OpenScape V1.0 Installation Guide

7/21/2019 OpenScape V1.0 Installation Guide

http://slidepdf.com/reader/full/openscape-v10-installation-guide 1/149

Siemens ICN EN

OpenScape System Installation 10/23/2003 Page 1 of 149Document Version 2.14

For internal use only

OpenScape V1.0

System Installation

Drop5/RC Release

Document Revision: 2.14

Status: Draft

Date: October 23, 2003



Siemens ICN EN



History of Change

Rev.No.

Description of Change(s) By Whom ReleaseDate

0.1 Initial Creation Bianka Skubnik 4/11/03

0.11 Updates from review & test setupdocumentation

Bianka Skubnik 4/28/03

0.12 Further updates Bianka Skubnik 5/15/03

0.13 Added Security section Bianka Skubnik 6/5/03

0.14 Updates to security and for RC version ofRTC


1.00 Bind 1.04.92 specific changes Bianka Skubnik 7/30/03

1.01 Review updates, and 1.40.9201reference.


1.02 Updates for static route configuration,adding hints and location for deliverables.


1.03 Added permissions section and updatesfor T40.2


2.01 Drop 5 version updates. Bianka Skubnik 9/25/032.02 Clarification in 8.6.2 Namespace

permissionsPaul Mayer 10/1/03

2.03 Updated RTC property settinginstructions, Appendix 17.3 and 17.4

Shakil Malhotra 10/01/03

2.04 Remove reference to FW1.0 hotfixes Bianka Skubnik 10/1/03

2.05 Removed reference to performancecounter hotfix, added MC GUIconfiguration for SIP URI and updatedinstall screen shots.

Sheldon Kociol 10/1/03

2.06 Clarification of WMI permissions 8.3 Bianka Skubnik 10/2/03

2.07 Added MCU one box solution and

standalone MPs

Sheldon Kociol 10/10/03

2.08 Added CIM permissions 8.6.2 Roger Urscheler 10/14/03

2.09 Revising OpenScape ScriptingFramework description

Karl EnguerraBianka Skubnik

10/14/03

2.10 Adding reference to installation CDs Bianka Skubnik 10/15/03

2.11 Adding MCU install restriction Bianka Skubnik 10/15/03

2.12 Clarified MC GUI SipUri field Sheldon Kociol 10/16/03

2.13 Update to OMC Installation (10.5) Michael Kelly 10/17/03

2.14 Added:- Event view/OMC clarification (10.5)- Need for email address (12.1)- Requires SQL restart (10.4.8)


Note: Throughout this document there aresentences/items prefaced by “???”. This signifies thatthey are either open issues or general questions that



Siemens ICN EN



will need to be clarified by development.



Siemens ICN EN



Table of Contents1 Overview ................................................................................................................................. 8 2 Audience ................................................................................................................................. 8 3 Purpose................................................................................................................................... 8 4 OpenScape Configurations..................................................................................................... 9 5 System Components............................................................................................................... 9

5.1 OpenScape Components............................................................................................... 9 5.1.1 OpenScape Application Server.................................................................................. 9 5.1.2 OpenScape Administration Clients ............................................................................ 9 5.1.3 MCU........................................................................................................................... 9 5.1.4 Media Server (ComResponse) .................................................................................. 9 5.1.5 SIP Phones ................................................................................................................ 9

5.2 Non-Siemens Prerequisite Components........................................................................ 9 5.2.1 Active Directory.......................................................................................................... 9 5.2.2 Microsoft SQL Server................................................................................................. 9 5.2.3 Microsoft LC Server ................................................................................................... 9 5.2.4 Microsoft Exchange 2000 .......................................................................................... 9 5.2.5 Microsoft Windows Server 2003................................................................................ 9 5.2.6 Microsoft .NET Framework V1.1................................................................................ 9

6 Prerequisites ........................................................................................................................... 9 6.1 Hardware Requirement .................................................................................................. 9 6.2 Required Infrastructure .................................................................................................. 9 6.3 OpenScape Application Server ...................................................................................... 9 6.4 OpenScape Administration Clients ................................................................................ 9 6.5 MCU ............................................................................................................................... 9 6.6 Media Server (ComResponse)....................................................................................... 9 6.7 End points ...................................................................................................................... 9 6.8 Recommendations based on Number of Users............................................................. 9

7 Topology ................................................................................................................................. 9 7.1 Forest and Domains....................................................................................................... 9

7.1.1 Single Domain............................................................................................................ 9 7.1.2 Multiple Domains ....................................................................................................... 9 7.1.3

Multiple OpenScape Systems – Separate Domains.................................................. 9

7.1.4 Multiple OpenScape Systems – Same Domain......................................................... 9 7.1.5 Summary of supported and non-supported configurations........................................ 9

7.2 Windows Exchange Server ............................................................................................ 9 7.3 Live Communications Server ......................................................................................... 9

8 Accounts ................................................................................................................................. 9 8.1 Installation of LCS.......................................................................................................... 9 8.2 OpenScape Applications................................................................................................ 9

8.2.1 Installation of OpenScape Applications ..................................................................... 9 8.2.2 Required Account Information ................................................................................... 9 8.2.3 Required Group Information ...................................................................................... 9 8.2.4 Local machine groups................................................................................................ 9

8.3 OpenScape Management (OMC) .................................................................................. 9 8.4 Conferencing Application (MCU).................................................................................... 9

8.4.1 Installation of MCU Applications (MC, MP) ............................................................... 9 8.4.2 Installation of O/S....................................................................................................... 9 8.4.3 Required Account Information ................................................................................... 9

8.5 Media Server (ComResponse)....................................................................................... 9 8.5.1 Installation of Media Server (ComResponse)............................................................ 9 8.5.2 Installation of O/S....................................................................................................... 9 8.5.3 Required Account Information ................................................................................... 9

8.6 Permissions.................................................................................................................... 9 8.6.1 Group Permissions .................................................................................................... 9



Siemens ICN EN



8.6.2 Namespace permissions............................................................................................ 9 8.7 Imported AD users ......................................................................................................... 9

9 Licensing................................................................................................................................. 9 9.1 Non-OpenScape Licensing ............................................................................................ 9 9.2 OpenScape Licensing .................................................................................................... 9

10 Installation............................................................................................................................... 9 10.1

Infrastructure Server Verification.................................................................................... 9

10.1.1 Domain Mode ........................................................................................................ 9 10.1.2 Time Synchronisation............................................................................................ 9 10.1.3 User and Administrator Cross-functionality........................................................... 9 10.1.4 Firewall Requirements........................................................................................... 9 10.1.5 Virus Detection ...................................................................................................... 9

10.2 LC Server install............................................................................................................. 9 10.2.1 WM/RTC Setup References:................................................................................. 9 10.2.2 LCS User Configuration:........................................................................................ 9 10.2.3 Application URI and Static Routes: ....................................................................... 9 10.2.4 WM Installation and Setup:.................................................................................... 9 10.2.5 Test with WM......................................................................................................... 9

10.3 Accounts......................................................................................................................... 9 10.4 OpenScape install (Applications Server) ....................................................................... 9

10.4.1 Minimum Complete System Configuration............................................................ 9 10.4.2 Multiple Server Configuration ................................................................................ 9 10.4.3 JAVA Runtime Environment.................................................................................. 9 10.4.4 User accounts........................................................................................................ 9 10.4.5 MS SQL Server ..................................................................................................... 9 10.4.6 Install OpenScape Application Server................................................................... 9 10.4.7 OpenScape patches.............................................................................................. 9 10.4.8 SSL Encryption for SQL Server 2000.................................................................... 9 10.4.9 Ports and Routes................................................................................................... 9

10.5 OpenScape MC (OMC) install....................................................................................... 9 10.6 OpenScape MCU install ................................................................................................. 9 10.7 OpenScape Media Server (ComResponse) install ........................................................ 9 10.8 OpenScape Users.......................................................................................................... 9

10.8.1 OpenScape Client ................................................................................................. 9 10.8.2 Portals.................................................................................................................... 9

10.9 Security .......................................................................................................................... 9 10.9.1 Create a custom MMC console for IPSec Configuration....................................... 9 10.9.2 Create a new IPSec Policy.................................................................................... 9 10.9.3 MCU....................................................................................................................... 9 10.9.4 ComResponse....................................................................................................... 9 10.9.5 LC Server............................................................................................................... 9 10.9.6 OpenScape............................................................................................................ 9 10.9.7 MC ......................................................................................................................... 9 10.9.8 MP ......................................................................................................................... 9 10.9.9 Block Rule.............................................................................................................. 9 10.9.10 Permit Rule for Gateway ....................................................................................... 9

10.10 Security for Phone Discovery .................................................................................... 9 10.11 Certificates................................................................................................................. 9 10.11.1 OpenScape Certificate Configuration.................................................................... 9 10.11.2 ComResponse Certificate Configuration............................................................... 9

11 Installing in a pre-existing environment .................................................................................. 9 11.1 OpenScape Server (Applications Server) ...................................................................... 9 11.2 OpenScape MC (OMC).................................................................................................. 9 11.3 OpenScape MCU ........................................................................................................... 9 11.4 OpenScape Media Server (ComResponse) .................................................................. 9



Siemens ICN EN



12 Basic Administration ............................................................................................................... 9 12.1 Adding users .................................................................................................................. 9

12.1.1 User Creation via OpenScape Management......................................................... 9 12.1.2 User creation via script.......................................................................................... 9

13 Service Pack install ................................................................................................................. 9 13.1 OpenScape Main Server................................................................................................ 9 13.2

OpenScape MCU ........................................................................................................... 9

13.3 OpenScape Media Server (ComResponse) .................................................................. 9 13.4 SIP Phones .................................................................................................................... 9 13.5 Infrastructure .................................................................................................................. 9

14 Uninstall .................................................................................................................................. 9 14.1 OpenScape (Main Server) Uninstall............................................................................... 9 14.2 OpenScape MCU Uninstall ............................................................................................ 9 14.3 Media Server (ComResponse) Uninstall........................................................................ 9 14.4 Service Pack Uninstall ................................................................................................... 9

15 Upgrade .................................................................................................................................. 9 16 Tools, Utilities and Hints ......................................................................................................... 9

16.1 CheckSPN...................................................................................................................... 9 16.2 MSMQ ............................................................................................................................ 9 16.3 OpenScape RTC Tool.................................................................................................... 9 16.4 OpenScape Scripting Framework .................................................................................. 9 16.5 Shutdown Monitor .......................................................................................................... 9 16.6 Consistency Analyzer..................................................................................................... 9 16.7 License Checker............................................................................................................. 9 16.8 XPConnectionTest ......................................................................................................... 9 16.9 OpenScape Trace.......................................................................................................... 9 16.10 OpenScape Trace Viewer.......................................................................................... 9 16.11 CSTA Trace (TraceVu) .............................................................................................. 9 16.12 GAC and Service uninstallation................................................................................. 9

17 Appendix ................................................................................................................................. 9 17.1 A-1 Install Flow............................................................................................................... 9 17.2 A-2 Simple Topology Setup ........................................................................................... 9 17.3 A-3 Application URI & Static Route Configuration ......................................................... 9

17.4 A-4 LCS Setup Checklist & Troubleshooting ................................................................. 9 17.5 A-5 OpenScape Main Install Screens ............................................................................ 9 17.6 A-6 OpenScape OMC Install Screens............................................................................ 9 17.7 A-7 OpenScape MCU Install Screens............................................................................ 9

17.7.1 A-7.1 Standalone MCU (MC and MP on same box) ............................................. 9 17.7.2 A-7.2 Standalone MCU (MC and MP(s) on different boxes)................................. 9 17.7.3 A-7.3 One Box Configuration................................................................................. 9

A-8 OpenScape Client Install Screens........................................................................................ 9 17.8 A-9 Portals Installation ................................................................................................... 9 17.9 A-10 General IPsec screens .......................................................................................... 9 17.10 A-11 Virus Scan Data ................................................................................................ 9

List of FiguresFigure 1. Minimum Complete System....................................................................................... 9 Figure 2. Multiple Server Configuration (3

rdvariant) ................................................................. 9

Figure 3. Single Domain............................................................................................................ 9 Figure 4. Multiple Domain ......................................................................................................... 9 Figure 5. Multiple OpenScape Systems in separate domains.................................................. 9 Figure 6. Multiple OpenScape Systems within one domain ..................................................... 9 Figure 7. OMC Phone Management Tab.................................................................................. 9 Figure 8. OMC System Management ....................................................................................... 9 Figure 9. Certificate Configuration Tab ..................................................................................... 9



Siemens ICN EN



Figure 10. OpenScape Service packs ........................................................................................ 9



Siemens ICN EN



OpenScape Installation

1 OverviewThis document will provide a description of the installation of the OpenScape system. It covers

the components/applications that comprise the OpenScape system and information regardingsystem wide configurations. It further covers product installation, service pack installation andproduct uninstallation. Upgrade to next version is covered only to the extent of assumptions aboutV2 of OpenScape.

2 AudienceThe audience for this document is OpenScape Development and Test.

3 PurposeThe purpose of this document is to provide a central place for identifying the supportedconfigurations, system prerequisites and installation instructions for the product. This documentmay be used to aid in the creation of documentation for the product.



Siemens ICN EN



4 OpenScape ConfigurationsMinimum Complete Server (Single Server) – This configuration implies that the OpenScapeApplications are co-located with LCS server and MS SQL Server. This document primarilyaddresses this configuration. Figure 1 shows the Minimum Complete Server configuration.

Beta (Drop 4) testing and trial will follow the Minimum Complete Server configuration.

Figure 1. Minimum Complete System

Multiple Server – There are three variants of multiple server configurations. One variant has LCServer on a separate server with OpenScape Applications and MS SQL Server co-located on thesame server. Next variant has MS SQL Server on a separate server with OpenScapeApplications and LC Server co-located on the same server. Third, LC Server, MS SQL Serverand OpenScape Applications are installed on their own separate servers. Figure 2 shows thethird variant of the Multiple Server configuration.

In both configurations, the OpenScape Administration Client, OpenScape Users and SIP

Gateway have the same configurations.

Windows Messenger 5.0 / IE 5.1 / Outlook 2000

OS

OpenScape

OpenScape System

Windows 2000or XP Pro

OMCAdministration

Client

OpenScape ManagementConsole

OpenScape BaseSIP Gateway

Required Infrastructure

OpenScape Application

3rd Party SoftwareTTS,ASR,Dialogic

JAVA Runtime

Windows Server2003

LCS

MS-SQL Server 2000

Windows 2000Server + SP3

MSDE, MDAC

Windows Server2003 or Windows

2000 Server

ActiveDirectory

Windows 2000Server

Exchange2000

Main ServerMedia Server

(ComResponse)Domain

ControllerExchange

Server

OpenScape Base

Windows Server2003

MCU Server

MCU MPApplication

MCU MCApplication

OpenScape Base

OpenScapeManagement Console

MS IIS

MS IIS

OpenScape Base

ComResponseApplication

OpenScape Client

JAVA Runtime

Infra-structure

OpenScapeUser Clients

SIP Phones

OpenScape Users




Siemens ICN EN



Figure 2. Multiple Server Configuration (3rd

variant)

5 System Components

5.1 OpenScape Components

5.1.1 OpenScape Application ServerThe OpenScape Application Server consists of the OpenScape Base components and

Applications.

??? Could list the base components and applications here.

OpenScape Application

3rd Party SoftwareTTS,ASR,Dialogic

JAVA Runtime

Required Infrastructure

Windows Server2003

Windows 2000Server + SP3

MSDE, MDAC

ActiveDirectory

Windows 2000Server

Exchange2000

OS

OpenScape

Main ServerMedia Server

(ComResponse)

OpenScape System

DomainController

ExchangeServer

OpenScape Base

Windows Server2003

MCU Server

MCU MP

Application

MCU MCApplication

OpenScape Base

OpenScapeManagement Console

OMCAdministration

Client

SIP Gateway

MS IISMS IIS

Windows Server2003

LCS MS-SQL Server2000

LCS Server

OpenScape Base

MS SQLServer

OpenScape Base

Infra-structure

OS

Op

enScape

OpenScape Base

ComResponseApplication



OpenScape Base

OpenScape UsersOpenScapeUser Clients


Windows Messenger 5.0 / IE 5.1 / Outlook 2000

OpenScape Client

SIP Phones

JAVA Runtime


2000 Server


2000 Server

Infra-structure



Siemens ICN EN



5.1.2 OpenScape Administration ClientsThe OpenScape Administration Clients consist of the management interface for the

system.

5.1.3 MCU

This is a Siemens product that although integrated with OpenScape, may be soldseparately.

5.1.4 Media Server (ComResponse)This is a Siemens product that although integrated with OpenScape, may be sold

separately.

5.1.5 SIP PhonesThis is a Siemens product that although integrated with OpenScape, may be sold

separately.

5.2 Non-Siemens Prerequisite Components

5.2.1 Active DirectoryOpenScape will use the customer’s existing Active Directory for identifying OpenScape

users.

5.2.2 Microsoft SQL ServerOpenScape will use the customer’s existing MS SQL Server if the prerequisites for

version and storage space are met. OpenScape requires one instance of SQL running on the MSSQL Server. OpenScape install will prompt the user for a named instance of SQL, if it does notexist, OpenScape install will create the instance. Install of MS SQL Server product howeverremains the responsibility of the customer.

5.2.3 Microsoft LC ServerOpenScape will use the customer’s existing LC (Live Communications) Server.

Installation of the first instance of LC Server will extend the AD schema.

5.2.4 Microsoft Exchange 2000OpenScape will use the customer’s existing MS Exchange.

5.2.5 Microsoft Windows Server 2003OpenScape requires MS Windows Server 2003 for functionality. This is a prerequisite for

the OpenScape Applications server.

5.2.6 Microsoft .NET Framework V1.1OpenScape applications require the .NET Framework for functionality. MS .NET

Framework 1.1 is a prerequisite for the OpenScape Applications server, ComResponse, MCUand OpenScape Administration.Drop 4 additionally required .NET FW 1.0.



Siemens ICN EN



6 Prerequisites

6.1 Hardware Requirement

Microsoft hardware recommendations based on O/S should be followed. The hardware shouldmeet at least the recommended, as opposed to the minimum, requirements.

6.2 Required InfrastructureComponent Type/Edition/Company Version

Environment

MS Windows Server 2003 orMS Windows 2000 Server

Standard or EnterpriseEdition

MS .NET Framework 1.1

MS Exchange Server 2000

MS Live Communication Server Microsoft 1.0.4949

6.3 OpenScape Application ServerComponent Type/Edition/Company Version

OpenScape Base Server Siemens V1.50.6200

OpenScape ManagementConsol

Siemens V1.50.6200

MS Windows Server 2003 Enterprise Edition

MS .NET Framework Microsoft 1.1

Java 2 Runtime Environment Sun v1.4.1

MSSQL Server 2000 and SP 3 Standard Edition or

Enterprise Edition

2000 + SP3

MSMQ – MS Message QueueService

Microsoft

ASP.NET Microsoft

Management and MonitoringTools

Microsoft

IIS Microsoft

6.4 OpenScape Administration ClientsComponent Type/Edition/Company Version


Siemens V1.50.6200

MS .NET Framework Microsoft 1.1

MS Windows 2000 or MS XPProfessional

Microsoft


Microsoft



Siemens ICN EN



6.5 MCUComponent Type/Edition/Company Version

OpenScape MCU Siemens V1.50.6200

MS Windows Server 2003 Standard Edition orEnterprise Edition

MS .NET Framework Microsoft 1.1MSMQ – MS Message Queue Service Microsoft

6.6 Media Server (ComResponse)Component Type/Edition/Company Version

OpenScape ComResponse Siemens V1.41.0500

MS Windows 2000 Server + SP3 Standard Edition

Internet Explorer Microsoft 5.5+SP2(IE 6.0 worksOK)

HiPath CAP Fault Management Siemens v1.0

Kerberos Hotfix Q328194MS .NET Framework Microsoft 1.1

Java 2 Runtime Environment Sun v1.4.1

Realspeak (TTS engine) ScanSoft v2.0

SAPI 4.0a Microsoft v4.0a

SpeaKING (ASR Engine) MediaInterfaceDresden GmbH

v1.01

IE Web Controls Microsoft v1.0.3705.0

Software Dialogic v5.1.1 + SP1

MDAC Microsoft 2.70.9001.0

MSDE 2000 + SP2 Microsoft 2000 + SP2

Web Telephony Engine (WTE) Microsoft 1.1.965.0

Mobile Toolkit Microsoft 1.0.2506


Microsoft

6.7 End pointsComponent Type/Edition/Company Version

EndPoints

OptiPoint 400 Siemens Sip phone V3.0.0.1Windows Messenger Microsoft V5.0.381

MS Windows 2000 orMS Windows XP Professional

Microsoft



Siemens ICN EN



6.8 Recommendations based on Number of UsersThe following tables capture the recommended Hardware requirements – adjusted forOpenScape requirements.

Server 100 UsersProc./Mem./HD

250 UsersProc./Mem./HD

500 UsersProc./Mem./HD

OpenScapeMain Server

> 1GHz/>512MB/>18GB

LC Server

MS SQL Server

MCU Server PIII 1.4GHz/>512MB/ >10GBorP4 2.4 GHz/>512MB/ >10GBwith 100 Mbit ServerEthernet Card- Intel® PRO/100Server Adapter or

3Com® 3XP-basedor better

Media Server 1GHz/1GB/>18 GB



Siemens ICN EN



7 Topology

The network topology at a customer site will be the responsibility of the customer’s ITorganization. This section will outline supported (tested?) topologies for the system as well asidentify some key factors for the main components.

7.1 Forest and DomainsThe OpenScape system has the same basic topology requirements as the Microsoft LC Server.There are application specific restrictions that must be imposed for OpenScape V1.0 to functionproperly.

OpenScape specific restrictions:• LC/OpenScape may only be installed in child domains, specifically Microsoft does not

recommend LC Server be installed in a root or grandchild domain.• OpenScape requires association with a single LC Server. This means that all users that

are a part of a single OpenScape system must be registered to only one LC Serverregardless of how many LC Servers are available.

• All users registered to a single OpenScape system must be members of domains within asingle forest.

• One physical server (machine) may only support one instance of OpenScape.

The topologies supported by OpenScape V1.0 are as follows: Single domain – all components and users are in a single child domain Multiple domain – components and users are distributed across multiple domains Multiple OpenScape Systems – separate domains Multiple OpenScape Systems – same domain

??? There may be more that we wish to support but these are the straightforwardones for now.

There are two key principles that need to be satisfied by any topology for the OpenScape systemto be functional. The two principles are; access to contact information of system users andregistration of users with an appropriate LC Server.

The root domain contains a master Active Directory. A domain controller of each domain in thedomain hierarchy contains a partial copy of Active Directory. This copy contains the configurationand schema partitions containing information about the entire forest. The copy also contains adomain partition with information on all objects and attributes within that domain. A domaincontroller in each domain must also contain the Global Catalog. The Global Catalog contains afull replica of its own domain objects as well as a partial replica of all other domain objects in theforest. In this way, some contact information, i.e. username, address, about all users in the forestis available to the system.

Microsoft allows for multiple LC Servers to be installed in multiple domains in the forest, howeverOpenScape restricts this topology by requiring a single LC Server per OpenScape system. So forusers to be considered as members of a particular OpenScape system, they need to beregistered with an appropriate LC Server.

In the sections that follow, the four topologies are discussed. In all the listed topologies theExchange Server is denoted as being in its own separate domain. This is because the actualphysical location of the Exchange Server need not be co-located with the OpenScape system.



Siemens ICN EN



All the figures show an organization siteA.com and its forest forest1.siteA.com. The root domainof the forest root.forest1.siteA.com contains the master Active Directory, domain controllers and aGlobal Catalogue.

The figures show the locations of the OpenScape Systems (OS1,OS2) and the LCS HomeServers (RTC HS1, RTC HS2). Other LC Servers may exist in an actual environment but it isassumed that users homed (assigned an LCS home server) on those LC Servers are not a part ofany OpenScape system and therefore do not appear in any of the figures. It is also assumed thatfor the explicit servers (machines) shown, LC Server software is only installed where indicated.

7.1.1 Single DomainThe simplest topology has the entire OpenScape System and associated users in one domain.

Figure 3 shows a simple topology for the system.

forest1.siteA.com

siteA.com

root.forest1.siteA.com

DC GC

domain1.root.forest1.siteA.com

user1

user2 user3

user4

DC GC


DC GCExchange 2000

OpenScape System

OS1

OpenScape System (OS1)

OpenScape MCU

OpenScape MCU MC Application

OpenScape MCU MP Application

OpenScape Base

OpenScape Media Server

OpenScape ComResponse Application

OpenScape Base

OpenScape HSOpenScape Management Console

OpenScape Applications

OpenScape Base

MS SQL

RTC HS1

DC - Domain Controller

GC - Global Catalogue

RTC HS - RTC Home Server

Figure 3. Single Domain



Siemens ICN EN



In the Single Domain topology 4 users are shown belonging to the child domain domain1. Thereis one OpenScape system (OS1) with one LC Server (RTC HS1) installed on the OpenScapeHome Server.

• Users user1, user2, user3, user4 are configured in AD as belonging to

domain1.root.forest1.siteA.com via domain administration.• Users user1, user2, user3, user4 are configured with RTC HS1 as their home server byLCS administration.

• Users user1, user2, user3, user4 are configured as OS1 users by OpenScapeadministration.

7.1.2 Multiple Domains

A customer/lab requirement may call for having users across domains yet still be associated witha particular OpenScape system.

Figure 4 shows the multiple domain topology.



Siemens ICN EN



Figure 4. Multiple Domain

In the Multiple Domain topology 4 users are shown belonging to the child domain domain1, withan additional 3 users belonging to domain3. There is one OpenScape system (OS1) with one LCServer (RTC HS1) installed on the OpenScape Home Server in domain1.

• There is an implicit trust between the peer domains domain1 and domain3. MSrecommends the explicit creation of a 2 way trust between the peer domains forperformance reasons. This may be done via domain administration.

• Users user1, user2, user3, user4 are configured in AD as belonging todomain1.root.forest1.siteA.com and users user5, user6, user7 are configured in AD asbelonging to domain3.root.forest1.siteA.com via domain administration.



Siemens ICN EN



• Users user1, user2, user3, user4, user5, user6, user7 are configured with RTC HS1 astheir home server by LCS administration.

• Users user1, user2, user3, user4, user5, user6, user7 are configured as OS1 users byOpenScape administration.

Note: Users may access the system from a remote location via VPN. In this

situation, the user is effectively logging in to the local domain. This type of accessis possible in any of the supported topologies.

7.1.3 Multiple OpenScape Systems – Separate Domains

A customer/lab requirement may call for multiple OpenScape systems to co-exist in one site. Inthis scenario, as long as the OpenScape and LCS requirements are met, there may be multipleOpenScape systems within one forest. OpenScape systems in separate forests would follow theSingle or Multiple Domain topologies.

Figure 5 shows a multiple OpenScape topology.



Siemens ICN EN



Figure 5. Multiple OpenScape Systems in separate domains



Siemens ICN EN



In the Multiple OpenScape System (Separate domains) topology 4 users are shown belonging tothe child domain domain1, 3 users belonging to domain3, and an additional 4 users belonging todomain4. There are two OpenScape systems (OS1 & OS2) each with one LC Server (RTC HS1,RTC HS2) installed on their OpenScape Home Server. The two OpenScape systems are in twoseparate domains.

If the OpenScape Systems are installed in a multiple server configuration it is possible to locatethe MS SQL Server on a separate machine. However, each OpenScape System must refer toone, and only one instance of the database server. There may be multiple instances of SQLServer on the same machine.

• There is an implicit trust between the peer domains domain1 and domain3 and betweenpeer domains domain3 and domain4. MS recommends the explicit creation of a 2 waytrust between the peer domains for performance reasons. This may be done via domainadministration.

• Users user1, user2, user3, user4 are configured in AD as belonging todomain1.root.forest1.siteA.com, users user5, user6, user7 are configured in AD asbelonging to domain3.root.forest1.siteA.com and user8, user9, user10, user11 asbelonging to domain4.root.forest1.siteA.com via domain administration.

• Users user1, user2, user3, user4 are configured with RTC HS1 as their home server byLCS administration.

• Users user8, user9, user10, user11 are configured with RTC HS2 as their home serverby LCS administration.

• Users user5, user6, user7 may be assigned to either RTC HS1 or to RTC HS2, butcannot be assigned to both. For example user5 -> RTC HS1 and user6, user7 -> RTCHS2

• Users user1, user2, user3, user4, user5, are configured as OS1users and users user6,user7, user8, user9, user10, user11 are configured as OS2 users by OpenScapeadministration.

7.1.4 Multiple OpenScape Systems – Same DomainA customer/lab requirement may call for multiple OpenScape systems to co-exist in one site andin one domain. Similarly, in this scenario, as long as the OpenScape and LCS requirements aremet, there may be multiple OpenScape systems within one domain.



Siemens ICN EN



forest1.siteA.com

siteA.com

DC - Domain Controller

GC - Global Catalogue

RTC HS - RTC Home Server

root.forest1.siteA.com

DC GC


DC

user5

user6

user7 2 - w a

y t r u

s t


DC GCExchange 2000


user1

user2 user3

user4

DC GC

OpenScape System

OS1 OpenScape System

OS2

user8

user9 user11

user10


OpenScape MCU



OpenScape Base



OpenScape Base



OpenScape Base

MS SQL

RTC HS1


OpenScape MCU



OpenScape Base



OpenScape Base



OpenScape Base

MS SQL

RTC HS2

Figure 6. Multiple OpenScape Systems within one domain



Siemens ICN EN



In the Multiple OpenScape System (One domain) topology 8 users are shown belonging to thechild domain domain1 and 3 users belonging to domain3. There are two OpenScape systems(OS1 & OS2) each with one LC Server (RTC HS1, RTC HS2) installed on their OpenScapeHome Server. The two OpenScape systems are in the same domain.

If the OpenScape Systems are installed in a multiple server configuration it is possible to locatethe MS SQL Server on a separate machine. However, each OpenScape System must refer toone, and only one instance of the database server. There may be multiple instances of SQLServer on the same machine.

• There is an implicit trust between the peer domains domain1 and domain3. MSrecommends the explicit creation of a 2 way trust between the peer domains forperformance reasons. This may be done via domain administration.

• Users user1, user2, user3, user4, user8, user9, user10, user11 are configured asbelonging to domain1.root.forest1.siteA.com and users user5, user6, user7 as belongingto domain3.root.forest1.siteA.com via domain administration.

• Users user1, user2, user3, user4 are configured with RTC HS1 as their home server byLCS administration.

• Users user8, user9, user10, user11 are configured with RTC HS2 as their home serverby LCS administration.

• Users user5, user6, user7 may be assigned to either RTC HS1 or to RTC HS2, butcannot be assigned to both. For example user5 -> RTC HS1 and user6, user7 -> RTCHS2

• Users user1, user2, user3, user4, user5, are configured as OS1users and users user6,user7, user8, user9, user10, user11 are configured as OS2 users by OpenScapeadministration.

7.1.5 Summary of supported and non-supported configurationsThese are the intra-enterprise scenarios that are supported:

• Users and LC Server in a single forest

• Child domains not more than one level deep from the root• OpenScape user/service accounts in a single domain (i.e. CR, OpenScape, MCU, DB).• A forest with multiple domain trees with trust relationships between the trees.

(Whichever of the tree-root domains was created first is the forest-root domain, andthere is but one AD throughout.)

These are the intra-enterprise scenarios that are not supported:• Child domains that are more than one level deep from the root• OpenScape service accounts configured in different domains• Users in different forests that have mutual trust, i.e. we do not support synchronization of

contact objects via MMS, or "Multi - Forest" if cross forest/cross domain trust isestablished

Federation and edge proxy/server are not supported in V1 but will be contained in a subsequent

release in the near term. Edge proxy/server is used with a firewall and DMZ, so since this is notyet supported, the following scenarios are also not supported:

1. Registering from an Internet café2. Registering from another company for a roaming user

7.2 Windows Exchange Server



Siemens ICN EN



The OpenScape system requires Windows Exchange 2000 Server. This document will not detailthe installation of Windows Exchange Server, please follow the MS recommendations in thereferences listed at the beginning of the Installation section (Ref. Section 10).

Exchange 2000 utilizes Active Directory and the Global Catalogue to locate users, so the physicallocation of the Exchange 2000 server is not restricted to coexist in the same domain as theOpenScape Main Server.

The server on which Exchange 2000 is installed requires a clean installation of Windows 2000Server on an NTFS drive. Windows 2000 Server should be installed as a stand-alone server, butthe computer must be a part of a domain. In addition, make sure that SMTP and NNTP servicesare installed on the computer prior to the Exchange 2000 installation.

Administration of Exchange in a multi domain environment will require execution of a domainprepcommand within each domain. Since Exchange 2000 is not supported on Windows 2003 Serverthere will be an error generated when domainprep is attempted on the child domain DCs. Itappears however that allowing the setup to continue, does indeed affect the necessary changesfor domainprep. Alternatively, the domainprep command may be run from any Windows 2000Server or Windows 2000 Advanced Server machine in the child domain.

The physical network is divided into public and private interfaces. Each computer on the public,front-end network runs NLBS or some load-balancing technology. All front-end computers shouldhave two NICs. The back-end server running Exchange and the server running Active Directoryrequire only one NIC each. For each front-end computer, the NIC facing the Internet must containa valid IP address (for example, 208.229.x/24) and a virtual IP address for NLBS. The privatenetwork NIC contains a non-routable IP address (that is, those in the 10.0.0.x/24 range). It isrecommended that you place one NIC on the private, back-end computer. No user request trafficwill transit the private network directly—except MAPI requests using RPC.

7.3 Live Communications Server

This document will not detail the installation of the LC Server please follow the MSrecommendations in the references listed at the beginning of the Installation section (Ref. Section10).

Since the LC Server is not being installed on the DC, then the DC needs to have LCSadministration tools installed.

The LC Server may be installed on either MS Windows Server 2003 Standard or EnterpriseEdition.

Installation of the LC Server adds attributes to the user object in the AD schema. This will requirespecific Schema Administration privilege. It is recommended that installation be done under anaccount with sufficient privilege and in Forest Prep mode which makes the schema changeswithout actually installing the product.

1) Backup the Schema Master DC to tape2) Take the DC OFF the network3) Make the Schema changes (install in Forest Prep mode)4) Verify that they are clean and correct --> if not, restore from tape...



Siemens ICN EN



5) IF #4 is true, re-connect and let the replication commence

??? There will likely be more information to add here for OpenScape specificconfiguration.



Siemens ICN EN



8 Accounts

OpenScape requires the creation of users and groups prior to installation of the system. This is amanual step required by the Domain Administrator in order to limit the permissions necessary byinstallation. This may be re-considered in future releases based on real customer requirementsand assessments of the security requirements.

OpenScape is supported only in native mode or higher domains. The reason for this is that thereare two groups that will require support of users in multiple domains. In native mode or higher, theDomain Local Group has scope over multiple domains.

A tool will be provided to the Domain Administrator to support an easy way of creating theaccounts with the necessary settings. Delivery of this is as yet TBD.

Note: To be compliant with Windows 2000, the user and group names should beno longer than 20 characters.

8.1 Installation of LCSFor installation of the LC Server software an account is required to have:• Domain administration privileges• Active Directory schema modification privileges

Microsoft calls it "forestprep(aration)", Exchange was the first one to do it that way. Permissionsaren't the main reason, replication traffic and forest integrity is even more important. Often theSchema Master machine will be upgraded offline, then tested before it is reconnected andallowed to replicate to the forest.

Further details of LCS installation are available in the Microsoft LCS Deployment document (Ref.Section 10).

Also refer to LC Server Checklist and Troubleshooting (Appendix 17.4) to ensure that LCS is set

up correctly.

8.2 OpenScape Applications

8.2.1 Installation of OpenScape ApplicationsFor installation of the OpenScape application an account is required to have:

• Domain administration privileges• SQL administration privileges, which

o Is implicit given if the SQL service resides locallyo SQL administration privileges if the SQL server is remote installed



Siemens ICN EN



During installation of Release (Drop 5) the following information is needed:Release (Drop 5)Account information is required input at install timeAccounts and PasswordNo default account names are offeredGroup name information is required input at install timeGroups

Default group names are offeredChecking Accounts Existence of accounts is verifiedChecking groups Group membership is verified, which implicit verifies the existence of

groupsChecking permissions Permission checks for correct group permission definitions

8.2.2 Required Account InformationAccounts that need to be created for the OpenScape system are:Account Default

NameGroup Membership Description

Service Account(sometimes also calledOpenScape Coreaccount)

None - Domain GroupsDomain UserOpenScape ServiceOpenScape UserRTCHSDomain Service

- Machine Groups AdministratorsRTC Local AdministratorsRTC Local User AdministratorsRTC Server ApplicationsRTC Server Local GroupIIS_WPG local user group

• Used for services•

Used by UNS as RTCuser; RTC User (seebelow) configurationrequired

• Should be member oflocal Administratorsgroup on OpenScapeMain, MCU, CR servers.

• Portals are using thisaccount as well

Special User 1 (AE) None - Domain GroupsDomain User

OpenScape User

• Used by AE RoutingAgent (AE)

• RTC User (see below)Special User 2 (RTP) None - Domain Groups

Domain UserOpenScape User

• Used to get RTP datafrom RTC

• RTC User (see below)OpenScape Admin None - Domain Groups

Domain UserOpenScape UserOpenScape Admin

• Not required at install• Used for system

administration• No RTC user

configuration required Note: All accounts should be password enabled and set with non-expiring

passwords.

RTC users are identified by configuring the URI and RTC home server information for each user.Both Special User accounts are interchangeable, that means there is no configuration differencebetween the accounts which requires specific checking. The RTP and as well the AE can workwith either account, as long as it is configured as a RTC User.

Each OpenScape installation needs 3 distinct accounts (Service Account, Special User 1, SpecialUser 2) – in other words the same 3 accounts cannot be used by 2 OpenScape installations.

Account names should be limited to 20 characters.



Siemens ICN EN



For simplicity and ease of administration, it is recommended that the account names reflect theSystemID of a particular system. For example on an OpenScape (OS) system with SystemIDphoenix the three accounts would be:

• phoenixOSService• phoenixOSAEuser•

phoenixOSRTPuser

The OpenScape core account (aka OpenScape service account), needs to added to theIIS_WPG local users group. The Portals are going to run under this account (instead ofNETWORK SERVICE) and it's required that this account belongs to this group(IIS_WPG).

8.2.3 Required Group Information

Group Type Name Permissions CommentOpenScape Service group DGG Openscape

ServiceTBD - in Drop4

SQL serverpermissions

OpenScape User group DLG Openscape User TBD - in Drop

4OpenScape Admin group DLG Openscape Admin TBD - in Drop 4 Member of

OpenScape Usergroup

These groups should be created within the domain where OpenScape will be installed.

Additionally, the OpenScape Admin group must be made a member of the OpenScape Usergroup.

Note: If OpenScape users exist in multiple domains, then the OpenScape Userand OpenScape Admin groups must be created either as Domain Local Group(DLG) or Universal Group (UG). In order to enable creation of DLG’s or UG’s the

domain must be in native mode or higher. Note: Nesting of groups such that security tokens are passed correctly, will only

work in native mode or higher. Note: Security groups are created as Global (GG) groups by default. Once

created as GG, the group scope cannot be changed to DLG. The scope of DLGgroups must be set at creation.

8.2.4 Local machine groupsOn the OpenScape/LC Server, after installation of LCS, there are 4 new Machine Local Groupscreated:

RTC Local Administrators RTC Local User Administrators RTC Server Applications

RTC Server Local Group

The OpenScape Service account (from table in 8.2.2) must be a member of these local machinegroups. This may only be done on the local machine as these groups are not accessible globally.

Additionally, the OpenScape Service account must be a member of the local AdministratorsGroup.



Siemens ICN EN



8.3 OpenScape Management (OMC)For installation of the OMC an account is required to have:

• Local administration privileges

Further:

• To add the OMC Snap-in to an MMC console, no special account privileges are required- This is controlled by the MMC

• To view / change the OpenScape database, the account used requires Admin privilegeson the OpenScape SQL DB and access to the WMI namespace at the OpenScapeServer.

8.4 Conferencing Application (MCU)

8.4.1 Installation of MCU Applications (MC, MP)For installation of the MCU application an account is required to have:

• Local administration privileges• SQL administration privileges (SQL administration privileges)

8.4.2 Installation of O/SFor installation of the Windows 2003 server software an account is required to have:


8.4.3 Required Account InformationThe account must be the same as used in the OpenScape application server.Account Default

NameGroup Membership Comment

Service Account(sometimes also calledOpenScape Core account- same account as in 8.2.2)

none see Section 8.2.2 see Section 8.2.2

Note: All accounts should be password enabled and set with non-expiringpasswords.

8.5 Media Server (ComResponse)

8.5.1 Installation of Media Server (ComResponse)For installation of the ComResponse application an account is required to have:


8.5.2 Installation of O/SFor installation of the Windows 2000 server software an account is required to have:




Siemens ICN EN



8.5.3 Required Account InformationThe account must be the same as used in the OpenScape application server.Account Default

NameGroup Membership Comment

Service Account(sometimes also calledOpenScape Core account- same account as in 8.2.2)

none see Section 8.2.2 see Section 8.2.2

Note: All accounts should be password enabled and set with non-expiringpasswords.

8.6 PermissionsOpenScape requires that specific permissions be assigned to users and groups. These

permissions are for management, function and security purposes.

8.6.1 Group PermissionsOnce the groups are created, permissions need to be set for these groups so that administrationof users may be done via the OpenScape MC. The OpenScape Admin and OpenScape Servicegroups should have full permissions on the OpenScape User group.

In order to set these permissions, you will need to install the support tools from Windows 2003server and be logged in as an administrator on the domain controller.

To set permissions:1. Run mmc add the ADSI Edit (from support tools) snap-in.

2. Right click on the snap-in and select “Connect to...”3. Select “OK” in the Connection Settings dialog box (see instructions in Note below)4. As shown below, find the OpenScape User group in the Users folder. Right click the entry

and select “Properties”.



Siemens ICN EN



5. From the properties dialog shown below, add the OpenScape Service and OpenScapeAdmin accounts. In this example domain D3, OpenScape Service and Admin groups.Give each account Full Control. Repeat steps 4 and 5 for the OpenScape Admin group.



Siemens ICN EN



6. Check the OpenScape Admin and User group type. Both should be set to Domain local.



Siemens ICN EN



Note: If you are using the ADSI snap-in from a root domain to administer groupson child domains you will need to set the proper child domain controller toconnect to. For example, below I am on the os3 domain controller (netserv06)and I want to configure the OpenScape users on the d3.os3 child domain(netserv13). In this case I have to select the “Select or type domain or server”radio button under Computer and then select OK. If you are using the ADSIsnap-in on the domain controller of the OpenScape system e.g., os3.d3 then justuse the default settings and select OK.

8.6.2 Namespace permissionsOpenScape uses a namespace in the CIM. The namespace \root\Siemens\RTCB is created oninstallation of the OpenScape application. For security purposes these permissions must be

verified/adjusted on the OpenScape server.

Access to the namespace security is through the Windows Management Infrastructure (WMI)console (wmimgmt.msc). In order to access the security settings, you must be at least a localadministrator on the OpenScape server.

The following URL is a link to an MSDN article that discusses how to set the WMI namespaceprivileges in Windows Server 2003.http://support.microsoft.com/default.aspx?scid=kb;en-us;325353

Summary of user privileges for root\Siemens\RTCB namespace: • administrators: should have all privileges including Remote Enabled• OpenScape Admin group: If not already in the administrators group, should have all

privileges including Remote Enabled.• OpenScape Service group: same as above.• Everyone: should modify to deny all inherited rights• LOCAL/NETWORK: since winmgmt uses these accounts and communicates with our

OpenScape providers the default privileges are acceptable i.e., no change.

Summary of user privileges for root\CIMV2 namespace: • OpenScape Admin group: should have all privileges including Remote Enabled.



Siemens ICN EN



The account of anyone that may need to access the WMI providers on the OpenScape server willneed at least default permissions (“Execute Methods”, “Provider Write” and “Enable Account”) aswell as “Remote Enable”. This would be anyone accessing these providers via OMC or scripting.

8.7 Imported AD users

There may be cases where users for a system are being imported from another pre-Windows2000 system (i.e. Windows NT). The migration of users into Active directory is the responsibilityof the customer and the process will not be discussed here. However, for any imported user, youmust verify that the user account has a "User Logon Name" versus a "User Logon Name (pre-Windows 2000)"



Siemens ICN EN



9 Licensing

The OpenScape system will be delivered with temporary licenses (licenses.txt). Customers willhave the option of purchasing full licenses.

The following options are available for the customer to order:• OpenScape Suite - Base Package (Every customer will have one of these

packages)• OpenScape Suite - Additional Package• OpenScape Suite - Evaluation Package• TTS sessions (Text-to-Speech)• ASR sessions (Auto Speech Recognition)• SIP Phone

The OpenScape Suite Base package will come with the following licenses• Communication Broker – quantity 25• VoiceAndSelfServePortals - enabled•

Auto Answering - enabled• SIP_Interaction_Sessions – quantity 30• Voice Conferencing - enabled• Voice_Conf_Sessions - quantity - 288• Web-Ex Integration - enabled• TTS sessions– quantity – 1In V1.0, the customer will get all the features in OpenScape. TTS Sessions and ASRSessions are the only additional purchasable options.

The OpenScape Suite Additional Package will come with the following licenses• Communication Broker User – Upto a max of 475 with the granularity of 25. (i.e.

additional license keys can be 25, 200, 150 etc.)This package only adds additional users to an existing system.

The OpenScape Suite Evaluation package will come with the following licenses

• Communication Broker – quantity 500• VoiceAndSelfServePortals - enabled• Auto Answering - enabled• SIP_Interaction_Sessions – quantity 30• Voice Conferencing - enabled• Voice_Conf_Sessions - quantity - 288• Web-Ex Integration - enabled• TTS sessions quantity – 30• ASR sessions – quantity – 30The Evaluation package is time limited. It is valid only for 90 days after the creation ofthe license. (Note it is not 90 days after the installation of the license). This package has

the system limits as the maximum. The system will be blocked from functioning at theend of 90 days. Suitable warnings will be logged as the expiry date approaches.

9.1 Non-OpenScape LicensingThe following licenses will need to be acquired separately from OpenScape:

1) Licensing for the MS SQL server will not be covered.



Siemens ICN EN



2) Licensing of the .NET server capacity and LC Server capacity will not be covered.

3) Licensing of SIP gateway components will not be covered in version 1. Any relevantlicensing cost will be imbedded in the HW price.

4) Licensing for SIP phones and codecs will be imbedded in the HW price

9.2 OpenScape LicensingOpenScape licenses will be delivered in a single encrypted license file (licenses.txt).

Licensable element Type Maxallowed ina system

MinSystem

Req.

TriggersRoyaltypayment

Controlled byComponent

Comments

CommunicationBroker

Number 500 25 VA This may trigger aG723 royaltypayment. This isstill an open issue

VoiceAndSelfServePortals

Enabled/Disabled

n/a n/a No ComResponse

Auto Answering Enabled/Disabled

n/a n/a No ComResponse

Voice conferencing Enabled/Disabled

n/a n/a No MCU

WebEx Integration Enabled/Disabled

n/a n/a No CA

Voice_Conf_Sessions Number 288 288 Yes MCU Will always beset to 288 inV1.0. (This cabe implementin 4 servers)

Mediatrix SIPstack royalty

SIP_Interaction_Sessions

Number 30 30 Yes ComResponse Will always beset to 30 inV1.0

Mediatrix SIPstack royalty

Text To Speech Number 30 1 Yes ComResponse Royalty payment fthe TTS engine toScansoft

Auto SpeechRecognition

Number 30 Yes ComResponse Royalty payment fthe ASR engine toMID.



Siemens ICN EN



10 InstallationSince this document is not intended to supersede the Microsoft documentation andrecommendations for system configuration, the Microsoft documentation should be used as aprimary guide for setting up a system infrastructure. The relevant documentation includes:

Active Directory Deployment:http://www.microsoft.com/serviceproviders/deployment/ad.asp Exchange 2000 Deployment:http://www.microsoft.com/serviceproviders/deployment/exchange_2000_ASP_deploykitP58584.asp LC Server Deployment: \\Bigmo44.eng.sc.rolm.com\dev&test\Xperience\RTC\Microsoft Office Live CommunicationsServer RTM\

OpenScape installation will be delivered in four separate packages. These packages are:• OpenScape Application• OpenScape MC (OMC)• OpenScape MCU• OpenScape ComResponse

These packages are self contained Microsoft MSI packages. An OpenScape system install willrequire the execution of these packages on appropriate servers.

Note: Due to the .NET version dependencies of the system the MCU andOpenScape must be at the same version level at the time of installation.

This means that it is imperative to install the MCU after OpenScape has beeninstalled, but before any service packs are applied to the OpenScape System.

OpenScape installation software is released as a set of CD image files. The image files arecreated with Roxio Easy CD and DVD Creator 6 and conform to the ISO 9660 standard.

Currently, a set of three CDs/images is supplied: OpenScape, OpenScape3PSW, andOpenScapePatch.

CD1 is the OpenScape CD and contains the installation files for the following OpenScapecomponents:

• Core• Client• MC• MCU• Media Server (ComResponse)

CD2 is the OpenScape3PSW CD and contains 3rd

Party Software required for the OpenScapeMedia Server.

CD3 is the OpenScapePatch CD and contains OpenScape Service Packs.

Appendix 17.1 shows a high level install flow.

For the period of installation, the OpenScape system will be non-operational. OpenScapeinstallation however does not require the shutdown (restart) of the customer’s Infrastructure(Domain Controller, Active Directory, Exchange), or LC Server components.



Siemens ICN EN



Installation sequence should be as follows: Check of prerequisite components (Ref. Section 6 for versions). Verify Infrastructure Servers (versions, topologies and configurations)(Ref.

Section 10.1). Install/Verify LCS (Checklist in Appendix 17.4) Create User Groups and Accounts necessary for OpenScape (Ref. Section 8). Install OpenScape.(Ref. Section 10.4) Install OpenScape MC (OMC). (Ref. Section 10.5) Install OpenScape MCU. (Ref. Section 10.6) Install OpenScape ComResponse. (Ref. Section 10.7) Configure OpenScape Users. (Ref. Section 12) Install Clients (Ref. Section 10.8) Configure IPSec (Ref. Section 10.9)

The system should be ready to use.

The customer may also wish to install the system components on separate servers, the “MultipleServer “ configuration shown in Section 4, Figure 2. This installation sequence is the same for thisconfiguration but there are additional steps to perform if installing RTC or SQL on separate

servers. Section 10.4.2 provides these details.

Note: Refer to Section 8 for information regarding accounts/permissions requiredto install components.

10.1 Infrastructure Server VerificationThe first step in preparation for installation of the system is to determine whether theinfrastructure and topology meets the OpenScape requirements.

Confirm topology of the system (Ref. Section 7). Verify the Infrastructure components (Exchange, AD) are appropriate versions. Confirm that users exist in AD and map, based on topology, to the planned OpenScape

users.

Appendix 17.2 describes a simple topology setup. The instructions in this section are not intendedto supersede the full MS documentation identified at the beginning of Section.

Note1: There currently exists a restriction with the VegaStream gateway (preR5.1 T017) that the fully qualified domain name of the RTC/OpenScape servermay only be a maximum of 31 characters. If this gateway is to be used withOpenScape, this length restriction must be applied.

Note2: The IP addresse for the RTC/OpenScape server should be static.

10.1.1 Domain ModeOpenScape requires installation in a domain that is at native functionality mode or higher.

By default, when a Windows 2000 Server or Windows Server 2003 DC is installed, it is created inmixed-mode. OpenScape has a requirement for the domain in which it is to be installed to be innative-mode or higher. This elevation of domain mode provides additional security features. Theparticular feature that OpenScape requires is the enhanced scope of the Domain Local SecurityGroup. This feature exists in native mode and above (i.e. 2003).

Raising the domain functionality is a manual step that must be performed with an account thatpossesses Domain Administrator privilege. This is a non-reversible change. To raise the domain



Siemens ICN EN



functionality, select the target domain in Active Directory Domains and Trusts console. Right clickand select Raise Domain Functional Level.

If for whatever reason it is not possible to raise functionality of a production domain, theworkaround is to create a new resource domain for OpenScape. This resource domain is a newchild domain in the forest, which has been elevated to native-mode and contains the OpenScapeServers (Application, Conferencing and Media) as well as LCS. This resource domain need nothave any OpenScape users in it.

10.1.2 Time SynchronisationFor security mechanisms to work as well as to have the ability to correlate maintenanceinformation such as error logs, call records and trace information the system time of all servers inthe System that OpenScape is part of must be synchronized.

As stated in the Microsoft Knowledge Base Q224799: "Synchronized time is critical in Window2000 because the default authentication protocol (MIT Kerberos version 5) uses workstation timeas part of the authentication ticket generation process."

This is also true for the LC Server as it is based on the same authentication protocol. Thereforeclient machines should also have synchronized time.

For the OpenScape servers the maximum time difference should be sub second and must bebelow 5 seconds.

The Windows Time Synchronization service available with Windows 2000 and higher can fulfillthis requirement.

10.1.3 User and Administrator Cross-functionality

Microsoft recommends as a best practice to set up user and administrator cross-functionality.

Although this is not and explicit OpenScape requirement, it may enable more convenientadministration of the system.

User and Administrator cross-functionality may be enabled in multi-domain environments. Thisrecommendation is primarily for ease of administration and portability of users within the domains.This recommendation may conflict with a customer’s security policy and is not necessary for thefunction of OpenScape.

Although AD provides automatic 2-way trust relationships between all domains in a forest, it doesnot imply that privileges attached to administrator or user accounts in one domain are transferredto other domains. The existence of these trusts allows privileges to be granted to users in otherdomains, but such privileges are not automatically granted.

To provide for cross-administration (administrative accounts in one domain can also administerthe other domains):

• Add the "Domain Admins" global group from each domain into the "Administrators" localgroup in each other domain.

To provide for cross-user rights (ordinary user accounts in one domain also have user rights inthe other domains):

• Add the "Domain Users" global group from each domain into the "Users" local group ineach other domain.



Siemens ICN EN



10.1.4 Firewall RequirementsIn a given customer environment, there may be a need for a user to access their portal via theinternet. This will require going through a firewall.

In order to enable this capability, the firewall will need to have the capability to configure servercertificates. There will be a need for a certificate if it is a proxy, i.e. if the HTTPS is bridged there

thus ending up with one HTTPS connection from the browser to the proxy, and one HTTPSconnection from the proxy to the portals Web application. If there is no proxy, HTTPS is tunneleddirectly from the browser to the portals Web application, but most enterprises won't supporttunneling since it's not as secure. Certificate support is required for bridging, tunneling is not recommended.

10.1.5 Virus DetectionIn any given customer environment, the system will need to run with virus detection softwareinstalled on the servers. Selection and configuration of virus detection software is theresponsibility of the customer. Virus scans consume CPU. The following scenarios were tested todetermine whether the virus scan activity would affect OpenScape function.

10.1.5.1 McAfee

McAfee VirusScan Enterprise Version 7.0.0 was configured to scan all files with 50% CPUutilization, and to Prompt for action when a virus is found. The results are shown in Appendix17.10.

10.2 LC Server installFollow the Microsoft LCS deployment guidelines identified by the document in the link at thebeginning of this section.

Before installing LC Server, make sure you do not have WM installed on that machine. Because,since WM uses the default port 5060 to communicate with the LC Server, depending on whostarts up first, LCS Service or WM Client, 5060 will be taken by that component. Usually WMClient consumes the 5060 port and so LC Server is not able to receive any messages from any



Siemens ICN EN



WM Clients at all. One way to avoid this would be to add another port to the LC Server and usethat port number in the server location section on the WM Client configuration screen.

Just select defaults while installing the LC Server. Only in the User Info screen where it asks for auser-id and password, there you should enter the user id with administrator privileges only alongwith its password. The installation guide that comes with the LC Server guides you to set up an“RtcService“ type user and by default that is the one that is displayed in this screen as default.Either you can use it or key in your own id. This will be the account under which the RTC serviceswill run.

Note: For ease of administration, ensure that the password for this account isnon-expiring. If this is not set, then the password will expire in 42 days and thesystem will not function.

Once the LC Server has been installed, you must perform the following steps for configuringadmin privileges for the child domain administrator so that it can access and use the RTC Serviceand its features:

1. Add application user as member of “RTC Local Administrators” and “RTC Local UserAdministrators” on the LCS machine local groups. This is important as without it no

applications will be able to register with the LC Server. This user is the same user entrythat you used to provide in the LC Server installation User Info screen. To do so followthe following steps:• Click on "Start-->Programs-->Administrative Tools-->Computer Management".• Expand "System Tools".• Under it expand "Local Users and Groups".• Select the folder "Groups".• From the right hand column on the screen, find and double click "RTC Local

Administrators".• Check if there is an entry for the domain admin user and the local administrator user.

If not, add those entries there.• To do so, click "Add...”• Enter the administrators name, or Domain Admins group in the "Enter the object

names to select" field and click on the "Check Names" button to make sure what youentered is valid or not. Then click OK all the way out.

• Repeat for “RTC Local User Administrators”.2. To install ‘TLS’, first install certificates and then assign those certificates with the ‘TLS

Mutual’ setup.

10.2.1 WM/RTC Setup References:For reference sake only, so that one can cross check the settings on WM and RTC to be sure ofworking setups. Following scenarios are the valid working scenarios using just the WM with RTC:WM PROTOCOL PORTS STATUS RTC PROTOCOL/AUTHENTICATION---------------------- ----------- ------------ ---------------------------------------------------TLS TRUE Working TCP,MTLS,NTLMTLS FALSE Working TCP,MTLS,NTLMTCP FALSE Working TCP,NTLMTCP/TLS FALSE Working TCP,MTLS,NTLM,KERBEROSTLS TRUE Working TCP,MTLS,NTLM,KERBEROS

Following scenarios are the non-working scenarios using just the WM with RTC:WM PROTOCOL PORTS STATUS RTC PROTOCOL/AUTHENTICATION---------------------- ----------- ------------ ---------------------------------------------------



Siemens ICN EN



TLS FALSE Not Working TCP,NTLMTCP/TLS FALSE Not Working TCPTCP TRUE Not Working TCP,MTLS,NTLMTCP FALSE Not Working TCP,MTLS,NTLMTCP TRUE Not Working TCP,MTLS,NTLM,KERBEROS

10.2.2 LCS User Configuration:To configure the LCS users on your system, you must create them on the Active Directorydatabase. So first you should know where the Active Directory Server is installed. And thenperform the following steps:-

1. For this LCS Administration tools are required to be installed on the machine AD is. It issufficient to install admin tool on DC. It does not need to be on root domain.

2. Click on "Start-->Programs-->Administrative Tools-->Active Directory Users andComputers".

3. From the window, expand your domain tree and create a shared folder in which you cancreate the required RTC users. To do so: right click on your domain entry and select"New-->Shared Folder".

Note: The new shared folder you create is an “Organizational Unit” type shared

folder. It is not necessary to create this folder or OU (as it is abbreviated). Youcan also directly create users under the “Users” shared folder. Creating aseparate OU enables you to keep you users list separate from the rest of thesystem. Then you can easily manage your application specific users in that. Forexample, if you want to create OpenScape LCS users for “domain-01” then youcan create an OU named “Domain-01-users” and start creating all users underthat OU only. Likewise for other domains, you create another OU.

• Key in the required fields with information as desired and click OK.• To create LCS users, right click on the new shared directory that you created and select

"New-->User".• In the "New Object - User" window, enter "First name" & "User logon name" only and

press "Next >".• Enter the password, usually the same as that of the "User logon name" that you entered

in the previous screen, else you can set to whatever you wish to, but just remember what youset it to.• Uncheck the first checkbox and select the third checkbox only and press "Next >".• On the next screen review the information that you set and press "Finish". A new entry for

this user should appear on the right hand column on the screen.• Double click on that user and select the "Real Time Communications" tab from the

screen. This tab appears only if an LC Server has been installed on that machine.• Select the "Enable this user for Real Time Communications" checkbox.• In the "Primary SIP URI" field, set the sip uri with the name of the user you just created

e.g. sip:[email protected] and also select your home server name from the drop downlist in the "Home Server" field and click OK.

Your LCS User is now created and ready for use. To create more users, simply perform steps, 4to 11.

10.2.3 Application URI and Static Routes:

There exists a tool for configuring the Application URI and Static Routes. This tool is available at: \\Bigmo44.eng.sc.rolm.com\dev&test\tools\OpenScapeRTCTool\OOpenScapeRTCTool_1.13.exe

This tool has the following options:



Siemens ICN EN



/CHECKSYSTEMThis option will display only:

- The Current “Static Routes” configured on the system.- OpenScape Application URI configured.- Age of Presence Application URI configured.- All ports configured on the system.

/TRUSTED <port-number>This option will make the specified port as a trusted port.

/UNTRUSTED <port-number>This option will make the specified port as an un-trusted port.

/SETPORT <port> <trusted-untrusted>This option will create a port and make it trusted or un-trusted as desired.

/SETURI [<application-uri>]This option has an optional parameter. If specified, it will create an Application Uri instance in the RTCconfiguration with the it otherwise if not specified, it will create the default OpenScape Application Uri andthe Age of Presence Application Uri.

/SETROUTE <match-uri> <nxt-hop> <port> <type>This option will create a Static route.

/SETROUTE <match-uri> <trusted-untrusted>This option will NOT create a “Static Route” but will make an existing “Static Route” to be trusted or un-trusted as desired.

/SETURIPRIORITY [<application-name>]This option will set the specified Application Uri to be the first one in the Application Priority list of the RTCServer (which means the applications registered with this Application Uri will be the first to receive allregistered for SIP messages. Else if not specified, it will set the default OpenScape Application URI to be thefirst one in the RTC Servers Application Priority list.

/ALLThis option will do the following tasks, if not already done:

- Sets default OpenScape Application Uri’s.- Re-sequence Application priority list.- Set port 1010 as trusted. (It does not create the 1010 port. To create you’ll have to use /SETPORT

option and then you’ll need to re-boot your PC).

DLL Registration (For reference only):This process is required only if you want to add an assembly (.dll) into the Windows GAC (GlobalAssembly Cache).Open a command prompt window.

1. Click "Start-->Run...".2. Type "cmd" or "command" or click "Start-->Program-->Accessories-->Command Prompt".3. In the command console window, type "Regsvr32 <name-of-dll-you-are-registering>" and

press "Enter".4. This will register your DLL with the System in the "Global Assembly Cache".

For RTC to recognize the domain on which it has been installed, correctly, you have to performthe following steps. Make sure the immediate domain in which RTC is installed is listed in GlobalSettings. To verify follow instructions below:

1. Click on "Start-->Programs-->Administrative Tools-->RTC Services".2. Expand the "RTC Services" node.



Siemens ICN EN



3. Under that expand, "Enterprise Real Time Communications" node.4. Under that expand "Global Settings" node.5. In the list box immediate domain should exist. If not, add it to the list.

10.2.4 WM Installation and Setup:

To install or un-install WM client, you must be logged into the PC as a local administrator only. Ifyou already have a WM version installed, you must first un-install it before installing a newerversion. To un-install WM perform the following steps:

1. From “StartRun…” enter “C:\Documents and Settings\All Users\Application Data” andclick “OK”.

2. Select the “Microsoft” directory and double click to get into it.3. There you will find the “Messenger.msi” file. Right click on it and select “uninstall”.

Install WM version 5.0.381. You must first be logged-in as a local Administrator to install WM.Whenever you log-in to the PC as a domain user for the first time, usually WM client willautomatically start your sign-in process using the user id and password as you entered whilelogging into your PC. If this does not automatically start, click on “StartAll ProgramsWindowsMessenger”. This will start the WM instance installation. This will take just less than a minute

usually, and then follow the steps below to configure your WM client for usage.From the menu bar:1. Click on “ToolsOptions…”2. Select the “Accounts” tab.3. In the “Communications Service Account” section, select the check box “My contacts

include users of a communications service”.4. Enter the Sip Uri in the “Sign-in name:” field e.g. [email protected] (this is the LCS

user’s Sip Uri as configured in the Active Directory)5. Now click the “Advanced…” button located right next to this field.6. Select “Configure settings” radio button.7. Key in “rtc-server-host-name.domain.name” in the field “Server name or IP address:” this

server name is the name of the server on which you have installed or the LC Server isinstalled.

8. Select the “TLS” option from the “Connection using:” options field.9. Click “OK”.10. Click “OK”.11. And then sign in.

10.2.5 Test with WMOnce your LC Server is configured, and prior to installing OpenScape, try a test call between twoWM clients. Attempt a voice call between two clients using both TCP and TLS. This will ensurethat you have connectivity and the appropriate certificates.

10.3 AccountsRefer to Section 8 for specifics of accounts and permissions that need to be set up forOpenScape.

10.4 OpenScape install (Applications Server)

This installation package will deploy the OpenScape Base and OpenScape Applications.Installation will allow user for a specific SystemID for the OpenScape System.



Siemens ICN EN



Note1: SystemID must be in uppercase and conform to the following:The characters allowed are A-Z and 0-9. The first and the last characters must be alphanumeric (A-Z and 0-9). The maximum number of characters allowed is 15.

Note2: Refer to Section 8 for information regarding accounts/permissionsrequired to install components.

10.4.1 Minimum Complete System ConfigurationThe Minimum Complete System configuration consists of LCS, SQL and OpenScape Applicationson the same server.

In the Minimum Complete System configuration, the steps for configuration are: Verify/Install O/S – Windows .NET Server 2003, Standard or Enterprise edition Verify/Install MS .NET Framework V1.1 (Windows deliverable) Verify/Install and start MS MSMQ (Windows component) Verify/Install JAVA Runtime(Ref. Section 10.4.3) Verify/Install IIS (Windows component)

Verify/Install ASP.NET (Windows component) Verify/Install Management and Monitoring Tools (Windows component) Verify/Install MS LC Server (Ref. Section10.2) Verify/Install MS SQL Server 2000 Standard or Enterprise Edition (Ref. Section 10.4.5) Verify that the user’s accounts have been created and configured (Ref. Section 8) Install OpenScape Main package (Ref. Section 10.4.6) Install any OpenScape patches (Ref. Section 10.4.7) Configure ports and routes

10.4.2 Multiple Server ConfigurationThe Multiple Server Configuration consists of LCS, SQL and OpenScape Applications beinginstalled on separate servers. The Multiple Server configuration can also encompass either LCSor SQL being co-located with OpenScape Main.

In the Multiple Server configuration, the order of installation should be: LCS SQL OpenScape Main

On the server that is to host LCS: Verify/Install O/S – Windows .NET Server 2003, Standard or Enterprise edition Verify/Install MS LC Server (Ref. Section10.2) Ensure that the OpenScape installer (any account that will be used to install OpenScape)

has administrative privilege on this server. Launch OpenScape Main package - Ref. Section 10.4.6 with the following exception:

o Select to install ONLY RTC Extensions

On the server that is to host SQL Server: Verify/Install O/S – Windows .NET Server 2003 or Windows 2000 Server - Standard or

Enterprise editions Verify/Install MS SQL Server 2000 Standard or Enterprise Edition (Ref. Section 10.4.5) Create folder for storage of database files. This folder may be c:\Program

Files\Siemens\OpenScapeDB\.



Siemens ICN EN



Ensure that the OpenScape installer (any account that will be used to install OpenScape)has administrative privilege on this server, and specifically has write privilege on thefolder created in the previous step.

On the server that is to host OpenScape Main (but no LCS): Verify/Install O/S – Windows .NET Server 2003, Standard or Enterprise edition Verify/Install MS .NET Framework V1.1 (Windows deliverable) Verify/Install and start MS MSMQ (Windows component) Verify/Install JAVA Runtime(Ref. Section 10.4.3) Verify/Install IIS (Windows component) Verify/Install ASP.NET (Windows component) Verify/Install Management and Monitoring Tools (Windows component) Verify that the user’s accounts have been created and configured (Ref. Section 8) Install OpenScape Main package Install OpenScape Main package - Ref. Section 10.4.6 with the following exceptions:

o Deselect RTC Extensions in installation.o When prompted for the DB location path, enter the path of the folder for storage

of database files created on the server hosting SQL Server.Install anyOpenScape patches

Install any OpenScape patches (Ref. Section 10.4.7)

Configure ports and routes

For completeness the table below identifies the supported multiple server configuration.Multiple ServerConfiguration

Components onserver A

Components onserver B

Components onserver C

Three server config. LCSAdmin permission andinstallation of RTCExtensions needed

SQLConfiguration of DBfolder and permissionson server needed

OSNo RTC Extensionsneeded.

Two server config. 1 LCSInstallation of RTCExtensions needed

OS/SQLNo RTC Extensionsneeded

N/A

Two server config. 2 SQL

Configuration of DBfolder and permissionson server needed

OS/LCS

Admin permission andinstallation of RTCExtensions needed

N/A

10.4.3 JAVA Runtime EnvironmentThe CAP License Server (CLT) requires the Java 2 Runtime Environment SE v1.4.1. Thispackage is available at: \\Bigmo44.eng.sc.rolm.com\Dev&Test\Tools\JAVA\JRE\Setup.exe

10.4.4 User accountsSection 8 of this document identifies the accounts and groups that need to be created at thedomain level prior to OpenScape installation. There are Machine Local Groups on theOpenScape server which must also be populated with users.



Siemens ICN EN



10.4.5 MS SQL ServerOpenScape requires SQL Server 2000 plus Service Pack 3. If the database is being installedspecifically for the OpenScape system, then default parameters may be accepted for all optionsexcept service under which SQL Server runs. For this option, the SQL Server service should beselected to run as “Local System”. This will ensure access of the OpenScape system to thedatabase.

Since OpenScape also can run with an existing customer SQL Server there are two things toconsider:

1. An instance of SQL Server must be created for the sole use of OpenScape. To create anew instance, run the MS SQL setup. Setup will prompt for the name of instance tocreate.

2. The customer may have a policy by which their SQL Server instances may not beallowed to run as Local System. In this case, there may be changes necessary to grantsufficient privilege to the account under which SQL runs.

??? Update based on MR F59439.

Note: If the OpenScape system is to be installed in a German environment,ensure that the SQL server installation is Unicode compliant in order to preserve

German characters correctly.

10.4.6 Install OpenScape Application ServerThe OpenScape installation package has two options; OpenScape and OpenScape RTCExtensions. These options may be installed separately, however if they are being installedseparately, OpenScape RTC Extensions must be installed first.

The OpenScape Core installation package is available on CD1.

For development, the OpenScape Core installation package is available at:\\Bigmo44.eng.sc.rolm.com\Release\OpenScape_V1_RC_T40_3

Launch OpenScape main installation package and follow directions on the screens. Details ofinstallation screens are shown in Appendix 17.2.

10.4.7 OpenScape patchesSince the release of this document, there may be additional patches that are required on thesystem. The patch packages are documented separately since the instructions may be specific toa particular patch.



Patches are available on CD3.

For development, check for the existence of available patches at:\\Bigmo44.eng.sc.rolm.com\Release\OpenScape_V1_RC_T40_3\Core\



Siemens ICN EN



If a patch exists, follow the instructions for the patch to install.

10.4.8 SSL Encryption for SQL Server 2000In the Release version of OpenScape (Drop 5) SSL client side encryption is used for access toSQL Server. The SQL Server must have the server certificate which is exported and imported to

the client machine. For details on enabling encryption, refer to the following MS links:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;316898http://support.microsoft.com/default.aspx?scid=kb;EN-US;276553

Note: After installing the certificate, MS SQL Server needs to be restarted. Thisrestart must be done regardless of whether SQL Server is collocated on theOpenScape Main server or on a remote server.

10.4.9 Ports and Routes

The following will apply for the Release (Drop 5) version:•

Siemens SIP Phones, Windows Messenger, and the UNS will use the untrusted TLS port5061.

• All other endpoints will use one trusted TCP port secured with IPSec, including MCU,Media Server, and B2BUA. The single trusted port will default to 50 000 but beconfigurable at install. No other TCP ports are supported.

• A "trusted static route" will be used for the MCU and Media Server.

• Endpoints not configured in IPSec configuration will be blocked from signalling to thetrusted port.

10.5 OpenScape MC (OMC) installThis installation package will deploy the OpenScape Base and OpenScape ManagementConsole. Installation of this package may be on a client machines or it may be directly on theOpenScape server.

Note: The account that will be used to access the OMC should have privilege toview / change the OpenScape database, the account used requires Adminprivileges on the OpenScape SQL DB and access to the WMI namespace at theOpenScape Server.

If the installation is on a client machine in the network, the client machine must have:

O/S – Either Windows 2000 or Windows XP Professional MS .NET Framework V1.1

Launch OpenScape OMC installation package and follow directions on the screens. Details ofinstallation screens are shown in Appendix 17.6.

Note: If OMC is being installed remotely, there may be a need to configure theevent viewer to display events and descriptions correctly. For details please referto MS article:



Siemens ICN EN



http://support.microsoft.com/?kbid=294893%22

The OpenScape MC installation package is available on CD1.

For development, the OpenScape MC installation package is available at:\\Bigmo44.eng.sc.rolm.com\Release\OpenScape_V1_RC_T40_3\OMC

Once OMC is installed it may be used to configure the system. The SMTP server name should beconfigured at this time.

To configure the SMTP server for OpenScape:• Launch OMC• Select the desired target system node from the system tree (WMI provider service must

be running on the target system).• Select System Data• Right click and select the “Configure” menu item.• Select the System Parameters tab• Enter the SMTP server and click Save

10.6 OpenScape MCU installIn the Minimum Complete System configuration, the steps for configuring the MCU Server are:

Verify/Install O/S – Windows Server 2003 Verify/Install MS .NET Framework v1.1



The OpenScape MCU installation package is available on CD1.

For development, the OpenScape MCU installation package is available at:\\Bigmo44.eng.sc.rolm.com\Release\OpenScape_V1_RC_T40_3\MCU

Launch OpenScape MCU installation package and follow directions on the screens. Details ofinstallation screens are show in Appendix 17.7.

Note: The OpenScape MCU can be installed as a Standalone MCU or as a One Box Solution (onthe same server and the LCS and OpenScape). The OpenScape MCU can have up to 4 MPs.The OpenScape MP(s) may or may not be installed on the same machine as the MC. See MatrixTable A in Security (10.9) for supported setups. The installation and configuration details aredocumented in Appendix 17.7.

10.7 OpenScape Media Server (ComResponse) installIn the Minimum Complete System configuration, the steps for configuring the ComResponseServer are:

Verify/Install O/S – Windows 2000 Server + SP3 Verify/Install JAVA Runtime Environment



Siemens ICN EN



Note: A beta hot fix from Microsoft must be installed with ComResponse tofix a Kerberos authentication issue. Here are the steps to obtain the betahot fix:

1. Call the Microsoft support number: (800) 936-8248 2. Ask for a Knowledge Base article look-up # 328194, specifying that it is "not finished"

(so that the information is obtained from a different database).

ComResponse has a separate and complete set of instructions and packages. These instructionsand packages are available on CD1.

For development the ComResponse package is available at:\\Bigmo44.eng.sc.rolm.com\Release\OpenScape_V1_RC_T40_3\ComResponse\

Follow the instructions for these packages.

10.8 OpenScape UsersIn any OpenScape system configuration, an OpenScape User Client machine should have:MS Office 2003 will not be supported by the OpenScape system.

O/S – Either Windows 2000 or Windows XP Professional Windows Messenger 5.0/ IE 5.1/ Outlook 2000

10.8.1 OpenScape ClientTo use the OpenScape Client the following package must be installed:

OpenScape Client

The OpenScape Client installation package is available on CD1.

For development, the OpenScape Client installation package is available at:\\Bigmo44.eng.sc.rolm.com\Release\OpenScape_V1_RC_T40_3\Client

Launch OpenScape Client installation package and follow directions on the screens. Details ofinstallation screens are shown in appendix 0

10.8.2 PortalsTo use OpenScape Portals, web configuration must be performed on both the server machine aswell as the client machines.

Appendix 17.8 provides details of the configuration.

10.9 SecurityFor secure the communication between servers OpenScape uses the IP Security Protocolprovided by Windows 2000 and above. IPSec is used between the following servers in theRelease (Drop 5) OpenScape system:

• MCU and the LC Server (if on different machines) • MCU and the OpenScape Server (if on different machines) • ComResponse and the LC Server• ComResponse and the OpenScape Server



Siemens ICN EN



• LCS and the OpenScape Server (if on different machines) • MC and MP (if on different machines)

Following matrix (Table A) describes the different scenarios in which the OpenScape systemcould be installed and this document supports these different types of setup.

Scenario Machine A(Windows2003Server)

Machine B(Windows2000Server)

MachineC(Windows2003Server)

MachineD(Windows2003Server)

MachineE(Windows2003Server)

MachineF(Windows2003Server)

MachineG(Windows2003Server)

MachineH(Windows2003Server)

1 LCS,OpenScape,MC and MP

ComResponse

------ ------ ------ ------ ------ ------

2 LCS,OpenScape,

MC

ComResponse

MP ------ ------ ------ ------ ------

3 LCS, MC &MP

ComResponse

OpenScape

------ ------ ------ ------ ------

4 LCS &OpenScape

ComResponse

MC & MP ------ ------ ------ ------ ------

5 LCS & MC ComResponse

OpenScape

MP MP(optional)

MP(optional)

MP(optional)

------

6 LCS ComResponse

OpenScape & MC

MP MP(optional)

MP(optional)

MP(optional)

------

7 LCS &OpenScape

ComResponse

MC MP MP(optional)

MP(optional)

MP(optional)

------

8 LCS ComResponse

OpenScape

MC MP MP(optional)

MP(optional)

MP(optional)

Table A

10.9.1 Create a custom MMC console for IPSec Configuration

The following describes creating an IPSec Configuration MMC snap-in for the local computer, onwhich IPSec is being configured.1. From the Windows desktop, click Start, click Run, and in the Open textbox, type mmc.

Click OK.2. On the Console menu, click Add/Remove Snap-in.3. In the Add/Remove Snap-in dialog box, click Add.4. In the Add Standalone Snap-in dialog box, click IP Security Policy Management and

then click Add. 5. Verify that Local Computer is selected and click Finish.6. To close the Add Standalone Snap-in dialog box, click Close.7. To close the Add/Remove Snap-in dialog box, click OK.8. Click on File menu and select Save As… and enter a name (Example: IPSecPolicies).

Click OK.



Siemens ICN EN



10.9.2 Create a new IPSec PolicyThe following describes steps to be followed to create an IPSec policy on the different servermachines of the OpenScape V1.0 system.

1. From the IPSec Configuration MMC console that was just created, from the menu, clickIP Security Policies on Local Computer, and then click Create IP Security Policy.

The “IP Security Policy Wizard” pops up. Click Next.

2. Enter a name for this policy (required) and description (optional). Click Next.For example, Name: Siemens OpenScape V1.0 IPSec Policy.

3. Uncheck the “Activate the default response rule” check box and click Next.



Siemens ICN EN



4. Keep the “Edit Properties” check box checked and click Finish.

5. The new policy’s properties window will pop up.



Siemens ICN EN



6. Click Add. The “Security Rule Wizard” pops up. Click Next.

7. Make sure that the “This rule does not specify a tunnel” radio button is selected. Click

Next.



Siemens ICN EN



8. Make sure that the Network Type “All network connections” radio button is selected.Click Next.

9. The window as shown appears only on Windows 2000 server. Ignore this step onWindows 2003 server as this window is not shown. Make sure that the “Active Directorydefault (Kerberos V5 protocol)” radio button is checked and click Next.



Siemens ICN EN



10. Click Add. The IP Filter list window pops up.

11. Enter a Name for the IP Filter List and the Description. In this case, the Name is “New IP

Filter List”.



Siemens ICN EN



12. Add filters from Sections 10.9.3(MCU) or 10.9.4(ComResponse) or 10.9.5 (LCS) or10.9.6 (OpenScape) or 10.9.6(MC) or 10.9.8(MP) based on the machine for which youare setting this configuration. If LCS and OpenScape are installed on the same machinethen add filters from Sections 10.9.5 and 10.9.6 for that machine.

13. Click OK.14. Check the newly-created “IP Filter List” radio button. Click Next.

15. In the Filter Action window, select the “Require Security” radio button. Click Next.



Siemens ICN EN



16. The window as shown appears only on Windows 2003 server. Ignore this step onWindows 2000 server as this window is not shown. Make sure that the “Active Directorydefault (Kerberos V5 protocol)” radio button is checked and click Next.

17. Uncheck “Edit Properties” if it is checked and click Finish.

18. Check the newly-created “IP Filter List” checkbox, if not already done.



Siemens ICN EN



19. For the following machines, follow the steps in 10.9.9 to setup Block Rule; otherwise skipthis step.

• LC Server machine

• OpenScape Server machine

• ComResponse Server machine20. If you have a gateway in your setup that doesn’t support IPSec (Vegastream), follow thesteps in Section 10.9.10 to setup Permit Rule; otherwise skip this step.21. Click OK (on Windows 2003 server) or Close (on Windows 2000 server). 22. On the MMC console, right click on the newly-created IPSec security policy and select“Assign”. This assigns the security policy to the machine and makes it active and you cansee the “Policy Assigned” set to “Yes”.

10.9.3 MCUThe following describes the steps to add the IPSec filters for the MCU server machine.Screenshots of the IPSec windows are shown in Appendix 0.



Siemens ICN EN



10.9.3.1 Filter for MCU -> License Server (OpenScape Server Machine)

1. Click Add to add a filter. The “IP Filter Wizard” pops up. Click Next.2. On Windows 2003 Server, enter the description (optional) and keep the Mirrored check

box checked. On Windows 2000, this step is not shown.3. On the “IP Traffic Source” window, select “My IP Address” . Click Next.4. On the “IP Traffic Destination” window, select “A specific IP Address” and enter the IP

address of the OpenScape Server Machine. Click Next.5. On the “IP Protocol Type” window, select “UDP” .Click Next.6. On the “IP Protocol Port” window, select the “From any port” radio button for source,

select the “To this port” radio button, and enter 4321 port number. Click Next.7. Click Finish.

Note: The filters mentioned in section 10.9.3.2 and 10.9.3.3 are configuredonly for the case where MCU and LC Server are installed on separatemachines. For the case where MCU and LC Server are installed on thesame machine skip these sections (10.9.3.2 and 10.9.3.3).

10.9.3.2 Filter for MCU -> LC Server

1. Click Add to add a filter. The “IP Filter Wizard” pops up. Click Next.2. On Windows 2003 Server, enter the description (optional) and keep the Mirrored checkbox checked. On Windows 2000, this step is not shown.

3. On the “IP Traffic Source” window, select “My IP Address”. Click Next.4. On the “IP Traffic Destination” window, select “A specific IP Address” and enter the IP

address of the LC Server Machine. Click Next.5. On the “IP Protocol Type” window, select “TCP”. Click Next.6. On the “IP Protocol Port” window, select the “From any port” radio button for source and

select the “To this port” radio button, and enter the trusted port number configuredon LCS. Click Next.

7. Click Finish.

10.9.3.3 Filter for LC Server -> MCU


10. On the “IP Traffic Source” window, select “A specific IP Address” and enter the IPAddress of the LC Server machine. Click Next.

11. On the “IP Traffic Destination” window, select “My IP Address”. Click Next.12. On the “IP Protocol Type” window, select “TCP”. Click Next.13. On the “IP Protocol Port” window, select the “From any port” radio button for source and

select the “To this port” radio button and enter 5060 or the port number configured onMCU server for SIP messages from LCS. Click Next.

14. Click Finish.

10.9.3.4 MC <-> MPIf MP is installed on the MCU server machine and MC is installed on a different machine, thenuse the steps in 10.9.8.1 to add a filter for MP to MC communication. Otherwise, skip this step.

10.9.4 ComResponseThe following describes the steps to add the IPSec filters for the ComResponse server machine.



Siemens ICN EN



Screenshots of the IPSec windows are shown in Appendix 0.

10.9.4.1 Filter for ComResponse -> License Server (OpenScape Server Machine)


box checked. On Windows 2000, this step is not shown.3. On the “IP Traffic Source” window, select “My IP Address”. Click Next.4. On the “IP Traffic Destination” window, select “A specific IP Address” and enter the IP

address of the OpenScape Server Machine. Click Next.5. On the “IP Protocol Type” window, select “UDP”. Click Next.6. On the “IP Protocol Port” window, select the “From any port” radio button for source,

select the “To this port” radio button, and enter 4321 port number. Click Next.7. Click Finish.

10.9.4.2 Filter for ComResponse -> LC Server



address of the LC Server Machine. Click Next.5. On the “IP Protocol Type” window, select “TCP”. Click Next.6. On the “IP Protocol Port” window, select the “From any port” radio button for source and

select the “To this port” radio button and enter the trusted port number configured onLCS. Click Next.

7. Click Finish.

10.9.4.3 Filter for LC Server -> ComResponse


box checked. On Windows 2000, this step is not shown.10. On the “IP Traffic Source” window, select “A specific IP Address” and enter the IP

address of the LC Server Machine. Click Next.11. On the “IP Traffic Destination” window, select “My IP Address”. Click Next.12. On the “IP Protocol Type” window, select “TCP”. Click Next.13. On the “IP Protocol Port” window, select the “From any port” radio button for source and

select the “To this port” radio button and enter 5060 or the port number configured onComResponse server for SIP messages from LCS. Click Next.

14. Click Finish.

10.9.5 LC ServerThe following describes the steps to add the IPSec filters for the LC Server machine. Screenshots

of the IPSec windows are shown in Appendix 0.

10.9.5.1 Filter for LCS -> MCU Server


box checked. On Windows 2000, this step is not shown.3. On the “IP Traffic Source” window, select “My IP Address”. Click Next.



Siemens ICN EN



4. On the “IP Traffic Destination” window, select “A specific IP Address” and enter the IPaddress of the MCU Server Machine. Click Next.

5. On the “IP Protocol Type” window, select “TCP”. Click Next.6. On the “IP Protocol Port” window, select the “From any port” radio button for source and

select the “To this port” radio button and enter 5060 or the port number configured onMCU server for SIP messages from LCS. Click Next.

7. Click Finish.

10.9.5.2 Filter for MCU Server -> LCS



address of the MCU Server Machine. Click Next.11. On the “IP Traffic Destination” window, select “My IP Address. Click Next.12. On the “IP Protocol Type” window, select “TCP”. Click Next.13. On the “IP Protocol Port” window, select the “From any port” radio button for source and

select the “To this port” radio button and enter the trusted port number configured onLCS. Click Next.

14. Click Finish.

10.9.5.3 Filter for LCS -> ComResponse Server

1. Click Add to add a filter and “IP Filter Wizard” pops up. Click Next.2. On Windows 2003 Server, enter the description (optional) and keep the Mirrored check

box checked. On Windows 2000, this step is not shown.3. On the “IP Traffic Source” window, select “My IP Address” Click Next.4. On the “IP Traffic Destination” window, select “A specific IP Address” and enter the IP

address of the ComResponse Server Machine. Click Next.5. On the “IP Protocol Type” window, select “TCP”. Click Next.6. On the “IP Protocol Port” window, select the “From any port” radio button for source and

select the “To this port” radio button and enter 5060 or the port number configured onComResponse server for SIP messages from LCS. Click Next.

7. Click Finish.

10.9.5.4 Filter for ComResponse -> LC Server



address of the ComResponse Server Machine. Click Next.11. On the “IP Traffic Destination” window, select “My IP Address”. Click Next.12. On the “IP Protocol Type” window, select “TCP”. Click Next.13. On the “IP Protocol Port” window, select the “From any port” radio button for source and

select the “To this port” radio button and enter the trusted port number configured on

LCS. Click Next.14. Click Finish.

The filters mentioned in sections 10.9.5.5 and 10.9.5.6 are configured only for the casewhere LCS and OpenScape are installed on separate machines. For the case where LCSand OpenScape are installed on the same machine skip these sections (10.9.5.5 and10.9.5.6).



Siemens ICN EN



10.9.5.5 Filter for LCS <- B2BUA (OpenScape Server)

1. Click Add to add a filter and “IP Filter Wizard” pops-up, Click Next.2. On Windows 2003 Server, enter the description (optional) and keep the Mirrored check


address of the OpenScape Server Machine, click Next.

4. On the “IP Traffic Destination” window, select “My IP Address”, click Next.5. On the “IP Protocol Type” window, select “TCP”, click Next.6. On the “IP Protocol Port” window, select “From any port” radio button for source and

select “To this port” radio button and enter LCS trusted port (50000 default) number,click Next.

7. Click Finish.

10.9.5.6 Filter for LCS -> B2BUA (OpenScape Server)

1. Click Add to add a filter and “IP Filter Wizard” pops-up, Click Next.2. On Windows 2003 Server, enter the description (optional) and keep the Mirrored check

box checked. On Windows 2000, this step is not shown.3. On the “IP Traffic Source” window, select “My IP Address”, click Next.4. On the “IP Traffic Destination” window, select “A specific IP Address” and enter the IP

address of the OpenScape Server Machine, click Next.5. On the “IP Protocol Type” window, select “TCP”, click Next.6. On the “IP Protocol Port” window, select “From any port” radio button for source and

select “To this port” radio button and enter 21020 or the port configured for B2BUAport number, click Next.

7. Click Finish.

The filter mentioned in section 10.9.5.7 is configured only for the case where you are usinga gateway that supports IPSec. Remember to setup IPSec on the gateway by referring tothe gateway’s manufacturer’s documentation. If you don’t have a gateway in your setup orif your gateway doesn’t support IPSec then skip this step.

10.9.5.7 Filter for LCS <-> Gateway


3. On the “IP Traffic Source” window, select “A specific IP Address” and enter the IPaddress of the Gateway. Click Next.

4. On the “IP Traffic Destination” window, select “My IP Address”. Click Next.5. On the “IP Protocol Type” window, select “TCP”. Click Next.6. On the “IP Protocol Port” window, select the “From any port” radio button for source and

select the “To this port” radio button and enter LCS trusted port (50000 default) number.Click Next.

7. Click Finish.

10.9.6 OpenScapeThe following describes the steps to add the IPSec filters for the OpenScape server machine.

10.9.6.1 Filter for License Server (OpenScape Server) <-> MCU

1. Click Add to add a filter. The “IP Filter Wizard” pops up. Click Next.

2. On Windows 2003 Server, enter the description (optional) and keep the Mirrored

check box checked. On Windows 2000, this step is not shown.



Siemens ICN EN



3. On the “IP Traffic Source” window, select “A specific IP Address” and enter the

IP address of the MCU Server Machine. Click Next.4. On the “IP Traffic Destination” window, select “My IP Address”. Click Next.

5. On the “IP Protocol Type” window, select “UDP”. Click Next.

6. On the “IP Protocol Port” window, select the “From any port” radio button for

source and select the “To this port” radio button and enter 4321 port number.Click Next.

7. Click Finish.

10.9.6.2 Filter for License Server (OpenScape Server) <-> ComResponse

1. Click Add to add a filter. The “IP Filter Wizard” pops up. Click Next.



3. On the “IP Traffic Source” window, select “A specific IP Address” and enter the

IP address of the ComResponse Server Machine. Click Next.4. On the “IP Traffic Destination” window, select “My IP Address”. Click Next.

5. On the “IP Protocol Type” window, select “UDP”. Click Next.

6. On the “IP Protocol Port” window, select the “From any port” radio button forsource and select the “To this port” radio button and enter 4321 port number.

Click Next.

7. Click Finish.

10.9.6.3 Filter for MC <-> MP

If MC is installed on the OpenScape server machine and MP is installed on a different machine,then use the steps in Section 10.9.7.1 to add a filter for MP to MC communication. Otherwise skipthis step.

The filters mentioned in section 10.9.6.4 and 10.9.6.5 are configured only for the casewhere LCS and OpenScape are installed on separate machines. For the case where LCSand OpenScape are installed on the same machine skip these sections ( 10.9.6.4 and10.9.6.5).

10.9.6.4 Filter for B2BUA (OpenScape Server) -> LC Server

1. Click Add to add a filter and “IP Filter Wizard” pops-up, Click Next.2. On Windows 2003 Server, enter the description (optional) and keep the Mirrored


3. On the “IP Traffic Source” window, select “My IP Address”, click Next.

4. On the “IP Traffic Destination” window, select “A specific IP Address” andenter the IP address of the LC Server Machine, click Next.

5. On the “IP Protocol Type” window, select “TCP”, click Next.

6. On the “IP Protocol Port” window, select “From any port” radio button forsource and select “To this port” radio button and enter LCS trusted port (50000

default) number, click Next.

7. Click Finish.

10.9.6.5 Filter for B2BUA (OpenScape Server) <- LC Server

1. Click Add to add a filter and “IP Filter Wizard” pops-up, Click Next.



Siemens ICN EN




check box checked. On Windows 2000, this step is not shown.3. On the “IP Traffic Source” window, select “A specific IP Address” and enter the

IP address of the LC Server Machine, click Next.

4. On the “IP Traffic Destination” window, select “My IP Address”, click Next.

5. On the “IP Protocol Type” window, select “TCP”, click Next.6. On the “IP Protocol Port” window, select “From any port” radio button for

source and select “To this port” radio button and enter 21020 or the port

configured for B2BUA port number, click Next.

7. Click Finish.

10.9.7 MCThe following describes the steps to add the IPSec filters for the machine on which MC isinstalled. This configuration step is done only for the case where MP is installed on a machinedifferent from where MC is installed. If MC is installed on a machine other than LCS, OpenScape,MCU and ComResponse machines, then follow the steps in sections 10.9.1 and 10.9.2 to create

an MMC Snap-in and a new IPSec policy and add the following filter for MC to MPcommunication.

10.9.7.1 Filter for MC <-> MP



address of the Server Machine where MP is installed. Click Next.4. On the “IP Traffic Destination” window, select “My IP Address”. Click Next.5. On the “IP Protocol Type” window, select “TCP”. Click Next.6. On the “IP Protocol Port” window, select the “From any port” radio button for source and

select the “To this port” radio button and enter 2945 port number. Click Next.7. Click Finish.

10.9.8 MPThe following describes the steps to add the IPSec filters for the machine on which MP isinstalled. This configuration step is done only for the case where MP is installed on a machinedifferent from where MC is installed. For each MP, if it is installed on a machine other than LCS,OpenScape, MCU and ComResponse machines, then follow the steps in sections 10.9.1 and10.9.2 to create an MMC Snap-in and a new IPSec policy and add the following filter for MC toMP communication.

10.9.8.1 Filter for MP <-> MC



address of the Server Machine on which MC is installed. Click Next.5. On the “IP Protocol Type” window, select “TCP”. Click Next.



Siemens ICN EN



6. On the “IP Protocol Port” window, select the “From any port” radio button for source andselect the “To this port” radio button and enter 2945 port number. Click Next.

7. Click Finish.

10.9.9 Block RuleThis mandatory configuration step is done to secure the trusted port of the LC Server on the LCserver machine, B2BUA port on the OpenScape server machine and the ComResponse port onthe ComResponse server machine. If this mandatory step is not performed, the LC server,B2BUA and ComResponse will be open to security breaches. This rule is set only for the servermachines mentioned in 10.9.2, step 19 after the filters are set for those machines.

1. After adding the “New IP Filter List” from above in 10.9.2. Click Add, the “Security RuleWizard” pops up. Click Next.

2. Make sure that the “This rule does not specify a tunnel” radio button is selected. ClickNext.

3. Make sure that the Network Type is set to the “All network connections” radiobutton is selected. Click Next.

4. This window shows only on Windows 2000 server. On Windows 2003 server, this step is notshown. Make sure that the “Active Directory default (Kerberos V5 protocol)” radio buttonis checked and click Next.

5. Click Add. The “IP Filter list” window pops up.6. Enter a Name for the IP Filter List and Description. In this case, it is “Block Port”.7. Click Add to add a filter. The “IP Filter Wizard” pops up. Click Next.8. On Windows 2003 Server, enter the description (optional) and keep the Mirrored check box

checked. On Windows 2000, this step is not shown.9. On the “IP Traffic Source” window, select “Any IP Address”. Click Next.10. On the “IP Traffic Destination” window, select “My IP Address”. Click Next.11. On the “IP Protocol Type” window, select “TCP”. Click Next.12. On the “IP Protocol Port” window, select the “From any port” radio button for source, select

the “To this port” radio button, and enter the port number from the table below dependingon the machine. Click Next.

Application (Server Machine) Port

LCS (LC server machine) Trusted port number on LCS

B2BUA (OpenScape Servermachine)

Port number configured onB2BUA for SIP messages fromLCS (default: 21020)

ComResponse (ComResponseServer machine)

Port number configured onComResponse to receive SIPmessages from LCS (default:5060)

Table 113. Click Finish.

14. If two or more applications mentioned in Table 1 are on the same server machine then steps7 – 13 should be repeated for those applications.

15. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).16. Check the newly-created IP Filter List radio button. In the case, it is “Block Port”. Click

Next.17. In the Filter Action window, click Add and the “Filter Action Wizard” pops up. Click Next.18. On the Filter Action Name window, enter the Name field as “Block”. Click Next.19. On the Filter Action General Options window, select the “Block” radio button. Click Next.20. Click Finish.



Siemens ICN EN



21. On the Filter Action window, select the newly-created “Block” radio button. Click Next.22. Uncheck “Edit Properties” if it is checked and click Finish.23. Check the newly-created “Block Port” (in this case) checkbox if not already done.24. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).25. Go to 10.9.2, Step 20.

10.9.10 Permit Rulefor GatewayThis step is for lab purposes only and is required for gateways that don’t support IPSec likeVegastream and Mediatrix. This filter will allow a Gateway to connect to LCS trusted port in spiteof setting the Block Rule (Section 10.9.9) that blocks connections to this port from any other IPaddresses other than OpenScape, MCU and ComResponse.

1. After adding the “Block Rule” (section 10.9.9, step 18). Click Add, the “Security RuleWizard” pops up. Click Next.

2. Make sure that the “This rule does not specify a tunnel” radio button is selected . ClickNext.

3. Make sure that the Network Type is set to the “All network connections” radio

button is selected. Click Next.4. This window shows only on Windows 2000 server. On Windows 2003 server, this step is not

shown. Make sure that the “Active Directory default (Kerberos V5 protocol)” radio buttonis checked and click Next.

5. Click Add. The “IP Filter list” window pops up.6. Enter a Name for the IP Filter List and Description. In this case, it is “Allow Gateway”. 7. Click Add to add a filter. The “IP Filter Wizard” pops up. Click Next.8. On Windows 2003 Server, enter the description (optional) and keep the Mirrored check box

checked. On Windows 2000, this step is not shown.9. On the “IP Traffic Source” window, select “A specific IP Address” and enter the IP address

of the Gateway, click Next.10. On the “IP Traffic Destination” window, select “My IP Address”. Click Next.11. On the “IP Protocol Type” window, select “TCP”. Click Next.

12. On the “IP Protocol Port” window, select the “From any port” radio button for source, selectthe “To this port” radio button, and enter the trusted port number of the LC server . ClickNext.

13. Click Finish.14. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).15. Check the newly-created IP Filter List radio button. In the case, it is “Allow Gateway”. Click

Next.16. On the Filter Action window, select the “Permit” radio button. Click Next.17. Uncheck “Edit Properties” if it is checked and click Finish.18. Check the newly-created “Allow Gateway” (in this case) checkbox if not already done.19. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).20. Go to 10.9.2, Step 21.

10.10 Security for Phone Discovery

This section gives a general overview of “Phone Discovery”, explains why the feature may beperceived as a security attack by Intrusion Detection Systems, and explains how to prevent falsealarms.



Siemens ICN EN



Phone Discovery is a feature of OpenScape that obtains information from SIP Phones on thenetwork for use by the administrator and by OpenScape software components. Phone Discoveryis usually performed with broadcast messages to the endpoints. The OpenScape ManagementConsole tab (Figure 7) is used for configuring the feature.

Figure 7. OMC Phone Management Tab

If the endpoints are located behind routers on a different subnet from the OpenScape server, abroadcast message is not possible and it is necessary for the administrator to configure a range

of IP Addresses that OpenScape should scan in order to find the SIP Phones. Scanning theendpoints may be perceived as a hacker attack by security tools designed to protect against suchattacks.

Phone Discovery occurs at the following times:

1. when the administrator refreshes the list of phones displayed on the OpenScapeManagement Console

2. when the Scheduled Data Synchronization for the SIP Phones is performed

3. when OpenScape software is attempting to locate a specific SIP Phone given a MACAddress

To prevent false alarms from Intrusion Detection Systems (IDS), the IDS should be configured to

ignore UDP messages sent to port 5100. In other words, a filter should be set up in the IDS sothat Phone Discovery messages do not trigger a false security alarm.

10.11 CertificatesIf an application running in machine A wants to access a service from a server application runningon machine B and use TLS encryption then the CA that issued the certificate to the server B hasto be configured as a trusted certificate authority on the local computer A.

• Customers can use WM with TCP in case they choose to.



Siemens ICN EN



• “Windows Messenger users will have an additional GUI interface as part ofOpenScape. It will be implemented via TABS that are downloaded from a centralserver via HTTPS”. This server functionality can be provided by the Openscapeserver since it is running IIS and will have a certificate installed. Any other server withIIS configured for TLS can also work.

• “OpenScape Version 1 will support Internet access to portals via HTTPS”. However if

the customer requires the portals can also be accessed using HTTP. This then willnot require a CA to be configured or installed on the client machine as a trusted rootca for a user to use portals (assuming they are using TCP with WM and IE to accessthe portals instead of WM TABS)

• Cost associated with using certificates issued by a third party certificate authority is$100,000 to $250,000 (optional) warranty cost + $350-$500 for a certificate.

• Certificates can be issued by different CA’s (both internal and external) as long asthey are configured as trusted CAs on local machines e.g. the LC Server certificatecan be issued by an internal CA and the SIP phone certificates can be issued by anexternal CA as long as both these CAs are configured as trusted CAs on machinesrunning the client applications i.e. LC Server machine, Openscape machine and SQLserver machine etc.

Depending on how customers acquire their certificates, the tables below identify the certificatesthat will be required.

Customers that use 1 certificate vendor/PKI:Machine Certificate

RequiredRoot Certificate of the CA that should be configuredas trusted

LC Server Y CA that issued certificates used throughoutOpenScape

OpenScapeServer *

Y CA that issued certificates used throughoutOpenScape

SQL Server * Y

Media Server Y CA that issued certificates used throughoutOpenScape

MC Server N CA that issued certificates used throughoutOpenScape

MP Server(s) N CA that issued certificates used throughoutOpenScape

Sip Phone Y CA that issued certificates used throughoutOpenScape

ClientWorkstation inIntranet

N CA that issued certificates used throughoutOpenScape

ClientWorkstation inInternet

N CA that issued certificates used throughoutOpenScape

ISA Server Y CA that issued certificates used throughout

OpenScapeOMC node N CA that issued certificates used throughout

OpenScape

*Running on a separate physical node. Can reuse and share the same machine certificate ifinstalled on the same machine.

Customers that use certificates from more than 1 vendor/PKI:

Machine Certificate Root Certificate of the CA that should be configured



Siemens ICN EN



Required as trusted

LC Server Y CA that issued OpenScape Server certificateCA that issued LC Server certificate if two HomeServers are directly connected with Mutual TLS

OpenScapeServer *

Y CA that issued SQL Server certificateCA that issued Media Server certificate

CA(s) that issued SIP Phone certificatesSQL Server * Y

Media Server Y CA that issued OpenScape Server certificateCA that issued SQL Server certificate

MC Server N CA that issued OpenScape Server certificateCA that issued SQL Server certificate

MP Server(s) N CA that issued OpenScape Server certificateCA that issued SQL Server certificate

Sip Phone Y CA that issued LC Server certificate

ClientWorkstation inIntranet

N CA that issued LC Server certificateCA that issued OpenScape Server certificateCA(s) that issued SIP Phone certificates (for CTIinterface and Web Pages interface)

ClientWorkstation inInternet

N CA that issued ISA Server certificate

ISA Server Y CA that issued OpenScape Server certificate

OMC node * N TBD: CA that issued OpenScape Server certificate

*Running on a separate physical node. Can reuse and share the same machine certificate ifinstalled on the same machine.

10.11.1 OpenScapeCertificate Configuration

The System Data Configuration Dialog as shown in Figure 8 is used to configure “system-wide”

OpenScape data such as:• Security Certificate

Figure 8. OMC System Management

The System Data Configuration Dialog for a given server is invoked by clicking on the SystemData node. This dialog is composed of multiple tab pages.



Siemens ICN EN



The Certificate Configuration tab page of the System Configuration Dialog (see Figure 9 below) isused to select the Security Certificate used by the OpenScape system. The Administrator mustset this value initially when the OpenScape server software is installed. When this screen isentered, a list of all currently installed certificates is shown. If a certificate has already beenselected for OpenScape, it will be shown in the Current Certificate text box. The Administratormay select a new certificate by selecting (mouse left-click) an entry in the certificates list, andthen clicking the Select button. The newly selected certificate will be set in the database and it’sentry in the list will be highlighted.

Figure 9. Certificate Configuration Tab

10.11.2 ComResponse Certificate Configuration

1) In ComResponse System Administrator, go to the Openscape page (see menu on left-hand side of main page).2) On the Openscape page, select the tab "Certificates".3) You should see a table (probably just one entry) of certificates on the machine. Each rowincludes a field (toward the right-hand side) with True or False indicating if the certificate isthe selected one.4) Choose the certificate you want, and click on the 'Modify' link at the right side of the row.5) Check the checkbox to select the certificate, and click on the 'Update' link.6) The table should be updated to show the selected certificate is now marked True, and any

previously selected certificate is marked 'false'.



Siemens ICN EN



11 Installing in a pre-existing environment

A pre-existing environment here is defined as an environment that has the necessaryprerequisites and has had an installation of the OpenScape system previously installed. Theinstallation in this case is a need to replace one of the OpenScape components.

11.1 OpenScape Server (Applications Server)In OpenScape V1.0 it is necessary to uninstall the pre-existing version prior to installation. Duringthis process the OpenScape system would be unavailable to handle calls since one or more of itscomponents will be unavailable.

The process for this installation would be as follows:1. To uninstall OpenScape, you must be logged on with an account that is a

member of the administrator group of your computer.2. Stop the OpenScape system via the OMC.3. Launch the Backup/Restore utility ( OMC -> System Management -> Backup)

and execute a backup of the system data, saving the data to a location otherthan the OpenScape home folder, for example to a C:\BackupData\ folder.4. Uninstall Openscape MC from the Add/Remove Software menu.5. Uninstall Openscape from the Add/Remove Software menu or run the

OpenScape executable. (Ref. Section 14.1)6. Run installation of new OpenScape package.

11.2 OpenScape MC (OMC)In OpenScape V1.0 it is necessary to uninstall the pre-existing version prior to installation. Duringthis process the OpenScape system would be unavailable to handle calls since one or more of itscomponents will be unavailable.

11.3 OpenScape MCUIn OpenScape V1.0 it is necessary to uninstall the pre-existing version prior to installation. Duringthis process the OpenScape system would be unavailable to handle calls since one or more of itscomponents will be unavailable.

11.4 OpenScape Media Server (ComResponse)In OpenScape V1.0 it is necessary to uninstall the pre-existing version prior to installation. Duringthis process the OpenScape system would be unavailable to handle calls since one or more of itscomponents will be unavailable.



Siemens ICN EN



12 Basic Administration

12.1 Adding usersTo add users to the OpenScape system, users must first be created as LCS users. Users may

then be converted to OpenScape users via the OpenScape Management console. Alternatively,users may be also created via the OpenScape Scripting Framework using a user creation script.

Note: In order to enable full feature functionality, all OpenScape users need ane-mail address"

E-mail address required in AD before collaboration groups work If you create a userwithout giving him an e-mail address he can not start any conferences. This problem wasraised as NA00404546 but was closed when it was realised that adding an e-mailaddress made it work. The fault should not have been closed as there is no reason whya used should have an e-mail account in order to start a collaboration. If this problemdoes have to stay in the product then it needs to be very clearly documented in theinstallation and release notes. It has cost a lot of time on most of the trials while people

try and work out what is going wrong.

12.1.1 User Creation via OpenScape ManagementAfter the OMC has been installed, launch the Management console:

• Start -> Run• Type MMC and click OK• In the Console, click on File -> Add/Remove Snap-in…• Click on Add• Add the “OpenScape” snap-in• Close and then OK the dialogs• Save this setting• Expand the OpenScape server in the tree view• Click on “RTC Users”• To promote LCS users to OpenScape users, right click on a user and “Convert User”

Note: The OpenScape Service, Special AE and Special RTP users shouldNOT be converted to OpenScape users. They should remain only LCSusers.

12.1.2 User creation via scriptAn utility is available through OpenScape for to run vbscript scripts. This utility may be used to:

• Create LCS users• Convert LCS users to OpenScape users

The OpenScape Scripting Framework is available at: \\Bigmo44.eng.sc.rolm.com\Dev&Test\Tools\CreateUsers



Siemens ICN EN



13 Service Pack installService packs for OpenScape, OpenScape MCU, OpenScape ComResponse and SIP Phoneswill be delivered separately.

13.1 OpenScape Main ServerThe OpenScape Main Server service packs will be installation packages for OpenScape.However since the .NET environment ensures strong names of libraries in the Global AssemblyCache, the content of the installation package may differ based on which component is beingfixed.

Figure 10. OpenScape Service packs

If the change to be delivered is in an OpenScape Application, the Service Pack will contain rebuiltApplications.If the change to be delivered is in an OpenScape Base component, and the change does notaffect any application (and there is no Application change), the Service Pack will contain rebuiltBase components.If the change to be delivered is in an OpenScape Base component, and the change affects anapplication, the Service Pack will contain all rebuilt Base components and Applications.

13.2 OpenScape MCUThe OpenScape MCU service packs will be delivered as complete installation packages for theOpenScape MCU.

13.3 OpenScape Media Server (ComResponse)The OpenScape ComResponse service packs will be delivered as complete installation packagesfor the OpenScape ComResponse.

13.4 SIP Phones

??? SIP phones already have a mechanism for delivery of Service Packs.

13.5 InfrastructureService packs for the Infrastructure Servers and Infrastructure layer (MS service packs) will bethe responsibility of the customer.

??? How will we handle the JAVA and 3rd

party software updates for the

ComResponse?

OpenScape Base

OpenScapeApplications

OpenScape



Siemens ICN EN



14 Uninstall

14.1 OpenScape (Main Server) UninstallTo uninstall Openscape, you must be logged on as a domain administrator.

Use Windows Add/Remove Programs utility from the Control Panel to uninstall the OMC.

Use Windows Add/Remove Programs utility from the Control Panel to uninstall all Openscapeprograms or run the OpenScape executable. If you don’t want to remove the database, click NO at “Uninstall Database client”.

Make sure everything has been removed by following these steps:• All Siemens strong named assemblies, starting with “Siemens.EN.RTCB…” in the

“C:\WINDOWS\assembly” directory, are removed. If there are still some remaining, edit andexecute the batch in the following directory to remove these old assemblies. \\Bigmo44.eng.sc.rolm.com\Dev&Test\Xperience\V1\Drop3\Uninstall\uninstall_gac

•

All Siemens services are removed. If not, copy the following batch and directory onto yourlocal hard disk. Edit and then execute the batch. \\Bigmo44.eng.sc.rolm.com\Dev&Test\Xperience\V1\Drop3\Uninstall\uninstall_services If a service cannot be removed, make sure it is stopped.If it still cannot be removed, please reboot your computer and try again.

• Remove the OpenScape directory under “Program Files\Siemens\”. Do not remove theOpenScapeDB directory; this will be covered in the next step.

Note: If you cannot remove the OpenScape home folder, stop the WindowsManagement Instrumentation service from Service Control Manager. This willalso stop the LCS service.

• This step applies only, if you wanted to remove the database!To make sure the database was been removed, open “Programs -> Microsoft SQL Server ->Enterprise Manager” and expand until you are under database. Verify that both containersstarting with “Xp…” are removed. If not just delete them from here.

Note: If you can’t remove the database, restart the Windows ManagementInstrumentation and RTC service then try to delete the database. If you still can’tdelete it, reboot your computer!

• If the database is retained, verify that the DBInUse attribute in the SystemConfig table of theXpSystem database is 0.

14.2 OpenScape MCU UninstallUse Windows Add/Remove Programs utility to remove the package.

14.3 Media Server (ComResponse) UninstallUse Windows Add/Remove Programs utility to remove the package.



Siemens ICN EN



14.4 Service Pack UninstallDue to the delivery mechanism necessary for the system components, there is no means touninstall specific service packs. Backing out a service pack will require uninstallation of thesystem.

15 UpgradeThe general approach for upgrade would include an uninstall/install approach. Data will need tobe backed up prior to this activity and will likely need a transformation to V2 scheme.

Before unistalling OpenScape, note the user accounts and groups used to uninstall Openscapeas you will need to input them later when reinstalling Openscape



Siemens ICN EN



16 Tools, Utilities and Hints

The tools and utilities describes below (except for the Windows Components) are available at: \\Bigmo44.eng.sc.rolm.com\Dev&Test\tools\

16.1 CheckSPNCheckSPN is an utility that is available through LCS Administration tools. This utility may be usedto verify the Service Principal Name (SPN) for the system. If the SPN for a system is notregistered, TLS communication is not possible.

Access this utility by installing the LCS Administration tools from the LCS package.Further information on this utility is available in the CheckSPNReadme in the Resource Kit.

16.2 MSMQTo confirm that the Microsoft Messaging Queue Service (MSMQ) is running:

1) In Control Panel, open “Add or Remove Programs”.2) Click “Add/Remove Windows Components”3) Click “Application Server” and click “Details”4) Check “Message Queuing”

??? We need to find out the detail setting for the Message Queuing service.

16.3 OpenScape RTC ToolThis tool is used to configure LCS settings for Openscape. It is a command line tool with thefollowing options:

/CHECKSYSTEMThis option will display only:

- The Current “Static Routes” configured on the system.- OpenScape Application URI configured.- Age of Presence Application URI configured.- All ports configured on the system.

/TRUSTED <port-number>This option will make the specified port as a trusted port.

/UNTRUSTED <port-number>This option will make the specified port as an un-trusted port.

/SETPORT <port> <trusted-untrusted>This option will create a port and make it trusted or un-trusted as desired. (Note: Afterexecuting this option you will need to reboot your system)

/SETURI [<application-uri>]This option has an optional parameter. If specified, it will create an Application Uriinstance in the RTC configuration with the it otherwise if not specified, it will create thedefault OpenScape Application Uri and the Age of Presence Application Uri.



Siemens ICN EN



/SETROUTE <match-uri> <nxt-hop> <port> <type>This option will create a “Static Route” (where <type> is TCP or TLS)

/SETROUTE <match-uri> <trusted-untrusted>This option will NOT create a “Static Route” but will make an existing “Static Route” to betrusted or un-trusted as desired.

/SETURIPRIORITY [<application-name>]This option will set the specified Application Uri to be the first one in the ApplicationPriority list of the LC Server (which means the applications registered with thisApplication Uri will be the first to receive all registered for SIP messages. Else if notspecified, it will set the default OpenScape Application URI to be the first one in the LCServers Application Priority list.

/ALLThis option will do the following tasks, if not already done:

- Sets default OpenScape Application Uri’s.- Re-sequence Application priority list.- Set port 1010 as trusted. (It does not create the 1010 port. To create you’ll have

to use /SETPORT option and then you’ll need to re-boot your PC).

16.4 OpenScape Scripting FrameworkThe OpenScape Scripting Framework provides a way to add multiple users to Active Directory,and configure and enable them as Live Communications users. Additionally, LiveCommunications users can be automatically converted into OpenScape users with theOpenScape Scripting Framework.

Additional administration scripts are included with the OpenScape Scripting Framework, but arenot described in this document. Refer to the documentation inside the tool.

InstallationThe OpenScape Scripting Framework tool is installed during OpenScape installation and islocated in the \Siemens\OpenScape\tools folder, under ScriptingFW.To launch the tool, double click on the file OSScriptingFW.hta.

Recommendations

• The tool should be run by a Domain Administrator, or a user with permissions to read andmodify Active Directory and the OpenScape Database

• The tool should be run on the OpenScape server.

Running the OpenScape Scripting Framework

To Add Users:1. Double-click on the file OSScriptingFW.hta.2. In the drop-down box labeled Categories, select OpenScape User Management.3. In the field labeled Tasks, select Create RTC Users.4. The following screen will appear



Siemens ICN EN



Enter Script Parameters:• numUsers – the number of user you wish to create.• pwd – the password you wish to assign to each user. Strong passwords

(containing letters, digits, and special characters) are recommended.• Rtcserver – the fully qualified domain name of the RTC server. For example,

xpserver15.devtools.xpinstall.net .

Users will be created with the following format:

User<#>_<rtcservername>@<domain> For example:

[email protected].

5. Verify that the data you entered is correct and push the Run Command button. Thefollowing screen will appear.



Siemens ICN EN



6. You may verify that the users were created by opening Active Directory Users andComputers, expand the node representing your domain, and clicking on the newlycreated Organizational Unit (OS_ <RTCServerName> ).

To Convert RTC Users to OpenScape Users1. In the drop-down box labeled Categories, select OpenScape User Management 2. In the field labeled Tasks, select Create RTC Users.3. The following screen will appear



Siemens ICN EN



Enter Script Parameters:• ou – the name of the Organizational Unit containing the users to be converted.

Note: The OU string must be entered in the following format: ou=os_ <rtcservername>,dc=<child domain> ,dc=<parent domain> ,dc=<.com,.net> .

For example, if the organizational unit name is OS_xpserver15 in the domaindevtools.xpinstall.net the resulting string would be:ou=os_xpserver15,dc=devtools,dc=xpinstall,dc=net

• numericID – This field is not required. Enter the starting number at which tobegin creating numericIDs for each of the converted users. If this field is leftblank, the default is 1000.Note: Be sure any number in this range does not exist in the database.

4. Verify that the data you entered is correct and push the Run Command button. Thefollowing screen will appear.

5. To verify that the users were created, check the current list of OpenScape Users inSiemens OpenScape Management Console.

6. It is recommended to move the newly coverted OpenScape users out of theorganizational unit into the Users folder or another OU in Active Directory afterconversion. The OU should only contain users that will be converted into OpenScapeUsers using this script.

The Convert To OpenScape Users script can be used to convert any properly configured, LCSenabled user into an OpenScape user by using the instructions described above. This providessystem administrators with the convenience of converting large numbers of LCS enabled users toOpenScape users quickly and automatically.

16.5 Shutdown MonitorThis utility graphically shows the status of the OpenScape services. It is a non-interactivemonitoring tool. To launch the monitor:



Siemens ICN EN



• Start -> Programs -> OpenScape -> Shutdown Monitor

16.6 Consistency AnalyzerThis is a command line utility that allows the user to confirm some basic OpenScape resourcelinkages:

Display the database location and check whether the database is accessible.

Check the location of various services (like Serviceability Broker Service, LC Server) Check the CIM on the Serviceability Broker. Test whether the rootpath actually contains the required files. (like xscf.xml, executables,

dll’s) Display the expected executables and test whether all expected dll’s are available (I’m

hoping to get to this information through reflection).To install:

• Execute ConsistencyAnalyserSetup.msiThe default installation path will be “C:\ProgramFiles\Siemens\ConsistencyAnalyzerSetup”

To launch:• Execute ConsistencyAnalyzer.exe• Select Version -> Drop4• Select Analyzer -> Start

16.7 License CheckerThis utility is used to verify OpenScape licenses.

???

16.8 XPConnectionTestThis utility is used to verify OpenScape data connections (Active Directory, LCS WMI and SQLServer)

•

Extract files from XpConnectionTestV1.zip• Execute XpConnectionTest.exe

16.9 OpenScape TraceOpenScape trace may be set by accessing the Subcomponents table in the OpenScapedatabase:• Start -> Programs -> Microsoft SQL Server -> Enterprise Manager• Expand Microsoft SQL Server -> SQL Server Group -> (local) (Windows NT) -> Databases ->

XpSystem• Double click on tables and Open ‘Subcomponents’• For the desired component module enter

TraceStatus = 1TraceLevel = 4

16.10 OpenScape Trace ViewerThis utility will allow the user to view OpenScape trace files. The utility also provides thepossibility of viewing multiple component trace files simultaneously. To launch:

• Execute TraceViewer.exe



Siemens ICN EN



16.11 CSTA Trace (TraceVu)This utility may be used for viewing “real time” call traces. This utility may be run on any machinein the same network as OpenScape, however it requires the JAVA Runtime be installed.• Load the trace utility from:

\\Bigmo44.eng.sc.rolm.com\Dev&Test\tools\_CSTA TraceView tool • Read the instructions in the "readme.txt" file and install the relevant parts on:

• Your Openscape server• A second computer in your domain and somewhere next to the Openscape server

16.12 GAC and Service uninstallationThis editable batch file will remove specified assemblies from the GAC (global assembly cache)and also remove specified services from the system.



Siemens ICN EN



17 Appendix Note: Some Appendices may still contain reference to RTC Server instead on LC

Server.

17.1 A-1 Install Flow

NInstall RTC Server on RTC Server

Install MS SQL Server on Database Server

Confirm Domain Controller configuration

Confirm E-mail Server

Install Windows .NET Server (Enterprise orStandard Edition) on OpenScape Main Server

Install RTC Server on OpenScape Main Server

Install MS SQL Server on OpenScape Main Server

Y

Install OpenScape on OpenScape Main Server

Install OpenScape MCU on MCU Server

Install OpenScape ComResponse onComResponse Server

MinimumCompleteSystem?



Siemens ICN EN



17.2 A-2 Simple Topology SetupThis appendix follows the setup of a simple child domain. These instructions should not beviewed as a replacement of detailed MS topology reference and product installationdocumentation. These instructions merely document a test setup in a laboratory environment.

osdev.com

applications.osdev.com

Exchange 2000

Server1 (RTC) Server3 (MCU)Server2 (CR)

Client1 Client2

Mach1(DC)

Mach2(DC)

MailServer

To set up this system, begin by selecting 8 machines to serve in your system – 2 as domaincontrollers, 1 for Exchange, 3 for the OpenScape/RTC system and 2 clients. Set up the domaincontrollers first, followed by Exchange, then the RTC Server and finally the OpenScape products.

The names of the machines and domains in this example are merely for demonstration. There

are no restrictions on naming (other than specified by MS) for the system.

Domain Controllers:To setup up the domain controllers:

1. Install two machines (Mach1 & Mach2) with Windows 2003 Server, RTM version. Followthe defaults in installation.

2. Create the machines initially as members of Workgroup, not as members of a domain.3. On Mach1, use dcpromo to promote machine to domain controller and forest root,

osdev.com.4. On Mach2, use dcpromo to promote machine to domain controller of child domain

applications.osdev.com

Note: If you have problem in adding child domain administrator to Enterprise Admin group in root

domain, please raise the domain functional level of root domain and child domain to “Windows2003” from default of “Windows 2000”.

****************************************************************************************************************************Ideally, for a domain controller, you want a PC with a processor >= 800Mhz, .5 Gig mem, and ahard disklarge enough to have 10Gig partition for OS with a second partition configured for Ghost back-upimage(s)



Siemens ICN EN



Remove all files from the primary partition and install .NET RTM****************************************************************************************************************************Begin installation:It is reccomended you remove and recreate the primary partition - format as NTFS

Windows Setup - Regional and Language Options - [Next]****************************************************************************************************************************Windows Setup - Personalize your Software Enter the following:Name _____________ (typical Siemens ICN)Orginization _____________ (typical dev)****************************************************************************************************************************Windows Setup - Your Product Key Key: J7C3T-334X9-D7JH7-496KD-BF4DY****************************************************************************************************************************

Windows Setup - Licensing Modes:select Per Device or Per User

****************************************************************************************************************************Windows Setup - Computer Name and Administrator Password Computer Name: ________________Administrator Password: _______________****************************************************************************************************************************Windows Setup - Date&Time - adjust if needed****************************************************************************************************************************Windows Setup - Network Settings:

Custom settings [Next]****************************************************************************************************************************Windows Setup - Network Components select TCP/IP properties



Siemens ICN EN



------------------------------------------------------------------Internet Protocol (TCP/IP) Properties Select the following and enter..Use the following IP address: __________________ (i.e. 10.10.16.50)Subnet mask: 255.255.255.0Default Gateway: __________________ (i.e. 10.10.16.1)

For root DC, leave DNS blank, for child DC, enter DNS of Root DCPreferred DNS server: __________________ (i.e. 10.10.16.254)[Advanced]



Siemens ICN EN



in box labled "DNS suffix for this connection" enter root DC address[check] "Register this connection's addresses in DNS"[check] "Use this connection's DNS suffix in DNS registration"[check] "Append these DNS suffixes in order"[Add] _______________ (type in fully qualified root domain name)[Add] any other private DNS domains you need resolved [Add] eng.sc.rolm.com[Add] rolm.com[OK]

[OK] [Next]

****************************************************************************************************************************Windows Setup - Workgroup or Computer Domain Leave default of Workgroup[Next]****************************************************************************************************************************

Load continues followed by reboot********************************************************************************************************************************************************************************************************************************************************For forest root to be, after login, ping default gateway to confirm network connectivity

On Child DC to be - after login, open DOS shell and ping root DC and domain by name****************************************************************************************************************************C:\>ping osdev.comPinging osdev.com [10.10.11.253] with 32 bytes of data:Reply from 10.10.11.253: bytes=32 time<1ms TTL=127

C:\>ping manxPinging manx.osdev.com [10.10.11.254] with 32 bytes of data:



Siemens ICN EN



Reply from 10.10.11.254: bytes=32 time<1ms TTL=127********************************************************************************************************************************************************************************************************************************************************



Siemens ICN EN



Restart computer#########################################################login as local adminFrom a command prompt, type in "dcpromo" [next] [next]

Domain Controller Type select "Domain controller for a new domain"Create New Domain select "Child domain in an existing domain tree" [next]



Siemens ICN EN



Keep the child domain name shorter than 16 characters and ideally 8 or fewer.



Siemens ICN EN



[next]

[next]

These locations would be on a differant drive (disk) in a production environment



Siemens ICN EN



[next]

These locations would be on a differant drive (disk) in a production environment

[next] [next]



Siemens ICN EN



[next]

Enter restore password [next] [next]

if the host was a member of a domain before being promoted to DC, expect the followingmessage

[Finish][Restart Now]

Test Users:Create a set of test users in the root and child domain. This task may be performed on the rootdomain DC.

1. Open Active Directory Users and Computers utility.

2. Right click and select Connect to Domain.3. Browse for desired domain, select and click OK.4. Expand the domain folder, expand the Users folder.5. Right click Users, select New, select User.6. Enter user information (first & last name, user login, password) and click OK.7. Repeat from step 5 for additional users in current domain, and from step 2 for users in

different domains.



Siemens ICN EN



Mail Server:For simplicity, we chose in this example to install Exchange 2000 in the root domain. This is not arequirement.

To setup the mail server:1. Install Windows Advanced Server 2000 and SP 2 on machine MailServer.2. Follow the defaults in installation, however select to install IIS with NNTP option. This is

needed for installation of Exchange but not required by the OpenScape system. Sofollowing install and configuration, NNTP may be disabled.

3. Following install, ensure the Terminal Services are in Administration Mode.

Before configuring users, you must execute a preparatory step on the domain controllers thatcontain the users you wish to administer.

1. On the root domain DC (Mach1) open a command line window.2. Access the Setup\I386\ folder of MS Exchange 2000 install CD.3. Execute “setup /forestprep” on the command line. Ensure this is the exact command

since a typo in the command may launch the installation of MS Exchange 2000.4. You will need to enter the license key for the MS Exchange 2000 media. Click Next.5. A listing of activities to be performed should be shown. This list should say Forest Prep in

the left column. Click Next.

6. Select Create an Exchange 2000 Organisation and enter your organisation name.7. Enter a name for the Exchange 2000 Administrator Account. Click Next.8. Verify the schema update. Click OK.9. Click Finish on the completion page.

Prepare each child domain that shall contain Exchange.1. Access the Setup\I386\ folder of MS Exchange 2000 install CD.2. Execute “setup /domainprep” on the command line. Ensure this is the exact command

since a typo in the command may launch the installation of MS Exchange 2000.3. You will need to enter the license key for the MS Exchange 2000 media. Click Next.4. A listing of activities to be performed should be shown. This list should say Domain Prep

in the left column. Click Next.5. Click Finish on the completion page

6. Repeat these steps in the child domain.

NOTE: You may run domain prep on any machine in the domain. Running thiscommand on Windows 2003 Server will display a message that the product is notsupported by Microsoft. You can click Continue and the domain prep willcomplete. To avoid this message, run domain prep on any Windows Server 2000or Windows Advanced Server 2000 machine in your child domain.

With the root and child domains prep’ed, you may configure Exchange.1. On the Exchange server machine (MailServer) launch the Exchange System Manager:2. Start -> Programs -> MS Exchange -> Exchange System Manager.3. Expand the Recipients folder.4. Expand the Recipient Update Services folder – there should be two default entries. One

of the default entries should be for the root domain. You will need to create another entryfor any child domains in which you have users.5. Right click and select New Recipient Update Service.6. Browse to find the desired child domain. Click next.7. Browse to find the Exchange server machine. Click next and finish. This should create a

new Recipient Update Service for you child domain.

With Exchange configured you may create user mailboxes.



Siemens ICN EN



1. On the Exchange server machine (MailServer) launch Active Directory Users andComputers:

2. Start -> Programs -> MS Exchange -> Active Directory Users and Computers.3. Select a domain that contains your users. Select the Users folder.4. Right Click on a user. Select Exchange Tasks.5. Select Create Mailbox option, click next and finish.6. Verify that the user has an email address by double clicking the user and selecting the

Email Addresses tab. There should be an entry for SMTP Address [email protected]. If this entry does not exist, create an email address in this tab.

7. Repeat from step 3 for all your test users in this domain and from step 2 for otherdomains.

Machines in child domain:At this point you may designate new machines to be moved into the child domain. There will needto be at least 3 server machines and 2 client machines in your child domain. Two of the serversshould be installed with Windows 2003 Server and one should be Windows Server 2000 + SP3.The machine designated for RTC Server/OpenScape home server must be Windows 2003Server.

If you are moving existing (installed) machines into the child domain you will need to follow these

steps:

o Before changing domain please make sure you un-install any version of RTCServer installed on this machine. Once the machine domain is changed you wouldnot be able to un-install/re-install RTC Server on this machine without rebuildingthe machine.

o If you have installed certificate authority on this machine before you would not beable to change the domain, so you would need to rebuild the machine.

o Ensure that you have a local Administrator account on the machine. If there is nolocal Administrator account you may be unable to administer the machine once itis removed from its old domain.

Determine machine’s current IP address

• Open Command prompt window using “Start > Programs > Run > Cmd”• In the Command prompt window Type ping <machine name>• In the Command prompt window it will display the current machine IP address. Note

down this IP address.

Change network settings for pointing to new domain

• Open Network Connection using “Start > Programs > Settings > Network Connection”• Double click on Local Area Connection• Click on Properties (Window: Local Area Connection Status)• Select Internet Protocol from the List Box displayed under heading “This connection uses

the following items” (Window: Local Area Connection Properties)

• Click on Properties (Window: Local Area Connection Properties)• Choose Use the following IP address (Window: Internet Protocol (TCP/IP) Properties)• In the IP address either type or verify the IP address determined in the first step

“Determine machine’s current IP address”• In the Subnet Mask either type or verify the value “255.255.255.0”• In the Default Gateway either type or verify the value “xxx.xxx.xxx.1” where xxx.xxx.xxx is

the first 3 parts of the machines IP address



Siemens ICN EN



• Verify the DNS Server address (Window: Internet Protocol (TCP/IP) Properties). In thePreferred DNS Server enter the ip address of your DNS Server ( the root domaincontroller).

• Click Advanced (Window: Internet Protocol (TCP/IP) Properties)• Select DNS Tab (Window: Advanced TCP/IP Settings)•

Select “Append these DNS suffixes (in order)”• Click on Add and enter the domains with which the machine will need to communicate, i.e

applications.osdev.com, osdev.com, eng.sc.rolm.com, rolm.com.• In the text box “DNS suffix for this connection” enter the child domain to which the

machine is being added, i.e. applications.osdev.com.• Select the 2 check boxes at the bottom of window (Register……, Use…..)• Click OK (Window: Advanced TCP/IP Settings)• Click OK (Window: Internet Protocol (TCP/IP) Properties)• Click OK (Window: Local Area Connection Properties)• Click Close (Window: Local Area Connection Status)

Change machine domain

• Right Click on My Computer

• Click Properties• Choose Computer Name Tab• Click Change• In the “Member of” Area, choose Domain check box, in the text box the domain to which

the machine is being added, i.e. applications.osdev.com• Click Ok• For adding machine it would pop up box asking user name and password• Use username and password of the root domain Administrator.• You should see a welcome message and prompt to reboot the machine.• Reboot the machine

Your simple topology is now ready for RTC prep and install.

RTC Prep and Install:

For the preparation and installation of RTC server print out the “RTC_DG_BETA.doc” document,in \\Bigmo44.eng.sc.rolm.com\dev&test\Xperience\RTC\0228_Beta\Deployment_migration.zip.

Follow the instructions starting from page number 40 through page number 49 of document.

These pages will take you through:• Installing and Configuring an Enterprise Certification Authority• Configuring the Forest• Installing and Configuring RTC Servers

Additional instructions are also available in Section 7.3 of this document.

Configuring RTC users:Any domain user can be assigned a SIP URI and home server to become a RTC User. Howeverto get functionality of assigning these attributes to the user, domain controller should have RTCAdministration Tools installed on it. Once this is installed, on the user configuration page, Real-Time Communication tab is available. Using this page above mentioned attributes can beassigned to the user.



Siemens ICN EN



Verifying RTC user communication:

Install WM on client machines (< \\Bigmo44.eng.sc.rolm.com\dev&test\Xperience\RTC\WM

50_185>) Refer also to Section 10.8 of this document.

Assign at least 2 users to the RTC Home Server. Make sure on the RTC Server machine, on theRTC Server Snap-in, in Global Settings page, properties have the value of root domain, childdomain(s), and any other domain in which you want to define the RTC users for this home server.Configure WM client to use this home server. Log on from WM. WM clients should be able tocommunicate.

If using TLS, on Client side receive following error :“The WM can not verify certificate from the server. Please contact the network

administrator.”

• Go to local security settings on the client machine and make the following change:• Location: Security Settings / Public Key Policies• Double-click Autoenrollment Settings• Change the current setting "Do not enroll certificates automatically" to Enroll.

The system is now ready for MS SQL and OpenScape install.



Siemens ICN EN



17.3 A-3 Application URI & Static Route ConfigurationThis appendix describes the manual steps to configure the Application URI and Static Routes.

Application URI RegistrationOpenScape does not have an external manifest file (like the “routing.am” file from Microsoft) so

using the first method of creating Application Uri as described below does not apply toOpenScape users. But this step anyway has been described for completeness.There are two ways to configure your Application Uri in the LCS (Live Communication Server).One is as described below:

1. Click on "Start-->Programs-->Administrative Tools-->Live Communication Server".2. Expand the "Live Communication Server" node.3. Under that expand, "Live Communication Server" node.4. Under that expand "Servers" node.5. Under that, click on your server node (i.e. the fully qualified server name for the server on

which the LCS is installed) e.g. "rtc-server-name.domain.name".6. Under the LCS now right click on "Applications" node and select "Properties".7. From the displayed screen, click on the "Add..." button.8. In the "Script path" field, enter the manifest file name with full path or the file in which

your manifest data is defined.9. In the "Application name", give any name as desired, e.g. "Siemens".10. In the "URI" field, enter the Application Uri as defined in your application manifest file or

stream. This is the Uri which the LCS uses to uniquely distinguish an application trying touse its published features.

11. Click "OK".12. Make sure the entry you added is the first one in the list. You can move your entry by

using the "Move Up" and "Move Down" buttons provided on the displayed screen on theright hand side.

13. Click "Apply".14. Click "OK".

Your Application Uri is now configured in the LCS for usage by your registering application.

This is the recommended way of registering the OpenScape Application Uri. These steps arenecessary, if not done, your application will not run and neither will it register with the LCS. This isthe URI that you specify in the application manifest xml document. To register this URI with theLCS, perform the following steps:

1. From "Start-->Run..." type "wbemtest" and click OK.2. A window titled "Windows management Instrumentation Tester" will appear on the

screen.3. Click the "Connect..." button on this screen.4. In the first field "Namespace", type "root\CIMV2" and click the "Connect" button on its

right.5. All the buttons on the previous window under section "IWbemServices" will be enabled.

Now click the "Enum Classes..." button.6. Without entering anything on the popup screen, click OK.7. From the list provided in the "Query Result" window, browse or scroll down and select

and double click "MSFT_SIPApplicationSettings".8. A new window titled "Object editor for MSFT_SIPApplicationSettings" will appear.9. From the second list, i.e. the "Properties" list, scroll down to the last entry i.e. "URI" &

double click on it.10. This will open another window titled "Property Editor". Here in the third field "Value",

check the option "Not NULL".11. Enter in the field the name of your application URI e.g.

http://www.siemens.com/en/rtcb/platform/routingdispatcher 12. Now click "Save Property".



Siemens ICN EN



13. You are back to the window in step 8. From here, select the entry listed as "Name" &double click on it.

14. Do step 10.15. And enter a name (any name) you wish to give this URI.16. Do step 12.17. You are back to window in step 8. From here, select the entry listed as "InstanceID" &

double click on it.18. Do step 10.19. Now you need to get the Instace ID from Visual Studio. Open any project in Visual Studio

.NET.20. Click on "Tools-->Create GUID".21. From the "Create GUID" screen, select "GUID Format" number 4 and click on "Copy" and

then "Exit" buttons respectively.22. Close the Visual Studio .NET development environment if you wish to.23. Go back to your already opened window "Property Editor" for "InstanceID" and paste the

(just copied) GUID in the "Value" field.24. Do step 12.25. You are back to window in step 8. From here, select the entry listed as "Enabled" &

double click on it.26. Do step 10.

27. Enter "true" in the "Value" field.28. Do step 12.29. You are back to the window in step 8. From here, select the entry listed as "Critical" &

double click on it.30. Do step 10.31. Enter "false" in the "Value" field.32. You are back to the window in step 8. From here press "Save Object" button.33. You will be back to the "Query Result" window. From here again select and double click

"MSFT_SIPApplicationElement".34. You will see the window in step 8.35. From here click "Instances".36. Select the Instance ID that you created and set for your application URI in steps 19 to 22.37. Click "Add..."

38. Click "Save Object"39. Now you should be able to see the new entry of your instance id in the list for "Instance of

MSFT_SIPApplicationSettings".40. Click "Save Object" again.41. Click "Close"42. And finally click the "Exit" button on the "Windows management Instrumentation Tester"

screen.

After the Application Uri has been added and configured as described above, you must re-sequence the application priority list in the LCS configuration screen for OpenScape to be able toreceive all SIP messages from the LCS. First reboot your system (machine). When your machineis back up, make sure you are logging back in again as a domain Administrator type user andperform the following steps:

1. Click “Start-->Programs-->Administrative Tools-->Live Communication Server”2. From the left column in the displayed window, click and expand "Live CommunicationsServer".

3. Under that, expand "Server".4. Under that, find the entry of your home server and expand that too.5. Clicking on "Users" folder should display on the right column all the LCS users that

you’ve created in Active Directory.6. Now select the "Applications" entry, right click and select "Properties".7. From the available applications list, you should be able to see the Application URI you



Siemens ICN EN



just created and configured in the steps above.8. Select the added Siemens Application Uri from the list.9. User the “Move Up” or “Move Down” buttons provided on the right hand side of this

properties screen to move your selected Application Uri to the top of the list.10. Once done. Click “Apply” and then click “Ok”.11. Now for these changes to take affect, re-start your LCS Service from the Services Control

Manager (SCM).12. To do so, Click “StartProgramsAdministrative ToolsServices”.13. From the screen just displayed, select the “Live Communication Server” Service.14. Right click on it and click “Stop”. This will Stop the service. Once stopped, right click on it

again and click the “Start” button again.

Your application URI is all set and registered for use. Now to make sure it is registered in the SIPServer API Extension Module for it to be able to allow you to create the Server Agent handler inyour application, perform the following steps:

1. Click "Start-->Programs-->Administrative Tools-->Live Communication Server".2. From the left column in the displayed window, click and expand "Live Communication

Server".3. Under that, expand "Server".4. Under that, find the entry of your home server and expand that too.

5. Clicking on "Users" folder should display on the right column all LCS users that you’vecreated in Active Directory.

6. Now click the "Live Communication Server" entry, right click and select "Properties".7. From the available applications list, you should be able to see the application URI you

just created and configured in the steps above.8. Click on your entry, under the "Application Details" section you should be able to see the

checkbox ticked (i.e. selected) for "Enabled". If not then select it and click OK. Note: Dueto the current limitations you will need to make sure that any application URI that youmight have created for your applications need to be enabled at a time only along with thedefault application URI entry provided by Microsoft. The order listed here is the order inwhich the messages will be received by the registered applications with these URI's,except the default one.

9. Now select the entry with your fully qualified machine name & right click to select

"Properties".10. This will popup a window titled "<machine-name.FQDN> Properties"11. From here click the "Routing" tab.12. Click "Add..." button.13. From the window "Add Static Route" fill in the values as described below:

"User:" = *"Domain:" = <your-fully-qualified-domain-name>, this name should follow the

guidelines as listed in the section below “Configuring Static Routes”."Fully qualified domain name:" = <machine/server-name-with-fully-qualified-domain-

name>Note: You need to set the all configured Static Routes to TRUSTED.

14. Click OK.15. Now you should see this new entry under the "Static route for outgoing messages" list.16. Now click on the "Authentication" tab.17. Make sure only "Both NTLM and Kerberos" is selected in the "Authentication scheme in

use" field i.e. the first field on this tab.18. Select the checkbox "Custom realm" & key in your fully qualified domain name in the field

for "Realm:"19. Click OK

You are all set to allow communications between all the LCS users that you’ve created in theActive Directory Server.



Siemens ICN EN



Note: To make sure that all the changes you have made are applied to thesystem for a reliable functioning. Restart your PC and logon again.

Configuring Static RoutesFollowing steps need to be performed for configuring "Static Routes" for OpenScape to functionwith Gateways, MCU and Com-response Systems, in the "Routing" configuration screen on theLCS.

For MCU you need to configure only one Static Route. E.g. if your MCU Server name is “os-mcu-server” and your local domain is “siemens.com” then the following Static Route properties need tobe set:Match-Uri SIP:*@os-mcu-server.siemens.comNext-Hop os-mcu-server.siemens.comNext-Hop-Port 5060Next-Hop-Transport TCPReplace-Host CheckedPhone-Uri Un-CheckedThis configuration when set via the ”Live Communication Server” Control Panel “Routing” tab,would look like the image below:

For each Gateway you need to configure only three Static Routes E.g. if your Gateway name is“vegastream-001”, your LCS name is “rtc-server-001” and your local domain is “siemens.com”

then, the following Static Route properties need to be set:Route – 1:-Match-Uri SIP:*@vegastream-001.siemens.comNext-Hop vegastream-001.siemens.comNext-Hop-Port 5060Next-Hop-Transport TCPReplace-Host CheckedPhone-Uri Un-Checked



Siemens ICN EN



This configuration when set via the ”Live Communication Server” Control Panel “Routing” tab,would look like the image below:

Route – 2:-Match-Uri SIP:*@siemens.comNext-Hop vegastream-001.siemens.comNext-Hop-Port 5060Next-Hop-Transport TCPReplace-Host Checked

Phone-Uri Un-CheckedThis configuration when set via the ”Live Communication Server” Control Panel “Routing” tab,would look like the image below:



Siemens ICN EN



Route – 3:-Match-Uri SIP:*@rtc-server-001.siemens.comNext-Hop vegastream-001.siemens.comNext-Hop-Port 5060Next-Hop-Transport TCPReplace-Host CheckedPhone-Uri Un-CheckedThis configuration when set via the ”Live Communication Server” Control Panel “Routing” tab,

would look like the image below:



Siemens ICN EN



Note: Based on the Dialing plans, your Match-Uri will need to be customized accordingly, e.g. ifyour dialing plan supports starting prefix of “01” then your Match-Uri would look something likethis:Match-Uri SIP:01*@siemens.com

For ComResponse you need to configure only one Static Route. E.g. if your ComResponseServer name is “os-cr-server” and your local domain is “siemens.com” then the following StaticRoute properties need to set:

Match-Uri SIP:*@os-cr-server.siemens.comNext-Hop os-cr-server.siemens.comNext-Hop-Port 5060Next-Hop-Transport TCPReplace-Host CheckedPhone-Uri Un-CheckedThis configuration when set via the ”Live Communication Server” Control Panel “Routing” tab,would look like the image below:



Siemens ICN EN



NOTE:Apart from configuring the Static Routes you also need to make each of these static routes asTRUSTED. This you can do this from “webemtest” or by running the OpenScape RTCConfiguration tool that comes with the Installation package and run the tool from the commandprompt with the following arguments as described below:-

USAGE:-OpenScapeRTCTool_1.13.exe

When you double click on this executable, it will display a GUI screen as listed below:



Siemens ICN EN



This screen lists options that you can use to perform various tasks of configuring the LCS. Fromthis screen select “Set Static Route Trusted/un-Trusted” and it will display the following screen:

Here you will need to provide all requested information and when you click the “Set” button, it willmake that route as TRUSTED. You will need to make all configured Static Routes as TRUSTEDfrom this option.

Setting up Trusted PortsOpenScape requires the setup of trusted ports for correct function. To verify/set up trusted portsfollow these steps:

1. Select Start -> Run and enter “wbemtest”.2. Press Connect button.

3. Enter "root\cimv2" into the "Namespace" field.4. Press Connect button.5. Press "Enum Classes" button.6. Press OK button.7. Scroll down to "MSFT_SIPListeninAddressData, select double-click it8. Press Instances button.9. Select the InstanceID that is created for the port that you created for B2B communication.10. Scroll down Properties list-box.11. Select the “TreatAllConnectionsAsServer” field and double-click it.12. Enter TRUE into Value field.13. Press "Save Property" button.14. Scroll down Properties list-box.15. Select the “TreatAllConnectionsAsTrusted” field and double-click it.

16. Enter TRUE into Value field.17. Press "Save Property" button.18. Press "Save Object" button.19. Press Close button.20. Press "Save Object" button.21. Press Close button.22. Press Exit button.23. Open Services console.24. Now restart the "Live Communication Server" service.



Siemens ICN EN



17.4 A-4 LCS Setup Checklist & Troubleshooting

General Check List

1. On the LCS:

Check if the LCS Service is up and running. TCP port 1010 (or any non 5060 port) should be configured and set as Trusted. TLS only (not TLS Mutual) port 5061 should be configured and set to

un-Trusted. Use TLS Mutual only if you have multiple LCS’s communicating with eachother.

OpenScape Application Uri’s should be configured and be on top of the list. If any Static Routes are configured, they should also be set to Trusted. Check if the Sip Uri’s configured for each user in the system is correct. All the LCS users should point to their correct LCS Home Server. OpenScape Service Account should be a member of the four local RTC

groups:- Administrators- RTC Local Administrators

- RTC Local User Administrators- RTC Server Applications- RTC Server Local Group

Sip Uri should be enabled for the OpenScape Service Account i.e. make it aLCS User homed on the same server on which your OpenScape Servicesare running.

Correct domain entries should be added to the “User Services GlobalSettings”. These entries should only be for domains (FQDNs) on which theusers are created.

2. On Windows Messenger (WM) Clients: Check if version is 5.0.0381 Transport channel should be set to TLS. User Sip Uri configured should be correct (check spelling and format).

All users should point to the LCS Home Server on which they are homed. To un-install WM on your system go to “\Documents and Settings\AllUsers\Application Data\Microsoft” directory and double click on WMdirectory and locate an “.msi” file in it. Right click on “.msi” file and select“uninstall”. Before doing this operation, please make sure you are loggedinto the system as an Administrator.

3. DNS Configurations: Check if your system is configured to point to the correct DNS Server. System should have the correct domain name entries in its search list. You should be able to ping all Clients & Gateways in your domain.

LCS Settings like, “Ports”, “Static Routes”, making them “Trusted” or “un-Trusted”, displaying onlythe required settings on the RTC Server, you can do so by using the RTC Configuration tool thatis located on ‘\\Shasta\software\shakil\newtool\” directory. A “readme.doc” file explaining theusage of this tool is also located at the same location.



Siemens ICN EN



Symptoms and Trouble Shooting

NOTE: All components should have tracing enabled.BASIC CHECK: Check if RD, B2B & AE are up and running properly without

throwing any exceptions. If that is not the case, first check ifXA is up and running or not.

1. Check component traces to see if the messages are received and what is happeningwhile processing those messages.

2. Look out for any Exceptions being thrown or Errors being logged. In that case, track thesequence of operations from the beginning till that Error condition is received in thatparticular component.

3. Example:-In a Basic Call, if User-1 calls User-2 and the message is not received by User-2 then thepossible causes could be any of the following: RD could be either down or not registered properly with the LCS

In that case, RD will not receive any messages from the LCS and will eventually notpass it on to the B2B.

B2B could be either down or not able to receive messages from the LCS

due to a port problem. Check for any Exceptions thrown in the trace file. AE is either down or has not received any 200 OK for the default user

registration from the LCS. This can be easily seen from thetraces logged in the trace file. If AE is down then B2B will simply proxythe messages back to the LCS for normal processing.

VA is down or is not responding to messages that have been passed to itby AE. Check traces logged in the trace files. Look for any exceptionsthat could have been thrown.

If you are not able to understand what the problem could be then, switch on the Sip Loggerthat is usually located in the “\Program Files\Microsoft LC\Server\Support” directory. This willtrace all messages that are being received and processed by the LCS.



Siemens ICN EN



17.5 A-5 OpenScape Main Install ScreensTo launch OpenScape Main install, execute OpenScape.exe on the installation CD.

Select the language of installation, English orGerman.

Click “OK”.

Verify that this is the version that you wish to install.

Click “Next”.

Accept the General License Agreement, and Click “Next”.



Siemens ICN EN



Enter the Customer Name and Organization. Click “Next”.

You may change the path for installation if desired. There are no restrictions in drop4.

Click ‘Next’



Siemens ICN EN



This screen is used to define the OpenScape SystemID. This SystemID will be used byOpenScape applications to register with a particular system.

The OpenScape User Name and Password is for the account under which the services will beinstalled.

Enter the ‘OpenScape System Name’ (default = your computer name).Enter the ‘OpenScape User Name’ & ‘OpenScape Password’.Enter the OpenScape group names.

Note: All accounts and groups are verified, and not created during install ofOpenScape. The accounts and groups need to be created before installation.

Click ‘Next’



Siemens ICN EN



This screen is used to identify the OpenScape MS SQL database server and instance. In theMinimum Complete System configuration, the Database Server Name will be same as thehostname for the OpenScape Main Server.

The Database Instance Name identifies the particular instance of MS SQL server that will beused by OpenScape. If the default instance is used, enter MSSQLServer.

Enter the ‘Database Server Name’ and ‘Database Instance Name’.

The RTC IPSec Port is a port that is used for OpenScape internal communication. This should bea reserved port to be used only by OpenScape.Enter a new port or accept the default for the IPSec Port.

Click ‘Next’.

This screen collects information that will be used to determine the size of the database and alsothe location where the OpenScape specific database files will be stored.



Siemens ICN EN



To determine the size of the database, installation will need the number of OpenScape users thatare planned for this system and the number of months of call records that will be kept.

The default location for the database files is in the OpenScape home under OpenScapeDB folder.This location should be appropriate unless there is a database preserved elsewhere from someprevious installation or if the customer has a specific need to store data files elsewhere.

Enter ‘Number of Users’ and ‘Number of Months’.Verify that the Database Path.Click ‘Next’.

??? Install to add description.

This screen prompts the actual creation of the database.

Click “Yes”

This screen prompts for the two additional special user accounts. Refer to Section 8.2.2.Enter the two account names.Click “Next”.



Siemens ICN EN



Click ‘Install’ to proceed with the installation of files.

Click ‘Finish’.



Siemens ICN EN



17.6 A-6 OpenScape OMC Install Screens


Click “OK”.

Verify that this is the version that you wish to install.Click “Next”.

Accept the General License Agreement.Click “Next”.



Siemens ICN EN




This screen the components that will be installed, the capacity required on the hard disk as wellas the location where files will be installed.

Verify the location of install. Click ‘Next’.



Siemens ICN EN




Click ‘Finish’.



Siemens ICN EN



17.7 A-7 OpenScape MCU Install Screens

17.7.1 A-7.1 Standalone MCU (MC and MP on same box)

17.7.1.1 A-7.1.1 Installing the MCU


Click “OK”.

Verify that this is the version that you wish to install.Click “Next”.



Siemens ICN EN



Accept the General License Agreement, and Click “Next”.




Siemens ICN EN



This screen is used to identify the system to which the MCU will register. The OpenScape SystemName is the SystemID entered in the OpenScape Main installation.The OpenScape MCU User Name and Password is for the account under which the MCUcomponents will be installed.

Enter the ‘OpenScape System Name’ (the OpenScape SystemID).Enter the ‘OpenScape MCU User Name’ & ‘OpenScape MCU Password’.

Click ‘Next’

This screen the components that will be installed and the capacity required on the hard disk.

Verify the location of install. Click ‘Next’.



Siemens ICN EN




This is a progress screen.



Siemens ICN EN



Click Finish’.

17.7.1.2 Configure MCU SipURI on the system.

On the task bar Select Start > Programs > Siemens OpenScape MCU > MC Configuration. SelectSip tab, Input the MCU FQDN into the Sip URI text box. SipUri=<Host Name>.<Primary DNSSuffix>(example: "hypnos.app.devos.net" where hypnos=MC machine name, andapp.devos.net=child domain). Press Ok. Restart the MC services. Wait one minute for theMP(s) to register.

17.7.2 A-7.2 Standalone MCU (MC and MP(s) on different boxes)

17.7.2.1 A-7.2.1 MC on different box than MP

Install as above (section 17.7.1) till you get to the Custom Setup screen



Siemens ICN EN



For the MC on a different box than the MP disable the MP. Click on MP and select the “X Thisfeatures would not be available” from the list of 3 choices. After making above choice the

screen should look like this.

Continue with the installation by clicking on next and continue to follow the instructions in thesection 17.7.1.

17.7.2.2 A-7.2.2 Mp on different box than MC

Install as above (section 17.7.1) till you get to the Custom Setup screen



Siemens ICN EN



For the MP on a different box than the MC disable the MC. Click on MC and select the “X Thisfeatures would not be available” from the list of 3 choices. After making above choice the

screen should look like this.

Continue with the installation by clicking on next.



Siemens ICN EN




This is a progress screen.



Siemens ICN EN



Click Finish’.

17.7.3 A-7.3 One Box Configuration

One box configuration is where the MC shares a machine with the LCS and OpenScape (LCS,OpenScape, MC and MP or LCS, OpenScape, MC). Install the MCU as in sections above (17.7.1or 17.7.2).

17.7.3.1 DNS server configuration

Create within the DNS server a new Alias (CNAME) for the OpenScape host that can be used bythe MCU. This alias points to the LCS/OpenScape server (e.g. mcu.rtcdomain.com ->openscapehost.rtcdomain.com).

To add the alias (CNAME) resource record for the MCU to the zone, do the following:

1) Open DNS2) In the console tree, right-click the applicable forward lookup zone, and then click New Alias.3) In the Alias name text box, type the alias name. (e.g 'mcu').4) In the Fully qualified domain name (FQDN) for target host text box, type the fully qualifieddomain name of the DNS host computer for which this alias is to be used (e.g.'openscapehost.rtcdomain.com')- alternatively, when clicking browse the DNS namespace canbrowsed for the host.5) Click OK to add the new record.6) Try pinging the alias to see if it got added to the zone correctly.

17.7.3.2 MC SIP configuration

On the MCU machine go to the MC configuration to configure the SipUri:

1) Start | OpenScape MCU | MC configuration.2) Click on the SipUri tab.3) In the SipUri field, enter the alias: mcu.rtcdomain.com4) click OK.4) Verify the configured SIP port number. The default is 5062 for the One Box Solution Thisneeds to be the same as the port number of the LCS route for the MCU.



Siemens ICN EN



5) Click OK

17.7.3.3 LCS route configuration

Add a route in the RTC to point to the correct alias:

1) Open RTC server.2) Find the applicable domain (rtcdomain.com).3) Right click on the domain name and choose properties.4) Click the routing tab.5) Add a new static route.

a) user= *b) domain = mcu.rtcdomain.comc) fully qualified domain name = openscapehost.rtcdomain.comd) choose TCP for transporte) enter the port number configured for the MCU SIP port from section 17.7.3.2.

Leave the rest unchanged

6) Click OK7) Check if a new entry got added resembling the following:

SIP:*@mcu.rtcdomain.com -> openscapehost.rtcdomain.com8) You need to configured this Static Route to TRUSTED (Section 17.3)

Now you are ready to make a conference call to verify the configuration.



Siemens ICN EN



A-8 OpenScape Client Install Screens

Select language of installation, English or German.Click “OK”

Click “Next”.



Siemens ICN EN



Accept the General License Agreement.Click “Next”.

Enter Customer Information.Click “Next”.



Siemens ICN EN



Enter the name of the OpenScape System to which this client is to belong.Click “Next”.

This screen identifies the servers on which the OpenScape System and RTC Server are installed.Enter the hostname of the OpenScape System and the hostname of the RTC Server.

Click “Next”.



Siemens ICN EN



Click “Install”.

Click “Finish”.



Siemens ICN EN



17.8 A-9 Portals Installation

On the OpenScape server:

1. Enable SSL in IIS:

The OpenScape Portals must use a secure connection between the Web Server (IIS) and theWeb Browser, so we need to enable Secure Sockets Layer in the IIS Manager.

• Open the Internet Services (IIS) Manager (under Administrative Tools); • Expand the Web Sites folder, right-click the Default Web Site subfolder and

select Properties;

In the Web Site property page, enter 443 in the SSL Port field;



Siemens ICN EN



In the Directory Security property page, click on the “Server Certificate” button. The ServerCertificate Wizard will open;

On the initial dialog, click on Next;



Siemens ICN EN



Select the “Assign an existing certificate” and click Next;

Select the certificate that you have available. You’re going to use the same certificate that isused by your Live Communications Server. Click Next;



Siemens ICN EN



Enter 443 for the SSL port number and click Next;

This is just the Certificate Summary. Click Next;



Siemens ICN EN



Click on Finish.

On the Client machine:

1. Opening the Portals in Internet Explorer

With everything ready and properly setup, you can finally open the Personal Portalweb page in IE. The URL is http://<servername>/openscape/portals/default.aspx. The<servername> is your OpenScape server name. Please enter it in its fully qualifiedformat (i.e.: applebee.app.devos.net), otherwise you’ll get a security warning everytime you open the Portals.

Suggestion: Bookmark this URL or set it as the default web page.



Siemens ICN EN



17.9 A-10 General IPsec screensFollowing are the generic screen shots of the MMC snap-in for IPSec that are referred to in theabove steps.



Siemens ICN EN





Siemens ICN EN





Siemens ICN EN



(Note: Substitute 5060 with the port number specified in the steps)



Siemens ICN EN





Siemens ICN EN





Siemens ICN EN







Siemens ICN EN



17.10 A-11 Virus Scan Data

McAfee VirusScan Enterprise Version 7.0.0 has been tested in two scenarios on OpenScapesystem, which had RTC / OpenScape users in database.

1) During the system was in IDLE mode, in other words, when there was NO activity onOpenScape system:

Before the Virus Scan ran, memory and the CPU usage of OpenScape services are depictedin the following screen capture.

McAfee VirusScan Enterprise Version 7.0.0 was configured to scan All files with 50% CPU

utilization, and to Prompt for action when a virus is found.

After running the Virus Scanner, memory and CPU usage of OpenScape services appearedwith less values than before running the Scanner; which is also depicted below.



Siemens ICN EN



The result of the scan is as follows: 7/26/2003 2:48 PM Scan Summary CHATTER\Administrator Boot sectors scanned : 2 7/26/2003 2:48 PM Scan Summary CHATTER\Administrator Boot sectors infected : 0 7/26/2003 2:48 PM Scan Summary CHATTER\Administrator Boot sectors cleaned : 0 7/26/2003 2:48 PM Scan Summary CHATTER\Administrator Files scanned : 17095 7/26/2003 2:48 PM Scan Summary CHATTER\Administrator Files infected : 0 7/26/2003 2:48 PM Scan Summary CHATTER\Administrator Files cleaned : 0 7/26/2003 2:48 PM Scan Summary CHATTER\Administrator Files deleted : 0 7/26/2003 2:48 PM Scan Summary CHATTER\Administrator Files moved : 0 7/26/2003 2:48 PM Scan Complete CHATTER\Administrator Scan All Fixed Disks

After the successful Virus Scanner run, basic call from Windows Messenger to WindowsMessenger, make call from Portal, and initiating 3 party MCU conference test casessuccessfully executed.

2) On this test setup, Web Stress Tool has been used to stress OpenScape system withlogging on and logging off 10 OpenScape users in the background, while the VirusScanner is running:

Before the Web Stress Tool and Virus Scanner ran, memory and the CPU usage ofOpenScape services are depicted below.

McAfee VirusScan Enterprise Version 7.0.0 was also configured to scan All files with 50% CPUUtilization, and to Prompt for action when a virus is found.

Both the virus scanner and Web Stress Tool started simultaneously. Although the CPU usageon the system varied between 60% to 90% range during the run, I was still able to make call from Portal.

After running the Virus Scanner, memory and CPU usage of OpenScape services appearedwith less values than before running the Scanner; which is depicted below.



Siemens ICN EN



The result of the scan as fallows:

7/30/2003 1:01 PM Scan Started CHATTER\Administrator Scan All Fixed Disks 7/30/2003 1:06 PM Scan Summary CHATTER\Administrator Scan Summary7/30/2003 1:06 PM Scan Summary CHATTER\Administrator Boot sectors scanned : 2 7/30/2003 1:06 PM Scan Summary CHATTER\Administrator Boot sectors infected : 0 7/30/2003 1:06 PM Scan Summary CHATTER\Administrator Boot sectors cleaned : 0 7/30/2003 1:06 PM Scan Summary CHATTER\Administrator Files scanned : 17403 7/30/2003 1:06 PM Scan Summary CHATTER\Administrator Files infected : 0 7/30/2003 1:06 PM Scan Summary CHATTER\Administrator Files cleaned : 0 7/30/2003 1:06 PM Scan Summary CHATTER\Administrator Files deleted : 0 7/30/2003 1:06 PM Scan Summary CHATTER\Administrator Files moved : 0 7/30/2003 1:06 PM Scan Complete CHATTER\Administrator Scan All Fixed Disks

OpenScape user log on / log off load has been stopped after the scan finished successfully. Here is the result of the Web Stress Tool Load:

**************************************************************** Completed Clicks: 62 with 0 Errors (=0%) Average Click Time for 10 Users: 146 msSuccessful clicks per Second: 0.934 (equals 3363.075 Clicks per Hour)

Results of complete test **************************************************************** ** Results per URL for complete test ** URL#1 (): Average Click Time 70 ms, 106 Clicks, 0 ErrorsURL#2 (): Average Click Time 609 ms, 101 Clicks, 0 ErrorsURL#3 (): Average Click Time 131 ms, 105 Clicks, 0 ErrorsURL#4 (): Average Click Time 76 ms, 106 Clicks, 0 ErrorsURL#5 (): Average Click Time 113 ms, 105 Clicks, 0 ErrorsURL#6 (): Average Click Time 103 ms, 105 Clicks, 0 ErrorsURL#7 (): Average Click Time 87 ms, 105 Clicks, 0 ErrorsURL#8 (): Average Click Time 106 ms, 105 Clicks, 0 Errors

URL#9 (): Average Click Time 172 ms, 104 Clicks, 0 ErrorsURL#10 (): Average Click Time 154 ms, 104 Clicks, 0 ErrorsURL#11 (): 0 Clicks, 0 ErrorsURL#12 (): 0 Clicks, 0 Errors

Total Number of Clicks: 1046 (0 Errors) Average Click Time of all URLs: 160 ms

Each load iteration contained 12 clicks to log on, brows through the Portal, and log off. Therefore, there were [1046 / 12 = ] 87 OpenScape user log on / log off has occurred during

Virus Scan was running.



Siemens ICN EN

Date post:	04-Mar-2016
Category:	Documents
Upload:	sorin-birou
View:	34 times
Download:	0 times