You are on page 1of 60

Media Application Server

Fundamentals
Release: MAS 14.0
Document Revision: 02.01

www.nortel.com

NN44473-101
.
Media Application Server
Release: MAS 14.0
Publication: NN44473-101
Document release date: 2 July 2010

Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

While the information in this document is believed to be accurate and reliable, except as otherwise expressly
agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF
ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are
subject to change without notice.

Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.

All other trademarks are the property of their respective owners.

.
3
.

Contents
New in this Release 7
Features 7
Other changes 7

Introduction 9
About MAS 9
Related books 9

Overview 11
Media Application Server 11
Network deployment options 11
Supported platform 12
License requirements 12
Web based configuration and management features 12
Packaged application support 13
Session Initiation Protocol features 13
Media processing features 13
Audio and video codecs 14
Playing and recording audio 14
Digit collection and relay methods 15
Conferencing 15
Media security 15
Media Quality of Service 15
Report generation 15
Content store 16
MAS security features 16
Conferencing services and MLPP 16

Administration 19
Element Manager overview 19
Navigating Element Manager 20
Interface features 21
Basic interface operation 22
Central authentication, authorization, and auditing 23
UCM security server roles 24

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
4

RBAC concepts 25
Policies 30
Limit access control views 31
Certificates 31
Element status and operational controls 33
Element Status 33
Starting, stopping and restarting 33
Operational states 34
Cluster configuration and status monitoring controls 34
Cluster configuration 34
Cluster status 34
License management 34
Server licensing 35
Nodal licensing 36
Signaling configuration 36
SIP configuration 36
Media configuration 36
Quality of Service 37
Audio codecs 37
Video codecs 38
Digit relay (DTMF) 38
Media security 39
Monitoring and logging global configuration support 39
Monitoring 39
Logging 41
Application management 43
Packaged applications 43
Reporting 44
Backup and restore 44
General settings 44
Backup Tasks 44
Restore 45
Backup Destination 45
History logs 45
Media management 46
Advanced settings 46
Disaster recovery 47

Configuration fundamentals 49
Initial security configuration 49
MAS configuration work flow 49
License configuration work flow 50
Network management protocol configuration 51
SNTP 51

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
5

SNMP 51
SOAP 52
Connection security 52
Network configuration 52
IP address assignment and traffic classes 52
QoS audio and video DSCP settings configuration 53
QoS monitoring and alerting configuration 53
SIP configuration work flow 53

Terminology 55

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
6

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
7
.

New in this Release


The following section details what’s new in Media Application Server
Fundamentals for release MAS 14.0:
• "Features" (page 7)
• "Other changes" (page 7)

Features
The feature impacting this document in MAS 14.0 isthe MAS on a Linux
platform. Feature related changes can be found in the following sections:
• "MAS security features" (page 16)
• "Supported platform" (page 12)

Other changes
There are no other changes in this document related to the MAS 14.0
release.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
8 New in this Release

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
9
.

Introduction
This document describes the fundamental topics for Media Application
Server (MAS).

Navigation
• "Overview" (page 11)
• "Administration" (page 19)
• "Configuration fundamentals" (page 49)
• "Terminology" (page 55)

About MAS
The MAS provides a robust, scalable software platform for hosting
multimedia applications. The platform is designed for generic multimedia
processing, and is based on standard open protocols.

Related books
The following books provide more details on the MAS:
• Media Application Server Troubleshooting (NN44473-700)
• Media Application Server Documentation Roadmap (NN44473-100)
• Media Application Server Overview - Services and Features
(NN44473-102)
• Media Application Server Deployment and Engineering Guide (SEB
08-00-033)
• Media Application Server Configuration (NN44473-500)
• Media Application Server Administration and Security (NN44473-600)
• Media Application Server Fault Management (NN44473-702)

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
10 Introduction

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
11
.

Overview
This chapter provides an overview of what you need to know to work with
the Media Application Server (MAS).

Navigation
• "Media Application Server " (page 11)
• "Network deployment options" (page 11)
• "Supported platform" (page 12)
• "License requirements" (page 12)
• "Web based configuration and management features" (page 12)
• "Packaged application support" (page 13)
• "Session Initiation Protocol features" (page 13)
• "Media processing features" (page 13)
• "Report generation" (page 15)
• "Content store" (page 16)
• "MAS security features" (page 16)

Media Application Server


The Media Application Server (MAS) is a software based, media
processing server. All media processing is performed in software on the
host CPU(s). The MAS architecture facilitates unique scalability for all core
functions of the platform, including signaling, application execution, content
management and media processing.

Network deployment options


Your network can be configured as a standalone system or as a cluster of
multiple servers.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
12 Overview

Configure the following aspects of your network from the appropriate


pages in Element Manager (EM):
• Cluster configuration (primary, secondary, standard)—see "Cluster
configuration and status monitoring controls" (page 34)
• SIP configuration (general settings, domains and accounts, nodes and
routes—see "SIP configuration" (page 36)

Supported platform
MAS is installed on one of the the following hardware types supplied by
Nortel:
• IBM HS21 (8853) with 1 or 2 hard disks and a minimum of 2GB RAM
• IBM HS20 (8843) with 1 or 2 hard disks and a minimum of 2GB RAM
• Langley HT

With the release of MAS 14.0, only the 64-bit version of Red Hat Linux is
supported, which requires compatible 64-bit hardware.

License requirements
Your maximum number of simultaneous active sessions is determined by
the number of purchased licenses. Applications will not function if they are
installed without the proper licensing.

MAS supports the following licensing models:


• Nodal licenses

Web based configuration and management features


Element Manager (EM) is a web-based administration tool that facilitates
the configuration and management of MAS.

EM allows control of the following:


• Licensing configuration
• System operational state management
• Alarm and event log viewer
• Alarm and event log configuration and filtering
• Clustering configuration
• Backup and restore
• SNMP and Syslog support
• Network multi-netting and traffic classes
• Monitoring of:

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Media processing features 13

— Advanced (including Component Status, Advanced Protocols,


Troubleshooting Archive Generator and Security Logs)
— Active sessions
— Operational measurements
— Session detail records
— Protocols

Packaged application support


Packaged applications are off-the-shelf applications. You can manage and
configure these applications using Element Manager.

A packaged application is installed and configured using its own installer.


The installer adds application configuration data and translations to the
MAS. As part of the installation process you need to configure license keys
for all packaged applications.

Session Initiation Protocol features


The MAS platform supports Session Initiation Protocol (SIP) for call and
session signaling. SIP provides a standard means to establish sessions,
negotiate capabilities, invoke applications, and exchange data with MAS.
SIP signaling provides generic session establishment.

The MAS platform uses SIP Transport Layer Security (TLS) for
securing SIP signaling. MAS manages a list of trusted network sources,
and signaling from non trusted sources route to a network proxy for
authentication. MAS supports a SIP trunking mode that allows reuse of
connections to and from network proxies for subsequent calls to reduce
the overhead of TLS signaling.

SIP routes define all SIP proxy and SIP registrar servers a MAS node
can communicate with. MAS uses SIP routes designated as a SIP proxy
server for routing outbound SIP requests for outbound traffic load sharing
and failover. MAS registers applications with all configured SIP registrars.
Registration is optional based on your MAS configuration and digest
authentication support.

Media processing features


MAS supports text, audio and video for most multimedia processing
features. The system is capable of streaming audio and video in a variety
of codecs and formats, fully synchronized from the server, unbuffered and
in real-time. The system can deliver text through both instant messaging
and web push methods.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
14 Overview

Audio and video codecs


MAS supports the following audio codecs:
• ITU-T G.711 a-law & µ-law
• ITU-T G.729A

MAS supports the following video codecs:


• NNVC (DIVX-4)
• H.263, H.263+, H.263++

Transcoding audio
MAS can transcode to and from the following audio formats:
• Linear 16-bit PCM, 8KHz Mono
• Linear 8-bit PCM, 8KHz Mono
• G.711 alaw
• G.711 ulaw
• G.729

Playing and recording audio


MAS can stream media files (also called prompts or announcements) in all
supported codecs. These files are not limited to audio.

VCR controls are available for controlling media playback


• Pause: suspend the existing request
• Resume: continue the existing request
• Adjust positive: skip ahead a specific number of milliseconds within the
existing request
• Adjust negative: skip backwards a specific number of milliseconds
within the request
• Stop: cancel the existing request

Media files are cached locally on the system and are transcoded into
temporary files. Subsequent requests for the media file use the transcoded
file and are packetized without further processing.

Files that surpass a configurable “hit” rate are pulled into memory in their
post transcoded form and packetized directly. An uncached file that is not
eligible for caching, is transcoded in real-time.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Report generation 15

Digit collection and relay methods


MAS supports the most popular SIP INFO Digits formats and
RFC2833/4733 for digit relays. SIP INFO and RFC2833/7433 are fully
configurable, including preference rank.

Conferencing
MAS supports multimedia conferencing for audio and video streams in
large and small conferences.

The conferencing algorithm uses mixing, which means that you can hear
up to four parties simultaneously. Each channel runs a voice activity
detector (to determine speech vs. background noise), an automatic gain
control algorithm, and a dynamic jitter buffer with compaction and packet
loss concealment.

Media security
Media security provides the ability for the MAS to secure media streams
with cryptographic protection based on RFC 3711 (The Secure Real-time
Transport Protocol [SRTP]). SRTP is an RTP (RFC 3550) profile with
symmetrical data encryption that provides the following security services:
encryption, message integrity, and replay protection.

Media Quality of Service


MAS supports Differentiated Services (DiffServ) packet marking on
outgoing Real-time Transport Protocol (RTP) streams. The system default
is set to DiffServ Control Point (DSCP) with expedited forwarding (EF),
which is a widely supported indicator for Quality of Service (QoS)-enabled
networks carrying real-time audio and video data.

MAS contains the Telchemy VQMON agent for QoS monitoring and
RTCP-XR support for exchange of metrics. R-Factor, jitter, and loss
packet is continually monitored for each call. Calls that fall below a
configured R-Factor threshold are logged. All QoS statistics are archived
with session detail records (SDR) for analysis.

Report generation
The reporting framework is based on third-party Jasper reports, a flexible
solution which can generate complex reports. The reporting framework
enables administrators to generate reports on demand and provides
automated report generations based on a configured time schedule. The
reporting framework supports CSV, HTML, and XML reporting types.
Scheduled reports can deliver through e-mail or File Transfer Protocol
(FTP).

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
16 Overview

Content store
MAS contains an onboard content storage feature that provides a reliable,
network accessible store for multimedia content. You can configure MAS
to replicate data across multiple content stores to provide High Availability
and redundancy.

MAS security features


MAS provides the following security features:
• secure communications using IP Security (IPSec): Secures messages
between servers.
• Public Key Infastructure (PKI): Certificates, certificate revocation,
communication using public and private keys ensure private
communications.
• user password policy rules: Rules for password length, composition,
and aging reduce unlawful user entry.
• user roles: User roles permit different levels of access to MAS, and
limit access to particular groups of functions.
• user account creation: At installation time, pre-configured or individual
Linux and EM user accounts are created, depending on the level of
security required.
• security logs: Linux audit logs, Quantum security logs, and EM security
logs track changes to the system, including users logging in to the
system and configuration changes.

Conferencing services and MLPP


Multilevel Precedence and Preemption (MLPP) provides the ability to
preempt a calll of lesser priority when a call of greater priority cannot
access the MAS conferencing services.

When a user connects to the MAS Ad Hoc conferencing service or the


MAS Meet Me conferencing service, the call can specify a precedence
level. Precedence callers hear the precedence ringback tone before the
call connects to the conference.

If a caller to the conferencing service cannot access the conference due to


lack of system resources, the call can preempt a lower priority conference
call (if one is available). When preemption occurs, the lower priority call
receives a preemption tone before the call disconnects. If there are
no calls of a lower priority, the caller receives the Blocked Precedence
Announcement.

The precedence levels (from lowest to highest level are


• Routine

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Conferencing services and MLPP 17

• Priority
• Immediate
• Flash
• Flash Override

Calls to conferences can also be preempted by non-conference calls.


These calls use the same priority levels. When a higher priority call
attempts to contact a person in a conference call, the person in the
conference hears a preemption tone, the conference call drops, and
the connection is made to the higher priority call. Calls at the same
precedence level as the call into the conference cannot preempt the
conference call.

For more information, see Media Application Server Overview - Services


and Features (NN44473-101).

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
18 Overview

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
19
.

Administration
This chapter explains Media Application Server Administration
fundamentals. For step-by-step information about MAS platform
Administration, see Media Application Server Administration and Security
(NN44473-600).

Navigation
• "Element Manager overview" (page 19)
• "Element status and operational controls" (page 33)
• "Cluster configuration and status monitoring controls" (page 34)
• "License management" (page 34)
• "Signaling configuration" (page 36)
• "Media configuration" (page 36)
• "Monitoring and logging global configuration support" (page 39)
• "Application management" (page 43)
• "Reporting" (page 44)
• "Backup and restore" (page 44)
• "Media management" (page 46)
• "Advanced settings" (page 46)
• "Disaster recovery" (page 47)

Element Manager overview


This chapter explains Element Manager (EM) fundamentals. For
step-by-step information about EM, see Media Application Server
Commissioning (NN44473-301).

EM is a web-based administration tool that facilitates the Operation,


Administration, and Maintenance (OAM) of Multimedia Applications (MA)
products running on the Multimedia Application Server (MAS). Introduced

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
20 Administration

with the MAS product offering, EM serves as a common management


utility for configuring and managing a media server and the products (such
as MAS) that run on it.

Navigating Element Manager


The EM layout includes a branding banner, task selection pane,
breadcrumbs area, and a content area as illustrated in the following figure.

Figure 1
Element Manager interface

Management activities are performed in the content area of the page. The
displayed content is dependent on the selected top-level framework or
system element context and the task selection within this context.

The welcome page appears first after logon. It contains a welcome


message and a message to assist the administrator to begin.

The top of the content area includes the hostname and management IP
address of the component being managed. Element Manager divides
properties into categories, to which you can navigate from the menu pane.
Each category appears on a separate page. Categories are further divided
into subcategories, which appear as sections on the category page. You
can jump to a section within the page with the shortcut links at the top of
the configuration table.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Element Manager overview 21

The branding banner area contains the image of the Nortel logo. In
addition to indicating what application you are in (for example EM), the
branding banner provides a context sensitive Help link and a Logout link.
Click the Help link to open context sensitive help in a new browser. The
Logout link logs you off of EM and returns you to the Login page.

You can perform task selection and element navigation using the three
following elements on the EM screen:
• Menu pane
• Network Navigation
• Breadcrumbs

These three components are central to the work flows that the
administrator performs for routine OAM activities. You can initiate work
flows from the menu pane. The menu pane displays a menu of tasks that
the administrator can perform in the content area. With the exception
of the network tasks, the scope of OAM activities the administrator can
perform is limited to the current element to which the administrator is
logged on to. To facilitate the management of multiple elements in the
network, You can view elements in the network with the network navigator
component and navigate to them individually to perform OAM tasks.
Finally, the administrator can find the information about the element
currently being managed and the task currently being performed with
the ability to navigate “up” the hierarchy of management screens in the
breadcrumb area.

Interface features
Initiate all tasks from the menu pane on the left side of the screen.
The items listed in the menu pane are grouped into two sections. The
top section of the menu pane contains a link to network-wide services
that can affect the operation of all network elements or network-wide
entities such as Network, User Services, Security, and Tools. The lower
section contains tasks related to the operation, administration, and
maintenance of the network element to which the administrator is logged
on. The element-level section is further divided into task groupings. The
highest-level groupings include System Status, System Configuration,
Products and Applications, Licensing, Tools, and Cluster Configuration.
Each task group contains a set of related tasks.

Tasks that an administrator must perform for MAS platform and application
administration, operations, and maintenance appear in the lower section of
the menu pane. These are grouped into six categories:
• System Status: The administrator can view current and historical
information pertaining to the status of the system with system status
tasks. These tasks include element status, cluster status, alarm
viewing, event log viewing, and monitoring. The monitoring task

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
22 Administration

includes active session monitoring, operational measurements, and


protocol monitoring. The component status and advanced protocols
are advanced functionality therefore; they are categorized as advanced
monitoring tasks.
• Cluster Configuration: The administrator can access the server
designation, replication settings, and advanced settings.
• System Configuration: The administrator can view and modify the
MAS platform configuration. Configuration categories include general
settings, network settings, media, signaling, monitoring settings,
advanced settings, logging, and EM configuration.
• Products and Applications: This category lists all installed applications.
Expanding an application displays all tasks specific to the operation,
administration, and maintenance of that application.
• Licensing: The administrator can configure the license server and
license keys if a license server is installed on the node. Administrators
can view license server status, add and remove license keys, set
license key low water marks, and view the current users of licenses.
• Tools: The administrator can backup of system and customer data with
the back up and restore tool. The administrator can use the reports tool
to generate reports of archived OMs.

Basic interface operation


You can expand categories or higher-level tasks to reveal subtasks in the
menu pane by clicking on the expansion point that appears to the left of
the category or task label. If an item contains subitems, a plus (+) symbol
appears before it. Click the + to expand the item, displaying its contents
below it.

Click the minus (-) symbol before the label to collapse expanded items.
The expansion state of subtasks is maintained when their parent is
collapsed. For items that contain no subitems, the expansion point
appears as a minus symbol.

Click on the item label in the menu pane to select and launch the following
associated task in the content area:
• Task Category: If the category is collapsed, it is expanded. An
information screen for the task is displayed in the contents area . This
screen shows a high-level description of the category of tasks and a
brief description for each task in the category. Task names appear
as hyperlinks. A click of the task name launches the task, and is
equivalent to selecting the task from the menu pane.
• Task: The task is launched in the content area.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Element Manager overview 23

You can start a task in a new browser window by using the right-click
menu of the Web browser. You should right-click on the task to be
performed and choose the option to open the page in a new window. A
new browser window appears with a banner area, menu pane, and task
selected in the content area.

You can scroll each section of the menu pane independently. Vertical
scrollbars appear in a section when its contents cannot be displayed
without vertical clipping. Horizontal scrollbars can also appear when the
contents of the menu pane sections cannot be displayed without horizontal
clipping. You can use the vertical line separating the menu pane and the
content and breadcrumb areas to resize the menu pane horizontally.

Some configuration items are designed to enable or disable certain


features on the page. When a feature is disabled by the administrator, any
configuration settings relevant to that feature appear grayed out on the
screen.

Use Save to save the changes to the platform. No changes are made to
the platform configuration until you click Save. Before the configuration is
stored in the MAS database, the administrator input is validated. If any
errors are detected during validation, the configuration is not saved, and
the page is redisplayed with error messages. The administrator needs to
correct these errors and click Save to save the changes. After the changes
have been saved, the administrator returns to the parent of the current
page, which is often the previous page.

If you decide not to save the changes made to the configuration, click
Cancel to cancel any changes to be made to the configuration. A click of
the cancel button returns you to the parent of the current page (usually the
previous screen) without saving any changes to the configuration.

Restore Defaults is used to restore every configuration parameter on the


screen to its default value. After a click of Restore Default, every field
displays its default value. Click Save to save the default values to the
platform.

If any error is detected on the page, an error message is displayed,


describing the problem in general. Text describing the error in detail (if
applicable) appears to the right or below the fields in question in red. The
administrator must correct the errors before resaving the page. Invalid
data is never saved.

Central authentication, authorization, and auditing


The MAS system incorporates central authentication, authorization, and
auditing.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
24 Administration

Authentication is the process through which UCM determines if a user can


gain access to the elements in your MAS system. Central authentication
eliminates the need to have user IDs and passwords for each product or
server. Instead, you can log on to the UCM security framework using a
single user ID and password (also known as single sign-on) to gain access
to any application or server for which the administrator has permissions.

Authorization (also known as access control) is the process of determining


and enforcing assigned privileges for an authenticated user. To provide
central authorization, UCM uses the Role Based Access Control (RBAC)
model. With this model, users see only what you authorize them to see
based on their assigned roles and permissions.

Auditing is the process by which UCM methodically measures the security


of the MAS system. To provide central auditing, UCM uses audit logging
features. The UCM framework logging feature records user activity, usage
patterns, and authorization violations. The logs collect information such as
denials, approvals, and code exceptions. Only security administrators can
view log information. On the Logs page in UCM. To navigate to the Logs
page, click Tools > Logs in the navigation pane.

UCM security server roles


You can assign one of three roles to a UCM security server in a UCM
network: Primary, Backup, or Member.

Attention: UCM server roles are different from the roles used in MAS
clustering.

A brief description of each UCM server role follows.


• Primary: Each UCM network must have one Primary security
server. The designated UCM Primary security server stores all
administrator identities, authorization data, and security configuration
data. The system must contact and query the Primary security server
for all authentication, authorization, audit logging, and certificate
management.

Only the UCM primary security server runs the private Certificate
Authority, so only the UCM primary security server can issue
certificates for new member servers. The UCM primary security
server is also the only server from which you can use the certificate
management console.

In addition, only the UCM primary security server has the write access
to all security-related data. Thus, you must configure all UCM options
on the UCM Primary security server.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Element Manager overview 25

A UCM Primary security server contains, as part of its installation,


the primary security repository. You cannot demote the Primary to a
Backup or Member server after you configure it.
• Member: A UCM Member security server is a part of a UCM network.
A UCM Member security server must send all security requests to the
corresponding UCM Primary security server. If the Primary security
server is not available, then the network directs requests to the Backup
security server. If the Backup security server is also unavailable, then
the system displays the local login page on the UCM Member security
server to provide emergency access.

RBAC concepts
The Unified Communications Management (UCM) security framework
uses the Role Based Access Control (RBAC) model to determine a user’s
authorization. In this model, each user is identified through a unique
identity, and each identity can have one or more user accounts for different
elements. To configure access rights for user accounts, the security
administrator assigns permissions to roles, and then assigns these roles
to users.

The following figure is an example of the MAS RBAC model.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
26 Administration

Figure 2
Example of the MAS RBAC model

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Element Manager overview 27

Identities
In the MAS RBAC model, security administrators must assign a unique
digital identity to each user in a company. This identity contains a user’s
credentials and authorization rights. All identities are stored in security
services, and this information is used by servers or products on the
network.

Each identity can have different user accounts for different managed
elements. Security administrators can manage these identities to create,
read, update, or delete user accounts. You can manage identities on the
Administrative Users page in UCM. To navigate to the Administrative
Users page, click User Services, Administrative Users in the navigation
pane.

Accounts
The UCM security framework supports the following types of user
accounts:
• local account
• built-in account
• emergency account
• external account

Built-in accounts
UCM has one built-in account that security administrators must use to
log on to the system after installation. This built-in account is called
nortelmasadmin, and it has the following built-in roles:
• NetworkAdministrator
• PowerUser
• SecurityAdministrator

Attention: With the built-in admin account, security administrators can


add, delete, and edit managed elements; however, they cannot directly
access the management applications of the managed elements. Nortel
recommends that security administrators create new accounts and assign
roles to those accounts for access to the managed elements based on
their specific security policy requirements.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
28 Administration

Security administrators can also use the built-in account as an emergency


account. For more information about emergency accounts, see
"Emergency accounts" (page 28).

Emergency accounts
You must use emergency accounts to access Element Manager (EM) on a
local system if the primary or backup security servers are down or cannot
be reached. The default emergency account is nortelmasadmin, which is
the same account you use for the initial configuration of a MAS.

For information about creating emergency accounts, see Media Application


Server Administration and Security (NN44473-600).

Attention: Authorization levels do not exist for emergency accounts.


An administrator who logs on with an emergency account has full
administrator privileges. Emergency account users are not bound by
security policies defined within UCM.

UCM and EM do not store passwords for Linux accounts. When you use
an emergency account, the MAS first verifies that you have access to EM.
Authentication is then performed against the local Operating system (OS)
using the NT LAN Manager (NTLM) protocol. Nortel recommends that you
create emergency accounts that are distinct from normal administrator
accounts. To log on to EM using an emergency account, use the following
URL: http://<server FQDN>/local-login. For more information about
authenticating locally on the MAS in emergencies, see Media Application
Server Administration and Security (NN44473-600).

Local accounts
You can set up local accounts for administrators who are authenticated
locally in Unified Communications Management (UCM).

To set up a local account, you must create a local user identity and
password. The UCM security framework stores data entry and password
information for a local user account in persistent storage. You can manage
local user identities on the Administrative Users page in UCM. To navigate
to the Administrative Users page, click User Services, Administrative Users
in the navigation pane.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Element Manager overview 29

External accounts
You can set up external accounts to allow Unified Communications
Management (UCM) to authenticate administrators with external
authentication. A MAS performs external authentication through
Lightweight Directory Access Protocol (LDAP), Remote Authentication Dial
In User Service (RADIUS), or Kerberos.

Administrators can configure only one external authentication authority


of each type (that is, LDAP, RADIUS, and Kerberos). You can configure
external accounts in UCM on the External Identity Repositories page. To
navigate to the External Identity Repositories page, click User Services
> External Authentication.

An external user has a shadow entry inside the persistent repository of the
UCM security framework. The security framework uses the shadow entry
to assign roles to the external user.

Attention: The security administrator role is not available for external


LDAP users.

Users cannot initialize or change passwords for external users through


UCM. The external authentication authorities store the external account
passwords.

Permissions
Permissions specify which management functions a user can perform on
an element. Security administrators assign permissions to roles, and then
assign these roles to users.

You can map permissions to a role on the Roles page in UCM. To


navigate to the Roles page, click Security, Roles in the navigation pane.
For information about mapping permissions, see Media Application Server
Administration and Security (NN44473-600).

Roles
Roles define a set of management functions a user can perform on an
element. Security administrators assign roles to users. You can map roles
to users on the Roles page in UCM. To navigate to the Roles page, click
Security, Roles.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
30 Administration

The MAS publishes a set of default roles into Unified Communications


Management (UCM). You can assign default roles to administrators, or you
can create custom roles. For information about assigning roles or creating
custom roles, see Media Application Server Administration and Security
(NN44473-600).

Policies
In the UCM security framework, users can configure policies for
passwords, security, and the sign sign-on cookie domain. You can
configure policies on the Policies page in UCM. To navigate to the Policies
page, click Security, Policies.

Password aging policy


The security administrator can specify the number of days for the following
password aging parameters:
• password expiration period
• password expiration warning
• minimum password age

Password history policy


UCM uses the password history policy to verify that a password is new.
The security administrator can define the number of previously used
passwords to reject. The default value of passwords to block is 6.

Password strength policy


Security administrators can configure the password strength policy to
define specific parameters for passwords. If a password does not meet the
required parameters, the system rejects the password.

Security administrators can specify if the password must contain a specific


number of lower case, upper case, numeric, or special characters. An
example of a special character is an exclamation mark (!). Passwords
must have a minimum of eight alphanumeric characters.

Password lockout policy


The password lockout policy allows you to specify the following:
• a limit for the number of times that a user can attempt to access UCM
• the number of minutes between consecutive invalid logon attempts
• the number of minutes to lock out users after they reach the maximum
number of failed logon attempts

A user is locked out of the UCM framework when the specified number of
logon attempts is reached. By default, the user is locked out after 5 failed
attempts.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Element Manager overview 31

Login warning banner


Security administrators can change the text for the login warning banner
that appears when you log on to Unified Communications Management
(UCM).

Single sign-on cookie domain


When the primary and backup security servers are configured in different
domains, users can change the single sign-on (SSO) cookie domain to
ensure that the domains match. You must match the primary and backup
SSO cookie domains to ensure that you can log on to one application or
server on the MAS, and then navigate to another application or server and
remain authenticated.

Limit access control views


In the RBAC model, a user’s role determines their permissions and the
tasks available to them. By default, Element Manager (EM) hides or grays
out unauthorized tasks in the menu pane and content area.

Certificates
Unified Communications Management (UCM) uses certificates for secure
communication between a Web browser and a Web server. Certificates
are used for the following:
• Web interfacing using Secure Sockets Layer (SSL)
• Session Initiation Protocol (SIP) signaling using Transport Layer
Security (TLS)

UCM manages certificates using the X.509 standard for Web SSL, which
ensures that certificates are issued by a Certificate Authority (CA) that
binds a public key to a particular distinguished name.

You can manage certificates on the Certificate Management page in


UCM. To navigate to the Certificate Management page, click Security,
Certificates in the navigation pane. The UCM certificate management
interface supports the following:
• add, replace, and list stored certificates
• add, remove, and replace certificate association with a distinguish
name
• add, remove, and list trusted certificate authorities
• display of a list of currently revoked certificates

Certificate authorities
A Certificate Authority (CA) is a trusted entity that issues, renews, and
revokes certificates. You can use UCM to install certificates from both its
private CA or public CAs.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
32 Administration

The UCM security framework uses only one private CA to sign internally
generated certificates. Once UCM generates the private CA, you cannot
change it. Configuration information for the private CA on the primary
security server is typically entered during the initial security configuration.

A public CA is either an existing internal CA of the customer organization


(for example, the CA from the customer’s Information Technology (IT)
department) or an outside commercial CA (for example, Verisign or
Thawte).

Certificate types
UCM certificate management supports three types of certificates:
• Certificates signed by the private CA hosted on the UCM primary
security server. The MAS creates a private CA during the installation of
the UCM primary security server. You can use the private CA to issue
certificates to remote devices in the same security domain. When the
UCM primary security server issues a certificate and distributes it to a
remote device, the remote device automatically adds the root certificate
of the private CA to its trusted certificate list. As a result, devices that
use certificates issued by the same private CA always trust each other.
• Certificates signed by a public CA. You can use the UCM X.509
Certificate Management page to generate a Certificate Signing Request
(CSR) from a target device, and then send the CSR to a public CA
to obtain a certificate response, which contains an X.509 certificate.
You can use the UCM Certificate Management page to process the
certificate response returned from a public CA, and thereby, distribute
the X.509 certificate to the target device. To access the Certificate
Management page, click Security > Certificates.
• Self-signed certificates. A self-signed certificate is not issued by CA.
This type of certificate does not provide any authentication, and is
vulnerable to a man-in-the-middle attack. Nortel recommends that you
avoid using self-signed certificates.

SIP TLS
When UCM distributes the SIP TLS certificates that are signed by the
private CA to the Network Routing Service or SIP Gateway, the private
CA is automatically added to the trusted CA list of the Network Routing
Service or SIP Gateway. Therefore, if all the Network Routing Service and
SIP Gateway elements use certificates signed by the private CA, UCM
automatically configures mutual authentication for SIP TLS among them.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Element status and operational controls 33

Web SSL
During the primary security service installation, the private CA issues a
Web SSL certificate that is installed as part of the primary security service.
Use the Web SSL certificate for the UCM Web server and the LDAP
server. The security administrator must configure the Web SSL certificate
for the primary security server by using the UCM Certificates link.

Certificate revocation lists


A certificate revocation list (CRL) is a list of certificates that are revoked
and should not be trusted.

You can use the MAS system to revoke certificates that you issued
previously, to get a list of revoked certificates, and to update the CRL.
You can manage CRLs on the Certificate Management page by clicking
the Private Certificate Authority tab and navigating to the Certificate
Revocation List (CRL) Details pane.

Element status and operational controls


The Element Status page is available from the System Status menu in EM.
It shows the following information about the element:
• Element Name
• UUID
• Server Address
• Service
• Operational State
• Version
• Element Status
• Alarm Description

Element Status
The Element Status shows the most severe alarm reported for the selected
element. For example, an element with Critical and Minor active alarms
has an overall status of Critical. An element with no alarms has a status of
Normal.

Click an element name to view alarm details for the selected element.

Starting, stopping and restarting


Use the Start, Stop, and Restart buttons to change the Service Status of
the Media Application Server respectively.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
34 Administration

Operational states
Use the More Actions drop-down to change the operational state of the
element to one of the following:
• More Actions
• Lock
• Pending Lock

Cluster configuration and status monitoring controls


A cluster is a collection of MAS nodes that work closely together and
essentially can be viewed as one. You must configure the hierarchy within
the cluster before you can configure the system. This activity should be
done shortly after installation.

Cluster configuration
In Server Designation, you define your primary server and all secondary
servers. The local server starts with the Primary role by default. When
defining your servers, you must provide the following information:
• Replication account username and password
• Role (primary, secondary, or standard)
• Server Address
• Server UUID

From the Replication Settings page you can enable or disable the SDR,
OM and Configuration Replications.

Advanced Settings are automatically configured based on your Server


Designations. You should not change these settings.

Cluster status
The Cluster Status page is available from the System Status menu in EM.
It shows the following information about all elements in the cluster:
• element name
• UUID
• most severe alarm status
• description for an existing alarm, if any
• element role information

License management
You can use the licensing section of Element Manager to configure
licensing information.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
License management 35

The following list items describe the four distinct task areas within the
licensing section, each with its own subset of tasks:
• Licensing configuration: Use this section to configure licensing (License
Server or Nodal Licensing) and to add or replace license keys.
• License utilization threshold: Use this section to set the threshold for
license usage, which is expressed as a percentage of all licenses in
use. Once this threshold is reached, a notification alarm is generated.
The default threshold value is 85%.
• License server status: Use this section to manage the license
server, and display its operational status and operational mode. The
operational status indicates whether the license server is initializing,
running, or dormant, or if the status cannot be determined. The
operational mode of the server is either Active or Standby. However, if
the license server is not running, the system cannot obtain the mode.
With the License Server Status page you can to start, stop, or restart
the license server by clicking the respective buttons located at the top
of the page. The buttons are applicable only to the License Server that
is currently being configured.
• Advanced settings: Do not reconfigure the default values in the
Advanced Settings pages. These defaults are set for optimal
performance of the MAS platform. If you think these settings need to
be changed, contact Nortel Technical Support to discuss the changes.
Reconfigure these settings only under explicit direction from Nortel
Technical Support.

Server licensing
In server licensing mode, a cluster shares licenses that float across all
its MAS nodes. To set up server licensing, you must use a Redundant
License Servers cluster licensing configuration. In this configuration, you
install license servers on the two MAS nodes in the cluster designated as
the cluster primary and secondary nodes.

Cluster primary and secondary license servers operate in the three


following states:
• Starting up: During the license server startup process, the license
server is in starting-up state, and it does not respond to any license
requests.
• Active: The server that is serving license requests is in the active state.
• Standby: The idle server is in the standby state.

Each license server broadcasts a message to its local subnet to detect its
redundant partner. It correspondingly sets itself to the active, or standby
state, depending on the state of the other server. If both servers are in
starting up state, the one with the larger IP address becomes active and

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
36 Administration

the other becomes standby. The larger IP address is defined to be the


larger of the two integers representing the Internet standard dot notation
addresses.

When a server is in the active state, it responds to license requests from


clients and expects health check messages from the standby server. It
also broadcasts a message every 80 seconds to detect if there is any
other active server is in the subnet.

When a server is in standby state, it does not respond to license requests.


It opens a TCP/IP connection to the active server and sends out health
check messages periodically. If the active server goes down, the standby
server switches to the active state until the previously active server is
restarted and becomes active.

During the license server startup process, the license server is in the
starting-up state, and it does not respond to any license requests. After
initialization, the license server changes to the standalone state and
starts to serve license requests. You can view the license server state
information on the License Server Status page in Element Manager. To
navigate to the License Server Status page, click Licensing, License
Server Status in the navigation pane.

Nodal licensing
In Nodal licensing mode, licenses are bound to a particular MAS platform
and are not shared across MAS nodes. In this node-locked configuration,
you must configure each MAS node with its own license key. For example,
if your MAS cluster contains five MAS platforms, you need five different
licenses keys.

Signaling configuration
You can configure the SIP settings from the Signaling Configuration pages.

SIP configuration
You can configure the following from the SIP settings pages:
• General Settings
• Domains and Accounts
• Nodes and Routes

Media configuration
This section outlines the media configuration support of the MAS.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Media configuration 37

Quality of Service
MAS supports Differentiated Services (DiffServ) packet marking on
outgoing Real-time Transport Protocol (RTP) streams. The system sets
the DiffServ Control Point (DSCP) to expedited forwarding (EF), which
is a widely supported indicator for Quality of Service (QoS)-enabled
networks carrying real-time audio and video data. Network routers that are
QoS-enabled examine the type of service bits in the IP header and provide
priority (with respect to routing and handling) to those packets marked
with expedited forwarding. In addition to marking packets, MAS uses high
resolution, interrupt-driven timers to drive RTP packetization at precise
intervals. MAS follows RFC 2598 which designates the EF bit pattern.

MAS uses flow specifications for each codec to identify packet delivery
characteristics to the operating system, enabling it to prioritize (internally)
packets destined to and from the network interface card (NIC). The
framework ensures that QoS marked packets sent from MAS media
processors are not dropped or delayed in their delivery to the wire. MAS
can reserve a percentage of NIC bandwidth for its media processors.
This ensures that management and signaling does not affect the quality
of the audio or video streams in use on the platform. The use of flow
specifications also offers some denial of service protection as the transport
layers discard packets (instead of attempting to process them) that do not
conform to the flow specification.

MAS contains the Telchemy VQMON agent for QoS monitoring and
RTCP-XR support. R-Factor, jitter, and packet loss are continually
monitored for each call. Calls that fall below a configured R-Factor
threshold are logged. All QoS statistics are archived with session detail
records (SDR) for analysis.

To configure QoS monitoring and streaming settings, use the System


Configuration, Media, General Settings page in Element Manager.

Audio codecs
To configure audio codec settings, use the System Configuration >
Media > Audio Codecs page in Element Manager. You can complete the
following configuration tasks for audio codecs:
• Enable or disable audio codecs. The following audio codecs are
supported:
— G.711-ULAW
— G.711-ALAW
— G.729A
— EVRC-0
— AMR

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
38 Administration

• Configure the preferred order of enabled codecs for negotiation


(Session Description Protocol [SDP] answer) or default SDP (SDP
offer).
• Enable packet time (ptime) for each codec.
• Configure the default ptime for each codec.

Video codecs
To configure video codec settings, use the System Configuration >
Media > Video Codecs page in Element Manager. You can configure the
following video codec settings:
• Enable or disable video codecs. The following video codecs are
supported:
— H.263
— H.263+
— H.263++
— NNVC (Nortel Networks Video Codec)
• Configure the preferred order of enabled codecs for negotiation (SDP
answer) or default SDP (SDP offer).
• Enable frame rates for each codec.
• Configure the default frame rate for each codec.
• Configure the preferred format for each codec
• Configure the Annex profile for each codec (if required).

Digit relay (DTMF)


To configure digit relay, use the System Configuration > Media > Digit
Relay (DTMF) page in Element Manager. You can configure the following
digit relay properties:
• Enable or disable the dual-tone multi-frequency (DTMF) relay method.
The following DTMF relay methods are supported:
— INFO digits
— RFC2833/4733
• Configure the preferred order of enabled DTMF relay methods for
negotiation (SDP answer) or default SDP (SDP offer).
• Configure the RFC2833 payload type. Nortel recommends that you
select the default payload type, which is determined dynamically.
However, some clients require a fixed payload type.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Monitoring and logging global configuration support 39

Media security
To configure media security settings, use the System Configuration >
Media > Media Security page in Element Manager.

Secure SIP signaling is provided by employing SIP Transport Layer


Security (TLS), which is supported by the Radvision stack. In addition, the
MAS manages a list of trusted network elements and rejects (redirect to
network proxy) any signaling requests from nontrusted nodes.

Media security provides the ability for the MAS to secure media streams
with cryptographic protection based on RFC 3711 (The Secure Real-time
Transport Protocol [SRTP]). SRTP is an RTP (RFC 3550) profile with
symmetrical data encryption that provides the following security services:
encryption, message integrity, and replay protection. Secure RTCP
(SRTCP) provides the same security services to RTCP as SRTP does to
RTP. SRTP message authentication protects the RTCP fields that keep
track of membership, provide feedback to RTP sends, or maintain packet
sequence counters. M5T SRTP stack is used to deliver the media security
feature.

SRTP/SRTCP uses a master key and a master salt to derive a session


encryption key, session authentication key, and a session salt key for
media encryption. The master keys are exchanged and negotiated through
Session Description Protocol (SDP) with key management protocol
extension. Several key management protocol extensions are defined for
SRTP. RFC 4568 (Session Description Protocol Security Descriptions for
Media Streams) is supported in this release.

Monitoring and logging global configuration support


This section outlines the monitoring and logging global configuration
support of the MAS.

Monitoring
This section outlines the monitoring global configuration support for the
MAS.

Event logs
An event log is a historical view of events that occurred on the system.
Event logs have the following severity levels:
• Alert
• Critical
• Major
• Minor
• Emergency

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
40 Administration

• Error
• Warning
• Info
• Debug
• Indeterminate
• Notice

You can enable and configure Event log throttling for an event so that only
the most recent event log and contents are buffered. The most recent log
is generated when the Throttle Check Interval property is exceeded along
with an instance count for that event. Log throttling prevents the event logs
from being flooded with recurring events.

To view event logs in Element Manager, choose System Status, Event


Logs. You can filter event logs by identifier, date, severity, and class. The
following table describes the fields that are displayed for each event log.
Table 1
Event log fields
Field Description
Id Identifier assigned to the event log.
Severity The severity type of the event log (alert, critical,
major, minor, emergency, error, warning, info, debug,
indeterminate). In addition, a colored icon represents
the log severity type. Red indicates an error event
log, yellow indicates a warning event log, and white
indicates informational event log.
Date and Time The timestamp of when the event is logged. The date
and time when the event is last reported. By default,
the table is sorted so the most recent event appears
at the top of the table.
Class The class of the event. Available classes include
Audit, Configuration, Data, Fault, Information,
Maintenance, Metrics, Security, and State.
Description A description of the event log. To view further details
about the event log, click the option button beside the
applicable event ID. The details appear in the bottom
portion of the page.

Operational measurements
The following types of operational measurements are supported:
• Counters: Counters are used to record and track activity on the system.
An example of a counter would be the total number of calls over the
life of the system. Counters are named registers that start from zero

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Monitoring and logging global configuration support 41

and increment upward only. Counters are only incremented, never


decremented. A counter can increment in chunks of any size. Counters
reset automatically after a component restarts.
• Gauges: Gauges provide real-time information about the running
system. An example of a gauge would be the number of active calls
at any point in time during the life of the system. Gauges can be
incremented and decremented.

Selected operational measurements are archived to the local platform


archive database and are stored in the Statistics table. Archived
operational measurements are typically processed or analyzed later using
the historical reports in Reporter. Archived operational measurements
can be replicated to the primary and secondary node in a cluster so that
operational measurements can be consolidated for cluster-wide historical
reports. Operational measurements written to the Statistics table can be
viewed in Element Manager (System Status, Monitoring, Operational
Measurements), and the following table shows how information is
displayed.
Table 2
Selected operational measurements details
Field name Description
Category Category or type of operational
measurement.
Name Operational measurement counter or
gauge name.
Current Value Current value of the operational
measurement.
Previous Value Value recorded during last interval.
Previous Interval Low Water Mark Low value recorded during last
interval.
Previous Interval High Water Mark High value recorded during last
interval.
Interval Value Value of interval time.
Previous Interval Duration (sec) Interval duration. The default is 900
sec. (15 minutes).

Logging
This section outlines the logging global configuration support for the MAS.

System diagnostics
You can place the system in diagnostic mode for logging by selecting the
Enable System Diagnostic Mode check box on the System Configuration,
Logging, System Diagnostic page in Element Manager.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
42 Administration

Attention: Enabling the system diagnostic mode can cause system


performance degradation.

SysLog
SysLog is a standard for forwarding log messages in an IP network. The
MAS platform optionally supports SysLog over User Datagram Protocol
(UDP) for the delivery of logs and alarm history to one or more SysLog
server destinations.

To enable or disable SysLog delivery, use the SYSLOG Delivery of Logs


property (found in the Element Manager). To configure one or more
SysLog server destinations, use the SYSLOG Destination Server List
property (found in the Element Manager). You can enter the IP address
of the SysLog server.

Session logging
Configure the following SDR properties under the System Configuration >
Logging > Session Logging section of Element Manager:
• Session Detail Record Archiving: This check box enables or disables
the archiving of session detail records. The default is enabled.
• Session Detail Record Archive Minimum Record Age (Days): Session
detail records older than configured days are removed when cleanup is
initiated. The default is 90 days.
• Session Detail Record Archive (Detail Records): The maximum number
of session detail records before cleanup is initiated. The default is 1
296 000 records. Approximately 5k of storage is required for each
SDR.

The MAS creates a Session Detail Record (SDR) for each individual
session that originates from or terminates to the platform. An SDR
includes detailed information about each session, which you can use for
tracking and billing purposes.

The platform archives all SDR to the local platform database. These
archived records are used by the platform to generate reports. The
platform ensures that the archive does not grow too large by deleting
old records based on the configuration. You can view records in either
real-time or in historical reports. Archived SDRs can be replicated to the
primary and secondary node in a cluster so that SDRs can be consolidated
for cluster-wide historical reports.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Application management 43

Operational measurements logs


The platform archives selected operational measurements to the local
platform database. The platform uses these archived operational
measurements to generate reports. The platform ensures that the archive
does not grow too large by deleting old records based on the configuration.

Configure the following operational measurements properties under the


System Configuration, Logging, OMs section of Element Manager:
• Archive Operational Measurements: This check box enables or
disables the archiving of operational measurements. The default is
enabled.
• Operational Measurement Archive Minimum Record Age: Operational
Measurements older than the configured number of days are removed
when cleanup is initiated.
• Operational Measurement Archive Size: The amount of archived
operational measurements data to store before cleanup is initiated.
• Operational Measurement Reset Interval: The interval in minutes
when operational measurements are archived and reset. A value of 0
disables the reset feature. The default is every 15 minutes.

Debug logging
You can find the following settings related to debug logging in the System
Configuration, Logging, Debug section of Element Manager.

You can enable or disable Platform debug logging using Element


Manager; a restart of the platform is not required. The system stores
Debug logs in the directory <BASEDIR>\common\logs, where <BASEDIR>
is the directory in which the system installs software. The default directory
is /var/mcp. The system also creates trace files for each platform
component.

Application management
Packaged applications can be deployed on MAS.

Packaged applications
A packaged application is installed and configured using its own installer.
The installer adds application configuration data and translations to the
MAS. As part of the installation process you need to configure license keys
for all packaged applications.

Packaged applications can only be installed after the MAS has been
installed and configured.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
44 Administration

Use the EM to view installed packaged applications, their version and


operational state. Packaged applications are found under Products and
Applications, Custom Applications.

Reporting
To configure reporting settings, use the Tool > Reports page in Element
Manager.

MAS includes a report generation framework and 3rd party reporting


framework based on Jasper reports.

Backup and restore


It is important to back up your data to ensure that you can restore your
original data if it is lost.

You can perform backup and restore tasks on the Backup and Restore
page in Element Manager (EM). To navigate to the Backup and Restore
page, click Tools, Backup and Restore. This page includes the following
task categories:
• General settings
• Backup Tasks
• Restore
• Backup Destination
• History Log

General settings
When you backup or restore your data, all actions are logged in a log file.
You can set the value of "Store history and log files up to" parameter to
define the duration for store history. The log file refreshes after the defined
duration, that is, after this duration, the history will not be stored in the log
file.

Backup Tasks
To back up your data, you must first define a backup task and then specify
a schedule.

A backup task specifies what to back up and where to store the backup
data. You can manage backup tasks on the Backup Tasks page in
Element Manager. To navigate to the Backup Tasks page, click Tools,
Backup and Restore, Backup Tasks. On the Backup Tasks page, you can
add a new backup task, and edit or delete an existing backup task.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Backup and restore 45

After you create a backup task, you must specify a backup schedule.
You can run backup tasks manually or schedule the backup tasks to
run immediately, once, daily, weekly, or monthly. You can also use the
Backup Tasks page to schedule multiple tasks. Each task runs at the
next specified start time. The Backup Tasks page shows you when the
next scheduled backup is supposed to occur, as well as details about the
schedule frequency and the backup destination.

Restore
You can choose the backup source that you want to restore on the
Restore page in Element Manager (EM). To navigate to the Restore page,
click Tools,> Backup and Restore, Restore in the navigation pane.

The backup source can be the following:


• the default backup destination, which is the local folder on the MAS
Server where backups are stored
• an uploaded backup file, which can be located on your computer or in a
folder on the network

The Restore page shows details about the backup, such as the name of
the task, the type of backup, and the date when the back up last occurred.

Attention: Note that the restore process may take a while, during which
time EM is offline and closes the connection to all users until the process
is complete. It is the administrator’s responsibility to inform users when the
system is back up and running. During the restore, the system cannot take
calls. If a restore is completed without errors, the backup file is deleted;
otherwise, the backup file remains on the server.

Backup Destination
The Backup Destination specifies the location of the backup file.

History logs
The backup/restore history log shows the status of backup or restore tasks
and assists you in resolving errors. You can view the history log on the
History Log page in Element Manager (EM). To navigate to the History Log
page, click Tools, Backup and Restore, History Log.

The history log shows the task name, type, and status; the time when
the task is performed; the time to complete the task; and the size of the
backup data. On the History Log page, you can export the log file in HTML
format to a local folder of your choice.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
46 Administration

To customize the history log, you can do the following:


• Use the View list to filter your tasks. The options are show all tasks,
backup tasks only, or restore tasks only. The default is all tasks.
• Use the Refresh Interval list to select the refresh interval for the history
log. The default value is set at 30 seconds.
• Click a header link to sort the list in ascending or descending order.

Media management
On the Media Management page, you can manage media files of many
formats, including sound, video, .xml, plain text, or zipped files. To
navigate to the Media Management page, log on to Element Manager (EM)
and click Tools, Media Management in the navigation pane.

You can perform the following actions on media files:


• upload
• rename
• copy
• move
• search
• download
• delete

In EM, you can organize media into content namespaces and content
groups. Use content namespaces to divide media into logical containers.
Use content groups to subdivide the media in a content namespace into
logical groups.

You can initially provision a content namespace by using one .zip file for
the whole content namespace or by creating one content group at a time.
After the media file is uploaded, EM displays it in a tree view. The root of
the tree is the content namespace and individual content groups appear
below it with + or - icons before their names. EM displays the namespace,
and the content groups in the left pane, and the media files contained in
the selected content group in the right pane. The media file list includes
the file name, content type, and size of the file; the time initially created;
the time last modified; and the version information. You can browse
content namespaces and add, rename, or delete content groups.

Advanced settings
Access the Advanced Settings page from Cluster Configuration, Advanced
Setting. These values are automatically configured based on changes
made on the Server Designation page.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Disaster recovery 47

Disaster recovery
You can recover the primary server to restore critical operations if you
experience a disaster situation.

To ensure successful recovery, you must implement a disaster recovery


plan when you configure a Media Application Server (MAS). To plan for
disaster recovery, follow these best practices:
• Designate the secondary server in a different location than the primary
server to protect the secondary server from natural or user-induced
disasters that affect the primary server.
• Create an off-site location to protect the backup system from natural or
user-induced disasters that affect the primary system.
• Create a full backup task to ensure successful recovery of all data if a
disaster situation occurs.
• Define a daily backup schedule to ensure successful recovery of
up-to-date data if there is a disaster situation.

If you experience a disaster situation, you must restore the primary server
to reestablish critical operations. This operation involves installing the
Media Application Server (MAS) software on a primary MAS server. Then,
you must restore the latest full backup.

For more information about Disaster recovery procedures, see Media


Application Server Administration and Security (NN44473-600).

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
48 Administration

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
49
.

Configuration fundamentals
This chapter explains Media Application Server configuration
fundamentals. For step-by-step information about how to perform the
initial configuration of the MAS platform, see Media Application Server
Configuration (NN44473-500).

Navigation
• "Initial security configuration" (page 49)
• "License configuration work flow" (page 50)
• "MAS configuration work flow" (page 49)
• "Network management protocol configuration" (page 51)
• "Network configuration" (page 52)
• "QoS monitoring and alerting configuration" (page 53)
• "SIP configuration work flow" (page 53)

Initial security configuration


The MAS configures the initial login and emergency account details upon
installation. This information is required for you to access your servers and
complete the security configuration.

Use your User ID and Password for your installed operating system to
access UCM the first time. You are required to change these once you
have accessed your Primary server.

MAS configuration work flow


Configure a MAS as the primary server in a cluster. A primary server hosts
the content store and licensing.

By default on the Server Designation page, the Local Server (localhost) is


always the first server listed on the page and cannot be removed. The role
is set to Primary; however, the role of the local server can be changed.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
50 Configuration fundamentals

A standalone configuration includes only a primary server to configure. No


secondary or standard servers require configuration.

Figure 3
MAS Configuration work flow

License configuration work flow


License servers are used in cluster configuration. In a cluster, the license
servers reside only on the primary and secondary servers in the cluster.
Configure your licenses so they can be maintained by the license server.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Network management protocol configuration 51

Figure 4
License configuration work flow

Network management protocol configuration


This section outlines the network management protocol configuration
support of the MAS.

SNTP
Add the IP address or hostname of the Simple Network Time Protocol
(SNTP) server in the SNTP Source Server field in Element Manager. The
SNTP Source Server is used to synchronize the clocks of all nodes in the
cluster.

SNMP
The MAS platform provides Simple Network Management Protocol
(SNMP) management. SNMP supports outgoing traps for logs and alarms
to remote SNMP-based Network Management Stations (NMS). In addition,
NMS can query alarm table and audit services. Traps use the Nortel
Reliable MIB format to support active and cleared alarm notifications as
well as informational log messages.

In Element Manager (EM), SNMP is configured in the System


Configuration > Network Settings section to activate the delivery of alarms
and logs using SNMP traps. You can enable or disable the sending
of traps when alarms are raised or cleared, or when event logs are
generated.

Both SNMP v1 and v2c are supported by the MAS platform. SNMP uses
community names to authenticate messages. The community name is
similar to a password that is shared by the SNMP NMS and the MAS
SNMP agent. The community name must be the same value on both the
NMS and the MAS SNMP agent.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
52 Configuration fundamentals

The MAS SNMP agent supports queries on the ActiveAlarm table and
audits for resynchronization with the management server. These queries
can be in the form of Get requests on specific fields or GetNext requests
for table traversal.

SOAP
The Simple Object Access Protocol (SOAP) is used to exchange
Extensible Markup Language (XML) messages over a network.

The MAS platform provides a set of Web services, which can be used
to manage, monitor, configure, or access a set of services or resources
provided by the platform. The SOAP server acts as a mini-embedded
Web server and exposes the following MAS Web services: application
APIs, content store APIs, and Management APIs. You can access these
Web services by using SOAP-formatted XML messages over HTTP 1.1
transport.

To enable the MAS Web services, you must configure the trusted nodes
that are allowed to send requests to the MAS Web services. In Element
Manager, trusted nodes are configured on the System Configuration,
Network Settings page. First, select the Enable Trusted SOAP Nodes
check box and then enter one or more hostnames or IP addresses in the
Trusted Nodes field . You must separate Multiple entries in the Trust
Nodes field with a semicolon.

Connection security
To configure connection security in Element Manager, see the System
Configuration > Network Settings page.

You can configure the following properties:

Attention: You can enable and select multiple ciphers in order of


strength.

Network configuration
This section outlines the network configuration of the MAS.

IP address assignment and traffic classes


Assign the IP address for the available traffic classes on the System
General Settings page in EM.

The traffic classes include:


• signaling

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
SIP configuration work flow 53

• media
• cluster
• OAM

QoS audio and video DSCP settings configuration


Configure Quality of Service (QoS) settings for streaming on the System
Configuration, Media page.

Options include:
• Audio QoS
• QoS Maximum Bandwidth Per H.263 Video Flow
• QoS Maximum Bandwidth Per NNVC Video Flow
• Video QoS

QoS monitoring and alerting configuration


Configure Quality of Service (QoS) settings for media on the System
Configuration, Media, General Settings page.

Options include:
• Enable QoS monitoring
• Alert interval in milliseconds
• Critical R Threshold
• Maximum Alerts
• Refresh Interval in seconds
• Warning R Threshold in percentages

SIP configuration work flow


SIP provides a standard means tor establish sessions, negotiate
capabilities, invoke applications, and exchange data with the MAS.

The following work flow shows the process for configuring your MAS SIP
signaling.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
54 Configuration fundamentals

Figure 5
SIP configuration work flow

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
55
.

Terminology
The following table describes common terminology associated with the
Media Application Server (MAS) .
Term Description
Backup A copy of data. The copy is preserved in case the
system the data was copied from fails, is damaged,
or changes to an undesired state.
Certificates A security tool used to identify secure packages of
data over a network.
Cluster A collection of servers on the MAS.
Codec Short for Compression Decompression, the codec is
used for transmitting media files over a network.
Commercial-Off-The-Shel Generic purchased hardware that can be used in a
f (COTS) wide variety of installations.
Conferencing A means of including more than two people in an
audio or video interaction.
Counters A measurement tool to record the number of times
an event occurs.
Dual-tone multi-frequency A signaling technology used for signaling over a
(DTMF) telephone network.
Differentiated Services A computer network architecture designed to
(DiffServ) manage and provide Quality of Service over a
network.
Element Manager (EM) A web-based tool used for configuring and
managing MAS and its components.
Event An incident that is either recorded or causes other
actions to occur.
Extensible Markup A specification for creating customizable mark up
Language (XML) languages such as VXML and CCXML.
File Transfer Protocol A network protocol used for transmitting files over
(FTP) a network.
Gauge A tool for providing real-time information about the
system.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
56 Terminology

Term Description
Graphical User Interface A visual interface used for interacting with a
(GUI) computer system.
License An identification showing the number of users can
be active for a piece of software.
Lightweight Directory An application protocol for working with directory
Access Protocol (LDAP) services over a network.
Logging An action for recording actions in a log.
Media Application Server A software based, media processing server. All
(MAS) media processing is performed in software on
the host CPU(s). The MAS architecture facilitates
unique scalability for all core functions of the
platform, including signaling, application execution,
content management and media processing.
Permissions A security tool that identifies what actions can be
performed by a given role.
Policies Security rules that govern the behavior and
actions of a computer system. These rules tell the
computer what actions to take in the case of certain
events, independent of human intervention.
Quality of Service (QoS) A means of controlling priorities between
applications for access to resources.
Quick Fix Engineering A tool for implementing small changes to MAS.
(QFE)
Real-time Transport A protocol for transmitting audio and video over a
Protocol (RTP) network.
Restore An action of copying backed up data to a system.
Remote Authentication A protocol for managing large networks.
Dial In User Service
(RADIUS)
Roles An identified role in a system that can be assigned
permissions.
Role Based Access A means of restricting access to a network or parts
Control (RBAC) of a network based on assigned roles.
Session Description A protocol for describing initialization parameters of
Protocol (SDP) streamed media.
Session Initiation A protocol for creating and removing communication
Protocol (SIP) sessions over a network.
Simple Network A protocol for monitoring devices attached to a
Management Protocol network.
(SNMP)

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
SIP configuration work flow 57

Term Description
Simple Object Access A protocol for transmitting and receiving XML
Protocol (SOAP) messages over a network.
Standalone An installation of a single server with MAS.
Transport Layer Security A technology for providing secure communications
(TLS) over a network.
Unified Communications A framework for providing security when using
Management (UCM) Element Manager. UCM replaces ECM, but both
are still used interchangeably.
Web service A technology which supports interaction between
computers on a network.

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
58 Terminology

Media Application Server


Fundamentals
NN44473-101 02.01 2 July 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

.
Media Application Server

Fundamentals

Release: MAS 14.0


Publication: NN44473-101
Document revision: 02.01
Document release date: 2 July 2010

Copyright © 2008-2010 Nortel Networks. All Rights Reserved.

While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing
NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS
OR IMPLIED. The information and/or products described in this document are subject to change without notice.

Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.

All other trademarks are the property of their respective owners.

www.nortel.com