Learn How To: Get Started With Your Softswitch: Switching Basics

Learn How To
Get Started With

Your Softswitch:
Switching Basics
Richard Stamp
CONFIDENTIAL
Copyright 2000 – 2014 Metaswitch Networks. All rights reserved.
This manual is issued on a controlled basis to a specific person on the

understanding that no part of the Metaswitch Networks product code or
documentation (including this manual) will be copied or distributed without prior
agreement in writing from Metaswitch Networks.
Metaswitch Networks reserves the right to, without notice, modify or revise all
or part of this document and/or change product features or specifications and
shall not be responsible for any loss, cost, or damage, including consequential
damage, caused by reliance on these materials.
Metaswitch and the Metaswitch logo are trademarks of Metaswitch Networks.

Other brands and products referenced herein are the trademarks or registered
trademarks of their respective holders.
29 August 2014
CONFIDENTIAL
Contents
Learn How To Page
Get to grips with the guide.....................................................................................................7
Sign up for Metaswitch Communities.....................................................................................9
Find your way around your deployment................................................................................19
Find your way around your network......................................................................................25
Configure your software
Install MetaView Explorer......................................................................................................31
Log in to MetaView Explorer.................................................................................................35
Find your way around the object tree....................................................................................41
Work with objects in MetaView Explorer...............................................................................49
Connect to the Craft terminal...............................................................................................55
Find your way around Craft..................................................................................................61
Transfer files to and from a server.........................................................................................65
Take a manual backup.........................................................................................................71
Set up automatic backups...................................................................................................75
Restore your system from a backup.....................................................................................83
Understand hardware and software redundancy..................................................................87
Maintain your hardware
Get to know your hardware..................................................................................................91
Replace your fan filters.......................................................................................................105
CONFIDENTIAL
Contents
Learn How To Page
Replace a failed hardware component................................................................................113
Identify problems
Work with logs...................................................................................................................119
Work with alarms................................................................................................................129
Be notified about logs and alarms......................................................................................139
Configure trunks
Understand trunks..............................................................................................................145
Configure a SIP trunk.........................................................................................................149
Select a Remote Media Gateway Model for a SIP trunk......................................................155
Activate an E1 or T1...........................................................................................................165
Configure SS7 links............................................................................................................173
Configure an ISUP media channel......................................................................................187
Set up an ISDN trunk.........................................................................................................195
Set up billing
Configure billing..................................................................................................................199
Download billing files..........................................................................................................205
Interpret billing files.............................................................................................................209
Use your Service Assurance Server
Get a certificate for your Service Assurance Server.............................................................213
CONFIDENTIAL
Contents
Learn How To Page
Link your Service Assurance Server and MetaView Server..................................................223
Set up access to Service Assurance Server........................................................................229
Check a call in Service Assurance Server...........................................................................233
Track the steps of call processing in Service Assurance Server...........................................241
Export a call record for further analysis...............................................................................247
Keep your Service Assurance Server running smoothly......................................................251
Get help
Troubleshoot common problems........................................................................................257
Get help from other members of Metaswitch Communities.................................................261
Raise a ticket with Metaswitch Support..............................................................................267
Call 24x7 support...............................................................................................................275
Diagnose network problems by snooping IP trace..............................................................277
Obtain API trace for your support representative................................................................281
Track down who made a configuration change...................................................................287
Record call media...............................................................................................................291
Check IP connectivity using ping and traceroute................................................................299
Gather diagnostics for an ongoing problem........................................................................303
Gather diagnostics for a historical problem.........................................................................307
Switch to the warm standby MetaView Server....................................................................311
CONFIDENTIAL
Contents
Learn How To Page
Manage your Support VPN.................................................................................................315
Manage user accounts
Give a new user access to MetaView Explorer....................................................................319
Change a MetaView user's password.................................................................................323
Give a new user access to the Craft terminal......................................................................327
Change a Craft terminal user's password...........................................................................331
Make use of updates
Keep in touch with new features.........................................................................................335
Update your software.........................................................................................................339
Find further information
Find detailed information in the Metaswitch Support Community........................................347
Check interoperability in the Metaswitch Mosaic Community..............................................355
Get further training.............................................................................................................359
Let us know what you thought about the guide..................................................................365
CONFIDENTIAL
Get to grips with the guide
Introduction
You've chosen Metaswitch for your Class 4 service! And needless to say, you've made a great
decision. But even if you're a seasoned telecoms veteran, there's a lot to learn about your new
kit - and that's where this guide comes in.
Over the sixty-odd Lessons which make up this guide, I'll teach you all you need to know about
getting your system up and running. The syllabus is based on our popular classroom training
course - so we'll skip the detailed bookwork, and get straight down to leaning the essential
skills you're going to need.
This is a hands-on, practical guide. If you're reading it sitting in an armchair (or in a conference
room or on a plane) then you're in the wrong place! You'll get the most out of the Lessons by
working through them step-by-step, carrying out real tasks on your real system. That way, by
the time you reach the end of the guide, you'll not only be a capable Metaswitch technician...
you'll have the makings of a fully-functional Metaswitch system.
Metaswitch products and Class 4

As I'm sure you know, Class 4 switches don't connect directly to any telephones. Instead, they
form the backbone of the telecom network - linking up to other Class 4 switches, and to the
Class 5 switches which make the final link to subscribers.
This guide is specific to Class 4 - and since you're reading it, the chances are your system
is licensed for Class 4 function alone. But just so you know, Metaswitch products in general
support an extensive range of Class 5 features. So when you're reading our other manuals,
don't be surprised to spot references to "subscribers", "call services", and other topics which
just aren't relevant in a Class 4 world.
Did you know? We talk about Class 4 and Class 5 switches, but what happened to
Classes 1, 2 and 3? The terminology comes from the early days of direct-dial service in the
United States, when AT&T arranged a hierarchy of exchanges from Class 1 (international
gateways) down to Class 4 (connecting different regions of a city). In modern times,
technological advances have blurred the lines between these scenarios - and Class 4
happens to be the name that stuck for all of them.
A few assumptions
To keep this guide as simple as I can, I've made a couple of educated guesses about your
Metaswitch products.
• I'll assume that you bought your system comparatively recently. For that reason, I'll only be
talking about our most recent hardware - and when I describe our features and interfaces,
I won't bother to point out if things were different in the past. If you're using this guide with
an older system, don't be too surprised if you spot some minor disparities.
• Some aspects of telecoms protocols vary from country to country. Although this guide is
valid throughout the world, when it comes to the examples, I'll be focusing on the variants
common in Europe, the Middle East and Africa. If you're located in another region, look out
for special notes about the differences that apply to you.
And I'm making one assumption about you, as well! Before we begin, I'll expect you to
understand the basics of the telecoms protocols you're using in your deployment. For example,
if you have any SS7 trunks, you ought to understand the role of ISUP, MTP3 and MTP2 - even if
CONFIDENTIAL 7
you're not too familiar with all the details. There are plenty of resources available on the internet
if you need to get up to speed.
Ready then? Let's get started.
Note: This Learn How To guide is written for MetaSphere V8.3 If you have a different version of this
product, some of the steps in the tasks may differ. Please refer to the relevant version of the
product manuals where this is the case.
8 CONFIDENTIAL
Sign up for Metaswitch Communities
About Metaswitch Communities
As you work through these Lessons, you'll often hear me talk about our self-help website,
Metaswitch Communities. It's the first place you'll turn for in-depth information on your
Metaswitch products - and it's also home to a thriving band of Metaswitch users, always ready
to help each other with advice or shared expertise.
Metaswitch Communities is a members-only website, and it sometimes takes a couple of days
to complete the process of joining. So, let's get the wheels in motion straight away! There are
a few Lessons to go before you'll need to refer to Communities for the first time, but it's good
to know that everything will be ready when that moment comes.
Start here
In this Lesson, you will learn how to:
• sign up for a Metaswitch Communities account
• have your account upgraded to full access
• log on to an existing account
• find your way around the four Metaswitch Communities.
Task 1: Sign up for a Metaswitch Communities account

Before you can use Metaswitch Communities, you'll need to sign up for an individual
account. Using your personal account, you can participate in discussions, get help from other
Communities members, make comments or ask questions. You can also receive personalized
notifications when material's added to areas which interest you.
I'll talk more about all these features over the course of this guide. In the meantime, let's get
you signed up for the website.
1. First of all, if you have any colleagues who are already registered for Metaswitch
Communities, ask them to check your Company ID. They can find it in the header bar
after they've logged on - here's mine:
If you don't have anyone you can ask for your Company ID, don't worry. It just means there'll
be a brief delay between creating your account and getting full access to Communities.
2. Go to the Metaswitch Communities website, at http://communities.metaswitch.com.
3. You can set up a new account right here, on the login page. To get started, type your email
address into the box on the right - like this:
CONFIDENTIAL 9
Warning! Be sure to use your professional email address - one which is “at” the company you work for
- rather than an account on a platform like Gmail or Yahoo.
4. Press Confirm address to send yourself an email.

I'm sure you know how this bit works. To check you really are who you say you are, the
website will send you a message. It'll contain a link, which you'll need to click before you
can carry on.
The mail usually arrives within a few seconds - so if you don't see it, take a look in your
spam folders.
5. Got the email? Clicked on the link? This is what you'll see:
Click Create your account and profile to continue with registration.
10 CONFIDENTIAL
6. I won't bother to show you the next page. It's a straightforward registration form, where
you'll fill in your name and set up a password. This is also where you'll type in your Company
ID, if you were able to find it out earlier.
7. OK, done that? Here's what comes next:
Of course, this step's optional. But one of the benefits of joining Communities is that you
can link up with other Metaswitch users... and it's easier to talk to someone if you can
picture them. So do take a moment to upload a photo (of yourself, your surroundings, or a
cute fluffy animal of your choice).
A bit further down the same page, you can choose your privacy settings - who can see
your name (by default, everyone) and email address (by default, no-one).
8. After you've completed this page, you have one last chance to check you're happy with
your listing on the Communities site.
If everything seems fine, go ahead and click Yes.

9. And now the final step:
CONFIDENTIAL 11
If you want to, you can invite other people to sign up to Communities as well. I probably
ought to sing the praises of this option, but let's be realistic - you'll almost certainly just
scroll down to the end and click No thanks, I'm finished:
10. And that's it! You're signed up for Communities. You'll be taken to your personal homepage.
12 CONFIDENTIAL
11. Confusingly, there are two Communities homepages. This one - called Your View - is
personal to you. The other one, called All Content, is the same for everyone.
Switch to All Content by using the tab buttons just below the Metaswitch logo:
Note: Next time you log in, it's the All Content homepage you'll go to. You can change that
by using the Set as default option, which you can see just next to the two tabs in the
screenshot above. For the rest of this guide though, I'll be assuming that you haven't
changed the default, so All Content will be your starting-place.
Checkpoint: You've signed up for a Metaswitch Communities account.
Task 2: Wait for full Communities access

Basic Communities membership is open to anyone, because anyone in the world can
download our open APIs. But most of the material I'll mention in this guide is subject to a non-
disclosure agreement - so before you can get full access to Communities, we'll need to check
the paperwork's in place.
The good news is, this happens automatically. The bad news is, it may not happen straight
away.
1. If you were able to enter a Company ID when you signed up for Communities, then you
should find you have full access immediately.
But I'm afraid the process isn't flawless. It's based on your email address, and our systems
try to double-check that you're "at" a company whose ID you gave. They don't always
manage it, so if you don't yet have full access, my apologies - we'll be in touch shortly to
work things out.
2. If you weren't able to enter a Company ID when you signed up, your account will be limited
until we've confirmed who you are. This normally happens the next business day, but if
you're impatient, drop an email to and we'll see what we can do.
3. How do you know whether you've got full access? Take a look at this screenshot from the
All Content homepage:
CONFIDENTIAL 13
I've drawn a red box round the important bit. If there's just one link, to the Metaswitch
Innovators Community, then you don't have full access yet. You're seeing the Innovators
Community because that's the only part of the website which is open to the general public.
Once you've got full access, you'll see the four main Metaswitch Communities - including
the ones that are only available to customers and partners like you:
I'll explain the difference between the four communities in Task 4, below.
Note: If you're a Metaswitch channel partner, you'll see a fifth community - the Channel Partners
Community - at the end of the list. I won't be discussing it further in this guide, but the
Channel Partners Community is the place to go for white papers, presentations and other
marketing collateral.
Checkpoint: You now know about the different levels of Communities access and, if you don't
yet have an upgraded account, you're on the way to getting one.
14 CONFIDENTIAL
Task 3: Log on to your Communities account
OK, I admit it - this Task's so straightforward, I almost left it out. But I'll be talking about
Metaswitch Communities a great deal during this guide, and it would feel like I was skimping
on my duty if I never actually mentioned how to log on.
So, here we go...
1. Head to the Metaswitch Communities website, at http://communities.metaswitch.com.
2. Type your username and password into the boxes.
• If you don't yet have a username, go back to Task 1 of this Lesson.

• If you've forgotten your password, click I forgot my login, just below the Login button
at the bottom. You can get a new password mailed to you.
• If you've forgotten your password and you no longer have access to the email account
you used to sign up, drop a line to and we'll try to help.
3. As long as you're not on a shared computer, select Remember Me to save having to log
in next time round.
4. Click Login to log in and go to the home page.
Checkpoint: You're now logged into Metaswitch Communities.
Task 4: Explore the four Communities

I'm not going to spend much time discussing Metaswitch Communities right now, since we'll
be coming back to the website time and time again as you work through this guide. But while
you're logged on, let's take a very quick look at the four main parts of the site and how to move
around between them.
Note: Before you can complete this Task, you'll need to have full access to Communities, like I
discussed up in Task 2. If you're waiting on full access, don't worry - just carry on to the next
Lesson, and come back to this Task in a couple of days' time.
CONFIDENTIAL 15
1. To start with, you should be logged on to Communities, and looking at the main homepage.
If that's not the page you're looking at right now, I have a handy trick to show you. Click on
Metaswitch Communities in the breadcrumbs at the upper left of the page - the series
of links which looks like this...
...and you'll go back to the homepage, no matter where you are on the Communities site.
The breadcrumbs are also a useful way to find your way around during more adventurous
navigation.
2. There are actually four separate Metaswitch Communities, represented by the four big links
you see in the middle of that page.
For most of this guide, we'll be working with the Metaswitch Support Community. Go
ahead and click:
The Support Community is the place to go for technical help with your Metaswitch products.
For example, it's where you'll find downloadable manuals, the self-help support forum, and
our training presentations.
3. Of course, the content and layout of the Support Community changes from time to time
- so I can't be sure exactly what you're looking at right now. On the day I'm writing this
Lesson, it looks like this...
16 CONFIDENTIAL
But the best way to get familiar with the Support Community is just to have a look around.
So go ahead! Spend a few minutes clicking links, and getting a feel for the breadth and
depth of information available here. We'll come back for more specific examples later in
this guide.
4. When you're ready, click Metaswitch Communities in the breadcrumbs at the upper left of
the window to go back to the homepage.
5. The other three Communities are every bit as important, but less of a focus in this particular
guide. So, just briefly...
The Metaswitch Mosaic Community helps you build a full service from a "mosaic" of
third-party equipment. Here, you'll find a list of products certified to work with Metaswitch,
and advice on configuring third-party components for optimum interoperability.
The Metaswitch MarketVisions Community shares best practice for marketing a service
founded on Metaswitch. To be honest though, this is the least interesting Community when
you're working with a Class 4 deployment - it's mainly focused on features for Class 5
subscribers.
CONFIDENTIAL 17
The Metaswitch Innovators Community is the place to go for our downloadable SDKs,
and support for developing applications that plug into your Metaswitch architecture. You'll
come here, for example, if you want to integrate with a network management system using
our SNMP API.
6. Did any of those Communities catch your attention? Then go ahead, click on the link and
take a look around.
Checkpoint: You know what each of the four Metaswitch Communities discusses, and you
know how to find your way between them.
18 CONFIDENTIAL
Find your way around your deployment
Introduction
It's the first proper Lesson of this Learn How To Guide, and we'll begin in the only way we
possibly can! Over the next few pages, I'll take you on a quick tour of your Metaswitch
equipment, and explain what does what in a typical Class 4 system.
In Metaswitch jargon, your group of servers is called a deployment. So, come on - let's find
out how your deployment fits together, and learn exactly what your new Metaswitch kit can do.
Start here
• recognize your Call Feature Server and Universal Media Gateway, the two products
which together deliver your telephone service
• know whether you have an Integrated Softswitch, and what to watch out for if you've
got one
• appreciate the role of your MetaView Server, which doesn't handle any calls but still
keeps your deployment running
• find out about the Service Assurance Server... and explain why it's the next best thing
to a time machine.
Task 1: Meet the Call Feature Server and Universal Media Gateway
At the heart of your Metaswitch deployment, you'll find a complementary pair of servers: the Call
Feature Server and the Universal Media Gateway. Between them, these two components
deliver your entire phone service, from routing calls and handling billing to terminating the
physical trunks. As you work through this guide, you'll spend most of your time managing one
or both of these systems. So it stands to reason that they're the very first things I'm going to
talk about in this Lesson!
You're probably already familiar with the two servers' roles, since they represent a fairly common
split in modern switches. The Call Feature Server is our Media Gateway Controller (also often
known as a Call Agent), while the Universal Media Gateway is - well - our Media Gateway. But
just in case you haven't come across those terms before, let me give you a brief run-through.
The Call Feature Server is in charge of call control, delivering functions like:
• number analysis - looking at the dialed digits to figure out who's calling whom
• routing - selecting a trunk for a call based on a wide range of attributes
• billing - keeping secure records of the calls that have used your service.
The Universal Media Gateway, meanwhile, physically terminates the trunks. It also takes care of
transcoding media from one format to another - an important function if you need to terminate
different types of trunk, or if you're gatewaying between the TDM and VOIP networks.
Transcoding takes a lot of number-crunching, so the Universal Media Gateway is built on
specialist hardware, with plenty of raw processing power. That's one reason why it makes
sense for your Call Feature Server and Universal Media Gateway to be deployed separate
machines.
So do your Call Feature Servers and Universal Media Gateways have to come in pairs? No,
not at all. It's very common for a single Call Feature Server to manage several Universal Media
Gateways, like this:
CONFIDENTIAL 19
And that, by the way, is another reason why it's a good idea for your Call Feature Server
and Universal Media Gateway to be on separate pieces of kit. When it's time to scale your
deployment to deliver more capacity, you can often stick with your existing Call Feature Server
- and just add an extra Universal Media Gateway.
Checkpoint: You now understand the difference between your Call Feature Server and your
Universal Media Gateway, and know that they each have their own specific strengths.
Task 2: Meet the Integrated Softswitch

Up to now, I've been talking about your Call Feature Server and Universal Media Gateway as
though they're completely separate things. And indeed, if you have a medium- to large-sized
deployment, that's exactly what they'll be. I've already explained why: it matches the right
hardware to the right job, and makes it easy to scale your service when your requirements
expand.
If your needs are more modest, though, you'll have a different set of priorities. In a smaller
deployment, it's not so vital to squeeze the best out of your hardware; what matters most is
keeping the overall costs down. And if you don't need the capacity, it's simply wasteful to have
the Universal Media Gateway and Call Feature Server on separate hardware. That's where the
Integrated Softswitch comes in.
An Integrated Softswitch is just a Call Feature Server and Universal Media Gateway bundled
together, on a single server. I could discuss that point in detail, and even draw you a diagram...
20 CONFIDENTIAL
...but you don't really need me to, do you? It's just two programs running on the same computer
- nothing more complicated than that.
A system based on an Integrated Softswitch is (naturally enough) called an integrated
system. The opposite, where the Call Feature Server and Universal Media Gateway are on
separate hardware, is a distributed system. If it's the first time you've heard that term, don't
be confused - it doesn't mean that the two servers are necessarily in different places. While that
often is the case, a "distributed" Call Feature Server and Universal Media Gateway can equally
well be right next to each other.
Now: if you have an Integrated Softswitch, there's one thing you'll quickly get used to. Even
though they're on the same hardware, we still talk about your Call Feature Server and Universal
Media Gateway as though they're separate things. Sometimes we do that for brevity - it gets
boring to keep saying "your Call Feature Server if you've got one, or your Integrated Softswitch
if you haven't" - but often, if I'm honest, it's simply out of habit.
So if you've got an Integrated Softswitch, don't be surprised or concerned when your support
rep tells you to "log on to your Call Feature Server". Just smile and nod - and log onto your
Integrated Softswitch.
Checkpoint: You now know why you might choose an Integrated Softswitch, and understand
that it's simply a Call Feature Server and a Universal Media Gateway running on the same
hardware.
Task 3: Meet the MetaView Server

Along with your Call Feature Server, your Universal Media Gateway or your Integrated
Softswitch, there's one more Metaswitch product you'll definitely have deployed. It's the
MetaView Server - a separate computer running our MetaView software, which is dedicated
to managing and monitoring your Metaswitch system.
The first thing to understand about your MetaView Server is that it's not in the call path. Nothing
relating to individual calls passes through your MetaView Server: no signaling, no voice data,
and certainly no trunks. That's not to say it's unimportant - as you'll see, it's crucially important
- but its role is in the background, not on the front-line of service delivery.
So what's your MetaView Server for? In essence, it's a management tool. When you come
to set up your Call Feature Servers or Universal Media Gateways, you won't work with them
directly; instead, you'll ask your MetaView Server to configure them on your behalf.
Why do we do it that way? Because even if your network runs to dozens of components, you
can still configure all of them in just one place. And, because your MetaView Server sees your
whole deployment, it can create configuration links between your servers in the blink of an eye.
CONFIDENTIAL 21
To carry out the configuration, you'll use a tool called MetaView Explorer, which you'll run
on your own PC. We'll take a proper look at MetaView Explorer later in this guide, but here's
a sneak preview...
Yes, I admit, it looks rather retro. But trust me, it's a killer configuration tool!
Just before we move on, there's one more thing to mention about your MetaView Server. It
also collects logs and alarms from across your deployment - reporting issues from any of your
servers in a single, integrated display. So once again, no matter how complicated your system
might be, you'll be able to monitor all your Metaswitch kit from a single MetaView Explorer. I'll
be talking a lot more about this whole area later on in this guide.
Checkpoint: You now know you have a MetaView Server, and understand its crucial role in
managing and monitoring your deployment.
Task 4: Meet the Service Assurance Server

The components I've discussed up to now are mandatory: you'll find them in any Metaswitch
deployment. The Service Assurance Server, on the other hand, is an added extra. But it's a
really cool extra! It's the nearest you'll ever come to a time machine! ...OK, perhaps I'd better
explain.
We've all had the experience of trying to track down a problem which:
• happened in the past,
• is sure to happen again in the future, but
• isn't happening now.
It's uniquely frustrating - because if only you'd been watching at the right moment, you could
easily have worked out what was going on. But you weren't, so you've just got a pile of logs
from around the time it all happened, and you know it'll take you hours of effort to pick your
way through them all.
Well, not when Service Assurance Server is on the case! 24 hours a day, 7 days a week,
Service Assurance Server silently collects and indexes detailed logs from your Metaswitch
products. When a problem report comes in, you can simply search its database to look back
22 CONFIDENTIAL
in time - tracing the call all the way through your Metaswitch system, right down to the exact
protocol flow.
Oh, and it can draw awesome diagrams, like this one.
Rather like the difference between integrated and distributed systems, your Service Assurance
Server can be deployed in two separate modes.
• If you're running a smallish service, you'll have your Service Assurance Server on the same
hardware as your MetaView Server. Once again, that's just two programs running on the
same computer - in management terms, they're still different things.
• If your requirements are more demanding, your Service Assurance Server will be running
on its own hardware. If your requirements are really demanding, it'll be running on its own
hardware and have an external disk array.
It's well worth knowing which deployment model you've got, but it rarely makes any practical
difference. I'll point out the few cases where the distinction matters as we work through this
guide.
Checkpoint: You now know the benefits of having a Service Assurance Server, and understand
the two different ways it can be deployed. And that means you've made friends with all your
Metaswitch kit! Let's move on to talk about your network.
CONFIDENTIAL 23
24
CONFIDENTIAL
Find your way around your network
Introduction
You now know about the main components making up your deployment... but how do they all
fit together? Understanding your network is the next step towards mastering your Metaswitch
system, and an essential prerequisite to many administrative tasks. In this Lesson, we'll work
towards a detailed diagram of your network, explaining the different types of traffic which flow
between your servers and the wider world.
About IP and TDM

For most of this Lesson, I'll be talking about your IP network. IP is the Internet Protocol - but
that's a misleading name, because IP networks aren't just used for the internet. Most of the
communication between your servers is based on IP, even if they're completely cut off from the
rest of the world.
For us, the key point about the IP network is that it isn't the TDM network. Protocols like ISDN
and ISUP, which make up the traditional phone system, aren't carried over IP. Instead, they use
a range of specialist protocols, collectively called time-division multiplexing or TDM.
Of course, VOIP - Voice over IP - is an important part of the modern telephone network too.
We'll see how that fits into the picture a little later in this Lesson.
Start here
We'll tackle this Lesson by drawing a diagram of your network, adding connections step by
step until the picture is complete.
As we expand the diagram, you will learn how to:
• identify what sits within your core network - the group of servers at the heart of your
Metaswitch deployment
• describe how TDM links connect to your Universal Media Gateway
• understand how VOIP traffic flows around your network, and how signaling and media
are separated
• explain the role of a Perimeta Session Border Controller in keeping your network secure
• find out whether your network uses VLANs for traffic separation, and what it means for
your deployment if it does.
Task 1: Understand your core network

Let's begin by considering your core network: the group of servers you tightly control, and
whose security it's essential you defend. I'll start by drawing your core network on our network
diagram, and in the next few Tasks we'll build things up from there.
If you've read through the previous Lesson, you'll already know about the Metaswitch
components in your core network. There's at least one Call Feature Server, and at least one
Universal Media Gateway (or alternatively, an Integrated Softswitch, which combines the two).
There's also a MetaView Server, which is used to manage it all... and the core servers are all
connected by Ethernet links.
As well as that, you'll have at least one PC which connects to the core network. You'll need
that PC to run MetaView Explorer, to transfer files back and forth, and to carry out a few other
maintenance tasks. Most likely, the PC will be connected into your core network using a VPN,
so I'll draw that in a separate network cloud off to the side.
CONFIDENTIAL 25
Putting it all together, here's what we've got to begin with...
Note: To keep things simple, I'm not showing a Service Assurance Server in these network
diagrams. If I had shown one, it would be in this core network too.
Checkpoint: You know which servers you'll find in your core network, and you know that they
connect to each other using IP.
Task 2: Add TDM links

For the next stage in building our network, let's add the TDM links: things like E1s or T1s, which
join up to the traditional phone system.
TDM links are easy to figure out. They have to connect to the Universal Media Gateway, because
that's the only piece of hardware which has the right connectors. I've just drawn a single fat
arrow in the diagram below, but it represents any number of connections to any number of
switches - either inside or outside your network.
Checkpoint: You know that TDM links always connect to your Universal Media Gateway.
26 CONFIDENTIAL
Task 3: Add VOIP links
Now we'll make things more interesting, by adding in some VOIP traffic. VOIP, as you'll know,
is Voice over IP: phone calls transmitted over the Internet Protocol. That could literally be over
the global internet, or it could be across a private link that's built on IP. In either case, it's still
VOIP.
VOIP works a little differently to TDM, because the signaling and the media are separated.
Media's still handled by your Universal Media Gateway, but signaling bypasses the Universal
Media Gateway and goes straight to your Call Feature Server. (With TDM, the signaling is
processed by the Call Feature Server, but - because it's carried on the TDM links - it passes
through your Universal Media Gateway first.)
So let's draw some more arrows on the diagram: green ones for media, which go to the
Universal Media Gateway, and red ones for signaling, which go straight to the Call Feature
Server.
Checkpoint: You now know that VOIP traffic is split between signaling and media, and you
understand which server deals with which traffic type.
Task 4: Add a Perimeta Session Border Controller

Though it isn't mandatory, you may have chosen to deploy a Perimeta Session Border
Controller alongside your Class 4 system. If you did, congratulations! You've taken an
important step towards keeping your IP network efficient and secure.
A Session Border Controller's task is both a simple and a complex one. The principle is
straightforward: it intercepts all IP packets passing into and out of your core network, blocking
harmful traffic and managing an array of complex interoperability tasks. Actually doing that, of
course, is a different matter. Decades of networking experience have gone into Perimeta.
I'll add a Perimeta Session Border Controller to my network diagram now. See how it's firmly
in the way of all the IP traffic entering your core network?
CONFIDENTIAL 27
Just so you know, in this guide, I won't be discussing Perimeta in all that much detail. But every
now and then, I'll be pointing out something which changes once a Session Border Controller
gets involved.
Checkpoint: You now understand the role of a Session Border Controller, and you know that it
sits in the path of any IP traffic entering or leaving your network.
Task 5: Understand VLANs

My network diagram's complete now, but there's one final detail which I haven't highlighted so
far. Did you notice that I've drawn the IP links in three different colors? Well, there's a reason
why I did that...
28 CONFIDENTIAL
As the key points out, there are three different types of IP traffic flowing within my network.
• Management traffic concerns the running of my deployment - for example, carrying
configuration information to and from MetaView.
• Signaling traffic sets up and tears down VOIP calls.
• Media traffic carries the actual voice data used in VOIP.
These three types of traffic have very different characteristics. Measured by sheer quantity of
data, the media traffic dominates the other two. But on the other hand, management traffic's
particularly important - if there's a problem in your network, you'll need reliable management
connections to get things sorted out.
So it makes sense to keep the three types of traffic apart... and while you can of course
have separate physical networks, VLANs present another option. VLANs are separate "virtual"
networks run over your physical Ethernet, with pre-configured characteristics and levels of
service. Using suitably-configured VLANs, for example, you can give management traffic its
own reserved allocation of bandwidth - ensuring it's never swamped by media, no matter how
busy your network becomes.
VLANs are optional, and may have been set up when your system was installed. If you do use
VLANs, then when you carry out certain network-related procedures, you'll need to know which
type of traffic you're working with. I'll explain more when we come to the relevant Lessons in
this guide.
Checkpoint: You know why VLANs are a useful network management tool, and you know
about the three VLANs you may have in your Metaswitch system.
Task 6: Understand Emergency Stand-Alone Mode and remote locations

We'll talk about something slightly different now, just to wrap up our discussion of your network.
In the first Task of the last Lesson, I pointed out that your Call Feature Server can manage more
than one Universal Media Gateway. And once you know that, it's natural to ask whether it can
cope with Universal Media Gateways in different places.
After all, you might operate your service out of more than one location. You can't avoid deploying
several Universal Media Gateways - they have to be wherever the TDM trunks go - but it would
be nice to save the expense and hassle of keeping separate Call Feature Servers at each site.
And yes, it is possible... but you have to be careful. If your system's set up with servers at
separate locations, it must mean you have very fast, very reliable IP links between your Call
Feature Server and the remote Universal Media Gateway. Almost certainly, those are private
links, maybe paired up for redundancy.
But if the links do go down, your Universal Media Gateway can provide a limited service in
Emergency Standalone (ESA) mode. In ESA mode, the Universal Media Gateway takes
over some of the functions of the Call Feature Server, delivering a limited service in its own local
area until the network comes back online.
So if your deployment is spread out over several sites, it's worth learning more about ESA
mode. You can start by reading the Overview of ESA in the Emergency Standalone Guide,
which you'll find on Metaswitch Communities at https://communities.metaswitch.com/
manuals/latestsection/1090004133.
Checkpoint: You now understand the principles of geographic distribution, and know whether
it's possible for your Universal Media Gateway to enter Emergency Standalone Mode.
CONFIDENTIAL 29
30
CONFIDENTIAL
Install MetaView Explorer
About MetaView Explorer
MetaView Explorer is the single most important configuration tool for your Metaswitch
deployment. You'll be using MetaView Explorer throughout this guide, as you set up your
system and connect it to other equipment in your network and across the world. And even
once your initial configuration is complete, you'll find yourself returning to MetaView Explorer
each time you need to tweak or fine-tune your system's settings.
But there's more! MetaView Explorer is also a crucial monitoring tool. When things go wrong -
and, let's be honest, they will sometimes go wrong - MetaView Explorer will alert you through
alarms. You'll then use it to look for logs, which help you troubleshoot system problems.
All in all, then, it's pretty important you get to grips with MetaView Explorer right away.
Happily though, it won't take long for you to feel at home. A lot of the user interface will seem
familiar already - it uses the same split-screen, tree-based design you'll have seen in common
utilities like Windows Explorer. Of course, configuring a sophisticated telecoms switch is a little
more complex than finding a file on your hard disk, but hey - we're professionals!
Before you begin

MetaView Explorer is a client application, which runs on your own PC. When you use the
MetaView Explorer client, it connects to a server within your network - imaginatively titled
the MetaView Server. If you want to be pedantic about things, it's MetaView Server which
actually does the work of configuring your system. Remember this picture from earlier on?
So what does that mean for you? Well, it's good news! It means you can work on your whole
deployment's configuration using MetaView Explorer's nice visual UI. But on the downside, it
does mean you need to find a suitable PC to run it on.
CONFIDENTIAL 31
• Most customers choose to run MetaView Explorer on Windows. If you choose this
approach, any recent version of Windows will be fine... for the record, that's Windows XP,
Windows 2003, Windows Vista, Windows 7, or Windows 8.
• Alternatively, if you're a pure-Linux shop, you can run MetaView Explorer on Ubuntu. The
requirements here are more stringent - you'll need an Intel-based computer running Ubuntu
12.04.
In either case, the PC needs to be able to connect to your MetaView Server, which is a bigger
deal than it sounds! Usually it means the PC needs to be inside a firewall, and you might (for
example) have a rule that computers inside your firewall can't have access to the web.
So you may need to pause here, and think through the implications of this decision for your
security policy and network design. You might even choose to have a dedicated PC just for
running MetaView Explorer.
Done that? Got a suitable PC standing by, running Windows or Intel-based Ubuntu 12.04?
OK, let's go.
Start here
In this lesson, you will learn how to:
• download MetaView Explorer
• get it installed and running on your chosen PC.
Task 1: Download MetaView Explorer

"But wait!" you say. "Download something? Didn't you just point out that this PC might not
have access to the web?" Don't worry, we thought of that.
1. Find out the IP address of your MetaView Server. You've got that jotted down somewhere...
haven't you?
Note: If you’ve configured a hostname for your MetaView Server, then of course you can use
that instead. But most people don’t bother to configure hostnames for their Metaswitch
equipment, so for the rest of this Lesson I’ll assume you’re using an IP address.
2. Working on the PC where you'll be using MetaView Explorer, start any web browser and
type in the following address:
http:// ip-address
where ip-address is, obviously, the address of your MetaView server. For example,
http://203.0.113.12.
Did you know? IP addresses starting 203.0.113 are reserved by international standards,
specifically for examples in documentation. Using them in this manual makes me look very
pro.
3. You'll see a page a bit like this one.
32 CONFIDENTIAL
Note: Don’t worry if the version number’s different. Your MetaView Server will automatically give you
the right version of MetaView Explorer for your particular system.
4. Click on the Download link for the version you want - either Windows or Ubuntu Linux.
5. Download the installer and save it to your hard drive.
Checkpoint: You've downloaded MetaView Explorer and you're ready to install it on your PC.
Task 2: Run the installer

Now that you've downloaded the installer, it's a simple task to run it.
If you're using Windows... well, I won't insult your intelligence by going into the details. Double-
click the file you downloaded, and work through the wizard. It asks you the types of questions
which Windows installers invariably do.
If you're running Ubuntu Linux though, there are a couple of points to be aware of.
1. You'll have downloaded a file called install.bin, which you'll need to make executable
before you can run it.
2. You need to run the installer as root.
3. Putting these facts together, you'll probably use commands like:
chmod +x install.bin
sudo ./install.bin
But a lot depends on the exact configuration of your system... so if you're not 100%
comfortable working it out, you might want to check with a colleague.
Checkpoint: You've installed MetaView Explorer! You're all set to run it for the first time... but
we'll come to that in the next Lesson.
CONFIDENTIAL 33
34
CONFIDENTIAL
Log in to MetaView Explorer
Introduction
To recap what we've just learned, MetaView Explorer is the most important configuration and
maintenance tool for your Metaswitch system. MetaView Explorer is an easy-to-use graphical
client, and you've just installed it on a PC running Windows or Ubuntu Linux.
So, what are we waiting for? Let's fire it up and start poking around.
Start here
• log in to MetaView Explorer for the first time
• troubleshoot any login problems
• take your first look at the MetaView Explorer UI.
Task 1: Log in to MetaView Explorer for the first time

1. Start MetaView Explorer.
• If you're on Windows, then you'll know what to do! Find it in the Start menu, click it on
the desktop... whatever you chose when you installed it.
• If you're using Ubuntu Linux, then use the File Manager to browse to wherever you
installed it (/opt/MetaSwitch by default). Then start MetaViewExplorer_IA.
Warning: On Ubuntu Linux, be careful to start MetaViewExplorer_IA. See that _IA on the end? Don’t
run the tempting file called MetaViewExplorer. Yes, it really is that confusing.
2. After a few moments, you'll see the following.
3. Fill in your User name and Password.
CONFIDENTIAL 35
Don't know your user name or password? If there are other people within your organization
who already use MetaView, then they should be able to help you, especially if you show
them Give a new user access to MetaView Explorer on page 319 of this guide. If you're
the first MetaView user in your company, you'll need to ask your Metaswitch support rep.
Warning! MetaView Explorer is provisioned with a default password to use the first time a member of
your company logs in. It is critical that you change the default user passwords to something
secure and unguessable to prevent unauthorized access to your system. The default
passwords are not sufficiently secure to protect your system.
4. In the Server box, type in the IP address (or hostname) of your MetaView Server. Remember,
MetaView Explorer is just a client; it's the MetaView Server which does the heavy lifting.
Note: This is the same IP address (or hostname) that you downloaded MetaView Explorer from,
back in the previous lesson.
5. Cross your fingers and click OK.

If everything's gone to plan, you'll see a window a bit like this one. All the empty space
makes it look like something's gone wrong, but it hasn't - it's just blank because you
haven't clicked anything yet:
Checkpoint: If you're looking at the window illustrated above, congratulations! You've logged
onto MetaView, and can skip straight to Task 3. On the other hand, if you're staring at an error
message, read on for some troubleshooting tips.
Task 2: Troubleshoot any problems

As experience teaches us, logging into a system is often harder than we expect it to be. If a
server's down, or if you've got a network problem... then this is the moment when you'll find
out about it.
36 CONFIDENTIAL
So if your MetaView login doesn't work first time, here are some things to try.
1. First of all, if you see the message The username or password was incorrect, you can be
pretty confident it's telling the truth. Check your login details with an existing administrator,
or with your Metaswitch support rep if need be.
2. Next, make sure your MetaView Server is running.
This isn't a difficult task, but it involves a few techniques we haven't covered yet. So it's
probably the right time to shout for help, if there's anyone in your organization who'll know
what to do.
If you're on your own, then skip ahead to Connect to the Craft terminal on page 55 to
find out how to use the Craft terminal. (In due course you'll need to know that anyway, so
it's not as though you're wasting time.) Once you're up to speed on Craft, you can use the
Admin menu to restart your MetaView Server.
3. If your server's running but you still can't access it, then you might have a problem with
your firewall. MetaView Explorer needs to set up two connections to MetaView Server: one
from Explorer to Server, and one from Server to Explorer. Depending on how your firewall's
configured, you might need to specify particular port numbers for one or both of them.
Obviously, I can't tell you how your firewall's configured... but if you know the port numbers
you need, I can tell you how to get them set up in MetaView Explorer. The secret lies in the
Server field you see when you log on:
I've already explained that you should type the IP address (or hostname) of your MetaView
server. But there's a detail I didn't mention - you can also specify one or both of the port
numbers, separated from the IP address with colons.
In the screenshot, I'm connecting to the MetaView Server on IP address 203.0.113.12. I'm
using port 1234 for connections from Explorer to Server, and using port 5678 from Server
to Explorer.
You can miss out one of the port numbers if it only matters in one direction (so you'd type
203.0.113.12::5678, for example).
CONFIDENTIAL 37
Working with firewalls can be tricky - so if this hasn't given you the nudge you need to sort
the problem out, have a word with your Metaswitch support rep.
Checkpoint: Hopefully, you're now logged onto MetaView Explorer. If you're still having
problems, contact Metaswitch Support before moving on.
Task 3: Learn about the MetaView Explorer window

There's a lot to learn about MetaView Explorer! But every journey starts with a single step. So
in this Task, we'll go on a whistle-stop orientation tour of the main window.
1. When you first start MetaView Explorer, the window's pretty dull. To give yourself something
more realistic to look at, work through the following steps:
• Click on Object tree and views, numbered 1 in the screenshot below.
• Click the "plus" icon next to All managed components, which will appear in the spot
numbered 2 in the screenshot below.
• Click any one of the entries which appears below All managed components.
2. You'll now see something similar to the following.

As you'll have noticed, there are four panes in the MetaView Explorer window. In the next
few steps, we'll talk you through each of the panes in turn.
38 CONFIDENTIAL
3. Slap in the middle of the screen - number 1 in the screenshot - is the Tree pane. I'll say
more about the Tree pane in the next Lesson, but I'm sure you get the idea already: it's an
overview of your system's configuration organized into a hierarchy. You can expand and
collapse parts of the tree, just like you can in Windows Explorer and similar tools. Feel free
to have a play.
4. To the right of the Tree pane, number 2 in the screenshot, is the Details pane. As you click
on entries in the Tree, you'll see the corresponding Details appear. You'll hear much, much,
much more about the Details pane throughout the rest of this guide.
5. On the left-hand side, number 3 in the screenshot, you'll find the Views pane. This is the
odd one out - you won't find anything similar in Windows Explorer. Think of it as a list of
very high-level tasks; each of the bold headings is a different way you can use MetaView.
We'll be learning about these options in the coming Lessons. But try clicking on each of the
bold headings now... just so you know what to do if you click on one accidentally.
• You'll find that some of the headings, like Find and Tasks, change what's shown in the
Tree pane. If you mistakenly select one of those, click Object tree and views at the very
top of the Views pane to get back to where you were.
• Other headings, like Alarms, fire off a new window. If that happens accidentally, just
close the window that's appeared.
6. Finally, along the bottom of the window (number 4 in the screenshot), you'll find the Help
pane. Wherever you go in MetaView Explorer, the Help pane will follow! It always displays
context-sensitive information on the particular page you're viewing. I'll talk more about the
Help pane in Work with objects in MetaView Explorer on page 49r.
CONFIDENTIAL 39
7. Now that you know about the Views, Tree and Help panes, take a look at these three
buttons on the main toolbar - just below the menu bar near the top of the window:
Try clicking them now. You'll see that each click hides or re-opens one of the panes. (You
can't hide the Details pane, because having the Details pane open is pretty much the
whole point of MetaView Explorer.)
Why's that helpful? Simply to give you more space while you're working on a specific task.
If you've got a nice big monitor, you may never feel the need to click those buttons again.
Note: For the rest of this guide, I’ll assume you have all the panes open. So make sure you’ve put
them back the way they were before you move on.
8. Oh, and one last thing that's easy to overlook - you can change the size of each of the
panes by clicking and dragging the borders between them.
Checkpoint: You know your way around the MetaView Explorer window. In the next Lesson,
we'll start to dig deeper into what you can do there.
40 CONFIDENTIAL
Find your way around the object tree
About objects and the object tree
We're almost ready to start configuring your Metaswitch system, and I don't want to do too
much book-work before we dive in. But there's one core concept I really do need to explain
right now.
Throughout this lesson, and most of the rest of this guide, I'll be talking about objects. In short,
objects are the building-blocks of your system's configuration! Whenever you make a change
to a particular setting, you'll be finding and working on an object.
Objects in MetaView Explorer can represent a vast range of things. Some of them correspond
to actual real-world objects, like servers or bits of wire. Others are more abstract than that. But
every object stands for something your Metaswitch system knows about, and which you might
find yourself needing to configure.
Naturally, objects relate to other objects. For instance, a physical TDM connection is plugged
into a particular Universal Media Gateway. To reflect those relationships - and just to keep
things a bit more manageable - objects are grouped into a hierarchy, or tree.
And finding your way around that tree is the main focus of this Lesson. Let's go.
Start here
• get comfortable finding your way around the Tree pane of MetaView Explorer
• use views - a powerful way to make the object tree a little bit easier to manage.
Task 1: Browse the object tree

To start off with, let's get familiar with the Tree pane. Remember the Tree pane? It's the one
numbered 1 in the screenshot below.
1. Now, I'm not going to tell you how to work a tree view. You've almost certainly been using
them for the last twenty years. But go ahead and play around for a while... get a feel for
how you can open and collapse branches, and just how deep the tree sometimes goes.
CONFIDENTIAL 41
You'll notice that there's a short delay between clicking the "plus" button to expand a
branch, and seeing the results appear. That's because your MetaView Explorer client is
collecting information for the tree in real-time, to make sure you always have an up-to-date
view of your Metaswitch system.
You'll also spot that the object tree is a colorful place. You'll see green lights (well, mostly
green), pointing arrows, and maybe the odd exclamation mark or two. Those icons are very
important, but don't worry about them for now - we'll look at them in detail in Work with
alarms on page 129.
2. Once you've opened up a few branches, you'll probably come across something with this
symbol next to it. (Pay no attention to the wording in the screenshot; it's just the symbol
you're looking for.)
Whenever you see that symbol, it represents a "link" in the tree - a connection between
two objects which have related purposes, but are found in different places. If you're familiar
with the concept of a sym-link in UNIX, it's the same kind of idea. If not... well, think of it as
a signpost from one place to another.
Right now, we don't need to worry about what the link actually means, but we will take a
look at how to navigate it.
• First of all, have a good look at the link you've found, and make sure you've remembered
its name.
• Now double-click on the link. (Just to stress that point, double-click on the link. Clicking
it just once will select it without doing anything.)
• See what happened? You've jumped to a different place in the tree. You might need to
scroll up or down to see the object which is now selected.
• Check the new object's name. See how it's related to the link you clicked?
3. Of course, when you don't know the purpose of the objects you're working with, this is all
a little bit abstract. But here are the take-away messages: links exist, and to follow a link
you double-click it.
4. Incidentally, this is a great moment to check out the Back and Forward buttons you'll find
just below the menu bar:
42 CONFIDENTIAL
If you've ever used a web browser - and of course you've used a web browser - you know
exactly what these buttons do. Click the Back button now, and you'll jump back to the link
you followed. Click Forward, and you'll jump to the place you linked to.
These are important buttons, and you'll use them a lot, but there's honestly not much more
to say about them.
5. By now, you've probably opened up a fair few branches. Be sure to collapse them again
by pressing the "minus" buttons.
No, I'm not just being fussy... there's a genuine reason to close up branches once you've
finished exploring them. As long a branch is expanded, MetaView Explorer is continually
checking up on the state of the objects it reveals. That takes time and network resources,
so if you've got too many branches expanded, you may find that MetaView Explorer slows
down.
To encourage good habits, there's a running total of the number of visible objects in the
very bottom-right of the window. Here, for example, is what my total looked like after I'd
been using MetaView Explorer for a while. You can see that I've got 150 objects in view,
and the progress bar is filling up as a gentle hint that I really ought to think about tidying
up soon.
If the bar starts flashing, it's a good idea to collapse a few branches. If it starts flashing red,
it's a really good idea to collapse a few branches.
Checkpoint: You now know how to find your way around the object tree.
Task 2: Create a new View

By now, you'll have picked up that the MetaView object tree is pretty big. I haven't actually
counted the number of objects, but it's safe to say there are zillions. And you'll find there are
a few places you go back to again and again - places you visit so frequently, that it's a bore to
have to navigate through the tree each time you want to go there.
So, good news - you don't have to! There's an easy way to save your place in the object tree.
This is the same basic idea as "bookmarks" or "favorites" in a web browser, but in MetaView
Explorer, they're referred to as Views.
Let's see how they work.
1. Pick an object. Any object.
Go on, freestyle! Just make sure you've drilled down a couple of levels in the object tree,
and that the object you pick has a plus sign next to it (indicating that there's at least one
more level below).
In this screenshot, I've picked an object called Domain Name Services. It doesn't matter
if you don't know exactly what that means:
CONFIDENTIAL 43
2. Click the button labeled Open in new view. It's up just below the menu bar - I've drawn a
ring around it on the screenshot above.
You'll see something like this:
44 CONFIDENTIAL
3. Spot the difference! Have a look at the two screenshots, and see if you can pick out what's
changed.
• First of all, you'll see that the Tree panel (numbered 1 in the screenshot) has been
simplified. Rather than showing you the whole tree, it's picked out just the object you
chose, together with its children.
• Secondly, some new toolbar buttons have appeared (next to the number 2). We'll chat
about those in a moment.
• But the most important change is the easiest one to miss. In the Views pane on the left,
under Object tree and views, the name of your object has now appeared. Look next
to the number 3 to see it on the screenshot.
4. Click the words Object tree and views (the ones in bold at the top of the Views pane), and
you'll go back to the familiar full tree we've been working with up to now.
5. Now click the name of your object, right underneath Object tree and views. See what's
happened? The Tree pane has jumped back to that object. And that's what we call a view,
but in layman's terms... you've bookmarked it.
Note: Just like bookmarks in your web browser, views hang around even if you close and re-start
MetaView Explorer. They live on the particular PC you're using, but they're specific to you -
so even if other users log in using the same PC, they won't see the views you've created.
Checkpoint: You now know how to create a view and use it as a bookmark. Why don't you try
creating a few more? Just remember to click the bold words "Object tree and views" each time
you want to go back to seeing the whole tree.
Task 3: Work with the Views toolbar

Views are a great tool, so it's worth our while spending just a little bit more time with them. In
this Task, I'll take a look at some power-user options which make them even easier to work
with.
1. Select one of the Views you created in the previous Task. Remember, to do that, you click
on the view's name underneath Object tree and views in the left-hand pane.
2. Take a look just below the menu bar, and find these toolbar buttons:
(Don't worry if the Zoom to button is missing. It'll show up in a moment.)

3. First, let's see what happens when you click Go to in main tree. Go ahead! It's harmless.
• You'll notice right away that the Tree pane has changed, and switched back to showing
the full object tree again. The object you were looking at is still highlighted - but now it's
displayed in context, wherever it slots in the tree. This is a great way to recover if you
ever find you've got confused by a View.
• But you may have missed another, more subtle change. Take a look at the Views pane,
and you'll see that Object tree and views is highlighted again:
CONFIDENTIAL 45
That's telling you that MetaView Explorer has snapped out of the View, and gone back
to the full object tree. In other words, you haven't changed the View at all - you've just
jumped away from it.
Note: Another way to tell whether you’re in a View is to look at the toolbar. If you see the buttons I
pointed out back at Step 2, then you’re in a View.
4. Normally, when you click that button, jumping away from the View is exactly what you
wanted to do. But for the purposes of this Task, we want to carry on exploring. So click the
name of one of your Views to go back into it again.
5. Now, let's imagine you've decided that you didn't set that bookmark in quite the right
place. No problem! It's easy to tweak the View.
Start by clicking on any of the objects in the Tree pane. (But not the one you originally
bookmarked! Remember, we're imagining you've changed your mind.) In this example, I
originally bookmarked Domain Name Services, and I've now clicked MGCP / NCS Name
Server Groups below it.
6. A Zoom to button has appeared in the toolbar up the top. See it?
Click it to "zoom" the view to the object you've now selected.

What does "zoom to" actually mean? ...well, like so much in life, it's a fancy name for
something very simple. All it does is to redefine the View - move the bookmark, if you like -
just as though you'd based the View on that object in the first place.
To confirm that's what's happened, take a look over in the Views pane on the left. You'll
see that the name of your View has changed.
46 CONFIDENTIAL
7. What if you want to go the other way? You're probably ahead of me on this one.
Click the Zoom out button, and your View will go back to being the way it was before. Once
again, you'll see that its name has changed in the Views pane.
Just for fun, click Zoom out again. You should be able to see that your View has stepped
one more level up the object tree. So, to summarize:
• use Zoom to if you want to redefine your View by moving down the tree
• use Zoom out if you want to redefine your View by moving up the tree.
8. There's one last button on the toolbar, labeled Close view. If you ask me, that's a poor
choice of name - it should really be called "Delete view".
Click that button to get rid of the View you're looking at, and remove it from the list in the
Views pane. Watch out! There's no undo.
Note: If you do just want to "close" the view without deleting it, then remember - clicking the bold
heading Object tree and views will take you back to the full tree.
Checkpoint: Now you know how to use Views like a pro. As you work through the rest of this
guide, don't be afraid to create as many Views as you want to!
CONFIDENTIAL 47
48
CONFIDENTIAL
Work with objects in MetaView Explorer
About this Lesson
So we now know how to move around the object tree, and how to call up a particular object's
configuration in the Details pane. But what do we do with it once we've got it there? That's
what we'll learn during this Lesson.
In a sense, this Lesson's superfluous, because the whole of this guide is about working with
objects in MetaView Explorer and we'll pick up techniques in stages along the way. But there's
no point being mysterious about the Details pane - so let's take a quick look at a sample
object, to get a feel for the kinds of things we can do.
Start here
• make a couple of sample configuration changes in the Details pane
• use some helpful time-saving techniques for copying information between MetaView
Explorer and other applications.
Task 1: Find an object to work with

Needless to say, randomly playing with configuration on a live Metaswitch system isn't the
greatest of ideas. So for this Lesson, I'll point you at a specific object - one that represents
something it's definitely OK to poke at. How do I know that? Because it represents you.
Warning! The object I've picked is comparatively safe, but messing around with it could still interfere
with your ability to manage your system. So don't go wild.
1. In the Tree pane, expand the top object, All Managed Components.
• Actually, the chances are you already expanded it during a previous Lesson. If so, try
collapsing and expanding it again. That's a great way to tidy up your display and make
it easier to find what you're looking for.
• Or alternatively, if you've only just started MetaView Explorer, there might not be
anything in the Tree pane yet. In that case, you need to click Object tree and views
over in the Views panel. I've talked about that a few times now, so I won't mention it
again - remember it for future lessons!
2. Now, underneath All Managed Components, look for your MetaView Server. For example,
here's a screenshot I took on a busy system in our own test labs. The MetaView Server is
down at the bottom of the list - chances are yours will be too.
CONFIDENTIAL 49
3. Expand the MetaView Server, and scroll down the list of objects until you find Users.
4. Expand Users, then finally find and expand MetaView Users.
5. Now, do you remember the username you used to log onto MetaView Explorer? You should
find that name in the list of objects below MetaView Users.
6. Click on your username, and notice that the Details pane changes when you do. There you
go! You've found your own object in MetaView.
Checkpoint: You now know how to navigate the object tree to find a specific object, and you're
ready to start working with that object in the Details pane.
Task 2: Change a configuration field

1. Let's start by having a closer look at the Details pane. Here's what I see when I look at my
own MetaView entry.
There's actually quite a lot to think about here.

• Notice how some fields are editable - User description, for instance - while others, like
Number of login failures since last successful login, just give you information.
• See how the editable fields come in different types. Some of them are text-entry boxes;
some are checkboxes; some, like User type, let you choose from a list of possibilities
configured elsewhere.
• See how some fields' names are in bold. Those fields are mandatory.
• And finally, see how (almost) every object ends with a Status section, telling you whether
it's enabled or disabled. If you disabled this object, for example, you wouldn't be able
to log into MetaView any more. (So you'd better not do that, then.)
Note: Enabling or disabling objects sometimes takes time, which is why there’s both a Requested
status (what you’ve most recently asked for) and an Actual status (the current state of play).
2. There's one field here that's completely safe to play with: the User description. The
description is just for your own reference, and doesn't have any impact on the running
system at all.
50 CONFIDENTIAL
So, click in the text box next to User description, ready to edit it.
3. Before you type anything, take a look at the Help pane at the bottom of the window - the
one numbered 4 in this screenshot:
See
how it's scrolled to an explanation of the User description field? Every time you go to a
field in MetaView Explorer, you'll be offered real-time help. I wish the whole of life worked
that way.
Note: Pro tip! If you want to see the help for a field without actually editing it, just click the field’s
name. That’s particularly useful if the field is something like a checkbox, which would change
as soon as you clicked on it. For example, to see the help for Password expiry period (days),
you could click here:
4. Now, the Help pane tells us we can have up to 64 characters in the User description, so
go ahead - type in a few more. Type your message to the world! Or if you don't have a
message to the world, just go for "asdf qwerty".
5. Take a look now underneath the Tree and Details panes, and you'll find the following
toolbar:
As soon as you make a change to a field, the Apply and Cancel buttons light up. Go on!
Press Apply.
6. Everything goes gray, and the mouse pointer turns into an hourglass. Don't worry. Your PC
is just sending the information to the MetaView Server. After a couple of seconds, things
will be back to normal - and your change has been made.
Note: If you made a mistake when changing a field, you can always press Cancel, which does
exactly what you expect it to. We'll look at the other buttons on that toolbar in later Tasks and
Lessons.
Checkpoint: You now know how to change fields in a configuration object.
CONFIDENTIAL 51
Task 3: Copy and paste configuration

Sometimes when you're working with an object, you might want to copy some configuration
into a document or en email. Or, going the other way, you might want to paste a piece of
configuration from wherever you've noted it down.
Unfortunately, MetaView Explorer doesn't have "Copy" and "Paste" toolbar buttons, or even
options on an Edit menu. But you can still do it... if you know how.
Note: The computing world splits into two tribes: people who like to use the keyboard, and people
who like to use the mouse. If you're a keyboard kind of a person, you're going to find this
Task ridiculously straightforward. But bear with me - not everyone has the same level of
keyboard-fu.
1. Let's practice copying the User description out of the Details pane. Start by highlighting
the description in the normal way (by dragging the mouse over it).
2. Now, the magic thing you have to Just Know... hold down Ctrl and press C.
3. That's it! You've copied the description onto the clipboard. Prove it to yourself by pasting it
into Notepad, or anywhere else that takes your fancy.
4. Now let's go the other way. Working in Notepad, remove the words you added to the
description in the previous Task - and then, copy the whole revised description back onto
the clipboard.
5. Back in MetaView Explorer, go to the User description box and delete its contents, ready
to receive the pasted-in entry.
6. Get ready for another magic keystroke... this time, hold down Ctrl and press V.
7. In the toolbar underneath the Tree and Details panes, press Apply.
So to recap, that's Ctrl+C to copy, Ctrl+V to paste. Simple when you know how!
Did you know? It's easy to see that C stands for Copy, but why's it V for Paste?
According to the designers of the Apple Mac - who popularized this convention back in the
1980's - it's just because the C and V keys are next to each other.
Note: If you prefer, you can use Ctrl+Insert for Copy and Shift+Insert for Paste.
Task 4: Copy a whole object

While we're thinking about copying and pasting, here's a quick power tip. Sometimes, you'll
find yourself wanting to share configuration with your colleagues, or even with Metaswitch
support - perhaps in an email. You could take a screenshot, but you'd look like a newbie.
Here's the old-timers' way.
1. Look at the toolbar below the Tree and Details panes, and click the Output button:
2. When you see this dialog box, just press OK.
52 CONFIDENTIAL
3. Go to your email client, start a new message and press Paste. Job done!
Note: As the screenshot above shows, you can alternatively choose to save the output to a file. I
won't walk you through that process - if you ever want to do it, I'm sure you'll figure it out.
You'll see that the pasted output contains a handy plaintext representation of everything you
can see in the Details pane. (There's also a preamble filled with technical information, which
will be useful if you ever need to use this technique when working with Metaswitch support.)
Checkpoint: That's it! You now know all you need to know to get started with MetaView
Explorer. We'll explore some more details of the user interface during the course of future
lessons, but for now... let's take a look at another important admin tool.
CONFIDENTIAL 53
54
CONFIDENTIAL
Connect to the Craft terminal
About the Craft terminal
As we've already seen, most of the time you're working with your Metaswitch system, you'll
be using MetaView Explorer. But for some particularly low-level configuration, you'll need to
drop out of MetaView and get up close and personal with your servers. That's what the Craft
terminal is for.
Did you know? Craft terminals get their name from craft personnel - telecoms jargon
for "field engineers". And why are they called craft personnel? Actually, I've no idea. If you
can solve the mystery, do write in to let me know.
A Craft terminal, in the sense that we use the term, isn't an actual physical piece of hardware.
It's just a text-based console, a little bit like a UNIX shell or DOS command prompt - though
unlike either of those examples it's menu-based. We'll learn much more about how to use Craft
in the next Lesson.
If you really need to, you can connect to the Craft terminal using a serial cable. For example,
you'd do that if you had a major networking problem which stopped you getting access in any
other way. In normal operation, though, there's a simpler approach - and that's what we'll be
learning now.
About PuTTY
To connect to the Craft terminal the easy way, there are a couple of things you'll have to get
together.
First of all, you need a PC to act as your screen and keyboard. The one you're using for
MetaView Explorer is usually fine.
And on that PC, you'll need an SSH client. (Just in case you're not familiar with SSH, it's the
"secure shell" protocol, designed as a safe way to manage connections to important machines.)
On Windows, we recommend PuTTY, an excellent tool that's free to download. I'll tell you how
to download PuTTY in Task 1.
Note: Just for this Lesson, I'm assuming you're on a PC running Windows. If you use Linux or
some other UNIX variant, the chances are you already have an SSH client installed. And
even on Windows, if you've already got a favorite SSH tool, do feel free to use that instead!
It's still worth reading through these instructions, though, to pick up details of the specific
configuration you'll need to replicate in your client.
You'll also need to know your Craft login name and password. Unfortunately, these aren't the
same as the MetaView login name and password you've been using up to now. But hold that
thought; I'll talk more about it when the moment comes.
Start here
• download and install the SSH client, PuTTY
• log onto the Craft terminal for the first time.
CONFIDENTIAL 55
Task 1: Download and install PuTTY

Remember, you don't have to use PuTTY. If you already have an SSH client installed, it's fine
to stick with it. But if you don't... then here's how to get one.
1. The easiest way to find PuTTY is to go to www.putty.org.
2. Once you're at the website, follow the first link at the top of the page. Don't get distracted
by the other links further down - this is the one you want:
3. Once you're on the download page, you'll have a dazzling array of options to choose from.
Look for the "Windows installer for everything except PuTTYtel", which at time of writing
was called putty-0.63-installer.exe. (That name will presumably change if a new
version comes out, though PuTTY's been very stable for quite some time.)
4. Download and install it. You don't need any instructions for this, do you? Just run the
installer and follow your nose.
Checkpoint: You now have PuTTY installed and ready to run on your PC.
Task 2: Log onto Craft for the first time

Now that PuTTY is installed, it's time to practice logging into the Craft terminal. Before we do
that, though, there's one important point to understand.
56 CONFIDENTIAL
In previous Lessons, we've been using MetaView Explorer for an integrated view of your whole
Metaswitch system. From a single MetaView Explorer window, you can configure both your
Call Feature Server and your Unified Media Gateway... and a whole lot more besides.
In contrast, when you use the Craft terminal, you're working just that little bit "closer to the
metal". So, with Craft, you need to log on to a specific piece of hardware - your Call Feature
Server, your Unified Media Gateway, and so on.
For the purposes of this example, let's log onto the Craft terminal for your MetaView Server.
(In case you're wondering, I've chosen the MetaView Server because it's the one piece of
equipment which absolutely any Metaswitch system contains.)
1. Start PuTTY - from the desktop, Start menu, or wherever you chose to put it. You'll see
this screen.
2. Type the IP address of your MetaView Server into the box labeled Host Name (or IP
address), right at the top.
Warning! Don’t press Enter yet! If you accidentally do, then close the window which appears and start
this task again.
Note: If your MetaView Server has a hostname configured in DNS, then of course you can type
that instead of the IP address. But most people don’t bother to configure hostnames, so I’ll
assume you’re using IP addresses for the rest of this lesson.
3. The SSH radio button will be selected already...
CONFIDENTIAL 57
If you accidentally change it, just set it back to SSH. You'll notice the Port goes back to
22 as well.
4. Now we'll make a small configuration tweak, which will make your life a whole lot easier
later on. In the expanding tree on the left, click Window - and then change the number next
to Lines of scrollback to 10000 (ten thousand). Like this:
This change increases the size of PuTTY's buffer, so that you can scroll back through a
larger amount of output.
5. Back in the tree on the left-hand side, click Session again. You'll be back at the main
window.
6. Now let's save these settings, so you don't have to re-do them next time. Type a descriptive
name (for example, "MetaView Server") into the box below the words Saved Sessions, and
press Save:
58 CONFIDENTIAL
7. Finally, double-click the name of your new saved session to start connecting. (You could
also click Open, but double-clicking the saved session is the quick way to do it next time.
You may as well get into the habit now.)
8. You'll see a message like this one.
This message is lengthy, but it is important... so let's take a moment to understand what it
means. Every time you use PuTTY to connect to a server, that server sends PuTTY a so-
CONFIDENTIAL 59
called host key. Think of the host key as an ID card. It belongs exclusively to that server,
and it's difficult for anyone else to fake it or copy it.
Because this is the first time you've connected to this server, PuTTY's never seen its ID
card before. The dialog box is just warning you that the server looks new. You'll see the
message again each time you connect to a server for the first time, and any time you start
using a different copy of PuTTY on a different PC.
Of course, that's exactly what we're doing right now, so just click Yes.
Warning! If you ever see this message when you’re not expecting it, click No and investigate. It might
mean your network’s been compromised.
9. Next, a new window opens, looking like this:
Kinda terse, isn't it?

Go ahead and type your Craft login name (followed by Enter, of course). Then, when it
prompts you, type your password.
Remember, your Craft login name and password are different from your MetaView login
name and password. You might even have different Craft login details for different servers,
though newly-delivered systems aren't set up that way.
Don't know your login name and password? You can reset them using MetaView Explorer.
Change a Craft terminal user’s password on page 331 tells you how.
10. After you've typed your password (assuming you've got it right!), you'll be asked a question
similar to this one. Don't worry if the wording isn't exactly the same:
Do you want to run the MetaView Server craft scripts, the Install
Server craft scripts, the VPN craft scripts or the MetaView
Service Assurance Server craft scripts? (m/i/v/s)
I'll explain what that's all about later on. For now, just type m and press Enter.
11. You'll see what's recognizably a main menu. You're logged on to Craft!
The procedure we've learned in this Lesson works equally well when you're connecting to
other types of server. For example, if you want to connect to the Craft terminal on a Call Feature
Server, you'd do exactly the same things - with the obvious exception that you'd connect to
the Call Feature Server's virtual IP address.
Note: If you've forgotten what the virtual IP address is, or why it's the right one to use, take a
look at Understand hardware and software redundancy on page 87. (Very occasionally, it
isn't the right one to use - but those cases are rare. I'll highlight them clearly whenever we
come across them in this guide.)
Checkpoint: You now know how to log on to the Craft terminal, and access its menu system.
In the next Lesson, we'll take a quick tour round the menus.
60 CONFIDENTIAL
Find your way around Craft
Introduction
As you learned in the previous Lesson, the Craft terminal is a simple text-based interface for
low-level configuration of your Metaswitch servers. We'll be returning to the Craft terminal from
time to time throughout this guide - so in this Lesson, let's make sure you feel familiar with it
when we do.
Start here
• move through the Craft menu system
• practice running a simple command
• make use of a power-user tip, which can save you time if you use Craft frequently.
Task 1: Browse the menus and select a command

1. This Lesson follows on from the previous one. Just to check we're on the same page, you
should be looking at the Main menu for your MetaView Server's Craft terminal. It'll be like
this:
[Main] [=]
Select a command group or command
Press ENTER to refresh
0 Exit < Log off the craft menu
1 Admin > Administrator function
2 Software > View / Upgrade MetaView Server software
3 Diagnostics > Retrieve Diagnostic Information
Did you know? If you’re under the age of 40, you might not realize that all computer
software used to use text menus like this one. Oh, happy days.
2. First of all, let's go into the Admin sub-menu. We can tell that the Admin option leads to a
sub-menu, because it's got a > character next to its name.
The Admin option is number 1, so type 1 and press Enter. You'll see this.
[Main->Admin] [=1]
Administrator function
0 Back < Back to previous menu
1 Start MetaView Server Starts the MetaView Server
2 Stop MetaView Server Stops the MetaView Server
3 Backup/Restore > Manage backed up configuration and
data files
4 Time > Manage the time, date and NTP servers
CONFIDENTIAL 61
5 Sort Locale > Query and set the locale for

database sorting
6 Manage Certificates > Displays Certificate Details
7 Manage System info > Get and Set the System Info
8 External Authentication > Manage External Authentication
9 Priority modes > View and change the priority mode
10 Ethernet > Manage backup ethernet port
11 DNS Settings > Manage DNS settings
12 Standby > Manage standby configuration
13 Automatic Recovery > Manage automatic recovery configuration
14 Shutdown MetaView Server Shuts down the MetaView Server
15 Reboot MetaView Server Reboots the MetaView Server
3. Whoa! There are some scary options here... like number 14, Shutdown MetaView
Server. Because that doesn't have a > next to it, we know that's not a sub-menu, but a
command that'll have immediate effect. We'd better stay away from that one.
Instead, let's go into the Time sub-menu. See what to do? Time is option 4, so type 4
and press Enter.
[Main->Admin->Time] [=1 4]
Manage the time, date and NTP servers
1 List NTP Servers List NTP Servers configured on this system
2 Query NTP Servers Query NTP Servers configured on this system
3 Update NTP servers > Update NTP Servers configured on this
MetaView Server
4 Set time/date Set the time and date of the MetaView
Server
5 Manage Timezone > Query and Set Local Timezone
4. It's time we actually ran a command. The first one, List NTP Servers, is completely
safe to use on a live system - it just prints out an item of configuration.
List NTP Servers is option 1. You know how to select it by now, don't you? Go right
ahead, and you'll see this.
List NTP Servers
List NTP servers configured on this system
Please verify that this command is correct
1 *OK Execute this command
2 Cancel Cancel this operation
5. Craft is a powerful system, so it always asks you to check your choices, even for something
as harmless as this. The asterisk next to OK means that's the default choice, so just press
Enter to confirm.
62 CONFIDENTIAL
6. You'll see the list of configured NTP servers (they help your system tell the time, in case
you're wondering), followed by a prompt to press Enter.
OK, I admit it - this is an anti-climax, because List NTP Servers is such an uninteresting
command. But imagine something important was happening, like a server restarting or a
major upgrade taking place. If that's what we'd chosen, we'd probably see quite a lot of
output whizzing by, with the prompt to press Enter signaling the point when the process
is complete.
Press Enter now. You'll find you're back at the Time menu again:
Manage the time, date and NTP servers
1 List NTP Servers List NTP Servers configured on this system
2 Query NTP Servers Query NTP Servers configured on this system
3 Update NTP servers > Update NTP Servers configured on this
MetaView Server
4 Set time/date Set the time and date of the MetaView
Server
5 Manage Timezone > Query and Set Local Timezone
7. Before we carry on, let's pause to look at the very top of that menu... the line which says
[Main->Admin->Time].
As you work through the Craft system, you'll always have a reminder of exactly where in the
menu system you've got to. In this case, we started at the Main menu, drilled down into
the Admin sub-menu, and then the Time menu after that.
8. Suppose now we're finished with Time, and want to go back up one level to Admin. It's
easy to remember how to do that, because it's always option 0. (The < character you see
next to option 0 is a reminder that it takes you "back", or "up", a level.)
Type 0 and press Enter now. The Admin menu will re-display.
9. Let's try a little test. From the Admin menu, go into the Priority Modes sub-menu. This
time, I won't tell you how... but if you see the following, you've got it right:
[Main->Admin->Priority modes] [=1 9]
View and change the priority mode
1 View priority mode View the current priority mode
2 Change priority mode Changes the priority mode
10. Managed that? Of course you did. And that's all there is to it... by now, you pretty much
know how to use the Craft terminal.
Checkpoint: You now know how to navigate the Craft menus, select and run a command.
Task 2: Learn about shortcut codes

While you were working through the previous Task, did you spot the numbers that appear at
the top of each Craft menu? Here are some examples...
CONFIDENTIAL 63
[Main->Admin] [=1]
[Main->Admin->Priority modes] [=1 9]
1. If you like puzzles, see if you can work out what the numbers are for before you read on.
Ready for the answer?
The numbers record the sequence of keystrokes needed to get to that point in the Craft
menu. As we'll see in the next Task, the initial = takes you to the Main menu. Then 1 takes
you to the Admin menu; another 4 takes you to the Time menu, and so on.
2. In fact, you can use these codes as an express route round the Craft system. So if you
wanted to go back to the Time menu, you could type =1 4 (all on one line) and press
Enter. Go ahead - try it now.
That code works no matter where you start from, because the initial = always returns you
to the Main menu.
Warning! The space is important! =1 4 is option 1 followed by option 4; =14 is option 14.
I won't use the shortcut codes in the rest of this guide, because they're a hassle to remember
and don't save all that much time compared to navigating the menus. But still, if there's a
particular option you find you use repeatedly, you might want to jot down the code and use it
as a quick way to get there.
Task 3: Log out from the Craft terminal

When you've finished using the Craft terminal, it's good practice to log out. It means an intruder
can't get access to the system using your login; and just as importantly, it means you can't
accidentally shut down your system by typing random garbage into the wrong window.
1. The logout option is on the Main menu. You could get back to the Main menu by selecting
0 repeatedly, but there's actually a handy shortcut.
Press =, then Enter. The Main menu displays.
2. As you'll see, when you're at the Main menu, option 0 changes from Back to Exit. So
press 0, then Enter.
3. You'll be logged out. The window you're using may close, but if it doesn't, you can close it
now. And it really is as simple as that.
Checkpoint: You now know pretty much all you need to know about using Craft! We'll be
logging in again in future Lessons.
64 CONFIDENTIAL
Transfer files to and from a server
About SFTP
A few of the tasks you'll find in this guide involve copying files to and from your Metaswitch
equipment. For example, you might need to download a diagnostic file from your Call Feature
Server to help get to the bottom of a problem.
You may be familiar with the File Transfer Protocol, or FTP, as a way of moving data between
servers. Metaswitch products use an improved version of FTP, called Secure FTP or SFTP,
to do the same job.
Remember how, in order to access the Craft terminal, you needed to download an SSH client?
In the same way, to access SFTP you'll need to find an SFTP client. We at Metaswitch
recommend a free tool called WinSCP... and I'll show you how to download and use it in this
Lesson.
Note: For the rest of this lesson, I'll assume you're taking our advice and using WinSCP. But if
you already have a favorite SFTP client, do feel free to use that one instead. If you're using
Linux or another UNIX variant, you may well already have a tool called sftp installed, but
you should still read through this Lesson for important information about login names and
passwords.
Start here
• download and install WinSCP
• use it to log on to a Metaswitch server
• practice copying a sample file over onto that server.
Task 1: Download and install WinSCP

1. Go to WinSCP's official website at http://winscp.net.
2. Find the most recent version of WinSCP for Windows.
WinSCP's website seems to change quite often, so I can't give exact instructions here.
But you're looking for a download page, and then the "installation package" for the most
recent version.
3. Download and install WinSCP. As usual, I assume you know what you're doing here! The
"typical installation" is fine.
Towards the end of the installation process, you'll be asked which "user interface style" you
want to use. If you're a fan of software like Norton Commander, then feel free to choose
the Commander option. Otherwise, go for Explorer. I'll assume you chose Explorer for the
rest of this lesson.
4. If it asks you the following:
CONFIDENTIAL 65
...select Cancel. Although it seems like this is a time-saving option, you'd actually need to
tinker with the configuration it imports, so it's really simpler to begin from scratch.
Checkpoint: You now have WinSCP installed and ready to run.
Task 2: Log on to SFTP for the first time

Because you've already worked through Connect to the Craft terminal on page 55l, where
you used PuTTY to log on to Craft, the logon interface in WinSCP will seem quite familiar. Still,
let's go through it step by step.
Once again, you need to take care to log into the right server. In this example, we'll log into
your MetaView Server - just like we did for Craft, back in Connect to the Craft terminal on page
55l. Apart from anything else, you probably already have its IP address and login details
handy.
1. Run WinSCP (from the Start menu, desktop, or wherever you chose to put it). You'll see
this window.
2. Fill in this dialog as follows.

• Make sure the File protocol is set to SFTP.
• In the box labeled Host name, type the IP address of your MetaView Server (or you can
use its hostname, if it has one).
• Leave the Port number set to 22.
• In the box labeled User name, type your Craft user name for the MetaView Server.
This is the same one you used in Connect to the Craft terminal on page 55... SFTP
access uses the same user name and password as Craft.
• Leave the Password blank for now. For security reasons, it's best not to save the
password together with the rest of the configuration. You'll have another chance to
enter it later.
3. We could just go ahead and click Login, but let's take a few seconds to make your future
life easier. Click the Save As... button, and you'll see something like the following:
66 CONFIDENTIAL
As you've no doubt worked out, you're saving the configuration details you've just entered,
for easy access next time round. Type an easier-to-recognize Site name (for instance,
"MetaView Server"), then click OK.
4. You're back at the main window, like this. Notice that your new entry has appeared in the
list on the left-hand side.
5. Double-click the name (MetaView Server in our example) to begin connecting.

6. After a moment, you'll be prompted for your password:
CONFIDENTIAL 67
Enter the password for your Craft account - the same as you used in Connect to the Craft
terminal on page 55 - and press Enter.
7. After another couple of moments, a window like this one will appear. You're logged in!
Checkpoint: You've logged into the server using SFTP, and you're ready to copy files.
68 CONFIDENTIAL
Task 3: Copy files to and from your server
Successfully logging in to SFTP is definitely the complicated part. Assuming you're accustomed
to Windows Explorer, the process of actually copying files is so straightforward, it's hardly
worth covering at all.
But I'm a completist at heart, so let's run through it quickly. First, we'll see how to copy a file
to your MetaView Server.
1. Pick a suitable example file to copy over, somewhere on your PC. Something like a small
text file is ideal. (Obviously, we're about to upload it to a place where someone else might
see it, so don't choose a spreadsheet of all your employee's salaries or a particularly
embarrassing photo.)
2. Using Windows Explorer, get the icon for that file ready in a window, just as though you
were about to copy it over to somewhere else on your PC.
3. Back in WinSCP now, choose somewhere to copy the file to. You'll already have noticed
that there's a list of directories down the left-hand side of the window; every time we need
to use WinSCP, we'll tell you which of these directories you should click into.
More often than not, it's the one called EMSftp, so let's use that as an example. Single-
click on EMSftp in the tree-view on the left, and the directory will open up in the big panel
on the right.
4. Drag the file you chose from Windows Explorer into the right-hand panel on WinSCP (taking
care it doesn't "land on" a folder icon, otherwise you'll accidentally put it in that folder).
5. You'll see a dialog box like this one.
CONFIDENTIAL 69
All the defaults are fine. Just click OK.

6. After a short while, the transfer will complete and you'll see the file you copied appear in the
WinSCP display. That's the job done!
7. Needless to say, you can also copy a file in the other direction, from the server onto your
own PC. I'll leave that process as an exercise for the reader.
8. To tidy up the file you copied over, right-click on it in WinSCP, and select Delete.
9. And when you're done... just close the WinSCP window, and confirm when prompted to
log out.
Checkpoint: You know how to copy files to and from a server using SFTP. You'll be using this
technique from time to time during future Lessons.
70 CONFIDENTIAL
Take a manual backup
Introduction
And now, it's the moment you've been waiting for! We're going to talk about backups! In
this Lesson, you'll be working with the coolest, most innovative features of your Metaswitch
software, and you'll have more fun than you've had since that time when...
...oh, all right. We all know that backups are extremely dull. But we also know that they're
essential, so let's just knuckle down, and I promise I'll get it over with as quickly as I possibly
can.
Arguably, there are two different types of backups. There are ones you take routinely, every day
perhaps, just in case something terrible happens. Those are automatic backups, and we'll
talk about them in the next Lesson.
But occasionally, you'll take a special backup for a specific purpose - before you make a big
configuration change, let's say. That's a manual backup, and we'll see how to do one of
those right now.
Note: Running a manual backup is also a great way to hone and reinforce your skills with the Craft
terminal and SFTP client. So please don't skip this Lesson, even if you're planning to come
back to it later.
Start here
• use the Craft terminal to take a manual backup
• use your SFTP client (such as WinSCP) to copy the backup file for safekeeping.
Task 1: Carry out the backup

Taking a manual backup is pretty easy to do. But we'll run through it slowly, since it's the first
time you've used the Craft terminal in anger.
Warning! To keep this as specific as possible, I'll talk you through backing up a particular server -
the Call Feature Server in this example. But it's important to understand that this is just an
example, and you'll need to repeat the process for the other equipment in your deployment.
I'll come back to that point in Task 3.
1. Log in to the Craft terminal on your Call Feature Server (or Integrated Softswitch). You
learned how to do that back in Connect to the Craft terminal on page 55. Here are the
main points:
• This is probably the first time you've connected to Craft on your Call Feature Server,
so you'll need to set it up in PuTTY (or whatever SSH client you're using). Remember
to save your configuration so you can use it again next time! You'll love yourself for it.
• The username and password for your Call Feature Server's Craft terminal are separate
from the one you used for your MetaView Server's Craft terminal. (They might be the
same, of course, but they're still separate.) If you don't know the login details and
there's nobody you can ask, see Change a Craft terminal user’s password on page
331 for a way to reset them.
2. Managed to log on? You should be looking at a menu like this one:
CONFIDENTIAL 71
[Main] [=]
1 Admin > Administrator Function
2 Software > Update Integrated Softswitch Software
3 Diagnostics > Retrieve Diagnostic Information
3. From the Main menu, select Admin. Refer back to Find your way around Craft on page
61 if you're not quite sure how to navigate the menu system.
4. At the Admin menu, select Backups - it's one of the first options in a very long menu, so
you may need to scroll back to find it!
5. Then from the next menu, select Backup data (named snapshot). "Named snapshot"
is what Craft calls a manual backup.
Note: If you get lost in the menu system at any time, remember you can just type = (followed by
Enter) to go back to the Main menu and start again.
6. The Craft terminal will now ask two questions, to set parameters for the backup you're
about to create. The first question's a straightforward one:
Enter a filename for the backup file?
7. Pick any filename you want, like my_test_backup. (Best to avoid spaces and other funny
characters - that's just asking for trouble.) You might want to incorporate the date, to make
it easy to tell when you backed up the file.
Type in your chosen filename and press Enter.
8. Here's the next and final question:
Where would you like to store the backup file?
1 *Local backup (FTP snapshot directory)
2 Remote backup (Install Server)
9. Choosing a "local backup" is straightforward - it zips up a file and sticks it on the disk of
the machine you're working on. Obviously, that's not much of a backup unless you also
download a copy to keep somewhere else.
Choosing a "remote backup" copies the file to another place. I'll talk more about that in the
next Lesson.
For now, we'll back up locally. The asterisk tells us that's the default option, so you can
simply press Enter.
10. Craft is now ready to run the command. But Craft is always cautious, so it plays back the
information you entered and asks you to confirm:
Please verify that this command is correct
1 *OK Execute this command
2 Cancel Cancel this operation
3 Modify Modify the parameters of this command
72 CONFIDENTIAL
11. Check the details over - that's a great habit to get into! - and assuming things are fine,
select OK.
If by any chance you made a mistake, just choose Modify and run through the questions
again.
12. Surprise! It turns out that Craft actually has one more question.
The current encryption key is iK7sLprK9fooZ/}x
Do you want to generate a new encryption key? Enter 'newkey'
(case sensitive)to generate a new key. Any other input will keep
the current key.
Note: the current encryption key will still be required to restore
backups already taken using it.
13. Now, pay attention, because this is really important. Backups made by your Call Feature
Server are encrypted, and you can't restore the backup unless you have the encryption
key.
So if you don't already have a copy of the key, note it down now! Copying and pasting it
out of the Craft window is probably the safest way.
Warning! Preserving the encryption key is as important as preserving the backup itself. It cannot be
recovered, even by Metaswitch, and the backup is useless without it.
14. To save you from having to note down the encryption key each time, it stays the same for
each backup - unless you choose to change it. If you do change it, your Call Feature Server
will generate a new, random key and show it to you.
We don't want to change the key right now, so just press Enter. And when Craft repeats
the warning I've just given you, press Enter again.
15. Craft will start the backup, and will then go quiet for a while. Don't worry, it's working hard
under the covers. Go and make yourself a cup of coffee.
16. When you come back, this message should be waiting for you:
Named snapshot was backed up successfully.
Result: The command has completed successfully.
17. Excellent! Press Enter to go back to the Craft terminal menus.
You've finished with the Craft terminal, so it's good practice to log out. Take another look
at Find your way around Craft on page 61 if you don't remember how.
Checkpoint: You've now got a backup of your Call Feature Server packed into a file, and stored
on the Call Feature Server's own disk.
Task 2: Retrieve and preserve the backup

It's all very well to have a backup stored on your server, and there are times when it could
get you out of jail - for example, if you accidentally delete an important piece of configuration.
Really, though, there's not much point taking a backup unless you keep a copy somewhere
else. So in this Task, we'll retrieve the file you just created and store it on your PC.
We'll use SFTP for this. Not sure you know what that means? Re-read Transfer files to and from
a server on page 65 before you carry on.
1. Start WinSCP, or whatever other SFTP client you're using, and log on to the Call Feature
Server. Transfer files to and from a server on page 65 told you how to do that, so I won't
CONFIDENTIAL 73
repeat the instructions here - but do remember you're connecting to a different server now,
so you'll need to set up new configuration in your SFTP client.
2. Once you're logged on, in the tree pane on the left, click Snapshots. "Snapshot", here, is
just another word for "backup".
3. Look for the backup with the filename you picked in the previous Task.
Note: If you’re surprised to find any other files in the Snapshots directory, the chances are they’re
automatic backups. Don’t worry; we’ll talk about those in the next Lesson.
4. Drag your backup over into a folder on your own PC. It'll be several megabytes in size, so
this'll take a while. In WinSCP, if you want to see how big the file is before you copy it, you
can right-click the icon and select Properties.
5. As usual, it's good practice to log out of SFTP once you're done.
Checkpoint: You've got a copy of the backup file on your own PC. From here, of course, you
could copy it onto a tape, or transfer it to an off-site location for safekeeping.
Task 3: Repeat for other servers

OK, I don't expect you actually to work through this final Task. But it's important to point out
that you've only backed up your Call Feature Server - not, for example, your MetaView Server,
or any other part of your deployment.
So if you were going to take a complete manual backup, here's what you'd do:
1. Repeat Task 1 above, until you've done it for each and every one of your servers.
You'll run into a few minor differences, depending on the server type. For example, the Craft
menu item called Backups is sometimes called Backup/Restore, and not all servers
use an encryption key.
When you come to your MetaView Server, it will ask you one extra question: whether you
want to back up all your data or just part of it. Needless to say, the simplest (and safest)
thing is to back up everything. If you have an unusually large system and need to think
about saving storage space, you might choose just a subset.
2. Repeat Task 2 above, until you've downloaded all the backup files to a safe location.
Checkpoint: You can now bask in the warm glow which only comes from knowing your backups
are 100% complete. But you'll get an even warmer glow if you know your backups are being
kept complete automatically - and that's the theme of the next Lesson.
74 CONFIDENTIAL
Set up automatic backups
Introduction
You now know how to take a manual backup, but you obviously shouldn't rely on that technique
to keep your data safe - not least because you'll never have the discipline to do it often enough.
In this Lesson, I'll work through the process of configuring automatic backups, which run in the
background according to a pre-set schedule.
Working out a backup strategy

Let's think about the previous Lesson again. Do you remember how the Craft terminal asked
you this question?
Where would you like to store the backup file?
1 *Local backup (FTP snapshot directory)
2 Remote backup (Install Server)
We chose to take a local backup, where each server bundles up a copy of itself onto its own
disk. And although we took those particular backups manually, it's equally possible to set them
up to run on schedule.
So you could back up your system this way:
• configure each server to make a local backup to its own hard disk
• use a script which connects to each server in turn, and downloads a copy of the local
backup it made.
That's a perfectly viable strategy - and if you want to do it that way, do feel free.
But most people choose a different approach. In the last Lesson, I briefly mentioned a remote
backup, which copies the file to "somewhere else". That "somewhere" is, basically, your
MetaView Server.
So here's how the alternative option works:
• configure each server to make a remote backup to the MetaView Server
• use a script to download all those backups, in one go, from the same place.
A diagram might make it clearer...
CONFIDENTIAL 75
As well as making it easier to download the files, this also has the advantage that if (say) just
your Call Feature Server fails, you don't have to haul your backup back from some off-site
location. There's already a copy right there on your MetaView Server.
Because this is the most popular arrangement, it's the one I'll walk you through in this Lesson.
Start here
• decide on a backup schedule
• configure all your servers to make scheduled backups onto your MetaView Server
• find out how to download the backups for off-site storage or other safekeeping.
Warning! Towards the end of this Lesson, you'll need to know the password for your msbackup
account. This is a special account, with a fixed password; there's no way to reset or change
it. If you don't know the password - and nobody else in your organization knows it - then
you'll need to ask your Metaswitch support rep for help. I'd suggest you do that now, to
avoid running into a brick wall later.
Task 1: Pick a backup time

Before you begin this process in earnest, take a moment to decide when you want to run your
backups each day. This is a relatively major decision. You'll be configuring the time in numerous
places, so it's more than usually painful if you change your mind!
Running a backup doesn't interrupt your service, but it does place some load on your system.
Most people choose to do the backup during the quietest part of the day, often in the early
morning. But of course, other factors may influence the choice in your particular environment.
Once you've chosen the general time of day, choose a specific time to back up each of your
servers, at 15-minute intervals from each other. While you want the backups all to run at a
reasonably consistent time, you don't want them to be absolutely simultaneous - doing that
would quickly flood your network with data.
Checkpoint: You've decided on the exact time you want each backup to run. If you're at all like
me, you'll have written them down so you can't get confused about them.
Task 2: Configure an automatic backup

We'll need to configure an automatic backup on each of your different servers. But we have
to start somewhere, so let's begin with your Call Feature Server (or Integrated Softswitch, of
course).
You'll have a strong sense of deja vu during this Task: it's very similar to the previous Lesson.
So I'll trot through the first few steps in double-quick time.
1. Just like in the last Lesson, log in to the Craft terminal on your Call Feature Server.
2. Again like the last Lesson, choose Admin and then Backups. You should be here:
[Main->Admin->Backups] [=1 2]
Manage backed up system and configuration files
1 Backup data (named snapshot) Save system/config files named
snapshot
76 CONFIDENTIAL
2 Backup data (autosave) Save system/config files on
regular schedule
3 Restore config Load config files from a saved
backup
4 Restore system Load system/config files from a
saved backup
5 List backup files List previously saved backup files
6 Delete backup file Delete previously saved backup file
7 View autosave schedule View backup autosave schedule
8 Cancel autosave schedule Cancel backup autosave schedule
3. Unlike the last Lesson, choose Backup data (autosave).
4. You'll have guessed what happens next... Craft asks you some questions. Here's what
you'll see, and what you'll need to type in:
• Enter the time between backup attempts - the word "attempts" here is
kind-of misleading; it's just asking how often you want to take a backup, measured in
minutes. To save you doing the sum, 24 hours is 1440 minutes. So, assuming you want
a daily backup, type 1440.
• Enter the start time for backups - type in the time you chose for this server
in Task 1, in hh:mm format. For example, 00:30, or 02:45, or even 18:00 (though it
would be odd indeed to schedule a backup for 6 in the evening).
• Where would you like to store the backup file? - to implement the
strategy discussed up at the top of this Lesson, choose Remote backup (Install
Server).
Note: Why does it say “Install Server” rather than “MetaView Server”? The short answer is:
it’s historical, don’t worry about it. The longer answer’s that in days gone by, there was
a separate piece of hardware called the Install Server. Nowadays, it’s to all intents and
purposes been merged with the MetaView Server, but it’s theoretically still separate software
and the old terminology occasionally pokes though.
If you’re wondering why you don’t need to type in an IP address for your MetaView Server (or
Install Server), it’s because that’s one of the core pieces of configuration specified when your
system was first set up.
5. Craft will play back your answers, and ask you to confirm. Check them over and, if
everything's correct, select OK.
6. Just like during the previous Lesson, the Call Feature Server will remind you of the encryption
key and ask if you want to change it. Press Enter a couple of times to keep the old one.
Warning! It’s vitally important to keep a record of the encryption key. If you didn’t already know that,
go back to Take a manual backup on page 71! You’re risking ending up with an unusable
backup if you don’t understand this issue.
7. You'll see the following.

Autosave scheduled on processor A. Now trying processor B...
Autosave scheduled successfully.
8. That's your sign that it's all gone to plan. Press Enter to get back to the Backups menu.
CONFIDENTIAL 77
9. You've actually finished what you need to do. But while we're here, we might as well see
how to double-check the schedule you've set - just in case you want to confirm it in the
future.
From the Backups menu, choose View autosave schedule (and then, as always,
pick OK to confirm). You'll see something like this:
Checking processor A
Backup autosave is scheduled - parameters below.
Autosave backup interval (mins): 1440
Autosave backup start time: 3:45
Backed up files stored remotely (Install Server)
Current encryption key: `iK7sLprK9fooZ/}x`
Checking processor B
Backup autosave is scheduled - parameters below.
Autosave backup interval (mins): 1440
Autosave backup start time: 3:45
Backed up files stored remotely (Install Server)
Current encryption key: `iK7sLprK9fooZ/}x`
10. That's pretty self-explanatory... but why does it list everything twice? Because, as I explained
in Understand hardware and software redundancy on page 87, your Call Feature Server
is made up of a redundant pair of processors. Under the covers, the backup schedule's
configured separately on each processor - so for added reassurance, Craft shows you
both.
11. You've now finished with the Craft terminal on your Call Feature Server. As usual, it's a
good idea to log out.
Checkpoint: You've configured an automatic daily backup on your Call Feature Server, and it's
set to copy the backed-up data to your MetaView Server.
Task 3: Configure more automatic backups

In Task 2, you configured an automatic backup for one of your servers - a Call Feature Server
(or Integrated Softswitch). As I warned you at the start of that Task, that's just the beginning.
You'll need to configure a similar backup on each of your other servers.
It feels like there's a lot of work here, but take heart! Now that you know the procedure, it only
takes a couple of minutes to do each time.
1. Repeat Task 2 on any additional Call Feature Servers or Integrated Softswitches you have.
2. Repeat Task 2 for each Universal Media Gateway you have.
3. Repeat Task 2 for each CH6000 chassis you have. (When you perform this step, you'll be
logging into the chassis' Shelf Manager; see Get to know your hardware on page 91 for
a reminder of what that means.)
4. Repeat Task 2 for your MetaView Server... but this time, there are a couple of small tweaks
to the process.
• When you're asked Where would you like to store the backup file,
choose a local backup. Why? Because you're arranging for all the backups to be
copied onto the MetaView Server, so in this one case you actually want the file to stay
on its own disk.
78 CONFIDENTIAL
• Also, you'll find you're not asked any questions about when to schedule the backup.
This is a little bit bizarre - the MetaView Server always takes its backup at half past
midnight, and there's nothing you can do to change it. Happily, because the MetaView
Server isn't directly involved in call processing, there's less need to synchronize its
backup with a quiet time.
Note: If you have a Perimeta Session Border Controller (SBC), it's worth considering that too. I'm
not talking about Perimeta in this guide, but it can also back up its configuration onto the
MetaView Server, so it fits quite nicely into this integrated strategy. You'll find a procedure
to configure backups on your Perimeta system at https://communities.metaswitch.com/
Checkpoint: Your whole system's now configured to back itself up, and to copy the backed-up
data onto the MetaView Server.
Task 4: Go to bed
No, really. Go to bed.
Before you continue to Task 5, you'll need to allow time for one complete backup to run. And
you've almost certainly configured your backups to run overnight. So, sleep well! I'll see you
tomorrow.
Checkpoint: While you're asleep, your system is making its first scheduled backup.
Task 5: Retrieve your backups

Good morning! It's time to find out whether your backups all worked, and to save off a copy
of the files they produced.
Warning! It's important to save a copy of your backups promptly, and regularly. That's because your
MetaView Server only stores a single day's backups; the next day's automatic backup will
overwrite the current one.
1. Crank up your SFTP client again, and create a new connection as follows:
• connect to the MetaView Server (as you've done several times before)
• but rather than logging in with your normal account, use the msbackup account, with
the password I warned you you'd need back at the start of this Lesson.
2. Logged in OK? You should find you're in an unusual place, filled with unusual folders.
Specifically, you should see a folder for each server you're backing up. The folder's name
starts with the server's name, followed by a string of hexadecimal digits. For instance, one
of the shelf managers I'm using is called UKDemoShelfMgr1, and here's a snippet from
my directory tree:
Note: As you’ll see from that picture, there are also some UNIX standard directories with names like
usr or var. You can just ignore anything which isn’t named after one of your servers.
CONFIDENTIAL 79
3. Open up any one of those strangely-named folders, and you'll find it contains a strangely-
named file. For instance:
That's the automatic backup file from that particular server. The most important part of
its name is the word autosave - that word distinguishes it from a manual backup, and
identifies it as the file you ought to download now.
Note: The name of the file also describes the exact version of the software which was used to
create it. If you upgrade your system, the new backup file will have a different filename and
the old file will be left behind. That’s a useful thing to know if you ever need to restore to an
older version of the software.
4. To recap: there's a directory for each server, and each directory contains a backup file. So,
if you wanted to download your complete backup, here's what you'd do.
• On your own PC, create a matching set of directories to store the backup files, one for
each server. (You need to do that because some of the backup files will have the same
names, so have to be kept in different folders.)
• Using your SFTP client, work methodically through each of the relevant directories - the
ones which are named after servers.
• In each directory, download the file whose name contains the word autosave into the
corresponding directory on your PC.
5. Of course, I'm not expecting you'll really do that by hand. You'll automate it somehow. But
you now understand the bare bones of what your automated tool will need to do.
6. You've finished working with the msbackup user, so feel free to close your SFTP connection.
7. And you're done! You must be done. Surely you're done?
Well, sorry, but no: as Columbo used to say, there's just more thing. You've downloaded all
the remote backups you configured, but remember your MetaView Server? You configured
a local backup for that.
Very tediously, local backups are kept in a different place from remote ones, and need to be
accessed using a different SFTP account. So to complete your backup set, you'll have to:
• open another SFTP session. You still connect to your MetaView Server, but this time
you log on with the username and password you use for the Craft terminal
• drill down into the EMSftp directory, then into snapshots
• download the file that contains the word autosave.
8. On a technical level, this makes perfect sense - local backups are done through a different
mechanism, so it stands to reason that they go to a different place. In terms of this
procedure, though, it would be a whole lot more convenient if your MetaView Server's
backup just went into the same place as all the others. Oh well. Nothing in the world is
perfect.
9. You really are done now, so you can close your FTP client. And while you're doing that, let
me remind you... you should download your backups as often as you make them, most
likely once a day. The next time your system makes an automatic backup it'll overwrite the
current one.
80 CONFIDENTIAL
Checkpoint: You've now configured your system to make automatic backups, and you know
how to download them for safekeeping. That's the end of this Lesson, but you still have some
work to do to make sure they're downloaded every day, most likely using a script or similar tool.
And in the next Lesson, we'll see how to restore your backups, if the worst should happen to
your system.
CONFIDENTIAL 81
82
CONFIDENTIAL
Restore your system from a backup
Introduction
You know now how to take a backup... but how do you restore it?
Like training in first aid, or following an earthquake drill, this is a skill you ought to learn even
though you hope you'll never need to use it. So in this Lesson, I'll talk you through the process
you'd follow if the worst ever occurred.
Warning!
I'm sure you already realize this, but... restoring from a backup is a big deal.
• If you're restoring a Call Feature Server, Universal Media Gateway or Integrated Softswitch,
you'll need to shut down a server which is involved in the call path. That means dropping
the active calls it's handling, and preventing any new calls from being set up while the
restore is in progress.
• You'll also need to repeat any configuration changes you've made since the time you took
the backup.
If you're experiencing an issue with a production system, be sure you've ruled out any alternative
solutions before you resort to restoring a backup.
Warning! That means that, unlike most of the other Lessons in this guide, you shouldn't run through
these steps to practice them. The only time you'll follow this procedure is if you need to use it
for real.
Understanding your options

You can restore a backup in either of two different ways, depending on the exact scenario you
find yourself in.
• Restore Configuration is the "normal" choice. As the name suggests, this puts your
backed-up system configuration back in place, without touching the Metaswitch software.
You'd use this choice if you needed to reverse an unwise major configuration change, or if
you'd had to replace a server after a hardware failure.
• Restore System is the option to choose if you ever need to reverse a failed upgrade. It
restores your backed-up configuration and a backed-up copy of the Metaswitch software,
rolling back to the product version you were using at the time you took the backup.
Each backup always contains all the files needed for either approach. You only need to make
the choice when you come to restore your system.
Start here
• restore a backup file
• identify and repeat any configuration changes which you've lost by restoring the backup.
Task 1: Copy the backup file onto your MetaView Server

If you're following the backup strategy I suggested in the last Lesson, you'll be using your
MetaView Server as a central repository for backups from across your system. So, the first step
when restoring a backup is to copy the backup file onto that server.
CONFIDENTIAL 83
Remember though, you copied the backup off your MetaView Server in the first place - so the
original file may still be lying around there. If both of the following are true:
• your MetaView Server is in a good state of health, and
• you want to restore the most recent backup (rather than an earlier one),
then you can skip this Task, because the backup file you need will still be in place on the server.
If you do need to copy the file back onto the MetaView Server, it's just the reverse of the
download process we worked through in the last Lesson.
1. Before you copy the file back onto the server, give it a distinctive name. This is particularly
relevant if you're restoring an automatic backup, because renaming the file will avoid
overwriting the most recent backup (assuming that's still in place on your MetaView Server).
To rename the backup, just change the first part of the name - ms_autosave for an
automatic backup - to an alternative of your choice.
2. Using your SFTP client, connect to the MetaView Server and log in as the msbackup
account. As I mentioned in the last Lesson, that's a special account with a fixed password,
so if you don't know it and nobody in your organization can help you'll need to contact your
Metaswitch support rep.
3. Once you're logged in, you'll see the list of folders I highlighted in the last Lesson. Drill down
into the folder named after the server you need to restore.
For instance, one of the shelf managers I'm using is called UKDemoShelfMgr1 - to restore
it, I'd open this folder from the directory tree:
4. Copy the backup file into the directory you've identified.

5. You've now finished with your SFTP client - feel free to close it.
Checkpoint: The backup file is now in place on your MetaView Server, and ready to restore.
Task 2: Stop the system

Now, you'll need to stop the Metaswitch software on the server you're restoring.
1. Log on to that server's Craft terminal, just like you have in the last few lessons.
2. From the Main menu, select Admin.
3. The next step depends on the type of server you're stopping.
• For a Call Feature Server, Universal Media Gateway or Integrated Softswitch, select
Start/Stop, then from the next menu select Stop.
• For a MetaView Server, just select Stop MetaView Server.
4. When you're prompted, select OK.
5. Depending on the kind of server, you might be asked to confirm that you really want to shut
down the software, by typing a series of keywords which will appear on the screen.
The whole point of this extra check is to force you to pause, and to encourage you to read
the on-screen warnings about the consequences. So I won't spoil the effect by telling you
what to type! Just read the messages and follow the instructions.
84 CONFIDENTIAL
6. Once the server's shut down, you'll see the now-familiar message:
7. Press Enter to go back to the menu.
8. Normally at this point, I tell you to log out from the Craft terminal. In this case, however,
you'll need to restart the server later on - so you might like to leave the session open.
Checkpoint: You've shut down your system in preparation for restoring the backup.
Task 3: Restore the backup

With your server shut down, you're ready to restore the backup itself.
1. Log onto the server's Craft terminal, if you don't already have a session open.
If you do already have a session open, it might help to remember that you can always type
= to go back to the Main menu.
2. Starting from the Main menu, select the following options:
• Admin
• Backups.
3. Now, pick the option reflecting the way you want to restore the backup. It'll be one of:
• Restore config, or
• Restore system.
4. I explained the difference between these two options back at the start of the Lesson.
5. Craft will ask you three questions.
• Restore from a named snapshot or autosave file?
Because you renamed the file back in Task 1, go for Named snapshot (even if this
was originally an automatic backup).
• Where would you like to restore the backup file from?
Continuing our strategy from the previous Lesson, choose Remote restore here.
• Restore backup file even if it has been modified?
In keeping with the "strong recommendation" displayed, choose No. (You might very
occasionally want to restore a modified backup file under the direction of your support
rep.)
6. Craft will ask you to confirm that you want to go ahead with restoring a backup. If you're
sure, pick OK.
7. Next, you'll see a list of the backups available to restore. The file you uploaded in Task 1
should be among them. Choose it from the list, based on its filename.
8. Your server will check the backup file.
• If you're doing a system restore, and if your server notices that the process will result in
a change to the software version, it'll ask you for confirmation.
• If the backup is encrypted with a key the server doesn't currently have, it'll ask you to
type the key in. This is why, as I stressed in the last Lesson, it's crucially important to
protect the key with the same rigor as you protect the backup itself.
9. Finally, you're asked to press Enter one last time. After you've done that, the restore will
begin.
10. Wait until the process is complete, then press Enter to go back to the Backups menu.
CONFIDENTIAL 85
Note: Alternatively, if you've restored your system to a different software version, your server may
reboot. In that case, your Craft terminal will close. Don't worry - you can open it up again at
the start of the next Task.
Checkpoint: You've restored the backup. Now, you can bring the server up again.
Task 4: Restart the system

In Task 2, you stopped the software on the server you were restoring. It's time now to start it
up again.
The process is pretty much the same as Task 2, so I'll be brief ...
1. Log on to the Craft terminal, if you don't have a session open already. (Once again, if you
do have a session open, remember you can always type = to go back to the Main menu.)
2. From the Main menu, select Admin.
3. If you're restarting a MetaView Server, select Start MetaView Server.
If you're restarting a Call Feature Server, Universal Media Gateway or Integrated Softswitch,
select Start/Stop, and then Start.
4. As always, when you're asked to confirm, choose OK.
5. Once the software's started, press Enter to go back to the menu system. You're finished
with the Craft terminal for this server now, so it's good practice to log out.
Checkpoint: You've restarted your server, and your system is back up again.
Task 5: Repeat any lost configuration

Now that your system's back up and running, it's time to think about anything you may have
lost as a consequence of restoring a backup. As you'd expect, the process will have "rolled
back" elements of your configuration, reverting the server to the state it was in at the moment
the backup was taken.
Note: Even though you configure your system using MetaView Explorer and MetaView Server, the
configuration is actually stored on the individual servers to which it applies. So, for example,
if you've restored a Call Feature Server, you'll need to repeat any configuration you've done
under the relevant Connection to Call Feature Server in the MetaView Explorer object tree.
Your MetaView Server's audit logs can help you figure out what you need to do. The audit
logs keep detailed, time-stamped records of each action you perform in MetaView, including
all changes to your server's configuration. So by looking for logs made since the backup was
taken, you can find the exact series of changes you need to repeat. You'll learn about MetaView
audit logs in a later Lesson, Track down who made a configuration change on page 287.
It's also worth checking the MetaView Explorer Alarms Window for any new messages,
particularly if you have a distributed system (as opposed to an Integrated Softswitch). If you
restore just one server in a distributed system, there's a risk that you'll be left with a half-applied
configuration change. That will usually result in an alarm, which you can find and resolve as I
discuss in Work with alarms on page 129.
Checkpoint: You've repeated any lost configuration changes, and restored your system to full
function. That ends the procedure for restoring a backup.
86 CONFIDENTIAL
Understand hardware and software redundancy
Introduction
As you'd expect from a carrier-class telecoms system, your Metaswitch hardware and software
both feature extensive redundancy. Each essential component is doubled up - so if any one
of them fails, its partner can take over seamlessly.
Redundancy is a central plank of our system design, and knowing how we approach it will
make a fair few things in this guide that little bit easier to understand. So before we barrel on to
the next Lesson, let's pause for a moment... and I'll talk you through the basics of redundancy
on the Metaswitch platform.
Did you know? Hardware redundancy doesn't just apply to computer systems - for
example, you'll find plenty of redundant parts on any aircraft. Contrary to popular belief,
it's not quite true that a jumbo jet can fly on a single engine, but in May 1983 a Lockheed
TriStar jet did land safely in Miami with just one of its three engines working.
Start here
This Lesson's an unusual one, because you won't be carrying out any particular tasks. Instead,
you will learn how to:
• understand the active/standby model of redundancy
• bear redundancy in mind as you manage your servers
• understand special arrangements which apply to your MetaView Server.
Task 1: Understand the active/standby model

Metaswitch products generally employ active/standby redundancy, also known as hot
standby or 1:1. In the active/standby model, every component is matched with a specific
partner; the two components together are known as a redundant pair.
At any given moment, only the active member of the redundant pair is providing a service,
while the standby member remains in a constant state of readiness. If necessary, the standby
member can step up to being active in a matter of milliseconds - often without any visible effect
on your service. This process of swapping from the active to the standby member is known as
a software protection switch.
After the problem is resolved, the two components don't switch back. The original standby
member remains active, and the original active member - or its replacement, if the original is
beyond repair - drops back to the standby role.
Note: Perhaps it's just me, but I remember finding the phrase "software protection switch" deeply
confusing when I first heard it. Read it as "a switchover which protects the software", not as
"a protective switchover caused by software". Even if it's triggered by a hardware problem,
it's still a software protection switch.
Redundancy protects against the inevitable small chance of hardware or software failure, but it
also helps you carry out certain maintenance operations without impinging on your users. For
example, when you want to upgrade your software, you will do it first on the standby member
of a redundant pair. You will then perform a software protection switch to make the newly-
upgraded member active, before finally upgrading the original active member. In this way, you
can upgrade both members of the pair without ever needing to take the active member out of
service.
CONFIDENTIAL 87
Checkpoint: You now understand the basic principles of redundancy in your Metaswitch
system.
Task 2: Understand the virtual IP address

Though hardware redundancy is usually seamless, it does have one important implication for
system administrators. Each component you might need to manage - your Call Feature Server,
let's say - has not one, not two, but three IP addresses.
• The first IP address belongs to the first member of the redundant pair.
• The second IP address belongs to the second member of the redundant pair.
• And the third IP address, called the virtual IP address, belongs to both of them.
What do I mean by "belongs to both of them"? Well, the virtual IP address always "points
to" the active server. If you experience a software protection switch, the new active server
automatically takes over the virtual IP address as part of the changeover.
Without a virtual IP address, you'd have to reconfigure your network whenever you experienced
a software protection switch. With a virtual IP address, the outside world neither knows nor
cares which half of the pair is active at any given time.
You, on the other hand, do need to know and care. But only sometimes!
• Mostly, when you're managing your system, you should use the virtual IP address to contact
your components. For example, if I say "connect to the Craft terminal on your Universal
Media Gateway", it's the virtual IP address I'm talking about.
This makes sense as a general rule, because you almost always want to work with the
active processor. Let's say you're gathering diagnostic information for a recent call; the
active processor will have handled the call, so that's where the diagnostics will be. If you
use the virtual IP address, you don't need to think about which processor is active - you'll
connect to the right one automatically.
• Just occasionally though, you'll come up against a process which specifically affects one
half of the redundant pair. In that case, you'll need to use the individual IP address for
whichever half you want to work with.
For instance, if you ever want to decommission a piece of hardware, you'll first have to shut
it down. In that situation, you very much need to know exactly what you're connecting to -
otherwise you'd risk turning off the wrong thing.
88 CONFIDENTIAL
Don't worry though! I'll warn you whenever you need to pay particular attention to this whole
issue. Right now, "always use the virtual IP address" is the message to take away from this
Task.
Checkpoint: You now understand the purpose of the virtual IP address, and you know that
nearly always, the virtual IP address is the one you ought to use.
Task 3: Understand redundancy for MetaView Server

The redundancy model I've described so far is essential for your Call Feature Server, Universal
Media Gateway or Integrated Softswitch - and of course, for the ancillary hardware they
depend on. All these components are in the call path; if any of them failed, your telephone
service would go down. And as you'll know, when it comes to telephones, even a few minutes'
unscheduled downtime is completely unacceptable.
But for your MetaView Server, things are a little different. Yes, you rely on your MetaView
Server to configure and monitor your deployment - and yes, configuration and monitoring are
both crucial tasks. But they're less crucial. In a Class 4 deployment, if your MetaView Server
vanished overnight, your customers and peers would never know.
So there's a trade-off here: the expense of maintaining a redundant MetaView Server, measured
against the inconvenience and disruption if your one and only server goes down. Different
people adopt different solutions, and the arrangement you'll have in place depends on the
choices you made when you ordered your Metaswitch system.
• At the very moment I'm writing this guide, the V8.3 release of the Metaswitch product suite
is just hitting the streets. From V8.3 onwards, you can deploy a redundant pair of MetaView
Servers with automatic software protection switching, just like your Call Feature Server or
Universal Media Gateway. If you're running in that configuration, then you don't need to
worry about any of this! So go on, skip straight to the next Task. You have my permission
to miss a bit.
• If you're on a version earlier than V8.3 and you decided it was important to keep your
MetaView service running, you'll have a warm standby. With a warm standby, almost all
of what you've read in the preceding Tasks still applies. There's still a redundant pair, it's
still an active/standby model, and there's still a virtual IP address.
But there's one difference. Unlike, say, your Call Feature Server, MetaView won't
automatically perform a software protection switch if the active server fails. Instead, you
have to fail over to the standby server using the Craft terminal. I'll explain how to do that
much later in this guide, in Switch to the warm standby MetaView Server on page 311.
• The next step down from a warm standby is, predictably enough, a cold standby. A
cold standby is a redundant server which you keep in a cupboard. It's ready to slot in at a
moment's notice - but isn't actually wired up and part of your deployment yet.
That's obviously worse than a warm standby, so why would you ever choose this option?
Well, as we'll see in the next Lesson, your servers are housed in chassis, and each chassis
has a limited amount of space available. You might choose a cold standby if you've run out
of room in your chassis, and want to avoid the expense of buying another one.
• Finally, you might not have a standby MetaView Server at all. The downside is obvious - if
your server fails, you'll lose access to MetaView until a replacement gets delivered - but it's
still a perfectly valid choice for a cost-conscious company.
If you don't already know, do take a moment now to find out which strategy you've adopted
in your organization.
Checkpoint: You now understand why MetaView redundancy is subtly different to your other
servers, and you know which approach your company has taken.
CONFIDENTIAL 89
90
CONFIDENTIAL
Get to know your hardware
Introduction
Up to now, I've been talking about the parts of your system - things like the Call Feature Server
and the Universal Media Gateway - as though they're completely separate boxes, just joined
together by wires. While that's a convenient image to hold in your head, the reality's a little
more complicated. So in this Lesson, we'll take a proper look at your physical hardware... and
in the process, I'll explain where each piece of software actually runs.
If it's practical, please do read through this Lesson with the hardware in front of you. Even if
you're not responsible for the day-to-day maintenance of your physical kit, some configuration
tasks - particularly ones relating to TDM connections - are a whole lot easier once you know
how it all slots together.
Hardware redundancy again!

Thinking back to the last Lesson, remember how I explained that your hardware is doubled
up in redundant pairs? Keep that in mind - it might save you a little bit of confusion, especially
when you're comparing your physical hardware to what you've seen in MetaView Explorer.
For instance, you might see only one Call Feature Server listed in MetaView Explorer, even
though are two pieces of hardware running Call Feature Server software. That's because the
two of them together form a redundant pair, and together they're described as a single Call
Feature Server.
Start here
In this Lesson, you will learn how to work with these hardware components in turn:
• the chassis - the big metal box which holds it all
• the processor cards and their associated Rear Transition Modules (RTMs)
• the resource cards and their associated RTMs
• the break-out panels which connect to a TDM network
• the Ethernet cards
• and the shelf managers, which monitor your chassis' operation.
Note: I'll be using a lot of part numbers in this Lesson, since those are the only names that some
components have. Metaswitch part numbers are always two letters followed by four digits,
like AB1234. Similar components have similar part numbers: an AB1250 and an AB1260 will
be the same type of thing, generically called an AB12xx.
Task 1: Identify your chassis

First of all, let's look at the chassis - that is, the metal box which bolts into your rack, and which
all the components fit inside. You can have any number of chassis, though most deployments
just need one or two.
If you're a small-to-mid-sized telco, you most likely use the CH6010 chassis. Depending on
the exact features you've got deployed, you might know this as a VP6010 or an MG6010 - but
whatever it's called, it's a CH6010 at heart.
Here's a nice glossy picture I downloaded from our website:
CONFIDENTIAL 91
On the other hand, if you're a larger service provider, you probably have a CH6050. Again,
you might know it as a VP6050 or an MG6050; they're all CH6050s underneath the marketing
gloss.
The CH6050 is the CH6010's bigger, burlier brother. Here's its mugshot:
The CH6010 and CH6050 look completely different, but if you compare the photos carefully,
you'll see that the cards inside them are just the same. The CH6010 has slots for two cards,
whereas the CH6050 can hold fourteen.
92 CONFIDENTIAL
Note: I'll try not to do it in this guide, but you'll sometimes hear Metaswitch people talk about a
CH6000. That's not a third type of chassis - they just mean "a CH6010 or a CH6050", more
properly known as a CH6000-series chassis or a CH60xx.
Now - if your particular chassis doesn't look anything like these pictures, you might be running
on older hardware. Before the CH6010 and CH6050 came along, Metaswitch kit used to look
like this...
CONFIDENTIAL 93
If that's what you've got in your server room, then I'm afraid this Lesson won't be much
use to you. Instead, you should check out the System Overview manual on the Metaswitch
Communities site, which covers the same kind of topics as I'll be talking about here. https://
communities.metaswitch.com/manuals/latestsection/1090002075 is a good place to start.
Checkpoint: You now understand the difference between the CH6010 and CH6050 chassis,
and you've identified which chassis you have in your deployment.
Task 2: Get to know the CH6010 chassis

Note: Even if you don't have a CH6010, please do read through this Task - it explains a lot of the
terminology I'll use when I talk about the CH6050.
Let's take a detailed look at your chassis now. Here's the front of a CH6010:
• The two card slots are the most important things here. There's one at the top and one at
the bottom of the chassis - ready for a redundant pair of server cards. The cards are, if you
like, the actual computers, where things like CPUs and memory reside.
Paradoxically though, I'm not going to talk about the cards right now. There are whole
Tasks dedicated to them later.
Note: Some Metaswitch documentation refers to cards as blades. There's no difference - they're
just alternative terms for the same thing.
• Slap in the middle of the chassis, you've got a redundant pair of power entry modules,
or what the layman calls "power supplies". You might be surprised to see these at the front
of a chassis, but it's because they go all the way through and poke out the back as well.
• The fan tray on the right is exactly what it sounds like - it contains the fans which cool the
whole chassis down. Wondering whether it's a single point of failure? Don't worry, there's
another one round the back.
• And finally, the alarm panel is where the flashing lights go. Every piece of hardware needs
its share of flashing lights!
Now, let's spin the CH6010 around and take a look at its rear panel.
94 CONFIDENTIAL
• Mirroring the card slots we saw on the front, there are two Rear Transition Modules or
RTMs. Like the cards on the front, the RTMs are the most important thing you'll see on the
back, and once again I'll be discussing them in detail in later Tasks.
The RTMs are in a one-to-one relationship with the cards. The top RTM belongs exclusively
to the top card, and the bottom RTM belongs exclusively to the bottom card.
• On the right, just like I promised you, there's another fan tray. In the middle, you'll also see
the backs of the two power entry modules; it's on this side of the chassis that they actually
connect to the power cables.
• Above the two power entry modules are a redundant pair of shelf managers. The shelf
managers are responsible for keeping the whole chassis running, and I'll talk about them
more in the very last Task of this Lesson.
• And finally, over on the left, you may find a redundant pair of user cards (or IO6010s, to
give them their formal name). It depends on the type of servers the chassis contains; for
example, if it only holds MetaView Servers, it won't have any user cards.
If they're there, the user cards serve one purpose only - to provide dry alarm contacts,
which you can use to set off an external light or buzzer if the chassis reports a fault. There
are plenty of other ways to monitor alarms and not everyone uses the dry contacts, so
there's no need to worry if you don't see anything connected here.
Did you know? In case you're wondering, the "dry" in "dry alarm contacts" has nothing
to do with water. It just means that the chassis doesn't provide any power through them.
Note: By the way, you can watch a video of a CH6010 chassis being assembled and cabled on
Metaswitch Communities, at https://communities.metaswitch.com/docs/DOC-84761. Do
take a look! It'll help you understand more about how your components all fit together.
Checkpoint: You can now identify all the components in your CH6010 chassis.
Task 3: Get to know the CH6050 chassis

Now that we've looked at the CH6010, the CH6050 is pretty straightforward. There's just more
of it. Here's a view of the front:
CONFIDENTIAL 95
• Just like the CH6010, the most important parts are the fourteen cards, arranged vertically
in the middle of the chassis. Once again, I'll be talking in detail about the cards in a moment.
For now, you might like to note that slots 6 and 9 are always filled with Ethernet cards,
which are exclusive to the CH6050.
• As you'd expect, a larger chassis needs a larger fan tray. The CH6050's front set of fans
is behind the grille at the bottom and, as we'll see in a moment, there's another set round
the back as well.
• The indicator lights are in a panel up at the very top-right, above the grandly-named cable
management tray (basically, a place to keep your wires tidy).
Now, let's take a look round the back...
96 CONFIDENTIAL
• Just like the CH6010, each card (round the front) is partnered with a Rear Transition
Module (here at the back), also known as the RTM. The RTM in any given slot is exclusively
linked to the card in the same-numbered slot at the front. I'll talk much more about the
RTMs in the next few tasks.
• As I mentioned, there's another fan tray here, up at the top.
• At the bottom, on the left and right, are the redundant pair of power entry modules -
where you connect up the electrical supply.
• And finally, between the power entry modules you'll find a pair of shelf managers. Once
again, I'll talk more about those in the final Task of this Lesson.
Note: Unlike the CH6010, the CH6050 doesn't have user cards. If you're wondering where the dry
alarm contacts are - in the CH6050 chassis, they're on the shelf managers.
Checkpoint: You can now identify all the components in your CH6050 chassis.
Task 4: Get to know your processor cards and associated RTMs

We'll look now at the all-important cards, which actually run your Metaswitch software.
CONFIDENTIAL 97
First of all, let's think about processor cards. Your MetaView server runs on a processor
card, as do your Call Feature Servers, if they're on their own hardware. If you've got Integrated
Softswitches rather than stand-alone Call Feature Servers, they'll be running on resource
cards instead - we'll talk about those in the next Task.
There are two types of processor card: the GX6320, and a more powerful equivalent called the
GX6340. Which card you have depends entirely on the capacity of your system, and if you've
got a large deployment you may even have different cards for different applications.
Other than their processing power, the two cards are exactly the same - and there's not a huge
amount for me to tell you about them. They have a serial port, which you might need to use
for some rare maintenance operations, and a few lights which you'll be asked to check during
specific procedures.
Each processor card buddies up with a Rear Transition Module - either an RE6310 or an
RE6350. If the processor card is running Call Feature Server, it'll be matched with an RE6310,
which looks like this:
As you can see, the RE6310 has six Ethernet connectors (as well as a serial and USB connector,
neither of which is used in a Metaswitch deployment). The RE6350 is similar, but has just two
Ethernet ports - you'll see an RE6350 when the processor card is running MetaView Server or
Service Assurance Server.
Having said all that, there's an important further detail. If you have a CH6010 chassis, there'll
be cables plugged into some of the Ethernet ports (just like you'd expect), and that's how your
processor card talks to the outside world.
If you have a CH6050 chassis, you won't actually be using the Ethernet ports. I'll explain why
that is when we come to Task 7. You still need the RTM though, because it's also got a hard
disk in.
Checkpoint: You've had a good look at your processor cards and corresponding RTMs.
Together, these provide the hardware for your Call Feature Server(s) and MetaView Server.
98 CONFIDENTIAL
Task 5: Get to know your resource cards and associated RTMs
If you have either Universal Media Gateways or Integrated Softswitches, they'll be running on
resource cards.
Note: Remember, an Integrated Softswitch is a Call Feature Server and a Universal Media Gateway
combined onto the same hardware. The Universal Media Gateway has the more demanding
hardware requirements, so that's the platform the Integrated Softswitch runs on too.
There are four types of resource card, creatively titled the DX6705, DX6710, DX6720 and
DX6730. The higher the number, the more grunt it's got and the more concurrent calls the
Universal Media Gateway or Integrated Softswitch can support. For the purposes of this
Lesson though, it really doesn't matter which one you have... because they all look and work
exactly the same.
Just like the GX6340 processor card, there's not much to see on the front of a DX67xx resource
card. If a Metaswitch support rep asks you to, you might need to plug a cable into the serial
port, and there are some lights which you'll occasionally need to check.
The Rear Transition Modules are far more interesting. Remember, each card in the front of the
chassis has a corresponding RTM in the back of the chassis - and whichever type of resource
card you're using, you have a choice of three different RTMs. The right RTM will depend on the
physical connections you need to make into your Universal Media Gateway.
First, there's the RT6701. The RT6701 is the right choice when all your connections are to
electrical E1 or T1 lines, and it looks like this:
The RT6701's key feature is its three so-called DS1 connectors, each of which is a high-
density package of 16 E1 or T1 links. Altogether, then, you can connect 48 E1 or T1 lines to
a single RT6701. The DS1 connectors link to a break-out panel, which is where you actually
connect your E1 or T1 lines; we'll look at it in the next Task.
Next, we have the RT6703, which brings DS3s into the equation:
CONFIDENTIAL 99
The RT6703 has just one DS1 connector, so it can handle 16 E1s or T1s. Alongside that,
though, it has two DS3 connectors - each a high-density package of 12 DS3 electrical links.
That means you can connect 24 DS3s in total, as well as the 16 E1s or T1s, and again they're
all linked through break-out panels.
Finally, there's the RT6705, which is the RTM of choice for optical connections.
There's no break-out panel for optical lines - they just go straight into the RTM. The eight small
form factor pluggable (SFP) connectors can be used for any of the following combinations:
• eight STM-1 / OC-3 lines, or
• two STM-4 / OC-12 lines (with the remaining six SFP connectors unused), or
• four STM-1 / OC-3 lines and one STM-4 / OC-12 line (with the remaining three SFP
connectors unused).
Note: Because you will have a redundant pair of RT6705s, each of these ports is doubled up - so
you can connect a redundant pair of fibers for each port. The working fiber is connected to
RTM "A" (normally the one in slot number 1), while the protect fiber is connected to RTM
"B". Despite this, either RTM can use either of the fibers, so an Automatic Protection
Switch of the active fiber doesn't require a Software Protection Switch between the
redundant pair of servers.
Alongside these optical lines, you also have 16 electrical E1 or T1 lines, through the DS1
connector and a break-out panel as usual.
All three of these RTMs feature connectors for a Building Integrated Timing Supply (BITS) clock
source. Although the RTM does contain an internal clock source, using a BITS will increase
clocking accuracy. You can find out more about these connectors at https://communities.
metaswitch.com/manuals/latestsection/1090002299; it doesn't matter which of the two ports
the source is plugged into.
100 CONFIDENTIAL
Finally, each of the RTMs includes five Ethernet ports, made up of one 10Gb SFP+ connector
and four 1Gb connectors. But once again, these Ethernet ports are only used if you have a
CH6010 chassis. If you have a CH6050, there's an alternative arrangement which I'll explain
in Task 7.
Checkpoint: You've had a good look at your DX67xx processor cards and RT67xx RTMs.
Together, these provide the hardware for your Universal Media Gateway(s) or Integrated
Softswitch(es).
Task 6: Get to know your break-out panels

In the previous Task, I mentioned the DS1 connectors and DS3 connectors which feature on
the RT67xx RTMs. These high-density VHDCI68 connectors pack large numbers of E1/T1 or
DS3 lines into the back of your chassis - but in general, they won't be suitable for connection to
the rest of your network. That's where the CB1000 and CB3000 break-out panels come in.
Let's look at the CB1000 first. You'll have at least one CB1000 if you're connecting any E1 or
T1 lines to your Universal Media Gateway or Integrated Softswitch.
One side of the CB1000 - the "chassis side" - has sockets for three redundant pairs of DS1
connections, the same as you'll find on the RTMs:
Why do the connectors come in redundant pairs? Because the RTMs are in redundant pairs
too. Within each pair of connectors, socket A will be connected to one RTM and socket B will
be connected to the other.
On the other side of the CB1000 - the "network side" - you'll find standard 50-way Amphenol
connectors, ready to plug in your network:
Note: 48 E1 or T1 lines pass through the CB1000 break-out panel, but they're broken up differently
on the two sides. On the chassis side, each DS1 connector bundles up 16 lines, whereas on
the network side each Amphenol connector bundles up 24 lines. The numbers next to each
connector will help you keep things straight.
Remember that an RT6701 RTM has three DS1 connectors, so will use up a whole CB1000
break-out panel. On the other hand, a RT6703 or RT6705 has just one DS1 connector. If your
system includes more than one redundant pair of RT6703s or RT6705s, you can share a single
CB1000 between them.
The CB3000 break-out panel is the same basic idea, but for DS3 links. On the chassis side,
there are sockets for a redundant pair of DS3 connections:
CONFIDENTIAL 101
And on the network side, there are coaxial connectors for the 12 DS3 lines:
You'll only use a CB3000 in combination with RT6703 RTMs, since those are the only RTMs
that feature DS3 connectors. Each RT6703 has two DS3 connectors, so you'll generally use
two CB3000s for each redundant pair of RT6703s.
Checkpoint: You now know how the CB1000 and CB3000 break-out panels connect your
RTMs with the rest of your network.
Task 7: Get to know your Ethernet switch cards and associated RTMs
You'll only have Ethernet switch cards if you have a CH6050 chassis. If you've got a CH6010
instead, then you've already seen that Ethernet cables plug directly into your RTMs.
For the CH6050 chassis, things are different. There's a separate card called an SX6100:
...and corresponding to it, there's the RE6100 RTM:
All the cables plug into the RE6100 RTM. The Ethernet ports on the front of the SX6100 itself
aren't actually in use - but you still need the card, because it's the brains of the outfit.
Short of replacing them if they break, there's not much you need to do with your SX6100 or
RE6100. I won't be mentioning them again in this guide.
Checkpoint: You've had a good look at your SX6100 Ethernet card and RE6100 RTM, and you
know that they're found in the CH6050 chassis only.
Task 8: Get to know your Shelf Managers

Finally for this Lesson, we'll look at the shelf managers. Depending on which type of chassis
you have, the shelf managers will look different, but they perform fundamentally the same roles.
102 CONFIDENTIAL
This is the SMC6010 shelf manager for the CH6010 chassis:
And here's the shelf manager for the CH6050 chassis, called - you guessed it! - the SMC6050:
If you're spotting the differences between them, I've already mentioned the dry alarm connector,
which you'll find on the shelf manager for CH6050. Also, like all CH6050 components, the shelf
manager doesn't use its own network port - the connections are made through the Ethernet
card I described in the previous Task.
The shelf manager has two primary functions. Firstly, it looks after the chassis as a whole,
reporting health statistics and raising alarms if it detects a fault.
Secondly, because the shelf manager is separate from the cards installed in the chassis, it can
step in to resolve an issue which disables any given card. For example, even if a software bug
(perish the thought!) caused a processor card to lock up completely, you could still use the
shelf manager to reboot it.
Like everything in your chassis, the shelf managers come in a redundant pair. The individual
shelf managers aren't tied to any particular card or RTM slots; either shelf manager can manage
any of the slots.
Checkpoint: You've taken a close look at your shelf managers and, with them, you've finished
your tour of your hardware. But don't leave your server room just yet! We've still got a couple
of things to look at in the next Lesson.
CONFIDENTIAL 103
104
CONFIDENTIAL
Replace your fan filters
Introduction
Your CH6010 or CH6050 chassis doesn't take much fussing over, but there's one regular
maintenance task you do need to perform. Each chassis contains one or more fan filters -
sheets of foam which filter the air passing into the equipment, trapping any dust which might
cause it to fail. Over time, these filters become clogged, and need to be replaced before they
start to block the air supply.
My first-ever car once puttered to an embarrassing halt because I'd forgotten to change the air
filter. Don't let the same happen to your chassis.
Start here
• judge how often to replace your fan filters
• replace the filters on each of the two types of chassis.
Task 1: Know when to replace your filters

It's important to replace your fan filters on a regular basis - but it may take you a little while to
work out just how regular that needs to be.
The standard recommended replacement interval is three months. But in a particularly dusty
environment you may need to do it more often, and in an especially clean one you might get
away with less.
The only way to be certain is by visually inspecting the filters. When your chassis is new, I'd
recommend you check your filters once a week, and replace them when they start to get
clogged. After replacing them for the first time, you'll have an idea of how long they last and
you can set up a less demanding inspection schedule.
You can order replacement fan filters from Metaswitch. It's sensible to maintain a small supply,
but they do degrade over time, so aim to keep no more than a year's worth in stock.
Checkpoint: You know WHEN to replace your filters. Now, let's see HOW to replace your filters.
Task 2: Replace the filters on a CH6010

If you have a CH6010 chassis, fan filters come in pairs, one for the top and one for the bottom
of the chassis. You can replace both of them at the same time, working from the front of the
chassis - but first you need to take out the front fan tray. I'll outline the whole procedure in this
Task.
Warning! You should of course follow this procedure carefully and safely, but you also need to
complete it quickly. Physically removing the fan tray interferes with air flow through the
chassis, and reduces cooling capability. If you interrupt the procedure for any reason, you
must replace the fan tray in the chassis.
1. Before you start, you'll need to find a Phillips #1 screwdriver and a can of compressed air.
And, obviously, you'll need to have a replacement set of filters on hand. Get them out of
their packaging and check they aren't damaged - you won't have time in the middle of the
procedure to go and fetch another set.
CONFIDENTIAL 105
Note: The filters are not interchangeable. Make sure you know which one goes in the top slot and
which one goes in the bottom slot. The top one’s a simple rectangle; the bottom one’s a
more complicated shape.
2. We're going to be working with the fan tray in this procedure. Here it is:
Undo the screws which hold in the fan tray. There are three screws (I've drawn circles round
them in the picture) - one on the left of the tan tray, and one on each of the top and bottom
lugs near the right-hand side.
3. Using the obvious handle, pull the fan tray out of the chassis.
Warning! The fans will still be rotating as you pull the tray out of the chassis. Hold the tray by the
handle and keep your fingers clear.
Note: When you set the fan tray aside, take care to leave it the right way up. This will make your life
easier when you re-insert it, later in this procedure.
4. While you have the fan tray out of the chassis, take the opportunity to inspect it. If necessary,
use your can of compressed air to remove any dust.
5. Now reach carefully into the space vacated by the fan tray, as shown in this diagram. You'll
find there are two finger holes. Pull gently downwards and towards you, and the upper filter
frame will come out of the chassis.
106 CONFIDENTIAL
6. Peel the old filter off the filter frame, then press the new one onto it, as shown.
CONFIDENTIAL 107
7. Replace the filter frame into the chassis. To do this, align the right edge of the frame with the
guide in the chassis, and push it backwards until you feel resistance. Then, press upwards
to snap it into place.
8. Now, repeat the process for the bottom filter frame. Pull it out of the chassis using the finger
holes, as shown:
9. Peel the old filter off the frame and discard it.
The new filter is fitted slightly differently this time. Once again, you can simply press it onto
the frame, but the front edge feeds through the slot on the frame - as shown:
10. Replace the filter frame, just as you did for the top one (by aligning its right edge with the
guide in the chassis, pushing it back until you feel resistance, then snapping it downwards
into place).
108 CONFIDENTIAL
That completes the process of replacing the filters. You just need to put everything back
together.
11. Slide the fan tray back into the chassis. Take care here: there are guides in the chassis
which the fan tray must align with. It's physically possible to slide the tray into the chassis
without lining it up with the guides, but if you do that the fans won't work.
Warning! The fans will start spinning as you slide the tray in. Keep your fingers clear.
12. Find the three screws you removed in Step 2 (this can often be the lengthiest part of the
entire process!), and screw the fan tray back into the chassis.
Note: Wondering whether you need to repeat this procedure for the rear fan tray? No you don't,
because the fans at the back are blowing air out of the chassis.
Checkpoint: You've replaced the fan filters, and should be all set for another few months of
service.
Task 3: Replace the filters on a CH6050

If you have a CH6050 chassis, you need to replace just one filter, which is contained in the
front fan tray. As with the CH6010, the direction of airflow means that the rear fan tray doesn't
need a filter.
Warning! You should of course follow this procedure carefully and safely, but you also need to
complete it quickly. Physically removing the fan tray interferes with air flow through the
chassis, and reduces cooling capability. If you interrupt the procedure for any reason, you
must replace the fan tray in the chassis.
1. Before you start, you'll need to find a Phillips #1 screwdriver and a can of compressed air.
And, obviously, you'll need to have a replacement filter on hand. Get it out of its packaging
and check it isn't damaged - you won't have time in the middle of the procedure to go and
fetch another one.
2. The fan tray you'll be working with is at the very bottom of your chassis. Here:
Undo the screws which hold in the fan tray. There are two screws, at the top on either side
- I've drawn circles round them in the picture above.
CONFIDENTIAL 109
3. Unlatch just one of the two handles. (The manual calls these "ejector handles", which make
them sound considerably more exciting than they actually are.)
You'll find the handles at the bottom of the fan tray; unlatch just the one on the left.
Unlatching this handle tells the chassis that you're about to remove the fan tray, and gives
it time to get ready for the procedure.
4. A blue light will start to flash. This is the hot swap LED, and indicates that the system is
preparing for you to remove the fan tray.
Wait until the light changes from flashing to solid blue.
5. Unlatch the other handle, and fold out both handles until they're jutting out at 90 degrees
to the fan tray.
6. Pull the fan tray out of the chassis and put it on a table.
Warning! Having done this myself, I can tell you that the fan tray is surprisingly heavy. The manual says
it weighs 6.1kg, which will hurt if you drop it on your foot. Get a good strong grip on it.
Warning! The fans will be rotating as you pull the tray out of the chassis. Keep your fingers clear.
7. The top surface of the fan tray is a frame containing the filter. Lift this frame by the two tabs
on the right and left sides, and hinge it up away from the fan tray, so that you can see the
filter on the inside of the frame.
8. Now you've opened the frame, you can see into the fan tray assembly. Take a look inside
and, if necessary, use your can of compressed air to remove any dust.
9. The filter itself is attached to the frame by Velcro strips along the edges of the frame.
Carefully peel the filter away from the frame.
110 CONFIDENTIAL
10. The procedure from here is just the reverse of what you've already done.
Align the new filter carefully with the frame, and press down on the Velcro strips to secure
it. Once the new filter is in place, close the frame back onto the fan tray.
11. Slide the fan tray back into the chassis.
Warning! The fans will start spinning as you slide the tray in. Keep your fingers clear.
12. Fold away and secure the two handles.
13. Find the two screws you removed in Step 2, and screw the tray back into the chassis.
Checkpoint: You've replaced the fan filters, and should be all set for another few months of
service.
CONFIDENTIAL 111
112
CONFIDENTIAL
Replace a failed hardware component
Introduction
They say the only certain things are death and taxes - but hardware failure must come a close
third. No matter how much care we take in getting them to you, or how lovingly you install
and maintain them, a small proportion of the components we supply will break down. If you're
surprised to hear me say that, you shouldn't be; there's no point in hiding from something that
everybody knows.
And of course, it's exactly why we build in hardware redundancy. As I explained in Understand
hardware and software redundancy on page 87, virtually all your hardware comes in pairs,
so your service won't go down just because a single component fails. But of course, once
that happens, you no longer have a redundant pair of that particular component! So it's vitally
important to replace failed kit as soon as you possibly can.
The good news is that all our hardware can be hot-swapped - replaced with new parts
without shutting your system down. If you follow our procedures carefully, the effect on your
service will be minimal, or even non-existent. So, while hardware failure may be inevitable... it
needn't be a trauma.
About this Lesson

Unlike most of the Lessons in this guide, I'm not going to walk you through the whole process
of hot-swapping a component. That's because we already have a series of precisely-written
procedures, which carefully detail the exact steps required to replace each part successfully
and safely. I couldn't do any better, frankly, so I'm not even going to try.
Instead, I'll explain where to find those procedures, and point out a few things you ought to
bear in mind as you follow them. Starting with this one...
Safety First
Hot-swapping a component, by definition, means unscrewing bits of your hardware while the
power's still on. It's exactly what your parents told you never to do, and there are genuine
dangers associated with all live electrical work. Don't slide a card out of your chassis and stick
a metal fork into the hole it leaves behind.
More seriously, don't attempt these procedures unless you've had some training in safe working
practices for your particular environment. If all your experience is with desktop PCs and their
safely-sealed power supplies, you may be underestimating the risks involved. Server hardware
can be lethal in a way that your laptop can't.
Warning! Live components may be exposed during the course of these procedures. These procedures
must only be carried out by suitably qualified personnel and in accordance with local or
national safety codes.
Did you know? We all roll our eyes at safety warnings like this one - but statistically
speaking, you're most likely to have an accident while you're doing something routine. You
probably know that driving is the most dangerous thing you do, but what's the second most
dangerous? Walking down the stairs. Always hold the handrail.
CONFIDENTIAL 113
Start here
• locate the procedure you need to follow
• make sure you are suitably prepared
• go ahead and follow the procedure to hot-swap your failed component.
Task 1: Find the appropriate procedure

First of all, let's find and download the procedure you'll need to follow. They're all filed away on
Metaswitch Communities, our self-help support website.
1. Log on to Metaswitch Communities at http://communities.metaswitch.com. If you don't
know how to do that, check back with Sign up for Metaswitch Communities on page 9
for full instructions.
2. Once you're logged on, find the Manuals in the table of contents over on the left-hand side.
At time of writing, they're here:
114 CONFIDENTIAL
You should now be on this page.
3. Scroll down a little until your display matches the screenshot below, then check on the
following.
• In section 1, Choose a manual set, make sure MetaView, CFS, UMG, AGC and MRS
is selected.
• In section 2, Choose a version, pick the version number applicable to your particular
system.
• Then scroll down to section 3, where your chosen list of manuals appears.
4. You can also wave at the photo of Joe Marshall, who heads up the documentation team
here at Metaswitch. Hi, Joe! (He doesn't look so scary in real life.)
CONFIDENTIAL 115
5. The list of manuals in section 3 is very long, and the right one to dip into depends on exactly
which component you need to replace.
• If you're replacing a processor card, a resource card, or a Rear Transition Module,
you'll need to find the manual for the particular software it's running - for example, for
the Call Feature Server or Universal Media Gateway. That's because there are specific
preparatory procedures to carry out, which may depend on how the card or RTM is
being used.
So in this case, look for the Components Guide for the relevant server type. For example:
• On the other hand, if you're replacing something generic like a power entry module or
a shelf manager, you'll find the instructions in the appropriate Chassis Installation and
Maintenance Guide. Here's one:
6. Once you've found the manual you need, you have two choices: click its name to browse it
online, or click that Download link on the right to pull down a PDF. Either is fine, so choose
whichever makes most sense for the way you plan to work.
7. Now locate the chapter which covers the piece of hardware you are swapping. Different
manuals are organized in slightly different ways, so there'll either be a chapter which names
a specific component by its part number (such as SMC6010 Shelf Manager), or a chapter
116 CONFIDENTIAL
which covers a group of components (for example, Processor Cards and Rear Transition
Modules).
8. And lastly, look for a procedure titled Removing and replacing. Again, this might either be
specific to a part number (Removing and replacing an FT6010F fan tray), or a more general
procedure which covers a range of similar parts (Removing and replacing a processor
blade).
Note: Phrases like "processor blade" have a very specific meaning here, different from their
everyday ones. If you need a reminder of what each component is called, take a look back at
Get to know your hardware on page 91.
Checkpoint: You've located the correct procedure to hot-swap your failed component.
Task 2: Plan the procedure

It's obvious that you should read through the procedure before you start it. What's less obvious
is that some procedures involve things like:
• specialist tools
• tasks you'll need to perform on the Craft terminal
• or in rare cases, even remote assistance from Metaswitch support.
So don't leave reading the procedure until 10 minutes before you want to carry it out. Check
it as soon as possible - perhaps even while you're waiting for the replacement part to arrive.
Warning! You might be tempted to remove the failed part early, but that isn't a good idea. An empty
space in your chassis would allow air to escape, interfering with the all-important cooling
system. If ever you do need to leave a slot unoccupied, you must fit an Air Management
Card or Air Management RTM; you can find a procedure for this in the applicable Chassis
Installation and Maintenance Guide.
Checkpoint: You've read the procedure, and confirmed you have the necessary resources to
hand.
Task 3: Follow the procedure

And this, dear reader, is where I step into the wings. From now on, you're in the capable care
of the procedure you've downloaded.
But before I go, there's one more point my colleagues on the Support Team have asked me to
emphasize. The relevant procedures state it very clearly, but every now and then we still hear
about an engineer who's skipped a vital step. So remember...
Warning! If you're removing a Rear Transition Module, you must remove the corresponding processor
or resource card first.
To put it another way, any time you're taking out an RTM from the back of the chassis, the
corresponding slot at the front of the chassis should already be empty. That applies even
if there's nothing wrong with the processor or resource card - you still need to slide it out
temporarily, to make it safe to remove the RTM.
Breaking this rule can damage the RTM, the card, or even your chassis. So don't do that.
That's all from me. Now go fix your server.
Checkpoint: You know all you need to know to follow the hot-swap procedure.
CONFIDENTIAL 117
118
CONFIDENTIAL
Work with logs
Work with logs
Introduction
In the next few Lessons, I'll be focusing on keeping your Metaswitch products ticking over. In
particular, I'll be talking about logs and alarms: two types of message you'll see in MetaView
Explorer, both of which warn you about issues that you might need to resolve.
About logs and alarms

As we work through these Lessons, I'll be discussing two concepts which are very closely
related, but also quite different. So, to avoid any confusion, I'll spend a moment now to
introduce a couple of terms.
Logs are... well, you know what logs are. They're messages which your system churns out as
it goes along. They're essentially historical: they report things which happened, in the order that
they happened. Once a log's been made, the system forgets about it and moves on.
Alarms are slightly different. An alarm isn't historical: it's a warning about a current problem,
which you ought to fix (or at least understand). An alarm stays around for as long as the
problem continues, then once the problem's fixed, the alarm goes away.
A lot of situations cause both a log and an alarm, but not all of them do. For example, in this
Lesson, we're going to simulate a failed login attempt. As you'd expect, that results in a log
- but it doesn't bring up an alarm. Why not? Because a failed login attempt isn't an ongoing
problem which you need to take action to resolve.
Start here
We'll start this Lesson by making a deliberate mistake, which your system will duly log. Then,
using the log you've made, you will learn how to:
• look for the log in the list of recent messages
• keep track of the logs you have and haven't dealt with
• search for logs which occurred at a particular time.
Task 1: Provoke a log

Every Metaswitch system makes lots of logs, 24 hours a day. But just to help you and me stay
on the same page, it'll be good to talk about a specific log - one I can be sure your system has
recently made.
Luckily, there's an easy way to make such a log appear. Just type the wrong password into
MetaView Explorer.
Warning! It's perfectly safe to do this. But if you work in an especially security-conscious environment,
where even a single failed login might cause concern, be sure to tell any other administrators
what you're about to do.
1. Start a fresh copy of MetaView Explorer, for example by choosing it from the Windows
Start menu. (There's no need to close your existing one. Unlike most Windows programs,
MetaView Explorer will happily let you run two copies at the same time.)
2. You'll see the login window, with the User name and Server already filled in.
CONFIDENTIAL 119
Work with logs
3. Type some random gibberish into the Password box, and press OK.
4. You'll be told that your password was wrong, and sent back to the login window. When that
happens, you can just close the window.
Checkpoint: Your failed login attempt will have been logged. We'll look for that log in the next
Task.
Task 2: Check recent logs

You've just made a log. Would you like to see it?
1. Go back to your main MetaView Explorer window, and take a look at the Views pane (the
one over on the left).
The first thing you'll notice is that the word Logs is flashing yellow.
120 CONFIDENTIAL
Work with logs
It's flashing to let you know that there's a new log, which you probably ought to look at. It's
flashing yellow because this particular log isn't especially serious. (A more serious problem
would be orange, and a critical one would be red.)
Note: The second thing you’ll notice is that MetaView Explorer is making a really annoying beeping
noise. If you want to turn that off, look at the Options menu, Configure Options dialog,
Audio tab.
2. Click the flashing word Logs, and you'll see a screen like this one. This is the Logs pane,
but... hmm. Odd. Where's that log you're meant to be looking for?
3. The answer is that the Logs pane doesn't update automatically, even the first time you go
into it. There's a good reason for that, which I'll explain shortly. But it does mean that you
need to remember to refresh it whenever you want an up-to-date view.
If you look closely at the Refresh button (where the arrow's pointing), you'll see that it's also
flashing yellow to warn you about the new log. Go ahead and click.
4. From the log or logs which appear, find the one which says "A user failed to login to the
MetaView Server". In the example screenshot below, you can just see that it's the top line,
ringed in red.
Note: The following screenshot was taken from a genuine live system. Alongside the “user failed
to login” message I was expecting, another unrelated log turned up as well. I could have
Photoshopped it out, but I’ve left it in because - in the real world - that’s often what happens,
and it might very well have happened on your screen too.
CONFIDENTIAL 121
Work with logs
5. Make sure you've clicked on the relevant log message. Then turn your attention to the
bottom half of the Logs pane, where the details for this log are now displayed. Try clicking
the various tabs (Cause, Effect and so on) to get a feel for the information available.
For instance, here's what it says about Action:
...which is always nice to know.

Checkpoint: You now know how to spot that there's a new log, and how to find and read it. In
the next Task, we'll see how to make a log go away.
Task 3: Acknowledge a log

You've looked into the message about a user failing to login, you've identified the culprit (clue:
it's you!) and you've decided that no further action is required. But the log's still there, cluttering
up your display, and making it harder to spot messages which do need your attention.
Happily, there's a way to deal with that.
1. We're about to move away from the New unexpected logs tab. But before we do, have a
look to see whether the Refresh button is flashing again.
If it is flashing, click it to update the list of logs. Read through the new list. Notice how the
message about your failed login has disappeared? Hold that thought for now.
Note: The Refresh button is grayed out unless there are new log messages to display, so you might
not be able to click it right now. If you can’t, then just take my word for it when I say that the
message would have disappeared!
122 CONFIDENTIAL
Work with logs
2. Now, using the tab bar up at the top of the Logs pane, switch to the Recent unacknowledged
logs tab. Once you're there, press the Refresh button.
You may have to scroll down to find it, but the failed-login message will be back again...
So what's happening here? The key to making sense of it is to understand the difference
between the two tabs.
• New unexpected logs are log messages which you, personally, haven't seen before.
Every time you hit the Refresh button on that tab, it clears away the current list of logs
and shows you what's new since the last time you looked.
• Recent unacknowledged logs are longer-lasting, and shared between all your
organization's MetaView users. Think of this tab as a common to-do list. Logs will
stay on this list until someone deals with them, at which point they'll disappear from
everyone's display.
3. So, the failed-login message has been removed from the New unexpected logs list because
you've seen it and it's no longer "new". In contrast, it's still on the Recent unacknowledged
logs tab, because it hasn't been marked as "dealt with" yet.
4. So let's now annotate the log, to let other administrators (or yourself, in the future) know
that you've considered and processed it.
First of all, make sure you've clicked on the log message - it should be highlighted in light
blue. Now, take a look at this screenshot...
CONFIDENTIAL 123
Work with logs
• Click on the User comment tab (arrow 1 in the picture). Type a few words of explanation,
like "I was only testing", into the box which appears.
• Turn on the Ack'd checkbox (arrow 2 in the picture). That's short for "acknowledged" of
course; it means you've dealt with the log, and don't want to see it any more.
• Click on any other log message. Switching away from the login-failure log automatically
saves your changes.
5. Back up in the list of logs, you'll see that the following checkbox has turned on ...
...which indicates that it's now been acknowledged. Next time you refresh the display, it'll
disappear.
Go on. Press Refresh now, then check to make sure it's really gone.
Note: In real life, of course, you probably wouldn’t bother to add a User comment to a log as simple
as this one. That’s fine - you can acknowledge a log without commenting on it. Conversely,
you can add a User comment without acknowledging the log, as a note to yourself or other
administrators.
6. Feel free to take a look at any other entries in the Recent unacknowledged logs list. If you
know what caused any of them, go ahead and annotate them - and acknowledge them
too, if the problem's now been resolved.
Checkpoint: You've learned a powerful way to keep on top of logs from your system, by
annotating and acknowledging them as you handle each one.
Task 4: Search for a log

We've just seen a simple and effective way to process log messages as they come in.
Sometimes, though, you want to read through historical logs - to look for anything unusual
which was happening when some specific problem occurred. That's when the Find logs tab
comes into its own.
124 CONFIDENTIAL
Work with logs
1. Back in MetaView Explorer, choose Find logs from the tab bar across the top of the Logs
pane.
2. The interface here is... well, let's call it "eccentric". If you're expecting a nice big Search
button, you aren't going to find one. Instead, you'll need to click the inconspicuous "..."
icon I've marked out in the screenshot below:
3. In the next dialog box, you first of all have to turn on the checkbox I've marked with the
number 1, then click the "..." icon I've marked 2:
4. And then, at long last, you'll get to see the search form.
CONFIDENTIAL 125
Work with logs
There are lots of options you can turn on here. Note that you're doing an "AND" search, so
you'll only find logs which meet all of the criteria you choose.
5. Let's do a simple search right now, and look for logs which occurred within a particular
period of time. To do this, we'll use the top two options in the dialog box. Turn on the
checkboxes now:
Then, use the drop-downs to define (say) a 20-minute window, which includes the time
when you failed to log on to MetaView Explorer. In the example above, I've chosen a
window from 3:20pm to 3:40pm on 16 January 2014.
Warning! Once again, the interface is a little confusing. You’d expect the start time to come first and
the end time to come second - but they’re the other way round. Have a close look at the
screenshot and you’ll see what I mean.
6. Once you've set the times, click OK to close the dialog. You'll be back at this window:
126 CONFIDENTIAL
Work with logs
You could, at this point, create a second set of search criteria by turning on the bottom
checkbox. If you did, you'd see logs which matched either of the two sets - in other words,
this dialog does an OR search.
But we won't bother with that just now. Click OK to close the dialog and see your search
results.
7. Back in the Logs pane, scroll down and find your now-familiar failed-login message. Here's
mine:
And here's a closer look at it. Among other things, notice how the checkbox is turned on,
to show that the log is acknowledged. If I turned this back off, it would reappear in the
Recent unacknowledged logs display.
CONFIDENTIAL 127
Work with logs
8. Feel free to take a look through the logs your own search has turned up. Remember, you
can find out more about each log by clicking the tabs in the bottom part of the window:
9. As you scroll down the list, you might notice there are more logs than you've previously
seen in the New unexpected logs or Recent unacknowledged logs tabs. The "extra" logs
will already have a tick in their checkboxes, indicating that someone's acknowledged them.
What's going on?
The key to understanding it lies in the Severity column. Like all computer systems,
Metaswitch products record a range of "informational" logs, which don't require any
attention from an operator. Each log is assigned a severity number, from 0 to 100, and
any log with a severity of 60 or less is judged informational. Since informational logs don't
require any action, they are automatically acknowledged by MetaView.
Informational logs don't appear in the New unexpected logs tab (because they're not
unexpected), and they don't appear in the Recent unacknowledged logs tab (because
they've been acknowledged automatically). So, searching on the Find logs tab is the only
way to see them.
10. Here's an exercise to test yourself. Still working in the Find logs tab, change your search
filter so that, in addition to limiting yourself to the time window you've selected, you only
see logs with a severity of 70 or more. I'll give you some tips in a moment, but see if you
can work it out before reading on.
Managed it?
If you're struggling, here's what to do. You need to click these two "..." buttons in turn to
get back to the search dialog:
Then in the search dialog, turn on the checkbox next to Severity, select >= from the first
drop-down, and finally 70 from the second. Click OK the requisite number of times, and
you'll be back at the newly-filtered Logs display.
Checkpoint: That's all there is to it! You now know your way around the Logs pane, and are well
on the way to keeping track of what's happening on your Metaswitch system.
128 CONFIDENTIAL
Work with alarms
Work with alarms
Introduction
In the previous lesson, I explained that your Metaswitch system generates two types of
messages: logs, which are instantaneous reports, and alarms, which reflect ongoing problems.
We've already taken a detailed look at logs; now it's time to see the other side of the coin.
This Lesson is different!

In the last Lesson, we started out by deliberately typing the wrong password into MetaView
Explorer. Since that provokes a specific log, I was then able to walk you through a series of
steps on your own system, confident in the knowledge of what you were going to find.
It's a lot harder to do that for alarms. Alarms are there to tell you that there's something badly
wrong - much more serious than a mis-typed password. And for obvious reasons, it would be
foolhardy to tell you to deliberately break your system.
But through sheer good luck, just as I came to write this Lesson, I noticed there was a serious
alarm on one of our test systems here at Metaswitch. So rather than talking you through a
procedure on your deployment, I'll spend this Lesson explaining how I worked out what was
wrong on ours.
Start here
This Lesson is different to all the others you'll find in this guide. It's pure book work, and you
won't be so much as touching a mouse or a keyboard.
During the Lesson:
• I'll explain the steps I went through to handle a real-life alarm
• I'll point out the most important tools and techniques I used
• and by the end of it, you'll know how to deal with real-life alarms in your deployment, too.
Task 1: Find alarms using the Alarms Window

As I said, it's complete coincidence that we happened to have an alarm on our test system. So
how did I even notice that anything was wrong?
1. I spotted there was a problem by looking at MetaView Explorer's Views pane. The Alarms
heading turned red (and so, as it happened, did the Logs heading - but that's not our focus
for this Lesson). You can see it in this screenshot:
CONFIDENTIAL 129
Work with alarms
What you can't see in the picture is that the red highlights were flashing. So in all honestly,
it was difficult to overlook the fact there was a problem.
The red lights told me it was a "critical" problem, which I'd better investigate right away. A
"major" problem shows up orange, and a "minor" problem looks yellow.
2. To find out what was wrong, I clicked the word Alarms in the Views pane (where the
arrow's pointing in that screenshot). That opened a new window, like this:
This is the imaginatively-titled Alarms Window, which I'll be working with for most of this
Lesson. The bottom part of the window is just a help display - so let's focus our attention
on the top half.
Note: Just like the Logs pane, it’s a good idea to click Refresh whenever you turn your attention
to the Alarms Window.
3. Now, as soon as I opened this window, a couple of things stood out. First of all, I saw
that there were quite a few alarms already active. Each of the colored rows you see in the
screenshot - either red or yellow - is a separate alarm.
Handily though, MetaView sorts the Alarms Window so the most serious problems are at
the top. And right at the top of the window, there was a single red-colored row, telling me
about the critical alarm which had brought me here. So that's the alarm I looked at first! (I'll
come back to the yellow-colored rows later in this Lesson.)
Note: By the way, “most serious first” is just the default. Like most Windows applications, MetaView
Explorer lets you change the ordering by clicking the headings of each column. Clicking the
Time heading, for instance, would show the most recent alarms first. To go back to showing
the most important alarms first, click the Status heading.
4. Here's a close-up of that row (split into two parts so you can see it clearly):
There's quite a lot I could tell at a glance - for example the Time when it happened, the Node
it affected (which means, roughly speaking, the server it happened on), and of course the
Summary of what had gone wrong.
130 CONFIDENTIAL
Work with alarms
5. To find out more, I double-clicked that red row in the table. Here's what I saw:
It's a useful window, this one. In one view, it told me the Cause of the problem, the Effect it
was likely to have, and the Action I should take to deal with it. Often, this would be enough
to point me towards a solution.
As it happens, clocking isn't my specialty. So to take things forward from here, I searched
on Metaswitch Communities (http://communities.metaswitch.com) - where I found several
pages of relevant information. I'll talk more about troubleshooting techniques in Troubleshoot
common problems on page 257, much later in this guide.
Right now though, let's not get too distracted by the specifics of this problem. Instead, in
the next few Tasks, we'll have a look at some of the other ways you can work with alarms
in MetaView Explorer.
Checkpoint: You've learned how to use the Alarms Window to spot problems affecting your
system, and how to look at the detail for a specific alarm.
Task 2: Find alarms using the Object Tree

The Alarms Window is an important way to spot problems using MetaView Explorer, but it's not
the only one. In this Task, I'll show you an alternative approach.
CONFIDENTIAL 131
Work with alarms
1. First up, have a look at this screenshot I took from the Tree pane on our test system:
By now, you're used to scooting about the Tree pane, and you're bound to have noticed
that there are lots of green checkmarks all over the place. Sure enough, there are plenty of
them in that screenshot - next to Hardware Inventory, for example.
But see the red cross next to Clocking Module? That's (hopefully!) not what you're used
to, and it's a sign that there's something wrong with that object.
2. Let's back up a bit. Suppose I'd had no reason to look at the Clocking Module object. In
fact, suppose I'd no idea there was any problem at all.
In this screenshot, I've closed up a lot of branches - I'm looking at the very top level of the
object tree. Does anything catch your eye?
Yep! There's a little red cross next to Chassis "L1L2Lab-CH6050". Compare it to the red
cross in the previous screenshot, and you'll see that this one's smaller...
...which tells me the problem isn't with Chassis "L1L2Lab-CH6050" itself, but with
something beneath it in the tree.
3. So, I investigate. I expand Chassis "L1L2Lab-CH6050", and now I spot the telltale red
cross next to Chassis Ethernet Resources...
...so I open that up in turn. And so on, down the tree, until I find the object with the big red
cross - the one that's actually causing the problem.
132 CONFIDENTIAL
Work with alarms
4. So, in this hypothetical example, I now know there's a problem with the Clocking Module.
But how do I know exactly what's wrong?
At this point, I turn my attention to the Alarms section of the Details pane - ringed in red
below:
Note: Often, you’ll have to scroll down the Details pane to find the Alarms section. It’s always at
the bottom.
5. Here's a close-up of what I see there.
The words Attention Required are another signal that there's a problem, just to reinforce
that red cross in the Tree pane. But the most useful part of the Alarms section is the tiny
"bell" icon - I've picked it out with an arrow above.
6. Click on that bell icon, and this window opens:
CONFIDENTIAL 133
Work with alarms
Familiar, right? We're back at the details page we saw in the previous Task. Same alarm,
same information... but two different ways of finding it.
Note: In this Task, you've seen how to go from an object in the Tree pane, to an alarm in the Alarms
Window. You might be wondering if you can do it the other way round. Sure you can! Just
right-click any row in the Alarms Window, and select Go to object.
Checkpoint: Now you know two alternative ways of spotting alarms in MetaView Explorer. You
can use the Alarms Window, like I did in Task 1; or you can follow the trail of red crosses down
the Tree pane, like I've showed you in this Task.
Task 3: Understand Attend To Dependent alarms

Before we move on from this extended example, there's a loose end to tie up. Remember this
screenshot from Task 1?
134 CONFIDENTIAL
Work with alarms
When we looked at that screenshot, I pointed out all the yellow rows - each of which is a
separate alarm - and promised I'd come back to them later. Well, I haven't forgotten! Let's do
it now.
1. I first noticed these additional problems in the Alarms Window. But as we learned in Task
2, you can also spot alarms using the Tree view. Here's what I found when I drilled down
the tree.
And here, as a reminder, is what the alarm for the Clocking Module looked like. Spot the
difference! (It's not very hard.)
So why are these other alarms showing up as a yellow exclamation mark, rather than a red
cross? Take a guess before you read on.
2. These alarms are different, because they're knock-on problems instead of root causes.
Let's look at that in more detail.
• The clocking problem - which we looked at in Tasks 1 and 2 - caused a primary alarm,
also known as Attention Required. To fix that problem, I needed to take specific
action. Primary alarms are shown in the Tree pane with a red cross.
• The knock-on problems are secondary alarms, also known as Attend To Dependent.
I don't need to do anything to address a secondary alarm - once I've fixed the primary
problem, the secondary alarms should clear as well. Secondary alarms are shown in
the Tree pane with a yellow exclamation mark.
3. As a rule of thumb, then, it makes sense to work on primary alarms first, just like I did in
Task 1. But in every other respect, secondary alarms are exactly the same as primary ones.
For example, they still have details pages, which still list effects and recommend actions.
Note: As well as green checkmarks, red crosses and yellow exclamation marks, you’ll sometimes
see a gray dot. (For instance, there’s one next to Chassis Ethernet Resources in the last
screenshot I showed you.) That dot means it’s not possible to have an alarm on that object,
usually because it’s simply a container with no configuration of its own.
4. By the way, the fact that these were secondary alarms was visible in the Alarms Window
as well. Here's a close-up of part of the Alarms Window table - look at the Type column...
CONFIDENTIAL 135
Work with alarms
Warning! There’s something a little bit confusing to understand here. In the Tree pane, a red cross
means Attention Required (a primary alarm), while a yellow exclamation mark means Attend
To Dependent (a secondary alarm). But in the Alarms Window, red, orange and yellow refer to
the severity of the problem, not whether it’s primary or secondary. In this example, it’s just a
coincidence that the secondary alarms happen to be Minor ones, which are colored yellow.
5. One last quick tip before we move on. Remember this icon, which signifies a hyperlink to
another part of the object tree?
Usually, if you expand an object that's showing a secondary alarm, you'll find one or more
of these hyperlinks under it. Double-clicking the link will often take you to the object with
the primary alarm. It's not guaranteed to work, but it's worth a quick try as a time-saving
alternative to going through the Alarms Window.
Checkpoint: You now know the difference between primary and secondary alarms, and how to
tell them apart in MetaView Explorer. And you know that generally, you should resolve primary
alarms first.
Task 4: Acknowledge and suppress alarms

Let's fast-forward a little now. I've now finished investigating the original "clock module in
holdover" alarm, and I've decided that - while I can't fix it straight away - there's nothing urgent
for me to worry about. What next?
1. In the last Lesson, I talked about acknowledging logs. Acknowledging a log marks it as
"done", signaling to yourself and other operations staff that no further action is required.
Acknowledging an alarm is just the same idea. Remember this table row, which I showed
you back in Task 1?
The N in the first column was telling me that the alarm hadn't yet been acknowledged. If I'd
acknowledged the alarm, the N would have changed to a Y. And if anyone else was also
monitoring the system, it would have changed on their screen too.
But note - that's all that would have happened. Acknowledging an alarm doesn't make it
disappear from the Alarms Window. In that respect, alarms work differently to logs.
136 CONFIDENTIAL
Work with alarms
To acknowledge an alarm, right-click it and select Acknowledge. Expecting a screenshot?
There's one coming up in just a moment.
2. The next step up from acknowledging an alarm is to suppress it.
Suppose, for example, I decided I didn't want to see any of those knock-on Attend To
Dependent alarms any more. I know what they're telling me, and I know what I'm doing
about it. They're just in the way.
In the Alarms Window, I can right-click the offending alarm, then pick Suppress...
By the time I took this picture, I'd already suppressed one of the Attend To Dependent
alarms. If you look carefully, you'll see that the first row below the red one has turned gray.
Next time I click Refresh, it'll disappear from the list.
(By the way, that's the screenshot I promised you. Acknowledge is also there on the same
menu.)
Note: Suppressing an alarm doesn’t stop it recurring. To illustrate that point, suppose you’ve
suppressed an alarm which tells you about a problem on a trunk. If the same problem
happens on a different trunk, you’ll still get a new alarm - and if the original problem’s fixed
but comes back again, you’ll get a new alarm then too.
3. Another way an alarm can disappear is if it's cleared. That just means the original problem's
been resolved, or has resolved itself. Cleared alarms show up green in the Alarms Window
and vanish automatically after a while.
4. Last of all, you can control what alarms you see in the Alarms Window by applying a filter.
Filters are powerful things: perhaps you want to see only alarms made by your Call Feature
Server, of Major severity, which haven't been acknowledged and have something to do
with ISUP or M3UA? By all means...
CONFIDENTIAL 137
Work with alarms
Relax, though! I'm not going to talk you through this monster dialog box. I wouldn't
recommend turning on a filter until you're properly familiar with alarms - and by that point,
it'll seem pretty simple to find your way around the options. When you're ready, the Filter
button at the top of the Alarms Window is the place to begin.
Note: Just so you know, there's one more button in the Alarms Window which I'm not going to
cover here: View Rules. Very briefly, Rules let you re-write alarms - for example if a particular
issue is normally Minor, but is actually Major in your specific environment. When you're ready
to learn about Rules, you'll find full documentation online at https://communities.metaswitch.
com/manuals/latestsection/11700232.
Checkpoint: You now know all about logs and alarms - the two most vital tools for monitoring
your Metaswitch deployment. You know how to spot when they occur, and you know how to
flag when they're resolved. With this crucial set of features under your belt, you're well on your
way to mastering MetaView Explorer!
138 CONFIDENTIAL
Be notified about logs and alarms
Introduction
In the previous Lessons, I've stressed how easy it is to notice when there are new logs or
alarms... provided you're keeping an eye on MetaView Explorer. And right now, while you're in
the midst of configuring your system, "keeping an eye on MetaView Explorer" might be simple
enough to do.
In the long term, though, constant vigilance isn't very practical. So in this Lesson, we'll see how
to configure MetaView to be a little more proactive - and reach out to you when it spots that
your system needs help.
What are your options?

There are three basic approaches to consider.
• The first and simplest thing you can do is to turn on email notifications. When you select
this option, MetaView will drop you a mail each time it spots an important log message.
We'll see how to set up email notifications in this Lesson.
• Another option is to monitor logs programmatically, using a script or similar tool. To make it
easier to develop a script, your MetaView server writes out plain-text copies of its log files,
which you can download for processing. Later in this Lesson, we'll find out about those
files, too.
• And for an even more sophisticated approach, you can integrate MetaView into a full-
featured large-scale monitoring and management system, such as IBM's Netcool. We're
getting into heavy-duty system integration there, and I won't dig further into that option
for this guide. However, MetaView does offer two standard interfaces - using SNMP and
CORBA - which you can use to hook up with third-party systems. If you want to learn more,
check out the Metaswitch Innovators' Community at http://innovators.metaswitch.com.
Notifications with a warm standby MetaView Server

In Understand hardware and software redundancy on page 87, I outlined your options for
delivering hardware and software redundancy for the MetaView Server. One of these is to
maintain a warm standby - a spare server which is in a chassis and powered on, ready to take
over if the active server should fail.
If you have a warm standby MetaView Server in your deployment, then you need to know that
its notifications are configured separately. So whatever notification options you select for your
active MetaView Server, you should also set up on your warm standby.
To do this, simply run through this Lesson twice.
• The first time, you'll be logging on to MetaView Explorer in the normal way.
• The second time, log on to MetaView Explorer using your standby server's IP address.
This will connect you directly to the warm standby, so that you can repeat the configuration
there.
Start here
• configure your MetaView Server to send you an email when it spots an important log
• explore the options for producing plain-text log files, which you can use to monitor your
system programmatically.
CONFIDENTIAL 139
Task 1: Configure email notifications

Email notifications are messages sent out by MetaView, whenever an important log arrives.
(I'll explain what counts as "important" later in this Task.) It's pretty easy to set up email
notifications - though there's a little bit of admin you'll need to do first.
1. Talk to whoever administers your email system, and agree on an email account which you
can use to send the notices.
Now, let's be clear - I'm not talking about the email address the notifications are delivered
to. At this point, I'm thinking about the account they're sent from. After all, every email
needs a sender!
Depending on your company's policies, you might use your own account for this, or you
might decide to use a new address created specially for the purpose. It's worth knowing
that your MetaView Server only uses this account for outgoing mail, and doesn't need to
receive or process any incoming mail. That might affect the way the administrator chooses
to set it up.
Later in this Task, you'll need a note of any details required to send email from this address.
At the minimum, that'll be the hostname or IP address of the outgoing mail server (also
known as an SMTP server). You may need a login name and password too.
Note: In due course, you may also want to set up a specific email address to receive the
notifications - for example, a forwarding address which distributes them to a group of people
who all need to know. While you’re experimenting, though, feel free just to use your own
email address. The receiving address doesn’t need to be “special” in any way.
2. Got the email details sorted? Let's crack on with MetaView.

In the MetaView Explorer Tree pane, go to your MetaView Server. Here's a quick reminder
of how to do that.
• In the Views pane over on the left, make sure Object tree and views is selected. If it
isn't, just click it.
• Now in the Tree pane, find the object called MetaView Server "your-server-name".
You may need to click the "+" button to expand All managed components; once
you've done that, you'll find the MetaView Server object near the bottom of the list.
3. Click the "+" button to expand the MetaView Server, then select Email Notifications. You
should see something like this:
140 CONFIDENTIAL
When you glance at the Details pane, it seems there's not much you can do with this
object. But that's about to change!
4. Set Email notifications - status to Enabled.
A whole load of new options appear...
5. Fill in the following details.

• SMTP server address - this is the hostname or IP address of your outgoing mail server,
which I talked about earlier in this Task.
• Mail server MetaView account address - this is the email account you want the
notification emails to come from. This needs to be the address you've agreed with your
email system administrator.
• Recipient address - the simplest of all the fields to fill in, this is the address you want
mails sent to.
• Mail server requires authentication - if your administrator gave you a login name and
password for your outgoing mail server, set this to True. A couple of extra fields will
appear and you can fill those details in.
6. The remaining options in the Details pane let you choose exactly what you want to be
emailed about. For now, just set New log notifications - status to Enabled. We'll leave the
other options at their defaults for now.
7. Check your entries over and, if everything's OK, click the Apply button below the Tree
pane.
Note: By the way, don’t get distracted by the Alarms section at the bottom of the Details pane.
You might think it’s an extra set of configuration options, but it’s not - it’s just there to tell you
about any problems that have arisen with email notifications themselves. It’s confusing in this
specific case, but there’s actually an Alarms section for every object in MetaView Explorer, as
we saw back in Work with alarms on page 129.
8. Want to check whether it's worked? Just use the trick I showed you in Work with logs
on page 119, and type the wrong password when logging into MetaView Explorer. You
should get an email to tell you about it, though it may take up to 15 minutes to arrive.
If it doesn't turn up, it's worth asking your email administrator to have a look at the problem.
There could be a misconfiguration at their end, or there could be an issue with the details
CONFIDENTIAL 141
you typed into MetaView Explorer... but either way, there's a good chance the email system
will have logged some clues.
9. If you find you're now getting too much email, you can go back to the Email Notifications
object and tweak some of the settings.
For example, if you change New log notifications - severity threshold from 70 to 80, you'll
stop getting emails regarding "minor" events. You'll still hear about "major" or "critical" ones.
There are a few other fields you might like to play with, so remember! You can get more
information on any configuration option by looking in the Help pane.
Checkpoint: You're now getting emails about significant logs from MetaView.
Task 2: Download log files

At the start of this Lesson, I mentioned that there's another way to get logs out of MetaView -
by downloading them as text files. Shall we see how?
1. Still working in MetaView Explorer, and near to the Email notification object you've just
been looking at, find and select Alarm / log file management.
Once again, it doesn't look like there's very much to see in the Details pane...
...but (you guessed it!) more fields are going to appear when we start tinkering with the
options.
2. Each log file can contain alarms, logs, or both. Remember, logs are instantaneous reports;
alarms are longer-term warnings, describing ongoing issues with your system.
For now, let's go the whole hog. Set both Write alarm events to file and Write logs to file
to True.
3. For each of the fields you've just set to True, you can now pick a minimum severity you'd
like to include in your log files. This decides which alarms or logs are written to the file, and
which ones go "below the radar", remaining visible only in MetaView.
Technically speaking, severities are numbers between 0 (nothing to see here!) and 100 (the
sky's falling in). In practice though, you can safely go by the short explanations you'll see next
to the numbers. By default, for example, logs are only written out if they're "unexpected"...
142 CONFIDENTIAL
...which is normally about right.
For the purposes of this Task, however, I want to make sure you've got at least some logs
to look at, so we'll dial down the severity required. For alarms, choose Informational (0),
and for logs choose Level 30 (verbose operational).
4. We'll leave the other fields set to their defaults. Go ahead and click Apply.
5. Now, you need to wait for your system to produce some logs. Ten minutes should do it!
Make a cup of coffee or catch up on some emails.
6. When time's up, take a look at the toolbar below the Tree and Details panes, and click this
button:
That's telling your MetaView Server to write out the alarms and logs straight away. Nothing
will seem to have happened... but behind the scenes, a file just appeared on a disk.
Note: You can also trigger this to happen automatically at certain times of the day, using the Hours
to enforce file closure checkboxes you probably noticed in the Details pane.
7. Before we take a look at the file, let's tidy up the changes we made here. After all, we're
only practicing at the moment... you can set things up for real later, if you decide the log
files are helpful.
So, set Write alarm events to file and Write logs to file back to False, and click Apply.
That's restored this object to its default settings.
8. To look at the log file you just created, you'll need to download it from your MetaView
Server. You can do that using an SFTP client, such as WinSCP. I talked about this process
in Transfer files to and from a server on page 65 - take a look back at that Lesson if you
need a reminder of the details.
• Using WinSCP (or another SFTP client), log on to your MetaView Server.
• In the tree on the left of the WinSCP screen, drill down into EMSftp, then find and click
on alarm_log_files. Here's a screenshot:
CONFIDENTIAL 143
9. On the right-hand side, you'll see one or more files. Download any one of these files - it
doesn't matter which one, since we're just taking a quick peek for now.
While you're downloading it, have a look at the filename. It always begins MVS_
AlarmLogRecords, followed by the exact date and time the file was written out. If you're
writing a script to process these records, you can use that fact to deal with them in a logical
order.
10. What happens next depends on the exact configuration of your own PC. The file you've
downloaded is in CSV format, a simple standard layout which is often used by spreadsheet
applications. So on my laptop, when I double-click the file, it opens in Excel.
Alternatively, you might just see the file in a text editor, like this. It's not quite so easy to work
this way - but if you compare it to the spreadsheet, you'll see how the commas correspond
to columns.
11. Take a look through your file, and see if you can spot the following.
• Most lines will start with an "L", telling you that they're Logs. See if you can find any
rows starting with an "A", which means that they're Alarms. (There may not be any.)
• The third column is the severity of the log or alarm - how important it is. Alarms use
words like "minor" or "critical", while logs use numbers from 0 to 100 (with 100 being
the most important). See if you can find the most important message in your log file.
12. This is just a taste of what you can find out by looking at log files. If you want to know
more about the data format, perhaps to develop a script which processes them, check the
documentation at https://communities.metaswitch.com/manuals/latestsection/11810002.
13. Once you've finished downloading and looking at log files, it's a good idea (for security's
sake) to close your SFTP client.
Checkpoint: You now know three ways to find out about logs and alarms. You can watch for
them in MetaView Explorer; you can receive automatic emails; or you can download log files for
programmatic processing. Have you decided which approach is best for you?
144 CONFIDENTIAL
Understand trunks
Understand trunks
Introduction
In a moment, we'll be embarking on a series of Lessons which explain how to configure
connections to other switches - in other words, trunks. The tasks we're covering will get a bit
more complex from now, but hang on in there! By the time you've worked through the next few
chapters, you'll have the essence of a functioning Class 4 deployment.
Depending on the kinds of network you use, you may have several different types of trunk to
configure. You might use ISDN, for example, or SS7 carried over E1. So before we start work,
let's pause for a moment - and quickly run through all your options.
Start here
• identify three types of trunk your Metaswitch system supports
• pick names and numbers for your trunks - an essential prerequisite for all of the following
Lessons.
Task 1: Identify the trunk type
Did you know? The first Metaswitch products were specifically designed as a bridge
between VOIP and TDM networks. That's the reason for the "meta" part of our name.
These days, a lot of attention's focused on Voice over IP - and although VOIP uses a radically
different technology to conventional phone systems, we at Metaswitch still use the familiar
terminology of "trunks" connecting switches. There's only one type of VOIP trunk...
• SIP trunks. What we call a "SIP trunk" is actually the combination of SIP signaling and RTP
media streams, all sent over an IP network.
There are two Lessons coming up covering SIP trunks. One explains how to set up the SIP
trunks themselves, while the second covers Remote Media Gateway Models, which SIP
trunks use to enhance interoperability.
On the other side of the fence, we refer to connections using old-school protocols as TDM
trunks (since they all, at one point or another, involve time-division multiplexing). I'll cover two
types of TDM trunks in this guide:
• SS7 trunks. These use ISUP signaling over MTP3, with the signaling and media typically
both transmitted over E1 or T1 lines. (You can alternatively use M2PA to send the signaling
over an IP network, but I won't be exploring that option in detail in this guide.)
Again, there are two Lessons ahead covering SS7. The first explains how to set up signaling
links, then the second describes how to use those signaling links to create media channels.
• ISDN trunks. These use an ISDN Primary Rate Interface (PRI) to carry both signaling and
media across a single E1 or T1 line. ISDN's pretty easy to configure, so we'll cover it in just
one Lesson.
Also in this group of Lessons, you'll find instructions for activating a physical E1 or T1 connection
- which is, of course, a prerequisite for both types of TDM trunk.
Note: Just for completeness, your Metaswitch system also supports a third type of TDM
connection called MF trunks. MF trunks are used only in specific geographic areas, primarily
North America, so I won’t be discussing them in this guide. If you’d like to learn about MF
CONFIDENTIAL 145
Understand trunks
trunks, check the Metaswitch Support Community at https://communities.metaswitch.com/

Checkpoint: You now know about the types of trunk you can configure, and the forthcoming
Lessons which describe them.
Task 2: Pick a name and number

For each trunk you configure - regardless of its type - you'll need to make a few decisions about
how you'll refer to it in the future. Since these choices are always the same, I'll spell them out
just once here, then I'll assume you're up to speed on this when we come to future Lessons.
So, in each case, here's what you'll need to do.
1. Pick a name for your trunk. Obviously, it needs a name so you can find it again in the future,
but this is also what you'll use when configuring translations. Translations are a complex
topic, and they're covered in full detail in a separate book called Learn How To Manage
Your CFS Translations.
The name can be whatever you want it to, and it doesn't have to match anything configured
on the other switch. You might choose "Primary trunk to Foobar Telecom", or "First test
trunk", or even "Bob". (Metaswitch Networks does not recommend you call your trunk
"Bob".)
2. Pick a Trunk Group Number to identify this trunk in billing records. OK, this one takes a
little explaining...
The first thing to know is that Trunk Group is primarily a North American term. If you're
elsewhere in the world, then imagine the Trunk Group Number is just called a "Trunk
Number", and you won't go far wrong.
So what's the Trunk Group Number for? Well, when we come to discuss billing for your
service in Configure billing on page 199, I'll explain that you can generate billing records
in either of two formats - BAF or XML. BAF in particular is a highly-compact standard
format, and there's no space in it for the user-friendly name you just picked for your trunk.
Instead of helpful names, BAF records use inscrutable numbers... and you're in charge of
remembering which number corresponds to which trunk. Sorry about that.
Trunk Group Numbers aren't telephone numbers - they're just ordinary numbers like "42" -
and once again, they don't have to match anything configured anywhere else. But still, you
might want to put some thought into a numbering scheme which will make sense to you in
the long run. For example, you might number trunks to local partners as 100, 101 and 102,
while long-distance trunks have numbers from 200 and up.
It's possible to give more than one trunk the same Trunk Group Number. That's normally a
mistake, though, so keep a record of the numbers you've used and avoid using the same
one again.
Note: You need to decide on a Trunk Group Number even if you won’t be using BAF-format billing
records, because it’s required for various internal purposes too.
3. As I mentioned a moment ago, BAF isn't the only show in town; you may choose to use
an alternative format for your billing records, based on XML. In that case, you can specify
a more user-friendly Trunk Accounting Reference alongside the Trunk Group Number.
The Trunk Accounting Reference will appear over and over again in the billing records, so
it's still best not to pick anything too wordy. For example, if this is your primary trunk to
Foobar Telecom, something like foobar pri would be fine.
146 CONFIDENTIAL
Understand trunks
I'd suggest you pick a Trunk Accounting Reference even if you're not expecting to use XML-
format billing records. It doesn't hurt to have it configured, and it'll make things simpler if
you ever change your mind later on.
Checkpoint: You now know about the key naming decisions you need to make for each trunk.
CONFIDENTIAL 147
Understand trunks
148
CONFIDENTIAL
Configure a SIP trunk
Introduction
To get us started configuring trunks, we're going to look at VOIP - that is to say, at calls
delivered over an IP network, whether that's the public internet or a private connection that
uses IP.
If you're accustomed to TDM, then you might feel that jumping straight to VOIP is throwing you
in at the deep end. But it's new and exciting! It's the future of telecoms! It might be the reason
you chose Metaswitch! And more prosaically, it's a good place to start because it's the easiest
type of connection to configure. So please don't skip this Lesson - during the course of it, you'll
be learning some basic concepts which you'll need to refer to later on.
About SIP trunks

As you hopefully already know, the principal tool for setting up calls over IP is the Session
Initiation Protocol, or SIP. So when you make an arrangement to exchange calls with another
switch, we call that a SIP trunk.
Unlike (say) an ISDN trunk - which may well be an actual physical wire going from one place
to another - a SIP trunk is a purely conceptual affair. But for configuration purposes, it's helpful
to imagine that you do indeed have a wire between you and the other party... albeit that it's a
magic wire with a big blob labeled "IP" in the middle.
Why have I put a Call Feature Server at "your" end of the wire? Well, remember this diagram
from back in Find your way around your network on page 25...
CONFIDENTIAL 149
When you configure a SIP trunk, you'll be setting up the signaling links - the ones which are
shown in red. Since the signaling links connect to your Call Feature Server, that's where you'll
be doing the configuration.
You don't need to set up the media links (shown in green). Once you've arranged the signaling,
the two switches will sort out the media connections between themselves. Of course, this will
often involve passing media through your Universal Media Gateway - but you don't need to do
any work to make that happen.
Note: Though you don't need to configure the media connection, you may need to specify some
tweaks to the protocol, for optimum interoperability with the other switch. You can do that
using a Remote Media Gateway Model, which I'll be talking about in the next Lesson.
About proxies and Session Border Controllers

SIP trunks are conceptually very simple, but there's one potential complication. In IP networks,
it's common to use proxies - intermediate servers which intercept and pass on protocol
messages. In this diagram, let's compare and contrast two connections, one without and one
with a proxy...
The presence or absence of a proxy has an effect on how you set up your SIP trunk - and in
particular, it determines which IP addresses you'll need to know and configure.
• In the straightforward case, shown at the top of the diagram, there's no proxy and you
connect directly to the other switch. In that scenario, you'll simply need to know the IP
address and port number for the switch itself.
• In the more complex case, shown at the bottom of the diagram, there's a proxy between
you and the other switch. In that scenario, you need to know the IP address and port
number for the proxy, since that's what you're connecting to
But that's not the end of the story! Even when there's a proxy, you will still need to know
the IP address and port number for the switch itself. Why? Because that's what needs to
appear inside headers in the protocol dialogue.
I'll explain exactly where to set up these configuration parameters when we come to Task 1.
Note: One very special example of this scenario is the Session Border Controller or SBC. SBCs
are far more than just proxies, but in terms of how they slot into the network, they fill a similar
role. Just like a proxy, when you're connecting through an SBC, you'll need to know both
the IP address and port number exposed on the SBC, and the corresponding details for the
switch behind it.
150 CONFIDENTIAL
Did you know? Adding an SBC to a network can increase security and resilience, as
well as helping with load management and enabling advanced network topologies. If you
happen to be in the market for an SBC, Metaswitch's Perimeta product line is really rather
splendid.
Start here
In this Lesson, you'll see how to set up a SIP trunk to another switch - whether that's another of
your switches, or someone else's. Along the way, we'll learn some techniques and terminology
which will be helpful for other kinds of trunks too.
Specifically, you will lean how to:
• create two objects in MetaView Explorer which together, configure your new SIP trunk.
Task 1: Set up the Configured SIP Binding

The good news is that you've already finished the hard part of this Lesson - getting your head
around the concepts. Now you've done that, the actual configuration is straightforward. We'll
start by creating a Configured SIP Binding object using MetaView Explorer.
What's a Configured SIP Binding? ...well, it just represents a permanent connection to another
piece of equipment which talks SIP. In this case, it's a switch on the other end, but it could
alternatively be an application server - or in a deployment which offered Class 5 features, it
might be something like a voicemail system.
1. Start MetaView Explorer and, using the Tree pane, drill down to the Call Feature Server or
Integrated Softswitch you want to work with. Here's how.
• Under All managed components, look for an object called Connection to Call Feature
Server "your-server-name" (or if you have an Integrated Softswitch, Connection to
Integrated Softswitch "your-server-name").
• Click the "+" button to expand that Connection to... object. Beneath it you'll find a
single object, called Call Feature Server "your-server-name" or Integrated Softswitch
"your-server-name". That's what I mean by "the Call Feature Server you want to work
with".
2. Still in the Tree pane, drill down another level to Call Feature Server.
Note: This is slightly confusing, so it’s worth spelling out. As we’ve just seen, your Call Feature
Server or Integrated Softswitch has an object in MetaView Explorer’s Tree view, called
something like Call Feature Server “your-server-name” or Integrated Softswitch “your-
server-name”. Below that, there’s another object called simply Call Feature Server. That’s
the one you should just have drilled down into.
3. Drill down further into Controlled Networks, then click on Configured SIP Bindings.
4. Finally, in the toolbar just below the Tree pane, select Add Sub-Component. You'll be
prompted to confirm; just click OK.
5. Your screen will now look a bit like the following. We're going to be working with the big
list of configuration parameters in the Details pane - handily ringed in red in the screenshot
below:
CONFIDENTIAL 151
6. There are quite a lot of options available for your new SIP trunk, but in this lesson we'll
focus on just the core ones. Working from the top of the list downwards, find and fill in the
following details.
• Name - type the name you've picked for this trunk. As I explained in the last Lesson,
Understand trunks on page 145, you can choose this freely; it's for your reference
only.
• Usage - for obvious reasons, set this to Trunk.
• Use DN for identification - almost always, devices providing trunks should be identified
in SIP messages by their directory number rather than by a name. So, set this to True.
• IP address match required - set this to True for additional security. That means your
Call Feature Server will only accept SIP messages if the IP address and port in the Via
headers matches the configured contact or proxy IP details (which you'll be setting up
in a moment). This helps to prevent a malicious server masquerading as a trusted one.
• Contact IP address and Contact IP port - simply put, these are the other switch's
IP address and port number. More precisely, these details appear in SIP headers, as
opposed to...
• Proxy IP address and Proxy IP port - which are the IP address and port number actually
used to establish a connection. Fill these in if there's an intermediate proxy between
you and the switch, preventing you from connecting to the Contact IP address directly.
For example, you may need to enter the public IP address and port for a Session
Border Controller. If that doesn't apply to this particular switch, just leave these Proxy
fields blank.
• Media Gateway Model - as I mentioned earlier, we're going to come back to this in
the next Lesson. For the time being, click the ellipsis "...", and choose the option which
best matches the equipment at the other end of the trunk. (Don't stress about this
decision! It's only temporary.)
• SIP type (under SIP Protocol Options) - choose either Basic SIP, or SIP-T or SIP-I,
depending on what you've agreed to use for the trunk.
7. Once you've done all that and checked it through, click Apply to create your shiny new
Configured SIP Binding object.
152 CONFIDENTIAL
Note: As you'll have spotted, we've skipped a lot of detail here - leaving most of the configuration
options at their default values. The basic setup we've created will work for the majority of SIP
trunks, but there's always the chance you'll need to tweak it for your specific environment.
You can come back to your Configured SIP Binding and change its parameters at any time.
And remember, you can click on the name of a configuration item to read about it in the real-
time help in the bottom of the screen.
Did you know? SIP-T and SIP-I are both ways of bundling an ISUP signaling message
within a SIP wrapper. It's still SIP, and you're still configuring a SIP trunk, but the embedded
ISUP contains a little more information than you'd get with SIP alone. Not sure what to
choose? The bottom line is that if the other end supports SIP-T or SIP-I, you almost certainly
want to use it.
Checkpoint: You've created the Configured SIP Binding object, which contains most of the
configuration for your new SIP trunk. But you still need to create an object for the trunk itself,
which we'll do in the next Task.
Task 2: Set up the SIP Trunk

In the previous Task, I explained that configuration for your trunk is split across two objects: the
Configured SIP Binding, and the SIP Trunk itself. It's time now to tackle the latter.
1. The Tree pane of MetaView Explorer is looking a bit busy right now. To make it easier to find
your way around, feel free to close up the Controlled Networks node.
2. Now, find and expand Signaling, then SIP, and finally click on SIP Trunks.
3. Guessed what to do next? That's right! Click on Add Sub-Component to set up a new SIP
Trunk, and confirm when prompted. You'll now be looking at something like this.
4. Once again, we're going to fill in just the most important details in the panel on the right-
hand side. This time, in fact, there are only four of them. The first three are right at the top:
• SIP Trunk Name - type the name you've chosen for this trunk. (Yes, you already used
this name when you created the Configured SIP Binding object. That's OK! We're
creating a different type of object now, so it's allowed to have the same name.)
• Trunk Group Number - we discussed what to type here in the last Lesson, Understand
trunks on page 145. Just to remind you, this is only for use in billing records and
doesn't have to match up to any particular configuration on the other end.
CONFIDENTIAL 153
• Configured SIP Binding - this is what ties it all together! Click on the little picture of a
magnifying glass, and choose the SIP Binding you set up in the previous Task. (You'll
know it's the right one because, once again, it'll be using the same name.)
Note: Some time in the future, when your system gets big enough that it has dozens of Configured
SIP Bindings, it might be a chore to look through the whole list to find the right one. In that
case, your future self can type a few letters into the Configured SIP Binding box before
clicking the magnifying glass, to search for bindings whose names contain those letters. Your
future self will be extremely happy that your present self memorized this tip.
5. There's one last piece of configuration to set. Scroll down the page a little way, and you'll
find this additional short section:
Fill in the Trunk Accounting Reference, the user-friendly alternative to the Trunk Group
Number. Again, we talked about that in Understand trunks on page 145.
6. Done all that? Checked it over? Then press Apply to create the SIP Trunk.
Checkpoint: You're done! Well, you're almost done. We skipped over the Media Gateway
Model, and we'll come to that in the next Lesson.
154 CONFIDENTIAL
Select a Remote Media Gateway Model for a SIP trunk
Introduction
In the last Lesson, I showed you how to configure a SIP trunk - but I left one important detail
unresolved. Now, I'll fill in that gap, by showing you how to find and apply a Remote Media
Gateway Model.
Once upon a time, things in the telecoms world changed slowly. Standards were laid down by
a United Nations agency - the ITU - which promised that it would only change them once every
four years. Equipment manufacturers and service providers had plenty of time to react to new
developments, and the authors of the standards spent the intervals between revisions flushing
out problems and filling in holes.
Did you know? The ITU was originally called the International Telegraph Union. It was
founded in 1865, eleven years before Alexander Graham Bell made that famous first phone
call.
VOIP has changed all that. In the internet age, protocols change quickly - and it's market forces
more than anything else which determine the standards we use. When manufacturers like
Metaswitch run up against problems with a protocol, we're forced to develop our own solutions
or interpretations of the rules. It's not quite true that we all speak different languages... but we
do all have different dialects.
Fixbits to the rescue

To cope with this problem, Metaswitch products use configuration items called fixbits. "Fixbit"
is just a fancy name for an on-off switch; when you turn a fixbit on, you make a subtle change
to the way your system speaks to other switches. Crucially, you can turn on different fixbits for
different SIP trunks, so you can fine-tune your switch's dialect depending on exactly who it's
talking to.
Did you know? It's "fixbit", not "fix bit". This becomes important when you're searching
things like manuals.
Note: Fixbits affect both signaling and media - and they apply in lots of different scenarios, not just
to trunks. So, while you're working through this Lesson, don't be too worried if you notice
there are fixbits which don't seem to apply to you.
Now, you can turn individual fixbits on and off, and I'll show you how you'd do that later in this
Lesson. But it's time-consuming and complex to figure out exactly which fixbits to set for each
of the switches you connect to. Happily, there's an easier way!
The heroic folk of Metaswitch's Interoperability Testing Group (ITG) have done the hard work
for you, and packaged up their precious knowledge in the form of Remote Media Gateway
Models. You can download their Models from the Metaswitch Communities site, and then
upload them to your own Metaswitch system.
So, for example, if you know that the switch you're talking to is a Cisco AS5400, then you
simply upload and select the "Cisco AS5400" Model. Abracadabra! You'll instantly have all the
correct fixbits for that particular connection.
Note: If you're the kind of person who likes terminological exactitude, you'll be wondering why we
called these "remote media gateway models" when they affect both signaling and media.
That's an excellent question, and I wish I had an answer. Fundamentally, we got the name
wrong.
CONFIDENTIAL 155
Start here
In the previous Lesson, you set up a SIP trunk which connects your Metaswitch equipment to
another switch.
Now, in this Lesson, you will learn how to:
• find the appropriate Remote Media Gateway Model for the equipment at the other end of
the trunk
• upload and install the Model to your system
• discover more about the configuration options the Model sets
• apply the Model to the trunk you've just created.
Task 1: Find out about the switch you're connecting to

This is kind-of an obvious point, but to apply the correct Remote Media Gateway Model, you'll
need to know what kind of switch you're trying to connect to. Ask for its manufacturer and
model number, if possible.
Checkpoint: You now know which Remote Media Gateway Model you should be looking for.
Task 2: Download the Model from Metaswitch Communities

Now that you know which Remote Media Gateway Model you're after, you can find and
download it on Metaswitch Communities.
1. Log on to the Communities website. If you've forgotten how to do that, check out Sign up
for Metaswitch Communities on page 9.
2. Find the Mosaic Community on the front page. (The Communities front page changes from
time to time, so it may not look exactly like the picture below - but hopefully, this'll give you
the right idea.)
Note: If you don’t see the Mosaic Community, your Communities account may not be fully
activated. Ask your support contact to check for you. (If you’re wondering why Metaswitch
has to activate your account, it’s because there’s information in the Mosaic Community which
we only release under a non-disclosure agreement.)
156 CONFIDENTIAL
3. In the Mosaic Community, look for the option to Search the interop database. Again, I
can show you where it is at time of writing, but you may need to hunt for it if things have
changed.
4. You'll be looking at this search form.
5. If you're feeling lucky (as Google say), you can just type the name and model of the relevant
switch into the big Search box at the top. But if that doesn't work, there are a couple of
things you can do to narrow down the search:
• choose the manufacturer's name from the Partner Name drop-down (this is particularly
helpful if you don't happen to write the name in exactly the same way as we do)
• choose Network / Trunk Gateways from the Device Type drop-down.
Note: Your search may reveal more than one entry for the particular device you’re searching for. If
that happens, check the Metaswitch Version column to see which versions of the Metaswitch
products the device was tested against. You’ll need to pick the one which matches the
version number of your Metaswitch products.
6. OK. Found your device? Clicked the entry? You'll be looking at a page like this one:
CONFIDENTIAL 157
7. Now, I'll be honest - Communities isn't terribly consistent here. Sometimes, you'll find a link
to the right Remote Media Gateway Model (or RMGM, to its friends) at the very top of the
page, like this:
But sometimes, you won't. In that case, you need to follow the link to the Configuration
Guide, and then scroll to the bottom of the document which appears. At the bottom, you'll
find a list of attachments, like this:
158 CONFIDENTIAL
The attachment you're looking for will usually have the letters MGM (for Media Gateway
Model) or RMGM (for Remote Media Gateway Model) in its name. Sometimes there's more
than one of them, in which case you'll need to read the Configuration Guide to find out
which one's best for you.
8. Once you've found the Model, click to download it.
9. Often, the Model you've just downloaded will be zipped (in other words, it'll have a .zip
extension). In that case, unzip it now.
If you're using Windows, be sure to "Extract all files", or just drag the Model to somewhere
like your desktop - otherwise you may find you have problems in the next Task!
Checkpoint: You should now have the correct Remote Media Gateway Model sitting on your
own computer, unzipped and ready to upload. If you can open it in a text editor (such as
Notepad on Windows), then it's in the right format.
Task 3: Upload the Model to your MetaView Server

You've got the Model on your own computer, but you now need to copy it across to your
MetaView Server. This bit's easy, because you've already worked through Transfer files to and
from a server on page 65! ...haven't you?
1. As you learned in Transfer files to and from a server on page 65, use your SFTP client to
log on to your MetaView server.
2. On the MetaView server, change to the directory called EMSftp. Here:
3. Copy the Model file across to the MetaView server, leaving it in EMSftp.
4. Close or disconnect your SFTP client (just for security's sake).
Checkpoint: The Remote Media Gateway Model is now sitting on your MetaView Server, ready
to import.
Task 4: Import the Model into MetaView Explorer

The Model's now on your MetaView Server - but at the moment, it's simply a text file on a disk.
Before you can use it, you'll need to import it into your configuration.
1. Start MetaView Explorer and, using the Tree pane, drill down to the Call Feature Server or
Integrated Softswitch you want to work with.
CONFIDENTIAL 159
Once again, here's how to do that: expand All managed components, then the appropriate
Connection to... object, and beneath that find an object called Call Feature Server "your-
sever-name" or Integrated Softswitch "your-server-name". I've described that a couple
of times now, so I won't spell it out in future Tasks or Lessons.
2. Still in the Tree pane, drill down to Call Feature Server, then Controlled Networks.
3. Click on Remote Media Gateway Models. You'll be looking at the following.
4. Over in the right-hand panel, check that the Mode is set to Do Not Overwrite (change it if
necessary).
5. Just below Mode, next to File, type the name of the Model file you uploaded in the previous
Task. You need to type the whole name, including the .txt extension.
Note: The filename is case-sensitive.

6. Click Apply, in the toolbar at the bottom of the screenshot above.
Warning! At this point, take a moment to double-check that the Mode is set to Do Not Overwrite. If it
isn’t, and if something goes wrong with this import, you might accidentally lose pre-existing
configuration.
7. Click Import, which again you'll find down at the bottom. (If Import is grayed out, perhaps
you forgot to click Apply in the previous step?)
8. Not much seems to have happened! But, take a look at the Status in the right-hand panel,
just above where you typed in the filename - marked 1 in the screenshot below.
• If it says Failed, like it does in the screenshot, then click the button I've marked 2. A
window will open to show you a log message, explaining why it didn't work. (In my
160 CONFIDENTIAL
case, it said "Import failed because the file could not be found", which isn't particularly
surprising if you look at the filename I'd used.)
• Hopefully though, it'll say Succeeded. In that case, congratulations! You've successfully
imported your new Model.
9. Just to double-check, go back to the Tree pane. The Remote Media Gateway Model
object will still be highlighted.
Click the "+" icon to expand that object. (If by any chance it's already expanded, just close
it up and expand it again, to refresh the list of objects shown under it.) You should see the
Model you just imported listed as part of the object tree.
Checkpoint: You've imported the Remote Media Gateway Model you downloaded from the
Mosaic Community. It's now available for you to use whenever you set up a SIP trunk.
Task 5: Take a look at the Model

This step isn't strictly necessary - but since we're thinking about Remote Media Gateway
Models, it's a good time to take a closer look at one. In this Task, you'll see the wide variety of
options a Model can configure, and I'll briefly explain how to find out more about any of them.
1. In the Tree pane, click on the Model you've just imported.
2. Take a look at the Details pane, over on the right-hand side of the MetaView Explorer
window. Scroll down a little bit. And a little bit more. And more, and more, and more...
It's astonishing how many individual settings there are in a Remote Media Gateway Model.
In case you're not following along, I've taken a quick screenshot which shows you just
some of the details you can set:
CONFIDENTIAL 161
Take a moment to offer silent thanks to the Interoperability Testing Group. Without them,
you'd have had to work all this out for yourself.
3. For obvious reasons, I'm not going to talk you through such a long list of settings. But I can
tell you where to find further details, in case you want to check up on any particular field.
• Your first port of call should, as always, be MetaView Explorer's live help. Click on the
name of any field in the Details view, and a brief description will scroll into view in the
Help pane. However, when we're looking at such detailed configuration, you may find
the online help doesn't give you quite as much technical information as you're hoping
for.
• In that case, it's time to turn to the Knowledge Base on the Metaswitch Support
Community. The Knowledge Base is an online repository of background information,
tips and tricks for all the Metaswitch products, and in this case it's home to a detailed
article explaining each and every fixbit. Find it at https://communities.metaswitch.com/
docs/DOC-8543.
Checkpoint: You've now seen inside the Remote Media Gateway Model in all its terrifying
complexity - and you know where to find information on any particular fixbit, should you need
to.
Task 6: Apply the Model to the Configured SIP Binding

So, your new Remote Media Gateway Model is safely installed on your system. But let's not
forget why you were importing it in the first place!
In the last Lesson, you set up a SIP trunk, but you left its Remote Media Gateway Model set to
a rough default. It's time to go back and correct that omission.
I don't know whether you'll remember this, but I explained back then that configuration for SIP
trunks is split across a couple of objects: the SIP Trunk itself, and the Configured SIP Binding.
The Remote Media Gateway Model is actually set on the Configured SIP Binding, so it's that
object which we need to find and edit now.
We could find the Configured SIP Binding by navigating the Tree pane, just like we've been
doing up to now. But this is a good opportunity to show you another way!
1. Look in the Views pane, over on the very left of your MetaView Explorer window.
• Locate the entry called Find (labeled 1 in the screenshot below), and click the "+" icon
to expand it.
• From the list that appears, click Find Configured SIP Binding (labeled 2 in the
screenshot).
162 CONFIDENTIAL
2. Now, do you remember what you called your Configured SIP Binding? If you do, then you
can search for it using the form that's just appeared in the Tree pane.
Before you can type anything, you'll need to turn on the checkbox next to Configured SIP
Binding. Then enter a few letters from the name, and click Find.
Note: If you can’t remember what you called the Configured SIP Binding, don’t worry. You probably
don’t have many bindings configured yet, so it won’t be too overwhelming to see all of them.
Just click Find without typing anything.
3. Your search results appear immediately below the search form, still in the Tree pane. Find
and click on the Configured SIP Binding you created in the last Lesson. (If you're a little bit
lost, it'll be roughly in the spot labeled 1 below.)
The Configured SIP Binding's configuration appears in the Details pane (labeled 2 below),
just as though you'd selected it from the full object tree.
CONFIDENTIAL 163
4. Scroll down the Details pane until you find the Media Gateway Model field. Handily, its
name's in bold...
5. Click the "..." button and then, from the list which appears, select the Model you've imported
during this Lesson. Click OK to confirm and close the dialog box.
6. Finally, click the Apply button (in the toolbar below the Tree and Details panes) to save your
changes.
Checkpoint: You've set the correct Remote Media Gateway Model for your Configured SIP
Binding, which completes the process of setting up your SIP trunk. And along the way, you've
used MetaView Explorer's Find command for the first time!
164 CONFIDENTIAL
Activate an E1 or T1
Introduction
In the next group of Lessons, I'll be explaining how to set up TDM trunks, using either SS7 or
ISDN. As part of that configuration, you will of course tell your system which E1 or T1 is carrying
each trunk - and before you can start using an E1 or T1, you'll need to activate it. This Lesson
tells you how.
Start here
• physically connect the E1 or T1 line
• find the E1 or T1's Facility Name, which you'll need to use in later Lessons
• tell your Universal Media Gateway about the new connection, by activating it inside
MetaView Explorer
• tell your Call Feature Server about the new connection, by creating and configuring a new
object - again inside MetaView Explorer.
Task 1: Physically connect the E1 or T1

If you haven't already done so, you'll need to physically connect the E1 or T1 line before you
proceed to configure it. Doing things the other way round causes nuisance alarms, as your
Universal Media Gateway notices there's no signal on the line it now believes should be active.
I've already discussed the connectors available in Get to know your hardware on page 91.
In summary, if it's an electrical connection, you'll link it up to a CB1000 or CB3000 break-out
panel. If it's optical, it'll plug into your Universal Media Gateway or Integrated Softswitch's Rear
Transition Module. Refer back to that Lesson if you need more advice.
Note: If you're using the CB1000 break-out panel, remember that the 48 E1 or T1 lines are broken
up differently on the two sides. On the network side, each Amphenol connector bundles
up 24 lines, but on the chassis side each DS1 connector bundles up 16 lines. During the
next Task, you'll need to know where your E1 or T1 line connects on the chassis side. The
numbers next to each connector will help you work it out.
Checkpoint: Your E1 or T1 is connected, and ready to configure.
Task 2: Identify the E1 or T1's Facility Name

Like most things around your Metaswitch system, the port you've just connected up is
represented by an object in MetaView Explorer. That object in turn has a Facility Name, which
you'll use to identify it in later configuration. The Facility Name is an important thing to know, so
we'll take a moment to find it out now.
1. Start MetaView Explorer and, using the Tree pane, find the Universal Media Gateway or
Integrated Softswitch that the link comes into.
2. Drill down into Media Gateway, then TDM Configuration.
3. By expanding branches underneath TDM Configuration, find the Physical E1 or Physical
T1 object which corresponds to the connection.
It's easiest to understand this by looking at an example. Here's a screenshot of the Tree
pane on one of our systems here at Metaswitch:
CONFIDENTIAL 165
In this screenshot, I've picked out the following object:

• the first DS1 Physical Grouping, then
• the first Balanced DS1 Framing Group within that Physical Grouping, and
• the third individual E1 within that Framing Group.
4. Taking those numbers in turn - first, first, third - means we are looking at Physical E1 1/1/3.
As you'll see, that's the first part of the highlighted name shown in the Tree pane.
5. Look at the name of the object you've identified, and take its final component. That is the
Facility Name.
Once again, this is easiest to understand by looking at an example. In the screenshot
above, the Facility Name for the highlighted entry is E1_Port_03.
Note: Don't be surprised if your Facility Name looks quite different to this one. When your
Installation Engineer set up your system, you chose your own prefix for the Facility Name;
on this particular system, we used E1_Port as the prefix. The default prefix is simply
Facility, so your Facility Name may just be something like Facility/1234.
Checkpoint: You've identified the Facility Name corresponding to your new E1 or T1 connection.
Task 3: Activate the Physical E1 or Physical T1 object on your Universal

Media Gateway
Now that you've connected your E1 or T1, the next step is to activate it. Activating an E1 or
T1 port tells your Universal Media Gateway to begin listening for signals - and conversely, if you
ever disconnect an E1 or T1, you'll need to deactivate it to prevent nuisance alarms.
Activating the port takes just a couple of clicks... providing that everything goes to plan. If
there's a problem with the connection you've made, though, this is the moment you're going
to find out about it.
166 CONFIDENTIAL
1. If you've just worked through the previous Task, you should still be looking at a Physical E1
or Physical T1 object - the one with the Facility Name which you've just identified.
2. Looking at that object, take note of the icon immediately next to the words Physical E1 or
Physical T1. There are three possibilities, illustrated by the three Physical E1 objects in the
following screenshot.
3. If the Physical E1 or Physical T1 object is showing a green "play" icon...
...then it's already active. You don't need to do anything further, and can continue straight
to Task 4.
4. If it's showing a gray "stop" icon...
...then it is disabled. In this case, you'll need to enable it before you can activate it.
In the toolbar below the Tree pane, find and click the Enable button:
Wait a moment until the "stop" icon changes to a "pause" icon, then continue to the next
step.
5. If the Physical E1 or Physical T1 object is showing a gray "pause" icon...
...then it is deactivated, but you can activate it now. In the toolbar below the Tree pane,
find and click the Activate button:
You'll briefly see this symbol, which indicates that the object is in the process of activating.
Provided everything goes well, the icon will then change to the green "play" symbol.
If that happens, you've successfully activated the line! Carry on to Task 4.

6. On the other hand, if there's a problem activating the line, you'll see this.
As I explained back in Work with alarms on page 129, the red cross indicates that there's
an alarm for this object. You can find it in the Alarms Window, which I also described in
that Lesson.
However, the alarm is probably just saying that there's no signal. Here are a few things you
can check...
• Are you sure you're activating the right Physical E1 or T1 object?
CONFIDENTIAL 167
• Have you checked that you connected the line to the right physical port?
• Has the other end of the connection activated their equipment?
7. Once you've found and fixed the problem, the green "play" icon will appear - and you're
ready to continue to Task 4.
Checkpoint: You've activated the Physical E1 or Physical T1 object representing the line.
Task 4: Update the TDM Port objects on your Call Feature Server
As you work through this guide, one thing you'll discover about your Metaswitch system is that
objects often come in pairs. The Physical E1 or Physical T1 object you just activated belongs
to your Universal Media Gateway... but your Call Feature Server also needs to know about the
new connection you've made.
Once again, you can manage that configuration using a MetaView Explorer object. But it's a
different object, within your Call Feature Server's part of the tree. This particular object is called
a TDM Port.
The bad news is that, unlike the Physical E1 or Physical T1, the TDM Port object might not
have been set up yet. The good news is that MetaView can create it for you at the click of a
button. Let's see how.
Note: In fact, this Task will create all your missing TDM Port objects, in line with the currently-active
set of Physical E1s or Physical T1s. So if you're working on several E1s or T1s, it's most
efficient to activate them all now (by repeating the previous Tasks as required). Once you've
done that, you can carry out this Task just once.
Warning! Although this procedure doesn't interrupt your service, it will cause a brief spike in network
traffic as your servers synchronize their configuration. It's best not to do it during your busy
hour - or at any other time when you system's under heavy load.
1. As a reminder, in the previous Tasks, you've been configuring your Universal Media Gateway.
Still working in MetaView Explorer's Tree pane, look up at the top level of the tree, and find
your Call Feature Server.
(If you have an Integrated Softswitch, of course, your Universal Media Gateway and Call
Feature Server are one and the same thing - so in that case, you'll still be working with the
same server.)
2. Drill down into Call Feature Server.
3. Next, drill down into Controlled Networks, then find and expand Trunk / Access Gateways.
Here's an example of what your Tree pane will look like:
168 CONFIDENTIAL
4. Below Trunk / Access Gateways, find the object representing the Universal Media Gateway
you've just been configuring.
• In a small system (or an Integrated Softswitch), you may see just one entry below Trunk
/ Access Gateways. For example, in the screenshot above, you'll see there's only one
Metaswitch Trunk / Access Gateway immediately below the highlighted line.
• If you have more than one Universal Media Gateway, you'll need to pick the correct one
by name.
5. Once you've found the right entry, be sure to click it.
6. Now look at the toolbar below the Tree and Details panes. As you'll see from this screenshot,
there are a lot of buttons...
Click the More actions button at the very end. It'll bring up a menu:
CONFIDENTIAL 169
From that menu, select Add shadow objects for gateway - I've marked it out in the
screenshot above.
7. You'll see this window, repeating a warning I gave you at the start of this Task.
Press OK to go ahead.
8. The window will gray out for a moment, but otherwise, nothing much will seem to have
happened. Don't worry. That's what's expected. We'll double-check that it's worked OK
during the course of the next Task.
Checkpoint: You've updated the TDM Port objects on your Call Feature Server. By doing
that, you've made sure there's an object corresponding to the Physical E1 or Physical T1 you
recently activated.
Task 5: Configure the TDM Port object on your Call Feature Server
So, to recap... earlier in this Lesson, you configured your Universal Media Gateway by activating
the Physical E1 or Physical T1 object representing your new connection. In the last Task, you
learned that there's a corresponding object for your Call Feature Server called a TDM Port. You
also made sure that the relevant TDM Port object now exists.
In this Task, we'll activate the TDM Port you've just created. As we do that, we'll set it up with
some essential configuration too.
1. The easiest way to find the TDM Port is by going back to the Physical E1 or Physical T1
object you activated in Task 3. If you need help finding it again, re-read Task 2 for a reminder.
2. Once you've located the Physical E1 or Physical T1, expand it by clicking its "+" button -
like this:
Note: You’ll see many more DS0 Termination objects than I’ve shown in that screenshot. I’ve just
saved some space by cutting it off after the first three.
3. Underneath the object, you'll spot an entry beginning Used by, and marked by an unusual
icon. I've highlighted that line in the screenshot above.
The icon means that this is a link, which points to another part of the object tree. I briefly
mentioned links in Find your way around the object tree on page 41, but all you really
need to know now is that you can follow a link by double-clicking it. When you double-click,
you'll jump straight to the object the link refers to.
170 CONFIDENTIAL
In this case, the link joins together the two objects belonging to the Universal Media
Gateway and the Call Feature Server. At the moment, you're looking at the Universal Media
Gateway's Physical E1 or Physical T1 object; at the other end of the link is the Call Feature
Server's TDM Port object, which you created in the previous Task.
4. Double-click the Used by link now, to jump to the TDM Port. Take a look at the Details
pane over on the right, and this is what you'll see:
Note: If the fields aren’t editable, then in all probability the TDM Port object has previously been
enabled, perhaps by another administrator. In this case, you need to disable it before you
can work on it. To do that, in the toolbar below the Tree pane, click the Disable button. If the
Disable button is grayed out, try Deactivate first.
5. Next to the words Profiles supported, turn on the checkbox for the service you intend to
use - either ISUP or ISDN.
6. In the toolbar below the Tree pane, click the Apply button to save your changes.
7. Now, you need to activate the TDM Port object - just like you did the Physical E1 or
Physical T1 object in the last Task. To recap:
• first click the Enable button
• then click the Activate button
• and wait until the icon changes to a green "play" symbol.
8. Your TDM Port object should now be looking something like this:
Seeing the green "play" icon? Then congratulations! You've activated the pair of objects
corresponding to this E1 or T1 connection.
Checkpoint: Your connection is now active, and you're ready to use it for a trunk. But don't
forget the Facility Name you identified in Task 2! You'll need that in later Lessons, when you
come to refer to this E1 or T1.
CONFIDENTIAL 171
172
CONFIDENTIAL
Configure SS7 links
Configure SS7 links
Introduction
For our first foray into the TDM network, I'll be looking at SS7 links. In this Lesson, you'll learn
how to configure SS7 signaling - establishing a connection to another SS7 switch, or to an
STP, if your network uses them.
Configuration overview
Take a deep breath. SS7 signaling is the single most complex thing we're going to tackle in this
guide, so before we dive in, let's take a moment for a brief high-level overview.
Just like the SIP trunks we looked at in earlier Lessons, we'll be setting up SS7 by creating a
series of objects in MetaView Explorer. But whereas a SIP trunk requires two objects (or three,
if you count the Remote Media Gateway Model), an SS7 link involves nine of them.
This diagram shows the nine objects, and which level of the SS7 protocol stack each one slots
into. The diagram also shows that some of the objects are configured on your Call Feature
Server, while others belong on your Universal Media Gateway. (If you've got an Integrated
Softswitch, of course, they all live happily together there.)
That looks horrible, but don't panic! Each individual object is pretty simple to create, and if you
work methodically it won't take you long to get through them all.
Here's the overall strategy we'll use...
CONFIDENTIAL 173
Configure SS7 links
• We've already dealt with the Physical layer in the last Lesson. By now, you should have
activated the Physical E1 or Physical T1 objects you'll be using for your SS7 links, so
they'll be ready for you to use.
• In this Lesson, we'll work through the MTP2 and MTP3 layers, configuring the objects from
Signaling Cross-Connect up to Signaling Destination. By the end of the Lesson, we'll
have configured everything you need to send ISUP signaling messages around the SS7
network.
• And then in the next Lesson, we'll configure what those ISUP messages actually say -
establishing media channels between yourself and other switches.
Note: In this Lesson, I'll be talking specifically about SS7 signaling over TDM trunks. Your Call
Feature Server also supports M2PA, to transmit signaling over an IP network; if you choose
that option, you won't need to configure a Signaling Cross-Connect object, or anything else
on your Universal Media Gateway. You can read more about M2PA in the Knowledge Base
on Metaswitch Communities, starting at https://communities.metaswitch.com/docs/DOC-
9617.
About Signaling Gateways

Alongside the nine objects involved in an individual trunk, there's one more very important
object we'll look at during this Lesson. It's called a signaling gateway.
What's a signaling gateway? Well, the first thing to understand is that it's just a concept - an
item of configuration, not a piece of hardware. And the second thing to understand is that it
simply represents your own point code. You'll configure a signaling gateway for each OPC
you present to the SS7 network, and all the configuration for connections to or from that OPC
"belongs to" that signaling gateway.
If you think that "signaling gateway" is a strange term for something so simple, then I certainly
wouldn't argue with you. It's a sign of Metaswitch's original heritage as a VOIP-to-TDM platform
- when the signaling gateway really did represent the point that SS7 signaling was gatewayed
across to the VOIP network.
About SS7 modes and STPs

Before we barrel ahead and start creating the objects, I need to say a few words on the
different ways SS7 networks are set up around the globe.
Warning! This is important, because it affects the specific way I'll be asking you to configure your SS7
links - so please don't skip this section, even if the concepts feel old-hat to you.
SS7 signaling can operate in a choice of two modes. In most of the world, the standard
approach is associated mode, where the signaling messages follow the same switch-to-
switch paths as the "associated" media. This means your switch connects directly to one or
more adjacent switches, like this:
174 CONFIDENTIAL
Configure SS7 links
In North America, the standard approach is quasi-associated mode, where the signaling
messages pass through a separate network made up of signal transfer points (STPs).
Normally, your switch will connect to a pair of STPs, so that if one of them fails you can still
reach the world through the other. A very simple network looks like this:
I can't, of course, tell you which approach is right for your particular environment. But
irrespective of whether you're connecting to another switch or to an STP, the basic process of
configuration is the same.
So, as you work through this Lesson:
• if you use associated mode, you'll be configuring a connection to a switch
• if you use quasi-associated mode, you'll be configuring a connection to an STP.
In either case, by the end of the process, you'll have configured all the direct links out of your
switch.
If you're using quasi-associated mode, that's not quite the end of the story - because you also
need to configure your system to understand the "world beyond the STP". But put that thought
to one side for a moment, and focus on the STPs for now. I'll come back to the rest of the
network in the final Task of this Lesson.
Did you know? In North America, a link directly to another switch (in associated mode)
is called an F-link, while a link to an STP (in quasi-associated mode) is called an A-link. But
you won't find that terminology in MetaView Explorer; as far as your switch is concerned,
links are just links.
Start here
In this Lesson, we'll run through the whole process of setting up SS7 signaling to another
switch or STP.
In summary, you will learn how to:
• configure your Universal Media Gateway to know about the connection
• then configure your Call Feature Server to know about several things: your OPC, the switch
or STP you're connecting to, the link to it, and the fact that it can use the link to route to
the switch.
CONFIDENTIAL 175
Configure SS7 links
Task 1: Create a Signaling Cross-Connect object

First, we'll configure your system to know about the physical connection to the other switch
or STP. We'll do that by setting up the Signaling Cross-Connect object (in case you're
wondering, the "cross-connection" is between your Call Feature Server and your Universal
Media Gateway).
Note: Remember, if you're using quasi-associated mode (with STPs), you should be configuring
a connection to an STP at this stage. If you're using associated mode, you're configuring a
connection directly to a switch.
In this Task, you'll be working with your Universal Media Gateway. Why? Because that's the
piece of hardware the physical connection plugs into.
1. Start MetaView Explorer and, using the Tree pane, find the Universal Media Gateway or
Integrated Softswitch that the link comes into.
2. Drill down into Media Gateway, then Signaling Cross-Connects.
3. In the toolbar just below the Tree pane, select Add Sub-Component, and press OK to
confirm when prompted. You'll see the following.
4. It looks like there are a lot of fields here, but for a bare-bones configuration we only need to
fill in a handful of them - the ones with names shown in bold in MetaView Explorer.
• MTP2 variant - select ANSI or ITU, as appropriate for your area.
• M2UA identifier - this is just a name, to help you identify this connection in the future.
Type in whatever makes sense to you.
• MTP2 Protocol Profile - click the "..." button to see a list of options, then select the one
that's appropriate to this link. For example, Default 64Kbit/s.
5. You also need to fill in the MTP2 Data Link. Here's how.
• Click the "..." button, and you'll see a list of available Physical E1 or T1 objects - like
this:
176 CONFIDENTIAL
Configure SS7 links
• The part before the brackets (E1_Port_03 and E1_Port_04 in this example) is the
Facility Name. In Activate an E1 or T1 on page 165, when you connected up the E1 or
T1, I showed you how to find the Facility Name... and I hope you noted it down! Select
the correct Facility Name and press Next.
• Now you're asked to choose a "DS0 Termination", which in this case is just a fancy way
of saying "timeslot":
Select the right timeslot and click OK. That completes setting the MTP2 Data Link.
6. Check over the data you've entered, then click the Apply button just below the Tree pane.
Checkpoint: You've created a Signaling Cross-Connect object, and thereby completed the
configuration needed on your Universal Media Gateway. Next, we'll start to configure your Call
Feature Server.
CONFIDENTIAL 177
Configure SS7 links
Task 2: Create the Signaling Gateway

Earlier in the Lesson, I mentioned that your own point code is represented by an object called
a Signaling Gateway. A lot of the configuration we're about to create will "belong to" the
Signaling Gateway, and appears below the Signaling Gateway in the MetaView object tree. So,
we'd better get on and create a Signaling Gateway for the OPC you're using!
Note: Of course, you only need to do this the first time you use a particular OPC. If and when you
use the same OPC for subsequent links, you'll re-use the same Signaling Gateway. In that
case, you can skip this Task and continue directly to the next one.
One thing to point out before we begin. In the previous Task, you were configuring your Universal
Media Gateway, but from now on you'll be working with your Call Feature Server.
1. Back in the Tree pane of MetaView Explorer, close up the Media Gateway to reduce
the clutter. Then, returning to the top of the tree, drill down to the Call Feature Server or
Integrated Softswitch you want to work with.
2. Still in the Tree pane, find and click on Signaling Gateways. It should be highlighted now,
like this:
3. In the toolbar just below the Tree pane, select Add Sub-Component, and then press OK
as usual. You'll see the following.
178 CONFIDENTIAL
Configure SS7 links
4. Once again, we'll now be working in the Details pane on the right to fill in the details for your
OPC. Remember, at this point you're just configuring the OPC itself, so there's not a huge
amount of information to provide here.
• Network indicator - set to the value required by the network you are connecting to. The
default (National) is the most common choice, but some networks may require either
International or one of the two spare values.
• MTP3 variant - choose the appropriate option for the standards variant in use.
• Point code - enter the point code itself. In most of the world this is a decimal number
(like 8448). If you're using ANSI-style protocols, most likely because you're in North
America, you can alternatively use the 8-8-8 format (for example, 1-2-3).
• Signaling point type - choose the appropriate option for this Signaling Point's role in
the network. There are three options...
• SEP (Signaling End Point) - the Signaling Gateway terminates trunks, and cannot
pass SS7 messages on to other signaling points. In other words, any messages
which arrive here must be for this point code.
• STP (Signaling Transfer Point) - the opposite; the Signaling Gateway can't terminate
trunks but can pass messages on. Any messages arriving here must ultimately be
for a different point code.
• STEP (Signaling Transfer and End Point) - it can do both.
• Signaling gateway name - this is just for your own reference. If you leave it blank, you'll
need to identify your signaling gateway by its point code alone.
Note: In case you’re wondering about the Signaling gateway index, that’s just an internal numeric
identifier. It’s fine to leave it blank and let your system allocate a value automatically.
5. Once you're happy with your entries, click the Apply button just below the Tree pane.
Checkpoint: You've created the Signaling Gateway representing your OPC.
Task 3: Create a Signaling Destination object

For the next item on our agenda, we'll tell MetaView about the switch or STP you are connecting
to. At this stage, we're not saying how to get messages through to the switch or STP; we're
just explaining that it exists, by creating an object called a Signaling Destination.
1. Assuming that you did need to set up a Signaling Gateway in the previous Task, you'll
already be looking at your newly-created gateway in MetaView Explorer's Tree pane.
In the future, when you're adding more links using the same OPC, you won't have needed
to create a new Signaling Gateway - but you will need to find the Signaling Gateway you
previously created. To do that:
• in the Tree pane of MetaView Explorer, drill down to the Call Feature Server or Integrated
Softswitch you want to work with
• still in the Tree pane, expand Signaling Gateways
• find the right Signaling Gateway using either its point code, or the name you gave it
when you created it. For example, if your point code is 8448, you would look for an
object called something like this:
2. In either case, make sure you've clicked the correct Signaling Gateway and that it's selected
(highlighted).
CONFIDENTIAL 179
Configure SS7 links
Then, in the toolbar just below the Tree pane, select Add Sub-Component. You'll see a
dialog box like this one. Watch out! Read the next step before you do anything more.
3. In previous Lessons, we've always just pressed OK at this point. But that's because
previously, there was only one type of "sub-component" object available to create.
This time, we have a choice - and in fact, we'll be creating several different sub-components
of the Signaling Gateway during the course of this lesson. So you need to pause and check
that you're picking the right one.
This time round, we want to create a Signaling Destination object. So choose Signaling
Destination from the drop-down list, and then click OK. You'll see the following.
4. We just need to fill in three details here - the rest are fine to leave at their defaults.
• Destination type - you'll only see this field if you're using ANSI variants of ISUP, most
likely because you're in North America. If you do see it, select Destination.
• Point code - enter the point code of the switch or STP.
• Destination name - enter a name for the switch or STP. This can be anything you like,
to match the way you normally refer to switches or STPs within your company.
5. Click the Apply button just below the Tree pane to create the new Signaling Destination
object.
Checkpoint: Your Call Feature Server now knows about the switch or STP. Next, we'll configure
the connections to it.
Task 4: Create a Signaling Linkset object

Now that we've set up the Signaling Destination, we can begin to configure how to get
messages through to it. The first step is to create an object called a Signaling Linkset, which
will later contain - you guessed it! - a Signaling Link.
180 CONFIDENTIAL
Configure SS7 links
Let's go for a change of pace here. The techniques are similar to the ones you just used in Task
3, so I'll rattle through this Task in double-quick time.
1. Once again, in the Tree pane, select the Signaling Gateway object - the one which looks
something like this:
2. And again, select Add Sub-Component. But this time, when you're prompted to choose
the type of sub-component, pick Signaling Linkset. You'll see this.
3. Great news! There's just one field to set this time.

• Adjacent Signaling Gateway - press the "..." button to bring up a list of available
Signaling Destinations, then choose the one you added in Task 3. You'll be able to
recognize it by the name you gave it.
Note: As I’ve mentioned already, I’m only discussing SS7 over TDM links in this Lesson, which is
why you’ve left the Linkset Type set to TDM Links (M2UA-controlled).
4. Click the Apply button.

Checkpoint: You've created the Signaling Linkset object. You'll see it now in the Tree pane.
Task 5: Create a Signaling Link object

With so many intermediate objects to create, you'd be forgiven for wondering if you'll ever get
to configure the Signaling Link itself. But wonder no more! In this Task, we'll set up a single Link
within the Linkset.
1. In the Tree pane, check that the Linkset you just created is still selected.
2. Create a Signaling Link sub-component.
Note: You know the drill by now, right? Click Add sub-component, pick Signaling Link from the
dropdown, and click OK. You’re a dab hand at this now, so I won’t spell it out in detail from
now on.
3. Here's what you'll see.
CONFIDENTIAL 181
Configure SS7 links
And here's what you need to fill in this time round:

• Signaling link code - type in the SLC, which you'll have agreed with the operator of
the other switch or STP. They must have configured an identical SLC on their device.
• Link name - this is just a name to help you identify this connection in the future. Feel
free to use the same name as you earlier gave to the Signaling Cross-Connect, or
choose something else if you prefer.
• Timer profile - there's a default choice, which is almost always the right one - but rather
annoyingly, you still have to fill it in. So click the "..." button, then select Link Timer
Profile "Default" from the list you're offered.
4. Now for something a little different!
There are a few more fields we need to fill in (IP Address, for example). But rather than
completing them manually, we can save time by copying in the information we already set
up in the Signaling Cross-Connect. Here's how.
• Press the big button marked Set fields from signaling cross-connect.
• You're now looking at a list of your Universal Media Gateways or Integrated
Softswitches... like this:
182 CONFIDENTIAL
Configure SS7 links
You may, of course, only have one Universal Media Gateway or Integrated Softswitch,
in which case this choice is a pretty easy one. Otherwise, make sure you pick the one
where you configured the Signaling Cross-Connect in Task 1. Click Next.
• Now you'll see a list of the Cross-Connects configured on that gateway, including the
one you created in Task 1. Select that Cross-Connect and click OK.
• When the dust settles, you'll see that the IP Address and M2UA Identifier fields have
been filled in automatically. Handy!
5. Take a moment to check over the details you've entered, then click Apply to create the
Signaling Link.
Checkpoint: By creating the Signaling Link object, you've configured your Call Feature Server
with details of the connection to the switch or STP.
Task 6: Create a Signaling Route object

To recap... using the Signaling Destination object, you've told MetaView Explorer that the
switch or STP exists. And using the Signaling Linkset and Signaling Link objects, you've told it
that the connection to the switch or STP exists.
But, so far, those are two separate pieces of information. Your system doesn't yet know that it
can reach that Signaling Destination by using that Signaling Link. To complete the jigsaw, you
need to create just one more object - a Signaling Route.
1. First, we need to back up a little in the MetaView Explorer Tree pane. Close up the Linkset
you've recently created, just to keep things tidy and make it easier to find your way around.
2. Now, near to that Linkset (and still underneath the Signaling Gateway object), find the
Signaling Destination you added in Task 3. You'll be able to spot it either using its point
code, or by the name you gave it. It'll look something like this:
3. Make sure you've clicked the right Destination, then add a Signaling Route sub-component.
It'll look like this:
4. As usual, we'll only fill in a handful of the fields.

• First hop linkset - press the "..." button, then choose the Signaling Linkset you created
in Task 4. The first time you run through this Lesson, that may be the only Linkset
CONFIDENTIAL 183
Configure SS7 links
available; once you've got a few Linksets configured on your system, you'll need to take
care to choose the one with the right name.
• Route priority - lower numbers are higher priority. For now, set this to 10, which leaves
some space to configure either lower- or higher-priority routes later.
Note: Feel free to type in a Route name, if you want to. But if you don’t type a name, the default
is something like Route over Linkset 1 to Destination 1-2-3 “My Destination”... which is
already pretty clear as it is.
5. Press Apply to create the Signaling Route.

6. You probably thought you were finished, but wait! There's one more step.
Unlike all the other objects we've seen during this Lesson, your new Signaling Route is
created in a disabled state. Remember, you can tell that by the fact it has a square "stop"
icon next to its name:
So to get it going, you'll need to use the Enable button just below the Tree pane:
And now the "stop" icon will have turned into a green "play" icon:
Congratulations! That icon signifies that you've successfully configured your new SS7 link.
Checkpoint: You've finished configuring all the details for this SS7 link!
Task 7: Do it all over again!

If you're using quasi-associated mode (where signaling passes through an STP), you almost
certainly want to configure links to a redundant pair of STPs. You've just set up one of them;
you now need to do the other.
There's nothing in any way special about this. Just go ahead and repeat the preceding Tasks,
this time referencing the second STP.
And of course, even if you're using associated mode (with a direct signaling link to the other
switch), you probably want to configure links to more than one switch. Be my guest! It's just
the same procedure again.
Checkpoint: Your Metaswitch system now knows about all the switches or STPs it directly
connects to.
Task 8: Describe the world beyond the STP

Note: This step's only relevant if you're using quasi-associated mode (also known as A-links in
North America).
184 CONFIDENTIAL
Configure SS7 links
If you're using STPs, there's something else you need to do. Let's have a look at this diagram
again:
So far, we've set up the links from your switch to the STPs. But what about the remote switch?
You don't connect directly to it, so there's no need to create a Signaling Cross-Connect or a
Signaling Link. But your equipment does still needs to know it's there... and know that it can
use the STPs to reach it.
Note: I'll run through this Task quickly, since it's just a re-hash of a couple of Tasks you've
already learned. But if you want to take it more slowly, you can find a detailed step-by-step
procedure at http://communities.metaswitch.com/manuals/latestsection/17700409.
1. Create a Signaling Destination object for the switch.

Remember, the Signaling Destination tells your system that the switch exists; it doesn't
describe how it's connected to the network. So, all you have to do here is to run through
Task 3 of this Lesson, using the switch's details. In terms of the Signaling Destination
object, there's no difference at all between configuring this switch and configuring an STP.
2. Create a Signaling Route object which references the link to the STP.
The basic procedure for this is described in Task 6 of this Lesson. But, you need to make
one obvious change:
• create the Signaling Route as a sub-component of the Signaling Destination you've just
added (that is, the one for the switch, not the STP)
• but when you fill in the First hop linkset, set it to the linkset which connects to the STP.
3. It sounds confusing when it's laid out like that, but it makes perfect sense if you pause to
think about what you're configuring. You're saying that, to route a message to the switch,
the first hop needs to be to the STP.
4. If you're connecting to a redundant pair of STPs, create a second Signaling Route object
for the second STP.
Checkpoint: You now know the fundamentals of setting up SS7 signaling. In the next Lesson,
we'll learn how to configure the associated media channel.
CONFIDENTIAL 185
Configure SS7 links
186
CONFIDENTIAL
Configure an ISUP media channel
Introduction
In the last Lesson, you learned how to set up your SS7 signaling network. But of course,
signaling is only half the story! To complete the picture, you'll also need to configure links to
carry call media.
In this lesson, we'll see how to set up a trunk to another switch within the SS7 network. In
Metaswitch terminology, this is called an ISUP media channel.
Note: Of course, ISUP is a signaling protocol, so the phrase "ISUP media channel" doesn't make
a huge amount sense. What can I say? It's just what we call them. If it helps, think of it as
shorthand for "a media channel managed using ISUP signaling".
Start here
• plan a set of circuit groups, which describe how your trunk maps onto your physical
connections
• set up the ISUP Remote Signaling Destination, which describes the switch you're
connecting to
• set up the ISUP Media Channel itself
• configure the list of circuit groups which form the media channel.
Task 1: Figure out your Circuit Groups

Before you so much as touch a keyboard, let's do one bit of preparation. Your ISUP trunk will
be carried over one or more circuit groups. It'll save you some time and confusion if you're
clear about exactly what this particular configuration involves.
When we talk about a circuit group, we mean a contiguous set of timeslots within a single
E1 or T1. The key word in that sentence is "contiguous"; here are some diagrams to show you
why.
Note: The diagrams in this section show E1s, but everything I'm saying applies equally well to
T-carrier.
In an ideal world, your trunk would be carried by a group of circuits with adjacent timeslots - like
this. This set of circuits is contiguous, so it forms a single circuit group.
Or as a special case of that, perhaps you're using a whole E1 or T1. This is still a contiguous
set of timeslots, so it's still a single circuit group.
CONFIDENTIAL 187
But of course, the world isn't ideal. Often the circuits you need to use will be inconveniently
split by something else. For example, you might be using a whole E1 except for timeslot 16,
because that's being used for signaling.
As the diagram shows, when your set of circuits is split like that, they form more than one circuit
group.
And that brings us to the most important point: you can have as many circuit groups as you
need for your trunk. You can even create circuit groups on more than one E1 or T1, if that's
what you've agreed with the people at the other end.
So! Before we start configuring anything, let's take a moment to get your circuit groups
straightened out. In some cases, this might be completely trivial... but on other occasions, to
work through these steps, you might find yourself having to draw a diagram or two.
1. Decide how many separate circuit groups you'll need for your ISUP trunk.
2. For each circuit group, make a note of the following.
• The Facility Name of the E1 or T1. We first met Facility Names back in Activate an E1 or
T1 on page 165 - have another look at that Lesson if you don't remember the details.
• The number of the first (lowest-numbered) timeslot contained in the circuit group.
• The Circuit Identification Code (CIC) of that first timeslot. You'll have agreed the allocation
of CICs with whoever controls the other end of the trunk.
• The number of timeslots contained in the circuit group.
Note: Watch out for so-called “fencepost errors”. If your Circuit Group runs from timeslot 5 to
timeslot 10, that’s a total of 6 timeslots, not 5. (Count them on your fingers if you don’t
believe me!)
3. Finished planning your circuit groups? Now put your notes somewhere you can find them!
You'll be picking them up again during Task 5.
Checkpoint: You've worked out, and noted down, the details of your circuit groups. Now, let's
begin to set up configuration in MetaView Explorer.
Task 2: Create the ISUP Local Signaling Destination

Remember how, in the last Lesson, you created an object called a Signaling Gateway to
represent your OPC? Well, guess what - you now need to create another object to represent
your OPC, this time up at the ISUP level of the stack. It's called an ISUP Local Signaling
Destination (which is, I admit, a rather strange choice of name).
Note: Just like the Signaling Gateway, you'll only need to do this the first time you set up a link with
a particular OPC. On subsequent occasions, you'll re-use the same ISUP Local Signaling
Destination, and can go straight to the next Task.
This Task only takes a moment to complete, because your new object primarily just references
the existing Signaling Gateway. Let's get on and do it now.
1. If you're following on from the previous Lesson, you'll have quite a few branches open in
the MetaView Explorer tree. It's a good idea at this point to close them all up again, just to
reduce the clutter and make it easier to find your way around.
188 CONFIDENTIAL
Note: I’ve said that a few times now, and I’m sure you’re getting bored of hearing it. I won’t mention
it again in future Lessons.
2. Returning to the top of the tree, drill down to the Call Feature Server or Integrated Softswitch
you want to work with - just as you have in previous Lessons.
3. Below that Call Feature Server or Integrated Softswitch, drill down the following list of
objects:
• Call Feature Server
• Signaling
• SS7 Signaling.
4. Underneath SS7 Signaling, click (but don't expand) ISUP Local Signaling Destinations. It
should now be highlighted in the object tree...
5. Create an ISUP Local Signaling Destination sub-component.

I think you probably know how to do that by now. But if you need a refresher, it might be a
good idea to read through the previous Lesson again - there are a few techniques in that
Lesson which I'll be assuming you know from here on in.
6. Once you've created the ISUP Local Signaling Destination, here's what you'll see in the
Details pane.
7. As always, there are a lot of fields here you can fine-tune, but there are only a couple of
mandatory ones.
• ISUP variant - select the option applicable to your location and network.
• Signaling Gateway / M3UA Application Server - this is where you link the ISUP Local
Signaling Destination to the Signaling Gateway you created in the previous Lesson.
CONFIDENTIAL 189
Click the "..." button, then choose the right gateway based on its point code or the
name you gave it.
8. Check your settings over, then click Apply to create the ISUP Local Signaling Destination.
Checkpoint: You've created the ISUP Local Signaling Destination, representing your OPC at
the ISUP layer of the protocol stack.
Task 3: Create the ISUP Remote Signaling Destination

When you configured MTP3 and MTP2 in the previous Lesson, you created an object called
a Signaling Destination, describing the remote switch you're connecting to. (Informally, a
Signaling Destination corresponds to a destination point code.)
We're now going to create a very similar object called an ISUP Remote Signaling Destination.
In essence, once again, we're stepping a level up the protocol stack - letting the parts of your
system which deal with ISUP know about the Signaling Destination you've already created.
1. If you created an ISUP Local Signaling Destination in the previous Task, then you'll already
be looking at it in your MetaView Explorer Tree pane.
On the other hand, if this is your second spin through this particular Lesson, and you're
re-using an ISUP Local Signaling Destination you created last time... then you'll need to
find it again.
To do that, navigate to the Call Feature Server or Integrated Softswitch you want to work
with, and drill down the following list of objects:
• Signaling
• SS7 Signaling
• ISUP Local Signaling Destinations.
2. Expand the ISUP Local Signaling Destinations branch, and find the Signaling Gateway
appropriate for this link. You can pick it out in one of two ways:
• using the point code (remembering that it's your own point code you're looking for, not
the one at the other end)
• or using the name you gave to the Signaling Gateway when you created it in MetaView
Explorer.
3. A picture might help...
Here, I've found and highlighted the ISUP Local Signaling Destination with point code
8448. This is the ISUP-level object which uses the MTP3-level Signaling Gateway called
"Demo Gateway". Note that in order to see the name "Demo Gateway", I had to expand
ISUP Local Signaling Destination 8448 and look at the link in italics immediately below it.
OK. Found it? Make sure the ISUP Local Signaling Destination itself is highlighted (like it
is in the screenshot above) before you carry on.
4. Create an ISUP Remote Signaling Destination sub-component.
190 CONFIDENTIAL
5. Once you've created the ISUP Remote Signaling Destination, here's what you'll see in the
Details pane.
6. There are a lot of fields you can fine-tune here, but only a couple of them are mandatory.
We'll just set those ones for now.
• Signaling Destination - here, you need to choose the Signaling Destination object
you created in the previous Lesson. Remember, the purpose of the object you're now
creating is to tell "the ISUP part" of your system about that existing Signaling Destination.
So, click the "..." button to open a list of the Signaling Destinations you've already
configured. Choose the right one based on its point code or its name.
The Signaling Destination you choose should be the ultimate destination for the ISUP
signaling - not, for example, an STP or other intermediate device.
• CLLI - this field only appears if you're using ANSI variants of ISUP, most likely because
you're in North America. If you don't see it, that's fine! If you do see it, then it's
mandatory, and you should fill in the 11-character CLLI code assigned by Telcordia to
the remote exchange.
7. Once you've checked your settings over, click Apply to create the ISUP Remote Signaling
Destination.
Checkpoint: You've created an ISUP Remote Signaling Destination object, linked to the
Signaling Destination you created in Configure a SIP trunk on page 149. Now, let's configure
how that ISUP signaling behaves!
Task 4: Create the ISUP Media Channel

With the preliminaries completed, it's time to create the ISUP Media Channel object. This is
where the bulk of your configuration lives - the overall description of the trunk itself. Let's dive
in without further ado.
1. In the Tree pane, check that the ISUP Remote Signaling Destination you just created is still
selected.
CONFIDENTIAL 191
2. Create an ISUP Media Channel sub-component. Here's what you'll see.
3. There are a few things to fill in here, mostly up near the top of the Details pane.
• Media channel index - type the trunk group number (which I originally discussed back
in Understand trunks on page 145). Just to remind you, this is only for internal use and
doesn't have to match up to any particular configuration on the other end.
Why are you typing the trunk group number into a field that's labeled something different?
Well, technically speaking, the media channel index is used for internal purposes, which
aren't actually related to the trunk group number. But there's no point coming up with
two different inscrutable ways to identify the media channel, so you may as well use the
same number for both of them.
• Description - feel free to fill in a few words for your own future reference. Or equally,
feel free to leave it blank... the default description will mention both your own and the
remote point codes.
• Trunk group number - set this to the trunk group number. It'll be the same as the
Media channel index, as I've already discussed above.
• Allocation policy - this determines the order in which your Metaswitch system uses
timeslots, and should be chosen to complement the policy applied by the switch at
the other end of the trunk. For example, if the other switch allocates lower-numbered
timeslots first, it makes sense for you to allocate higher-numbered timeslots first.
• Dual seizure policy - also known as the glare policy, this defines what happens if both
ends of the trunk try to use the same timeslot at the same time. Again, this should
complement what's set up at the other end - for example, if the remote switch is
configured to unconditionally retain the timeslot, your system needs to unconditionally
release it.
4. Now scroll down a little until you find the XML Billing section, and complete one more field:
• Trunk accounting reference - set this to the user-friendly alternative to the trunk group
number. (Again, I first talked about this in Understand trunks on page 145.)
5. When you're done, check your work and click the Apply button.
Checkpoint: You've created an ISUP Media Channel object, which contains the high-level
configuration for the trunk.
192 CONFIDENTIAL
Task 5: Create the Circuit Groups
If you've got sharp eyes, you'll have noticed an obvious omission from the information you
supplied in Task 4. Up to now, you haven't actually said where the trunk is physically plugged
in.
That's because it might be split across multiple circuit groups - and because there might be
several of them, they're represented by separate objects. I introduced the idea of circuit groups
in Task 1, and suggested you make a careful note of the group or groups you'll be using for this
trunk. It's now time to put that design into practice.
You'll need to repeat these steps for each of the circuit groups you identified during Task 1.
Sometimes, you'll have just one circuit group; often there'll be two or more.
1. In the Tree pane, re-select the ISUP Remote Signaling Destination you created in Task 4.
Note: This always seems counter-intuitive to me, so I’ll just stress that point. The Circuit Groups
are subcomponents of the ISUP Remote Signaling Destination you created in Task 3, not
the ISUP Media Channel you created in Task 4. (And be sure not to get the ISUP Remote
Signaling Destination confused with the ISUP Local Signaling Destination, either.)
2. Create an ISUP Circuit Group sub-component. You'll see this:
3. Here's what you need to configure this time.

• Circuit group index - this is a number which is just used internally, and doesn't have to
match anything configured anywhere else.
Here's an easy way to come up with a number... take the trunk group number you used
in Task 4, then add a different suffix for each circuit group you use in the trunk. So if
your trunk group number is 123, your first circuit group might be 12301, the second
one 12302, and so on.
• Description - once again, feel free to complete this if you want to. Leave it blank to go
with a default, which will include the circuit group index you just filled in.
• Media channel - this is the object you created in Task 4. Click the "..." option, then pick
the media channel from the list.
(If you're following this Lesson literally, it'll be the only media channel you see. In more
complex scenarios, with multiple channels to the same destination, you may need to
CONFIDENTIAL 193
choose the right one.)

• Base CIC - enter the CIC for the lowest-numbered timeslot used by this Circuit Group.
That's one of the things you noted down during Task 1.
• TDM Port - also in Task 1, you found the Facility Name to use for this Circuit Group.
To select it, click the "..." button. You'll see two dialog boxes; in the first one you can
choose the Universal Media Gateway which the E1 or T1 line is physically connected to,
and in the second dialog box you'll get to choose the correct Facility Name.
• Base timeslot - type the lowest-numbered timeslot to be used by this Circuit Group.
Again, you'll find this in your notes from Task 1.
• Number of circuits - count up how many circuits are used by this Circuit Group.
Remember, these circuits must be consecutive; if you have a gap, you'll need to create
more than one Circuit Group.
4. Check your input carefully and click Apply.
5. If you're using more than one Circuit Group, you can now go back to the beginning of this
Task and repeat it for each one.
Checkpoint: You've set up all the Circuit Groups - and completed the configuration for your
ISUP Media Channel. Congratulations! Together with the signaling settings we covered in the
previous Lesson, you've now got all the tools you need to configure SS7 trunks.
194 CONFIDENTIAL
Set up an ISDN trunk
Introduction
For the final Lesson in this section, we'll turn our attention to ISDN trunks - the last kind of TDM
trunk you can configure on a Metaswitch Class 4 system. Compared to the complexities of
SS7 and ISUP, ISDN configuration is pretty simple, so if you've been struggling... keep going!
We've not got much more ground to cover.
In ISDN terminology, a trunk is an example of a Primary Rate Interface or PRI (as opposed
to a Basic Rate Interface or BRI, which might for example serve a single household). So,
although we're specifically configuring an ISDN trunk in this Lesson, you'll find that most of the
configuration is expressed in terms of a more general ISDN PRI. I'll be using the expression
"PRI" myself as I describe the steps involved.
A word about NFAS

In this Lesson, I'm going to assume that your ISDN PRI consists of a single E1 or T1 circuit, and
that one of the timeslots carries the signaling for the circuit (known as the D channel). This is
the standard approach in most of the world.
If you're using T-carrier, and especially if you're in North America, you may have an alternative
arrangement called Non-Facility Associated Signaling or NFAS. With NFAS, a group of
several T1 circuits share a single D channel, which is carried on just one of the circuits. The T1
circuits which don't carry the D channel use all the timeslots for calls.
I won't be discussing NFAS further in this guide. But if you do use NFAS, there's a detailed
procedure available on the Metaswitch Communities website, which you may like to read
alongside (or instead of) this Lesson. You can find it at https://communities.metaswitch.com/
Start here
• create a pair of objects representing your ISDN trunk
• activate the objects to bring your trunk into service.
Task 1: Create the PRI object

Like most things on your Metaswitch system, ISDN trunks are configured using objects in
MetaView Explorer. And I've got good news, because - in contrast to the plethora of objects
required for ISUP - an ISDN trunk uses just two of them.
First, we'll set up an object to represent the PRI itself.
1. Working as usual in MetaView Explorer's Tree pane, navigate to your Call Feature Server
or Integrated Softswitch.
2. The objects you'll be working with in this Lesson are buried deep in the object tree. To find
them, drill down through the following:
• Signaling
• ISDN
• ISDN Primary Rate Interfaces.
CONFIDENTIAL 195
3. Make sure ISDN Primary Rate Interfaces is highlighted, and add an ISDN Primary Rate
Interface sub-component.
4. Over in the Details pane, the first thing to do is to set the Usage to Trunk, as indicated on
this screenshot. It's worth doing that first, because it'll make some new configuration fields
appear and clarify exactly what you need to fill in.
Here's
how to complete the main chunk of details.
• Description - this is the name of the trunk... and you'll be familiar with that concept
after reading the last few Lessons. It's for your own reference, and it's also how you
refer to the trunk in translations.
• Usage - just in case you missed it when I mentioned it above, this needs to be set to
Trunk.
• Primary Rate Interface Profile - click on the "..." button, then choose the appropriate
profile from the list which appears. The correct profile is based on the equipment
involved, and whether your Call Feature Server is designated the network side or the
user side. You'll have agreed the latter detail with the party you're connecting to.
• Trunk group number - once again, you've met this in the last few Lessons. Type in the
number you want to appear in billing records.
5. Now, there's one more piece of configuration which will be familiar from past Lessons.
Scroll down almost to the end of the page, and you'll find this additional short section:
Fill in the Trunk Accounting Reference, the user-friendly alternative to the Trunk Group
Number, which I first introduced in Understand trunks on page 145.
6. As always, there are plenty more options on this page which you can fine-tune, if you want
to. Once you're happy with what you've set up, click Apply to create the object.
Checkpoint: You've created an object to represent the ISDN PRI.
196 CONFIDENTIAL
Task 2: Create the DS1 object
Now, let's move on to the second of the two objects which represent your ISDN trunk. This
one specifies which E1 or T1 link carries the trunk - and in a spectacular flurry of abbreviation,
it's called an ISDN PRI DS1.
Note: The "DS1" part of this name is an artifact of Metaswitch's North American heritage. Strictly
speaking, DS1 is specific to T-carrier, but don't worry - the object you're creating actually
works equally well with E1s.
1. In the Tree pane, check that the ISDN PRI you just created is still selected.
2. Create an ISDN PRI DS1 sub-component.
3. You'll now be looking at these Details. (To save space, I've cut off the screenshot after the
first few Excluded timeslots - you'll see the full complement of them on your own screen.)
4. The Description is optional, but the object you're creating ends up looking a little strange
if you don't fill it in. So enter a few words to describe the physical T1 or E1 connection.
5. To specify the TDM port, first click the "..." button. You'll see a series of two dialog boxes.
• The first asks you to choose the Universal Media Gateway which the E1 or T1 link
connects to. Pick from the list and click OK.
• The second asks you to select the specific E1 or T1, and just like in previous lessons,
you'll be able to recognize it by its Facility Name. (Check back to Activate an E1 or T1
on page 165 if you're not sure how to identify the correct one.)
Again, select from the list and click OK.
CONFIDENTIAL 197
6. Although the TDM port type is bold, which normally means it's mandatory, you won't
actually have to fill it in. You'll find it's been completed automatically now that you've chosen
the TDM port.
7. Just like in Task 1, there are several optional configuration parameters you can tweak if
you want to. For example, you can choose any timeslots you want to exclude from using
in this trunk.
8. Once you're ready, click Apply to create the object.
Checkpoint: You've created an object to represent the E1 or T1 link carrying your ISDN trunk.
Task 3: Activate the objects

You've finished setting up configuration now, but your new trunk isn't quite ready to use. Your
object tree will be looking something like the following. Can you see the problem?
That's right! The gray "stop" icons show that the objects are disabled. So before you can use
the trunk, you'll need to activate it.
1. First, activate the ISDN PRI DS1 object. (The order is important here - you'll get an error
message if you activate the objects the wrong way round.)
You did something similar to this in Activate an E1 or T1 on page 165. Remember how?
In the toolbar under the Tree pane, click first Enable, then Activate.
2. Now, repeat the same process to activate the ISDN Primary Rate Interface object.
3. Take a moment now to check that the gray "stop" icons have changed to green "play"
icons, and that there aren't any alarms showing (red crosses or yellow exclamation marks).
If there are alarms, then Work with alarms on page 129 explains how to track down more
information about them.
Checkpoint: You've activated the objects you've created, completing the process of setting
up your ISDN trunk. And that's it! You've now worked through all the types of trunk you might
configure on your Metaswitch system. Congratulations on reaching the end of the longest part
of this guide!
198 CONFIDENTIAL
Configure billing
Configure billing
Introduction
As you'll be acutely aware, billing records are the lifeblood of any telephone company. Without
billing records, you can't charge your customers for the calls they've made. And without
charging your customers, you can't pay your wages!
So - while it's not the most glamorous or fascinating part of setting up your system - your
approach to managing billing is crucially important. It's quite likely you'll be integrating your
new kit into a larger billing infrastructure, and I can't guide you through that process, since it's
so specific to you. But I can show you the raw data your Metaswitch system produces... and
over the next few Lessons, that's exactly what I'll do.
About XML and BAF

It's your Call Feature Server (or, of course, Integrated Softswitch) which makes billing records,
and which keeps them safe until you're ready to download them. You can choose to get your
billing records in either (or both!) of two formats.
XML format is the right choice for most of our customers. As I'm sure you know, XML is a
widely-used open-standard data language - and it has a lot of strengths, which is why we built
our proprietary billing format around it. XML is straightforward, it's human-readable, and it's
easy to process using readily-available tools.
The exception is if your existing billing infrastructure uses the standard format BAF. In that
special case, your Call Feature Server can generate BAF records directly. For historical reasons,
BAF is primarily found in North America, and if you need to use it you probably already know.
If you're not sure which format to choose, stick to XML.
Did you know? BAF is a recursive acronym. It stands for Billing AMA Format or, fully
expanded, Billing Automatic Message Accounting Format. There can't be many other
abbreviations which reduce 39 letters down to just 3.
Note: In Metaswitch-land, you'll often hear talk of BAF files. BAF files are just files containing BAF
billing records. But sometimes people slip up and say "BAF files" when they mean "billing
records" in general - so don't be too surprised if you hear someone refer to a BAF file when
they actually mean XML.
Where to configure billing

Billing configuration is set up separately on each Call Feature Server (or Integrated Softswitch).
If your deployment contains more than one Call Feature Server, you'll need to carry out these
Tasks on each system in turn.
Note: To be clear, that only applies to separate Call Feature Server systems. You don't need to
repeat the configuration on each processor in a redundant pair.
Universal Media Gateways don't normally generate billing records... but as so often in life,
there's an exception! If your Universal Media Gateway enters Emergency Standalone (ESA)
mode, it'll create BAF files for as long that remains the case.
If it's possible for that scenario to arise in your deployment, you should follow these steps for
your Universal Media Gateways too. Not sure whether this applies to you? Take a look back at
Find your way around your network on page 25.
CONFIDENTIAL 199
Configure billing
Start here
Creating billing records is a core function, and you don't need to do anything to turn it on. But
before you can actually get your hands on the records, you do need to create a billing user
with permission to download the relevant files.
• create a billing user
• fine-tune your system's billing records.
Task 1: Create a Billing User

You can create one or more billing users using MetaView Explorer.
1. Start MetaView Explorer and, using the Tree pane, drill down to the Call Feature Server
or Integrated Softswitch you want to configure. (If you have more than one, you'll need to
repeat this Task for each in turn.)
2. Drill down to Users, and finally select Billing Users.
3. Create a Billing User sub-component. You'll see something like this.
4. It's all self-explanatory... at least, as long as you know that you're basically creating an
SFTP account. In the next Lesson, you'll log into that account using a tool like WinSCP.
• Next to User name, type the login name you want to use.
• Next to New password, type a suitable (secure!) password, and type it again next to
Confirm new password.
• Feel free to fill in the User description, if you want to. This is just for your own reference.
5. When you've finished, press Apply.
6. Don't forget - if you have more than one Call Feature Server or Integrated Softswitch,
you'll need to repeat this Task for each of them. It's fine (indeed, normal) to set the same
username and password every time.
Checkpoint: You've created a Billing User, who can now download billing files using SFTP. We'll
log on with your new Billing User in the next Lesson.
200 CONFIDENTIAL
Configure billing
Task 2: Review flipping configuration
While we're here, let's take a look at a few billing configuration options which you can tweak
using MetaView Explorer. You probably won't want to change any of these just yet - but
knowing what they do will help you understand how billing files work, and that'll be useful in
the next couple of Lessons.
Note: For this Task, I'll assume you're using XML-format billing. If you're actually using BAF format,
then everything still applies. Just read "BAF" whenever you see "XML".
1. We're done with the Users object now - close it up in the Tree pane, just to keep things tidy.
Still working below the Call Feature Server or Integrated Softswitch you want to configure,
find the Call Feature Server object.
2. Drill down into the Call Feature Server object, then into Billing.
3. Click on XML File Control. You'll see something like this in the Details pane.
4. We'll start by looking at the XML file output interval section. This set of options tells your
system how often it should flip its billing files.
In my opinion, MetaView Explorer presents this in a pretty confusing way, but the underlying
concepts are simple ones. The fundamental thing to understand is this - when we talk
about "flipping" a billing file, we just mean writing it out to disk.
For example, suppose you "flip" your billing files once a day. During the day, your Call
Feature Server saves up billing records in a temporary location. At the end of the day, it
writes those records out to a file. It's only once the Call Feature Server has "flipped" the file
and written it to disk that the billing records are available to download.
So, the more often you flip your billing records, the more individual files you'll need to
process - but the sooner each record will be available. A phone system at a hotel might
require a very short flipping interval, because you need to get hold of the billing record
before the guest checks out.
So far, so good. But how does that translate to the fields you see in the XML File Control
object? This is where things get weird.
It all hinges on the field called Fixed time interval, right at the top of the Details pane.
Initially, it's set to Use flipping interval, like this:
CONFIDENTIAL 201
Configure billing
Right below that, the Current file flipping interval is a number of seconds (to save you
getting your calculator out, 172800 seconds is 48 hours). When things are set up this way,
your Call Feature Server will just count the seconds until the flipping interval's run out. Then
it writes out the file, and starts counting from zero again.
That's fine as far as it goes, but it makes it hard to know exactly when flipping is going
to happen. The schedule depends on when you started up your Call Feature Server, and
it'll change if your Call Feature Server ever recovers from a problem using a Software
Protection Switch.
If you want to know exactly when the file will be written, you need to set Fixed time interval
to a period of time - for instance, Daily. When you do that, the available options change,
like this:
As you can see, you can now set an exact time when you want flipping to occur. In the
screenshot, I've set things up to flip daily at 2:30am. (If you set the time interval to less
than a day, then your system calculates from the configured time in the obvious way... so a
configured time of 2:30 and an interval of 4 hours means flipping at 2:30, 6:30, 10:30 and
so on.)
Checkpoint: You now understand about billing file flipping, and know how to configure it in the
future.
Did you know? In Britain, "flipping" is a mild swear-word. Every time I type "flipping
interval", I'm snickering.
Task 3: Review record configuration

You're probably itching to take a look at some billing records. But just before you do, let's
glance over one last group of settings, which you can use to fine-tune the details you receive.
Note: Again, in this Task, I'll assume you're using XML format billing. If you're using BAF, you'll find
an analogous object called BAF Application Controls, with some of the same configuration
options alongside a few different ones. Remember, to get information on any specific field,
you can click it and look at the Help pane.
1. In the Tree pane, near to the XML File Control you looked at in the previous task, find and
click XML Application Controls. You'll see this in the Details pane.
202 CONFIDENTIAL
Configure billing
Once again, you most likely don't need to change any of these options. But let's have a
look through them and understand what they do.
2. The first set of fields let you choose which types of call should generate billing records.
It's fine at this stage to leave them set to True, but if you're curious, here's what the three
options mean.
• Produce XML billing records for connected calls - well, duh. If you can think of any
possible reason to turn this off, do write in and let me know. (If you wanted to turn off
XML billing altogether, you'd do that by disabling the XML Application Controls object.)
• Produce XML billing records for unconnected calls - this one's more interesting. In
the UK, for example, unconnected calls are never charged to the consumer, so there
may be no point producing billing records for them. On the other hand, you might
decide to leave this on anyway, and filter out unconnected calls when you process the
billing file later.
• Produce XML billing records for call service events - this isn't relevant in a Class 4
deployment, so you can safely leave it alone.
3. The Equipment type and NE identifier are just bits of text which are copied into every XML
billing record generated by this Call Feature Server.
If you have more than one Call Feature Server, set the NE identifier to help identify which
server generated which record. You can use whatever naming scheme suits you - in the
screenshot it's a number, but it doesn't have to be.
4. Finally, the Generation time of long duration record relates to calls which last more than 24
hours. Billing records are normally produced when a call ends, so in principle, if you never
hung up you'd never get billed.
Long duration records solve that problem by making an interim record for long-lived
calls which are still up at a specific time each day. The default is midnight, which is almost
certainly fine.
5. If you did change any of the settings on this object, remember to click Apply.
Checkpoint: You've now looked at all the important configuration for your billing records. Let's
go ahead and download some billing files!
CONFIDENTIAL 203
Configure billing
204
CONFIDENTIAL
Download billing files
Introduction
In the last Lesson, you set up a billing user with permission to download billing records from
your Call Feature Server. The next step's obvious! Let's get on and do it.
In this Lesson, I'll talk you through the process of downloading files manually, using WinSCP.
In practice, you'll probably use an automated system to download and process the records.
Sadly I can't offer much help with that, since it's so specific to your particular environment, but
hopefully the experience of doing it by hand will help you understand exactly what you need
to automate.
Start here
• use your new Billing User to download recent billing files from your Call Feature Server
• tell your Call Feature Server that you've downloaded the files.
Note: Once again, in this Lesson, I'll assume you're using XML format billing records. If you're using
BAF format, I'll explain the few slight differences at the end of each Task.
Task 1: Download the files

In this Task, you'll be using WinSCP (or another SFTP client) to connect to your Call Feature
Server. If you're working through this guide in order, you'll be a dab hand with WinSCP by now.
But if you do need a reminder, Transfer files to and from a server on page 65 will help you
get started.
1. Using WinSCP, log on:
• to your Call Feature Server
• using the billing user and password which you created in the previous Lesson.
2. Watch out! Your WinSCP client will probably default to connecting to your MetaView Server,
not your Call Feature Server. Make sure you're logging onto the right server, otherwise the
following steps won't make sense.
3. OK, things get slightly messy here. What's hopefully happened is that you've gone straight
to the right place to download billing files. You'll know you're in the right place if you can see
some files with names beginning XML_. In this screenshot, I've highlighted one example
file out of many...
CONFIDENTIAL 205
But depending on your Call Feature Server's version, you might need to navigate to the
right place using the directory tree. If that applies to you, click on / (root) right at the
top of the tree on the left, then drill down into the following directories in turn: var, opt,
Metaswitch, ftp. You should now see the billing files.
Note: If your Metaswitch system is very new, it might not have generated any billing files yet. As
a rule of thumb, if you put the first call through the system more than 48 hours ago, you’ll
probably find something to download. The exception would be if you’ve configured an
especially long flipping interval (as discussed in the previous Lesson).
4. Click on some XML_ files to check their full filenames, and find two or three which end with
.pri.gz (not .scd.gz). I'll explain what that's all about in the next Task.
5. Download the files you've chosen to your own PC.
6. Don't close WinSCP yet. There's still some work to do.
Note: If you're using BAF rather than XML, here are the differences. First of all, the filenames
obviously begin with BAF_ rather than XML_. More subtly, BAF files may not be zipped,
depending on the exact configuration of your system. That means the files' extensions may
be just .pri rather than .pri.gz.
Checkpoint: You've finished downloading your billing files. Or have you? Actually, not quite - in
the next Task, we'll see there's one more administrative task to perform.
Task 2: Rename the files you've downloaded

Before you close your WinSCP session, there's one more task to perform. In summary, you
should rename the file on your Call Feature Server to change its extension from .pri.gz to
.scd.gz.
Why? Because if the Call Feature Server thinks you aren't downloading billing files, it'll worry
about running out of disk space... and if it thinks it's running out of disk space, it'll start to raise
alarms. Renaming the file is a simple way to indicate that you've got a copy, so it's safe to
delete (if your Call Feature Server needs to).
206 CONFIDENTIAL
In case you're wondering about those file extensions, .pri stands for "primary" and .scd
stands for "secondary". It's an odd choice of terminology, but I guess .scd is snappier than
.WeAlreadyDownloadedThis.
Warning! If your Metaswitch system is already live, think carefully about the implications of running
through this Task. In particular, if there's an automated tool which transfers BAF files into your
billing system, manually renaming files may mean they don't get processed "for real".
1. In this Task, we are working on the files on your server, using WinSCP. You don't need to
rename the downloaded copies which are now on your PC.
2. Right-click one of the files you downloaded, and select Rename.
3. Change the file's extension from .pri.gz to .scd.gz.
4. Repeat the process for the other files you downloaded.
5. Once you've completed this Task, you're finished with WinSCP for the time being. For
security reasons, it's a good idea to close the WinSCP window.
Note: If you're using BAF rather than XML, there's one difference. As we saw in Task 1, in some
circumstances the files' extensions will be .pri rather than .pri.gz. If that's the case, you
should rename them to .scd, not .scd.gz.
Checkpoint: You've completed the process of downloading billing files, and now have copies
of the files on your own PC. In the next Lesson, we'll take a look inside them.
CONFIDENTIAL 207
208
CONFIDENTIAL
Interpret billing files
Introduction
Now that you've downloaded some billing files, I'm sure you're keen to see what's in them. In
the long term, your objective will be to integrate these records with your wider billing system -
but that task requires detailed knowledge of your specific environment and is, of course, well
beyond the scope of this guide.
I can, however, offer you a starting point. In this Lesson, I'll give you an overview of what your
billing files contain, and share some advice on the next steps in deciding how to process them.
Needless to say, the approach you'll need depends heavily on which format - XML or BAF -
you've chosen for your billing records.
Start here
• get started with billing files in XML format
• get started with billing files in BAF format.
Task 1: Work with billing files in XML format

If your billing files are in XML format, it's pretty easy to get to grips with them. They're human-
readable, and you'll immediately spot the key information you need to feed into your systems.
What's more, there's an established process - using a language called XSL - for converting the
files into exactly the layout you need.
1. Go ahead and take a look inside one of your billing files. You can open an XML file in any
text editor (such as Notepad on Windows) - though if you're going to be doing a lot of work
this way, you might want to check out the numerous specialist XML editors available online.
2. You'll find that the file contains a number of separate call records, each of them enclosed
by a pair of <Call>...</Call> tags. Here's an example of a single call record, with a few
details omitted for brevity:
<Call seqnum="9256" error="no" longcall="false" testcall="false"
class="0" operator="false" correlator="45295927153956"
connected="true">
<CallType>Unknown</CallType>
<Features/>
<ReleasingParty>Orig</ReleasingParty>
<ReleaseReason type="q850" loc="ln">16</ReleaseReason>
<OrigParty xsi:type="NetworkTrunkPartyType" privacy="false"
cpc="normal" ani-ii="00">
<TrunkGroup type="sip" trunkaccounting="DE in media">
<TrunkGroupId>823</TrunkGroupId>
<TrunkMemberId>3</TrunkMemberId>
</TrunkGroup>
<CallingPartyAddr type="e164">+491234567890</CallingPartyAddr>
<SIPCallId>...</SIPCallId>
CONFIDENTIAL 209
</OrigParty>
<TermParty xsi:type="NetworkTrunkPartyType">
<TrunkGroup type="isup" trunkaccounting="ETSI out media">
<TrunkGroupId>501</TrunkGroupId>
<TrunkMemberId>9</TrunkMemberId>
</TrunkGroup>
</TermParty>
<RoutingInfo>
...
</RoutingInfo>
<CarrierSelectInfo>
...
</CarrierSelectInfo>
...
</Call>
3. I won't go over everything you can see here, but you'll spot straight away the <OrigParty>
(the originating party, who placed the call) and the <TermParty> (the terminating party,
who the call was to).
You'll also see the <TrunkGroupId> element and trunkaccounting attribute for each
party, telling you which trunks carried the call into and out of your system. I first talked
about trunk group numbers and trunk accounting references back in Configure a SIP trunk
on page 149, and you've set them up for all your trunks in that and subsequent lessons.
4. Now of course, unless you're freakishly lucky, this won't be the exact format you need to
import into your billing system. But the beauty of XML is that it's easy to transform from
one structure to another, using a scripting language called XSL (or XSL-T - it's exactly the
same thing).
If you want to explore this further, the next step is to download the XML Billing SDK from
Metaswitch Communities. You can grab the SDK from https://communities.metaswitch.
com/docs/DOC-64439, where you'll also find an active discussion with some FAQs and
helpful tips.
The SDK contains a precise definition of the XML file format, which is known as its schema,
as well as some sample XSL transformations. If you're already familiar with XML, that'll be
all the information you need to get going with your own billing infrastructure.
Note: If you’re not already up to speed on XML, there are some great resources out there on the
internet. http://www.w3schools.com/xml/ is a good place to start.
5. By the way, if your deployment also includes a Perimeta Session Border Controller,
you might like to know that Perimeta makes its own call records too. You can use the
<SIPCallId> (see it in the example record above?) to match up the call records on your
Call Feature Server and your Perimeta Session Border Controller.
Perimeta isn't the focus of this guide, so I won't go into any more detail here. But you
can find a full explanation together with some examples on Metaswitch Communities, at
https://communities.metaswitch.com/docs/DOC-85753.
Checkpoint: You now know how to process and interpret billing records in XML format.
210 CONFIDENTIAL
Task 2: Work with billing files in BAF format
If your billing files are in BAF format, I'm afraid things are a whole lot less friendly. BAF is a
densely-packed binary format, and isn't in any sense human-readable. There's no point even
opening your billing files in a text editor. So what can you do with them?
1. The first thing to say is... you might not need to do anything at all. The whole point of
choosing records in BAF is that it's a standard format, which can be processed by
numerous third-party billing systems (particularly in North America). So if you're integrating
with an existing solution, the file itself may be all you need.
2. If you do need to peek inside the BAF file, check out our free tool bafview. While this
absolutely isn't a replacement for a complete BAF billing system, it's a useful troubleshooting
tool which will help with any integration task. You can download bafview from the
Metaswitch Innovators Community; go to https://communities.metaswitch.com/docs/
DOC-19032 to get started.
bafview works in either of two modes. Either it extracts a one-line summary of each call
in turn, or it parses out the whole of the record in all its fulsome detail. Either way, bafview
turns the unintelligible binary BAF record into something a human can understand.
I'm obliged to say that, formally, bafview is provided on an as-is basis, and isn't part of
our official product set. On the other hand, dozens of our customers have successfully
used it while resolving their BAF billing woes!
3. If you're determined to go it alone, then you can find an overview of the BAF format in the
Metasphere CFS Management Reference manual, at https://communities.metaswitch.
com/manuals/latestsection/15700021.
Be warned though, there's a limit to how much we can tell you without breaching copyrights,
so you'll probably need to license the full specification (called GR-1100) from Telcordia.
Before you set off down this path, it really is worth pausing to reconsider whether you need
to use BAF... we developed our alternative XML format specifically to help you avoid this
kind of scenario.
Did you know? bafview was created as a collaborative project on our Metaswitch
Innovators Community. The Innovators Community is a great place to go if you're interested
in extending your Metaswitch deployment, by writing tools that use its APIs. "Innovators" (as
it's known to its friends) is five years old and still going strong.
Checkpoint: You now know how to get started working with billing records in BAF format.
CONFIDENTIAL 211
212
CONFIDENTIAL
Get a certificate for your Service Assurance Server
Introduction
In the next few Lessons, we'll be working to set up your Service Assurance Server. I first
mentioned the Service Assurance Server back in Find your way around your deployment on
page 19; it's an incredibly useful web-based tool, which helps you dig into the detail of
protocol flows and figure out issues, in a fraction of the time it would take to collate all the
information by hand.
But before you can unleash that power, there are a few configuration tasks to complete. In
this lesson, we'll dive straight in at the deep end and sort out your security certificates - which
is definitely the most complex of the procedures. Then in Link your Service Assurance Server
and MetaView Server on page 223, we'll fill in a few additional configuration details, and finally
in Set up access to Service Assurance Server on page 229 I'll show you how to set up user
accounts.
What's a certificate anyway?

You've used a certificate - maybe without knowing it - every time you've ever gone to a
"secure" website. You'll know you're on a secure site when your browser shows you a padlock
icon:
It's obvious why something like your bank's website is secure, but it's less clear why your Service
Assurance Server needs that little padlock. The main reason is to guard against man-in-the-
middle attacks, where a malicious program intercepts communications and pretends to be
your Service Assurance Server. If that were to happen, you might reveal important passwords,
or give away other information which could seriously compromise your deployment.
I won't go into detail about exactly how a certificate protects you from that (although believe
me, I'd love to - cryptography was my favorite subject at college). All you really need to know is
that there are trusted companies, called Certificate Authorities, who issue proof-of-identity
documents called certificates; and that there's a robust mathematical algorithm which makes
a certificate virtually impossible to forge.
So, if the website you're talking to presents a certificate saying "I am your Service Assurance
Server", you can be very confident that's really what it is. And when you see that little padlock
in your web browser's address bar, your browser is telling you: "I've seen a certificate, and
confirmed beyond reasonable doubt that this is the website you think it is".
Note: During this Lesson, you'll also hear references to SSL and HTTPS. These are two of the
protocols used to implement certificates, and secure browsing in general. SSL and HTTPS
are technically different, but they're often used together; so colloquially, an SSL certificate,
an HTTPS certificate and just a certificate are all the same
thing.
Did you know? The techniques for secure web browsing were originally developed by
Netscape. Remember them? In the mid-1990s, the Netscape Navigator web browser had
a 90% share of the market, before Microsoft woke up and realized the internet was going to
be a "thing" after all.
CONFIDENTIAL 213
About the Certificate Authority

Certificates are issued by an organization called a Certificate Authority, or CA. Many security
or internet-related companies, such as Symantec and GoDaddy, operate CAs. These public
CAs will verify your identity and issue a certificate in exchange for a fee.
If you work in a large organization, it's possible your IT department also runs a private CA.
Although certificates from a private CA aren't as authoritative as ones issued by a company
like Symantec, they'll still bring up the padlock on your web browser. That's because your
company's PCs have been pre-configured to recognize and trust your particular private CA.
About domain names

Certificates are attached to domain names, not IP addresses. In general, that's a sensible and
obvious rule: as a user, you want to be sure you're connecting to (say) www.metaswitch.com,
not to 64.91.234.195.
But as a consequence of that, your Service Assurance Server is the one piece of Metaswitch
equipment which needs to have a hostname configured in DNS. As I've remarked a few times
already in this guide, for every other piece of kit, you'll probably just use IP addresses; for
Service Assurance Server, I'm afraid you don't have that option.
You'll need to know your Service Assurance Server's domain name a little later in this Lesson.
Start here
Security-related processes are invariably complicated, and I'm afraid this Lesson is no
exception. In outline, you will learn how to:
• create a Certificate Signing Request (CSR) to send to the Certificate Authority
• work with the Certificate Authority to get your certificate
• upload the certificate to your Service Assurance Server
• take a backup, so you don't need to start from scratch if you lose your cryptographic keys.
The devil, as they say, is in the detail. Here we go.
Task 1: Stop your Service Assurance Server

You can't do anything with your Service Assurance Server's certificate while the service is still
running - that would be like showing someone your passport at the same time as you were
burning it. So, before you can start this Lesson, you'll have to shut the software down.
Warning! Needless to say, this will interrupt anyone who's using the Service Assurance Server. It will
also stop capturing data for the time that it is down. You'll typically run through this process
before your system is properly live, so this isn't normally a problem - but if necessary,
remember to talk to your colleagues and schedule a suitable maintenance window.
1. Log on to your Service Assurance Server's Craft terminal. There are a couple of possibilities
here...
• In smaller deployments, the Service Assurance Server is hosted on the same physical
processor card as the MetaView Server. In this case, start off as though you're logging
on to the MetaView Server Craft terminal, just like you've done previously.
But! This time, when it asks you "Do you want to run the
MetaView Server craft scripts, the Install Server craft
scripts, the VPN craft scripts or the MetaView Service
214 CONFIDENTIAL
Assurance Server craft scripts?", type S for the Service Assurance Server.
• In larger deployments, the Service Assurance Server may be on a separate blade, or
even in a separate chassis. In this case, it has its own Craft terminal, which you can log
onto by connecting to its individual IP address.
When it's running on its own hardware, the Service Assurance Server has just one pre-
configured Craft user, called defcraft - so that's the name you'll need to use to log
on.
2. From the Main menu, select Diagnostics Application.
You'll see this.
[Main->Diagnostics Application] [=1]
Diagnostics Application administrator function
1 Start Start collecting and displaying diagnostics
2 Stop Stop collecting and displaying diagnostics
3 Restart Stop and restart diagnostics collection
and display
4 Flush database Remove all events from the diagnostics
database
5 View logs View most recent logs by severity
6 Settings > Configure the diagnostics application
7 Gather diagnostics Generate a diagnostics dump
3. From that menu, select Stop.
4. When you're asked to confirm, pick OK.
5. Wait until you see the message:
Successfully stopped the Diagnostics Application
Checkpoint: Your Service Assurance Server's software is shut down. You can now safely work
with its certificates.
Task 2: Generate an HTTPS keypair and a Certificate Signing Request

To get a certificate from a Certificate Authority, you'll need to send your order in a specific
format, called a Certificate Signing Request or CSR. The CSR in turn is linked to two
cryptographic keys known as the keypair. In this Task, we'll generate both a keypair and a
CSR.
1. You should still be working in the Service Assurance Server's Craft terminal, and looking
at this menu:
[Main->Diagnostics Application] [=1]
Diagnostics Application administrator function
1 Start Start collecting and displaying diagnostics
CONFIDENTIAL 215
2 Stop Stop collecting and displaying diagnostics

3 Restart Stop and restart diagnostics collection
and display
4 Flush database Remove all events from the diagnostics
database
5 View logs View most recent logs by severity
6 Settings > Configure the diagnostics application
7 Gather diagnostics Generate a diagnostics dump
Note: If by any chance you’re not looking at that menu, type = to go back to the Main menu, then
pick Diagnostics Application.
2. Now, drill down through the following options:

• Settings
• Certificates
• Generate HTTPS keypair.
3. Select OK when prompted.
4. Now you'll need to answer some questions. It's important to take your time with these! If
you get the answers wrong, the Certificate Authority may refuse to sign your certificate (and
if they do sign it, it might not work).
• What is the domain name of this server?
Set this to the fully-qualified domain name of your Service Assurance Server - the thing
you'd type into the address bar of a web browser. For example, serviceassurance.
example.com. It's particularly important to get this right, so take care to double-
check it.
• What is the name of your organizational unit?
It's safe to leave this blank (just press Enter), or you can set it to the name of the
division or department within your company responsible for the Service Assurance
Server.
• What is the name of your organization?
This is your company's name. Wherever possible, use the full official name of your
company (like "Metaswitch Networks Limited"), to make things easy when the
Certification Authority verifies your identity.
• What is the name of your City or Locality?
Set this to the name of the city or town where your company is based.
• What is the name of your State or Province?
Yes, because we all live in a state or a province, don't we? But I'm sure you're used to
dealing with this problem, so type whatever you normally do - the name of the county,
departement, canton, or other area you live in.
• What is the two-letter country code for this unit?
Set this to the ISO code for the country where your company is based. Usually these
are the two letters at the end of a local domain name (FR for France, for example).
Warning! As an exception to that “usual” rule, the country code for the United Kingdom is GB, not UK.
216 CONFIDENTIAL
5. Finally, you're asked to confirm that your input is correct. Type yes, and after a few moments
you'll be told that the command completed successfully.
Press Enter to go back to the menu.
Warning! If you ever have any reason to repeat the steps above this point, you will also need to repeat
the steps below this point, and all the remaining Tasks in this Lesson. That’s because the
certificate you are about to request will be tied to your specific keypair, and will be invalidated
if your keypair ever changes.
6. You should be back at the Certificates menu now:

[Main->Diagnostics Application->Settings->Certificates] [=1 6 2]
Certificates
1 Display HTTPS Certificate Displays the HTTPS certificate
in use
2 Display CA Chain Certificate Displays the CA chain certificate
3 Generate HTTPS Keypair Generates a HTTPS keypair
4 Generate CSR Generates a certificate
signing request
5 Import CA Chain Certificate Imports a CA chain certificate
6 Import Signed Certificate Imports a signed certificate
7 Import Sign On Certificate Imports a Single Sign On
certificate
8 Backup Keys Backs up the SSL keys and
certificates
9 Restore Keys Restores the SSL keys and
certificates
7. Select Generate CSR, and as usual say OK when you're asked.
Craft will display a few lines of explanation, and a chunk of data which looks like this. This
is your Certificate Signing Request or CSR.
-----BEGIN CERTIFICATE REQUEST-----
MIIBqzCCARQCAQAwazEUMBIGA1UEAxMLMTAuMjU0LjIuNTUxEDAOBgNVBAsTB1Vu
a25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNV
... and so on for a few more lines ...
-----END CERTIFICATE REQUEST-----
8. Craft suggests you retrieve your CSR using SFTP, but actually it's a lot easier to copy and
paste it out of the terminal window. Just make sure you get the whole thing, including the
BEGIN and END lines, and save it somewhere on your PC.
Note: If you’re using PuTTY, our recommended SSL client for Windows, then copying and pasting
works a little differently to most applications. All you have to do is to select the block - it’s
copied onto the clipboard automatically. It takes a while to get used to, but it’s a great time-
saver in the long run!
CONFIDENTIAL 217
9. Once you've got the CSR safely onto your own PC, press Enter to go back to the menu.
The next Task will take a little while and doesn't require the Craft terminal, so for security's
sake this is a good moment to log off.
Checkpoint: You now have a Certificate Signing Request, or CSR - a blob of data which you'll
need to send to your chosen Certificate Authority.
Task 4: Have the certificate signed

The next step is to ask a Certificate Authority to process your CSR, and issue you with a signed
certificate.
I can't help you much with this task - the procedure depends entirely on the Certificate Authority
you've chosen to use. But whoever that is, they'll need a copy of your CSR, including the
BEGIN and END markers and everything in between.
Once you've given them your CSR and (sorry!) paid their fee, they'll confirm your identity
and send you a certificate. Depending on whether you have an existing relationship with the
Certificate Authority, this could take anything from a couple of minutes to a few days.
Note: Remember, you stopped your Service Assurance Server back in Task 1. If you want to restart
it while you wait for the certificate to be issued, that's fine. Just follow Task 6 to get it going,
then repeat Task 1 to stop it again once you're ready to proceed.
You will need to get two files from the Certificate Authority:
• your own certificate
• their chain certificate, which serves as proof that they are entitled to operate as
a Certificate Authority. The chain certificate is a matter of public record and should be
available to download from their website.
Note: Chain certificates are also called intermediate certificates - these are just two names for
exactly the same thing. You might also get a root certificate instead of a chain certificate,
particularly if you're using a private CA. For the purposes of this Lesson, you can treat a root
certificate as though it were a chain certificate.
And there are also two things to bear in mind...

• The certificates need to be in binary DER format. (DER stands for "Distinguished Encoding
Rules", in case you're curious, but it doesn't really matter what that means - it's just a
particular way of structuring certificate data.)
While you can use third-party applications to convert into binary DER, it's a lot easier to
get your certificate in the right format to begin with. So you might want to check this detail
before you commit to a particular Certificate Authority.
• The files containing the certificate need to have the extension .crt.
If they actually have the extension .der, you can safely just rename them. But if they have
another extension (particularly .cer or .pem), then that's a warning that they're probably
in the wrong format.
When you have the two files in your possession, you're ready to continue to the next Task.
Checkpoint: The Certificate Authority has replied to your CSR, and you now have a valid
certificate. You also have the Certificate Authority's chain certificate (which proves they are a
trusted body that can vouch for you).
218 CONFIDENTIAL
Task 5: Upload and import the signed certificate
To recap, you should at this point have:
• two files - your signed certificate and the Certificate Authority's chain certificate
• both in binary DER format
• and both with the extension .crt.
Got them? Excellent! Let's upload them to your server.
1. If you temporarily restarted your Service Assurance Server during Task 4, you'll need to
stop it again now. Just follow the steps in Task 1.
2. Start up WinSCP or your preferred SFTP client, and log on to your Service Assurance
Server. Use the same username and password as you do for the Craft terminal.
Note: By now, you’ll be accustomed to using WinSCP. But if you need a reminder of how to log on,
check Transfer files to and from a server on page 65.
3. Switch to the certificates directory.
4. Upload your two files.

That's all the SFTP'ing you need to do right now, but leave your client open - you'll be using
it again in Task 7.
5. Log on to your Service Assurance Server's Craft terminal, and drill down through the
following menus (it'll be a familiar path by now):
• Diagnostics Application
• Settings
• Certificates.
6. This time, from the Certificates menu, select Import CA Chain Certificate.
7. Select OK when prompted.
8. You'll be asked to pick the right .crt file. Enter the appropriate number (1 in this example):
CONFIDENTIAL 219
Please choose a certificate file from those listed below:

0 Cancel. Return to craft menu.
1 ca_chain_certificate.crt
2 sas_certificate.crt
9. Wait while the certificate is imported, then press Enter to go back to the Certificates
menu.
10. Now do the same thing again, to import your certificate.
• This time, select Import Signed Certificate from the menu.
• Say OK when prompted.
• Pick the appropriate number from the list of files.
• Once the certificate's been imported, press Enter to go back to the menu.
Checkpoint: You've uploaded the certificates to your Service Assurance Server.
Task 6: Restart your Service Assurance Server

Back at the start of this Lesson, you stopped your Service Assurance Server so that you could
work with its certificates. Now that the new certificates are in place, it's time to start it again.
I'll run through this Task quickly, because it's basically just the opposite of Task 1!
1. Still working in your Service Assurance Server's Craft terminal, type = to go back to the
Main menu.
2. From the Main menu:
• select the Diagnostics Application menu, then
• select Start.
3. You'll see this:
Starting the Diagnostics Application...
[and then a couple of minutes later]
4. That's all there is to it. Press Enter to go back to the menu.
Checkpoint: Your Service Assurance Server's back up and running, and using its new
certificates. Mission accomplished! But before we finish this Lesson, there's one more important
task to perform.
Task 7: Back up your keys and certificate

Having spent so much time arranging your SSL certificate, the last thing you want to do is to
lose it. And while you may have a copy of the files you received from your Certificate Authority,
these are useless without the keypair you generated in Task 2.
Before we wrap up this Lesson, then, let's take a backup of your keys and certificates, just in
case disaster befalls your server.
1. You should still be working in your Service Assurance Server's Craft terminal, looking at the
Diagnostics Application menu. If by any chance you're not, type = to get back to
the Main menu, then select Diagnostics Application from there.
2. Now, drill down as follows:
• Settings
220 CONFIDENTIAL
• Certificates
• Backup Keys.
3. For once, there's no questionnaire to complete! Just select OK when prompted.
4. You'll see something similar to the following:
Exported keys and certificates to certificates/myserver_
export_20140118_232628.tar.
5. Take a note of the filename (it contains the date and time, by the way), then press Enter
to go back to the menu.
6. You've now finished with the Craft terminal for this Lesson, so as usual it's good practice
to log out.
7. To save a copy of your backed-up keys and certificates, go back to your SFTP client
(which you last used in Task 5). It should still be open, and you should still be looking at the
certificates directory. If you're not, then review Task 5 to find out how to get back there.
8. You'll need to prod your SFTP client to take another look at the directory. In WinSCP, you
can do that by clicking this toolbar button near the top of the window:
9. Find the file with the name you noted above, and download it to your PC for safekeeping.
Remember to put it somewhere where you can find it again! And just in case the worst
does happen, it's wise to arrange for a second copy of the file to be kept off-site.
10. You've finished this Task, and indeed this Lesson! As always, for security's sake, you should
close your SFTP client.
Note: If you ever need to restore your keys, the process is just the reverse of this one. Use SFTP
to upload the backup into the certificates directory, then use the Craft terminal to select
Restore keys from the Certificates menu.
Checkpoint: You've fully configured your Service Assurance Server's SSL certificates! And the
even better news is that you've now saved a backup... so you shouldn't have to do it again
until the certificate expires. What's that? Yes, sadly SSL certificates come with an expiration
date, after which you'll need to buy and upload a new one. It would be a good idea to make a
note on your calendar.
CONFIDENTIAL 221
222
CONFIDENTIAL
Link your Service Assurance Server and MetaView Server
Introduction
To use your brand-new Service Assurance Server to best effect, you need to link it up with your
MetaView Server. In this Lesson, we'll carry out a few small configuration tasks which enable
the two of them to work together.
This is an unusual Lesson, because there's nothing here you really need to learn. This is simply
a mechanical configuration step which needs to be carried out on each brand-new system. So
let's just trundle through it, without worrying too much about exactly what's going on.
Start here
• log on to your MetaView Server to copy some configuration
• log on to your Service Assurance Server to paste that configuration
• tell your Service Assurance Server your MetaView Server's IP address.
Task 1: Retrieve your MetaView Server's SSL certificate

First up, we're going to pick up an SSL certificate from your MetaView Server.
Now, the previous Lesson was also about SSL certificates. But this is different! Forget everything
you learned last time! It'll only confuse you. This SSL certificate has nothing at all to do with
security in web browsers.
This SSL certificate is used strictly behind the scenes. It's what gives your Service Assurance
Server confidence that it's talking to your real MetaView Server, rather than an evil imposter
that's broken into your network with a view to stealing data.
And because we're using it in a completely different way, this SSL certificate doesn't need to
be sent off to a Certification Authority. To use the jargon, it's "self-signed", and your MetaView
Server has already created it automatically.
So, how do you get hold of it? It's low-tech, but the easiest way is... by copying it onto the
clipboard. First of all though, we'll just check and note down the MetaView Server's "official"
name, which you'll need during the next Task.
1. Log on to your MetaView Server's Craft terminal.
2. Work down through the following menus:
• Admin, then
• Manage System Info.
3. You should be looking at the following menu.
Get and Set the System Info
1 Get System Info Gets the Node Name
2 Set Node Name Sets the Node Name
3 Set Cluster Name Sets the Cluster Name
4. Pick Get System Info.
CONFIDENTIAL 223
As always, Craft will check that you really meant it - just choose OK.
5. You'll see a "node name", like this:
Node name: mymetaviewserver
6. Note down the node name, so that you can enter it in exactly the same format during Task
2. Then press Enter to go back to the menu.
7. Now, let's find the SSL certificate itself. Type = to return to the Main menu, then work down
through the following:
• Admin
• Manage Certificates
• MetaView Server Certificates.
8. This time, you should be looking at the following menu.
[Main->Admin->Manage Certificates->MetaView Server Certificates]
[=1 6 1]
Manage server certificate configuration
1 Display Certificate Details Displays the Certificate Details
2 Generate New Certificate Generates New Certificate and
Signing Request
3 Enter New Certificate Enters a New Certificate
9. Select Display Certificate Details, then OK when prompted.
You'll see a big splurge of output (too much for me to reproduce here), but in the middle of
it you'll find something similar to the following. You might need to scroll back the window
to find it.
-----BEGIN CERTIFICATE-----
LjME8FHBfKVck4G1wX1MIFB2hTRQz9n8crLhsrFvoBBIuP8X56kK4eAYBT402dVh
33FMyNySsVG132ZZcGteV8MZotZYO30y0unh8WY+qqxGDc1OZ3A29/m+Cy4WoF1p
...
and so on for about 20 lines
...
-----END CERTIFICATE-----
10. Carefully select and copy this whole block, including the BEGIN and END lines.
Note: If you’re using PuTTY, our recommended SSL client for Windows, remember that you just
need to select the text you want. The “copy” operation is automatic.
11. Paste the copied block into somewhere like Notepad, just so you don't lose it if you put
something else on the clipboard. Don't worry, there's nothing here which you need to keep
secret - certificates are public information.
12. Press Enter to go back to the menu, then log out of your MetaView Server's Craft terminal.
Checkpoint: You have your MetaView Server's SSL certificate loaded up on your clipboard.
224 CONFIDENTIAL
Task 2: Paste the certificate into your Service Assurance Server
Now, we'll upload a copy of the certificate to your Service Assurance Server.
1. Log on to your Service Assurance Server's Craft terminal, in the same way as you did in
the last Lesson.
• Settings
• Certificates.
3. You'll see this.
[Main->Diagnostics Application->Settings->Certificates] [=1 6 2]
Certificates
1 Display HTTPS Certificate Displays the HTTPS certificate
in use
2 Display CA Chain Certificate Displays the CA chain certificate
3 Generate HTTPS Keypair Generates a HTTPS keypair
4 Generate CSR Generates a certificate
signing request
5 Import CA Chain Certificate Imports a CA chain certificate
6 Import Signed Certificate Imports a signed certificate
7 Import Sign On Certificate Imports a Single Sign On
certificate
8 Backup Keys Backs up the SSL keys and certificates
9 Restore Keys Restores the SSL keys and certificates
4. From this menu, choose Import Sign On Certificate.
Warning! There are two similarly-named options on this menu. Make sure you pick Import Sign On
Certificate, not Import Signed Certificate.
5. When you're asked to confirm, select OK as usual.

6. Craft has a couple more questions. First, it'll say:
Please enter the name of the system that will sign on using this
certificate.
This is the MetaView Server system name or MetaSphere SDC name.
7. Type in the system name you noted down during Task 1, and press Enter.
8. Now, Craft will say:
Please paste the public key certificate in X.509 format.
Include both the header and the footer of the certificate.
9. Go ahead and paste the certificate off your clipboard.
CONFIDENTIAL 225
Note: If you’re using PuTTY, you can just right-click anywhere in the window to paste.
10. Assuming all is well, you'll get a terse:
11. Press Enter to return to the menu. Don't log off yet; there's something you still need to do.
Checkpoint: You've shared the MetaView Server's SSL certificate with your Service Assurance
Server. Now, your Service Assurance Server can trust your MetaView Server, because the
certificate proves the server really is what it claims to be.
Task 3: Send statistics to MetaView

Just before we wrap up this Lesson, let's take care of another minor task, also to do with
communications with MetaView.
Your Service Assurance Server collects a range of helpful statistics, which you can use to check
on its performance and spot any developing problems. I'll talk more about these statistics, and
how you can monitor them, in Keep your Service Assurance Server running smoothly on page
251.
The Service Assurance Server records these statistics automatically. But before you can
actually see them, it needs to send them over to MetaView. And to do that, it needs to know
the MetaView Server's IP address... which is what we'll configure in this Task.
Note: Just in case you're wondering, you do need to work through this task even if the Service
Assurance Server has the same IP address as your MetaView Server (which will be the case
if it's running on the same physical blade).
1. Still in the Service Assurance Server's Craft terminal, type = to go back to the Main menu.
• Settings
• MetaView Server.
3. You should be looking at the following menu.
[Main->Diagnostics Application->Settings->MetaView Server] [=1 6
5]
Configure MetaView Server IP for alarms and statistics
1 View IP address View the configured MetaView Server IP
address
2 Set IP address Set the MetaView Server IP address
3 Remove IP address Remove the MetaView Server IP address
4. Now choose Set IP address.
5. When you're prompted, type in your MetaView Server's IP address.
6. As always in Craft, you have a chance to check your input. Assuming everything's in order,
choose OK.
7. The response here is brief and to the point:
226 CONFIDENTIAL
8. Don't worry! It's telling the truth. Just press Enter to go back to the menu.
(If you want to double-check, feel free to choose View IP
Address from the menu - you should see the value you've just configured.)
9. That's the end of this Task, and the end of this Lesson. As I always say at this point, it's
good practice now to log out of the Craft terminal.
Checkpoint: Your Service Assurance Server is fully configured. Let's start to use it!
CONFIDENTIAL 227
228
CONFIDENTIAL
Set up access to Service Assurance Server
Introduction
We've been digging around in configuration for far too long, but we're very nearly ready to start
using your Service Assurance Server. There's just one last task to complete - setting up an
account on it, so that you can log on.
About single sign-on

Technically speaking, Service Assurance Server is a completely separate product from MetaView
Explorer. In large and complex deployments, different administrators may have permission to
use the two systems - so some people are allowed to use Service Assurance Server, some
people are allowed to use MetaView Explorer, and some people are allowed to use both.
For the purposes of this guide, though, I'll be assuming that everyone who uses MetaView
Explorer is also allowed to use Service Assurance Server. And that means it's inconvenient
to have to sign into Service Assurance Server separately. It would be much nicer if you were
automatically logged in, by virtue of having signed in to MetaView.
That's what single sign-on is all about! By following the steps in this Lesson, you'll do two
things:
• set up an account for yourself on Service Assurance Server, and
• arrange things so that logging into MetaView Explorer logs you into Service Assurance
Server as well.
It's relatively straightforward to do that, but beware - it's also quite easy to go wrong. I'll warn
you when we come to the crucial step.
Start here
• create an account on Service Assurance Server
• log in to Service Assurance Server automatically, while you're using MetaView Explorer.
Note: As you work through this Lesson, you'll be setting up an account for yourself. In the future, if
you want to, you can follow exactly the same steps to grant access to someone else.
Task 1: Create an account on Service Assurance Server

Because Service Assurance Server is a separate product, you need a separate login. In this
Task, we'll create an account for you.
1. Start a web browser, and type in the URL
https:// domain-name /serviceassurance
domain-name is, obviously, the name of your Service Assurance Server. Remember, in
many deployments that's the same as your MetaView Server, and it's also the name you
typed in when you set up your security certificate a couple of Lessons ago.
You'll see the following login screen.
CONFIDENTIAL 229
2. Your Service Assurance Server is delivered with a default administrator's account - use the
default admin username and password to log in. Ask a colleague or your CSE if you do not
have the default login credentials.
Note: It is critical that you change the default admin user passwords to something secure and
unguessable to prevent unauthorized access to your system. The default passwords are not
sufficiently secure to protect your system.
3. Once you have logged into SAS, you will see the following screen.
There's a lot here to look at, but don't worry - we'll be coming back to it in another Lesson.
For now, just click the Admin button. I've drawn a huge arrow pointing to it because, trust
me, it's almost impossible to find it on your own.
4. Now, you're looking at something like this. This time, click Add user at the bottom of the
list.
And next you'll see this.
230 CONFIDENTIAL
5. You may think it's obvious how to fill in this form... but it's not quite as simple as it seems.
• In the Name field, type the username you use to log on to MetaView Explorer.
Now, this is the thing it's so easy to get wrong. I repeat - type the username you use to
log on to MetaView Explorer. Make sure you type the same username! The exact same
username. Have I said that enough times yet? The. Same. Username.
• In the Full Name field, go right ahead and type your actual name. Anything goes here.
• In the Password and Confirm password spaces, type your MetaView Explorer
password.
• Set the Privilege level to Admin.
Warning! Single sign-on is a powerful tool, but it’s also a blunt one. That’s why you need to enter
exactly the same username and password as you use for MetaView Explorer, including
putting capital letters in all the same places. Take a moment to check carefully - if you’ve
made a mistake, single sign-on won’t work, and that’s a notoriously frustrating problem to
resolve.
Note: Setting the Privilege level to Admin means your account can itself create more accounts
(or delete existing ones, plus a couple of other minor abilities). In the future, if you want to
give someone access but don’t want them to be able to manage accounts, just leave the
Privilege level at User.
6. When you're sure everything's right, click Add User. You'll be back at the list of users, and
you'll see your new username is now on the list.
7. You've finished in Service Assurance Server for the time being. You can close your web
browser.
Checkpoint: You've created an account on Service Assurance Server. What's more, because
it has the same username and password as your MetaView Explorer account, you've
automatically enabled single sign-on.
Task 2: Check you can sign in from MetaView Explorer

So, you've set up your account. We'd better make sure it works! As I've explained, you can log
onto your new account directly from MetaView Explorer.
1. In MetaView Explorer's Tree view, drill down to your Call Feature Server or Integrated
Softswitch. (If you have more than one Call Feature Server, pick any one.)
CONFIDENTIAL 231
2. Below your Call Feature Server, find and click on the Link to Service Assurance Server
object. You'll see something like this:
3. In the toolbar below the Tree and Details panes, look for a button you won't have seen
before.
There it is, on the right - Connect to Service Assurance. Go ahead and click.
4. Your web browser opens, and you'll see a screen you've seen once before...
...and that's it! You've logged into your new account, without needing to type your username
and password. Such is the miracle of single sign-on.
Checkpoint: You've confirmed that you've successfully set up single sign-on, and can now
connect to Service Assurance Server directly from MetaView Explorer. You're ready to go! We'll
start using Service Assurance Server in earnest in the next Lesson.
232 CONFIDENTIAL
Check a call in Service Assurance Server
Introduction
You've spent so long setting up Service Assurance Server, you might have been wondering
whether you'd ever actually get to use it. Well, the moment's come! In this Lesson, we'll get a
taste of what Service Assurance Server can do for you, and I'll tell you right now... it's amazing.
24 hours a day, 7 days a week, Service Assurance Server is quietly collecting logs for each and
every call that passes through your system. When you need to investigate an issue, you can
wind back the clock and pull out detailed records for that specific call - seeing every protocol
message, every interaction, and every scrap of information you need to track down and fix an
error.
Shall we find out how?
Start here
• connect to Service Assurance Server and find the detailed records for a specific call
• study the ladder diagram, a visual record of every protocol message involved
• check on the user experience and voice quality metrics, to get a sense of what the call
was like for the participants.
Task 1: Place a test call

Before we touch Service Assurance Server, though, we need to make sure you have something
to look at. So place a test call through your system!
You'll get the most out of this Lesson if you make your call an "interesting" one. For example, if
you've got both SIP and ISUP trunks connecting to your system, place a call which gateways
from one type of trunk to another. The more varied the protocol exchanges you trigger with
your call, the more you'll have to look at when you study its records later on.
Checkpoint: You now have a specific call to look for in Service Assurance Server.
Task 2: Connect to Service Assurance Server

We saw how to connect to Service Assurance Server at the end of the last Lesson - in fact, if
you've followed straight on from that, you might still have a window open. But in case you need
a quick reminder, here's what to do.
1. In MetaView Explorer's Tree view, drill down to your Call Feature Server or Integrated
Softswitch. (If you have more than one Call Feature Server, pick any one.)
2. Below your Call Feature Server, find and click on the Link to Service Assurance Server
object.
3. In the toolbar below the Tree and Details panes, click Connect to Service Assurance - here
it is on the right...
4. Bask in the fact that, because you've configured single sign-on, you don't need to type a
username or password to log in.
Checkpoint: You're connected to Service Assurance Server, and ready to check out your test
call.
CONFIDENTIAL 233
Task 3: Search for your call

Now that you've connected, the next step is to search Service Assurance Server's database
for your particular call. Remember, in a real-world scenario, you can search a considerable
distance back in time - by default, up to seven days.
Service Assurance Server offers a vast number of different options for finding a call, covering
every imaginable way you might want to approach a problem (well, every way that I can imagine,
anyway). You can look for particular errors, for calls coming in from particular trunks, or even for
calls occupying a specific TDM timeslot. But I'll leave you to explore all those options on your
own - for this Task, we'll keep things simple and search for a phone number.
1. Right now, because you've only just connected to Service Assurance Server, you'll be
looking at this search form.
Later on, whenever you want to come back here, just click the Search button. You'll see it
up there at the very top-left of the screenshot.
2. Let's go ahead and find your test call.

• In the Number box (labeled 1), type either the number you called from, or the number
you called. If you want to, you can even type just the first few digits - though bear in
mind a partial number takes longer to search for.
• In the Search for calls started... drop-down (labeled 2), make sure you've chosen a
time range which will include your test call. Once again, the shorter you can make this
period the faster the search will be.
3. When you're ready, click the Search button right down at the bottom.
4. Watch the progress bar fill in...
...and when it's finished, you'll see a page of search results, like this one. (I've blurred out
the last few digits of the phone numbers in this screenshot, just in case anyone took it on
themselves to start ringing our test lines.)
234 CONFIDENTIAL
5. Choose the call you're interested in - the Start Time and End Time columns will help you
with that - then click the View button for its particular row. It's not all that easy to see the
View buttons in the screenshot, so I've picked out an example with the red arrow.
6. If all's gone to plan, you'll be looking at a screen like this one.
This is the Service Assurance Server record for the call you've selected. Over the next few
Tasks, we'll be exploring this record in detail.
Note: The individual call record opens in a new browser window - so if you want to go back to the
search results to pick another call, you'll find they're still there for you.
Checkpoint: You've found Service Assurance Server's records for your test call. In the next few
Tasks, we'll see what they can tell you!
Task 4: Look at the ladder diagram

As I'm sure you've already noticed, the records for your test call are spread across several tabs.
Right now, you're looking at the Summary tab. We'll come back to that later in this Lesson -
but first of all, I'm impatient to show you something really cool.
1. Near the top of the window, click the Call Flow tab.
You'll see a diagram a little bit like this one. This screenshot is a real call record from one of
our customers in Europe, so I've blurred out a few identifying details:
CONFIDENTIAL 235
2. Now, I'm sure you don't need me to tell you what this is! We at Metaswitch call it a ladder
diagram, and it tracks a sequence of signaling messages as they flow between the
numerous switches and servers involved in any given call.
I couldn't resist showing you this particular screenshot, because it highlights one of the
very best things about Service Assurance Server. In this case, the customer has a Perimeta
Session Border Controller in their network, protecting them against malicious traffic and
assisting with interoperability. Their Service Assurance Server has drawn together data
from both Perimeta and their Call Feature Server, producing a single ladder diagram which
effortlessly combines both.
3. As I look at my example, I can immediately tell that it shows a call being routed from a SIP
trunk to an ISUP media channel. How do I know that? Because on the left-hand side of the
ladder diagram, the protocol exchanges are all in SIP, while on the right-hand side they're
in ISUP.
If you're wondering why all the SIP messages are doubled up, like this...
...it's because the Perimeta Session Border Controller is intercepting and checking each
message, before passing a copy of it on.
236 CONFIDENTIAL
4. OK, enough about Perimeta. Let's take a closer look at the ladder diagram, and compare
it to the one you should have in front of you on your own screen.
First up, the vertical lines running down the diagram represent the different servers involved
in the call. Here's what we've got in the example I'm showing you...
• A is the third-party switch at the far end of the SIP trunk, which connected to us and
initiated the call.
• B is our Perimeta Session Border Controller.
• C is the MetaSphere CFS which routed the call.
• D is the third-party switch at the far end of the ISUP Media Channel - the one which
we routed the call to.
5. But of course, that's just what's happening in my example. What about yours?
Have a look now at the ladder diagram on your own screen, and see if you can identify the
switches and servers involved. Remember that, depending on the design of your network,
you may have fewer or even more participants than you see in my example.
6. OK, we've identified the vertical lines. Next, let's look at the horizontal arrows.
Each of these arrows represents a particular protocol message. This, for example, is a
classic protocol exchange:
Here's what's happening in this short extract.

• The switch on the SIP side sends an INVITE message to our Call Feature Server,
indicating that it wants to set up a call.
• The Call Feature Server responds immediately with 100 Trying, to confirm that it's
on the case. (At risk of stating the obvious, you can tell this message is going from the
Call Feature Server to the switch, because the arrow's pointing in the other direction.)
• Then the Call Feature Server sends an Initial Address message to the switch
on the ISUP side. That's the equivalent of the SIP INVITE - a request to set up a call
using ISUP signaling.
7. Take a look now at the ladder diagram on your own screen, and see if you can spot similar
exchanges. If you're familiar with the particular protocols involved, you should be able to
follow the whole call through from its setup to its conclusion.
Oh, by the way. When you see zigzag lines like these ones...
CONFIDENTIAL 237
...they mean there was a time gap between the messages on either side of them. In this
example, if you look at the timestamps to the left of the diagram, you'll see that 11 minutes
passed between the ACK and the BYE.
8. You've got the basics covered now, but let's have a look at a couple more things you can
do with the ladder diagram. First of all, try double-clicking one of the arrows.
You'll find that a detailed record of that particular protocol message appears just beneath
the arrow. In this screenshot, I've opened up a couple of the most important messages -
the SIP INVITE and the ISUP Initial Address:
To get rid of the detailed message you've opened up, just click the "close" button in its
top-right corner.
9. In fact, there's a whole menu of options attached to each arrow - though it's a little bit fiddly
to use. To call up the menu, first single-click the arrow (marked with 1 in this screenshot),
then press the small "+" button (marked with 2):
238 CONFIDENTIAL
From this menu, you can amuse yourself by playing with the colors of the arrows. Go on,
you know you want to.
More seriously, you can jump to the Detailed Timeline for the Metaswitch server (or
servers) involved in this particular protocol flow. Hold that thought for now - I'll talk about
the Detailed Timeline in the next Lesson.
Checkpoint: You've learned how to interpret a Call Flow diagram, and you've practiced by
working through the protocol flows for your test call.
Task 5: Check the User Experience and Voice Quality Metrics

After the myriad wonders of the Call Flow diagram, the rest of the tabs are a little bit of an anti-
climax. But they're important anyway! So let's take a look at them.
1. Click the User Experience tab.
You'll see a list of times and events, like this one.
As its name suggests, the User Experience tab summarizes what the call was like for
the parties involved. Most of the events you'll see listed here are things the layman would
notice - although they're not always described in ways the layman would understand. For
example, Received call disconnect from line number on another switch
is a complicated way of saying that someone's hung up.
Check over the list of events you're seeing on your own screen. Do they correspond to your
memory of your particular call?
2. Another important aspect of user experience is the quality of the audio during the call. We
can check that using Service Assurance Server, too.
Click on the Summary tab.
CONFIDENTIAL 239
The voice quality statistics are down at the bottom. As you'll see, there are three of them:
• Packet loss - the percentage of packets which simply never made it to the other end
of the link.
• Jitter - the average amount that each packet was "early" or "late" (compared to the
expected time based on other packets in the call).
• Round trip time - the average time it took for a packet to travel from your switch to
the remote one, and back again.
3. If you're investigating a problem with audio quality, the voice quality statistics may help
you work out exactly where the culprit lies. For example, a high level of packet loss might
suggest a congested link, or a problem with a switch or router along the way.
Note: As I'm sure you'll have spotted, there are two more tabs along the top of the screen which I
haven't talked about yet. We're going to look at the Detailed Timeline in the next Lesson. As
for the Call Records, that's just an easy way of seeing the billing entries for this particular call
- for a reminder of how to work with those, check back to Interpret billing files on page 209.
Checkpoint: You now know your way around most of the tabs in the Service Assurance Server
display.
240 CONFIDENTIAL
Track the steps of call processing in Service Assurance Server
Track the steps of call processing in Service Assurance
Server
Introduction
We've just seen some of the most exciting features of Service Assurance Server, but now, it's
time for a change of pace. In this Lesson, we'll step back and take a more thorough look at the
detailed logs from your test call.
In the process, you'll learn about the seven steps of call processing, a key piece of
knowledge you'll need when troubleshooting issues. The "seven steps" form the cornerstone
of Metaswitch call handling, and understanding them is an essential prerequisite to several
advanced configuration techniques. Among those techniques are number validation and
trunk routing - a pair of complementary tools, which jointly determine exactly how calls are
routed through your platform.
The seven steps of call processing

There's something magic about the number seven. Seven colors in the rainbow. Seven notes
in every octave. If you want to get technical, seven layers in the OSI stack. So it's not surprising
that, when we sat down to think about the steps involved in processing a call... there turned
out to be seven of them.
We use this diagram in lots of different manuals and training courses, so it's possible you've
seen it before. If you haven't, then it's certain you'll see it again!
Now, this is a generic diagram which applies to any Metaswitch deployment. The good news
is that in a Class 4 environment (and in fact for any trunk-to-trunk call), three of the seven steps
are no-ops. They still happen in principle, and you'll still see references to them in logs - but
they never have any effect, because they're only relevant when you're delivering services to
on-switch subscribers.
CONFIDENTIAL 241
So what does that leave us with? There are four steps remaining.
• Step 1 is Signaling In. That's just the incoming call being signaled from the trunk.
• Step 2 is Number Validation. This is a significant and potentially complex step! During
number validation, you can accomplish three important tasks:
• classify calls to decide how to handle them - for example, to separate out national from
international calls
• change any of the phone numbers involved in the call - for example, to normalize them
to a standard length, or add or remove prefixes
• block calls you don't want to process - for instance, to suppress calls to certain country
codes.
• Step 5 is Trunk Routing, where the Call Feature Server decides which trunk the call
should be passed on to. As well as the destination number, this choice can take account of
a wide range of factors - including the way the call was classified during Number Validation.
• Finally, Step 7 is Signaling Out, where the Call Feature Server signals the call on the trunk
it selected.
Now obviously, there's a whole lot of detail hiding behind that handful of bullet-points. So much
detail, in fact, that there's a whole separate manual to cover it - Learn How To Manage Your
CFS Translations - which you can find on Metaswitch Communities, at https://communities.
metaswitch.com/community/support/learn_how_to_guides.
In this guide, I won't be telling you how to design or configure Number Validation and Trunk
Routing. But I will show you how to follow a call through the steps of processing, and how to
keep track of the Number Validation and Trunk Routing decisions that are being applied.
Start here
• find the Detailed Timeline, where the steps of call processing are recorded
• identify the call processing steps for your own test call.
242 CONFIDENTIAL
Task 1: View the Detailed Timeline
To explore the seven steps of call processing on your own Service Assurance Server, we'll take
another look at the test call you placed during the previous Lesson.
1. If you've followed straight on from the previous Lesson, you'll already have the records for
that call on your screen. If you haven't, then just repeat the first few Tasks from the last
Lesson to bring it up again.
2. In this Lesson, we're going to be focusing on the Detailed Timeline tab. Go ahead and
click it now.
3. You'll see a lot of logs on your screen, but before we take a close look at them, let's filter
them down a little. Up near the top of the window - just below the tab bar - find these two
unlabeled drop-downs.
• Drop-down number 1 filters the messages according to the system which generated
them. For instance, if you have a Perimeta Session Border Controller in your network,
you can choose to see messages just from Perimeta.
In this Lesson, I'll be looking specifically at messages from your Call Feature Server. So
choose your Call Feature Server's name from this drop-down.
• Drop-down number 2 filters messages by importance - in other words, lets you see
more or less detail. For now, leave this set to High-level events.
4. Done that? Your results will be looking a bit like this. (Once again, this screenshot's from a
real system, so I've blurred out some identifying details.)
I'll be looking at these log messages in more detail in the next Task. For the time being, just
spend a couple of minutes clicking around and getting a feel for how this tab works. You'll
notice that:
• each row describes a specific event, recording the progress of the call through
processing on your Call Feature Server
• the timeline shows the whole of the call, from setting up to tearing down - and if you
look carefully at the times in the Timestamp column, you'll see a "gap" representing the
time when the call was just quietly in progress
CONFIDENTIAL 243
• you can click on any individual row, and read more information for that particular event
in the pane labeled "Details" at the bottom of the window.
Checkpoint: You've got familiar with the Detailed Timeline tab. In the next Task, we'll see how
to pick out the main steps of call processing.
Task 2: Identify the steps of call processing

Now that you're looking at the Detailed Timeline, you can work through the steps of processing
for your test call. Here, just for reference, is an example from my own system - with each of the
steps marked up:
Let's take a look at your test call now, and see if we can do the same.
1. The very first message you see will (most likely) be a New incoming call attempt. That's
Step 1 - Signaling In.
Remember, you can click any of the messages in the Detailed Timeline to see more
information at the bottom of the screen. In this case, when you click that row, you'll be able
to find out the calling and called numbers.
2. Now look for a series of messages beginning with Starting number validation, and ending
(hopefully!) with NV succeeds.
This is Step 2 - Number Validation. As I mentioned earlier, number validation is a complex
process, which may apply several transformations to the numbers involved in the call. In my
screenshot above, you'll see that NV (that's number validation) applied changes to each of
the calling and the called numbers...
And if I click on any of those lines, I see a summary of exactly what was changed, and why:
244 CONFIDENTIAL
Now, I appreciate those details won't mean a great deal to you yet - and there isn't room
in this particular guide to go through the intricacies of number validation. But you can
read much more in Learn How To Manage Your CFS Translations, which explains all the
concepts and takes a detailed look at the logs you see in Service Assurance Server.
3. Next, find a series of messages beginning with Routing begins, and ending with Routing
succeeds. This is Step 5 of call processing - Trunk Routing.
If you click on the Routing succeeds message, you'll see the details of how the outgoing
trunk was selected. Once again, it's hard to absorb the first time you see it, but Learn How
To Manage Your CFS Translations will walk you through some examples.
4. Finally, try to find the message representing Step 7 - Signaling Out. Exactly what it says will
depend on the type of the trunk... but in my screenshot it's an ISUP trunk, so I see Sending
outgoing ISUP call setup request.
5. Although that's the end of the seven steps of processing, it's not the end of the call. If you
scroll down further, you'll see a lot more happen - perhaps some activities with media, the
call ending and being torn down, and the generation of a billing record.
In this Lesson, I can only scratch the surface of what's available to discover in the Detailed
Timeline. If you want to know more, general telecoms knowledge will take you a long
way - and as I've mentioned a couple of times already, Learn How To Manage Your CFS
Translations has a lot of great material too.
Checkpoint: You've identified the steps of processing your test call, and you're well on the way
to understanding the Detailed Timeline view.
CONFIDENTIAL 245
246
CONFIDENTIAL
Export a call record for further analysis
Introduction
As we've seen, there's an awful lot of information available in Service Assurance Server, and
from time to time you may want to share it with someone. After all, everyone needs a little help
now and then! And whether it's your support representative or a trusted colleague, there'll be
times you rely on someone else to investigate a thorny problem.
And when you do ask someone to help you, wouldn't it be nice if they could see what you're
seeing? Look at the call record, just like you are, as though they were watching over your
shoulder? Well, as you've probably guessed... they can.
Start here
• export a call from Service Assurance Server, for example to share it with your support
representative
• import a call that someone else has shared with you.
Task 1: Export a call

To share a call record with someone else, you just need to save it to a file. The process really
couldn't be simpler - so let's practice it on your test call now.
1. If you're following straight on from the previous Lesson, you might still be looking at the
records from your test call.
If you're not, then log back in to Service Assurance Server and find it again! If you've
forgotten how, Check a call in Service Assurance Server on page 233 has all the details.
2. Once you're looking at your test call, click the Export button, which you'll see at the very
top of the page.
If the Export button's grayed out, you're probably not looking at a specific call. For example,
you can't export a complete set of search results... only a single record.
Note: It doesn’t matter which of the tabs you’re on when you click Export. In this screenshot, I
happened to be looking at the Call Flow, but the exported record will still contain a full set of
information from all of the tabs.
3. What happens next depends entirely on your web browser. I'm using Firefox, so I see this
dialog box...
CONFIDENTIAL 247
Your browser might display something completely different. But in any case, you're simply
downloading a file - so do whatever you'd normally do to save it to disk.
Note: You might like to change the file’s name as you save it, because the default filename is always
Trace.sas.
4. In a real scenario, you may well be planning to send the saved file to your support
representative. The best way to do that is by attaching it to a ticket - Raise a ticket with
Metaswitch Support on page 267 tells you how.
Checkpoint: You now know how to export a call from Service Assurance Server, and send it to
your support representative (or to anyone else).
Task 2: Import a call

Now that you know you can export a call's details, it's natural to ask if you can import them
again. The answer, of course, is yes! For example, you might import a record if you're helping
a co-worker investigate a problem, or simply if you've kept a call's details to save having to
search for it again.
To practice, why not try importing the call record you saved in Task 1?
1. You'll need to be logged in to Service Assurance Server, but you don't need to be looking
at any particular page.
2. Click the Import button - which is always visible right at the top of the web page.
3. When it asks you to pick a file...
248 CONFIDENTIAL
...click Browse, then choose a file using the standard dialog box which appears.
4. Click Import.
5. And that's all there is to it. You'll now be looking at the imported call, just as though you'd
found it by searching in the normal way.
Note: You'll stay with your imported call record until you navigate away from it. If you click the
Search button to start looking for another call, you'll lose the one you imported - though of
course, there's nothing to stop you importing it all over again.
Checkpoint: You now know how to import a record back into Service Assurance Server.
CONFIDENTIAL 249
250
CONFIDENTIAL
Keep your Service Assurance Server running smoothly
Introduction
Once it's set up, your Service Assurance Server doesn't need much fussing over. It's always
there, quietly collecting records, and ready to deliver them to you whenever you happen to
need them. Think of it as your dutiful, uncomplaining sidekick.
But every now and then, you should take a moment to ask your Service Assurance Server
whether it's OK. In this Lesson, I'll explain how to be a good friend to this most loyal and self-
effacing of helpmates.
Did you know? You should never anthropomorphize computers. They don't like it.
Start here
• use MetaView Explorer to monitor your Service Assurance Server's performance
• tweak configuration options to resolve any problems.
Task 1: Check your Service Assurance Server statistics

Back in Link your Service Assurance Server and MetaView Server on page 223, we configured
Service Assurance Server to "send statistics" to MetaView. But what does that actually mean?
It's time to find out.
1. In the MetaView Explorer Tree pane, go to your Service Assurance Server. You've probably
already noticed it's there:
• from the top of the tree, look for Connection to Service Assurance Server "whatever-
you-called-it"
• then click Service Assurance Server "whatever-you-called-it" under that.
2. There's not much to see here. But wait! Take a close look at the toolbar below the Tree
pane, and you'll spot a button we haven't talked about before.
It's labeled Statistics. Click it, and... gosh, a whole new window! With graphs in! This is the
Statistics Viewer.
CONFIDENTIAL 251
Note: Before you get too excited about the really cool MetaView Explorer feature I’ve only just
thought to show you, I’d better confess. The Statistics Viewer is a relatively new feature, and
it only works for certain things. Sadly, monitoring Service Assurance Server is pretty much
the only way to use it in a Class 4 deployment. Watch this space though - over time, more
components will start to appear in the Statistics Viewer.
3. Before we dive in, take a look right at the top of the window, and you'll see some toolbar
options: One day graphs, One month graphs and One year graphs. For now, we'll look at
the last month's statistics - so click One month graphs, as shown:
4. Let's
turn our attention now to the graphs themselves, which make up the bulk of the Statistics
Viewer. A few of them are crucially important, while some of the others are (let's be honest)
rather boring. And inevitably, they're not shown in any particular order, so I'll pick out a
couple of graphs it's worth keeping an eye on.
First of all, scroll down until you find the Percentage disk space used by events. Want to
take a closer look at the graph? Then click on the teeny-tiny little "+" icon you'll find in the
top-right corner:
252 CONFIDENTIAL
The graph will pop out into a new window. Here's what it looked like on the system I was
using:
That looks alarming, until you think to check the scale on the left-hand side. The line's
climbing upwards - but it's still only reached 7% of the available space. If your Metaswitch
kit is new, you might well see a graph like this one as your system comes under load.
Nothing too disastrous happens if this hits 100%, but you'll start to find there are missing
records in Service Assurance Server. In Task 2, we'll see how to fine-tune settings if this
becomes a problem.
5. When you're ready, close this window to go back to the Statistics Viewer.
6. Scroll down now to the very bottom graph, Event lifetime. Once again, click the "+" button
to pop it out and see it more clearly.
In its default configuration, Service Assurance Server will keep hold of records for 7 days...
unless it runs out of disk space and needs to make room for new ones. The Event lifetime
graph tells you the number of days' worth of events which were actually available over the
preceding period. Putting it another way, that's how many days you could look back in time
using Service Assurance Server, to diagnose a problem that happened in the past.
For example, suppose the graph shows that the event lifetime has varied between 5 and 7
days. That means you'd always have been able to diagnose a problem which happened up
to 5 days ago - and sometimes up to 7. Again, we'll talk in Task 2 about the configuration
options which affect this figure.
7. Close the pop-out window and go back to the Statistics Viewer.
8. Up at the top of the main Statistics Viewer window, click the Event processing tab. The
graphs you'll see on this new tab tell you how much raw data is flowing into Service
Assurance Server, and how much of a backlog it's built up dealing with them.
A key statistic here is the Maximum event queue length, which is actually expressed as a
percentage of the longest queue length your server can support. If this number is hovering
close to 100%, or if you start to see events being discarded, you might need to consider
upgrading your hardware. Your Metaswitch support rep will be able to offer advice.
CONFIDENTIAL 253
9. By the way, just like the rest of MetaView Explorer, the Statistics Viewer has real-time help
in the bottom pane. So if you're curious about a graph I haven't covered here, just click it
with the mouse. The applicable help will automatically scroll into view.
10. When you've finished looking around, feel free to close the Statistics Viewer window.
Checkpoint: You've checked out the performance of your Service Assurance Server. Hopefully,
everything's going smoothly! But in the next Task, we'll see how to fine-tune some options, just
in case you have any problems in the future.
Task 2: Manage your Service Assurance Server's capacity

Your Service Assurance Server needs to process a lot of data, and respond to the unique
demands of your particular environment. So - like a high-performance engine - to get the most
out of it, you might need to tinker with its tuning. In this Task, we'll delve into the Craft system
to tweak a couple of dials.
1. Log on to your Service Assurance Server's Craft terminal, in the way I showed you a couple
of Lessons ago.
2. Once you're logged on, you'll see this menu:
[Main] [=]
1 Diagnostics Application > Diagnostics Application
administrator function
2 Software > View / Upgrade Service Assurance
Server software
3 Admin > Platform administrator function
3. Select Admin.
You'll see a menu with a range of options, many of which will be familiar by now: Start,
Stop and Gather Diagnostics, for example, work just like the similar menu items
we've seen on other servers. In this task, though, I'm focusing on some specific options
buried deep within the Craft menus.
4. So, starting from the Admin menu:
• select Settings
• then select Capacity.
5. Here's what you should be looking at.
[Main->Diagnostics Application->Settings->Capacity] [=1 6 1]
Manage database capacity configuration
1 View View system settings for capacity and aging
2 Change Change system settings for capacity and aging
6. To check what's already configured, select View (and then OK when you're asked to
confirm).
Here's a typical result:
254 CONFIDENTIAL
Total % of system capacity available to the database: 50
Length of time to store a given event, in days: 7
7. As you can see, there are two levers available for you to pull.
• The second one's the easier to understand, so we'll look that that first. The Length
of time to store a given event is how long Service Assurance Server will
hang onto details of a call, just in case you need to go back and take a look at them.
The default's 7 days - so you can check out things which happened up to a week ago.
Obviously, the longer you keep records, the more disk space you need. If your statistics
consistently show that you have disk space to spare, you might choose to increase this
number, but watch out! Storing more records will increase the time it takes to search
for a particular call.
• The first option, % of system capacity available to the database, is the
proportion of hard disk space the Service Assurance Server is allowed to consume. If it
fills up this much space, it'll have to delete things early.
Why limit how much space it can use? Because the hardware which runs your Service
Assurance Server normally also runs your MetaView Server (and a few other bits and
pieces besides). To stop your Service Assurance Server hogging the disk space, you
must ring-fence a certain amount for its use.
The statistics we saw in Task 1 reveal the Event database disk usage - how close you
are to using up this ring-fenced allocation - but also the System disk usage, which is
how full the disk is overall. If your event database is getting full but there's plenty of
system disk space to spare, you might consider increasing the allocation.
8. OK, we've understood those configuration options... so how do we change them? It's
simple: press Enter to get back to the Capacity menu, then choose the Change option.
I won't walk you through this, because it's very straightforward. You're asked to type in two
numbers, one for each of the settings, and then (as always) invited to confirm.
Assuming that you don't actually want to change your configuration just now, select
Cancel at the confirmation prompt to return to the menu.
9. That's the end of this Task, so it's good practice to log out of the Craft terminal.
Checkpoint: Now you know how to tune your Service Assurance Server to keep it in tip-top
shape.
CONFIDENTIAL 255
256
CONFIDENTIAL
Troubleshoot common problems
Introduction
Troubleshooting! It's a fact of life. As you work through this guide, and certainly as you run
your service over the coming months and years, you're bound to come up against occasional
problems which you'll need to investigate and resolve.
In this Lesson, I'll explain how to tackle a glitch with the help of our Troubleshooting Guides.
And in the next Lesson, I'll show you how to get help and inspiration from other Metaswitch
users, by asking a question in the Metaswitch Support Community.
Not for emergencies!

We hope this will never happen - but if you encounter an urgent issue which disables your live
service, you shouldn't waste time reading Troubleshooting Guides. In that scenario, it's best to
send for help right away. Call 24x7 support on page 275 tells you how.
Start here
• find the Troubleshooting Guides on Metaswitch Communities
• use the Guides to investigate and resolve common problems.
Task 1: Find the Troubleshooting Guides

You'll find the Troubleshooting Guides in the Support Community, one of the four areas of the
Metaswitch Communities self-help website. Here's how to get there.
1. Log on to Metaswitch Communities. If you don't have an account or you don't remember
how to log on, Sign up for Metaswitch Communities on page 9 will fill you in.
2. From the Communities front page, choose the Metaswitch Support Community - the first
one in the list below:
CONFIDENTIAL 257
3. Once you've landed in the Support Community, scroll down a little, and find the box telling
you how to Find your way round:
4. Click the link for the Troubleshooting Guides.
Note: Once you're familiar with Metaswitch Communities, you can also go straight to many
sections - including the Troubleshooting Guides - using the sitemap on the left-hand side of
the homepage.
Checkpoint: You now know where to find the Troubleshooting Guides. In the next Task, we'll
take a closer look at how to use them.
Task 2: Choose and read a Troubleshooting Guide

On first glance, I wouldn't blame you if you found the troubleshooting page a little intimidating.
At time of writing, there are over 70 Troubleshooting Guides to choose from - and we're adding
more all the time. Look more closely though, and it's actually quite easy to find your way
around.
1. Scroll down the page until you find the section titled Troubleshooting Guides. (There's a
long list of them - you can only see the first handful in this screenshot.)
2. You'll find that the Guides cover a range of topics, including some which aren't relevant to
your particular circumstances. For example, you can disregard:
• Guides which apply to products you don't have, such as MetaSphere EAS, CommPortal
and SIP Phone Provisioning Server
• Guides which refer to Class 5 functions, like conferencing.
258 CONFIDENTIAL
3. But you'll still find a host of assistance for Class 4 deployments like yours. Here's just a tiny
sample of the guides available...
4. Click on any one of the Guides to read it.

5. In most Guides, you'll find a list of tests to carry out, and then some specific scenarios to
explore:
Throughout the guides, wherever you see a green "+" sign, you can click it to expand and
read more about your chosen topic.
6. Even if you're not able to resolve the problem using the Troubleshooting Guide, be sure to
check out the Next Steps you'll find at the bottom. Based on what you've discovered so
far, they'll recommend the most helpful information to collect and pass to your support rep.
Checkpoint: You now know how to find and use a Troubleshooting Guide.
CONFIDENTIAL 259
260
CONFIDENTIAL
Get help from other members of Metaswitch Communities
Introduction
You've checked this manual, you've checked the Troubleshooting Guides... but there's still
something you don't quite understand about your Metaswitch system. Perhaps someone with
a little more experience could help? That's when Metaswitch Communities truly comes into its
own.
Up to now, we've been treating Communities as a place to find information. But it's much more
than that! As its name suggests, it's also a vibrant community of Metaswitch users, many of
whom are more than willing to offer a helping hand to their peers.
Let's see how to reach out to them.
Start here
• find the right place to Ask The Community a question
• browse and respond to other users' questions
• pose your question and handle replies.
Task 1: Find the Ask The Community space

Questions and answers are the most popular types of posting on Metaswitch Communities,
so we've created a specific area - known as a space - exclusively dedicated to them. We've
called it, straightforwardly, Ask The Community.
Here's how to find it.
1. Log on to Metaswitch Communities, just like you did in the previous Lesson.
If you're already logged in, you can click on Metaswitch Communities in the breadcrumbs
at the upper left of the screen to go back to the homepage.
2. From the Communities homepage, choose the Metaswitch Support Community - the first
CONFIDENTIAL 261
3. Once you've landed in the Support Community, look for this box. It's right at the top of the
page.
4. Read through the options (they're all worth knowing about!), then click on Ask The
Community.
Here's what you'll see...
Checkpoint: You've found your way to the Ask The Community space.
262 CONFIDENTIAL
Task 2: Browse some questions
Now, I know that you're here to ask a question... but it's considered bad "netiquette" to dive
straight in. So before you speak up, let's take a moment to check out the Community, and see
what some other members are discussing right now.
1. You should be looking at the Ask The Community page. Scroll down that page a little way,
and find the section titled Here's what the Community is asking.
This is a selection of real questions I found on Ask The Community today:
2. Click on a question or two, and get a feel for what people are currently discussing. You'll
find a real mix of members here: some of them running Class 4 deployments like yours, and
others providing direct services to thousands of individual subscribers.
Here, immortalized forever in this guide, is a typical question from the latter group.
3. If you're lucky, you might even see a question you can answer. In that case, don't be shy!
Click the Reply link - down in the bottom-right of that last screenshot - and give your fellow
Communities members a helping hand.
4. When you've got a feel for discussion in the Community, head back to the Ask The
Community page to get ready for the next Task.
Checkpoint: You're now familiar with the types of questions that appear on Ask The Community.
Task 3: Ask your question

Feeling at home? Then let's go ahead and post your question.
1. Provided you're back on the Ask The Community front page, posting your question couldn't
be simpler. Just scroll to the top, and click right here...
CONFIDENTIAL 263
2. Then go ahead and ask your question.
Remember, the more care you put into your question, the more likely you are to get a
helpful focused answer. Here are three tips for the best results:
• Give your question a specific, informative title. (The title goes in the box marked 1 in the
screenshot above). More people will click to read your question if they have a clear idea
what you're asking about.
• Turn on the checkbox labeled Mark this discussion as a Question (number 2 in the
screenshot). As well as giving your question a distinctive icon, this means Communities
members can score points by answering, which encourages regular contributors to
chip in.
• Include as much detail as you can in the body of your message (labeled 3 above). The
more you're able to explain, the more likely it is that people can help you. Think about
what you'd need to know if you were working on this problem for someone else.
3. When you've finished crafting your question, scroll down to the bottom and click Post
message.
4. Sit back and wait for a reply.
And when someone does reply...
264 CONFIDENTIAL
...don't forget to follow up! If they've given you the information you were looking for, click
the Correct Answer button (see it at the bottom of that screenshot above). It's a nice pat
on the back for the person who helped you, and it tells the rest of the Community that you
don't need assistance any more.
Checkpoint: You've posted your question to Ask The Community. Keep an eye out for a reply!
CONFIDENTIAL 265
266
CONFIDENTIAL
Raise a ticket with Metaswitch Support
About tickets
In the last couple of Lessons, I've looked at ways you can find your own solutions to issues
affecting your Metaswitch deployment. Occasionally, though, you'll run up against a problem
you can't resolve through our self-help guides... and when that happens, it's time to call in
Metaswitch Support.
If you do need to raise an issue with your support representative, by far the best way is to
create a ticket. I know that it's tempting just to fire off an email, but tickets really are the right
tool for the job - they ensure that nothing's accidentally overlooked, and they guarantee that
it's always clear who's responsible for taking the next step.
Start here
• find Your Tickets, the area of Metaswitch Communities dedicated to communication with
your support rep
• create a ticket to report a problem or issue
• add information to an existing ticket, or upload files
• close the ticket once your issue's been resolved.
Task 1: Find the Your Tickets page

You can communicate with Metaswitch using a special area of the Support Community, called
Your Tickets. In this Task, we'll see how to get there.
1. Just like the last Lesson, log in to Metaswitch Communities and go to the Support
Community.
2. Once you're in the Support Community, look for this box. It's right near the top:
3. Click on Check or raise a ticket to go to the Your Tickets page.

Checkpoint: You're in the right area of Metaswitch Communities, and ready to create a ticket.
Task 2: Create a new ticket

Now that you're in the right place on Metaswitch Communities, the next step's to create a
ticket. This is a little bit like sending an email - but with some added structure, to make it easier
to collect together all the information your support rep will need.
1. On the Your Tickets page, click the New Ticket button. It's here:
CONFIDENTIAL 267
2. Look over on the right-hand side of the window, and you'll see that the following form has
appeared.
The form's simple enough... but in the heat of the moment, it's easy to forget an important
detail! So in the next few steps, I'll guide you through exactly what you'll need to fill in.
3. In the Ticket Summary, try to describe your issue in a few words. For example, "SIP-to-
ISUP calls sometimes fail to connect" or "Alarms from Call Feature Server not displayed in
MetaView Explorer".
Avoid generic summaries like "Metaswitch" or "SIP problem" - even if that's clear enough
to you, it'll make life harder for your support representative.
4. Your name and email address will be filled in automatically. You'll get an email every time
there's an update relating to your ticket.
268 CONFIDENTIAL
If you'd like someone else within your company to receive copies of those emails, then you
can add additional addresses to the Customer Email(s) field. They need to be separated by
semicolons, for example: jane.doe@example.com;richard.roe@example.com.
Note: You don’t need to add any Metaswitch email addresses to the list. Your customer support
rep is emailed automatically.
5. Choose your assessment of the Priority of the problem, from 1 (highest priority) to 4 (lowest
priority).
6. The Customer Keywords and Location are for your own reference. Fill them in if you'd like
to, or leave them blank if you've no specific notes to add. Later on, if you want to, you'll be
able to search for tickets using the keywords you've entered here.
7. Be sure to choose the appropriate Product - typically MetaSphere CFS (Call Feature
Server), MetaSphere UMG (Universal Media Gateway) or MetaView.
8. In the Ticket Information space, type a description of the problem: whatever you want to
tell your support representative. The more relevant information you can provide here, the
less likely it is your support rep will need to come back with questions, and the faster your
problem could get resolved.
Needless to say, the exact details depend on the type of issue you're reporting. However,
here's a list of some things you should definitely include:
• The version number of your software.
• Any relevant history of the system. Have there been any recent upgrades or patches?
• The unusual behavior you're seeing. What did you expect to happen instead?
• The exact wording of any error message you see.
• How often the issue's occurring. If it's ongoing, does it happen all the time or is it
intermittent? And have you ever experienced a similar issue before?
• An explanation for the Priority you've chosen. What is the service impact? Is this a lab
or a production system?
• Any steps you've already taken to try to resolve the problem. What (if anything) changed
as a result?
9. When you've finished filling in the form, check your new ticket over carefully. Is there any
additional useful information you could provide?
10. Once you're sure you've included everything, click the Add Ticket button at the bottom of
the window.
11. Over in the left-hand column, notice how your new ticket is now listed as Open and
Assigned to Metaswitch Support:
Checkpoint: You've created a ticket to describe your problem, and assigned it to your support
representative for investigation.
CONFIDENTIAL 269
Task 3: Add further information or upload a file

You've created a ticket, but that isn't necessarily the end of the matter. Your support rep might
get back to you with a question, or you might simply think of something you want to add.
What's more, you can upload files to a ticket - such as the diagnostics bundles I'll talk about
in coming Lessons.
1. For the moment, I'll assume you're adding something to the ticket you created during Task
2. As I mentioned at the end of that Task, the ticket will be listed in the sidebar on the left,
under Open Tickets assigned to Metaswitch Support.
In the real world, it's just as likely that your Metaswitch support rep will have looked at the
ticket, and sent it back to you with a question or request. In that case, you'll still find it in
the sidebar - but it'll be under Open tickets assigned to (your company name) instead.
Note: If you’ve carried straight on from the previous Task, the ticket you created will already be
selected (and highlighted in yellow). If you’ve come back to the page on a later occasion,
make sure it’s selected by clicking it.
2. Here's what you'll see now on the right-hand side of the page.
270 CONFIDENTIAL
Note: To simplify this screenshot, I’ve closed up the More details section at the bottom. So on your
screen, you’ll see a few more fields than are shown here.
3. Sometimes, you might want to add a note to an existing ticket - because there's been a
new development, to answer a question, or just because you've remembered something
you forgot to say (don't worry, it happens!)
To do that, simply type your note in the New Information box, marked 1 on the screenshot
above.
4. You can also attach files to a ticket. This is the best way to get detailed logging information
to your support rep - we'll see the kinds of files you might gather and send over the course
of the next few Lessons.
To attach a file, click the "+" button next to Add files (near to the label 2 on the screenshot).
It'll expand to a familiar-looking interface, where you can select up to 10 files from your
computer to upload to the ticket.
CONFIDENTIAL 271
Note: As you’ll see from that note at the bottom of the form, the largest file you can upload is
100MB - though you can upload multiple files totaling more than 100MB, if you attach them
one at a time. If you do need to send a single file larger than that, then mention the issue in
your ticket, and your support representative will arrange to download it directly from your
system.
5. When you've finished making your changes, click the Update button at the bottom of the
screen.
But it's important to choose the right Update button. Normally, you'll be expecting your
support rep to take the next step. In that case, you need to click Update / assign to
Metaswitch:
Sometimes though, you might be making a "note to self", and the next action's still with you.
Under those circumstances, use the button marked Update / assign to (your company
name). Tickets awaiting action from your company appear in a separate section at the top
of the sidebar on the left.
Checkpoint: You've added a note to your ticket, or uploaded and attached a file.
Task 4: Close or resolve a ticket

Finally for this Lesson, we'll look at the end of the process: how you dispose of a ticket once
it's been addressed, fixed, explained or generally "done".
Before get started with this Task, you'll need to know exactly what we mean by closing or
resolving a ticket. The two terms are similar, but they have slightly different meanings.
• Closing a ticket means it's completely "finished", and you don't want to see it again. (If
you change your mind, you can expand a list of closed tickets at the bottom of the Your
Tickets page.)
• Resolving a ticket means you still want to track it, but don't believe any further action
is required. Often, your support rep will resolve a ticket, but leave you to make the final
decision about whether to close it.
OK! Let's go ahead and see how you actually do it.
1. You can close or resolve a ticket at any time. But the most likely time is just after your
support rep has made a comment, and sent the ticket back to you.
As we saw in the previous Task, open tickets are listed in the sidebar on the left of the Your
Tickets page. If a ticket's waiting for attention from you, it'll be at the top of the sidebar, in
one of these two groups (with your company name in place of the blurry bit):
2. To start responding to a ticket, just click on it. Like in the last Task, it'll appear over on the
right-hand side.
3. Sometimes, you'll simply want to add a message to a ticket - for example, if your support
rep's asked you a question. We covered how to do that in the last Task. Just type in the
New Information box, and click the relevant Update button.
272 CONFIDENTIAL
4. But if you want to resolve or close the ticket, you'll need to scroll a bit further down. Here's
what you'll see at the very bottom of the ticket:
5. To resolve a ticket, turn on the Resolved? checkbox (labeled 1 in the screenshot). It would
be unusual to send a resolved ticket back to Metaswitch, so almost always, you'll then click
Update / assign to (your company name).
If you're assigning it back to yourself, what's the point of marking it resolved? Let's look at
this screenshot again:
Resolving a ticket and assigning it back to yourself will move out of the list of Open tickets,
and into the list of Resolved tickets. Remember, resolved tickets are ones that aren't quite
"finished", but need less active monitoring than open ones.
6. To close a ticket, just click the Close button (labeled 2 in the screenshot). Once you've
done that, the ticket's out of your life! ...unless of course you re-open it again, which you
can do at any time.
Checkpoint: You now know how to respond to an update to a ticket, and to resolve or close it
once the issue's been addressed.
CONFIDENTIAL 273
274
CONFIDENTIAL
Call 24x7 support
Call 24x7 support
Introduction
In the last Lesson, I showed you how to raise an issue with your support representative by
creating a ticket. That's the right way to highlight almost any problem with your Metaswitch
system, and you can - of course! - expect a prompt response to your ticket from our industry-
leading support team.
But for the most urgent and critical problems, Metaswitch also offers a telephone 24x7 support
service. I hope you'll never need to use it, but it's still best to be prepared... so in this Lesson,
I'll explain what 24x7 is for, and how to call it out in an emergency.
What 24x7 support is and isn't

Metaswitch's 24x7 support service is available to deal with urgent, unexpected emergencies,
which have a major impact on your live service.
Invoking 24x7 is like calling out the fire service - you shouldn't hesitate to do it, but nor should
you do it lightly. So here are a few points to bear in mind.
• 24x7 support is only for urgent problems with production systems. It isn't for test systems,
lab systems or servers which haven't been turned on yet. And it's only for problems which
are affecting a major feature for a significant number of people.
• 24x7 support isn't there to assist with scheduled maintenance, even if things go wrong.
If you're planning something like an upgrade, your support representative can book a slot
with our out-of-hours support service, who'll be on standby to help if any problems
arise. Because this is planned in advance, it isn't the same as 24x7, and you'll be given a
different set of instructions for invoking it.
• 24x7 support may not provide a complete resolution to the problem. The objective of 24x7
is to get your system back into a serviceable state, possibly by applying a workaround; your
normal support representative will follow up the next business day.
Start here
• refer to the Metaswitch Communities website for the current 24x7 procedure.
Task 1: Find the procedure on the Communities website

If you do ever need to invoke the 24x7 service, it's essential to follow the most up-to-date
instructions. If I described them here, they could get out of date - so instead, I'll show you how
to find the most recent procedure on Metaswitch Communities.
Warning! Be sure to check these instructions before you experience a 24x7 issue. In particular, bear in
mind that to follow them, you'll need to know the password for your Communities account.
1. Log on to Metaswitch Communities. If you don't have an account or you don't remember
how to log on, Sign up for Metaswitch Communities on page 9 will explain.
2. From the Communities front page, choose the Metaswitch Support Community - the first
CONFIDENTIAL 275
Call 24x7 support
3. Once you've landed in the Support Community, look for this box. It's right at the top of the
page.
4. Choose the first option from that box, call 24/7 support.
Checkpoint: You now know how to call on 24x7 support in an emergency.
276 CONFIDENTIAL
Diagnose network problems by snooping IP trace
Introduction
Are you flummoxed by a complex networking problem? Do you suspect something's wrong
with a router or firewall, but lack firm evidence to track the problem down? Then it's time for IP
trace. Using IP trace, you can poke around in the details of the traffic flowing to and from your
Call Feature Server, collecting all the raw data you could possibly want to analyze (and usually,
a whole lot more).
In essence, IP trace is network-level eavesdropping - you're listening in on an active dialogue
between your Call Feature Server and someone else. For this reason, the practice is often
described as snooping.
When would you do this?

Snooping is useful if you need to diagnose a network issue, particularly one which prevents two
switches (or any other two things) contacting each other at all.
But first things first: IP is the Internet Protocol, so IP trace is only relevant for Internet-based
protocols like SIP. You might also use IP trace if your Metaswitch servers are having trouble
communicating with each other - because those connections are all over IP.
By its very nature, IP trace is low-level, and it's most useful to networking greybeards working
on obscure connectivity problems. Examples might include an ARP issue, where a capture of
ARP on the LAN can yield additional information, or a firewall misconfiguration, when the ICMP
can hint at the cause. If you didn't understand that last sentence, then IP trace may not be for
you.
You shouldn't reach for IP trace just to check call flows - that is, to see the specific protocol
messages passing back and forth between two switches. Service Assurance Server is a much
better tool for that particular job.
Note: Just so you know, if you have a Perimeta session border controller in your network, it can
collect IP trace as well. This is especially useful if you want to inspect call media, or other
traffic which isn't destined for your Call Feature Server. As you know, I'm not discussing
Perimeta in detail in this guide - but you'll find full instructions in its own documentation.
Warning! There will be a lot of IP traffic on your network, so you could potentially generate a lot of IP
trace. If you do, then its sheer volume will place significant load on your Call Feature Server's
disk and CPU. To avoid affecting your live service, it's essential to capture the absolute
minimum trace required to diagnose your problem. I'll explain how to do that filtering later in
this Lesson.
Start here
• watch IP trace in real-time, using the Craft terminal
• save IP trace to a file, for analysis with a tool such as Wireshark.
Task 1: View IP trace in real time

To make this Task a concrete one, let's think about a real scenario. We'll imagine you're having
difficulty with SSH connections from your PC.
CONFIDENTIAL 277
1. Log on to the Craft terminal on your Call Feature Server.
Note: OK, yes, I know - this involves SSH, and I’ve just asked you to imagine that SSH isn’t
working. But shush! It’s just an example. And there’s a reason why tracing SSH connections
makes for a particularly good illustration - I’ll reveal all at the end.
2. Drill down as follows:

• select the Diagnostics menu, then
• select the Real time IP command.
3. Craft will now ask you a series of questions, which I'll cover in the following steps.
4. Specify the IP address of the device to snoop (optional).
Here's the first and most important way to filter the amount of IP trace you're collecting.
If you type an IP address here, the trace will capture only messages going to or from that
address.
It says it's "optional", but unless you absolutely have to, you shouldn't leave this blank.
Snooping all traffic will place a horrendous load on your Call Feature Server's disk and
CPU, certainly enough to have a significant impact on your service.
In our imagined example, we need to listen out for messages involving your own PC - the
one you're running your SSH client on. So type in its IP address.
Note: You may not happen to know your PC’s IP address, but I’m hoping you know how to find it
out. If you don’t, then I’m afraid you probably don’t have the background you need to make
much sense of IP trace.
5. Specify the traffic type to snoop.

You'll see this question if you're using VLANs, as described in Find your way around your
network on page 25. In our example, SSH traffic is on the management network - so
that's the option to choose.
6. Specify the IP address of this server or gateway (optional).
This oddly-worded question is asking which IP address you want to perform the snooping.
Remember, your Call Feature server has multiple processors, and therefore multiple IP
addresses available to use.
For this example, and in fact for most purposes, you can just press Enter - in which case
it'll use the shared virtual IP address.
7. Specify the port number to snoop (optional).
Again, this is an important way to limit the amount of IP trace that's generated. The port
number for SSH is 22, so that's what to enter now.
8. SIP: Specify the dir. number or username of the user to filter on
(optional).
For SIP traffic, and only for SIP traffic, your Call Feature Server can dip into the IP packets,
and pick out only the ones relating to a particular directory number or username. Replying
to this question also implicitly says that you only want to hear about SIP messages (and
not any other type of traffic).
In our case, we're not interested in SIP. So you must press Enter without typing anything
- otherwise you'll get no output.
9. Specify the protocol to snoop.
278 CONFIDENTIAL
Here you get to choose whether you monitor TCP, UDP, or both. In our case, we may as
well just pick All. (In practice we know we're going to get TCP traffic, but I suppose it's
just about possible there might be stray UDP packets to find.)
10. That's the end of the questions. As always, Craft reminds you of your choices and asks
you to confirm.
Warning! Before you do confirm, make a mental note of the following: if, for any reason, you need to
stop the IP trace in a hurry, press Ctrl+C.
11. Ready? Go ahead and select OK.

12. You'll see a stream of IP messages like this one flowing up the screen...
unrecognized packet:
12:43:34.689124 00:13:3e:00:87:a0 > 00:00:5e:00:01:0f, ethertype
IPv4 (0x0800), length 1394: `203.0.113.18` > `203.0.113.29`.50109:
Flags [.], seq 5132816:5134156, ack 4897, win 759, length 1340
0x0000: 0000 5e00 010f 0013 3e00 87a0 0800 4510 ..^.....>.....E.
0x0010: 0564 4494 4000 4006 06e8 0ae8 1e04 ac15 .dD.@.@.........
0x0020: 1507 0016 c3bd 5692 ee4d 82c6 9bad 5010 ......V..M....P.
0x0030: 02f7 d354 0000 4de0 6169 0434 15fe 31c8 ...T..M.ai.4..1.
0x0040: 166c 74e2 b47c 1192 b473 ee47 eb3f 5eef .lt..|...s.G.?^.
Note: The “unrecognized packet” at the start isn’t anything to worry about - it just means it’s not a
type of packet your Call Feature Server knows how to interpret.
13. And that, right there, is IP trace. When you've seen enough of it, press Ctrl+ C and then
Enter to return to the menu.
Note: Incidentally, have you thought about why there's a constant stream of traffic on port 22? It's
because the very act of displaying the trace generates some more traffic to be traced - so
the process goes on forever, like a dog chasing its own tail. That's the reason I chose to trace
the SSH protocol for this example. If you figured that out back at the start of the Task, then
congratulations, you're a sharp cookie.
Checkpoint: You now know how to watch real-time IP trace - and just as importantly, you know
how to limit the amount of trace you capture, to minimize disruption to your system.
Task 2: Download IP trace

As well as watching IP trace in real-time on your Craft terminal, you can also write it out to files,
ready to download and process offline. This is particularly helpful if you're familiar with tools
like Wireshark, whose very purpose is to load up IP trace and make it easier to find your way
around.
I won't go through this Task in detail, because it's so similar to the previous one... and if you're
the type of person who's happy working in Wireshark, then you're definitely not the type of
person who needs step-by-step advice on how to use FTP. Here are the main points.
1. From the Diagnostics menu, instead of choosing Real Time IP, go for Gather IP.
2. You'll be asked for a filename. As the Craft terminal points out, you have two choices:
• pick a filename ending in .txt, and you'll get one big file with all the trace in (to view
in Notepad, say)
CONFIDENTIAL 279
• pick any other filename, and you'll get a series of files suffixed from 0 to 39 (to import
into a tool like Wireshark).
Warning! If you’re running two IP traces at the same time, don’t choose the same filename for both
of them. I know it sounds obvious... but perfectly sensible people have come a cropper that
way in the past.
3. The rest of the questions are exactly the same as you saw in Task 1.
4. Also like in Task 1, to finish tracing, press Ctrl+C.
5. To retrieve the files:
• log onto your Call Feature Server over SFTP, with the username and password you use
for the Craft terminal
• change to the ftp directory
• and download the file(s) with the filename you specified at the start.
6. That's all there is to it!
Checkpoint: You now know how to download IP trace for processing in your favorite application.
280 CONFIDENTIAL
Obtain API trace for your support representative
Introduction
Of course, we hope that nothing will ever go wrong with your Metaswitch system. Of course,
we hope you'll never have cause to rely on our world-leading support services. But of course,
we know that no product's perfect, and one day you might hit a problem which needs our help
to solve.
When that day comes, your support representative may ask you to collect API trace. In this
Lesson, I'll explain exactly how that works.
When would you do this?

API trace is a record of messages passing across your system's internal interfaces (also
known as APIs). Because API trace deals with Metaswitch internals, it's only really helpful to
Metaswitch engineers.
But it's still worth your while knowing about it, because your Metaswitch support rep might ask
you to collect API trace when he or she is working on a problem. And after all, though you may
never experience an issue which requires API trace, it's reassuring to know you're prepared.
How API trace works

API trace isn't turned on by default - the volume of data generated would be far too large.
Instead, when you realize you need API trace to diagnose a problem, you can selectively
enable it just where it's required. For instance, you can enable API trace for a specific SS7
switch; you'll then get trace for all MTP3 and ISUP flows to that switch, regardless of the
signaling route they use.
To turn on API trace, you can set a special field on certain objects in MetaView Explorer. This
Lesson will touch on a few example objects, but your Metaswitch support rep will give you
specific instructions if the need arises.
It's possible that you'll need to trace more than one problem at the same time. To help keep
things organized, you'll be asked to specify a tag each time you enable API trace on an object.
You can give the same tag to different traces intended to diagnose the same problem - and
then you can easily gather just those traces into a single downloadable file.
Start here
• enable API trace
• use the Craft terminal to package up the API trace for download
• download the API trace, ready to send to your support representative
• check to see which objects have active API trace, and turn off trace when it's no longer
required.
Task 1: Turn on API trace for a particular object

The first step in using API trace is, naturally enough, to turn it on. Remember, API trace is
enabled selectively. There's no system-wide setting; instead, you activate it one object at a
time.
1. Using MetaView Explorer, find the right object to set the API trace.
CONFIDENTIAL 281
This is where your support representative will step in to provide the details. But here are a
few examples:
• To view all MTP2 signaling on an SS7 link, you'll be asked to set the API trace on the
Signaling Cross Connect object on the Universal Media Gateway.
• To view all MTP3 and ISUP to an SS7 destination, you'll be asked to set the API trace
on the Signaling Destination object, beneath the appropriate Signaling Gateway on
the Call Feature Server.
• To trace a SIP call, you'll be asked to create a new object specifying a particular called
or calling number. That object goes beneath SIP Call Diagnostics on the Call Feature
Server, like this:
2. There are many more possibilities, but whichever object you're working with, the basic
technique is the same. In the Details pane for the object in question, you'll find these
options:
• Ignore the field called Logging - log level. That's unrelated to API trace.
• Set API trace - enabled to True.
• Type in an API trace - trace tag. This is just a word or phrase you can use to identify
this particular problem. Something like dropped_calls or issue123 is fine. If you're
setting API trace on more than one object for the same problem, use the same tag for
each of them.
3. As always when changing objects in MetaView Explorer, don't forget to click Apply. In
some cases, you'll be asked to confirm that you really meant to enable trace - usually when
there's the potential for the volume of trace to slow your system down.
That's all you need to do to activate API trace.
Checkpoint: You're now collecting API trace for the object or objects of interest.
Task 2: Reproduce the problem

Having activated the API trace, you'll be in the unusual situation of wanting the problem to
happen again - or reproduce, in engineers' jargon.
282 CONFIDENTIAL
You might think this would be the simple part, but as all experienced technicians know, faults
are stubbornly reluctant to show themselves when you're actually looking for them. The good
thing about API trace is that there's no need to force the issue: you can leave it running as long
as you need, while quietly waiting for the problem to recur.
Once you become aware that the issue's reproduced, you can move on to the next Task. You'll
just need a rough idea of when the problem surfaced again.
Did you know? One of the most notorious faults ever to affect a computer system, the
"Therac-25 bug" cost the lives of at least three radiotherapy patients in the mid-1980s. The
deadly bug surfaced only when an operator made a careless data-entry mistake, and then
immediately corrected it. Tragically, the very act of methodical testing would have prevented
engineers from reproducing this particular scenario.
Checkpoint: The fault has reproduced in the time since you turned on API trace, and you know
roughly when it happened.
Task 3: Gather API trace for download

Because the fault has recurred in the time since you turned on API trace, your Call Feature
Server should now have logged trace which captures the problem. However, there'll also be
a large quantity of trace that's completely irrelevant, because it covers a period of time when
everything was running normally.
So, the next step is to gather just the necessary of trace, ready to send to your support
representative.
1. Log on to the Craft terminal on the server which collected the trace.
This is normally your Call Feature Server, but if you've been collecting trace on a Signaling
Cross-Connect object, it will be on your Universal Media Gateway instead. Your support
representative can advise you if you're unsure.
2. From the Main menu, select Diagnostics.
You'll be looking at the following.
[Main->Diagnostics] [=3]
Retrieve Diagnostic Information
1 List diagnostics List details of available
diagnostics
2 Real time API trace Display API trace as it happens
3 Gather API trace Gather formatted API trace
4 Gather Historical API trace Gather API trace between two
times
5 Gather most recent trap Gather most recent trap
6 Gather specific trap Gather specific trap
7 Gather current diagnostics Gather current diagnostics
8 Delete trap Delete trap
9 Call Logs > Call Logs Functions
CONFIDENTIAL 283
10 Real time IP Display IP message flow.

11 Gather IP Gather IP message flow.
12 Real time term events Display termination events
13 Generate a core file Generate a core file
14 Media Recording > Manage Media Recording Settings
3. From this menu, pick Gather Historical API trace.
Note: Be sure to select Gather Historical API trace, not plain old Gather API trace.
I’m not going to talk about the “plain” option in this guide; the “historical” version does
everything the “plain” one does, and more besides.
4. Now you'll be prompted to work through the usual questionnaire.

• First, Craft will ask you for the start and end times for your log extract. Remember, these
are times in the past. The API trace has already been collected - you're just picking out
the bit you want to look at.
The format to use is year:month:day:hours:minutes. For example, 12 noon
on 7 March 2014 is 2014:03:07:12:00. You can miss out the date if you're talking
about today, so 10 o'clock this morning is just 10:00.
• Next, it'll ask you how much detail to display. Your support rep may have told you what
to say here. If they haven't, you can't go wrong with Verbose and More Data
mode.
• Then, you're asked which interfaces you want to see. Again, unless your support rep's
said something different, go for the max and select Show all interfaces.
• Finally, you can specify a list of tags you want to include. Type in the tag you used
during Task 1. In a complex scenario where you want to include two or more tags, you
can separate them with commas: cuthbert,dibble,grubb.
5. As always, Craft asks you to check your input and select OK.
6. Now, you might at this point see the message:
There is no API trace matching your filters and covering the period from (whenever to
whenever).
7. If that happens, there are three possibilities. You could have made a mistake filling in the
questionnaire - so it's worth scrolling back to check what you typed in. Alternatively, you
might have slipped up when you turned on the API trace in Task 1; for instance, if you
mistyped the tag, you can salvage the situation now by mistyping it in the same way. Or of
course, it could just mean you didn't successfully reproduce the problem after you'd turned
on API trace.
8. If all's gone to plan, though, you'll see something like this:
Log files written to historical_trace_log_2014-01-18-12-00_
to_2014-01-18-16-00.tar.gz
Filtered text written to historical_trace_txt_2014-01-18-12-00_
to_2014-01-18-16-00.tar.gz
9. Take a rough note of the filenames (though as you'll see, they're pretty easy to figure out),
then press Enter to go back to the menu.
10. That's all you need to do in the Craft terminal. As always, it's good practice to log out.
284 CONFIDENTIAL
Note: By the way, you may have noticed that it's also possible to view API trace in real-time, within
the Craft terminal. However, as API trace is primarily intended for Metaswitch internal use,
this real-time option is really only of interest to our own engineers.
Checkpoint: The trace you need is now bundled up into two files, and waiting on your server
to be downloaded.
Task 4: Download the file

It's time to fire up your SFTP client again. By now, this ought to be second nature to you! So
I'll keep it brief...
1. Using SFTP, log on to the server where you gathered the API trace. The login name and
password are the same ones as you use for the Craft terminal.
2. Change to the ftp directory.
3. Download both of the files whose names you noted during Task 2.
4. Log out again!
5. Send the two files to your support rep.
Checkpoint: You've successfully gathered and delivered API trace. Hopefully, your support rep
will soon get back to you with a solution to your problem!
Task 5: Turn off trace when it's no longer needed

Like all kinds of logging, API trace places an extra load on your servers. So, when you've
resolved the problem you were addressing, it's best to turn API trace off.
But - in the relief of closing an issue - it's all too easy to forget. So in this Task, I'll show you how
to keep track of active API traces, and get rid of the ones you no longer need.
1. Back in MetaView Explorer's Tree pane, collapse all the open branches.
(This is to simulate what you'd see if you'd only just logged on. But it also refreshes the
object list in the Tree pane... so don't skip this step!)
2. Still in the Tree pane, drill down to your Call Feature Server (or Integrated Softswitch).
When you expand it, you'll spot that a new object's appeared: API Trace and Configured
Logging.
CONFIDENTIAL 285
You might also notice that the object has an Attend to Dependent alarm, indicated by the
yellow exclamation mark. This object is always alarmed, to remind you that API trace is on
and encourage you to turn it off as soon as it's no longer needed.
Note: The API Trace and Configured Logging object only exists when there’s at least one object
with API trace enabled. That’s why you’ve never seen it before. And in the future, if it’s not
there, then you’ll know there’s no API trace active.
3. Expand the API Trace and Configured Logging object, and then expand the object you'll
find below it. You should have found a link, indicated by this icon:
We briefly looked at links way back in Find your way around the object tree on page 41,
but I'd quite understand if you'd forgotten about them! Links in the Tree pane are pointers
to other objects, somewhere else in the tree. In this case, the link is pointing us towards
the place where the API trace is configured - and so, the place we need to go to turn it off.
Obviously, right now, that's not a terribly helpful feature. You remember (I hope!) the
object you worked with in Task 1. But on a busy system, particularly one with multiple
administrators, seeing all your API traces together in one place is a definite win.
4. Follow the link by double-clicking it. The tree will jump, and you'll be back at the object you
changed in Task 1.
5. Change the API Trace - enabled field to False. You can also clear the API Trace - trace tag
if you want to, but it's harmless to leave it filled in.
6. Click Apply in the normal way. API trace is now off again.
7. Right-click anywhere in the Tree pane and select Refresh. The API Trace and Configured
Logging object will have disappeared!
8. As I briefly mentioned in Task 3, most API trace is set on your Call Feature Server, but
there's one specific case where it's done on your Universal Media Gateway instead. So for
completeness, if you have a separate Universal Media Gateway (rather than an Integrated
Softswitch), repeat this Task to check there too.
Checkpoint: You've removed the outstanding API trace, returning your system to its normal
operating state. That's the end of this Lesson.
286 CONFIDENTIAL
Track down who made a configuration change
Introduction
It's happened to all of us, at one time or another. You're investigating a problem, and you
suddenly realize that there's been a configuration change - a change you weren't expecting,
and can't explain. Someone must have done it, and you'd like to know why. But who should
you call and ask?
Luckily, if the change was made using MetaView Explorer, it's relatively easy to find out. You just
need to check the audit logs on your MetaView Server.
Why would you do this?

Audit logs can help track down malicious actions, though I sincerely hope you'll never need to
use them that way. A more realistic scenario is that you want to find out which of your admins
disabled that important trunk to your biggest customer - so you can ask them what on Earth
they were up to (and whether it's safe to turn it back on again).
Did you know? The popular coding tool Subversion has a command called blame,
which reveals exactly who made any specific change to a program. Following complaints
about the negative connotations, Subversion's developers added a praise command...
which does exactly the same thing.
Start here
• check that auditing is enabled on your MetaView Server
• download recent audit logs
• use an audit log to track configuration changes.
Task 1: Check that auditing is enabled

It's not a good idea, but it is possible to turn auditing off. So just before we start, let's double-
check that it's enabled on your system.
1. In the Tree pane of MetaView Explorer, select your MetaView Server object. Yep, really!
No drilling down required, we're using the MetaView Server object at the top level of the
object tree.
2. In the Details pane, find the Auditing enabled setting. At time of writing, it's about a third
of the way down.
3. Check that it's set to True. If it isn't, then change it and click Apply in the normal way.
Checkpoint: Your MetaView Server is definitely now collecting audit logs.
Task 2: Produce and download an audit file

So, we know your MetaView Server is producing audit logs, and we know that someone - you!
- has been using MetaView Explorer quite a lot lately. Shall we have a look at what you've been
up to?
1. Once again, in the Tree pane of MetaView Explorer, select your MetaView Server.
2. Look at the toolbar below the Tree and Details panes, and you'll spot an extra button...
CONFIDENTIAL 287
See it there on the right? Close active audit file. Click that button now.
In technical terms, this is flushing a buffer. Clicking the button has written any outstanding
audit records to disk, so anything which happened before this moment is definitely logged
in a file and ready for you to download.
3. Using your SFTP client (such as WinSCP), log in to your MetaView Server. Drill down into
the EMSftp directory, then audit_files.
Depending on the age of your servers, you may find a surprisingly large number of files
waiting for you. (When I ran through this procedure on a test system, I found the records
went all the way back to 2009.) Handily, when the files are listed in alphabetical order
they're also listed in date order, so you can just scroll to the bottom of the window to see
the most recent ones.
4. This is where the detective work begins. Each audit file has a date and time in its filename
- for example, the file called...
EMS_Audit_2014-01-16_10h59_07_UTC.txt
...is dated 16 January 2014, at 10:59:07 UTC. That's the time the file was completed and
written out to disk, so the events in the file will relate to the period immediately preceding
that.
Armed with that knowledge, you'd normally now find the file or files which cover the period
of interest. For the sake of this example, though, we'll just work with the most recent file.
And as I've already mentioned, that will be the last one in the list.
5. Once you've chosen the right file, download it to your PC.
6. As usual, it's good practice now to close your SFTP client.
Checkpoint: You've downloaded the records you need for your investigation.
Task 3: Search the file for events of interest

Now that you've got the audit logs, what should you do with them? Well, this is where it gets a
little bit hard to comment - after all, there's no way of telling what hypothetical event you might
be looking into. But, here are a few things to try right now.
288 CONFIDENTIAL
1. First of all, just have a read through some of the audit logs. If you've been working through
this guide in earnest, many or most of the logs will describe things you did - and I have to
admit, I always find it fascinating to look back. Do you remember doing that? And that?
And that?
2. You'll see that there are several different types of records - or events, as the file calls them.
Some of them record fairly minor things (acknowledging a log, for example), but among the
more important are:
• Apply events - where the user changed a setting and clicked Apply. You'll see the
name of the object affected, and the particular fields that changed.
• Disable events - where the user took something down using the Disable button. Again,
you'll see the object's name and its settings at the time it was disabled.
• User login events - if you ever do have to investigate suspicious access, this is where
you'll find a record of the IP address.
3. These are just examples, but now you're familiar with MetaView Explorer, you'll find the
format of audit logs pretty self-explanatory.
4. If you're trying to find out what happened to a particular object, then you can start by
searching for its name - just like it's written in the Tree pane in MetaView Explorer. For
instance, let's say I'm trying to find out why this ISUP Local Signaling Destination has been
disabled (as indicated by the gray "stop" icon):
As the screenshot shows, its name in the Tree pane is "ISUP Local Signaling Destination
1-2-3". If I search for that exact string in an audit file, here's what I find:
Begin 'disable' event
1/18/14 4:16:39 PM
User name: bob
User type: Super user
Session ID: bob9223
Node: L1L2Lab-ATCA-UMG
Name: ISUP Local Signaling Destination 1-2-3
...
5. Straight away, I can tell it's Bob I need to talk to.
Checkpoint: You're now all set to track changes to your system using MetaView audit logs.
CONFIDENTIAL 289
290
CONFIDENTIAL
Record call media
Record call media
Introduction
Now, I'll look at a slightly different type of problem-solving data you can download from your
Metaswitch system. This Lesson will help if you're having problems with sound quality, such as
dropouts (brief moments of silence) or strange noises during a call.
In Metaswitch products, a call's audio data is described as its media. That's why the component
which handles audio data is called the Universal Media Gateway.

If you receive a complaint about recurring poor audio quality, it might be helpful for you to listen
in to an affected call. By turning on media recording, you can take a copy of a call's audio -
then download it to listen and analyze later.
Stay within the law!

I'm sure you already know this, but I'll say it just in case: recording a phone call has significant
legal ramifications. Before you continue, make sure that you understand your local laws and
regulatory requirements. In some jurisdictions, media recording might be completely forbidden.
There's also a moral dimension, of course. Whatever the law says, I wouldn't be comfortable
recording a call unless I knew that both participants had given their fully-informed consent.
Did you know? Being caught eavesdropping can have devastating effects. The United
Kingdom's best-selling newspaper, the News Of The World, shut down overnight in July
2011 after admitting that its journalists listened to other people's voicemail messages.
The two ways to record media

Given what I've just said, it's obvious that media recording isn't enabled by default. You'll need
to turn it on each time you use it, and you can do that in either of two ways.
By far the best approach, if it's available to you, is to ask the parties to the call to dial a special
code on their telephone keypads. Your Universal Media Gateway will hear the DTMF tones this
sequence generates and turn on recording, for just that call.
We call this technique dynamic media recording. Doing it this way places the minimum load
on your server, requires no configuration, and of course - because the parties have to dial a
specific code - helps to establish that you're recording the call with their permission. It's also
perfect for tracking down intermittent problems, since the person reporting the issue can dial
the code whenever they notice it happening.
But, here's the bad news. Dynamic media recording only works for VOIP calls, or for calls which
you're gatewaying between TDM and VOIP. In a TDM-to-TDM call, your Metaswitch system
never needs to process the audio stream, so never has a reason to listen for DTMF tones.
You also can't use this approach to diagnose a problem right at the start of the call (because
there's no time to dial the code).
So what do you do then? Well, there is another way to activate recording, and it's based on
API trace. I explained about API trace in Obtain API trace for your support representative on
page 281 - and in particular, I mentioned that every time you set up a trace, you can give it a
name called a tag.
CONFIDENTIAL 291
Record call media
If your tag begins with the letters REC:, then the API trace will also include the media from the
call. For example, you might use the tag REC:bob if you're recording media while investigating
a problem with Bob's phone.
If you're considering recording media using a REC: tag, then you should definitely talk to a
Metaswitch support rep. In a live environment, there's a very serious risk of recording calls you
didn't mean to. Your support contact can figure out the correct place to set the API trace to
minimize both this danger and the load on your system.
Note: If you have a Perimeta session border controller in your deployment, there's a third way to
record media for VOIP calls: by snooping IP packets passing through the SBC. In particular,
this is helpful when Perimeta is facilitating direct media between two endpoints, meaning
your Universal Media Gateway isn't in the call path. You can find more information about this
particular topology in the IP Network Design Guide, which you can read online at https://
communities.metaswitch.com/manuals/latestsection/53700382.
Start here
• get ready for media recording, by preparing both your own PC and your Universal Media
Gateway
• record a specific call
• download and process the recorded media
• listen to the media, and identify some common issues.
Note: As you work through this Lesson, you'll be using the first of the two techniques to start
recording - by dialing a specific sequence of digits on your telephone keypad. As I explained,
that only works if at least one leg of the call is over VOIP. If you have a pure TDM-to-TDM
deployment, then sorry! You'll have to skip this particular Lesson.
Task 1: Prepare your own PC

Media recording is a specialist task, and requires a couple of specific pieces of software running
on your own PC. You may well already have these installed... but just in case you haven't, let's
get them set up now.
The PC itself can be based on either Windows or Linux. The computer you use to access the
Craft terminals is usually a good choice.
This is a relatively advanced Lesson, so I'm just going to summarize the software you need,
and assume you can figure out how to download and install it.
Note: If you're experienced with Wireshark - a popular tool for analyzing network trace - it's worth
knowing that you can use it to play your media recordings, as an alternative to the techniques
described in this guide. If you do use Wireshark, you won't need to download Python, and
can ignore the second step below.
1. You will need a tool capable of opening .tar.gz files. This is a format for packaging and
compressing groups of files, similar to "zip".
• If you're working on Linux or a similar platform, you'll almost certainly already have
gunzip and tar installed.
• If you're working on Windows, prepare to be frustrated - Windows doesn't deal with
.tar.gz files "natively", despite it being a common format. If you don't already have
292 CONFIDENTIAL
Record call media
one, you'll need to find a third-party program which can open the file. WinZip, PKZIP
and 7-Zip are three well-known examples.
2. You will need a Python 2.X interpreter.
Python is a programming language, and later in this Lesson you'll be running a script written
in Python. Don't worry though - you won't need to know anything about the language itself,
you just need to download a tool which can process and run a Python 2.X script.
If you don't already have a Python 2.X interpreter installed, you can download one for free
from http://www.python.org.
Note: Python 2.X and Python 3.X are very different languages. In common with much of the world,
we still use Python 2.X, since that's the version which more of our customers already have
installed. Even if you already have a Python 3.X interpreter, you'll need to download a Python
2.X interpreter to process your media files.
Checkpoint: You now have the tools you need to process your media files.
Task 2: Enable dynamic media recording

Before you can begin to record calls, you must enable dynamic media recording on your
Universal Media Gateway (or Integrated Softswitch). If you have more than one Universal Media
Gateway, you'll need to complete this Task on each one.
Note: Remember, dynamic media recording is the term we use when you activate recording
by dialing a sequence on the phone's keypad. If you only intended to record media using a
REC: tag for API trace, you wouldn't need to complete this step.
1. Log into the Craft terminal on your Universal Media Gateway or Integrated Softswitch.
Starting from the Main menu, select the following options:
• Diagnostics
• Media Recording
• Dynamic Recording DTMF.
2. You'll be looking at this menu.
[Main->Diagnostics->Media Recording->Dynamic Recording DTMF] [=3
14 3]
Dynamic Recording DTMF Settings
1 Show Show Dynamic Recording DTMF Settings
2 Enable Enable Dynamic Recording DTMF sequence
3 Disable Disable Dynamic Recording DTMF sequence
3. From the menu shown above, select Enable, and then OK when prompted.
You'll see this reply:
Execute command on processor A
Enable media recording
Execute command on processor B
Enable media recording
CONFIDENTIAL 293
Record call media

5. That's all you need to do in the Craft terminal for the time being - and later on, you'll need
to log on to Craft in a subtly different way. To avoid any confusion, I'd definitely recommend
you log off your current session now.
Checkpoint: Your system's now set up to listen for DTMF tones, and to start dynamic media
recording when they occur.
Task 3: Start recording using DTMF tones

You've enabled dynamic media recording. Let's go ahead and try it out!
1. Place a call through your switch, ensuring that at least one of the legs uses VOIP.
If you're speaking to another real person, make sure that they understand what you're
doing and that you have their permission to record the call.
2. Using your telephone keypad, dial the sequence of digits **0**.
3. Ask the person on the other end of the call to dial **0** on their keypad.
4. In a real scenario, the parties would now have to stay on the line long enough for the
problem to recur. It's no use dialing the code and then putting the phone down immediately.
So have a conversation. Stuck for ideas? Do what we do here in Britain, and talk about the
weather.
5. End the call by hanging up in the normal way.
Note: In truth, it's only necessary for one of the parties to dial **0** - but it's complicated to work
out which one. Asking both ends to dial the sequence is a pragmatic solution.
Checkpoint: You've recorded the media for your sample call. Now, you need to prepare it for
download.
Task 4: Download the recording

The recording of your call is now stored on your Universal Media Gateway - but to listen to it,
you'll need to download it onto your PC. There are two steps to this procedure: use the Craft
terminal to assemble the recording into a downloadable file, and then use your SFTP client to
grab it.
Warning! This is one of the few scenarios where you need to connect to a specific processor's IP
address, not to the virtual IP address. Flick back to Understand hardware and software
redundancy on page 87 if you need a reminder of what that means.
1. Using your SSH client, connect to the Craft terminal on processor A of your Universal
Media Gateway or Integrated Softswitch.
The recordings are always stored on processor A. This is for your convenience, since
otherwise you'd need to know which of the two processors was active at the time of the
call.
• Diagnostics
• Media Recording
• Gather Current.
294 CONFIDENTIAL
Record call media
3. Craft will now ask you for two dates and times. Your Universal Media Gateway will package
up recordings only for calls captured between these two times, which in turn will reduce the
amount of data you need to download and capture.
If you want to enter start and end times, they're in an unusual format: YYYY:MM:DD:hh:mm
(note that you don't specify seconds). So for instance, 1st March 2014, at 4:15pm, is
2014:03:01:16:15.
By default though, your Universal Media Gateway will collect call data for the last hour.
That's fine for your current purpose, so press Enter twice to accept the defaults.
4. Craft repeats back your selections and asks you to confirm them. If all's well, pick OK.
5. You'll see a list of the files your Universal Media Gateway is collecting, and then a summary
similar to the following:
Media recordings have been gathered to the craft ftp directory
in file:
mediarec000.tar.gz
6. Note down the filename (mediarec000.tar.gz in this example), then press Enter to
go back to the menu.
7. You've now finished with the Craft terminal; as usual, it's a good idea to log out.
8. Now you can download the bundle of files you've created.
Using your SFTP client, log on to processor A of your Universal Media Gateway or Integrated
Softswitch. Remember, this means you'll need to connect to processor A's specific IP
address, not the virtual IP address you normally use.
10. Download the file whose name you noted.

11. That's the end of this Task; for security, it's good practice to close your SFTP client.
Checkpoint: You've assembled and downloaded the recording of the call.
CONFIDENTIAL 295
Record call media
Task 5: Process the recording

You've now got the recording in a file on your own PC, but you're not quite ready to work with
it yet. Before you can listen to the recorded media, you'll need to process it using the tools you
downloaded back in Task 1.
1. You're about to extract a lot of files from the .tar.gz bundle - so to keep things tidy, you
may want to create a new directory and move the .tar.gz file into there.
2. Use the tool you selected in Task 1 to unpack the .tar.gz file.
Note: Just as a reminder, if you’re experienced using Wireshark, you can use it to analyze and play
the files you’ve just extracted. If you’re taking that approach, then close this guide now -
you’re on your own from here! (In particular, to load your files into Wireshark you don’t need
to run extractmedia.py in the following step.)
3. You'll find that one of the files you've just extracted is a Python script, called extractmedia.
py. Run this script (it doesn't take any parameters).
• If you're on Windows and installed Python with its default options, you can just double-
click extractmedia.py.
• If you're on Linux or a similar platform, change to the directory containing the script and
run the command: python extractmedia.py
4. Wait for the script to finish. Processing media files is hard work, so if you've recorded a
number of calls, this process may take several minutes to complete.
Checkpoint: You've processed your downloaded recordings, and are ready to listen to them!
Task 6: Listen to the recording

At last, you can now hear your recorded audio!
1. Everything you need will be in the directory where you expanded the .tar.gaz file, during
the previous Task.
Look for files whose names start with today's date and time. (The filenames also contain
encoded IP addresses and port numbers - but unless you're doing a lot of recordings, the
date and time will be enough to guide your way.)
2. The exact files you'll find depend on the particular call you were recording, and the audio
encodings which were in use. Your Universal Media Gateway does its best to give you the
data in a useful format, but some scenarios are easier than others!
• If there's a file ending in .wav, you can listen to it using any standard player (for example,
Windows Media Player).
• Files with extensions .au, .g711, .g726, .g729 and .raw are also audio data, which
you can open in more specialist tools like SoundForge or Audacity.
• There will also be a number of intermediate files which are primarily of interest to
Metaswitch support engineers.
Note: There are a handful of audio formats which extractmedia.py can’t decode, because
they’re protected by patents. These include EVRC and AMR-WB. It’s rare for one of these
codecs to feature in a call, but if you run up against them, your only option is to send the
recording to Metaswitch for analysis here.
3. In this example of course, when you play the file, you'll just hear yourself talking. (Don't you
hate the way your own voice sounds? I know that I do.)
296 CONFIDENTIAL
Record call media
If you were working to diagnose a real problem, then with enough experience, you might
"just know" what was wrong from listening to the sound of a call. For example:
• intermittent periods of silence or clipped words often suggest problems with network
bandwidth, causing either dropped packets or too much jitter
• too much echo or very quiet audio might both suggest a problem with echo canceller
configuration at one or more points along the media path (either cancelling when it
shouldn't, or not cancelling when it should).
4. At the worst, you'll be able to confirm that there really is a problem - and you'll have a solid
set of diagnostics to provide if you call in Metaswitch support.
Checkpoint: You've completed the whole process of recording and listening to a call.
CONFIDENTIAL 297
Record call media
298
CONFIDENTIAL
Check IP connectivity using ping and traceroute
Introduction
We'll look at a lower-level category of problem now, and learn how to investigate problems
affecting network connectivity between yourself and other systems. Your Metaswitch products
offer two standard tools - ping and traceroute - to help pin down such issues.

The commands I'll explore in this Lesson are a useful starting-point when you're having a
problem with an IP link - that is, with any connection that uses the Internet Protocol. These
include links over the internet itself, as well as private networks based on IP.
You might use these techniques to diagnose connectivity issues between your own servers.
But they really come into their own if you're having problems with a SIP trunk, which (as a VOIP
protocol!) sends all its traffic over IP.
Start here
• use ping to check connectivity from your system to another server
• use traceroute to look in more detail at connectivity issues.
Task 1: Use ping

When you ping another server, you simply send it a short IP message and ask it to respond. In
IP terminology, this message is known as a packet.
Did you know? The name of the tool is a metaphorical reference to a submarine "pinging"
its sonar. Sonar works by sending out a pulse of sound - a literal "ping" - and listening for the
noise bounced back by an object in the water. In the networking equivalent, if the other server
is out there and contactable, it reflects the "ping" back to your computer.
1. Decide exactly what you want to test. Remember, there are two parts to every communication:
• where the packet comes from (the source), and
• where the packet goes to (the destination).
2. You probably already know which destination is causing you trouble, but you may not have
stopped to consider the source. Which of your servers is trying to get in touch? Often, but
not always, it'll be your Call Feature Server or Integrated Softswitch.
3. Log on to the Craft terminal for the server you've chosen.
4. Starting from the Main menu, drill down through the following:
• Admin
• IP
• IP diags.
5. You'll now be looking at this menu:
[Main->Admin->IP->IP diags] [=1 3 3]
Ping / Traceroute
CONFIDENTIAL 299

1 Ping Ping a specified IP address
2 Traceroute Trace the route to a specified IP address
6. From this menu, choose Ping.
7. As usual, Craft now asks you to fill in a questionnaire. The first question's the obvious one...
Specify an IPv4 address to ping, (eg 192.168.28.45)
8. Type in the destination's IP address, and press Enter.
9. If you use VLANs, you'll be asked another question. (I talked about VLANs, and how your
deployment may use them, back in Find your way around your network on page 25.)
Specify the traffic type of the subnet to ping from.
1 *Signaling Ping from Signaling subnet
2 Management Ping from Management subnet
3 Media Ping from Media subnet
10. Choose the appropriate VLAN, based on the type of traffic that's causing the problem.
11. You'll now see a series of questions specifying the exact nature of the "pings" you're about
to send. If you're an experienced network engineer, you may want to change some of these
settings, but in general it's fine just to press Enter and accept the default each time. For
the record, the questions are:
Enter the size of the packet to send in bytes.
Enter the number of packets to send.
Select the Differentiated Services Codepoint.
Enter the time to live (IPv4) or hop limit (IPv6).
12. Once you've completed the questionnaire, Craft will play back your answers and ask you
to confirm. Just select OK.
13. Generally speaking, there are three possible outcomes.
A "healthy" ping looks like this:
PING 10.232.9.27 (10.232.9.27) 56(84) bytes of data.
64 bytes from 10.232.9.27: icmp_seq=1 ttl=254 time=0.423 ms
--- 10.232.9.27 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.375/0.411/0.442/0.024 ms
14. This means that all the packets reached their destination, within a reasonable period of
time. Most likely, then, the problem you're investigating isn't down to a simple lack of
connectivity.
A complete failure looks like this:
PING 10.232.9.200 (10.232.9.200) 56(84) bytes of data.
300 CONFIDENTIAL
From 10.232.9.121 icmp_seq=2 Destination Host Unreachable
--- 10.232.9.200 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss,
time 12999ms
15. You may or may not see messages like Destination Host Unreachable - the crucial
bit is towards the end, where it says 100% packet loss. That means that none of the
messages got through. Perhaps the remote server is down or unresponsive, or perhaps
there's a problem in the network between you.
The final possibility is a mixed result - where some, but not 100%, of the packets are lost.
This suggests a network issue, perhaps congestion or a link that's going up and down.
16. Once you've taken in the results of your test, press Enter to go back to the IP Diags
menu.
Checkpoint: You've tested basic connectivity to the problem destination.
Task 2: Use traceroute

If your ping test determines that there's a problem, the next step's often to run a traceroute.
A traceroute lets you follow your test packets' path through the network, potentially highlighting
a configuration issue or identifying a specific link which is down.
Traceroute's a more advanced tool than ping. In this Task, I'll show you how to run a traceroute,
but I won't be going into how you might interpret the results. If you're not already up to speed,
you can find plenty of information on the internet - or in any book on managing an IP network.
Note: If you're accustomed to working on Windows systems, you may know traceroute as
tracert. I've no idea why Microsoft called it something different - it's exactly the same tool.
1. Normally, if you're running a traceroute, you'll have run a ping first. So I'll assume you're
following straight on from the last Task - meaning that you're already logged on to Craft,
and looking at the IP Diags menu.
2. From the IP Diags menu, select Traceroute.
3. You'll be asked some questions, all of which will be familiar from the previous Task.
• Specify an IPv4 address to trace the route to - just like last time, type
in the destination address you're testing.
• Specify the traffic type of the subnet to trace the route from
- you'll only see this question if you use VLANs, and again you'll answer based on the
type of contact you're trying to make.
• Select the Differentiated Services Codepoint - as in Task 1, unless
you're an experienced network engineer familiar with the concepts involved, it's best to
press Enter to accept the default.
• Enter the time in seconds (>= 2) to wait for each response
- the default's fine here too (unless you know you're dealing with a particularly slow
connection).
4. You'll be asked to confirm your choices. If everything's in order, just pick OK.
5. Craft will run the traceroute and display the results.
CONFIDENTIAL 301
6. After it's finished, your Craft terminal will seem to "hang". Don't worry - just press Enter
to bring it back to life. Equally, if it becomes clear that the traceroute isn't going to succeed
and you want to interrupt the output, just press Enter.
7. When you've finished, press Enter one more time to return to the IP Diags menu.
Checkpoint: You've run a traceroute to get more information on the connectivity problem.
302 CONFIDENTIAL
Gather diagnostics for an ongoing problem
Introduction
If you experience a particularly complex issue with your Metaswitch products, your support
representative may ask for diagnostics. Diagnostics are low-level technical files produced by
your servers, which can help our engineers investigate exactly what's happening inside your
system.
In this Lesson, I'll describe the best way to gather diagnostics for a problem that's happening
right now. In the next Lesson, I'll talk about how you can download historical logs, for a problem
which happened a few hours or days ago.

This isn't something you'd ever do independently, but your support representative may ask you
to gather diagnostics to help investigate and resolve a problem.
Note: This procedure doesn't harm your running system, so it's fine - in fact, it's a good idea - to
try it out now. If you ever need to gather diagnostics in a hurry, you'll thank yourself for having
practiced!
Start here
• generate some additional diagnostic information, called a core file, if your support
representative asks you to
• gather together the diagnostic files your support rep may need
• download the diagnostics from your server.
Note: In this Lesson, I'm specifically considering your Call Feature Servers, Universal Media
Gateways and/or Integrated Systems - the servers which are involved in the call path. Other
server types, like Service Assurance Server, have related but subtly different procedures. Your
support rep will point you towards relevant documentation if they ever need you to gather
diagnostics from those server types.
Task 1: Generate a core file

Note: You'll only need to do this Task if your support rep has specifically asked you to. Although, as
I mentioned at the start of the Lesson, do feel free to practice!
A core file is a snapshot of what a computer is doing - the programs it's running, the data
in its memory, and other things like that. Using a core file, your support rep can recreate the
state of your system back at the Metaswitch lab, making this an invaluable tool for diagnosing
certain types of problem.
If your customer support rep asks you to take a core file, here's how.
Note: For this Task, you need to be conscious of active/standby redundancy, which I talked about
way back in Understand hardware and software redundancy on page 87. In most cases,
your support rep will want to see a core file from your active processor, but occasionally he
or she might be investigating a fault with the standby one. Nobody wants you to waste your
time working with the wrong server - so do ask for clarification if you're not sure.
CONFIDENTIAL 303
1. Log on to the Craft terminal on the system that's affected. This might be any of a Call
Feature Server, a Universal Media Gateway or an Integrated Softswitch.
• Diagnostics
• Generate a core file.
3. Craft will ask you a couple of questions.
• Which processor do you wish to generate a core file on?
If your support rep wants to see a core file from either the active processor, select
Primary. For the standby processor, select Backup.
If you need a core file from both processors, then simply choose Primary for now,
then run through this step again to repeat it for the Backup.
• Which component do you wish to generate a core file for?
Unless you've been specifically told otherwise, the default answer (vpsi) is the right
one. You can just press Enter here.
4. As always, Craft will play back your answers. If everything's in order, choose OK.
5. You don't get much feedback from this particular command... just:
6. Press Enter to go back to the Diagnostics menu.
Checkpoint: You've created your core file, which is now sitting on the server ready to collect.
Task 2: Gather a diagnostic set

A full set of diagnostic information comprises dozens of files - ranging from logging information
pulled out of MetaView Explorer, to low-level details which make sense only to the most
experienced of Metaswitch engineers. To simplify the process of getting all that data to
Metaswitch, you can gather it into a single file.
Note: If you generated a core file during the previous Task, then that'll be one of the files you gather
now. There's no need to worry about downloading it separately.
1. If you did generate a core file, you'll already be logged into Craft and at your processor's
Diagnostics menu.
If you didn't, then log on to the Craft terminal now, on the system that's affected. This might
be any of a Call Feature Server, a Universal Media Gateway or an Integrated Softswitch.
Once you're logged on, choose Diagnostics from the Main menu.
2. You'll be looking at a long menu, similar to this one. (Don't worry if it's not an exact match
- it varies slightly depending on the type of server.)
[Main->Diagnostics] [=3]
Retrieve Diagnostic Information
1 List diagnostics List details of available
diagnostics
2 Real time API trace Display API trace as it happens
3 Gather API trace Gather formatted API trace
304 CONFIDENTIAL
4 Gather Historical API trace Gather API trace between two
times
5 Gather most recent trap Gather most recent trap
6 Gather specific trap Gather specific trap
7 Gather current diagnostics Gather current diagnostics
8 Delete trap Delete trap
9 Call Logs > Call Logs Functions
10 Real time IP Display IP message flow.
11 Gather IP Gather IP message flow.
12 Real time term events Display termination events
13 Generate a core file Generate a core file
14 Media Recording > Manage Media Recording Settings
3. From this menu, select Gather current diagnostics.
4. You'll be asked: "Gather from which processor? (A, B or Both)".
Unless your support rep has given specific instructions, it's safest to gather from both. This
is the default choice, so you can just press Enter.
5. As usual, select OK when you're prompted to confirm.
Here's an example of what you'll see next:
Gathering diagnostics from processor A
Generated a new trap directory containing current trace.
Please wait - this may take several minutes.
Gathering most recent trap (427)
msdiags_A_427_20140121_164417.tar.gz
Done
Gathering diagnostics from processor B
Generated a new trap directory containing current trace.
Please wait - this may take several minutes.
Gathering most recent trap (420)
msdiags_B_420_20140121_164751.tar.gz
Done
Note: When it says “this may take several minutes”, it’s telling the truth. Be patient - there are a lot
of files to collect together.
6. Take a note of the two filenames displayed (msdiags_A_427_20140121_164417.

tar.gz and msdiags_B_420_20140121_164751.tar.gz in the sample output
above). These are the files you'll be downloading in the next Task.
7. You've finished with the Craft terminal now. As always, it's a good idea to log off.
Checkpoint: You've gathered together all the diagnostic files your support representative will
need. All that remains is to download them.
CONFIDENTIAL 305
Task 3: Download the diagnostics bundles

As you'll have seen during the previous Task, you now have two diagnostic files to download.
There's one file for each of the two processors which make up the redundant pair.
Conveniently though, both of the files are automatically copied onto both of the processors. So
you can download them both from the same place - and you don't need to worry about which
of the two processors you happen to connect to.
1. Using WinSCP or another SFTP client, connect to the server in the normal way. As usual,
log on using the same username and password as you use for the Craft terminal.
3. Locate the two files whose names you noted down during the previous task. Once you've
found the files and checked their names carefully, download them to your PC.
4. In a real scenario, you'd now send them on to your support rep. The best way to do that
- unless your rep asks for something different, of course - is to upload the files to a ticket
on Metaswitch Communities. I'll explain how that works in Raise a ticket with Metaswitch
Support on page 267.
5. As always, once you've finished, it's a good idea for security reasons to close your SFTP
client.
Checkpoint: You've successfully downloaded a diagnostics set, and sent it to your support
representative.
306 CONFIDENTIAL
Gather diagnostics for a historical problem
Introduction
In the last Lesson, I explained how to collect diagnostics for an issue that's in progress. Using
diagnostics, Metaswitch's Support Team can investigate the precise state of your system,
helping to isolate the problem and propose a resolution.
But what if the issue's resolved itself, or you've managed to find a workaround? Have you
missed the chance to collect diagnostics? Not necessarily. For certain serious incidents, your
system will have produced them automatically - and in this Lesson, I'll explain how to gather
and download them.

If you become aware of a major issue which affected your Metaswitch system, you'll naturally
want to know what happened and how to prevent it happening again. As part of that process,
your support representative may ask you to collect and send diagnostic files.
Note: You wouldn't normally carry out this procedure unless your support rep asks you to. But, just
like the previous Lesson, it's a smart move to practice it in advance! I'll explain how to do that
as we work through the Tasks in this Lesson.
Understanding traps
When a Metaswitch server experiences a significant issue, it generates a trap. It's not all that
easy to explain what a trap actually is, but it's simple to explain what it's for:
• it lays down a historical marker, making it easy to spot exactly when a problem occurred
• it triggers an automatic set of diagnostic files, which your support rep can later use to
investigate the issue.
A software crash is an example of a problem which would generate a trap. It follows, of course,
that traps are very rare events.
You can use your Metaswitch servers' Craft terminals to see when traps have happened, and
to gather together the diagnostic files associated with each one.
Did you know? The word trap is used across all kinds of computer systems, often
in confusingly different ways. Originally, it described a problem which could be caught - or
trapped - in a debugging application. Nowadays, it can refer to a wide range of unusual
situations.
Start here
• see the list of traps recorded on a server
• gather together and download the diagnostic files which were produced by a specific trap.
Task 1: View a list of traps

Traps are created on a server-by-server basis - for instance, the traps on your Call Feature
Server are separate from the traps on your Universal Media Gateway. In this Task, we'll log onto
one of your servers, and take a look for any traps which that particular server has generated.
CONFIDENTIAL 307
Note: I've said that traps are rare events - so if you're just practicing right now, you might be
wondering whether there'll be any available to look at. If you've already worked through
the previous Lesson, however, you'll have created a core file. One of the side-effects of
generating a core file is to cause a trap, so you'll be fine as long as you follow through this
Task on the same server.
1. Log on to the Craft terminal on your chosen server. This might be any of a Call Feature
Server, a Universal Media Gateway or an Integrated Softswitch.
• Diagnostics
• List diagnostics.
3. Craft will ask you:
How many traps directories should be displayed?
1 *Last 10 traps that contain core files
2 All traps
4. Just press Enter to see the most recent traps, then choose OK when you're asked to
confirm.
5. Craft will now show you a list of traps, each identified by a number. Here's an example of
what you might see:
processor A:
Name Date Gathered Description
trap 231 Fri Apr 19 09:20:48 BST 2013 not yet gathered vpsi
failed
trap 290 Wed Jul 17 14:03:33 BST 2013 not yet gathered vpsi
failed
processor B:
Name Date Gathered Description
trap 381 Mon Nov 25 11:31:10 GMT 2013 not yet gathered vpsi
failed
trap 383 Wed Nov 27 13:57:41 GMT 2013 not yet gathered vpsi
failed
6. As you'll have noticed, there are two lists of traps - one for each of the two processors
which make up the redundant pair. This will be important in a moment, when we talk about
gathering and downloading diagnostic files.
Look at the lists, and identify the trap you want to investigate further. Normally, you'll be
working on a problem which happened at a particular date and time; you can refer to the
Date column to find the trap which was recorded then.
When you're just practicing, you can choose any trap. For instance, in the list above, let's
look at the trap which occurred at Wed Jul 17 14:03:33 BST 2013. Remember its
number from the left-hand column - in this case, trap 290 - and the processor it comes
from, which here is processor A.
7. When you've got the information you need, press Enter to return to the Diagnostics
menu.
Checkpoint: You've identified the specific trap you'd like to investigate further.
308 CONFIDENTIAL
Task 2: Gather diagnostics for a trap
If you've worked through Gather diagnostics for an ongoing problem on page 303 - which I
hope you have! - the next couple of Tasks will be familiar to you. Just like I explained back then,
a full diagnostic set contains dozens of files, which would be inconvenient to download one by
one. So the next step is to gather the files relating to the trap you've identified, ready for you
to download in a single bundle.
1. Assuming you're following straight on from the previous Task, you should already be logged
into the Craft terminal on your chosen server and looking at the Diagnostics menu.
From the Diagnostics menu, select Gather specific trap.
2. Craft will ask you two questions.
• Gather from which processor? - enter A or B, depending on which processor
the trap comes from. If you're not sure how you'd know that, check back in Task 1.
• Gather which trap? - type in the trap number, which again, you noted during Task
1.
3. Craft repeats your choices and asks you to confirm. As usual, if everything's in order, select
OK.
4. You'll see the following message (though it may mention processor B, of course):
5. Gathering the trap may take a few moments - don't worry, it's working behind the scenes.
In due course, you'll see something like this:
msdiags_A_290_20130717_130333.tar.gz
Done
6. Note down the filename, which you'll need in the next Task. (It's
msdiags_A_290_20130717_130333.tar.gz in the above example.)
7. Press Enter to return to the menu. You've now finished using the Craft terminal so, as
always, it's good practice to log off.
Checkpoint: Your server has gathered together the diagnostic files relating to your chosen trap,
and bundled them into a single file ready to download.
Task 3: Download the diagnostics bundle

The diagnostics bundle is now waiting for you to pick up with your SFTP client. The procedure
here is exactly the same as you followed in the previous Lesson... so I'll be brief as I describe it!
1. Using WinSCP or another SFTP client, connect to the server in the normal way.
Note: Just like last time, the diagnostics bundle is automatically copied to both processors in the
redundant pair. Even though you collected a trap from a specific processor, you don’t need to
worry about connecting to that particular one.
2. Log on using the same username and password as you use for the Craft terminal.
4. Locate the file whose names you noted down during the previous task.
5. Once you've found the file and checked its name carefully, download it to your PC.
CONFIDENTIAL 309
6. And as always, for security's sake, close your SFTP client once you've finished.
Checkpoint: You've downloaded the diagnostics for a particular trap. In a real-life scenario,
you'd now send it to your support representative - normally by attaching it to a ticket on
Metaswitch Communities.
310 CONFIDENTIAL
Switch to the warm standby MetaView Server
Introduction
In Understand hardware and software redundancy on page 87, I explained that you have a
range of options to deliver hardware and software redundancy for your MetaView Server. One
of these is to maintain a warm standby server - a separate piece of hardware, already in a
chassis and powered on, which you can switch over to if your active MetaView Server fails.
Needless to say, I hope you'll never need to do a switchover... but if it does prove necessary,
this Lesson will tell you how.
A switchover is also known as a failover. They're just two terms for the same thing.
Note: Just to be clear, another of the options is to configure automatic switchover, a little bit like
a Software Protection Switch on your Call Feature Server or Universal Media Gateway. If
your system is configured that way, you won't need to follow the procedure in this Lesson.
Whether or not you can make use of automated switchover depends on both the software
version and the hardware platform you're using.
If you're not sure, log on to the Craft terminal on your MetaView Server, and take a look
at the Admin menu; if you see an option called Automatic Recovery, then automatic
switchover is possible on your system.
What happens when you switch over?

Because your MetaView Server is not directly involved in processing calls, there'll be no
disruption to your phone service as a result of doing a switchover. And you won't lose any
configuration - so you'll be able to return to using MetaView Explorer as soon as the switchover
is complete.
There are, however, a handful of noticeable effects.
• You won't be able to access audit logs from before the switchover. (I talked about audit logs
in Track down who made a configuration change on page 287).
• If your Service Assurance Server is running on the same hardware as your MetaView Server,
you won't be able to access records from before the switchover. New calls will be tracked
in Service Assurance Server as normal, but you won't be able to diagnose any problems
with calls that occurred in the past.
• Your backup process may be temporarily disrupted. If you're following the strategy I
suggested in Set up automatic backups on page 75, you'll be backing up all your servers
remotely onto your MetaView Server, and then copying the data to a secure location.
Replacing the MetaView Server may cause this process to fail for one night. It should return
to normal within 24 hours.
Start here
• confirm that you really do need to switch over to the standby server
• take the existing MetaView Server out of use
• promote the warm standby server to be active.
CONFIDENTIAL 311
Warning! This is not a drill! Unlike most of the Lessons in this guide, you shouldn't actually work
through these Tasks unless you genuinely need to switch to your standby. It's a good idea to
read them in advance, of course.
Task 1: Try simpler solutions

Switching over to the standby server is a major procedure, which will (of course) disrupt your
MetaView service. Because some disruption is inevitable, it makes sense to try a couple of
less-intrusive approaches before you commit to the switchover.
Note: Needless to say, you can skip this Task if your current MetaView server is clearly beyond
salvation - for example, if it's suffered a hardware failure and won't turn on.
1. To begin, log on to the Craft terminal on your MetaView Server in the normal way. You will
now be connected to your current server (not the standby).
2. First, try stopping the MetaView software. To do this:
• Select Admin.
• Select Stop MetaView Server.
• When you're asked whether you want to gather diagnostics, select Generate core
file, just in case this later helps your support representative diagnose the problem.
• When you're asked to confirm, select OK.
• Once the software has stopped, press Enter to return to the Admin menu.
3. Now, try restarting the MetaView software. To do this:
• Still at the Admin menu, select Start MetaView Server.
• Select OK when prompted.
4. Once the software has started, check whether your MetaView service has been restored.
If it's still malfunctioning - or if the software doesn't start - proceed to the following step.
5. Next, try rebooting the MetaView Server. To do this:
• Still at the Admin menu, select Reboot MetaView Server.
• Select OK when prompted.
• You will be logged off automatically as the server reboots.
6. Once the server has rebooted, check again to see whether your MetaView service has
been restored. If it hasn't, then you will need to continue with the process of switching over
to your warm standby.
Checkpoint: You have tried easier solutions to the problem, and have confirmed that a
switchover to the warm standby is genuinely required.
Task 2: Take your existing MetaView Server out of service

Before you can safely switch over to your standby MetaView Server, you need to take your old
one out of service. This ensures that the two servers don't both try to manage your system - an
error-prone situation known informally as a split brain problem.
Warning! Don't skip this Task, even if your existing MetaView Server isn't currently powered on. You
need to take precautions against it unexpectedly coming back online.
1. Assuming you're still able to, log on to the Craft terminal on your MetaView Server in the
normal way. You will now be connected to your current server (not the standby).
312 CONFIDENTIAL
2. First, try simply asking the MetaView software to take itself out of service. To do this, select
the following options:
• Admin
• Standby
• Convert to Standby.
3. When you're asked to confirm, select OK.
If you now see "Result: The command has completed successfully", then you
have successfully taken your server out of use. You can skip the remainder of this Task, and
continue directly to Task 3.
4. If this approach fails, you can try shutting the server down completely.
To do this, first type = to return to the Main menu. Then select the following:
• Admin
• Shutdown MetaView Server.
Warning! Be sure to select Shutdown MetaView Server, not Stop MetaView Server. The latter simply
stops the software, without shutting down the server. This is insufficient because the server
will still attempt to use the virtual IP address.
5. You will be logged off automatically as the server shuts down. Provided this happens, you
have successfully taken your server out of use, and can continue directly to Task 3.
6. If you are unable to take your server out of use using the Craft terminal, you must disconnect
it from your network instead. If you don't, and it unexpectedly comes back online, both
servers will think they are active.
You have a few options to achieve this, listed here in increasing order of complexity.
• If you have physical access to your MetaView Server, and it is in a CH6010 chassis
(and therefore has its own Ethernet cabling), then disconnecting the network cable is a
pragmatic solution.
• If you have physical access to your MetaView Server, but it is in a CH6050 chassis
(so disconnecting the network cable is not an option), then you can follow the hot-
swap procedures described in Replace a failed hardware component on page 113
to remove it from the chassis. Remember to fit an Air Management Blade in its place.
• If you cannot adopt either of these approaches, the last-ditch approach is to reconfigure
your network switch or switches to deactivate the ports connected to the MetaView
Server.
Checkpoint: You have taken your existing MetaView Server out of service, and know that it
can't come unexpectedly back online.
Task 3: Promote your warm standby to active

With all the ground-work done, this final Task is a relatively straightforward one. You can make
the warm standby active using its Craft menu.
1. Log on to the Craft terminal on your standby MetaView Server.
To do this:
• you must connect to its own specific IP address (rather than the virtual IP address
you've been using up to now)
• but you still log on using your normal username and password.
CONFIDENTIAL 313

• Admin
• Standby
• Make Active.
3. The Craft terminal will prompt for the virtual IP address of the server pair. Just press Enter
to retain the current setting.
4. Next, the Craft terminal will ask you to confirm that you want to switch over. This is a major
operation, so the check is designed to interrupt you and make sure you've considered
what you're doing!
To pass the check, type the word yes, then press Enter.
5. The switchover begins. While it is in progress, you will see a series of messages to update
you on the progress of each stage.
Once the switchover is complete, your warm standby server is now your MetaView Server.
Press Enter to return to the menu, then log out of the Craft terminal.
6. To confirm that the switchover has occurred as expected, log on to MetaView Explorer. You
should be able to connect in the normal way, using the virtual IP address, which has now
been adopted by the new active server.
7. Once you are logged in, go to the Tree pane and select the MetaView Server object. In the
Details pane, you will now see that the MetaView Server Name has changed to the name
of your standby server.
Note: Of course, you now only have one operational MetaView Server, so your system isn't running
with full redundancy. The next step is to resolve the problem with your original MetaView
Server - with the help of your support rep, if necessary. Once you've done that, https://
communities.metaswitch.com/manuals/latestsection/34730001 on the Metaswitch Support
Community tells you how to reinstate the fixed server as a new warm standby.
Checkpoint: You have completed the switchover to your warm standby. Your previous warm
standby server is now active, and your previous active server is out of use. Your MetaView
service is operating again.
314 CONFIDENTIAL
Manage your Support VPN
About the Support VPN
To help us support your Metaswitch system, we ask you to offer us a Support VPN. The
Support VPN allows trusted Metaswitch personnel to access your network and your servers,
which in turn means they can use tools like MetaView Explorer or the Craft terminals to
investigate and resolve problems.
We’ll have set up a Support VPN when we first installed your system. But of course, access to
your network is a privilege, which we don’t take for granted. In this Lesson I’ll show you how
to suspend the VPN, should you ever wish to. I’ll also tell you how to “reboot” your VPN if it’s
experiencing problems.
Start here
• turn off the Support VPN, if you want to stop Metaswitch accessing your network
• re-register and restart the Support VPN, to resolve any access problems.
Task 1: Turn off the VPN

If you ever, for any reason, want to stop Metaswitch gaining access to your network, you can
simply turn off the support VPN. Here’s how.
1. Your VPN is managed using a special Craft terminal, which runs on the same physical
hardware as your MetaView Server. Log on to it as follows.
• Start off as though you’re logging on to the MetaView Server Craft terminal, just like
you’ve done previously.
• But when it asks you “Do you want to run the MetaView Server craft
scripts, the Install Server craft scripts, the VPN craft scripts
or the MetaView Service Assurance Server craft scripts?“, type V
for the VPN.
2. You’ll see this menu.
1 Register VPN Registers the VPN
2 Start VPN Starts the VPN
3 Stop VPN Stops the VPN
4 VPN status Gets the status of the VPN
5 Query software version Displays the software and Boot Image
versions.
3. From the menu, select Stop VPN.
4. When you’re prompted to confirm, choose OK.
5. You’ll see a series of messages, as follows...
Stopping VPNs from auto-activating
CONFIDENTIAL 315
Killing VPN for MetaSwitch Support - Enfield

Killing VPN for MetaSwitch Support - Reston
Killing VPN for MetaSwitch Support - Alameda
Done
6. Press Enter to return to the menu.
7. As always, if you’ve finished with the Craft terminal, it’s good practice to log out. Just type
0 and press Enter to close the terminal.
Checkpoint: You’ve shut down the VPN, and Metaswitch no longer has access to your network.
Task 2: Re-register and restart the VPN

Sad to say, VPNs are sometimes a fragile technology. If you use one to connect to your own
office, you’re probably used to re-connecting every now and then. The Metaswitch Support
VPN is no exception... and if we ever let you know it’s not working, the simplest solution is just
to turn it off and on again.
There are actually three parts to this procedure. The first is to stop the VPN, and the last is
to start it again. In between, you’ll re-register it - send a series of messages to Metaswitch,
telling our own VPN servers exactly how to connect to yours.
1. If you haven’t already, first stop the VPN by running through the previous Task.
You should now be logged on to the Craft terminal, and looking at this menu:
1 Register VPN Registers the VPN
2 Start VPN Starts the VPN
3 Stop VPN Stops the VPN
4 VPN status Gets the status of the VPN
5 Query software version Displays the software and Boot Image
versions.
2. Select Register VPN.
3. When you’re prompted to confirm, say OK.
4. As the server re-registers with Metaswitch Support, you’ll see messages similar to the
following.
Processing VPN for MetaSwitch Support - Enfield
Trying to ping 192.91.191.13
Host reachable.
Attempting to connect to 192.91.191.13 on port 22
nexus: Connected.
nexus:
nexus: Posting registration information.
316 CONFIDENTIAL
nexus: Updating previous registration from same host.
nexus: Post complete.
nexus:
nexus: The VPN can now be started
5. These messages are repeated three times - once for each of the three main Metaswitch
support sites in Enfield, Reston and Alameda. Finally, you’ll see the usual message:
7. Now, back at the menu, choose Start VPN.
8. As always, select OK when prompted. You’ll see this:
Setting up VPN for MetaSwitch Support - Enfield to auto-activate
Setting up VPN for MetaSwitch Support - Reston to auto-activate
Setting up VPN for MetaSwitch Support - Alameda to auto-activate
Done
9. Again, press Enter to return to the menu.
Your VPN should now be active and available to Metaswitch Support.
10. Remember, if you’ve finished with the Craft terminal, you should log out. From the main
menu, just type 0 and press Enter to close the terminal.
Checkpoint: You’ve restored access to your Support VPN.
CONFIDENTIAL 317
318
CONFIDENTIAL
Give a new user access to MetaView Explorer
Introduction
As I'm sure you know by now, access to MetaView Explorer is among the most important
prerequisites for configuring and administering your Metaswitch system. And for a wide range
of reasons, including the audit logging I discussed in Track down who made a configuration
change on page 287, it's best for each individual administrator to have their own MetaView
login account.
In this Lesson, I'll explain how to create a MetaView account for an additional user within your
organization. You can do this from inside MetaView Explorer itself - effectively using an existing
account to create a new one.
About the emsadmin account

If you need a MetaView Explorer account to create a MetaView Explorer account, you might
think there's a classic chicken-and-egg problem. Happily, there's one special administrative
account, which always exists on any MetaView system.
The account is called emsadmin, and it can't be deleted or disabled - so provided you know
the password, you'll always be able to log on as emsadmin to create more MetaView users.
You can think of emsadmin as similar to root on a UNIX system, or the local administrator
on Windows.
Did you know? The "EMS" in emsadmin stands for Element Management System,
an old name for MetaView.
Start here
• use a MetaView Explorer account to set up another MetaView Explorer account.
Task 1: Add a MetaView Explorer user

To complete this Task, you'll need to know the login details for an existing MetaView super-
user. That could be emsadmin, which I mentioned above, or it could be another administrator
whose account was created earlier.
Note: If you've been working through this guide in order, you might feel I'm spelling out this Task in
rather tedious detail. Sorry about that. It's because some readers may need to refer to this
Lesson right at the start, before they've had any experience with MetaView Explorer.
1. Log on to MetaView Explorer using your existing account. You can find out how to do that
in Log in to MetaView Explorer on page 35.
2. In the Tree pane, locate the MetaView Server object. It'll be at or near the bottom of the list.
3. Drill down as follows below the MetaView Server:
• click the "+" symbol to open the MetaView Server branch itself
• open the Users branch in the same way
• then click MetaView Users.
4. Here's an example of what your Tree pane will look like:
CONFIDENTIAL 319
5. In the toolbar below the Tree pane, click Add sub-component.
6. You'll see this window...
Just click OK to confirm.

7. Now look at the Details pane on the right-hand side of the window.
8. Fill in the following details.

• User name - this is the login name. It can only be up to 8 characters long, and it's
limited to letters, numbers, dots, underscores and hyphens.
320 CONFIDENTIAL
• User type - click the "..." button. Then from the list of user types you see, select
MetaView user type 7 (Super user). This creates a user account with the maximum
powers, including the ability to add further users.
• New password and Confirm new password - the normal security advice applies; use a
mix of letters, digits and punctuation. MetaView Explorer will carry out basic checks on
your password when you submit the form, and will tell you about any problems.
• User description - this is just for your own future reference. Feel free either to fill it in or
to leave it blank.
Note: Of course, you don’t have to give your new user “the maximum powers”. MetaView actually
has very fine-grained access control, including the ability to define customized roles with
specific combinations of rights. If you’re comfortable finding your way around MetaView
Explorer and you want to investigate these options, have a look at the MetaView User Types
object, which you’ll find just under MetaView Users in the Tree pane.
9. Check that you've completed the form correctly, then click the Apply button in the toolbar
below the Tree pane.
Your mouse pointer will briefly change to an hourglass.

10. When the mouse pointer goes back to normal, your new MetaView user has been created.
If you want to test it out straight away, select Logout from MetaView Explorer's Session
menu:
You can then log on using the new account, as discussed in Log in to MetaView Explorer
on page 35.
Checkpoint: You've set up the new account for access to MetaView Explorer.
CONFIDENTIAL 321
322
CONFIDENTIAL
Change a MetaView user's password
Introduction
It's good practice to change passwords regularly, especially for something as powerful as
MetaView Explorer. And of course, you may need to reset a password, if it's been forgotten or
the person who used it has left your organization.
Start here
• change your own MetaView password (if you can still log into your account)
• change another MetaView user's password (if, for example, they've forgotten it).
Task 1: Change your own MetaView password

If you know your own password and can log on to MetaView Explorer, then it's simplicity itself
to change it.
1. If you haven't already, log on to MetaView Explorer in the normal way (and using your old
password, of course).
2. From the Session menu, choose Change password.
You'll see this window:
3. Re-enter your existing password, then type a new password twice.
Warning! It is critical that you choose a password that is secure and unguessable to prevent
unauthorized access to your system. See the Passwords and User Security section of
the MetaView Explorer User’s Guide (https://communities.metaswitch.com/manuals/
latestsection/1090001887) for more details.
4. Click OK. That's all there is to it. You'll need to use your new password from the next time
you log in.
Checkpoint: You've changed the password for your existing MetaView Explorer account.
CONFIDENTIAL 323
Task 2: Reset another MetaView user's password

Sometimes, of course, the whole reason you're changing your password is that you've
forgotten your old one! If that's happened to you, you can use another MetaView super-user
account to reset the password on this one. For example, you can use the emsadmin account
I mentioned in the previous lesson.
1. Log on to MetaView Explorer using the "other" super-user account.
2. In the Tree pane, locate the MetaView Server object. It'll be at or near the bottom of the list.
3. Drill down as follows below the MetaView Server:
• click the "+" symbol to open the MetaView Server branch itself
• open the Users branch in the same way
• finally open the MetaView users branch.
4. Here's a sample of what your Tree pane might look like now:
5. As the screenshot illustrates, you're now looking at a list of the MetaView users configured
on this MetaView Server. Click on the user whose password you want to change. In this
example, to change the password for the demouser account (which I'd created earlier),
you'd click here:
6. Now turn your attention to the Details pane, at the right-hand side of the window.
324 CONFIDENTIAL
7. Enter a new password in both the New password and Confirm new password boxes.
8. Check the Account locked field. If it's set to True, that means the account has been locked
out due to too many login failures. Change it to False to allow the user to log in again.
Note: In the screenshot, the Account locked field isn’t editable because it’s already set to False.
Were it set to True, you’d see an editable drop-down in that spot.
9. Press the Apply button in the toolbar below the Tree pane to finalize your changes.
Checkpoint: You've reset this MetaView user's account. They should now be able to log on
using their new password.
CONFIDENTIAL 325
326
CONFIDENTIAL
Give a new user access to the Craft terminal
Introduction
Throughout this guide, we've been using your Metaswitch equipment's Craft terminals for
low-level administrative tasks. Each time you log on to a Craft terminal, you need to type in the
username and password belonging to a Craft user.
Sharing passwords between individuals is notoriously bad practice, so it's best for everyone
who uses the Craft terminal to have their own username and password. You can set up new
Craft users with MetaView Explorer.
Warning! Note, as a consequence of this, anyone with full access to MetaView Explorer has full access
to all the Craft terminals. They can simply create accounts for themselves if they choose to.
Craft users can also log on using SFTP, to transfer files to and from your servers. You don't
need to configure this separately - it comes automatically as a privilege of being a Craft user.
Craft users for Service Assurance Server

The procedure I'll describe in this Lesson applies to most of your servers. You can use it to
set up Craft users for the MetaView Server, Call Feature Server, Universal Media Gateway or
Integrated Softswitch, as well as for your Shelf Managers.
But the Service Assurance Server works differently. As I explained in Find your way around your
deployment on page 19, your Service Assurance Server might be deployed in either of two
ways: on the same hardware as your MetaView Server, or on its own hardware.
• If Service Assurance Server is on the same hardware as your MetaView Server, then the
two products share a Craft terminal. Giving someone access to the MetaView Server's
Craft terminal also gives them access to Service Assurance Server.
• If Service Assurance Server is on its own hardware, then it has a single Craft user account,
called defcraft. You can't create any extra Craft users in this configuration.
Start here
• use MetaView Explorer to set up a new Craft user.
Task 1: Add a new Craft User

Before you start this Task, take a moment to consider exactly which Craft terminals your new
Craft user needs to log onto.
Each of your servers and shelf managers have separate Craft accounts, so you may need to
work through this Task several times. For example, you might want to create Craft accounts
on all of your MetaView Server, Call Feature Server and Universal Media Gateway. You can give
all the accounts the same username and password, but you still have to create each of them
separately.
Note: You may notice that this process is very similar to adding a MetaView Explorer user, which
I covered in Give a new user access to MetaView Explorer on page 319. However, I'm still
going to go through it step-by-step. That's because some readers may need to refer to this
Lesson right at the start of their time with this guide, before they've gained any experience
with MetaView Explorer.
CONFIDENTIAL 327
1. Log on to MetaView Explorer, if you haven't already. You can find out how to do that in Log
in to MetaView Explorer on page 35.
2. In the Tree pane, locate the server or shelf manager for which you want to create a Craft
user.
3. Below that server or Shelf Manager:
• click the "+" button to expand the server or Shelf Manager itself
• expand the Users branch in the same way
• then click Craft users.
4. For example, if you're working with an Integrated Softswitch, your Tree pane will look
5. In the toolbar below the Tree pane, click Add sub-component.

6. You'll see this window...
Just click OK to confirm.

7. Now look at the Details pane on the right-hand side of the window.
328 CONFIDENTIAL
8. Fill in the obvious details.
• User name - this is the login name. It can only be up to 8 characters long, and it's
limited to letters, numbers, dots, underscores and hyphens.
• New password and Confirm new password - the normal security advice applies; use a
mix of letters, digits and punctuation. MetaView Explorer will carry out basic checks on
your password when you submit the form, and will tell you about any problems.
• User description - this is just for your own future reference; feel free either to fill it in or
to leave it blank.
• User security level - you should normally leave this at Administrator. If you set it to
Restricted, the new user will have very limited access to the Craft menu, primarily
to assist in diagnostic tasks. Throughout this guide, I'm assuming you have an
administrator account.
9. Check that you've completed the form correctly, then click the Apply button in the toolbar
below the Tree pane.
Your mouse pointer will briefly change to an hourglass.

10. When the mouse pointer goes back to normal, your new Craft user has been created. You
can now connect to the Craft terminal and log on, as discussed in Connect to the Craft
terminal on page 55.
Checkpoint: You've set up the new user for access to the Craft terminal.
CONFIDENTIAL 329
330
CONFIDENTIAL
Change a Craft terminal user's password
Introduction
We all forget passwords from time to time. If you've lost track of a Craft username or password,
you can recover from the situation using MetaView Explorer.
Start here
• change a Craft user's password using MetaView Explorer
• understand the special arrangements which apply to Service Assurance Server.
Task 1: Change a password using MetaView Explorer

Before you begin this Task, take a moment to think about exactly which passwords you need to
change. Remember - Craft accounts are separate on each of your servers and shelf managers.
For example, if you have a Craft account on both your Call Feature Server and your Universal
Media Gateway, you'll need to follow this procedure twice, even if the existing usernames and
passwords are the same.
Warning! This procedure applies to all your servers and shelf manager except Service Assurance
Server. For Service Assurance Server, check the next Task.
1. Log on to MetaView Explorer, if you haven't already. You can find out how to do that in Log
in to MetaView Explorer on page 35.
2. In the Tree pane, locate the server or shelf manager to which the affected Craft account
belongs.
3. Below that server or Shelf Manager:
• click the "+" button to expand the server or Shelf Manager itself
• expand the Users branch in the same way
• then finally expand the Craft users branch.
4. For example, if you're working with an Integrated Softswitch, your Tree pane will look
CONFIDENTIAL 331
5. As this screenshot illustrates, you're now looking at a list of the Craft users configured on
this particular server or shelf manager. So if your problem was just that you'd forgotten a
username... then you might now have your answer.
6. If you need to change a password, then - still working in the Tree pane - click on the
user whose password you want to change. For example, to change the password for the
demouser account, you'd click here:
7. Now turn your attention to the Details pane, at the right-hand side of the window.
8. Enter a new password in both the New password and Confirm new password boxes.
9. Check the Account locked field. If it's set to True, that means the account has been locked
out due to too many login failures. Change it to False to allow the user to log in again.
Note: In the screenshot, the Account locked field isn’t editable because it’s already set to False.
Were it set to True, you’d see an editable drop-down in that spot.
10. Press the Apply button in the toolbar below the Tree pane to finalize your changes.
Checkpoint: You've reset this Craft user's account. They should now be able to log on using
their new password.
332 CONFIDENTIAL
Task 2: Change the password for Service Assurance Server
As I explained in Give a new user access to the Craft terminal on page 327, Craft accounts
work a little differently for Service Assurance Server.
• If Service Assurance Server on the same hardware as your MetaView Server, then the two
products share a Craft terminal. In that case, resetting the password for the MetaView
Server's Craft terminal will also give the user access to Service Assurance Server. You don't
need to do anything more.
• If Service Assurance Server is on its own hardware, then it has a single Craft user account,
called defcraft. In that case, you can change the defcraft user's password by
following the steps detailed in this Task.
To change the password for the defcraft user (when Service Assurance Server is on its own
hardware), you need to know its existing password. If you don't know it - and nobody else
in your organization knows it - the only remaining option is to contact Metaswitch customer
support.
Assuming you do know the old password, you can change it as follows.
1. Using the old password, log on to your Service Assurance Server's Craft terminal.
2. Starting from the Main menu:
• select Admin, then
• select Change password.
3. Select OK when you're asked to confirm.
4. You'll be prompted to re-enter the old password, and then the new password, twice.
The change takes effect straight away, and you'll need to use the new password next time
you log in.
unauthorized access to your system.
5. As always, if you've finished with the Craft terminal, it's good practice to log out.
Checkpoint: You've changed the password for the Craft terminal on your Service Assurance
Server.
CONFIDENTIAL 333
334
CONFIDENTIAL
Keep in touch with new features
Introduction
Telecoms these days is a rapidly-evolving industry, and Metaswitch's products are evolving
too. From time to time, we'll release new versions of our core software - the code which
runs on components like your Call Feature Server and Universal Media Gateway. When a
release comes out, you can upgrade your system, and take advantage of the features and
improvements built into the latest version.
I'll talk about the actual process of installing an update in the next Lesson. But I realize that
upgrading your system is a big decision to make; you'll need to be sure that the benefits you'll
enjoy outweigh your (entirely justified) resistance to change. After all, I'm typing these very
words into my cherished copy of Microsoft Office 2003.
So how do you know what's on offer, when a new release arrives? That's the theme of this
Lesson.
Start here
• keep up-to-date with our product plans by watching a Product Roadmap webinar
• discover enhancements in a specific release by reading the What's New Guide.
Task 1: Watch a Product Roadmap webinar

To get a high-level view of our current and future product plans, you can't do better than our
Product Roadmap webinars. We host roadmap webinars every six months or so, and when
the next ones come around, it's well worth tuning into them live - they're the perfect chance to
ask questions about the features that matter most to you.
For now, though, you can catch up with recordings of the last set of webinars. Like most of our
videos and other resources, you'll find them on Metaswitch Communities.
1. If you don't know how to log on to Metaswitch Communities, Sign up for Metaswitch
Communities on page 9 gives you all the information you'll need.
2. The webinars are hosted by our Product Management team, who run the Product
Information space in the Support Community. As usual, you can find a link to the Product
Information space on the left-hand side of the homepage - here:
CONFIDENTIAL 335
3. Once you've landed on the Product Information page, you'll need to locate the webinars
themselves. Here's where they are at time of writing - not exactly subtle or difficult to find...
Of course, the exact look and layout of this page will change from time to time. But the
webinars are always among the top highlights!
4. The webinars cover our whole range of solutions, and our whole range of solutions is quite
large. To keep things manageable, we break them down into three separate sessions,
corresponding to our three strategic product areas.
Because you're running a Class 4 deployment, the webinar from our Switching and
Application Server team will be of most interest to you. There's also a regular webinar
on the Perimeta Session Border Controller, which you'll want to watch if you have
Perimeta in your network.
5. That's all you need to know. Go ahead, watch a webinar. Bring popcorn.
Checkpoint: You've watched a Product Roadmap webinar, and kept up to date on the strategic
plan for the Metaswitch product line.
Task 2: Find out What's New in the latest release

Our Product Roadmap webinars share our high-level vision for the next few releases, across
the whole Metaswitch product set. But when a particular new version hits the streets, you'll find
yourself asking a simpler question: "What's New?"
To answer that question, each release is accompanied by an overview manual, which we call
the What's New Guide. It summarizes, in a few pages, all the new features and enhancements
you'll get when you install that release. You can use the What's New Guide to decide whether
to apply an upgrade - or simply to find out what you should look for once the new software's
installed.
1. Once again, you'll find the What's New Guide on Metaswitch Communities.
336 CONFIDENTIAL
In fact, if you've worked through the previous Task, you've already seen a link to the latest
What's New Guide. Did you spot it? It's here:
You can follow that link, on the Product Information page, to read the What's New Guide
for the most up-to-date release.
2. Alternatively, you can find the What's New Guide among the rest of the manuals for the
release it covers. This is the best approach if you want to see What Was New in a previous
software version, or if you'd like to download the Guide as a handy PDF.
I'll talk more about manuals on Metaswitch Communities in Find detailed information in the
Metaswitch Support Community on page 347.
Checkpoint: You now know two different ways to find out What's New in a Metaswitch software
release.
CONFIDENTIAL 337
338
CONFIDENTIAL
Update your software
Introduction
Software always gets better as time goes by, and your Metaswitch products are no exception
to that rule. By installing selected updates when they become available, you'll keep your system
running smoothly and help resolve those inevitable occasional glitches. And of course, major
upgrades add new features too - building on past experience and helping you enhance your
service from year to year.
The exact procedures for installing an update vary according to the requirements of each
specific version. If I tried to delve into the details here, the information would be out-of-date
almost as soon as the ink hit the paper. But I will talk you through the general concepts - and
I'll show you where to go for comprehensive instructions, when you have a specific software
upgrade in mind.
Start here
• tell the difference between the various types of Metaswitch software upgrade
• work in acceptance mode - an important stage in many upgrade processes
• find out when new upgrades are available
• download step-by-step instructions for the upgrade to a particular version.
Task 1: Understand types of upgrade

Metaswitch upgrades come in three varieties. You'll definitely get to know the first two of these;
you may or may not ever come across the third.
• A major release is the type I talked about in Keep in touch with new features on page
335: one which introduces new functionality. Major releases change the version number,
for example V8.2 to V8.3. A particularly important major release might tick up the "big" part
of the version number - say from V8.3 to V9.0 - but for our current purposes, that's still just
another major release.
• A maintenance release doesn't add new features, but incorporates a series of fixes for
issues which have arisen across our customer base. Maintenance releases are identified by
an "SU" number (standing for "Service Update"), so for instance the second maintenance
release for V8.3 is V8.3 SU2.
• An e-fix or emergency fix is a resolution for a specific problem. You'll only apply an e-fix
if you need an urgent resolution for the problem it addresses.
The choice of when to upgrade is obviously yours, but it's worth knowing that we don't
recommend installing maintenance releases just so you're running the latest version of the
code. Typically, you'll upgrade to get access to new features, or - rarely - in response to a
specific issue.
Note: A full version number for a Metaswitch component is something like V8.2.00 SU2 P86.05.
"SU2", as I've mentioned, describes the maintenance release. "P86" simply encodes some
details about the environment the component's running in - it won't change from version
to version. The final number, ".05" in this example, refers to any e-fixes which have been
applied.
Checkpoint: You now understand the different types of upgrade.
CONFIDENTIAL 339
Task 2: Understand the service impact

According to my colleagues on the Support Team, the most common question before applying
an upgrade is... "How will the process affect my service?" If that's what's on your mind, I have
reassuring news.
• Upgrading your Call Feature Server, Universal Media Gateway or Integrated Softswitch
doesn't have a visible impact on your service. (If you're curious why that is, check back
in Understand hardware and software redundancy on page 87, for details of how an
upgrade takes advantage of a Software Protection Switch.)
You will, however, be without the protection of hardware redundancy while the upgrade's
in progress.
• Upgrading your Shelf Manager works the same way: its inbuilt hardware redundancy means
there's no interruption, either to your service or to your ability to manage it.
• Upgrading your MetaView Server or Service Assurance Server involves taking those servers
down for a short time. Because these servers aren't in the call path, this doesn't have
any effect that's visible outside your organization. However, you won't be able to access
MetaView Explorer or Service Assurance Server while the upgrade is in progress.
Checkpoint: You now recognize the impact an upgrade will have on your system.
Task 3: Understand acceptance mode

Acceptance mode is another term you'll often hear us use as we discuss Metaswitch
upgrades. Acceptance mode is a short period - typically a week - after you've upgraded to a
new version, but before you're fully committed to it.
To explain how acceptance mode works, let's suppose you're upgrading from V8.2 to V8.3.
After completing all the formalities, you go ahead and upgrade all of your servers. Your whole
system's now running V8.3 code. So you've got a V8.3 system - right?
Well, sort of. Right now, you've got V8.3 software but you're running a V8.2 service. As far as
your customers, partners and administrators can tell, nothing whatever has changed, because
all the exciting new features we added in V8.3 are still hidden away.
In a nutshell, that's acceptance mode.
To see why acceptance mode's a good idea, imagine that a few hours later, an issue comes
up - perhaps the new code is not compatible with something unique in your network topology.
Obviously, we don't plan on this happening... but we're all grown-ups here, and we know that
occasionally things do go wrong.
As long as you're still in acceptance mode, that's a drama but it isn't a crisis. You can simply
roll back to V8.2, putting everything back the way it was before with no impact on your service.
You'll then work with Metaswitch support to get to the bottom of the issue and find a safe way
to return to V8.3.
Once you've left acceptance mode, reverting to an earlier software version is a much bigger
deal. You might have rolled out new features which you need to suspend, or you might have
made configuration changes which aren't compatible with the previous version. Under the
covers, it's possible that some databases or other data stores have been upgraded in a way
that causes problems for the old release.
It is still possible to roll back after leaving acceptance mode, by restoring a configuration
snapshot. But it's a far more disruptive process, it may include a brief service interruption, and
you'll lose any work you've done on your system in the meantime.
Note: Not all upgrades involve a period in acceptance mode. An e-fix, for example, usually won't.
Checkpoint: You now understand what acceptance mode is, and why it's a good idea to use it.
340 CONFIDENTIAL
Task 4: Be told when an upgrade is available
You now know about the types of upgrade available, but how can you tell when there's one
ready to deploy? Well, you'll hear the news in all sorts of ways: from your support contact, in a
newsletter, or even at an event like the Metaswitch Forum. But the one sure-fire way to stay in
the loop is by keeping an eye on Metaswitch Communities.
Every release is announced in the Support Community Knowledge Base - and we can let you
know when new information's posted there. In this Task, I'll show you how.
1. Log on to Metaswitch Communities, and go to https://communities.metaswitch.com/
community/support/kb/upgradesreleasesandpatches:
2. Take a moment to have a look round this page.

• As you'll see, it covers upgrade availability across all of Metaswitch's product lines -
including several packages which won't be of interest to you. In a Class 4 deployment,
for instance, you can ignore anything to do with MetaSphere EAS. Focus instead on the
lines which mention CFS (the Call Feature Server), UMG (the Universal Media Gateway)
or the Integrated Softswitch.
• For each release of those products, there's an Upgrade Advisory which you can click
and read. For example, here's the one for V8.3...
• And while you're on this page, be sure to check out the Upcoming maintenance release
schedule, which tells you in advance when you should expect to see maintenance
releases for your particular software version.
3. So all the information's on this page, but how do you know when there's something new
to read? The best way is to sign up for notifications, which you can do using the Actions
panel at the bottom of the left-hand column. Find it here, at the bottom of the page:
CONFIDENTIAL 341
And here's a close-up of what it looks like:
4. Click Receive email notifications, and you'll sign up for a message every time anything
new is posted to this page.
When you click it, the link will change to Stop email notifications - and nothing else seems
to have happened. Don't worry, it's worked! You'll start receiving emails the next time
there's something new.
Note: The similar option Follow this space adds the updates to your personal homepage on
Metaswitch Communities, without emailing you. You might prefer that approach if you already
log on regularly.
5. By the way, you can Receive email notifications for most pages on Metaswitch
Communities. Use the button any time you want to keep an eye out for updates to a
particular page.
Checkpoint: You're now receiving an email every time there's an announcement about a new
software version.
Task 5: Find a specific upgrade procedure on Metaswitch Communities

If you're considering installing a particular upgrade, your next step's to research exactly what
the process will involve. You'll want to know things like:
• How long will it take?
• Will it have any impact on users of my service?
342 CONFIDENTIAL
• Do I need any help from my colleagues or from Metaswitch?
• How do I recover if something goes wrong?
• And perhaps most importantly, what will I actually have to do?
Happily, the answers to all these questions are in a single documented procedure, which you
can read on the Metaswitch Communities website. Let's find out how.
Note: There's a little terminology to explain here. Metaswitch uses the phrase Method of
Procedure, or MOP, to refer to a sequence of steps to accomplish a particular task -
potentially on many different occasions and in many different environments. Most other
vendors describe this as a Standard Operating Procedure or SOP.
1. Log on to Metaswitch Communities. (Don't have an account, or forgotten how to log on?
Check out Sign up for Metaswitch Communities on page 9.)
2. From the main menu on the left-hand side, choose MOPs (Methods of Procedure).
You'll be looking at this page.
CONFIDENTIAL 343
3. Scroll down the page a little until you find the list of Upgrade MOPs, illustrated below. It's a
long list, so I haven't shown you all of it! Assuming that you're upgrading to a comparatively
recent version, you'll find the most relevant MOPs towards the end.
4. Find the Upgrade MOP for the version you require.

• If you're installing a major release, use the Upgrade MOP for the version you are
upgrading to. For instance, if you are upgrading from V8.0 to V8.1, use the V8.1
Upgrade MOP.
• If you're installing a maintenance release or e-fix, use the Upgrade MOP for the
underlying version. For example, to install V8.1 Service Update 2, you would again use
the V8.1 Upgrade MOP.
Note: Some older software versions, for example V7.0, had two separate upgrade MOPs: a “Core
Upgrade MOP” for the initial upgrade to the release in question, and a “Service Update MOP”
to apply maintenance releases and e-fixes. For more recent versions, however, there is just a
single “Upgrade MOP” which covers both cases.
5. As you read through the MOP, bear in mind that some specific clauses may not apply to
your system. For example, if you have a newer deployment running on CH6000-series
hardware, then anything discussing the older 2510/3510 hardware is irrelevant to you.
Checkpoint: You have found the specific procedure for the upgrade you want to perform, and
understand the prerequisites and consequences of carrying it out.
Task 6: Kick off the upgrade process

Armed with the information you've gathered in Task 5, you can go ahead and carry out your
upgrade!
...whoa, no - not quite so fast. Before you go ahead, there are a number of double-checks and
queries we run here at Metaswitch, just to be absolutely certain there aren't any compatibility
issues or other dependencies.
So your next step is to contact your Metaswitch support rep, as I've described in Raise a
ticket with Metaswitch Support on page 267. Our dedicated upgrade team will be in touch -
typically within a week - with an upgrade path to review, and any essential further questions.
They'll also provide the updated code itself, usually by uploading it to your system during a
maintenance window.
344 CONFIDENTIAL
Once that's done, they'll get back to you with final confirmation of the upgrade procedure,
and specific information on how to contact us if you have any questions during the work.
Occasionally, they'll also need to book time from our Out Of Hours support service, if there are
any steps which require assistance from Metaswitch,
When the appointed hour comes, simply work through the procedure you identified in Task 5.
Then enjoy your upgraded system!
Checkpoint: You now know how to plan and carry out a software upgrade.
CONFIDENTIAL 345
346
CONFIDENTIAL
Find detailed information in the Metaswitch Support Community
Find detailed information in the Metaswitch Support
Community
About this Lesson
We've already visited the Metaswitch Support Community a few times - for example, when
you learned to raise a ticket with your support representative, or to ask for help from fellow
members. The Community's great for interactive tasks like those! But there's a wealth of
reference material there for you, too.
To help you find your way around these reference topics, you'll see this navigational box on the
Support Community's homepage.
I've already talked about one of these options, the Troubleshooting Guides, in Troubleshoot
common problems on page 257. In this Lesson, I'll briefly introduce you to the other three
choices - and explain the types of information you can find under each of them.
Start here
• consult the product manuals for detailed information
• find a MOP containing step-by-step instructions for day-to-day tasks
• check the Knowledge Base for additional advice and expertise.
Task 1: Log on to the Support Community

I know I'm repeating myself here, but the last time you connected with the Support Community
was a few Lessons ago. So just in case you don't remember... here's how to get there.
1. Log on to Metaswitch Communities. If you don't have an account or you've forgotten how
to log on, Sign up for Metaswitch Communities on page 9 will remind you.
If you're already logged in, you can click Metaswitch Communities in the breadcrumbs at
the upper left of the screen to go back to the homepage.
2. From the Communities homepage, choose the Metaswitch Support Community - the first
CONFIDENTIAL 347
Checkpoint: You're logged on to the Metaswitch Support Community.
Task 2: Consult the product manuals

First of all, let's take a look at our manuals.
When Metaswitch uses the word "manual", we have a specific type of document in mind - a
comprehensive reference guide, which covers every aspect of a particular part of your system.
That makes the manuals a great place to look for advanced technical details (and conversely,
not the best choice when you're just getting up to speed).
Metaswitch products are large and sophisticated, so there are lots of manuals to go with them.
There's a whole section of the Support Community dedicated to finding your way around them.
1. Right now, you should be looking at the Support Community homepage.
Scroll down a short way, and find the box I mentioned a moment ago:
2. Click the link for the Manuals.

You'll see this page.
348 CONFIDENTIAL
3. Scroll down a little. Just below the bottom of this screenshot, you'll find a three-step
questionnaire, which helps link you up with the manuals you need.
4. In step 1, you can choose which group of manuals you want to see. Normally you can leave
this at the default, MetaView CFS, UMG, AGC and MRS.
5. In step 2, you can choose a product version. As you'd expect, each release of the
Metaswitch product lines comes complete with a new release of the manuals - so to be
sure that you're looking at the correct information, you need to choose a specific version
here.
CONFIDENTIAL 349
6. Once you've picked a release (V8.3 in this example screenshot), you can optionally click
Set as preferred version.
Why bother to set a preferred version? It saves yourself a few mouse-clicks next time, but
it also lets Communities warn you if you ever end up in the wrong place. Once you've set a
preferred version, if you're looking at a manual page for a different release, you'll get a clear
message at the bottom of your screen:
7. Picked a version? Then move on to step 3 of the questionnaire, and choose the particular
manual you want to read.
You've got a choice of two ways to read it:

• click the manual name itself to browse online
• or use the Download link on the right to grab the whole thing as a PDF.
8. Choose whichever works best for you!
9. In this Task, I've just given you a quick overview of the most important points. If you spend
a lot of time working with the manuals, be sure to have a look here:
350 CONFIDENTIAL
The arrow in that screenshot is pointing to the Guide to our online manuals. (Yes, really,
there's a manual for the manuals - we take being "Meta" very seriously). That's where you'll
find all the details and power-user tips, including techniques for searching within individual
manuals and bulk-downloading batches of PDFs.
Checkpoint: You now know how to find and work with Metaswitch manual sets.
Task 3: Follow a Method of Procedure (MOP)

Next up, let's see where to find our database of procedures, referred to in Metaswitch
terminology as MOPs. We've had a brief look at MOPs already, back in Update your software
on page 339 - but as well as upgrades, you can find procedures for a wide variety of tasks in
the Support Community.
Note: Before we go on, I need to remind you of a terminological oddity. Metaswitch uses the phrase
Method of Procedure, or MOP, to refer to a sequence of steps to accomplish a particular
task - potentially on many different occasions and in many different environments. Most other
vendors describe this as a Standard Operating Procedure or SOP.
1. Locate this box again:
...and this time, choose MOPs.

You'll be on this page.
CONFIDENTIAL 351
2. Scroll down the page, and take a look at the breadth of MOPs available. At time of writing,
there are 217 individual MOPs on the page...
But that's not quite as intimidating as it sounds, because they're divided into categories to
help you find the right one. In the screenshot above, for instance, you can just see the start
of the categories covering Setup and Install and Networking.
Note: Like the Troubleshooting Guides I discussed in an earlier Lesson, the MOPs cover the full
range of Metaswitch offerings, including many services which aren’t relevant to Class 4
deployments. So don’t be surprised when you see references to features, terminology, and
even whole products that are unfamiliar to you.
3. As an alternative to scanning through the lists, you can type a few words into the Search
box at the top of the page:
4. However you arrive at a particular MOP, you'll find it has a standard format designed to help
you run straight through the task, and requiring a minimum of background knowledge. A
typical MOP contains these sections:
• Planning for the procedure - describing any prerequisite steps, or information you need
to collect.
• Method of procedure - the detailed step-by-step instructions for carrying out the task.
• Verification procedure - advice on how to confirm that you've completed the task
successfully.
• Backout procedure - how to reverse the process if something goes wrong.
• Next steps - with pointers to any follow-up tasks you might consider once you've
completed this one.
5. Take a moment now to look at a couple of MOPs, and familiarize yourself with how this
sequence of steps hangs together.
Checkpoint: You now know what Metaswitch means by the term "MOP", and how to find and
follow a MOP on the Support Community.
Task 4: Check the Knowledge Base

For the last stop on our quick tour of the Support Community, let's call at the Knowledge
Base or KB.
I could try to spin you a line about the philosophy underpinning the KB, but let's be honest -
it's the "miscellaneous" section, containing all those little pieces of crucial information which
don't quite fit elsewhere. You'll find a true wealth of knowledge here, ranging from background
primers on Metaswitch concepts to quick tips that help you save time when managing your
deployment.
1. Once again, to find the KB, track down this box on the Support Community homepage...
352 CONFIDENTIAL
...and click the final link, Knowledge Base.
Here's what you'll see.
2. Just like the MOPs, you can search the KB using the box at the top:
3. But if you want to have a look around, you really need the tree-view over on the left hand
side. Go ahead, open up a few branches and see what nuggets of knowledge you find.
(Start by expanding CFS, AGC, IS, UMG and MRS - what a mouthful that is - to get into
the part of the Knowledge Base that's most relevant for Class 4.)
CONFIDENTIAL 353
4. Sometimes, your support rep or another Metaswitch user might give you a Communities
QuickLink. A QuickLink is just a shortened reference to a KB page, to save having to type
or send a full URL.
If you've been given a QuickLink, type it into the labeled box at the very top of the
Communities page - here:
Try it out now! Go to QuickLink 9172 to read some time-saving tips for MetaView Explorer.
Checkpoint: You now know how to find your way around the Knowledge Base. And that
was the last task of this Lesson, so you're pretty much up-to-speed on the whole Support
Community!
354 CONFIDENTIAL
Check interoperability in the Metaswitch Mosaic Community
About the Mosaic Community
We've spent a lot of time lately in the Metaswitch Support Community - but as I explained
way back at the start of this guide, that's just one of the four communities making up our self-
support website. In this Lesson, I'll be dipping into the Mosaic Community, which helps you
build a complete service out of a "mosaic" of Metaswitch and third-party kit.
The cornerstone of the Mosaic Community is its interoperability database. That's where you'll
find a comprehensive archive of test results, recording the results of interop testing between
Metaswitch products and a wide range of third-party components. It's a great resource to
use when you're designing a multi-vendor deployment - or simply to check the best way to
configure your systems for optimal interoperability.
In this Lesson, I'll show you how to check the interoperability database, and how to raise an
interoperability case if there's a specific test you'd like us to do.
Note: Most of what you'll find in the interoperability database relates to VOIP protocols, and
particularly to SIP phones (which, of course, won't feature in your Class 4 deployment).
That simply reflects what our customers ask us for: VOIP is less mature than TDM, so
interoperability tends to be a greater concern. Don't be put off though! You're very welcome
to raise cases for non-SIP devices.
Start here
• check the interoperability database in the Mosaic Community
• raise an interoperability case, asking us to test a specific product combination.
Task 1: Check the Interoperability Database

First of all, let's take a look at the interoperability database itself.
Note: If you've got a good memory, you may find a lot of this Task familiar. We've already worked
with the database in an earlier Lesson, Select a Remote Media Gateway Model for a SIP
trunk on page 155.
1. Just like you've done in the past few Lessons, log on to Metaswitch Communities - or if
you're already logged on, click Metaswitch Communities in the breadcrumbs in the upper
left of the screen to go back to the homepage.
2. In previous Lessons, we've always gone into the Metaswitch Support Community at this
point. But we're doing something different now!
This time, choose the Metaswitch Mosaic Community - the second community in the list
you'll see in the middle of the homepage.
CONFIDENTIAL 355
3. You're looking now for the option to Search the Interop Database.
I'll admit, at time of writing, the link doesn't stand out quite as much as you'd expect it to.
Look for it near the top of the main Mosaic page, here:
4. You should now be looking at this search form. (If you don't see all the options I've shown
below, click the Show Advanced Options link next to the Search button.)
356 CONFIDENTIAL
5. From here, you can search for the particular device you want to check on.
I talked about this process in a little more detail back in Select a Remote Media Gateway
Model for a SIP trunk on page 155 - so for now, I'll just highlight the Device Type option.
Device types of relevance to Class 4 environments include:
• Network / Trunk Gateways
• Network / Session Border Controllers
• and the various Operations types, which include things like management platforms and
billing systems.
6. Go ahead and take a look for any third-party components which make up your system.
Checkpoint: You now know how to find and search the Interoperability Database.
Task 2: Request an Interop Case

What if your search of the interoperability database draws a blank? In that case, with the
cooperation of the third-party manufacturer, you can create an Interop Case to ask for help
from Metaswitch.
An Interop Case is simply a request to have a piece of equipment added to the interoperability
database. If your case is accepted, Metaswitch will work with the third party to complete the
necessary testing, before publishing the results.
1. Before you can request an Interop Case, you'll need to speak to the equipment manufacturer
and establish a named liaison contact. You'll need to provide your contact's email address
when you request the Case.
2. Once you have the manufacturer's contact details, return to the Mosaic Community. This
time, you want the Request an Interop Case link:
CONFIDENTIAL 357
3. A wizard will guide you through the information we need to consider your case. Here, for
example, is a screenshot of the first page.
4. Once you've completed your request, it'll be considered by our Interoperability Testing
Group, who'll get in touch with you to let you know their conclusions.
Checkpoint: You now know how to request a new addition to the interoperability database.
358 CONFIDENTIAL
Get further training
Introduction
We've reached the very last Lesson of this guide, and by now you're a proficient technician for
your Class 4 system. Congratulations on making it this far! And I hope you'll enjoy many years
of reliable service from all your Metaswitch products.
But perhaps you're not ready to stop here? In this final chapter, I'll explain how to get further
training from Metaswitch - either in a classroom, or online on our Communities website. And
at the very end, I'll outline the best way to earn recognition for your hard work, by stepping up
and becoming certified.
Start here
• find your way to the Training & Certification Center on Metaswitch Communities
• see and book upcoming training courses
• watch free, self-paced training videos
• find out more about the options to become certified by Metaswitch.
Task 1: Find the Training & Certification Center

Training has its own home in Metaswitch Communities - the Training & Certification Center.
You might be visiting it often over the next few months, so I'll show you a shortcut to get there!
1. As usual, you'll need to log in to Metaswitch Communities.
2. Once you're on the home page, find and click Training & Certification in the sitemap on
the left-hand side.
Note: By the way, there are shortcuts to all the important sections I've discussed in this guide, right
there in the sitemap. Now that you know your way around Metaswitch Communities, it might
save you some time if you use them.
Checkpoint: You've found your way to the Training & Certification Center.
CONFIDENTIAL 359
Task 2: Find and book a training course

First of all, let's take a look at the instructor-led training classes you can book through the
Training & Certification Center. These courses are run in person, and give you all the personal
attention and hands-on expertise you'll need to take your knowledge to the next level.
1. From the Training & Certification Center, click the Quick Link to Training Calendar you'll
see on the left-hand side. I've picked it out in the screenshot below:
2. On the new page you'll see, scroll down a little and find the training calendar - a list of all
the upcoming courses available for you to book.
3. Needless to say, you can click any Course Name to find out more about what you'll learn.
As well as obvious details like the Start Date and Duration, remember to check the Location.
When I took the screenshot above, the next few courses were all in North America, but we
also hold regular sessions in Enfield on the outskirts of London.
360 CONFIDENTIAL
4. If you're ready to go ahead and book a course, you want the button labeled Book now
on My Learning just below the training calendar. This will take you across to our separate
booking system (called My Learning), where you can enroll for a specific course session.
Note: To pay for courses you book, you’ll need to use training credits. You can order training credits
from your account representative, just like Metaswitch hardware or licenses.
5. Alternatively, if you'd like to check our complete roster of courses - perhaps to see whether
there's a specific one worth waiting for - click the Course Descriptions link. It's over on the
left-hand side of the page, in the box I've highlighted below.
Checkpoint: You now know how to find and book onto an upcoming training course.
Task 3: Get training online

Classroom courses aren't the only kind of education you can find in the Training & Certification
Centre! We've also collated a wide range of self-paced materials, which you can study in your
own time and at your own workplace.
Unlike instructor-led courses, you don't need to book these - you can dip into them at any time.
So let's take a look at them now.
1. Head back to the front page of the Training & Certification Center. An easy way to do that
is by clicking the Training & Certification link, in the breadcrumb trail just below the blue
header bar.
2. Once you're back at the Training & Certification Center, find the following box on the left-
hand side (you may need to scroll down a little):
CONFIDENTIAL 361
3. Click on Self-paced training, which I've highlighted in the screenshot above.

4. Scroll down, and take a look at the range of self-paced courses available.
You'll find that it's quite a mixed group! Some of the self-paced modules are short videos
demonstrating single tasks, while others are complete training presentations like this one:
What they have in common, though, is that you can complete them all online from your web
browser - and that they're all free.
Checkpoint: You now know how to find and watch our self-paced training modules.
362 CONFIDENTIAL
Task 4: Learn about certification
I hope you're proud of the knowledge you've gained through this guide... and if you are proud,
then why not show it off to the world? Certification from Metaswitch is the best way to
demonstrate your accomplishments, and makes a valuable addition to any resume or LinkedIn
profile.
As you'd expect, the requirements for certification are demanding - but if you've worked through
the whole of this guide, then you're very nearly there. Getting certified is a two-stage process:
• a theory exam, which you can take whenever you're ready, with no pre-booking and no
charge
• a practical lab exam, which you'll take by pre-arrangement and on payment of a fee.
These are open-book exams - you're allowed to use your notes or refer to our procedures,
just like you are in the real world. And, don't worry, there's no need to travel to a testing center,
because you can take both exams online.
If you'd like to be one of the very first people to gain the Class 4 certification from Metaswitch,
you can read all about it in the Training & Certification Center. Get started by clicking this
button...
CONFIDENTIAL 363
...and just follow the links from there. Good luck with your studies! And I'm looking forward to
seeing your name on our list of certified engineers.
Checkpoint: That's it! The final Task of the final Lesson. Our work here is done.
364 CONFIDENTIAL
Let us know what you thought about the guide
Let us know what you thought about the guide
Introduction
After more than 60 Lessons and almost 100,000 words, we've finally reached the end of this
guide! I hope that you've enjoyed the journey, and that you're looking forward to flying solo with
your new Metaswitch deployment.
But was there anything missing from this guide - or any particular Lessons you didn't find so
clear? If so, please do take a moment to drop us a line. We'll be updating this guide as time
goes on, and your feedback could make all the difference for future readers.
Or even if you've nothing particular to suggest, why not send a quick email to let us know
you've been using the guide? We'd love to find out exactly where it's being read around the
world. You'll find our contact details on the next page.
And that, for now, is all from me. Goodbye, and good luck.
CONFIDENTIAL 365
Tell us what you think!
Metaswitch are interested to know what you think about this Learn How To Guide. If
you have any feedback, or you spot any inconsistencies while using it, please don’t
hesitate to contact us.
You can send any general comments or report any specific issues to: LHTfeedback@
metaswitch.com.
Thanks for your time on this; your support will help us to make these guides better
and even more useful for you!
CONFIDENTIAL

Learn How To: Get Started With Your Softswitch: Switching Basics

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Learn How To: Get Started With Your Softswitch: Switching Basics

Uploaded by

Copyright:

Available Formats

Learn How To

Get Started With

This manual is issued on a controlled basis to a specific person on the

Metaswitch and the Metaswitch logo are trademarks of Metaswitch Networks.

Learn How To Page

Get to grips with the guide.....................................................................................................7

Sign up for Metaswitch Communities.....................................................................................9

Find your way around your deployment................................................................................19

Find your way around your network......................................................................................25

Configure your software

Install MetaView Explorer......................................................................................................31

Log in to MetaView Explorer.................................................................................................35

Find your way around the object tree....................................................................................41

Work with objects in MetaView Explorer...............................................................................49

Connect to the Craft terminal...............................................................................................55

Find your way around Craft..................................................................................................61

Transfer files to and from a server.........................................................................................65

Take a manual backup.........................................................................................................71

Set up automatic backups...................................................................................................75

Restore your system from a backup.....................................................................................83

Understand hardware and software redundancy..................................................................87

Maintain your hardware

Get to know your hardware..................................................................................................91

Replace your fan filters.......................................................................................................105

Learn How To Page

Replace a failed hardware component................................................................................113

Work with logs...................................................................................................................119

Work with alarms................................................................................................................129

Be notified about logs and alarms......................................................................................139

Configure a SIP trunk.........................................................................................................149

Select a Remote Media Gateway Model for a SIP trunk......................................................155

Configure SS7 links............................................................................................................173

Configure an ISUP media channel......................................................................................187

Set up an ISDN trunk.........................................................................................................195

Download billing files..........................................................................................................205

Interpret billing files.............................................................................................................209

Use your Service Assurance Server

Get a certificate for your Service Assurance Server.............................................................213

Learn How To Page

Link your Service Assurance Server and MetaView Server..................................................223

Set up access to Service Assurance Server........................................................................229

Check a call in Service Assurance Server...........................................................................233

Track the steps of call processing in Service Assurance Server...........................................241

Export a call record for further analysis...............................................................................247

Keep your Service Assurance Server running smoothly......................................................251

Troubleshoot common problems........................................................................................257

Get help from other members of Metaswitch Communities.................................................261

Raise a ticket with Metaswitch Support..............................................................................267

Call 24x7 support...............................................................................................................275

Diagnose network problems by snooping IP trace..............................................................277

Obtain API trace for your support representative................................................................281

Track down who made a configuration change...................................................................287

Record call media...............................................................................................................291

Check IP connectivity using ping and traceroute................................................................299

Gather diagnostics for an ongoing problem........................................................................303

Gather diagnostics for a historical problem.........................................................................307

Switch to the warm standby MetaView Server....................................................................311

Learn How To Page

Manage your Support VPN.................................................................................................315

Manage user accounts

Give a new user access to MetaView Explorer....................................................................319

Change a MetaView user's password.................................................................................323

Give a new user access to the Craft terminal......................................................................327