>...

  • Page 32: Bandwidth Control And Firewall Traversal

    If we now modify our deployment to include firewalls between the offices, we can use the firewall traversal capability of the TANDBERG Gatekeeper and Border Controller to maintain connectivity. In Figure 13, the endpoints in the enterprise register with the Gatekeeper, whilst those in the branch and home office register with the Border Controller.
  • Page 33 Traversal Zone for all calls placed to endpoints managed by the Enterprise Gatekeeper. In this example we have assumed that there is no bottleneck on the link between the Border Controller and the Enterprise network, so have not placed a pipe on this link.
  • Page 34 Traversal zone is used by endpoints which can send media directly to the Border Controller. The other two links are used by endpoints using the Gatekeeper to traverse the firewall. The Gatekeeper is shipped with Default and Traversal Zones and Default and Traversal subzones already configured.

  • Page 35: Registration Control

    Gatekeeper. 6.1 Registration Restriction Policy When an endpoint registers with your Gatekeeper it presents a list of aliases. By default, registration restriction policy is set to None. In this state, any endpoint may register. The registration restriction policy can be configured using the following command:...

  • Page 36: Authentication

    The Gatekeeper supports the ITU H.235 [1] specification for authenticating the identity of network devices with which theGatekeeper communicates. In order to verify the identity of a device, the Gatekeeper needs access to the password infor- mation. This credential information may be stored in a local database on the Gatekeeper or obtained from an LDAP Directory Server.
  • Page 37 Authentication Database: LDAPDatabase The Gatekeeper needs to be configured with the area of the directory which will be searched for the communication device information. This should be specified as the Distinguished Name (DN) in the directory under which the H.350 objects reside: xConfiguration Authentication LDAP BaseDN: "Your base DN"...
  • Page 38 Gatekeeper page. The Gatekeeper will now only communicate with the LDAP server using TLS. To verify the identity of the LDAP server, the certificate of the Certificate Authority (CA) that issued the LDAP server with its certificate must be uploaded to the Gatekeeper. To install the CAs certificate, navigate to the Gatekeeper Configuration...

  • Page 39: Uri Dialing

    Using URI dialing, you call using an H.323 URI which looks like an email address. The destination Gatekeeper is found from the domain name — the part after the @ — in the same way that an email server is found.

  • Page 40: Dns Records

    Each of these should be able to discover an endpoint registered as either user or user@a.record.domain.name. On receipt of the URI the Gatekeeper will modify the URI by removing the @ and host if the host matches: The IPv4 or IPv6 address of the Gatekeeper The system name of the system The Gatekeeper will then search for registrations which match either the modified URI, or the...
  • Page 41 DNS system if it cannot be found otherwise. First the Gatekeeper will query for a Location SRV record, to discover the authoritative Gatekeeper for the destination DNS zone. If is not located, the Gatekeeper will query for a Call SRV record and try to place the call to that address.

  • Page 42: Enum Dialing

    The DNS zone used for ENUM contains NAPTR records as defined by RFC 2915. These provide the mapping between E.164 numbers and H.323 URIs. The Gatekeeper may be configured with up to 5 DNS zones to search for a NAPTR record. It will iterate through them in order, stopping when the first record is found.
  • Page 43 NOTE According to RFC 2915, NAPTR records may contain regex substitutions which are applied to the E.164 number to produce the H.323 URI. This release of the Gatekeeper does not support this behaviour: the NAPTR record is substituted for the E.164 number.

  • Page 44: Example Traversal Deployments

    Enable URI dialing on the Border Controller xConfiguration Gatekeeper DNSResolution Mode: Ensure that URI dialing is disabled on the Gatekeeper. This is because you wish calls to be routed from the private network to the Border Controller in order to traverse the firewall.

  • Page 45: Enterprise Gatekeepers

    Figure 22 shows a private endpoint (1001) calling an endpoint on a public IP address. In this case the public endpoint is not registered to a Gatekeeper and can only be reached using its IP address. In order to successfully traverse the firewall it is necessary for the call to be relayed through the Border Controller: the TANDBERG Gatekeeper should not attempt to place the call directly to the public endpoint.

  • Page 46: Neighbored Enterprises

    Within the Gatekeeper configuration — set ”Calls to unknown IP addresses” to Indirect. This setting will force the Gatekeeper to forward calls to any IP address it does not have locally registered to the TANDBERG Border Controller, thereby allowing the Border Controller itself to relay the call to the endpoint on the public IP address.
  • Page 47 TANDBERG Gatekeeper User Manual From an endpoint in enterprise A, dial the full H.323 URI. For example, Ben@EnterpriseB.com. Border Controller B is registered in DNS as responsible for enterprise B and will receive the incoming call and route it accordingly.

  • Page 48: Third Party Call Control

    TANDBERG Gatekeeper User Manual 10 Third Party Call Control The Gatekeeper provides a third party call control API which enables you to place calls or initiate a blind transfer of an existing call. The API is provided through the command line interface.
  • Page 49 TANDBERG Gatekeeper User Manual where index is the call index as reported by xStatus Calls...

  • Page 50: Call Policy

    You specify this policy by uploading a script written in the Call Processing Language (CPL). Each time a call is made the Gatekeeper executes the script to decide, based on the source and destination of the call, whether to...
  • Page 51 Note: The CPL standard only allows for this matching on the display subfield; however the Gatekeeper allows it on any type of field. If the selected field is numeric (e.g. the tel sub- subdomain-of=string field) then this matches as a prefix; so <address subdomain-of="555">...

  • Page 52: Cpl Script Actions

    H.323 ID or an E.164 number. 11.2.2 proxy On executing a proxy node the Gatekeeper will attempt to forward the call to the locations specified in the current location set. If multiple entries are in the location set then they are treated as different aliases for the same destination and are all placed in the destination alias field.

  • Page 53: Unsupported Cpl Elements

    TANDBERG Gatekeeper User Manual 11.3 Unsupported CPL Elements The Gatekeeper does not currently support the following elements that are described in the CPL RFC. If an attempt is made to upload a script containing any of the following elements an error message will be generated and the Gatekeeper will continue to use its existing policy.
  • Page 54 TANDBERG Gatekeeper User Manual <address is="fred"> <address-switch field="origin" subfield="host"> <address subdomain-of="annoying.com"> <reject/> </address> <otherwise> <proxy/> </otherwise> <not-present> <reject/> </not-present> </address-switch> </address> </address-switch> </incoming> </cpl> 11.4.3 Call Redirection Redirect all calls to user ”barney” to voicemail. <cpl> <incoming> <address-switch field="destination"> <address is="barney">...

  • Page 55: Logging

    12.1 Controlling what is logged You can control the verbosity with which the Gatekeeper logs information. All events have an associated level in the range [1-3]. Level 1 refers to high level events such as registration requests and call attempts. Level 2 events are recorded for incoming and outgoing message - H.323, LDAP etc excluding noisy messages such as H.460.18 keep-alives and H.245 video fast-updates.

  • Page 56: Event Levels

    TANDBERG Gatekeeper User Manual 12.3 Event Levels Events are classified by importance as detailed in the table below. Level 1 is considered the most important. The system has a configured logging level. Events of level numerically equal to and lower than the configured logging level are recorded in the event log.
  • Page 57 The Gatekeeper has started. Further detail may be provided in the event data ’detail’ field. Application Failed The Gatekeeper application is out of service due to an unexpected failure License Limit Reached Licensing limits for a given feature have been reached.
  • Page 58 TANDBERG Gatekeeper User Manual Event Description Outgoing Message An outgoing message has been sent 12.4.1 Event data Each Event will have associated data fields. Fields are listed below in the order in which they appear in the log message. Table 4: Event data...
  • Page 59 TANDBERG Gatekeeper User Manual Table 4: Event data (continued) Field Description Applicable events Src-ip Specifies the source IP ad- dress (the IP address of the Call Attempted device attempting to estab- Call Bandwidth Changed lish communications). Call Connected source IP is recorded in the...

  • Page 60: Remote Logging

    It is often convenient to collect all event logs in a single location. A computer running a BSD style syslog server, as defined in RFC3164[4] , may be used as the central log server — ensure that remote logging is enabled. A Gatekeeper will not act as a central logging server for other systems.

  • Page 61: Software Upgrade

    13.1 Upgrading Using HTTP(S) To upgrade using HTTP(S), do the following: Point your browser at the IP address of the Gatekeeper. You will be prompted for your user name and password. Enter admin as the user name and enter the password, then press OK.

  • Page 62: Upgrading Using Scp

    The system will then perform a second reboot to restore system parameters. After 3–4 minutes, the Gatekeeper is ready for use. 13.2 Upgrading Using SCP Using SCP you need to transfer two files to the Gatekeeper: 1. A text file containing the release key. 2. A file containing the software image.
  • Page 63 TANDBERG Gatekeeper User Manual scp s42000n40.tar.gz root@10.47.8.247:/tmp/tandberg-image.tar.gz Enter password when prompted. Wait until the software has installed completely. This should not take more than two minutes. Reboot the system. After about four minutes the system will be ready to use.

  • Page 64: Command Reference

    This chapter lists the basic usage of each command. The commands also support more advanced usage, which is outside the scope of this document. 14.1 Status The status root command, xstatus, returns status information from the Gatekeeper. To list all status information, type: xstatus Status is reported hierarchically beneath the status root.
  • Page 65 TANDBERG Gatekeeper User Manual 14.1.3 externalmanager xstatus ExternalManager Returns information about the external manager. The External Manager is the remote system (such as the Tandberg Management System (TMS)) used to manage the endpoints and network infrastructure. Address IP address of the external manager.
  • Page 66 TANDBERG Gatekeeper User Manual 14.1.8 NTP xstatus NTP Reports the status of any connection to an NTP server. 14.1.9 Pipes xstatus Pipes xstatus Pipes Pipe n Reports call and bandwidth information for all pipes on the system. 14.1.10 Registrations xstatus Registrations xstatus Registrations Registration n Returns a list of registered endpoints on the system or information about a specific registration.

  • Page 67: Configuration

    Zones Reports the call and bandwidth information for all zones on the system. Also shows status of the zone as a whole and the status of each gatekeeper in the zone. 14.2 Configuration The configuration root command, xconfiguration, is used to set configuration settings.
  • Page 68 TANDBERG Gatekeeper User Manual 14.2.1 Authentication Configuration parameters relating to how an endpoint authenticates itself with the Gatekeeper. xconfiguration Authentication Credential [1..1000] Name: <username> Specifies the username of a credential in the local authentication database. xconfiguration Authentication Credential [1..1000] Password: <password>...
  • Page 69 Off: this will not allow any endpoint registered directly to the Gatekeeper to call an IP address of any system not also registered directly to that Gatekeeper.
  • Page 70 Determines behavior on receipt of a location request (LRQ) from another Gatekeeper. If set to on, the Gatekeeper will first try to resolve the request locally. If it cannot, the request will be forwarded to neighbor Gatekeepers. The default is On.
  • Page 71 TANDBERG Gatekeeper User Manual 14.2.5 HTTP/HTTPS Command under the HTTP and HTTPS nodes control web access to the Gatekeeper. xConfiguration HTTP Mode: <On/Off> Enables/disables HTTP support. You must restart the system for changes to take effect. The default is On.
  • Page 72 TANDBERG Gatekeeper User Manual This parameter is only used when attempting to resolve server addresses such as LDAP servers, NTP servers etc. It plays no part in URI dialing: see xconfiguration gatekeeper localdomain...
  • Page 73 TANDBERG Gatekeeper User Manual 14.2.7 LDAP Parameters under the LDAP node control the Gatekeeper’s communication with an LDAP server. xconfiguration LDAP Encryption: <Off/TLS> Sets the encryption mode to be used on the connection to the LDAP server. The default is Off.
  • Page 74 Whether or not a given pipe is enforcing per-call bandwidth restrictions. None corresponds to no bandwidth available. xconfiguration Pipes Pipe [1..100] Name: <pipename> Name for a pipe. 14.2.13 Services <On/Off> Controls whether or not third xConfiguration Services CallTransfer Mode: party call transfer is enabled. The Gatekeeper must also be operating in call routed mode.
  • Page 75 <name> SNMP Community names are used to authenticate SNMP requests. SNMP requests must have this ‘password’ in order to receive a response from the SNMP agent in the Gatekeeper. You must restart the system for changes to take effect. xconfiguration SNMP Mode: <On/Off>...
  • Page 76 TANDBERG Gatekeeper User Manual xconfiguration SubZones DefaultSubZone Bandwidth Total Mode: <None/Limited/Unlimited> Whether or not the default subzone is enforcing per-call bandwidth restrictions. None corresponds to no bandwidth available. xconfiguration SubZones TraversalSubZone Bandwidth PerCall Limit: <1..100000000> Per-call bandwidth available on the traversal subzone.
  • Page 77 14.2.21 Traversal xconfiguration Traversal Registration RetryInterval: <1..65534> Sets the interval in seconds at which the gatekeeper will attempt to register with the Border Controller if its initial registration fails for some reason. The default is 120 seconds. xconfiguration Traversal AllowMediaDirect: <On/Off>...
  • Page 78 Zones Zone [1..100] Gatekeeper [1..6] Address: <address> Specifies the IP addresses of the gatekeepers in the zone. Multiple addresses allows support for alternate gatekeepers. xconfiguration Zones Zone [1..100] Gatekeeper [1..6] Port: <port> Specifies the port on which the indexed gatekeeper is listening for RAS messages.
  • Page 79 Zones Zone [1..100] Monitor: <On/Off> If zone monitoring is enabled, an LRQ will be periodically sent to the zone gatekeeper. If it fails to respond, that gatekeeper will be marked as inactive. xconfiguration Zones Zone [1..100] Match [1..5] Mode: <AlwaysMatch/PatternMatch/Disabled>...

  • Page 80: Command

    TANDBERG Gatekeeper User Manual 14.3 Command The command root command, xcommand, is used to execute commands on the Gatekeeper. To list all xcommands type xcommand ? To get usage information for a specific command, type xcommand <commandname> ? 14.3.1 AllowListAdd xCommand AllowListAdd <allowed alias>...
  • Page 81 TANDBERG Gatekeeper User Manual 14.3.6 CredentialAdd xCommand CredentialAdd <username> <password> Adds the given username and password to the local authentication database. 14.3.7 CredentialDelete xCommand CredentialDelete <index> Deletes the indexed credential. 14.3.8 DefaultLinksAdd xCommand DefaultLinksAdd Restores the factory default links for bandwidth control.
  • Page 82 TANDBERG Gatekeeper User Manual 14.3.11 DenyListDelete xCommand DenyListDelete <index> Removes the pattern from the deny list at the specified index. 14.3.12 Dial xCommand Dial callSrc: <src> callDst: <dst> Bandwidth: <bandwidth> Places call halves out to src and dst, joining them together.
  • Page 83 Locate Alias: <alias> HopCount: <count> Runs the Gatekeeper’s location algorithm to locate the endpoint identified by the given alias, searching locally, on neighbors and on systems discovered through the DNS system. Results are reported back through the xFeedback mechanism.
  • Page 84 TANDBERG Gatekeeper User Manual 14.3.23 PipeDelete xCommand PipeDelete <index> Deletes the indexed pipe. 14.3.24 RemoveRegistration xCommand RemoveRegistration <regid> Removes the specified registration. 14.3.25 SubZoneAdd xCommand SubZoneAdd <name> <address> <prefixlength> <totalmode> <total> <percallmode> <percall> Adds and configures a new subzone. name User assigned label for the subzone.

  • Page 85: History

    <n> Displays history data for up to the last 255 calls handled by the Gatekeeper. Call entries are added to the Call History on call completion. Call histories are listed in reverse chronological order of completion time.

  • Page 86: Other Commands

    TANDBERG Gatekeeper User Manual xfeedback Register Status/<Calls/Registrations> Registers for feedback on changes in the chosen Status, e.g.: xfeedback Register Status/Calls To register for all Status changes, use: xfeedback Register Status xfeedback Register History/<Calls/Registrations> Registers for feedback on History, e.g.: xfeedback Register History/Calls To register for all History, use: xfeedback Register History xfeedback Register Event/<CallAttempt/Connected/Disconnected/ConnectionFailure/Registration/...
  • Page 87 TANDBERG Gatekeeper User Manual 14.6.3 Eventlog eventlog eventlog [n/all] Displays the eventlog containing information about past events which may be useful for diagnostic purposes. The number of lines from end of event log to dump. Dumps the whole event log.

  • Page 88: A Appendix: Configuring Dns Servers

    TANDBERG Gatekeeper User Manual A Appendix: Configuring DNS Servers In the examples below, we set up an SRV record to handle H.323 URIs of the form user@example.com These are handled by the system with the fully qualified domain name of gatekeeper1.example.com which is listening on port 1719, the default registration port.
  • Page 89 TANDBERG Gatekeeper User Manual as expected. nslookup -querytype=srv h323ls. udp.example.com and check the output.

  • Page 90: B Appendix: Configuring Ldap Servers

    H.350.2 Directory services architecture for H.235 - An LDAP schema to represent H.235 ele- ments. The schemas can be downloaded in ldif format from the web interface on the Gatekeeper. To do this, navigate to the Gatekeeper Configuration Files page and click on the links for the schemas.

  • Page 91: Openldap

    TANDBERG Gatekeeper User Manual objectClass: h323Identity objectClass: h235Identity commUniqueId: comm1 h323Identityh323-ID: MeetingRoom1 h323IdentitydialedDigits: 626262 h235IdentityEndpointID: meetingroom1 h235IdentityPassword: mypassword Add the ldif file to the server using the command: ldifde -i -c DC=X <ldap base> -f filename.ldf This will add a single H.323 endpoint with an H.323 Id alias of MeetingRoom1 and an E.164 alias of 626262.
  • Page 92 H.350.2 Directory services architecture for H.235 - An LDAP schema to represent H.235 ele- ments. The schemas can be downloaded in ldif format from the web interface on the Gatekeeper. To do this, navigate to the Gatekeeper Configuration Files page and click on the links for the schemas.
  • Page 93 To do this you must create an X.509 certificate for the LDAP server to allow the Gatekeeper to verify the server’s identity. Once the certificate has been created you will need to install the following three files associated with the certificate onto the LDAP server: The certificate for the LDAP server.

  • Page 94: C Approvals

    Nemko. According to their Follow-Up Inspection Scheme, these agencies also perform production inspections at a regular basis, for all production of TANDBERG’s equipment. The test reports and certificates issued for the product show that the TANDBERG Gatekeeper, Type number TTC2-02, complies with the following standards.

  • Page 95: D Technical Specifications

    TANDBERG Gatekeeper User Manual D Technical Specifications System Capacity 2500 registered traversal endpoints 100 traversal calls at 384 kbps 500 non-traversal calls 100 zones Option keys may restrict the system to a lower capacity than specified above. Ethernet Interfaces 3 x LAN/Ethernet (RJ-45) 10/100 Base-TX (2 disabled)
  • Page 96 TANDBERG Gatekeeper User Manual Physical Dimensions Height: 4.35 cm (1.72 inches) Width: 42.6 cm (16.8 inches) Depth: 22.86 cm (9 inches) 1U rack mounted chassis Hardware Hardware MTBF: 80,479 hours Power supply 250 Watt 90–264V full range @47– 63 Hz Certification...
  • Page 97 TANDBERG Gatekeeper User Manual References [1] ITU Specification: H.235 Security and encryption for H-Series (H.323 and other H.245- based) multimedia terminals [2] ITU Specification: H.350 Directory services architecture for multimedia conferencing [3] http://www.ietf.org/rfc/rfc2782.txt [4] http://www.ietf.org/rfc/rfc3164.txt [5] http://www.ietf.org/rfc/rfc3880.txt [6] DNS and BIND Fourth Edition Albitz and Liu, O’Reilly and Associates, ISBN: 0-596-00158-4...

  • Page 98: E Glossary

    TANDBERG Gatekeeper User Manual E Glossary Alias The name an endpoint registers with the Gatekeeper. Other endpoints can then use this name to call it. ARQ, Admission Request An endpoint RAS request to make or answer a call. DNS Zone A subdivision of the DNS namespace. example.com is a DNS zone.
  • Page 99 44–49 AllowList, 24, 59 remote, 49 AllowListAdd, 69 verbosity, 44 AllowListDelete, 69 eventlog, 76 alternate gatekeeper, 10–11, 58, 67 external manager, 54, 57 authentication, 25–27, 42, 57, 63 and CPL, 39 feedback, 54, 74–75 credential, 57 firewall, 21, 87...
  • Page 100 URI dialing, 9, 10, hyperpage28, 28 30, 33, 35, 58, 59, 61 h323cs, 15, 29 NAPTR record, 31–32 h323ls, 29 neighbor, 31 neighbor gatekeeper, 9–10, 19, 35, 36, 59 xCommand NTP, 63 AllowListAdd , 69 AllowListDelete, 69 OpenLDAP, see LDAP servers...
  • Page 101 TANDBERG Gatekeeper User Manual LDAP, 57 SystemContact, 64 Mode, 57 SystemLocation, 64 Ethernet Mode, 64 Speed, 57 SubZones ExternalManager DefaultSubZone, 64 Address, 57 SubZone, 65 Path, 57 TraversalSubZone, 65 Gatekeeper SystemUnit Alternates, 58 Name, 66 AutoDiscovery, 58 Password, 7, 66...

Table of Contents