FCSDK Administration Guide

FCSDK Administration Guide
YRP1-508, 3-4 Hikari-no-Oka Yokosuka-Shi, Kanagawa, 239-0847, Japan

tel.: + 81-(0) 46-821-3362 | cba-japan.com
This document contains confidential information that is proprietary to CBA. No part of its contents
may be used, disclosed or conveyed to any party, in any manner whatsoever, without prior
written permission from CBA.
© Copyright 2023 CBA.
All rights reserved.
Updated: 2022-05-02
Document version: 3.3/1
Contact Information
For technical support or other queries, contact CBA Support at:
support@cbaliveassist.com
For our worldwide corporate office address, see:
https://www.cba-japan.com (Japanese) https://www.cba-gbl.com (English)
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 2

Documentation Set
FCSDK Overview Guide
FCSDK Architecture Guide
FCSDK Installation Guide
FCSDK Administration Guide
FCSDK Developer Guide
Related Documentation
Fusion Application Server
FAS Architecture Guide
FAS Installation Guide
FAS Administration Guide

Contents
Overview
Fusion Application Server platform
Fusion Client SDK interfaces
Command line interface (CLI)
REST API interface
Web Administration interface
Audit Logging
User Authentication
LOCAL Authentication
Resetting Administrator Credentials
Setting Password Constraints
LDAP Authentication
Enabling LDAP Authentication
Configuring LDAP Authentication
Importing Certificates to the LDAP Truststore
Exporting and Converting Certificates from the Windows MMC
Configuring the Web Gateway
Configuring the Web Gateway on Linux
Adding Web Application IDs
Configuring for Voice and Video Calls
Configuring the Registrar
Internal Registrar
External Registrar
Outbound SIP Servers
Defining Banned Codecs
Prioritizing Codecs
Configuring video resolution
Configuring video settings
Configuring Bitrates
WebRTC Configuration
Configuring Media Brokers

Setting up the Interface with the Web Gateway
General Media Broker Configuration
Call Admission Control
Call Limit Based Call Admission Control
CPU Load Based Call Admission Control
Configuring Audio and Video Hold Treatment
Configuring RTP Settings
Enabling secure communications between Media Broker and the Web Gateway
Starting and Stopping Media Broker
Capturing logs on the Media Broker
Configuring Application Event Distribution
Browser Plugin Management
Media Broker Network Configuration
Traffic Segregation
Internal SIP Traffic
External Traffic
WebRTC Clients
Configuring SIP Network Settings
Configuring WebRTC Client Settings
An Example Configuration
Connection Monitoring
Configuring Monitored Connections
Media Broker Statistics
Media Broker Status
Media Broker Load
Connectivity
Statistics
Call Log
Overriding the Maximum Call Log Size
Call Statistics
Call Details Log
Performance Log
Web Administration Interface reference
Web Gateway Administration
General Administration

SIP Global Configuration
Rewrite outbound SIP URIs
Server Timeout
Ping Interval
Dead Link Ping Interval
Registration expiry
Min SIP session expiry
SIP session expiry
Web Application IDs
Max Message Queue Size
Client Ping Poll Period
Missed Pings Before Timeout
Fast Picture Update Poll Period
Media Timeout Poll Period
AED Configuration
Default Topic Timeout
Call Log Configuration
Log Level
Log Expiry
Performance Log Configuration
Log Enabled
Log Expiry
Sample Period
Max Load Factor
SDP Control Request Timeout
Resource Management
Max Concurrent Sessions Per Node
Installer URL
URL Is Relative to Gateway
Version

Minimum Acceptable Version
Media Configuration
Banned Codecs
Audio Codec Prioritization Configuration
Video Codec Prioritization Configuration
Video Resolution Configuration
Default Resolution Height
Default Resolution Width
Max Resolution Height
Max Resolution Width
Video Settings
Frames per Second
Video Scaling Mode
Bitrate Configuration
Adaptive Bitrate Adjustment Enabled
Initial Adaptive Bitrate
Minimum Adaptive Bitrate
Maximum Adaptive Bitrate
Fixed Video Bitrate
Fixed Audio Bitrate
RTP Settings
Restrict Media To Port in SDP
Picture Loss Recovery Mechanism
Registrar Configuration
Using external registrar
Registrar’s SIP address
Default q-value
Try lower priority contact on response codes
Default expires header
Minimum expires
Accept external registrations
Media Broker Administration
General Configuration
Control Address

Control Port
Control Type
Idle Timeout
Packet Size Limit
Maximum Buffer Size
Throughput Rate Limit
Maximum Concurrent Audio Only Calls
Maximum Concurrent Audio/Video Calls
SIP Network
Local Address CIDR
Start Port Range
Finish Port Range
WebRTC Client
Source Address CIDR
Public Address
Public Port
Local Address
Local Port
Monitored Connections
Group Name
Monitored Addresses
User Credentials
Old password
UI username
New password
Retype new password
Fusion Client CLI Reference
Authentication
Using the CLI
gateway-configuration
sip-configuration
outbound-sip-servers
rewrite-outbound-sip-uris
server-timeout

ping-interval
dead-link-ping-interval
registrar-sip-uri
registration-expires
min-sip-session-expires
sip-session-expires
media-settings
banned-codecs
audio-codec-prioritisation
video-codec-prioritisation
default-resolution
pixel-height
pixel-width
max-resolution
pixel-height
pixel-width
bitrate-configuration
adaptive-bitrate-enabled
adaptive-bitrate-initial
adaptive-bitrate-floor
adaptive-bitrate-ceiling
fixed-bitrate-audio
fixed-bitrate-video
rtp
restrict-to-sdp-ports
picture-loss-mechanism
media-brokers
media-broker-id
control-connection
control-hostaddress
control-port
control-secure
sip-network-rtp
local-address-cidr

local-port-range-start
local-port-range-finish
webrtc-client-rtp
source-pattern-cidr
public-local-ports
public-address
public-port
local-address
local-port
proxy-limits
idle-route-timeout
packet-size-limit
throughput-rate-limit
cac-audio-only-limit
cac-audio-video-limit
buffer-settings
max-buffer-size
network-connectivity-groups
name
monitored-connections
application-key
key-id
aed-configuration
default-timeout
video-configuration
fps
scaling-mode
internal-registrar-configuration
using-external-registrar
default-q-value
response-codes
default-expires
minimum-expires
accepting-external-registrations
authentication-config

authentication-types
authentication-type
ldap-authentication
ldap-server
ldap-secure
ldap-trust_jdk
ldap-search-user
ldap-search-user-password
ldap-base-context-dn
ldap-base-filter
ldap-role-context-dn
ldap-role-filter
ldap-role-attribute-id
ldap-role-attribute-is-dn
ldap-role-name-attribute-id
ldap-role-to-map
proxy-statistics
media-broker-id
load
load-group
startup-time
total-bytes
total-packets
packets-routed
packets-failed
failed-connections
network-connectivity-status
call-load
audio-only-calls
audio-video-calls
status
call-log
call-id
from

to
direction
start
end
call-details
call-id
from
to
direction
start
end
media-broker
termination-reason
raw-statistics
Fusion Client SDK REST API reference
Web Gateway Configuration
View Web Gateway Configuration
Update Web Gateway Configuration
Session Token JSON REST API
Getting a Session Token
Ending the Session
Fusion Client SDK Product URLs Reference
Public URLs
Service URLs
Administration URLs
Ports

Overview
The CBA Fusion Client SDK allows users to develop web applications which can:
Make and receive voice and video calls directly from a Web browser to telephones and
other browsers, without employing web plugins.
Share application events and data
Fusion Client SDK includes components which allow the enterprise to deploy the applications
which they develop:
The Fusion Web Gateway, which normalizes the signaling between SIP-based devices and
applications, so that the two can communicate together seamlessly.
The Fusion Media Broker, which converts between browser-originated RTP streams and
RTP streams compatible with SIP entities.
Fusion Application Server platform
The Fusion Client SDK network components are built on CBA’s Fusion Application Server, a
high-performance software platform that delivers innovative voice, video, and data services.
Fusion Application Server is a Java-based execution platform that meets the strict standards
and requirements of service providers and the enterprise market. See the FAS Architecture
Guide for further details.
Fusion Client SDK interfaces
You can administer Fusion Client SDK through three interfaces:
A command line interface
A REST API
A web administration interface
Command line interface (CLI)

To run the CLI, type:
<cli directory>/cli.sh
where <cli directory> is the directory where the CLI is installed; this may be a cli directory under
the directory where FCSDK was installed, or under the installation directory of another CBA
product, depending on what products you have installed.
When the CLI starts you will see a gateway prompt:
gateway >
Note: You will be prompted for a user name and password for access to the administrative
interface; these are the same credentials you set during installation and which you use to access
the other administration interfaces. See the User Authentication section for details of how to
change these from the default.
Once in the CLI, you can use the following commands:
Command Description
?,
View all commands in the CLI
help
Create a new item and enter update mode to set the initial values of
add [item] its properties. To quit update mode you must either save or cancel
your changes.
Enter update mode to change the properties in the existing item with
update [item] [id]
the specified id. To quit update mode you must either save or
[parameter]
cancel your changes.
delete [item] [id] Remove the item with the specified id
Remove an item from a collection of items. The item to be removed

is identified by the parmN values, which must collectively contain
delete entry
enough information to uniquely identify the item in the collection (for
[parm1] [parm2]...
instance a Media Broker is identified by its media-broker-id - see the
[media-broker-id](#media-broker-id) section).
display [item] [id] View (without editing) the properties of the item with the specified id.

list [item] View all instances of an item in a collection of items.
set [property]
During add or update, sets the property to a new value
[value]
save Save changes in update mode
cancel Quit (without saving) update mode
exit Quit the CLI
verbose‑display
View detailed information about an item with the specified id.
[item] [id]
item is the type of entity you want to add, update, delete, display, or list. id is the property (unique
among all instances of the item) which defines the specific instance you want to update, display,
or delete. Each instance of an item has properties which may be set to a value.
The CLI features command line completion (tab completion). This means that you can type the
first few letters of a command or parameter, followed by the tab key, and the CLI will
automatically complete the rest of the word based on the available possibilities. For example, if
you type upd at the prompt and press the tab key, the CLI will automatically complete the word
update.
See the Fusion Client CLI Reference section for more details.
REST API interface
You can provide a custom front-end which uses the REST API to configure the Web Gateway.
For details, see the Fusion Client SDK REST API reference section.
Web Administration interface
The web administration interface is available at:
https://<fas address>:8443/web_plugin_framework/webcontroller/admin
where <fas address> is the address of the Fusion Application Server which is hosting the
administration interface.
Note: In order to access the administration interface, you must enter a user name and password;
these were set during installation. See the User Authentication section for details of how to

change them.
If the wrong administrative credentials are submitted six consecutive times, then the
administrative account will be locked for security reasons. To re-enable the administrative
account see the Resetting Administrator Credentials section.
Audit Logging
Fusion Client SDK maintains an audit log of significant events, including the following:
User login or logout
FAS start or stop
Media Broker connections made or lost
The audit.log file is saved in the FAS install directory.
In an HA environment, where there are multiple nodes, each node keeps its own log, and a full
set of entries is maintained across the cluster.
Entries are kept for 1 year, and include their category and any specific information:
2016-01-28 10:38:30,056 INFO APP_CONN FAS started, user=root, address=192.168.8.128
2016-01-28 10:39:16,905 WARN MB_CONN Gateway 192.168.8.128 has lost connection to

Media Broker: 192.168.8.129
2016-01-28 10:40:00,977 INFO MB_CONN Gateway 192.168.8.128 has made a connection to

Media Broker: 192.168.8.129

User Authentication
Access to each of the administrative interfaces (Web, CLI, and REST) is authenticated using the
same credentials, a user name and a password. The user name and password can be kept
locally (LOCAL authentication - see the LOCAL Authentication section) or on an LDAP server
(see the LDAP Authentication section).
LOCAL Authentication
To change the user credentials:
1. Go to the User Credentials tab:
2. In the Authentication Mechanism section, make sure Local Enabled is checked.
3. Enter the information in the Local section (all fields are mandatory):
Field Description
Old The current administrative password. Under normal circumstances, this

password will be the password you have just logged in with.

The new name of the administrative user. If you are not changing the
UI username name of the administrative user, this will be the user name you have just
logged in with.
The new password for the administrative user. This is repeated as a

check for typing errors - if the two fields do not match, the password will
not be reset.
New
password **Note:** It is not a good idea to cut and paste the value from the New
password field into the Retype new password field. If you do, and there
is a typing mistake, the new password will not be what you think it is.
Retype new
password
4. Click the Save and Logout button at the bottom of the page.
Saving the credentials immediately logs you out, and you will have to log in again with the new
credentials.
Resetting Administrator Credentials
If you have forgotten the administrator user name or password, you can reset them to the
defaults by setting a system property:
1. Edit the <fas_dir>/domain/configuration/fas.properties file, and add the system property:
appserver.admin.password.reset=true
where <fas_dir> is the directory FAS was installed in.
2. Restart the FAS master node.
3. Open a new web browser and navigate to the Web Admin UI (https://<fas
address>:8443/web_plugin_framework/webcontroller/admin)
4. Click Login.
Note: This will fail; this is expected behavior.
5. Re-edit the <fas_dir>/domain/configuration/fas.properties file to remove the

appserver.admin.password.reset property.

6. Restart the FAS master node.
Login is now re-enabled on the web administration interface. The login credentials have been
reset to their default values. Note:
The default login credentials should be changed after the first login. See the LOCAL
Authentication section.
In the case of an HA cluster, both master and slave nodes need to have their passwords
reset. The simplest way to do this is to:
i. Stop the slave nodes.
ii. Follow the instructions above on the master node.
iii. Restart the slave nodes.
Setting Password Constraints

By default, the only constraint enforced when setting a password for the web administration
interface is that the password must be at least four characters long. You can use the Fusion
Application Server Management Console to add a system property which defines a regular
expression which any new password must match before it is accepted:
1. Open a web browser and navigate to the Fusion Application Server Management
Console:
https://<fas address>:9990
where <fas address> is the Fusion Application Server IP address
2. In the left hand menu, under Server, select Server Groups. The Server Groups page
displays:

3. In the Available Groups Configurations list, select main-server-group.
4. To add the new system property, select the System Properties tab below, and click Add.
The Create System Property dialog displays:
5. In the Name field enter appserver.admin.password.validation
6. In the Value field, enter an appropriate Java -style regular expression, such as:
Regular Expression Meaning

.{6,} At least 6 characters
^[a-zA-Z0-9]{6,}$ At least 6 alphanumeric characters
^(?=.*[a-z])(?=.*[A-Z])[a-zA-Z] At least 6 alphabetic characters, with a mix of upper

{6,}$ and lower case
^(?=.*\d)(?=.*[a-zA-Z])[a-zA-Z0- At least 6 alphanumeric characters, including both

9]{6,}$ alphabetic and numeric
7. Check the Boot-Time checkbox
8. Click Save
You should see the new system property in the System Properties list for the main-server-group
on the Server Groups page.
LDAP Authentication
To enable and configure LDAP authentication, click the User Credentials tab to go to the User
Credentials page:
Enabling LDAP Authentication

Check LDAP Enabled to enable LDAP authentication.
Check Local Enabled to enable local password authentication

Note: If both options are enabled, LDAP is done first, and then (if necessary) Local.
Configuring LDAP Authentication

Go to the LDAP section on the User Credentials page:
Field Description
Server The host of the LDAP server, for example, 172.31.20.69
This checkbox indicates if LDAP authentication should be performed over

a secure (HTTPS) connection.
If checked, a valid LDAP server certificate needs to be imported.

Secure
If unchecked, be aware that plain-text credentials are passed across

the network.
Trust JDK This checkbox indicates if, in addition to the regular LDAP trust store, the
Certificates Java (JDK) default certificate trust store should be used for LDAP server
certificate validation.
If checked, the JDK trust store is used to validate an LDAP server

certificate, if the certificate cannot be validated using the regular LDAP
trust store.

If unchecked, only the regular LDAP trust store is used.
The name of the user on the LDAP server who will perform searches, e.g.
ldapuser. This user will log in to the LDAP server and will perform the
Search User
searches for the user and role (and therefore must have permissions on
the LDAP server to do these things).
Search User
The password for the Search User
Password
The complete DN of the context to search for the authentication

Base parameters, such as:
Context DN
OU=USERS,DC=EXAMPLE,DC=COM
The search filter which is used in the authentication query. The user name
input by the user logging in replaces any occurrences of {0} in the
expression.
For example:
In this search the filter is the user id:
(uid={0})
Base Filter
This extra parameter will be attached to the existing Base Context DN:
(UID={0}),OU=USERS,DC=EXAMPLE,DC=COM
If the user logging in enters the name admin, the resulting search will find
a user whose UID is admin among the users in the context OU=USERS,
DC=EXAMPLE, DC=COM.
The fixed DN of the context to search for the user role, such as:
Role
Context DN OU=USERS,DC=LDAP,DC=EXAMPLE,DC=COM
Role Filter The search filter which is used in the user role query. The user name input
by the user logging in replaces any occurrences of {0}, and the
authenticated user DN replaces any {1}, in the expression.

The query may return several user role objects, each corresponding to one
of the user's roles.
The attribute of the user role object that contains the name of the role. For
example:
Role employeeType
Attribute ID
What use is made of the value of the Role Attribute ID depends on the
following settings.
This checkbox indicates whether the value of the attribute named by Role
Attribute ID contains the DN of a role object.
Role If checked, the value of the attribute named by Role Attribute ID

Attribute is contains the DN of a role object; and the value of the Role Name
DN Attribute ID attribute of that role object is the role name.
If unchecked, the role name is taken from the Role To Map field.
The attribute of the role object that contains the name of the role. If Role
Role Name
Attribute is DN is checked, this property is used to find the role object's
Attribute ID
name; otherwise, it is ignored.
The attribute of the user role object which contains the name of the user's
role (as defined in LDAP) that authorizes the user to access administrative
capabilities. An example is:
Role to Map
wpf
If left blank, the default user role that FCSDK looks for is WEBADMIN.
If a user can log in to the FAS console using their LDAP credentials, and can see the
administration pages, but cannot see the administration pages after logging in to Fusion Client
SDK, then check the role-related configuration.
LDAP authentication fails the first time after a reset:
If a user is set up in Active Directory with the option User must change password at next
logon, but their first action as an AD user is to attempt to use LDAP authentication, their login

fails with the following error:
LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext

error, data 773, v2580]
Workaround:
Before attempting to use their credentials for LDAP authentication, log the user in using their
Active Directory credentials on a system that will prompt them to change the password, or
Do not select the option User must change password at next logon when setting up the
user.
Importing Certificates to the LDAP Truststore
1. Open the FAS admin console at https://<fas address>:9990
2. Click Profiles in the top right menu:
3. From the Profile drop-down list on the left, select management:

4. In the menu on the right, expand Trust Management, then click Trust Certificates:
5. On installing FCSDK, a trust store called ldap is created, with the password changeit (this
password will be needed when adding certificates or otherwise changing the trust store).
6. Click the row for ldap under Trust Certificate Group - there should be no certificates listed in
the lower table.
7. Click the Import button to add the certificate to the to the newly added Trust Certificate
Group.

8. Enter a name of your choice for the certificate, the password for the trust store (as chosen in
step 5), and paste the contents of the LDAP certificate PEM file (including the —–BEGIN
CERTIFICATE—– and —–END CERTIFICATE—– lines) into the Encoded Certificate box.
Click Import.
Note: The Trust Certificate Group must contain the entire certificate chain for the LDAP server
(the main Java truststore is not referenced). In cases where this involves multiple certificates,

you will need to repeat steps 7 and 8 for each. See the Exporting and Converting Certificates
from the Windows MMC section for a possible mechanism to obtain the LDAP server certificate
in a Windows environment.
Exporting and Converting Certificates from the Windows MMC
In the case of a Windows environment, the certificate(s) needed to access the LDAP server may
be available within the MMC (Microsoft Management Console). For example, if the LDAP server
is using a root certificate that is pushed out to users of the same domain, then a user logged into
that domain sees this certificate in the MMC.
1. Open the MMC in Windows by choosing Search programs and files from the Start menu,
and type mmc followed by Enter
2. Within the MMC, select Add/Remove Snap-in from the File menu. Select the Certificates
snap-in on the left, then click Add.

!
3. When prompted, confirm that the snap-in will manage certificates for the user account.
4. Click OK to add the snap-in

5. Expand the tree on the left, locate the required certificate, then right-click it and select
AllTasks->Export
6. When prompted by the wizard, select DER as the format, then save the file to a suitable
location.

!
7. The file can then be converted to PEM format using OpenSSL:
openssl x509 -inform der -in in_certificate.cer -out out_certificate.pem
Note: OpenSSL is typically available at the command line of a Linux system; binaries for
Windows are also available at https://www.openssl.org/community/binaries.html

Configuring the Web Gateway
Most enterprise communications solutions, such as VoIP and video systems, support the
Session Initiation Protocol (SIP). Fusion Client SDK includes a Web Gateway, which handles
the complexity in the signaling between SIP-based devices and client applications so that they
can communicate seamlessly.
The Web Gateway communicates with the client application using the TCP-based WebSockets
protocol, providing a standardized way for the server to send content to the client without being
solicited, and allowing for messages to be passed back and forth while keeping the connection
open.
If your client application passes messages to the Web Gateway over a secure transit network
e.g. VPN or MPLS, unencrypted WebSockets (ws) connections may drop packets and terminate.
To ensure that your connection remains open, you must use secure WebSockets (wss).
With the Web Gateway, users can:
Make voice calls to desk phones from any PBX vendor.
Make calls across the PSTN to phones in the public domain.
Start video sessions directly to SIP-based video endpoints and other clients.
The CaféX Web Gateway:
Provides client-to-SIP signaling conversion.
Only allows clients to create sessions that the Web Application has authorized.
Uses HTTP for control channels, enabling security through industry standard and existing
mechanisms, such as a firewall or HTTP reverse proxy.
Creates and manages application collaboration sessions, sharing data and sending
messages to client applications.
Configuring the Web Gateway on Linux
If you installed the Web Gateway on a Linux-based operating system, such as CentOS, you may
need to configure the ulimit settings on the server to enable it to handle the number of clients in

your installation. If the ulimit setting is set too low, you will see the following error:
Too many open files
The Media Broker needs file handles other than those for client connections, so you need to
over-provision; for example, if your installation would include 5000 connections, you should set
the maximum number of open files to 7000.
To find the current maximum number of open files:
ulimit -n
If the current limit is too low:
1. Open /etc/security/limits.conf
2. Search for the line:
* - nofile 4096
3. Change the number of open files to 7000
* - nofile 7000
4. Save the file.
To confirm that the setting has changed, log out and log back in again, and run the ulimit - n
command again.
Adding Web Application IDs
The Web Application authenticates users on the client application’s behalf. Once it has
authenticated the user, the Web Application sends a message to the Web Gateway, asking it to
create a session with the specific capabilities which the user should have. The Web Application
ID is a unique text string which is included in this message, identifies the Web Application to the
Web Gateway, and confirms that the Web Application is allowed to create sessions.
The Fusion Client SDK Web Administration interface enables you to define the list of Web
Application IDs that the Web Gateway accepts:
1. Log in to the Fusion Client SDK Web Administration interface and click the Gateway tab,
then the General Administration tab, to display the General Administration page:

!
2. Scroll down to display the Web Application IDs section, and click the Add button under Web
Application IDs to display the Add Record dialog:
3. Enter the Web Application ID in the Key field. This should be a unique text string with a
minimum of 16 characters, such as FUSIONCSDK-A8C1D.
4. Click Submit. The Web Application ID you entered appears in the list of Web Application
IDs.
5. Click Save at the bottom of the page.
Configuring for Voice and Video Calls
An FCSDK application communicates with the Web Gateway on a WebSocket, using WebRTC
to send signaling and media (voice and video) traffic. The Gateway can then transform the
signaling to send the same voice and video to a SIP server, which sends it to a SIP endpoint

(such as a standard video phone); or the Gateway can send it directly to another FCSDK
application, which will receive it on its own WebSocket. The following pages show how to
configure the Gateway for SIP and WebRTC traffic.
Configuring the Registrar
By default, the Web Gateway uses an internal SIP registrar for client applications. To the Web
Gateway, an FCSDK application needs a session token, which is normally created by a Web
Application on the server, and returned to the client application. The Web Application creates a
session by sending a JSON string containing its Web Application ID, and some configuration
parameters for its requested facilities.
Note: To use the internal registrar, the JSON must use include the Gateway Controlled Domain:
“webAppId”:”FUSIONCSDK-A8C1D”,
“voice”:
“username”:”jbloggs”,
“domain”:”gateway.controlled.domain.com”
See the Creating a Session Token section in the FCSDK Developer Guide for more details on
building the JSON string and what go es in it.
The Gateway Controlled Domain is set during installation, and is a property of the Fusion
Application Server which FCSDK runs on. See the FAS Administration Guide for details on
how to find the Gateway Controlled Domain if you have forgotten it.
The fusion-web sample application keeps its configuration in the csdksample-db.xml file. In order
to use the sample application, you will need to change the file so that the sipDomain for your
users matches the Gateway Controlled Domain of the Web Gateway:
<user>

<name>voicevideo</name>
<password>123</password>
<inboundCallingEnabled>true</inboundCallingEnabled>
<outboundDestinationPattern>all</outboundDestinationPattern>
<sipUser>1001</sipUser>
<sipDomain>gateway.controlled.domain.com</sipDomain>
<authUser>1001</authUser>
<authRealm>auth.realm.com</authRealm>
<authPass>123456</authPass>
</user>
Internal Registrar
The internal SIP Registrar works with its default values after installation, but the administrator
can modify a number of configuration items:
1. Log in to the Fusion Client SDK Web Administration interface and select the Gateway tab
followed by the Registrar Configuration tab.
2. Ensure the Using external registrar checkbox is unchecked. The Internal Registrar
Settings are displayed:

3. You can edit the internal registrar settings:
Default q-value
If the Registrar receives a REGISTER without a q param in the Contact header address, it will
use this value as the default q for the contact to be registered. If an Address of Record has more
than 1 registered contact, this value is used by the Registrar to prioritize proxying during contact
resolution; a contact with a higher q value is targeted before one with a lower q value. The value
set should be a float value from range 0.1 to 1.0, such as 0.5. The default setting is 1.0.
If the Registrar fails to proxy to a resolved contact during the Contact Resolution phase, it will
check to see if the response it receives matches one of these configurable response codes. If a
match is found, the Registrar will attempt to proxy to the next q prioritized registered contact (if
there is one).
The default post-install setting is to have no response codes, so no further proxy attempts to
lower q ordered contacts takes place. The input format is a space-delimited list of SIP response
status codes, such as 404 408 410 480 500 503 604
If the Registrar receives a REGISTER without an Expires header or an expires parameter in the
Contact header, the Registrar will use this value as the default expires value. The value is in
seconds and must be > 0. The default setting is 21600.
Minimum expires

This is the minimum expires value the Registrar will accept in the REGISTER requests it
receives. If the value is less than this, the Registrar will send a 423 Interval Too Brief response
with the Min-Expires header set to this value. The value is in seconds and must be > 0. The
default setting is 5.
Indicates if the Registrar is accepting registrations that did not originate from the Web Gateway.
The default value is checked; this is useful for testing in a development or trial environment. In a
production environment, you should uncheck this box; registrations are then only accepted from
the Web Gateway.
Registrations are always accepted from the Web Gateway regardless of this setting.
External Registrar
Alternatively, you can configure the Web Gateway to use an external SIP registrar. You need to
define where to send the REGISTER message, and (because REGISTER is a SIP message)
how to deal with SIP messages:
1. Log in to the Fusion Client SDK Web Administration interface, and select the Gateway and
Registrar Configuration tabs.
2. Check the Using external registrar checkbox. The External Registrar Settings are
displayed:
3. Enter the Registrar’s SIP address, including the initial sip:, for example
sip:external.registrar.com
4. Click Save at the bottom of the page
5. Select the Gateway tab, then the General Administration tab.

6. Add the external registrar to the Outbound SIP Servers (see the Outbound SIP Servers
section).
7. Make any changes to:
Registration expiry (seconds)
Min SIP session expiry (seconds)
SIP session expiry (seconds)

If SIP messages are to be routed outside of the Web Gateway then you must configure one or
more entries in the Outbound Sip Servers section on the General Administration page:
1. Select the Gateway tab followed by the General Administration tab to display the General
Administration page.
2. In the Outbound SIP Servers section, click the Add button. The Add Record dialog is
displayed:

!
3. Enter the URI of the SIP server which will route calls and registrations into the SIP network
in the format sip:<hostname>, and click the Submit button.
4. Make any changes you need to settings which affect all outbound SIP servers (see below).
The following settings affect all outbound SIP servers:
Check this to have the Gateway update the host part of the Request URI of all outbound
requests to match the host part of the outbound SIP server address. If this is unchecked, then it
sends requests to the outbound sip server without change.
The Gateway maintains a view of whether it is connected to each of the outbound servers by:
sending an OPTIONS message and examining the response
by examining the response to any initial INVITE it sends to a server.
If a server does not respond to the OPTIONS or initial INVITE within a timeout period, it is
considered DOWN. You can control this behavior with the following settings:
Server Timeout

The time allowed for a server to respond to a request before the Gateway considers it to be
DOWN.
Ping Interval
The interval between successive OPTIONS messages sent to an outbound SIP server when that
server is considered UP.
The interval between successive OPTIONS messages sent to an outbound SIP server when that
server is considered DOWN.
You can see the state of the Outbound SIP Server connections in the performance log screen,
which you can find at the Performance Log tab.
When routing a new initial outbound request, the Gateway builds an ordered list of outbound SIP
servers as follows:
1. All UP servers are added in an undefined order
2. The remaining DOWN servers are appended to the list.
The Web Gateway routes the request to the first in the list. If no response is received within the
configured Server Timeout period, then it routes the request to the next server in the list, and so
on until it receives a response. If it goes through the whole list without any of the servers
responding, the call will fail.
The following settings affect the headers in outbound SIP messages:
Registration expiry (seconds)
How often, in seconds, the Web Gateway will send a REGISTER message to the SIP network
Min SIP session expiry (seconds)
Controls the value of the Min-SE header which the Web Gateway places in INVITE messages
sent to the SIP network.
SIP session expiry (seconds)
Controls the value of the Session-Expires header which the Web Gateway places in INVITE
messages sent to the SIP network. The above values together control the session refresh

interval (see RFC 4028 for details).
See the SIP Global Configuration section for valid values.
Defining Banned Codecs
To ensure that calls are handled correctly, you can define a list of codecs that you do not want to
pass to the Media Broker. When the Media Broker receives any of the codecs on this list, it
removes them from the SDP that it produces.
To add a codec to the banned codecs list:
and the Media Configuration tab.
2. Click the Add button under Banned Codecs to display the Add Record dialog:

3. Enter the name of the codec in the Codec field, for example PCMU
4. Click the Submit button. The codec you entered should now be displayed in the Banned
Codecs list.
5. Repeat the above steps for each codec you want to ban, and click the Save button at the
bottom of the page.
Prioritizing Codecs
You can prioritize audio and video codecs in the Audio Codec Prioritization Configuration and the
Video Codec Prioritization Configuration sections of the Media Configuration page:
Note: These settings only apply to calls that require transcoding.
Depending on your network’s capabilities, and the priority your organization gives to bandwidth
and quality, you may prefer to transcode to certain codecs rather than others. Fusion Client
SDK allows you to prioritize the media codecs to ensure that the preferred codec is given highest
priority.
The prioritized codec lists include the name of the codecs as they appear in the SDP. Any
codecs in the prioritized list will be removed from SDP, then re-inserted at the end of the process
in the order specified, and with a higher priority than any other codecs present in the SDP. It is
therefore possible to specify the relative priority of all codecs in any call. Using this feature may
force a call to be transcoded.

The process of changing the priority of specific codecs is the same for both audio and video
codecs:
Adding a codec
i. Type the name of the codec into the text box
ii. Click the add (+) button
The codec will be added to the top of the list
Deleting a codec
Click the delete button (x) by the codec in the list
Changing the priority of a codec
Drag and drop the codec’s label in the list to its new position
Note: All codec names must conform to RFC 1551 (http://www.ietf.org/rfc/rfc3551.txt).
Configuring video resolution

You can configure video resolution in the Video Resolution Configuration section of the Media
Configuration page:
RFC 6236 (http://www.ietf.org/rfc/rfc6236.txt) defines the imageattr SDP attribute, which

endpoints can use to describe in the SDP which resolutions they can send and receive.
By configuring the video resolution settings, you determine what values the Media Broker uses
for the imageattr attribute in the SDP, so that it only permits certain resolutions. The Media

Broker examines the imageattr values in the inbound SDP, and sets the imageattr values in the
outbound SDP, using those inbound values and applying the following rules:
The Max. Resolution Width and Max. Resolution Height define the maximum value for
each axis. If either of the values for a given width and height pair exceeds the maximum
value, then that pair is discarded. Therefore, if the Max. Resolution Width and Max.
Resolution Height are 600 and 400, then for the given inbound imageattr, the outbound
imageattr value would be :
Inbound SDP Outbound SDP
send [x=640,y=480] [x=480,y=320]

send [x=480,y=320] recv [x=480,y=320]
recv [x=480,y=320] [x=640,y=320]
The Default Resolution Width and Default Resolution Height define the values to use if
the inbound SDP contains no imageattr value, or if all the values in the inbound SDP are
rejected because they are larger than the maximum width or height. If the Max. Resolution
Width and Max. Resolution Height are 600 and 400, and the Default Resolution Width
and Default Resolution Height are 320 and 240, then for the given inbound imageattr, the
outbound imageattr value would be :
Inbound SDP Outbound SDP
None send [x=320,y=240] recv [x=320,y=240]
send [x=640,y=480] [x=480,y=320]

send [x=480,y=320] recv [x=320,y=240]
recv [x=640,y=480] [x=640,y=320]
Note: Not all endpoints implement RFC 6236, and such endpoints may ignore imageattr values.
Configuring video settings
The video settings (Frames per Second and Scaling Mode) affect the behavior of Media Broker
when it is transcoding. They are in the Video Settings section of the Media Configuration page.
The Frames per Second determines the frame rate that the Media Broker will use when
encoding, and affects the streams going out from Media Broker to the two endpoints in a
call.

The Scaling Mode affects how Media Broker handles a difference between the resolution it
receives from one endpoint, and the resolution it sends to the other. It always sends the
maximum (see note) video resolution that the endpoint included in the recv imageattr
attribute in the SDP (i.e. the maximum of those resolutions the endpoint has indicated it can
accept, or the default if none was present in the SDP). Where there is a difference between
the two resolutions the scaling mode acts as follows:
NONE
No scaling. Media Broker ignores the imageattr values, and send the resolution it received. This
may mean the aspect ratio of the image received by the endpoint is not what it was expecting,
and may result in the endpoint stretching or squashing the image to fit in the available window.
STRETCH
Media Broker stretches or squashes the inbound image to fill the outbound resolution. If the
aspect ratios differ, then the outbound image will appear stretched on one of the two axes. The
benefit of this option is that the image will fill all of the target window.
ADD_BORDERS
Media Broker maintains the aspect ratio of the inbound image. If the size of the outbound image
differs from the inbound one, then Media Broker adds black borders to the edges of the
outbound image to maintain the aspect ratio. The benefit of this option is that the image is never
distorted.
Note: The maximum resolution is the one with the largest width. If two or more resolutions share
the largest width, then the maximum resolution is the one of them which has the largest height.
The effects of the different scaling modes are as follows:

Configuring Bitrates
You can configure video and audio bitrates from the Fusion Client SDK Web Administration
interface. Select the Gateway tab and the Media Configuration tab, and scroll down to the
Bitrate Settings section.
If checked, the Media Brokers dynamically adjust the video bitrate to maximize the video quality,
depending on network conditions.

The Media Broker can estimate the maximum bitrate for the network conditions for both send
and receive video streams, even if it does not receive REMB and TMMBR messages from
browser and sip endpoints; this is the starting value for this estimation. If the initial rate is well-
chosen, it may find the best quality bitrate more quickly; if it is badly chosen, there may be
unnecessarily poor initial video (if the value is set too low), or dropped packets or frozen video (if
the value is set too high).
The units are kbs (kilobits per second).
Media Broker will receive and act on max bitrate messages from:
Browser endpoints (RTCP REMB)
SIP endpoints (RTCP TMMBR)
The sender bitrate estimating algorithm
The receiver bitrate estimating algorithm
These max bitrate messages never go below this value (that is, it sets the minimum quality). The
Media Broker uses this value when setting media broker video encoder bitrates, and in outbound
REMB and TMMBR RTCP messages.
The units are kbs.
The max bitrate messages never go above this value (that is, it determines the maximum
bandwidth). The Media Broker uses this value when setting media broker video encoder bitrates,

and in outbound REMB and TMMBR RTCP messages.
The units are kbs
If unchecked, the video and audio bitrates are constant.
The Media Broker uses the Fixed Video Bitrate and Fixed Audio Bitrate settings to
negotiate a fixed bitrate for audio and video with browser and SIP endpoints. Using fixed
bitrate on poor lines may result in video and audio issues, such as video freezing and
stuttering audio).
When you create a session on the gateway from your application, you provide a timeout value
(see the FCSDK Developer Guide for more information). This timeout determines the number of
minutes that:
The session will stay alive if unused
The session will stay alive once the WebSocket connection to the client is torn down
There is a keep-alive PING mechanism to both keep the WebSocket connection open and test
that the client is still connected. The Web Gateway will periodically send PING requests and
expect a PONG response. If it receives no PONG response to a (configurable) number of
consecutive PING requests, then it destroys the WebSocket connection and after the above
timeout the call is ended.
The Gateway also performs regular checks, to determine if media has stopped flowing during a
call; if it detects such a situation, it will end the call. The period between each check is
configurable.
It will also end the call if the number of messages queued for sending from the Gateway to the
client becomes too large; again, this value is configurable.

WebRTC configuration is achieved from the Fusion Client SDK Web Administration interface.
Select the Gateway tab, then the General Administration tab, and scroll down to the WebRTC
Configuration section.
Field Description
The maximum number of messages to

Max Message
be queued before tearing down the
Queue Size
connection
Client Ping The number of seconds between PING

Poll Period messages
The number of consecutive PING

Missed Pings
messages that we send but received
Before
no PONG response before ending the
Timeout
WebSocket connection.
The number of milliseconds between

Fast Picture
sending requests for Fast Picture
Update Poll
Update info requests - a value of 0 will
Period
disable the timer
The number of seconds for the timer to

Media Timeout
determine if a call has timed-out
Poll Period
through lack of media
Configuring Media Brokers
RTP media streams may also need normalizing to integrate with SIP environments. If the client
applications use a different video standard (VP8) than most enterprise video systems (which

usually use H.264), applications cannot share video calls with enterprise-based systems unless
there is media transcoding between the two.
The Media Broker provides transcoding between VP8 and H.264; employees and customers can
share secure video calls on a wide variety of devices and join video conferences from almost any
endpoint.
Note: A Fusion Client SDK network can contain several Media Brokers. See the FCSDK
Installation Guide for instructions on how to install Media Brokers.
Setting up the Interface with the Web Gateway

The Web Gateway and Media Broker need to exchange control messages. By default, the Media
Broker listens for Web Gateway-to-Media Broker control communication on port 8092, on all
available IP addresses. However, if the Media Broker is installed in a DMZ, we expected that you
will want to configure it to listen on a specific control interface which is not open to external
traffic.
To configure the IP address for communications with the Web Gateway:
1. On the Media Broker, edit the <install_directory>/media_broker/proxy.properties file.
2. The IP address for the control interface is defined by the broker.rest.addr setting, which is
left blank by default. Enter the IP address you want to set for the control interface here.
3. The port allocated to the control interface is set to 8092 by default. If you want to change
this, update the value for broker.rest.http.port for non-secure communication, and
broker.rest.https.port for secure communication. See the Enabling secure communications
between Media Broker and the Web Gateway section.
4. Save your changes
5. Restart the Media Broker to apply the new settings
General Media Broker Configuration

followed by the Media Brokers tab. The page shows a list of existing Media Brokers:

!
2. To add a Media Broker, click the Add Record button; to edit the settings of an existing
Media Broker, click the Edit button (! ) next to the record of the Media Broker you want to
edit.
3. In either case, you will see a page for a single Media Broker with the General Configuration
section at the top:
Control Address
This is the hostname or IPv4 address for the control interface of the Media Broker, for example
192.168.1.2. The Web Gateway uses it to connect to the Media Broker control port.
Note: If you have configured a specific control interface for the Media Broker (see the Setting up
the Interface with the Web Gateway section), this should match that IP address.
Control Port

This is the port for Web Gateway-to-Media Broker communication. By default, this is 8092.
Note: If you have configured a specific control interface for the Media Broker (see the Setting up
the Interface with the Web Gateway section), this should match that port number.
Control Type
Determines if all communication between the Web Gateway and the Media Broker will be secure
or not. Not Secure is selected by default.
Idle Timeout
The maximum period of inactivity (in seconds) on a route before the route is considered invalid
and torn down. The default setting is 10.
Packet Size Limit
The maximum RTP packet size that the Media Broker accepts. The Media Broker will drop any
packet that exceeds this size. The default setting is 1500.
Max. Buffer Size
The maximum number of packets that can be buffered before each call. If users are experiencing
video issues at the beginning of calls, this value should be increased. The default setting is 500.
The maximum RTP throughput rate (in packets per second) for the Media Broker. The Media
Broker will terminate a call where the input rate exceeds this value. The default setting is 1000.
Limit to the number of audio only calls which the Media Broker can process. See the Call Limit
Based Call Admission Control section.
Setting the value to 0 (the default) disables this feature.
Limit to the number of video calls (all video calls have an audio channel) which the Media Broker
can process. See the Call Limit Based Call Admission Control section.
Setting the value to 0 (the default) disables this feature.

4. If you are adding a new Media Broker, configure both the SIP Network (see the Configuring
SIP Network Settings section) and the WebRTC Client (see the Configuring WebRTC Client
Settings section) sections. (You cannot save a Media Broker configuration which does not
include SIP Network and WebRTC Client configurations.)
Call Admission Control (CAC) is designed to protect Media Brokers against overloading when
the Gateway selects a Media Broker to handle a new call.
When CAC is enabled, the Load Balancer will only select a Media Broker which the CAC rules
consider can handle another call; this introduces the risk that all Media Brokers are unavailable,
so that the Gateway rejects a new call.
There are two types of CAC. One is based on CPU load, which you can configure from the
General Administration page (see the CPU Load Based Call Admission Control section). The
other is based on call limits for an individual call type on an individual Media Broker, which you
can configure in the Media Broker Configuration page when editing or adding a Media Broker
record (see the Call Limit Based Call Admission Control section).
Note: CAC is not enabled by default. To enable it, you must set the relevant properties.
Call Limit Based Call Admission Control
The Media Broker divides calls into audio only and audio/video calls, on the basis of the SDP
negotiated when the call starts. CAC based on call limits works by setting the maximum allowed
number of calls for a given type, and then working out the allowed combinations based on these
maximum values. For example, setting the Maximum Concurrent Audio/Video Calls to 10 and
the Maximum Concurrent Audio Only Calls to 100, would allow an extra 5 audio and video
calls or an extra 50 audio only calls, if there were already 50 audio only calls (see the General
Media Broker Configuration section for details of setting these values). Note:
Setting either of these values to 0 disables the feature for that call type.
For load-balancing purposes, calls will be treated as audio only if the SDP which sets up the
call does not contain a video m-line.
CPU Load Based Call Admission Control

followed by the General Administration tab to display the General Administration page.
2. Scroll down to the Call Admission Control section:
Max Load Factor
When the Gateway assigns a call to a particular Media Broker, the Media Broker will reject the
call if its current load factor is at, or above, this value; this will cause the Gateway to choose
another Media Broker if one is available, or reject the call if one is not. The value is a percentage
of the CPU load limit, and can take values from 0 to 100.
Note: To disable this function, set a value of 0.
The Gateway uses SDP Control requests to set up a call with the Media Broker. If the request
does not complete within the SDP Control Request Timeout period when allocating a Media
Broker to a new call, the Gateway tries another Media Broker. The value is specified in
milliseconds with a typical value of about 10.
Note: To disable this function, set a value of 0.
Configuring Audio and Video Hold Treatment

You can configure how the Media Broker renders video to endpoints on hold using the settings in
the proxy.properties file. By default the settings ensure that both video and audio is streamed to
the WebRTC client at all times. Where the remote endpoint is not streaming video or audio (that
is, is on hold), the Media Broker uses the configured video or audio stream, and sends that to the
client.
To configure a hold image:
1. Copy the image you want to use as your hold image to the same machine as the Media
Broker.

Note: The image must be in PNG format and be 280x280 pixels in size.
2. Edit the <fcsdk_install_dir>/fusion_media_broker/proxy.properties file.
3. Change the video.hold.image.path property to point to the new image file.
4. Save the file and restart Media Broker.
To configure a video file as a hold image:
1. Copy the video file (AVI format only) to the same machine as the Media Broker.
2. Edit the <fcsdk_install_dir>/fusion_media_broker/proxy.properties file.
3. Add the property and value:
hold.avi.enabled=true
4. Add the property:
hold.avi.path
and set the value to point to the AVI file, relative to the rtp-proxy-instances/mb-<n> directory.
5. Save the file and restart Media Broker.
Using a video file for the hold image results in an approximately 25% reduction in capacity.
To configure audio hold treatment, edit the audio.hold.url property, setting the wave, volume, and
freq elements of the noise URI:
noise:wave=white-noise;volume=0.5;freq=440
Possible values for each of the elements are given in the proxy.properties file.
Configuring RTP Settings
You can configure RTP settings from the Fusion Client SDK Web Administration interface:
1. Log in to the Fusion Client SDK Web Administration interface and select the Gateway tab,
then the Media Configuration tab.
2. Scroll down to the RTP Settings section:

Restrict Media To Port In SDP
When checked, the Media Broker drops SDP packets from ports other than those negotiated in
the SDP. This can avoid issues with SIP endpoints that continue to stream media after a call has
been transferred or held. It only affects SIP-side media. It is unchecked by default.
When video is lost, this setting determines the mechanism used for picture loss recovery to SIP
endpoints. The default setting is PLI.
Note: This setting only determines the type of message that Media Broker sends when it detects
picture loss on a video stream from a SIP endpoint. SIP endpoints can use any option for
recovery, regardless of this setting.
Enabling secure communications between Media Broker and the Web

Gateway
There is a REST service running on the Media Broker which services requests from the Web
Gateway to set up and tear down media routes, send DTMF, and monitor the health of all Media
Brokers. By default, this connection is not secured after installation, and you will need to
configure it for HTTPS if you require this connection to be secure.
When HTTPS is set up, the Media Broker will be authenticated by the Fusion Application
Server. Hostname verification is done via the Subject Alternative Name (SAN) entries in the
server certificate, so we recommend you include both an IP address and FQDN.
1. To create the server certificate and keystore, run the following command in the Media Broker
install directory:
keytool -genkeypair -alias control -keyalg RSA -keystore <keystore file> -keysize 2048 -
ext san=ip:<ipaddress>,dns:<fqdn> -dname “CN=<common name>“
Where:

<keystore file> is the name of the keystore file to use. We recommend using the existing
keystore.jks, rather than creating a new one.
<common name> is the common name to use in the certificate
<ipaddress> and <fqdn> are the IP address and fully qualified domain name of the Media
Broker server. If an FQDN has not been configured, use only the IP address
2. When prompted for a password for the keystore and certificate, we recommend that you use
the same value for both.
3. To export the public certificate for installation in the Fusion Application Server truststore,
run the following command:
keytool -export -alias control -file <pem file> -keystore <keystore file> -rfc
Where <pem file> is the name of the PEM file to store the certificate in e.g. mediabroker.pem.
Note: Ensure you complete all the steps described in FAS Administration Guide under the
heading Configuring Load Balancers with trust certificates.
4. Update the following settings in <media_broker_install_dir>/controller.properties:
Set the broker.rest.https.port to the port for HTTPS communication (e.g. 8093).
If you want to turn off HTTP, set the broker.rest.http.port to 0
Set the keystore.file.path property to <keystore file> as above.
Set the keystore.file.password property to the password used above.
5. Import the PEM file into the Fusion Application Server default trust store (called default-
trust) - see FAS Administration Guide.
6. Restart the Media Broker (the Starting and Stopping Media Broker section).
7. Reconfigure the Media Broker by setting the Control Port to match that set above, and by
setting Control Type to Secure. See the General Media Broker Configuration section.
Note: keytool commands should be on a single line.
Starting and Stopping Media Broker

If you need to start, stop, or restart a Media Broker for any reason, run one of the following
commands on the Media Broker host:
To start the Media Broker:
service fusion_media_broker start
To stop the Media Broker:
service fusion_media_broker stop
This command stops the Media Broker immediately. You may prefer to shut down the Media
Broker gracefully using the following command:
service fusion_media_broker request-shutdown
This prevents new calls, while allowing existing calls to continue. The Media Broker will shut
down as soon as all existing calls have completed.
To restart the media broker:
service fusion_media_broker restart
Capturing logs on the Media Broker
To help you identify any issues you may experience, Fusion Client SDK provides a script which
captures call logs and statistics. The logcapture.sh script is in the Media Broker installation
directory, and can capture the following information:
Media Broker configuration
vmstat output
Java memory
Thread dumps
Network traffic (in a pcap file)
The logging script runs until you explicitly stop it, allowing you to reproduce any problems while it
is running. When you stop the logging script, it captures the information you require in a series of
log files.

You can control which information it captures by adding a selection of the following options when
you run the script:
Option Description
‑f, ‑‑tar‑file The filename of the resulting tar archive (required).
‑c, ‑‑config Include configuration files in the archive.
‑t, ‑‑threads Include thread dumps in the archive.
‑m, ‑‑memory Include heap memory dumps in the archive.
‑n,
Do not clean the output directory at the end of the run.
‑‑do‑not‑clean
‑p,
Capture network traffic in a pcap file.
‑‑capture‑pcap
‑v, ‑‑vmstat Include vmstat output in the archive.
‑a, ‑‑all Includes all options.
Force memory and stack dumps even if a process is hung.

‑F, ‑‑force
Only meaningful if -t, -m, or -a are also included.
‑h, ‑‑help Display online help.
1. Capture all the information by running:
logcapture.sh -a -f example.tar
(Use other options instead of -a if you only want some of the logs.) The console will display the
following message:
*****************************************************
* Capturing files to directory logcapture.temp-LGR *
* Press <CTL>-C when ready to tar up captured files *
*****************************************************
Note: The final three characters of the directory name (LGR in the above example) change each
time the script is run, as this is a temporary directory.

2. Reproduce any scenarios which are causing the issues.
3. Stop logging by pressing Ctrl+C. The output files will be collected in example.tar, which has
a structure similar to:
./vmstat.out
./tcpdump.pcap
./MB/
./MB/x264_2pass.log
./MB/thread.dump
./MB/heap.bin
./MB/routetable.log
./MB/rest.log
./MB/proxy.log
./MB/log4j.properties
./MB/proxy.properties
./MB/console.log
./MB/stun.log
./MB/master.console.log
Configuring Application Event Distribution
Application Event Distribution (AED) allows applications to create and subscribe to topics,
and to post messages and data to those topics, which are copied to all subscribers to the topic.
How and when topics are deleted is configurable:
and then the General Configuration tab.
2. Scroll down to the AED Configuration section:

3. Set the Default Topic Timeout value to the length of time in minutes which AED topics will
remain inactive without being deleted. The default value is 0, which turns it off; when the
value is set to 0, topics are never automatically deleted due to inactivity, and applications
must delete them explicitly.
4. Click the Save button at the bottom of the page.
For more information on AED, see the FCSDK Developer Guide.
The Safari and Internet Explorer browsers require plugins to operate with FCSDK. You can make
these plugins available on the Web Gateway, or in another location which users can access.
and then the General Configuration tab.
2. Scroll down to the Browser Plugin Management section:

The section has two sub sections, one for Internet Explorer (IE) and one for Safari (Safari). Enter
the following information for each:
Setting Description
Specify the location for the installer, either as an absolute or a relative

URL, for example, http://location.example.com/ie/FusionVideo.msi or
Installer URL /ie/FusionVideo.msi
**Note:** a relative URL must begin with a slash (/).
Check this checkbox if the Installer URL is relative to the address of

the Web Gateway.
URL Is Relative
To Gateway If Installer URL is a relative URL, and this is not checked, the address
is interpreted as relative to the browser's address.
Version The current version of the plug-in.
The lowest version of the plug-in that will operate with the current
Minimum version of FCSDK, without being upgraded.
Acceptable
**Note:** If a user has an installed an earlier version of the plug-in, they
Version
may not have the full range of functionality available to them.
For information about the current versions of browser plugins, see the FCSDK Plugins Release
Notes.

Media Broker Network Configuration
This chapter takes you through configuring the network for a Media Broker.
Traffic Segregation
Media Broker enables you to configure how the different types of traffic which it handles are
allocated to local network interface cards (NICs) on the Media Broker server, in a flexible way.
The following diagram shows the Media Broker in an example installation, where the Reverse
Proxy and Media Broker are installed in a DMZ which separates the external network/internet
from the internal network.
Note: The above installation is an example only. We expect that in real-world installations, with
devices based in the internal network, the Media Broker will be installed within the internal
network.
Device 1 is a client application on a device or browser which is connected to the internet.
Device 2 is a client application on a device or browser based within the internal network.
Device 3 is a client application on a device or browser based within the internal network,
which connects to the Web Gateway via a HTTP Proxy.

The SIP Network is the company’s internal communication network which could be made up
of deskphones, cellular phones, VoIP softphones, or any other SIP endpoints.
The thin, solid lines indicate the Websockets connections between the devices and the Web
Gateway.
The dashed arrows indicate RTP streams from the devices during a call. The points of each
arrow reflect the NIC addresses and ports which the Media Broker exposes to different RTP
traffic types.
The thick solid line indicates the control interface for the Web Gateway.
Internal SIP Traffic
The SIP Network settings specify a number of address and port-range records which define the
addresses and port ranges of the NICs on the Media Broker that will be available for RTP on the
internal SIP network .
Each record contains an address pattern, a lower port number, and an upper port number. The
address pattern is in the form of a Classless Inter‑Domain Routing (CIDR) expression, which
can be a wildcard.
Note: CIDRs are used to facilitate the configuration of networks using a cluster of multiple Media
Brokers.
All addresses on the Media Broker are matched against the CIDR address pattern to arrive at a
set of Media Broker addresses for RTP and RTCP traffic on the internal SIP network. Then each
port in the given range (inclusive), on each resolved local address, is opened. The Media Broker
allocates ports at call time by randomly selecting a consecutive pair of ports (one for data, one
for control) from all the opened ports which are not currently in use. One selection is made for
audio and, if required, another selection is made for video.
The SIP network port allocation results in the use of two ports for audio-only traffic, and four for
audio and video traffic.
External Traffic
WebRTC Clients

The WebRTC Client settings define the addresses and ports through which the Media Broker will
receive SRTP/RTP from the client application. During call setup, the Gateway chooses which of
these ports to use, from those which are not currently in use. Any firewalls in the network must
be set up to allow SRTP/RTP traffic on these ports.
The settings specify a list of different client device source address patterns. Each pattern
should match the address of a node traversed immediately before the Web Gateway; this is
represented by the last X-Forward-For header entry in the Web Gateway WebSocket
HttpServletRequest, so the Gateway will accept any HTTP request whose last X-Forward-For
header matches one of the patterns.
When a client application is involved in a call, the Gateway will match the source address of the
client against the list of CIDR source address patterns. If more than one pattern matches the
source address (which can happen if one pattern covers a subset of the addresses covered by
another pattern), then it will choose the most specific pattern. If there are no matches, it will
reject the call.
The administrator can configure each client application source address pattern with a number of
address and port records. Each record contains a public address, a public port, a local
address and a local port. These records inform the Gateway which local ports are available on
the Media Brokers, and which corresponding public addresses and ports it should instruct the
client to use for SRTP/RTP traffic.
At call time, the Gateway selects among these on a load-balanced basis per media stream, per
call - the SDP passed by the Media Broker to the client application will contain the public address
and port for the selected media stream, and the Media Broker will listen on the associated local
address and port.
Unlike SIP network traffic, WebRTC Client traffic is multiplexed. An allocated port can handle
traffic for the control and data of both audio and video. Selecting an address and port record for
a given media stream provides for the control and data for that stream. Because selections are
made for each media stream, the number of ports used for a call depends on the configured
records and whether the call involves video.
For audio only calls, only one selection is made and only one port is needed. For calls which
contain both audio and video, one selection is made for audio and another for video. If there is
only one address and port record configured for the chosen source address pattern, then the
same port will be selected for both audio and video (resulting in one port for all traffic). If there is
more than one record, then because of the load-balanced nature of record selection, the
Gateway may select different ports for audio and video (resulting in two ports being used).

Configuring SIP Network Settings
To configure the SIP Network settings, which define how the Media Broker communicates with
the internal SIP network:
1. Go to the SIP Network section of the Media Broker Configuration page, and click Add:
2. The Add Record dialog displays:
Enter the following information:
Local Address CIDR
A block of addresses on the Media Broker for RTP and RTCP traffic on the internal SIP network.
This setting is a range of IP addresses signified by a CIDR notation: for example 192.0.2.0/24.
In the above example, the Media Broker sends and receives RTP and RTCP on any of its NICs
having an address like 192.0.2.x. You can set the Local Address CIDR to all to allow all the
available IPs on the Media Broker to send and receive RTP and RTCP.
Start Port Range
The lower limit of the range of ports used for RTP and RTCP.
Finish Port Range
The upper limit of the range of ports used for RTP and RTCP.

Note: At runtime, RTP and RTCP ports are assigned in pairs from the pool, so the Start Port
Range value should be an even number, and the Finish Port Range value should be an odd
number.
3. Click the Submit button.
The range you entered now displays in the SIP Network list. Repeat the process to add any
other ranges. Alternatively, to delete a range you have created, select the range by checking the
checkbox next to it, and click Delete.
4. Click the Save button at the bottom of the page.
The operating system provided in the Media Broker .ova package has a default maximum of
open files for a process of 1024.
If the port range required is larger than this, then you will need to update the number of file
handles available to the Media Broker process to account for the whole port range. The Media
Broker also requires other file handles in addition to those for the ports, so you need to over-
provision. For example, if the port range consists of 5000 ports you should set the maximum
number of open files to 7000.
1. To see the current maximum number of open files, log on to the Media Broker server and
run the following command:
ulimit -n
2. To change the number of open files, open /etc/security/limits.conf and navigate to the
following line:
* - nofile 4096
3. Change 4096 to the setting you require, in the above example that would be 7000:
* - nofile 7000
4. To confirm that the setting has changed, log out and log back in again before running the
above command to check the maximum number of open files.
Configuring WebRTC Client Settings
To configure the WebRTC Client settings, which define the addresses that clients use to
communicate with the Media Broker:

1. Go to the WebRTC Client section of the MediaBroker Configuration page, and click Add.
2. The Add Record dialog displays:
Enter the Source Address CIDR, which defines a block of IP addresses of client endpoints; for
example, 198.51.100.0/24.
Each Source Address CIDR has an associated block of addresses. Clients whose IP addresses
are in the block defined by the Source Address CIDR communicate with the Media Broker using
one of the addresses in the block. In the above example, a block of addresses will be associated
with clients having IP addresses which match 198.51.100.x.
You can set the Source Address CIDR to match all IP addresses by setting the value to all.
3. Click the Submit button. The Source Address CIDR you entered will appear in the
WebRTC Client list.
4. Click the + next to the Source Address CIDR to expand the entry and show the public and
local addresses and ports:

5. Click Add to add a new set of public and local addresses and ports. The Add Record dialog
displays:
6. Enter the public and local addresses and ports:

Public Address
The RTP IP address exposed on a firewall. It is used by the Media Broker when generating SDP
to inform clients which address to send RTP traffic to. For example, 84.1.6.1.
If a firewall is not being used (for instance, in a testing installation) this can be the same as the
Local Address, though unlike the Local Address, it must not be all.
Public Port
The RTP port exposed on the Public Address. It is used by the Media Broker when generating
SDP to inform clients which port to use for RTP traffic. For example, 16000.
Local Address

This is the Local RTP IP address on Media Broker, which the firewall should be set up to map
from the Public Address. For example, 203.0.113.0.
You can set the Local Address to all to expose all the available IPs on the Media Broker host.
Do not use all if you are configuring traffic segregation.
Local Port
This is the RTP port on the Media Broker which the firewall should be set up to map from the
Public Port. For example, 16000.
7. Click the Submit button. The public and local addresses will display in a line in the RTP
Public and Local Port table.
Repeat steps 5, 6, and 7 as many times as you need to enter all the Media Broker’s public
address and port combinations. There should be one entry for each rtp-proxy process which the
Media Broker starts (5 by default).
Note: You can edit existing entries in the RTP Public and Local Port table by clicking on them
and editing in place.
Incoming RTP from a client will be assigned to the Source Address CIDR that the client’s IP
address matches most closely; one of the associated block of addresses will be chosen on a
round-robin basis.
8. Repeat as many times as necessary, then click the Save button at the bottom of the page.
Note: You can also configure the Media Broker using the CLI. See the Fusion Client CLI
Reference section.
An Example Configuration
The following diagram shows a more detailed view of the addresses and ports on the Media
Broker and how they relate to ports open in a firewall:

On the firewall or NAT:
PA 1 and PA 2 are the public addresses, which match the Public Address settings
associated with Source Address CIDRs configured in the WebRTC Client settings to
match the address of the firewall or NAT.
PP 11, PP 21, and PP 22 are the ports which are exposed to external SRTP/RTP traffic.
These are the Public Port settings associated with Source Address CIDRs configured
in the WebRTC Client settings.
On the Media Broker:
LA 1 and LA 2 are the addresses of NICs on the Media Broker, and ports on those
NICs, which accept SRTP/RTP traffic from external WebRTC clients (browsers or
mobile applications). These addresses are the Local Address and Local Port settings
of a Source Address CIDR configured in the WebRTC Client settings to match the
address of the firewall or NAT.
LA 3 is the address of a NIC on the Media Broker, and ports on that NIC. In this case,
the SRTP/RTP traffic does not go via a firewall, so the Public Address and Public Port
settings of the Source Address CIDR match the Local Address and Local Port
settings. The Source Address CIDR matches the endpoints (which would usually be
on the internal network).

LA 4 and LA 5 are the addresses of NICs on the Media Broker, and ports on those
NICs, which accept RTP traffic from SIP devices. The addresses of each NIC matches
one of the Local Address CIDRs in the SIP Network settings. The range of ports on
each NIC is the Start Port Range and Finish Port Range settings for its Local
Address CIDR.
LA 6 is a NIC dedicated to the control interface for Media Broker to Web Gateway
communication. It is the Control Address and Control Port settings in the General
Configuration (see the General Media Broker Configuration section), and the address
appears as the Media Broker address on the Media Brokers page.
The above configuration is represented in the following tables:
Local Address CIDR Start Port Range Finish Port Range
LA4
17000 17099
eg. 192.0.2.0/24
LA5
17000 17099
eg. 192.51.10.0/24
Figure 1: SIP Network Settings
Source Address Local

Public Address Public Port Local Address
CIDR Port
PA1 PP11 LA1 LP1

10.51.100.0/24
eg. 198.0.2.1 eg. 16000 eg. 192.168.2.10 eg. 16000
PA2 PP21 LA1 LP1

11.51.100.0/24
eg. 198.0.3.1 eg. 16000 eg. 192.168.2.10 eg. 16010
PA2 PP22 LA2 LP2

12.51.100.0/24
eg. 198.0.3.1 eg. 16010 eg. 192.168.3.10 eg. 16000

LA3 LP3 LA3 LP3
192.168.30.0/24
eg. 192.168.4.10 eg. 16000 eg. 192.168.4.10 eg. 16000
Figure 2: WebRTC Client Settings
It is often convenient to have the Public Port the same as the Local Port in each record.
The above is not mandatory; the Local Port may be different to the Public Port in the same
record.
The Local Port may be the same as the Local Port of a different record, as long as the
Local Addresses are different.
The Public Port may be the same as the Public Port of a different record, as long as the
Public Addresses are different.
Note: All address and port values are examples only.
Connection Monitoring
In a production environment, you typically configure a Media Broker with multiple network
interfaces, and bind the management REST interface to a different network from at least one of
the media-carrying interfaces (internal or external). If one of the network interfaces fails, it is
possible for the Media Broker to be able to process calls (because the management REST
interface is working), but be unable to send or receive media for those calls.
To ensure that the Media Broker only accepts calls over the management interface when it is
fully connected to the internal and external networks, you can configure connection monitoring.
How it works
You can configure each Media Broker with one or more groups of addresses. A Media Broker
considers itself connected, and therefore able to service calls, if it can reach at least one of the
addresses in each group (thus the logical operations are ORs within each group and ANDs
between each group). The Media Broker will attempt to establish the reachability of an address
by:
1. ping (ICMP echo requests)

2. if that receives no response, then it tries to establish a TCP connection to port 7 at that
address
A success with either mechanism marks that address as reachable.
If there are no groups configured, then the Media Broker is considered to be connected.
Example
A typical network setup for Media Broker has 3 network interfaces:
Management – The REST interface used by the Web Gateway is bound to this addresses
External – external media; by default, uses SRTP.
Internal – internal media; by default, uses RTP.
In this case there is no need to monitor connectivity on the management interface, as the
gateway will only use the Media Broker if it can reach it over this interface. Therefore it is
sensible to monitor the external and internal interfaces.
An example configuration is shown in the following diagram:
Configuring Monitored Connections

1. Go to the Monitored Connections section of the Media Broker Configuration page:

!
2. Click the New Group button:
3. Enter a name in the Group Name field (this simply serves to identify the group).
4. Enter one of the Media Broker’s IP addresses in the Monitored Address field.
5. To add another address, click the New Address button and add the address in the new
Monitored Address field which appears:
6. When you have created all the groups you need, click the Save button.

Media Broker Statistics
Media Broker Status
As well as its basic settings, the Media Broker page displays status information about each
Media Broker:
Media Broker Load
The Load column indicates the current load of the media broker, and is an indication of the load
on each machine e.g. the CPU load.
The column contains a textual representation of the load, and can contain one of the following
values (sorted in severity):
Min
Low
Med
High
Max
Connectivity

The Connectivity column (located to the right of the Load column) indicates the connection
status of the cluster Gateways to each Media Broker.
The column contains a visual representation of the connectivity status, and can contain one of
the following images (hover over the image to reveal the textual representation of the status):
A green tick ( ) indicates that all gateways are connected to the media broker
A yellow warning triangle ( ) indicates that one or more gateways cannot connect
A red cross ( )) indicates that no gateway can connect
Note: Initially the page can take a short period of time before it displays a true reflection of the
connectivity status while it polls all machines involved
Statistics
To reveal detailed statistics for a particular media broker, click on the graph button ( )) in the
column to the right of the Connectivity column.
The Load value is the actual load reported by the media broker; the Load Group is the band
that the load value fits into, with 0 being the lowest - this value is used when selecting a media
broker for the call.
The Connectivity section lists all the Gateway nodes individually, and their connection status to
this particular media broker. (The Connectivity column in the Media Brokers page indicates its
connectivity with all the Gateway nodes collectively.)
Call Log

To enable call log statistics:
1. On the Gateway tab, select the General Administration tab, and scroll down to the Call
Log Configuration section:
2. Set the Log Level to ON.
3. Set the Log Expiry to a value greater than 0 and less than 35000 (the expiry time is in
minutes, so 35000 represents over 20 days).
Note: The call detail statistics could potentially cause problems if the logs are allowed to get too
large. We recommend that you keep to a limit of 4,000 log entries, and go no higher than 10,000
entries. We enforce a maximum of 20,000 log entries, and every minute we remove all except
the most recent 20,000 entries. See the Overriding the Maximum Call Log Size section.
4. Click the Save button at the bottom of the page
To display the call logs, on the Gateway tab, select Call Log :
The Direction column indicates:
Inbound
The media broker is handling the SDP for the callee
Outbound

The media broker is handling the SDP for the caller
Click on the graph button ( ) in the end column to display detailed statistics for that call (see
the Call Statistics section).
Overriding the Maximum Call Log Size
Warning: Overriding the default setting for the maximum call log size can have serious
consequences - only change this setting after checking with the CaféX support team.
To override the maximum call log size:
1. Edit the /opt/cba/<FAS>/domain/configuration.fas.properties file.
2. Set max.calllog.size to an appropriate value, as agreed with CaféX support.
3. Save the file
Call Statistics
Click on the graph button ( ) in the end column of a particular Call Log entry, to display detailed
statistics for that call:

The Call Details section shows information about the call itself - the underlined party indicates
which party this call is being handled for.
The Call Statistics section shows the packets received and sent at the top, and below that it
displays detailed information relating to the call quality.
Client Call Quality: Shows statistics of the packets between the Media Broker and the
FCSDK endpoint
Inbound: Shows statistics of packets from the Media Broker to the FCSDK endpoint
Outbound: Shows statistics of packets from the FCSDK endpoint to the Media Broker
SIP Call Quality: Shows statistics of the packets between the Media Broker and the SIP
endpoint
Inbound: Shows statistics of packets from the Media Broker to the SIP endpoint
Outbound: Shows the statistics of packets from the SIP endpoint to the Media Broker

Call Details Log
The FCSDK also puts in place a call details logger, which logs a subset of the Call Log
information, including information about the WebRTC endpoints involved in the call.
This log is enabled at install time and rotates daily. By default, the period for which old logs are
stored is set to 7 days. The log file can be found with the FAS server logs (see the FAS
Administration Guide for this location). You can also reference this guide for information on
disabling a logging category (the name of this logger’s category is call.details).
Performance Log
The Media Broker publishes performance related statistics on the Performance Log page.
If there is more than one media broker, statistics are displayed separately for each. Information
includes:
How many calls are running.
How many of these are being transcoded.
How many calls are deemed audio only or audio/video by the Call Admission Control (CAC)
feature.

The call load: the amount of current calls as a percentage of configured call load limits
(according to CAC prediction status). This is a total value for both audio only and
audio/video calls.
A graph showing the following data by default (extra data can be added via the check-boxes
beneath the graph):
CPU load
Call Load
Total number of calls,
Which calls are transcoded

Web Administration Interface reference
Using the Web Administration interface you can configure the Web Gateway and Media Brokers
interactively.
The Fusion Client SDK administration page allows you to configure:
Media Brokers
User Login Credentials
Note: In the Web Administration Interface, settings which may take one of two values are
generally displayed and set using a checkbox. In this reference section, input to these settings is
indicated by true (checked) or false (unchecked).
The following sections give information about the individual pages and sections of the
configuration Web UI.
General Administration
The General Administration page contains the main Gateway Administration settings.
SIP Global Configuration
The SIP URIs of one or more servers which the Gateway can send SIP to.
If a call is made to a SIP URI where the host part of that URI is not one of the
controlled domains for FCSDK, then the call is routed to one of these
Description
outbound SIP servers.
See the [Outbound SIP Servers](#outbound-sip-servers) section

Mandatory Yes
Values A SIP URI, in the format of sip:<URI>.
Default None
If this is set to true, the Gateway updates the host part of the Request URI of
all outbound requests to match the host part of the outbound SIP server
address. If this is set to false, the Gateway sends requests on to the
Description outbound sip server without change.
Mandatory Yes
Values true or false
Default false
Server Timeout
The time, in milliseconds, which the Gateway allows for a server to respond
to a request before it considers it to be down and tries another server.
Description
Mandatory Yes
Values A period of time in milliseconds between 500 and 3600000
Default 3000
Ping Interval
The interval between successive OPTIONS messages being sent to an

outbound SIP server when that server is considered up.
Description

Mandatory Yes
Default 30000

outbound SIP server when that server is considered down.
Description
Mandatory Yes
Default 5000
Registration expiry
The time period in between REGISTER messages.
Sets how often the Web Gateway sends REGISTER messages to the SIP
Registrar. The value appears in the REGISTERExpires header.
Description
See Section 10.2 of RFC 3261 for more details. This value is used for voice
and video in registrations sent to the internal or external Registrar.
Mandatory Yes
Values A period of time in seconds between 120 and 86400
Default 1800
Min SIP session expiry
Description The minimum allowable SIP session expiration period
Mandatory Yes

Default 400
SIP session expiry
Description SIP session expiry period
Mandatory Yes
A period of time in seconds between 90 and 86400
Values **Note:** This value should be greater than the Min SIP session expiry, and
less than half the Registration expiry
Default
Web Application IDs
List of keys for Web Applications to use to allow the service to verify them.
Description Used by the Web Gateway to validate calls from the associated Web
Application.
Mandatory Yes
A text string, for example webappid-0123456789.

Values
The web application key must be a minimum of 16 characters in length.
Default None
Max Message Queue Size
The maximum number of messages

Description to be queued before tearing down the
connection
Mandatory Yes

Values Number of messages
Default
Client Ping Poll Period
Description The number of seconds between PING messages
Mandatory Yes
Values A time period in seconds
Default
Missed Pings Before Timeout
The number of consecutive PING

messages that the Gateway sends
Description without receiving a PONG response,
before ending the WebSocket
connection.
Mandatory Yes
Values Number of PING messages
Default
Fast Picture Update Poll Period
The time between sending requests

Description for Fast Picture Update info requests.
Set to 0 to disable.
Mandatory Yes
Values Number of milliseconds
Default
Media Timeout Poll Period

The time without media after which a
Description
call will time out
Mandatory Yes
Default
AED Configuration
Default Topic Timeout
The period of inactivity after which an

Description
AED topic will be ended automatically
Mandatory No
Values A time period in minutes
0, which indicates that topics will exist

Default
until ended manually
Call Log Configuration
Log Level
Description The level of detail in the call log.
Mandatory Yes
ON
Values
OFF
Default OFF
Log Expiry
Description The time to keep call logs

Mandatory Yes
Values Time in minutes
Default 60
Performance Log Configuration
Log Enabled
Whether or not the performance

Description
should be logged
Mandatory Yes
Default true
Log Expiry
Length of time to keep performance

Description
logs
Mandatory Yes
Values Time in minutes
Default 60
Sample Period
Time between samples of the

Description
performance data
Mandatory Yes
Values Time in seconds
Default 60

Max Load Factor
Media broker load factor, above which

it will reject the call. The media broker
Description
will accept the call if its load is below
this value.
Mandatory No
Values Percentage load
Default 0, which disables load based CAC
The maximum time to wait for

Description Gateway to Media Broker control
requests to complete.
Mandatory No
Values Time in milliseconds
Default 0, which disables the timer
Resource Management
Max Concurrent Sessions Per Node
The maximum number of concurrent

Description
user session allowed per gateway
Mandatory Yes
Values Number of users
Default
There are two sections IE (for the IE plugin) and Safari (for the Safari plugin); both have the
same fields with the same meanings.

Installer URL
The address or location of the plugin

Description
installer
Mandatory Yes
A complete, or partial (with no

Values
scheme) URL
Default
URL Is Relative to Gateway
If the Installer URL is partial, checking

Description this indicates that it should be
resolved relative to the Gateway
Mandatory Yes
Default
Version
The version of the plugin which will be

Description
installed by the installer.
Mandatory Yes
Version number in the form x.y.z,

Values
where x, y, and z are integers
Default
Minimum Acceptable Version
Description The minimum version of the installer

which will work with the current
version of FCSDK. If the installed

version is less than this, the new
version must be installed.
Mandatory Yes
Version number in the form x.y.z,

Values
where x, y, and z are integers
Default
Media Configuration
Banned Codecs
A list containing codecs not to be allowed to pass through the Media Broker.
Description Used by the Media Broker to produce SDP; the Media Broker removes
codecs on the banned list from the SDP during processing.
Mandatory No
Values A text string
Default None
Audio Codec Prioritization Configuration
A list of audio codec names indicating

Description the priority in which they should be
used for transcoding.
Mandatory No
A list of codec names, sorted from top

Values to bottom in the priority in which they
should be used.
Default None
Video Codec Prioritization Configuration

A list of video codec names indicating
Mandatory No
A list of codec names, sorted from top

Values to bottom in the priority in which they
should be used.
Default None
Video Resolution Configuration
Default Resolution Height
The default height, in pixels, of the

Description video stream passed through the
Media Broker
Mandatory Yes
A number of pixels greater than or

Values
equal to 1
Default 288
Default Resolution Width
The default width, in pixels, of the

Media Broker
Mandatory Yes

Values
equal to 1
Default 352
Max Resolution Height

The maximum height allowable, in pixels, of the video stream passed through
Description
the Media Broker
Mandatory Yes
A number of pixels greater than, or equal to, 1.

Values
Must be greater than or equal to Default Resolution Height.
Default 288
Max Resolution Width
The maximum width, in pixels, of the video stream passed through the Media
Description
Broker
Mandatory Yes

Values
Must be greater than, or equal to, Default Resolution Width.
Default 352
Video Settings
Frames per Second
Description Frame rate for the video display
Mandatory Yes
Values number in frames per second
Default 30
Video Scaling Mode
Description How to scale video if the video window

is not the same size as the signal. See

the [Configuring video settings]
(#configuring-video-settings) section.
Mandatory Yes
NONE, STRETCH, or
Values
ADD_BORDERS
Default STRETCH
Bitrate Configuration
Indicates whether adaptive bitrate mechanisms should be used to

dynamically adjust video bitrates. If this is checked, then other adaptive
bitrate properties (see Initial, Minimum, and Maximum Adaptive Bitrate
Description below) will appear and should also be set.
If this is not checked, the fixed bitrate settings (see Fixed Video and Audio
Bitrate below) should be set.
Mandatory Yes
Default true
This value is only considered if Adaptive Bitrate Adjustment Enabled is

true.
Media Broker can estimate the maximum bitrate for the network condifions
for both send and receive video streams, even if it does not receive REMB
Description and TMMBR messages from browser and sip endpoints; this is the starting
value for this estimation. If the initial rate is well-chosen, it may find the best
quality bitrate more quickly; if it is badly chosen, there may be unnecessarily
poor initial video (if the value is set too low), or dropped packets or frozen
video (if the value is set too high).

Mandatory Yes
Values 0 – MAX INT (2^31) in kbs (kilobytes per second)
Default 512

true.
The media broker will receive and act on max bitrate messages from a)
browser endpoints (RTCP REMB), b) SIP endpoints (RTCP TMMBR), c) the
sender bitrate estimating algorithm and d) the receiver bitrate estimating
Description algorithm.
The Minimum Adaptive Bitrate ensures that these max bitrate messages
never go below this value (that is, it sets the minimum quality). It is used
when setting media broker video encoder bitrates, and in outbound REMB
and TMMBR RTCP messages.
Mandatory Yes
Values 0 – MAX INT (2^31) in kbs
Default 128
Description This value is only considered if Adaptive Bitrate Adjustment Enabled is

true.
The media broker will receive and act on max bitrate messages from a)
browser endpoints (RTCP REMB), b) SIP endpoints (RTCP TMMBR), c) the
sender bitrate estimating algorithm and d) the receiver bitrate estimating
algorithm.
The Maximum Adaptive Bitrate ensures that these max bitrate messages
never go above this value (that is, it determines the maximum bandwidth). It
is used when setting media broker video encoder bitrates, and in outbound
REMB and TMMBR RTCP messages.

Mandatory Yes
Default 1024
Fixed Video Bitrate

false.
Description This is used to negotiate (in SDP) a fixed video bitrate with browser and sip
endpoints. Using a fixed video bitrate on poor lines may result in video
issues, such as video freezing.
Mandatory Yes
Default Disabled by default
Fixed Audio Bitrate

false.
Description This is used to negotiate (in SDP) a fixed audio bitrate with browser and sip
endpoints. Using a fixed audio bitrate on poor lines may result in audio
issues, such as stuttering audio.
Mandatory Yes
RTP Settings

Restrict Media To Port in SDP
Whether to drop packets which are being sent from ports other than those
negotiated in SDP.
Description
See the [Configuring RTP Settings](#configuring-rtp-settings) section.
Mandatory Yes
Default false
Mechanism used for picture loss recovery to SIP endpoints

Description
Mandatory Yes
Values PLI, RFC_2032_FIR, RFC_5168_FPU, or RFC_5168_FPU_AND_PLI
Default PLI
Registrar Configuration
Using external registrar
Indicates if the Web Gateway is using an external SIP Registrar.

Description
The Web Gateway will default to use the internal Registrar.
Mandatory Yes
Values true to use an external Registrar; false otherwise
Default false
Registrar’s SIP address

Only used if Using external registrar is true.
The Registrar's SIP URI.
This is the server in the SIP network with which Fusion Client SDK registers
Description
to receive inbound calls. The Gateway sends REGISTER messages through
the Outbound SIP Server.
This can be the same as the Outbound SIP Server.
Mandatory No
Values A SIP URI, in the format sip:<hostname> or sip:<URI>
Default None
Default q-value
Only used if Using external registrar is false.
If the Registrar receives a REGISTER without a q param in the Contact

header address, it will use this value as the default q for the contact to be
registered. If an Address of Record has more than 1 registered contact, this
Description
value is used by the Registrar to prioritize proxying during contact resolution;
a contact with a higher q value is targeted before one with a lower q value.
See Section 16.6 of RFC 3261 for more details.
Mandatory Yes
Values A float value between 0.1 and 1.0.
Default 1.0
Description Only used if Using external registrar is false.
If the Registrar fails to proxy to a resolved contact during the Contact

Resolution phase, it will check to see if the response it receives matches one
of these configurable response codes.
If a match is found, the Registrar will attempt to proxy to the next q prioritized
registered contact (if there is one).
Mandatory No
Space delimited list of SIP response codes. e.g. 404 408 410 480 500 503
Values
604
Default Empty
If the Registrar receives a REGISTER without an Expires header or an

expires parameter in the Contact header, it will use this value as the default
Description
expires value.
See Section 10.3.7 of RFC 3261 for more details.
Mandatory Yes
Values Value in seconds greater than 0
Default 21600
Minimum expires
This is the minimum expires value the Registrar will accept in the REGISTER
requests it receives. If the value is less than this, the Registrar will send a
Description
423 Interval Too Brief response with the Min-Expires header set to this value.
Mandatory Yes
Default 5
Indicates if the Registrar is accepting registrations that did not originate from
the Web Gateway.
Description In a production environment, this box should be unchecked; registrations are

then only accepted from the Web Gateway.
Registrations are always accepted from the Web Gateway regardless of this
setting.
Mandatory Yes
Default true; this is useful for testing in a development or trial environment.
Media Broker Administration

This describes the values available when editing the configuration of a Media Broker.
General Configuration
Control Address
Hostname or IPv4 address for the control interface of Media Broker. Used by
the Web Gateway to connect to the Media Broker control port.
Description
For example, 192.168.1.2.
Mandatory Yes
Values Host name of IPv4 address
Default None
Control Port
Port for Web Gateway-to-Proxy communication (over REST API). Changing

the port here doesn't change the port that the Media Broker will bind to, just
the connection the Web Gateway will use for that proxy.
Description To change the port used you must also change the configuration file on the
Media Broker itself.
For example, 8092.
Mandatory Yes
Values Port number
Default 8092
Control Type
Selects if all communication between

Description the Web Gateway and the Media
Broker will be secure or not.
Mandatory Yes
Values Secure or Not Secure
Default Not Secure
Idle Timeout
The maximum duration of inactivity (no RTP on either leg) on a call before it
is torn down
Description
For example, 10.
Mandatory Yes
Default 10
Packet Size Limit
The maximum RTP packet size that the Media Broker will accept.
Description
The Media Broker will drop any packet that exceeds this size.
Mandatory Yes
Values Number of bytes
Default 1500
Maximum Buffer Size
The maximum number of packets that can be buffered before each call.
Description If you are experiencing video issues at the beginning of calls, increase this
value.
Mandatory Yes
Values Number of packets
Default 500
The maximum RTP throughput rate that the Media Broker will allow.
The Media Broker will terminate a call where the input rate exceeds this
Description value.
For example, 1000.
Mandatory Yes
Values Number of packets per second
Default 1000
The maximum number of concurrent audio only calls which the media broker
will accept.
Description
See the [Call Limit Based Call Admission Control](#call-limit-based-call-
admission-control) section.
Mandatory Yes
Values Number of calls
Default 0, meaning that the limit is disabled
The maximum number of concurrent audio/video calls which the media

broker will accept.
Description
See the [Call Limit Based Call Admission Control](#call-limit-based-call-
admission-control) section.
Mandatory Yes
SIP Network
You can define more than one SIP Network range for each Media Broker. All the ports in each
range will be available for RTP on the SIP network.:
Note: At least one range is required.
Local Address CIDR
Description A block of IP addresses that will be

open to the internal SIP network for
RTP. The block should cover the
address of at least one network
interface card (NIC) on the Media
Broker server.
Mandatory Yes
A range of IP addresses in Classless

Inter-Domain Routing notation (e.g.
Values
192.0.2.0/24) or all, which exposes all
NICs on the media broker server
Default all
Start Port Range
The lower limit of a range of ports that

will be exposed to the internal SIP
Description
network for RTP on the corresponding
matching NICs.
Mandatory Yes
Values A port number
Default 17000
Finish Port Range
The upper limit of a range of ports that

Description
matching NICs.
Mandatory Yes
Default 17099
Note: At runtime, RTP and RTCP ports are assigned in pairs from the pool, so the Start Port
Range value should be an even number, and the Finish Port Range value should be an odd
number.
WebRTC Client
This defines what IP addresses and ports on the Media Broker are used for RTP from a browser
whose IP address matches a range of IP addresses (signified in Classless Inter-Domain Routing
(CIDR) notation). You can define multiple browser address ranges, and multiple addresses on
the Media Broker for each range of browser addresses. Note:
At least one set of addresses is required.
A range of addresses configured for all browsers has been added by default.
If there is a firewall or reverse proxy between the browser endpoints and the Web Gateway,
configure its IP address as the Source Address CIDR.
Source Address CIDR
A block of addresses of browser endpoints.
Each Source Address CIDR has an associated block of addresses and

Description
ports, which defines which public and local ports that block of browser
endpoints will communicate on.
Mandatory Yes
A range of IP addresses in CIDR notation (e.g. 192.0.2.0/24) or all, which

Values
exposes all NICs on the media broker server
Default None
Public Address
Description RTP IP address exposed on firewall (e.g. 84.1.2.3).
Used by browsers for RTP traffic. Used by the Media Broker to generate
SDP.
You can configure IPv6 addresses, but they require extra components and
are not supported for production use. See FCSDK Developer Guide >
Creating an iOS application > Testing IPv6.
**Note:** If there is no firewall, or no network address translation (NAT) is

taking place, this will be the IP address of the Media Broker.
Mandatory Yes
Values An IPv4 address
Default None
Public Port
RTP port exposed on firewall (e.g. 16000).
Description Used by browsers for RTP traffic. Used by the Media Broker to generate
SDP.
Mandatory Yes
Default None
Local Address
Local RTP IP address on Media Broker (e.g. 203.0.113.0).

Description
Mapped by firewall from the Public Address.
Mandatory Yes
Values An IP address, or all, which exposes all NICs on the media broker.
Default None
Local Port
Local RTP port on Media Broker (e.g. 16000).
Description Mapped by firewall from the Public Port. Note: SRTP is used by default on
the Local Port.
Mandatory Yes
Default None
Monitored Connections
Optionally configure one or more groups of monitored connections. See the Connection
Monitoring section for more details on this feature.
Group Name
Description The name of the group
Mandatory Yes
Values A string value to act as a label
Default None
Monitored Addresses
Description Address to monitor
Mandatory At least one is mandatory
Values IP address or host name
Default None
User Credentials
This section allows you to change the administrative user’s credentials. Note that if there are
other administrative sessions open, through the web administrative interface or the CLI, then
those users will need to log out and log back in again with the updated credentials in order to
continue administering the system.
Old password
Description The current administrative account password.
If this is incorrectly submitted six consecutive times, then the administrative
account will be locked for security reasons.
To re-enable the administrative account follow the instructions in the

[Resetting Administrator Credentials](#resetting-administrator-credentials)
section.
Mandatory Yes
Values The existing password
Default None
UI username
The username of the administrative

Description account you are setting the password
for.
Mandatory Yes
Values The username
Default The current username
New password
The new password for the

Description
administrative account
Mandatory Yes
Values The new password
Default None
Retype new password
Description The new administrative account

password. This is a confirmation of the
New password field to protect against
typing mistakes.
Mandatory Yes
Values The new password
Default None
Fusion Client CLI Reference
This section describes the settings configurable by the administration CLI.
Authentication
The Fusion Client SDK CLI is authenticated using the same credentials as the web
administration interface. The CLI will prompt for these details when starting up, and they will be
used for the remainder of your session whenever performing an action that requires
authentication.
Using the CLI
Once in the CLI (the command line prompt will read gateway), type commands at the prompt to
add, display, update, and save records in the configuration. Navigate to the value you need to
change by successive updates, to successively drill down into the parts of the configuration, and
successive saves to return to the topmost level. For example, to change the frames-per-second
value in the video-configuration:
gateway > update gateway-configuration
… display of gateway-configuration too long to show
gateway / edit gateway-configuration > update video-configuration
Update video-configuration
fps : 30
scaling-mode : STRETCH
gateway / edit gateway-configuration / edit video-configuration >set fps 20
fps : 20
scaling-mode : STRETCH
gateway / edit gateway-configuration / edit video-configuration > save
video-configuration : [20, STRETCH]
gateway / edit gateway-configuration > save
gateway >
To get help at any time, type help at the command prompt.
gateway-configuration
gateway-configuration includes the top-level configuration for the Web Gateway and can only
be updated or displayed:
update gateway-configuration
display gateway-configuration
sip-configuration
outbound-sip-servers
The SIP URIs of one or more servers which the Gateway can send SIP to.
If a call is made to a SIP URI where the host part of that URI is not one of the
controlled domains for FCSDK, then the call is routed to one of these
Description
outbound SIP servers.
Mandatory Yes
Values A SIP URI, in the format of sip:<URI>.
Default None
rewrite-outbound-sip-uris
If this is set to true, the Gateway updates the host part of the Request URI of
all outbound requests to match the host part of the outbound SIP server
address. If this is set to false, the Gateway sends requests on to the
Description outbound sip server without change.
Mandatory Yes
Default false
server-timeout
The time, in milliseconds, which the Gateway allows for a server to respond
to a request before it considers the server to be down and tries another
Description server.
Mandatory Yes
Default 3000
ping-interval

outbound SIP server when that server is considered up.
Description
Mandatory Yes
Default 30000
dead-link-ping-interval

outbound SIP server when that server is considered down.
Description
Mandatory Yes
Default 5000
registrar-sip-uri
The registrar's SIP URI
This is the server in the SIP network with which Fusion Client SDK registers
to receive inbound calls. The Gateway sends REGISTER messages through
Description
the outbound-sip-uri.
This can be the same as the outbound-sip-uri.
Mandatory Yes
Values A SIP URI, in the format of sip:<hostname> or sip:<URI>
Default None
registration-expires
Description The time period in between REGISTER messages.
Sets how often the Web Gateway sends REGISTER messages to the SIP
Registrar. The value appears in the REGISTER Expires header.
See Section 10.2 of RFC 3261 for more details. This value is used for voice
and video in registrations sent to the internal or external Registrar.
Mandatory Yes
Default 1800
min-sip-session-expires
The minimum allowable SIP session

Description
expiration period
Mandatory Yes
A period of time in seconds between

Values
90 and 86400
Default 400
sip-session-expires
Description SIP session expiry period
Mandatory Yes
A period of time in seconds between

90 and 86400
Note: This value should be greater

Values
than the min-sip-sesson-expires,
and less than half the registration-
expires
Default
media-settings
This section describes the configuration settings for the transcoding performed by the Media
Broker.
banned-codecs
A list containing codecs not to be allowed to pass through the Media Broker.
Description Used by the Media Broker to produce SDP; the Media Broker removes
codecs on the banned list from the SDP during processing.
Mandatory No
Values A text string
Default None
audio-codec-prioritisation
A list of audio codec names indicating

Mandatory No
A list made up of records combining a

priority and a codec name. priority
must be greater than, or equal to, 1.
Values The codec name cannot be empty and
must conform to RFC3551
(<http://www.ietf.org/rfc/rfc3551.txt>).
Default None
video-codec-prioritisation
A list of video codec names indicating

Mandatory No
Values A list made up of records combining a

priority and a codec name. priority
must be greater than, or equal to, 1.
The codec name cannot be empty and
must conform to RFC3551
(<http://www.ietf.org/rfc/rfc3551.txt>).
Default None
default-resolution
pixel-height
The default height, in pixels, of the

Media Broker
Mandatory Yes

Values equal to 1. Must not be greater
than max-resolution pixel-height
Default 288
pixel-width
The default width, in pixels, of the

Media Broker
Mandatory Yes

Values equal to 1. Must not be greater
than max-resolution pixel-width
Default 352
max-resolution
pixel-height
Description The maximum height allowable, in pixels, of the video stream passed through
the Media Broker
Mandatory Yes

Values
Must be greater than or equal to default-resolution pixel-height.
Default 288
pixel-width
The maximum width, in pixels, of the video stream passed through the Media
Description
Broker
Mandatory Yes

Values
Must be greater than, or equal to, default-resolution pixel-width.
Default 352
bitrate-configuration
adaptive-bitrate-enabled
Indicates whether adaptive bitrate mechanisms should be used to

dynamically adjust video bitrates. If this is set to true then you should set
other adaptive bitrate properties (see adaptive-bitrate-initial, adaptive-
Description bitrate-floor, and adaptive-bitrate-ceiling below).
If this is not set to true, you should set the fixed bitrate settings (see fixed-
bitrate-audio and fixed-bitrate-video below).
Mandatory Yes
Default true
adaptive-bitrate-initial
This value is only considered if adaptive-bitrate-enabled is true.
Media broker is able to estimate the maximum bitrate that network condifions
can support for both send and receive video streams in the absence of
REMB and TMMBR messages from browser and sip endpoints. The
Description adaptive-bitrate-initial value is used to initialize these algorithms to an
expected bitrate from which to start from. A well chosen initial rate may result
in the algorithm finding the best quality bitrate more quickly. A poorly chosen
initial rate may result in unnecessarily poor initial video (if the value is set too
low), or dropped packets or frozen video (if the value is set too high).
Mandatory Yes
Values 0 – MAX INT (2^31) in kbs (kilobytes per second)
Default 512
adaptive-bitrate-floor
The media broker will receive and act on max bitrate messages from 1)
browser endpoints (RTCP REMB), 2) SIP endpoints (RTCP TMMBR), 3) the
sender bitrate estimating algorithm and 4) the receiver bitrate estimating
algorithm.
Description
The adaptive-bitrate-floor value ensures that these max bitrate messages

never go below a fixed value (that is, it sets the minimum quality). In these
cases this value will be used when setting media broker video encoder
bitrates and is used in outbound REMB and TMMBR RTCP messages.
Mandatory Yes
Default 128
adaptive-bitrate-ceiling
The media broker will receive and act on max bitrate messages from 1)
browser endpoints (RTCP REMB), 2) SIP endpoints (RTCP TMMBR), 3) the
sender bitrate estimating algorithm and 4) the receiver bitrate estimating
algorithm.
Description
The adaptive-bitrate-ceiling ensures that these max bitrate messages
never go above a defined value (that is, it determines the maximum
bandwidth). In these cases this value will be used when setting media broker
video encoder bitrates and is used in outbound REMB and TMMBR RTCP
messages.
Mandatory Yes
Default 1024
fixed-bitrate-audio
This value is only considered if adaptive-bitrate-enabled is false.
This is used to negotiate (in SDP) a fixed video bitrate with browser and sip
Description
endpoints. Using a fixed video bitrate on poor lines may result in video
issues, such as video freezing.
Mandatory Yes
fixed-bitrate-video
Description This value is only considered if adaptive-bitrate-enabled is false.
This is used to negotiate (in SDP) a fixed audio bitrate with browser and sip
endpoints. Using a fixed audio bitrate on poor lines may result in audio
issues, such as stuttering audio.
Mandatory Yes
rtp
restrict-to-sdp-ports
Whether to drop packets which are being sent from ports other than those
negotiated in SDP.
Description
Mandatory Yes
Default false
picture-loss-mechanism
Mechanism used for picture loss recovery to SIP endpoints

Description
Mandatory Yes
Values PLI, RFC_2032_FIR, RFC_5168_FPU, or RFC_5168_FPU_AND_PLI
Default PLI
media-brokers
This describes the values available when editing the configuration of a Media Broker. Use:
list media-brokers to show all the media brokers in the system
update media-brokers <mb-id> to edit the settings of a particular media broker, where
<mb_id> is the ID of an existing media broker
add media-brokers to add a media broker
media-broker-id
Description A unique identifier for media brokers
Automatically added when a media

Mandatory
broker is added
A combination of an IP address and

port derived from the control-
connection control-
Values
hostaddress and control-
port settings.
Default None
control-connection
control-hostaddress
Hostname or IPv4 address for control interface of Media Broker. Used by the
Web Gateway to connect to the Media Broker control port.
Description
For example, 192.168.1.2.
Mandatory Yes
Values Host name of IPv4 address
Default None
control-port
Port for Web Gateway-to-Proxy communication (over REST API). Changing
the port here doesn't change the port that the Media Broker will bind to, just
the connection the Web Gateway will use for that proxy.
Description To change the port used you must also change the configuration file on the
Media Broker itself.
For example, 8092.
Mandatory Yes
Values Port number
Default 8092
control-secure
Selects if all communication between

Description the Web Gateway and the Media
Broker will be secure or not.
Mandatory Yes
Default false
sip-network-rtp
You can define more than one SIP Network range for each Media Broker. Each local-address-
cidr can have a number of public ports (which define the range) associated with it. All the ports
in each range will be available for RTP on the SIP network. Use:
list sip-network-rtp to show all the SIP network range definitions in the media broker.
update sip-network-rtp <local-address-cidr> <local-port-range-start> <local-port-

range-finish> to edit the settings of a particular SIP network range, where <local-address-
cidr> <local-port-range-start> <local-port-range-finish> identifies the existing SIP network
range.
add sip-network-rtp to add a SIP range.
Note: At least one range is required.
local-address-cidr
A block of IP addresses that will be

open to the internal SIP network for
RTP. The block should cover the
Description
address of at least one network
interface card (NIC) on the Media
Broker server.
Mandatory Yes
A range of IP addresses in Classless

Inter-Domain Routing notation (e.g.
Values
192.0.2.0/24) or all, which exposes all
NICs on the media broker server
Default all
local-port-range-start
The lower limit of a range of ports that

Description
matching NICs.
Mandatory Yes
Default 17000
local-port-range-finish
The upper limit of a range of ports that

Description
matching NICs.
Mandatory Yes
Default 17099
Note: At runtime, RTP and RTCP ports are assigned in pairs from the pool, so the local-port-
range-start value should be an even number, and the local-port-range-finish value should be
an odd number.
webrtc-client-rtp
This defines what IP addresses and ports on the Media Broker are used for RTP from a browser
whose IP address matches a range of IP addresses (signified in Classless Inter-Domain Routing
(CIDR) notation). You can define multiple browser address ranges, and multiple addresses on
the Media Broker for each range of browser addresses. Use:
list webrtc-client-rtp to show all the WebRTC clients in the media broker
update webrtc-client-rtp <source-pattern-cidr> to edit the settings of a particular

WebRTC client, where <source-pattern-cidr> identifies an existing WebRTC client
add webrtc-client-rtp to add a WebRTC client
Note:
At least one set of addresses is required.
A range of addresses configured for all browsers has been added by default.
If there is a firewall or reverse proxy between the browser endpoints and the Web Gateway,
configure its IP address as the source-pattern-cidr.
source-pattern-cidr
A block of IP addresses of browser

Description
endpoints.
Mandatory Yes
A range of IP addresses in CIDR

notation (e.g. 192.0.2.0/24), or all,
Values
which exposes all NICs on the media
broker server
Default None
public-local-ports
Each source-pattern-cidr can have a number of public ports associated with it, which define
which public and local ports that block of browser endpoints will communicate on. Use:
list public-local-ports to show all the public ports in the WebRTC client
update public-local-ports <public-address> <public-port> to edit the settings of a

particular public port, where <public-address> <public-port> identifies the existing public port
add public-local-ports to add a port
public-address
RTP IP address exposed on firewall (e.g. 84.1.2.3).
Used by browsers for RTP traffic. Used by the Media Broker to generate
SDP.
You can configure IPv6 addresses, but they require extra components and
Description
are not supported for production use. See FCSDK Developer Guide,
Creating an iOS application chapter, Testing IPv6 section.
**Note:** If there is no firewall, or no network address translation (NAT) is

taking place, this will be the IP address of the Media Broker.
Mandatory Yes
Values An IPv4 address
Default None
public-port
RTP port exposed on firewall (e.g. 16000).
Description Used by browsers for RTP traffic. Used by the Media Broker to generate
SDP.
Mandatory Yes
Default None
local-address
Local RTP IP address on Media Broker (e.g. 203.0.113.0).

Description
Mapped by firewall from the public-address.
Mandatory Yes
Values An IP address, or all, which exposes all NICs on the media broker.
Default None
local-port
Local RTP port on Media Broker (e.g. 16000).
Description Mapped by firewall from the public-port. Note: SRTP is used by default on
the local-port.
Mandatory Yes
Default None
proxy-limits
idle-route-timeout
The maximum duration of inactivity on a route that will be tolerated before the
route is considered invalid. This will cause the gateway to tear down the call.
Description
For example, 10.
Mandatory Yes
Default 10
packet-size-limit
The maximum RTP packet size that will be accepted.

Description
The Media Broker will drop any packet that exceeds this size.
Mandatory Yes
Values Number of bytes
Default 1500
throughput-rate-limit
The maximum RTP throughput rate that the proxy will perform.
The Media Broker will terminate a call where the input rate exceeds this
Description value.
For example, 1000.
Mandatory Yes
Values Number of packets per second
Default 1000
cac-audio-only-limit
The maximum number of concurrent audio-only calls which the media broker
Description will accept.
See the Call Limit Based Call Admission Control section.
Mandatory Yes
cac-audio-video-limit
The maximum number of concurrent audio/video calls which the media

Description broker will accept.
See the Call Limit Based Call Admission Control section.
Mandatory Yes
buffer-settings
max-buffer-size
The maximum number of packets that can be buffered before each call.
Description If you are experiencing video issues at the beginning of calls, increase this
value.
Mandatory Yes
Values Number of packets
Default 500
network-connectivity-groups
Optionally configure one or more groups of monitored connections. See the Connection
Monitoring section for more details on this feature.
name
Description The name of the group
Mandatory Yes
Values A string value to act as a label
Default None
monitored-connections
Description Address to monitor
Mandatory At least one is mandatory
Values IP address or host name
Default None
application-key
A list of keys which identify the Web Application to the Web Gateway. Use:
list application-key to show the application keys currently defined
add application-key to change the list of application keys.
key-id
Used by the Web Gateway to validate calls from the associated Web
Description
Application.
Mandatory Yes
A text string, for example webappid-0123456789.

Values
The web application key must be a minimum of 16 characters in length.
Default None
aed-configuration
default-timeout

Description
Mandatory No
Values A time period in minutes
0, which indicates that topics will exist

Default
until ended manually
video-configuration
fps
Description Frame rate for the video display
Mandatory Yes
Values number in frames per second
Default 30
scaling-mode
How to scale video if the video window

Description
is not the same size as the signal.
Mandatory Yes
NONE, STRETCH, or
Values
ADD_BORDERS
Default STRETCH
internal-registrar-configuration
using-external-registrar
Indicates if the Web Gateway is using an external SIP Registrar.

Description
Web Gateway will default to use the internal Registrar post-installation.
Mandatory Yes
Values true to use an external Registrar; false otherwise
Default false
default-q-value
Only used if using-external-registrar is false.
If the Registrar receives a REGISTER without a q param in the Contact

header address, it will use this value as the default q for the contact to be
registered. If an Address of Record has more than 1 registered contact, this
Description
value is used by the Registrar to prioritize proxying during contact resolution;
a contact with a higher q value is targeted before one with a lower q value.
Mandatory Yes
Values A float value between 0.1 and 1.0.
Default 1.0
response-codes
If the Registrar fails to proxy to a resolved contact during the Contact

Resolution phase, it will check to see if the response it receives matches one
of these configurable response codes.
Description
If a match is found, the Registrar will attempt to proxy to the next q prioritized
registered contact (if there is one).
Mandatory No
Space delimited list of SIP response codes. e.g. 404 408 410 480 500 503
Values
604
Default Empty
default-expires
If the Registrar receives a REGISTER without an Expires header or an

expires parameter in the Contact header, it will use this value as the default
Description
expires value.
Mandatory Yes
Default 21600
minimum-expires
This is the minimum expires value the Registrar will accept in the REGISTER
requests it receives. If the value is less than this, the Registrar will send a
Description
423 Interval Too Brief response with the Min-Expires header set to this value.
Mandatory Yes
Default 5
accepting-external-registrations
Description Only used if using-external-registrar is false.
Indicates if the Registrar is accepting registrations that did not originate from
the Web Gateway.
In a production environment, this box should be unchecked; registrations are

then only accepted from the Web Gateway.
Registrations are always accepted from the Web Gateway regardless of this
setting.
Mandatory Yes
Values true if the internal Registrar accepts external registrations; false otherwise.
Default true; this is useful for testing in a development or trial environment.
authentication-config
authentication-config contains the authentication type and the LDAP server configuration for
LDAP authentication. See the User Authentication section.
Note: You can use the CLI to change the authentication method and the LDAP authentication
parameters, but you cannot change the LOCAL authentication credentials from the CLI.
authentication-types
Use:
list authentication-types to display the authentication types present
add authentication-types to add an authentication type to the list
An added authentication type has a single setting:
authentication-type

Description
Mandatory Yes
Values LDAP or LOCAL
Default
ldap-authentication
ldap-server
The IP address or host name of the
Description
LDAP server
Mandatory Yes
Values IP address or resolvable host name
Default
ldap-secure
Indicates if LDAP authentication

Description should be done over a secure
connection
Mandatory No
Default false
ldap-trust_jdk
Indicates whether, in addition to the

regular LDAP trust store, the Java
Description (JDK) default certificate trust store
should be used for LDAP server
certificate validation.
Mandatory No
Default false
ldap-search-user
The DN of the user that will

Description authenticate against the LDAP server
and will be used to perform a search.
Mandatory Yes
Values A full Distinguished Name
Default
ldap-search-user-password
The password used to authenticate

Description the ldap-search-user with the LDAP
server
Mandatory Yes
Values String
Default
ldap-base-context-dn
This is the complete DN used to

Description
define the authentication parameters
Mandatory Yes
Default
ldap-base-filter
The search filter used in the

Description
authentication query.
Mandatory Yes
Search filter for the LDAP server. The

Values input username will replace any {0}
expressions.
Default
ldap-role-context-dn
The DN of the context to search for
Description
user role by LDAP.
Mandatory Yes
Default
ldap-role-filter
The search filter used in the roles

Description
query
Mandatory Yes
Search filter for the LDAP server. The

Values input username will replace any {0}
expressions.
Default
ldap-role-attribute-id
The name of the attribute of the role

Description object that corresponds to the name of
the role.
Mandatory Yes
Values An attribute name
Default
ldap-role-attribute-is-dn
Indicates whether the value of the

attribute named by ldap-role-
Description
attribute-id contains the fully
distinguished name of a role object.
Mandatory No
Default false
ldap-role-name-attribute-id
The name of the attribute of the role

object that corresponds to the name of
Description
the role. Ignored if ldap-role-
attribute-is-dn is false.
Mandatory No
The name of an attribute of the role

Values
object
Default
ldap-role-to-map
The name of a user’s role that

authorizes the user to access
Description
administrative capabilities. Only used
if ldap-role-attribute-is-dn is false
Mandatory No
Values A role name
Default WEBADMIN
proxy-statistics
proxy-statistics contains information about a particular media broker. Use:
display proxy-statistics <mb-id>
where <mb-id> is the ID of an existing Media Broker (see the media-broker-id section). You can
only display the statistics.
media-broker-id
The media broker ID as set in the
Description
media broker configuration
A combination of an IP address and

port derived from the control-
Values connection, control-
hostaddress and control-
port settings.
load
Description Actual load of the media broker
load-group
Description A group number indicating
Values A number (0 is the lowest load group)
startup-time
Description The last time the media broker started
Date and time in ISO 8601 format

Values
(yyyy-MM-dd HH:mm)
total-bytes
Number of bytes of media processed

Description
by the media broker
Values
total-packets
Number of packets processed by the
Description
media broker
Values
packets-routed
Number of packets successfully sent

Description
by the media broker
Values
packets-failed
Number of packets sent by the media

Description broker which failed to reach their
destination
Values
failed-connections
Description Number of monitored connections which are considered failed
Values See the Connection Monitoring section
network-connectivity-status
Description Connectivity status as define by the connection monitoring
true if the media broker is connected, false if it is not. See the Connection
Values Monitoring section for details on when a media broker is considered
connected.
call-load
Percentage of its complete load which
Description
the media broker is handling
Values Numeric value between 0 and 100%.
audio-only-calls
Description Number of current audio only calls
Values
audio-video-calls
Number of current calls with both

Description
audio and video
Values
status
Description The current status of the media broker
One of the following values:
AWAITING_CONFIGURATION
STARTING
Values
RUNNING
STOPPING
DOWN
call-log
Use:
display call-log <call-id>
where <call-id> is the ID of the call to display. You can only display the call log.
call-id
Description The ID of the call
Values Unique text string identifying the call
from
The address of the originator of the

Description
call
Values SIP address
to
Description The address of the recipient of the call
Values SIP address
direction
Description The direction of the call
One of:
INBOUND
Values
OUTBOUND
start
Description The start time of the call

Values
(yyyy-MM-dd HH:mm)
end
Description The end time of the call

Values
(yyyy-MM-dd HH:mm)
call-details
call-details contains everything in the call-log, plus some extra information which may be
useful. Use:
display call-details <call-id>
where <call-id> is the ID of the call to display. You can only display call details.
call-id
Description The ID of the call
Values Unique text string identifying the call
from
The address of the originator of the

Description
call
Values SIP address
to
Description The address of the recipient of the call
Values SIP address
direction
Description The direction of the call
Values One of:
INBOUND
OUTBOUND
start
Description The start time of the call

Values
(yyyy-MM-dd HH:mm)
end
Description The end time of the call

Values
(yyyy-MM-dd HH:mm)
media-broker
Description The media broker which serviced the call
The media broker control address, port, and security in the form:
<address>:<port>(SECURE)
Values
or
<address:<port>(NOT SECURE)
termination-reason
Description The reason the call ended
Values One of:
SIP_HANGUP
SIP_BUSY
SIP_NO_MATCH
SIP_NOT_FOUND
SIP_REFUSED
SIP_TIMEOUT
SIP_ERROR
SIP_FAILED
BROWSER_HANGUP
BROWSER_UNAVAILABLE
BROWSER_BUSY
NO_MEDIA_BROKER
raw-statistics
Description String containing raw data
Values
Fusion Client SDK REST API reference
This section outlines the REST API interfaces available in the Fusion Client SDK.
Web Gateway Configuration
The REST service provides an interface for administering the Web Gateway and Media Brokers.
The REST service accepts the complete configuration (including configuration for the Web
Gateway itself and for each of the Media Brokers it manages) in an XML format. The service
handles the translation between XML and the format required by Web Gateway.
View Web Gateway Configuration
Method
HTTPS GET
URL
https://<fas address>:8443/admin/gateway/1.0/configuration
Example of returned XML
<?xml version=“1.0” encoding=“UTF-8” standalone=“yes”?>
<configuration xmlns=“[http://schemas.example.com/Web]
(http://schemas.example.com/Web) Gateway/201109”>
<SIP>
<outboundSipServerAddress>sip:192.168.11.55</outboundSipServerAddress>
<registrarSipUri>sip:192.168.18.15</registrarSipUri>
<registrationExpiry>1750</registrationExpiry>
</SIP>
<media>
<rtpTransportType>UDP</rtpTransportType>
</media>
<application>
<applicationKeys>
<id>FUSIONCSDK-A8C1D</id>
</applicationKeys>
</application>
<proxy>
<controlConnection>
<controlHostAddress>192.168.30.83</controlHostAddress>
<controlPort>8092</controlPort>
</controlConnection>
<internalRTP>
<internalPortRangeStart>16377</internalPortRangeStart>
<internalPortRangeFinish>16377</internalPortRangeFinish>
</internalRTP>
<externalRTP>
<externalRtpPort>16377</externalRtpPort>
<externalProxyRtpPort>16377</externalProxyRtpPort>
<externalProxyRtpIpAddress>192.168.30.83</externalProxyRtpIpAddress>
</externalRTP>
</proxy>
<proxy>
<controlConnection>
<controlHostAddress>192.168.30.79</controlHostAddress>
<controlPort>8092</controlPort>
</controlConnection>
<internalRTP>
<internalPortRangeStart>16377</internalPortRangeStart>
<internalPortRangeFinish>16377</internalPortRangeFinish>
</internalRTP>
<externalRTP>
<externalRtpPort>16377</externalRtpPort>
<externalProxyRtpPort>16377</externalProxyRtpPort>
<externalProxyRtpIpAddress>192.168.30.79</externalProxyRtpIpAddress>
</externalRTP>
</proxy>
</configuration>
Update Web Gateway Configuration

Method
HTTPS PUT
URL
https://<fas address>:8443/admin/gateway/1.0/configuration
Submitted XML
The format of the XML for a configuration PUT request is the same as the response from a
configuration GET request (see the View Web Gateway Configuration section).
Note: Ensure you specify the correct content-type header, which is:
Content-Type: application/xml
Failure to do so will result in a HTTP/1.1 500 Internal Server error response. The payload of the
HTTP response contains the message Cannot consume content type.
Session Token JSON REST API
The Session Token REST API allows a server side application to control the access that client
side applications have to the Web Gateway:
1. The client application calls the server side application.
2. The server side application authenticates the client application.
3. The server side application calls the Session Token REST service.
4. The Session Token REST service returns a session token
5. The server side application returns the session token to the client side application.
6. The client application uses the session token to access the service.
Server side applications developed with Fusion Client SDK can control access to the Web
Gateway, allowing you to produce both client applications that can be used without any user
login, and ones which authenticate users before creating Session Tokens for them. You can
extend existing applications to include Fusion Client SDK features with only a small amount of
effort . For more information, see the FCSDK Developer Guide.
Getting a Session Token

Method
HTTP/HTTPS POST
URL
http://<fas address>:8080/gateway/sessions/session
or
https://<fas address>:8443/gateway/sessions/session
Submitted JSON
“timeout”:1,
“webAppId”:”FUSIONCSDK-A8C1D”,
“allowedOrigins”:[“example.com”],
“urlSchemeDetails”:
“secure”:true,
“host”:”wg.example.com”,
“port”:”8443”
},
“voice”:
“username”:”jbloggs”,
“displayName”:”Joseph”,
“domain”:”example.com”,
“inboundCallingEnabled”:true,
“allowedOutboundDestination”:”sip:user@example.com“,
“auth”:
“username”:”1234”,
“password”:”123456”,
“realm”:”example.com”
}
},
“aed”:
“accessibleSessionIdRegex”:”.*“,
“maxMessageAndUploadSize”:”5000”,
“dataAllowance”:”5000”
},
“uuiData”:”0123456789ABCDEF”
Where the members are:
timeout
The timeout period for the Session, defined in minutes. If omitted, this will be set to 1 by default.
webappid
The WebApp Key ID that has been defined, which is the unique ID that the web app passes to
the Gateway to identify itself. The ID must be a minimum of 16 characters in length.
allowedOrigins
This represents the origins from which cross realm JavaScript calls are permitted. If null or
empty, there will be no restriction. This is a comma separated list.
urlSchemeDetails
The connection details the Fusion Client SDK client library will be configured to use to the Web
Gateway. If these details are not provided, the default setting for each option will be used:
secure
Specifies whether to use secure WebSockets (wss) or non-secure (ws). The default value is
false, for non-secure.
host
Specifies the hostname or IP address for the WebSocket to connect to. If not provided, the client
will use the <web_gateway_address> that the Web Application used to issue the HTTP POST
request.
port
Specifies the port that the WebSocket will connect to. The default is set to 8443 if secure is true
or 8080 if secure is false.
voice
The details regarding voice and video calling. If omitted, voice and video calling will be disabled.
username
The SIP user name, as it appears in the From header.
displayName
The SIP display name, as it would appear in SIP messages. If this is omitted, no display name
will be set for the user.
domain
The corresponding SIP domain.
inboundCallingEnabled
Set inbound calling parameters to enable inbound calling. If this is omitted, inbound calling will
be enabled by default.
Note: If inboundCallingEnabled is set to true, a SIP REGISTER request will be sent to the SIP
network; therefore, a corresponding user must exist on the SIP network. This user’s credentials
should be entered in the auth: section of the POST request to the Web Gateway.
If inboundCallingEnabled is set to false, a SIP REGISTER will not be sent.
allowedOutboundDestination
This can be a single destination, for example sip:bob@example.com or can be the string all to
allow unrestricted calling.
auth
The authentication credentials for voice and video calling. This section can be omitted if the
gateway is a trusted entity in the SIP infrastructure; however, if it is omitted and the SIP is
challenged, the registration will fail.
username
The user name you would register with. This is a mandatory setting for voice calling.
password
The password used for registrations. This is a mandatory setting for voice calling.
realm
The realm used for registrations.
Note: The username used in the From header can be the same as the username used for
authentication. The domain specified in the From header can be the same as the realm used for
authentication.
aed
The details related to AED. If this section is omitted, AED functionality will be disabled.
accessibleSessionIdRegex
The java regex of sessionIds whose sessions a user is allowed to access.
maxMessageAndUploadSize
Limits the size of message (in bytes) a user can send and the size (in bytes) of an individual data
upload.
dataAllowance
The total data (in bytes) a user can have stored at any time.
uuiData
If provided, this string will be used to populate SIP INVITE and BYE messages sent by the user
with a User-to-User header. As an example, suppose the value of this parameter is ABCD. The
FCSDK will add the header
User-to-User: ABCD;encoding=hex
It is the application’s responsibility to provide a correctly encoded hexadecimal string. If this

parameter is omitted, no User-to-User header will be added to SIP messages.
Returned JSON
A valid request will cause a JSON object containing the sessionid to be returned. If the submitted
JSON contains properties with names that are unknown to the Gateway, a list of those unknown
properties is placed in unknownProperties. This property will be omitted if there are no unknown
properties:
“sessionid” : “<very long string..>“,
“unknownProperties” : [“<propname1>“,”<propname2>“,…]
Ending the Session
Method
HTTPS/HTTP DELETE
URL
http://<fas address>:8080/gateway/sessions/session/<session_id>
or
https://<fas address>:8443/gateway/sessions/session/<session_id>
Result
Deletes the session identified by <session_id>
Fusion Client SDK Product URLs Reference

This section outlines the various public and private interfaces used by Fusion Client SDK.
Such information is particularly useful when setting up a reverse proxy.
Public URLs
URLs invoked by clients and browsers, which typically need to be public. A reverse proxy should
be configured to forward these requests to the gateway.
Path Protocol Function
/gateway/adapter.js HTTPS JS API
/gateway/csdk-sdk.js HTTPS JS API
/gateway/csdk-common.js HTTPS JS API
/gateway/csdk-aed.js HTTPS JS API
/gateway/csdk-phone.js HTTPS JS API
/gateway/UC.js HTTPS JS API
/gateway/promise.js HTTPS JS API
/gateway/phone/* HTTPS JS API
/gateway/aed/* HTTPS JS API
/gateway/browserplugin HTTPS Browser plugin information
/gateway/ie/* HTTPS Internet Explorer plugin download
/gateway/SafariPlugin/* HTTPS Safari plugin download
/gateway/websocketcall HTTPS, WSS Websocket
Service URLs
REST service URLs exposed by the product. Typically, a reverse proxy should be configured to
block access to these URLs from external clients.
Gateway configuration REST API /admin/*
Gateway AED REST API /aed_web_service/adapter.js
Session Token API /gateway/sessions/*
Information on number of sessions /gateway/metrics/*
Administration URLs
URLs of administrative interfaces for the product. Typically, these should not be public, and a
reverse proxy should be configured to block access to them from external clients.
Administration UI </web_plugin_framework/*
AS Administration UI /console/*
Ports
The following ports (in addition to those needed by the Fusion Application Server - see the
FAS Administration Guide) are used by the FCSDK:
Port Purpose Notes
Media
8092 Broker
Control
Media
Broker
16000
public and
local port
Media
17000- Broker SIP
17099 network
ports
Media
16000- Broker
16004 WebRTC
ports
Also
SIP ports
documented
5060, (unsecure
in FAS
5061 and
Administration
secure)
Guide
SIP
5062,
WebSocket
5082
ports
Note: Several of these port numbers can be changed by the administrator.

FCSDK Administration Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FCSDK Administration Guide

Uploaded by

Copyright:

Available Formats

FCSDK Administration Guide

YRP1-508, 3-4 Hikari-no-Oka Yokosuka-Shi, Kanagawa, 239-0847, Japan

All rights reserved.

Document version: 3.3/1

For technical support or other queries, contact CBA Support at:

For our worldwide corporate office address, see:

https://www.cba-japan.com (Japanese) https://www.cba-gbl.com (English)

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 2

FCSDK Architecture Guide

FCSDK Installation Guide

FCSDK Administration Guide

FCSDK Developer Guide

Fusion Application Server

FAS Architecture Guide

FAS Installation Guide

FAS Administration Guide

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 3

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 4

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 5

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 6

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 7

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 8

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 9

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 10

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 11

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 12

Share application events and data

Fusion Application Server platform

Fusion Client SDK interfaces

You can administer Fusion Client SDK through three interfaces:

A command line interface

A web administration interface

Command line interface (CLI)

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 13

When the CLI starts you will see a gateway prompt:

Once in the CLI, you can use the following commands:

delete [item] [id] Remove the item with the specified id

Remove an item from a collection of items. The item to be removed

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 14

save Save changes in update mode

cancel Quit (without saving) update mode

exit Quit the CLI

REST API interface

Web Administration interface

The web administration interface is available at:

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 15

User login or logout

FAS start or stop

Media Broker connections made or lost

The audit.log file is saved in the FAS install directory.

2016-01-28 10:38:30,056 INFO APP_CONN FAS started, user=root, address=192.168.8.128

2016-01-28 10:39:16,905 WARN MB_CONN Gateway 192.168.8.128 has lost connection to

2016-01-28 10:40:00,977 INFO MB_CONN Gateway 192.168.8.128 has made a connection to

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 16

To change the user credentials:

1. Go to the User Credentials tab:

2. In the Authentication Mechanism section, make sure Local Enabled is checked.

Old The current administrative password. Under normal circumstances, this

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 17

The new password for the administrative user. This is repeated as a

Resetting Administrator Credentials

1. Edit the <fas_dir>/domain/configuration/fas.properties file, and add the system property:

where <fas_dir> is the directory FAS was installed in.

2. Restart the FAS master node.

^(?=.[a-z])(?=.[A-Z])[a-zA-Z] At least 6 alphabetic characters, with a mix of upper

^(?=.\d)(?=.[a-zA-Z])[a-zA-Z0- At least 6 alphanumeric characters, including both