TANDBERG Gatekeeper User Manual Page 1

TANDBERG Gatekeeper User Guide Software version N5.1 D13381.07 January 2007 This document is not to be reproduced in whole or in part withou

TANDBERG Gatekeeper User Guide Page 10 of 105 1.4. Operator Safety Summary For your protection please read these safety instructions completely befor

TANDBERG Gatekeeper User Guide Page 100 of 105 20. Appendix D: Technical data 20.1. Technical Specifications 20.1.1. System Capacity  2500 regist

TANDBERG Gatekeeper User Guide Page 101 of 105 20.1.9. Hardware MTBF  Hardware MTBF: 80,479 hours 20.1.10. Power Supply  250 Watt  90-264V

TANDBERG Gatekeeper User Guide Page 102 of 105 21. Bibliography 1 ITU Specification: H.235 Security and encryption for H-Series (H.323 and other H.

TANDBERG Gatekeeper User Guide Page 103 of 105 22. Glossary Alias The name an endpoint uses when registering with the Gatekeeper. Other endpoints ca

TANDBERG Gatekeeper User Guide Page 104 of 105 23. Index —A— about ...93 accoun

TANDBERG Gatekeeper User Guide Page 105 of 105 LDAP ... 38, 69 LDAP over TLS...

TANDBERG Gatekeeper User Guide Page 11 of 105 1.4.7. Power connection and Hazardous voltage  The product may have hazardous voltage inside. Never

TANDBERG Gatekeeper User Guide Page 12 of 105 2. Introduction This User Manual is provided to help you make the best use of your TANDBERG Gatekeeper.

TANDBERG Gatekeeper User Guide Page 13 of 105 Figure 1: Front panel of Gatekeeper On the back of the Gatekeeper (see Figure 2) there are:  a power

TANDBERG Gatekeeper User Guide Page 14 of 105 3. Installation 3.1. Precautions  Never install communication equipment during a lightning storm. 

TANDBERG Gatekeeper User Guide Page 15 of 105 3.3. Unpacking The TANDBERG Gatekeeper is delivered in a special shipping box which should contain the

TANDBERG Gatekeeper User Guide Page 16 of 105 4. Getting started 4.1. Initial Configuration The TANDBERG Gatekeeper requires some configuration befo

TANDBERG Gatekeeper User Guide Page 17 of 105 9. Review other system settings. You may want to set the following: a. The name of the Gatekeeper. Th

TANDBERG Gatekeeper User Guide Page 18 of 105 You will be presented with the Overview screen: Note: HTTP and HTTPS must be enabled in order to use t

TANDBERG Gatekeeper User Guide Page 19 of 105 Note: SSH and/or Telnet access must be enabled in order to use the command line interface. This is done

TANDBERG Gatekeeper User Guide Page 2 of 105 Contents 1. Product Information 8 1.1. Trademarks and Copyright ...

TANDBERG Gatekeeper User Guide Page 20 of 105 4.4. IP Configuration The Gatekeeper may be configured to use IPv4, IPv6 or both protocols. If using bo

TANDBERG Gatekeeper User Guide Page 21 of 105 When registering, the endpoint registers with one or more of the following:  One or more H.323 IDs 

TANDBERG Gatekeeper User Guide Page 22 of 105 Hierarchical dial plan One Gatekeeper is nominated as the directory gatekeeper for the deployment. All B

TANDBERG Gatekeeper User Guide Page 23 of 105 4.7. Alternates Alternate Gatekeeper support is provided to increase the reliability of your deployment

TANDBERG Gatekeeper User Guide Page 24 of 105 4.8. Call Processing Overview Figure 6 illustrates the process the Gatekeeper performs when receiving c

TANDBERG Gatekeeper User Guide Page 25 of 105 When an endpoint wants to call another endpoint it presents the address it wants to call to the Gatekeep

TANDBERG Gatekeeper User Guide Page 26 of 105 5. Transforming Destination Aliases 5.1. Alias Transforms The Alias Transforms function takes any alia

TANDBERG Gatekeeper User Guide Page 27 of 105 5.2. Zone Transforms It is possible to direct an incoming location request to a different alias by repl

TANDBERG Gatekeeper User Guide Page 28 of 105 6. Unregistered Endpoints Although most calls are made between endpoints registered with a Gatekeeper

TANDBERG Gatekeeper User Guide Page 29 of 105 When the Gatekeeper is used with a Border Controller for firewall traversal, you will typically set Call

TANDBERG Gatekeeper User Guide Page 3 of 105 4.7. Alternates...

TANDBERG Gatekeeper User Guide Page 30 of 105 7. Bandwidth Control 7.1. About Bandwidth Control The TANDBERG Gatekeeper allows you to control endpoi

TANDBERG Gatekeeper User Guide Page 31 of 105 Figure 10: Configuring a SubZone 7.2.1. Subzone links Subzones may be configured with links joining th

TANDBERG Gatekeeper User Guide Page 32 of 105 Figure 11: Configuring a pipe Pipes may be shared between one or more links. This is used to model the

TANDBERG Gatekeeper User Guide Page 33 of 105 Figure 12: Configuring downspeeding options 7.4. Bandwidth Control and Firewall Traversal When a Borde

TANDBERG Gatekeeper User Guide Page 34 of 105 7.5. Bandwidth Control Examples 7.5.1. Example without a firewall One possible configuration for the d

TANDBERG Gatekeeper User Guide Page 35 of 105 Figure 15: Border Controller example configuration Figure 15 shows how the Border Controller could be c

TANDBERG Gatekeeper User Guide Page 36 of 105 8. Registration Control The TANDBERG Gatekeeper can control which endpoints are allowed to register wi

TANDBERG Gatekeeper User Guide Page 37 of 105 Figure 17: Configuring registration restrictions 8.1.3. Managing entries in the Allow and Deny lists W

TANDBERG Gatekeeper User Guide Page 38 of 105 8.2. Authentication The TANDBERG Gatekeeper can use a user name and password based challenge-response

TANDBERG Gatekeeper User Guide Page 39 of 105 Configuring LDAP base DN The Gatekeeper needs to be configured with the area of the directory which will

TANDBERG Gatekeeper User Guide Page 4 of 105 11.2. Enterprise Gatekeepers ...

TANDBERG Gatekeeper User Guide Page 40 of 105 8.2.4. Securing the LDAP connection with TLS The traffic between the Gatekeeper and the LDAP server ca

TANDBERG Gatekeeper User Guide Page 41 of 105 9. URI Dialing 9.1. About URI Dialing If an alias is not located in the Gatekeeper's list of reg

TANDBERG Gatekeeper User Guide Page 42 of 105 In addition, the DNS records should be updated with the address of the Border Controller as the authorit

TANDBERG Gatekeeper User Guide Page 43 of 105 9.4. DNS Records URI dialing relies on the presence of records in the DNS information for the zone. For

TANDBERG Gatekeeper User Guide Page 44 of 105 10. ENUM Dialing 10.1. About ENUM Dialing ENUM provides another DNS-based dialing scheme. Users dial a

TANDBERG Gatekeeper User Guide Page 45 of 105 Figure 19: Setting the ENUM Zone

TANDBERG Gatekeeper User Guide Page 46 of 105 10.3. Configuring DNS NAPTR Records ENUM relies on the presence of NAPTR records, as defined by RFC 29

TANDBERG Gatekeeper User Guide Page 47 of 105 11. Example Traversal Deployments 11.1. Simple Enterprise Deployment Figure 20: Simple enterprise de

TANDBERG Gatekeeper User Guide Page 48 of 105 11.1.2. Enabling incoming URI calls In order to be able to receive calls placed to example.com using UR

TANDBERG Gatekeeper User Guide Page 49 of 105 11.3. Dialing Public IP Addresses Figure 22: Dialing a public IP address Figure 22 shows a private end

TANDBERG Gatekeeper User Guide Page 5 of 105 16.1.7. IP ...

TANDBERG Gatekeeper User Guide Page 50 of 105 11.5. URI Dialing from within the Enterprise In this example, we want to set up our system so that user

TANDBERG Gatekeeper User Guide Page 51 of 105 12. Third Party Call Control 12.1. About Third Party Call Control The Gatekeeper provides a third part

TANDBERG Gatekeeper User Guide Page 52 of 105 12.3.2. Enabling call transfer To enable call transfer, either: issue the command: xConfiguration Serv

TANDBERG Gatekeeper User Guide Page 53 of 105 13. Call Policy 13.1. About Call Policy Your TANDBERG Gatekeeper allows you to set up policy to contro

TANDBERG Gatekeeper User Guide Page 54 of 105 13.2. Making Decisions Based on Addresses 13.2.1. address-switch The address-switch node allows the s

TANDBERG Gatekeeper User Guide Page 55 of 105 address The address construct is used within an address-switch to specify addresses to match. It suppor

TANDBERG Gatekeeper User Guide Page 56 of 105 13.3.2. proxy On executing a proxy node the Gatekeeper will attempt to forward the call to the locatio

TANDBERG Gatekeeper User Guide Page 57 of 105 13.5.2. Call screening based on domain In this example, user fred will not accept calls from anyone at

TANDBERG Gatekeeper User Guide Page 58 of 105 14. Logging 14.1. About Logging The Gatekeeper provides logging for troubleshooting and auditing purpo

TANDBERG Gatekeeper User Guide Page 59 of 105 14.4. Event Log Format The event log is displayed in an extension of the UNIX syslog format: date time

TANDBERG Gatekeeper User Guide Page 6 of 105 16.3.26. SubZoneDelete ...

TANDBERG Gatekeeper User Guide Page 60 of 105 14.5. Logged Events Events logged at level 1 Event Description Eventlog Cleared An operator cleared

TANDBERG Gatekeeper User Guide Page 61 of 105 Event Description External Server Communication Failure Communication with an external server failed u

TANDBERG Gatekeeper User Guide Page 62 of 105 Event data fields Each Event has associated data fields. Fields are listed below in the order in which t

TANDBERG Gatekeeper User Guide Page 63 of 105 Field Description Applicable Events Src-ip Specifies the source IP address (the IP address of the

TANDBERG Gatekeeper User Guide Page 64 of 105 Field Description Applicable Events Time A full UTC timestamp in YYYY/MM/DD-HH:MM:SS format. Using

TANDBERG Gatekeeper User Guide Page 65 of 105 15. Software Upgrading 15.1. About Software Upgrading Software upgrade can be done in one of two ways

TANDBERG Gatekeeper User Guide Page 66 of 105 3. Browse to the file containing the software and select Install. You will see a page indicating that

TANDBERG Gatekeeper User Guide Page 67 of 105 To upgrade using SCP or PSCP: 1. Make sure the system is turned on and available on IP. 2. Upload th

TANDBERG Gatekeeper User Guide Page 68 of 105 16. Command Reference This chapter lists the basic usage of each command. The commands also support mo

TANDBERG Gatekeeper User Guide Page 69 of 105 16.1.5. ExternalManager xstatus ExternalManager Returns information about the external manager. The E

TANDBERG Gatekeeper User Guide Page 7 of 105 21. Bibliography 102 22. Glossary 103 23. Index 104

TANDBERG Gatekeeper User Guide Page 70 of 105 16.1.9. Links xstatus Links Reports call and bandwidth information for all links on the system. xsta

TANDBERG Gatekeeper User Guide Page 71 of 105 16.1.13. ResourceUsage xstatus ResourceUsage Returns information about the usage of system resources.

TANDBERG Gatekeeper User Guide Page 72 of 105 16.1.16. Zones xstatus Zones Returns call and bandwidth information for all zones on the system. Also

TANDBERG Gatekeeper User Guide Page 73 of 105 xconfiguration Authentication Mode: <On/Off> Specifies whether or not to use H.235 authentication

TANDBERG Gatekeeper User Guide Page 74 of 105 xconfiguration Gatekeeper CallsToUnknownIPAddresses: <Off/Direct/Indirect> Specifies whether or n

TANDBERG Gatekeeper User Guide Page 75 of 105 xconfiguration Gatekeeper Registration AllowList [1..1000] Pattern: <pattern> Specifies a pattern

TANDBERG Gatekeeper User Guide Page 76 of 105 16.2.5. HTTP/HTTPS Commands under the HTTP and HTTPS nodes control web access to the Gatekeeper. xCon

TANDBERG Gatekeeper User Guide Page 77 of 105 xconfiguration IP DNS Domain Name: <name> Specifies the name to be appended to the domain name be

TANDBERG Gatekeeper User Guide Page 78 of 105 16.2.10. NTP xconfiguration NTP Address: <IPAddress> Sets the IP address of the NTP server to b

TANDBERG Gatekeeper User Guide Page 79 of 105 16.2.14. Session xconfiguration Session TimeOut: <0..65534> Controls how long an administration

TANDBERG Gatekeeper User Guide Page 8 of 105 1. Product Information 1.1. Trademarks and Copyright Copyright 1993-2006 TANDBERG ASA. All rights reser

TANDBERG Gatekeeper User Guide Page 80 of 105 xconfiguration SubZones TraversalSubZone Bandwidth PerCall Limit: <1..100000000> Per-call bandwidt

TANDBERG Gatekeeper User Guide Page 81 of 105 16.2.18. SystemUnit xconfiguration SystemUnit Name: <name> The name of the unit. Choose a name

TANDBERG Gatekeeper User Guide Page 82 of 105 xconfiguration Zones TraversalZone Match [1..5] Mode: <AlwaysMatch/PatternMatch/Disabled> The zon

TANDBERG Gatekeeper User Guide Page 83 of 105 xconfiguration Zones Zone [1..100] Match [1..5] Pattern String: <pattern> The pattern to be used

TANDBERG Gatekeeper User Guide Page 84 of 105 16.3. Command The command root command, xcommand, is used to execute commands on the Gatekeeper. To li

TANDBERG Gatekeeper User Guide Page 85 of 105 16.3.7. CredentialDelete xCommand CredentialDelete <index> Deletes the indexed credential. 16.

TANDBERG Gatekeeper User Guide Page 86 of 105 16.3.12. Dial xCommand Dial <callsrc> <calldst> Bandwidth: <bandwidth> Places call

TANDBERG Gatekeeper User Guide Page 87 of 105 16.3.15. FeedbackDeregister xCommand FeedbackDeregister <ID> Deregisters the specified Feedback

TANDBERG Gatekeeper User Guide Page 88 of 105 16.3.23. PipeDelete xCommand PipeDelete <index> Deletes the pipe with the specified index. 16.

TANDBERG Gatekeeper User Guide Page 89 of 105 16.3.28. TransformDelete xCommand TransformDelete <index> Deletes the transform with the specifi

TANDBERG Gatekeeper User Guide Page 9 of 105 1.3.2. European Environmental Directives As a manufacturer of electrical and electronic equipment TANDB

TANDBERG Gatekeeper User Guide Page 90 of 105 16.4. History The history root command, xhistory, is used to display historical data on the Gatekeeper.

TANDBERG Gatekeeper User Guide Page 91 of 105 16.5. Feedback The feedback root command, xfeedback, is used to control notifications of events and sta

TANDBERG Gatekeeper User Guide Page 92 of 105 16.5.3. Register event xfeedback Register Event Registers for all available Events. xfeedback Register

TANDBERG Gatekeeper User Guide Page 93 of 105 16.6. Other Commands 16.6.1. about about Returns information about the software version installed on

TANDBERG Gatekeeper User Guide Page 94 of 105 17. Appendix A: Configuring DNS Servers In the examples below, we set up an SRV record to handle H.323

TANDBERG Gatekeeper User Guide Page 95 of 105 18. Appendix B: Configuring LDAP Servers 18.1. Microsoft Active Directory 18.1.1. Prerequisites The

TANDBERG Gatekeeper User Guide Page 96 of 105 18.1.3. Securing with TLS To enable Active Directory to use TLS, you must request and install a certif

TANDBERG Gatekeeper User Guide Page 97 of 105 18.2.3. Adding H.350 objects 1. Create the organizational hierarchy Create an ldif file with the fo

TANDBERG Gatekeeper User Guide Page 98 of 105 18.2.4. Securing with TLS The connection to the LDAP server can be encrypted by enabling Transport Lev

TANDBERG Gatekeeper User Guide Page 99 of 105 19. Appendix C: Regular Expression Reference Regular expressions can be used in conjunction with a numb