NN44473-101_02.01_mas14_mas-fundamentals

8/6/2019 NN44473-101_02.01_mas14_mas-fundamentals

1/60

Media Application Server

FundamentalsRelease: MAS 14.0Document Revision: 02.01

www.nortel.com

NN44473-101.


2/60


Release: MAS 14.0

Publication: NN44473-101

Document release date: 2 July 2010

Copyright 2008-2010 Nortel Networks. All Rights Reserved.

While the information in this document is believed to be accurate and reliable, except as otherwise expressly

agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF

ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document aresubject to change without notice.

Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.

All other trademarks are the property of their respective owners.

.


3/60

3.

Contents

New in this Release 7Features 7

Other changes 7

Introduction 9About MAS 9

Related books 9

Overview 11Media Application Server 11

Network deployment options 11

Supported platform 12

License requirements 12

Web based configuration and management features 12

Packaged application support 13

Session Initiation Protocol features 13

Media processing features 13

Audio and video codecs 14Playing and recording audio 14

Digit collection and relay methods 15

Conferencing 15

Media security 15

Media Quality of Service 15

Report generation 15

Content store 16

MAS security features 16

Conferencing services and MLPP 16

Administration 19Element Manager overview 19

Navigating Element Manager 20

Interface features 21

Basic interface operation 22

Central authentication, authorization, and auditing 23

UCM security server roles 24

Media Application ServerFundamentals

NN44473-101 02.01 2 July 2010


.


4/60

4

RBAC concepts 25

Policies 30

Limit access control views 31

Certificates 31

Element status and operational controls 33

Element Status 33

Starting, stopping and restarting 33

Operational states 34

Cluster configuration and status monitoring controls 34

Cluster configuration 34

Cluster status 34

License management 34

Server licensing 35

Nodal licensing 36

Signaling configuration 36

SIP configuration 36Media configuration 36

Quality of Service 37

Audio codecs 37

Video codecs 38

Digit relay (DTMF) 38

Media security 39

Monitoring and logging global configuration support 39

Monitoring 39

Logging 41

Application management 43

Packaged applications 43Reporting 44

Backup and restore 44

General settings 44

Backup Tasks 44

Restore 45

Backup Destination 45

History logs 45

Media management 46

Advanced settings 46

Disaster recovery 47

Configuration fundamentals 49Initial security configuration 49

MAS configuration work flow 49

License configuration work flow 50

Network management protocol configuration 51

SNTP 51


NN44473-101 02.01 2 July 2010


.


5/60

5

SNMP 51

SOAP 52

Connection security 52

Network configuration 52

IP address assignment and traffic classes 52

QoS audio and video DSCP settings configuration 53

QoS monitoring and alerting configuration 53

SIP configuration work flow 53

Terminology 55


NN44473-101 02.01 2 July 2010


.


6/60

6


NN44473-101 02.01 2 July 2010


.


7/60

7.

New in this Release

The following section details whats new in Media Application ServerFundamentals for release MAS 14.0:

"Features" (page 7)

"Other changes" (page 7)

FeaturesThe feature impacting this document in MAS 14.0 isthe MAS on a Linuxplatform. Feature related changes can be found in the following sections:

"MAS security features" (page 16)

"Supported platform" (page 12)

Other changesThere are no other changes in this document related to the MAS 14.0release.


NN44473-101 02.01 2 July 2010


.


8/60

8 New in this Release


NN44473-101 02.01 2 July 2010


.


9/60

9.

Introduction

This document describes the fundamental topics for Media ApplicationServer (MAS).

Navigation

"Overview" (page 11)

"Administration" (page 19)

"Configuration fundamentals" (page 49)

"Terminology" (page 55)

About MASThe MAS provides a robust, scalable software platform for hostingmultimedia applications. The platform is designed for generic multimediaprocessing, and is based on standard open protocols.

Related booksThe following books provide more details on the MAS:

Media Application Server Troubleshooting (NN44473-700)

Media Application Server Documentation Roadmap (NN44473-100)

Media Application Server Overview - Services and Features(NN44473-102)

Media Application Server Deployment and Engineering Guide(SEB08-00-033)

Media Application Server Configuration(NN44473-500)

Media Application Server Administration and Security (NN44473-600)

Media Application Server Fault Management (NN44473-702)


NN44473-101 02.01 2 July 2010


.


10/60

10 Introduction


NN44473-101 02.01 2 July 2010


.


11/60

11.

Overview

This chapter provides an overview of what you need to know to work withthe Media Application Server (MAS).

Navigation

"Media Application Server " (page 11)

"Network deployment options" (page 11)

"Supported platform" (page 12)

"License requirements" (page 12)

"Web based configuration and management features" (page 12)

"Packaged application support" (page 13)

"Session Initiation Protocol features" (page 13)

"Media processing features" (page 13)

"Report generation" (page 15)

"Content store" (page 16)

"MAS security features" (page 16)

Media Application ServerThe Media Application Server (MAS) is a software based, mediaprocessing server. All media processing is performed in software on thehost CPU(s). The MAS architecture facilitates unique scalability for all corefunctions of the platform, including signaling, application execution, contentmanagement and media processing.

Network deployment optionsYour network can be configured as a standalone system or as a cluster ofmultiple servers.


NN44473-101 02.01 2 July 2010


.


12/60

12 Overview

Configure the following aspects of your network from the appropriatepages in Element Manager (EM):

Cluster configuration (primary, secondary, standard)see "Clusterconfiguration and status monitoring controls" (page 34)

SIP configuration (general settings, domains and accounts, nodes androutessee "SIP configuration" (page 36)

Supported platformMAS is installed on one of the the following hardware types supplied byNortel:

IBM HS21 (8853) with 1 or 2 hard disks and a minimum of 2GB RAM

IBM HS20 (8843) with 1 or 2 hard disks and a minimum of 2GB RAM

Langley HT

With the release of MAS 14.0, only the 64-bit version of Red Hat Linux issupported, which requires compatible 64-bit hardware.

License requirementsYour maximum number of simultaneous active sessions is determined bythe number of purchased licenses. Applications will not function if they areinstalled without the proper licensing.

MAS supports the following licensing models:

Nodal licenses

Web based configuration and management featuresElement Manager (EM) is a web-based administration tool that facilitatesthe configuration and management of MAS.

EM allows control of the following:

Licensing configuration

System operational state management

Alarm and event log viewer

Alarm and event log configuration and filtering

Clustering configuration Backup and restore

SNMP and Syslog support

Network multi-netting and traffic classes

Monitoring of:


NN44473-101 02.01 2 July 2010


.


13/60

Media processing features 13

Advanced (including Component Status, Advanced Protocols,Troubleshooting Archive Generator and Security Logs)

Active sessions

Operational measurements

Session detail records

Protocols

Packaged application supportPackaged applications are off-the-shelf applications. You can manage andconfigure these applications using Element Manager.

A packaged application is installed and configured using its own installer.The installer adds application configuration data and translations to theMAS. As part of the installation process you need to configure license keysfor all packaged applications.

Session Initiation Protocol featuresThe MAS platform supports Session Initiation Protocol (SIP) for call andsession signaling. SIP provides a standard means to establish sessions,negotiate capabilities, invoke applications, and exchange data with MAS.SIP signaling provides generic session establishment.

The MAS platform uses SIP Transport Layer Security (TLS) forsecuring SIP signaling. MAS manages a list of trusted network sources,and signaling from non trusted sources route to a network proxy forauthentication. MAS supports a SIP trunking mode that allows reuse of

connections to and from network proxies for subsequent calls to reducethe overhead of TLS signaling.

SIP routes define all SIP proxy and SIP registrar servers a MAS nodecan communicate with. MAS uses SIP routes designated as a SIP proxyserver for routing outbound SIP requests for outbound traffic load sharingand failover. MAS registers applications with all configured SIP registrars.Registration is optional based on your MAS configuration and digestauthentication support.

Media processing featuresMAS supports text, audio and video for most multimedia processingfeatures. The system is capable of streaming audio and video in a varietyof codecs and formats, fully synchronized from the server, unbuffered andin real-time. The system can deliver text through both instant messagingand web push methods.


NN44473-101 02.01 2 July 2010


.


14/60

14 Overview

Audio and video codecsMAS supports the following audio codecs:

ITU-T G.711 a-law & -law

ITU-T G.729A

MAS supports the following video codecs:

NNVC (DIVX-4)

H.263, H.263+, H.263++

Transcoding audioMAS can transcode to and from the following audio formats:

Linear 16-bit PCM, 8KHz Mono

Linear 8-bit PCM, 8KHz Mono

G.711 alaw

G.711 ulaw

G.729

Playing and recording audioMAS can stream media files (also called prompts or announcements) in allsupported codecs. These files are not limited to audio.

VCR controls are available for controlling media playback

Pause: suspend the existing request

Resume: continue the existing request Adjust positive: skip ahead a specific number of milliseconds within theexisting request

Adjust negative: skip backwards a specific number of millisecondswithin the request

Stop: cancel the existing request

Media files are cached locally on the system and are transcoded intotemporary files. Subsequent requests for the media file use the transcodedfile and are packetized without further processing.

Files that surpass a configurable hit rate are pulled into memory in theirpost transcoded form and packetized directly. An uncached file that is noteligible for caching, is transcoded in real-time.


NN44473-101 02.01 2 July 2010


.


15/60

Report generation 15

Digit collection and relay methodsMAS supports the most popular SIP INFO Digits formats andRFC2833/4733 for digit relays. SIP INFO and RFC2833/7433 are fullyconfigurable, including preference rank.

ConferencingMAS supports multimedia conferencing for audio and video streams inlarge and small conferences.

The conferencing algorithm uses mixing, which means that you can hearup to four parties simultaneously. Each channel runs a voice activitydetector (to determine speech vs. background noise), an automatic gaincontrol algorithm, and a dynamic jitter buffer with compaction and packetloss concealment.

Media security

Media security provides the ability for the MAS to secure media streamswith cryptographic protection based on RFC 3711 (The Secure Real-timeTransport Protocol [SRTP]). SRTP is an RTP (RFC 3550) profile withsymmetrical data encryption that provides the following security services:encryption, message integrity, and replay protection.

Media Quality of ServiceMAS supports Differentiated Services (DiffServ) packet marking onoutgoing Real-time Transport Protocol (RTP) streams. The system defaultis set to DiffServ Control Point (DSCP) with expedited forwarding (EF),which is a widely supported indicator for Quality of Service (QoS)-enablednetworks carrying real-time audio and video data.

MAS contains the Telchemy VQMON agent for QoS monitoring andRTCP-XR support for exchange of metrics. R-Factor, jitter, and losspacket is continually monitored for each call. Calls that fall below aconfigured R-Factor threshold are logged. All QoS statistics are archivedwith session detail records (SDR) for analysis.

Report generationThe reporting framework is based on third-party Jasper reports, a flexiblesolution which can generate complex reports. The reporting frameworkenables administrators to generate reports on demand and providesautomated report generations based on a configured time schedule. Thereporting framework supports CSV, HTML, and XML reporting types.Scheduled reports can deliver through e-mail or File Transfer Protocol(FTP).


NN44473-101 02.01 2 July 2010


.


16/60

16 Overview

Content storeMAS contains an onboard content storage feature that provides a reliable,network accessible store for multimedia content. You can configure MASto replicate data across multiple content stores to provide High Availabilityand redundancy.

MAS security featuresMAS provides the following security features:

secure communications using IP Security (IPSec): Secures messagesbetween servers.

Public Key Infastructure (PKI): Certificates, certificate revocation,communication using public and private keys ensure privatecommunications.

user password policy rules: Rules for password length, composition,and aging reduce unlawful user entry.

user roles: User roles permit different levels of access to MAS, andlimit access to particular groups of functions.

user account creation: At installation time, pre-configured or individualLinux and EM user accounts are created, depending on the level ofsecurity required.

security logs: Linux audit logs, Quantum security logs, and EM securitylogs track changes to the system, including users logging in to thesystem and configuration changes.

Conferencing services and MLPPMultilevel Precedence and Preemption (MLPP) provides the ability topreempt a calll of lesser priority when a call of greater priority cannotaccess the MAS conferencing services.

When a user connects to the MAS Ad Hoc conferencing service or theMAS Meet Me conferencing service, the call can specify a precedencelevel. Precedence callers hear the precedence ringback tone before thecall connects to the conference.

If a caller to the conferencing service cannot access the conference due tolack of system resources, the call can preempt a lower priority conference

call (if one is available). When preemption occurs, the lower priority callreceives a preemption tone before the call disconnects. If there areno calls of a lower priority, the caller receives the Blocked PrecedenceAnnouncement.

The precedence levels (from lowest to highest level are

Routine


NN44473-101 02.01 2 July 2010


.


17/60


18/60

18 Overview


NN44473-101 02.01 2 July 2010


.


19/60

19.

Administration

This chapter explains Media Application Server Administrationfundamentals. For step-by-step information about MAS platformAdministration, see Media Application Server Administration and Security(NN44473-600).

Navigation "Element Manager overview" (page 19)

"Element status and operational controls" (page 33)

"Cluster configuration and status monitoring controls" (page 34)

"License management" (page 34)

"Signaling configuration" (page 36)

"Media configuration" (page 36)

"Monitoring and logging global configuration support" (page 39)

"Application management" (page 43) "Reporting" (page 44)

"Backup and restore" (page 44)

"Media management" (page 46)

"Advanced settings" (page 46)

"Disaster recovery" (page 47)

Element Manager overviewThis chapter explains Element Manager (EM) fundamentals. Forstep-by-step information about EM, see Media Application ServerCommissioning (NN44473-301).

EM is a web-based administration tool that facilitates the Operation,Administration, and Maintenance (OAM) of Multimedia Applications (MA)products running on the Multimedia Application Server (MAS). Introduced


NN44473-101 02.01 2 July 2010


.


20/60

20 Administration

with the MAS product offering, EM serves as a common managementutility for configuring and managing a media server and the products (suchas MAS) that run on it.

Navigating Element Manager

The EM layout includes a branding banner, task selection pane,breadcrumbs area, and a content area as illustrated in the following figure.

Figure 1Element Manager interface

Management activities are performed in the content area of the page. Thedisplayed content is dependent on the selected top-level framework orsystem element context and the task selection within this context.

The welcome page appears first after logon. It contains a welcomemessage and a message to assist the administrator to begin.

The top of the content area includes the hostname and management IPaddress of the component being managed. Element Manager dividesproperties into categories, to which you can navigate from the menu pane.Each category appears on a separate page. Categories are further dividedinto subcategories, which appear as sections on the category page. Youcan jump to a section within the page with the shortcut links at the top ofthe configuration table.


NN44473-101 02.01 2 July 2010


.


21/60

Element Manager overview 21

The branding banner area contains the image of the Nortel logo. Inaddition to indicating what application you are in (for example EM), thebranding banner provides a context sensitive Help link and a Logout link.Click the Help link to open context sensitive help in a new browser. TheLogout link logs you off of EM and returns you to the Login page.

You can perform task selection and element navigation using the threefollowing elements on the EM screen:

Menu pane

Network Navigation

Breadcrumbs

These three components are central to the work flows that theadministrator performs for routine OAM activities. You can initiate workflows from the menu pane. The menu pane displays a menu of tasks that

the administrator can perform in the content area. With the exceptionof the network tasks, the scope of OAM activities the administrator canperform is limited to the current element to which the administrator islogged on to. To facilitate the management of multiple elements in thenetwork, You can view elements in the network with the network navigatorcomponent and navigate to them individually to perform OAM tasks.Finally, the administrator can find the information about the elementcurrently being managed and the task currently being performed withthe ability to navigate up the hierarchy of management screens in thebreadcrumb area.

Interface featuresInitiate all tasks from the menu pane on the left side of the screen.The items listed in the menu pane are grouped into two sections. Thetop section of the menu pane contains a link to network-wide servicesthat can affect the operation of all network elements or network-wideentities such as Network, User Services, Security, and Tools. The lowersection contains tasks related to the operation, administration, andmaintenance of the network element to which the administrator is loggedon. The element-level section is further divided into task groupings. Thehighest-level groupings include System Status, System Configuration,Products and Applications, Licensing, Tools, and Cluster Configuration.Each task group contains a set of related tasks.

Tasks that an administrator must perform for MAS platform and applicationadministration, operations, and maintenance appear in the lower section ofthe menu pane. These are grouped into six categories:

System Status: The administrator can view current and historicalinformation pertaining to the status of the system with system statustasks. These tasks include element status, cluster status, alarmviewing, event log viewing, and monitoring. The monitoring task


NN44473-101 02.01 2 July 2010


.


22/60

22 Administration

includes active session monitoring, operational measurements, andprotocol monitoring. The component status and advanced protocolsare advanced functionality therefore; they are categorized as advancedmonitoring tasks.

Cluster Configuration: The administrator can access the serverdesignation, replication settings, and advanced settings.

System Configuration: The administrator can view and modify theMAS platform configuration. Configuration categories include generalsettings, network settings, media, signaling, monitoring settings,advanced settings, logging, and EM configuration.

Products and Applications: This category lists all installed applications.Expanding an application displays all tasks specific to the operation,administration, and maintenance of that application.

Licensing: The administrator can configure the license server andlicense keys if a license server is installed on the node. Administratorscan view license server status, add and remove license keys, setlicense key low water marks, and view the current users of licenses.

Tools: The administrator can backup of system and customer data withthe back up and restore tool. The administrator can use the reports toolto generate reports of archived OMs.

Basic interface operationYou can expand categories or higher-level tasks to reveal subtasks in themenu pane by clicking on the expansion point that appears to the left ofthe category or task label. If an item contains subitems, a plus (+) symbolappears before it. Click the + to expand the item, displaying its contentsbelow it.

Click the minus (-) symbol before the label to collapse expanded items.The expansion state of subtasks is maintained when their parent iscollapsed. For items that contain no subitems, the expansion pointappears as a minus symbol.

Click on the item label in the menu pane to select and launch the followingassociated task in the content area:

Task Category: If the category is collapsed, it is expanded. Aninformation screen for the task is displayed in the contents area . Thisscreen shows a high-level description of the category of tasks and a

brief description for each task in the category. Task names appearas hyperlinks. A click of the task name launches the task, and isequivalent to selecting the task from the menu pane.

Task: The task is launched in the content area.


NN44473-101 02.01 2 July 2010


.


23/60


You can start a task in a new browser window by using the right-clickmenu of the Web browser. You should right-click on the task to beperformed and choose the option to open the page in a new window. Anew browser window appears with a banner area, menu pane, and taskselected in the content area.

You can scroll each section of the menu pane independently. Verticalscrollbars appear in a section when its contents cannot be displayedwithout vertical clipping. Horizontal scrollbars can also appear when thecontents of the menu pane sections cannot be displayed without horizontalclipping. You can use the vertical line separating the menu pane and thecontent and breadcrumb areas to resize the menu pane horizontally.

Some configuration items are designed to enable or disable certainfeatures on the page. When a feature is disabled by the administrator, anyconfiguration settings relevant to that feature appear grayed out on the

screen.

Use Save to save the changes to the platform. No changes are made tothe platform configuration until you click Save. Before the configuration isstored in the MAS database, the administrator input is validated. If anyerrors are detected during validation, the configuration is not saved, andthe page is redisplayed with error messages. The administrator needs tocorrect these errors and click Save to save the changes. After the changeshave been saved, the administrator returns to the parent of the currentpage, which is often the previous page.

If you decide not to save the changes made to the configuration, click

Cancel to cancel any changes to be made to the configuration. A click ofthe cancel button returns you to the parent of the current page (usually theprevious screen) without saving any changes to the configuration.

Restore Defaults is used to restore every configuration parameter on thescreen to its default value. After a click of Restore Default, every fielddisplays its default value. Click Save to save the default values to theplatform.

If any error is detected on the page, an error message is displayed,describing the problem in general. Text describing the error in detail (if

applicable) appears to the right or below the fields in question in red. Theadministrator must correct the errors before resaving the page. Invaliddata is never saved.

Central authentication, authorization, and auditingThe MAS system incorporates central authentication, authorization, andauditing.


NN44473-101 02.01 2 July 2010


.


24/60

24 Administration

Authentication is the process through which UCM determines if a user cangain access to the elements in your MAS system. Central authenticationeliminates the need to have user IDs and passwords for each product orserver. Instead, you can log on to the UCM security framework using asingle user ID and password (also known as single sign-on) to gain access

to any application or server for which the administrator has permissions.

Authorization (also known as access control) is the process of determiningand enforcing assigned privileges for an authenticated user. To providecentral authorization, UCM uses the Role Based Access Control (RBAC)model. With this model, users see only what you authorize them to seebased on their assigned roles and permissions.

Auditing is the process by which UCM methodically measures the securityof the MAS system. To provide central auditing, UCM uses audit loggingfeatures. The UCM framework logging feature records user activity, usage

patterns, and authorization violations. The logs collect information such asdenials, approvals, and code exceptions. Only security administrators canview log information. On the Logs page in UCM. To navigate to the Logspage, click Tools > Logs in the navigation pane.

UCM security server rolesYou can assign one of three roles to a UCM security server in a UCMnetwork: Primary, Backup, or Member.

Attention: UCM server roles are different from the roles used in MAS

clustering.

A brief description of each UCM server role follows.

Primary: Each UCM network must have one Primary securityserver. The designated UCM Primary security server stores alladministrator identities, authorization data, and security configurationdata. The system must contact and query the Primary security serverfor all authentication, authorization, audit logging, and certificatemanagement.

Only the UCM primary security server runs the private CertificateAuthority, so only the UCM primary security server can issuecertificates for new member servers. The UCM primary securityserver is also the only server from which you can use the certificatemanagement console.

In addition, only the UCM primary security server has the write accessto all security-related data. Thus, you must configure all UCM optionson the UCM Primary security server.


NN44473-101 02.01 2 July 2010


.


25/60


A UCM Primary security server contains, as part of its installation,the primary security repository. You cannot demote the Primary to aBackup or Member server after you configure it.

Member: A UCM Member security server is a part of a UCM network.A UCM Member security server must send all security requests to thecorresponding UCM Primary security server. If the Primary securityserver is not available, then the network directs requests to the Backupsecurity server. If the Backup security server is also unavailable, thenthe system displays the local login page on the UCM Member securityserver to provide emergency access.

RBAC conceptsThe Unified Communications Management (UCM) security frameworkuses the Role Based Access Control (RBAC) model to determine a usersauthorization. In this model, each user is identified through a uniqueidentity, and each identity can have one or more user accounts for differentelements. To configure access rights for user accounts, the securityadministrator assigns permissions to roles, and then assigns these rolesto users.

The following figure is an example of the MAS RBAC model.


NN44473-101 02.01 2 July 2010


.


26/60


27/60


IdentitiesIn the MAS RBAC model, security administrators must assign a uniquedigital identity to each user in a company. This identity contains a userscredentials and authorization rights. All identities are stored in security

services, and this information is used by servers or products on thenetwork.

Each identity can have different user accounts for different managedelements. Security administrators can manage these identities to create,read, update, or delete user accounts. You can manage identities on theAdministrative Users page in UCM. To navigate to the AdministrativeUsers page, click User Services, Administrative Users in the navigationpane.

AccountsThe UCM security framework supports the following types of useraccounts:

local account

built-in account

emergency account

external account

Built-in accountsUCM has one built-in account that security administrators must use to

log on to the system after installation. This built-in account is callednortelmasadmin, and it has the following built-in roles:

NetworkAdministrator

PowerUser

SecurityAdministrator

Attention: With the built-in admin account, security administrators canadd, delete, and edit managed elements; however, they cannot directlyaccess the management applications of the managed elements. Nortelrecommends that security administrators create new accounts and assignroles to those accounts for access to the managed elements based ontheir specific security policy requirements.


NN44473-101 02.01 2 July 2010


.


28/60


29/60


External accountsYou can set up external accounts to allow Unified CommunicationsManagement (UCM) to authenticate administrators with externalauthentication. A MAS performs external authentication throughLightweight Directory Access Protocol (LDAP), Remote Authentication Dial

In User Service (RADIUS), or Kerberos.

Administrators can configure only one external authentication authorityof each type (that is, LDAP, RADIUS, and Kerberos). You can configureexternal accounts in UCM on the External Identity Repositories page. Tonavigate to the External Identity Repositories page, click User Services> External Authentication.

An external user has a shadow entry inside the persistent repository of theUCM security framework. The security framework uses the shadow entryto assign roles to the external user.

Attention: The security administrator role is not available for externalLDAP users.

Users cannot initialize or change passwords for external users throughUCM. The external authentication authorities store the external accountpasswords.

Permissions

Permissions specify which management functions a user can perform onan element. Security administrators assign permissions to roles, and thenassign these roles to users.

You can map permissions to a role on the Roles page in UCM. Tonavigate to the Roles page, click Security, Roles in the navigation pane.For information about mapping permissions, see Media Application ServerAdministration and Security (NN44473-600).

RolesRoles define a set of management functions a user can perform on an

element. Security administrators assign roles to users. You can map rolesto users on the Roles page in UCM. To navigate to the Roles page, clickSecurity, Roles.


NN44473-101 02.01 2 July 2010


.


30/60

30 Administration

The MAS publishes a set of default roles into Unified CommunicationsManagement (UCM). You can assign default roles to administrators, or youcan create custom roles. For information about assigning roles or creatingcustom roles, see Media Application Server Administration and Security(NN44473-600).

PoliciesIn the UCM security framework, users can configure policies forpasswords, security, and the sign sign-on cookie domain. You canconfigure policies on the Policies page in UCM. To navigate to the Policiespage, click Security, Policies.

Password aging policyThe security administrator can specify the number of days for the followingpassword aging parameters:

password expiration period

password expiration warning

minimum password age

Password history policyUCM uses the password history policy to verify that a password is new.The security administrator can define the number of previously usedpasswords to reject. The default value of passwords to block is 6.

Password strength policySecurity administrators can configure the password strength policy todefine specific parameters for passwords. If a password does not meet therequired parameters, the system rejects the password.

Security administrators can specify if the password must contain a specificnumber of lower case, upper case, numeric, or special characters. Anexample of a special character is an exclamation mark (!). Passwordsmust have a minimum of eight alphanumeric characters.

Password lockout policyThe password lockout policy allows you to specify the following:

a limit for the number of times that a user can attempt to access UCM

the number of minutes between consecutive invalid logon attempts

the number of minutes to lock out users after they reach the maximumnumber of failed logon attempts

A user is locked out of the UCM framework when the specified number oflogon attempts is reached. By default, the user is locked out after 5 failedattempts.


NN44473-101 02.01 2 July 2010


.


31/60


Login warning bannerSecurity administrators can change the text for the login warning bannerthat appears when you log on to Unified Communications Management(UCM).

Single sign-on cookie domainWhen the primary and backup security servers are configured in differentdomains, users can change the single sign-on (SSO) cookie domain toensure that the domains match. You must match the primary and backupSSO cookie domains to ensure that you can log on to one application orserver on the MAS, and then navigate to another application or server andremain authenticated.

Limit access control viewsIn the RBAC model, a users role determines their permissions and thetasks available to them. By default, Element Manager (EM) hides or grays

out unauthorized tasks in the menu pane and content area.

CertificatesUnified Communications Management (UCM) uses certificates for securecommunication between a Web browser and a Web server. Certificatesare used for the following:

Web interfacing using Secure Sockets Layer (SSL)

Session Initiation Protocol (SIP) signaling using Transport LayerSecurity (TLS)

UCM manages certificates using the X.509 standard for Web SSL, which

ensures that certificates are issued by a Certificate Authority (CA) thatbinds a public key to a particular distinguished name.

You can manage certificates on the Certificate Management page inUCM. To navigate to the Certificate Management page, click Security,Certificates in the navigation pane. The UCM certificate managementinterface supports the following:

add, replace, and list stored certificates

add, remove, and replace certificate association with a distinguishname

add, remove, and list trusted certificate authorities display of a list of currently revoked certificates

Certificate authoritiesA Certificate Authority (CA) is a trusted entity that issues, renews, andrevokes certificates. You can use UCM to install certificates from both itsprivate CA or public CAs.


NN44473-101 02.01 2 July 2010


.


32/60

32 Administration

The UCM security framework uses only one private CA to sign internallygenerated certificates. Once UCM generates the private CA, you cannotchange it. Configuration information for the private CA on the primarysecurity server is typically entered during the initial security configuration.

A public CA is either an existing internal CA of the customer organization(for example, the CA from the customers Information Technology (IT)department) or an outside commercial CA (for example, Verisign orThawte).

Certificate typesUCM certificate management supports three types of certificates:

Certificates signed by the private CA hosted on the UCM primarysecurity server. The MAS creates a private CA during the installation ofthe UCM primary security server. You can use the private CA to issuecertificates to remote devices in the same security domain. When the

UCM primary security server issues a certificate and distributes it to aremote device, the remote device automatically adds the root certificateof the private CA to its trusted certificate list. As a result, devices thatuse certificates issued by the same private CA always trust each other.

Certificates signed by a public CA. You can use the UCM X.509Certificate Management page to generate a Certificate Signing Request(CSR) from a target device, and then send the CSR to a public CAto obtain a certificate response, which contains an X.509 certificate.You can use the UCM Certificate Management page to process thecertificate response returned from a public CA, and thereby, distributethe X.509 certificate to the target device. To access the CertificateManagement page, click Security > Certificates.

Self-signed certificates. A self-signed certificate is not issued by CA.This type of certificate does not provide any authentication, and isvulnerable to a man-in-the-middle attack. Nortel recommends that youavoid using self-signed certificates.

SIP TLSWhen UCM distributes the SIP TLS certificates that are signed by theprivate CA to the Network Routing Service or SIP Gateway, the privateCA is automatically added to the trusted CA list of the Network RoutingService or SIP Gateway. Therefore, if all the Network Routing Service and

SIP Gateway elements use certificates signed by the private CA, UCMautomatically configures mutual authentication for SIP TLS among them.


NN44473-101 02.01 2 July 2010


.


33/60

Element status and operational controls 33

Web SSLDuring the primary security service installation, the private CA issues aWeb SSL certificate that is installed as part of the primary security service.Use the Web SSL certificate for the UCM Web server and the LDAPserver. The security administrator must configure the Web SSL certificate

for the primary security server by using the UCM Certificates link.

Certificate revocation listsA certificate revocation list (CRL) is a list of certificates that are revokedand should not be trusted.

You can use the MAS system to revoke certificates that you issuedpreviously, to get a list of revoked certificates, and to update the CRL.You can manage CRLs on the Certificate Management page by clickingthe Private Certificate Authority tab and navigating to the CertificateRevocation List (CRL) Details pane.

Element status and operational controlsThe Element Status page is available from the System Status menu in EM.It shows the following information about the element:

Element Name

UUID

Server Address

Service

Operational State

Version Element Status

Alarm Description

Element StatusThe Element Status shows the most severe alarm reported for the selectedelement. For example, an element with Critical and Minor active alarmshas an overall status of Critical. An element with no alarms has a status ofNormal.

Click an element name to view alarm details for the selected element.

Starting, stopping and restartingUse the Start, Stop, and Restart buttons to change the Service Status ofthe Media Application Server respectively.


NN44473-101 02.01 2 July 2010


.


34/60

34 Administration

Operational statesUse the More Actions drop-down to change the operational state of theelement to one of the following:

More Actions

Lock Pending Lock

Cluster configuration and status monitoring controlsA cluster is a collection of MAS nodes that work closely together andessentially can be viewed as one. You must configure the hierarchy withinthe cluster before you can configure the system. This activity should bedone shortly after installation.

Cluster configurationIn Server Designation, you define your primary server and all secondary

servers. The local server starts with the Primary role by default. Whendefining your servers, you must provide the following information:

Replication account username and password

Role (primary, secondary, or standard)

Server Address

Server UUID

From the Replication Settings page you can enable or disable the SDR,OM and Configuration Replications.

Advanced Settings are automatically configured based on your ServerDesignations. You should not change these settings.

Cluster statusThe Cluster Status page is available from the System Status menu in EM.It shows the following information about all elements in the cluster:

element name

UUID

most severe alarm status

description for an existing alarm, if any element role information

License managementYou can use the licensing section of Element Manager to configurelicensing information.


NN44473-101 02.01 2 July 2010


.


35/60

License management 35

The following list items describe the four distinct task areas within thelicensing section, each with its own subset of tasks:

Licensing configuration: Use this section to configure licensing (LicenseServer or Nodal Licensing) and to add or replace license keys.

License utilization threshold: Use this section to set the threshold forlicense usage, which is expressed as a percentage of all licenses inuse. Once this threshold is reached, a notification alarm is generated.The default threshold value is 85%.

License server status: Use this section to manage the licenseserver, and display its operational status and operational mode. Theoperational status indicates whether the license server is initializing,running, or dormant, or if the status cannot be determined. Theoperational mode of the server is either Active or Standby. However, ifthe license server is not running, the system cannot obtain the mode.With the License Server Status page you can to start, stop, or restartthe license server by clicking the respective buttons located at the top

of the page. The buttons are applicable only to the License Server thatis currently being configured.

Advanced settings: Do not reconfigure the default values in theAdvanced Settings pages. These defaults are set for optimalperformance of the MAS platform. If you think these settings need tobe changed, contact Nortel Technical Support to discuss the changes.Reconfigure these settings only under explicit direction from NortelTechnical Support.

Server licensing

In server licensing mode, a cluster shares licenses that float across allits MAS nodes. To set up server licensing, you must use a RedundantLicense Servers cluster licensing configuration. In this configuration, youinstall license servers on the two MAS nodes in the cluster designated asthe cluster primary and secondary nodes.

Cluster primary and secondary license servers operate in the threefollowing states:

Starting up: During the license server startup process, the licenseserver is in starting-up state, and it does not respond to any licenserequests.

Active: The server that is serving license requests is in the active state. Standby: The idle server is in the standby state.

Each license server broadcasts a message to its local subnet to detect itsredundant partner. It correspondingly sets itself to the active, or standbystate, depending on the state of the other server. If both servers are instarting up state, the one with the larger IP address becomes active and


NN44473-101 02.01 2 July 2010


.


36/60

36 Administration

the other becomes standby. The larger IP address is defined to be thelarger of the two integers representing the Internet standard dot notationaddresses.

When a server is in the active state, it responds to license requests from

clients and expects health check messages from the standby server. Italso broadcasts a message every 80 seconds to detect if there is anyother active server is in the subnet.

When a server is in standby state, it does not respond to license requests.It opens a TCP/IP connection to the active server and sends out healthcheck messages periodically. If the active server goes down, the standbyserver switches to the active state until the previously active server isrestarted and becomes active.

During the license server startup process, the license server is in the

starting-up state, and it does not respond to any license requests. Afterinitialization, the license server changes to the standalone state andstarts to serve license requests. You can view the license server stateinformation on the License Server Status page in Element Manager. Tonavigate to the License Server Status page, click Licensing, LicenseServer Status in the navigation pane.

Nodal licensingIn Nodal licensing mode, licenses are bound to a particular MAS platformand are not shared across MAS nodes. In this node-locked configuration,you must configure each MAS node with its own license key. For example,if your MAS cluster contains five MAS platforms, you need five different

licenses keys.

Signaling configurationYou can configure the SIP settings from the Signaling Configuration pages.

SIP configurationYou can configure the following from the SIP settings pages:

General Settings

Domains and Accounts

Nodes and Routes

Media configurationThis section outlines the media configuration support of the MAS.


NN44473-101 02.01 2 July 2010


.


37/60

Media configuration 37

Quality of ServiceMAS supports Differentiated Services (DiffServ) packet marking onoutgoing Real-time Transport Protocol (RTP) streams. The system setsthe DiffServ Control Point (DSCP) to expedited forwarding (EF), whichis a widely supported indicator for Quality of Service (QoS)-enabled

networks carrying real-time audio and video data. Network routers that areQoS-enabled examine the type of service bits in the IP header and providepriority (with respect to routing and handling) to those packets markedwith expedited forwarding. In addition to marking packets, MAS uses highresolution, interrupt-driven timers to drive RTP packetization at preciseintervals. MAS follows RFC 2598 which designates the EF bit pattern.

MAS uses flow specifications for each codec to identify packet deliverycharacteristics to the operating system, enabling it to prioritize (internally)packets destined to and from the network interface card (NIC). Theframework ensures that QoS marked packets sent from MAS media

processors are not dropped or delayed in their delivery to the wire. MAScan reserve a percentage of NIC bandwidth for its media processors.This ensures that management and signaling does not affect the qualityof the audio or video streams in use on the platform. The use of flowspecifications also offers some denial of service protection as the transportlayers discard packets (instead of attempting to process them) that do notconform to the flow specification.

MAS contains the Telchemy VQMON agent for QoS monitoring andRTCP-XR support. R-Factor, jitter, and packet loss are continuallymonitored for each call. Calls that fall below a configured R-Factorthreshold are logged. All QoS statistics are archived with session detail

records (SDR) for analysis.

To configure QoS monitoring and streaming settings, use the SystemConfiguration, Media, General Settings page in Element Manager.

Audio codecsTo configure audio codec settings, use the System Configuration >Media > Audio Codecs page in Element Manager. You can complete thefollowing configuration tasks for audio codecs:

Enable or disable audio codecs. The following audio codecs aresupported:

G.711-ULAW

G.711-ALAW

G.729A

EVRC-0

AMR


NN44473-101 02.01 2 July 2010


.


38/60

38 Administration

Configure the preferred order of enabled codecs for negotiation(Session Description Protocol [SDP] answer) or default SDP (SDPoffer).

Enable packet time (ptime) for each codec.

Configure the default ptime for each codec.

Video codecsTo configure video codec settings, use the System Configuration >Media > Video Codecs page in Element Manager. You can configure thefollowing video codec settings:

Enable or disable video codecs. The following video codecs aresupported:

H.263

H.263+

H.263++

NNVC (Nortel Networks Video Codec)

Configure the preferred order of enabled codecs for negotiation (SDPanswer) or default SDP (SDP offer).

Enable frame rates for each codec.

Configure the default frame rate for each codec.

Configure the preferred format for each codec

Configure the Annex profile for each codec (if required).

Digit relay (DTMF)To configure digit relay, use the System Configuration > Media > DigitRelay (DTMF) page in Element Manager. You can configure the followingdigit relay properties:

Enable or disable the dual-tone multi-frequency (DTMF) relay method.The following DTMF relay methods are supported:

INFO digits

RFC2833/4733

Configure the preferred order of enabled DTMF relay methods fornegotiation (SDP answer) or default SDP (SDP offer).

Configure the RFC2833 payload type. Nortel recommends that youselect the default payload type, which is determined dynamically.However, some clients require a fixed payload type.


NN44473-101 02.01 2 July 2010


.


39/60


Media securityTo configure media security settings, use the System Configuration >Media > Media Security page in Element Manager.

Secure SIP signaling is provided by employing SIP Transport Layer

Security (TLS), which is supported by the Radvision stack. In addition, theMAS manages a list of trusted network elements and rejects (redirect tonetwork proxy) any signaling requests from nontrusted nodes.

Media security provides the ability for the MAS to secure media streamswith cryptographic protection based on RFC 3711 (The Secure Real-timeTransport Protocol [SRTP]). SRTP is an RTP (RFC 3550) profile withsymmetrical data encryption that provides the following security services:encryption, message integrity, and replay protection. Secure RTCP(SRTCP) provides the same security services to RTCP as SRTP does toRTP. SRTP message authentication protects the RTCP fields that keep

track of membership, provide feedback to RTP sends, or maintain packetsequence counters. M5T SRTP stack is used to deliver the media securityfeature.

SRTP/SRTCP uses a master key and a master salt to derive a sessionencryption key, session authentication key, and a session salt key formedia encryption. The master keys are exchanged and negotiated throughSession Description Protocol (SDP) with key management protocolextension. Several key management protocol extensions are defined forSRTP. RFC 4568 (Session Description Protocol Security Descriptions forMedia Streams) is supported in this release.

Monitoring and logging global configuration supportThis section outlines the monitoring and logging global configurationsupport of the MAS.

MonitoringThis section outlines the monitoring global configuration support for theMAS.

Event logsAn event log is a historical view of events that occurred on the system.Event logs have the following severity levels:

Alert

Critical

Major

Minor

Emergency


NN44473-101 02.01 2 July 2010


.


40/60

40 Administration

Error

Warning

Info

Debug

Indeterminate

Notice

You can enable and configure Event log throttling for an event so that onlythe most recent event log and contents are buffered. The most recent logis generated when the Throttle Check Interval property is exceeded alongwith an instance count for that event. Log throttling prevents the event logsfrom being flooded with recurring events.

To view event logs in Element Manager, choose System Status, Event

Logs. You can filter event logs by identifier, date, severity, and class. Thefollowing table describes the fields that are displayed for each event log.

Table 1Event log fields

Field Description

Id Identifier assigned to the event log.

Severity The severity type of the event log (alert, critical,major, minor, emergency, error, warning, info, debug,indeterminate). In addition, a colored icon representsthe log severity type. Red indicates an error eventlog, yellow indicates a warning event log, and white

indicates informational event log.

Date and Time The timestamp of when the event is logged. The dateand time when the event is last reported. By default,the table is sorted so the most recent event appearsat the top of the table.

Class The class of the event. Available classes includeAudit, Configuration, Data, Fault, Information,Maintenance, Metrics, Security, and State.

Description A description of the event log. To view further detailsabout the event log, click the option button beside theapplicable event ID. The details appear in the bottom

portion of the page.

Operational measurementsThe following types of operational measurements are supported:

Counters: Counters are used to record and track activity on the system.An example of a counter would be the total number of calls over thelife of the system. Counters are named registers that start from zero


NN44473-101 02.01 2 July 2010


.


41/60


and increment upward only. Counters are only incremented, neverdecremented. A counter can increment in chunks of any size. Countersreset automatically after a component restarts.

Gauges: Gauges provide real-time information about the runningsystem. An example of a gauge would be the number of active calls

at any point in time during the life of the system. Gauges can beincremented and decremented.

Selected operational measurements are archived to the local platformarchive database and are stored in the Statistics table. Archivedoperational measurements are typically processed or analyzed later usingthe historical reports in Reporter. Archived operational measurementscan be replicated to the primary and secondary node in a cluster so thatoperational measurements can be consolidated for cluster-wide historicalreports. Operational measurements written to the Statistics table can beviewed in Element Manager (System Status, Monitoring, Operational

Measurements), and the following table shows how information isdisplayed.

Table 2Selected operational measurements details

Field name Description

Category Category or type of operational

measurement.

Name Operational measurement counter orgauge name.

Current Value Current value of the operational

measurement.Previous Value Value recorded during last interval.

Previous Interval Low Water Mark Low value recorded during lastinterval.

Previous Interval High Water Mark High value recorded during lastinterval.

Interval Value Value of interval time.

Previous Interval Duration (sec) Interval duration. The default is 900sec. (15 minutes).

LoggingThis section outlines the logging global configuration support for the MAS.

System diagnosticsYou can place the system in diagnostic mode for logging by selecting theEnable System Diagnostic Mode check box on the System Configuration,Logging, System Diagnostic page in Element Manager.


NN44473-101 02.01 2 July 2010


.


42/60

42 Administration

Attention: Enabling the system diagnostic mode can cause systemperformance degradation.

SysLogSysLog is a standard for forwarding log messages in an IP network. TheMAS platform optionally supports SysLog over User Datagram Protocol(UDP) for the delivery of logs and alarm history to one or more SysLogserver destinations.

To enable or disable SysLog delivery, use the SYSLOG Delivery of Logsproperty (found in the Element Manager). To configure one or moreSysLog server destinations, use the SYSLOG Destination Server Listproperty (found in the Element Manager). You can enter the IP address

of the SysLog server.

Session loggingConfigure the following SDR properties under the System Configuration >Logging > Session Logging section of Element Manager:

Session Detail Record Archiving: This check box enables or disablesthe archiving of session detail records. The default is enabled.

Session Detail Record Archive Minimum Record Age (Days): Sessiondetail records older than configured days are removed when cleanup isinitiated. The default is 90 days.

Session Detail Record Archive (Detail Records): The maximum numberof session detail records before cleanup is initiated. The default is 1296 000 records. Approximately 5k of storage is required for eachSDR.

The MAS creates a Session Detail Record (SDR) for each individualsession that originates from or terminates to the platform. An SDRincludes detailed information about each session, which you can use fortracking and billing purposes.

The platform archives all SDR to the local platform database. Thesearchived records are used by the platform to generate reports. Theplatform ensures that the archive does not grow too large by deletingold records based on the configuration. You can view records in eitherreal-time or in historical reports. Archived SDRs can be replicated to theprimary and secondary node in a cluster so that SDRs can be consolidatedfor cluster-wide historical reports.


NN44473-101 02.01 2 July 2010


.


43/60

Application management 43

Operational measurements logsThe platform archives selected operational measurements to the localplatform database. The platform uses these archived operationalmeasurements to generate reports. The platform ensures that the archivedoes not grow too large by deleting old records based on the configuration.

Configure the following operational measurements properties under theSystem Configuration, Logging, OMs section of Element Manager:

Archive Operational Measurements: This check box enables ordisables the archiving of operational measurements. The default isenabled.

Operational Measurement Archive Minimum Record Age: OperationalMeasurements older than the configured number of days are removedwhen cleanup is initiated.

Operational Measurement Archive Size: The amount of archivedoperational measurements data to store before cleanup is initiated.

Operational Measurement Reset Interval: The interval in minuteswhen operational measurements are archived and reset. A value of 0disables the reset feature. The default is every 15 minutes.

Debug loggingYou can find the following settings related to debug logging in the SystemConfiguration, Logging, Debug section of Element Manager.

You can enable or disable Platform debug logging using ElementManager; a restart of the platform is not required. The system stores

Debug logs in the directory \common\logs, where is the directory in which the system installs software. The default directoryis /var/mcp. The system also creates trace files for each platformcomponent.

Application managementPackaged applications can be deployed on MAS.

Packaged applicationsA packaged application is installed and configured using its own installer.The installer adds application configuration data and translations to the

MAS. As part of the installation process you need to configure license keysfor all packaged applications.

Packaged applications can only be installed after the MAS has beeninstalled and configured.


NN44473-101 02.01 2 July 2010


.


44/60

44 Administration

Use the EM to view installed packaged applications, their version andoperational state. Packaged applications are found under Products andApplications, Custom Applications.

ReportingTo configure reporting settings, use the Tool > Reports page in ElementManager.

MAS includes a report generation framework and 3rd party reportingframework based on Jasper reports.

Backup and restoreIt is important to back up your data to ensure that you can restore youroriginal data if it is lost.

You can perform backup and restore tasks on the Backup and Restore

page in Element Manager (EM). To navigate to the Backup and Restorepage, click Tools, Backup and Restore. This page includes the followingtask categories:

General settings

Backup Tasks

Restore

Backup Destination

History Log

General settingsWhen you backup or restore your data, all actions are logged in a log file.You can set the value of "Store history and log files up to" parameter todefine the duration for store history. The log file refreshes after the definedduration, that is, after this duration, the history will not be stored in the logfile.

Backup TasksTo back up your data, you must first define a backup task and then specifya schedule.

A backup task specifies what to back up and where to store the backupdata. You can manage backup tasks on the Backup Tasks page inElement Manager. To navigate to the Backup Tasks page, click Tools,Backup and Restore, Backup Tasks. On the Backup Tasks page, you canadd a new backup task, and edit or delete an existing backup task.


NN44473-101 02.01 2 July 2010


.


45/60


46/60

46 Administration

To customize the history log, you can do the following:

Use the View list to filter your tasks. The options are show all tasks,backup tasks only, or restore tasks only. The default is all tasks.

Use the Refresh Interval list to select the refresh interval for the history

log. The default value is set at 30 seconds. Click a header link to sort the list in ascending or descending order.

Media managementOn the Media Management page, you can manage media files of manyformats, including sound, video, .xml, plain text, or zipped files. Tonavigate to the Media Management page, log on to Element Manager (EM)and click Tools, Media Management in the navigation pane.

You can perform the following actions on media files:

upload

rename

copy

move

search

download

delete

In EM, you can organize media into content namespaces and content

groups. Use content namespaces to divide media into logical containers.Use content groups to subdivide the media in a content namespace intological groups.

You can initially provision a content namespace by using one .zip file forthe whole content namespace or by creating one content group at a time.After the media file is uploaded, EM displays it in a tree view. The root ofthe tree is the content namespace and individual content groups appearbelow it with + or - icons before their names. EM displays the namespace,and the content groups in the left pane, and the media files contained inthe selected content group in the right pane. The media file list includes

the file name, content type, and size of the file; the time initially created;the time last modified; and the version information. You can browsecontent namespaces and add, rename, or delete content groups.

Advanced settingsAccess the Advanced Settings page from Cluster Configuration, AdvancedSetting. These values are automatically configured based on changesmade on the Server Designation page.


NN44473-101 02.01 2 July 2010


.


47/60

Disaster recovery 47

Disaster recoveryYou can recover the primary server to restore critical operations if youexperience a disaster situation.

To ensure successful recovery, you must implement a disaster recovery

plan when you configure a Media Application Server (MAS). To plan fordisaster recovery, follow these best practices:

Designate the secondary server in a different location than the primaryserver to protect the secondary server from natural or user-induceddisasters that affect the primary server.

Create an off-site location to protect the backup system from natural oruser-induced disasters that affect the primary system.

Create a full backup task to ensure successful recovery of all data if adisaster situation occurs.

Define a daily backup schedule to ensure successful recovery of

up-to-date data if there is a disaster situation.

If you experience a disaster situation, you must restore the primary serverto reestablish critical operations. This operation involves installing theMedia Application Server (MAS) software on a primary MAS server. Then,you must restore the latest full backup.

For more information about Disaster recovery procedures, see MediaApplication Server Administration and Security (NN44473-600).


NN44473-101 02.01 2 July 2010


.


48/60

48 Administration


NN44473-101 02.01 2 July 2010


.


49/60


50/60

50 Configuration fundamentals

A standalone configuration includes only a primary server to configure. Nosecondary or standard servers require configuration.

Figure 3MAS Configuration work flow

License configuration work flowLicense servers are used in cluster configuration. In a cluster, the licenseservers reside only on the primary and secondary servers in the cluster.Configure your licenses so they can be maintained by the license server.


NN44473-101 02.01 2 July 2010


.


51/60

Network management protocol configuration 51

Figure 4License configuration work flow

Network management protocol configurationThis section outlines the network management protocol configurationsupport of the MAS.

SNTPAdd the IP address or hostname of the Simple Network Time Protocol(SNTP) server in the SNTP Source Server field in Element Manager. TheSNTP Source Server is used to synchronize the clocks of all nodes in thecluster.

SNMPThe MAS platform provides Simple Network Management Protocol(SNMP) management. SNMP supports outgoing traps for logs and alarmsto remote SNMP-based Network Management Stations (NMS). In addition,NMS can query alarm table and audit services. Traps use the NortelReliable MIB format to support active and cleared alarm notifications aswell as informational log messages.

In Element Manager (EM), SNMP is configured in the SystemConfiguration > Network Settings section to activate the delivery of alarmsand logs using SNMP traps. You can enable or disable the sendingof traps when alarms are raised or cleared, or when event logs are

generated.

Both SNMP v1 and v2c are supported by the MAS platform. SNMP usescommunity names to authenticate messages. The community name issimilar to a password that is shared by the SNMP NMS and the MASSNMP agent. The community name must be the same value on both theNMS and the MAS SNMP agent.


NN44473-101 02.01 2 July 2010


.


52/60


The MAS SNMP agent supports queries on the ActiveAlarm table andaudits for resynchronization with the management server. These queriescan be in the form of Get requests on specific fields or GetNext requestsfor table traversal.

SOAPThe Simple Object Access Protocol (SOAP) is used to exchangeExtensible Markup Language (XML) messages over a network.

The MAS platform provides a set of Web services, which can be usedto manage, monitor, configure, or access a set of services or resourcesprovided by the platform. The SOAP server acts as a mini-embeddedWeb server and exposes the following MAS Web services: applicationAPIs, content store APIs, and Management APIs. You can access theseWeb services by using SOAP-formatted XML messages over HTTP 1.1transport.

To enable the MAS Web services, you must configure the trusted nodesthat are allowed to send requests to the MAS Web services. In ElementManager, trusted nodes are configured on the System Configuration,Network Settings page. First, select the Enable Trusted SOAP Nodescheck box and then enter one or more hostnames or IP addresses in theTrusted Nodes field . You must separate Multiple entries in the TrustNodes field with a semicolon.

Connection securityTo configure connection security in Element Manager, see the SystemConfiguration > Network Settings page.

You can configure the following properties:

Attention: You can enable and select multiple ciphers in order ofstrength.

Network configurationThis section outlines the network configuration of the MAS.

IP address assignment and traffic classesAssign the IP address for the available traffic classes on the SystemGeneral Settings page in EM.

The traffic classes include:

signaling


NN44473-101 02.01 2 July 2010


.


53/60


media

cluster

OAM

QoS audio and video DSCP settings configurationConfigure Quality of Service (QoS) settings for streaming on the SystemConfiguration, Media page.

Options include:

Audio QoS

QoS Maximum Bandwidth Per H.263 Video Flow

QoS Maximum Bandwidth Per NNVC Video Flow

Video QoS

QoS monitoring and alerting configurationConfigure Quality of Service (QoS) settings for media on the SystemConfiguration, Media, General Settings page.

Options include:

Enable QoS monitoring

Alert interval in milliseconds

Critical R Threshold

Maximum Alerts

Refresh Interval in seconds Warning R Threshold in percentages

SIP configuration work flowSIP provides a standard means tor establish sessions, negotiatecapabilities, invoke applications, and exchange data with the MAS.

The following work flow shows the process for configuring your MAS SIPsignaling.


NN44473-101 02.01 2 July 2010


.


54/60


Figure 5SIP configuration work flow


NN44473-101 02.01 2 July 2010


.


55/60

55.

Terminology

The following table describes common terminology associated with theMedia Application Server (MAS) .

Term Description

Backup A copy of data. The copy is preserved in case thesystem the data was copied from fails, is damaged,

or changes to an undesired state.

Certificates A security tool used to identify secure packages ofdata over a network.

Cluster A collection of servers on the MAS.

Codec Short for Compression Decompression, the codec isused for transmitting media files over a network.

Commercial-Off-The-Shelf (COTS)

Generic purchased hardware that can be used in awide variety of installations.

Conferencing A means of including more than two people in anaudio or video interaction.

Counters A measurement tool to record the number of timesan event occurs.

Dual-tone multi-frequency(DTMF)

A signaling technology used for signaling over atelephone network.

Differentiated Services(DiffServ)

A computer network architecture designed tomanage and provide Quality of Service over anetwork.

Element Manager (EM) A web-based tool used for configuring andmanaging MAS and its components.

Event An incident that is either recorded or causes other

actions to occur.Extensible MarkupLanguage (XML)

A specification for creating customizable mark uplanguages such as VXML and CCXML.

File Transfer Protocol(FTP)

A network protocol used for transmitting files overa network.

Gauge A tool for providing real-time information about thesystem.


NN44473-101 02.01 2 July 2010


.


56/60

56 Terminology

Term Description

Graphical User Interface(GUI)

A visual interface used for interacting with acomputer system.

License An identification showing the number of users can

be active for a piece of software.Lightweight DirectoryAccess Protocol (LDAP)

An application protocol for working with directoryservices over a network.

Logging An action for recording actions in a log.

Media Application Server(MAS)

A software based, media processing server. Allmedia processing is performed in software onthe host CPU(s). The MAS architecture facilitatesunique scalability for all core functions of theplatform, including signaling, application execution,content management and media processing.

Permissions A security tool that identifies what actions can be

performed by a given role.

Policies Security rules that govern the behavior andactions of a computer system. These rules tell thecomputer what actions to take in the case of certainevents, independent of human intervention.

Quality of Service (QoS) A means of controlling priorities betweenapplications for access to resources.

Quick Fix Engineering(QFE)

A tool for implementing small changes to MAS.

Real-time TransportProtocol (RTP)

A protocol for transmitting audio and video over anetwork.

Restore An action of copying backed up data to a system.

Remote AuthenticationDial In User Service(RADIUS)

A protocol for managing large networks.

Roles An identified role in a system that can be assignedpermissions.

Role Based AccessControl (RBAC)

A means of restricting access to a network or partsof a network based on assigned roles.

Session DescriptionProtocol (SDP)

A protocol for describing initialization parameters ofstreamed media.

Session InitiationProtocol (SIP)

A protocol for creating and removing communicationsessions over a network.

Simple NetworkManagement Protocol(SNMP)

A protocol for monitoring devices attached to anetwork.


NN44473-101 02.01 2 July 2010


.


57/60


Term Description

Simple Object AccessProtocol (SOAP)

A protocol for transmitting and receiving XMLmessages over a network.

Standalone An installation of a single server with MAS.

Transport Layer Security(TLS)

A technology for providing secure communicationsover a network.

Unified CommunicationsManagement (UCM)

A framework for providing security when usingElement Manager. UCM replaces ECM, but bothare still used interchangeably.

Web service A technology which supports interaction betweencomputers on a network.


NN44473-101 02.01 2 July 2010


.


58/60

58 Terminology


NN44473-101 02.01 2 July 2010


.


59/60


60/60


Fundamentals

Release: MAS 14.0

Publication: NN44473-101

Document revision: 02.01

Document release date: 2 July 2010


While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing

NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS

OR IMPLIED. The information and/or products described in this document are subject to change without notice.

Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.

Date post:	08-Apr-2018
Category:	Documents
Upload:	jocelyn-sinha
View:	215 times
Download:	0 times

NN44473-101_02.01_mas14_mas-fundamentals

Documents