TANDBERG Gatekeeper manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto TANDBERG Gatekeeper. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoTANDBERG Gatekeeper vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual TANDBERG Gatekeeper você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual TANDBERG Gatekeeper, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual TANDBERG Gatekeeper deve conte:
- dados técnicos do dispositivo TANDBERG Gatekeeper
- nome do fabricante e ano de fabricação do dispositivo TANDBERG Gatekeeper
- instruções de utilização, regulação e manutenção do dispositivo TANDBERG Gatekeeper
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque TANDBERG Gatekeeper não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos TANDBERG Gatekeeper e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço TANDBERG na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas TANDBERG Gatekeeper, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo TANDBERG Gatekeeper, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual TANDBERG Gatekeeper. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    TANDBERG Gat ekeeper User Guide Software version N5.1 D13381.07 January 2007 This document is n ot to be reproduced in whole or in part without permission in writin g from:[...]

  • Página 2

    TANDBERG Gatekeeper User Guide Page 2 of 105 Contents 1. Prod uct Informat ion 8 1.1. Tra de ma rks and C op yr ig ht ....................................................................................................... 8 1.2. Dis cl aim er ...........................................................................................................[...]

  • Página 3

    TANDBERG Gatekeeper User Guide Page 3 of 105 4.7. Alt ern ate s.............................................................................................................................. 23 4.8. Cal l P ro ces si ng Ov er vi ew....................................................................................................... 24 5. Transfo rm[...]

  • Página 4

    TANDBERG Gatekeeper User Guide Page 4 of 105 11.2. Ent er pri se Ga te kee pe rs ........................................................................................................ 48 11.3. Dia li ng Pub li c IP Ad d res ses ................................................................................................... 49 11.4. Nei ghb or [...]

  • Página 5

    TANDBERG Gatekeeper User Guide Page 5 of 105 16.1.7. IP ...................................................................................................................................................... 69 16.1.8. LD AP ..............................................................................................................................[...]

  • Página 6

    TANDBERG Gatekeeper User Guide Page 6 of 105 16.3.26. Su bZoneDele te ................................................................................................................................ 88 16.3.27. Tra nsformAd d ............................................................................................................................[...]

  • Página 7

    TANDBERG Gatekeeper User Guide Page 7 of 105 21. Bibliog raphy 102 22. Gloss ary 103 23. Index 104[...]

  • Página 8

    TANDBERG Gatekeeper User Guide Page 8 of 105 1. Product Inf ormation 1.1. Trademarks and Copy right Copyright 1993-2006 TANDBERG ASA. All rights reserved. This document contains information that is proprietary to TANDBERG ASA. No part of th is publication may be reproduced, stor ed in a retrieval system, or transmitted, in an y form, or by any mean[...]

  • Página 9

    TANDBERG Gatekeeper User Guide Page 9 of 105 1.3.2. European En vironmental Directives As a manufactur er of electrical and electronic equipment TANDBERG is responsible for compliance with the requirements in the Eur opean Directives 2002/96/EC (WEEE) and 2002/95/EC (RoHS). The primary aim of the WEEE Directive an d RoHS Directive is to reduce the [...]

  • Página 10

    TANDBERG Gatekeeper User Guide Page 10 of 105 1.4. Operator Safety Summary For your protection please read these safety instructions completely before you connect th e equipment to the power source. Carefully observe all wa rnings, precautions and instructions both on the apparatus and in these operatin g instructions. Keep this manual for future r[...]

  • Página 11

    TANDBERG Gatekeeper User Guide Page 11 of 105 1.4.7. Power connection and Hazardous voltage  The product may have hazardous volta ge inside. Never attempt to open this product, or any peripherals connected to th e product, where this action requires a tool.  This product should always be powered from an earthed power outlet.  Never connect[...]

  • Página 12

    TANDBERG Gatekeeper User Guide Page 12 of 105 2. Introduction This User Manual is provided to help you make the best use of your TANDBERG Gatekeeper . 2.1. Main Features The main features of the TANDBERG Gatekeeper are:  IPv4 and IPv6 support.  Supports up to 2500 registered endpoints.  Supports up to 100 neighboring zon es.  Flexible z[...]

  • Página 13

    TANDBERG Gatekeeper User Guide Page 13 of 105 Figure 1: Fron t panel of Gatekeeper On the back of the Gatek eeper (see Figure 2) there are:  a power connector  a power switch  a serial port (Data 2) for connecting to a PC. Figure 2: Rear pan el of Gatekeeper[...]

  • Página 14

    TANDBERG Gatekeeper User Guide Page 14 of 105 3. Insta llation 3.1. Precautions  Never install commun ication equipment during a lightning storm.  Never install jacks for comm unication cables in wet locations unless th e jack is specifically designed for wet locations.  Never touch uninstalled communication wires or terminals unless the c[...]

  • Página 15

    TANDBERG Gatekeeper User Guide Page 15 of 105 3.3. Unpacking The TANDBERG Gatek eeper is delivered in a special shipping box which should contain the following components:  Gatekeeper unit  Installation sheet  User manual and other docu mentation on CD  Rack-ears and screws  Kit with 4 rubber feet  Cables: o Power cables o One Eth[...]

  • Página 16

    TANDBERG Gatekeeper User Guide Page 16 of 105 4. Getting s tar t ed 4.1. Initial Configurat ion The TANDBERG Gatek eeper requires some configuration before it can be used. This must be done u sing a PC connected to the ser ial port (Data 1) or by connecting to the system's default IP address: 192.168.0.100. The IP address, subnet mask and gate[...]

  • Página 17

    TANDBERG Gatekeeper User Guide Page 17 of 105 9. Review other system settin gs. You may want to set the following: a. The name of the Gatekeeper. This is u sed by the TANDBERG Management Suite (TMS) to identify the Gatekeeper. See th e xConfiguration SystemUnit command (section 16.2.18) for more in formation on setting the name. b. Automatic discov[...]

  • Página 18

    TANDBERG Gatekeeper User Guide Page 18 of 105 You will be presented with the Overv iew screen: Note: HTTP and HTTPS must be enabled in order to use the web interface. This is don e using the following commands: xConfiguration HTTP Mode: <On/Off> xconfiguration HTTPS Mode: <On/Off> Note: If web access is required, you are reco mmended to[...]

  • Página 19

    TANDBERG Gatekeeper User Guide Page 19 of 105 Note: SSH and/or Telnet access must be enabled in order to use the command line inter face. This is done using the following commands: xConfiguration SSH Mode: <On/Off> xconfiguration Telnet Mode: <On/Off> Note: For secure operation you should use SSH in preference to Telnet. 4.2.3. Session [...]

  • Página 20

    TANDBERG Gatekeeper User Guide Page 20 of 105 4.4. IP Configuration The Gatekeeper may be configured to u se IPv4, IPv6 or both protocols. If using both pr otocols, the Gatekeeper will act as a gateway if necessary, allowing calls to be made between an IPv4-on ly endpoint and an IPv6-only endpoint. This behavior will use a traversal license for ea [...]

  • Página 21

    TANDBERG Gatekeeper User Guide Page 21 of 105 When registering, the endpoint registers with one or more of the following:  One or more H.323 IDs  One or more E.164 aliases. Users of other r egistered endpoints can then call the endpoint by using either the H.323 ID, a URI, an E.164 alias, or one of the s ervices. It is recommended tha t you d[...]

  • Página 22

    TANDBERG Gatekeeper User Guide Page 22 of 105 Hierarchical dial plan One Gatekeeper is n ominated as the directory gatekeeper for the deployment. All Border Controllers an d public Gatekeepers are neigh bored with it and vice versa. There is no need to neighbor the Border Controllers and public Gatek eepers with each other. Adding a new Border Cont[...]

  • Página 23

    TANDBERG Gatekeeper User Guide Page 23 of 105 4.7. Alternates Alternate Gatekeeper support is provided to increase the reliability of your deployment. If on e Gatekeeper becomes unava ilable, perhaps due to a network or power outage, another will be used as an Alternate. Alterna tes share responsibility for their endpoint commun ity: an individual [...]

  • Página 24

    TANDBERG Gatekeeper User Guide Page 24 of 105 4.8. Call Processing Over view Figure 6 illustra tes the process the Gatekeeper performs when receiving call requ ests. Receive Reque st from Endpoint (ARQ) or other gatekeeper (LRQ) Locally registered endpoint?   Yes Locally registered service?  Yes No IP address literal? No On local network? [...]

  • Página 25

    TANDBERG Gatekeeper User Guide Page 25 of 105 When an endpoint wants to call another endpoint it presents the address it w ants to call to the Gatekeeper using a pr otocol knows as RAS. The Gatekeeper applies any transforms (see section 5), tries to resolve the address, and if successful s upplies the calling endpoint with information about the cal[...]

  • Página 26

    TANDBERG Gatekeeper User Guide Page 26 of 105 5. T ransfor ming Dest ination Aliases 5.1. Alias Transfor ms The Alias Transforms function takes any aliases present in ARQ and LRQ mess ages and runs a set of transformations on them. The resulting aliases will then be used in the norma l Gatekeeper logic, exactly as if those aliases w ere unchanged. [...]

  • Página 27

    TANDBERG Gatekeeper User Guide Page 27 of 105 5.2. Zone Transform s It is possible to direct an incomin g location request to a different alias by r eplacing either the prefix or the suffix of the alias with a n ew string. Zone transform ru les are created either:  using the xconfiguration zones set of commands, or  using the web interface wh[...]

  • Página 28

    TANDBERG Gatekeeper User Guide Page 28 of 105 6. Unregistered Endpoints Although most calls are ma de between endpoints registered with a Gatekeeper or Bor der Controller, it is sometimes necessary to pla ce a call to or from an unregistered endpoint. 6.1. Calling from an Unregi stered End point An unregistered endpoint ca n call an endpoint regist[...]

  • Página 29

    TANDBERG Gatekeeper User Guide Page 29 of 105 When the Gatekeeper is used with a Border Controller for firewall traver sal, you will typically set CallsToUnknownIPAddresses to Indirect on the Gatekeeper and Direct on the Border Controller. This will allow ca lls originating inside the firewall to use the Gatek eeper and Border Controller to success[...]

  • Página 30

    TANDBERG Gatekeeper User Guide Page 30 of 105 7. Bandw idth Control 7.1. About Bandwidth C ontrol The TANDBERG Gatek eeper allows you to control endpoints' use of bandwidth on your netw ork. Figure 9 shows a typical n etwork deployment: a broadband LAN, where high bandwidth calls are acceptable; a pipe to the inter net with restricted bandwidt[...]

  • Página 31

    TANDBERG Gatekeeper User Guide Page 31 of 105 Figure 10: Configurin g a SubZone 7.2.1. Subzone links Subzones may be configur ed with links joining them to each other and to other z ones. These links are used to calculate how a ca ll is routed over the network and so which zones and subzones are involved. If multiple routes ar e possible, your Gate[...]

  • Página 32

    TANDBERG Gatekeeper User Guide Page 32 of 105 Figure 11: Configurin g a pipe Pipes may be shared between one or more links. This is used to model the situation where a site communicates w ith several other sites over the same broadband connection to the Internet. Each link may have up to two pipes associated with it. This is useful for modeling two[...]

  • Página 33

    TANDBERG Gatekeeper User Guide Page 33 of 105 Figure 12: Configurin g downspeeding options 7.4. Bandwidth Control and F irewall Traversal When a Border Controller an d Gatekeeper are being used to traverse a firewall, an additional zone an d subzone come into us e, as follows:  The traversal zone is used to represent the zone containing the Gate[...]

  • Página 34

    TANDBERG Gatekeeper User Guide Page 34 of 105 7.5. Bandwidth Control Exam ples 7.5.1. Example without a firewall One possible configuration for the deployment in Figure 9 is shown in Figure 13. Each of the offices is represented as a separa te subzone, with bandwidth configured according to local policy. The enterprise's leased line con nectio[...]

  • Página 35

    TANDBERG Gatekeeper User Guide Page 35 of 105 Figure 15: Border Contr oller example configura tion Figure 15 shows how the Border Controller cou ld be configured for the deployment in Figure 14. The introduction of the firewa lls means that there is no longer any direct connectiv ity between the Branch and Home offices. All traffic must be rou ted [...]

  • Página 36

    TANDBERG Gatekeeper User Guide Page 36 of 105 8. Registration Contr ol The TANDBERG Gatek eeper can control which endpoints are allowed to register with it. Two separate mechanisms are provided: a simple Registration Restriction Policy, and an authentication process based on user names an d passwords. It is possible to use both mechanisms at once: [...]

  • Página 37

    TANDBERG Gatekeeper User Guide Page 37 of 105 Figure 17: Configurin g registration restriction s 8.1.3. Managing entries in the Allow and Deny lists When adding entries to th e Allow and Deny lists, you can either specify an exact alias or use pattern matching to specify a group of aliases. Pattern matching uses a simple form of wild card expansion[...]

  • Página 38

    TANDBERG Gatekeeper User Guide Page 38 of 105 8.2. Authentication The TANDBERG Gatek eeper can use a user name and password based challeng e-response scheme to permit registrations. For details of how to configure your endpoint with the appr opriate information, please consult your en dpoint manual. The Gatekeeper supports th e ITU H.235 specificat[...]

  • Página 39

    TANDBERG Gatekeeper User Guide Page 39 of 105 Configuring LDAP base DN The Gatekeeper needs to be configured with the area of the directory which will be searched for the communication device information. This should be specified as the Distinguished Name (DN) in the directory under which the H.350 objects reside. To do th is, either issue the foll[...]

  • Página 40

    TANDBERG Gatekeeper User Guide Page 40 of 105 8.2.4. Securing the LD AP connection with TLS The traffic between the Gatek eeper and the LDAP server can be encrypted using Transport Layer Security (TLS). To use TLS, th e LDAP server must have a valid certificate installed so that the Gatekeeper can verify the server's identity. For more informa[...]

  • Página 41

    TANDBERG Gatekeeper User Guide Page 41 of 105 9. URI D ialing 9.1. About URI Diali ng If an alias is not located in the Gatekeeper's list of registrations, it may attempt to find an authoritative Gatekeeper through the DNS system. URI dialing makes it easier for endpoints registered with different Gatekeepers or Border Controllers to call each[...]

  • Página 42

    TANDBERG Gatekeeper User Guide Page 42 of 105 In addition, the DNS r ecords should be updated with the address of the Border Contr oller as the authoritative Ga tekeeper for the enterprise (see Appendix A). This ensures that calls placed using URI dialing enter an d leave the enterprise through the Border Controller, allowing successful traversal o[...]

  • Página 43

    TANDBERG Gatekeeper User Guide Page 43 of 105 9.4. DNS Records URI dialing relies on th e presence of records in the DNS information for the zone. For preferen ce service (SRV) records should be us ed. These specify the location of a server for a particular pr otocol and domain. Their format is defined by an Internet standard (RFC 2782 [3]) as _Ser[...]

  • Página 44

    TANDBERG Gatekeeper User Guide Page 44 of 105 10. ENUM D ialing 10.1. About ENUM Dialing ENUM provides another DNS- based dialing scheme. Users dial an E.164 number - a telephon e number - which is converted in to an H.323 URI by the D NS system. The rules for URI dialing are then followed to place the call. This allows you to retain the flexibilit[...]

  • Página 45

    TANDBERG Gatekeeper User Guide Page 45 of 105 Figure 19: Settin g the ENUM Zone[...]

  • Página 46

    TANDBERG Gatekeeper User Guide Page 46 of 105 10.3. Configuring DNS NAPTR Records ENUM relies on the pres ence of NAPTR records, as defined by RFC 2915 [7]. This is used to obtain a n H.323 URI from the E.164 nu mber. The record format that the Gatekeeper supports is: ;; order flag preference service regex replacement IN NAPTR 10 100 "u" [...]

  • Página 47

    TANDBERG Gatekeeper User Guide Page 47 of 105 11. Example T ra versal Deplo yments 11.1. Simple Enterprise Deployment Figure 20: Simple en terprise deployment Figure 20 shows a typical en terprise deployment. Endpoints 1001, 1002 and a Gatekeeper are deployed on a private netw ork, separated from the public network by a firewall and NAT. Endpoint 1[...]

  • Página 48

    TANDBERG Gatekeeper User Guide Page 48 of 105 11.1.2. Enabling incoming URI c alls In order to be able to receive calls placed to example.com using URI dialing, configure the following:  Set example.com as the domain name you are using o n both the Gatekeeper and Border Controller. This can be done v ia either: xConfiguration Gatekeeper LocalDom[...]

  • Página 49

    TANDBERG Gatekeeper User Guide Page 49 of 105 11.3. Dialing Public IP Addresses Figure 22: D ialing a public IP address Figure 22 shows a private endpoint (1001) ca lling an endpoint on a public IP address. In this case th e public endpoint is not r egistered to a Gatekeeper and can only be reached using its IP address. In order to successfully tra[...]

  • Página 50

    TANDBERG Gatekeeper User Guide Page 50 of 105 11.5. URI Dialing from within the Enter prise In this example, we wan t to set up our system so that users from within our en terprise can use URI dialing to call a user in another enterprise. To enable this: 1. Disable Allow DNS r esolution on the TANDBERG Gatekeeper. You want to use the Border Control[...]

  • Página 51

    TANDBERG Gatekeeper User Guide Page 51 of 105 12. Third Par ty Call Contr ol 12.1. About Third Party Call Control The Gatekeeper provides a thir d party call control API which enables you to place calls, disconnect calls, or initiate a blind transfer o f an existing call. The API is provided through the comman d line interface; it is not available [...]

  • Página 52

    TANDBERG Gatekeeper User Guide Page 52 of 105 12.3.2. Enabling call tran sfer To enable call tran sfer, either: issue the command: xConfiguration Services CallTransfer Mode: <On/Off> or go to Gatekeeper Configur ation -> Services and in the Call Tran sfer section, tick the Allow call tra nsfer box (see Figure 23). Figure 23: Ena bling call[...]

  • Página 53

    TANDBERG Gatekeeper User Guide Page 53 of 105 13. Call Policy 13.1. About Call Policy Your TANDBERG Ga tekeeper allows you to set up policy to control which calls are allowed and even redirect selected calls to different destinations. You specify this policy by uploading a s cript written in the Call Processing Language (CPL). Each time a call is m[...]

  • Página 54

    TANDBERG Gatekeeper User Guide Page 54 of 105 13.2. Making Decisions Based on Addres ses 13.2.1. address-switch The address-switch node allows the script to run different ac tions based on the source or destination aliases of the call. The address-switch specifies which fields to match and then a list o f address nodes con tains the possible matche[...]

  • Página 55

    TANDBERG Gatekeeper User Guide Page 55 of 105 address The address construct is used within an address-switch to specify addresses to match. It supports the use of Regular Expres sions (see Appendix C for further information). Note: All address comparison s ignore upper/lower case differences so address is="Fred" will match fred , freD etc[...]

  • Página 56

    TANDBERG Gatekeeper User Guide Page 56 of 105 13.3.2. proxy On executing a prox y node the Gatekeeper will attempt to forward the call to the locations s pecified in the current location set. If multiple entries are in the location set then they ar e treated as different aliases for the same destination and are all placed in the destination alias f[...]

  • Página 57

    TANDBERG Gatekeeper User Guide Page 57 of 105 13.5.2. Call screening based on domain In this example, user fred will not accept calls from anyone at annoying.c om , or from any unauthenticated users. All other us ers will allow any calls. <cpl> <incoming> <address-switch field="destination"> <address is="fred&quo[...]

  • Página 58

    TANDBERG Gatekeeper User Guide Page 58 of 105 14. Logging 14.1. About Logging The Gatekeeper provides logg ing for troubleshooting and auditing purposes. 14.2. Viewing the event log To view the event log, either issue the command: eventlog [ n /all] where n The number of lines (from end of event log) to display. all Displays the whole event log. or[...]

  • Página 59

    TANDBERG Gatekeeper User Guide Page 59 of 105 14.4. Event Log Format The event log is displayed in an extension of the UNIX syslog format: date time host_name facility_name <PID>: message_details where date the local date on which th e message was logged time the local time at which the message was logged host_name the name of the system gene[...]

  • Página 60

    TANDBERG Gatekeeper User Guide Page 60 of 105 14.5. Logged Events Events logged at level 1 Event D escription Eventlog Cleared An operator cleared the event log. Admin Session Start An administrator has logged on to the system. Admin Session Finish An administrator has logged off the s ystem. System Configuration Changed An item of configuration on[...]

  • Página 61

    TANDBERG Gatekeeper User Guide Page 61 of 105 Event D escription External Server Communication Failure Communication with an external server failed unexpectedly. The event detail data sh ould diff eren tiate between 'no response' and 'request rejected'. Servers concerned are:  DNS  LDAP servers  Neighbor Gatekeeper  [...]

  • Página 62

    TANDBERG Gatekeeper User Guide Page 62 of 105 Event data fields Each Event has associated data fields. Fields are listed below in the order in which they appear in the log message. Field Description Applicable Events Protocol Specifies which protoco l was used for the communication. Valid values are TCP or UDP Call Attempted Call Bandwidth Changed [...]

  • Página 63

    TANDBERG Gatekeeper User Guide Page 63 of 105 Field Description Applicable Events Src-ip Specifies the sourc e IP address (the IP address of the device attempting to es tablish communications). The source IP is recorded in th e dotted decimal format: (number). (number).(number).(number) or the IPv6 colon separated format. Call Attempted Call Bandwi[...]

  • Página 64

    TANDBERG Gatekeeper User Guide Page 64 of 105 Field Description Applicable Events Time A full UTC timestamp in YYYY/MM/D D-HH:MM:SS format. Using this format permits simple ASCII text sorting/orderin g to naturally sort by time. This is included due to th e limitations of standard syslog timestamps. All events Level The level of the event as define[...]

  • Página 65

    TANDBERG Gatekeeper User Guide Page 65 of 105 15. Sof tware Upgrading 15.1. About Software Upgrading Software upgrade can be done in one of two ways:  Using a web browser (HTTP/HTTPS).  Using secure copy (SCP). Note: To upgrade the Gatekeeper, a valid Release k ey and software file is required. Contac t your TANDBERG representative for more i[...]

  • Página 66

    TANDBERG Gatekeeper User Guide Page 66 of 105 3. Browse to the file containing the software and select Install . You will see a page indicating that upload is in progress: When the upload is completed you w ill see the following: 4. Select Restart . You will see a confirmation w indow: The system will then perform a second reboot to restore system [...]

  • Página 67

    TANDBERG Gatekeeper User Guide Page 67 of 105 To upgrade using SCP or PSCP: 1. Make sure the sys tem is turned on and available on IP. 2. Upload the release k ey file using SCP/PSCP to the /tmp folder on the system e.g. scp release-key root@10.0.0.1:/tmp/release-key or pscp release-key root@10.0.0.1:/tmp/release-key 3. Enter password wh en prompted[...]

  • Página 68

    TANDBERG Gatekeeper User Guide Page 68 of 105 16. Command R ef erence This chapter lists the basic usage of each command. The commands also support more advanced usage, which is outside the sc ope of this document. 16.1. Status The status root command, xstatus , retu rns status information from the Gatek eeper. 16.1.1. Listing all status informatio[...]

  • Página 69

    TANDBERG Gatekeeper User Guide Page 69 of 105 16.1.5. ExternalManager xstatus ExternalManager Returns information a bout the external manager. The External Mana ger is the remote system, such as the TANDBERG Managemen t Suite (TMS) used to manage the endpoints and network infrastru cture. Address Returns the IP address of th e external manager. Pro[...]

  • Página 70

    TANDBERG Gatekeeper User Guide Page 70 of 105 16.1.9. Links xstatus Links R eports call an d bandwidth information for all links on the system. xstatus Links Link < index > Reports call an d bandwidth information for the specified link. Name Returns the name assigned to this link Calls Returns a list of call in dices for calls currently activ[...]

  • Página 71

    TANDBERG Gatekeeper User Guide Page 71 of 105 16.1.13. ResourceUsage xstatus ResourceUsage Returns information a bout the usage of system resources. Registrations Number of currently active reg istrations. MaxRegistrations Maximum number of con current registrations since system TraversalCalls Number of currently active tra versal calls. MaxTravers[...]

  • Página 72

    TANDBERG Gatekeeper User Guide Page 72 of 105 16.1.16. Zones xstatus Zones Returns call and ban dwidth information for all zones on the system. Also shows status of th e zone as a whole and the status of ea ch gatekeeper in the zone. 16.2. Configuration The configuration root c ommand, xconfiguration , is used to configuration the system's set[...]

  • Página 73

    TANDBERG Gatekeeper User Guide Page 73 of 105 xconfiguration Authentication Mode: <On/Off> Specifies whether or not to use H.235 authentication of calls and registration s. The default is Off : no authentication is r equired. 16.2.2. Ethernet xconfiguration Ethernet Speed: <Auto/10half/10full/100half/100full> Sets the speed of the Ether[...]

  • Página 74

    TANDBERG Gatekeeper User Guide Page 74 of 105 xconfiguration Gatekeeper CallsToUnknownIPAddresses: <Off/Direct/Indirect> Specifies whether or not the Gatekeeper will attempt to call systems which are not r egistered with it or one of its neighbor gatek eepers. Options are: Direct Allows an endpoint to make a call to an unknown IP address with[...]

  • Página 75

    TANDBERG Gatekeeper User Guide Page 75 of 105 xconfiguration Gatekeeper Registration AllowList [1..1000] Pattern: < pattern > Specifies a pattern in the list of allowed registrations. If one of an endpoint' s aliases matches one of the patterns in the Allow L ist, the registration will be allowed. xconfiguration Gatekeeper Registration C[...]

  • Página 76

    TANDBERG Gatekeeper User Guide Page 76 of 105 16.2.5. HTTP/HTTPS Commands under th e HTTP and HTTPS nodes con trol web access to the Gatekeeper. xConfiguration HTTP Mode: <On/Off> Enables/disables HTTP support. The defau lt is On . You must restart the sys tem for changes to take effect. xconfiguration HTTPS Mode: <On/Off> Enables/disab[...]

  • Página 77

    TANDBERG Gatekeeper User Guide Page 77 of 105 xconfiguration IP DNS Domain Name: < name > Specifies the name to be appended to the doma in name before a query to the D NS server is executed, when attempting to res olve a domain name which is not fully qualified. Note: This parameter is only used wh en attempting to resolve server addresses su[...]

  • Página 78

    TANDBERG Gatekeeper User Guide Page 78 of 105 16.2.10. NTP xconfiguration NTP Address: < IPAddress > Sets the IP address of th e NTP server to be used when synchronizing system time. Accurate timestamps play a n important part in authentication, helping to guard aga inst replay attacks. 16.2.11. Option Key xConfiguration Option [1..64] Key: &[...]

  • Página 79

    TANDBERG Gatekeeper User Guide Page 79 of 105 16.2.14. Session xconfiguration Session TimeOut: <0..65534> Controls how long an administr ation session (HTTPS, Telnet or SSH) may be inac tive before the session is timed out. A value of 0 turns session time outs off. The default is 0 . You must restart the system for changes to take effect. 16.[...]

  • Página 80

    TANDBERG Gatekeeper User Guide Page 80 of 105 xconfiguration SubZones TraversalSubZone Bandwidth PerCall Limit: <1..100000000> Per-call bandwidth available on the tr aversal subzone. xconfiguration SubZones TraversalSubZone Bandwidth PerCall Mode: <None/Limited/Unlimited> Whether or not the traversa l subzone is enforcing per-call bandw[...]

  • Página 81

    TANDBERG Gatekeeper User Guide Page 81 of 105 16.2.18. SystemUnit xconfiguration SystemUnit Name: <name> The name of the unit. Choose a name that uniquely identifies the system. xconfiguration SystemUnit Password: <password> Specify the passwor d of the unit. The password is used to login with Telnet, HTTP(S), SSH, SCP, and on the seria[...]

  • Página 82

    TANDBERG Gatekeeper User Guide Page 82 of 105 xconfiguration Zones TraversalZone Match [1..5] Mode: <AlwaysMatch/PatternMatch/Disabled> The zone match mode determines wh en an LRQ will be sent to gatekeepers in the zone. If the mode is set to AlwaysMatch the zone will always be qu eried. If the mode is set to PatternMatch , the zone will only[...]

  • Página 83

    TANDBERG Gatekeeper User Guide Page 83 of 105 xconfiguration Zones Zone [1..100] Match [1..5] Pattern String: < pattern > The pattern to be used wh en decid ing wheth er or not to query a zone. This is only used if the zone's match mode is set to AlwaysMatch . xconfiguration Zones Zone [1..100] Match [1..5] Pattern Type: <Prefix/Suffi[...]

  • Página 84

    TANDBERG Gatekeeper User Guide Page 84 of 105 16.3. Command The command root c ommand, xcommand , is used to execute commands on the Gatekeeper . To list all xcommand s type: xcommand ? To get usage information for a specific command, type: xcommand < command_name > ? 16.3.1. AllowListAdd xCommand AllowListAdd < allowed_alias > Adds an [...]

  • Página 85

    TANDBERG Gatekeeper User Guide Page 85 of 105 16.3.7. CredentialDelete xCommand CredentialDelete <index> Deletes the indexed cr edential. 16.3.8. DefaultLinksAdd xCommand DefaultLinksAdd Restores the fac tory default links for bandwidth control. 16.3.9. DefaultValuesSet xCommand DefaultValuesSet Level <level> Resets system parameters to[...]

  • Página 86

    TANDBERG Gatekeeper User Guide Page 86 of 105 16.3.12. Dial xCommand Dial <callsrc> <calldst> Bandwidth: <bandwidth> Places call halves ou t to the specifi ed source a nd destination, joining them together. callsrc and calldst can be specified using eith er an alias or IP address. Bandwidth is in kbps. 16.3.13. DisconnectCall xCom[...]

  • Página 87

    TANDBERG Gatekeeper User Guide Page 87 of 105 16.3.15. FeedbackDeregis ter xCommand FeedbackDeregister <ID> Deregisters the specified Feedback Expression. All registered Feedback Express ions may be removed by issuing the command: xCommand FeedbackDeregister 0 16.3.16. FindRegistration xCommand FindRegistration < alias > Returns informa[...]

  • Página 88

    TANDBERG Gatekeeper User Guide Page 88 of 105 16.3.23. PipeDelete xCommand PipeDelete <index> Deletes the pipe with the s pecified index. 16.3.24. RemoveRegistration xCommand RemoveRegistration <index> Removes the specified registra tion. 16.3.25. SubZoneAdd xCommand SubZoneAdd < name > < address > <prefixlength> <t[...]

  • Página 89

    TANDBERG Gatekeeper User Guide Page 89 of 105 16.3.28. TransformDelete xCommand TransformDelete <index> Deletes the transform with the specifi ed index. Note: a list of all curr ent transforms can be obtained using the command: xconfiguration gatekeeper transform . 16.3.29. ZoneAdd xCommand ZoneAdd < name > < IPAddress > Adds a ne[...]

  • Página 90

    TANDBERG Gatekeeper User Guide Page 90 of 105 16.4. History The history root comman d, xhistory , is used to display historical data on the Gatekeeper. To list all xhistory commands type: xhistory ? To list all history data, type: xhistory To show a specific set of histor y data, type: xhistory <name> 16.4.1. calls xhistory calls D isplays hi[...]

  • Página 91

    TANDBERG Gatekeeper User Guide Page 91 of 105 16.5. Feedback The feedback root comman d, xfeedback , is used to control notifications of events a nd status changes on the Gatekeeper. A Feedback Expression describes an interesting event or change in status. When a Feedback Expression is registered, a notification will be displayed on the console for[...]

  • Página 92

    TANDBERG Gatekeeper User Guide Page 92 of 105 16.5.3. Register event xfeedback Register Event Registers for all a vailable Events. xfeedback Register Event/ <CallAttempt/Connected/Disconnected/ConnectionFailure/Registration/ Unregistration/Bandwidth/ResourceUsage> Registers for feedback on the occurrence of the specified Event. Note: Register[...]

  • Página 93

    TANDBERG Gatekeeper User Guide Page 93 of 105 16.6. Other Commands 16.6.1. about about Returns information a bout the software version installed on the system. 16.6.2. clear clear <eventlog/history> Clears the event log or histor y of all calls and registrations. 16.6.3. eventlog eventlog < n /all> Displays the event log. The event log [...]

  • Página 94

    TANDBERG Gatekeeper User Guide Page 94 of 105 17. Append ix A: Configu ring DNS Ser vers In the examples below, w e set up an SRV record to handle H.323 URIs of the form user@example.com These are handled by the s ystem with the fully qualified domain name of gatekeeper1.example.com which is listening on port 1 719, the default registration port. I[...]

  • Página 95

    TANDBERG Gatekeeper User Guide Page 95 of 105 18. Append ix B: Conf iguring LDAP Ser vers 18.1. Microsoft Active Directory 18.1.1. Prerequisites These comprehensive step- by-step instructions assume that Active Directory is installed. For details on installing Active Dir ectory please consult your Windows documentation. The following instruction s [...]

  • Página 96

    TANDBERG Gatekeeper User Guide Page 96 of 105 18.1.3. Securing with TLS To enable Active Directory to use TLS, you must request and install a certificate on th e Active Directory server. The certificate mus t meet the following requirements:  Be located in the Loca l Computer's Personal certificate store. This can be seen using the Certific[...]

  • Página 97

    TANDBERG Gatekeeper User Guide Page 97 of 105 18.2.3. Adding H.350 objects 1. Create the orga nizational hierarchy Create an ldif file with the following c ontents: # This example creates a single organizational unit to contain # the H.350 objects dn: ou=h350,dc=my-domain,dc=com objectClass: organizationalUnit ou: h350 Add the ldif file to the serv[...]

  • Página 98

    TANDBERG Gatekeeper User Guide Page 98 of 105 18.2.4. Securing with TLS The connection to the LDAP server can be encrypted by enabling Transport Level Security (TLS) on the connection. To do this you must create an X.509 certificate for the LDAP server to a llow the Gatekeeper to verify the server's identity. Once th e certificate has been cre[...]

  • Página 99

    TANDBERG Gatekeeper User Guide Page 99 of 105 19. Append ix C: R egular Express ion Ref erence Regular expressions can be us ed in conjunction with a number of Gatekeeper features such as alias transformations, z one transformations, CPL policy and ENUM. The Gatek eeper uses POSIX format regular expression synta x. For an example of regex usage, se[...]

  • Página 100

    TANDBERG Gatekeeper User Guide Page 100 of 105 20. Append ix D: T echnical data 20.1. Technical Specifications 20.1.1. System Capacity  2500 registered trav ersal endpoints  100 traversal calls at 384 k bps  500 non-traversal calls  100 zones Option keys may restrict th e system to a lower capacity than specified above. 20.1.2. Ethernet[...]

  • Página 101

    TANDBERG Gatekeeper User Guide Page 101 of 105 20.1.9. Hardware MTBF  Hardware MTBF: 80,479 hours 20.1.10. Power Supply  250 Watt  90-264V full range @4 7- 63 Hz 20.1.11. Certification  LVD 73/23/EC  EMC 89/366/ECC 20.2. Approvals This product has been approved by various inter national approval agencies, among others CSA and Nemko. [...]

  • Página 102

    TANDBERG Gatekeeper User Guide Page 102 of 105 21. Bibliogr aph y 1 ITU Specification: H.235 Security and encr yption for H-Series (H.323 and other H.245-based) multimedia terminals http://www.itu.int/rec/T-REC-H.235/en 2 ITU Specification: H.350 Directory services architectur e for multimedia conferencing http://www.itu.int/rec/T-REC-H.350/en 3 RF[...]

  • Página 103

    TANDBERG Gatekeeper User Guide Page 103 of 105 22. Gloss ar y Alias The name an endpoint uses when registering with the Gatekeeper. Other endpoints can then use this name to call it. ARQ, Admission Requ est An endpoint RAS requ est to make or answer a call. DNS Zone A subdivision of the D NS namespace. example.com is a DNS zone. E.164 An ITU standa[...]

  • Página 104

    TANDBERG Gatekeeper User Guide Page 104 of 105 23. Index — A — about ......................................................................... 93 account Administr ator Accou nt........................................19 Root Accou nt ...................................................... 19 Active Di rectory ....................................[...]

  • Página 105

    TANDBERG Gatekeeper User Guide Page 105 of 105 LDAP ................................................................... 38, 69 LDAP over TLS .................................................... 40, 96 LDAP sch ema ............................................................ 96 LDAP serv ers - c onfigur ing ........................................ 9[...]