User Guide
PathFinder Server Version 7.0 NOTICE
© 2005-2009 RADVISION Ltd. All intellectual property rights in this publication are owned by RADVISION Ltd and are protected by United States copyright laws, other applicable copyright laws and international treaty provisions. RADVISION Ltd retains all rights not expressly granted. This publication is RADVISION confidential. No part of this publication may be reproduced in any form whatsoever or used to make any derivative work without prior written approval by RADVISION Ltd. No representation of warranties for fitness for any purpose other than what is specifically mentioned in this guide is made either by RADVISION Ltd or its agents. RADVISION Ltd reserves the right to revise this publication and make changes without obligation to notify any person of such revisions or changes. RADVISION Ltd may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time. If there is any software on removable media described in this publication, it is furnished under a license agreement included with the product as a separate document. If you are unable to locate a copy, please contact RADVISION Ltd and a copy will be provided to you. Unless otherwise indicated, RADVISION registered trademarks are registered in the United States and other territories. All registered trademarks recognized. For further information contact RADVISION or your local distributor or reseller.
PathFinder version 7.0, June 16, 2009 Publication 7 http://www.radvision.com CONTENTS
About This Manual
Related Documentation vii Feedback vii
1 Introducing PathFinder™ PathFinder Solution Overview 2 PathFinder Components 3 Configuring Your Firewall to Work with PathFinder 3 Enterprise Deployment 4 Service Provider Deployment 5 Role of the PathFinder Server 5 Role of the PathFinder Client 6 Direct Media Connection 6 Key Benefits of the PathFinder Solution 9 Features of the PathFinder Solution 9
2 Getting Started with the PathFinder Server Physical Description 14 Front Panel 14 Rear Panel 15 Connecting to a PC 16 How to Configure PathFinder Server and Operating System Settings 17 About Additional Applications 17 Accessing The Main Menu 18
Contents iii PathFinder Administration Menu 21 Network Administration Menu 22 Backup/Restore Menu 23 System Administration Menu 24 Resetting the Secured Platform Administrator Password 28 Upgrading the PathFinder Server 29
3 Configuring the PathFinder Server Logging In 32 User Interface Overview 32 Viewing Connected Client Details 33 Viewing Connected Endpoint Details 34 Dialing Out to an IP Address 34 Disconnecting PathFinder Clients 35 Disconnecting an Endpoint 35 Viewing Current Call Details 36 Configuring General System Settings 36 Configuring H.460 Settings 39 Configuring Alerts 40 Managing Enterprise Gatekeepers 41 Configuring Enterprise Gatekeepers 41 Deleting an Enterprise Gatekeeper 42 Managing Neighbor PathFinder Servers 43 Viewing a Neighbor PathFinder Server 43 Adding a Neighbor PathFinder Server 45 Deleting a Neighbor PathFinder Server 46 Managing PathFinder Users 46 Viewing PathFinder User Details 46 Adding PathFinder Users 47 Deleting a User Profile 48 Managing Topology Islands 48 Viewing Topology Islands 48 Adding a Topology Island 48 Adding a Sub-Island 49
iv PathFinder Server User Guide Deleting a Sub-island 49 Adding Subnet Information 50 Deleting Subnet Information 50 Viewing Trap Event Logs 50 Viewing Version and Licensing Information 51 Updating the License 51
4 Technical Specifications Technical Specifications Table 53
5 Compliance and Certifications Product Safety 55 Electromagnetic Compatibility 56 Ergonomics, Acoustics and Hygienics 57 Import/Export Compliance Data 57 Setting up Environment 59 Enabling Portal Virtual Gateway 59 Configuring Security Policies 60 About Call Scenarios 61 About Call Scenarios for Dialing Private Endpoints Directly 62 About Call Scenarios for Dialing Conferences Using Auto-Attendant Entry Point 62
Contents v vi PathFinder Server User Guide ABOUT THIS MANUAL
The PathFinder Server User Guide is intended for administrators and describes how to install, configure and use the RADVISION PathFinder Server.
RELATED The PathFinder documentation set is available on the RADVISION Utilities and DOCUMENTATION Documentation CD-ROM supplied with the product and includes manuals and online helps. The manuals are in PDF format.
Note You require Adobe Reader version 5.0 or later to open the PDF files. You can download Acrobat Reader free of charge from www.adobe.com.
FEEDBACK All the team at RADVISION constantly endeavors to provide accurate and informative documentation. If you have comments or suggestions regarding improvements to future publications, we would value your feedback. Please send your comments to [email protected]. We thank you for your contribution.
About This Manual vii
1
INTRODUCING PATHFINDER™
� PathFinder Solution Overview on page 2 � PathFinder Components on page 3 � Configuring Your Firewall to Work with PathFinder on page 3 � Enterprise Deployment on page 4 � Service Provider Deployment on page 5 � Role of the PathFinder Server on page 5 � Role of the PathFinder Client on page 6 � Direct Media Connection on page 6 � Key Benefits of the PathFinder Solution on page 9 � Features of the PathFinder Solution on page 9
Introducing PathFinder™ 1 PathFinder Solution Overview
PATHFINDER Enterprises and Service Providers that want to secure network data and devices SOLUTION while taking advantage of H.323 communications across LANs, WANs and the OVERVIEW public Internet must inevitably address the issue of firewall and Network Address Translation (NAT) device traversal. Firewalls block unsolicited incoming communications from outside the local network. Most firewalls are not designed to allow video conferencing scenarios where everyone is allowed to connect to everyone. Network Address Translation (NAT) is an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations. The NAT hides the internal native IP address and thus prevents incoming video calls to the devices on the private network. The RADVISION PathFinder solution maintains the security and advantages of firewall and NAT, requires no costly upgrade to the firewall or NAT for protocol awareness, handles both near-end (local) and far end (remote destination) firewall traversal and is easy to implement and deploy. The RADVISION PathFinder solution works with the PathFinder Client and H.323 endpoints which support the ITU H.460.18 and H.460.19 standards to enable traversal of firewalls. The PathFinder Client is necessary for the support of non-H.460 compliant endpoints. For firewall traversal, PathFinder supports a proprietary RADVISION protocol and H.460.18/H.460.19. The proprietary RADVISION protocol has been supported since the first release of PathFinder and should be used in conjunction with the PathFinder Client for endpoints which do not support the H.460 standard, or in cases where the H.460 traversal does not work. H.460.18 and H.460.19 are ITU standards which define protocols for the firewall traversal of signaling and media respectively.
Note Only H.460 traversal-enabled endpoints can register with a PathFinder Server. All other endpoints must use the PathFinder Client for registration requests.
2 PathFinder Client User Guide PathFinder Components
PATHFINDER PathFinder contains two components—PathFinder Server and PathFinder Client. COMPONENTS � PathFinder Server—The core intelligent component of the solution. The PathFinder Server provides signaling and media processing for communications among private enterprise networks served by PathFinder Clients. When a PathFinder Client establishes an initial outbound connection with the PathFinder Server through a specific port of the firewall (the default port is 3089), the PathFinder Server is able to communicate with the PathFinder Client through that particular port. � PathFinder Client—A light client application that is deployed at the different sites inside the protected network. PathFinder Client can be installed on any standalone computer with a Windows operating system. PathFinder Client supports non-H460 compliant endpoints. If all the deployed endpoints support the H.460 standard, there is no need for the PathFinder Client.
CONFIGURING Table 1-1 describes the port configuration required to enable your firewall to YOUR FIREWALL TO work with PathFinder. WORK WITH PATHFINDER Table 1-1 Firewall Port Configuration
Port Type Use
1719 UDP H.460.18 RAS
2776 TCP H.460.18 Call Signaling
2776 UDP H.460.19 Media (RTP)
2777 TCP H.460.18 and H.460.19 Call Control
2777 UDP H.460.19 Media Control (RTCP)
3089 TCP/UDP Tunneling
Introducing PathFinder™ 3 Enterprise Deployment
ENTERPRISE Figure 1-1 shows how all cross-enterprise calls pass between a PathFinder Client DEPLOYMENT and the PathFinder Server. Firewalls allow connections between the PathFinder Server and each PathFinder Client while still offering uncompromised network security. For information on configuring your firewall, see Configuring Your Firewall to Work with PathFinder on page 3. An H.460-compliant endpoint should register with the PathFinder Server directly. If the H.460-compliant endpoint registers to a PathFinder Client or the main site gatekeeper, endpoint H.460 functionality is not used.
Configure your firewall to work with PathFinder Enterprise Home Worker
H.323 soft endpoint + Private DMZ PathFinder Client H.460 compliant endpoint PathFinder Server Wifi LAN 5100 The Internet 5005
PathFinder Client Remote Branch
Gatekeeper PathFinder Client
RADVISION MCU
H.460 compliant 5007 5008 5009 endpoint
Tunneled media path
Non-tunneled media path
Figure 1-1 PathFinder Enterprise Deployment
4 PathFinder Client User Guide Service Provider Deployment
SERVICE PROVIDER Figure 1-2 shows how each enterprise can use its own gatekeeper or use the DEPLOYMENT Service Provider gatekeeper. For information on configuring your firewall, see Configuring Your Firewall to Work with PathFinder on page 3.
Service Provider Configure your firewall No change to firewall Enterprise A (no gatekeeper) to work with PathFinder configuration Private DMZ PathFinder Client
PathFinder Server
H.460 compliant 5006 5007 5008 The Internet endpoint
RADVISION ECS Enterprise B (local gatekeeper)
PathFinder Client
RADVISION MCU Gatekeeper
No change to firewall configuration H.460 compliant 7001 7002 7003 No need to open ports for incoming traffic endpoint
Figure 1-2 PathFinder Service Provider Deployment
ROLE OF THE The PathFinder Server provides signaling and media processing for PATHFINDER communications among private enterprise networks served by PathFinder SERVER Clients. When a PathFinder Client establishes an initial outbound connection with the PathFinder Server through a specific port of the firewall (the default port is 3089), the PathFinder Server is able to communicate with the PathFinder Client through that particular port. The PathFinder Server has in-depth knowledge of the communication protocols used by the system and is able to modify protocols and substitute the initiator’s address with its own address, so that it acts as the call initiator to the receiving end. This eliminates the need to publish internal native enterprise IP addresses.
Introducing PathFinder™ 5 Role of the PathFinder Client
ROLE OF THE The PathFinder Client acts as the sole proxy through which internal devices PATHFINDER behind an enterprise firewall communicate with external devices. CLIENT Figure 1-3 shows a deployment of the PathFinder Client at a remote enterprise site behind the corporate firewall.
PathFinder Client
5006 5007 5008
Figure 1-3 PathFinder Client Remote Site Deployment
DIRECT MEDIA Direct media connection enables a direct media flow between endpoints without CONNECTION passing the PathFinder Server located at the main site. Direct media connection supports the following two scenarios: � Scenario 1: Direct media connection within an enterprise branch � Scenario 2: Direct media connection between enterprise branches
Scenario 1: Direct media connection within an enterprise branch In this scenario, several PathFinder Clients are deployed at the same enterprise branch. In calls between endpoints located at the same branch (but registered to different PathFinder Clients), the media goes directly between the endpoints without passing through the PathFinder Server located at the main site.
6 PathFinder Client User Guide Direct Media Connection
Enterprise Main Site Client
Private DMZ
Server 5006 5007
The 5008 Client A Internet Client B
4008
4006 4007
MCU
Tunneled media path
Un-tunneled media path
Figure 1-4 Direct Media Connection within an Enterprise Branch
In Figure 1-4 two PathFinder Clients A and B are deployed at the remote branch. In a call between endpoint 5008 (registered to PathFinder Client A) and endpoint 4008 (registered to PathFinder Client B), the media goes directly between the endpoints without going through the PathFinder Server at the main site. Support for this scenario is automatic and requires no special settings on the PathFinder Server.
Scenario 2: Direct media connection between enterprise branches In this scenario, PathFinder Clients are deployed at different branch sites. The sites are linked via a direct MPLS connection. When there is a call between the sites, the media is routed directly between the sites without passing through the PathFinder Server located at the main site.
Introducing PathFinder™ 7 Direct Media Connection
MPLS connection between the two branches Service Provider Enterprise – London Office Private DMZ
Client
Server
The 5006 5007 5008 Internet
Gatekeeper Client
MCU
4006 4007 4008
Enterprise – New York Office
Figure 1-5 Direct Media Connection Between Enterprises
In Figure 1-5 there is an MPLS connection between the London and New York branch offices. In a call between endpoint 5008 (registered to the PathFinder Client at the London office) and endpoint 4008 (registered to PathFinder Client at the New York office), the media goes directly between the endpoints without going through the PathFinder Server at the main site. To use this scenario, you need to configure a topology island on the PathFinder Server. For more information, see Managing Topology Islands on page 48.
8 PathFinder Client User Guide Key Benefits of the PathFinder Solution
KEY BENEFITS OF The key benefits of the PathFinder solution include: THE PATHFINDER � Handles firewall and NAT problems without device upgrades or security SOLUTION compromises. � Tunnels and transparently traverses firewalls and NAT devices, preserving security advantages.
� No costly upgrade to firewalls or NAT devices for protocol awareness.
� No publishing of enterprise IP addresses.
� Both near-end (local) and far-end (remote destination) firewall traversal.
� Thin PathFinder Client requires no knowledge of underlying communication protocols.
� PathFinder Client requires no upgrade to support additional protocols.
� PathFinder Client uses only one TCP or UDP port to connect to the PathFinder Server. � Suitable for service providers and enterprises. � Simplified Enterprise Gatekeeper configuration. � Easy to implement and deploy.
FEATURES OF THE The key features of the PathFinder solution include: PATHFINDER � Status Check—The PathFinder Client checks the status of the connection SOLUTION to the PathFinder Server. � Endpoint Calling—Support for calling endpoints far away from the PathFinder Client. Default extension for guest endpoint dialing into a private network. � PathFinder Client can run on Microsoft Windows Vista Business (Service Pack 1) and Microsoft Windows Vista Ultimate (Service Pack 1) � Concurrent Calls—Up to 80 2M concurrent calls. � Registered Devices—Up to 480 registered devices. � TCP or UDP—For media traversal. � Web Server Timeout—Configurable web server timeout. � Direct Media Connection—Between PathFinder Clients. � ECS Integration—The PathFinder Client can be installed on the same machine as the ECS.
Introducing PathFinder™ 9 Features of the PathFinder Solution
� Local Gatekeeper—Enterprise gatekeeper support allows deploying a local gatekeeper at the remote site. � Interoperability—Based on the H.323 standard PathFinder provides a high degree of interoperability with other H.323-compliant gateways, gatekeepers, terminals and MCU products. Interoperability with the RADVISION ECS to support calling external endpoints by dialing to an IP address from Enterprise Gatekeeper-registered endpoints. � Aliases—H.460 endpoint aliases are displayed as “Client Name” under Client Status > Connected Clients. � Web-based Management—All aspects of the PathFinder Server configuration can be viewed and modified from a remote location using a standard web browser. � T.120 Data Collaboration—PathFinder supports data transfers in calls, for legacy endpoints which are registered through the PathFinder Client, using the T.120 standard. There is no support for H.460 endpoints. � H.239 Support—PathFinder supports H.239. � H.460.18 and H.460.19 Support—Standard firewall/NAT traversal support. � Quality Of Service (QoS)—Configurable coding of media packets to achieve QoS routing priority on the IP network. The TOS bits of the IP datagram header can be configured for priority level. � Dial Plan—PathFinder provides full dial plan support. � Direct Media Connection—Ensures that media is routed directly between clients when possible. � Access Control—Access to the PathFinder user interface is password controlled. � Authentication—PathFinder Server runs on a hardened Linux Operating System (RADVISION customized kernel). The PathFinder Client must be authenticated in order to connect the server. � Security Solution—PathFinder Client contains an access control list (ACL) for the administrator to define which devices are accessible via the client. � Role Based User Management—Enables the allocation of suggested roles and default rights profiles. � AES Encryption—PathFinder supports encryption for all client-server traffic for call privacy. This includes signaling and media encryption.
10 PathFinder Client User Guide Features of the PathFinder Solution
� Scalable Solution—One client serves many endpoints, PathFinder Servers can be neighbored. Clients hunt backup servers if a primary server is unavailable. � Neighboring Server—The PathFinder Server can be neighbored thereby supporting large enterprises or firewall/NAT traversal between organizations. � URI Dialing—Enables endpoints registered with different gatekeepers or PathFinder Servers to easily call each other. Without URI dialing, all systems must be neighbored to each other. � Failover mechanism (Client Redundancy)—is activated upon system failures (Windows)
Introducing PathFinder™ 11 Features of the PathFinder Solution
12 PathFinder Client User Guide 2
GETTING STARTED WITH THE PATHFINDER SERVER
� Physical Description on page 14 � Connecting to a PC on page 16 � How to Configure PathFinder Server and Operating System Settings on page 17 � Resetting the Secured Platform Administrator Password on page 28 � Upgrading the PathFinder Server on page 29
Getting Started with the PathFinder Server 13 Physical Description
PHYSICAL The PathFinder Server comes pre-installed on an Intel server card and runs on the DESCRIPTION RADVISION secured platform, based on a Linux kernel.
FRONT PANEL The front panel of the PathFinder Server contains from left to right: a DVD ROM drive, diagnostic indicators (4), a power-on indicator, a power button, an NMI button, USB connectors (2), a hard-drive activity indicator, a video connector, a system identification button and a system status indicator.
13
discCOMPACT ReWritable ROM Ultra Speed $%&'
24567 8910
Figure 2-1 PathFinder Server Front Panel
Table 2-1 describes the front panel components of the PathFinder Server.
Table 2-1 Front Panel Components
Number Component Description
1 DVD ROM drive
2 Diagnostic indicators Used for troubleshooting.
3 Power-on indicator Lights when the unit is powered on and blinks when the unit is in sleep mode.
4 Power button Switches the unit on or off. When disabled, the power button can only switch the unit on.
5 NMI button Used for troubleshooting software and device driver errors when using certain operating systems.
6 USB connectors For connecting USB 2.0 devices to the unit.
7 Hard drive activity Flashes green when the hard drives are indicator operating.
14 PathFinder Server User Guide Physical Description
Table 2-1 Front Panel Components (continued)
Number Component Description
8 Video connector For connecting the PathFinder Server to a PC monitor. Enables you to view the operating system desktop and to monitor the applications that are active on the desktop.
9 System identification When one of these buttons is pushed, the blue button status indicators on the front and rear blink until one of these buttons is pushed again.
10 System status indicator Lights blue to indicate correct functioning. Lights amber to indicate an operational error.
REAR PANEL The rear panel of the PathFinder Server contains from left to right: a power supply connector, a keyboard connector, a mouse connector, USB connectors (2), a Kensington lock, a serial connector, a video connector, a system status indicator, a system identification button, an NIC1 connector, an NIC2 connector, expansion slots (2).
1 3 5 9 10
1
2
Gb
2 4 6 7 8 11
Figure 2-2 PathFinder Server Rear Panel
Table 2-2 describes the rear panel components of the PathFinder Server. Table 2-2 Rear Panel Components
Number Component Description
1 Power supply connector For connecting the mains power.
2 Keyboard connector A PS/2 keyboard can be connected.
3 Mouse connector For connecting a PS/2 mouse.
Getting Started with the PathFinder Server 15 Connecting to a PC
Table 2-2 Rear Panel Components (continued)
Number Component Description
4 USB connectors For connecting USB 2.0 devices to the unit.
5 Kensington lock For securing the unit.
6 Serial connector For connecting a PC terminal to manage the RADVISION secured platform system.
7 Video connector A video connector for connecting the PathFinder Server to a PC monitor. Enables you to view the operating system desktop and to monitor the applications that are active on the desktop.
8 System identification When one of these buttons is pushed, the blue button status indicators on the front and rear blinks until one of these buttons is pushed again.
9 NIC1 connector Gigabit LAN.
10 Expansion slot 1
11 Expansion slot 2
CONNECTING TO A Connect the PathFinder Server to a remote PC for initial network configuration, PC monitoring and administration.
� Procedure
1 Attach a 9-pin serial cable to the serial connector in the PathFinder rear panel. 2 Attach the other end of the 9-pin serial cable to a remote PC terminal on which a terminal emulation application such as HyperTerminal is installed. You have now created a serial connection to the PC terminal which enables you to manage the RADVISION secured platform system.
16 PathFinder Server User Guide How to Configure PathFinder Server and Operating System Settings
HOW TO � About Additional Applications CONFIGURE � Accessing The Main Menu ATH INDER P F � PathFinder Administration Menu SERVER AND � Network Administration Menu OPERATING SYSTEM SETTINGS � Backup/Restore Menu � System Administration Menu
ABOUT ADDITIONAL These additional applications are necessary: APPLICATIONS � A terminal emulation application to configure PathFinder Server and operating system settings. � A secure FTP client to transfer updated configuration files to PathFinder Clients. � A Telnet/SSH client for loading updated configuration files to your PathFinder Server. Each of these applications requires a separate set of login credentials for operation with the PathFinder Server. Table 2-3 lists the necessary credentials.
Table 2-3 PathFinder Server Login Credentials
Application Use User Name Password
Terminal emulation Configuration of PathFinder admin admin Server and operating system settings
WinSCP (secure Transfer of updated configuration uadmin admin FTP client) files to PathFinder Clients
PuTTY (Telnet/SSH Loading updated configuration admin admin client) files to your PathFinder Server
Note We highly recommend that you change the default admin user password. For more information, see for modifying the administrator password, System Administration Menu on page 24.
Getting Started with the PathFinder Server 17 How to Configure PathFinder Server and Operating System Settings
ACCESSING THE You configure PathFinder Server and operating system settings via a range of MAIN MENU menus in the terminal emulation application. After connecting PathFinder to a remote PC, you access the main menu as follows:
� Procedure
1 Start the terminal emulation application on the remote PC. 2 Set the port communication settings in the terminal emulation application on the PC as follows: � Baud rate: 19200 � Data bits: 8 � Parity: None � Stop bits: 1 � Flow control: None 3 Click OK. The following command prompt displays: Press any Key To start configuration… 4 Press any key and then select the Select RADVISION Secured Platform option.
Note If you do not make a selection within 10 seconds, the Select RADVISION Secured Platform option is activated automatically.
5 When prompted, enter a user name and password. The default user name and password are both admin. The main menu displays as shown in Figure 2-3.
18 PathFinder Server User Guide How to Configure PathFinder Server and Operating System Settings
Main menu
0. Exit 1. PathFinder administration menu 2. Network administration menu 3. Backup/Restore menu 4. System administration menu 5. Restart 6. Power off
Enter your choice or to Quit ===>
Figure 2-3 Main Menu
Getting Started with the PathFinder Server 19 How to Configure PathFinder Server and Operating System Settings
The following options are available in the main menu:
Table 2-4 PathFinder Administration Menu Options
Index Action
0 Returns display to the main menu (Figure 2-3).
1 Displays the PathFinder administration menu for viewing and modifying the status of your PathFinder Server. See PathFinder Administration Menu on page 21 for more information.
2 Displays the Network administration menu for viewing and modifying your PathFinder Server network settings. See Network Administration Menu on page 22 for more information.
3 Displays the Backup/Restore menu for backing up and restoring configuration settings for your operating system and PathFinder Server. See Backup/Restore Menu on page 23 for more information.
4 Displays the System administration menu for updating configuration settings for your operating system and PathFinder Server, for modifying the administrator password, and for restarting or turning off the PathFinder Server. See System Administration Menu on page 24 for more information.
5 Restarts the PathFinder Server.
6 Turns off the PathFinder Server.
6 Enter the number representing the required option to display the selected menu.
20 PathFinder Server User Guide How to Configure PathFinder Server and Operating System Settings
PATHFINDER In the main menu, enter 1 to display the PathFinder administration menu, as ADMINISTRATION shown in Figure 2-4. MENU PathFinder administration menu
0. Return to main menu 1. PathFinder status 2. PathFinder start 3. PathFinder stop 4. PathFinder restart 5. Reset PathFinder passwords
Enter your choice or to Quit ===>
Figure 2-4 PathFinder Administration Menu
The following options are available in the PathFinder administration menu:
Table 2-5 PathFinder Administration Menu Options
Index Action
0 Returns display to the main menu (Figure 2-3).
1 Displays the current status of the PathFinder Server (stopped or running).
2 Starts the PathFinder Server.
3 Stops the PathFinder Server.
4 Restarts the PathFinder Server.
5 Resets all PathFinder passwords to their default settings.
Getting Started with the PathFinder Server 21 How to Configure PathFinder Server and Operating System Settings
NETWORK In the main menu, enter 2 to display the Network administration menu, as shown ADMINISTRATION in Figure 2-5. MENU Network administration menu
0. Return to main menu 1. Change network configuration 2. Change DNS servers 3. Change host name 4. Change domain name 5. Show IP configuration 6. Ping 7. Add/Remove static routes
Enter your choice or to Quit ===>
Figure 2-5 Network Administration Menu
22 PathFinder Server User Guide How to Configure PathFinder Server and Operating System Settings
The following options are available in the Network administration menu:
Table 2-6 Network Administration Menu Options
Index Action
0 Returns display to the main menu (Figure 2-3).
1 Displays the PathFinder Server IP address and subnet mask, and the default gateway IP address, and allows you to modify any of these settings.
2 Displays the IP address of the current DNS server and enables you to add, modify or delete DNS server details.
3 Displays the current PathFinder Server host name and enables you to modify this name.
4 Displays the current PathFinder Server domain name and enables you to modify this name.
5 Displays the current settings for all the options available in the Network administration menu.
6 Enables you to check the network connection to a defined host.
BACKUP/RESTORE In the main menu, enter 3 to display the Backup/Restore menu, as shown in MENU Figure 2-6.
Backup/Restore menu
0. Return to main menu 1. Backup PathFinder Server configuration 2. Restore PathFinder Server configuration 3. Restore PathFinder Server 4. Backup system configuration 5. Restore system configuration
Enter your choice or to Quit ===>
Figure 2-6 Backup/Restore Menu
Getting Started with the PathFinder Server 23 How to Configure PathFinder Server and Operating System Settings
The following options are available in the Backup/Restore administration menu:
Table 2-7 Backup/Restore Menu Options
Index Action
0 Returns display to the main menu (Figure 2-3).
1 Saves your PathFinder Server configuration to a file with a name in the format
2 Displays a list of previous PathFinder Server configuration files and enables you to select the required saved configuration.
3 Enables you to restore previous versions of the PathFinder Server.
4 Saves your operating system configuration to a file with a name in the format
5 Displays a list of previous operating system configuration files and enables you to select the required saved configuration.
SYSTEM In the main menu, enter 4 to display the System administration menu, as shown ADMINISTRATION in Figure 2-7. MENU System administration menu
0. Return to main menu 1. Update system 2. Update PathFinder Server 3. Change administrator password 4. Set System Date and Time 5. Set Timezone 6. Dump system log files 7. Restart 8. Power off
Enter your choice or to Quit ===>
Figure 2-7 System Administration Menu
24 PathFinder Server User Guide How to Configure PathFinder Server and Operating System Settings
The following options are available in the System administration menu:
Table 2-8 System Administration Menu Options
Index Action
0 Returns display to the main menu (Figure 2-3).
1 Displays a list of operating system update files to be installed and asks whether or not you wish to proceed with the update.
2 Displays a list of PathFinder Server update files and enables you to select the required update file for installation. For more information, see To Update PathFinder Settings on page 25.
3 Enables you to modify the existing PathFinder Server administrator password.
4 Enables you to set the system date and time.
5 Enables you to set the system timezone.
6 Creates a log archive file with a name in the format
7 Restarts the PathFinder Server.
8 Turns off the PathFinder Server.
TO UPDATE � Transferring the Update File from your PathFinder Server to PathFinder PATHFINDER Clients Using WinSCP SETTINGS � Loading the Update File to your PathFinder Server Using PuTTY From time to time, RADVISION will send you an updated configuration file for your PathFinder Server. The file name has the format
Getting Started with the PathFinder Server 25 How to Configure PathFinder Server and Operating System Settings
� WinSCP (FTP client)—An open source SFTP client for Windows. Enables secure file transfer between a local and a remote computer, and basic file manager functionality. Uses Secure Shell (SSH) and supports Secure FTP and legacy SCP protocols. Available at http://winscp.net/eng/download.php. � PuTTY (Telnet/SSH client)—A free implementation of Telnet and SSH for Win32 and Unix platforms. Available at http://www.chiark.greenend.org.uk/~sgtatham/putty/.
TRANSFERRING THE UPDATE FILE FROM YOUR PATHFINDER SERVER TO PATHFINDER CLIENTS USING WINSCP
� Procedure
1 On the PathFinder Client host, download and run the winscp374.exe file. The WinSCP Login dialog box displays. 2 Enter the IP address of the PathFinder Server in the Host name field, and log in using the user name uadmin and the password admin. The WinSCP user interface displays. 3 Drag the new update file from the left panel to the right panel, and click Copy when prompted. 4 Close the application and confirm termination of the session to save the changes. 5 Run the PuTTY Telnet/SSH client as described at Loading the Update File to your PathFinder Server Using PuTTY.
LOADING THE UPDATE FILE TO YOUR PATHFINDER SERVER USING PUTTY
� Procedure
1 On the PathFinder Client host, download and run the putty.exe file. The PuTTY Configuration dialog box displays. 2 Enter the IP address of the PathFinder Server in the Host Name (or IP address) field.
26 PathFinder Server User Guide How to Configure PathFinder Server and Operating System Settings
3 Click Open. The PuTTY command line interface displays. 4 Log in using the user name admin and the password admin. The PathFinder main menu displays as shown at Figure 2-3 on page 19. 5 Enter 4 to access the System administration menu (Figure 2-7 on page 24). 6 Enter 2 to select the Update PathFinder Server option. The PFS update menu displays, as shown in Figure 2-8.
PFS update
Scanning for updates... List of available files: 1. pfs-menu-0.2-4r.i586.rpm
Which file do you want to install?
Figure 2-8 PFS Update Menu 7 Enter the number representing the required update. 8 Press Enter to perform the update. At the end of the update, the System administration menu automatically displays again. 9 Restart the PathFinder Server. For more information, see PathFinder Administration Menu on page 21. 10 Check PathFinder Server status. For more information, see PathFinder Administration Menu on page 21. 11 Close and re-open the PathFinder Server web user interface.
Note For more information, see Logging In on page 32.
Getting Started with the PathFinder Server 27 Resetting the Secured Platform Administrator Password
RESETTING THE SECURED PLATFORM ADMINISTRATOR PASSWORD
� Procedure
1 Attach a 9-pin serial cable to the serial connector in the PathFinder rear panel. 2 Attach the other end of the 9-pin serial cable to a PC running a terminal emulation application. You have now created a serial connection to the PC terminal which enables you to manage the RADVISION secured platform system. 3 Start the terminal emulation application on the remote PC. 4 Set the port communication settings in the terminal emulation application on the PC as follows: � Baud rate: 19200 � Data bits: 8 � Parity: None � Stop bits: 1 � Flow control: None 5 Click OK. 6 Turn on the PathFinder Server. The following command prompt displays: Press any key to continue 7 Press any key and then select the Reset admin password option. 8 When prompted, enter the default secured platform administrator user name and password. The default user name and password are both admin. The main menu displays, as shown at Figure 2-3 on page 19. 9 Enter 4. The System administration menu displays, as shown at Figure 2-7.
28 PathFinder Server User Guide Upgrading the PathFinder Server
10 Enter 3 The Change password screen displays. 11 Enter the new password and confirm. 12 Press Enter to return to the System administration menu.
Note The new password must include a mixture of letters and numbers, and must contain at least six characters.
UPGRADING THE PATHFINDER SERVER
� Procedure
1 Upload the new version RPM file to the PathFinder Server using WinSCP. 2 Log in using PuTTY The PathFinder main menu displays as shown at Figure 2-3 on page 19. 3 Enter 4 to access the System administration menu (Figure 2-7 on page 24). 4 Enter 2 to select the Update Path Finder Server option. The PFS update menu displays, as shown at Figure 2-8 on page 27. 5 Enter the number representing the required update. 6 Press Enter to perform the update. At the end of the update, the System administration menu automatically displays again. 7 Restart the PathFinder Server. For more information, see PathFinder Administration Menu on page 21. 8 Check PathFinder Server status. For more information, see PathFinder Administration Menu on page 21. 9 Close and re-open the PathFinder Server web user interface. For more information, see Logging In on page 32.
Getting Started with the PathFinder Server 29 Upgrading the PathFinder Server
30 PathFinder Server User Guide 3
CONFIGURING THE PATHFINDER SERVER
� Logging In on page 32 � User Interface Overview on page 32 � Viewing Connected Client Details on page 33 � Viewing Connected Endpoint Details on page 34 � Dialing Out to an IP Address on page 34 � Disconnecting PathFinder Clients on page 35 � Disconnecting an Endpoint on page 35 � Viewing Current Call Details on page 36 � Configuring General System Settings on page 36 � Configuring H.460 Settings on page 39 � Managing Enterprise Gatekeepers on page 41 � Managing Neighbor PathFinder Servers on page 43 � Managing PathFinder Users on page 46 � Managing Topology Islands on page 48 � Viewing Trap Event Logs on page 50 � Viewing Version and Licensing Information on page 51 � Updating the License on page 51
Configuring the PathFinder Server 31 Logging In
LOGGING IN Log in to your PathFinder Server by typing the PathFinder Server IP address followed by “:” and port 8080. For example, http://
USER INTERFACE The PathFinder Server user interface includes the following tab: OVERVIEW � Client Status—For viewing details of the PathFinder Clients that are connected to your PathFinder Server and details of the endpoints connected to each PathFinder Client. � Calls—For viewing details of all the calls currently in progress on your PathFinder Server. � Settings—For configuring general, H.460 and alerts settings. � Ent. Gatekeeper—For configuring an enterprise gatekeeper to work with PathFinder. � Neighbor Servers—For configuring and adding neighbor servers to the PathFinder system. � Users—For viewing, adding and modifying the details of users in the PathFinder system. � Topology Islands—For configuring and adding topology islands to the PathFinder system. This is used to support direct media path between clients. � Event Logs—For viewing trap event logs recorded by the PathFinder Server. � About—For viewing PathFinder Server version and licensing information.
32 PathFinder Server User Guide Viewing Connected Client Details
VIEWING Click the Client Status tab to view details of the PathFinder Clients connected to CONNECTED your PathFinder Server, and details of the endpoints connected to each CLIENT DETAILS PathFinder Client. The Client Status tab displays the following information:
Client Name Displays the names of all PathFinder Clients connected to your PathFinder Server. H.460 endpoint aliases are displayed in the Alias column of the Calls tab when the endpoint is involved in a call. For more information about naming PathFinder Clients, see Configuring a Connection to a PathFinder Server in the PathFinder Client User Guide. Click the name of a PathFinder Client to view details of the endpoints connected to it. For more information, see Disconnecting an Endpoint on page 35.
Native IP Address Displays the IP address of a connected PathFinder Client within its private network. Empty for H.460 endpoints.
Public IP Address (Organization) Displays the public IP address of the PathFinder Client. This is the IP address through which all conferencing traffic passes.
Media Indicates whether a UDP or TCP connection is being used for media traversal between the PathFinder Client and the PathFinder Server.
# of Endpoints Displays the number of endpoints connected to each listed PathFinder Client.
Configuring the PathFinder Server 33 Viewing Connected Endpoint Details
Client Version Displays the version number of each connected PathFinder Client. Empty for H.460 endpoints.
Refresh Click to update the page view. This page does not automatically refresh if additional calls are initiated by connected endpoints.
VIEWING This section describes how administrators can view details of the endpoints CONNECTED registered to PathFinder Clients. ENDPOINT DETAILS
� Procedure
1 Click the Client Status tab. 2 Click the desired Client Name link. The Connected Endpoints list is displayed.
DIALING OUT TO AN The PathFinder Server can work with the Enhanced Communication Server to IP ADDRESS offer firewall traversal support for inviting external participants to a video conference by dialing out to an IP address.
� Procedure
1 Click the Client Status tab. 2 Click the relevant client (public client) name in the Connected Clients table. The tab displays the table of endpoints connected to this client. 3 Locate the Call Signaling IP address of a virtual endpoint on your public PathFinder Client in the Registration Information/Q.931 Address column of the table. � The public PathFinder Client is identified by a green icon after the end of Client Version column on the Connected Clients page. � The alias of the virtual endpoint is displayed on the Connected Endpoints page as Agent-DialoutByIP. 4 Open the Enhanced Communication Server user interface.
34 PathFinder Server User Guide Disconnecting PathFinder Clients
5 Click the Settings tab. 6 Click the Route IP calls to check box in the Calls area. 7 Enter the Call Signaling IP address of your virtual endpoint into the Route IP calls to field. 8 Click Upload.
DISCONNECTING PATHFINDER CLIENTS
� Procedure
1 Select the PathFinder Client(s) you wish to disconnect in the Disconnect column of the Client Status table. 2 Click the Disconnect button at the bottom of the page. PathFinder does not prompt users to confirm their action. Clicking Disconnect immediately disconnects PathFinder Clients from the PathFinder Server.
DISCONNECTING AN ENDPOINT
� Procedure
1 Click the Client Status tab. 2 Click the desired Client Name link. 3 The Connected Endpoints list is displayed. 4 Click the check box next to the endpoint name. 5 Click Disconnect.
Configuring the PathFinder Server 35 Viewing Current Call Details
VIEWING CURRENT Click the Calls tab to view these details of all calls in progress: CALL DETAILS Source/Destination Displays information about the endpoint which initiated the call currently in progress and about the endpoint receiving the current call. � Native Address—Displays the call signaling address of the source/destination endpoint within its private network. � Public Address—Displays the public call signaling address of the source/destination endpoint. � Alias—Displays the source/destination endpoint alias. � Client—Displays the name of the PathFinder Client through which the source/destination endpoint registers. H.460 endpoint client names are displayed in the format “tc”+
Connection Time Displays the date and time at which a specified call was initiated by the source endpoint.
Note All times logged are based on PathFinder Server time zone settings.
Duration (minutes) Displays the current duration of a call still in progress.
Refresh Click to update the page view. This page does not automatically refresh if additional calls are initiated by connected endpoints.
CONFIGURING You can configure such general system settings as gatekeeper, NAT, Dialing URI GENERAL SYSTEM support, Quality of Service and log level. SETTINGS QoS support Enables Quality of Service (QoS) support and allows you to configure the TOS bits of the IP datagram header for Quality of Service priority level.
36 PathFinder Server User Guide Configuring General System Settings
You can either enable PathFinder logging and set the log level or disabling logging. Logs are named rvpf.log.XXX by default and stored under /home/users/admin/log. Users can retrieve log files via SFTP using the “uadmin” user name and password “admin”. You can also enable AES Encryption of all traffic between the PathFinder Client and the PathFinder Server, and between two PathFinder Servers, including signaling, media and client/server commands.
� Procedure
1 Click the Settings tab. 2 Click the General tab. 3 Enter a valid IP Address and port for the Gatekeeper with which you want PathFinder to register.
Note The Gatekeeper is deployed in the firewall’s DMZ together with the PathFinder Server. In most cases, there is no need to change the default port (1719).
Note Modifications to gatekeeper settings do not take effect until you restart the PathFinder Server.
4 Select a valid IP Address from the list which displays the IP address of your PathFinder Server. All listed IP Addresses are bound to NIC1.
Note In most cases, there is no need to change the default port (3089).
5 If NAT support is required, click the Enabled check box to enable NAT support, and enter a valid IP Address and port for the NAT device with which you want PathFinder to register.
Note NAT support is generally required when the PathFinder Server resides in the DMZ.
Configuring the PathFinder Server 37 Configuring General System Settings
6 If URI dialing is required, enter the domain name of the local gatekeeper zone or the PathFinder Server in the Local Domain Name field.
Note URI dialing makes it easier for endpoints registered with different gatekeepers or PathFinder Servers to call each other. Without URI dialing, all systems must be neighbored to each other.
7 Click Resolve on Server First check box to instruct the PathFinder Server to strip the domain name from the destination URI before forwarding an LRQ message to a destination outside the local gatekeeper zone, or before forwarding an ARQ message whose destination URI contains the domain name configured in the Local Domain Name field. 8 Set the QoS Level by clicking one of these options: � Normal—Sets the value of the DSCP field of the IP header to zero. This setting is commonly used in network communication. � Low cost—Sets the value of the DSCP field of the IP header to 0x02 to inform the network to minimize packet flow monetary cost. � Reliability—Sets the value of the DSCP field of the IP header to 0x04 to inform the network to maximize packet flow reliability. � Throughput—Sets the value of the DSCP field of the IP header to 0x08 to inform the network to maximize the packet flow throughput. � Low delay—Sets the value of the DSCP field of the IP header to 0x10 inform the network to minimize packet flow delay.
Note For more detailed information about QoS based on TOS, refer to RFC-1349.
9 Select Log Level which displays current logging settings, and allows service provider administrators to modify settings as needed. There are four levels of detail available for PathFinder system logs: � Detail—Saves call details, warnings and critical system errors to the log file. � Warning—Saves warnings issued by the system and critical system errors to the log file.
38 PathFinder Server User Guide Configuring H.460 Settings
� Error—Saves critical system errors only to the log file. � Disabled—Disables PathFinder logging. 10 Click the Enabled check box in the AES Encryption section to enable encryption. 11 Click the Enabled check box in the Third Party Management API section to enable this option. 12 Enter the length of time (in seconds) for which the web can remain idle before disconnection in the Web Page Time Out field. 13 Click Save to commit changes to the system and to notify users that a system restart is necessary for changes to take effect. 14 Click Cancel to discard any uncommitted changes made to the Settings table.
CONFIGURING You can enable the PathFinder Server to support the H.460 standard for firewall H.460 SETTINGS traversal.
� Procedure
1 Click the Settings tab. 2 Click the H.460 tab. 3 Enter native and public ports for H.460.18 RAS communication. 4 Enter native and public ports for H.460.18 Call Signaling communication. 5 Enter native and public ports for H.460.18 and H.460.19 Call Control communication.
Note Public ports must match those configured on your external firewall or NAT device residing in the DMZ.
Configuring the PathFinder Server 39 Configuring Alerts
6 Enable the Multiplex option to reduce the number of required ports by sending media and media control communication (over RTP/RTCP) via UDP ports 2776 and 2777.
Note The Multiplex option is automatically selected when NAT support is enabled in the General section of the Settings tab.
7 Click Save to commit changes to the system and to notify users that a system restart is necessary for changes to take effect. 8 Click Reboot to reboot the PathFinder Server.
Note Restarting the PathFinder Server terminates any in-session calls.
9 Click Cancel to discard any uncommitted changes made to the H.460 table.
CONFIGURING If you enabled the Third Party Management API option, configure alerts. ALERTS Currently PathFinder supports alerts only for iVIEW Suite package.
Note The “Lost GW” and “High Level CPU Meter” alerts are not supported in this version.
� Procedure
1 Click the Settings tab. 2 Click the Alerts tab. 3 Select check boxes for required alerts and select their severity level. 4 Click Save to commit changes to the system and to notify users that a system restart is necessary for changes to take effect. 5 Click Cancel to discard any uncommitted changes made to the Alerts table.
40 PathFinder Server User Guide Managing Enterprise Gatekeepers
MANAGING � Configuring Enterprise Gatekeepers on page 41 ENTERPRISE � Deleting an Enterprise Gatekeeper on page 42 GATEKEEPERS
CONFIGURING You can configure enterprise gatekeepers to work with PathFinder. ENTERPRISE There are certain scenarios in which a local gatekeeper is required at a remote GATEKEEPERS branch. In such cases, the gatekeeper deployed at the remote site manages the endpoints at the remote site, while the PathFinder Client is used for out-of-zone calls (incoming or outgoing calls) only, as shown in Figure 3-1.
Figure 3-1 Local Gatekeeper at a Remote Branch When adding an enterprise gatekeeper, a PathFinder Client user name and password must also be added. For more information about client authentication, see Adding PathFinder Users on page 47.
� Procedure
1 Click the Ent. Gatekeeper tab. 2 Click Add. 3 Enter the name of the PathFinder Client through which the enterprise gatekeeper can send and receive packets.
Configuring the PathFinder Server 41 Managing Enterprise Gatekeepers
4 Enter the native IP address of the enterprise gatekeeper.
Note For deployments in which the gatekeeper deployed at the remote site, use the gatekeeper IP address at the remote site.
5 If necessary, modify the default value (1719) for the native port that the enterprise gatekeeper uses to listen to RAS messages at the remote site. PathFinder Client at the remote site of this enterprise sends LRQ to this port once the main site gatekeeper sends the LRQ to the simulating port on PathFinder Server. The PathFinder Server chooses the simulating port dynamically the first time the PathFinder Server initializes the simulator of this enterprise gatekeeper. After the PathFinder Server has chosen the simulating port, this port is reserved for this enterprise gatekeeper. 6 Click Save. Your changes appear in the Ent. Gatekeeper tab. The Public Address field displays the PathFinder Client IP address. If the PathFinder Client is behind a NAT or other device that could change the source address of an IP packet from the PathFinder Client, the modified IP address is displayed.
DELETING AN ENTERPRISE GATEKEEPER
� Procedure
1 Click the Ent. Gatekeeper tab. 2 Click the check box next to the name for the enterprise gatekeeper you wish to delete. 3 Click Delete.
42 PathFinder Server User Guide Managing Neighbor PathFinder Servers
MANAGING Click the Neighbor Servers tab to configure Neighbor PathFinder Servers. NEIGHBOR PathFinder neighboring is used in a large enterprise environment to allow direct PATHFINDER media connection between different branches, as shown in Figure 3-2. SERVERS New Jersy Branch
Media is routed directly between branches Server Client Enterprise – Europe Office
Private DMZ
Server Gatekeeper 6001 6002 6003
4003 The Internet
Client Hong Kong Branch
Gatekeeper Server Client
MCU
Tunneled media path
Un-tunneled media path Gatekeeper 5006 5007 5008
Figure 3-2 Neighbor PathFinder Server
VIEWING A Click the Neighbor Servers tab to view information about neighbor PathFinder NEIGHBOR Servers. PATHFINDER SERVER Call Prefix The call prefix is required to access endpoints registered to the gatekeeper with which the Neighbor Server is associated. For example, if a Neighbor Server-side endpoint has an alias 5001, and the Neighbor Server has a call prefix 99, users must dial 995001 to reach the endpoint.
Server Address Indicates the Neighbor Server IP address.
Server Port Indicates the Neighbor Server port.
Configuring the PathFinder Server 43 Managing Neighbor PathFinder Servers
Connection Account Indicates the user name used by the local Server to connect to the Neighbor Server.
Ras Port Indicates the RAS port of the PathFinder Server native address. The RAS port is generated automatically.
Strip Prefix Indicates whether or not the local Server strips the prefix for outgoing calls to the Neighbor Server. If the Neighbor Server is associated with a gatekeeper which has a zone prefix you need to add another zone prefix to locate the PathFinder endpoints as ECS endpoints. If the call prefix is the same as the zone prefix of the gatekeeper at the Neighbor Server site, clear the Strip Prefix check box.
Pre-Start Indicates whether or not your local Server automatically connects to the Neighbor Server when the local Server is started or when the Neighbor Server is configured on the local Server.
Connection Timeout Indicates the length of time (in seconds) that the Neighbor Server can remain idle before disconnection.
Media Indicates whether a UDP or a TCP connection is used for media traversal between the local Server and the Neighbor Server.
Note Using a TCP connection reduces media quality and server capacity.
Connected Indicates whether or not the Neighbor Server is currently connected. You can click on the connection indication to change the connection status of the Neighbor Server.
44 PathFinder Server User Guide Managing Neighbor PathFinder Servers
ADDING A NEIGHBOR PATHFINDER SERVER
� Procedure
1 Click the Neighbor Servers tab. 2 Click Add. The Add or Update Neighbor Server Settings dialog box displays. 3 Enter a value in the Call Prefix field.
Note The call prefix is required to access endpoints registered to the gatekeeper with which the Neighbor Server is associated. For example, if a Neighbor Server-side endpoint has an alias 5001, and the Neighbor Server has a call prefix 99, users must dial 995001 to reach the endpoint.
4 Click Strip Prefix to cause the local PathFinder Server strip the prefix for outgoing calls to the Neighbor server. 5 Enter the user name used by the local Server to connect to the Neighbor Server in the Connection Account field. 6 Enter a password. 7 Re-enter the password. 8 Enter the Neighbor Server IP address in the Server Address field. 9 Enter the Neighbor Server port in the Server Port field. 10 Click Pre-Start to cause the local Server to automatically connect to the Neighbor Server when the local Server is started, or when the Neighbor Server is configured on the local Server.
Configuring the PathFinder Server 45 Managing PathFinder Users
11 Enter the length of time (in seconds) that the Neighbor Server can remain idle before disconnection in the Connection Timeout field. 12 Click either the UDP or the TCP option to define a connection type used for media traversal between the local Server and the Neighbor PathFinder Server.
Note Using a TCP connection reduces media quality and server capacity.
DELETING A NEIGHBOR PATHFINDER SERVER
� Procedure
1 Click the Neighbor Servers tab. 2 Select the neighbor PathFinder Server by clicking the check box next to its name in the Neighbor Servers table. 3 Click Delete.
MANAGING � Viewing PathFinder User Details on page 46 PATHFINDER � Adding PathFinder Users on page 47 SERS U � Deleting a User Profile on page 48
VIEWING After installation, the Users list contains a single Administrator user with admin PATHFINDER USER as the default password. Once a new user is created, users are required to supply DETAILS a valid login ID and password to view the PathFinder Server web interface. Click the Users tab to display this information: � User Name—Displays the name of the specified user.
Note A green icon to the left of a user name indicates the administrator who is currently viewing the Users tab.
46 PathFinder Server User Guide Managing PathFinder Users
� User Role—Displays the role of the specified user. The following user roles are available: � Regular User—May access the PathFinder Server web interface, but may not change settings or create new users. � Client User—Cannot access the PathFinder Server web interface. Users with this role may configure a PathFinder Client to connect to the PathFinder Server. For more information about client authentication, see Adding a Neighbor PathFinder Server on page 45. � Collaborator—Represents an external management system such as NMS. If you enable the Third Party Management API on the General tab and there is no collaborator user available in the PathFinder Server database, the PathFinder Server creates a default collaborator user. The default collaborator user name is “Collab”; the password is “balloC”. � Administrator—May view and modify the PathFinder Server web interface, and create and modify users. � Online—Indicates whether or not the specified user is currently logged in.
ADDING P ATHFINDER If no users with the role of client user exist, the PathFinder Server accepts USERS connections from any PathFinder Client on the network. In this case a PathFinder Client needs only a valid login ID not used by any other PathFinder Clients. No password is required. For added security, however, you may wish to implement client authentication by assigning users the role of client user. Once you create a user with the client user role, the PathFinder Server accepts only connections from PathFinder Clients that are configured with a valid login ID and password. All other PathFinder Client connections are refused. For more information, see Configuring a Connection to a PathFinder Server in the PathFinder Server User Guide.
� Procedure
1 Click the Users tab. 2 Click Add. The User Detail dialog box appears. 3 Enter the login ID.
Configuring the PathFinder Server 47 Managing Topology Islands
4 Enter a password. 5 Re-enter the password to confirm it. 6 Select a user role from the list. 7 Click Save. A new user is added.
DELETING A USER PROFILE
� Procedure
1 Click the Users tab. 2 Select the user by clicking the check box next to its name in the Users table. 3 Click Delete.
MANAGING � Viewing Topology Islands on page 48 TOPOLOGY � Adding a Topology Island on page 48 SLANDS I � Adding a Sub-Island on page 49 � Deleting a Sub-island on page 49 � Adding Subnet Information on page 50 � Deleting Subnet Information on page 50
VIEWING TOPOLOGY Click the Topology Islands tab to view topology islands configured for this ISLANDS PathFinder Server. For information about topology islands, see Direct Media Connection on page 6.
ADDING A TOPOLOGY ISLAND
� Procedure
1 Click the Topology Islands tab. 2 Click Add. The Topology Islands dialog box displays.
48 PathFinder Server User Guide Managing Topology Islands
3 Enter the name of the topology island. 4 Enter a description of the topology island. 5 Click Save. The new topology island is added.
ADDING A SUB-ISLAND
� Procedure
1 Click the Topology Islands tab. 2 Click Add. The Topology Islands dialog box displays. 3 Enter the name of the topology island. 4 Click Add in the Sub-Islands section. 5 Enter the name and public address of the sub-island, then click OK. 6 Click Save. The new sub-island is added.
DELETING A SUB-ISLAND
� Procedure
1 Select the sub-island that you wish to delete by clicking the check box next to the name of the required sub-island in the Sub-Islands table. 2 Click the Delete button to the right of the sub-island. The sub-island is deleted.
Configuring the PathFinder Server 49 Viewing Trap Event Logs
ADDING SUBNET INFORMATION
� Procedure
Note In order to add subnet information, you need to select a sub-island first.
1 In the Topology Islands tab, click Add. The Topology Islands dialog box displays. 2 Click the name of the required sub-island. 3 In the subnet information section, click Add. The Add Subnet dialog box displays. 4 Enter the IP address and subnet mask of the sub-island. 5 Click OK.
DELETING SUBNET INFORMATION
� Procedure
1 Select the subnet information that you wish to delete by clicking the check box next to the name of the required gatekeeper in the Topology Islands table. 2 Click the Delete button to the right of the subnet information for your sub-island.
VIEWING TRAP You can view trap event logs recorded by the PathFinder Server including the EVENT LOGS following information: � Event ID � Type � Time � Severity � Explanatory message
50 PathFinder Server User Guide Viewing Version and Licensing Information
� Procedure
1 Click the Event Logs tab. The Event Logs tab opens displaying the event logs table. 2 Click Page Up or Page Down to display hidden sections of the table. 3 Click Show All to display all logs in a single page.
VIEWING VERSION Click the About tab. AND LICENSING The following information is displayed in the About tab: NFORMATION I � Version Number—Displays the version number of the PathFinder Server. � MAC Address—Displays the MAC address of the PathFinder Server. � Serial Number—Displays the serial number of the PathFinder Server. � Expiration Date—Displays the date on which your current license expires. For demonstration versions only. � Max Connected Endpoints—Displays the maximum allowed number of connected endpoints, as determined by your license. � Max Concurrent Calls—Displays the maximum allowed number of concurrent calls, as determined by your license.
UPDATING THE The PathFinder Server comes with a temporary evaluation license which expires LICENSE on a specified date. This section describes how you can install a permanent license.
� Procedure
1 Click the About tab. 2 Click Browse. 3 In the Windows Explorer window, navigate to the file that you received when you purchased a full PathFinder license.
Configuring the PathFinder Server 51 Updating the License
4 Select the file and click Open. 5 Click the Update License button. The license file is installed on your server and PathFinder is fully licensed.
Note For information about obtaining a full permanent PathFinder license, contact RADVISION Customer Support at www.radvision.com.
52 PathFinder Server User Guide 4
TECHNICAL SPECIFICATIONS
TECHNICAL SPECIFICATIONS Table 4-1 PathFinder Server Unit Technical Specifications TABLE Processor Quad-Core Intel® Xeon® 3210 at up to 2.13 GHz
Cache 2x4M
Front Side Bus 1066MHz
Memory 2GB DDR2, 667MHz, 2x1GB Dual Ranked DIMMs
Riser Card 2 slots: 1 PCI Express x8 slot and 1 PCI Express x4 slot
Primary Hard 250 GB 7.2K RPM Serial ATA 3Gbps 3.5" Cabled Hard Drive Drive
Hard Drive Onboard SATA, 1 Drive connected to Onboard SATA Controller Configuration
Network Adapter On-Board Dual Gigabit Network Adapter
Power supply 345W non-redundant
Video Embedded ATI ES1000 with 16 MB memory
Remote Standard BMC with IPMI 1.5 support; optional DRAC 4/p for Management advanced capabilities
Technical Specifications 53 Technical Specifications Table
54 PathFinder Server User Guide 5
COMPLIANCE AND CERTIFICATIONS
� Product Safety on page 55 � Electromagnetic Compatibility on page 56 � Ergonomics, Acoustics and Hygienics on page 57 � Import/Export Compliance Data on page 57
PRODUCT SAFETY The product has been certified by the Product Safety authorities listed in Table 5-1.
Table 5-1 Product Safety Certifications
Country/Region Authority or Mark
Argentina IRAM
Canada SCC
China CNCA or CCC
European Union CE
Germany TUV
IECEE IECEE CB
Israel SII
Mexico NYCE or NOM
Compliance and Certifications 55 Electromagnetic Compatibility
Table 5-1 Product Safety Certifications (continued)
Country/Region Authority or Mark
Norway NEMKO
Russia GOST
South Africa SABS
Taiwan BSMI
United States NRTL
ELECTROMAGNETIC The product has been certified by the EMC authorities listed in Table 5-2. COMPATIBILITY Table 5-2 Product EMC Certifications
Country/Region Authority or Mark Class
Australia / ACMA or C-Tick Class A New Zealand
Canada ICES Class A
China CNCA or CCC Class A
European Union CE Class A
Israel SII Class A
Japan VCCI Class A
Norway NEMKO Class A
Russia GOST Class A
South Africa SABS Class A
South Korea MIC Class A
Taiwan BSMI Class A
United States FCC Class A
56 PathFinder Server User Guide Ergonomics, Acoustics and Hygienics
ERGONOMICS, The product has been certified by the Ergonomics, Acoustics and Hygienics ACOUSTICS AND authorities listed in Table 5-3. HYGIENICS Table 5-3 Product Ergonomics, Acoustics and Hygienics Certifications
Country/Region Authority or Mark
Germany GS
Russia GOST
IMPORT/EXPORT COMPLIANCE DATA Table 5-4 Product Trade Classification
System US Harmonized Tariff System (USHTS) 8471.50.0150 Number
System US Export Control Classification Number 4A994 (ECCN)
Compliance and Certifications 57 Import/Export Compliance Data
58 PathFinder Server User Guide APPENDIX A
CONFIGURING GUEST USER DIAL-IN AND AUTO-ATTENDANT ENTRY POINT
� Setting up Environment on page 59 � About Call Scenarios on page 61
SETTING UP � Enabling Portal Virtual Gateway on page 59 ENVIRONMENT � Configuring Security Policies on page 60
ENABLING PORTAL The default extension is usually configured to the operator extension or to the VIRTUAL GATEWAY MCU IVR. PathFinder redirects a call to the default extension when the user dials only the IP address of the public PathFinder Client without any extension.
Configuring Guest User Dial-in and Auto-Attendant Entry Point 59 Setting up Environment
� Procedure
1 Enable the portal virtual gateway on the public PathFinder Client: a Click the required public PathFinder Client interface. b Click the Advanced tab. c Click the Enable extension dialing using this client’s public IP address. d For configuring Auto-Attendant Entry Point, enter the service prefix of the Video IVR conference in the Default extension field.
Note The dial string should be of this format:
2 Verify that the portal virtual gateway is running: a Click the Client Name of the public PathFinder Client to access its Connected Endpoints tab. b Under Connected Endpoints, verify that the endpoint by the PortalvGW alias appears in the list of endpoints. You may need to wait a few minutes to let the portal virtual gateway to register itself. As soon as the portal virtual gateway appears in the list of endpoints, guest users can dial private endpoints using this portal virtual gateway.
CONFIGURING During this procedure you configure security rules that work in compliance with SECURITY POLICIES these security policies: � Default deny—The PathFinder Client restricts connections of guest users since they dial in from the public network. All guest user connections are denied on default. � Default allow—The PathFinder Client allows all guest users from the public network to dial private endpoints. � Secure Guests—The PathFinder Client allows guest users from a specific IP address or an IP address range to dial private endpoints.
60 PathFinder Server User Guide About Call Scenarios
� Deny Prior—If you configure the PathFinder Client to both allow and restrict an IP address or an IP address range, the PathFinder Client restricts this IP address or range. The "deny" rule you create by entering an IP address in the Deny pane prevails over the "allow" rule.
� Procedure
1 Access the PathFinder Client interface. 2 Click the Security tab. 3 To restrict all guest users from dialing private endpoints by default, do not enter any IP addresses in either Allow or Deny panes. 4 To allow all guest users to dial private endpoints: a Click Add in the Allow area. The Security Group dialog box opens. b Click Single IP. c Enter 0.0.0.0 in the IP address field. d Click OK. 5 To allow specific guest users to dial private endpoints: a Click Add in the Allow area. The Security Group dialog box opens. b If there is a 0.0.0.0 IP address, remove it. c To enter a single IP, click Single IP, and then enter the IP address. d To define a range of IP addresses, click From, and then enter the IP addresses that open and close the range. e Click OK. 6 Click Start Client to connect the PathFinder Client to the PathFinder Server.
ABOUT CALL Depending on whether you dial a private endpoint directly or using the SCENARIOS auto-attendant entry point to dial into a conference, you need to use one of the call scenarios described in this section. � About Call Scenarios for Dialing Private Endpoints Directly on page 62 � About Call Scenarios for Dialing Conferences Using Auto-Attendant Entry Point on page 62
Configuring Guest User Dial-in and Auto-Attendant Entry Point 61 About Call Scenarios
ABOUT CALL Use this dialing string format: SCENARIOS FOR
Dialing Example: Guest User Terminal is (Polycom VSX7000) 196.168.227.2##1460 The dialing string consists of: � The public PathFinder Client IP address � ##—The TCS-4 delimiter of Polycom VSX7000 � 1460—The final private endpoint number
Dialing Example: Guest User Terminal is TANDBERG MXP [email protected] The dialing string consists of: � 1460—The final private endpoint IP address � @—The TCS-4 delimiter of TANDBERG MXP � 196.168.227.2—The public PathFinder Client IP address
62 PathFinder Server User Guide About Call Scenarios
ABOUT CALL In this scenario a user accesses an MCU directly through the auto-attendant entry SCENARIOS FOR point. The MCU creates a Video IVR conference 1234 and displays an active DIALING conferences list, plays an audio prompt to help users to proceed the next step. CONFERENCES Generally, the user chooses an active conference index number to join that USING conference using DTMF. AUTO-ATTENDANT Use this dialing string format: ENTRY POINT
Related Topics For more information about using Video IVR, refer to the SCOPIA MCU User Guide and iVIEW Suite User Guide.
Configuring Guest User Dial-in and Auto-Attendant Entry Point 63 About RADVISION RADVISION (NASDAQ: RVSN) is the industry’s leading provider of market-proven products and technologies for unified visual communications over IP and 3G networks. With its complete set of standards based video networking infrastructure and developer toolkits for voice, video, data and wireless communications, RADVISION is driving the unified communications evolution by combining the power of video, voice, data and wireless – for high definition video conferencing systems, innovative converged mobile services, and highly scalable video-enabled desktop platforms on IP, 3G and emerging next generation networks. For more information about RADVISION, visit www.radvision.com
USA/Americas EMEA APAC T +1 201 689 6300 T +44 20 3178 8685 T +852 3472 4388 F +1 201 689 6301 F +44 20 3178 5717 F +852 2801 4071 [email protected] [email protected] [email protected]
This document is not part of a contract of license as may be expressly agreed RADVISION is registered trademarks of RADVISION, Ltd. All trademarks recognized. All rights reserved © 2009 RADVISION, Ltd.