Avaya Scopia Pathfinder Firewall Traversal

Transcript

Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Release 8.3 For Solution 8.3 (Intel servers only) Issue 3 April 2016 © 2014-2016, Avaya, Inc. All Rights Reserved. Notice While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing, Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document without the obligation to notify any person or organization of such changes. Documentation disclaimer “Documentation” means information published in varying mediums which may include product information, operating instructions and performance specifications that are generally made available to users of products. Documentation does not include marketing materials. Avaya shall not be responsible for any modifications, additions, or deletions to the original published version of Documentation unless such modifications, additions, or deletions were performed by or on the express behalf of Avaya. End User agrees to indemnify and hold harmless Avaya, Avaya's agents, servants and employees against all claims, lawsuits, demands and judgments arising out of, or in connection with, subsequent modifications, additions or deletions to this documentation, to the extent made by End User. Link disclaimer Avaya is not responsible for the contents or reliability of any linked websites referenced within this site or Documentation provided by Avaya. Avaya is not responsible for the accuracy of any information, statement or content provided on these sites and does not necessarily endorse the products, services, or information described or offered within them. Avaya does not guarantee that these links will work all the time and has no control over the availability of the linked pages. Warranty Avaya provides a limited warranty on Avaya hardware and software. Refer to your sales agreement to establish the terms of the limited warranty. In addition, Avaya’s standard warranty language, as well as information regarding support for this product while under warranty is available to Avaya customers and other parties through the Avaya Support website: https://support.avaya.com/helpcenter/ getGenericDetails?detailId=C20091120112456651010 under the link “Warranty & Product Lifecycle” or such successor site as designated by Avaya. Please note that if You acquired the product(s) from an authorized Avaya Channel Partner outside of the United States and Canada, the warranty is provided to You by said Avaya Channel Partner and not by Avaya. IF YOU DO NOT WISH TO ACCEPT THESE TERMS OF USE, YOU MUST NOT ACCESS OR USE THE HOSTED SERVICE OR AUTHORIZE ANYONE TO ACCESS OR USE THE HOSTED SERVICE. Licenses THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA WEBSITE, HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO, UNDER THE LINK “AVAYA SOFTWARE LICENSE TERMS (Avaya Products)” OR SUCH SUCCESSOR SITE AS DESIGNATED BY AVAYA, ARE APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC., ANY AVAYA AFFILIATE, OR AN AVAYA CHANNEL PARTNER (AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH AVAYA OR AN AVAYA CHANNEL PARTNER. UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES NOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN AVAYA CHANNEL PARTNER; AVAYA RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE USING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING, DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER REFERRED TO INTERCHANGEABLY AS “YOU” AND “END USER”), AGREE TO THESE TERMS AND CONDITIONS AND CREATE A BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE APPLICABLE AVAYA AFFILIATE (“AVAYA”). Avaya grants You a license within the scope of the license types described below, with the exception of Heritage Nortel Software, for which the scope of the license is detailed below. Where the order documentation does not expressly identify a license type, the applicable license will be a Designated System License. The applicable number of licenses and units of capacity for which the license is granted will be one (1), unless a different number of licenses or units of capacity is specified in the documentation or other materials available to You. “Software” means computer programs in object code, provided by Avaya or an Avaya Channel Partner, whether as stand-alone products, pre-installed on hardware products, and any upgrades, updates, patches, bug fixes, or modified versions thereto. “Designated Processor” means a single stand-alone computing device. “Server” means a Designated Processor that hosts a software application to be accessed by multiple users. “Instance” means a single copy of the Software executing at a particular time: (i) on one physical machine; or (ii) on one deployed software virtual machine (“VM”) or similar deployment. “Hosted Service” means an Avaya hosted service subscription that You acquire from either Avaya or an authorized Avaya Channel Partner (as applicable) and which is described further in Hosted SAS or other service description documentation regarding the applicable hosted service. If You purchase a Hosted Service subscription, the foregoing limited warranty may not apply but You may be entitled to support services in connection with the Hosted Service as described further in your service description documents for the applicable Hosted Service. Contact Avaya or Avaya Channel Partner (as applicable) for more information. License type(s) Hosted Service Concurrent User License (CU). End User may install and use the Software on multiple Designated Processors or one or more Servers, so long as only the licensed number of Units are accessing and using the Software at any given time. A “Unit” means the unit on which Avaya, at its sole discretion, bases the pricing of its licenses and can be, without limitation, an agent, port or user, an e-mail or voice mail account in the name of a person or corporate function (e.g., webmaster or helpdesk), or a directory entry in the administrative database utilized by the Software that permits one user to interface with the Software. Units may be linked to a specific, identified Server or an Instance of the Software. THE FOLLOWING APPLIES ONLY IF YOU PURCHASE AN AVAYA HOSTED SERVICE SUBSCRIPTION FROM AVAYA OR AN AVAYA CHANNEL PARTNER (AS APPLICABLE), THE TERMS OF USE FOR HOSTED SERVICES ARE AVAILABLE ON THE AVAYA WEBSITE, HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO UNDER THE LINK “Avaya Terms of Use for Hosted Services” OR SUCH SUCCESSOR SITE AS DESIGNATED BY AVAYA, AND ARE APPLICABLE TO ANYONE WHO ACCESSES OR USES THE HOSTED SERVICE. BY ACCESSING OR USING THE HOSTED SERVICE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE DOING SO (HEREINAFTER REFERRED TO INTERCHANGEABLY AS “YOU” AND “END USER”), AGREE TO THE TERMS OF USE. IF YOU ARE ACCEPTING THE TERMS OF USE ON BEHALF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THESE TERMS OF USE. IF YOU DO NOT HAVE SUCH AUTHORITY, OR Designated System(s) License (DS). End User may install and use each copy or an Instance of the Software only on a number of Designated Processors up to the number indicated in the order. Avaya may require the Designated Processor(s) to be identified in the order by type, serial number, feature key, Instance, location or other specific designation, or to be provided by End User to Avaya through electronic means established by Avaya specifically for this purpose. Database License (DL). End User may install and use each copy or an Instance of the Software on one Server or on multiple Servers provided that each of the Servers on which the Software is installed communicates with no more than one Instance of the same database. CPU License (CP). End User may install and use each copy or Instance of the Software on a number of Servers up to the number indicated in the order provided that the performance capacity of the Server(s) does not exceed the performance capacity specified for the Software. End User may not re-install or operate the Software on Server(s) with a larger performance capacity without Avaya’s prior consent and payment of an upgrade fee. software. The Third Party Terms shall take precedence over these Software License Terms, solely with respect to the applicable Third Party Components to the extent that these Software License Terms impose greater restrictions on You than the applicable Third Party Terms. Named User License (NU). You may: (i) install and use each copy or Instance of the Software on a single Designated Processor or Server per authorized Named User (defined below); or (ii) install and use each copy or Instance of the Software on a Server so long as only authorized Named Users access and use the Software. “Named User”, means a user or device that has been expressly authorized by Avaya to access and use the Software. At Avaya’s sole discretion, a “Named User” may be, without limitation, designated by name, corporate function (e.g., webmaster or helpdesk), an e-mail or voice mail account in the name of a person or corporate function, or a directory entry in the administrative database utilized by the Software that permits one user to interface with the Software. The following applies only if the H.264 (AVC) codec is distributed with the product. THIS PRODUCT IS LICENSED UNDER THE AVC PATENT PORTFOLIO LICENSE FOR THE PERSONAL USE OF A CONSUMER OR OTHER USES IN WHICH IT DOES NOT RECEIVE REMUNERATION TO (i) ENCODE VIDEO IN COMPLIANCE WITH THE AVC STANDARD (“AVC VIDEO”) AND/OR (ii) DECODE AVC VIDEO THAT WAS ENCODED BY A CONSUMER ENGAGED IN A PERSONAL ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO PROVIDER LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS GRANTED OR SHALL BE IMPLIED FOR ANY OTHER USE. ADDITIONAL INFORMATION MAY BE OBTAINED FROM MPEG LA, L.L.C. SEE HTTP://WWW.MPEGLA.COM. Shrinkwrap License (SR). You may install and use the Software in accordance with the terms and conditions of the applicable license agreements, such as “shrinkwrap” or “clickthrough” license accompanying or applicable to the Software (“Shrinkwrap License”). Service Provider Heritage Nortel Software “Heritage Nortel Software” means the software that was acquired by Avaya as part of its purchase of the Nortel Enterprise Solutions Business in December 2009. The Heritage Nortel Software is the software contained within the list of Heritage Nortel Products located at https://support.avaya.com/LicenseInfo under the link “Heritage Nortel Products” or such successor site as designated by Avaya. For Heritage Nortel Software, Avaya grants Customer a license to use Heritage Nortel Software provided hereunder solely to the extent of the authorized activation or authorized usage level, solely for the purpose specified in the Documentation, and solely as embedded in, for execution on, or for communication with Avaya equipment. Charges for Heritage Nortel Software may be based on extent of activation or use authorized as specified in an order or invoice. Copyright Except where expressly stated otherwise, no use should be made of materials on this site, the Documentation, Software, Hosted Service, or hardware provided by Avaya. All content on this site, the documentation, Hosted Service, and the product provided by Avaya including the selection, arrangement and design of the content is owned either by Avaya or its licensors and is protected by copyright and other intellectual property laws including the sui generis rights relating to the protection of databases. You may not modify, copy, reproduce, republish, upload, post, transmit or distribute in any way any content, in whole or in part, including any code and software unless expressly authorized by Avaya. Unauthorized reproduction, transmission, dissemination, storage, and or use without the express written consent of Avaya can be a criminal, as well as a civil offense under the applicable law. Virtualization The following applies if the product is deployed on a virtual machine. Each product has its own ordering code and license types. Note that each Instance of a product must be separately licensed and ordered. For example, if the end user customer or Avaya Channel Partner would like to install two Instances of the same type of products, then two products of that type must be ordered. Third Party Components “Third Party Components” mean certain software programs or portions thereof included in the Software or Hosted Service may contain software (including open source software) distributed under third party agreements (“Third Party Components”), which contain terms regarding the rights to use certain portions of the Software (“Third Party Terms”). As required, information regarding distributed Linux OS source code (for those products that have distributed Linux OS source code) and identifying the copyright holders of the Third Party Components and the Third Party Terms that apply is available in the products, Documentation or on Avaya’s website at: https:// support.avaya.com/Copyright or such successor site as designated by Avaya. The open source software license terms provided as Third Party Terms are consistent with the license rights granted in these Software License Terms, and may contain additional rights benefiting You, such as modification and distribution of the open source THE FOLLOWING APPLIES TO AVAYA CHANNEL PARTNER’S HOSTING OF AVAYA PRODUCTS OR SERVICES. THE PRODUCT OR HOSTED SERVICE MAY USE THIRD PARTY COMPONENTS SUBJECT TO THIRD PARTY TERMS AND REQUIRE A SERVICE PROVIDER TO BE INDEPENDENTLY LICENSED DIRECTLY FROM THE THIRD PARTY SUPPLIER. AN AVAYA CHANNEL PARTNER’S HOSTING OF AVAYA PRODUCTS MUST BE AUTHORIZED IN WRITING BY AVAYA AND IF THOSE HOSTED PRODUCTS USE OR EMBED CERTAIN THIRD PARTY SOFTWARE, INCLUDING BUT NOT LIMITED TO MICROSOFT SOFTWARE OR CODECS, THE AVAYA CHANNEL PARTNER IS REQUIRED TO INDEPENDENTLY OBTAIN ANY APPLICABLE LICENSE AGREEMENTS, AT THE AVAYA CHANNEL PARTNER’S EXPENSE, DIRECTLY FROM THE APPLICABLE THIRD PARTY SUPPLIER. WITH RESPECT TO CODECS, IF THE AVAYA CHANNEL PARTNER IS HOSTING ANY PRODUCTS THAT USE OR EMBED THE G.729 CODEC, H.264 CODEC, OR H.265 CODEC, THE AVAYA CHANNEL PARTNER ACKNOWLEDGES AND AGREES THE AVAYA CHANNEL PARTNER IS RESPONSIBLE FOR ANY AND ALL RELATED FEES AND/OR ROYALTIES. THE G.729 CODEC IS LICENSED BY SIPRO LAB TELECOM INC. SEE WWW.SIPRO.COM/CONTACT.HTML. THE H.264 (AVC) CODEC IS LICENSED UNDER THE AVC PATENT PORTFOLIO LICENSE FOR THE PERSONAL USE OF A CONSUMER OR OTHER USES IN WHICH IT DOES NOT RECEIVE REMUNERATION TO: (I) ENCODE VIDEO IN COMPLIANCE WITH THE AVC STANDARD (“AVC VIDEO”) AND/OR (II) DECODE AVC VIDEO THAT WAS ENCODED BY A CONSUMER ENGAGED IN A PERSONAL ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO PROVIDER LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS GRANTED OR SHALL BE IMPLIED FOR ANY OTHER USE. ADDITIONAL INFORMATION FOR H.264 (AVC) AND H.265 (HEVC) CODECS MAY BE OBTAINED FROM MPEG LA, L.L.C. SEE HTTP:// WWW.MPEGLA.COM. Compliance with Laws You acknowledge and agree that it is Your responsibility for complying with any applicable laws and regulations, including, but not limited to laws and regulations related to call recording, data privacy, intellectual property, trade secret, fraud, and music performance rights, in the country or territory where the Avaya product is used. Preventing Toll Fraud “Toll Fraud” is the unauthorized use of your telecommunications system by an unauthorized party (for example, a person who is not a corporate employee, agent, subcontractor, or is not working on your company's behalf). Be aware that there can be a risk of Toll Fraud associated with your system and that, if Toll Fraud occurs, it can result in substantial additional charges for your telecommunications services. Avaya Toll Fraud intervention If You suspect that You are being victimized by Toll Fraud and You need technical assistance or support, call Technical Service Center Toll Fraud Intervention Hotline at +1-800-643-2353 for the United States and Canada. For additional support telephone numbers, see the Avaya Support website: https://support.avaya.com or such successor site as designated by Avaya. Security Vulnerabilities Information about Avaya’s security support policies can be found in the Security Policies and Support section of https:// support.avaya.com/security. Suspected Avaya product security vulnerabilities are handled per the Avaya Product Security Support Flow (https:// support.avaya.com/css/P8/documents/100161515). Downloading Documentation For the most current versions of Documentation, see the Avaya Support website: https://support.avaya.com, or such successor site as designated by Avaya. Contact Avaya Support See the Avaya Support website: https://support.avaya.com for product or Hosted Service notices and articles, or to report a problem with your Avaya product or Hosted Service. For a list of support telephone numbers and contact addresses, go to the Avaya Support website: https://support.avaya.com (or such successor site as designated by Avaya), scroll to the bottom of the page, and select Contact Avaya Support. Trademarks The trademarks, logos and service marks (“Marks”) displayed in this site, the Documentation, Hosted Service(s), and product(s) provided by Avaya are the registered or unregistered Marks of Avaya, its affiliates, its licensors, its suppliers, or other third parties. Users are not permitted to use such Marks without prior written consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the Documentation, Hosted Service(s) and product(s) should be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the Marks without the express written permission of Avaya or the applicable third party. Avaya is a registered trademark of Avaya Inc. All non-Avaya trademarks are the property of their respective owners. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. Contents Chapter 1: About PathFinder...................................................................................................  8 Main Features of PathFinder....................................................................................................  9 Technical Specifications......................................................................................................... 10 Change history...................................................................................................................... 12 Chapter 2: Preparing the PathFinder server Setup.............................................................  13 Planning Your Topology for PathFinder................................................................................... 13 Ports to Open on PathFinder..................................................................................................  15 Checking Site Suitability......................................................................................................... 20 Unpacking the Device............................................................................................................ 20 Inspecting for Damage........................................................................................................... 21 Chapter 3: Setting up the Device........................................................................................... 22 Mounting the Device on to the Rack........................................................................................ 22 Preparing the Rack and Rails for Mounting the Device.......................................................  22 Mounting the Outer Rails on to the Rack...........................................................................  25 Mounting the Device on to the Outer Rails......................................................................... 28 Connecting Cables to the Device............................................................................................ 32 Obtaining the License Key of the PathFinder server.................................................................  33 Verifying the PathFinder server Installation.............................................................................. 34 Chapter 4: Performing the Initial Configuration of the PathFinder server........................  35 Configuring the IP Addresses of the PathFinder server............................................................. 35 Configuring Ports on the PathFinder server.............................................................................  40 Configuring the UDP Port for RAS on the PathFinder server...............................................  40 Limiting the TCP/UDP Port Range for H.323 Direct Access Calls on the PathFinder server...  41 Limiting the TCP/UDP port range on the internal interface of PathFinder.............................. 41 Configuring Port Access for H.460 Endpoints....................................................................  42 Integrating the PathFinder server with Other Scopia® Solution Components..............................  45 Integrating the PathFinder server with ECS.......................................................................  45 Integrating the PathFinder server with NAT.......................................................................  46 Enabling Internal Endpoints to Call External Endpoints............................................................. 47 Configuring Access for H.323 Legacy Endpoints................................................................ 47 URI Dialing Functionality.................................................................................................. 49 Enabling URI Dialing to External Endpoints.......................................................................  50 Enabling IP Dialing to External Endpoints.......................................................................... 54 Configuring Priority of Audio or Video...................................................................................... 57 Chapter 5: Scalability, High Availability and Load Balancing with PathFinder................  59 Workflow to Configure PathFinder server for Redundancy........................................................  61 Configuring Radware Load Balancer for PathFinder servers.....................................................  62 Configuring the F5 BIG-IP LTM for PathFinder servers.............................................................  64 Configuring PathFinder servers for the Load Balancer.............................................................. 67 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 6 Contents Chapter 6: Performing Maintenance Procedures................................................................  70 Updating, Backing Up and Restoring the PathFinder server......................................................  70 Upgrading the PathFinder server......................................................................................  71 Backing Up the Configuration Settings..............................................................................  73 Restoring the Configuration Settings.................................................................................  75 Filtering and Monitoring Events in PathFinder server................................................................ 76 Managing Logs.....................................................................................................................  80 Configuring the Alert Level and Size of Logs...................................................................... 80 Retrieving Application and Operating System Logs............................................................  81 Capturing Network Traces for Troubleshooting........................................................................  83 Viewing PathFinder Hardware and License Information............................................................  85 Glossary................................................................................................................................... 87 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 7 Chapter 1: About PathFinder Avaya Scopia® PathFinder provides a complete firewall and NAT traversal solution for H.323 deployments, enabling secure connectivity between enterprise networks and remote sites. Avaya Scopia® PathFinder is part of the Scopia® Solution the components of which can be combined to fit the existing network topology and videoconferencing requirements of the organization. PathFinder maintains the security and advantages of firewall and NAT over heterogeneous video networks and allows seamless integration with existing video endpoints and infrastructure components. Figure 1: PathFinder Functionality on page 8 illustrates the functionality of PathFinder. Figure 1: PathFinder Functionality PathFinder uses the H.460 protocol. H.460 enhances the standard H.323 protocol to manage firewall/NAT traversal, employing ITU-T standards. Endpoints which are already H.460 compliant can communicate directly with the PathFinder server, where the endpoint acts as an H.460 client to the PathFinder server which acts as an H.460 server. The endpoints in a private network can communicate with the endpoints located in the public network via the PathFinder server. Endpoints in the public network can join a conference hosted in the private network via the PathFinder server if there is an open connection through the firewall. The ECS provides standalone address resolution functionality in H.323 networks. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 8 Main Features of PathFinder The PathFinder server offers external endpoints a static address when joining conferences hosted in your organization. You can [email protected] to access from outside the firewall, or you can dial 1234 directly if you are an H.460 client logged in to the PathFinder server. Related links Main Features of PathFinder on page 9 Technical Specifications on page 10 Main Features of PathFinder Avaya Scopia® PathFinder enables firewall and NAT traversal for secure connectivity between enterprise networks and remote sites. PathFinder has many powerful features including: • Works with any firewall, endpoint and gatekeeper PathFinder solves near-end and far-end firewall issues by allowing you to maintain existing security measures with no changes to existing firewalls. All H.323 standards-based endpoints and gatekeepers are supported. PathFinder is also fully compatible with Avaya Scopia® ECS Gatekeeper features: enhanced dial plan, hierarchy, conference hunting, CDR records and API for integration. • Highly secured The PathFinder server uses a hardened version of the Linux operating system which has a proven track record in secured system access. The PathFinder server also provides uncompromised security by separating and restricting IP traffic between the external and internal network cards (NICs). The external NIC accepts access only from a very specific range of ports and media types, which significantly limits intrusive attempts on the system. Customers can restrict access of all management interfaces to a single NIC which resides either in the DMZ or in the secured zone. The PathFinder server works as an application layer firewall for H.323 calls and inspects the contents of the traffic, blocking specific content, such as invalid H.323/RTP/RTCP packets. The PathFinder server routes only validated H.323 based packets or RTCP/RTP based packets from the external NIC to the internal NIC. • Scalable and distributed You can now deploy multiple PathFinder servers for improved availability for dial in and dial out from your organization. As a result, enterprises can improve reliability or accommodate more external endpoints joining videoconferences by adding more PathFinder servers to their deployments. The PathFinder server works with an external load balancer providing unlimited scalability and solid redundancy for large deployments. • Guest user dial-in April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 9 About PathFinder The PathFinder server supports Direct Public Access (DPA). Any public H.323 endpoint can directly call through the PathFinder server without the need to deploy an additional Scopia® PathFinder client. Public H.323 endpoints which do not support the H.460 standard can directly call the PathFinder server and easily and securely participate in any call or conference call inside the organization. • URI Dialing With support for URI dialing PathFinder enables seamless and intuitive connectivity between enterprises, with customers and home workers. The following dialing methods are supported for both outgoing public calls and incoming public calls: - @ e.g. [email protected] - @ e.g. [email protected] - @ e.g. [email protected] - @ e.g. [email protected] • Enhanced management capabilities Avaya Scopia® Management fully supports the PathFinder server providing comprehensive maintenance tools such as user management, real-time monitoring, traps and alarms, automated log collection, and direct web access. • Integrated web-based event log Use the event log for quick and effective troubleshooting Related links About PathFinder on page 8 Technical Specifications This section lists important information about the device you purchased. Refer to this information when preparing system setup and afterwards to verify that the environment still complies with these requirements. This information lists the technical specifications of the Avaya Scopia® PathFinder server. • System power requirements: - 600W, 100-240VAC input, 50/60Hz auto-switched • Environmental requirements: - Operating temperature: 5°C to 35°C (41°F to 95°F) - Humidity: 8% to 90% non-condensing - Storage and transit temperature: -40°C to 60°C (-40°F to 140°F) April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 10 Technical Specifications • Physical dimensions: - Size: 437mm (17.2”) width x 43mm (1.7”) height x 650mm (25.6”) depth - Weight: ~16.3kg (~36lbs) • External interfaces: - Dual Gigabit NICs - 1 x DB9 serial port connector - 2 x USB 2.0 connectors • Communications: - H.323 - IPv4 - Bit rate: up to 4Mbps per call • Call capacity: - Up to 100 concurrent calls - Up to 600 registered devices • Scalability: - Radware AppDirector 208 - Radware AppDirector 1000 - F5 BIG-IP Load Traffic Manager 1600 Series • Firewall traversal: - H.460.18, H.460.19 including support for multiplexed media - Direct Public Access (DPA) solution for direct communication between internal endpoints in the internal network and external ones in the public network. - If the remote system includes an installation of the Scopia® PathFinder client, you can tunnel communication through the firewall securely by routing traffic via the Scopia® PathFinder client. • Security: - H.235 for call privacy in all traversal modes (H.460, tunneling, DPA) Related links About PathFinder on page 8 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 11 About PathFinder Change history Issue Date Summary of changes 3 April 2016 Removed obsolete content April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 12 Chapter 2: Preparing the PathFinder server Setup Perform procedures in this section to prepare the site and device for installation. Related links Planning Your Topology for PathFinder on page 13 Ports to Open on PathFinder on page 15 Checking Site Suitability on page 20 Unpacking the Device on page 20 Inspecting for Damage on page 21 Planning Your Topology for PathFinder Communication in the deployment comprises management, external communication traffic (unsecured), and internal communication traffic (secured). The Avaya Scopia® PathFinder server supports these communication protocols used by the system: Table 1: Protocols supported by the PathFinder server Type of Network Traffic Protocols supported by the PathFinder server Management External management (TCP-XML based), HTTP, SSH, SFTP External communication (insecure) H.460, proprietary client-server tunneling, DNS Internal communication (secure) H.323 To create a secure deployment, administrators in organizations need to separate the various types of network traffic in the deployment. The PathFinder server houses two NIC cards. The PathFinder server provides uncompromised security by using the two NICs for separating and restricting IP traffic in the deployment. The external NIC accepts access only from a very specific range of ports and media types, which significantly limits intrusive attempts on the system. The internal NIC is dedicated to the local traffic. We recommend configuring the second NIC to also support management traffic. There are two recommended ways of deploying the dual-NIC PathFinder server: • Bypassing the enterprise firewall April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 13 Preparing the PathFinder server Setup The external NIC is connected to the external network while the internal NIC resides in the enterprise LAN. The external endpoints have access to the external NIC through the firewall and the NAT. The internal NIC communicates with the components of the internal network and bypasses the firewall to the enterprise LAN. Figure 2: Deploying a Dual-NIC PathFinder server bypassing the enterprise firewall on page 14 illustrates this type of deployment. Figure 2: Deploying a Dual-NIC PathFinder server bypassing the enterprise firewall • Located in the DMZ The PathFinder server is located in the DMZ behind the firewalls. The DMZ is divided into two subnets. The external NIC is connected to the outer DMZ and the internal NIC is connected to the inner DMZ. The subnets do not communicate between them. Figure 3: Deploying a highsecurity Dual-NIC PathFinder server on page 14 illustrates this highly secure deployment. Figure 3: Deploying a high-security Dual-NIC PathFinder server April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 14 Ports to Open on PathFinder Deploying the PathFinder server requires configuring the unit itself as well as several other components. For information on components that are part of the Scopia® Solution, see the Scopia® Solution guide. SCOPIA PathFinder Servers can also be clustered behind a load balancing system for scalability and high availability. See Scalability, High Availability and Load Balancing with PathFinder on page 59. Important: Small and medium-size enterprises that set up videoconferences within their enterprise can choose to deploy PathFinder server with a single NIC. Contact Customer Support for information on that type of deployment. Related links Preparing the PathFinder server Setup on page 13 Ports to Open on PathFinder Avaya Scopia® PathFinder is Scopia® Solution’s answer to firewall traversal. The PathFinder server is an H.460 server, typically deployed in the DMZ, while the Scopia® PathFinder client is a tunneling client, typically deployed outside the enterprise firewall alongside the remote H.323 endpoint (see Figure 4: H.323 connections to PathFinder server on page 16). Many recent H.323 endpoints have built-in H.460 functionality (which enables secure communication), thereby avoiding the need for a Scopia® PathFinder client. If an H.323 endpoint located in a partner company does not have H.460 capabilities, it must communicate via the Scopia® PathFinder client to access the PathFinder server in the DMZ (see Figure 4: H.323 connections to PathFinder server on page 16). Important: There must be no firewall between the H.323 endpoint (device) and the Scopia® PathFinder client. An H.323 endpoint in the public network can also directly dial the PathFinder server using direct port access (ports 4000-5000). April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 15 Preparing the PathFinder server Setup Figure 4: H.323 connections to PathFinder server When opening ports to and from PathFinder server, use the following as a reference: • If opening ports that are both to and from the PathFinder server, see Table 2: Bidirectional Ports to Open the PathFinder server on page 17. • If opening ports that are both to and from the Scopia® PathFinder client, see Table 3: Bidirectional Ports to Open on the Scopia® PathFinder client on page 19. Important: In order for an H.323 endpoint (or other H.323 device) within the enterprise to successfully connect to the PathFinder server in the DMZ via the enterprise firewall (see Figure 5: Contacting PathFinder server from within the enterprise on page 17), you must do one of the following: • Install a Scopia® PathFinder client within the enterprise • Use H.460-enabled endpoints • Open the internal firewall to the PathFinder server (1024-65535, bidirectional) April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 16 Ports to Open on PathFinder Figure 5: Contacting PathFinder server from within the enterprise Important: The specific firewalls you need to open ports on depends on where your PathFinder server, Scopia® PathFinder client, and other Scopia® Solution products are deployed. Table 2: Bidirectional Ports to Open the PathFinder server Port Range Protocol Destination Functionality Result of Blocking Port Required 22 SSH/SFTP (TCP) SSH client endpoint Enables initial configuration, log download and server upgrade Cannot initialize the server, download logs and upgrade the server Mandatory for configuring the PathFinder server 53 DNS (UDP) DNS server Enables querying the DNS for domains per call Cannot support domain name calls and dialing by URI Mandatory if using URI dialing 1719 UDP H.460.18 endpoint/ H. 460.18 client gatekeeper Enables H.460.18 RAS capabilities H.460.18 endpoints cannot register through PathFinder server, firewall traversal function based on H.460.18 and H. 460.19 cannot function. Mandatory for H. 460 endpoints Any H.323 device using Q. 931 signaling in DPA mode Enables IP call signaling No signaling capabilities: guest users cannot dial Mandatory if in DPA mode 1720 TCP To configure, see Configuring the UDP Port for RAS on the PathFinder server on page 40 Table continues… April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 17 Preparing the PathFinder server Setup Port Range Protocol Destination Functionality Result of Blocking Port into internal endpoints Required 2776 TCP, UDP H.460.18 endpoint/ H. 460.18 client gatekeeper Enables H.460.18 Call Signaling, H. 460.19 Multiplex Media Channel H.460.18 endpoints cannot register through PathFinder server or set up logical channels. Firewall traversal function based on H.460.18 and H.460.19 cannot function. Mandatory for H. 460 endpoints 2777 TCP, UDP H.460.18 endpoint/ H. 460.18 client gatekeeper Enables H.460.18 and H.460.19 Call Control, H.460.19 Multiplex Media Control Channel H.460.18 endpoints cannot set up Call Control channels or logical channels. Firewall traversal function based on H.460.18 and H.460.19 cannot function. Mandatory for H. 460 endpoints 3089 TCP, UDP Scopia® Enables signaling PathFinder client and media traversal If the TCP port is Mandatory if blocked, Scopia® using Scopia® PathFinder client PathFinder client cannot connect to PathFinder server. Legacy H.323 endpoints behind the Scopia® PathFinder client cannot call external endpoints. If the UDP port is blocked, Scopia® PathFinder client can only traverse media via TCP. 3089 TCP, UDP PathFinder server Enables signaling and media connection to neighbor server Cannot connect or traverse media to neighbor server 4000-5000 TCP, UDP Any H.323 device using Q. 931 signaling in DPA mode Enables Direct Public Access (DPA) for H.323 call signaling, control and media traversal Cannot setup/ Mandatory if in connect DPA mode DPA mode calls To limit range, see Limiting the Mandatory if using a neighbor server Table continues… April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 18 Ports to Open on PathFinder Port Range Protocol Destination Functionality Result of Blocking Port Required TCP/UDP Port Range for H.323 Direct Access Calls on the PathFinder server on page 41 8080 HTTP (TCP) Web client/ browser Provides access to the web user interface Cannot configure PathFinder server Mandatory for configuring the PathFinder application 8089 XML (TCP) XML API Client Enables managing PathFinder server via XML API The External Management System cannot get PathFinder server status or receive traps from PathFinder server Optional Table 3: Bidirectional Ports to Open on the Scopia® PathFinder client Port Range Protocol Destination Functionality Result of Blocking Port Required 3478 STUN (UDP) STUN server Enables an endpoint located in the remote network to send a STUN Binding Request when connecting to another endpoint in the same network Scopia® PathFinder client cannot determine its public IP address. Smart Direct Media Connect cannot function. Recommended Important: If there is a firewall between the H.323 client and the Scopia® PathFinder client, all high ports must be opened in both directions (1024-65535). We therefore recommend no firewall between the endpoint and the Scopia® PathFinder client. Related links Preparing the PathFinder server Setup on page 13 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 19 Preparing the PathFinder server Setup Checking Site Suitability Prior to setting up your device, you need to verify your site suitability for: • System power requirements • System environmental requirements • The device physical dimensions. For more information, see Technical Specifications on page 10 to learn about these requirements. Ensure the site conforms to the listed requirements. Related links Preparing the PathFinder server Setup on page 13 Unpacking the Device About this task We strongly recommend that you follow safety guidelines described in this section during unpacking. Procedure 1. Inspect the shipping box to verify that it is not seriously damaged during shipping. 2. Place the shipping box on a horizontal surface paying attention to the This Side Up symbol on the shipping box (Figure 6: This Side Up symbol on page 20). Figure 6: This Side Up symbol Caution: The accessories kit is situated on top of the device inside the shipping box and can be damaged if the box is placed upside down. Pay attention to the This Side Up symbol on the shipping box to handle the box correctly at all times. Caution: To prevent injury and equipment damage, follow the lifting guidelines described in the Safety Guide when lifting or moving the shipping box. 3. Cut the plastic straps. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 20 Inspecting for Damage Caution: The plastic straps are tightly stretched and can hit you when you cut them. To avoid this, make sure you do not face the side of the box secured by the straps before you cut the straps. 4. Cut the strapping tape. 5. Open the shipping box. 6. Take the accessories kit out of the shipping box. 7. Take the device out of the shipping box. 8. Carefully open the additional boxes, remove the packing material, and remove the drives and other contents. Important: We recommend keeping the packaging materials in case you need to repack the device. 9. Remove the cellophane wrapping from the server case. 10. After opening the shipping box, check the shipment is complete. Compare the contents of the shipment with the packing list included in the box. Related links Preparing the PathFinder server Setup on page 13 Inspecting for Damage After you verify that all of the equipment is included, carefully examine the , power supplies and cables for any damage resulting from shipping. If you suspect any damage from shipping, contact your local freight carrier for procedures on damage claims. If you observe any physical defects in the items you ordered, contact Technical Support for Return Material Authorization (RMA) form. Important: Before proceeding with the installation, verify that all of the ordered parts are present and in good condition. Keep a record of the parts and serial numbers. If any parts are missing or damaged, contact your sales representative. Related links Preparing the PathFinder server Setup on page 13 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 21 Chapter 3: Setting up the Device These sections describe how to set up the device: Related links Mounting the Device on to the Rack on page 22 Connecting Cables to the Device on page 32 Obtaining the License Key of the PathFinder server on page 33 Verifying the PathFinder server Installation on page 34 Mounting the Device on to the Rack To mount the device, perform these tasks in the order listed: Related links Setting up the Device on page 22 Preparing the Rack and Rails for Mounting the Device on page 22 Mounting the Outer Rails on to the Rack on page 25 Mounting the Device on to the Outer Rails on page 28 Preparing the Rack and Rails for Mounting the Device About this task This section describes how to prepare all the equipment required to mount the device onto the rack, including choosing the rack and finding the right place on the rack to mount the device. Before you begin Ensure that the room is suitable for the device and remove the device from its box, as described in Preparing the PathFinder server Setup on page 13. Procedure 1. Verify that you have a 19” rack that meets the EIA-310 standards. This standard includes the exact specifications, including the shape of the holes, their size, the depth of the rack and other features. The rack should be sturdy enough to support the device when you slide it in and out. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 22 Mounting the Device on to the Rack We recommend choosing a rack without doors. If installing in an enclosed rack, ensure that the rack has adequate ventilation. 2. Ensure that the environment is suitable and set up the rack, considering factors such as the ambient temperature of the room. Read the safety instructions that came with your rack for details. Important: Maintain a minimum clearance of 30 inches (76.2 cm) in the rear of the rack to allow adequate airflow. Ensure the rack is stable. The leveling jacks at the bottom of the rack should be fully extended. 3. Decide where on the rack to place the device, using the guidelines listed below. Mark this location on the rack, ensuring that the height is the same on each rack post. Proper placement prevents the device from overheating and ensures that the rack is stable. • Find a space on the rack which is 3 empty square holes in height (1U), as shown in Figure 7: One rack unit of space on the rack on page 23. Note that the holes on the rack posts are not spaced equally. They form a repeating pattern of two holes close together, then one hole separate, then two holes close together and so on. The top of the device should start on the lower of the two holes which are close together. Figure 7: One rack unit of space on the rack • If there are few devices mounted in the rack, find the lowest possible location to mount the device, to ensure the rack remains stable. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 23 Setting up the Device 4. Make sure you have the following items, which were shipped with the device and are used to mount the rails to the rack (Figure 8: Preparing the parts required to mount the rails on page 24): • Two long outer rails and two short outer rails, to be attached to the rack itself (as described in Mounting the Outer Rails on to the Rack on page 25) • Two inner rail extensions, used to attach the device to the outer rails on the rack (as described in Mounting the Device on to the Outer Rails on page 28) • Eight flat-head long screws (Phillips cross recessed flat-head machine screws M5x12mm). You need only four to mount the device. • Eight brackets (finishing washers M5). You need only four to mount the device. • Two flat-head short screws (Phillips cross recessed flat-head machine screws 6-32 UNCx3/16") Figure 8: Preparing the parts required to mount the rails 5. Continue with Mounting the Outer Rails on to the Rack on page 25. Related links Mounting the Device on to the Rack on page 22 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 24 Mounting the Device on to the Rack Mounting the Outer Rails on to the Rack About this task This procedure describes how to mount the outer rails on to the rack. The outer rails are used to support the inner rails, which are attached to the device. After fastening the outer rails to the rack itself, you attach the inner rails to the device. You can then slide the inner rails along the outer rails to mount the device on to the rack. Before you begin • Make sure you have the correct type of rack and know where to mount the outer rails, as described in Preparing the Rack and Rails for Mounting the Device on page 22. • Make sure you have the following items, which were shipped with the device and are used to mount the outer rails to the rack (Figure 9: Preparing the parts required to mount the rails on page 25): - Two long outer rails - Two short outer rails - Two flat-head long screws (Phillips cross recessed flat-head machine screws M5x12mm) - Two brackets (finishing washers M5) Figure 9: Preparing the parts required to mount the rails April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 25 Setting up the Device Procedure 1. Connect the long and short outer rails to each other by sliding the knob on the short rail through the rounded end of the slot on the long rail (Figure 10: Connecting the two outer rails on page 26). Figure 10: Connecting the two outer rails 2. Attach the rails to the rack posts, at the location you marked in Preparing the Rack and Rails for Mounting the Device on page 22: a. Starting at the rear of the rack, attach the short rail by aligning the two square knobs with the rack holes (Figure 11: Attaching the short rail to the rear of the rack on page 26). The rails are spring-loaded and lock into place on the rack with a safety latch. Figure 11: Attaching the short rail to the rear of the rack b. Slide the long rail towards the front of the rack, adjusting the length according to the depth of the rack. Attach it to the front of the rack as you did to the rear of the rack. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 26 Mounting the Device on to the Rack Important: To unfasten the rail pins from the rack, push the safety latch to release: Figure 12: Removing the rack from the rails c. Secure the rail by inserting a long screw and a washer through the rear rack post only (Figure 13: Securing the rail to the rack on page 27). Insert the washer between the long screw and the rail, as shown below. The rail is secured to the front of the rack only after the device is mounted, as described in Mounting the Device on to the Outer Rails on page 28. Figure 13: Securing the rail to the rack April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 27 Setting up the Device The outer rail is now attached to the rack, as shown in Figure 14: Side view of rack with the outer rail attached on page 28. Figure 14: Side view of rack with the outer rail attached 3. Repeat all steps to mount the outer rails to the other side of the rack. 4. Continue with Mounting the Device on to the Outer Rails on page 28. Related links Mounting the Device on to the Rack on page 22 Mounting the Device on to the Outer Rails About this task After you have attached the outer rails to the rack to form a support for the device, you can attach the inner rail extensions to the device and mount the device on to the rack. Caution: To prevent injury and equipment damage, follow the lifting guidelines described in the Safety Guide when lifting or moving the device. Before you begin • Read the safety guidelines described in the Safety Guide. • Attach the outer rails to the rack, as described in Mounting the Outer Rails on to the Rack on page 25. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 28 Mounting the Device on to the Rack • Make sure you have the following items, which were shipped with the device and are used to mount the rails to the rack (Figure 15: Preparing the parts required to mount the device onto the rails on page 29): - Two inner rail extensions - Two flat-head short screws (Phillips cross recessed flat-head machine screws 6-32 UNCx3/16") - Two flat-head long screws (Phillips cross recessed flat-head machine screws M5x12mm) - Two brackets (finishing washers M5) Figure 15: Preparing the parts required to mount the device onto the rails Procedure 1. Attach the inner rail extension to the rear of the device: a. Slide the rear inner rail extension towards the front of the device (see Figure 16: Attaching inner rail extensions to the device on page 29). The hooks on the side of the device fasten the inner rail in place. Figure 16: Attaching inner rail extensions to the device b. Secure the rear inner rail extension through one of the two holes on the rail extension, using one flat-headed short screw (Figure 17: Securing rail extensions to the device on page 30). April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 29 Setting up the Device Figure 17: Securing rail extensions to the device c. Repeat these steps on the other side of the device. 2. Slide the device on to the rails until the holes on the device front panel align with the front post (see Figure 18: Sliding the device onto the rails on page 30). As you slide, you should hear two clicks; one mid-way and one near the end. These are the safety latches to stop the device from accidentally sliding out. Figure 18: Sliding the device onto the rails April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 30 Mounting the Device on to the Rack Important: To pull out the device, you need to slide the long part of the latch on each side simultaneously to release the safety lock. Slide the right latch up and slide the left latch down (Figure 19: Removing the device from the rails on page 31). Figure 19: Removing the device from the rails 3. Secure the device to each front post using a long screw. Insert a washer between the screw and the device panel. This secures the front panel to the front of the rack and the outer rail to the rack. The outer rail was already secured in Mounting the Outer Rails on to the Rack on page 25. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 31 Setting up the Device Figure 20: Securing the front panel of the device to the front post Related links Mounting the Device on to the Rack on page 22 Connecting Cables to the Device About this task Follow this procedure to connect the power, network, and serial cable supplied with the accessories kit. Important: The serial connection is used only for configuring the IP address of the device. Caution: During this procedure, follow the safety guidelines described in the Safety Guide. Procedure 1. On the rear panel, connect the power cable to the AC power connector (Figure 21: Rear panel of the device on page 33). April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 32 Obtaining the License Key of the PathFinder server Figure 21: Rear panel of the device 2. Connect the other end of the power cable to the AC power. 3. Use a serial cable to connect a PC to the device's serial port. This connection is required for local configuration and maintenance. Important: Do not connect a screen or a keyboard to the device directly. Define the device's basic settings via the serial connection only. 4. Connect a network cable to the NIC1 Ethernet connector on the rear panel (see Figure 21: Rear panel of the device on page 33). Related links Setting up the Device on page 22 Obtaining the License Key of the PathFinder server You need a license key for installing and operating the Avaya Scopia® PathFinder server. To obtain the license key, carefully read the instructions enclosed in the customer support letter you received when you purchased the product. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 33 Setting up the Device Related links Setting up the Device on page 22 Verifying the PathFinder server Installation About this task After you installed the device and performed its initial configuration, you need to verify that it is installed and configured correctly. Procedure 1. On the front panel, verify that the power LED is lit green. Figure 22: Locating the front panel LEDs 2. Verify that the status LED is lit green . 3. Check the network connection by verifying that the Ethernet activity LED is lit green. Related links Setting up the Device on page 22 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 34 Chapter 4: Performing the Initial Configuration of the PathFinder server After connecting the cables and switching on the Avaya Scopia® PathFinder server, perform the initial configuration as described in these sections: Related links Configuring the IP Addresses of the PathFinder server on page 35 Configuring Ports on the PathFinder server on page 40 Integrating the PathFinder server with Other Scopia® Solution Components on page 45 Enabling Internal Endpoints to Call External Endpoints on page 47 Configuring Priority of Audio or Video on page 57 Configuring the IP Addresses of the PathFinder server About this task There are two network cards (NICs) in the Avaya Scopia® PathFinder server to enable deploying it with better security and management of network traffic: • NIC 1 (Ethernet port defined as eth0) always supports the external traffic. • NIC 2 (Ethernet port defined as eth1) is always dedicated to the internal network traffic. For a highly secure dual-NIC deployment we recommend to also configure the management role to eth1. This procedure describes how to configure this type of topology. Figure 23: The role of the dual-NIC PathFinder server in a deployment on page 36 illustrates these roles. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 35 Performing the Initial Configuration of the PathFinder server Figure 23: The role of the dual-NIC PathFinder server in a deployment Before you begin Make sure you have these items: • A PC with available serial port • Serial cable provided with your PathFinder server. Use the serial port on the server's rear panel to assign the new IP addresses. • A client program to configure the administration console of your PathFinder server using an SSH connection. We recommend using PuTTY. You can download this free application from http://www.chiark.greenend.org.uk/~sgtatham/putty/ • IP address of each NIC in the PathFinder server • Dedicated subnet mask for the PathFinder server Important: In a dual-NIC deployment we strongly recommend connecting the NICs to two different subnets. • IP address of the default router the PathFinder server uses to communicate over the network • IP address of the DNS server • Fully Qualified Domain Name (FQDN) for the PathFinder server Procedure 1. Login to the administration shell menu of your PathFinder server. a. Start PuTTY on your PC b. Select the Serial page in the PuTTY Configuration dialog box. c. Verify that the connection fields are setup as follows: April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 36 Configuring the IP Addresses of the PathFinder server Field Name Value Serial line to connect to COM1 Speed (baud) 9600 Data bits 8 Stop bits 1 Parity None Flow Control None d. Turn on the power to your PathFinder server. e. When prompted, enter a user name and password to login to PathFinder server. The password is encrypted with a 2048-bit key. The default user name and password are both admin. 2. Configure the NIC interfaces. a. Once in the Main Menu, enter 2 to access the Network administration menu. b. Enter 2 to access the Change network configuration menu (Figure 24: Configuring NIC 0 (external NIC) on page 37). The display shows the current network interface configuration. The HWaddr field displays the MAC address of eth0. Figure 24: Configuring NIC 0 (external NIC) c. Enter 1 to configure eth0(external NIC 1). d. Enter the IP address of eth0(NIC 1). e. Enter the IP address of the subnet mask to which eth0 belongs. f. Enter the IP address of the default gateway. The window displays the new settings. The External access, Management access, and Internal access fields are automatically enabled. External access is enabled so that the NIC can communicate with the external network. Traffic on the NIC typically comprises H.460, tunneling, DNS query traffic, and H.323. Management access and internal access are automatically disabled after you enable these fields in eth1(NIC 2). April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 37 Performing the Initial Configuration of the PathFinder server g. Enter 2 to configure eth1(internal NIC 2). h. Enter y in the Interface status to enable eth1. i. Enter the IP address of eth1(NIC 2). j. Enter the IP address of the subnet mask to which eth1 belongs. k. Enter y to enable the Management role of eth1. l. Enter y to enable the Internal role of eth1. Field Description Internal access Enable this field so that the NIC can handle standard H. 323 traffic in the internal network. Management access Enable this field for the NIC's handling of management traffic such as: • HTTP, required for accessing the web user interface of Avaya Scopia® PathFinder server • SSH, required for accessing the shell administration menu of Avaya Scopia® PathFinder server • SFTP, for uploading or downloading resources of Avaya Scopia® PathFinder server • XML over TCP, required for third-party management interface. The system automatically disables the external role of eth1. The window displays the NIC configuration as illustrated in Figure 25: The network interface configuration screen on page 38. Figure 25: The network interface configuration screen The configuration automatically sets the IP addresses of the NICs in the web interface of the PathFinder server. To view this page, login to the web interface and navigate to April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 38 Configuring the IP Addresses of the PathFinder server Settings > General (Figure 26: The page displaying the NIC IP addresses in the Settings tab on page 39). Figure 26: The page displaying the NIC IP addresses in the Settings tab 3. Configure the DNS server as your enterprise DNS server. a. In the Network administration menu enter 3 to access the DNS configuration menu. b. Enter A to add a DNS server. c. Enter the IP address of the new server. 4. Configure the new FQDN. a. In the Network administration menu, enter 4 to access the FQDN configuration menu. b. Enter the FQDN of the PathFinder server. The system displays the host name and domain name, as well as the new FQDN of the PathFinder server. 5. Add a static route to define call paths so that they are redirected from the PathFinder server to ECS and internal endpoints on other subnets. A static route is required if the internal network has many subnets. For example: • If the internal NIC is in network 168.168.1.10, and all internal endpoints and the ECS are also located in network 192.168.1.0, there is no need for a static route. • If the internal network has many subnets (such as 168.168.2.0, 172.16.0.0), you need to configure the static route so that the PathFinder server can communicate with devices inside subnets other than 168.168.1.0. a. In the Network administration menu enter 6 to access the static route configuration menu. b. Enter A to add a new static route. c. Enter the routing rule as: via > 6. Close the SSH session. Related links Performing the Initial Configuration of the PathFinder server on page 35 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 39 Performing the Initial Configuration of the PathFinder server Configuring Ports on the PathFinder server on page 40 Configuring Ports on the PathFinder server This section provides instructions of how to configure the following ports and port ranges on the Avaya Scopia® PathFinder server: Related links Performing the Initial Configuration of the PathFinder server on page 35 Configuring the IP Addresses of the PathFinder server on page 35 Integrating the PathFinder server with Other Scopia® Solution Components on page 45 Configuring the UDP Port for RAS on the PathFinder server on page 40 Limiting the TCP/UDP Port Range for H.323 Direct Access Calls on the PathFinder server on page 41 Limiting the TCP/UDP port range on the internal interface of PathFinder on page 41 Configuring Port Access for H.460 Endpoints on page 42 Configuring the UDP Port for RAS on the PathFinder server About this task The Avaya Scopia® PathFinder server assumes the gatekeeper uses 1719 as the designated port for RAS (communication with the gatekeeper). You can configure a different port for RAS (if, for example, port 1719 is busy). Procedure 1. Access the PathFinder server Administrator web interface. 2. Log in to the PathFinder web user interface. 3. Select Settings > General. 4. Locate the Gatekeeper area (see Figure 27: Gatekeeper Settings on page 40). Figure 27: Gatekeeper Settings 5. Modify the port range in the Port field. 6. Select Save. Related links Configuring Ports on the PathFinder server on page 40 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 40 Configuring Ports on the PathFinder server Limiting the TCP/UDP Port Range for H.323 Direct Access Calls on the PathFinder server About this task The Avaya Scopia® PathFinder server has designated ports 4000-5000 for H.323 Direct Public Access (DPA), which allows non-H.460 public endpoints to call internal endpoints without being registered to the PathFinder server. To provide additional security for your firewall, you can limit this range. To calculate approximately how many ports the PathFinder server uses, multiply the number of simultaneous DPA calls by 10. The multiplication factor is lower for audio-only calls and higher for calls with dual video. We recommend using 10 as an approximation. Procedure 1. Access the PathFinder server Administrator web interface. 2. Select Settings > General. 3. Enable H.323 Direct Access by selecting the checkbox next to H.323 Direct Access (Figure 28: H.323 Direct Access Settings on page 41). Figure 28: H.323 Direct Access Settings 4. Modify the port range in the Port Range fields. 5. Select Save. Related links Configuring Ports on the PathFinder server on page 40 Limiting the TCP/UDP port range on the internal interface of PathFinder About this task PathFinder has a designated port range of 12000-15000 for H.323 calls to the internal interface. For additional security for your firewall, you can limit this range. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 41 Performing the Initial Configuration of the PathFinder server To calculate the number of ports PathFinder uses, add the two figures that you get by the following methods: • Multiply the number of simultaneous H.323 calls by 10. The multiplication factor is lower for audio-only calls and higher for calls with dual video. Use 10 as an approximate multiplication factor. • Count one port for each endpoint registration. For example, if you have 100 endpoints, count 100 ports. You must restart PathFinder after you modify the port range. Procedure 1. Access the PathFinder server Administrator web interface. 2. Click Settings > General. 3. In the Internal interface section, set the port range to 12000 up to 15000. The maximum port range is from 9000 to 65535. The port range setting requires a minimum range of 300 ports. 4. Click Save. Next steps Restart PathFinder Related links Configuring Ports on the PathFinder server on page 40 Configuring Port Access for H.460 Endpoints About this task The Avaya Scopia® PathFinder server acts as an H.460 server, enabling H.460 endpoints (which are H.460 clients) to register with the PathFinder server. H.460 enhances the standard H.323 protocol to manage firewall/NAT traversal, employing ITU-T standards. Endpoints which are already H.460 compliant can communicate directly with the PathFinder server, where the endpoint acts as an H.460 client to the PathFinder server which acts as an H.460 server. (Figure 29: H.460 endpoints register with PathFinder server on page 43). April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 42 Configuring Ports on the PathFinder server Figure 29: H.460 endpoints register with PathFinder server If an external H.460 endpoint in the public internet can dial the E.164 number of an endpoint within the enterprise, the ports used are: 1. The H.460 endpoint requests registration (RRQ) to the PathFinder server via port 1719. 2. The PathFinder server confirms RRQ. 3. The endpoint sends a call request in the form of two connections to the PathFinder server: • Port 2776 for call setup with H.225. H.225 is part of the set of H.323 protocols. It defines the messages and procedures used by gatekeepers to set up calls. • Port 2777 for signaling with H.245 Signaling, also known as call control, sets up, manages and ends a connection or call. These messages include the authorization to make the call, checking bandwidth, resolving endpoint addresses, and routing the call through different servers. Signaling is transmitted via the H.225.0/Q.931 and H.225.0/RAS protocols in H.323 calls, or by the SIP headers in SIP calls. Signaling occurs before the control aspect of call setup. The PathFinder server in turn routes these requests to the ECS. For more information on the firewall's port configuration see Ports to Open on PathFinder on page 15. The PathFinder server ports are configured by default to support these calls. Follow this procedure to change the default configuration. Procedure 1. Access the PathFinder server Administrator web interface. 2. Select Settings > H.460. The window displays the default port values for H.460 endpoint port access. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 43 Performing the Initial Configuration of the PathFinder server Carefully read this information before changing the default values: • If you leave these fields blank, the system does not change the port's origin value. • As these ports are unique, you cannot define more than one of these to the same port. • Both the native port and the public port face the external network. Native ports are used on the PathFinder server, while public ports are opened on the NAT/firewall. Public ports must match those configured on your external firewall/NAT. Figure 30: Configuring PathFinder server for H.460 endpoint access Field Description Ras Port RAS (Registration, Admission, Status) is required for communication between the remote endpoint and the PathFinder server. It allows the endpoint to request admission of the call. Important: Avoid changing the default value of the RAS public port. This change requires changing the port value for all endpoints in your deployment. April 2016 Call Signal Port Used for call setup, call proceeding, alerts, connection, call release upon completion. Call Control Port Provides control service to the multimedia session that has been established. RTCP Port Real-time Transmission Control Protocol provides statistics on the quality of the multimedia session in place. RTP Port Real-Time Transport Protocol port carries the media flow. Multiplex When enabled, reduces the number of required ports by sending media and control communications over RTP/RTCP via UDP ports 2776 and 2777. The Multiplex option is automatically enabled when you enable NAT support (see Integrating the PathFinder server with NAT on page 46). Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 44 Integrating the PathFinder server with Other Scopia® Solution Components Related links Configuring Ports on the PathFinder server on page 40 Integrating the PathFinder server with Other Scopia® Solution Components Your Avaya Scopia® PathFinder server is part of the Scopia® Solution and must be integrated with other components: Related links Performing the Initial Configuration of the PathFinder server on page 35 Configuring Ports on the PathFinder server on page 40 Enabling Internal Endpoints to Call External Endpoints on page 47 Integrating the PathFinder server with ECS on page 45 Integrating the PathFinder server with NAT on page 46 Integrating the PathFinder server with ECS About this task To allow endpoints from the external network to communicate with endpoints in the internal network, you need to configure the IP address of ECS in the PathFinder server. Endpoints participating in calls can be legacy H.323 and H.460 compliant. Calls can be dialed using IP addresses, URI dialing, and E.164 dialing. URI dialing requires resolving a destination like [email protected] or [email protected] into the IP of an endpoint. This is performed by the gatekeeper. When the URI address refers to a destination in another network, it requires the PathFinder server and the ECS to work together. Important: In the settings of the gatekeeper, add the IP address of the PathFinder server at port 1719 as the gatekeeper's neighbor, as described in Enabling URI Dialing to External Endpoints on page 50. Before you begin Verify you have the IP address of the Avaya Scopia® ECS Gatekeeper. Procedure 1. Access the PathFinder server Administrator web interface. 2. Select the Settings tab. 3. In the General tab navigate to the Gatekeeper Address field. See Figure 31: Integrating the PathFinder server with ECS on page 46. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 45 Performing the Initial Configuration of the PathFinder server Figure 31: Integrating the PathFinder server with ECS 4. Enter the IP address of the ECS. 5. If required, change the port number which is set to 1719 by default. Related links Integrating the PathFinder server with Other Scopia® Solution Components on page 45 Integrating the PathFinder server with NAT About this task Enable this functionality if the external NIC of the PathFinder server uses a private IP address to communicate with endpoints outside the organization. Do not enable NAT support if the server's external NIC communicates with the Internet by using a public IP address. Before you begin Verify you have the NAT IP address. Procedure 1. Access the PathFinder server Administrator web interface. 2. Select Settings > General > NAT Support. Figure 32: Configuring NAT support 3. Configure the NAT settings as follows: Table 4: Configuring NAT support Field Description NAT Support Enable NAT Support if the external NIC of the PathFinder server uses a private IP address to communicate with endpoints outside the organization. If deploying the PathFinder with a load balancer, you must enable NAT Support. For more information, see Configuring PathFinder servers for the Load Balancer on page 67. Address April 2016 Enter the public IP address of the NAT device in the Address field. Table continues… Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 46 Enabling Internal Endpoints to Call External Endpoints Field Description Important: In the firewall/NAT device, verify that the NAT address is mapped to the private IP address of the PathFinder server's external NIC. Port If required, change the Scopia® PathFinder client port number which is set to 3089 by default. Related links Integrating the PathFinder server with Other Scopia® Solution Components on page 45 Enabling Internal Endpoints to Call External Endpoints Endpoints in the organization call external endpoints using their IP address (including dialing the device, then # or ##, then the meeting ID) or URI. If the external endpoint is registered to the Avaya Scopia® ECS Gatekeeper, it can also dial the endpoint's E.164 number. Since external endpoints are typically not registered to the gatekeeper, this requires the gatekeeper to work with the Avaya Scopia® PathFinder server to complete the call. A gatekeeper routes audio and video H.323 calls by resolving dial strings (H.323 alias or URI) into the IP address of an endpoint, and handles the initial connection of calls. The Avaya Scopia® ECS Gatekeeper provides address resolution functionality in H.323 networks and also manages video traffic over IP networks. When the destination address is located in another network, the gatekeeper forwards the request to the PathFinder server to complete the call and resolve the destination. You must configure both the PathFinder server and the ECS to support IP and URI dialing, as described in the following topics: Related links Performing the Initial Configuration of the PathFinder server on page 35 Integrating the PathFinder server with Other Scopia® Solution Components on page 45 Configuring Priority of Audio or Video on page 57 Configuring Access for H.323 Legacy Endpoints on page 47 URI Dialing Functionality on page 49 Enabling URI Dialing to External Endpoints on page 50 Enabling IP Dialing to External Endpoints on page 54 Configuring Access for H.323 Legacy Endpoints About this task Direct Public Access enables opening a direct dial line to the Avaya Scopia® PathFinder server to call external H.323 legacy endpoints. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 47 Performing the Initial Configuration of the PathFinder server To set up this connection, you need to configure the PathFinder server to accept H.323 calls and forward them. You also need to configure the Avaya Scopia® ECS Gatekeeper to one or more PathFinder servers to facilitate the routing of these calls. For more information on configuring the ECS, see the Reference Guide for Avaya Scopia® ECS Gatekeeper. Procedure 1. Access the PathFinder server Administrator web interface. 2. Select Settings > General. 3. Configure the following settings for Direct Public Access: Figure 33: Configuring Access for H.323 Legacy Endpoints Table 5: Configuring Access for H.323 Legacy Endpoints Field Description H.323 Direct Access Enable H.323 Direct Access to open a direct dial line to the PathFinder server for H.323 endpoints that do not support the secure H.460 protocol. Port Range Define the range of ports used for direct H.323 calls in the field. Important: If the external NIC of the PathFinder server is located behind a firewall, this range of port must also be opened in the firewall, as well as port 1720 for H.323 signaling. Default Extension Enter the default extension that you usually configure to the MCU IVR (Interactive Voice Response). PathFinder server redirects a call to the default extension when the endpoint dials only the server's IP address without any extension. 4. Select Save. Related links Enabling Internal Endpoints to Call External Endpoints on page 47 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 48 Enabling Internal Endpoints to Call External Endpoints URI Dialing Functionality The Scopia® Solution fully supports URI dialing, a dial format for contacting endpoints outside your organization. URI is an address format used to locate a device on a network, where the address consists of the endpoint's name or number, followed by the domain name of the server to which the endpoint is registered. For example,@. When dialing URI between organizations, the server might often be the Avaya Scopia® PathFinder server of the organization. All Scopia® Solution endpoints work transparently with URI dials, including the Avaya Scopia® XT Series and Scopia® Desktop Clients. You can also perform URI dials from the conference control of Avaya Scopia® Management. URI dialing is compatible with Avaya Scopia® PathFinder (for H.323 endpoint) and other third party firewall traversal systems such as SBCs (for SIP endpoints). Dialing an endpoint from one organization to another requires first traversing your own firewall with PathFinder, out through the internet, and then into the firewall of the recipient’s organization using their firewall traversal system (Figure 34: URI dialing between two enterprises using PathFinder on page 49). Figure 34: URI dialing between two enterprises using PathFinder To access an endpoint in the other company, the URI’s domain name is the second company’s firewall traversal system, like the name of their PathFinder server, or the organization's domain April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 49 Performing the Initial Configuration of the PathFinder server name. For example, in Figure 34: URI dialing between two enterprises using PathFinder on page 49, dialing to the partner company requires knowing the following: • The name or number of the endpoint, in this example xt1 • The domain name of the PathFinder server of that company, public.partner.com in this example, or the organization's domain name, partner.com. Important: As with regular web domain names, the name of the PathFinder server resolves to an IP address via standard DNS lookup if it has been allocated a global DNS name. If the server’s IP address does not have a DNS name, the URI dial should directly specify the server’s IP address instead. For example, the URI [email protected] specifies the alias followed by the server’s IP address. To set up this connection, you need to configure the PathFinder server to accept H.323 calls and forward them. You also need to configure the ECS to define one or more PathFinder servers as ECS’s neighbor, to facilitate the routing of these calls. Related links Enabling Internal Endpoints to Call External Endpoints on page 47 Enabling URI Dialing to External Endpoints About this task A gatekeeper routes audio and video H.323 calls by resolving dial strings (H.323 alias or URI) into the IP address of an endpoint, and handles the initial connection of calls. The Avaya Scopia® ECS Gatekeeper provides address resolution functionality in H.323 networks and also manages video traffic over IP networks. You can call endpoints using their IP address, URI, or E.164 number. This procedure describes how to set the gatekeeper to forward URI calls from internal endpoints to external endpoints in another enterprise, via the PathFinder server. Since external endpoints are not registered to the gatekeeper, this requires the gatekeeper to work with the PathFinder server to complete the call. URI is an address format used to locate a device on a network, where the address consists of the endpoint's name or number, followed by the domain name of the server to which the endpoint is registered. For example,@. When dialing URI between organizations, the server might often be the Avaya Scopia® PathFinder server of the organization. When the URI address refers to a destination in another network, the gatekeeper forwards the request to the PathFinder server to complete the call and resolve the destination (Figure 35: URI dialing between two enterprises using PathFinder on page 51). April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 50 Enabling Internal Endpoints to Call External Endpoints Figure 35: URI dialing between two enterprises using PathFinder Endpoints participating in calls can be legacy H.323 and H.460 compliant. You can also configure the gatekeeper to forward IP calls to the PathFinder server, as described in Enabling IP Dialing to External Endpoints on page 54. For deployments with multiple PathFinder servers, including several servers acting as one server behind a load balancer, perform this procedure for each server. For more information about configuring multiple PathFinder servers behind a load balancer, see Scalability, High Availability and Load Balancing with PathFinder on page 59. Before you begin • Enable Direct Public access on the PathFinder server, as described in Configuring Access for H.323 Legacy Endpoints on page 47. This allows internal endpoints to call external legacy H. 323 endpoints that do not support H.460. If you are configuring multiple PathFinder servers, with or without a load balancer, do this for each PathFinder server. • To allow endpoints from the external network to communicate with endpoints in the internal network, you need to configure the IP address of ECS in the PathFinder server, as described in Integrating the PathFinder server with ECS on page 45. • Verify you have the IP address of the PathFinder server NIC connected to the internal network. If you are configuring multiple PathFinder servers, with or without a load balancer, do this for each PathFinder server. Procedure 1. Access the PathFinder server Administrator web interface. 2. Navigate to Settings > General > Dialing URI Support. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 51 Performing the Initial Configuration of the PathFinder server Figure 36: Configuring URI dialing support 3. Configure the PathFinder server to handle the domain name or IP address included in the URI dialing of inbound or outbound calls, as described below. Table 6: Configuring URI support Field Description Local Domain Name Enter the domain name of the organization in which the PathFinder server is physically located. This configuration enables the server to optimize the handling of calls when used with Resolve on Server First, described below. Resolve on Server First Select to strip the domain name/IP address from the dialed string before transferring the relevant message to its destination. Important: We recommend enabling this setting to optimize the handling of call transfer. Do not select this option if your organization has a policy of transferring a message to its destination by using the complete endpoint's dial string (for example, [email protected]) instead of its alias (1234 in this example). 4. Access the ECS web interface. If you are using Scopia® Management's built-in gatekeeper, log in to the administrator portal of Scopia® Management and access the link from the gatekeeper's page (for more information on accessing Scopia® Management, see Administrator Guide for Avaya Scopia® Management). 5. Select Hierarchy > Neighbors. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 52 Enabling Internal Endpoints to Call External Endpoints Figure 37: Configuring a Neighboring PathFinder server for outgoing URI calls 6. Configure the PathFinder server as a neighboring server to the ECS to facilitate outgoing URI dialing, as described below. This is required since the external endpoint is not registered to the gatekeeper, and therefore it cannot resolve the address of the external endpoint. When an internal endpoint calls an external endpoint using its URI address, the gatekeeper sends the request to all devices configured as its neighbor, which may include other gatekeepers and PathFinder servers, to check which one can resolve the address. Table 7: Configuring a Neighboring PathFinder server for outgoing URI calls Field Description Add Select to add the PathFinder server. Prefix Leave this field empty since URI dialing does not route calls to zones using dial prefixes. URI dialing routes calls using the domain name in the URI string, which is resolved to any zone worldwide. Description Enter the name of your PathFinder server. IP Address Enter the IP address of your PathFinder server. This is the IP address of the internal NIC connected to the internal network. Port The default port value, 1719, is mandatory for URI dialing. 7. Select Upload. 8. If your deployment includes multiple PathFinder servers, including several servers acting as one server behind a load balancer, repeat the steps above for each PathFinder server. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 53 Performing the Initial Configuration of the PathFinder server Related links Enabling Internal Endpoints to Call External Endpoints on page 47 Enabling IP Dialing to External Endpoints About this task You can call endpoints using their IP address (including dialing the device, then # or ##, then the meeting ID), URI, or E.164 number. This procedure describes how to set the gatekeeper to forward IP calls from internal endpoints to public endpoints, via the PathFinder server. Since external endpoints are not registered to the gatekeeper, this requires the gatekeeper to work with the PathFinder server to complete the call (Figure 38: IP call to an external endpoint on page 54). Figure 38: IP call to an external endpoint You can also configure the gatekeeper to forward URI calls to the PathFinder server, as described in Enabling Internal Endpoints to Call External Endpoints on page 47. For deployments with multiple PathFinder servers, including several servers acting as one server behind a load balancer, perform this procedure for each server. For more information about configuring multiple PathFinder servers behind a load balancer, see Scalability, High Availability and Load Balancing with PathFinder on page 59. Before you begin • Verify you have the IP address of the Avaya Scopia® PathFinder server NIC connected to the internal network. If you are configuring multiple PathFinder servers, with or without a load balancer, do this for each PathFinder server. • Enable Direct Public access on the PathFinder server, as described in Configuring Access for H.323 Legacy Endpoints on page 47. This allows internal endpoints to call external legacy H. 323 endpoints that do not support H.460. If you are configuring multiple PathFinder servers, with or without a load balancer, do this for each PathFinder server. • Verify you have the Direct Public Access address of the PathFinder server: April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 54 Enabling Internal Endpoints to Call External Endpoints If you are configuring multiple PathFinder servers, with or without a load balancer, do this for each PathFinder server. 1. From the PathFinder server web interface, select Client Status > Client Name that has the format paProxy@. The PathFinder server automatically created this proxy address when you enabled Direct Public Access. 2. Note the address (IP address and port) under Q.931 Address > Registration Information(see Figure 39: Registration information required for configuring the ECS on page 55). You need this registration information to configure IP dialing. Figure 39: Registration information required for configuring the ECS Procedure 1. Access the ECS web interface. If you are using Scopia® Management's built-in gatekeeper, log in to the administrator portal of Scopia® Management and access the link from the gatekeeper's page (for more information on accessing Scopia® Management, see Administrator Guide for Avaya Scopia® Management). 2. Select Settings > Calls. Figure 40: Configuring IP dialing in the ECS 3. Configure IP dialing as follows: April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 55 Performing the Initial Configuration of the PathFinder server Table 8: Enabling IP Dialing Field Description Route IP calls to Select this option to enable routing IP calls to the PathFinder server. Add Select to add the PathFinder server to the list of servers. The gatekeeper routes IP calls to the PathFinder server(s) in the list. IP Address Enter the IP address and port of the PathFinder server that it automatically created when you enabled H.323 Direct Access. For more information, see Configuring Access for H.323 Legacy Endpoints on page 47. Port You need to add the PathFinder server's IP address to instruct the gatekeeper where to forward all IP calls when the destination IP address is not registered to the gatekeeper. 4. Select OK. 5. Select Upload. 6. If your deployment includes multiple PathFinder servers, including several servers acting as one server behind a load balancer: a. Repeat the steps above for each PathFinder server. b. Verify you have the correct redundancy policy set up between the gatekeeper and each PathFinder server. The ECS has its own load balancing method to work with multiple PathFinder servers for outgoing calls from internal endpoints to external endpoints (Figure 41: Forwarding traffic to the PathFinder server on page 57). By default, it is configured to the Scalability policy, enabling it to send requests to each PathFinder server in the cluster, in a round robin manner. Alternatively, you can set the ECS to work with the Priority policy, where the ECS can route the call to the first PathFinder server in the list and continue to the next one only if a failure occurred. Contact Customer Support to configure this setting. Important: This is separate from the redundancy policy you configured for the load balancer, which instructs it how to direct incoming traffic from the external network to the internal network (Figure 41: Forwarding traffic to the PathFinder server on page 57). For more information about setting up the load balancer, see Scalability, High Availability and Load Balancing with PathFinder on page 59. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 56 Configuring Priority of Audio or Video Figure 41: Forwarding traffic to the PathFinder server Related links Enabling Internal Endpoints to Call External Endpoints on page 47 Configuring Priority of Audio or Video About this task Quality of Service helps solve network performance issues by assigning relative priorities to the following packets: • Audio, which is one of the media sent during a call. For example, by assigning high priority to audio under poor network conditions with high packet loss, you determine that audio is the most important element of the videoconference to be maintained at the expense of better video quality. Audio is transmitted via the RTP and RTCP protocols in H.323 calls. • Video, which includes shared data stream like a presentation, also known as dual video. Far end camera control (FECC) is another example of information carried on the data stream. Video is transmitted via the RTP and RTCP protocols in H.323 calls. • Control, which includes signaling and media control. - Signaling, also known as call control, sets up, manages and ends a connection or call. These messages include the authorization to make the call, checking bandwidth, resolving endpoint addresses, and routing the call through different servers. Signaling is transmitted via the H.225.0/Q.931 and H.225.0/RAS protocols in H.323 calls. Signaling occurs before the control aspect of call setup. - Control, or media control, sets up and manages the media of a call (its audio, video and data). Control messages include checking compatibility between endpoints, negotiating April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 57 Performing the Initial Configuration of the PathFinder server video and audio codecs, and other parameters like resolution, bitrate and frame rate. Control is communicated via H.245 in H.323 endpoints. Control occurs within the framework of an established call, after signaling. Follow this procedure to determine the relative priorities for audio, video, and control transmitted via the PathFinder server. Procedure 1. Access the PathFinder server Administrator web interface. 2. Select the Settings > General > QoS tab. 3. In the General tab navigate to QoS. Figure 42: Configuring QoS in the PathFinder server 4. Select the Quality of Service level according to your network requirements. Important: During low-bandwidth conditions, Scopia® Management uses these priority settings to adjust the quality of the meeting. Field Description None Select this setting when the network has sufficient bandwidth for each stream (audio, video, and media control) and does not require any prioritization of the different streams. Default Select this setting to use the following default priority values for each stream: • 48 for the media Control stream. This highest priority ensures that calls are set up properly even if it means that other calls ongoing may reduce their video or audio during a call setup. All TCP connections use the QoS value set in this field. • 46 for the Audio stream. This priority ensures that audio is always given precedence over video. This audio applies to multiple video channels (e.g., sound stream for endpoint microphones and presentations). • 34 for the Video stream. The lowest default priority is given to video image quality. It applies to endpoint camera images and also covers data streams like far end camera control. Customized Enter your own relative priorities as a number from 0-255 to represent the relative priority of Audio, Video, and Control. Related links Performing the Initial Configuration of the PathFinder server on page 35 Enabling Internal Endpoints to Call External Endpoints on page 47 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 58 Chapter 5: Scalability, High Availability and Load Balancing with PathFinder Avaya Scopia® PathFinder servers provide firewall traversal and NAT solution services to both H. 460-compliant and non-H.460 endpoints. You can provide both scalability and high availability for your PathFinder servers by deploying multiple PathFinder servers behind a load balancer. High availability is a state where you ensure better service and less downtime by deploying additional servers. Scalability describes the ability to increase the capacity of a network device by adding another identical device (one or more) to your existing deployment. A load balanced group of PathFinder servers, also known as a cluster, act as a single virtual server. A load balancer can distribute traffic among the servers in the cluster, so that if one PathFinder server has too many incoming calls at a given time, for example, another PathFinder server can take up the load of managing incoming calls in a round-robin manner. Other load balancing methods can be configured for the load balancer, according to your deployment's requirements. Likewise, if one server fails, the remaining servers can continue working, providing high availability of the deployment. Figure 43: Load balancing PathFinder server in the enterprise’s DMZ on page 60 illustrates a typical deployment of multiple PathFinder servers with a load balancer. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 59 Scalability, High Availability and Load Balancing with PathFinder Figure 43: Load balancing PathFinder server in the enterprise’s DMZ Load balancing multiple PathFinder servers is also often required for service provider deployments, where the large capacity can serve multiple enterprises within one deployment. This topology is similar to the one illustrated in Figure 43: Load balancing PathFinder server in the enterprise’s DMZ on page 60. In each case, the deployment requires the following components: • PathFinder servers The servers are configured as a cluster that has a virtual IP address for routing calls inbound to the local network. We recommend connecting both network interface cards (NIC) of each PathFinder server: - The first NIC connects to a DMZ switch along with the load balancer - The second NIC connects to the company’s internal network For more information about a dual NIC configuration, see Configuring the IP Addresses of the PathFinder server on page 35. PathFinder server s with one NIC can also be part of the cluster. • A load balancer A load balancer groups together a set (or cluster) of servers to give them a single IP address, known as a virtual IP address. It distributes client service requests amongst a group of servers. It distributes loads according to different criteria such as bandwidth, CPU usage, or cyclic (round robin). Load balancers are also known as application delivery controllers (ADC). April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 60 Workflow to Configure PathFinder server for Redundancy The following load balancers are certified for the current version of PathFinder server: - Radware AppDirector - F5 BIG-IP Load Traffic Manager (LTM) PathFinder server redundancy can also be managed using other third-party load balancers. • A gatekeeper A gatekeeper routes audio and video H.323 calls by resolving dial strings (H.323 alias or URI) into the IP address of an endpoint, and handles the initial connection of calls. Gatekeepers also implement the dial plan of an organization by routing H.323 calls depending on their dial prefixes. Scopia® Management includes a built-in Avaya Scopia® Gatekeeper, while ECS is a standalone gatekeeper. • H.323 endpoints Your deployment can include H.323 endpoints that are H.460 compliant or H.323 (legacy) endpoints which do not support H.460. Both types of endpoints can reside either in the enterprise (secured network) or in the Internet. Endpoints that want to register to the PathFinder server do so via the cluster’s virtual IP address or register to the Scopia® PathFinder client if they are not H.460-compliant. The Scopia® PathFinder client registers to the PathFinder server via the cluster’s virtual IP address. For information on the components that are part of the Scopia® Solution, see the Scopia® Solution Guide. Related links Workflow to Configure PathFinder server for Redundancy on page 61 Configuring Radware Load Balancer for PathFinder servers on page 62 Configuring the F5 BIG-IP LTM for PathFinder servers on page 64 Configuring PathFinder servers for the Load Balancer on page 67 Workflow to Configure PathFinder server for Redundancy About this task To configure the main components required for Avaya Scopia® PathFinder redundancy, perform the tasks as they are listed in the workflow below. The following load balancers are certified for the current version of PathFinder server: • Radware AppDirector • F5 BIG-IP Load Traffic Manager (LTM) PathFinder server redundancy can also be managed using other third-party load balancers. Procedure 1. Install and configure one of the PathFinder servers, as described in: • Preparing the PathFinder server Setup on page 13 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 61 Scalability, High Availability and Load Balancing with PathFinder • Setting up the Device on page 22 • Performing the Initial Configuration of the PathFinder server on page 35 2. Test the deployment’s operability to verify that the Scopia® Solution functions with a single PathFinder server. You can now deploy multiple servers behind a load balancer by going through the tasks listed below. 3. Configure your load balancer to work with PathFinder server, as follows: • If configuring the Radware AppDirector, see Configuring Radware Load Balancer for PathFinder servers on page 62. • If configuring the F5 BIG-IP LTM, see Configuring the F5 BIG-IP LTM for PathFinder servers on page 64. 4. Configure the PathFinder server to work with the load balancer, as described in Configuring PathFinder servers for the Load Balancer on page 67. 5. For each PathFinder server in the cluster, perform the necessary configurations described in Performing the Initial Configuration of the PathFinder server on page 35. Important: All PathFinder servers in the cluster must be configured identically, apart from their native IP addresses. For more information about configuring the IP address, see Configuring the IP Addresses of the PathFinder server on page 35. Related links Scalability, High Availability and Load Balancing with PathFinder on page 59 Configuring Radware Load Balancer for PathFinder servers About this task The procedure in this topic describes the initial settings required for the Radware AppDirector to function with the PathFinder deployment. For the detailed configuration of the load balancer, see Radware’s AppDirector documentation. Radware AppDirector is one of the load balancers that was certified for this release of the PathFinder deployment. To configure the F5 BIG-IP Load Traffic Manager, see Configuring the F5 BIG-IP LTM for PathFinder servers on page 64. See Scalability, High Availability and Load Balancing with PathFinder on page 59 for an overview of scalability and load balancing with PathFinders. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 62 Configuring Radware Load Balancer for PathFinder servers Before you begin Important: This procedure should only be performed by certified Radware implementation specialists. This section focuses only on the settings which may be different from a standard Radware implementation. For more information on standard Radware deployments, see the Radware documentation. Verify that you have all the IP addresses of the Avaya Scopia® PathFinder servers, required to configure the load balancer. Procedure 1. Log in to the AppDirector user interface. 2. Create a server farm for PathFinder servers in the load balancer, as described in the AppDirector documentation. A farm is the term used by AppDirector to refer to a cluster of servers. The settings described below are specific to PathFinder server and may differ from a typical AppDirector deployment: Table 9: Virtual farm settings specific to PathFinder server Field Description Farm Name Enter the name of the server farm. Aging Time Indicates the number of seconds before the connection between a source IP to the server is timed out (disconnected). The source IP refers to either the endpoint or the Scopia® PathFinder client, depending on whether the endpoint is connecting directly or via the Scopia® PathFinder client. Set the aging time to a high value (for example, 90000). Within that period of time, AppDirector routes the reconnecting client to that specific server. Dispatch Method Select the method the load balancer uses for distributing traffic between servers in this farm. We recommend one of the following: • Round Robin: Directs each endpoint service request to another PathFinder server, in turn. • Least Amount of Traffic: Directs endpoint service requests to the PathFinder server with the least amount of traffic. Sessions Mode Select EntryPerSession to ensure the load balancer continues to route packets from the same client to the same PathFinder server throughout the duration of the videoconference. 3. Configure a virtual IP address for the farm, as described in the AppDirector documentation. This is the address the load balancer uses to forward endpoint service requests to the PathFinder servers grouped in the farm. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 63 Scalability, High Availability and Load Balancing with PathFinder 4. Configure the Layer 4 rules (or policies) the load balancer uses to manage traffic, as described in the AppDirector documentation. AppDirector uses the Layer 4 protocol and the request’s destination port to select the required farm. TCP (Transmission Control protocol) and UDP (User Datagram Protocol) are part of the Layer 4 protocol. AppDirector manages the virtual IP addresses using Layer 4 policies. The settings described below are specific to PathFinder server and may differ from a typical AppDirector deployment: • Use the same farm name as above • Set L4 Protocol to Any. This ensures the farm supports any IP protocol, including TCP and UDP. 5. Add each PathFinder server to the farm as described in the AppDirector documentation. The settings described below are specific to PathFinder server and may differ from a typical AppDirector deployment: • Enter the server's details, such as the IP address • Verify that Client NAT is set to Disabled. 6. To ensure communication is possible with the PathFinders, add the farm's virtual IP address and service port to the organization's firewalls. 7. Continue with Configuring PathFinder servers for the Load Balancer on page 67 to configure the PathFinder servers to function with a load balancer. Related links Scalability, High Availability and Load Balancing with PathFinder on page 59 Configuring the F5 BIG-IP LTM for PathFinder servers About this task The procedure in this topic describes the settings required for the F5 BIG-IP Load Traffic Manager (LTM) to function with the Avaya Scopia® PathFinder deployment. For the detailed configuration of the load balancer, see the F5’s documentation. The F5 BIG-IP LTM is one of the load balancers that was certified for this release of the PathFinder deployment. To configure the Radware AppDirector, see Configuring Radware Load Balancer for PathFinder servers on page 62. Before you begin Important: This procedure should only be performed by certified F5 BIG-IP LTM implementation specialists. This section focuses only on the settings which may be different from a standard implementation, and does not elaborate on specific F5 terminology necessary to understand April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 64 Configuring the F5 BIG-IP LTM for PathFinder servers when deploying the load balancer. For more information on standard F5 BIG-IP LTM deployments, see the F5 documentation. Verify that you have all the IP addresses of the PathFinder servers and the F5 (including its default gateway, also known as its router). This is required to configure the load balancer. Procedure 1. Access the F5 web interface. 2. Set up a virtual LAN (VLAN) for all PathFinder servers, as described in the F5 documentation. A VLAN is similar to a physical LAN, but is used to group devices based on specific attributes rather than a common location. Any data packets passing in and out of the VLAN must be done via the F5's router (also known as the default gateway). 3. Add a Self IP for the VLAN you created, as described in the F5 documentation. This IP address represents the range of IP addresses of the servers in the cluster. The load balancer uses this IP address to determine which VLAN to forward the request. 4. Add a Node for each PathFinder server and the default gateway, as described in the F5 documentation. The VLAN consists of nodes, where each node is a physical server. 5. Add a pool that contains all PathFinder servers in your deployment, as described in the F5 documentation. A pool is the term used by F5 to refer to a cluster of servers. Configure the PathFinder server pool settings, as described in the F5 documentation. The settings described below are specific to PathFinder server and may differ from a typical F5 deployment: Table 10: Pool settings specific to PathFinder server Field Description Configuration From the list, select Advanced. Name Enter a name to identify this as the PathFinder server cluster, such as PathFinder_Pool. Health Monitors Select the gateway_icmp health monitor. gateway_icmp is a pre-configured health monitor available by default on the F5. Health monitors check devices to verify that they are running, at specified intervals. For more information, see the F5 documentation. Load Balancing Method From the list, select the method the load balancer uses for distributing traffic between servers in this pool. The default method is Round Robin, which directs each endpoint service request to another PathFinder server, in turn. Table continues… April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 65 Scalability, High Availability and Load Balancing with PathFinder Field Description Node List Select this option. A list of the PathFinder servers you added as nodes appears. Service Port Enter 0 to indicate that this field should not be used. The PathFinder server's service port is configured on the firewall. New Members Add each PathFinder server. 6. Add a pool that contains the default gateway, as described in the F5 documentation. The pool may include more than one gateway, depending on your network setup. The settings described below are specific to PathFinder server and may differ from a typical F5 deployment: Table 11: Gateway pool settings specific to PathFinder server Field Description Configuration From the list, select Advanced. Name Enter a name to identify this as the gateway cluster, such as Gateway_Pool. Health Monitors Select the gateway_icmp health monitor. gateway_icmp is a pre-configured health monitor available by default on the F5. Health monitors check devices to verify that they are running, at specified intervals. For more information, see the F5 documentation. New Address Select this option and enter the IP address of the F5's default gateway (router). Service Port Enter 0 to indicate that this field should not be used. The PathFinder server's service port is configured on the firewall. New Members Add the F5's default gateway as a member to this pool. 7. (Optional) After configuring the pools, we recommend verifying that the servers are running by checking the list of members in each pool, as described in the F5 documentation. 8. Set up the default gateway as the router for the PathFinder server pool, as described in the F5 documentation. 9. Add a virtual server, which includes all PathFinder servers in your deployment, as described in the F5 documentation. 10. Configure the virtual server, as described in the F5 documentation. The settings described below are specific to PathFinder server and may differ from a typical F5 deployment: April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 66 Configuring PathFinder servers for the Load Balancer Table 12: Virtual server settings specific to PathFinder server Field Description Default Pool From the list, select the PathFinder server pool you created. Default Persistence Profile From the list, select source_address. This instructs the load balancer to send all session requests from the same source IP to the same PathFinder server. 11. Configure static network address translation (SNAT) to translate the source IP from an actual PathFinder server to a virtual public IP, as described in the F5 documentation. This is used to convert a request to the virtual cluster IP into the real IP of one of the servers in the cluster. The settings described below are specific to PathFinder server and may differ from a typical F5 deployment: Table 13: SNAT settings specific to PathFinder server Field Description Name Enter a name to identify this as the NAT for the PathFinder server cluster, such as PathFinder_SNAT. Translation Select IP address from the list and enter the IP address of the PathFinder virtual server you just created. Origin Select Address List from the list. Type Select Host. Address Add the IP addresses of the PathFinder servers in the pool. 12. To ensure communication is possible with the PathFinders, add the IP address and service port of the PathFinder virtual server to the organization's firewalls. 13. Continue with Configuring PathFinder servers for the Load Balancer on page 67 to configure the PathFinder servers to function with a load balancer. Related links Scalability, High Availability and Load Balancing with PathFinder on page 59 Configuring PathFinder servers for the Load Balancer About this task This procedure describes how to configure the PathFinder servers in the cluster to function with the load balancer. Important: All PathFinder servers in the cluster must be configured identically, apart from their native IP addresses. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 67 Scalability, High Availability and Load Balancing with PathFinder The following load balancers are certified for the current version of PathFinder server: • Radware AppDirector • F5 BIG-IP Load Traffic Manager (LTM) PathFinder server redundancy can also be managed using other third-party load balancers. For more information, see: • Scalability, High Availability and Load Balancing with PathFinder on page 59 for an overview of scalability and load balancing with PathFinder servers. Important: The load balancer maps the traffic based on the source IP address. All endpoint requests that originate from the same IP address are always mapped to the same PathFinder server. • The load balancer's documentation. Before you begin Verify the default gateway of each PathFinder server is set to the native IP address of the load balancer. For more information on setting the device's default gateway, see Configuring the IP Addresses of the PathFinder server on page 35. Procedure 1. Access the PathFinder server Administrator web interface. 2. Select Settings > General > NAT Support. Figure 44: Configuring NAT support 3. Configure NAT support for each PathFinder server in the cluster, as follows: Table 14: Configuring NAT support Field Description NAT Support Enable NAT Support to use the virtual IP address (VIP) of the cluster when communicating with external endpoints, instead of the IP address of this PathFinder server. This is mandatory when deploying PathFinder server with a load balancer. Address Enter the VIP of the PathFinder server's cluster, as follows: • If you have a single NIC configuration, or a dual NIC configuration with the external NIC secured behind a firewall, enter the public IP address with NAT translation to the cluster's VIP. • If you have a dual NIC configuration with the external NIC directly in the public network, set the NAT address to the Table continues… April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 68 Configuring PathFinder servers for the Load Balancer Field Description VIP of the cluster and deploy your load balancer in the public network. Important: In the firewall/NAT device, verify that the NAT address is mapped to the private VIP address of the PathFinder server cluster's external NIC. Port If required, change the Scopia® PathFinder client port number which is set to 3089 by default. 4. Select Save. 5. For each PathFinder server in the cluster, perform the necessary configurations described in Performing the Initial Configuration of the PathFinder server on page 35. Important: All PathFinder servers in the cluster must be configured identically, apart from their native IP addresses. For more information about configuring the IP address, see Configuring the IP Addresses of the PathFinder server on page 35. Related links Scalability, High Availability and Load Balancing with PathFinder on page 59 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 69 Chapter 6: Performing Maintenance Procedures This section details to the ongoing administrator tasks required to maintain your video network: Related links Updating, Backing Up and Restoring the PathFinder server on page 70 Filtering and Monitoring Events in PathFinder server on page 76 Managing Logs on page 80 Capturing Network Traces for Troubleshooting on page 83 Viewing PathFinder Hardware and License Information on page 85 Updating, Backing Up and Restoring the PathFinder server You should back up your application and system configuration files on a regular basis. It is general practice to back up the latest configuration before performing maintenance procedures such as an upgrade. Depending on your support contract, you can update the Avaya Scopia® PathFinder server application to: • The next major version. Updating a major version requires a new license. This kind of update changes one of the first two digits in a version number. For example, updating from version 7.7 to version 8.2 requires a new license. • An incremental version. Updating an incremental version does not require a new license. This kind of update changes the third, fourth and fifth digits in the version number. For example, updating from 8.2.0.0.29 to 8.2.0.0.34 does not require a new license. The update procedure may vary depending on the release number and the size of the jump from the current installation to the new release. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 70 Updating, Backing Up and Restoring the PathFinder server Important: You can restore the operating system of the PathFinder server to any version of the server as long as you use the Intel server's backup packages. For details about updating, backing up, restoring the PathFinder server application and its operating system, see the following topics: Related links Performing Maintenance Procedures on page 70 Upgrading the PathFinder server on page 71 Backing Up the Configuration Settings on page 73 Restoring the Configuration Settings on page 75 Upgrading the PathFinder server About this task If Customer Support sends you an upgrade of the Avaya Scopia® PathFinder server application or operating system, you need to upgrade your system to the latest software version for the best performance and enhanced features. This procedure describes how to upgrade the PathFinder server and covers both the upgrading of system components and of the PathFinder server application from version 7.7.x to version 8.2.x or later. Important: Use the same procedure to roll back to a previous version. For information on rolling back to a PathFinder server application version prior to 7.7.x, contact Customer Support. Before you begin • Verify you have the IP address of the PathFinder server. • Download the upgrade file to your computer. • If required, make sure you have the license key at hand. • You need software tools to perform this procedure. We recommend using these freeware applications: - WinSCP, a Secure FTP client, to save the file(s) to the desired location. You can download this application from http://winscp.net/eng/download.php - PuTTY, an SSH client, to connect to the PathFinder server administration console to perform the procedure in this section. You can download this application from http:// www.chiark.greenend.org.uk/~sgtatham/putty/ • Make sure no active calls are running on the PathFinder server, as the upgrade disconnects these calls. • Back up the configuration files of both the PathFinder server and the operating system before performing this procedure, as described in Backing Up the Configuration Settings on page 73. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 71 Performing Maintenance Procedures Procedure 1. Run WinSCP to transfer the file. 2. Configure the connection to your PathFinder server in the WinSCP Login dialog box, as follows: Table 15: Configuring WinSCP settings Field Description Host name Enter the IP address of the PathFinder server. User name Enter the username to access PathFinder server. This is always uadmin. Password Enter the password. The default is admin. If you modified the default password, enter the new value here. File protocol Select SFTP to enable the SSH File Transfer Protocol capability. 3. Select Login. 4. Drag the new .pkg update file to the /updates folder in the PathFinder server and select Copy when prompted (Figure 45: Screen showing the application upgrade file in the PathFinder server on page 72). Figure 45: Screen showing the application upgrade file in the PathFinder server 5. Run PuTTY to connect to the PathFinder server. 6. Configure the connection to the PathFinder server in the Session tab of the PuTTY Configuration dialog box, as follows: Table 16: Configuring the PuTTY session Field Description Host Name (or IP address) Enter the IP address of the PathFinder server. SSH Verify the Secure Shell protocol is enabled. 7. Install the update as follows: a. Enter 4 in the Main menu to access the System Menu. b. Enter the menu item corresponding to the required update (Figure 46: Updating the PathFinder server application version on page 73): 1 to update the operating system components, or 2 to upgrade the PathFinder server version. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 72 Updating, Backing Up and Restoring the PathFinder server Figure 46: Updating the PathFinder server application version c. Enter the menu item corresponding to the installation file you just transferred to the PathFinder server (Figure 47: Screen showing the installation of the PathFinder server application update on page 73). Figure 47: Screen showing the installation of the PathFinder server application update d. If this is a major update of the PathFinder server application, enter the license key (Figure 47: Screen showing the installation of the PathFinder server application update on page 73). Otherwise, press Enter to use the current license key. The PathFinder server reboots automatically after each installation procedure. Related links Updating, Backing Up and Restoring the PathFinder server on page 70 Backing Up the Configuration Settings About this task You can use this procedure to backup the Avaya Scopia® PathFinder server application or system configuration settings to a single file, which you can then archive elsewhere using FTP. You can also send the backup file to Customer Support, if required. To restore from the backup file to the PathFinder server, see Restoring the Configuration Settings on page 75. This is different from saving settings and logs into a Customer Support Package, along with other system log files. For more information, see Retrieving Application and Operating System Logs on page 81. Important: You cannot restore from a Customer Support Package; you can only restore from a backup. Before you begin • Verify you have the IP address of the PathFinder server. • You need a software tool to perform this procedure. We recommend PuTTY, a free SSH client, to connect to the PathFinder server administration console to perform the procedure in this section. You can download this application from http://www.chiark.greenend.org.uk/~sgtatham/ putty/ April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 73 Performing Maintenance Procedures Procedure 1. Run PuTTY to connect to the PathFinder server. 2. Configure the connection to the PathFinder server in the Session tab of the PuTTY Configuration dialog box, as follows: Table 17: Configuring the PuTTY session Field Description Host Name (or IP address) Enter the IP address of the PathFinder server. SSH Verify the Secure Shell protocol is enabled. 3. Create a backup of the configuration settings as follows: a. Enter 3 in the Main menu to access the Backup/Restore menu option. b. Enter the menu item corresponding to the required backup (Figure 48: Selecting the configuration backup on page 74): 1 to backup the PathFinder server configuration, or 3 to backup the operating system configuration. Figure 48: Selecting the configuration backup Depending on the backup you selected, the configuration is saved to a file that has the format or (Figure 49: Screen showing the backing up the PathFinder server application configuration on page 74). The file is located in the server folder /updates/bckp. Figure 49: Screen showing the backing up the PathFinder server application configuration c. Press Enter to return to the Main menu. d. Enter Q to exit the session. Related links Updating, Backing Up and Restoring the PathFinder server on page 70 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 74 Updating, Backing Up and Restoring the PathFinder server Restoring the Configuration Settings About this task The restore tool of Avaya Scopia® PathFinder server offers the safest and most reliable method to restore a backup of PathFinder server application or system configurations. Depending on the backup you selected, the file has the name format (application) or (system). The file is located in the PathFinder server under the folder /updates/bckp. For more information on creating a backup, see Backing Up the Configuration Settings on page 73. Important: You cannot restore from a Customer Support Package; you can only restore from a backup. Before you begin • Verify you have the IP address of the PathFinder server. • You need a software tool to perform this procedure. We recommend PuTTY, a free SSH client, to connect to the PathFinder server administration console to perform the procedure in this section. You can download this application from http://www.chiark.greenend.org.uk/~sgtatham/ putty/ Procedure 1. Run PuTTY to connect to the PathFinder server. 2. Configure the connection to the PathFinder server in the Session tab of the PuTTY Configuration dialog box, as follows: Table 18: Configuring the PuTTY session Field Description Host Name (or IP address) Enter the IP address of the PathFinder server. SSH Verify the Secure Shell protocol is enabled. 3. Restore the configuration backup to the PathFinder server as follows: a. Enter 3 in the Main menu to access the Backup/Restore menu option. b. Enter the menu item corresponding to the required configuration restore (Figure 50: Restoring the PathFinder server configuration settings on page 75): 2 to restore the PathFinder server configuration, or 4 to restore the operating system configuration. Figure 50: Restoring the PathFinder server configuration settings April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 75 Performing Maintenance Procedures c. Enter the item number corresponding to the configuration restore (Figure 51: Screen showing how to restore the PathFinder server application configuration on page 76). Figure 51: Screen showing how to restore the PathFinder server application configuration d. Press Enter. After the configuration is restored, the display returns to the Backup/ Restore menu. Related links Updating, Backing Up and Restoring the PathFinder server on page 70 Filtering and Monitoring Events in PathFinder server About this task You can filter the log of events generated by Avaya Scopia® PathFinder server, so that the list includes or excludes certain types of events or alerts. An event can be: • An information notice on a video device's behavior or status (for example, time and date when the server was brought online, or a login to the PathFinder server). No immediate action is necessary, but the log keeps the administrator informed. • A warning or error indicating a problem which affects system operation and requires the administrator's intervention. PathFinder displays these events, also known as alerts or traps, in its web interface. You can forward traps to a server which manages PathFinder (usually Scopia® Management) for further monitoring. To forward a trap, add a new user to the PathFinder server list of users, whose role is Collaborator. The default username for this purpose is Collab, but each management server must have its own dedicated username with the Collaborator role, reserved only for a management server to login and to obtain the events information. If Scopia® Management manages the PathFinder server, you can automatically share the Collab default username and password. To achieve this, first configure the PathFinder server for third-party management as explained in the procedure below, and then add it to Scopia® Management. To connect with Scopia® Management, see Administrator Guide for Avaya Scopia® Management. To connect with a third-party event or managing server other than Scopia® Management, contact your local support representative. The PathFinder server clears a warning or error automatically when the problem causing it is solved and informs Scopia® Management that the alarm is no longer relevant. To configure and retrieve logs for customer support, see Managing Logs on page 80. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 76 Filtering and Monitoring Events in PathFinder server Procedure 1. Access the PathFinder server Administrator web interface. 2. To pass events and messages to a management server, enable the Third Party Management API field in the General tab. Figure 52: Connecting a third-party management or event server The management server uses the dedicated username whose role is Collaborator, displayed in the Users tab. The default username is Collab with password balloC. Figure 53: Adding the third-party server as a collaborator 3. To filter traps sent to the management server, select Settings > Alerts. 4. Select Enable next to the event for which you want to send a trap, or Select All to enable the complete list of events. Table 19: Filtering the display of certain types of events on page 78 lists some of the Event Types you can choose to configure. To change the default severity level of the monitored event, select the new setting (Information, Warning, Critical) from the dropdown list. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 77 Performing Maintenance Procedures Figure 54: Event types Table 19: Filtering the display of certain types of events Field Description Power Up The PathFinder server went online after an automatic or manual restart of the software. PathFinder caches this message until the management server is properly connected and then sends it. Power Down The PathFinder server went offline. Possible causes include: an orderly shutdown followed by an automatic restart, or a configuration change prompting you to select Restart in the General tab. Endpoint Registered The specified remote endpoint successfully registered in the PathFinder server so it can route calls from and to this endpoint. The event includes the endpoint's name, IP address, date and time. Endpoint Unregistered An endpoint is no longer registered in the PathFinder server. GK Changed The PathFinder server has registered to a new gatekeeper. This is a critical event, therefore we recommend not removing this from the list of displayed events. An administrator must always manually change a gatekeeper. If the PathFinder server starts routing calls incorrectly, look for this event as a possible cause. High Level CPU Meter The PathFinder server has reached the maximum CPU usage, set in the Threshold field in the same row (Figure 54: Event types on page 78). Client Connected A Scopia® PathFinder client established a connection to the PathFinder server. The event includes the client's name, IP address, date and time. Client Disconnected A Scopia® PathFinder client has disconnected from the PathFinder server. Table continues… April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 78 Filtering and Monitoring Events in PathFinder server Field Description Port Utilization The PathFinder server has reached the maximum percentage of simultaneous calls, set in the Threshold field in the same row. The default license supports 10 concurrent calls. You need to purchase a license to increase the threshold. Depending on the license you purchase, you can reach a maximum capacity of 100 concurrent calls. If you see this event when the threshold is at maximum, consider raising capacity by purchasing additional PathFinder servers and deploying them with a load balancer. Registration Utilization The PathFinder server has reached the maximum percentage of registration capacity, set in the Threshold field in the same row. The default license supports 60 registered endpoints. You need to purchase a license to increase the threshold. Depending on the license you purchase, you can reach a maximum capacity of 600 registered endpoints. User logged in A user (for example, an administrator) successfully logged into the PathFinder server web interface. User logged out A user successfully logged out from the PathFinder server web interface. Authentication Failure A user failed to log into the PathFinder server web interface. License Update Displays details of the PathFinder server new license (for example, number of concurrent calls and number of registered endpoints). Link Down PathFinder's external NIC cannot see the network. Possible causes include a bad cable, disabled network port, or network failure. 5. Where available, set the Threshold value from the dropdown list. For example, when the server's CPU load exceeds the 85% you configured in High Level CPU Meter, the alert remains active until the usage decreases below the configured value. The server sends clearing messages to Scopia® Management for the High Level CPU Meter, Port Utilization, or Registration Utilization events. 6. Select Save. 7. Access the PathFinder server web interface and monitor the trap messages in the Event Logs tab (Figure 55: Trap messages in PathFinder server on page 79). Figure 55: Trap messages in PathFinder server Related links Performing Maintenance Procedures on page 70 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 79 Performing Maintenance Procedures Managing Logs Logs are important for troubleshooting. This section describes the log managing provided in the Avaya Scopia® PathFinder server: Related links Performing Maintenance Procedures on page 70 Configuring the Alert Level and Size of Logs on page 80 Retrieving Application and Operating System Logs on page 81 Configuring the Alert Level and Size of Logs About this task Log files contain important information for troubleshooting the system. You can set the level of alerts in the Avaya Scopia® PathFinder server. You can also define the size and number of log files kept on the hard disk of the PathFinder server for further troubleshooting. Procedure 1. Access the PathFinder server Administrator web interface. 2. Select the Settings tab. 3. Navigate to the Logging area of the General tab (Figure 56: Configuring the logs on page 80). Figure 56: Configuring the logs 4. Select the log level required for this PathFinder server. Field Name Description Detail Saves call details, warnings, and critical system errors to the log file. Warning Saves warnings issued by the system and critical system errors to the log file. Error Saves critical system errors only to the log file. Disabled Disables the PathFinder server logging. 5. Select the log file size in the Size Limit field. The size of an individual log file is configured to 500KB by default. The maximum size of an individual log file is 10000KB. 6. Define how many log files are created in the Number of Log Files field. By default the maximum number of log files that are kept on the PathFinder server is 300. The maximum number of log files is 1000. When the maximum number is reached and a new log file is created, it replaces the oldest log file. Related links Managing Logs on page 80 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 80 Managing Logs Retrieving Application and Operating System Logs About this task When reporting a problem to customer support, they may ask you to retrieve and send logs from the Avaya Scopia® PathFinder server. This procedure describes how to download the Customer Support Package, which is a zipped file of bundled logs and configuration files that you can send to customer support. The Customer Support Package collects the following information: • PathFinder server application and operating system configurations • PathFinder server application and operating system logs • Operating system run time information (including CPU usage, memory usage, and networking status) • PathFinder server application run time information (including memory status and other details). You can retrieve the Customer Support Package from PathFinder server, or via Scopia® Management as detailed in Administrator Guide for Scopia® Management. Alternatively, you can retrieve the PathFinder server application and operating system configurations from the PathFinder administration console as explained in Backing Up the Configuration Settings on page 73. Important: You cannot restore from a Customer Support Package; you can only restore from a backup. You can set the level of detail in the logs of the PathFinder server and define the size and number of log files kept on the server's hard disk. For more information, see Configuring the Alert Level and Size of Logs on page 80. Before you begin You could need a software tool to perform this procedure. We recommend WinSCP, a Secure FTP client, to save the file(s) to the desired location. You can download this application from http:// winscp.net/eng/download.php Procedure 1. Access the PathFinder server Administrator web interface. 2. Select General > Customer Support (Figure 57: Accessing the screen for generating the Customer Support Package on page 81). Figure 57: Accessing the screen for generating the Customer Support Package 3. To collect today's log, select Capture last day. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 81 Performing Maintenance Procedures Figure 58: Selecting the log file 4. To select log files collected during a period of time: a. Select Capture from... to (Figure 58: Selecting the log file on page 82). b. Select, hold and scroll through the year and month lists for the required date (Figure 59: Choosing the log file dates on page 82). Figure 59: Choosing the log file dates c. Select the relevant day in the calendar. d. If necessary, select Reset to change dates. 5. Select Generate. 6. (Optional) To download the package from the PathFinder server to your PC using the HTTP connection, select /updates/logs/pfcspkg_ .zip (Figure 60: Retrieving the Customer Support Package on page 83). April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 82 Capturing Network Traces for Troubleshooting Figure 60: Retrieving the Customer Support Package 7. (Optional) To download the package from the PathFinder server to your PC using WinSCP, run the application and perform the steps below to transfer the file. 8. Configure the connection to your PathFinder server in the WinSCP Login dialog box, as follows: Table 20: Configuring WinSCP settings Field Description Host name Enter the IP address of the PathFinder server. User name Enter the username to access PathFinder server. This is always uadmin. Password Enter the password. The default is admin. If you modified the default password, enter the new value here. File protocol Select SFTP to enable the SSH File Transfer Protocol capability. 9. Select Login. 10. Drag the log file from the /updates/logs folder to the relevant folder on your computer The PathFinder server names logs as pfcspkg_.zip by default. 11. Close WinSCP and confirm ending the session to save the changes. Related links Managing Logs on page 80 Capturing Network Traces for Troubleshooting About this task This section describes how to track and capture packet traffic on the Avaya Scopia® PathFinder server, using the built-in TCPDUMP packet analyzer (http://www.tcpdump.org/). April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 83 Performing Maintenance Procedures You can retrieve the network captures as files and use them to troubleshoot problems. Before you begin • Verify you have the IP address of the PathFinder server. • You need software tools to perform this procedure. We recommend using these freeware applications: - PuTTY, an SSH client, to connect to the PathFinder server administration console to perform the procedure in this section. You can download this application from http:// www.chiark.greenend.org.uk/~sgtatham/putty/ - WinSCP, a Secure FTP client, to save the file(s) to the desired location. You can download this application from http://winscp.net/eng/download.php Procedure 1. Run PuTTY to connect to the PathFinder server. 2. Configure the connection to the PathFinder server in the Session tab of the PuTTY Configuration dialog box, as follows: Table 21: Configuring the PuTTY session Field Description Host Name (or IP address) Enter the IP address of the PathFinder server. SSH Verify the Secure Shell protocol is enabled. 3. Create a network trace file with PuTTy as follows: a. Enter 4 in the Main menu to access the System Menu. b. Enter 7 to capture network traces (Figure 61: Capturing network traces on page 84). Figure 61: Capturing network traces c. Enter Y to confirm starting to capture the network traces (Figure 62: Creating the network capture files on page 84). Figure 62: Creating the network capture files The PathFinder server starts the trace, which you can end by pressing Ctrl-C. It creates a single or multiple .pcap files, depending on the duration of the capture. It also April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 84 Viewing PathFinder Hardware and License Information generates a .tgz file which compresses all these .pcap files to a single package (Figure 63: Downloading the network capture files to your computer on page 85). As each file is dated and time stamped, you can download and review only the files which captured issues you are interested in troubleshooting. d. Press Enter to return to the Main Menu. e. Press Q to exit the session. 4. Run WinSCP to transfer the file. 5. Configure the connection to your PathFinder server in the WinSCP Login dialog box, as follows: Table 22: Configuring WinSCP settings Field Description Host name Enter the IP address of the PathFinder server. User name Enter the username to access PathFinder server. This is always uadmin. Password Enter the password. The default is admin. If you modified the default password, enter the new value here. File protocol Select SFTP to enable the SSH File Transfer Protocol capability. 6. Select Login. 7. Drag the relevant network capture file from the /updates/nw_traces folder to the relevant folder on your computer (Figure 63: Downloading the network capture files to your computer on page 85). Figure 63: Downloading the network capture files to your computer 8. Close WinSCP and confirm ending the session to save the changes. Related links Performing Maintenance Procedures on page 70 Viewing PathFinder Hardware and License Information About this task Use this feature to find useful information about the system. This information is also required when you contact Customer Support. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 85 Performing Maintenance Procedures Procedure 1. Access the PathFinder server Administrator web interface. 2. Select the About tab. The screen displays system information. Table 23: Viewing Information on PathFinder Field Name Description Version Number Displays the version number of the PathFinder server. MAC Address Displays the MAC address of the PathFinder server. Serial Number Displays the serial number of the PathFinder server. Expiration Date Displays the date on which your current license expires. For demonstration versions only. Max. Connected Endpoints Displays the maximum allowed number of connected endpoints, as determined by your license. Max. Concurrent Calls Displays the maximum allowed number of concurrent calls, as determined by your license. Related links Performing Maintenance Procedures on page 70 April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 86 Glossary 1080p See Full HD on page 90. 2CIF 2CIF describes a video resolution of 704 x 288 pixels (PAL) or 704 x 240 (NTSC). It is double the width of CIF, and is often found in CCTV products. 2SIF 2SIF describes a video resolution of 704 x 240 pixels (NTSC) or 704 x 288 (PAL). This is often adopted in IP security cameras. 4CIF 4CIF describes a video resolution of 704 x 576 pixels (PAL) or 704 x 480 (NTSC). It is four times the resolution of CIF and is most widespread as the standard analog TV resolution. 4SIF 4SIF describes a video resolution of 704 x 480 pixels (NTSC) or 704 x 576 (PAL). This is often adopted in IP security cameras. 720p See HD on page 92. AAC AAC is an audio codec which compresses sound but with better results than MP3. AGC (Automatic Gain Control) Automatic Gain Control (AGC) smooths audio signals through normalization, by lowering sounds which are too strong and strengthening sounds which are too weak. This is relevant with microphones situated at some distance from the speaker, like room systems. The result is a more consistent audio signal within the required range of volume. Alias An alias in H.323 represents the unique name of an endpoint. Instead of dialing an IP address to reach an endpoint, you can dial an alias, and the gatekeeper resolves it to an IP address. Auto-Attendant Auto-Attendant, also known as video IVR, offers quick access to meetings hosted on MCUs, via a set of visual menus. Participants can select menu options using standard DTMF tones (numeric keypad). Auto-Attendant works with both H.323 and SIP endpoints. Balanced Microphone A balanced microphone uses a cable that is built to reduce noise and interference even when the cable is long. This reduces audio disruptions resulting from surrounding electromagnetic interference. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 87 Glossary BFCP (Binary Floor Control Protocol) BFCP is a protocol which coordinates shared videoconference features in SIP calls, often used by one participant at a time. For example, when sharing content to others in the meeting, one participant is designated as the presenter, and is granted the floor for presenting. All endpoints must be aware that the floor was granted to that participant and react appropriately. Bitrate Bitrate is the speed of data flow. Higher video resolutions require higher bitrates to ensure the video is constantly updated, thereby maintaining smooth motion. If you lower the bitrate, you lower the quality of the video. In some cases, you can select a lower bitrate without noticing a significant drop in video quality; for example during a presentation or when a lecturer is speaking and there is very little motion. In video recordings, the bitrate determines the file size for each minute of recording. Bitrate is often measured in kilobits per second (kbps). Call Control See Signaling on page 97. Cascaded Videoconference A cascaded videoconference is a meeting distributed over more than one physical Scopia® Elite MCU, where a master MCU connects to one or more slave MCUs to create a single videoconference. It increases the meeting capacity by combining the resources of several MCUs. This can be especially useful for distributed deployments across several locations, reducing bandwidth usage. CIF CIF, or Common Intermediate Format, describes a video resolution of 352 × 288 pixels (PAL) or 352 x 240 (NTSC). This is sometimes referred to as Standard Definition (SD). Content Slider The Scopia® Content Slider stores the data already presented in the videoconference and makes it available for participants to view during the meeting. Continuous Presence Continuous presence enables viewing multiple participants of a videoconference at the same time, including the active speaker. This graphics-intensive work requires scaling and mixing the images together into one of the predefined video layouts. The range of video layouts depends on the type of media processing supported, typically located in the MCU. Control Control, or media control, sets up and manages the media of a call (its audio, video and data). Control messages include checking compatibility between endpoints, negotiating video and audio codecs, and other parameters like resolution, bitrate and frame rate. Control is communicated via H.245 in H.323 endpoints, or by SDP in SIP endpoints. Control occurs within the framework of an established call, after signaling. CP See Continuous Presence on page 88. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 88 Dedicated Endpoint Dedicated Endpoint A dedicated endpoint is a hardware endpoint for videoconferencing assigned to a single user. It is often referred to as a personal or executive endpoint, and serves as the main means of video communications for this user. For example, Scopia® XT Executive. It is listed in the organization's LDAP directory as associated exclusively with this user. Dial Plan A dial plan defines a way to route a call and to determine its characteristics. In traditional telephone networks, prefixes often denote geographic locations. In videoconferencing deployments, prefixes are also used to define the type and quality of a call. For example, dial 8 before a number for a lower bandwidth call, or 6 for an audio-only call, or 5 to route the call to a different branch. Dial Prefix A dial prefix is a number added at the beginning of a dial string to route it to the correct destination, or to determine the type of call. Dial prefixes are defined in the organization's dial plan. For example, dial 9 for an outside line, or dial 6 for an audio only call. Distributed Deployment A distributed deployment describes a deployment where the solution components are geographically distributed in more than one network location. DNS Server A DNS server is responsible for resolving domain names in your network by translating them into IP addresses. DTMF DTMF, or touch-tone, is the method of dialing on touch-tone phones, where each number is translated and transmitted as an audio tone. Dual Video Dual video is the transmitting of two video streams during a videoconference, one with the live video while the other is a shared data stream, like a presentation. Dynamic Video Layout The dynamic video layout is a meeting layout that switches dynamically to include the maximum number of participants it can display on the screen (up to 9 on the XT Series, or up to 28 on Scopia® Elite MCU). The largest image always shows the active speaker. E.164 E.164 is an address format for dialing an endpoint with a standard telephone numeric keypad, which only has numbers 0 - 9 and the symbols: * and #. Endpoint An endpoint is a tool through which people can participate in a videoconference. Its display enables you to see and hear others in the meeting, while its microphone and camera enable you to be seen and heard by others. Endpoints include dedicated endpoints, like Scopia® XT Executive, software endpoints like Scopia® Desktop Client, mobile device endpoints like Scopia® Mobile, room systems like XT Series, and telepresence systems like Scopia® XT Telepresence. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 89 Glossary Endpoint Alias See Alias on page 87. FEC Forward Error Correction (FEC) is a proactive method of sending redundant information in the video stream to preempt quality degradation. FEC identifies the key frames in the video stream that should be protected by FEC. There are several variants of the FEC algorithm. The Reed-Solomon algorithm (FEC-RS) sends redundant packets per block of information, enabling the sender (like the Scopia® Elite MCU) to manage up to ten percent packet loss in the video stream with minimal impact on the smoothness and quality of the video. FECC Far End Camera Control (FECC) is a feature of endpoint cameras, where the camera can be controlled remotely by another endpoint in the call. Forward Error Correction See FEC on page 90. FPS See Frames Per Second on page 90. Frame Rate See Frames Per Second on page 90. Frames Per Second Frames Per Second (fps), also known as the frame rate, is a key measure in video quality, describing the number of image updates per second. The average human eye can register up to 50 frames per second. The higher the frame rate, the smoother the video. Full HD Full HD, or Full High Definition, also known as 1080p, describes a video resolution of 1920 x 1080 pixels. Full screen Video Layout The full screen view shows one video image. Typically, it displays the remote presentation, or, if there is no presentation, it displays the other meeting participant(s). Gatekeeper A gatekeeper routes audio and video H.323 calls by resolving dial strings (H.323 alias or URI) into the IP address of an endpoint, and handles the initial connection of calls. Gatekeepers also implement the dial plan of an organization by routing H.323 calls depending on their dial prefixes. Scopia® Management includes a built-in Avaya Scopia® Gatekeeper, while ECS is a standalone gatekeeper. Gateway A gateway is a component in a video solution which routes information between two subnets or acts as a translator between different protocols. For example, a gateway can route data between the headquarters and a partner site, or between two protocols like the TIP Gateway, or the Scopia® 100 Gateway. GLAN GLAN, or gigabit LAN, is the name of the network port on the XT Series. It is used on the XT Series to identify a 10/100/1000MBit ethernet port. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 90 H.225 H.225 H.225 is part of the set of H.323 protocols. It defines the messages and procedures used by gatekeepers to set up calls. H.235 H.235 is the protocol used to authenticate trusted H.323 endpoints and encrypt the media stream during meetings. H.239 H.239 is a widespread protocol used with H.323 endpoints, to define the additional media channel for data sharing (like presentations) alongside the videoconference, and ensures only one presenter at a time. H.243 H.243 is the protocol used with H.323 endpoints enabling them to remotely manage a videoconference. H.245 H.245 is the protocol used to negotiate call parameters between endpoints, and can control a remote endpoint from your local endpoint. It is part of the H.323 set of protocols. H.261 H.261 is an older protocol used to compress CIF and QCIF video resolutions. This protocol is not supported by the XT Series. H.263 H.263 is an older a protocol used to compress video. It is an enhancement to the H.261 protocol. H.264 H.264 is a widespread protocol used with SIP and H.323 endpoints, which defines video compression. Compression algorithms include 4x4 transforms and a basic motion comparison algorithm called P-slices. There are several profiles within H.264. The default profile is the H.264 Baseline Profile, but H.264 High Profile uses more sophisticated compression techniques. H.264 Baseline Profile See H.264 on page 91. H.264 High Profile H.264 High Profile is a standard for compressing video by up to 25% over the H.264 Baseline Profile, enabling high definition calls to be held over lower call speeds. It requires both sides of the transmission (sending and receiving endpoints) to support this protocol. H.264 High Profile uses compression algorithms like: • CABAC compression (Context-Based Adaptive Binary Arithmetic Coding) • 8x8 transforms which more effectively compress images containing areas of high correlation These compression algorithms demand higher computation requirements, which are offered with the dedicated hardware available in Scopia® Solution components. Using H.264 High Profile in videoconferencing requires that both the sender and receiver's endpoints support it. This is different from SVC which is an adaptive technology working to improve quality even when only one side supports the standard. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 91 Glossary H.320 H.320 is a protocol for defining videoconferencing over ISDN networks. H.323 H.323 is a widespread set of protocols governing the communication between endpoints in videoconferences and point-to-point calls. It defines the call signaling, control, media flow, and bandwidth regulation. H.323 Alias See Alias on page 87. H.350 H.350 is the protocol used to enhance LDAP user databases to add video endpoint information for users and groups. H.460 H.460 enhances the standard H.323 protocol to manage firewall/NAT traversal, employing ITU-T standards. Endpoints which are already H.460 compliant can communicate directly with the PathFinder server, where the endpoint acts as an H.460 client to the PathFinder server which acts as an H.460 server. HD A HD ready device describes its high definition resolution capabilities of 720p, a video resolution of 1280 x 720 pixels. High Availability High availability is a state where you ensure better service and less downtime by deploying additional servers. There are several strategies for achieving high availability, including deployment of redundant servers managed by load balancing systems. High Definition See HD on page 92. High Profile See H.264 High Profile on page 91. HTTPS HTTPS is the secured version of the standard web browser protocol HTTP. It secures communication between a web browser and a web server through authentication of the web site and encrypting communication between them. For example, you can use HTTPS to secure web browser access to the web interface of many Scopia® Solution products. Image Resolution See Resolution on page 96. KBps Kilobytes per second (KBps) measures the bitrate in kilobytes per second, not kilobits, by dividing the number of kilobits by eight. Bitrate is normally quoted as kilobits per second (kbps) and then converted to kilobytes per second (KBps). Bitrate measures the throughput of data communication between two devices. kbps Kilobits per second (kbps) is the standard unit to measure bitrate, measuring the throughput of data communication between two devices. Since this counts the number of individual bits (ones or zeros), you must divide by eight to calculate the number of kilobytes per second (KBps). LDAP LDAP is a widespread standard database format which stores network users. The format is hierarchical, where nodes are often represented April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 92 Lecture Mode asbranch location > department > sub-department, orexecutives > managers > staff members. The database standard is employed by most user directories including Microsoft Active Directory, IBM Sametime and others. H.350 is an extension to the LDAP standard for the videoconferencing industry. Lecture Mode Scopia® Desktop's lecture mode allows the participant defined as the lecturer to see all the participants, while they see only the lecturer. All participants are muted except the lecturer, unless a participant asks permission to speak and is unmuted by the lecturer. This mode is tailored for distance learning, but you can also use it for other purposes like when an executive addresses employees during company-wide gatherings. Load balancer A load balancer groups together a set (or cluster) of servers to give them a single IP address, known as a virtual IP address. It distributes client service requests amongst a group of servers. It distributes loads according to different criteria such as bandwidth, CPU usage, or cyclic (round robin). Load balancers are also known as application delivery controllers (ADC). Location A location is a physical space (building) or a network (subnet) where video devices can share a single set of addresses. A distributed deployment places these components in different locations, often connected via a VPN. Management Management refers to the administration messages sent between components of the Scopia® Solution as they manage and synchronize data between them. Management also includes front-end browser interfaces configuring server settings on the server. Management messages are usually transmitted via protocols like HTTP, SNMP, FTP or XML. For example, Scopia® Management uses management messages to monitor the activities of an MCU, or when it authorizes the MCU to allow a call to proceed. MBps Megabytes per second (MBps) is a unit of measure for the bitrate. The bitrate is normally quoted as kilobits per second (kbps) and then converted by dividing it by eight to reach the number of kilobytes per second (KBps) and then by a further 1000 to calculate the MBps. MCU An MCU, or Multipoint Control Unit, connects several endpoints to a single videoconference. It manages the audio mixing and creates the video layouts, adjusting the output to suit each endpoint's capabilities. MCU service See Meeting Type on page 94. Media Media refers to the live audio, video and shared data streams sent during a call. Presentation and Far end camera control (FECC) are examples of information carried on the data stream. Media is transmitted via the RTP and RTCP protocols in both SIP and H.323 calls. The parallel data stream of both live video and presentation, is known as dual video. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 93 Glossary Media Control See Control on page 88. Meeting Type Meeting types (also known as MCU services) are meeting templates which determine the core characteristics of a meeting. For example, they determine if the meeting is audio only or audio and video, they determine the default video layout, the type of encryption, PIN protection and many other features. You can invoke a meeting type by dialing its prefix in front of the meeting ID. Meeting types are created and stored in the MCU, with additional properties in Scopia® Management. Moderator A moderator has special rights in a videoconference, including blocking the sound and video of other participants, inviting new participants, disconnecting others, determining video layouts, and closing meetings. In Scopia® Desktop Client, an owner of a virtual room is the moderator when the room is protected by a PIN. Without this protection, any participant can assume moderator rights. MTU The MTU, or Maximum Transmission Unit, is the maximum size of data packets sent around your network. This value must remain consistent for all network components, including servers like the MCU and Scopia® Desktop server, endpoints like XT Series and other network devices like LDAP servers and network routers. Multi-Point A multi-point conference has more than two participants. Multi-tenant Service provider, or multi-tenant, deployments enable one installation to manage multiple organizations. All the organizations can reside as tenants within a single service provider deployment. For example, Scopia® Management can manage a separate set of users for each organization, separate local administrators, separate bandwidth policies etc. all within a single multi-tenant installation. Multicast Streaming Multicast streaming sends a videoconference to multiple viewers across a range of addresses, reducing network traffic significantly. Scopia® Desktop server multicasts to a single IP address, and streaming clients must tune in to this IP address to view the meeting. Multicasts require that routers, switches and other equipment know how to forward multicast traffic. NAT A NAT, or Network Address Translation device, translates external IP addresses to internal addresses housed in a private network. This enables a collection of devices like endpoints in a private network, each with their own internal IP address, can be represented publicly by a single, unique IP address. The NAT translates between public and private addresses, enabling users toplace calls between public network users and private network users. NetSense NetSense is a proprietary Scopia® Solution technology which optimizes the video quality according to the available bandwidth to minimize packet loss. As the available bandwidth of a connection varies depending on data traffic, April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 94 Packet Loss NetSense's sophisticated algorithm dynamically scans the video stream, and then reduces or improves the video resolution to maximize quality with the available bandwidth. Packet Loss Packet loss occurs when some of the data transmitted from one endpoint is not received by the other endpoint. This can be caused by narrow bandwidth connections or unreliable signal reception on wireless networks. PaP Video Layout The PaP (Picture and Picture) view shows up to three images of the same size. Phantom Power Microphones which use phantom power draw their electrical power from the same cable as the audio signal. For example, if your microphone is powered by a single cable, it serves both to power the microphone and transmit the audio data. Microphones which have two cables, one for sound and a separate power cable, do not use phantom power. PiP Video Layout The PiP (Picture In Picture) view shows a video image in the main screen, with an additional smaller image overlapping in the corner. Typically, a remote presentation is displayed in the main part of the screen, and the remote video is in the small image. If the remote endpoint does not show any content, the display shows the remote video in the main part of the screen, and the local presentation in the small image. Point-to-Point Point-to-point is a feature where only two endpoints communicate with each other without using MCU resources. PoP Video Layout The PoP (Picture out Picture) view shows up to three images of different size, presented side by side, where the image on the left is larger than the two smaller images on the right. Prefix See Dial Prefix on page 89. PTZ Camera A PTZ camera can pan to swivel horizontally, tilt to move vertically, and optically zoom to devote all the camera's pixels to one area of the image. For example, the XT Standard Camera is a PTZ camera with its own power supply and remote control, and uses powerful lenses to achieve superb visual quality. In contrast, fixed cameras like webcams only offer digital PTZ, where the zoom crops the camera image, displaying only a portion of the original, resulting in fewer pixels of the zoomed image, which effectively lowers the resolution. Fixed cameras also offer digital pan and tilt only after zooming, where you can pan up to the width or length of the original camera image. Q.931 Q.931 is a telephony protocol used to start and end the connection in H.323 calls. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 95 Glossary QCIF QCIF, or Quarter CIF, defines a video resolution of 176 × 144 pixels (PAL) or 176 x 120 (NTSC). It is often used in older mobile handsets (3G-324M) limited by screen resolution and processing power. Quality of Service (QoS) Quality of Service (QoS) determines the priorities of different types of network traffic (audio, video and control/signaling), so in poor network conditions, prioritized traffic is still fully transmitted. Recordings A recording of a videoconference can be played back at any time. Recordings include audio, video and shared data (if presented). In Scopia® Desktop, any participant with moderator rights can record a meeting. Users can access Scopia® Desktop recordings from the Scopia® Desktop web portal or using a web link to the recording on the portal. Redundancy Redundancy is a way to deploy a network component, in which you deploy extra units as 'spares', to be used as backups in case one of the components fails. Registrar A SIP Registrar manages the SIP domain by requiring that all SIP devices register their IP addresses with it. For example, once a SIP endpoint registers its IP address with the Registrar, it can place or receive calls with other registered endpoints. Resolution Resolution, or image/video resolution, is the number of pixels which make up an image frame in the video, measured as the number of horizontal pixels x the number of vertical pixels. Increasing resolution improves video quality but typically requires higher bandwidth and more computing power. Techniques like SVC, H.264 High Profile and FEC reduce bandwidth usage by compressing the data to a smaller footprint and compensating for packet loss. Restricted Mode Restricted mode is used for ISDN endpoints only, when the PBX and line uses a restricted form of communication, reserving the top 8k of each packet for control data only. If enabled, the bandwidth values on these lines are in multiples of 56kbps, instead of multiples of 64kbps. Room System A room system is a hardware videoconferencing endpoint installed in a physical conference room. Essential features include its camera's ability to PTZ (pan, tilt, zoom) to allow maximum flexibility of camera angles enabling participants to see all those in the meeting room or just one part of the room. RTCP Real-time Control Transport Protocol, used alongside RTP for sending statistical information about the media sent over RTP. RTP RTP or Real-time Transport Protocol is a network protocol which supports video and voice transmission over IP. It underpins most videoconferencing April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 96 RTSP protocols today, including H.323, SIP and the streaming control protocol known as RTSP. The secured version of RTP is SRTP. RTSP RTSP or Real-Time Streaming Protocol controls the delivery of streamed live or playback video over IP, with functions like pause, fast forward and reverse. While the media itself is sent via RTP, these control functions are managed by RTSP Sampling Rate The sampling rate is a measure of the accuracy of the audio when it is digitized. To convert analog audio to digital, it must collect or sample the audio at specific intervals. As the rate of sampling increases, it raises audio quality. SBC A Session Border Controller (SBC) is a relay device between two different networks. It can be used in firewall/NAT traversal, protocol translations and load balancing. Scalability Scalability describes the ability to increase the capacity of a network device by adding another identical device (one or more) to your existing deployment. In contrast, a non-scalable solution would require replacing existing components to increase capacity. Scopia® Content Slider See Content Slider on page 88. SD Standard Definition (SD), is a term used to refer to video resolutions which are lower than HD. There is no consensus defining one video resolution for SD. Service Also known as MCU service. See Meeting Type on page 94. SIF SIF defines a video resolution of 352 x 240 pixels (NTSC) or 352 x 288 (PAL). This is often used in security cameras. Signaling Signaling, also known as call control, sets up, manages and ends a connection or call. These messages include the authorization to make the call, checking bandwidth, resolving endpoint addresses, and routing the call through different servers. Signaling is transmitted via the H.225.0/Q.931 and H.225.0/RAS protocols in H.323 calls, or by the SIP headers in SIP calls. Signaling occurs before the control aspect of call setup. Single Sign On Single Sign On (SSO) automatically uses your network login and password to access different enterprise systems. Using SSO, you do not need to separately login to each system or service in your organization. SIP Session Initiation Protocol (SIP) is a signaling protocol for starting, managing and ending voice and video sessions over TCP, TLS or UDP. Videoconferencing endpoints typically are compatible with SIP or H.323, and in some cases (like Avaya Scopia® XT Series), an endpoint can be April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 97 Glossary compatible with both protocols. As a protocol, it uses fewer resources than H.323. SIP Registrar See Registrar on page 96. SIP Server A SIP server is a network device communicating via the SIP protocol. SIP URI See URI on page 100. Slider See Content Slider on page 88. SNMP Simple Network Management Protocol (SNMP) is a protocol used to monitor network devices by sending messages and alerts to their registered SNMP server. Software endpoint A software endpoint turns a computer or portable device into a videoconferencing endpoint via a software application only. It uses the system's camera and microphone to send image and sound to the other participants, and displays their images on the screen. For example, Scopia® Desktop Client or Scopia® Mobile. SQCIF SQCIF defines a video resolution of 128 x 96 pixels. SRTP Secure Real-time Transport Protocol (SRTP) adds security to the standard RTP protocol, which is used to send media (video and audio) between devices in SIP calls. It offers security with encryption, authentication and message integrity. The encryption uses a symmetric key generated at the start of the call, and being symmetric, the same key locks and unlocks the data. So to secure transmission of the symmetric key, it is sent safely during call setup using TLS. SSO See Single Sign On on page 97. Standard Definition See SD on page 97. Streaming Streaming is a method to send live or recorded videoconferences in one direction to viewers. Recipients can only view the content; they cannot participate with a microphone or camera to communicate back to the meeting. There are two types of streaming supported in Scopia® Solution: unicast which sends a separate stream to each viewer, and multicast which sends one stream to a range of viewers. STUN A STUN server enables you to directly dial an endpoint behind a NAT or firewall by giving that computer’s public internet address. SVC SVC extends the H.264 codec standard to dramatically increase error resiliency and video quality without the need for higher bandwidth. It is especially effective over networks with high packet loss (like wireless networks) which deliver low quality video. It splits the video stream into layers, comprising a small base layer and then additional layers on top April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 98 SVGA which enhance resolution, frame rate and quality. Each additional layer is only transmitted when bandwidth permits. This allows for a steady video transmission when available bandwidth varies, providing better quality when the bandwidth is high, and adequate quality when available bandwidth is poor. SVGA SVGA defines a video resolution of 800 x 600 pixels. Switched video Switching is the process of redirecting video as-is without transcoding, so you see only one endpoint's image at a time, usually the active speaker, without any video layouts or continuous presence (CP). Using video switching increases the port capacity of the Scopia® Elite MCU only by four times. Important: Use switched video only when all endpoints participating in the videoconference support the same resolution. If a network experiences high packet loss, switched video might not be displayed properly for all endpoints in the videoconference. SXGA SXGA defines a video resolution of 1280 x 1024 pixels. Telepresence A telepresence system combines two or more endpoints together to create a wider image, simulating the experience of participants being present in the same room. Telepresence systems always designate one of the endpoints as the primary monitor/camera/codec unit, while the remainder are defined as auxiliary or secondary endpoints. This ensures that you can issue commands via a remote control to a single codec base which leads and controls the others to work together as a single telepresence endpoint. Telepresence - Dual row telepresence room Dual row telepresence rooms are large telepresence rooms with two rows of tables that can host up to 18 participants. TLS TLS enables network devices to communicate securely using certificates, to provide authentication of the devices and encryption of the communication between them. Transcoding Transcoding is the process of converting video into different sizes, resolutions or formats. This enables multiple video streams to be combined into one view, enabling continuous presence, as in a typical videoconferencing window. UC (Unified Communications) UC, or unified communications deployments offer solutions covering a wide range of communication channels. These include audio (voice), video, text (IM or chat), data sharing (presentations), whiteboard sharing (interactive annotations on shared data). April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 99 Glossary Unbalanced Microphone An unbalanced microphone uses a cable that is not especially built to reduce interference when the cable is long. As a result, these unbalanced line devices must have shorter cables to avoid audio disruptions. Unicast Streaming Unicast streaming sends a separate stream of a videoconference to each viewer. This is the default method of streaming in Scopia® Desktop server. To save bandwidth, consider multicast streaming. URI URI is an address format used to locate a device on a network, where the address consists of the endpoint's name or number, followed by the domain name of the server to which the endpoint is registered. For example,@. When dialing URI between organizations, the server might often be the Avaya Scopia® PathFinder server of the organization. URI Dialing Accessing a device via its URI on page 100. User profile A user profile is a set of capabilities or parameter values which can be assigned to a user. This includes available meeting types (services), access to Scopia® Desktop and Scopia® Mobile functionality, and allowed bandwidth for calls. VFU See Video Fast Update (VFU) on page 100. VGA VGA defines a video resolution of 640 x 480 pixels. Video Fast Update (VFU) Video Fast Update (VFU) is a request for a refreshed video frame, sent when the received video is corrupted by packet loss. In response to a VFU request, the broadcasting endpoint sends a new intra-frame to serve as the baseline for the ongoing video stream. Video Layout A video layout is the arrangement of participant images as they appear on the monitor in a videoconference. If the meeting includes a presentation, a layout can also refer to the arrangement of the presentation image together with the meeting participants. Video Resolution See Resolution on page 96. Video Switching See Switched video on page 99. Videoconference A videoconference is a meeting of more than two participants with audio and video using endpoints. Professional videoconferencing systems can handle many participants in single meetings, and multiple simultaneous meetings, with a wide interoperability score to enable a wide variety of endpoints to join the same videoconference. Typically you can also share PC content, like presentations, to other participants. Virtual Room A virtual room in Scopia® Desktop and Scopia® Mobile offers a virtual meeting place for instant or scheduled videoconferences. An administrator can assign a virtual room to each member of the organization. Users can April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 100 VISCA Cable send invitations to each other via a web link which brings you directly into their virtual room. Virtual meeting rooms are also dialed like phone extension numbers, where a user’s virtual room number is often based on that person’s phone extension number. You can personalize your virtual room with PIN numbers, custom welcome slides and so on. External participants can download Scopia® Desktop or Scopia® Mobile free to access a registered user's virtual room and participate in a videoconference. VISCA Cable A crossed VISCA cable connects two PTZ cameras to enable you to use the same remote control on both. Waiting Room A waiting room is a holding place for participants waiting for the host or moderator to join the meeting. While waiting, participants see a static image with the name of the owner's virtual room, with an optional audio message periodically saying the meeting will start when the host arrives. Webcast A webcast is a streamed live broadcast of a videoconference over the internet. Enable Scopia® Desktop webcasts by enabling the streaming feature. To invite users to the webcast, send an email or instant message containing the webcast link or a link to the Scopia® Desktop portal and the meeting ID. WUXGA WUXGA defines a video resolution of 1920 x 1200 pixels. XGA XGA defines a Video resolution of 1024 x 768 pixels. Zone Gatekeepers like Avaya Scopia® ECS Gatekeeper split endpoints into zones, where a group of endpoints in a zone are registered to a gatekeeper. Often a zone is assigned a dial prefix, and usually corresponds to a physical location like an organization's department or branch. April 2016 Avaya Scopia® PathFinder Firewall Traversal Deployment Guide Comments on this document? [email protected] 101