Professional Documents
Culture Documents
BC-ProxySWG-6 5 1 1 - OT PDF
BC-ProxySWG-6 5 1 1 - OT PDF
Inter-Working Report
Partner: Blue Coat
Application type: Reverse Proxy
Application name: ProxySWG Virtual Appliance
Alcatel-Lucent Platform: OpenTouch
The product and release listed have been tested with the Alcatel-Lucent Communication Platform and the release specified
hereinafter. The tests concern only the inter-working between the AAPP members product and the Alcatel-Lucent
Communication Platform. The inter-working report is valid until the AAPP members product issues a new major release of
such product (incorporating new features or functionality), or until Alcatel-Lucent issues a new major release of such
Alcatel-Lucent product (incorporating new features or functionalities), whichever first occurs.
ALCATEL-LUCENT MAKES NO REPRESENTATIONS, WARRANTIES OR CONDITIONS WITH RESPECT TO THE APPLICATION
PARTNER PRODUCT. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, ALCATEL-LUCENT HEREBY EXPRESSLY
DISCLAIMS ANY AND ALL REPRESENTATIONS, WARRANTIES OR CONDITIONS OF ANY NATURE WHATSOEVER AS TO THE
AAPP MEMBERS PRODUCT INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON
INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE AND ALCATEL-LUCENT FURTHER SHALL HAVE NO LIABILITY
TO AAPP MEMBER OR ANY OTHER PARTY ARISING FROM OR RELATED IN ANY MANNER TO THIS CERTIFICATE.
Certification overview
Date of certification
November 2013
Alcatel-Lucents representative
AAPP member representative
Alcatel-Lucent Communication
Platform
Alcatel-Lucent Communication
Platform Release
AAPP member application version
Application Category
Author(s):
Reviewer(s):
Florian Residori
Claire Dechrist
Jana Whitcomb
OpenTouch BE/MS
OT 1.3 (1.3.000.042)
Model V100, v6.5.1.1
SWG Edition
Security
Gateway
Collaboration & UC
Revision History
Edition 1: creation of the document November 2013
Test results
Passed
Refused
Postponed
Contact name:
Title:
Jana Whitcomb
Managing Director, Global Service Providers
Address:
Zip Code:
City:
Country:
Phone:
Fax:
Mobile Phone:
+1 206-799-2726
Web site:
Email address:
www.bluecoat.com
Jana.whitcomb@bluecoat.com
TABLE OF CONTENTS
1 INTRODUCTION ......................................................................................................................................... 6
1.1 GLOSSARY .................................................................................................................................................. 7
2 VALIDITY OF THE INTERWORKING REPORT .................................................................................. 8
3 LIMITS OF TECHNICAL SUPPORT ........................................................................................................ 9
3.1 CASE OF ADDITIONAL THIRD PARTY APPLICATIONS ...................................................................................... 9
4 SUMMARY OF TEST RESULTS ............................................................................................................. 10
4.1 SUMMARY OF THE MAIN FEATURES TESTED................................................................................................. 10
4.2 SUMMARY OF PROBLEMS ........................................................................................................................... 11
4.3 SUMMARY OF LIMITATIONS........................................................................................................................ 11
4.4 NOTES, REMARKS ..................................................................................................................................... 11
5 APPLICATION INFORMATION ............................................................................................................. 12
6 TEST ENVIRONMENT ............................................................................................................................. 14
6.1 TESTS PERFORMED ................................................................................................................................... 14
6.2 GENERAL ARCHITECTURE .......................................................................................................................... 15
6.3 HARDWARE CONFIGURATION ..................................................................................................................... 16
6.4 SOFTWARE CONFIGURATION...................................................................................................................... 16
6.4.1 Alcatel-Lucent Communication Platform OT ............................................................................. 16
6.4.2 Partner Application ....................................................................................................................... 16
7 TEST RESULT TEMPLATE ..................................................................................................................... 17
8 TEST RESULTS .......................................................................................................................................... 18
8.1 CLIENT INITIALIZATION AND AUTHENTICATION .......................................................................................... 18
8.2 OUTGOING CALLS ..................................................................................................................................... 19
8.3 INCOMING CALLS ...................................................................................................................................... 20
8.4 FEATURES DURING CONVERSATION ............................................................................................................ 21
8.5 WEB SERVICES ......................................................................................................................................... 23
8.6 MYTEAMWORK SERVICES (ONLY FOR MYIC PC) ........................................................................................ 24
8.7 VIDEO ...................................................................................................................................................... 25
9 APPENDIX A: AAPP MEMBERS APPLICATION DESCRIPTION .................................................. 27
9.1 SECURE WEB GATEWAY WITH THE FLEXIBILITY OF VIRTUALIZATION .............................. 27
10 APPENDIX B: CONFIGURATION REQUIREMENTS OF THE AAPP MEMBERS
APPLICATION .............................................................................................................................................. 29
10.1 IMPORTING A ROOT CA CERTIFICATE ..................................................................................................... 30
10.2 CREATING CERTIFICATE LIST .................................................................................................................. 32
10.3 CREATING A PROXYSG CERTIFICATE ....................................................................................................... 33
10.3.1 Creating ProxySG keyring ......................................................................................................... 33
10.3.2 Creating a Certificate Signing Request .................................................................................... 34
10.3.3 Importing your certificate ......................................................................................................... 35
10.4 CREATING THE PROXY SERVICES ............................................................................................................. 36
10.5 CREATING THE FORWARDING HOSTS ...................................................................................................... 40
10.5.1 Host1: OT_443 ........................................................................................................................... 41
10.5.2 Host2: OT_8016 ......................................................................................................................... 42
10.6 CONFIGURING LDAP EXTERNAL AUTHENTICATION ................................................................................... 43
10.7 CREATING POLICY .................................................................................................................................. 47
10.7.1 Configuring the Forwarding Layer ........................................................................................... 48
1 Introduction
This document is the result of the certification tests performed between the AAPP members
application and Alcatel-Lucents platform.
It certifies proper inter-working with the AAPP members application.
Information contained in this document is believed to be accurate and reliable at the time of printing.
However, due to ongoing product improvements and revisions, Alcatel-Lucent cannot guarantee
accuracy of printed material after the date of certification nor can it accept responsibility for errors or
omissions. Updates to this document can be viewed on:
-
1.1 Glossary
API
AAA
CA
DMS
CSR
Certificate Signing Request. This is file generated by a server to get signed by a
CA which will deliver a signed certificate.
DN
Distinguished Name
DNS
EVS
Event server
FQDN
Fully Qualified Domain Name. A domain name that specifies its exact location in
the tree hierarchy of the Domain Name System (DNS). It specifies all domain levels,
including the top-level domain, relative to the root domain. Ex: myhost.mydomain.com
IM
Instant Messaging
MyIC
My Instant Communicator
LDAP
Lightweight Directory Access Protocol. This is a directory that can be used as an
authentication server.
OTES
PLMN
PKI
Public Key Infrastructure. It provides digital certificates that can identify an
individual or an organization and directory services that can store and, when necessary,
revoke the certificates.
RP
Reverse Proxy
SBC
SSL TLS
Transport Layer Security (formerly Secure Socket Layer). It allows
client/server applications to communicate across a network in a way designed to prevent
eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and
communications confidentiality over the Internet using cryptography.
Note: The InterWorking report becomes automatically obsolete when the mentioned product
releases are end of life.
Feature
N/A
OK
OK
But
NOK
5 Application information
Application commercial name:
Application version:
Interface type:
Blue Coat ProxySG appliances offer a comprehensive foundation for the Blue Coat Secure Web
Gateway solution and advanced WAN Optimization feature sets. ProxySG appliances combine highperformance hardware with Blue Coat SGOS, a custom, object-based operating system that enables
flexible policy control over content, users, applications and protocols.Blue Coat ProxySG appliances
enable enterprise customers to:
Protect internal users and networks from spyware and other attacks.
Accelerate application performance for files, email, Web, SSL, and rich media applications.
Intranet Portal
Software Distribution
Secure Custom OS
Fast end user Response
Easily Manageable/Scalable Solution
SSL Termination
SSO
The following list details the Blue Coat ProxySG Reverse Proxy Deployment features that are
used for the Alcatel-Lucent solution deployment:
The following diagram describes a typical redirection policy implemented on the Blue Coat ProxySG
for the Alcatel-Lucent solution.
6 Test environment
6.1 Tests performed
This document describes the tests of homeworker scenario using Blue Coat ProxySG and MyIC
PC SIP/ MyIC Mobile Android applications in the context of OT solution release 1.3.000.42
Blue Coat ProxySG has been virtualized on Vmware eSXI 5.1 environment.
MyIC clients use an internet connection on the WAN. Remote user is connected to the enterprise
network through the RP in HTTPS and to a SBC in SIP without media encryption.
OT users have several devices: at least a MyIC PC or Android and a MyICPhone desktop phone
(8082).
The way to configure OT server, MyIC PC/Android clients and Blue Coat ProxySG is described in the
Appendix.
MyIC client sends web requests to OT server through Blue Coat reverse proxy which forwards the
requests to the OT server located in the trusted zone.
Users can be authenticated by the RP using LDAP authentication.
Blue Coat ProxySG Deployment:
Public fqdn: https://opentouch2.aapp-etesting.com
Public IP address: 83.206.62.68
Internal fqdn: rp.etesting.lab
Internal IP address: 10.1.2.23
Operating system: SGOS 6.5.1.1 SWG Edition
Alcatel-Lucent Communication Platform:
IP address: 10.1.2.85
fqdn: ice2.etesting.lab
DNS: 10.1.2.15
Alcatel-Lucent OT:
HP Proliant DL120 G6
OT version 1.3.000.042
MyIC PC SIP client version 5.2.009.002
MyIC Mobile Android client version 4.3.2
Test Case
N/A
OK
NOK
Comment
Test case 1
Action
Expected result
Test case 2
Action
Expected result
Test case 3
Action
Expected result
Test case 4
Action
Expected result
Test Case Id: a feature testing may comprise multiple steps depending on its complexity. Each
step has to be completed successfully in order to conform to the test.
Test Case: describes the test case with the detail of the main steps to be executed the and the
expected result
N/A: when checked, means the test case is not applicable in the scope of the application
OK: when checked, means the test case performs as expected
NOK: when checked, means the test case has failed. In that case, describe in the field Comment
the reason for the failure and the reference number of the issue either on Alcatel-Lucent side or on
Application Partner side
Comment: to be filled in with any relevant comment. Mandatory in case a test has failed especially
the reference number of the issue.
8 Test Results
In all following sections, the SIP client under test is an external user; It has been declared on the
public side of the RP. For this remote user, MyIC PC SIP/Android has been configured to connect
to OT via Blue Coat ProxySG reverse proxy.
Test
Case
Id
1
Test Case
N/A
NOK
Comment
Application initialization
MyIC PC SIP basic connection to the OT
through reverse proxy
OK
Authentication
certificate must
disabled on the
(not supported
MyIC
PC
Android)
User logout/login
User logout/login without exiting the
application.
Application exit
Stop MyIC client.
via
be
RP
on
and
Test
Case
Id
1
Test Case
N/A
OK
NOK
Comment
A
Check that the call is established
2
Test
Case
Id
1
Test Case
N/A
OK
NOK
Comment
Test Case
N/A
OK
NOK
Comment
Hold/Resume
Call from User A (MyIC PC SIP/Android) to
User B and establish the call.
Put User B on hold.
Test
Case
Id
Test Case
N/A
OK
NOK
Comment
User picture
Test
Case
Id
1
Test Case
N/A
OK
NOK
Comment
Event notifications
Missed call event
Test Case
IM
Whiteboard
N/A
OK
NOK
Comment
8.7 Video
Test
Case
Id
1
Test Case
OK
NOK
Comment
N/A
Test
Case
Id
Test Case
N/A
OK
NOK
Comment
Forwarding Layer: defines the mapping between the requests received by the ProxySG RP
and those forwarded to the backend servers.
Web Authentication Layer: defines the authentication method used at the ProxySG RP.
Enter the CA Name (for example CA_etesting) and the paste the certificate in the CA Certificate
PEM field.
Click on Close
Click on Apply
Reedit your Keyring.
Copy your CSR to text file and make it signed by your PKI (CA_etesting in our case).
For Primary server host: enter the name of your LDAP server.
Go to LDAP DN tab
Click on New
In Add Base DNs: type in something like: dc=etesting,dc=lab
Right-click on Action
Select New
Select Forwarding
Name: Forwarding_OT_443
Check Forward To:
And choose OT_443
Name: OT_8016
Check Advanced Match
Scheme: HTTPS
Host: enter the OT FQDN
Port: 8016
Click on OK
Right-click on Action
Select New
Select Forwarding
Name: Forwarding_OT_8016
Check Forward To:
And choose OT_443
10.7.2 Configuring a Web Authentication Layer for client authentication by loginpassword with LDAP directory
Click on Policy in tool bar, right click on Add Web Authentication Layer --> a new Tab is
added
Name it adequately e.g. Authenticate_LDAP
While still selected, Click on Add rule
Right-click in Action row, Set
New , Authenticate object
Click on OK.
Professional
Services
Training
Services
Purchase
Support
Renew
Support
K9 Web
Protection
+6 03-2687-7501
Japan: +81 335808390
Worldwide: +1 408-541-3700 (case escalation)
customercare@bluecoat.com (BlueTouch Online account login, licensing, entitlement )
renewals-na@bluecoat.com
renewals-emea@bluecoat.com
renewals-apac@bluecoat.co
renewals-latam@bluecoat.com
K9 Online Support or K9 Online Instant Support (Online 24x7)
Web site
The Application Partner Portal is a website dedicated to the AAPP program and where the
InterWorking Reports can be consulted. Its access is free at
http://applicationpartner.alcatel-lucent.com
13.2 Alcatel-Lucent.com
You can access the Alcatel-Lucent website at this URL: http://www.Alcatel-Lucent.com/
(*) The Application Partner Business Partner can be a Third-Party company or the AlcatelLucent Business Partner itself
The Application Partner shall be contacted first by the Business Partner (responsible for
the application, see figure in previous page) for an analysis of the problem.
The Alcatel-Lucent Business Partner will escalate the problem to the Alcatel-Lucent
Support Center only if the Application Partner has demonstrated with traces a problem
on the Alcatel-Lucent side or if the Application Partner (not the Business Partner) needs
the involvement of Alcatel-Lucent.
In that case, the Alcatel-Lucent Business Partner must provide the reference of the Case
Number on the Application Partner side. The Application Partner must provide to AlcatelLucent the results of its investigations, traces, etc, related to this Case Number.
Alcatel-Lucent reserves the right to close the case opened on his side if the investigations
made on the Application Partner side are insufficient or do no exist.
Note: Known problems or remarks mentioned in the IWR will not be taken into account.
For any issue reported by a Business Partner outside the scope of the IWR, Alcatel-Lucent offers
the On Demand Diagnostic service where Alcatel-Lucent will provide 8 hours assistance against
payment.
IMPORTANT NOTE 1: The possibility to configure the Alcatel-Lucent PBX with ACTIS quotation
tool in order to interwork with an external application is not the guarantee of the availability and
the support of the solution. The reference remains the existence of a valid InterWorking Report.
Please check the availability of the Inter-Working Report on the AAPP (URL:
https://private.applicationpartner.alcatel-lucent.com) or Enterprise Business Portal (Url: Enterprise
Business Portal) web sites.
access to the Alcatel-Lucent platform (remote access, login/password) being the Business Partner
responsibility.
Supported language
France
Belgium
French
Luxembourg
Germany
Austria
German
Switzerland
United Kingdom
Italy
Australia
Denmark
Ireland
Netherlands
+800-00200100
South Africa
Norway
Poland
English
Sweden
Czech Republic
Estonia
Finland
Greece
Slovakia
Portugal
Spain
For other countries:
English answer:
French answer:
German answer:
Spanish answer:
Spanish
+
+
+
+
1
1
1
1
650
650
650
650
385
385
385
385
2193
2196
2197
2198
END OF DOCUMENT
Alcatel-Lucent Application Partner Program Inter-working report
Copyright 2013 Alcatel-Lucent, All rights reserved