Professional Documents
Culture Documents
Fundamentals
Release: MAS 14.0
Document Revision: 02.01
www.nortel.com
NN44473-101
.
Media Application Server
Release: MAS 14.0
Publication: NN44473-101
Document release date: 2 July 2010
While the information in this document is believed to be accurate and reliable, except as otherwise expressly
agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF
ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are
subject to change without notice.
Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
.
3
.
Contents
New in this Release 7
Features 7
Other changes 7
Introduction 9
About MAS 9
Related books 9
Overview 11
Media Application Server 11
Network deployment options 11
Supported platform 12
License requirements 12
Web based configuration and management features 12
Packaged application support 13
Session Initiation Protocol features 13
Media processing features 13
Audio and video codecs 14
Playing and recording audio 14
Digit collection and relay methods 15
Conferencing 15
Media security 15
Media Quality of Service 15
Report generation 15
Content store 16
MAS security features 16
Conferencing services and MLPP 16
Administration 19
Element Manager overview 19
Navigating Element Manager 20
Interface features 21
Basic interface operation 22
Central authentication, authorization, and auditing 23
UCM security server roles 24
.
4
RBAC concepts 25
Policies 30
Limit access control views 31
Certificates 31
Element status and operational controls 33
Element Status 33
Starting, stopping and restarting 33
Operational states 34
Cluster configuration and status monitoring controls 34
Cluster configuration 34
Cluster status 34
License management 34
Server licensing 35
Nodal licensing 36
Signaling configuration 36
SIP configuration 36
Media configuration 36
Quality of Service 37
Audio codecs 37
Video codecs 38
Digit relay (DTMF) 38
Media security 39
Monitoring and logging global configuration support 39
Monitoring 39
Logging 41
Application management 43
Packaged applications 43
Reporting 44
Backup and restore 44
General settings 44
Backup Tasks 44
Restore 45
Backup Destination 45
History logs 45
Media management 46
Advanced settings 46
Disaster recovery 47
Configuration fundamentals 49
Initial security configuration 49
MAS configuration work flow 49
License configuration work flow 50
Network management protocol configuration 51
SNTP 51
.
5
SNMP 51
SOAP 52
Connection security 52
Network configuration 52
IP address assignment and traffic classes 52
QoS audio and video DSCP settings configuration 53
QoS monitoring and alerting configuration 53
SIP configuration work flow 53
Terminology 55
.
6
.
7
.
Features
The feature impacting this document in MAS 14.0 isthe MAS on a Linux
platform. Feature related changes can be found in the following sections:
• "MAS security features" (page 16)
• "Supported platform" (page 12)
Other changes
There are no other changes in this document related to the MAS 14.0
release.
.
8 New in this Release
.
9
.
Introduction
This document describes the fundamental topics for Media Application
Server (MAS).
Navigation
• "Overview" (page 11)
• "Administration" (page 19)
• "Configuration fundamentals" (page 49)
• "Terminology" (page 55)
About MAS
The MAS provides a robust, scalable software platform for hosting
multimedia applications. The platform is designed for generic multimedia
processing, and is based on standard open protocols.
Related books
The following books provide more details on the MAS:
• Media Application Server Troubleshooting (NN44473-700)
• Media Application Server Documentation Roadmap (NN44473-100)
• Media Application Server Overview - Services and Features
(NN44473-102)
• Media Application Server Deployment and Engineering Guide (SEB
08-00-033)
• Media Application Server Configuration (NN44473-500)
• Media Application Server Administration and Security (NN44473-600)
• Media Application Server Fault Management (NN44473-702)
.
10 Introduction
.
11
.
Overview
This chapter provides an overview of what you need to know to work with
the Media Application Server (MAS).
Navigation
• "Media Application Server " (page 11)
• "Network deployment options" (page 11)
• "Supported platform" (page 12)
• "License requirements" (page 12)
• "Web based configuration and management features" (page 12)
• "Packaged application support" (page 13)
• "Session Initiation Protocol features" (page 13)
• "Media processing features" (page 13)
• "Report generation" (page 15)
• "Content store" (page 16)
• "MAS security features" (page 16)
.
12 Overview
Supported platform
MAS is installed on one of the the following hardware types supplied by
Nortel:
• IBM HS21 (8853) with 1 or 2 hard disks and a minimum of 2GB RAM
• IBM HS20 (8843) with 1 or 2 hard disks and a minimum of 2GB RAM
• Langley HT
With the release of MAS 14.0, only the 64-bit version of Red Hat Linux is
supported, which requires compatible 64-bit hardware.
License requirements
Your maximum number of simultaneous active sessions is determined by
the number of purchased licenses. Applications will not function if they are
installed without the proper licensing.
.
Media processing features 13
The MAS platform uses SIP Transport Layer Security (TLS) for
securing SIP signaling. MAS manages a list of trusted network sources,
and signaling from non trusted sources route to a network proxy for
authentication. MAS supports a SIP trunking mode that allows reuse of
connections to and from network proxies for subsequent calls to reduce
the overhead of TLS signaling.
SIP routes define all SIP proxy and SIP registrar servers a MAS node
can communicate with. MAS uses SIP routes designated as a SIP proxy
server for routing outbound SIP requests for outbound traffic load sharing
and failover. MAS registers applications with all configured SIP registrars.
Registration is optional based on your MAS configuration and digest
authentication support.
.
14 Overview
Transcoding audio
MAS can transcode to and from the following audio formats:
• Linear 16-bit PCM, 8KHz Mono
• Linear 8-bit PCM, 8KHz Mono
• G.711 alaw
• G.711 ulaw
• G.729
Media files are cached locally on the system and are transcoded into
temporary files. Subsequent requests for the media file use the transcoded
file and are packetized without further processing.
Files that surpass a configurable “hit” rate are pulled into memory in their
post transcoded form and packetized directly. An uncached file that is not
eligible for caching, is transcoded in real-time.
.
Report generation 15
Conferencing
MAS supports multimedia conferencing for audio and video streams in
large and small conferences.
The conferencing algorithm uses mixing, which means that you can hear
up to four parties simultaneously. Each channel runs a voice activity
detector (to determine speech vs. background noise), an automatic gain
control algorithm, and a dynamic jitter buffer with compaction and packet
loss concealment.
Media security
Media security provides the ability for the MAS to secure media streams
with cryptographic protection based on RFC 3711 (The Secure Real-time
Transport Protocol [SRTP]). SRTP is an RTP (RFC 3550) profile with
symmetrical data encryption that provides the following security services:
encryption, message integrity, and replay protection.
MAS contains the Telchemy VQMON agent for QoS monitoring and
RTCP-XR support for exchange of metrics. R-Factor, jitter, and loss
packet is continually monitored for each call. Calls that fall below a
configured R-Factor threshold are logged. All QoS statistics are archived
with session detail records (SDR) for analysis.
Report generation
The reporting framework is based on third-party Jasper reports, a flexible
solution which can generate complex reports. The reporting framework
enables administrators to generate reports on demand and provides
automated report generations based on a configured time schedule. The
reporting framework supports CSV, HTML, and XML reporting types.
Scheduled reports can deliver through e-mail or File Transfer Protocol
(FTP).
.
16 Overview
Content store
MAS contains an onboard content storage feature that provides a reliable,
network accessible store for multimedia content. You can configure MAS
to replicate data across multiple content stores to provide High Availability
and redundancy.
.
Conferencing services and MLPP 17
• Priority
• Immediate
• Flash
• Flash Override
.
18 Overview
.
19
.
Administration
This chapter explains Media Application Server Administration
fundamentals. For step-by-step information about MAS platform
Administration, see Media Application Server Administration and Security
(NN44473-600).
Navigation
• "Element Manager overview" (page 19)
• "Element status and operational controls" (page 33)
• "Cluster configuration and status monitoring controls" (page 34)
• "License management" (page 34)
• "Signaling configuration" (page 36)
• "Media configuration" (page 36)
• "Monitoring and logging global configuration support" (page 39)
• "Application management" (page 43)
• "Reporting" (page 44)
• "Backup and restore" (page 44)
• "Media management" (page 46)
• "Advanced settings" (page 46)
• "Disaster recovery" (page 47)
.
20 Administration
Figure 1
Element Manager interface
Management activities are performed in the content area of the page. The
displayed content is dependent on the selected top-level framework or
system element context and the task selection within this context.
The top of the content area includes the hostname and management IP
address of the component being managed. Element Manager divides
properties into categories, to which you can navigate from the menu pane.
Each category appears on a separate page. Categories are further divided
into subcategories, which appear as sections on the category page. You
can jump to a section within the page with the shortcut links at the top of
the configuration table.
.
Element Manager overview 21
The branding banner area contains the image of the Nortel logo. In
addition to indicating what application you are in (for example EM), the
branding banner provides a context sensitive Help link and a Logout link.
Click the Help link to open context sensitive help in a new browser. The
Logout link logs you off of EM and returns you to the Login page.
You can perform task selection and element navigation using the three
following elements on the EM screen:
• Menu pane
• Network Navigation
• Breadcrumbs
These three components are central to the work flows that the
administrator performs for routine OAM activities. You can initiate work
flows from the menu pane. The menu pane displays a menu of tasks that
the administrator can perform in the content area. With the exception
of the network tasks, the scope of OAM activities the administrator can
perform is limited to the current element to which the administrator is
logged on to. To facilitate the management of multiple elements in the
network, You can view elements in the network with the network navigator
component and navigate to them individually to perform OAM tasks.
Finally, the administrator can find the information about the element
currently being managed and the task currently being performed with
the ability to navigate “up” the hierarchy of management screens in the
breadcrumb area.
Interface features
Initiate all tasks from the menu pane on the left side of the screen.
The items listed in the menu pane are grouped into two sections. The
top section of the menu pane contains a link to network-wide services
that can affect the operation of all network elements or network-wide
entities such as Network, User Services, Security, and Tools. The lower
section contains tasks related to the operation, administration, and
maintenance of the network element to which the administrator is logged
on. The element-level section is further divided into task groupings. The
highest-level groupings include System Status, System Configuration,
Products and Applications, Licensing, Tools, and Cluster Configuration.
Each task group contains a set of related tasks.
Tasks that an administrator must perform for MAS platform and application
administration, operations, and maintenance appear in the lower section of
the menu pane. These are grouped into six categories:
• System Status: The administrator can view current and historical
information pertaining to the status of the system with system status
tasks. These tasks include element status, cluster status, alarm
viewing, event log viewing, and monitoring. The monitoring task
.
22 Administration
Click the minus (-) symbol before the label to collapse expanded items.
The expansion state of subtasks is maintained when their parent is
collapsed. For items that contain no subitems, the expansion point
appears as a minus symbol.
Click on the item label in the menu pane to select and launch the following
associated task in the content area:
• Task Category: If the category is collapsed, it is expanded. An
information screen for the task is displayed in the contents area . This
screen shows a high-level description of the category of tasks and a
brief description for each task in the category. Task names appear
as hyperlinks. A click of the task name launches the task, and is
equivalent to selecting the task from the menu pane.
• Task: The task is launched in the content area.
.
Element Manager overview 23
You can start a task in a new browser window by using the right-click
menu of the Web browser. You should right-click on the task to be
performed and choose the option to open the page in a new window. A
new browser window appears with a banner area, menu pane, and task
selected in the content area.
You can scroll each section of the menu pane independently. Vertical
scrollbars appear in a section when its contents cannot be displayed
without vertical clipping. Horizontal scrollbars can also appear when the
contents of the menu pane sections cannot be displayed without horizontal
clipping. You can use the vertical line separating the menu pane and the
content and breadcrumb areas to resize the menu pane horizontally.
Use Save to save the changes to the platform. No changes are made to
the platform configuration until you click Save. Before the configuration is
stored in the MAS database, the administrator input is validated. If any
errors are detected during validation, the configuration is not saved, and
the page is redisplayed with error messages. The administrator needs to
correct these errors and click Save to save the changes. After the changes
have been saved, the administrator returns to the parent of the current
page, which is often the previous page.
If you decide not to save the changes made to the configuration, click
Cancel to cancel any changes to be made to the configuration. A click of
the cancel button returns you to the parent of the current page (usually the
previous screen) without saving any changes to the configuration.
.
24 Administration
Attention: UCM server roles are different from the roles used in MAS
clustering.
Only the UCM primary security server runs the private Certificate
Authority, so only the UCM primary security server can issue
certificates for new member servers. The UCM primary security
server is also the only server from which you can use the certificate
management console.
In addition, only the UCM primary security server has the write access
to all security-related data. Thus, you must configure all UCM options
on the UCM Primary security server.
.
Element Manager overview 25
RBAC concepts
The Unified Communications Management (UCM) security framework
uses the Role Based Access Control (RBAC) model to determine a user’s
authorization. In this model, each user is identified through a unique
identity, and each identity can have one or more user accounts for different
elements. To configure access rights for user accounts, the security
administrator assigns permissions to roles, and then assigns these roles
to users.
.
26 Administration
Figure 2
Example of the MAS RBAC model
.
Element Manager overview 27
Identities
In the MAS RBAC model, security administrators must assign a unique
digital identity to each user in a company. This identity contains a user’s
credentials and authorization rights. All identities are stored in security
services, and this information is used by servers or products on the
network.
Each identity can have different user accounts for different managed
elements. Security administrators can manage these identities to create,
read, update, or delete user accounts. You can manage identities on the
Administrative Users page in UCM. To navigate to the Administrative
Users page, click User Services, Administrative Users in the navigation
pane.
Accounts
The UCM security framework supports the following types of user
accounts:
• local account
• built-in account
• emergency account
• external account
Built-in accounts
UCM has one built-in account that security administrators must use to
log on to the system after installation. This built-in account is called
nortelmasadmin, and it has the following built-in roles:
• NetworkAdministrator
• PowerUser
• SecurityAdministrator
.
28 Administration
Emergency accounts
You must use emergency accounts to access Element Manager (EM) on a
local system if the primary or backup security servers are down or cannot
be reached. The default emergency account is nortelmasadmin, which is
the same account you use for the initial configuration of a MAS.
UCM and EM do not store passwords for Linux accounts. When you use
an emergency account, the MAS first verifies that you have access to EM.
Authentication is then performed against the local Operating system (OS)
using the NT LAN Manager (NTLM) protocol. Nortel recommends that you
create emergency accounts that are distinct from normal administrator
accounts. To log on to EM using an emergency account, use the following
URL: http://<server FQDN>/local-login. For more information about
authenticating locally on the MAS in emergencies, see Media Application
Server Administration and Security (NN44473-600).
Local accounts
You can set up local accounts for administrators who are authenticated
locally in Unified Communications Management (UCM).
To set up a local account, you must create a local user identity and
password. The UCM security framework stores data entry and password
information for a local user account in persistent storage. You can manage
local user identities on the Administrative Users page in UCM. To navigate
to the Administrative Users page, click User Services, Administrative Users
in the navigation pane.
.
Element Manager overview 29
External accounts
You can set up external accounts to allow Unified Communications
Management (UCM) to authenticate administrators with external
authentication. A MAS performs external authentication through
Lightweight Directory Access Protocol (LDAP), Remote Authentication Dial
In User Service (RADIUS), or Kerberos.
An external user has a shadow entry inside the persistent repository of the
UCM security framework. The security framework uses the shadow entry
to assign roles to the external user.
Permissions
Permissions specify which management functions a user can perform on
an element. Security administrators assign permissions to roles, and then
assign these roles to users.
Roles
Roles define a set of management functions a user can perform on an
element. Security administrators assign roles to users. You can map roles
to users on the Roles page in UCM. To navigate to the Roles page, click
Security, Roles.
.
30 Administration
Policies
In the UCM security framework, users can configure policies for
passwords, security, and the sign sign-on cookie domain. You can
configure policies on the Policies page in UCM. To navigate to the Policies
page, click Security, Policies.
A user is locked out of the UCM framework when the specified number of
logon attempts is reached. By default, the user is locked out after 5 failed
attempts.
.
Element Manager overview 31
Certificates
Unified Communications Management (UCM) uses certificates for secure
communication between a Web browser and a Web server. Certificates
are used for the following:
• Web interfacing using Secure Sockets Layer (SSL)
• Session Initiation Protocol (SIP) signaling using Transport Layer
Security (TLS)
UCM manages certificates using the X.509 standard for Web SSL, which
ensures that certificates are issued by a Certificate Authority (CA) that
binds a public key to a particular distinguished name.
Certificate authorities
A Certificate Authority (CA) is a trusted entity that issues, renews, and
revokes certificates. You can use UCM to install certificates from both its
private CA or public CAs.
.
32 Administration
The UCM security framework uses only one private CA to sign internally
generated certificates. Once UCM generates the private CA, you cannot
change it. Configuration information for the private CA on the primary
security server is typically entered during the initial security configuration.
Certificate types
UCM certificate management supports three types of certificates:
• Certificates signed by the private CA hosted on the UCM primary
security server. The MAS creates a private CA during the installation of
the UCM primary security server. You can use the private CA to issue
certificates to remote devices in the same security domain. When the
UCM primary security server issues a certificate and distributes it to a
remote device, the remote device automatically adds the root certificate
of the private CA to its trusted certificate list. As a result, devices that
use certificates issued by the same private CA always trust each other.
• Certificates signed by a public CA. You can use the UCM X.509
Certificate Management page to generate a Certificate Signing Request
(CSR) from a target device, and then send the CSR to a public CA
to obtain a certificate response, which contains an X.509 certificate.
You can use the UCM Certificate Management page to process the
certificate response returned from a public CA, and thereby, distribute
the X.509 certificate to the target device. To access the Certificate
Management page, click Security > Certificates.
• Self-signed certificates. A self-signed certificate is not issued by CA.
This type of certificate does not provide any authentication, and is
vulnerable to a man-in-the-middle attack. Nortel recommends that you
avoid using self-signed certificates.
SIP TLS
When UCM distributes the SIP TLS certificates that are signed by the
private CA to the Network Routing Service or SIP Gateway, the private
CA is automatically added to the trusted CA list of the Network Routing
Service or SIP Gateway. Therefore, if all the Network Routing Service and
SIP Gateway elements use certificates signed by the private CA, UCM
automatically configures mutual authentication for SIP TLS among them.
.
Element status and operational controls 33
Web SSL
During the primary security service installation, the private CA issues a
Web SSL certificate that is installed as part of the primary security service.
Use the Web SSL certificate for the UCM Web server and the LDAP
server. The security administrator must configure the Web SSL certificate
for the primary security server by using the UCM Certificates link.
You can use the MAS system to revoke certificates that you issued
previously, to get a list of revoked certificates, and to update the CRL.
You can manage CRLs on the Certificate Management page by clicking
the Private Certificate Authority tab and navigating to the Certificate
Revocation List (CRL) Details pane.
Element Status
The Element Status shows the most severe alarm reported for the selected
element. For example, an element with Critical and Minor active alarms
has an overall status of Critical. An element with no alarms has a status of
Normal.
Click an element name to view alarm details for the selected element.
.
34 Administration
Operational states
Use the More Actions drop-down to change the operational state of the
element to one of the following:
• More Actions
• Lock
• Pending Lock
Cluster configuration
In Server Designation, you define your primary server and all secondary
servers. The local server starts with the Primary role by default. When
defining your servers, you must provide the following information:
• Replication account username and password
• Role (primary, secondary, or standard)
• Server Address
• Server UUID
From the Replication Settings page you can enable or disable the SDR,
OM and Configuration Replications.
Cluster status
The Cluster Status page is available from the System Status menu in EM.
It shows the following information about all elements in the cluster:
• element name
• UUID
• most severe alarm status
• description for an existing alarm, if any
• element role information
License management
You can use the licensing section of Element Manager to configure
licensing information.
.
License management 35
The following list items describe the four distinct task areas within the
licensing section, each with its own subset of tasks:
• Licensing configuration: Use this section to configure licensing (License
Server or Nodal Licensing) and to add or replace license keys.
• License utilization threshold: Use this section to set the threshold for
license usage, which is expressed as a percentage of all licenses in
use. Once this threshold is reached, a notification alarm is generated.
The default threshold value is 85%.
• License server status: Use this section to manage the license
server, and display its operational status and operational mode. The
operational status indicates whether the license server is initializing,
running, or dormant, or if the status cannot be determined. The
operational mode of the server is either Active or Standby. However, if
the license server is not running, the system cannot obtain the mode.
With the License Server Status page you can to start, stop, or restart
the license server by clicking the respective buttons located at the top
of the page. The buttons are applicable only to the License Server that
is currently being configured.
• Advanced settings: Do not reconfigure the default values in the
Advanced Settings pages. These defaults are set for optimal
performance of the MAS platform. If you think these settings need to
be changed, contact Nortel Technical Support to discuss the changes.
Reconfigure these settings only under explicit direction from Nortel
Technical Support.
Server licensing
In server licensing mode, a cluster shares licenses that float across all
its MAS nodes. To set up server licensing, you must use a Redundant
License Servers cluster licensing configuration. In this configuration, you
install license servers on the two MAS nodes in the cluster designated as
the cluster primary and secondary nodes.
Each license server broadcasts a message to its local subnet to detect its
redundant partner. It correspondingly sets itself to the active, or standby
state, depending on the state of the other server. If both servers are in
starting up state, the one with the larger IP address becomes active and
.
36 Administration
During the license server startup process, the license server is in the
starting-up state, and it does not respond to any license requests. After
initialization, the license server changes to the standalone state and
starts to serve license requests. You can view the license server state
information on the License Server Status page in Element Manager. To
navigate to the License Server Status page, click Licensing, License
Server Status in the navigation pane.
Nodal licensing
In Nodal licensing mode, licenses are bound to a particular MAS platform
and are not shared across MAS nodes. In this node-locked configuration,
you must configure each MAS node with its own license key. For example,
if your MAS cluster contains five MAS platforms, you need five different
licenses keys.
Signaling configuration
You can configure the SIP settings from the Signaling Configuration pages.
SIP configuration
You can configure the following from the SIP settings pages:
• General Settings
• Domains and Accounts
• Nodes and Routes
Media configuration
This section outlines the media configuration support of the MAS.
.
Media configuration 37
Quality of Service
MAS supports Differentiated Services (DiffServ) packet marking on
outgoing Real-time Transport Protocol (RTP) streams. The system sets
the DiffServ Control Point (DSCP) to expedited forwarding (EF), which
is a widely supported indicator for Quality of Service (QoS)-enabled
networks carrying real-time audio and video data. Network routers that are
QoS-enabled examine the type of service bits in the IP header and provide
priority (with respect to routing and handling) to those packets marked
with expedited forwarding. In addition to marking packets, MAS uses high
resolution, interrupt-driven timers to drive RTP packetization at precise
intervals. MAS follows RFC 2598 which designates the EF bit pattern.
MAS uses flow specifications for each codec to identify packet delivery
characteristics to the operating system, enabling it to prioritize (internally)
packets destined to and from the network interface card (NIC). The
framework ensures that QoS marked packets sent from MAS media
processors are not dropped or delayed in their delivery to the wire. MAS
can reserve a percentage of NIC bandwidth for its media processors.
This ensures that management and signaling does not affect the quality
of the audio or video streams in use on the platform. The use of flow
specifications also offers some denial of service protection as the transport
layers discard packets (instead of attempting to process them) that do not
conform to the flow specification.
MAS contains the Telchemy VQMON agent for QoS monitoring and
RTCP-XR support. R-Factor, jitter, and packet loss are continually
monitored for each call. Calls that fall below a configured R-Factor
threshold are logged. All QoS statistics are archived with session detail
records (SDR) for analysis.
Audio codecs
To configure audio codec settings, use the System Configuration >
Media > Audio Codecs page in Element Manager. You can complete the
following configuration tasks for audio codecs:
• Enable or disable audio codecs. The following audio codecs are
supported:
— G.711-ULAW
— G.711-ALAW
— G.729A
— EVRC-0
— AMR
.
38 Administration
Video codecs
To configure video codec settings, use the System Configuration >
Media > Video Codecs page in Element Manager. You can configure the
following video codec settings:
• Enable or disable video codecs. The following video codecs are
supported:
— H.263
— H.263+
— H.263++
— NNVC (Nortel Networks Video Codec)
• Configure the preferred order of enabled codecs for negotiation (SDP
answer) or default SDP (SDP offer).
• Enable frame rates for each codec.
• Configure the default frame rate for each codec.
• Configure the preferred format for each codec
• Configure the Annex profile for each codec (if required).
.
Monitoring and logging global configuration support 39
Media security
To configure media security settings, use the System Configuration >
Media > Media Security page in Element Manager.
Media security provides the ability for the MAS to secure media streams
with cryptographic protection based on RFC 3711 (The Secure Real-time
Transport Protocol [SRTP]). SRTP is an RTP (RFC 3550) profile with
symmetrical data encryption that provides the following security services:
encryption, message integrity, and replay protection. Secure RTCP
(SRTCP) provides the same security services to RTCP as SRTP does to
RTP. SRTP message authentication protects the RTCP fields that keep
track of membership, provide feedback to RTP sends, or maintain packet
sequence counters. M5T SRTP stack is used to deliver the media security
feature.
Monitoring
This section outlines the monitoring global configuration support for the
MAS.
Event logs
An event log is a historical view of events that occurred on the system.
Event logs have the following severity levels:
• Alert
• Critical
• Major
• Minor
• Emergency
.
40 Administration
• Error
• Warning
• Info
• Debug
• Indeterminate
• Notice
You can enable and configure Event log throttling for an event so that only
the most recent event log and contents are buffered. The most recent log
is generated when the Throttle Check Interval property is exceeded along
with an instance count for that event. Log throttling prevents the event logs
from being flooded with recurring events.
Operational measurements
The following types of operational measurements are supported:
• Counters: Counters are used to record and track activity on the system.
An example of a counter would be the total number of calls over the
life of the system. Counters are named registers that start from zero
.
Monitoring and logging global configuration support 41
Logging
This section outlines the logging global configuration support for the MAS.
System diagnostics
You can place the system in diagnostic mode for logging by selecting the
Enable System Diagnostic Mode check box on the System Configuration,
Logging, System Diagnostic page in Element Manager.
.
42 Administration
SysLog
SysLog is a standard for forwarding log messages in an IP network. The
MAS platform optionally supports SysLog over User Datagram Protocol
(UDP) for the delivery of logs and alarm history to one or more SysLog
server destinations.
Session logging
Configure the following SDR properties under the System Configuration >
Logging > Session Logging section of Element Manager:
• Session Detail Record Archiving: This check box enables or disables
the archiving of session detail records. The default is enabled.
• Session Detail Record Archive Minimum Record Age (Days): Session
detail records older than configured days are removed when cleanup is
initiated. The default is 90 days.
• Session Detail Record Archive (Detail Records): The maximum number
of session detail records before cleanup is initiated. The default is 1
296 000 records. Approximately 5k of storage is required for each
SDR.
The MAS creates a Session Detail Record (SDR) for each individual
session that originates from or terminates to the platform. An SDR
includes detailed information about each session, which you can use for
tracking and billing purposes.
The platform archives all SDR to the local platform database. These
archived records are used by the platform to generate reports. The
platform ensures that the archive does not grow too large by deleting
old records based on the configuration. You can view records in either
real-time or in historical reports. Archived SDRs can be replicated to the
primary and secondary node in a cluster so that SDRs can be consolidated
for cluster-wide historical reports.
.
Application management 43
Debug logging
You can find the following settings related to debug logging in the System
Configuration, Logging, Debug section of Element Manager.
Application management
Packaged applications can be deployed on MAS.
Packaged applications
A packaged application is installed and configured using its own installer.
The installer adds application configuration data and translations to the
MAS. As part of the installation process you need to configure license keys
for all packaged applications.
Packaged applications can only be installed after the MAS has been
installed and configured.
.
44 Administration
Reporting
To configure reporting settings, use the Tool > Reports page in Element
Manager.
You can perform backup and restore tasks on the Backup and Restore
page in Element Manager (EM). To navigate to the Backup and Restore
page, click Tools, Backup and Restore. This page includes the following
task categories:
• General settings
• Backup Tasks
• Restore
• Backup Destination
• History Log
General settings
When you backup or restore your data, all actions are logged in a log file.
You can set the value of "Store history and log files up to" parameter to
define the duration for store history. The log file refreshes after the defined
duration, that is, after this duration, the history will not be stored in the log
file.
Backup Tasks
To back up your data, you must first define a backup task and then specify
a schedule.
A backup task specifies what to back up and where to store the backup
data. You can manage backup tasks on the Backup Tasks page in
Element Manager. To navigate to the Backup Tasks page, click Tools,
Backup and Restore, Backup Tasks. On the Backup Tasks page, you can
add a new backup task, and edit or delete an existing backup task.
.
Backup and restore 45
After you create a backup task, you must specify a backup schedule.
You can run backup tasks manually or schedule the backup tasks to
run immediately, once, daily, weekly, or monthly. You can also use the
Backup Tasks page to schedule multiple tasks. Each task runs at the
next specified start time. The Backup Tasks page shows you when the
next scheduled backup is supposed to occur, as well as details about the
schedule frequency and the backup destination.
Restore
You can choose the backup source that you want to restore on the
Restore page in Element Manager (EM). To navigate to the Restore page,
click Tools,> Backup and Restore, Restore in the navigation pane.
The Restore page shows details about the backup, such as the name of
the task, the type of backup, and the date when the back up last occurred.
Attention: Note that the restore process may take a while, during which
time EM is offline and closes the connection to all users until the process
is complete. It is the administrator’s responsibility to inform users when the
system is back up and running. During the restore, the system cannot take
calls. If a restore is completed without errors, the backup file is deleted;
otherwise, the backup file remains on the server.
Backup Destination
The Backup Destination specifies the location of the backup file.
History logs
The backup/restore history log shows the status of backup or restore tasks
and assists you in resolving errors. You can view the history log on the
History Log page in Element Manager (EM). To navigate to the History Log
page, click Tools, Backup and Restore, History Log.
The history log shows the task name, type, and status; the time when
the task is performed; the time to complete the task; and the size of the
backup data. On the History Log page, you can export the log file in HTML
format to a local folder of your choice.
.
46 Administration
Media management
On the Media Management page, you can manage media files of many
formats, including sound, video, .xml, plain text, or zipped files. To
navigate to the Media Management page, log on to Element Manager (EM)
and click Tools, Media Management in the navigation pane.
In EM, you can organize media into content namespaces and content
groups. Use content namespaces to divide media into logical containers.
Use content groups to subdivide the media in a content namespace into
logical groups.
You can initially provision a content namespace by using one .zip file for
the whole content namespace or by creating one content group at a time.
After the media file is uploaded, EM displays it in a tree view. The root of
the tree is the content namespace and individual content groups appear
below it with + or - icons before their names. EM displays the namespace,
and the content groups in the left pane, and the media files contained in
the selected content group in the right pane. The media file list includes
the file name, content type, and size of the file; the time initially created;
the time last modified; and the version information. You can browse
content namespaces and add, rename, or delete content groups.
Advanced settings
Access the Advanced Settings page from Cluster Configuration, Advanced
Setting. These values are automatically configured based on changes
made on the Server Designation page.
.
Disaster recovery 47
Disaster recovery
You can recover the primary server to restore critical operations if you
experience a disaster situation.
If you experience a disaster situation, you must restore the primary server
to reestablish critical operations. This operation involves installing the
Media Application Server (MAS) software on a primary MAS server. Then,
you must restore the latest full backup.
.
48 Administration
.
49
.
Configuration fundamentals
This chapter explains Media Application Server configuration
fundamentals. For step-by-step information about how to perform the
initial configuration of the MAS platform, see Media Application Server
Configuration (NN44473-500).
Navigation
• "Initial security configuration" (page 49)
• "License configuration work flow" (page 50)
• "MAS configuration work flow" (page 49)
• "Network management protocol configuration" (page 51)
• "Network configuration" (page 52)
• "QoS monitoring and alerting configuration" (page 53)
• "SIP configuration work flow" (page 53)
Use your User ID and Password for your installed operating system to
access UCM the first time. You are required to change these once you
have accessed your Primary server.
.
50 Configuration fundamentals
Figure 3
MAS Configuration work flow
.
Network management protocol configuration 51
Figure 4
License configuration work flow
SNTP
Add the IP address or hostname of the Simple Network Time Protocol
(SNTP) server in the SNTP Source Server field in Element Manager. The
SNTP Source Server is used to synchronize the clocks of all nodes in the
cluster.
SNMP
The MAS platform provides Simple Network Management Protocol
(SNMP) management. SNMP supports outgoing traps for logs and alarms
to remote SNMP-based Network Management Stations (NMS). In addition,
NMS can query alarm table and audit services. Traps use the Nortel
Reliable MIB format to support active and cleared alarm notifications as
well as informational log messages.
Both SNMP v1 and v2c are supported by the MAS platform. SNMP uses
community names to authenticate messages. The community name is
similar to a password that is shared by the SNMP NMS and the MAS
SNMP agent. The community name must be the same value on both the
NMS and the MAS SNMP agent.
.
52 Configuration fundamentals
The MAS SNMP agent supports queries on the ActiveAlarm table and
audits for resynchronization with the management server. These queries
can be in the form of Get requests on specific fields or GetNext requests
for table traversal.
SOAP
The Simple Object Access Protocol (SOAP) is used to exchange
Extensible Markup Language (XML) messages over a network.
The MAS platform provides a set of Web services, which can be used
to manage, monitor, configure, or access a set of services or resources
provided by the platform. The SOAP server acts as a mini-embedded
Web server and exposes the following MAS Web services: application
APIs, content store APIs, and Management APIs. You can access these
Web services by using SOAP-formatted XML messages over HTTP 1.1
transport.
To enable the MAS Web services, you must configure the trusted nodes
that are allowed to send requests to the MAS Web services. In Element
Manager, trusted nodes are configured on the System Configuration,
Network Settings page. First, select the Enable Trusted SOAP Nodes
check box and then enter one or more hostnames or IP addresses in the
Trusted Nodes field . You must separate Multiple entries in the Trust
Nodes field with a semicolon.
Connection security
To configure connection security in Element Manager, see the System
Configuration > Network Settings page.
Network configuration
This section outlines the network configuration of the MAS.
.
SIP configuration work flow 53
• media
• cluster
• OAM
Options include:
• Audio QoS
• QoS Maximum Bandwidth Per H.263 Video Flow
• QoS Maximum Bandwidth Per NNVC Video Flow
• Video QoS
Options include:
• Enable QoS monitoring
• Alert interval in milliseconds
• Critical R Threshold
• Maximum Alerts
• Refresh Interval in seconds
• Warning R Threshold in percentages
The following work flow shows the process for configuring your MAS SIP
signaling.
.
54 Configuration fundamentals
Figure 5
SIP configuration work flow
.
55
.
Terminology
The following table describes common terminology associated with the
Media Application Server (MAS) .
Term Description
Backup A copy of data. The copy is preserved in case the
system the data was copied from fails, is damaged,
or changes to an undesired state.
Certificates A security tool used to identify secure packages of
data over a network.
Cluster A collection of servers on the MAS.
Codec Short for Compression Decompression, the codec is
used for transmitting media files over a network.
Commercial-Off-The-Shel Generic purchased hardware that can be used in a
f (COTS) wide variety of installations.
Conferencing A means of including more than two people in an
audio or video interaction.
Counters A measurement tool to record the number of times
an event occurs.
Dual-tone multi-frequency A signaling technology used for signaling over a
(DTMF) telephone network.
Differentiated Services A computer network architecture designed to
(DiffServ) manage and provide Quality of Service over a
network.
Element Manager (EM) A web-based tool used for configuring and
managing MAS and its components.
Event An incident that is either recorded or causes other
actions to occur.
Extensible Markup A specification for creating customizable mark up
Language (XML) languages such as VXML and CCXML.
File Transfer Protocol A network protocol used for transmitting files over
(FTP) a network.
Gauge A tool for providing real-time information about the
system.
.
56 Terminology
Term Description
Graphical User Interface A visual interface used for interacting with a
(GUI) computer system.
License An identification showing the number of users can
be active for a piece of software.
Lightweight Directory An application protocol for working with directory
Access Protocol (LDAP) services over a network.
Logging An action for recording actions in a log.
Media Application Server A software based, media processing server. All
(MAS) media processing is performed in software on
the host CPU(s). The MAS architecture facilitates
unique scalability for all core functions of the
platform, including signaling, application execution,
content management and media processing.
Permissions A security tool that identifies what actions can be
performed by a given role.
Policies Security rules that govern the behavior and
actions of a computer system. These rules tell the
computer what actions to take in the case of certain
events, independent of human intervention.
Quality of Service (QoS) A means of controlling priorities between
applications for access to resources.
Quick Fix Engineering A tool for implementing small changes to MAS.
(QFE)
Real-time Transport A protocol for transmitting audio and video over a
Protocol (RTP) network.
Restore An action of copying backed up data to a system.
Remote Authentication A protocol for managing large networks.
Dial In User Service
(RADIUS)
Roles An identified role in a system that can be assigned
permissions.
Role Based Access A means of restricting access to a network or parts
Control (RBAC) of a network based on assigned roles.
Session Description A protocol for describing initialization parameters of
Protocol (SDP) streamed media.
Session Initiation A protocol for creating and removing communication
Protocol (SIP) sessions over a network.
Simple Network A protocol for monitoring devices attached to a
Management Protocol network.
(SNMP)
.
SIP configuration work flow 57
Term Description
Simple Object Access A protocol for transmitting and receiving XML
Protocol (SOAP) messages over a network.
Standalone An installation of a single server with MAS.
Transport Layer Security A technology for providing secure communications
(TLS) over a network.
Unified Communications A framework for providing security when using
Management (UCM) Element Manager. UCM replaces ECM, but both
are still used interchangeably.
Web service A technology which supports interaction between
computers on a network.
.
58 Terminology
.
Media Application Server
Fundamentals
While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing
NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS
OR IMPLIED. The information and/or products described in this document are subject to change without notice.
Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
www.nortel.com