Installation guide

ManualsBrandsAcano ManualsComputer equipmentSolution

Acano solution 1.2

Deployment Guide

Acano

October 2014

76-1006-06-K

Summary of content (94 pages)

PAGE 1
Acano solution 1.
PAGE 2
Contents Contents 1 Introduction ....................................................................................................................... 6 2 2.1 Prerequisites and Deployment Overview ........................................................................... 7 Prerequisites ..................................................................................................................... 7 2.1.1 Acano Server-specific prerequisites .......................................................
PAGE 3
Contents 5.3 5.4 6 6.1 6.2 6.3 6.4 6.5 6.6 5.2.4 Adding a dial plan rule on the Acano solution ......................................................... 32 Media Encryption for SIP Calls ........................................................................................ 33 IVR Configuration ............................................................................................................ 33 Dial Plan Configuration – Integrating Lync Clients ...............................................
PAGE 4
Contents Appendix B Ports Required ................................................................................................... 62 Appendix C OpenSSL Commands for Generating Certificates .............................................. 65 Appendix D Issuing a Certificate Manually ............................................................................ 67 Appendix E Example of Configuring a Static Route from a Lync Front End Server ............... 71 Lync Configuration Changes ...............
PAGE 5
Contents Figures Figure 1: Example Acano solution using Acano Servers............................................................ 10 Figure 2: Example Call flow diagram ......................................................................................... 12 Figure 3: Example two-server Acano solution deployment ........................................................ 14 Figure 4: TURN server public IP address ..................................................................................
PAGE 6
Introduction 1 Introduction This guide covers the Acano solution; whether that is an Acano Server deployment, a virtual deployment or a mixture of the two. It follows on from the appropriate Acano solution Installation Guide−and assumes that you have completed the instructions in it already. This guide provides the information required to deploy the Acano solution. It is intended to be read and acted upon in the order provided but you can also “dip in” to individual sections.
PAGE 7
Prerequisites and Deployment Overview 2 Prerequisites and Deployment Overview 2.1 Prerequisites The list of items you need prior to installing and configuring the Acano solution in a typical customer environment is given below; some of these items can be configured beforehand:  A fully qualified Doman Name for the Acano solution. The name of this domain should be set up in advance of the installation.
PAGE 8
Prerequisites and Deployment Overview 2.1.1 Acano Server-specific prerequisites  A suitable environment: refer to the Hardware/Environmental Data Sheet for details on the required power and cooling  The Acano Server has two power modules, and country-specific power cables are supplied for the AC power supplies.
PAGE 9
Prerequisites and Deployment Overview 2.2.1 Management and network interfaces There are two layers to the Acano solution: a Platform and an Application.  The Platform is configured through the Mainboard Management Processor (MMP). The MMP is used for low level bootstrapping and configuration. It presents a command line interface. Note: On the Acano Server the MMP can be accessed via the serial Console port or SSH on the Ethernet interface labeled Admin.
PAGE 10
Prerequisites and Deployment Overview Note that both the Edge and Core software can reside in the same physical or separate Acano Server, on the same or separate virtualized servers. Equally, the Edge software can be on a physical Acano Server and the Core software on a virtualized deployment (or vice versa). However, these are just suggested deployments.
PAGE 11
Prerequisites and Deployment Overview appendices to set up the SIP Trunk: this is not covered elsewhere in this document. However, you can use other devices instead. 2.2.6 Support for Lync clients You can use both Lync 2010 and 2013 clients connected to a Lync 2010 or 2013 server. The Acano solution uses:  the RTV codec transcoding up to 1080p with the 2010 Lync Windows client and 2011 Lync Mac clients  the RTV codec and H.
PAGE 12
Prerequisites and Deployment Overview Figure 2: Example Call flow diagram Notes on the figure: * Although the range between the TURN server and the external clients is shown as 3276865535, currently only 50000-51000 is used. A wider range is likely to be required in future releases. Internal clients connect directly to the XMPP server on port 5222 and media connects directly between the Acano client and the Call Bridge. External Acano clients establish a control connection to the XMPP sever (black line).
PAGE 13
Prerequisites and Deployment Overview Both internal and external Acano clients use ICE/TURN to find suitable candidates for connectivity and choose the best: in the case of internal clients this will always be the local host candidates on the internal network. The necessary ports need to be open on the firewall between Core and Edge components to allow the media UDP traffic to pass (UDP ports 32768 - 65535) and the control link between the XMPP server and the Call Bridge (port 5223).
PAGE 14
Prerequisites and Deployment Overview Figure 3: Example two-server Acano solution deployment Note: The following ports must be open between the Core and Edge components:  Port 5223 from Call Bridge to XMPP server (for XMPP component)  UDP Port 3478 from Call Bridge to TURN server (for TURN)  UDP Port 50000-51000 from Call Bridge to TURN server (for media)  TCP Port 443 (HTTPS) from Call Bridge to Web Bridge (for guest login) These ports are required even on a single Acano server/virtualized se
PAGE 15
Prerequisites and Deployment Overview  For each virtualized server set up the network interfaces− and on the Core virtualized server to be able to access the Web Admin Interface. 2. Complete the following using the steps in this Deployment Guide:  Set up the Syslog server connection on both servers/virtualized servers using the MMP commands as per the instructions in this Deployment Guide. We suggest using the same Syslog server for both servers.
PAGE 16
Creating and Installing Certificates 3 Creating and Installing Certificates This section and the following ones assume that you have followed the instructions in the appropriate Acano solution Installation Guide completely and have all the prerequisites in place. If this is not the case, then do so now before proceeding. 3.
PAGE 17
Creating and Installing Certificates  For Lync Front End Server – required for Lync integration so the Lync Front End Server trusts the Acano solution  XMPP – required only if using native Acano clients so that the clients know they have reached the XMPP server and trust the connection  Web Bridge – required only if using WebRTC clients so the browsers know they have reached the Web Bridge and can use HTTPS on the connection These can be different pairs or the same pair of files i.e.
PAGE 18
Creating and Installing Certificates Note: The command pki inspect - inspects the file and shows whether it is a private key, a certificate, a CSR or other file type. In the case of certificates, various details are displayed. If you do not see the files that you are expecting, use this command. 3.
PAGE 19
Creating and Installing Certificates 2. Sign in to the MMP and generate the private key and certificate signing request by typing: pki csr [ ] where: is a string identifying the new key and CSR (e.g. "xmpp" results in "xmpp.key" and "xmpp.csr" files) is the commonName which should be on the certificate. Use the FQDN defined in DNS A record as the Common Name. Failure to do this will result in browser certificate errors.
PAGE 20
Creating and Installing Certificates Note: The Web Bridge supports HTTPS only. 3. Upload the certificate file to the MMP via SFTP. 3.6 Adding the Call Bridge Certificate to the Web Bridge Trust Store The Web Bridge allows configuration of guest logins and image customizations to be pushed from a Call Bridge (see Appendix K). It is important for the security of the deployment that configuration is only accepted from call bridges which are trusted.
PAGE 21
Creating and Installing Certificates 3.6.2 Two server (Core/Edge) example: For a two-box solution, the Call Bridge certificate needs to be copied from the Acano Core server to the Acano Edge server before you use the webbridge trust command on the Edge server. On the Acano Core server running Call Bridge server: acano>callbridge Listening interfaces : a Key file : callbridge.key Certificate file : callbridge.cer Use SFTP to copy (in this example) "callbridge.
PAGE 22
Configuring the MMP 4 Configuring the MMP 4.1 Creating and managing MMP and Web Admin User Accounts You should have created a MMP administrator user account called “’admin”; if so, go on to the next section unless you want to set up additional accounts. If you failed to do this, you will have to use the emergency admin recovery procedure detailed in the appropriate Installation Guide.
PAGE 23
Configuring the MMP (You can use a Windows PC application such as WinSCP instead.) 4. Then to complete the upgrade, connect via SSH to into the MMP and type: upgrade Allow 10 minutes for the solution to restart. 5. To verify that the upgrade was successful, SSH into the MMP, log in and type: version 4.3 Configuring the Web Admin Interface for HTTPS Access If you have previously followed the appropriate Installation Guide you will have configured the Web Admin Interface.
PAGE 24
Configuring the MMP Configure listening interfaces as follows: 1. Configure the Call Bridge to listen on interface A. callbridge listen a 2. Configure the Call Bridge to use the security certificates (which should have been created previously) by typing the following (so that a TLS connection can be established between the Lync FE server and the Acano Call Bridge): callbridge certs privkey.pem cacert.pem The full command is callbridge certs [].
PAGE 25
Configuring the MMP 4.6 Configuring Network Time Protocol Servers You must configure at least one NTP server using MMP commands. Note: The number of NTP servers you use is not pre-determined. For example, you may choose to have one private and one public NTP server; using the public NTP server as a backup. 1. To set up an NTP server, type : ntp server add 2. To find the status of configured NTP servers ntp status Note: To delete an NTP server type: ntp server del .
PAGE 26
Configuring the MMP 4.8 Configuring the Web Bridge If you are testing the Acano HTML5/Web clients you now need to set the network interface for the Web Bridge and enable it. If you are not using the Acano clients including the WebRTC Client, skip this section. 1. If necessary, SSH into the MMP. 2. Configure the Web Bridge to listen on the Ethernet interface(s) of your choice with the following command: webbridge listen The Web Bridge can listen on multiple interfaces, i.e.
PAGE 27
Configuring the MMP 4.9 Configuring the TURN Server 1. If necessary, SSH into the MMP. 2. Configure the TURN server with the following command: turn credentials The following is an example where username is myusername, the password is mypassword and it uses the realm example.com. turn credentials myusername mypassword example.com 3.
PAGE 28
Configuring the MMP 4. Configure the TURN Server to listen on a specific interface using: turn listen The following is an example where the interface list is set to interface C but you can specific more than one interface turn listen c 5. Enable the TURN server with the following command: turn enable Acano solution: Deployment Guide R1.
PAGE 29
Dial Plan Configuration – SIP Endpoints 5 Dial Plan Configuration – SIP Endpoints 5.1 Introduction In order for the Acano solution to be integrated in a SIP, Lync and voice environment, connections need to be set up from the SIP Call Control, Voice Call Control and Lync Front End Server components to the Acano solution as shown in Figure 1 above.
PAGE 30
Dial Plan Configuration – SIP Endpoints Figure 5: Example solution for dial plan configuration As shown in the figure above, the Lync Front End Server needs a Trusted SIP Trunk to the Acano solution, configured to route calls originating from Lync clients through to Acano coSpaces, Acano client users (native and WebRTC) and also SIP video endpoints. The subdomains vc.example.com and acano.example.com should be routed through this trunk from the Lync Front End Server to the Acano solution.
PAGE 31
Dial Plan Configuration – SIP Endpoints 5.2 SIP Endpoints Dialing a Call on the Acano Solution As a starting point, consider using only SIP video endpoints and the configuration on the VCS and Acano solution to direct and host calls for these endpoints. Figure 6: Example of SIP video endpoints calling into an Acano Server hosted calls 5.2.1 SIP call control configuration This example assumes the SIP Call Control is a Cisco VCS but similar steps are required on other Call Control devices.
PAGE 32
Dial Plan Configuration – SIP Endpoints 5.2.2 VCS search rule configuration Add a search rule on the VCS to route calls to the Acano solution by following the steps below (e.g. to route any video endpoint call to a call on the Acano solution using the call prefix 88). 1. Go to VCS Configuration > Dial Plan > Search rules. 2. Give the rule a suitable name, e.g. VC EPs to Acano. 3.
PAGE 33
Dial Plan Configuration – SIP Endpoints 5.3 Media Encryption for SIP Calls The Acano solution supports media encryption for SIP connections including Lync calls. This is configured in the Configuration > Call settings page in the Web Admin Interface and allows encryption to be Required, Allowed or Forbidden for SIP calls made to or from the Acano solution.
PAGE 34
Dial Plan Configuration – Integrating Lync Clients 6 Dial Plan Configuration – Integrating Lync Clients 6.1 Lync Clients Dialing into a Call on the Acano solution This section provides the equivalent of the previous section but for Lync endpoints joining a call hosted on the Acano solution. It uses the same call number/URI: adapt the example as appropriate. Figure 7: Example Lync clients calling into Acano Server hosted calls 6.1.
PAGE 35
Dial Plan Configuration – Integrating Lync Clients  Local contact domain = vc.example.com  Trunk Type = Lync  Leave SIP Proxy to Use blank Lync clients can now dial into a call 88001 hosted on the Acano solution by dialing 88001@example.com. 6.2 Integrating SIP Endpoints and Lync Clients To allow both SIP video endpoints and Lync clients to dial into the same call, carry out the configuration in both of the previous sections.
PAGE 36
Dial Plan Configuration – Integrating Lync Clients 6.3.1 Outbound Calls page The Outbound Calls page allows you to configure an appropriate dial plan comprising a number of dial plan rules. The dial plan controls the routing of outbound calls. Each entry/rule in the dial plan matches on the Domain of the outgoing call (see below) and determines which SIP proxy to use (or whether it is a direct call). The Local Contact Domain is the domain that will be used for the contact URI for calls using this rule.
PAGE 37
Dial Plan Configuration – Integrating Lync Clients CAUTION: The default Encryption behavior R1.2 mode is Auto. This does not match pre-R1.2 behavior. Previously, all "Lync" outbound dialing rules would automatically use Encrypted mode; therefore you need to ensure that these rules are explicitly set to Encrypted mode to prevent the Call Bridge attempting to use unencrypted TCP for these connections in the event of the TLS connection attempt failing. 6.3.
PAGE 38
Dial Plan Configuration – Integrating Lync Clients The example Call forwarding rule below forwards calls for the domain lync.example.com and the routing is determined by the call routing rules. If none of the Domain Matching Patterns matches the domain of an incoming call that was not matched in the Call Matching section, the call is terminated. 6.4 Adding Point-to-Point Calls between Lync Clients and SIP Video Endpoints This section assumes the configuration described in sections 5, 6.1 and 6.
PAGE 39
Dial Plan Configuration – Integrating Lync Clients In this example:  A Lync user can dial @vc.example.com to set up a point-to-point call with a SIP video endpoint who is @vc.example.com.  A SIP video endpoint can dial @example.com to set up a point-to-point call with a Lync endpoint who is @example.com. Adapt the example as appropriate. 6.4.1 Lync Front End Server configuration To allow Lync clients to call SIP video endpoints: 1.
PAGE 40
Dial Plan Configuration – Integrating Lync Clients 6.5 Integrating Acano Clients with SIP and Lync Clients Refer to the LDAP Configuration and Web Admin Interface Settings for XMPP sections of this guide for instructions about configuring your Acano solution to use the Acano clients.
PAGE 41
Dial Plan Configuration – Integrating Lync Clients Figure 10: Call Bridge to Lync Edge Server Call Flow 4. The Front End server returns the URI of the media relay authentication server (MRAS). (The Lync Edge Server acts as a MRAS.) 5. (and 6) Call Bridge contacts the MRAS over SIP to get the Edge information for the call. The call media then flows directly between the Call Bridge and Edge’s TURN server on UDP port 3478 and returns from Edge server to the Call Bridge on a port in the ephemeral range above.
PAGE 42
Dial Plan Configuration – Integrating Lync Clients TURN / ICE role for Lync calls, and so at some level is an alternative to the TURN Server Settings above.) You also need to create a Lync user client account to set up the Acano Lync Server Edge configuration. Follow these steps to set up the Acano solution to use the Lync Edge server: 1. Ensure you have the appropriate DNS records in place. The sip._tls.yourlyncdomain.
PAGE 43
Dial Plan Configuration – Integrating Lync Clients Note: If you have a Lync Edge server configured, all Lync calls will use that server for ICE candidate gathering and external media connectivity. If you do not have a Lync Edge server configured, Lync calls handled by the Acano solution will use any configured TURN server. Acano solution: Deployment Guide R1.
PAGE 44
LDAP Configuration 7 LDAP Configuration You must have an LDAP server (currently Active Directory) to use the Acano solution. User accounts are created via an import from the LDAP server. You can create user names by importing fields from LDAP. The passwords are not cached on the Acano solution, a call is made to the LDAP server when an Acano client authenticates, and therefore passwords are managed centrally and securely on the LDAP server. 7.
PAGE 45
LDAP Configuration  Address = this is the IP address of your AD server  Port = usually 636  Username = the Distinguished Name (DN) of a registered user. You may want to create a user for this purpose  Password = the password for the user name you are connecting as  Secure Connection = select this setting for a secure connection For Example: Address: 100.133.2.44 Port: 636 Username: cn=Fred Bloggs,cn=Users,OU=Sales,dc=YourCompany,dc=com Password: password Note: From R1.
PAGE 46
LDAP Configuration Using an extensible matching rule (LDAP_MATCHING_RULE_IN_CHAIN / 1.2.840.113556.1.4.1941), it is possible to filter on membership of any group in a membership hierarchy (below the specified group); for example: (&(memberOf:1.2.840.113556.1.4.1941:=cn=apac,cn=Users,dc=MyCompany,dc=c om)(objectClass=person)) 4.
PAGE 47
LDAP Configuration It is possible to choose whether to use OU separation when importing from the LDAP server. In the Web Admin Interface, go to Configuration > Active Directory and select Restrict Search to Searcher OU to enable the search only within the OU of the user account. 7.3 Example You want to assign a coSpace to a particular group of users and a Call ID for this coSpace using an 88 prefix in front of the regular telephone number. 1.
PAGE 48
LDAP Configuration creates the following coSpace which can be viewed on the Status > Users page. Name Fred Blogs XMPP id fred.blogs@xmpp.example.com And the following coSpace that can be viewed on the Configuration > coSpace page. Name fred.blogs URI user part fred.blogs.cospace Acano solution: Deployment Guide R1.
PAGE 49
Web Admin Interface Settings for XMPP 8 Web Admin Interface Settings for XMPP This section explains how to configure the settings through which the XMPP server communicates with the other components on the Acano solution. This allows you to use Acano’s PC Client, iOS Client and WebRTC Client with the Acano solution. If you are not using the Acano clients including the WebRTC Client, skip this section. 8.
PAGE 50
Web Admin Interface Settings for XMPP 8.2 XMPP Settings 1. Ensure that you have installed a security certificate for the XMPP server – see section 3.4. 2. Ensure that you have configured the XMPP server – see section 4.7 3. Ensure that you have uploaded the license key file – see section 4.7 4. Log in to the Web Admin Interface and configure the XMPP server settings as follows: a. Go to Configuration > General. b. Set the following in the XMPP Server Settings section, (where example.
PAGE 51
Web Admin Interface Settings for XMPP 5. Go to Status > General and verify the server connection. You should see details similar to the following: 6. On a PC, install the Acano PC Client from: https://clientupgrade.acano.com/download/oBklj0sd28dl2mz/AcanoClient.application Log in to the Acano PC Client using one of the newly created user accounts. Then check that you can make calls as expected. 8.3 Client-based coSpace Creation and Editing PC Client users can create coSpaces.
PAGE 52
Web Admin Interface Settings for XMPP Note: coSpaces can also be created from the Acano solution API (see the API Reference guide) and in the Web Admin Interface Configuration > coSpaces page. Acano solution: Deployment Guide R1.
PAGE 53
Web Admin Interface Settings for the Web Bridge 9 Web Admin Interface Settings for the Web Bridge This section explains how to set up the Web Bridge server in the Web Admin Interface so that the Call Bridge can communicate with it. This allows you to use Google Chrome for WebRTC video calls. If you are testing the WebRTC client, follow the instructions below in the order provided at any time after the initial Acano solution configuration has been completed.
PAGE 54
Web Admin Interface Settings for the Web Bridge Figure 13: WebRTC Client port usage Note: * Although the port range between the TURN server and the External clients is shown as 32768-65535, currently only 50000-51000 is used. The required range is likely to be larger in future releases. 9.2 Web Bridge Settings Follow the steps in order. 1. Ensure that you have installed the Web Bridge certificate and license. 2. Ensure that you have configured the Web Bridge. 3.
PAGE 55
Web Admin Interface Settings for the Web Bridge In addition, Acano users who do not have access to a native Acano client but have an account can select the login link in the top right hand corner of the screen to sign in as they would on a native client. After signing in they see their coSpaces, and can invite participants and participate in calls - all from the WebRTC client. Note: Acano clients can be downloaded at:    PC Client Clickonce URL https://clientupgrade.acano.
PAGE 56
Web Admin Interface Settings for the TURN Server 10 Web Admin Interface Settings for the TURN Server This section explains how to set up the TURN server in the Web Admin Interface so that Call Bridge can communicate with it. The TURN server allows you to use the built-in firewall traversal technology when traversing a firewall or NAT. Follow the instructions below in the order provided at any time after the initial Acano solution configuration has been completed. 10.
PAGE 57
Web Admin Interface Settings for the TURN Server 10.2 TURN Server Settings Follow the steps in order. 1. Ensure that you have configured the TURN server. 2. Log in to the Web Admin Interface and configure the Acano solution as follows:  Go to Configuration > General.
PAGE 58
Customization, Troubleshooting, API and Logs 11 Customization, Troubleshooting, API and Logs 11.1 Customization From Release 1.1 you can customize the Acano solution in a limited way (which will be expanded in future releases). Currently you can customize the WebRTC Client login page. See the Appendix K for details. 11.
PAGE 59
Customization, Troubleshooting, API and Logs The CDR system can be used in conjunction with the Acano solution API, with the call ID and call leg IDs values being consistent between the two systems to allow cross referencing of events and diagnostics. If you are using Acano Manager, it must be your CDR receiver. See the Acano solution CDR Guide for more information. Acano solution: Deployment Guide R1.
PAGE 60
DNS Records Needed for the Acano Solution Appendix A DNS Records Needed for the Acano Solution Note: Verify that no A or SRV records already exist before defining the records below. If duplicates are created, they will “round robin” on lookups and will cause issues for existing services as well as these new services. If there are conflicts, a new DNS Zone can be defined to create isolation between the services. For example, if you already have an XMPP server in the example.
PAGE 61
DNS Records Needed for the Acano Solution  SRV record for _sip._tls..example.com set to port 5061 and resolving to host A record above that was defined for your SIP Call Control device (if used)  SRV record for _sip._tls.lyncdomain.example.com set to port 5061 and resolving to host A record above that was defined for your Lync Front End Server (if used)  SRV record for _sipinternaltls._tcp.lyncdomain.example.
PAGE 62
Ports Required Appendix B Ports Required The following diagram labels the links on which ports need to be open and shows which firewall is concerned is using a two-server deployment. However, the ports are still required between internal components of a one-server deployment. Figure 15: Ports required to be open in an Acano solution deployment The following ports are required by the Call Bridge.
PAGE 63
Ports Required SIP TCP 5060 TCP Both I, J SIP TLS 5061 TCP Both I, J, K, O SIP BFCP 5070 TCP & UDP Incoming I, J API HTTPS 443 TCP Incoming M TURN 3478 UDP Incoming D TURN 443 TCP Outgoing P STUN/RTP 32768-65535 UDP Incoming I, J, K, D STUN/RTP 1024-65535 # UDP Outgoing I, J, K STUN/RTP 32768-65535 UDP Outgoing D RDP 32768-65535 TCP Incoming K RDP 1024-65535 ++ TCP Outgoing K LDAP + 636/389 TCP Outgoing H DNS 53 UDP Outgoing G XMPP 5223 TCP
PAGE 64
Ports Required The following ports are used by the XMPP Server Function Port Type Direction Used in Link(s) XMPP Client 5222 TCP Incoming A XMPP Server 5269 + TCP Incoming C Configurable ? + This port is only required for XMPP Federation.
PAGE 65
OpenSSL Commands for Generating Certificates Appendix C OpenSSL Commands for Generating Certificates OpenSSL can be used instead of the MMP pki commands in section 3 to generate private keys, certificate signing requests and certificates. 1. Start by using the OpenSSL toolkit on your Windows PC or Linux machine to generate an RSA private key and CSR (Certificate Signing Request).  This example creates a 2048 bit key. openssl.exe genrsa -out .key 2048 2.
PAGE 66
OpenSSL Commands for Generating Certificates iii. After entering the command, a CA selection list is displayed similar to that below. Select the correct CA and select OK iv. Do one of the following:  If your Windows account has permissions to issue certificates, you are prompted to save the resulting certificate, for example as cacert.pem. Go on to the step 4 below.
PAGE 67
Issuing a Certificate Manually Appendix D Issuing a Certificate Manually The instructions in this appendix are only required if you want to issue certificates signed by a CA for any of the Acano solution components that require a certificate. (Instructions for creating and installing self-signed certificates are in section 3.) 1.
PAGE 68
Issuing a Certificate Manually d. Do one of the following:  If your Windows account has permissions to issue certificates, you are prompted to save the resulting certificate, for example as webserver.pem. Go on to the step 3 below.  If you do not see a prompt to issue the resulting certificate, but instead see a message on the command prompt window that the 'Certificate request is pending: taken under submission', then follow the steps below before going on to step 3. i.
PAGE 69
Issuing a Certificate Manually iv. The resulting signed certificate is in the Issued Certificates folder. Double-click on the certificate to open it and open the Details tab (see right). v. Click Copy to File which starts the Certificate Export Wizard. vi. Select Base-64 encoded X.509 (.CER) and click Next. vii. Browse to the location in which you wish to save the certificate, enter a name such as cacert and click Next. Acano solution: Deployment Guide R1.
PAGE 70
Issuing a Certificate Manually viii. Rename the resulting certificate to cacert.pem. 3. Transfer both the certificate file (e.g. xmpp.crt) to the MMP using SFTP. CAUTION: If you are using a CA with the Web Enrolment feature installed, you may copy the CSR text including the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines to submit. After the certificate has been issued, copy only the certificate and not the Certificate Chain.
PAGE 71
Example of Configuring a Static Route from a Lync Front End Server Appendix E Example of Configuring a Static Route from a Lync Front End Server Important Note: This appendix provides an example to be used as a guideline and is not meant to be an explicit set of instructions for you to follow. Acano strongly advises you to seek the advice of your local Lync server administrator on the best way to implement the equivalent on your server’s configuration. 1.
PAGE 72
Example of Configuring a Static Route from a Lync Front End Server Enable-CsTopology This command enables the new topology. Users may have to logout and login again to update to the new HD720p setting, all other settings are automatic and should work within a few minutes. Acano Solution Configuration 1. In the Web Admin Interface go to Configuration > Outbound Calls 2. In the blank row, for Domain, enter the Lync domain that will be matched for calls that need to be sent to Lync 3.
PAGE 73
More information on LDAP field mappings Appendix F More information on LDAP field mappings This section provides additional information for LDAP field mappings that you set up for the Acano solution.
PAGE 74
Example of Configuring a SIP Trunk to CUCM Appendix G Example of Configuring a SIP Trunk to CUCM This appendix provides an outline how to set up a SIP Trunk between the Acano Core and a Cisco Unified Communications Manager (CUCM). It assumes that you are familiar with CUCM. Prerequisites This section assumes that you have followed section 4.4; that is:  You have specified a listening interface using the MMP callbridge listen command.
PAGE 75
Example of Configuring a SIP Trunk to CUCM Note: If this fails to resolve the server will try a lookup using TCP an then UDP. The server will then perform a DNS A record lookup for the Host entered if the above SRV lookup fails to resolve using TLS, TCP or UDP.  Enter the IP address of your CUCM 4. For Local Contact Domain, enter the domain that you route to your Acano Server, e.g. acano.yourcompany.com. 5. For Local From Domain, enter the domain that you want the call to be seen as coming from.
PAGE 76
Example of Configuring a SIP Trunk to CUCM 5. Enter the Certificate Name as CallManager-trust and type in a Description. 6. Click Choose File to find your certificate. This can be the root certificate or the Acano Server’s certificate. 7. Click Upload File. Step 2: Creating a security profile If the trunk will be TCP, then use CUCM’s default security profile called Non Secure SIP Trunk when you create the SIP Trunk. To use TLS, or something other than the standard security profile, follow these steps: 1.
PAGE 77
Example of Configuring a SIP Trunk to CUCM  Device pool = The pool you want your device to belong to (as configured in System > Device Pool in CUCM)  SRTP Allowed = Select if you want media encryption (we only do media encryption if the trunk is TLS)  Outbound Calls > Calling Party Transformation CSS = Select as appropriate  Sip Information > Destination Address = The destination address e.g. acanoserver.example.com or an IP address.
PAGE 78
Configuring a SIP Trunk to an Avaya CM Appendix H Configuring a SIP Trunk to an Avaya CM This appendix provides an example of setting up a SIP trunk between the Acano Server and the Avaya Communications Manager (Avaya CM) in order to use the Avaya CM. It assumes that you are familiar with the Avaya CM and can adapt the example to your needs.
PAGE 79
Configuring a SIP Trunk to an Avaya CM 6. Click Add New. Avaya CM Configuration 1. Add a node name for the Acano signaling interface. 2. Add an Avaya Signaling Group with the following:  Group Type = SIP  Near-end Node Name = C-LAN or Processor Ethernet interface indicated in the dial plan setting in the previous section  Far-end Node Name = Node name for the Acano signaling interface created above.
PAGE 80
Configuring a SIP Trunk to an Avaya CM 3. Add an Avaya Trunk Group with the following:  Group Type = SIP  Direction = two way  Service Type = tie  Additional settings may vary, but see the examples below for possible configuration Acano solution: Deployment Guide R1.
PAGE 81
Configuring a SIP Trunk to an Avaya CM Acano solution: Deployment Guide R1.
PAGE 82
Configuring a SIP Trunk to an Avaya CM 4. Add an Avaya Route Pattern to routes calls to trunk group 105 and delete the first two digits (deletes the prefix digits 49). Acano solution: Deployment Guide R1.
PAGE 83
Configuring a SIP Trunk to an Avaya CM 5. Add a Uniform Dial Plan to provide a routing for a 6-digit number with a prefix of 49. These calls must be set to be routed to AAR tables in Avaya. 6. Add an AAR setting to routes all calls of 6 digits in length and beginning with 49 (i.e. 498320) to route pattern 105 (the Acano Trunk Group). 7. Assign an Extension and DID.
PAGE 84
Configuring a Polycom DMA for the Acano solution Appendix I Configuring a Polycom DMA for the Acano solution For calls from a Polycom DMA environment to the Acano solution, create an External SIP Peer on the Polycom DMA that will point to the Acano solution, and then configure a Dial Rule on the Polycom DMA that will direct calls to it.
PAGE 85
Configuring a Polycom DMA for the Acano solution 3. Leave the Domain List page blank (see below). 4. In the Postliminary page Header Options section configure the following (see below): a. Copy All Parameters: Checked b. Format: Use original request's To 5. In the Postliminary page Request URI options section configure the following (see below): a. Format: Original user, configured peer's Destination Network or next hop address Acano solution: Deployment Guide R1.
PAGE 86
Configuring a Polycom DMA for the Acano solution 6. In the Authentication page configure the following (see below): a. Authentication: Pass authentication b. Proxy authentication: Pass Proxy authentication 7. Click Save. Acano solution: Deployment Guide R1.
PAGE 87
Configuring a Polycom DMA for the Acano solution Creating the Dial Rule In the Polycom DMA: 8. Go to Admin > Call Server > Dial Rules > Add (see right). 9. In the Edit Dial Rule for Authorized Calls page, configure the following (see below): a. Description: Acano 10. Select Enabled. 11. Select the Acano SIP Peer in the left pane and click the arrow to move it to the Selected SIP Peers. 12.
PAGE 88
Configuring a Polycom DMA for the Acano solution You should now be able to dial from any SIP-enabled Polycom DMA endpoint to the Acano solution using the rule created. Acano solution: Deployment Guide R1.
PAGE 89
Using a Standby Acano Server Appendix J Using a Standby Acano Server The instructions in this appendix allow to both Acano Server and virtualized deployments. Backing the Currently Used Configuration 1. Establish an SSH connection to the currently used Acano Server using an SSH utility such as puTTy. 2. Issue the command backup snapshot This backup includes IP addresses, passwords and certificates into a file called name.bak.
PAGE 90
Using a Standby Acano Server 5. Enter the following command and confirm to restore from the backup file: backup rollback . This overwrites the existing configuration and reboots the Acano solution. Therefore a warning message is displayed. The confirmation is case sensitive and you must press upper case Y, otherwise the operation will be aborted. Note: It is not possible to create a backup from one type of deployment (Acano Server or virtualized) and roll it back on the other type.
PAGE 91
Using a Standby Acano Server b. Assign these certificates to their corresponding services using the following commands: callbridge certs nameofkey nameofcertificate webbridge certs nameofkey nameofcertificate webadmin certs nameofkey nameofcertificate xmpp certs nameofkey nameofcertificate webbridge trust nameofcallbridgecertificate c.
PAGE 92
WebRTC Client Custom Background Image and Logo Appendix K WebRTC Client Custom Background Image and Logo From Acano solution Release 1.1 you can specify a remote HTTP or HTTPS URL for an image that the Web Bridge will use in place of the default Acano WebRTC login image (currently of a man in a boat) in the Web RTC Client login page. You can also replace the Acano logo that appears on this login page with your own. Image Format and Size The image and the logo files should be .
PAGE 93
WebRTC Client Custom Background Image and Logo 3. Click Submit. The Call Bridge retrieves the image and pushes it to the Web Bridge to be served as the background image for the WebRTC login page. In the event of a failure (for example, if the configured URI can't be reached or the image retrieved) an alarm is displayed in the Web Admin Interface and on the API "/system/alarms" node, but users can still log in.
PAGE 94
© 2014 Acano (UK) Ltd. All rights reserved. This document is provided for information purposes only and its contents are subject to change without notice. This document may not be reproduced or transmitted in any form or by any means, for any purpose other than the recipient’s personal use, without our prior written permission. Acano and coSpace are trademarks of Acano. Other names may be trademarks of their respective owners. Acano solution: Deployment Guide R1.