Page 1
VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Software version X1.0 D14049.01 July 2007 Getting System System H.323 & SIP Registration Zones and Call Firewall Bandwidth Introduction Maintenance Appendices Started Overview Configuration Configuration Control Neighbors Processing Traversal Control D 14049.01 D 14049.01 07.2007...
Environmental Issues System Configuration System Administration Configuration ........19 SERVER Introduction Configuring System Settings ..........19 About the TANDBERG Video Communication Server ....12 About the System Name .............19 About Admin Access settings ..........19 Main Product Features ............12 Ethernet Configuration ............20 Standard Features ..............12 Configuring Ethernet Settings ..........20...
Page 3
Patterns and Pattern Types ..........46 SIP Registration Expiry ............35 Activating use of Allow or Deny Lists ........46 Using the VCS as a SIP Proxy Server ........35 Managing Entries in the Allow List ........47 SIP protocols and ports ............35 Managing Entries in the Deny List ........
Page 4
FindMe User Accounts ............ 72 URI Resolution Process via DNS .......... 81 Configuring Hop Counts ............62 Individual versus Group FindMe ........72 Enabling URI Dialing via the VCS .......... 81 Accessing the FindMe Configuration Page ......72 Outgoing Calls ............... 81 Administrator Policy Configuring your FindMe User Account........
Page 5
TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ENUM Dialing Disconnecting calls Configuring the VCS as a Traversal Server ......103 Overview ................103 ENUM Dialing Overview ............87 Overview ................95 Adding a New Traversal Server Zone ........103 About ENUM Dialing ............87 About the Call Control API ...........
Page 6
Example Without a Firewall ..........120 Overview ................170 Example With a Firewall ............. 121 Bibliography CPL Examples ..............174 VCS Border Controller Subzone Configuration ....121 Call Screening of Authenticated Users ........174 Enterprise VCS Subzone Configuration ......121 Glossary Call Screening Based on Alias ..........174 Call Screening Based on Domain ........175...
Page 7
ADMINISTRATOR GUIDE Trademarks and Copyright All rights reserved. This document contains information that is proprietary to TANDBERG. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronically, mechanically, by photocopying, or otherwise, without the prior written permission of TANDBERG.
EC Declaration of Conformity Do not operate the apparatus in areas with high • Do not attempt to service the apparatus concentration of dust. Manufacturer: TANDBERG Telecom AS Water and Moisture yourself as opening or removing covers may Product Name: TANDBERG Video •...
Instead of a range of different user manuals, there is now one In order to avoid the dissemination of hazardous substances at the end of product life CD – which can be used with all TANDBERG products – in a in our environment and to diminish the pressure on natural •...
Page 11
TANDBERG CONTENT S USER Environmental Issues TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Getting System System H.323 & SIP Registration Zones and Call Firewall Bandwidth Introduction Introduction Maintenance Appendices Started Overview Configuration Configuration Control Neighbors Processing Traversal Control D 14049.01 07.2007...
In some places The VCS also acts as a gateway between SIP and H.323 protocols, and between IPv4 and IPv6, allowing you to make the most use of information is duplicated between sections to let you have all your existing video communications investment.
• To avoid damage to the unit during transportation, the Make sure that the VCS is accessible and that all cables can The socket outlet shall be installed near to the equipment TANDBERG VCS is delivered in a special shipping box, which be easily connected.
The VCS requires some initial configuration Type and press Enter. Once it has rebooted, the VCS is ready to use. before it can be used. This must be done You can continue to use the serial connection, Ensure the power cable is connected.
About Administrator Access Administrator Account Password Session Timeout While it is possible to administer the TANDBERG VCS via a PC All administration requires you to log in to the administration By default, Administrator sessions do not time out – they...
Administrator Guide on the Supported Browsers TANDBERG website. The VCS web interface is designed for use with Internet Explorer (6 and up) or Firefox (1.5 and up). It may work with Opera and Safari, but you may encounter unexpected behavior.
The command line interface is available over SSH, Telnet and through the serial port. To use the command line interface: Start a SSH or Telnet session. Enter the IP address or FQDN of the VCS. Login with a username of admin and your system password.
This shows the version of software that is was last restarted. currently installed on the VCS. Total : The total number of non-traversal calls handled by the VCS since it was last restarted. IPv4 address This shows the VCS’s IPv4 address. Registrations...
VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE System Administration Configuration Configuring System Settings System name Defines the name of the VCS. Choose a name To configure the VCS’s system administration that uniquely identifies the system. settings: • System Configuration >...
Ethernet About Ethernet Speed The Ethernet speed setting determines the speed of the connection between the VCS and the ethernet switch. It must be set to the same value on both systems. The default is Auto. We recommend that you...
If a call is between an IPv4-only and an IPv6-only endpoint, the VCS will act as an About IPv4 to IPv6 Gatewaying IPv4 to IPv6 gateway. It can communicate with other systems via either protocol.
The DNS Domain Name is used when host name before a query to the DNS server attempting to resolve server addresses is executed. configured on the VCS that are not fully qualified. It applies only to the following: • LDAP server •...
NTP server to synchronize the system time. Time zone Sets the local time zone of the VCS. Setting the Time Zone All events are recorded using the local date and time as well as UTC time. The local time is determined by the Time Zone set on the VCS.
VCS, for conditions that might contacted regarding issues with the VCS. require administrative attention. To allow the VCS to be monitored by a SNMP NMS, you must enable SNMP on the VCS and provide the name of the...
The use of an External Manager is optional. Sets the path of the External Manager. In order to use an External Manager, you must configure the VCS with the IP address or host name and path of the External Manager to be used.
ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Backing up Configuration Settings You are recommended to maintain a backup of your VCS configuration. To do this: Use the command line interface to log on to the VCS. Issue the command xConfiguration. Save the resulting output to a file, using cut-and-paste or some other means provided by your terminal emulator.
The important. The table below gives an overview of the levels assigned to different events. the VCS by setting the log level. All events event log contains information about such with a level numerically equal to and lower...
Event Log Format Message Details Field For all messages logged from the tandberg process the field is structured to allow easy parsing. The event log is displayed in an extension of the UNIX syslog format: It consists of a number of human-readable name=value pairs, separated by a space.
The Reason event parameter contains the H.225 cause code. Optionally, the Detail event parameter may contain a textual representation of the H.225 additional cause code. Registration Removed A registration has been removed by the VCS. The Reason event parameter specifies the reason why the registration was removed. This is one of: •...
The VCS has started. Further detail may be provided in the event data Detail field. Application Failed The VCS application is out of service due to an unexpected failure. License Limit Reached Licensing limits for a given feature have been reached.
Logging Logging TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Event Data Fields Field Description Protocol Specifies which protocol was used for the communication. Valid values are: • • • Reason Textual string containing any reason information associated with an event.
Page 32
Logging Logging TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Event Data Fields cont... Field Description Call-Id The Call-ID header field uniquely identifies a particular invitation or all registrations of a particular client. (for REGISTER requests): the AOR for the REGISTER request.
H.323 calls once they are established. to confirm whether it is still in the call. The VCS allows you to You can determine how the VCS will behave in this situation by configure the interval at which the endpoints are polled, known...
Call time to live Call signaling port range start Specifies the interval (in seconds) at which the VCS polls the endpoints in a call to verify Specifies the lower port in the range to that they are still in the call.
The VCS supports the SIP protocol: it is both a SIP Proxy and SIP Registrar, and will provide When in mode, the VCS may act as a SIP Proxy Server. The role of a Proxy Server is to forward interworking between SIP and H.323 calls. In order to support SIP,...
Specifies the listening port for incoming SIP Off: Registration requests will not be proxied calls over TCP. (but will still be permitted locally if the VCS is 5060 The default is authoritative for that domain). Invite requests with existing Route Sets will be rejected.
Edit the Name of the domain and click The VCS will act as a SIP Registrar for this Save. domain, and will accept registration requests The name of the domain will be changed. for any SIP endpoints attempting to register •...
Off: the VCS will not act as a SIP-H.323 gateway. has been disabled) the call will still be RegisteredOnly: the VCS will act as a SIP-H.323 gateway but only if at least one of the endpoints is established but it will be audio only.
Traversal-enabled endpoints include all TANDBERG own prefix, which they provide to the VCS when registering. The Expressway™ endpoints and third party endpoints which VCS will then know to route all calls that begin with that prefix • authentication process based on the username and support the ITU H.460.18 and H.460.19 standards.
(consult your endpoint manual for how to access this setting). • If the mode is set to automatic, the endpoint will try to register with any VCS it can find. It does this by sending out a Gatekeeper Discovery Request, to which eligible VCSs will respond.
VCS uses when authenticating with other systems. For example, when forwarding an invite from an endpoint to another VCS, that other system may have authentication enabled and will therefore require your local VCS to provide it with a username and password.
VCS, and the alias(es) with which it wishes to register LDAP The VCS looks up the username in the LDAP database and obtains the authentication and alias The alias(es) presented by the endpoint will be used as long as they are listed in the LDAP information for that entry.
The user distinguished name to be used by LDAP the VCS when binding to the LDAP server. Password The password to be used by the VCS when binding to the LDAP server. Base DN The area of the directory on the LDAP server to be searched for the credential information.
Local Database. The local database is included as part of your VCS system. It consists of a list of usernames and passwords, which you add via the web interface and/or the CLI. The database can hold up to 2500 entries.
H.33 When registering, the H.323 endpoint presents the VCS with An H.323 endpoint may attempt to register with the VCS using an alias that has already been registered on the VCS from another IP one or more of the following: address.
Activating use of Allow or Deny Lists When an endpoint attempts to register with To activate the use of Allow or Deny lists to determine which aliases are allowed to register with the VCS: the VCS it presents a list of aliases. You can •...
This page shows all the existing entries in the To view and manage the entries in the Allow Allow List. List: • VCS Configuration > Registration > Allow List. You can sort these entries by clicking You will be taken to the Registration Allow on the relevant column heading.
This page shows all the existing entries in the To view and manage the entries in the Deny Deny List. List: • VCS Configuration > Registration > Deny List. You can sort these entries by clicking You will be taken to the Registration Deny on the relevant column heading.
VCS connected to the internet with one or more endpoints registered to it. However, depending on the size and complexity of your enterprise the VCS may be part of a network of endpoints, other VCSs and other network infrastructure devices, with one or more firewalls between it and the internet.
The VCS also has a special type of subzone known as the Traversal Subzone. This is a conceptual subzone; no endpoints can be registered to it, but all traversal calls (i.e. calls for which the VCS is taking the media in addition to the signaling) must pass through it. The Traversal Subzone exists in order to allow you to control the amount of bandwidth used by traversal calls, as these can be particularly resource-intensive.
Traversal Server Zone A zone is a collection of endpoints, either all registered to a In order to be able to traverse a firewall, the VCS must be The VCS may be enabled to act as a traversal server by single system (e.g.
ENUM or DNS zone, you must add For traversal server zones, traversal client a new zone on the local VCS. When adding a zones and neighbor zones this will include new zone you will be asked to specify its Type;...
Managing Zones, Neighbors and Alternates TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Configuring Zones - All Types Name Assigns a name to the zone. The name acts as a unique identifier, allowing you to distinguish between zones of the same type.
H.323 port Specifies the port on the neighbor system to be used for H.323 calls to and from the local VCS. This must be the same port number as that configured on the neighbor system as its H.323 UDP port.
Determines whether H.323 calls will be allowed to and from the traversal server. Specifies the port on the traversal server to be used for SIP calls to and from the VCS. H.323 protocol Determines which of the two firewall traversal protocols (Assent or H.460.18) to use for calls...
Determines whether or not the same two Sets the interval (in seconds) with which the ports can be used for media by two or more client will send a UDP probe to the VCS Border calls. Controller once a call is established, in order : all calls will use the same two ports.
Managing Zones, Neighbors and Alternates TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Configuring ENUM Zones DNS suffix Specifies the domain to be appended to the transformed E.164 number to create an ENUM domain for which this zone is queried. H.323 mode Determines whether H.323 records will be looked up for this...
VCSs that will act as Alternates should the current VCS Each VCS can be part of a pool of up to 6 become unavailable. Alternate VCSs that act as backups to each other in case one becomes unavailable (for To configure Alternate VCSs: example, due to a network or power outage).
About Dial Plans Structured Dial Plan Hierarchical Dial Plan As you start deploying more than one VCS, it is useful to An alternative deployment would use a structured dial plan In this type of structure one VCS is nominated as the Directory...
Local Zone transforms. The VCS applies any User Policy to the alias. If the alias is a FindMe name, the process will start again; all the resulting aliases will be checked against Local Zone transforms and Administrator Policy.
In order to make a call by dialing the destination endpoint’s • e.g. 441189876432 or 6432 E.164 alias IP address, the call must be able to be routed via a VCS that Dialing by H.33 or SIP URI H.33 or SIP URI •...
Configuration section, in the Hop Count field, enter the hop count value you wish to use VCS is configurable on a zone-by-zone basis. This value will for this zone. apply to search requests originating from the local VCS and •...
Administrator Policy and Authentication The VCS allows you to set up a set of rules to control which calls are allowed, which are rejected, Administrator Policy uses the source and destination of a call to determine the action to be taken.
ADMINISTRATOR GUIDE Enabling the use of Administrator Policy Administrator Policy Mode To enable Administrator Policy: • VCS Configuration > Policy > Administrator. : Administrator Policy is enabled. If a CPL You will be taken to the Administrator script has been uploaded, this policy will be Policy page.
Order web interface: Each combination of Source Destination • VCS Configuration > Policy > Administrator. is compared, in the order shown, with the You will be taken to the Administrator details of the call being made until a match is Policy page.
Policy that is currently in place, as an XML- must first create and save the CPL script as a based CPL script. text file, after which you upload it to the VCS. • if Administrator Policy has been configured using a CPL script, this will show you the script that was uploaded •...
What is User Policy? • When the VCS receives a call for a particular alias, it checks The FindMe name should be in the form of a URI, and should User Policy is the set of rules that determines what happens to a call for a particular user or group when it is received by the to see whether User Policy has been enabled.
User Policy Manager. Path The URL of the remote User Policy Manager. Username The username used by the VCS to log in and query the remote User Policy Manager. Password The password used by the VCS to log in and query the remote User Policy Manager.
FindMe user accounts must be created by VCS Configuration > Policy > User Accounts. account will be rejected until one or the VCS Administrator before they can be You will be taken to the User Accounts page. more devices have been configured for that accessed and configured by users.
This is useful when the user has forgotten their password. To change the password: • VCS Configuration > Policy > User Accounts. You will be taken to the User Accounts page. Confirm password Click on the user account whose password Retype the new password.
Deleting a User Account Tick the box next to the account you wish to delete. To change delete a FindMe user account: • VCS Configuration > Policy > User Accounts. You will be taken to the User Accounts page. Delete Click here to delete the selected accounts.
Using TANDBERG’s FindMe™ TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE About your FindMe User Account About FindMe™ Accessing the FindMe Configuration Page The FindMe feature allows you as an individual or part of a...
Using TANDBERG’s FindMe™ TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Configuring your FindMe User Account Primary Devices If no devices are configured for a FindMe name, all calls to that name List the all the device(s) that will ring when will be rejected.
Each local alias transform defines a string against which an presented in GRQ or RRQ Regardless of the origin of the request, the VCS will always follow a set sequence of steps when alias is compared, and the changes to make to the alias if it messages.
Configuring Local Alias Transforms Pattern string Specifies the pattern against which the alias To configure local alias transforms: is compared. • VCS Configuration > Transforms. You will be taken to the Transforms page. Click New. You will be taken to the...
PatternMatch mode of the zone search The VCS looks at all matches for all zones to find all those sent out, and speed up the search process. function. with either: The VCS uses the concept of zone “matches”...
AlwaysMatch: the zone will always be queried. search request is sent: PatternMatch: the zone will only be queried • VCS Configuration > Zones. if the alias queried for matches the specified You will be taken to the Zones page.
Text goes here Alias Searching and Transforming TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Examples Combining Match Types and Priorities Never Query a Zone Always Query a Zone, Never Apply Transforms By using both...
For example, your know that in your regional sales office are registered to their endpoints in a neighbor zone are registered to their local VCS with a suffix of @sales.example.com. local VCS with aliases in two different formats: In this situation, it makes •...
In this Priority level. situation, the VCS will query For example, you may wish that zone for each of the new to query a neighbor zone for aliases simultaneously. (Any...
Incoming Calls If a relevant SRV record cannot be located, the system will Endpoints must register with the VCS using a URI address in To enable endpoints registered to your VCS to receive calls fall back to looking for an A or AAAA record for the domain in order to be reachable using URI dialing.
To filter the queries sent to the DNS server: • If the address is not registered locally, the VCS will check all its zones to see if any of them are configure a DNS zone with a match that has a...
Adding and Configuring DNS Zones Name Assigns a name to this zone. In order for locally registered endpoints to use URI dialing through the VCS, you must configure at least one DNS zone. To do this: • VCS Configuration >...
VCS to make outgoing calls using URI used as part of both the ENUM dialing dialing, you must configure at least and URI dialing processes. one DNS server for the VCS to query. For resilience, you can specify up to five DNS servers. Getting...
AAAA records, which provide the IPv6 address of the VCS • Port is the port on the VCS that has been configured to listen for that particular service and protocol combination • Service (SRV) records, which specify the FQDN of the VCS •...
If URI dialing is being used in conjunction with firewall traversal, DNS zones and DNS Servers using URI addresses in the format user@example.com. The VCS hosting the domain has the should be configured on the VCS Border Controller and any VCSs on the public network only. VCSs FQDN vcs.example.com.
The VCS supports outward ENUM dialing by allowing you to configure ENUM zones on the VCS. When an ENUM zone is queried, this triggers the VCS to transform the E.164 number that was dialed into an ENUM domain which is then queried via DNS.
Configuring Transforms for ENUM Zones If you wish locally registered endpoints to be able to make ENUM calls via the VCS, then at a You can configure transforms for ENUM zones in the same way as any other zones (see...
SIP mode Any number of ENUM zones may be Determines whether or not SIP records will be configured on the VCS. looked up for this zone. You should configure at least one ENUM zone for each DNS suffix that your Match1 - Match5 endpoints may use.
VCS to make outgoing calls using used as part of both the ENUM dialing ENUM dialing, you must configure at and URI dialing processes. least one DNS server for the VCS to query. For resilience, you can specify up to five DNS servers. Getting...
(for internal use of ENUM) or it could use a public ENUM database such as http://www.e164.org. Non-terminal rules in ENUM are not currently supported by the VCS. For more information on these, see section 2.4.1 of RFC 3761 [8], Getting System System H.323 &...
(for example if the IP address is private). made between endpoints each registered with Instead, we recommend that callers from unregistered endpoints dial the IP address or the domain name (if configured) of the local VCS, prefixed by such a system, it is sometimes necessary the alias they wish to call.
Overview Configuration Example Use of a Fallback Alias It is possible for the VCS to receive a call that To configure the Fallback Alias: You may wish to configure your Fallback Alias to be that of your receptionist, so that is destined for it but which does not specify •...
Each time a call is made, the VCS will assign that call the lowest available call ID number. For example, if there is already a call in progress with an ID of 1, the next call will be assigned an ID of 2. If call 1 is then disconnected, the third call to be made will be assigned an ID of 1.
VCS as a Firewall Traversal Server are outbound, i.e. established from the client to the server, and thus able to successfully traverse In addition to being a firewall traversal client, the VCS can be enabled to act as a firewall traversal the firewall.
Once the H.323 and SIP ports have been set on the VCS H.460.8/9 Ports Border Controller, matching ports must be configured on the For connections to the VCS Border Controller using the corresponding traversal client.
Tester, that allows you to test your firewall configuration for • xConfiguration Traversal Server STUN located within a DMZ (i.e. there is a firewall between the VCS compatibility issues with your network and endpoints. It will Border Controller and the public internet) as you will not be able...
Authentication Password. • • If the Border Controller is in Assent mode, the VCS client provides If the Border Controller is in Assent mode, the traversal zone Authentication Username. This is set on the client via configured on the Border Controller to represent the VCS client must Configuration >...
Configuring the VCS as a Traversal Client Overview Adding a New Traversal Client Zone • To enable your VCS to act as a traversal VCS Configuration > Zones. client on behalf of its endpoints and neighbor You will be taken to the Zones page.
SIP port Specifies the port on the traversal server to be used for SIP calls from this VCS SIP transport Determines which transport type will be used for SIP calls to and from the traversal server.
Select New. • You will be taken to the Create Zone page. Allow your VCS to act as a traversal • xCommand ZoneAdd server for other VCSs and TANDBERG Gatekeepers. You do this by adding a new traversal server zone on the VCS, and configuring it with details of the traversal client.
Zones Zone Controller to be used for SIP calls from this traversal client. Authentication username If the traversal client is a VCS, this must be SIP transport the VCS’s Authentication Username. If the Determines which transport type will be used traversal client is a gatekeeper, this must be for SIP calls to and from the traversal client.
UDP probe keep alive interval Sets the interval (in seconds) with which locally registered endpoints will send a UDP probe to the VCS once a call is established, in H.323 Assent mode order to keep the firewall’s NAT bindings open.
Configuring the VCS as a Traversal Server Configuring Traversal Server Ports Media demultiplexing RTP port Specifies the port on the VCS to be used for The VCS has specific listening ports assigned demultiplexing RTP media. for connections with the firewall. In most cases the default ports should be used.
The client can restrict the remote address and ports from which the relay should forward on media. Any incoming calls to this IP address and port on the VCS server are relayed via the allocated binding on the NAT to the client.
STUN page. STUN discovery port • xConfiguration Traversal Server Specifies the port on the VCS on which it will STUN be listening for STUN Discovery requests. STUN relay mode Determines whether the VCS will offer STUN Relay services to traversal clients.
ADMINISTRATOR GUIDE Overview About Bandwidth Control Example Network Deployment The TANDBERG VCS allows you to control The diagram below shows a typical network deployment: the use of bandwidth by endpoints on your • a broadband LAN, where high bandwidth calls are acceptable network.
IP addresses: when an endpoint registers with Subzone you can control how much processing of media the Traversal calls include: the VCS its IP address is checked and it is assigned to the VCS will perform at any one time. These limitations can be •...
VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Creating a Subzone To add a new subzone: • VCS Configuration > Local Zone > Subzones. You will be taken to the Subzones page. Select You will be taken to the Create Subzone page.
VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Configuring a Subzone To configure a subzone: • VCS Configuration > Local Zone > Subzones. You will be taken to the Subzones page. Click on the subzone you wish to configure. You will be taken to the Edit Subzone page.
Bandwidth Control Bandwidth Control TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Applying Bandwidth Limitations to Subzones Types of Limitations How Different Bandwidth Limitations are Managed You can apply bandwidth limits to the Default Subzone, Traversal Subzone and all manually...
Limited: there is a limit in place; you must enter the limit in the field below. Creating a new pipe None: there is no bandwidth available. To create a pipe: • VCS Configuration > Bandwidth > Pipes. Total bandwidth (kbps) You will be taken to the Pipes page.
Enter the name you wish to give to this pipe. To configure details of a pipe: You will refer to this name when creating links. • VCS Configuration > Bandwidth > Pipes You will be taken to the Pipes page.
If multiple Node 1, Node 2 routes are possible, your VCS will perform the bandwidth calculations using the one with the Select the names of the two subzones, or the fewest links.
Editing Links Editing Links Name Enter the name you wish to assign to this link. To edit a link: • VCS Configuration > Bandwidth > Links. You will be taken to the Links page. Click View/Edit. You will be taken to the Edit Link page.
If a subzone has no links configured, then endpoints within the subzone will only be able to call in either direction. other endpoints within the same subzone. For this reason, the VCS comes shipped with a set Normally a single pipe would be applied to a single link. However, one or more pipes may be of pre-configured links and will also automatically create new links each time you create a new applied to one or more links, depending on how you wish to model your network.
You will be taken to the Bandwidth Configuration page. where the endpoint has not specified the • xConfiguration Bandwidth Default bandwidth, you can set the VCS to apply a • xConfiguration Bandwidth Downspeed default bandwidth value. About Downspeeding Default call bandwidth (kbps)
An example deployment is shown opposite. Each of the three offices (Enterprise, Home and Branch) is represented as a separate subzone on the VCS, with bandwidth configured according to local policy. The enterprise’s leased line connection to the Internet, and the DSL connections to the remote offices, are modeled as separate pipes.
VCS Border Controller Subzone Configuration The VCS Border Controller has subzones configured for the Home Office and Branch Office. These are linked to the VCS Border Controller’s Traversal Subzone, with pipes placed on each link. All calls from the VCS Border Controller to the Enterprise VCS must go through the Traversal Subzone and will consume bandwidth from this Subzone.
About Upgrading the VCS Software Upgrading Using SCP/PSCP It is possible to install new releases of the VCS software on your existing hardware. Software To upgrade using SCP or PSCP (part of the PuTTY free Telnet/SSH package) you will need to...
Text goes here Maintenance TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Upgrading Upgrading via the Web Interface System Information This section tells you about the To upgrade your software via the web software and hardware that currently interface: make up your system.
About Adding Extra Options Adding Options via the CLI The following VCS features can be added to your existing system by installing the appropriate To return the indexes of all the Option Keys that are already installed on your system: options: •...
Text goes here Maintenance TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Option Keys Adding Options via the Web Interface This section lists the keys that are already installed on your system along To add options via the web interface: with a description of the options they •...
Security page. Download server certificate Provides you with the PEM file containing the certificate used by the VCS to identify itself to SIP and HTTPS clients when communicating over SSL/TLS. Upload server certificate data Click here once you have selected the files to upload them.
TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Passwords Changing the Administrator Password To change the password used to log in to the VCS: • Maintenance > Passwords. You will be taken to the Passwords page. You must restart the system for changes to take effect.
Text goes here Maintenance TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Restarting About Restarting Some configuration changes will require a restart of the system Restart to take effect. There will be a button at the bottom of any web pages that include such options.
Page 129
Sets the number of minutes that an administration session (HTTPS, Telnet or SSH) may be inactive before the session is timed out. A value of 0 turns session time outs off. Alternates Alternate [..5] Address: <S: 0, 8> Specifies the IP address of an alternate VCS. Up to 5 alternates may be configured. When the VCS receives a Location Request, all alternates will also be queried. Authentication Credential Name: <S: 0, 55>...
Page 130
Specifies the username to be used by the VCS when authenticating with another system. Bandwidth Default: <64..048> Sets the bandwidth (in kbps) to be used on calls managed by the VCS in cases where no bandwidth has been specified by the endpoint. Downspeed PerCall Mode: <On/Off>...
Page 131
Text goes here Command Reference - xConfiguration TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Bandwidth Link [..400] Name: <S: , 50> cont... Assigns a name to this link. Node Name: <S: 0, 50>...
Page 132
Direct : Allows an endpoint to make a call to an unknown IP address without the VCS querying any neighbors. The call setup would occur just as it would if the far end were registered directly to the local system.
Page 133
: the VCS will act as a SIP-H.323 gateway but only if at least one of the endpoints is locally registered. : the VCS will act as SIP-H.323 gateway regardless of whether the endpoints are locally registered (you must have the appropriate option key enabled to use this feature).
Page 134
SubnetMask: <IPAddr> cont... Specifies the IPv4 subnet mask of the VCS. Note: You must restart the system for any changes to take effect. Address: <S: 0, 39> Specifies the IPv6 address of the VCS. Note: You must restart the system for any changes to take effect.
Page 135
Option [..64] Key: <S: 0, 90> Specifies the option key of your software option. These are added to the VCS in order to add extra functionality, such as increasing the VCS’s capacity. Contact your TANDBERG repre- sentative for further information.
Page 136
Specifies a domain for which this VCS is authoritative. Mode: <On/Off> Determines whether or not the VCS will provide SIP registrar and SIP proxy functionality. : the VCS will act as a SIP registrar/proxy. : the VCS will not act as a SIP registrar/proxy.
Page 137
ADMINISTRATOR GUIDE Registration ExpireDelta: <5..700> cont... Specifies the period within which a SIP endpoint must re-register with the VCS to prevent its registration expiring. Proxy Mode: <Off/ProxyToKnownOnly/ProxyToAny> Specifies how proxied registrations should be handled. : registration requests will not be proxied.
Page 138
Defines the name of the VCS. Choose a name that uniquely identifies the system. Password: <S: 0, 6> Defines the password of the VCS. The password is used to login with Telnet, HTTP(S), SSH, SCP , and on the serial port. TimeZone Name: <S: 0, 64>...
Page 139
Media Port Start: <04..65534> For traversal calls (i.e. where the VCS is taking the media as well as the signaling), specifies the lower port in the range to be used for the media. End: <04..65534> For traversal calls (i.e. where the VCS is taking the media as well as the signaling), specifies the upper port in the range to be used for the media.
Page 140
Mode: <On/Off> cont... cont.. cont... Determines whether the VCS will offer STUN relay services to traversal clients. : STUN relay services are available. : STUN relay services are not available. Port: <04..65534> Specifies the listening port for STUN relay requests.
Page 141
Text goes here Command Reference - xConfiguration TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones LocalZone DefaultSubZone Bandwidth Total Mode: <None/Limited/Unlimited> cont... cont... cont... cont... Determines whether the Default Subzone has a limit on the total bandwidth being used by its endpoints at any one time.
Page 142
Mode: <On/Off> Determines whether or not H.323 calls using Assent mode for firewall traversal will be allowed. Applies to traversal-enabled endpoints registered directly with the VCS. : calls using Assent mode will be allowed. : calls using Assent mode will not be allowed.
Page 143
Preference: <Assent/H4608> cont... cont... cont... cont... If an endpoint that is registered directly with the VCS supports both Assent and H.460.18 protocols, this setting determines which the VCS uses. Assent : the Assent protocol will be used. H46018 : the H.460.18 protocol will be used.
Page 144
VCS. Total Mode: <None/Limited/Unlimited> Determines whether or not there is a limit to the total bandwidth of all traversal calls being handled by the VCS. None : no bandwidth will be available. Limited : there will be a limit on the bandwidth.
Page 145
Text goes here Command Reference - xConfiguration TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones Zone [..00] Match [..5] Mode: <AlwaysMatch/PatternMatch/Disabled> cont... cont... Determines if and when a query will be sent to this zone.
Page 146
H33 Port: <04..65534> Specifies the port on the traversal server to be used for H.323 firewall traversal calls from this VCS. Protocol: <Assent/H4608> Determines which of the two firewall traversal protocols to use for calls to the traversal server when both are available.
Page 147
: TLS will be used. TraversalServer Authentication UserName: <S: , 8> If the traversal client is a VCS, this must be the VCS’s Authentication User Name. If the traversal client is a gatekeeper, this must be the gatekeeper’s System Name. H33 H4609 Demultiplexing Mode: <On/Off>...
Page 148
Sets the interval (in seconds) with which the traversal client will send a TCP probe to the VCS once a call is established, in order to keep the firewall’s NAT bindings open. RetryCount: <..65534> Sets the number of times the traversal client will attempt to send a TCP probe to the VCS.
Page 149
Deletes an entry from the Allow List. AllowListDelete AllowListId(r): <..500> The index of the entry to be deleted. Boot Reboots the VCS. none CheckBandwidth A diagnostic tool that returns the status and route (as a list Node(r): <S: , 50>...
Page 150
The index of the call to be disconnected. CallSerialNumber: <S: , 55> The serial number of the call to be disconnected. DomainAdd Adds a SIP domain for which this VCS is authoritative. DomainName(r): <S: , 8> Specifies the name of the domain. DomainDelete Deletes a domain.
Page 151
Event/AuthenticationFailure FindRegistration Returns information about the registration associated with the Alias(r): <S: 1, 60> specified alias. The alias must be registered on the VCS on The alias that you wish to find out about. which the command is issued. Getting...
Page 152
LinkId(r): <..600> The index of the link to be deleted. Locate Runs the VCS’s location algorithm to locate the endpoint Alias(r): <S: , 60> identified by the given alias, searching locally, on neighbors, The alias associated with the endpoint you wish to locate.
Page 153
Deletes a pipe. PipeId(r): <..00> The index of the pipe to be deleted. RemoveRegistration Removes a registration from the VCS. Registration: <..3750> The index number of the registration to be removed. RegistrationSerialNumber: <S: , 55> The serial number of the registration to be removed.
Page 154
Text goes here Command Reference - xCommand TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE xCommand Description Parameters SubZoneAdd Adds and configures a new subzone. SubZoneName(r): <S: , 50> Assigns a name to this subzone.
Page 155
Text goes here Command Reference - xCommand TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE xCommand Description Parameters TransformAdd Adds and configures a new transform. Pattern(r): <S: , 60> Specifies the pattern against which the alias is compared.
Page 156
Text goes here Command Reference - xCommand TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE xCommand Description Parameters ZoneList A diagnostic tool that returns the list of zones (grouped by pri- Alias(r): <S: , 60>...
Page 157
Text goes here Command Reference - xStatus Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE SystemUnit: Product: “the product name” Uptime: <Time in seconds> SystemTime: <Time not set/date-time>...
Page 158
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Protocol: <IPv4/IPv6/Both> IPv4: Address: <IPv4Addr> SubnetMask: <IPv4Addr> Gateway: <IPv4Addr> IPv6: Address: <IPv6Addr> Gateway: <IPv6Addr> DNS: Server [1-5]: Address: <IPv4Addr/IPv6Addr>...
Page 159
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE External Manager: Status: <Inactive/Initializing/Active/Failed> Cause: {Visible if status is Failed} <DNS resolution failed > Address: <IPv4Addr/IPv6Addr >...
Page 160
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Calls: Call <1..900>: SerialNumber: <S: 1,255> State: <Connecting/Connected/Disconnecting> StartTime: <Seconds since boot/Date Time> Duration: <Time in seconds, precision in seconds>...
Page 161
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Calls continued... MediaRouted: <True/False> Participants: Leg: <1..300> {2 entries} Bandwidth: <0..100000000> kbps Route: Zone/Link: <S: 1,50 Node name> {0..150 entries} Registrations: Registration [1..3750]:...
Page 162
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Registrations continued... Contact: <S: 1,255> Path: URI [1..10]: <S: 1,255> Zones: DefaultZone: Name: “DefaultZone” Bandwidth: Used: <0..100000000>...
Page 163
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones continued... Bandwidth: Used: <0..100000000> Registrations: {0..3750 entries} Registration: <1..3750> SerialNumber: <S: 1,255> Calls: Call [0..900]: {0..900 entries} CallSerialNumber: <S: 1,255>...
Page 164
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones continued... H323: {Visible if H323 Mode=On for Zone} Status: <Unknown/Active/Failed> Cause: {Visible if Status is Failed} <No response from neighbor/ DNS resolution failed>...
Page 165
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones continued... LastStatusChange: <Time not set/Date Time> SIP: {Visible if SIP Mode=On for Zone} Status: <Unknown/Active/Failed>...
Page 166
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones continued... SIP: {Visible if SIP Mode=On for Zone} Status: <Unknown/Active/Failed> Cause: {Visible if Status is Failed} <No response from neighbor/ DNS resolution failed>...
Page 167
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Alternates: Alternate [1..5]: Status: <Active/Failed/Unknown> Cause: {Visible if status is Failed} <No response from gatekeeper/DNS resolution failed/Invalid IP address>...
Page 168
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE H323 continued... H46018: CallSignaling: Status: <Active/Inactive/Failed> IPv4: {Visible if Status=Active} Address: <IPv4Addr> IPv6: {Visible if Status=Active} Address: <IPv6Addr>...
Page 169
Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE STUN: Servers: Discovery: Status: <Active/Inactive> Address: <IPv4Addr/IPv6Addr> Relay: Status: <Active/Inactive> Address: <IPv4Addr/IPv6Addr> Bindings: Count: <0..800>...
Overview address-switch node This Appendix gives details of the VCS’s implementation of the CPL language and should be read in conjunction with the CPL standard RFC 3880 (5). The address-switch node allows the script to run different actions based on the source or The VCS supports most of the CPL standard along with some TANDBERG-defined extensions.
Page 171
The destination aliases. If the selected field contains multiple aliases then the VCS will attempt to match each address node with all of the aliases before proceeding to the next address node i.e. an address node matches if it matches any alias.
Page 172
Text goes here CPL Reference TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Overview Subfield Within the address-switch node, the optional subfield parameter specifies which part of the address is to be considered. The following table gives the definition of subfields for each alias type.
Page 173
The following elements are not currently supported: • On executing a proxy node the VCS will attempt to forward the call to the locations specified in time-switch the current location set. If multiple entries are in the location set then this results in a forked call.
Text goes here CPL Reference TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE CPL Examples Call Screening of Authenticated Users Call Screening Based on Alias In this example, only calls from users with authenticated source addresses are allowed.
Text goes here CPL Reference TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE CPL Examples Change of Domain Name Call Screening Based on Domain fred annoying.com In this example, Example Inc has changed its domain from example.net...
CPL Examples Restricting Access to a Local Gateway In this example, a gateway is registered to the VCS with a prefix of 9 and the administrator wants to stop calls from outside the organization being routed through it. <?xml version=”1.0” encoding=”UTF-8” ?>...
Character Description Example Regular expressions can be used in Matches any character. conjunction with a number of VCS features Matches 0 or more repetitions of the previous will match against any sequence of characters. such as alias transformations, zone match.
FQDN of the system hosting the domain For example: • dnscmd . /RecordAdd example.com _ h323ls. _ udp SRV 1 0 1719 vcs.example.com It is assumed that both A and AAAA records already exist for vcs.example.com. If not, you will need to add one.
About the LDAP Databases Downloading the H.350 schemas The VCS can be configured to use a database on an LDAP The following ITU specification describes the schemas which are required to be installed on the LDAP server: Directory Server to store authentication credential information H.350...
DNS entry in the subject alternative name extension. To configure the VCS to use TLS on the connection to the LDAP server you must upload the CA’s certificate as a trusted CA certificate. This can be done on the VCS by navigating to: •...
LDAP server’s certificate. To configure the VCS to use TLS on the connection to the LDAP All three files should be in PEM file format. server you must upload the CA’s certificate as a trusted CA certificate.
Page 183
Bibliography TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Reference Title Link ITU Specification: H.235 Security and encryption for H-Series (H.323 and other H.245-based) multimedia http://www.itu.int/rec/T-REC-H.235/en terminals ITU Specification: H.350 Directory services architecture for multimedia conferencing http://www.itu.int/rec/T-REC-H.350/en...
Page 184
A type of DNS record that maps a domain name to an IPv6 address. Administrator Policy In relation to the VCS, the set of rules configured system-wide (either via the web interface or CPL script) that determine the action(s) to be applied to calls matching a given criteria.
Page 185
Also known as IP masquerading. Rewriting source and destination addresses as the IP packet passes through the NAT device. Network Address Translation Node In relation to the VCS, a node is one end of a link. A node can be a local subzone or a zone. A protocol used for synchronizing clocks. Network Time Protocol Pipe In relation to the VCS, a means of controlling the bandwidth used on a link.
Page 186
A traversal entity on the private side of a firewall. Examples are a TANDBERG Gatekeeper or TANDBERG VCS. Traversal Server A traversal entity on the public side of a firewall. Examples are the TANDBERG Border Controller and the TANDBERG VCS with the Border Controller option enabled. Traversal-enabled endpoint Any endpoint that supports the Assent and/or ITU H.460.18 and H.460.19 standards for firewall traversal.
Page 187
TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Philip Pedersens vei 22, 1366 Lysaker, Norway Telephone: +47 67 125 125 Fax: +47 67 125 234 Video: +47 67 117 777 E-mail: tandberg@tandberg.com Getting System System H.323 & SIP Registration Zones and Call...