- DL manuals
- TANDBERG
- Conference System
- Gatekeeper
- User Manual
TANDBERG Gatekeeper User Manual
Summary of Gatekeeper
Page 1
Tandberg gatekeeper user guide software version n5.1 d13381.07 january 2007 this document is not to be reproduced in whole or in part without permission in writing from:.
Page 2
Tandberg gatekeeper user guide page 2 of 105 contents 1. Product information 8 1.1. Trademarks and copyright .......................................................................................................8 1.2. Disclaimer..........................................................................
Page 3
Tandberg gatekeeper user guide page 3 of 105 4.7. Alternates.............................................................................................................................. 23 4.8. Call processing overview....................................................................................
Page 4
Tandberg gatekeeper user guide page 4 of 105 11.2. Enterprise gatekeepers ........................................................................................................ 48 11.3. Dialing public ip addresses........................................................................................
Page 5
Tandberg gatekeeper user guide page 5 of 105 16.1.7. Ip ......................................................................................................................................................69 16.1.8. Ldap..................................................................................
Page 6
Tandberg gatekeeper user guide page 6 of 105 16.3.26. Subzonedelete................................................................................................................................88 16.3.27. Transformadd ...................................................................................
Page 7
Tandberg gatekeeper user guide page 7 of 105 21. Bibliography 102 22. Glossary 103 23. Index 104.
Page 8
Tandberg gatekeeper user guide page 8 of 105 1. Product information 1.1. Trademarks and copyright copyright 1993-2006 tandberg asa. All rights reserved. This document contains information that is proprietary to tandberg asa. No part of this publication may be reproduced, stored in a retrieval system...
Page 9
Tandberg gatekeeper user guide page 9 of 105 1.3.2. European environmental directives as a manufacturer of electrical and electronic equipment tandberg is responsible for compliance with the requirements in the european directives 2002/96/ec (weee) and 2002/95/ec (rohs). The primary aim of the weee ...
Page 10
Tandberg gatekeeper user guide page 10 of 105 1.4. Operator safety summary for your protection please read these safety instructions completely before you connect the equipment to the power source. Carefully observe all warnings, precautions and instructions both on the apparatus and in these operat...
Page 11
Tandberg gatekeeper user guide page 11 of 105 1.4.7. Power connection and hazardous voltage the product may have hazardous voltage inside. Never attempt to open this product, or any peripherals connected to the product, where this action requires a tool. This product should always be powered from an...
Page 12
Tandberg gatekeeper user guide page 12 of 105 2. Introduction this user manual is provided to help you make the best use of your tandberg gatekeeper. 2.1. Main features the main features of the tandberg gatekeeper are: ipv4 and ipv6 support. Supports up to 2500 registered endpoints. Supports up to 1...
Page 13
Tandberg gatekeeper user guide page 13 of 105 figure 1: front panel of gatekeeper on the back of the gatekeeper (see figure 2) there are: a power connector a power switch a serial port (data 2) for connecting to a pc. Figure 2: rear panel of gatekeeper.
Page 14
Tandberg gatekeeper user guide page 14 of 105 3. Installation 3.1. Precautions never install communication equipment during a lightning storm. Never install jacks for communication cables in wet locations unless the jack is specifically designed for wet locations. Never touch uninstalled communicati...
Page 15
Tandberg gatekeeper user guide page 15 of 105 3.3. Unpacking the tandberg gatekeeper is delivered in a special shipping box which should contain the following components: gatekeeper unit installation sheet user manual and other documentation on cd rack-ears and screws kit with 4 rubber feet cables: ...
Page 16
Tandberg gatekeeper user guide page 16 of 105 4. Getting started 4.1. Initial configuration the tandberg gatekeeper requires some configuration before it can be used. This must be done using a pc connected to the serial port (data 1) or by connecting to the system's default ip address: 192.168.0.100...
Page 17
Tandberg gatekeeper user guide page 17 of 105 9. Review other system settings. You may want to set the following: a. The name of the gatekeeper. This is used by the tandberg management suite (tms) to identify the gatekeeper. See the xconfiguration systemunit command (section 16.2.18) for more inform...
Page 18
Tandberg gatekeeper user guide page 18 of 105 you will be presented with the overview screen: note: http and https must be enabled in order to use the web interface. This is done using the following commands: xconfiguration http mode: xconfiguration https mode: note: if web access is required, you a...
Page 19
Tandberg gatekeeper user guide page 19 of 105 note: ssh and/or telnet access must be enabled in order to use the command line interface. This is done using the following commands: xconfiguration ssh mode: xconfiguration telnet mode: note: for secure operation you should use ssh in preference to teln...
Page 20
Tandberg gatekeeper user guide page 20 of 105 4.4. Ip configuration the gatekeeper may be configured to use ipv4, ipv6 or both protocols. If using both protocols, the gatekeeper will act as a gateway if necessary, allowing calls to be made between an ipv4-only endpoint and an ipv6-only endpoint. Thi...
Page 21
Tandberg gatekeeper user guide page 21 of 105 when registering, the endpoint registers with one or more of the following: one or more h.323 ids one or more e.164 aliases. Users of other registered endpoints can then call the endpoint by using either the h.323 id, a uri, an e.164 alias, or one of the...
Page 22
Tandberg gatekeeper user guide page 22 of 105 hierarchical dial plan one gatekeeper is nominated as the directory gatekeeper for the deployment. All border controllers and public gatekeepers are neighbored with it and vice versa. There is no need to neighbor the border controllers and public gatekee...
Page 23
Tandberg gatekeeper user guide page 23 of 105 4.7. Alternates alternate gatekeeper support is provided to increase the reliability of your deployment. If one gatekeeper becomes unavailable, perhaps due to a network or power outage, another will be used as an alternate. Alternates share responsibilit...
Page 24
Tandberg gatekeeper user guide page 24 of 105 4.8. Call processing overview figure 6 illustrates the process the gatekeeper performs when receiving call requests. Receive request from endpoint (arq) or other gatekeeper (lrq) locally registered endpoint? Yes locally registered service? Yes no ip addr...
Page 25
Tandberg gatekeeper user guide page 25 of 105 when an endpoint wants to call another endpoint it presents the address it wants to call to the gatekeeper using a protocol knows as ras. The gatekeeper applies any transforms (see section 5), tries to resolve the address, and if successful supplies the ...
Page 26
Tandberg gatekeeper user guide page 26 of 105 5. Transforming destination aliases 5.1. Alias transforms the alias transforms function takes any aliases present in arq and lrq messages and runs a set of transformations on them. The resulting aliases will then be used in the normal gatekeeper logic, e...
Page 27
Tandberg gatekeeper user guide page 27 of 105 5.2. Zone transforms it is possible to direct an incoming location request to a different alias by replacing either the prefix or the suffix of the alias with a new string. Zone transform rules are created either: using the xconfiguration zones set of co...
Page 28
Tandberg gatekeeper user guide page 28 of 105 6. Unregistered endpoints although most calls are made between endpoints registered with a gatekeeper or border controller, it is sometimes necessary to place a call to or from an unregistered endpoint. 6.1. Calling from an unregistered endpoint an unreg...
Page 29
Tandberg gatekeeper user guide page 29 of 105 when the gatekeeper is used with a border controller for firewall traversal, you will typically set callstounknownipaddresses to indirect on the gatekeeper and direct on the border controller. This will allow calls originating inside the firewall to use ...
Page 30
Tandberg gatekeeper user guide page 30 of 105 7. Bandwidth control 7.1. About bandwidth control the tandberg gatekeeper allows you to control endpoints' use of bandwidth on your network. Figure 9 shows a typical network deployment: a broadband lan, where high bandwidth calls are acceptable; a pipe t...
Page 31
Tandberg gatekeeper user guide page 31 of 105 figure 10: configuring a subzone 7.2.1. Subzone links subzones may be configured with links joining them to each other and to other zones. These links are used to calculate how a call is routed over the network and so which zones and subzones are involve...
Page 32
Tandberg gatekeeper user guide page 32 of 105 figure 11: configuring a pipe pipes may be shared between one or more links. This is used to model the situation where a site communicates with several other sites over the same broadband connection to the internet. Each link may have up to two pipes ass...
Page 33
Tandberg gatekeeper user guide page 33 of 105 figure 12: configuring downspeeding options 7.4. Bandwidth control and firewall traversal when a border controller and gatekeeper are being used to traverse a firewall, an additional zone and subzone come into use, as follows: the traversal zone is used ...
Page 34
Tandberg gatekeeper user guide page 34 of 105 7.5. Bandwidth control examples 7.5.1. Example without a firewall one possible configuration for the deployment in figure 9 is shown in figure 13. Each of the offices is represented as a separate subzone, with bandwidth configured according to local poli...
Page 35
Tandberg gatekeeper user guide page 35 of 105 figure 15: border controller example configuration figure 15 shows how the border controller could be configured for the deployment in figure 14. The introduction of the firewalls means that there is no longer any direct connectivity between the branch a...
Page 36
Tandberg gatekeeper user guide page 36 of 105 8. Registration control the tandberg gatekeeper can control which endpoints are allowed to register with it. Two separate mechanisms are provided: a simple registration restriction policy, and an authentication process based on user names and passwords. ...
Page 37
Tandberg gatekeeper user guide page 37 of 105 figure 17: configuring registration restrictions 8.1.3. Managing entries in the allow and deny lists when adding entries to the allow and deny lists, you can either specify an exact alias or use pattern matching to specify a group of aliases. Pattern mat...
Page 38
Tandberg gatekeeper user guide page 38 of 105 8.2. Authentication the tandberg gatekeeper can use a user name and password based challenge-response scheme to permit registrations. For details of how to configure your endpoint with the appropriate information, please consult your endpoint manual. The...
Page 39
Tandberg gatekeeper user guide page 39 of 105 configuring ldap base dn the gatekeeper needs to be configured with the area of the directory which will be searched for the communication device information. This should be specified as the distinguished name (dn) in the directory under which the h.350 ...
Page 40
Tandberg gatekeeper user guide page 40 of 105 8.2.4. Securing the ldap connection with tls the traffic between the gatekeeper and the ldap server can be encrypted using transport layer security (tls). To use tls, the ldap server must have a valid certificate installed so that the gatekeeper can veri...
Page 41
Tandberg gatekeeper user guide page 41 of 105 9. Uri dialing 9.1. About uri dialing if an alias is not located in the gatekeeper's list of registrations, it may attempt to find an authoritative gatekeeper through the dns system. Uri dialing makes it easier for endpoints registered with different gat...
Page 42
Tandberg gatekeeper user guide page 42 of 105 in addition, the dns records should be updated with the address of the border controller as the authoritative gatekeeper for the enterprise (see appendix a). This ensures that calls placed using uri dialing enter and leave the enterprise through the bord...
Page 43
Tandberg gatekeeper user guide page 43 of 105 9.4. Dns records uri dialing relies on the presence of records in the dns information for the zone. For preference service (srv) records should be used. These specify the location of a server for a particular protocol and domain. Their format is defined ...
Page 44
Tandberg gatekeeper user guide page 44 of 105 10. Enum dialing 10.1. About enum dialing enum provides another dns-based dialing scheme. Users dial an e.164 number - a telephone number - which is converted in to an h.323 uri by the dns system. The rules for uri dialing are then followed to place the ...
Page 45
Tandberg gatekeeper user guide page 45 of 105 figure 19: setting the enum zone.
Page 46
Tandberg gatekeeper user guide page 46 of 105 10.3. Configuring dns naptr records enum relies on the presence of naptr records, as defined by rfc 2915 [7]. This is used to obtain an h.323 uri from the e.164 number. The record format that the gatekeeper supports is: ;; order flag preference service r...
Page 47
Tandberg gatekeeper user guide page 47 of 105 11. Example traversal deployments 11.1. Simple enterprise deployment figure 20: simple enterprise deployment figure 20 shows a typical enterprise deployment. Endpoints 1001, 1002 and a gatekeeper are deployed on a private network, separated from the publ...
Page 48
Tandberg gatekeeper user guide page 48 of 105 11.1.2. Enabling incoming uri calls in order to be able to receive calls placed to example.Com using uri dialing, configure the following: set example.Com as the domain name you are using on both the gatekeeper and border controller. This can be done via...
Page 49
Tandberg gatekeeper user guide page 49 of 105 11.3. Dialing public ip addresses figure 22: dialing a public ip address figure 22 shows a private endpoint (1001) calling an endpoint on a public ip address. In this case the public endpoint is not registered to a gatekeeper and can only be reached usin...
Page 50
Tandberg gatekeeper user guide page 50 of 105 11.5. Uri dialing from within the enterprise in this example, we want to set up our system so that users from within our enterprise can use uri dialing to call a user in another enterprise. To enable this: 1. Disable allow dns resolution on the tandberg ...
Page 51
Tandberg gatekeeper user guide page 51 of 105 12. Third party call control 12.1. About third party call control the gatekeeper provides a third party call control api which enables you to place calls, disconnect calls, or initiate a blind transfer of an existing call. The api is provided through the...
Page 52
Tandberg gatekeeper user guide page 52 of 105 12.3.2. Enabling call transfer to enable call transfer, either: issue the command: xconfiguration services calltransfer mode: or go to gatekeeper configuration -> services and in the call transfer section, tick the allow call transfer box (see figure 23)...
Page 53
Tandberg gatekeeper user guide page 53 of 105 13. Call policy 13.1. About call policy your tandberg gatekeeper allows you to set up policy to control which calls are allowed and even redirect selected calls to different destinations. You specify this policy by uploading a script written in the call ...
Page 54
Tandberg gatekeeper user guide page 54 of 105 13.2. Making decisions based on addresses 13.2.1. Address-switch the address-switch node allows the script to run different actions based on the source or destination aliases of the call. The address-switch specifies which fields to match and then a list...
Page 55
Tandberg gatekeeper user guide page 55 of 105 address the address construct is used within an address-switch to specify addresses to match. It supports the use of regular expressions (see appendix c for further information). Note: all address comparisons ignore upper/lower case differences so addres...
Page 56
Tandberg gatekeeper user guide page 56 of 105 13.3.2. Proxy on executing a proxy node the gatekeeper will attempt to forward the call to the locations specified in the current location set. If multiple entries are in the location set then they are treated as different aliases for the same destinatio...
Page 57
Tandberg gatekeeper user guide page 57 of 105 13.5.2. Call screening based on domain in this example, user fred will not accept calls from anyone at annoying.Com , or from any unauthenticated users. All other users will allow any calls. 13.5.3. Call redirection this example redirects all calls to us...
Page 58
Tandberg gatekeeper user guide page 58 of 105 14. Logging 14.1. About logging the gatekeeper provides logging for troubleshooting and auditing purposes. 14.2. Viewing the event log to view the event log, either issue the command: eventlog [n/all] where n the number of lines (from end of event log) t...
Page 59
Tandberg gatekeeper user guide page 59 of 105 14.4. Event log format the event log is displayed in an extension of the unix syslog format: date time host_name facility_name : message_details where date the local date on which the message was logged time the local time at which the message was logged...
Page 60
Tandberg gatekeeper user guide page 60 of 105 14.5. Logged events events logged at level 1 event description eventlog cleared an operator cleared the event log. Admin session start an administrator has logged onto the system. Admin session finish an administrator has logged off the system. System co...
Page 61
Tandberg gatekeeper user guide page 61 of 105 event description external server communication failure communication with an external server failed unexpectedly. The event detail data should differentiate between 'no response' and 'request rejected'. Servers concerned are: dns ldap servers neighbor g...
Page 62
Tandberg gatekeeper user guide page 62 of 105 event data fields each event has associated data fields. Fields are listed below in the order in which they appear in the log message. Field description applicable events protocol specifies which protocol was used for the communication. Valid values are ...
Page 63
Tandberg gatekeeper user guide page 63 of 105 field description applicable events src-ip specifies the source ip address (the ip address of the device attempting to establish communications). The source ip is recorded in the dotted decimal format: (number).(number).(number).(number) or the ipv6 colo...
Page 64
Tandberg gatekeeper user guide page 64 of 105 field description applicable events time a full utc timestamp in yyyy/mm/dd-hh:mm:ss format. Using this format permits simple ascii text sorting/ordering to naturally sort by time. This is included due to the limitations of standard syslog timestamps. Al...
Page 65
Tandberg gatekeeper user guide page 65 of 105 15. Software upgrading 15.1. About software upgrading software upgrade can be done in one of two ways: using a web browser (http/https). Using secure copy (scp). Note: to upgrade the gatekeeper, a valid release key and software file is required. Contact ...
Page 66
Tandberg gatekeeper user guide page 66 of 105 3. Browse to the file containing the software and select install . You will see a page indicating that upload is in progress: when the upload is completed you will see the following: 4. Select restart . You will see a confirmation window: the system will...
Page 67
Tandberg gatekeeper user guide page 67 of 105 to upgrade using scp or pscp: 1. Make sure the system is turned on and available on ip. 2. Upload the release key file using scp/pscp to the /tmp folder on the system e.G. Scp release-key root@10.0.0.1:/tmp/release-key or pscp release-key root@10.0.0.1:/...
Page 68
Tandberg gatekeeper user guide page 68 of 105 16. Command reference this chapter lists the basic usage of each command. The commands also support more advanced usage, which is outside the scope of this document. 16.1. Status the status root command, xstatus , returns status information from the gate...
Page 69
Tandberg gatekeeper user guide page 69 of 105 16.1.5. Externalmanager xstatus externalmanager returns information about the external manager. The external manager is the remote system, such as the tandberg management suite (tms) used to manage the endpoints and network infrastructure. Address return...
Page 70
Tandberg gatekeeper user guide page 70 of 105 16.1.9. Links xstatus links r eports call and bandwidth information for all links on the system. Xstatus links link index> reports call and bandwidth information for the specified link. Name returns the name assigned to this link calls returns a list of ...
Page 71
Tandberg gatekeeper user guide page 71 of 105 16.1.13. Resourceusage xstatus resourceusage returns information about the usage of system resources. Registrations number of currently active registrations. Maxregistrations maximum number of concurrent registrations since system traversalcalls number o...
Page 72
Tandberg gatekeeper user guide page 72 of 105 16.1.16. Zones xstatus zones returns call and bandwidth information for all zones on the system. Also shows status of the zone as a whole and the status of each gatekeeper in the zone. 16.2. Configuration the configuration root command, xconfiguration , ...
Page 73
Tandberg gatekeeper user guide page 73 of 105 xconfiguration authentication mode: specifies whether or not to use h.235 authentication of calls and registrations. The default is off : no authentication is required. 16.2.2. Ethernet xconfiguration ethernet speed: sets the speed of the ethernet link. ...
Page 74
Tandberg gatekeeper user guide page 74 of 105 xconfiguration gatekeeper callstounknownipaddresses: specifies whether or not the gatekeeper will attempt to call systems which are not registered with it or one of its neighbor gatekeepers. Options are: direct allows an endpoint to make a call to an unk...
Page 75
Tandberg gatekeeper user guide page 75 of 105 xconfiguration gatekeeper registration allowlist [1..1000] pattern: pattern> specifies a pattern in the list of allowed registrations. If one of an endpoint's aliases matches one of the patterns in the allow list, the registration will be allowed. Xconfi...
Page 76
Tandberg gatekeeper user guide page 76 of 105 16.2.5. Http/https commands under the http and https nodes control web access to the gatekeeper. Xconfiguration http mode: enables/disables http support. The default is on . You must restart the system for changes to take effect. Xconfiguration https mod...
Page 77
Tandberg gatekeeper user guide page 77 of 105 xconfiguration ip dns domain name: name> specifies the name to be appended to the domain name before a query to the dns server is executed, when attempting to resolve a domain name which is not fully qualified. Note: this parameter is only used when atte...
Page 78
Tandberg gatekeeper user guide page 78 of 105 16.2.10. Ntp xconfiguration ntp address: ipaddress> sets the ip address of the ntp server to be used when synchronizing system time. Accurate timestamps play an important part in authentication, helping to guard against replay attacks. 16.2.11. Option ke...
Page 79
Tandberg gatekeeper user guide page 79 of 105 16.2.14. Session xconfiguration session timeout: controls how long an administration session (https, telnet or ssh) may be inactive before the session is timed out. A value of 0 turns session time outs off. The default is 0 . You must restart the system ...
Page 80
Tandberg gatekeeper user guide page 80 of 105 xconfiguration subzones traversalsubzone bandwidth percall limit: per-call bandwidth available on the traversal subzone. Xconfiguration subzones traversalsubzone bandwidth percall mode: whether or not the traversal subzone is enforcing per-call bandwidth...
Page 81
Tandberg gatekeeper user guide page 81 of 105 16.2.18. Systemunit xconfiguration systemunit name: the name of the unit. Choose a name that uniquely identifies the system. Xconfiguration systemunit password: specify the password of the unit. The password is used to login with telnet, http(s), ssh, sc...
Page 82
Tandberg gatekeeper user guide page 82 of 105 xconfiguration zones traversalzone match [1..5] mode: the zone match mode determines when an lrq will be sent to gatekeepers in the zone. If the mode is set to alwaysmatch the zone will always be queried. If the mode is set to patternmatch , the zone wil...
Page 83
Tandberg gatekeeper user guide page 83 of 105 xconfiguration zones zone [1..100] match [1..5] pattern string: pattern> the pattern to be used when deciding whether or not to query a zone. This is only used if the zone's match mode is set to alwaysmatch . Xconfiguration zones zone [1..100] match [1.....
Page 84
Tandberg gatekeeper user guide page 84 of 105 16.3. Command the command root command, xcommand , is used to execute commands on the gatekeeper. To list all xcommand s type: xcommand ? To get usage information for a specific command, type: xcommand command_name> ? 16.3.1. Allowlistadd xcommand allowl...
Page 85
Tandberg gatekeeper user guide page 85 of 105 16.3.7. Credentialdelete xcommand credentialdelete deletes the indexed credential. 16.3.8. Defaultlinksadd xcommand defaultlinksadd restores the factory default links for bandwidth control. 16.3.9. Defaultvaluesset xcommand defaultvaluesset level resets ...
Page 86
Tandberg gatekeeper user guide page 86 of 105 16.3.12. Dial xcommand dial bandwidth: places call halves out to the specified source and destination, joining them together. Callsrc and calldst can be specified using either an alias or ip address. Bandwidth is in kbps. 16.3.13. Disconnectcall xcommand...
Page 87
Tandberg gatekeeper user guide page 87 of 105 16.3.15. Feedbackderegister xcommand feedbackderegister deregisters the specified feedback expression. All registered feedback expressions may be removed by issuing the command: xcommand feedbackderegister 0 16.3.16. Findregistration xcommand findregistr...
Page 88
Tandberg gatekeeper user guide page 88 of 105 16.3.23. Pipedelete xcommand pipedelete deletes the pipe with the specified index. 16.3.24. Removeregistration xcommand removeregistration removes the specified registration. 16.3.25. Subzoneadd xcommand subzoneadd name> address> adds and configures a ne...
Page 89
Tandberg gatekeeper user guide page 89 of 105 16.3.28. Transformdelete xcommand transformdelete deletes the transform with the specified index. Note: a list of all current transforms can be obtained using the command: xconfiguration gatekeeper transform . 16.3.29. Zoneadd xcommand zoneadd name> ipad...
Page 90
Tandberg gatekeeper user guide page 90 of 105 16.4. History the history root command, xhistory , is used to display historical data on the gatekeeper. To list all xhistory commands type: xhistory ? To list all history data, type: xhistory to show a specific set of history data, type: xhistory 16.4.1...
Page 91
Tandberg gatekeeper user guide page 91 of 105 16.5. Feedback the feedback root command, xfeedback , is used to control notifications of events and status changes on the gatekeeper. A feedback expression describes an interesting event or change in status. When a feedback expression is registered, a n...
Page 92
Tandberg gatekeeper user guide page 92 of 105 16.5.3. Register event xfeedback register event registers for all available events. Xfeedback register event/ unregistration/bandwidth/resourceusage> registers for feedback on the occurrence of the specified event. Note: registering for the resourceusage...
Page 93
Tandberg gatekeeper user guide page 93 of 105 16.6. Other commands 16.6.1. About about returns information about the software version installed on the system. 16.6.2. Clear clear clears the event log or history of all calls and registrations. 16.6.3. Eventlog eventlog n/all> displays the event log. ...
Page 94
Tandberg gatekeeper user guide page 94 of 105 17. Appendix a: configuring dns servers in the examples below, we set up an srv record to handle h.323 uris of the form user@example.Com these are handled by the system with the fully qualified domain name of gatekeeper1.Example.Com which is listening on...
Page 95
Tandberg gatekeeper user guide page 95 of 105 18. Appendix b: configuring ldap servers 18.1. Microsoft active directory 18.1.1. Prerequisites these comprehensive step-by-step instructions assume that active directory is installed. For details on installing active directory please consult your window...
Page 96
Tandberg gatekeeper user guide page 96 of 105 18.1.3. Securing with tls to enable active directory to use tls, you must request and install a certificate on the active directory server. The certificate must meet the following requirements: be located in the local computer's personal certificate stor...
Page 97
Tandberg gatekeeper user guide page 97 of 105 18.2.3. Adding h.350 objects 1. Create the organizational hierarchy create an ldif file with the following contents: # this example creates a single organizational unit to contain # the h.350 objects dn: ou=h350,dc=my-domain,dc=com objectclass: organizat...
Page 98
Tandberg gatekeeper user guide page 98 of 105 18.2.4. Securing with tls the connection to the ldap server can be encrypted by enabling transport level security (tls) on the connection. To do this you must create an x.509 certificate for the ldap server to allow the gatekeeper to verify the server's ...
Page 99
Tandberg gatekeeper user guide page 99 of 105 19. Appendix c: regular expression reference regular expressions can be used in conjunction with a number of gatekeeper features such as alias transformations, zone transformations, cpl policy and enum. The gatekeeper uses posix format regular expression...
Page 100
Tandberg gatekeeper user guide page 100 of 105 20. Appendix d: technical data 20.1. Technical specifications 20.1.1. System capacity 2500 registered traversal endpoints 100 traversal calls at 384 kbps 500 non-traversal calls 100 zones option keys may restrict the system to a lower capacity than spec...
Page 101
Tandberg gatekeeper user guide page 101 of 105 20.1.9. Hardware mtbf hardware mtbf: 80,479 hours 20.1.10. Power supply 250 watt 90-264v full range @47- 63 hz 20.1.11. Certification lvd 73/23/ec emc 89/366/ecc 20.2. Approvals this product has been approved by various international approval agencies, ...
Page 102
Tandberg gatekeeper user guide page 102 of 105 21. Bibliography 1 itu specification: h.235 security and encryption for h-series (h.323 and other h.245-based) multimedia terminals http://www.Itu.Int/rec/t-rec-h.235/en 2 itu specification: h.350 directory services architecture for multimedia conferenc...
Page 103
Tandberg gatekeeper user guide page 103 of 105 22. Glossary alias the name an endpoint uses when registering with the gatekeeper. Other endpoints can then use this name to call it. Arq, admission request an endpoint ras request to make or answer a call. Dns zone a subdivision of the dns namespace. E...
Page 104
Tandberg gatekeeper user guide page 104 of 105 23. Index — a — about .........................................................................93 account administrator account........................................19 root account......................................................19 active directo...
Page 105
Tandberg gatekeeper user guide page 105 of 105 ldap ................................................................... 38, 69 ldap over tls.................................................... 40, 96 ldap schema............................................................96 ldap servers - configuring...