Download  Print this page

TANDBERG VCS Administration Manual

Video communication server
Hide thumbs

Advertisement

COMMUNICATION
ADMINISTRATOR
Getting
System
Introduction
Started
Overview
D 14049.01
D 14049.01
07.2007
VIDEO
SERVER
GUIDE
Software version X1.0
D14049.01
July 2007
System
H.323 & SIP
Registration
Configuration
Configuration
Control
Zones and
Call
Firewall
Neighbors
Processing
Traversal

Bandwidth
Maintenance
Appendices
Control

Advertisement

Table of Contents
loading

  Also See for TANDBERG VCS

  Related Manuals for TANDBERG VCS

  Summary of Contents for TANDBERG VCS

  • Page 1 VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Software version X1.0 D14049.01 July 2007 Getting System System H.323 & SIP Registration Zones and Call Firewall Bandwidth Introduction Maintenance Appendices Started Overview Configuration Configuration Control Neighbors Processing Traversal Control D 14049.01 D 14049.01 07.2007...
  • Page 2: Table Of Contents

    Environmental Issues System Configuration System Administration Configuration ........19 SERVER Introduction Configuring System Settings ..........19 About the TANDBERG Video Communication Server ....12 About the System Name .............19 About Admin Access settings ..........19 Main Product Features ............12 Ethernet Configuration ............20 Standard Features ..............12 Configuring Ethernet Settings ..........20...
  • Page 3 Patterns and Pattern Types ..........46 SIP Registration Expiry ............35 Activating use of Allow or Deny Lists ........46 Using the VCS as a SIP Proxy Server ........35 Managing Entries in the Allow List ........47 SIP protocols and ports ............35 Managing Entries in the Deny List ........
  • Page 4 FindMe User Accounts ............ 72 URI Resolution Process via DNS .......... 81 Configuring Hop Counts ............62 Individual versus Group FindMe ........72 Enabling URI Dialing via the VCS .......... 81 Accessing the FindMe Configuration Page ......72 Outgoing Calls ............... 81 Administrator Policy Configuring your FindMe User Account........
  • Page 5 TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ENUM Dialing Disconnecting calls Configuring the VCS as a Traversal Server ......103 Overview ................103 ENUM Dialing Overview ............87 Overview ................95 Adding a New Traversal Server Zone ........103 About ENUM Dialing ............87 About the Call Control API ...........
  • Page 6 Example Without a Firewall ..........120 Overview ................170 Example With a Firewall ............. 121 Bibliography CPL Examples ..............174 VCS Border Controller Subzone Configuration ....121 Call Screening of Authenticated Users ........174 Enterprise VCS Subzone Configuration ......121 Glossary Call Screening Based on Alias ..........174 Call Screening Based on Domain ........175...
  • Page 7 ADMINISTRATOR GUIDE Trademarks and Copyright All rights reserved. This document contains information that is proprietary to TANDBERG. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronically, mechanically, by photocopying, or otherwise, without the prior written permission of TANDBERG.
  • Page 8: Disclaimer, Copyrights And License Agreements

    TANDBERG. Copyright © 2007 Tandberg Telecom AS. All rights reserved. U.S. Patent Nos. TANDBERG reserves the right to amend any of the information • Patents pending in the U.S. 5,600,646 given in this document in order to take account of new •...
  • Page 9: Safety Instructions And Approvals

    EC Declaration of Conformity Do not operate the apparatus in areas with high • Do not attempt to service the apparatus concentration of dust. Manufacturer: TANDBERG Telecom AS Water and Moisture yourself as opening or removing covers may Product Name: TANDBERG Video •...
  • Page 10: Environmental Issues 0

    Instead of a range of different user manuals, there is now one In order to avoid the dissemination of hazardous substances at the end of product life CD – which can be used with all TANDBERG products – in a in our environment and to diminish the pressure on natural •...
  • Page 11 TANDBERG CONTENT S USER Environmental Issues TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Getting System System H.323 & SIP Registration Zones and Call Firewall Bandwidth Introduction Introduction Maintenance Appendices Started Overview Configuration Configuration Control Neighbors Processing Traversal Control D 14049.01 07.2007...
  • Page 12: About The Tandberg Video Communication Server

    In some places The VCS also acts as a gateway between SIP and H.323 protocols, and between IPv4 and IPv6, allowing you to make the most use of information is duplicated between sections to let you have all your existing video communications investment.
  • Page 13: Getting Started 3

    • To avoid damage to the unit during transportation, the Make sure that the VCS is accessible and that all cables can The socket outlet shall be installed near to the equipment TANDBERG VCS is delivered in a special shipping box, which be easily connected.
  • Page 14: Powering On The Vcs

    The VCS requires some initial configuration Type and press Enter. Once it has rebooted, the VCS is ready to use. before it can be used. This must be done You can continue to use the serial connection, Ensure the power cable is connected.
  • Page 15: System Administrator Access

    About Administrator Access Administrator Account Password Session Timeout While it is possible to administer the TANDBERG VCS via a PC All administration requires you to log in to the administration By default, Administrator sessions do not time out – they...
  • Page 16: Using The Web Interface

    Administrator Guide on the Supported Browsers TANDBERG website. The VCS web interface is designed for use with Internet Explorer (6 and up) or Firefox (1.5 and up). It may work with Opera and Safari, but you may encounter unexpected behavior.
  • Page 17: Using The Command Line Interface (Cli)

    The command line interface is available over SSH, Telnet and through the serial port. To use the command line interface: Start a SSH or Telnet session. Enter the IP address or FQDN of the VCS. Login with a username of admin and your system password.
  • Page 18: Viewing The Overview Page

    This shows the version of software that is was last restarted. currently installed on the VCS. Total : The total number of non-traversal calls handled by the VCS since it was last restarted. IPv4 address This shows the VCS’s IPv4 address. Registrations...
  • Page 19: System Configuration 9

    VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE System Administration Configuration Configuring System Settings System name Defines the name of the VCS. Choose a name To configure the VCS’s system administration that uniquely identifies the system. settings: • System Configuration >...
  • Page 20: Ethernet Configuration

    Ethernet About Ethernet Speed The Ethernet speed setting determines the speed of the connection between the VCS and the ethernet switch. It must be set to the same value on both systems. The default is Auto. We recommend that you...
  • Page 21: Ip Configuration

    If a call is between an IPv4-only and an IPv6-only endpoint, the VCS will act as an About IPv4 to IPv6 Gatewaying IPv4 to IPv6 gateway. It can communicate with other systems via either protocol.
  • Page 22: Dns Configuration

    The DNS Domain Name is used when host name before a query to the DNS server attempting to resolve server addresses is executed. configured on the VCS that are not fully qualified. It applies only to the following: • LDAP server •...
  • Page 23: Ntp Configuration

    NTP server to synchronize the system time. Time zone Sets the local time zone of the VCS. Setting the Time Zone All events are recorded using the local date and time as well as UTC time. The local time is determined by the Time Zone set on the VCS.
  • Page 24: Snmp Configuration

    VCS, for conditions that might contacted regarding issues with the VCS. require administrative attention. To allow the VCS to be monitored by a SNMP NMS, you must enable SNMP on the VCS and provide the name of the...
  • Page 25: External Manager Configuration

    The use of an External Manager is optional. Sets the path of the External Manager. In order to use an External Manager, you must configure the VCS with the IP address or host name and path of the External Manager to be used.
  • Page 26: Backing Up Configuration Settings

    ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Backing up Configuration Settings You are recommended to maintain a backup of your VCS configuration. To do this: Use the command line interface to log on to the VCS. Issue the command xConfiguration. Save the resulting output to a file, using cut-and-paste or some other means provided by your terminal emulator.
  • Page 27: Logging 7

    The important. The table below gives an overview of the levels assigned to different events. the VCS by setting the log level. All events event log contains information about such with a level numerically equal to and lower...
  • Page 28: Event Log

    Event Log Format Message Details Field For all messages logged from the tandberg process the field is structured to allow easy parsing. The event log is displayed in an extension of the UNIX syslog format: It consists of a number of human-readable name=value pairs, separated by a space.
  • Page 29: Events Logged At Level 1

    The Reason event parameter contains the H.225 cause code. Optionally, the Detail event parameter may contain a textual representation of the H.225 additional cause code. Registration Removed A registration has been removed by the VCS. The Reason event parameter specifies the reason why the registration was removed. This is one of: •...
  • Page 30: Events Logged At Level 2

    The VCS has started. Further detail may be provided in the event data Detail field. Application Failed The VCS application is out of service due to an unexpected failure. License Limit Reached Licensing limits for a given feature have been reached.
  • Page 31: Event Data Fields

    Logging Logging TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Event Data Fields Field Description Protocol Specifies which protocol was used for the communication. Valid values are: • • • Reason Textual string containing any reason information associated with an event.
  • Page 32 Logging Logging TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Event Data Fields cont... Field Description Call-Id The Call-ID header field uniquely identifies a particular invitation or all registrations of a particular client. (for REGISTER requests): the AOR for the REGISTER request.
  • Page 33: Working With

    H.323 calls once they are established. to confirm whether it is still in the call. The VCS allows you to You can determine how the VCS will behave in this situation by configure the interval at which the endpoints are polled, known...
  • Page 34: Configuring H.323

    Call time to live Call signaling port range start Specifies the interval (in seconds) at which the VCS polls the endpoints in a call to verify Specifies the lower port in the range to that they are still in the call.
  • Page 35: Working With Sip

    The VCS supports the SIP protocol: it is both a SIP Proxy and SIP Registrar, and will provide When in mode, the VCS may act as a SIP Proxy Server. The role of a Proxy Server is to forward interworking between SIP and H.323 calls. In order to support SIP,...
  • Page 36: System Configuration

    Specifies the listening port for incoming SIP Off: Registration requests will not be proxied calls over TCP. (but will still be permitted locally if the VCS is 5060 The default is authoritative for that domain). Invite requests with existing Route Sets will be rejected.
  • Page 37: Configuring Sip - Domains

    Edit the Name of the domain and click The VCS will act as a SIP Registrar for this Save. domain, and will accept registration requests The name of the domain will be changed. for any SIP endpoints attempting to register •...
  • Page 38: Interworking

    Off: the VCS will not act as a SIP-H.323 gateway. has been disabled) the call will still be RegisteredOnly: the VCS will act as a SIP-H.323 gateway but only if at least one of the endpoints is established but it will be audio only.
  • Page 39: Registration Control

    Traversal-enabled endpoints include all TANDBERG own prefix, which they provide to the VCS when registering. The Expressway™ endpoints and third party endpoints which VCS will then know to route all calls that begin with that prefix • authentication process based on the username and support the ITU H.460.18 and H.460.19 standards.
  • Page 40: Finding A Vcs With Which To Register

    (consult your endpoint manual for how to access this setting). • If the mode is set to automatic, the endpoint will try to register with any VCS it can find. It does this by sending out a Gatekeeper Discovery Request, to which eligible VCSs will respond.
  • Page 41: Authentication

    VCS uses when authenticating with other systems. For example, when forwarding an invite from an endpoint to another VCS, that other system may have authentication enabled and will therefore require your local VCS to provide it with a username and password.
  • Page 42: Authentication Using An Ldap Server

    VCS, and the alias(es) with which it wishes to register LDAP The VCS looks up the username in the LDAP database and obtains the authentication and alias The alias(es) presented by the endpoint will be used as long as they are listed in the LDAP information for that entry.
  • Page 43: Configuring Ldap Server Settings

    The user distinguished name to be used by LDAP the VCS when binding to the LDAP server. Password The password to be used by the VCS when binding to the LDAP server. Base DN The area of the directory on the LDAP server to be searched for the credential information.
  • Page 44: Authentication Using A Local Database

    Local Database. The local database is included as part of your VCS system. It consists of a list of usernames and passwords, which you add via the web interface and/or the CLI. The database can hold up to 2500 entries.
  • Page 45: Registering Aliases

    H.33 When registering, the H.323 endpoint presents the VCS with An H.323 endpoint may attempt to register with the VCS using an alias that has already been registered on the VCS from another IP one or more of the following: address.
  • Page 46: Allow And Deny Lists

    Activating use of Allow or Deny Lists When an endpoint attempts to register with To activate the use of Allow or Deny lists to determine which aliases are allowed to register with the VCS: the VCS it presents a list of aliases. You can •...
  • Page 47: Managing Entries In The Allow List

    This page shows all the existing entries in the To view and manage the entries in the Allow Allow List. List: • VCS Configuration > Registration > Allow List. You can sort these entries by clicking You will be taken to the Registration Allow on the relevant column heading.
  • Page 48: Managing Entries In The Deny List

    This page shows all the existing entries in the To view and manage the entries in the Deny Deny List. List: • VCS Configuration > Registration > Deny List. You can sort these entries by clicking You will be taken to the Registration Deny on the relevant column heading.
  • Page 49: Managing Zones, Neighbors And Alternates

    VCS connected to the internet with one or more endpoints registered to it. However, depending on the size and complexity of your enterprise the VCS may be part of a network of endpoints, other VCSs and other network infrastructure devices, with one or more firewalls between it and the internet.
  • Page 50: Local Zone And Subzones

    The VCS also has a special type of subzone known as the Traversal Subzone. This is a conceptual subzone; no endpoints can be registered to it, but all traversal calls (i.e. calls for which the VCS is taking the media in addition to the signaling) must pass through it. The Traversal Subzone exists in order to allow you to control the amount of bandwidth used by traversal calls, as these can be particularly resource-intensive.
  • Page 51: Zones

    Traversal Server Zone A zone is a collection of endpoints, either all registered to a In order to be able to traverse a firewall, the VCS must be The VCS may be enabled to act as a traversal server by single system (e.g.
  • Page 52: Adding Zones

    ENUM or DNS zone, you must add For traversal server zones, traversal client a new zone on the local VCS. When adding a zones and neighbor zones this will include new zone you will be asked to specify its Type;...
  • Page 53: Configuring Zones - All Types

    Managing Zones, Neighbors and Alternates TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Configuring Zones - All Types Name Assigns a name to the zone. The name acts as a unique identifier, allowing you to distinguish between zones of the same type.
  • Page 54: Configuring Neighbor Zones

    H.323 port Specifies the port on the neighbor system to be used for H.323 calls to and from the local VCS. This must be the same port number as that configured on the neighbor system as its H.323 UDP port.
  • Page 55: Configuring Traversal Client Zones

    Determines whether H.323 calls will be allowed to and from the traversal server. Specifies the port on the traversal server to be used for SIP calls to and from the VCS. H.323 protocol Determines which of the two firewall traversal protocols (Assent or H.460.18) to use for calls...
  • Page 56: Configuring Traversal Server Zones

    Determines whether or not the same two Sets the interval (in seconds) with which the ports can be used for media by two or more client will send a UDP probe to the VCS Border calls. Controller once a call is established, in order : all calls will use the same two ports.
  • Page 57: Configuring Enum Zones

    Managing Zones, Neighbors and Alternates TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Configuring ENUM Zones DNS suffix Specifies the domain to be appended to the transformed E.164 number to create an ENUM domain for which this zone is queried. H.323 mode Determines whether H.323 records will be looked up for this...
  • Page 58: About Alternates

    VCSs that will act as Alternates should the current VCS Each VCS can be part of a pool of up to 6 become unavailable. Alternate VCSs that act as backups to each other in case one becomes unavailable (for To configure Alternate VCSs: example, due to a network or power outage).
  • Page 59: Setting Up A Dial Plan

    About Dial Plans Structured Dial Plan Hierarchical Dial Plan As you start deploying more than one VCS, it is useful to An alternative deployment would use a structured dial plan In this type of structure one VCS is nominated as the Directory...
  • Page 60: Call Processing

    Local Zone transforms. The VCS applies any User Policy to the alias. If the alias is a FindMe name, the process will start again; all the resulting aliases will be checked against Local Zone transforms and Administrator Policy.
  • Page 61: Dialing By Address Types

    In order to make a call by dialing the destination endpoint’s • e.g. 441189876432 or 6432 E.164 alias IP address, the call must be able to be routed via a VCS that Dialing by H.33 or SIP URI H.33 or SIP URI •...
  • Page 62: Hop Counts

    Configuration section, in the Hop Count field, enter the hop count value you wish to use VCS is configurable on a zone-by-zone basis. This value will for this zone. apply to search requests originating from the local VCS and •...
  • Page 63: Administrator Policy

    Administrator Policy and Authentication The VCS allows you to set up a set of rules to control which calls are allowed, which are rejected, Administrator Policy uses the source and destination of a call to determine the action to be taken.
  • Page 64: Enabling The Use Of Administrator Policy

    ADMINISTRATOR GUIDE Enabling the use of Administrator Policy Administrator Policy Mode To enable Administrator Policy: • VCS Configuration > Policy > Administrator. : Administrator Policy is enabled. If a CPL You will be taken to the Administrator script has been uploaded, this policy will be Policy page.
  • Page 65: Configuring Administrator Policy Via The Web Interface

    Order web interface: Each combination of Source Destination • VCS Configuration > Policy > Administrator. is compared, in the order shown, with the You will be taken to the Administrator details of the call being made until a match is Policy page.
  • Page 66: Configuring Administrator Policy Via A Cpl Script

    Policy that is currently in place, as an XML- must first create and save the CPL script as a based CPL script. text file, after which you upload it to the VCS. • if Administrator Policy has been configured using a CPL script, this will show you the script that was uploaded •...
  • Page 67: User Policy

    What is User Policy? • When the VCS receives a call for a particular alias, it checks The FindMe name should be in the form of a URI, and should User Policy is the set of rules that determines what happens to a call for a particular user or group when it is received by the to see whether User Policy has been enabled.
  • Page 68: Enabling User Policy On The Vcs

    User Policy Manager. Path The URL of the remote User Policy Manager. Username The username used by the VCS to log in and query the remote User Policy Manager. Password The password used by the VCS to log in and query the remote User Policy Manager.
  • Page 69: Managing Findme User Accounts

    FindMe user accounts must be created by VCS Configuration > Policy > User Accounts. account will be rejected until one or the VCS Administrator before they can be You will be taken to the User Accounts page. more devices have been configured for that accessed and configured by users.
  • Page 70: Changing A User Password

    This is useful when the user has forgotten their password. To change the password: • VCS Configuration > Policy > User Accounts. You will be taken to the User Accounts page. Confirm password Click on the user account whose password Retype the new password.
  • Page 71: Managing Findme User Accounts

    Deleting a User Account Tick the box next to the account you wish to delete. To change delete a FindMe user account: • VCS Configuration > Policy > User Accounts. You will be taken to the User Accounts page. Delete Click here to delete the selected accounts.
  • Page 72: Using Tandberg's Findme

    Using TANDBERG’s FindMe™ TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE About your FindMe User Account About FindMe™ Accessing the FindMe Configuration Page  The FindMe feature allows you as an individual or part of a...
  • Page 73: Configuring Your Findme User Account

    Using TANDBERG’s FindMe™ TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Configuring your FindMe User Account Primary Devices If no devices are configured for a FindMe name, all calls to that name List the all the device(s) that will ring when will be rejected.
  • Page 74: Alias Searching And Transforming

    Each local alias transform defines a string against which an presented in GRQ or RRQ Regardless of the origin of the request, the VCS will always follow a set sequence of steps when alias is compared, and the changes to make to the alias if it messages.
  • Page 75: Configuring Local Alias Transforms

    Configuring Local Alias Transforms Pattern string Specifies the pattern against which the alias To configure local alias transforms: is compared. • VCS Configuration > Transforms. You will be taken to the Transforms page. Click New. You will be taken to the...
  • Page 76: Zone Searching And Transforming

    PatternMatch mode of the zone search The VCS looks at all matches for all zones to find all those sent out, and speed up the search process. function. with either: The VCS uses the concept of zone “matches”...
  • Page 77: Configuring Zone Searches And Transforms

    AlwaysMatch: the zone will always be queried. search request is sent: PatternMatch: the zone will only be queried • VCS Configuration > Zones. if the alias queried for matches the specified You will be taken to the Zones page.
  • Page 78: Examples

    Text goes here Alias Searching and Transforming TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Examples Combining Match Types and Priorities Never Query a Zone Always Query a Zone, Never Apply Transforms By using both...
  • Page 79: Filter Queries To A Zone Without Transforming

    For example, your know that in your regional sales office are registered to their endpoints in a neighbor zone are registered to their local VCS with a suffix of @sales.example.com. local VCS with aliases in two different formats: In this situation, it makes •...
  • Page 80: Query A Zone For Both Original And Transformed Alias

    In this Priority level. situation, the VCS will query For example, you may wish that zone for each of the new to query a neighbor zone for aliases simultaneously. (Any...
  • Page 81: Uri Dialing

    Incoming Calls If a relevant SRV record cannot be located, the system will Endpoints must register with the VCS using a URI address in To enable endpoints registered to your VCS to receive calls fall back to looking for an A or AAAA record for the domain in order to be reachable using URI dialing.
  • Page 82: Uri Dialing For Outgoing Calls

    To filter the queries sent to the DNS server: • If the address is not registered locally, the VCS will check all its zones to see if any of them are configure a DNS zone with a match that has a...
  • Page 83: Adding And Configuring Dns Zones

    Adding and Configuring DNS Zones Name Assigns a name to this zone. In order for locally registered endpoints to use URI dialing through the VCS, you must configure at least one DNS zone. To do this: • VCS Configuration >...
  • Page 84: Configuring Dns Servers

    VCS to make outgoing calls using URI used as part of both the ENUM dialing dialing, you must configure at least and URI dialing processes. one DNS server for the VCS to query. For resilience, you can specify up to five DNS servers. Getting...
  • Page 85: Uri Dialing For Incoming Calls

    AAAA records, which provide the IPv6 address of the VCS • Port is the port on the VCS that has been configured to listen for that particular service and protocol combination • Service (SRV) records, which specify the FQDN of the VCS •...
  • Page 86: Example Dns Record Configuration

    If URI dialing is being used in conjunction with firewall traversal, DNS zones and DNS Servers using URI addresses in the format user@example.com. The VCS hosting the domain has the should be configured on the VCS Border Controller and any VCSs on the public network only. VCSs FQDN vcs.example.com.
  • Page 87: Enum Dialing

    The VCS supports outward ENUM dialing by allowing you to configure ENUM zones on the VCS. When an ENUM zone is queried, this triggers the VCS to transform the E.164 number that was dialed into an ENUM domain which is then queried via DNS.
  • Page 88: Enum Dialing For Outgoing Calls

    We create an ENUM zone on our local VCS with a DNS suffix If the E.164 number is not found locally, the VCS will check via ENUM dialing. of e164.arpa.
  • Page 89: Configuring Matches For Enum Zones

    Configuring Transforms for ENUM Zones If you wish locally registered endpoints to be able to make ENUM calls via the VCS, then at a You can configure transforms for ENUM zones in the same way as any other zones (see...
  • Page 90: Configuring Enum Zones

    SIP mode Any number of ENUM zones may be Determines whether or not SIP records will be configured on the VCS. looked up for this zone. You should configure at least one ENUM zone for each DNS suffix that your Match1 - Match5 endpoints may use.
  • Page 91: Configuring Dns Servers

    VCS to make outgoing calls using used as part of both the ENUM dialing ENUM dialing, you must configure at and URI dialing processes. least one DNS server for the VCS to query. For resilience, you can specify up to five DNS servers. Getting...
  • Page 92: Enum Dialing For Incoming Calls

    (for internal use of ENUM) or it could use a public ENUM database such as http://www.e164.org. Non-terminal rules in ENUM are not currently supported by the VCS. For more information on these, see section 2.4.1 of RFC 3761 [8], Getting System System H.323 &...
  • Page 93: Calls To And From Unregistered Endpoints

    (for example if the IP address is private). made between endpoints each registered with Instead, we recommend that callers from unregistered endpoints dial the IP address or the domain name (if configured) of the local VCS, prefixed by such a system, it is sometimes necessary the alias they wish to call.
  • Page 94: Fallback Alias

    Overview Configuration Example Use of a Fallback Alias It is possible for the VCS to receive a call that To configure the Fallback Alias: You may wish to configure your Fallback Alias to be that of your receptionist, so that is destined for it but which does not specify •...
  • Page 95: Disconnecting Calls

    Each time a call is made, the VCS will assign that call the lowest available call ID number. For example, if there is already a call in progress with an ID of 1, the next call will be assigned an ID of 2. If call 1 is then disconnected, the third call to be made will be assigned an ID of 1.
  • Page 96: Disconnecting A Call Via The Web Interface

    ID assigned to a new call. For this reason, the VCS also allows you to reference the call using the longer but unique call serial number.
  • Page 97: Firewall Traversal

    VCS as a Firewall Traversal Server are outbound, i.e. established from the client to the server, and thus able to successfully traverse In addition to being a firewall traversal client, the VCS can be enabled to act as a firewall traversal the firewall.
  • Page 98: Firewall Traversal Protocols And Ports

    Once the H.323 and SIP ports have been set on the VCS H.460.8/9 Ports Border Controller, matching ports must be configured on the For connections to the VCS Border Controller using the corresponding traversal client.
  • Page 99: Ports For Connections Out To The Public Internet

    Tester, that allows you to test your firewall configuration for • xConfiguration Traversal Server STUN located within a DMZ (i.e. there is a firewall between the VCS compatibility issues with your network and endpoints. It will Border Controller and the public internet) as you will not be able...
  • Page 100: Firewall Traversal And Authentication

    Authentication Password. • • If the Border Controller is in Assent mode, the VCS client provides If the Border Controller is in Assent mode, the traversal zone Authentication Username. This is set on the client via configured on the Border Controller to represent the VCS client must Configuration >...
  • Page 101: Configuring The Vcs As A Traversal Client

    Configuring the VCS as a Traversal Client Overview Adding a New Traversal Client Zone • To enable your VCS to act as a traversal VCS Configuration > Zones. client on behalf of its endpoints and neighbor You will be taken to the Zones page.
  • Page 102: Configuring A Traversal Client Zone

    SIP port Specifies the port on the traversal server to be used for SIP calls from this VCS SIP transport Determines which transport type will be used for SIP calls to and from the traversal server.
  • Page 103: Configuring The Vcs As A Traversal Server

    Select New. • You will be taken to the Create Zone page. Allow your VCS to act as a traversal • xCommand ZoneAdd server for other VCSs and TANDBERG Gatekeepers. You do this by adding a new traversal server zone on the VCS, and configuring it with details of the traversal client.
  • Page 104: Configuring A Traversal Server Zone

    Zones Zone Controller to be used for SIP calls from this traversal client. Authentication username If the traversal client is a VCS, this must be SIP transport the VCS’s Authentication Username. If the Determines which transport type will be used traversal client is a gatekeeper, this must be for SIP calls to and from the traversal client.
  • Page 105: Configuring Traversal For Endpoints

    UDP probe keep alive interval Sets the interval (in seconds) with which locally registered endpoints will send a UDP probe to the VCS once a call is established, in H.323 Assent mode order to keep the firewall’s NAT bindings open.
  • Page 106: Configuring Traversal Server Ports

    Configuring the VCS as a Traversal Server Configuring Traversal Server Ports Media demultiplexing RTP port Specifies the port on the VCS to be used for The VCS has specific listening ports assigned demultiplexing RTP media. for connections with the firewall. In most cases the default ports should be used.
  • Page 107: Stun Services

    The client can restrict the remote address and ports from which the relay should forward on media. Any incoming calls to this IP address and port on the VCS server are relayed via the allocated binding on the NAT to the client.
  • Page 108: Configuring Stun Services

    STUN page. STUN discovery port • xConfiguration Traversal Server Specifies the port on the VCS on which it will STUN be listening for STUN Discovery requests. STUN relay mode Determines whether the VCS will offer STUN Relay services to traversal clients.
  • Page 109: Bandwidth Control 09

    ADMINISTRATOR GUIDE Overview About Bandwidth Control Example Network Deployment The TANDBERG VCS allows you to control The diagram below shows a typical network deployment: the use of bandwidth by endpoints on your • a broadband LAN, where high bandwidth calls are acceptable network.
  • Page 110: Subzones

    IP addresses: when an endpoint registers with Subzone you can control how much processing of media the Traversal calls include: the VCS its IP address is checked and it is assigned to the VCS will perform at any one time. These limitations can be •...
  • Page 111: Creating A Subzone

    VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Creating a Subzone To add a new subzone: • VCS Configuration > Local Zone > Subzones. You will be taken to the Subzones page. Select You will be taken to the Create Subzone page.
  • Page 112: Configuring A Subzone

    VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Configuring a Subzone To configure a subzone: • VCS Configuration > Local Zone > Subzones. You will be taken to the Subzones page. Click on the subzone you wish to configure. You will be taken to the Edit Subzone page.
  • Page 113: Applying Bandwidth Limitations To Subzones

    Bandwidth Control Bandwidth Control TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Applying Bandwidth Limitations to Subzones Types of Limitations How Different Bandwidth Limitations are Managed You can apply bandwidth limits to the Default Subzone, Traversal Subzone and all manually...
  • Page 114: About Pipes

    Limited: there is a limit in place; you must enter the limit in the field below. Creating a new pipe None: there is no bandwidth available. To create a pipe: • VCS Configuration > Bandwidth > Pipes. Total bandwidth (kbps) You will be taken to the Pipes page.
  • Page 115: Editing Pipes

    Enter the name you wish to give to this pipe. To configure details of a pipe: You will refer to this name when creating links. • VCS Configuration > Bandwidth > Pipes You will be taken to the Pipes page.
  • Page 116: About Links

    If multiple Node 1, Node 2 routes are possible, your VCS will perform the bandwidth calculations using the one with the Select the names of the two subzones, or the fewest links.
  • Page 117: Editing Links

    Editing Links Editing Links Name Enter the name you wish to assign to this link. To edit a link: • VCS Configuration > Bandwidth > Links. You will be taken to the Links page. Click View/Edit. You will be taken to the Edit Link page.
  • Page 118: Applying Pipes To Links

    If a subzone has no links configured, then endpoints within the subzone will only be able to call in either direction. other endpoints within the same subzone. For this reason, the VCS comes shipped with a set Normally a single pipe would be applied to a single link. However, one or more pipes may be of pre-configured links and will also automatically create new links each time you create a new applied to one or more links, depending on how you wish to model your network.
  • Page 119: Default Call Bandwidth, Insufficient Bandwidth And Downspeeding

    You will be taken to the Bandwidth Configuration page. where the endpoint has not specified the • xConfiguration Bandwidth Default bandwidth, you can set the VCS to apply a • xConfiguration Bandwidth Downspeed default bandwidth value. About Downspeeding Default call bandwidth (kbps)
  • Page 120: Bandwidth Control Examples

    An example deployment is shown opposite. Each of the three offices (Enterprise, Home and Branch) is represented as a separate subzone on the VCS, with bandwidth configured according to local policy. The enterprise’s leased line connection to the Internet, and the DSL connections to the remote offices, are modeled as separate pipes.
  • Page 121: Example With A Firewall

    VCS Border Controller Subzone Configuration The VCS Border Controller has subzones configured for the Home Office and Branch Office. These are linked to the VCS Border Controller’s Traversal Subzone, with pipes placed on each link. All calls from the VCS Border Controller to the Enterprise VCS must go through the Traversal Subzone and will consume bandwidth from this Subzone.
  • Page 122: Upgrading Software

    About Upgrading the VCS Software Upgrading Using SCP/PSCP It is possible to install new releases of the VCS software on your existing hardware. Software To upgrade using SCP or PSCP (part of the PuTTY free Telnet/SSH package) you will need to...
  • Page 123: Upgrading Via The Web Interface

    Text goes here Maintenance TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Upgrading Upgrading via the Web Interface System Information This section tells you about the To upgrade your software via the web software and hardware that currently interface: make up your system.
  • Page 124: Option Keys

    About Adding Extra Options Adding Options via the CLI The following VCS features can be added to your existing system by installing the appropriate To return the indexes of all the Option Keys that are already installed on your system: options: •...
  • Page 125: Adding Options Via The Web Interface

    Text goes here Maintenance TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Option Keys Adding Options via the Web Interface This section lists the keys that are already installed on your system along To add options via the web interface: with a description of the options they •...
  • Page 126: Security

    Security page. Download server certificate Provides you with the PEM file containing the certificate used by the VCS to identify itself to SIP and HTTPS clients when communicating over SSL/TLS. Upload server certificate data Click here once you have selected the files to upload them.
  • Page 127: Passwords

    TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Passwords Changing the Administrator Password To change the password used to log in to the VCS: • Maintenance > Passwords. You will be taken to the Passwords page. You must restart the system for changes to take effect.
  • Page 128: Restarting

    Text goes here Maintenance TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Restarting About Restarting Some configuration changes will require a restart of the system Restart to take effect. There will be a button at the bottom of any web pages that include such options.
  • Page 129 Sets the number of minutes that an administration session (HTTPS, Telnet or SSH) may be inactive before the session is timed out. A value of 0 turns session time outs off. Alternates Alternate [..5] Address: <S: 0, 8> Specifies the IP address of an alternate VCS. Up to 5 alternates may be configured. When the VCS receives a Location Request, all alternates will also be queried. Authentication Credential Name: <S: 0, 55>...
  • Page 130 Specifies the username to be used by the VCS when authenticating with another system. Bandwidth Default: <64..048> Sets the bandwidth (in kbps) to be used on calls managed by the VCS in cases where no bandwidth has been specified by the endpoint. Downspeed PerCall Mode: <On/Off>...
  • Page 131 Text goes here Command Reference - xConfiguration TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Bandwidth Link [..400] Name: <S: , 50> cont... Assigns a name to this link. Node Name: <S: 0, 50>...
  • Page 132 Direct : Allows an endpoint to make a call to an unknown IP address without the VCS querying any neighbors. The call setup would occur just as it would if the far end were registered directly to the local system.
  • Page 133 : the VCS will act as a SIP-H.323 gateway but only if at least one of the endpoints is locally registered. : the VCS will act as SIP-H.323 gateway regardless of whether the endpoints are locally registered (you must have the appropriate option key enabled to use this feature).
  • Page 134 SubnetMask: <IPAddr> cont... Specifies the IPv4 subnet mask of the VCS. Note: You must restart the system for any changes to take effect. Address: <S: 0, 39> Specifies the IPv6 address of the VCS. Note: You must restart the system for any changes to take effect.
  • Page 135 Option [..64] Key: <S: 0, 90> Specifies the option key of your software option. These are added to the VCS in order to add extra functionality, such as increasing the VCS’s capacity. Contact your TANDBERG repre- sentative for further information.
  • Page 136 Specifies a domain for which this VCS is authoritative. Mode: <On/Off> Determines whether or not the VCS will provide SIP registrar and SIP proxy functionality. : the VCS will act as a SIP registrar/proxy. : the VCS will not act as a SIP registrar/proxy.
  • Page 137 ADMINISTRATOR GUIDE Registration ExpireDelta: <5..700> cont... Specifies the period within which a SIP endpoint must re-register with the VCS to prevent its registration expiring. Proxy Mode: <Off/ProxyToKnownOnly/ProxyToAny> Specifies how proxied registrations should be handled. : registration requests will not be proxied.
  • Page 138 Defines the name of the VCS. Choose a name that uniquely identifies the system. Password: <S: 0, 6> Defines the password of the VCS. The password is used to login with Telnet, HTTP(S), SSH, SCP , and on the serial port. TimeZone Name: <S: 0, 64>...
  • Page 139 Media Port Start: <04..65534> For traversal calls (i.e. where the VCS is taking the media as well as the signaling), specifies the lower port in the range to be used for the media. End: <04..65534> For traversal calls (i.e. where the VCS is taking the media as well as the signaling), specifies the upper port in the range to be used for the media.
  • Page 140 Mode: <On/Off> cont... cont.. cont... Determines whether the VCS will offer STUN relay services to traversal clients. : STUN relay services are available. : STUN relay services are not available. Port: <04..65534> Specifies the listening port for STUN relay requests.
  • Page 141 Text goes here Command Reference - xConfiguration TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones LocalZone DefaultSubZone Bandwidth Total Mode: <None/Limited/Unlimited> cont... cont... cont... cont... Determines whether the Default Subzone has a limit on the total bandwidth being used by its endpoints at any one time.
  • Page 142 Mode: <On/Off> Determines whether or not H.323 calls using Assent mode for firewall traversal will be allowed. Applies to traversal-enabled endpoints registered directly with the VCS. : calls using Assent mode will be allowed. : calls using Assent mode will not be allowed.
  • Page 143 Preference: <Assent/H4608> cont... cont... cont... cont... If an endpoint that is registered directly with the VCS supports both Assent and H.460.18 protocols, this setting determines which the VCS uses. Assent : the Assent protocol will be used. H46018 : the H.460.18 protocol will be used.
  • Page 144 VCS. Total Mode: <None/Limited/Unlimited> Determines whether or not there is a limit to the total bandwidth of all traversal calls being handled by the VCS. None : no bandwidth will be available. Limited : there will be a limit on the bandwidth.
  • Page 145 Text goes here Command Reference - xConfiguration TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones Zone [..00] Match [..5] Mode: <AlwaysMatch/PatternMatch/Disabled> cont... cont... Determines if and when a query will be sent to this zone.
  • Page 146 H33 Port: <04..65534> Specifies the port on the traversal server to be used for H.323 firewall traversal calls from this VCS. Protocol: <Assent/H4608> Determines which of the two firewall traversal protocols to use for calls to the traversal server when both are available.
  • Page 147 : TLS will be used. TraversalServer Authentication UserName: <S: , 8> If the traversal client is a VCS, this must be the VCS’s Authentication User Name. If the traversal client is a gatekeeper, this must be the gatekeeper’s System Name. H33 H4609 Demultiplexing Mode: <On/Off>...
  • Page 148 Sets the interval (in seconds) with which the traversal client will send a TCP probe to the VCS once a call is established, in order to keep the firewall’s NAT bindings open. RetryCount: <..65534> Sets the number of times the traversal client will attempt to send a TCP probe to the VCS.
  • Page 149 Deletes an entry from the Allow List. AllowListDelete AllowListId(r): <..500> The index of the entry to be deleted. Boot Reboots the VCS. none CheckBandwidth A diagnostic tool that returns the status and route (as a list Node(r): <S: , 50>...
  • Page 150 The index of the call to be disconnected. CallSerialNumber: <S: , 55> The serial number of the call to be disconnected. DomainAdd Adds a SIP domain for which this VCS is authoritative. DomainName(r): <S: , 8> Specifies the name of the domain. DomainDelete Deletes a domain.
  • Page 151 Event/AuthenticationFailure FindRegistration Returns information about the registration associated with the Alias(r): <S: 1, 60> specified alias. The alias must be registered on the VCS on The alias that you wish to find out about. which the command is issued. Getting...
  • Page 152 LinkId(r): <..600> The index of the link to be deleted. Locate Runs the VCS’s location algorithm to locate the endpoint Alias(r): <S: , 60> identified by the given alias, searching locally, on neighbors, The alias associated with the endpoint you wish to locate.
  • Page 153 Deletes a pipe. PipeId(r): <..00> The index of the pipe to be deleted. RemoveRegistration Removes a registration from the VCS. Registration: <..3750> The index number of the registration to be removed. RegistrationSerialNumber: <S: , 55> The serial number of the registration to be removed.
  • Page 154 Text goes here Command Reference - xCommand TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE xCommand Description Parameters SubZoneAdd Adds and configures a new subzone. SubZoneName(r): <S: , 50> Assigns a name to this subzone.
  • Page 155 Text goes here Command Reference - xCommand TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE xCommand Description Parameters TransformAdd Adds and configures a new transform. Pattern(r): <S: , 60> Specifies the pattern against which the alias is compared.
  • Page 156 Text goes here Command Reference - xCommand TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE xCommand Description Parameters ZoneList A diagnostic tool that returns the list of zones (grouped by pri- Alias(r): <S: , 60>...
  • Page 157 Text goes here Command Reference - xStatus Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE SystemUnit: Product: “the product name” Uptime: <Time in seconds> SystemTime: <Time not set/date-time>...
  • Page 158 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Protocol: <IPv4/IPv6/Both> IPv4: Address: <IPv4Addr> SubnetMask: <IPv4Addr> Gateway: <IPv4Addr> IPv6: Address: <IPv6Addr> Gateway: <IPv6Addr> DNS: Server [1-5]: Address: <IPv4Addr/IPv6Addr>...
  • Page 159 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE External Manager: Status: <Inactive/Initializing/Active/Failed> Cause: {Visible if status is Failed} <DNS resolution failed > Address: <IPv4Addr/IPv6Addr >...
  • Page 160 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Calls: Call <1..900>: SerialNumber: <S: 1,255> State: <Connecting/Connected/Disconnecting> StartTime: <Seconds since boot/Date Time> Duration: <Time in seconds, precision in seconds>...
  • Page 161 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Calls continued... MediaRouted: <True/False> Participants: Leg: <1..300> {2 entries} Bandwidth: <0..100000000> kbps Route: Zone/Link: <S: 1,50 Node name> {0..150 entries} Registrations: Registration [1..3750]:...
  • Page 162 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Registrations continued... Contact: <S: 1,255> Path: URI [1..10]: <S: 1,255> Zones: DefaultZone: Name: “DefaultZone” Bandwidth: Used: <0..100000000>...
  • Page 163 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones continued... Bandwidth: Used: <0..100000000> Registrations: {0..3750 entries} Registration: <1..3750> SerialNumber: <S: 1,255> Calls: Call [0..900]: {0..900 entries} CallSerialNumber: <S: 1,255>...
  • Page 164 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones continued... H323: {Visible if H323 Mode=On for Zone} Status: <Unknown/Active/Failed> Cause: {Visible if Status is Failed} <No response from neighbor/ DNS resolution failed>...
  • Page 165 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones continued... LastStatusChange: <Time not set/Date Time> SIP: {Visible if SIP Mode=On for Zone} Status: <Unknown/Active/Failed>...
  • Page 166 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Zones continued... SIP: {Visible if SIP Mode=On for Zone} Status: <Unknown/Active/Failed> Cause: {Visible if Status is Failed} <No response from neighbor/ DNS resolution failed>...
  • Page 167 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Alternates: Alternate [1..5]: Status: <Active/Failed/Unknown> Cause: {Visible if status is Failed} <No response from gatekeeper/DNS resolution failed/Invalid IP address>...
  • Page 168 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE H323 continued... H46018: CallSignaling: Status: <Active/Inactive/Failed> IPv4: {Visible if Status=Active} Address: <IPv4Addr> IPv6: {Visible if Status=Active} Address: <IPv6Addr>...
  • Page 169 Text goes here Command Reference - xStatus TANDBERG TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE STUN: Servers: Discovery: Status: <Active/Inactive> Address: <IPv4Addr/IPv6Addr> Relay: Status: <Active/Inactive> Address: <IPv4Addr/IPv6Addr> Bindings: Count: <0..800>...
  • Page 170: Overview

    Overview address-switch node This Appendix gives details of the VCS’s implementation of the CPL language and should be read in conjunction with the CPL standard RFC 3880 (5). The address-switch node allows the script to run different actions based on the source or The VCS supports most of the CPL standard along with some TANDBERG-defined extensions.
  • Page 171 The destination aliases. If the selected field contains multiple aliases then the VCS will attempt to match each address node with all of the aliases before proceeding to the next address node i.e. an address node matches if it matches any alias.
  • Page 172 Text goes here CPL Reference TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Overview Subfield Within the address-switch node, the optional subfield parameter specifies which part of the address is to be considered. The following table gives the definition of subfields for each alias type.
  • Page 173 The following elements are not currently supported: • On executing a proxy node the VCS will attempt to forward the call to the locations specified in time-switch the current location set. If multiple entries are in the location set then this results in a forked call.
  • Page 174: Cpl Examples

    Text goes here CPL Reference TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE CPL Examples Call Screening of Authenticated Users Call Screening Based on Alias In this example, only calls from users with authenticated source addresses are allowed.
  • Page 175: Call Screening Based On Domain

    Text goes here CPL Reference TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE CPL Examples Change of Domain Name Call Screening Based on Domain fred annoying.com In this example, Example Inc has changed its domain from example.net...
  • Page 176: Allow Calls From Locally Registered Endpoints Only

    <cpl xmlns=”urn:ietf:params:xml:ns:cpl” xmlns:taa=”http://www.tandberg.net/cpl-extensions” xmlns:taa=”http://www.tandberg.net/cpl-extensions” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xsi:schemaLocation=”urn:ietf:params:xml:ns:cpl cpl.xsd”> xsi:schemaLocation=”urn:ietf:params:xml:ns:cpl cpl.xsd”> <taa:routed> <taa:routed> <address-switch field=”registered-origin”> <address-switch field=”registered-origin”> <not-present> <not-present> <reject reason=”Only local endpoints can use this Tandberg <address-switch field=”originating-zone”> VCS”/> <address is=”DefaultZone”> </not-present> <reject/> </address-switch> </address> </taa:routed> <address is=”DefaultSubZone”> </cpl> <reject/> </address>...
  • Page 177: Restricting Access To A Local Gateway

    CPL Examples Restricting Access to a Local Gateway In this example, a gateway is registered to the VCS with a prefix of 9 and the administrator wants to stop calls from outside the organization being routed through it. <?xml version=”1.0” encoding=”UTF-8” ?>...
  • Page 178: About Regular Expressions

    Character Description Example Regular expressions can be used in Matches any character. conjunction with a number of VCS features Matches 0 or more repetitions of the previous will match against any sequence of characters. such as alias transformations, zone match.
  • Page 179: Overview

    FQDN of the system hosting the domain For example: • dnscmd . /RecordAdd example.com _ h323ls. _ udp SRV 1 0 1719 vcs.example.com It is assumed that both A and AAAA records already exist for vcs.example.com. If not, you will need to add one.
  • Page 180: Ldap Configuration 80

    About the LDAP Databases Downloading the H.350 schemas The VCS can be configured to use a database on an LDAP The following ITU specification describes the schemas which are required to be installed on the LDAP server: Directory Server to store authentication credential information H.350...
  • Page 181: Microsoft Active Directory

    DNS entry in the subject alternative name extension. To configure the VCS to use TLS on the connection to the LDAP server you must upload the CA’s certificate as a trusted CA certificate. This can be done on the VCS by navigating to: •...
  • Page 182: Openldap

    LDAP server’s certificate. To configure the VCS to use TLS on the connection to the LDAP All three files should be in PEM file format. server you must upload the CA’s certificate as a trusted CA certificate.
  • Page 183 Bibliography TANDBERG TANDBERG VIDEO COMMUNICATION SERVER VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE ADMINISTRATOR GUIDE Reference Title Link ITU Specification: H.235 Security and encryption for H-Series (H.323 and other H.245-based) multimedia http://www.itu.int/rec/T-REC-H.235/en terminals ITU Specification: H.350 Directory services architecture for multimedia conferencing http://www.itu.int/rec/T-REC-H.350/en...
  • Page 184 A type of DNS record that maps a domain name to an IPv6 address. Administrator Policy In relation to the VCS, the set of rules configured system-wide (either via the web interface or CPL script) that determine the action(s) to be applied to calls matching a given criteria.
  • Page 185 Also known as IP masquerading. Rewriting source and destination addresses as the IP packet passes through the NAT device. Network Address Translation Node In relation to the VCS, a node is one end of a link. A node can be a local subzone or a zone. A protocol used for synchronizing clocks. Network Time Protocol Pipe In relation to the VCS, a means of controlling the bandwidth used on a link.
  • Page 186 A traversal entity on the private side of a firewall. Examples are a TANDBERG Gatekeeper or TANDBERG VCS. Traversal Server A traversal entity on the public side of a firewall. Examples are the TANDBERG Border Controller and the TANDBERG VCS with the Border Controller option enabled. Traversal-enabled endpoint Any endpoint that supports the Assent and/or ITU H.460.18 and H.460.19 standards for firewall traversal.
  • Page 187 TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE Philip Pedersens vei 22, 1366 Lysaker, Norway Telephone: +47 67 125 125 Fax: +47 67 125 234 Video: +47 67 117 777 E-mail: tandberg@tandberg.com Getting System System H.323 & SIP Registration Zones and Call...