NN44473-101 02.01 Mas14 Mas-Fundamentals

Media Application Server
Fundamentals
Release: MAS 14.0
Document Revision: 02.01
www.nortel.com
NN44473-101
.
Release: MAS 14.0
Publication: NN44473-101
Document release date: 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
While the information in this document is believed to be accurate and reliable, except as otherwise expressly
agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF
ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are
subject to change without notice.
Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
All other trademarks are the property of their respective owners.
.
3
.
Contents
New in this Release 7
Features 7
Other changes 7
Introduction 9
About MAS 9
Related books 9
Overview 11
Media Application Server 11
Network deployment options 11
Supported platform 12
License requirements 12
Web based configuration and management features 12
Packaged application support 13
Session Initiation Protocol features 13
Media processing features 13
Audio and video codecs 14
Playing and recording audio 14
Digit collection and relay methods 15
Conferencing 15
Media security 15
Media Quality of Service 15
Report generation 15
Content store 16
MAS security features 16
Conferencing services and MLPP 16
Administration 19
Element Manager overview 19
Navigating Element Manager 20
Interface features 21
Basic interface operation 22
Central authentication, authorization, and auditing 23
UCM security server roles 24

Fundamentals
NN44473-101 02.01 2 July 2010
.
4
RBAC concepts 25
Policies 30
Limit access control views 31
Certificates 31
Element status and operational controls 33
Element Status 33
Starting, stopping and restarting 33
Operational states 34
Cluster configuration and status monitoring controls 34
Cluster configuration 34
Cluster status 34
License management 34
Server licensing 35
Nodal licensing 36
Signaling configuration 36
SIP configuration 36
Media configuration 36
Quality of Service 37
Audio codecs 37
Video codecs 38
Digit relay (DTMF) 38
Media security 39
Monitoring and logging global configuration support 39
Monitoring 39
Logging 41
Application management 43
Packaged applications 43
Reporting 44
Backup and restore 44
General settings 44
Backup Tasks 44
Restore 45
Backup Destination 45
History logs 45
Media management 46
Advanced settings 46
Disaster recovery 47
Configuration fundamentals 49
Initial security configuration 49
MAS configuration work flow 49
License configuration work flow 50
Network management protocol configuration 51
SNTP 51

Fundamentals
NN44473-101 02.01 2 July 2010
.
5
SNMP 51
SOAP 52
Connection security 52
Network configuration 52
IP address assignment and traffic classes 52
QoS audio and video DSCP settings configuration 53
QoS monitoring and alerting configuration 53
SIP configuration work flow 53
Terminology 55

Fundamentals
NN44473-101 02.01 2 July 2010
.
6

Fundamentals
NN44473-101 02.01 2 July 2010
.
7
.
New in this Release

The following section details what’s new in Media Application Server
Fundamentals for release MAS 14.0:
• "Features" (page 7)
• "Other changes" (page 7)
Features
The feature impacting this document in MAS 14.0 isthe MAS on a Linux
platform. Feature related changes can be found in the following sections:
• "MAS security features" (page 16)
• "Supported platform" (page 12)
Other changes
There are no other changes in this document related to the MAS 14.0
release.

Fundamentals
NN44473-101 02.01 2 July 2010
.
8 New in this Release

Fundamentals
NN44473-101 02.01 2 July 2010
.
9
.
Introduction
This document describes the fundamental topics for Media Application
Server (MAS).
Navigation
• "Overview" (page 11)
• "Administration" (page 19)
• "Configuration fundamentals" (page 49)
• "Terminology" (page 55)
About MAS
The MAS provides a robust, scalable software platform for hosting
multimedia applications. The platform is designed for generic multimedia
processing, and is based on standard open protocols.
Related books
The following books provide more details on the MAS:
• Media Application Server Troubleshooting (NN44473-700)
• Media Application Server Documentation Roadmap (NN44473-100)
• Media Application Server Overview - Services and Features
(NN44473-102)
• Media Application Server Deployment and Engineering Guide (SEB
08-00-033)
• Media Application Server Configuration (NN44473-500)
• Media Application Server Administration and Security (NN44473-600)
• Media Application Server Fault Management (NN44473-702)

Fundamentals
NN44473-101 02.01 2 July 2010
.
10 Introduction

Fundamentals
NN44473-101 02.01 2 July 2010
.
11
.
Overview
This chapter provides an overview of what you need to know to work with
the Media Application Server (MAS).
Navigation
• "Media Application Server " (page 11)
• "Network deployment options" (page 11)
• "Supported platform" (page 12)
• "License requirements" (page 12)
• "Web based configuration and management features" (page 12)
• "Packaged application support" (page 13)
• "Session Initiation Protocol features" (page 13)
• "Media processing features" (page 13)
• "Report generation" (page 15)
• "Content store" (page 16)
• "MAS security features" (page 16)

The Media Application Server (MAS) is a software based, media
processing server. All media processing is performed in software on the
host CPU(s). The MAS architecture facilitates unique scalability for all core
functions of the platform, including signaling, application execution, content
management and media processing.
Network deployment options

Your network can be configured as a standalone system or as a cluster of
multiple servers.

Fundamentals
NN44473-101 02.01 2 July 2010
.
12 Overview
Configure the following aspects of your network from the appropriate

pages in Element Manager (EM):
• Cluster configuration (primary, secondary, standard)—see "Cluster
configuration and status monitoring controls" (page 34)
• SIP configuration (general settings, domains and accounts, nodes and
routes—see "SIP configuration" (page 36)
Supported platform
MAS is installed on one of the the following hardware types supplied by
Nortel:
• IBM HS21 (8853) with 1 or 2 hard disks and a minimum of 2GB RAM
• IBM HS20 (8843) with 1 or 2 hard disks and a minimum of 2GB RAM
• Langley HT
With the release of MAS 14.0, only the 64-bit version of Red Hat Linux is
supported, which requires compatible 64-bit hardware.
License requirements
Your maximum number of simultaneous active sessions is determined by
the number of purchased licenses. Applications will not function if they are
installed without the proper licensing.
MAS supports the following licensing models:

• Nodal licenses
Web based configuration and management features

Element Manager (EM) is a web-based administration tool that facilitates
the configuration and management of MAS.
EM allows control of the following:

• Licensing configuration
• System operational state management
• Alarm and event log viewer
• Alarm and event log configuration and filtering
• Clustering configuration
• Backup and restore
• SNMP and Syslog support
• Network multi-netting and traffic classes
• Monitoring of:

Fundamentals
NN44473-101 02.01 2 July 2010
.
Media processing features 13
— Advanced (including Component Status, Advanced Protocols,

Troubleshooting Archive Generator and Security Logs)
— Active sessions
— Operational measurements
— Session detail records
— Protocols
Packaged application support

Packaged applications are off-the-shelf applications. You can manage and
configure these applications using Element Manager.
A packaged application is installed and configured using its own installer.

The installer adds application configuration data and translations to the
MAS. As part of the installation process you need to configure license keys
for all packaged applications.
Session Initiation Protocol features

The MAS platform supports Session Initiation Protocol (SIP) for call and
session signaling. SIP provides a standard means to establish sessions,
negotiate capabilities, invoke applications, and exchange data with MAS.
SIP signaling provides generic session establishment.
The MAS platform uses SIP Transport Layer Security (TLS) for
securing SIP signaling. MAS manages a list of trusted network sources,
and signaling from non trusted sources route to a network proxy for
authentication. MAS supports a SIP trunking mode that allows reuse of
connections to and from network proxies for subsequent calls to reduce
the overhead of TLS signaling.
SIP routes define all SIP proxy and SIP registrar servers a MAS node
can communicate with. MAS uses SIP routes designated as a SIP proxy
server for routing outbound SIP requests for outbound traffic load sharing
and failover. MAS registers applications with all configured SIP registrars.
Registration is optional based on your MAS configuration and digest
authentication support.
Media processing features

MAS supports text, audio and video for most multimedia processing
features. The system is capable of streaming audio and video in a variety
of codecs and formats, fully synchronized from the server, unbuffered and
in real-time. The system can deliver text through both instant messaging
and web push methods.

Fundamentals
NN44473-101 02.01 2 July 2010
.
14 Overview
Audio and video codecs

MAS supports the following audio codecs:
• ITU-T G.711 a-law & µ-law
• ITU-T G.729A
MAS supports the following video codecs:

• NNVC (DIVX-4)
• H.263, H.263+, H.263++
Transcoding audio
MAS can transcode to and from the following audio formats:
• Linear 16-bit PCM, 8KHz Mono
• Linear 8-bit PCM, 8KHz Mono
• G.711 alaw
• G.711 ulaw
• G.729
Playing and recording audio

MAS can stream media files (also called prompts or announcements) in all
supported codecs. These files are not limited to audio.
VCR controls are available for controlling media playback

• Pause: suspend the existing request
• Resume: continue the existing request
• Adjust positive: skip ahead a specific number of milliseconds within the
existing request
• Adjust negative: skip backwards a specific number of milliseconds
within the request
• Stop: cancel the existing request
Media files are cached locally on the system and are transcoded into
temporary files. Subsequent requests for the media file use the transcoded
file and are packetized without further processing.
Files that surpass a configurable “hit” rate are pulled into memory in their
post transcoded form and packetized directly. An uncached file that is not
eligible for caching, is transcoded in real-time.

Fundamentals
NN44473-101 02.01 2 July 2010
.
Report generation 15
Digit collection and relay methods

MAS supports the most popular SIP INFO Digits formats and
RFC2833/4733 for digit relays. SIP INFO and RFC2833/7433 are fully
configurable, including preference rank.
Conferencing
MAS supports multimedia conferencing for audio and video streams in
large and small conferences.
The conferencing algorithm uses mixing, which means that you can hear
up to four parties simultaneously. Each channel runs a voice activity
detector (to determine speech vs. background noise), an automatic gain
control algorithm, and a dynamic jitter buffer with compaction and packet
loss concealment.
Media security
Media security provides the ability for the MAS to secure media streams
with cryptographic protection based on RFC 3711 (The Secure Real-time
Transport Protocol [SRTP]). SRTP is an RTP (RFC 3550) profile with
symmetrical data encryption that provides the following security services:
encryption, message integrity, and replay protection.
Media Quality of Service

MAS supports Differentiated Services (DiffServ) packet marking on
outgoing Real-time Transport Protocol (RTP) streams. The system default
is set to DiffServ Control Point (DSCP) with expedited forwarding (EF),
which is a widely supported indicator for Quality of Service (QoS)-enabled
networks carrying real-time audio and video data.
MAS contains the Telchemy VQMON agent for QoS monitoring and
RTCP-XR support for exchange of metrics. R-Factor, jitter, and loss
packet is continually monitored for each call. Calls that fall below a
configured R-Factor threshold are logged. All QoS statistics are archived
with session detail records (SDR) for analysis.
Report generation
The reporting framework is based on third-party Jasper reports, a flexible
solution which can generate complex reports. The reporting framework
enables administrators to generate reports on demand and provides
automated report generations based on a configured time schedule. The
reporting framework supports CSV, HTML, and XML reporting types.
Scheduled reports can deliver through e-mail or File Transfer Protocol
(FTP).

Fundamentals
NN44473-101 02.01 2 July 2010
.
16 Overview
Content store
MAS contains an onboard content storage feature that provides a reliable,
network accessible store for multimedia content. You can configure MAS
to replicate data across multiple content stores to provide High Availability
and redundancy.
MAS security features

MAS provides the following security features:
• secure communications using IP Security (IPSec): Secures messages
between servers.
• Public Key Infastructure (PKI): Certificates, certificate revocation,
communication using public and private keys ensure private
communications.
• user password policy rules: Rules for password length, composition,
and aging reduce unlawful user entry.
• user roles: User roles permit different levels of access to MAS, and
limit access to particular groups of functions.
• user account creation: At installation time, pre-configured or individual
Linux and EM user accounts are created, depending on the level of
security required.
• security logs: Linux audit logs, Quantum security logs, and EM security
logs track changes to the system, including users logging in to the
system and configuration changes.
Conferencing services and MLPP

Multilevel Precedence and Preemption (MLPP) provides the ability to
preempt a calll of lesser priority when a call of greater priority cannot
access the MAS conferencing services.
When a user connects to the MAS Ad Hoc conferencing service or the

MAS Meet Me conferencing service, the call can specify a precedence
level. Precedence callers hear the precedence ringback tone before the
call connects to the conference.
If a caller to the conferencing service cannot access the conference due to

lack of system resources, the call can preempt a lower priority conference
call (if one is available). When preemption occurs, the lower priority call
receives a preemption tone before the call disconnects. If there are
no calls of a lower priority, the caller receives the Blocked Precedence
Announcement.
The precedence levels (from lowest to highest level are

• Routine

Fundamentals
NN44473-101 02.01 2 July 2010
.
Conferencing services and MLPP 17
• Priority
• Immediate
• Flash
• Flash Override
Calls to conferences can also be preempted by non-conference calls.

These calls use the same priority levels. When a higher priority call
attempts to contact a person in a conference call, the person in the
conference hears a preemption tone, the conference call drops, and
the connection is made to the higher priority call. Calls at the same
precedence level as the call into the conference cannot preempt the
conference call.
For more information, see Media Application Server Overview - Services

and Features (NN44473-101).

Fundamentals
NN44473-101 02.01 2 July 2010
.
18 Overview

Fundamentals
NN44473-101 02.01 2 July 2010
.
19
.
Administration
This chapter explains Media Application Server Administration
fundamentals. For step-by-step information about MAS platform
Administration, see Media Application Server Administration and Security
(NN44473-600).
Navigation
• "Element Manager overview" (page 19)
• "Element status and operational controls" (page 33)
• "Cluster configuration and status monitoring controls" (page 34)
• "License management" (page 34)
• "Signaling configuration" (page 36)
• "Media configuration" (page 36)
• "Monitoring and logging global configuration support" (page 39)
• "Application management" (page 43)
• "Reporting" (page 44)
• "Backup and restore" (page 44)
• "Media management" (page 46)
• "Advanced settings" (page 46)
• "Disaster recovery" (page 47)
Element Manager overview

This chapter explains Element Manager (EM) fundamentals. For
step-by-step information about EM, see Media Application Server
Commissioning (NN44473-301).
EM is a web-based administration tool that facilitates the Operation,

Administration, and Maintenance (OAM) of Multimedia Applications (MA)
products running on the Multimedia Application Server (MAS). Introduced

Fundamentals
NN44473-101 02.01 2 July 2010
.
20 Administration
with the MAS product offering, EM serves as a common management

utility for configuring and managing a media server and the products (such
as MAS) that run on it.
Navigating Element Manager

The EM layout includes a branding banner, task selection pane,
breadcrumbs area, and a content area as illustrated in the following figure.
Figure 1
Element Manager interface
Management activities are performed in the content area of the page. The
displayed content is dependent on the selected top-level framework or
system element context and the task selection within this context.
The welcome page appears first after logon. It contains a welcome

message and a message to assist the administrator to begin.
The top of the content area includes the hostname and management IP
address of the component being managed. Element Manager divides
properties into categories, to which you can navigate from the menu pane.
Each category appears on a separate page. Categories are further divided
into subcategories, which appear as sections on the category page. You
can jump to a section within the page with the shortcut links at the top of
the configuration table.

Fundamentals
NN44473-101 02.01 2 July 2010
.
The branding banner area contains the image of the Nortel logo. In
addition to indicating what application you are in (for example EM), the
branding banner provides a context sensitive Help link and a Logout link.
Click the Help link to open context sensitive help in a new browser. The
Logout link logs you off of EM and returns you to the Login page.
You can perform task selection and element navigation using the three
following elements on the EM screen:
• Menu pane
• Network Navigation
• Breadcrumbs
These three components are central to the work flows that the
administrator performs for routine OAM activities. You can initiate work
flows from the menu pane. The menu pane displays a menu of tasks that
the administrator can perform in the content area. With the exception
of the network tasks, the scope of OAM activities the administrator can
perform is limited to the current element to which the administrator is
logged on to. To facilitate the management of multiple elements in the
network, You can view elements in the network with the network navigator
component and navigate to them individually to perform OAM tasks.
Finally, the administrator can find the information about the element
currently being managed and the task currently being performed with
the ability to navigate “up” the hierarchy of management screens in the
breadcrumb area.
Interface features
Initiate all tasks from the menu pane on the left side of the screen.
The items listed in the menu pane are grouped into two sections. The
top section of the menu pane contains a link to network-wide services
that can affect the operation of all network elements or network-wide
entities such as Network, User Services, Security, and Tools. The lower
section contains tasks related to the operation, administration, and
maintenance of the network element to which the administrator is logged
on. The element-level section is further divided into task groupings. The
highest-level groupings include System Status, System Configuration,
Products and Applications, Licensing, Tools, and Cluster Configuration.
Each task group contains a set of related tasks.
Tasks that an administrator must perform for MAS platform and application
administration, operations, and maintenance appear in the lower section of
the menu pane. These are grouped into six categories:
• System Status: The administrator can view current and historical
information pertaining to the status of the system with system status
tasks. These tasks include element status, cluster status, alarm
viewing, event log viewing, and monitoring. The monitoring task

Fundamentals
NN44473-101 02.01 2 July 2010
.
22 Administration
includes active session monitoring, operational measurements, and

protocol monitoring. The component status and advanced protocols
are advanced functionality therefore; they are categorized as advanced
monitoring tasks.
• Cluster Configuration: The administrator can access the server
designation, replication settings, and advanced settings.
• System Configuration: The administrator can view and modify the
MAS platform configuration. Configuration categories include general
settings, network settings, media, signaling, monitoring settings,
advanced settings, logging, and EM configuration.
• Products and Applications: This category lists all installed applications.
Expanding an application displays all tasks specific to the operation,
administration, and maintenance of that application.
• Licensing: The administrator can configure the license server and
license keys if a license server is installed on the node. Administrators
can view license server status, add and remove license keys, set
license key low water marks, and view the current users of licenses.
• Tools: The administrator can backup of system and customer data with
the back up and restore tool. The administrator can use the reports tool
to generate reports of archived OMs.
Basic interface operation

You can expand categories or higher-level tasks to reveal subtasks in the
menu pane by clicking on the expansion point that appears to the left of
the category or task label. If an item contains subitems, a plus (+) symbol
appears before it. Click the + to expand the item, displaying its contents
below it.
Click the minus (-) symbol before the label to collapse expanded items.
The expansion state of subtasks is maintained when their parent is
collapsed. For items that contain no subitems, the expansion point
appears as a minus symbol.
Click on the item label in the menu pane to select and launch the following
associated task in the content area:
• Task Category: If the category is collapsed, it is expanded. An
information screen for the task is displayed in the contents area . This
screen shows a high-level description of the category of tasks and a
brief description for each task in the category. Task names appear
as hyperlinks. A click of the task name launches the task, and is
equivalent to selecting the task from the menu pane.
• Task: The task is launched in the content area.

Fundamentals
NN44473-101 02.01 2 July 2010
.
You can start a task in a new browser window by using the right-click
menu of the Web browser. You should right-click on the task to be
performed and choose the option to open the page in a new window. A
new browser window appears with a banner area, menu pane, and task
selected in the content area.
You can scroll each section of the menu pane independently. Vertical
scrollbars appear in a section when its contents cannot be displayed
without vertical clipping. Horizontal scrollbars can also appear when the
contents of the menu pane sections cannot be displayed without horizontal
clipping. You can use the vertical line separating the menu pane and the
content and breadcrumb areas to resize the menu pane horizontally.
Some configuration items are designed to enable or disable certain

features on the page. When a feature is disabled by the administrator, any
configuration settings relevant to that feature appear grayed out on the
screen.
Use Save to save the changes to the platform. No changes are made to
the platform configuration until you click Save. Before the configuration is
stored in the MAS database, the administrator input is validated. If any
errors are detected during validation, the configuration is not saved, and
the page is redisplayed with error messages. The administrator needs to
correct these errors and click Save to save the changes. After the changes
have been saved, the administrator returns to the parent of the current
page, which is often the previous page.
If you decide not to save the changes made to the configuration, click
Cancel to cancel any changes to be made to the configuration. A click of
the cancel button returns you to the parent of the current page (usually the
previous screen) without saving any changes to the configuration.
Restore Defaults is used to restore every configuration parameter on the

screen to its default value. After a click of Restore Default, every field
displays its default value. Click Save to save the default values to the
platform.
If any error is detected on the page, an error message is displayed,

describing the problem in general. Text describing the error in detail (if
applicable) appears to the right or below the fields in question in red. The
administrator must correct the errors before resaving the page. Invalid
data is never saved.
Central authentication, authorization, and auditing

The MAS system incorporates central authentication, authorization, and
auditing.

Fundamentals
NN44473-101 02.01 2 July 2010
.
24 Administration
Authentication is the process through which UCM determines if a user can

gain access to the elements in your MAS system. Central authentication
eliminates the need to have user IDs and passwords for each product or
server. Instead, you can log on to the UCM security framework using a
single user ID and password (also known as single sign-on) to gain access
to any application or server for which the administrator has permissions.
Authorization (also known as access control) is the process of determining

and enforcing assigned privileges for an authenticated user. To provide
central authorization, UCM uses the Role Based Access Control (RBAC)
model. With this model, users see only what you authorize them to see
based on their assigned roles and permissions.
Auditing is the process by which UCM methodically measures the security

of the MAS system. To provide central auditing, UCM uses audit logging
features. The UCM framework logging feature records user activity, usage
patterns, and authorization violations. The logs collect information such as
denials, approvals, and code exceptions. Only security administrators can
view log information. On the Logs page in UCM. To navigate to the Logs
page, click Tools > Logs in the navigation pane.
UCM security server roles

You can assign one of three roles to a UCM security server in a UCM
network: Primary, Backup, or Member.
Attention: UCM server roles are different from the roles used in MAS
clustering.
A brief description of each UCM server role follows.

• Primary: Each UCM network must have one Primary security
server. The designated UCM Primary security server stores all
administrator identities, authorization data, and security configuration
data. The system must contact and query the Primary security server
for all authentication, authorization, audit logging, and certificate
management.
Only the UCM primary security server runs the private Certificate
Authority, so only the UCM primary security server can issue
certificates for new member servers. The UCM primary security
server is also the only server from which you can use the certificate
management console.
In addition, only the UCM primary security server has the write access
to all security-related data. Thus, you must configure all UCM options
on the UCM Primary security server.

Fundamentals
NN44473-101 02.01 2 July 2010
.
A UCM Primary security server contains, as part of its installation,

the primary security repository. You cannot demote the Primary to a
Backup or Member server after you configure it.
• Member: A UCM Member security server is a part of a UCM network.
A UCM Member security server must send all security requests to the
corresponding UCM Primary security server. If the Primary security
server is not available, then the network directs requests to the Backup
security server. If the Backup security server is also unavailable, then
the system displays the local login page on the UCM Member security
server to provide emergency access.
RBAC concepts
The Unified Communications Management (UCM) security framework
uses the Role Based Access Control (RBAC) model to determine a user’s
authorization. In this model, each user is identified through a unique
identity, and each identity can have one or more user accounts for different
elements. To configure access rights for user accounts, the security
administrator assigns permissions to roles, and then assigns these roles
to users.
The following figure is an example of the MAS RBAC model.

Fundamentals
NN44473-101 02.01 2 July 2010
.
26 Administration
Figure 2
Example of the MAS RBAC model

Fundamentals
NN44473-101 02.01 2 July 2010
.
Identities
In the MAS RBAC model, security administrators must assign a unique
digital identity to each user in a company. This identity contains a user’s
credentials and authorization rights. All identities are stored in security
services, and this information is used by servers or products on the
network.
Each identity can have different user accounts for different managed
elements. Security administrators can manage these identities to create,
read, update, or delete user accounts. You can manage identities on the
Administrative Users page in UCM. To navigate to the Administrative
Users page, click User Services, Administrative Users in the navigation
pane.
Accounts
The UCM security framework supports the following types of user
accounts:
• local account
• built-in account
• emergency account
• external account
Built-in accounts
UCM has one built-in account that security administrators must use to
log on to the system after installation. This built-in account is called
nortelmasadmin, and it has the following built-in roles:
• NetworkAdministrator
• PowerUser
• SecurityAdministrator
Attention: With the built-in admin account, security administrators can

add, delete, and edit managed elements; however, they cannot directly
access the management applications of the managed elements. Nortel
recommends that security administrators create new accounts and assign
roles to those accounts for access to the managed elements based on
their specific security policy requirements.

Fundamentals
NN44473-101 02.01 2 July 2010
.
28 Administration
Security administrators can also use the built-in account as an emergency

account. For more information about emergency accounts, see
"Emergency accounts" (page 28).
Emergency accounts
You must use emergency accounts to access Element Manager (EM) on a
local system if the primary or backup security servers are down or cannot
be reached. The default emergency account is nortelmasadmin, which is
the same account you use for the initial configuration of a MAS.
For information about creating emergency accounts, see Media Application

Server Administration and Security (NN44473-600).
Attention: Authorization levels do not exist for emergency accounts.

An administrator who logs on with an emergency account has full
administrator privileges. Emergency account users are not bound by
security policies defined within UCM.
UCM and EM do not store passwords for Linux accounts. When you use
an emergency account, the MAS first verifies that you have access to EM.
Authentication is then performed against the local Operating system (OS)
using the NT LAN Manager (NTLM) protocol. Nortel recommends that you
create emergency accounts that are distinct from normal administrator
accounts. To log on to EM using an emergency account, use the following
URL: http://<server FQDN>/local-login. For more information about
authenticating locally on the MAS in emergencies, see Media Application
Server Administration and Security (NN44473-600).
Local accounts
You can set up local accounts for administrators who are authenticated
locally in Unified Communications Management (UCM).
To set up a local account, you must create a local user identity and
password. The UCM security framework stores data entry and password
information for a local user account in persistent storage. You can manage
local user identities on the Administrative Users page in UCM. To navigate
to the Administrative Users page, click User Services, Administrative Users
in the navigation pane.

Fundamentals
NN44473-101 02.01 2 July 2010
.
External accounts
You can set up external accounts to allow Unified Communications
Management (UCM) to authenticate administrators with external
authentication. A MAS performs external authentication through
Lightweight Directory Access Protocol (LDAP), Remote Authentication Dial
In User Service (RADIUS), or Kerberos.
Administrators can configure only one external authentication authority

of each type (that is, LDAP, RADIUS, and Kerberos). You can configure
external accounts in UCM on the External Identity Repositories page. To
navigate to the External Identity Repositories page, click User Services
> External Authentication.
An external user has a shadow entry inside the persistent repository of the
UCM security framework. The security framework uses the shadow entry
to assign roles to the external user.
Attention: The security administrator role is not available for external

LDAP users.
Users cannot initialize or change passwords for external users through

UCM. The external authentication authorities store the external account
passwords.
Permissions
Permissions specify which management functions a user can perform on
an element. Security administrators assign permissions to roles, and then
assign these roles to users.
You can map permissions to a role on the Roles page in UCM. To

navigate to the Roles page, click Security, Roles in the navigation pane.
For information about mapping permissions, see Media Application Server
Administration and Security (NN44473-600).
Roles
Roles define a set of management functions a user can perform on an
element. Security administrators assign roles to users. You can map roles
to users on the Roles page in UCM. To navigate to the Roles page, click
Security, Roles.

Fundamentals
NN44473-101 02.01 2 July 2010
.
30 Administration
The MAS publishes a set of default roles into Unified Communications

Management (UCM). You can assign default roles to administrators, or you
can create custom roles. For information about assigning roles or creating
custom roles, see Media Application Server Administration and Security
(NN44473-600).
Policies
In the UCM security framework, users can configure policies for
passwords, security, and the sign sign-on cookie domain. You can
configure policies on the Policies page in UCM. To navigate to the Policies
page, click Security, Policies.
Password aging policy

The security administrator can specify the number of days for the following
password aging parameters:
• password expiration period
• password expiration warning
• minimum password age
Password history policy

UCM uses the password history policy to verify that a password is new.
The security administrator can define the number of previously used
passwords to reject. The default value of passwords to block is 6.
Password strength policy

Security administrators can configure the password strength policy to
define specific parameters for passwords. If a password does not meet the
required parameters, the system rejects the password.
Security administrators can specify if the password must contain a specific

number of lower case, upper case, numeric, or special characters. An
example of a special character is an exclamation mark (!). Passwords
must have a minimum of eight alphanumeric characters.
Password lockout policy

The password lockout policy allows you to specify the following:
• a limit for the number of times that a user can attempt to access UCM
• the number of minutes between consecutive invalid logon attempts
• the number of minutes to lock out users after they reach the maximum
number of failed logon attempts
A user is locked out of the UCM framework when the specified number of
logon attempts is reached. By default, the user is locked out after 5 failed
attempts.

Fundamentals
NN44473-101 02.01 2 July 2010
.
Login warning banner

Security administrators can change the text for the login warning banner
that appears when you log on to Unified Communications Management
(UCM).
Single sign-on cookie domain

When the primary and backup security servers are configured in different
domains, users can change the single sign-on (SSO) cookie domain to
ensure that the domains match. You must match the primary and backup
SSO cookie domains to ensure that you can log on to one application or
server on the MAS, and then navigate to another application or server and
remain authenticated.
Limit access control views

In the RBAC model, a user’s role determines their permissions and the
tasks available to them. By default, Element Manager (EM) hides or grays
out unauthorized tasks in the menu pane and content area.
Certificates
Unified Communications Management (UCM) uses certificates for secure
communication between a Web browser and a Web server. Certificates
are used for the following:
• Web interfacing using Secure Sockets Layer (SSL)
• Session Initiation Protocol (SIP) signaling using Transport Layer
Security (TLS)
UCM manages certificates using the X.509 standard for Web SSL, which
ensures that certificates are issued by a Certificate Authority (CA) that
binds a public key to a particular distinguished name.
You can manage certificates on the Certificate Management page in

UCM. To navigate to the Certificate Management page, click Security,
Certificates in the navigation pane. The UCM certificate management
interface supports the following:
• add, replace, and list stored certificates
• add, remove, and replace certificate association with a distinguish
name
• add, remove, and list trusted certificate authorities
• display of a list of currently revoked certificates
Certificate authorities
A Certificate Authority (CA) is a trusted entity that issues, renews, and
revokes certificates. You can use UCM to install certificates from both its
private CA or public CAs.

Fundamentals
NN44473-101 02.01 2 July 2010
.
32 Administration
The UCM security framework uses only one private CA to sign internally
generated certificates. Once UCM generates the private CA, you cannot
change it. Configuration information for the private CA on the primary
security server is typically entered during the initial security configuration.
A public CA is either an existing internal CA of the customer organization

(for example, the CA from the customer’s Information Technology (IT)
department) or an outside commercial CA (for example, Verisign or
Thawte).
Certificate types
UCM certificate management supports three types of certificates:
• Certificates signed by the private CA hosted on the UCM primary
security server. The MAS creates a private CA during the installation of
the UCM primary security server. You can use the private CA to issue
certificates to remote devices in the same security domain. When the
UCM primary security server issues a certificate and distributes it to a
remote device, the remote device automatically adds the root certificate
of the private CA to its trusted certificate list. As a result, devices that
use certificates issued by the same private CA always trust each other.
• Certificates signed by a public CA. You can use the UCM X.509
Certificate Management page to generate a Certificate Signing Request
(CSR) from a target device, and then send the CSR to a public CA
to obtain a certificate response, which contains an X.509 certificate.
You can use the UCM Certificate Management page to process the
certificate response returned from a public CA, and thereby, distribute
the X.509 certificate to the target device. To access the Certificate
Management page, click Security > Certificates.
• Self-signed certificates. A self-signed certificate is not issued by CA.
This type of certificate does not provide any authentication, and is
vulnerable to a man-in-the-middle attack. Nortel recommends that you
avoid using self-signed certificates.
SIP TLS
When UCM distributes the SIP TLS certificates that are signed by the
private CA to the Network Routing Service or SIP Gateway, the private
CA is automatically added to the trusted CA list of the Network Routing
Service or SIP Gateway. Therefore, if all the Network Routing Service and
SIP Gateway elements use certificates signed by the private CA, UCM
automatically configures mutual authentication for SIP TLS among them.

Fundamentals
NN44473-101 02.01 2 July 2010
.
Element status and operational controls 33
Web SSL
During the primary security service installation, the private CA issues a
Web SSL certificate that is installed as part of the primary security service.
Use the Web SSL certificate for the UCM Web server and the LDAP
server. The security administrator must configure the Web SSL certificate
for the primary security server by using the UCM Certificates link.
Certificate revocation lists

A certificate revocation list (CRL) is a list of certificates that are revoked
and should not be trusted.
You can use the MAS system to revoke certificates that you issued
previously, to get a list of revoked certificates, and to update the CRL.
You can manage CRLs on the Certificate Management page by clicking
the Private Certificate Authority tab and navigating to the Certificate
Revocation List (CRL) Details pane.
Element status and operational controls

The Element Status page is available from the System Status menu in EM.
It shows the following information about the element:
• Element Name
• UUID
• Server Address
• Service
• Operational State
• Version
• Element Status
• Alarm Description
Element Status
The Element Status shows the most severe alarm reported for the selected
element. For example, an element with Critical and Minor active alarms
has an overall status of Critical. An element with no alarms has a status of
Normal.
Click an element name to view alarm details for the selected element.
Starting, stopping and restarting

Use the Start, Stop, and Restart buttons to change the Service Status of
the Media Application Server respectively.

Fundamentals
NN44473-101 02.01 2 July 2010
.
34 Administration
Operational states
Use the More Actions drop-down to change the operational state of the
element to one of the following:
• More Actions
• Lock
• Pending Lock
Cluster configuration and status monitoring controls

A cluster is a collection of MAS nodes that work closely together and
essentially can be viewed as one. You must configure the hierarchy within
the cluster before you can configure the system. This activity should be
done shortly after installation.
Cluster configuration
In Server Designation, you define your primary server and all secondary
servers. The local server starts with the Primary role by default. When
defining your servers, you must provide the following information:
• Replication account username and password
• Role (primary, secondary, or standard)
• Server Address
• Server UUID
From the Replication Settings page you can enable or disable the SDR,
OM and Configuration Replications.
Advanced Settings are automatically configured based on your Server

Designations. You should not change these settings.
Cluster status
The Cluster Status page is available from the System Status menu in EM.
It shows the following information about all elements in the cluster:
• element name
• UUID
• most severe alarm status
• description for an existing alarm, if any
• element role information
License management
You can use the licensing section of Element Manager to configure
licensing information.

Fundamentals
NN44473-101 02.01 2 July 2010
.
License management 35
The following list items describe the four distinct task areas within the
licensing section, each with its own subset of tasks:
• Licensing configuration: Use this section to configure licensing (License
Server or Nodal Licensing) and to add or replace license keys.
• License utilization threshold: Use this section to set the threshold for
license usage, which is expressed as a percentage of all licenses in
use. Once this threshold is reached, a notification alarm is generated.
The default threshold value is 85%.
• License server status: Use this section to manage the license
server, and display its operational status and operational mode. The
operational status indicates whether the license server is initializing,
running, or dormant, or if the status cannot be determined. The
operational mode of the server is either Active or Standby. However, if
the license server is not running, the system cannot obtain the mode.
With the License Server Status page you can to start, stop, or restart
the license server by clicking the respective buttons located at the top
of the page. The buttons are applicable only to the License Server that
is currently being configured.
• Advanced settings: Do not reconfigure the default values in the
Advanced Settings pages. These defaults are set for optimal
performance of the MAS platform. If you think these settings need to
be changed, contact Nortel Technical Support to discuss the changes.
Reconfigure these settings only under explicit direction from Nortel
Technical Support.
Server licensing
In server licensing mode, a cluster shares licenses that float across all
its MAS nodes. To set up server licensing, you must use a Redundant
License Servers cluster licensing configuration. In this configuration, you
install license servers on the two MAS nodes in the cluster designated as
the cluster primary and secondary nodes.
Cluster primary and secondary license servers operate in the three

following states:
• Starting up: During the license server startup process, the license
server is in starting-up state, and it does not respond to any license
requests.
• Active: The server that is serving license requests is in the active state.
• Standby: The idle server is in the standby state.
Each license server broadcasts a message to its local subnet to detect its
redundant partner. It correspondingly sets itself to the active, or standby
state, depending on the state of the other server. If both servers are in
starting up state, the one with the larger IP address becomes active and

Fundamentals
NN44473-101 02.01 2 July 2010
.
36 Administration
the other becomes standby. The larger IP address is defined to be the

larger of the two integers representing the Internet standard dot notation
addresses.
When a server is in the active state, it responds to license requests from

clients and expects health check messages from the standby server. It
also broadcasts a message every 80 seconds to detect if there is any
other active server is in the subnet.
When a server is in standby state, it does not respond to license requests.

It opens a TCP/IP connection to the active server and sends out health
check messages periodically. If the active server goes down, the standby
server switches to the active state until the previously active server is
restarted and becomes active.
During the license server startup process, the license server is in the
starting-up state, and it does not respond to any license requests. After
initialization, the license server changes to the standalone state and
starts to serve license requests. You can view the license server state
information on the License Server Status page in Element Manager. To
navigate to the License Server Status page, click Licensing, License
Server Status in the navigation pane.
Nodal licensing
In Nodal licensing mode, licenses are bound to a particular MAS platform
and are not shared across MAS nodes. In this node-locked configuration,
you must configure each MAS node with its own license key. For example,
if your MAS cluster contains five MAS platforms, you need five different
licenses keys.
Signaling configuration
You can configure the SIP settings from the Signaling Configuration pages.
SIP configuration
You can configure the following from the SIP settings pages:
• General Settings
• Domains and Accounts
• Nodes and Routes
Media configuration
This section outlines the media configuration support of the MAS.

Fundamentals
NN44473-101 02.01 2 July 2010
.
Media configuration 37
Quality of Service
MAS supports Differentiated Services (DiffServ) packet marking on
outgoing Real-time Transport Protocol (RTP) streams. The system sets
the DiffServ Control Point (DSCP) to expedited forwarding (EF), which
is a widely supported indicator for Quality of Service (QoS)-enabled
networks carrying real-time audio and video data. Network routers that are
QoS-enabled examine the type of service bits in the IP header and provide
priority (with respect to routing and handling) to those packets marked
with expedited forwarding. In addition to marking packets, MAS uses high
resolution, interrupt-driven timers to drive RTP packetization at precise
intervals. MAS follows RFC 2598 which designates the EF bit pattern.
MAS uses flow specifications for each codec to identify packet delivery
characteristics to the operating system, enabling it to prioritize (internally)
packets destined to and from the network interface card (NIC). The
framework ensures that QoS marked packets sent from MAS media
processors are not dropped or delayed in their delivery to the wire. MAS
can reserve a percentage of NIC bandwidth for its media processors.
This ensures that management and signaling does not affect the quality
of the audio or video streams in use on the platform. The use of flow
specifications also offers some denial of service protection as the transport
layers discard packets (instead of attempting to process them) that do not
conform to the flow specification.
MAS contains the Telchemy VQMON agent for QoS monitoring and
RTCP-XR support. R-Factor, jitter, and packet loss are continually
monitored for each call. Calls that fall below a configured R-Factor
threshold are logged. All QoS statistics are archived with session detail
records (SDR) for analysis.
To configure QoS monitoring and streaming settings, use the System

Configuration, Media, General Settings page in Element Manager.
Audio codecs
To configure audio codec settings, use the System Configuration >
Media > Audio Codecs page in Element Manager. You can complete the
following configuration tasks for audio codecs:
• Enable or disable audio codecs. The following audio codecs are
supported:
— G.711-ULAW
— G.711-ALAW
— G.729A
— EVRC-0
— AMR

Fundamentals
NN44473-101 02.01 2 July 2010
.
38 Administration
• Configure the preferred order of enabled codecs for negotiation

(Session Description Protocol [SDP] answer) or default SDP (SDP
offer).
• Enable packet time (ptime) for each codec.
• Configure the default ptime for each codec.
Video codecs
To configure video codec settings, use the System Configuration >
Media > Video Codecs page in Element Manager. You can configure the
following video codec settings:
• Enable or disable video codecs. The following video codecs are
supported:
— H.263
— H.263+
— H.263++
— NNVC (Nortel Networks Video Codec)
• Configure the preferred order of enabled codecs for negotiation (SDP
answer) or default SDP (SDP offer).
• Enable frame rates for each codec.
• Configure the default frame rate for each codec.
• Configure the preferred format for each codec
• Configure the Annex profile for each codec (if required).
Digit relay (DTMF)

To configure digit relay, use the System Configuration > Media > Digit
Relay (DTMF) page in Element Manager. You can configure the following
digit relay properties:
• Enable or disable the dual-tone multi-frequency (DTMF) relay method.
The following DTMF relay methods are supported:
— INFO digits
— RFC2833/4733
• Configure the preferred order of enabled DTMF relay methods for
negotiation (SDP answer) or default SDP (SDP offer).
• Configure the RFC2833 payload type. Nortel recommends that you
select the default payload type, which is determined dynamically.
However, some clients require a fixed payload type.

Fundamentals
NN44473-101 02.01 2 July 2010
.
Media security
To configure media security settings, use the System Configuration >
Media > Media Security page in Element Manager.
Secure SIP signaling is provided by employing SIP Transport Layer

Security (TLS), which is supported by the Radvision stack. In addition, the
MAS manages a list of trusted network elements and rejects (redirect to
network proxy) any signaling requests from nontrusted nodes.
Media security provides the ability for the MAS to secure media streams
with cryptographic protection based on RFC 3711 (The Secure Real-time
Transport Protocol [SRTP]). SRTP is an RTP (RFC 3550) profile with
symmetrical data encryption that provides the following security services:
encryption, message integrity, and replay protection. Secure RTCP
(SRTCP) provides the same security services to RTCP as SRTP does to
RTP. SRTP message authentication protects the RTCP fields that keep
track of membership, provide feedback to RTP sends, or maintain packet
sequence counters. M5T SRTP stack is used to deliver the media security
feature.
SRTP/SRTCP uses a master key and a master salt to derive a session

encryption key, session authentication key, and a session salt key for
media encryption. The master keys are exchanged and negotiated through
Session Description Protocol (SDP) with key management protocol
extension. Several key management protocol extensions are defined for
SRTP. RFC 4568 (Session Description Protocol Security Descriptions for
Media Streams) is supported in this release.
Monitoring and logging global configuration support

This section outlines the monitoring and logging global configuration
support of the MAS.
Monitoring
This section outlines the monitoring global configuration support for the
MAS.
Event logs
An event log is a historical view of events that occurred on the system.
Event logs have the following severity levels:
• Alert
• Critical
• Major
• Minor
• Emergency

Fundamentals
NN44473-101 02.01 2 July 2010
.
40 Administration
• Error
• Warning
• Info
• Debug
• Indeterminate
• Notice
You can enable and configure Event log throttling for an event so that only
the most recent event log and contents are buffered. The most recent log
is generated when the Throttle Check Interval property is exceeded along
with an instance count for that event. Log throttling prevents the event logs
from being flooded with recurring events.
To view event logs in Element Manager, choose System Status, Event

Logs. You can filter event logs by identifier, date, severity, and class. The
following table describes the fields that are displayed for each event log.
Table 1
Event log fields
Field Description
Id Identifier assigned to the event log.
Severity The severity type of the event log (alert, critical,
major, minor, emergency, error, warning, info, debug,
indeterminate). In addition, a colored icon represents
the log severity type. Red indicates an error event
log, yellow indicates a warning event log, and white
indicates informational event log.
Date and Time The timestamp of when the event is logged. The date
and time when the event is last reported. By default,
the table is sorted so the most recent event appears
at the top of the table.
Class The class of the event. Available classes include
Audit, Configuration, Data, Fault, Information,
Maintenance, Metrics, Security, and State.
Description A description of the event log. To view further details
about the event log, click the option button beside the
applicable event ID. The details appear in the bottom
portion of the page.
Operational measurements
The following types of operational measurements are supported:
• Counters: Counters are used to record and track activity on the system.
An example of a counter would be the total number of calls over the
life of the system. Counters are named registers that start from zero

Fundamentals
NN44473-101 02.01 2 July 2010
.
and increment upward only. Counters are only incremented, never

decremented. A counter can increment in chunks of any size. Counters
reset automatically after a component restarts.
• Gauges: Gauges provide real-time information about the running
system. An example of a gauge would be the number of active calls
at any point in time during the life of the system. Gauges can be
incremented and decremented.
Selected operational measurements are archived to the local platform

archive database and are stored in the Statistics table. Archived
operational measurements are typically processed or analyzed later using
the historical reports in Reporter. Archived operational measurements
can be replicated to the primary and secondary node in a cluster so that
operational measurements can be consolidated for cluster-wide historical
reports. Operational measurements written to the Statistics table can be
viewed in Element Manager (System Status, Monitoring, Operational
Measurements), and the following table shows how information is
displayed.
Table 2
Selected operational measurements details
Field name Description
Category Category or type of operational
measurement.
Name Operational measurement counter or
gauge name.
Current Value Current value of the operational
measurement.
Previous Value Value recorded during last interval.
Previous Interval Low Water Mark Low value recorded during last
interval.
Previous Interval High Water Mark High value recorded during last
interval.
Interval Value Value of interval time.
Previous Interval Duration (sec) Interval duration. The default is 900
sec. (15 minutes).
Logging
This section outlines the logging global configuration support for the MAS.
System diagnostics
You can place the system in diagnostic mode for logging by selecting the
Enable System Diagnostic Mode check box on the System Configuration,
Logging, System Diagnostic page in Element Manager.

Fundamentals
NN44473-101 02.01 2 July 2010
.
42 Administration
Attention: Enabling the system diagnostic mode can cause system

performance degradation.
SysLog
SysLog is a standard for forwarding log messages in an IP network. The
MAS platform optionally supports SysLog over User Datagram Protocol
(UDP) for the delivery of logs and alarm history to one or more SysLog
server destinations.
To enable or disable SysLog delivery, use the SYSLOG Delivery of Logs

property (found in the Element Manager). To configure one or more
SysLog server destinations, use the SYSLOG Destination Server List
property (found in the Element Manager). You can enter the IP address
of the SysLog server.
Session logging
Configure the following SDR properties under the System Configuration >
Logging > Session Logging section of Element Manager:
• Session Detail Record Archiving: This check box enables or disables
the archiving of session detail records. The default is enabled.
• Session Detail Record Archive Minimum Record Age (Days): Session
detail records older than configured days are removed when cleanup is
initiated. The default is 90 days.
• Session Detail Record Archive (Detail Records): The maximum number
of session detail records before cleanup is initiated. The default is 1
296 000 records. Approximately 5k of storage is required for each
SDR.
The MAS creates a Session Detail Record (SDR) for each individual
session that originates from or terminates to the platform. An SDR
includes detailed information about each session, which you can use for
tracking and billing purposes.
The platform archives all SDR to the local platform database. These
archived records are used by the platform to generate reports. The
platform ensures that the archive does not grow too large by deleting
old records based on the configuration. You can view records in either
real-time or in historical reports. Archived SDRs can be replicated to the
primary and secondary node in a cluster so that SDRs can be consolidated
for cluster-wide historical reports.

Fundamentals
NN44473-101 02.01 2 July 2010
.
Application management 43
Operational measurements logs

The platform archives selected operational measurements to the local
platform database. The platform uses these archived operational
measurements to generate reports. The platform ensures that the archive
does not grow too large by deleting old records based on the configuration.
Configure the following operational measurements properties under the

System Configuration, Logging, OMs section of Element Manager:
• Archive Operational Measurements: This check box enables or
disables the archiving of operational measurements. The default is
enabled.
• Operational Measurement Archive Minimum Record Age: Operational
Measurements older than the configured number of days are removed
when cleanup is initiated.
• Operational Measurement Archive Size: The amount of archived
operational measurements data to store before cleanup is initiated.
• Operational Measurement Reset Interval: The interval in minutes
when operational measurements are archived and reset. A value of 0
disables the reset feature. The default is every 15 minutes.
Debug logging
You can find the following settings related to debug logging in the System
Configuration, Logging, Debug section of Element Manager.
You can enable or disable Platform debug logging using Element

Manager; a restart of the platform is not required. The system stores
Debug logs in the directory <BASEDIR>\common\logs, where <BASEDIR>
is the directory in which the system installs software. The default directory
is /var/mcp. The system also creates trace files for each platform
component.
Application management
Packaged applications can be deployed on MAS.
Packaged applications
A packaged application is installed and configured using its own installer.
The installer adds application configuration data and translations to the
MAS. As part of the installation process you need to configure license keys
for all packaged applications.
Packaged applications can only be installed after the MAS has been
installed and configured.

Fundamentals
NN44473-101 02.01 2 July 2010
.
44 Administration
Use the EM to view installed packaged applications, their version and

operational state. Packaged applications are found under Products and
Applications, Custom Applications.
Reporting
To configure reporting settings, use the Tool > Reports page in Element
Manager.
MAS includes a report generation framework and 3rd party reporting

framework based on Jasper reports.
Backup and restore

It is important to back up your data to ensure that you can restore your
original data if it is lost.
You can perform backup and restore tasks on the Backup and Restore
page in Element Manager (EM). To navigate to the Backup and Restore
page, click Tools, Backup and Restore. This page includes the following
task categories:
• General settings
• Backup Tasks
• Restore
• Backup Destination
• History Log
General settings
When you backup or restore your data, all actions are logged in a log file.
You can set the value of "Store history and log files up to" parameter to
define the duration for store history. The log file refreshes after the defined
duration, that is, after this duration, the history will not be stored in the log
file.
Backup Tasks
To back up your data, you must first define a backup task and then specify
a schedule.
A backup task specifies what to back up and where to store the backup
data. You can manage backup tasks on the Backup Tasks page in
Element Manager. To navigate to the Backup Tasks page, click Tools,
Backup and Restore, Backup Tasks. On the Backup Tasks page, you can
add a new backup task, and edit or delete an existing backup task.

Fundamentals
NN44473-101 02.01 2 July 2010
.
Backup and restore 45
After you create a backup task, you must specify a backup schedule.
You can run backup tasks manually or schedule the backup tasks to
run immediately, once, daily, weekly, or monthly. You can also use the
Backup Tasks page to schedule multiple tasks. Each task runs at the
next specified start time. The Backup Tasks page shows you when the
next scheduled backup is supposed to occur, as well as details about the
schedule frequency and the backup destination.
Restore
You can choose the backup source that you want to restore on the
Restore page in Element Manager (EM). To navigate to the Restore page,
click Tools,> Backup and Restore, Restore in the navigation pane.
The backup source can be the following:

• the default backup destination, which is the local folder on the MAS
Server where backups are stored
• an uploaded backup file, which can be located on your computer or in a
folder on the network
The Restore page shows details about the backup, such as the name of
the task, the type of backup, and the date when the back up last occurred.
Attention: Note that the restore process may take a while, during which
time EM is offline and closes the connection to all users until the process
is complete. It is the administrator’s responsibility to inform users when the
system is back up and running. During the restore, the system cannot take
calls. If a restore is completed without errors, the backup file is deleted;
otherwise, the backup file remains on the server.
Backup Destination
The Backup Destination specifies the location of the backup file.
History logs
The backup/restore history log shows the status of backup or restore tasks
and assists you in resolving errors. You can view the history log on the
History Log page in Element Manager (EM). To navigate to the History Log
page, click Tools, Backup and Restore, History Log.
The history log shows the task name, type, and status; the time when
the task is performed; the time to complete the task; and the size of the
backup data. On the History Log page, you can export the log file in HTML
format to a local folder of your choice.

Fundamentals
NN44473-101 02.01 2 July 2010
.
46 Administration
To customize the history log, you can do the following:

• Use the View list to filter your tasks. The options are show all tasks,
backup tasks only, or restore tasks only. The default is all tasks.
• Use the Refresh Interval list to select the refresh interval for the history
log. The default value is set at 30 seconds.
• Click a header link to sort the list in ascending or descending order.
Media management
On the Media Management page, you can manage media files of many
formats, including sound, video, .xml, plain text, or zipped files. To
navigate to the Media Management page, log on to Element Manager (EM)
and click Tools, Media Management in the navigation pane.
You can perform the following actions on media files:

• upload
• rename
• copy
• move
• search
• download
• delete
In EM, you can organize media into content namespaces and content
groups. Use content namespaces to divide media into logical containers.
Use content groups to subdivide the media in a content namespace into
logical groups.
You can initially provision a content namespace by using one .zip file for
the whole content namespace or by creating one content group at a time.
After the media file is uploaded, EM displays it in a tree view. The root of
the tree is the content namespace and individual content groups appear
below it with + or - icons before their names. EM displays the namespace,
and the content groups in the left pane, and the media files contained in
the selected content group in the right pane. The media file list includes
the file name, content type, and size of the file; the time initially created;
the time last modified; and the version information. You can browse
content namespaces and add, rename, or delete content groups.
Advanced settings
Access the Advanced Settings page from Cluster Configuration, Advanced
Setting. These values are automatically configured based on changes
made on the Server Designation page.

Fundamentals
NN44473-101 02.01 2 July 2010
.
Disaster recovery 47
Disaster recovery
You can recover the primary server to restore critical operations if you
experience a disaster situation.
To ensure successful recovery, you must implement a disaster recovery

plan when you configure a Media Application Server (MAS). To plan for
disaster recovery, follow these best practices:
• Designate the secondary server in a different location than the primary
server to protect the secondary server from natural or user-induced
disasters that affect the primary server.
• Create an off-site location to protect the backup system from natural or
user-induced disasters that affect the primary system.
• Create a full backup task to ensure successful recovery of all data if a
disaster situation occurs.
• Define a daily backup schedule to ensure successful recovery of
up-to-date data if there is a disaster situation.
If you experience a disaster situation, you must restore the primary server
to reestablish critical operations. This operation involves installing the
Media Application Server (MAS) software on a primary MAS server. Then,
you must restore the latest full backup.
For more information about Disaster recovery procedures, see Media

Application Server Administration and Security (NN44473-600).

Fundamentals
NN44473-101 02.01 2 July 2010
.
48 Administration

Fundamentals
NN44473-101 02.01 2 July 2010
.
49
.
Configuration fundamentals
This chapter explains Media Application Server configuration
fundamentals. For step-by-step information about how to perform the
initial configuration of the MAS platform, see Media Application Server
Configuration (NN44473-500).
Navigation
• "Initial security configuration" (page 49)
• "License configuration work flow" (page 50)
• "MAS configuration work flow" (page 49)
• "Network management protocol configuration" (page 51)
• "Network configuration" (page 52)
• "QoS monitoring and alerting configuration" (page 53)
• "SIP configuration work flow" (page 53)
Initial security configuration

The MAS configures the initial login and emergency account details upon
installation. This information is required for you to access your servers and
complete the security configuration.
Use your User ID and Password for your installed operating system to
access UCM the first time. You are required to change these once you
have accessed your Primary server.
MAS configuration work flow

Configure a MAS as the primary server in a cluster. A primary server hosts
the content store and licensing.
By default on the Server Designation page, the Local Server (localhost) is

always the first server listed on the page and cannot be removed. The role
is set to Primary; however, the role of the local server can be changed.

Fundamentals
NN44473-101 02.01 2 July 2010
.
50 Configuration fundamentals
A standalone configuration includes only a primary server to configure. No

secondary or standard servers require configuration.
Figure 3
MAS Configuration work flow
License configuration work flow

License servers are used in cluster configuration. In a cluster, the license
servers reside only on the primary and secondary servers in the cluster.
Configure your licenses so they can be maintained by the license server.

Fundamentals
NN44473-101 02.01 2 July 2010
.
Network management protocol configuration 51
Figure 4
License configuration work flow
Network management protocol configuration

This section outlines the network management protocol configuration
support of the MAS.
SNTP
Add the IP address or hostname of the Simple Network Time Protocol
(SNTP) server in the SNTP Source Server field in Element Manager. The
SNTP Source Server is used to synchronize the clocks of all nodes in the
cluster.
SNMP
The MAS platform provides Simple Network Management Protocol
(SNMP) management. SNMP supports outgoing traps for logs and alarms
to remote SNMP-based Network Management Stations (NMS). In addition,
NMS can query alarm table and audit services. Traps use the Nortel
Reliable MIB format to support active and cleared alarm notifications as
well as informational log messages.
In Element Manager (EM), SNMP is configured in the System

Configuration > Network Settings section to activate the delivery of alarms
and logs using SNMP traps. You can enable or disable the sending
of traps when alarms are raised or cleared, or when event logs are
generated.
Both SNMP v1 and v2c are supported by the MAS platform. SNMP uses
community names to authenticate messages. The community name is
similar to a password that is shared by the SNMP NMS and the MAS
SNMP agent. The community name must be the same value on both the
NMS and the MAS SNMP agent.

Fundamentals
NN44473-101 02.01 2 July 2010
.
The MAS SNMP agent supports queries on the ActiveAlarm table and
audits for resynchronization with the management server. These queries
can be in the form of Get requests on specific fields or GetNext requests
for table traversal.
SOAP
The Simple Object Access Protocol (SOAP) is used to exchange
Extensible Markup Language (XML) messages over a network.
The MAS platform provides a set of Web services, which can be used
to manage, monitor, configure, or access a set of services or resources
provided by the platform. The SOAP server acts as a mini-embedded
Web server and exposes the following MAS Web services: application
APIs, content store APIs, and Management APIs. You can access these
Web services by using SOAP-formatted XML messages over HTTP 1.1
transport.
To enable the MAS Web services, you must configure the trusted nodes
that are allowed to send requests to the MAS Web services. In Element
Manager, trusted nodes are configured on the System Configuration,
Network Settings page. First, select the Enable Trusted SOAP Nodes
check box and then enter one or more hostnames or IP addresses in the
Trusted Nodes field . You must separate Multiple entries in the Trust
Nodes field with a semicolon.
Connection security
To configure connection security in Element Manager, see the System
Configuration > Network Settings page.
You can configure the following properties:
Attention: You can enable and select multiple ciphers in order of

strength.
Network configuration
This section outlines the network configuration of the MAS.
IP address assignment and traffic classes

Assign the IP address for the available traffic classes on the System
General Settings page in EM.
The traffic classes include:

• signaling

Fundamentals
NN44473-101 02.01 2 July 2010
.
• media
• cluster
• OAM
QoS audio and video DSCP settings configuration

Configure Quality of Service (QoS) settings for streaming on the System
Configuration, Media page.
Options include:
• Audio QoS
• QoS Maximum Bandwidth Per H.263 Video Flow
• QoS Maximum Bandwidth Per NNVC Video Flow
• Video QoS
QoS monitoring and alerting configuration

Configure Quality of Service (QoS) settings for media on the System
Configuration, Media, General Settings page.
Options include:
• Enable QoS monitoring
• Alert interval in milliseconds
• Critical R Threshold
• Maximum Alerts
• Refresh Interval in seconds
• Warning R Threshold in percentages
SIP configuration work flow

SIP provides a standard means tor establish sessions, negotiate
capabilities, invoke applications, and exchange data with the MAS.
The following work flow shows the process for configuring your MAS SIP
signaling.

Fundamentals
NN44473-101 02.01 2 July 2010
.
Figure 5
SIP configuration work flow

Fundamentals
NN44473-101 02.01 2 July 2010
.
55
.
Terminology
The following table describes common terminology associated with the
Media Application Server (MAS) .
Term Description
Backup A copy of data. The copy is preserved in case the
system the data was copied from fails, is damaged,
or changes to an undesired state.
Certificates A security tool used to identify secure packages of
data over a network.
Cluster A collection of servers on the MAS.
Codec Short for Compression Decompression, the codec is
used for transmitting media files over a network.
Commercial-Off-The-Shel Generic purchased hardware that can be used in a
f (COTS) wide variety of installations.
Conferencing A means of including more than two people in an
audio or video interaction.
Counters A measurement tool to record the number of times
an event occurs.
Dual-tone multi-frequency A signaling technology used for signaling over a
(DTMF) telephone network.
Differentiated Services A computer network architecture designed to
(DiffServ) manage and provide Quality of Service over a
network.
Element Manager (EM) A web-based tool used for configuring and
managing MAS and its components.
Event An incident that is either recorded or causes other
actions to occur.
Extensible Markup A specification for creating customizable mark up
Language (XML) languages such as VXML and CCXML.
File Transfer Protocol A network protocol used for transmitting files over
(FTP) a network.
Gauge A tool for providing real-time information about the
system.

Fundamentals
NN44473-101 02.01 2 July 2010
.
56 Terminology
Term Description
Graphical User Interface A visual interface used for interacting with a
(GUI) computer system.
License An identification showing the number of users can
be active for a piece of software.
Lightweight Directory An application protocol for working with directory
Access Protocol (LDAP) services over a network.
Logging An action for recording actions in a log.
Media Application Server A software based, media processing server. All
(MAS) media processing is performed in software on
the host CPU(s). The MAS architecture facilitates
unique scalability for all core functions of the
platform, including signaling, application execution,
content management and media processing.
Permissions A security tool that identifies what actions can be
performed by a given role.
Policies Security rules that govern the behavior and
actions of a computer system. These rules tell the
computer what actions to take in the case of certain
events, independent of human intervention.
Quality of Service (QoS) A means of controlling priorities between
applications for access to resources.
Quick Fix Engineering A tool for implementing small changes to MAS.
(QFE)
Real-time Transport A protocol for transmitting audio and video over a
Protocol (RTP) network.
Restore An action of copying backed up data to a system.
Remote Authentication A protocol for managing large networks.
Dial In User Service
(RADIUS)
Roles An identified role in a system that can be assigned
permissions.
Role Based Access A means of restricting access to a network or parts
Control (RBAC) of a network based on assigned roles.
Session Description A protocol for describing initialization parameters of
Protocol (SDP) streamed media.
Session Initiation A protocol for creating and removing communication
Protocol (SIP) sessions over a network.
Simple Network A protocol for monitoring devices attached to a
Management Protocol network.
(SNMP)

Fundamentals
NN44473-101 02.01 2 July 2010
.
Term Description
Simple Object Access A protocol for transmitting and receiving XML
Protocol (SOAP) messages over a network.
Standalone An installation of a single server with MAS.
Transport Layer Security A technology for providing secure communications
(TLS) over a network.
Unified Communications A framework for providing security when using
Management (UCM) Element Manager. UCM replaces ECM, but both
are still used interchangeably.
Web service A technology which supports interaction between
computers on a network.

Fundamentals
NN44473-101 02.01 2 July 2010
.
58 Terminology

Fundamentals
NN44473-101 02.01 2 July 2010
.
Fundamentals
Release: MAS 14.0

Publication: NN44473-101
Document revision: 02.01
Document release date: 2 July 2010
While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing
NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS
OR IMPLIED. The information and/or products described in this document are subject to change without notice.
Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
All other trademarks are the property of their respective owners.
www.nortel.com

NN44473-101 02.01 Mas14 Mas-Fundamentals

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NN44473-101 02.01 Mas14 Mas-Fundamentals

Uploaded by

Copyright:

Available Formats

Media Application Server

Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

All other trademarks are the property of their respective owners.

Media Application Server

Media Application Server

Media Application Server

Media Application Server

New in this Release

Media Application Server

Media Application Server

Media Application Server

Media Application Server

Media Application Server

Network deployment options

Media Application Server

Configure the following aspects of your network from the appropriate

MAS supports the following licensing models:

Web based configuration and management features

EM allows control of the following:

Media Application Server

— Advanced (including Component Status, Advanced Protocols,

Packaged application support

A packaged application is installed and configured using its own installer.

Session Initiation Protocol features

Media processing features

Media Application Server

Audio and video codecs

MAS supports the following video codecs:

Playing and recording audio

VCR controls are available for controlling media playback

Media Application Server

Digit collection and relay methods

Media Quality of Service

Media Application Server

MAS security features

Conferencing services and MLPP

When a user connects to the MAS Ad Hoc conferencing service or the

If a caller to the conferencing service cannot access the conference due to

The precedence levels (from lowest to highest level are

Media Application Server

Calls to conferences can also be preempted by non-conference calls.

For more information, see Media Application Server Overview - Services

Media Application Server

Media Application Server

Element Manager overview

EM is a web-based administration tool that facilitates the Operation,

Media Application Server

with the MAS product offering, EM serves as a common management

Navigating Element Manager

The welcome page appears first after logon. It contains a welcome

Media Application Server

Media Application Server

includes active session monitoring, operational measurements, and

Basic interface operation

Media Application Server

Some configuration items are designed to enable or disable certain

Restore Defaults is used to restore every configuration parameter on the

If any error is detected on the page, an error message is displayed,

Central authentication, authorization, and auditing

Media Application Server

Authentication is the process through which UCM determines if a user can

Authorization (also known as access control) is the process of determining