Administration Guide Configuration and Operation

Transcription

1 Title page Nortel Application Gateway 1000/2000 Nortel Application Gateway Release 6.1 Administration Guide Configuration and Operation Document Number: NN Document Release: Standard Date: March 2008 Year Publish FCC TM Copyright 2006, 2007 Nortel Networks. All rights reserved. Produced in Canada The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks. Nortel, Nortel (Logo), the Globemark, SL-1, Meridian 1, and Succession are trademarks of Nortel Networks.

2

3 Contents Preface ix Audience ix Organization ix Related Documentation xi CHAPTER 1 Application Gateway Overview 1 Introduction to Voice Applications 1 Introduction to Transformed Applications 3 Licensing 3 Security 4 Security Features 4 Implementation Workflow 5 CHAPTER 2 Basic Administration 7 Using the Administration Tool 7 Downloading Product Documentation 9 Setting the System Date and Time 9 Changing the Root Administrator Password 10 Using the Serial Console 10 Managing Licenses 11 Guidelines 12 Uploading License Files 12 Viewing License Information 13 Changing the License Status of an IP Phone 14 Generating a Secure Certificate 14 Overview of the Certificate Signing Request 15 Installing the Cygwin UNIX Environment for Windows 16 Generating a CSR 17 Unencrypting the Private Key 18 Converting to a PEM-Formatted Certificate 18 Combining the Private Key with the Signed Certificate 20 Generating Trusted Certificates for Multiple Levels 20 iii

4 Contents Uploading a Certificate to the Application Gateway 21 Getting Design Studio to Recognize a Certificate 22 Upgrading the Application Gateway Software 23 Reinstalling the Application Gateway Software 24 Saving and Restoring the Configuration 25 Restarting the Application Gateway 26 Shutting Down the Application Gateway 26 CHAPTER 3 Network Connection Configuration 27 Prerequisites 27 Configuring Network Interface Settings 28 Configuring Ports 29 Specifying DNS Settings 29 Adding Host Aliases 30 Configuring Routes 30 Configuring Dynamic Routing 31 Adding, Testing, and Removing a Static Route 32 Static Route Example 33 Creating an Application Gateway Cluster 34 Cluster Prerequisites 36 Creating a Cluster 37 Maintaining a Cluster 38 Specifying the Default URL 38 CHAPTER 4 Voice Office Configuration Requirements 41 Voice Office Application Prerequisites 41 Customizing the Voice Office Menu 42 Setting the Language of the Voice Office User Interface 43 Enabling Communication between the Phones and Application Gateway 44 Configuring the Graphical XAS (GXAS) Port on the Application Gateway 46 Enabling Automatic Dialing 46 Specifying a Source for Phone IP-to-DN Mappings 46 iv

5 Contents Deployment Notes 47 Configuring a Call Server or CSV Connection 48 CSV File Format Specifications 49 CHAPTER 5 LDAP/CSV Directory Configuration 51 Express Directory Overview 52 Express Directory Features 53 Configuring the Application Gateway to Use LDAP Directories 54 Specifying LDAP Attributes for Voice Office Operations 57 Looking Up Attributes in Your LDAP Directory 60 Configuring the Application Gateway to Use Directory Files in CSV Format 63 CSV File Format Specifications 65 Adding Dialing Rules 66 Synchronizing the Application Gateway with Your Directories 67 CHAPTER 6 Broadcast Server Installation 69 Overview of Broadcast Server 70 Network Deployment 70 Subscriber and Distribution List Source 71 Broadcast Server Operation with Clusters 72 Hardware and Software Overview 73 Software Server Requirements 73 Installing Broadcast Server Software 74 Microsoft IIS Configuration 74 Broadcast Server Software Installation 76 Connecting the Application Gateway and Broadcast Server 76 Synchronizing the Broadcast Server and Application Gateway Clocks 77 Confirming Installation and Configuration 78 CHAPTER 7 Zone Paging Configuration 79 Overview of Zone Paging 80 Network Deployment 81 v

6 Contents Zone List Source 81 Paging Setup and Operation with Clusters 82 Managing Paging Zones 83 Viewing Extensions in an Imported Zone 83 Adding and Changing Custom Zones 84 CHAPTER 8 Visual Voic Configuration 89 Overview of Visual Voic 90 Configuring Nortel Messaging 91 Configuring Visual Voic 92 CHAPTER 9 Smart Agent Configuration 95 Smart Agent Features 97 Smart Agent Operation 98 Smart Agent Number Recognition 99 Smart Agent Number Manipulation 100 Overlay Area Codes 101 Unsupported Number Patterns and Dialing Provisions 102 Other Limitations 103 Smart Agent Operation with Microsoft Outlook Contacts 103 Smart Agent Deployment 104 Changing Outlook 2002 Security Settings for Smart Agent 105 Helping Users with Deployment and Use 106 User Connection Requirements and Notes 107 Configuring Smart Agent 108 Changing the Smart Agent Port 108 Configuring Phone Number Handling 108 Configuring the LDAP Connection 109 Adding Local Smart Agent Users to the Application Gateway 111 Testing the Smart Agent Deployment 112 Adding Click-to-Call Links to Web Applications 113 Adding Click-to-Call Links to Windows Applications 114 vi

7 Contents CHAPTER 10 Transformed Applications 115 Features 115 Back-End Application Transformation 116 Support for Multiple Formats 117 Conversion Features 117 Data and Session Management 118 Security 119 Security Levels 120 Security Issue for WAP Phones 121 Connections and Sessions 121 Transformation Controls 122 URL Request Handling of Transformed Applications 123 Managing Design Studio User Accounts 124 Configuring the External Public Protocol, Address, and Port 125 Configuring URL Filtering 127 Configuring Session and Connection Settings 127 Selecting an Input Character Encoding 129 Disabling Unrestricted Proxy 129 Specifying Outbound Proxy Settings 130 CHAPTER 11 Logging and Monitoring Application Gateway Operations 131 Configuring and Working with System Logs 131 Interpreting the System Log 133 Broadcast Server 134 Call Server synchronization for IP/DN mapping 134 CSV synchronization for IP/DN mapping 136 LDAP 136 Licensing 137 Socket listeners 137 Transformed applications 138 Enabling and Viewing SNMP and Health Logs 138 Viewing the W3C-Formatted HTTP Request Log 138 Enabling and Viewing SNMP Logs 139 Enabling and Viewing Health Logs 139 Monitoring Application Gateway Operations 141 vii

8 Contents CHAPTER 12 Troubleshooting 143 General Issues (Hardware, Licenses, Certificates) 143 Connectivity Issues 145 Express Directory 146 Visual Voic 147 Broadcast Server 148 Smart Agent 151 Zone Paging 152 I NDEX 153 viii

9 Preface This preface describes who should read the Application Gateway Administration Guide, how it is organized, and related documentation. Audience This guide is intended for system administrators responsible for connecting the Application Gateway to a network and configuring its operation for voice applications as well as for connected devices (call server, directory servers, and so on). This document assumes that the Application Gateway has been installed according to the Application Gateway Quick Start Guide and that the administrator has experience configuring networks and an understanding of call servers and their protocols. Organization This guide is organized as follows: Chapter Title Description Chapter 1 Overview Provides a conceptual background to Application Gateway operation with voice applications and transformed applications. Chapter 2 Basic Administration Describes general Application Gateway administration tasks and describes how to use the Administration Tool interface and the serial console. Chapter 3 Network Connection Configuration Describes how to connect Application Gateways to your network and specify network settings such as ports, DNS servers, and dynamic or static routes. ix

10 Organization Chapter Title Description Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Voice Office Configuration Requirements LDAP/CSV Directory Configuration Broadcast Server Installation Zone Paging Configuration Visual Voic Configuration Smart Agent Configuration Transformed Applications Administration Logging and Monitoring Application Gateway Operations Explains the configuration requirements that apply to all or multiple Voice Office applications. Also describes how to customize the Voice Office menu. Describes how to the configure LDAP and/or CSV directory sources used for several voice applications. Unlike other Voice Office applications, Broadcast Server runs on a separate Windows server, connected to the Application Gateway. This chapter describes how to install and test Broadcast Server. For configuration and usage information, refer to the Broadcast Server User Guide. Describes how to configure and manage paging zones. Explains how to configure the Application Gateway with your Unified Messaging IMAP and SMTP servers. Describes Smart Agent operation, features, deployment, and configuration. Describes the operation and administration of transformed applications. Describes how to configure and view system, health, and SNMP logs, and work with a variety of network monitoring applications. Chapter 12 Troubleshooting Describes how to recover from a crash and troubleshoot common issues. x

11 Related Documentation Related Documentation For additional information about the Application Gateway, refer to the following guides: Application Gateway Quick Start Guide Application Gateway Network Integration Guide Application Gateway Hardware Installation Guide Application Gateway Release Notes You can download all Application Gateway and Voice Office application documentation from the Application Gateway Administration Tool (Administration > Downloads). The Administration Tool also includes online Help. Design Studio, Broadcast Server, and Smart Agent, which run on personal computers, include online Help. xi

12 Related Documentation xii

13 Chapter 1 Application Gateway Overview The Application Gateway 1000/2000 is a network appliance that transforms and delivers data and enhanced voice applications to IP telephones. The following topics provide an overview to the Application Gateway and the applications that it delivers: Introduction to Voice Applications, page 1 Introduction to Transformed Applications, page 3 Licensing, page 3 Security, page 4 Implementation Workflow, page 5 Introduction to Voice Applications The Voice Office Applications Suite is a set of packaged telephony applications. The Voice Office applications enable enterprises to leverage their IP telephony investments and increase workforce productivity by delivering converged applications to the screens and speakers of Nortel IP phones. Voice Office applications include: Express Directory provides an LDAP-based, organization-wide directory with high speed, real time pruning. Visual Voic enables users to see a visual list of their voice messages with the ability to select the most important ones to review, without having to listen to each message serially. During message playback, the user can play, pause, and rewind using labeled soft keys rather than using cryptic control codes. Zone Paging enables users to page through groups of IP phones in specific zones without the expense of installing an overhead paging system. 1

14 Chapter 1 Application Gateway Overview Introduction to Voice Applications Broadcast Server delivers alerts, such as emergency, IT, and weather messages, to IP phones. Smart Agent enables Windows PC users to initiate calls from a desk phone by clicking public switched network telephone numbers in Internet Explorer or a phone number, contact name, or address in Outlook/Outlook Express messages and Contacts pages. Click-To-Call links can also be added to Windows and Web-based applications. The general network architecture for Voice Office applications follows. 2

15 Chapter 1 Application Gateway Overview Introduction to Transformed Applications Introduction to Transformed Applications Licensing The Application Gateway delivers business applications to Nortel IP telephones. The Application Gateway can operate with other network devices including switches, routers, and cache engines in order to optimize service performance and enhance user experience. The Application Gateway installs into any network infrastructure without requiring changes to the existing hardware or back-end software. The Application Gateway sits in front of content servers and works with other networking products such as cache engines, web servers, firewalls, Virtual Private Network (VPN) solutions, and routers. The Application Gateway can display a hierarchical application portal on IP phones for quick access to applications. Design Studio is a PC-based application that you use to create transformation rules for Web applications, modify the Application Menu that displays on devices, and upload changes to an Application Gateway. Note Refer to the Application Gateway Release Notes for additional licensing information specific to IP phones. Application Gateway Software is enabled by user licenses which allow use of the Server Software in increments defined by a license. A license enables the Application Gateway to deliver applications to a user. Each IP phone must have a license. A license is assigned to an IP phone s MAC address the first time that the phone contacts the Application Gateway. When a phone registers with the Application Gateway, the number of available licenses decreases by one. Thus, if you purchase 100 IP phone licenses, 100 of your phones can register with the Application Gateway. Once all allowed licenses are associated with a phone, additional connection attempts are denied. The Application Gateway administrator can free a license by changing the status of an phone to unlicensed. A phone s status can be later changed back to licensed, if needed. Refer to the Application Gateway Release Notes for capacity information. 3

16 Chapter 1 Security Application Gateway Overview For more information, see the following topics: Managing Licenses, page 11 Changing the License Status of an IP Phone, page 14 Security The Application Gateway is fully protected against worms, viruses, and other Internet attacks. The Application Gateway is built on proprietary software, not a traditional operating system such as Windows, and the Application Gateway contains no API that a worm or virus could run on. As a result, the Application Gateway is not vulnerable to worms and viruses that are compiled for traditional operating systems. In this respect, the Application Gateway appliance is more like a closed router rather than a server. In addition, the Application Gateway has few open ports and those ports send packets directly to Application Gateway processes. The Application Gateway has been tested to ensure that no high- or medium-risk security vulnerabilities exist. The Application Gateway can be installed in any network with confidence that it introduces no additional security risks. Many microbrowser devices, including IP phones lack security and encryption features. The Application Gateway, when used with secure web and application servers, can reduce the potential security issues associated with using such equipment. Security Features Security features of the Application Gateway include the following: Supports Basic authentication. Supports 196-bit TLS SSL encryption, as well as lower and higher bit values defined in your certificate. You might prefer to lower the encryption if performance is more important than security. SSL support includes HTTPS, IMAPS, POPS, and SSMPT. Supports secure cookies. 4

17 Chapter 1 Application Gateway Overview Implementation Workflow SSL support allows you to deploy the Application Gateway behind a firewall to provide a secure gateway to protect IP telephone connections beyond the firewall. Supports digital certificates in Privacy Enhanced Mail (PEM) format that include a private key. Requires few open ports. The complete list of required ports is in the Pre-Installation Checklist. Implementation Workflow The following general steps provide a suggested workflow for implementing Voice Office applications. 1. Determine which applications are to be deployed and to which phones. 2. Customize the Voice Office Menu accordingly, as described in Customizing the Voice Office Menu, page Specify the language in which the application interface should display on the phones, as described in Setting the Language of the Voice Office User Interface, page For the purposes of initial testing, point a few phones to the Application Gateway, as described in Enabling Communication between the Phones and Application Gateway, page Enable automatic dialing, as described in Enabling Automatic Dialing, page Complete the configuration required to supply the Application Gateway with a mapping of phone IP addresses to extensions (DNs), as described in Specifying a Source for Phone IP-to-DN Mappings, page Configure the applications that you want to deploy. If you are deploying Express Directory, Visual Voic , Zone Paging, or Broadcast Server, complete the directory configuration as described in LDAP/CSV Directory Configuration, page Verify your implementation on the test phones. 9. Deploy the applications to users by pointing their phones to the Application Gateway. 5

18 Chapter 1 Application Gateway Overview Implementation Workflow 6

19 Chapter 2 Basic Administration The following topics describe how to administer your Application Gateway: Using the Administration Tool, page 7 Using the Serial Console, page 10 Managing Licenses, page 11 Generating a Secure Certificate, page 14 Upgrading the Application Gateway Software, page 23 Reinstalling the Application Gateway Software, page 24 Saving and Restoring the Configuration, page 25 Restarting the Application Gateway, page 26 Shutting Down the Application Gateway, page 26 Using the Administration Tool This topic describes how to open and log out of the Administration Tool, plus it provides information on the following tasks: Downloading Product Documentation, page 9 Setting the System Date and Time, page 9 Changing the Root Administrator Password, page 10 The Administration Tool contains the full set of network and operation configuration commands. When you license additional applications, your Administration Tool might include commands not shown in this guide s sample screens. The Administration Tool also provides access to a variety of standard network monitoring tools, including Ethereal Network Monitor, xnettools, Traceroute, fnetload, and System Monitor. 7

20 Chapter 2 Basic Administration Using the Administration Tool To open the Administration Tool: 1 Make sure that the Application Gateway is running. 2 From a web browser, connect to the Application Gateway by entering the URL: where: - ipaddress is the IP address of your Application Gateway (the default IP address is with a netmask of ) - adminport is the administration port of your Application Gateway (9001) 3 If a Security Alert dialog box appears, click Yes. The Administration > Downloads page appears. You can download documentation from this page without logging in. 4 Click the tab for the settings that you want to configure. The Administration Tool login dialog appears. 5 Enter your administrative username and password. Note When working with the Administration Tool, click Submit or Commit Changes to save changes. The Administration Tool times out after 10 minutes of inactivity and requires that you log in to continue working. To log out of the Administration Tool: Click Administration > Logout. 8

21 Chapter 2 Basic Administration Using the Administration Tool Downloading Product Documentation The Application Gateway includes all server, Design Studio, and voice application documentation. To download documentation from the Application Gateway: Go to Administration > Downloads and click Download Documentation. Setting the System Date and Time An HTML page with links to all documentation components appears. By default, the Application Gateway uses the time.nist.gov NTP server. You can choose a different time server and a synchronization schedule. Or, if the Application Gateway cannot reach a time server, you must manually set the date and time. The Application Gateway and Broadcast Server clocks must be synchronized, as described in Synchronizing the Broadcast Server and Application Gateway Clocks, page 77. To specify a time server: 1 In the Administration Tool, go to the Administration > Date page. 2 Select a time zone. 3 Enter the fully qualified domain name of an NTP server. For a list of time servers, see This field is initialized to the time.nist.gov time server. 4 Select an Update Schedule. 5 Click Update. To manually set the date and time: 1 In the Administration Tool, go to the Administration > Date page. 2 Select a time zone. 3 Enter the date and time, using the format shown on the screen. 4 Click Update. 9

22 Chapter 2 Basic Administration Using the Serial Console Changing the Root Administrator Password Note In order to reset the administrative password to its default, you must reinstall the Application Gateway server software. The Application Gateway is pre-configured with a default username and password (root/rootadmin). We recommend that you change the root password. To change an administrator password: 1 In the Administration Tool, go to the Administration > Users page. 2 In the Administrator Password area, enter the new password and click Change Password. Using the Serial Console The serial console contains the minimal prompts required to connect the Application Gateway Interface 0 to your network. You can use the serial console (as an alternate to the Web-based interface) to change the IP address and netmask of the Application Gateway Interface 0, as well as to set the IP address of the default gateway device. All other configuration must be done through the Administration Tool. You can also use the serial console to test a connection with the ping command. To open the serial console: 1 Connect a PC to the Application Gateway serial port. 2 Make sure that the Application Gateway is running. 3 Start a terminal emulation application and open a TCP/IP connection to the Application Gateway using its IP address and administration port number (9001). If the serial console does not open, check the settings in the terminal emulation application. Set the serial connection to 9600 bits per second, 8 data bits, no parity, and 1 stop bit. 4 Enter the administrative username (defaults to root) and password (defaults to rootadmin) when prompted. 10

23 Chapter 2 Basic Administration Managing Licenses The serial console menu appears. Managing Licenses Note For a description of license handling, see Licensing, page 3. When you purchase licenses, you will receive instructions on how to obtain the license files. License information is saved when you back up the Application Gateway configuration. If you do not have a valid license for a device type, a user who attempts to access an application will receive the following message: License Not Available. The Application Gateway log file also displays the following messages: httpd: session denied. check for sufficient capacity and device type licenses. httpd: HTTP 403 (Please check with your administrator to verify that the AG has licenses for your device.) The following topics describe how to work with licenses: Guidelines, page 12 Uploading License Files, page 12 Viewing License Information, page 13 Changing the License Status of an IP Phone, page 14 11

24 Chapter 2 Basic Administration Managing Licenses Guidelines You must renew software maintenance to continue to be eligible to install new releases of software. When managing licenses, be aware of the following: A license is specific to the Application Gateway for which it was issued. We recommend that you retain a local copy of all license files. If you need to reinstall the Application Gateway server software, you will need to upload all license files to it. Do not overwrite any files in your local license directory. If another file in that directory has the same name, you should rename the newly received file. The Application Gateway software calculates your licensed features based on all license files that are uploaded to the Application Gateway. If you edit a license file, the Application Gateway software will ignore any features associated with that license. The contents of license files are encrypted and must remain intact. Should you copy, rename, or insert a license file multiple times, the Application Gateway will use only the original file and will ignore any duplicate files. To obtain license files, you will need to know the host ID of the Application Gateway which you are licensing. To view the host ID: In the Administration Tool, go to the Administration > Licenses page. Uploading License Files To upload license files to the Application Gateway: 1 In the Administration Tool, go to the Administration > Licenses page. 2 Across from Upload License File, click Browse and locate the license file that you want to upload. 3 Click Open and then click Upload. 12

25 Chapter 2 Basic Administration Managing Licenses You will be prompted to reboot. You do not have to reboot until you have uploaded all license files. Note When you save the Application Gateway configuration (Administration > Maintenance), license information is included in the backup file. Viewing License Information To view license information: 1 In the Administration Tool, go to the Administration > Licenses page. The number of active licenses is noted on that page. 2 To view a summary of license information, click View Active License Summary. One Application Gateway is required to enable the server. When the server is running, it is using the license, thus the Available column is set to 0 because there are no licenses that are not in use. A Voice Office license per IP phone is required to enable applications for an IP phone. 3 To view license details, click View License Detail. Customer, or retail, licenses are for a purchased Application Gateway. These licenses never expire, therefore they have no License Expiration Date. Expired development, evaluation, and Not For Resell licenses do not appear in the licenses list. If the maintenance agreement subscription date is less than the server build date and less than the calendar date, the license status is Expired. The license, however, is still valid for that server build or any server build date that is prior to the maintenance subscription date. If the maintenance subscription date has expired, the license status is Invalid. If an installed license is for a feature not supported by the Application Gateway, the license status is Invalid. 13

26 Chapter 2 Basic Administration Generating a Secure Certificate Changing the License Status of an IP Phone When the Application Gateway accepts a connection from an IP phone, it records the MAC address of the phone. Once the maximum allowed licenses are associated with phones, additional connection attempts result in an error message. You can free licenses for other phones by changing the status of an obsolete phone to unlicensed. To change a phone s license status: 1 In the Administration Tool, go to the Operation > Advanced page. You will be prompted to log in to the Application Gateway Monitor. 2 Enter your administrative user credentials. A VNC-like window appears, with the License Monitor window open. Extensions are sorted in ascending order. 3 To change the status of a phone, right-click the phone and then click Toggle Status. If you have not installed a license that includes support for IP phones, no phones will be listed in the License Monitor. Generating a Secure Certificate You should install on the Application Gateway a digital X.509 certificate that belongs to your company. This will ensure that all SSL transactions will pass with no error warnings to phone users. Certificates from Verisign and Thawte are supported. The Application Gateway accepts a Privacy Enhanced Mail (PEM) format certificate file. PEM is a text format that is the Base-64 encoding of the Distinguished Encoding Rules (DER) binary format. The PEM format specifies the use of text BEGIN and END lines that indicate the type of content that is being encoded. Before you can upload a certificate to the Application Gateway, you will need to generate a Certificate Signing Request (CSR) and private key. We recommend using Linux OpenSSL to administer any certificate tasks. If Linux is not available, we recommend the Cygwin UNIX environment for 14

27 Chapter 2 Basic Administration Generating a Secure Certificate Windows, which includes an OpenSSL module. Instructions for downloading, installing, and using the Cygwin UNIX environment to generate a CSR are included in this topic. If you are familiar with certificate manipulation, you can use other tools to create a PEM-formatted file. The certificate that you upload to the Application Gateway must have the following characteristics: It must be in PEM format and must include a private key. The signed certificate and private key must be unencrypted. The following topics describe how to perform the tasks associated with generating a CSR: Overview of the Certificate Signing Request, page 15 Installing the Cygwin UNIX Environment for Windows, page 16 Generating a CSR, page 17 Unencrypting the Private Key, page 18 Converting to a PEM-Formatted Certificate, page 18 Combining the Private Key with the Signed Certificate, page 20 Generating Trusted Certificates for Multiple Levels, page 20 Uploading a Certificate to the Application Gateway, page 21 Getting Design Studio to Recognize a Certificate, page 22 Overview of the Certificate Signing Request If you are unfamiliar with generating a CSR, review this topic for background information. The general process for generating a CSR and handling the signed certificate is as follows: 1. Generate a CSR (public.csr) and private key (private.key) as described in Generating a CSR, page Send the public.csr file to an authorized certificate provider. 3. If you used a tool other than the Cygwin UNIX environment to generate the CSR, check the format of the private key. If it is in DER format or is encrypted, convert it to PEM format as described in Unencrypting the Private Key, page

28 Chapter 2 Basic Administration Generating a Secure Certificate 4. When you receive the signed certificate file from your SSL certification company, check the file format. If it is not in PEM format, convert it as described in Converting to a PEM-Formatted Certificate, page Combine the PEM-formatted signed certificate with the PEM-formatted private key (private.key) as described in Combining the Private Key with the Signed Certificate, page If your certificate has more than one level, handle the intermediate certificates as described in Generating Trusted Certificates for Multiple Levels, page Upload the certificate to the Application Gateway as described in Uploading a Certificate to the Application Gateway, page 21. Installing the Cygwin UNIX Environment for Windows If Linux OpenSSL is not available, install the Cygwin UNIX environment for Windows. When you install Cygwin, you must choose the OpenSSL modules as described in the following steps. To install Cygwin: 1 Use a web browser to navigate to and click Install Cygwin Now. 2 Follow the on-screen instructions to open the setup installer. 3 In the Cygwin Setup dialog box, click Next. 4 Click Install from Internet and then click Next. 5 Accept the default root installation directory settings and then click Next. 6 Accept the default local package directory setting and then click Next. 7 In the Internet Connection screen, click Use IE5 Settings and then click Next. 8 In the list of Available Download Sites, click a site and then click Next. 9 In the Select Packages screen, click the View button (upper-right corner). 10 Scroll the packages list to locate in the Package column openssl: The OpenSSL runtime environment and openssl-devel: The OpenSSL development environment. 11 In the New column for those two entries, click Skip. 16

29 Chapter 2 Basic Administration Generating a Secure Certificate Generating a CSR The current version number of Cygwin appears. 12 Click Next to start the installation. After Cygwin installs, you can generate the CSR. These instructions to generate a CSR assume that you are using the Cygwin UNIX environment installed as described in Installing the Cygwin UNIX Environment for Windows, page 16. To generate a CSR using the Cygwin UNIX environment: 1 Double-click the Cygwin icon on the desktop. A command window opens with a UNIX bash environment. 2 To change to a particular drive, use the command: cd driveletter: 3 At the $ prompt, type the following to generate a CSR: openssl req -new -nodes -keyout privatekeyfilename -out certrequestfilename For example: openssl req -new -nodes -keyout private.key -out public.csr Status messages about the private key generation appear. You will be prompted for information such as country name. 4 When prompted for the Common name, enter the DNS name of the Application Gateway. The name that you enter will appear in the certificate and must match the name expected by PCs that connect to the Application Gateway. Thus, if you alias DNS names, you will need to use the alias name instead. 5 Submit your CSR (public.csr) to an authorized certificate provider such as Verisign. When asked for the type of server that the certificate will be used with, indicate Apache. (If you indicate Microsoft, the certificate might be in PKCS7 format and you will need to follow the procedure in Converting to a PEM-Formatted Certificate, page 18 to convert the certificate to a PEM format.) The certificate provider will return a Signed Certificate to you by within several days. 17

30 Chapter 2 Basic Administration Generating a Secure Certificate Unencrypting the Private Key The following procedure is not needed if you use the Cygwin UNIX environment to generate the CSR and private key. Follow this procedure only if the method you use to generate the private key results in an encrypted key. To unencrypt the private key: 1 At the $ prompt enter the command: openssl rsa If you enter this command without arguments, you will be prompted as follows: read RSA key 2 Enter the name of the password to be encrypted. You can enter the openssl rsa command with arguments if you know the name of the private key and the unencrypted PEM file. For example, if the private key filename is my_keytag_key.pvk, and the unencrypted filename is keyout.pem, you would enter openssl rsa -in my_keytag_key.pvk -out keyout.pem. For more information, refer to the following URL: For information on downloading OpenSSL for Windows, refer to the following URL: _id=48801 Converting to a PEM-Formatted Certificate The signed certificate file that you receive from your certificate provider might not be in a PEM format. If the file is in binary format (DER), convert it to PEM format as follows: openssl x509 -in certfile -inform DER -outform PEM -out convertedcertfile 18

31 Chapter 2 Basic Administration Generating a Secure Certificate If the certificate is already in a text format, it may be in PKCS format. (You will receive a PKCS formatted certificate if you specified that the certificate will be used with a Microsoft rather than Apache operating system.) The following command will result in an error message if the certificate is not in PEM format. The certfile should not contain the private key when you run this command. openssl verify -verbose -CApath /tmp certfile If that command results in the following error message, the file is not in PEM format. certfile: unable to load certificate file 4840:error:0906D064:PEM routines:pem_read_bio:bad base64 decode:pem_lib.c:781: To convert the certificate from PKCS7 to PEM format: 1 Run the command: openssl pkcs7 -in./certfile -print_certs The output will look like this: subject= BEGIN CERTIFICATE Server Certificate END CERTIFICATE----- subject= BEGIN CERTIFICATE Intermediate Cert END CERTIFICATE Combine the server certificate data and the intermediate certificate data (if it exists) from the output with the private key as specified in Combining the Private Key with the Signed Certificate, page 20 and Generating Trusted Certificates for Multiple Levels, page

32 Chapter 2 Basic Administration Generating a Secure Certificate Combining the Private Key with the Signed Certificate You must combine the signed certificate with the private key before you can upload it to the Application Gateway. To combine the Private Key with the Signed Certificate: 1 Use a text editor to combine the unencrypted private key with the signed certificate in the PEM file format. The file contents should look similar to the following: -----BEGIN RSA PRIVATE KEY----- <Unencrypted Private Key> -----END RSA Private KEY BEGIN CERTIFICATE----- <Signed Certificate> -----END CERTIFICATE Save and name the PEM file. For example, server.pem. Generating Trusted Certificates for Multiple Levels Caution Any certificate that has more than one level must include all intermediate certificates, or the system may become unusable. You must determine whether your certificate has more than one level and, if it does, handle the intermediate certificates properly. To generate trusted certificates for multiple levels: Note Do not exit Design Studio. 1 Open Internet Explorer, and access a page through the Application Gateway. For example, enter a URL similar to the following: where: - ipaddress is the IP address of your Application Gateway - httpport is the Application Gateway HTTP port number 20

33 Chapter 2 Basic Administration Generating a Secure Certificate 2 Double-click the Lock symbol in the bottom right corner of the browser. 3 Switch to the Certificate Path window pane at the top of the screen. 4 Double-click the first path level to bring up the Certificate information for the first level and then go to the Details screen. 5 Click the Copy to File button at the bottom. 6 After the Certificate Export Wizard appears, click Next. 7 Click the format Base-64 encoded and then click Next. 8 Enter a filename. For example, G:\tmp\root.cer. 9 Review the information and note the complete filename. Click Finish. 10 Click OK to close the Certificate information window for the first level. 11 Repeat Steps 5 11 for all levels except the last level. 12 Insert all certificates into one file, and make sure that any intermediate certificates are part of any certificate file you upload. The file to be uploaded should be in the following format: private key Server Certificate Intermediate Certificate 0 Intermediate Certificate 1 Intermediate Certificate 2 Uploading a Certificate to the Application Gateway After you have completed the steps to obtain and assemble a properly formatted, signed certificate and private key, you can upload it to the Application Gateway. Note When you save the Application Gateway configuration, the uploaded certificates are included in the backup. To upload a certificate file: 1 In the Administration Tool, go to the Administration > Maintenance page. 2 Across from Upload Certificate, click Browse. 21

34 Chapter 2 Basic Administration Generating a Secure Certificate 3 Locate the file you want to upload and click Open. 4 Click Upload to upload the file. 5 After the upload is complete, go to the Network > Interfaces page. 6 Set Interface 0 External Public Address to the DNS name for which the certificate was registered. Getting Design Studio to Recognize a Certificate The default trusted root certificates provided with Design Studio are from Verisign and Thawte. If you purchased your SSL certificate from Verisign or Thawte, the Design Studio JVM (Java Virtual Machine) will automatically recognize it and you can skip this topic. If your certificate is not from Verisign or Thawte, you will need to set up the Design Studio JVM to recognize the certificate. To do that, you need to import the certificate into the trust file for JVM. To import a certificate into the JVM trust file: Note You do not need to perform this procedure if you purchased a certificate from Verisign or Thawte. 1 Open a Windows Command window. 2 Locate the trust file (named cacerts) in the JRE that is installed with Design Studio. The default location for cacerts is C:\Program Files\Nortel\AG\ Design Studio\version\class\jre\lib\security\cacerts. cd C:\Program Files\Nortel\AG\Design Studio\version\class\jre\lib\security 3 Make a backup of the cacerts file and then navigate to the bin directory. copy cacerts cacerts.bak cd..\.. cd bin You should now see the prompt C:\Program Files\Nortel\AG\Design Studio\version\class\jre\bin> in the Command window. 4 Copy your certname.pem file into the bin directory. 5 Install your certificate into cacerts. 22

35 Chapter 2 Basic Administration Upgrading the Application Gateway Software keytool -import -alias mycompany -file certname.pem -keystore "C:\Program Files\Nortel\AG\Design Studio\version\class\jre\lib\ security\cacerts" You will be prompted for the keystore password. The default cacerts password is "changeit". Information about the certificate displays. If it is the correct certificate, respond "y" to the prompt. 6 Verify that your certificate was imported. keytool -list -keystore "C:\Program Files\Nortel\AG\Design Studio\ version\class\jre\lib\security\cacerts" Enter the keystore password when prompted and review the certificate. Upgrading the Application Gateway Software You will be notified when server software upgrades are available. For the latest information about upgrading, refer to the Release Notes provided with the upgrade. Before you upgrade an Application Gateway, you might need to look up your current Application Gateway version. To display the version of your installed Application Gateway: In the Administration Tool, go to the Logging > Version page. To upgrade your Application Gateway: Refer to the instructions in the Application Gateway Release Notes. 23

36 Chapter 2 Basic Administration Reinstalling the Application Gateway Software Reinstalling the Application Gateway Software Reinstalling the software returns the Application Gateway to its pre-configured state. It is important that you always have a current copy of the Application Gateway configuration files, as described in Saving and Restoring the Configuration, page 25. If files on the Application Gateway become corrupted or if the server crashes, you will need to reinstall the Application Gateway server software from the CD provided with the server. Reinstalling the server software is also referred to as re-imaging the server. Reinstalling the server software takes about 20 minutes. To reinstall the server software: 1 Make sure that a PC capable of hosting terminal emulation software is connected to the Application Gateway; power on both systems. 2 Press Enter a few times on the PC to establish a console connection with the Application Gateway. 3 Insert the Application Gateway CD into the CD-ROM drive of the Application Gateway 4 Press the Reset button on the front of the Application Gateway. After the Application Gateway restarts, the console display indicates that the reinstallation has started. The status bar moves in large increments, so at first it might appear that the reinstall has not started. When the installation has completed, the serial console displays the message Installation successful. 5 Eject the CD and press the Reset button on the Application Gateway. 6 Restore the configuration settings as described in Saving and Restoring the Configuration, page

37 Chapter 2 Basic Administration Saving and Restoring the Configuration Saving and Restoring the Configuration When you upgrade the Application Gateway, all of your configuration settings, including uploaded certificates and licenses, are automatically restored. Note The Device Definitions File (DDF), managed in Design Studio, is not saved as a part of the configuration. You will need to back it up manually. If you reinstall the Application Gateway software, you must manually restore your configuration settings. Before using the CD to reinstall the Application Gateway software, save your configuration. Reinstalling the Application Gateway software returns the Application Gateway to its pre-configured state. If you have saved your configuration settings, as described in this topic, you can easily restore them. To save the Application Gateway configuration: 1 In the Administration Tool, go to the Administration > Maintenance page. 2 Click Save Config. The entire Application Gateway configuration, including system files and certificates, are saved to your computer in a file named config.restore. 3 If you have made changes to the DDF file, use Design Studio to save the DDF file to a local computer. To restore a saved configuration: 1 In the Administration Tool, go to the Administration > Maintenance page. 2 Across from Upload Server Upgrade or Saved Config., click Browse. 3 Locate the file named config.restore and click Open. 4 Click Upload. 25

38 Chapter 2 Basic Administration Restarting the Application Gateway After the configuration file is uploaded, the Application Gateway restarts. If you saved the DDF file, you will need to upload it to the Application Gateway. Restarting the Application Gateway To restart the Application Gateway: 1 In the Administration Tool, go to the Administration > Maintenance page. 2 Click Restart. Shutting Down the Application Gateway Never shut down the Application Gateway by powering it off. Use the Administration Tool to shut down the device. Use the power switch only to power on the device. You can also use the Reset button on the front of the Application Gateway to perform a soft reboot. To shut down the Application Gateway: 1 In the Administration Tool, go to the Administration > Maintenance page. 2 Click Shut Down. 26

39 Chapter 3 Network Connection Configuration The following topics describe how to configure Application Gateway network connections: Prerequisites, page 27 Configuring Network Interface Settings, page 28 Configuring Ports, page 29 Specifying DNS Settings, page 29 Adding Host Aliases, page 30 Configuring Routes, page 30 Creating an Application Gateway Cluster, page 34 Specifying the Default URL, page 38 Prerequisites The configuration instructions in this guide assume the following setup: The devices to which you are connecting the Application Gateway, such as a router, are already part of a working configuration. This guide does not, for example, cover the steps for configuring application or web servers. For information on integrating the Application Gateway into your network, refer to the Application Gateway Network Integration Guide. The Application Gateway is installed and connected to a second computer through a serial port. For information, refer to the Application Gateway Quick Start Guide. The Application Gateway Pre-Installation Checklist for your site has been completed. It contains much of the information that you will need to configure the Application Gateway and related applications. 27

40 Chapter 3 Network Connection Configuration Configuring Network Interface Settings Configuring Network Interface Settings The first time that you start the Application Gateway, the serial console prompts you for the IP address and subnet mask for interface 0 (P1) and the IP address of the default gateway device. You can later use the Administration Tool to change those settings. The network interface settings are as follows: IP address and subnet mask for interfaces 0 and 1 The Application Gateway is typically connected to a router through the Application Gateway Interface 0 port. If the Application Gateway straddles networks, you will need to use both Interfaces 0 and 1 to connect the Application Gateway to the networks. If your call server and/or LDAP server are on different network segments from the signaling servers, you will need to use both interfaces. The IP address for Interface 0 is preconfigured to Duplex mode for each interface Duplex mode is either auto, full duplex, or half duplex. Use the default setting, auto, unless you need to change it. Maximum transmission unit (MTU) for each interface The MTU defines the maximum size of each transmitted packet. The default is Use the default setting unless you need to change it. The interface (0 or 1) and IP address of the default gateway device, such as the main router or firewall. This should be the same as the Default Gateway setting that you would find on computers on the same subnet. To change the network interfaces settings, go to the Network > Interfaces page of the Application Gateway Administration Tool. 28

41 Chapter 3 Network Connection Configuration Configuring Ports Configuring Ports The following ports are required for general operation of the Application Gateway. Incoming HTTP port. Defaults to 80. Administration ports 9001 and These ports are not configurable. Design Studio communicates with the Application Gateway through port Application Gateway clusters communicate over ports 9014 and Voice Office applications use additional ports, as described in the Pre-Installation Checklist. Specifying DNS Settings The first time that you start the Application Gateway, the serial console prompts you for DNS settings. You can use the Administration Tool to change the following settings: IP address of the first, second, and third DNS servers. A DNS server needs to be specified only if you use name resolution. Default domain name. Do not precede the domain name with a dot (. ). For example, specify site.com, not.site.com. WINS server address. To configure DNS settings, go to the Network > DNS page of the Application Gateway Administration Tool. 29

42 Chapter 3 Network Connection Configuration Adding Host Aliases Adding Host Aliases You can map Application Gateway host names to IP addresses. The host aliases that you define override DNS settings. Although the Application Gateway does not include an NIS client and thus does not support commands such as ypbind and nslookup, name resolution libraries can resolve Application Gateway host names by checking the /etc/hosts file. To add, review, or remove host aliases, go to the Network > Hosts page of the Application Gateway Administration Tool. Note To clear a host alias, select the host and click Clear Host. Configuring Routes You can configure the Application Gateway to listen for the routes published by your routing server(s) or to use static routes that you specify. The Application Gateway supports the Routing Information Protocol (RIP 2). If you use both network interface cards for separate network numbers on the Application Gateway, you must define a static route so that the Application Gateway can appropriately handle the traffic destined for the network segment connected to the second Ethernet port. The Default Gateway field on the Network > Interfaces page is relevant to both dynamic and static routing. If you enable the Dynamic Gateway option (when configuring dynamic routing), the default gateway will be based on the routing table, not on the value entered in that field. If you add a static route, choose the Application Gateway interface not being used by the default gateway. The following topics describe how to work with routes: Configuring Dynamic Routing, page 31 Adding, Testing, and Removing a Static Route, page 32 Static Route Example, page 33 30

43 Chapter 3 Network Connection Configuration Configuring Routes Configuring Dynamic Routing When you choose dynamic routing, the Application Gateway operates as follows: It listens for route information published through RIP and automatically populates its routing table. If the Dynamic Gateway option is enabled, the Application Gateway uses the default gateway providing by dynamic routing, rather than the value specified on the Network > Interfaces page. It disables any static routes created for the Application Gateway. If you later choose to disable dynamic routing, any previously created static routes will redisplay in the Application Gateway routing table. To configure dynamic routing: 1 In the Application Gateway Administration Tool, go to the Network > Routes page. 2 Select the Dynamic Routing check box. Selecting that option disables the static routes area. If there are static routes defined, they no longer display in the routing table although they are still available should you wish to switch back to static routing. 3 If you want to use the default gateway provided by the routing server(s), rather than the one specified in the Network > Interfaces page, select the Dynamic Gateway check box. Note The use of a dynamic gateway is reflected on the Network > Interfaces page as shown below: 4 The Routing Protocol defaults to RIP. 5 Choose the Application Gateway interface(s) to be used for dynamic routing. Typically, your routing server(s) are inside your firewall, so you would choose an internal-facing interface for this setting. 6 Click Add Route Info. Dynamic routes are not displayed in the Application Gateway routing table. 31

44 Chapter 3 Network Connection Configuration Configuring Routes Adding, Testing, and Removing a Static Route If your site is not using a routing server, you will need to add a static route from the Application Gateway to any subnet that is not automatically available through your default gateway. Set up static routes on the Application Gateway interface not being used by the default gateway. The default gateway is specified on the Network > Interfaces page. For an example static route setup, see Static Route Example, page 33. To add a static route: 1 In the Application Gateway Administration Tool, go to the Network > Routes page. 2 Enter the IP address of the destination LAN (that is, to the network to which the Application Gateway will route traffic). For example, if the IP address of that network is and the subnet mask of that network is , enter for the destination LAN. 3 Enter the subnet mask for the destination network. 4 Enter the IP address for the default gateway of the destination network. If you do not specify a gateway, the Application Gateway can access content only on the local network. 5 Select the Interface for the static route (that is, the interface over which the traffic will be sent out). Typically you will set this to eth1. 6 Click Add Route Info. To test a static route: 1 From the Application Gateway serial console, type 1 (Ping). 2 Enter the host IP address for the device you want to ping and press Enter. If you are successfully communicating with the other machine, messages will appear saying that the same number of packets were transmitted and received, and zero packets were lost. If you are not communicating with the other machine, the status messages indicate that zero packets were received and all the packets were lost. Return to Step 1 and recreate the static route. 32

45 Chapter 3 Network Connection Configuration Configuring Routes Static Route Example To remove a static route: 1 In the Application Gateway Administration Tool, go to the Network > Routes page. 2 In the Static Route Table, select the check box for each route that you want to delete. 3 Click Remove Static Route. Suppose the IP address of the interface 0 port on your Application Gateway is and there has been a request to access information at , to which you currently have no path. You can create a static route through the Ethernet port that is not set as your Application Gateway default gateway, and out to the requested network address, as shown. The figure shows the following connections: The interface 0 port (IP address ) leads to the default gateway (IP address ), which connects to the rest of the network. 33

46 Chapter 3 Network Connection Configuration Creating an Application Gateway Cluster The interface 1 port (IP address ) is set to communicate with the network and its gateway (IP address ). Through this gateway, the interface 1 port can communicate with the network, and the server at IP address To set up this static route, you need to establish the path between the interface 1 port and IP address To set up the example static route: 1 Go to the Network > Routes page. 2 Set the IP address of the destination LAN to Set the subnet mask for the gateway device. 4 Set the IP address of the default gateway to Choose eth1 as the gateway device interface. 6 Click Add Route Info. Creating an Application Gateway Cluster To use voice applications across IP phones that are associated with multiple Application Gateways, you must group the Application Gateways into a cluster. An Application Gateway cluster enables IP phones to send alerts and pages to distribution lists and zones that include phones from all Application Gateways in the cluster. Smart Agent also works across clusters. 34

47 Chapter 3 Network Connection Configuration Creating an Application Gateway Cluster Note If you have multiple Application Gateways and do not group them in a cluster, IP phones can send alerts and pages only to the phones associated with the same Application Gateway. An Application Gateway processes requests only for the IP phones that are registered to it. However, all Application Gateways in a cluster share a cluster-wide device registry so that alerts and pages can be sent to distribution lists or zones comprised of the phones registered to any Application Gateway in the cluster. When you add an Application Gateway to a cluster, the cluster-wide distribution lists and zones take precedence over those previously created on that Application Gateway. An Application Gateway sends device registry changes to the cluster thus resulting in each cluster member having a complete list of devices managed by the cluster. The Application Gateway that is a device s owner is synchronized first and then the rest of the cluster is updated. The device registry is always synchronized across the entire cluster whenever a new device is created or when a device s attributes change (such as IP address, DN, license state). 35

48 Chapter 3 Network Connection Configuration Creating an Application Gateway Cluster Cluster Prerequisites Application Gateway clusters are intended as a site solution and not a cross-geographical solution. The Application Gateways must be connected through a high-bandwidth connection. You can include up four Application Gateways per cluster. The time required for initial start-up will increase as the size of the cluster-wide device list that is broadcast across the cluster increases. For additional information about capacity, refer to the Application Gateway Release Notes. For more information about push operations with a cluster, see Broadcast Server Operation with Clusters, page 72 and Paging Setup and Operation with Clusters, page 82. The following topics describe how to work with clusters: Cluster Prerequisites, page 36 Creating a Cluster, page 37 Maintaining a Cluster, page 38 Before you create a cluster, verify that the following tasks are complete: Install and configure each Application Gateway that is to be a member of the cluster. The Application Gateways in a cluster can straddle networks (be on different subnets). Configure the IP/DN map source for each Application Gateway. Complete the Voice Office configuration for each Application Gateway. You must configure each Application Gateway with the Broadcast Server URL. Note To support the creation of an IP/DN map, the Application Gateway must be on the same LAN segment as the call server. The Application Gateway must communicate with the call server via its Embedded LAN (ELAN) to retrieve information for the IP/DN map. 36

49 Chapter 3 Network Connection Configuration Creating an Application Gateway Cluster Creating a Cluster To create a cluster, you add Application Gateway IP addresses to the Network > Cluster page. Because there are no primary or secondary Application Gateways in a cluster, you can configure the cluster from any Application Gateway. When you add an Application Gateway to a cluster, the Application Gateway that is processing the request broadcasts the cluster configuration file to all other cluster members. Thus, each Application Gateway becomes aware of the new cluster member. Note The administration password on the Application Gateway used to synchronize a cluster must match the password on the Application Gateway used to create the cluster. To add an Application Gateway to a cluster: 1 In the Administration Tool, go to the Network > Cluster page. 2 Enter the IP address of the Application Gateway to be added to the cluster. Note Be sure to also add the IP address of the Application Gateway from which you are creating the cluster. 3 Click Add Member. 4 When you have completed adding members, click Sync Cluster. Repeat this step on each Application Gateway in the cluster. When you synchronize a cluster, the Application Gateway broadcasts the cluster information to all cluster members. 5 Synchronize each Application Gateway with the call servers (Operation > Voice Office > IP Phone page). 37

50 Chapter 3 Network Connection Configuration Specifying the Default URL Maintaining a Cluster You must update or synchronize a cluster as follows: If the IP address of an Application Gateway changes, you must update the Network > Cluster page to reflect the change. When you add a member to an existing cluster, you must re-synchronize the cluster so that each Application Gateway will be aware of the new member. When you make IP/DN mapping changes, add phones, or remove phones, you must re-synchronize the cluster so that each Application Gateway will have the updated information. Specifying the Default URL The default URL is the URL that the Application Gateway will send if an IP phone attempts to access the Application Gateway directly. For example, an IP phone might be configured to access the Application Gateway for its home page or as the menu displayed when the user presses a defined soft key. Note For information on how to set up IP phones to access the Application Gateway, see Enabling Communication between the Phones and Application Gateway, page 44. You can choose the following for the Default URL setting: Voice Office Menu This option appears only if you license Voice Office applications. When those applications are licensed, the Default URL is automatically set to Voice Office Menu. When the Default URL is set to Voice Office Menu and an IP phone user connects to the Application Gateway, the IP phone will display the licensed list of applications available to the user, along with the submenu for the applications configured in Design Studio. If you do not want the submenu to appear, go to the Operation > Voice Office > Menu page and deselect the Add Application Menu check box. 38

51 Chapter 3 Network Connection Configuration Specifying the Default URL Guest Voice Service This option appears only if you license Guest Services. Choose this option to display the Guest Services application on IP phones. Custom URL Choose Custom URL if you have your own portal page and the Application Gateway is operating as the default gateway. To change the Default URL for one or both interfaces, go to the Operation > General page of the Application Gateway Administration Tool. 39

52 Chapter 3 Network Connection Configuration Specifying the Default URL 40

53 Chapter 4 Voice Office Configuration Requirements The following topics describe the configuration requirements and options applicable to Voice Office applications: Voice Office Application Prerequisites, page 41 Customizing the Voice Office Menu, page 42 Enabling Communication between the Phones and Application Gateway, page 44 Enabling Automatic Dialing, page 46 Specifying a Source for Phone IP-to-DN Mappings, page 46 Voice Office Application Prerequisites Before configuring the Voice Office applications, complete the following tasks: Refer to the Nortel support site for the latest firmware releases. Complete the Application Gateway Pre-Installation Checklist. Install and complete the initial configuration of the Application Gateway as described in the Application Gateway Quick Start Guide. Note If a Network Address Translation (NAT) device is between the Application Gateway and the phones, you must enter the NAT IP address on the Network > Interfaces page. The Application Gateway advertises the NAT IP address in messages relating to setting up audio streams, as required by UNISTIM. NAT is supported for Express Directory and transformed applications. 41

54 Chapter 4 Voice Office Configuration Requirements Customizing the Voice Office Menu If you have license files that have not been uploaded to the Application Gateway, use the Application Gateway Administration Tool to upload them, as described in Managing Licenses, page 11. Customizing the Voice Office Menu The Voice Office Menu displays on the screens of Nortel IP Phone 2002/2004 when the phone user presses the Expand key. The Voice Office Menu displays on the screens of Nortel IP Phone 2007 when the phone user taps the Prime GXAS key. You can customize the Voice Office Menu as follows: Add an Exit soft key to the menu. The Exit soft key can be set to a destination that contains content transcoded for display on a Nortel IP telephone screen. For example, the destination might be a page on your Application Gateway. Remove the Application Menu from the Voice Office Menu. By default, the Voice Office Menu contains a link to the Application Menu, which is a portal to the applications that you define through the Application Menu editor in Design Studio. If no applications have been added to the Application Menu, the message Application Menu not configured appears in place of the Application Menu. Remove applications from the Voice Office Menu. By default, the Voice Office Menu lists all applications that are licensed. If you do not want an application to appear on the Voice Office Menu, you can remove it. Add a link to a custom application to the Voice Office Menu. By default, the Voice Office Menu lists only the applications that you have licensed. You can add a custom application to the Voice Office Menu. To customize the Voice Office Menu: 1 Open the Application Gateway Administration Tool: From a web browser, enter the URL 2 Go to the Operation > Voice Office > Menu page. 42

55 Chapter 4 Voice Office Configuration Requirements Setting the Language of the Voice Office User Interface 3 To add an Exit soft key to the Voice Office Menu, select the Add Exit Soft Key check box and enter the full URL of the destination, such as 4 To change the applications shown in the Voice Office Menu, clear the checkbox for a Voice Office application or the Application Menu. 5 To include the Application Menu on Nortel 1120 and 1140 phones, select the Nortel 1140e/1120e checkbox. If this checkbox is not selected, the 1120/40 phones will not display any URL softkeys sent with Broadcast Server alerts. The 1120/1140 phones must have a mouse device to enable navigation in Web applications. 6 To include a link to a custom application, select the Add Custom Application check box and enter the name to appear in the menu and the full URL of the application, such as 7 Click Submit. The Application Gateway restarts and will be inaccessible to the phones until the phone attempts to reconnect to the Application Gateway. Connection attempts occur automatically according to the Watchdog timer interval. A phone user can also force a reconnection by restarting the phone. Setting the Language of the Voice Office User Interface By default, Voice Office screens display in English on IP phones. To change the user interface language used for Voice Office, go to the Operation > General page and choose a language from the IP Phone UI Language menu. 43

56 Chapter 4 Voice Office Configuration Requirements Enabling Communication between the Phones and Application Gateway Enabling Communication between the Phones and Application Gateway To support Nortel IP Phone 2007, you must specify the port over which the Application Gateway and phones will communicate. You must point all phones to the Application Gateway by configuring DHCP or by configuring each phone. This one-time setup applies to all Application Gateway Voice Office applications. Configure an AG port for communication with IP Phone 2007: 1 Open the Application Gateway Administration Tool: From a web browser, enter the URL 2 Go to the Operation > General page. 3 Specify a port number for communication with Nortel IP Phone Specify whether the display on IP Phone 2007 should automatically return to the Voice Office menu: To prevent the phones from automatically displaying the Voice Office menu, use the default setting ("0") for GXAS Foreground Timer. To display the Voice Office menu automatically on IP Phone 2007, specify how long, in seconds, the display should remain on TPS before switching to the Voice Office menu. The minimum display time is 30 seconds. 5 Click Submit. To configure your DHCP server: 1 Append the Application Gateway IP address (shown in bold below) to the Nortel DHCP option that is currently used to specify the primary server (S1) and secondary server (S2) information: Nortel-i2004-A,S1IP:S1Port,S1ActionCode,S1RetryCount; S2IP:S2Port,S2ActionCode,S2RetryCount; AGIP:AGPort,AGActionCode,AGRetryCount where AGActionCode is "1" for GXAS (the preferred mode for 1100 series and 2007 IP phones) series phones ignore AGActionCode and register with XAS. To set 1100 series or 2007 IP phones to XAS mode (not recommended), specify "0". 44

57 Chapter 4 Voice Office Configuration Requirements Enabling Communication between the Phones and Application Gateway 2 If the DHCP setting on the Nortel IP phones is set to "0" (No), instruct your IP phone users to change the setting to "1" (Yes). To configure individual phones to communicate with the Application Gateway: For IP Phone 2002/2004: a Power cycle the phone, wait for Nortel Networks to flash, and then press the four keys below the display in order from left to right (OK - BkSpace - Clear - Cancel). The phone is now in manual configuration mode. b Press OK until the prompt "Cfg XAS?" displays. XAS is the external Application Server. You will configure the Application Gateway as the XAS. c Press 1 and then press OK. The next prompt is for the XAS IP address. Enter the IP address of your Application Gateway and then press OK. For IP Phone 2007: a b c Tap the Tools Menu icon and then select Network Configuration. Scroll down to the XAS option and enter the IP address of the Application Gateway. Select the GXAS checkbox and enter a port for communication with the Application Gateway. (This port must match the GXAS port configured on the Operation > General page of the Application Gateway Administration Tool as described in Configuring the Graphical XAS (GXAS) Port on the Application Gateway, page 46.) GXAS is the recommended mode of operation with the Application Gateway. Note If you do not select the GXAS option, the IP Phone 2007 will operate like the IP Phone GXAS mode is the preferred method of communicating with the Application Gateway. d Tap Apply & Reset. 45

58 Chapter 4 Voice Office Configuration Requirements Enabling Automatic Dialing Configuring the Graphical XAS (GXAS) Port on the Application Gateway The GXAS Port is required for AG operation with Nortel 2007 IP phones. The port specified on the Operation > General page of the Application Gateway Administration Tool must match the port entered in the phone's Network Configuration settings. The GXAS Foreground Timer controls whether the display on Nortel 2007 IP phones automatically returns to the Voice Office menu from TPS after a specified duration. To prevent the phones from automatically displaying the Voice Office menu, use the default setting, 0. To display the menu automatically, specify the number of seconds the display should remain on TPS before switching to the menu. The minimum display time is 30 seconds. Enabling Automatic Dialing Express Directory and Visual Voic provide for automatic dialing of directory numbers (DNs). The automatic dialing will not work unless Hands Free Activation (HFA) is enabled as part of the Class of Service (CLS) options during set provisioning on the Communication Server If HFA is not enabled, the telephone user must pick up the handset or press a Line out button to initiate the call. Specifying a Source for Phone IP-to-DN Mappings Voice Office operation requires a mapping of phone IP addresses and DNs. You must specify a source for the Application Gateway to obtain a mapping of IP addresses to extensions (DNs): For Nortel Communication Server, the information for the mapping can be obtained from the signaling and call servers. For sites using Communication Server 1000, release 4.0, you configure a connection between the Application Gateway and one signaling server, which provides the Application Gateway with information from all connected call servers. For sites using two signaling servers with Communication Server 1000, release 4.5, you configure a connection 46

59 Chapter 4 Voice Office Configuration Requirements Specifying a Source for Phone IP-to-DN Mappings between the Application Gateway and one signaling server, which provides the Application Gateway with information from all connected call servers. When a phone connects to the Application Gateway, the Application Gateway uses the phone s MAC address to look up the extension in the map. A phone cannot obtain a license unless the phone s extension appears in the IP/DN map. Once a phone is licensed, it holds the license, even when it is idle. The Application Gateway and its companion voice applications support multiple phones that share a DN. Each phone sharing a DN appears in the License Monitor (by MAC address) and can be managed independently. Note A licensed phone occupies one session. Refer to the Application Gateway Release Notes for information on Application Gateway capacity (that is, the number of concurrent sessions supported). Deployment Notes To support the creation of an IP/DN map, the Application Gateway must be on the same LAN segment as the signaling server to retrieve information for the IP/DN map. If you want a separate administrator account on the PBX for log ins from the Application Gateway, the administrator account requires overlay 81 and 117 access only. You must also enable multi-user login on the call server and signaling server. This ensures a speedy and complete synchronization. Port speed can also impact the integrity of the data received during synchronization. When user traffic reaches the concurrent session capacity, you can increase capacity by installing additional Application Gateways, all pointing to the same Nortel Messaging server. Because a load balancer can handle only HTTP signaling, you will need to configure groups of phones to use a particular Application Gateway by pointing their application server setting to the IP address of the Application Gateway. Refer to the Application Gateway Release Notes for additional information about capacity, deployment, and operation. 47

60 Chapter 4 Voice Office Configuration Requirements Specifying a Source for Phone IP-to-DN Mappings Configuring a Call Server or CSV Connection The following one-time setup applies to all Voice Office applications. To configure a call server or CSV connection: 1 Open the Administration Tool: From a web browser, enter the URL 2 Go to the Operation > Voice Office > IP Phone page. 3 Select the source to be used to map extensions (DNs) to IP addresses. 4 If you selected a call server, complete these fields for the signaling server. If your site uses more than one signaling server, you specify just one signaling server (which automatically obtains information from the other signaling server). Note Typical sites have one signaling server deployed. However, larger sites might have a primary and secondary signaling server or two signaling servers that are load balanced. a. The signaling server IP address and Telnet port. b. The customer number (used by the call server if it is configured for more than one customer). Customer Number defaults to 0. c. The credentials for the call server and signaling server. 5 If you selected CSV, complete these fields: Note For CSV file requirements, see CSV File Format Specifications, page 49. a. The URL of the Web server where the CSV file resides ( b. The credentials required to access the URL, if required. 6 Choose a schedule for synchronizing the Application Gateway with the signaling/call servers or a CSV file. 48

61 Chapter 4 Voice Office Configuration Requirements Specifying a Source for Phone IP-to-DN Mappings Note If a signaling or call server is unavailable during a scheduled update, the last available mapping is used. If you use a CSV file, you must ensure that an updated CSV file is available for the Application Gateway synchronizations. The Application Gateway system log (Logging > System Log) contains status information, as described in Interpreting the System Log, page Click Submit. CSV File Format Specifications The CSV-formatted file that you make available to the Application Gateway for IP-to-DN mapping must follow these requirements: Comma-delimited text file with an extension of.csv, hosted in the root directory of a web server. Field order must be Extension,IP Address For example: 5017, , , The file must not contain any spaces or blank lines. A record is one line. Records must be separated by a line feed (ASCII/LF=0x0A) or carriage return and line feed pair (ASCII/CRLF=0x0D 0x0A). Fields may contain embedded line breaks, therefore, a record can occupy more than one line. Embedded line breaks must be surrounded by double quotation marks. 49

62 Chapter 4 Voice Office Configuration Requirements Specifying a Source for Phone IP-to-DN Mappings 50

63 Chapter 5 LDAP/CSV Directory Configuration You can configure the Application Gateway to obtain directory information from one or more LDAP directories and/or CSV directory files. The Application Gateway uses directory information for the Voice Office applications as follows: Express Directory and Visual Voic The Application Gateway displays directory information in Express Directory and Visual Voic . Broadcast Server The Application Gateway uses directory information to generate distribution lists in the Broadcast Server. The Application Gateway uses the telephone attribute(s) to locate the associated department name in a directory. The Application Gateway sends the Department attribute information to the Broadcast Server where it is used to update the distribution list. Zone Paging The Application Gateway uses the directory "department" attribute to create paging zones. The automatically created zones cannot be modified or removed. To configure the Application Gateway to obtain directory information, you specify the connection information, the attributes to be used by Voice Office applications, and a synchronization (LDAP) or upload (CSV) schedule. The following topics describe the Express Directory application and explain how to configure the Application Gateway to obtain directory information: Express Directory Overview, page 52 Configuring the Application Gateway to Use LDAP Directories, page 54 51

64 Chapter 5 LDAP/CSV Directory Configuration Express Directory Overview Looking Up Attributes in Your LDAP Directory, page 60 Configuring the Application Gateway to Use Directory Files in CSV Format, page 63 Adding Dialing Rules, page 66 Synchronizing the Application Gateway with Your Directories, page 67 Express Directory Overview Express Directory provides users of supported Nortel Internet telephones with convenient access to LDAP directories and to directories saved in CSV (Comma-Separated Value) format. You configure the Application Gateway to obtain directory information from one or more LDAP directories and/or CSV directory files. The Application Gateway transcodes directory information for display on Nortel Internet telephones. For LDAP directories, the Application Gateway connects to each LDAP server as shown. The Application Gateway supports LDAP version 3 and Nortel Messaging LDAP version 2. Supported LDAP directories include Microsoft Active Directory, OpenLDAP, and SunONE/iPlanet LDAP. The Application Gateway automatically detects the version in use. For directories that can be saved in CSV format, you point the Application Gateway to the location on an FTP server where you have saved each directory file. 52

65 Chapter 5 LDAP/CSV Directory Configuration Express Directory Overview Express Directory Features IP telephone users view directory information by choosing Express Directory from the Voice Office menu. If you have multiple directories, the Application Gateway can display a submenu of directories under Express Directory in the Voice Office menu. For example, the Express Directory submenu might contain choices such as Corporate, Customers, and Vendors. Alternatively, the Application Gateway can combine all directories so that the Nortel IP telephone user searches one combined directory. If an individual has unique entries in more than one of the combined directories, the Express Directory displays each entry. Express Directory includes the following features for Nortel IP telephone users: Provides simple access to your company directory. To use Express Directory, an IP telephone user presses the Expand key, selects Express Directory from the Voice Office menu. If you have configured the Application Gateway to display several directories individually (not combined), the user selects a directory name from the Express Directory submenu before starting a search. By default, displays each name as two Directory entries: First Name Last Name and Last Name, First Name. For example, Manuel Denz is listed as Manuel Denz and Denz, Manuel. You customize Directory entries through the Application Gateway Administration Tool, as described in Configuring the Application Gateway to Use LDAP Directories, page 54 and Configuring the Application Gateway to Use Directory Files in CSV Format, page 63. Displays for a selected name the associated address and telephone numbers, if those attributes are defined in your directory. Enables an IP telephone user to call a number by selecting it in Express Directory. You can configure the prefixes to be dialed with telephone numbers as follows: Each configured directory can have its own prefix, as described in Specifying LDAP Attributes for Voice Office Operations, page 57. A prefix can also be assigned to all directories, as described in Adding Dialing Rules, page

66 Chapter 5 LDAP/CSV Directory Configuration Configuring the Application Gateway to Use LDAP Directories Note The Application Gateway distribution includes a document, Using Express Directory on Nortel Internet Telephones, that you can change as needed and distribute to IP telephone users. Configuring the Application Gateway to Use LDAP Directories Note These instructions assume that you have completed the configuration described in Voice Office Configuration Requirements, page 41. To configure the Application Gateway to use one or more LDAP directories Voice Office applications, you specify the following information in the Application Gateway Administration Tool: The total number of directories (both LDAP and CSV) that you want to use. IP telephone users can access all directories through Express Directory. Whether you want to combine the directories for the Express Directory list on the IP telephone. If you keep the directories separate, you will specify a Directory Title to display as a submenu item under Express Directory in the Voice Office menu. If you use multiple directory sources, but do not combine them, Broadcast Server and Zone Paging will use only the first directory source defined. If you combine directory sources, those applications will use all directories. LDAP server connection information for each directory. You also specify the LDAP attributes to be displayed in Express Directory and used to control Voice Office operation, as described in Specifying LDAP Attributes for Voice Office Operations, page 57. To specify LDAP server connection information: 1 Open the Application Gateway Administration Tool: From a web browser, enter the URL 2 Go to the Operation > Voice Office > Directory page. 54

67 Chapter 5 LDAP/CSV Directory Configuration Configuring the Application Gateway to Use LDAP Directories 3 To add a directory source, click New Source. To change an existing source, choose it from the Configure Source menu. 4 To combine multiple directories into one directory, select the Combine Sources checkbox. If this checkbox is selected for any source, all sources will be combined. If you combine directories, Express Directory users will search one, combined directory, accessible from the Express Directory menu. If you do not combine directories, Express Directory users will choose a directory name from the Express Directory submenu. Users might find it more convenient to select from a submenu containing entries such as Departments, Staff, and Services than to search a combined directory. 5 If you are not combining directories, enter a short, descriptive title for the LDAP directory that you are configuring. This title will display in the submenu that appears when an IP telephone user selects Express Directory. 6 From Data Source, choose LDAP. 7 Complete the LDAP Server Connection fields as follows. Field Server and Server Port Description The IP address or host name and port for your LDAP server. The LDAP Server Port defaults to 389. If you are using an indexed database, such as Microsoft Active Directory with a Global Catalog, changing the LDAP Server Port to 3268 will significantly speed the LDAP queries. Note If your directory is not indexed, we recommend that you use an administrative connection, rather than an anonymous connection, from the Application Gateway to the database. Download performance improves when you use an administrative connection. 55

68 Chapter 5 LDAP/CSV Directory Configuration Configuring the Application Gateway to Use LDAP Directories Field Bind DN and Password Base DN Authentication Description The Administrator Bind DN and password for queries to your LDAP directory. The AG binds to the LDAP server using the administrator credentials and then searches for the user. After locating the user, the AG unbinds the administrator credentials and rebinds with the user credentials. Example syntax for Bind DN: "ou=administrator,dc=ace,dc=com" "user@domain.name" (Active Directory User Principal Name, UPN) "cn=administrator,cn=users,dc=ace,dc=com" (Active Directory) For Active Directory, if you do not use the UPN for the Bind DN, the group name (specified as "cn=groupname") is required. For other LDAP directories, the group name either is not required or, if required, is specified as "ou=groupname". Note that most directories do not return useful information on anonymous binds. The Base DN to be used as a starting point for directory searches. Base DN is usually derived from the Bind DN by removing the user name and specifying the group where users are located. Example syntax for Base DN: "ou=users,dc=ace,dc=com" "cn=users,dc=ace,dc=com" (Active Directory) The authentication method to use between the Application Gateway and the LDAP server. The Application Gateway currently supports Simple authentication. You do not need to submit your changes or restart the Application Gateway until after you have finished specifying Directory settings. 56

69 Chapter 5 LDAP/CSV Directory Configuration Configuring the Application Gateway to Use LDAP Directories Specifying LDAP Attributes for Voice Office Operations The Operation > Voice Office > Directory page also contains settings that specify the LDAP attributes to be displayed in Express Directory and used to control Voice Office application operations. If you are unfamiliar with the LDAP attributes for your site, see Looking Up Attributes in Your LDAP Directory, page 60 for information on a free LDAP browser that displays the structure of your LDAP directory and its attributes. To specify LDAP attributes: 1 Complete the LDAP Attributes fields as follows. Field Name Surname First Name Description The full name (common or display name) to be displayed in Express Directory or used by other Voice Office applications. Name defaults to "cn" and is typically set to "cn" or "displayname". The last name to be used by Voice Office applications. For correct display the surname (sn) must match the last name portion of the cn attribute. Is displayed in the directory as Surname (last name), followed by the delimiter ", " and the First Name. For example, Denz, Manuel. Defaults to "sn". The first name to be used by Voice Office applications. For correct display the First Name must match the first name portion of the cn attribute. Defaults to "givenname". The address. Defaults to "mail". 57

70 Chapter 5 LDAP/CSV Directory Configuration Configuring the Application Gateway to Use LDAP Directories Field Telephone Labels and Fields Title Department Search Filter Description You can specify one to three Telephone numbers to be displayed by Express Directory and Visual Voic . Also, the Application Gateway uses the telephone attribute(s) to locate the associated department name in a directory for Broadcast Server distribution lists. The three fields default to "telephonenumber", "mobile", and "extension". The fields can be changed to any other attribute representing the phone number that you wish to display (such as "homephone"). If your directory contains multiple entries for the chosen attribute, Express Directory displays all of them. The labels that you enter will display in Express Directory. By default, the telephone number displayed is the full number, along with any prefixes configured for each directory (as described in Specifying LDAP Attributes for Voice Office Operations, page 57) and configured globally (as described in Adding Dialing Rules, page 66). If a telephone number exceeds telephone s characters per line limit, the number will not display. To shorten the number, consider removing spaces or omitting the label. For some sites the telephone numbers need to be customized, for example, to display only the last four digits. You can customize the telephone numbers, as described in Adding Dialing Rules, page 66. Title information. Defaults to "title". Department information to be displayed in Express Directory and Visual Voic . The Application Gateway also uses a phone s extension to look up the corresponding Department in the directory. Broadcast Server uses the Department information to update the distribution list. Broadcast Server truncates distribution list and department names longer than 51 characters. Zone Paging uses the Department information to update the zone list. Zone Paging truncates zone names longer than 59 characters. Defaults to "department". The LDAP search filter used to limit the results returned to the Application Gateway. Defaults to "objectclass=*". You can specify more than one search filter. Note: If you use the message forwarding feature of Visual Voic and you specify a Nortel Messaging server as the alternate LDAP server, you must set this filter to "givenname=*" and select the checkbox for Search LDAP Directory by 'First Name'. 58

71 Chapter 5 LDAP/CSV Directory Configuration Configuring the Application Gateway to Use LDAP Directories Field Search LDAP Directory by Description The attributes to be used during a search to form the list of names. The names list is built according to the selected attributes, as follows. Name (first and last name, typically the common name or display name attribute): Name is typically formatted as First Name, space, Surname or might be formatted as Surname, comma, space, First Name. Sometimes, LDAP will include two Name entries to cover both of those name forms. When the Name checkbox is selected, the list of names searched includes the values for all Name attributes, unchanged. Surname (last name): When the Surname checkbox is selected, the list of names includes entries formed by appending the First Name to the Surname. First Name: When the First Name checkbox is selected, the list of names includes entries formed by appending the Surname to the First Name. The structure of your LDAP directory determines which of the attributes will produce the best search results: If there is one Name entry formatted as FirstName Surname, select Name (to include an entry that starts with the first name) and select Surname (to include an entry that starts with the last name). If a directory does not use the First Name attribute (or the attribute is empty), Express Directory infers the first name from the combination of the Name and Surname. If there is one Name entry formatted as Surname, FirstName, select Name (to include an entry that starts with the last name) and select First Name (to include an entry that starts with the first name). If your LDAP directory is inconsistently structured, you might need to select multiple checkboxes to cover all cases, resulting in some duplicate entries. 59

72 Chapter 5 LDAP/CSV Directory Configuration Looking Up Attributes in Your LDAP Directory Field Dial Prefix Description You can specify a dial prefix with each LDAP directory. When a number from Telephone Field 1 is dialed, Express Directory will prepend to the phone number any prefix from the dialing rules specified on the IP Phone page followed by this directory-specific dial prefix. (This prefix does not apply to Telephone Fields 2 or 3.) For example, suppose that you have two directories, A and B. A call to directory A requires the prefix 5 and a call to directory B requires the prefix 6. The dialing rule specified on the IP Phone page is 9. Thus, the number for a call to directory A would be 95number and the number for a call to directory B would be 96number. If the same dial prefix is used for all directories, you can specify it on the IP Phone page for all directories. For information on the schedule settings, see Synchronizing the Application Gateway with Your Directories, page Click Submit. 3 Continue as follows: If you have completed configuring all directories, go to Adding Dialing Rules, page 66. To configure another LDAP directory, select the source number from Configure Source and specify the connection and attribute information for that source. To configure a directory in CSV format, select the source number from Configure Source and go to Configuring the Application Gateway to Use Directory Files in CSV Format, page 63. Looking Up Attributes in Your LDAP Directory With the exception of the LDAP Base DN syntax, which is site-specific, the attributes provided on the Operation > Voice Office > Directory page are defaults common to more widely used LDAP directory applications. If a default attribute does not work for your site, you can easily look up the correct attribute with the free LDAP Browser from Softerra. 60

73 Chapter 5 LDAP/CSV Directory Configuration Looking Up Attributes in Your LDAP Directory This topic describes how to use LDAP Browser to look up the information requested on the Directory page. To install and set up LDAP Browser: 1 Download the free LDAP Browser application from 2 Install LDAP Browser and open it. 3 From the LDAP Browser window, choose File > New Profile and specify the following settings: 4 Click Finish. Host: Host name or IP address of your LDAP server. Port: Defaults to 389. Base DN: You can leave this field blank. (The information provided by the LDAP Browser will help you determine the Base DN needed for the Express Directory page.) Anonymous Bind: Select the checkbox if the LDAP server does not require credentials to connect to it. If the LDAP server requires credentials, leave the checkbox cleared, click Next, and enter the credentials. The LDAP Browser displays the profile name that you just created in the left pane of the LDAP Browser window and connects to the LDAP server. To look up LDAP attributes: 1 In left pane of the LDAP Browser, select the profile name that you created. 2 To look up the Base DN, locate in the right pane the namingcontexts attribute. The value of that attribute is the Base DN for your site. The Base DN is typically "dc=mydomain,dc=com" (if your directory tree is based on Internet domain names) or "ou=domain,o=myorg,c=country". 3 Note the objectclass entries. The LDAP Search Filter on the Express Directory page defaults to "objectclass=*" which will search all classes listed. You do not need to change that default unless you need to narrow the search. 4 To look up the attributes associated with people, such as name and phone numbers: a. Double-click the folder at the top of the right pane. 61

74 Chapter 5 LDAP/CSV Directory Configuration Looking Up Attributes in Your LDAP Directory In the following example, the directory contains only one "dc" folder. Your site might have more than one "dc" or "ou" folders. The right pane displays the structure for the attribute that you clicked. For example, you might see a "cn" entry for each individual in the LDAP directory or "ou" entries under which you will find individuals or groups. Click through the structure until you locate a list of individuals. b. Double-click the folder for an individual to view the attribute names and compare them to the attributes in the Application Gateway Operation > Voice Office > Directory page. 62

75 Chapter 5 LDAP/CSV Directory Configuration Configuring the Application Gateway to Use Directory Files in CSV Format Configuring the Application Gateway to Use Directory Files in CSV Format If you use one or more directories that can be saved in CSV format, you configure the Application Gateway to upload the directory files via FTP. The CSV files must follow the format described in CSV File Format Specifications, page 65. To configure FTP settings: 1 Open the Application Gateway Administration Tool: From a web browser, enter the URL 2 Go to the Operation > Voice Office > Directory page. 3 To add a directory source, click New Source. To change an existing source, choose it from the Configure Source menu. 4 To combine multiple directories into one directory, select the Combine Sources checkbox. If this checkbox is selected for any source, all sources will be combined. If you combine directories, Express Directory users will search one, combined directory, accessible from the Express Directory menu. If you do not combine directories, Express Directory users will choose a directory name from the Express Directory submenu. Users might find it more convenient to select from a submenu containing entries such as Departments, Staff, and Services than to search a combined directory. 5 If you are not combining directories, enter a short, descriptive title for the CSV directory file that you are configuring. This title will display in the submenu that appears when an IP telephone user selects Express Directory. 6 From Data Source, choose CSV. 63

76 Chapter 5 LDAP/CSV Directory Configuration Configuring the Application Gateway to Use Directory Files in CSV Format 7 Complete the CSV Uploads Via FTP fields as follows: Field FTP Host FTP Path FTP Username and Password Telephone Labels Search Directory by Description The IP address or host name of the FTP server where you have placed a directory file in CSV format. Note: You must ensure that an updated CSV file is available for subsequent synchronizations. The path to and filename of the directory file. Most FTP servers are case-sensitive. Your FTP credentials. You can specify one to three Telephone Labels to correspond to the telephone numbers provided in the CSV file. The labels display with the phone numbers. The attributes to be used during a search. You can select one or more of the following attributes: Surname or First Name. Note: The Name attribute is not available for CSV sources. For information on the schedule settings, see Synchronizing the Application Gateway with Your Directories, page Click Submit. 9 Continue as follows: If you have completed configuring all directories, go to Adding Dialing Rules, page 66. To configure another directory in CSV format, select the source number from Configure Source and specify the connection information. To configure an LDAP directory, select the source number from Configure Source and go to Configuring the Application Gateway to Use LDAP Directories, page

77 Chapter 5 LDAP/CSV Directory Configuration Configuring the Application Gateway to Use Directory Files in CSV Format CSV File Format Specifications The CSV-formatted files that you upload to the Application Gateway must follow these requirements: Comma-delimited text file with an extension of.csv, hosted in the root directory of a web server. The file must be saved with UTF-8 encoding if your directory contains European characters. Field order must be as follows: LastName,FirstName,PhoneNumber1,PhoneNumber2, PhoneNumber3,PhoneNumber4,PhoneNumber5,PhoneNumber6, ,Title,Department Note Phone numbers 4 through 6 are for future use. The following examples illustrate records with one, two, and three phone numbers: Abbott,Lorenz,5031,,,,,,labbott@company.com,Analyst,Accounting Abbott,Lorenz,5031, ,,,,,labbott@company.com,Analyst,Accounting Abbott,Lorenz,5031, , ,,,,labbott@company.com,Analyst,Accounting A record is one line. Records must be separated by a line feed (ASCII/LF=0x0A) or carriage return and line feed pair (ASCII/CRLF=0x0D 0x0A). Fields may contain embedded line breaks, therefore, a record can occupy more than one line. Embedded line breaks must be surrounded by double quotation marks. If a field contains a comma, the comma must be enclosed in double quotation marks (, ). All fields can be enclosed in double quotation marks. Leading and trailing spaces (or tab characters) adjacent to the comma field separators are ignored. If a field contains leading or trailing spaces, those spaces must be delimited with double quotation marks. Fields that contain double quote characters must be surrounded by double-quotes, and the embedded double-quotes must each be represented by a pair of consecutive double quotes. For example: Richard Mac McGregor. 65

78 Chapter 5 LDAP/CSV Directory Configuration Adding Dialing Rules Adding Dialing Rules By default, the full telephone number that is stored in a directory is dialed when the IP telephone user selects a number in Express Directory or Visual Voic . You can customize telephone numbers as follows: You can specify the number of digits to be dialed. For example, you can specify that only the last four digits of numbers beginning with "423500" should be dialed. In that case, if the number in the directory is , the Voice Office application will dial You can specify the prefixes to be dialed with all numbers that are 3 to 5 digits, 6 to 7 digits, and 8 or more digits (as stored in the source directory). Dialing rules apply to all configured directories. You can alternatively specify a prefix for each directory source, as described in Specifying LDAP Attributes for Voice Office Operations, page 57. The prefix specified in a dialing rule will precede the prefix specified for a directory. For example, suppose that you have two directories, A and B. A call to directory A requires the prefix 5 and a call to directory B requires the prefix 6. All calls require a 9 to be dialed first, so the dialing rule specified on the IP Phone page is 9. Thus, the number dialed for a call to directory A would be 95number and the number dialed for a call to directory B would be 96number. Dialing rules are used by the Application Gateway when it looks up LDAP information for Zone Paging and Broadcast Server. The Application Gateway reconstructs the full number from the extension and the dialing rules and then looks up the department for Zone Paging and the department and user name for Broadcast Server. To add dialing rules: 1 Go to the Operation > Voice Office > IP Phone page. 2 If your telephone system does not need to dial the full telephone number that is stored in a directory (perhaps for internal extensions), specify how the number should be trimmed. 66

79 Chapter 5 LDAP/CSV Directory Configuration Synchronizing the Application Gateway with Your Directories For example, numbers that are internal to your telephone system might be stored in a directory as ten digits, yet only the last four digits should be dialed to reach an internal extension. Enter the unique starting numbers of those telephone numbers (such as the first six digits) and choose the number of digits to be dialed (such as the last four digits). 3 Specify the prefixes to be dialed for numbers, based on their length in the directory. The length includes the number plus the dial prefix specified on the Directory page. Use a comma (,), p, or P to insert a one-second pause. For example, "9,1" or 9P1. You must specify prefixes so that Visual Voic can correctly dial returned calls to outside phone numbers. For example, if a 9 is required to access an outside line and the long distance prefix is 1, the phone prefix would be "9,1" or "9p1". (A comma, p, or P inserts a one-second pause.) 4 Click Submit. Synchronizing the Application Gateway with Your Directories The Application Gateway stores information from your directories in order to minimize the response time for directory requests. The attributes stored are determined by the settings that you specify on the Operation > Voice Office > Directory page. When you submit changes to a directory source on the Directory page and then restart the Application Gateway, the Application Gateway automatically synchronizes with the LDAP server or uploads the specified directory file in CSV format via FTP. You should establish a schedule for synchronizing the Application Gateway with your directories, based on the frequency and level of changes in the directories. For example, use an update frequency of one hour for a dynamic environment. 67

80 Chapter 5 LDAP/CSV Directory Configuration Synchronizing the Application Gateway with Your Directories To schedule directory updates: 1 On the Operation > Voice Office > Directory page, choose a directory from the Configure Source menu. You specify one directory update schedule for all configured directories. 2 Choose a frequency from the Update Schedule menu. 3 If you chose Weekly or Monthly, choose the day of the week or month. 4 Choose a time from the Update Time menu. We recommend that you perform changes to Voice Office application settings or start synchronizations when use of the applications is at a minimum, such as overnight. 5 Click Submit. To synchronize the Application Gateway with a directory source immediately: 1 Make sure that you have submitted all configuration changes made in the Application Gateway Administration Tool and restarted the Application Gateway. 2 Go to the Operation > Voice Office > Directory page and choose a directory from the Configure Source menu. 3 Click Synchronize Now. The Application Gateway will synchronize all directory sources. Note To check the status of the synchronization, view the Application Gateway system log (Logging > System Log). 68

81 Chapter 6 Broadcast Server Installation Broadcast Server delivers alerts consisting of text, graphics, audio, and soft keys to Nortel IP telephones. Using a web-based interface to create alerts, the Broadcast Server user targets the alerts for delivery to groups of telephones. The grouping of subscribers (that is, telephones) is based on user-defined distribution lists. The following topics describe Broadcast Server and provide installation instructions: Overview of Broadcast Server, page 70 Hardware and Software Overview, page 73 Software Server Requirements, page 73 Installing Broadcast Server Software, page 74 The installation instructions assume that you have completed the configuration described in Voice Office Configuration Requirements, page

82 Chapter 6 Broadcast Server Installation Overview of Broadcast Server Note The Application Gateway distribution includes a document, Broadcasting to Nortel Internet Telephones from a PC, that you can change as needed and distribute to Broadcast Server users. Refer to the Broadcast Server User Guide for detailed instructions. Overview of Broadcast Server Network Deployment The Broadcast Server requires the Application Gateway for operation. While Broadcast Server provides an interface for creating and scheduling alert delivery, the Application Gateway manages alerts and transforms them for delivery to IP telephones using the UNISTIM API. The Application Gateway also provides Broadcast Server with device and directory information and handles all communication with the IP telephones, media servers, and directory servers. For capacity information, refer to the Application Gateway Release Notes. Each Application Gateway must have enough licenses installed to accommodate the phones to be registered to it. Unless there is a one-to-one mapping between the Application Gateway and call server, the number of licenses to be installed on each Application Gateway can be derived by dividing the number of phones by the number of Application Gateways. Broadcast Server should be deployed on a standalone computer running Microsoft Internet Information Services (IIS). While it is possible to install Broadcast Server on a shared IIS server, that decision should be based on the expected load of the server. Note Other Voice Office applications can be deployed on the Application Gateway used with Broadcast Server. If you install Broadcast Server on a web server that supports multiple web sites, a Broadcast Server virtual directory will be created below the primary site. For information on addressing this issue, see the troubleshooting topic on Broadcast Server, page

83 Chapter 6 Broadcast Server Installation Overview of Broadcast Server Broadcast Server receives alert requests from PCs on your network. Broadcast Server sends alert requests to the Application Gateway, which handles alert scheduling and transmission to IP telephones. There is no direct interaction between Broadcast Server and your IP telephones. If you have a cluster of Application Gateways, a single Broadcast Server broadcasts alerts across the entire cluster. Each Application Gateway in a cluster is responsible for broadcasting alerts only to the devices registered to it. For more information about clusters, see Broadcast Server Operation with Clusters, page 72. Subscriber and Distribution List Source When the Application Gateway detects that an IP telephone has come online, the Application Gateway obtains from the IP telephone its MAC address and uses that address to look up the phone s extension in the IP/ DN map. The Application Gateway sends that information to Broadcast Server where the information is used to update the subscriber list. The Application Gateway sends the department information to Broadcast 71

84 Chapter 6 Broadcast Server Installation Overview of Broadcast Server Server where it is used to update the distribution list. The Application Gateway uses the phone extension to locate the associated department name obtained from the configured LDAP and/or CSV directory sources. For information on configuring the Application Gateway for the IP/DN map, see Specifying a Source for Phone IP-to-DN Mappings, page 46. Broadcast Server Operation with Clusters Note In this topic, the term Primary Application Gateway is used to refer to the last Application Gateway in the cluster that registered with Broadcast Server. All other Application Gateways in the cluster are referred to as Secondary Application Gateways. This use of the terms Primary and Secondary does not imply that clusters support failover for this release. The Primary Application Gateway (the last server in the cluster that registers with Broadcast Server) is the one that receives alerts from Broadcast Server. That Application Gateway then pushes the alert to the rest of the cluster, the Secondary Application Gateways. Application Gateway failure impacts Broadcast Server as follows: When a Secondary Application Gateway in a cluster fails, the phones registered to that Application Gateway will not have access to Voice Office applications and will not be able to receive pages or broadcasts. When a Primary Application Gateway fails, communication from Broadcast Server to the cluster is halted until one of the Secondary Application Gateways re-registers with Broadcast Server. To reregister an Application Gateway with Broadcast Server, restart the Application Gateway. For information on setting up a cluster, see Creating an Application Gateway Cluster, page 34. Cluster capacity is described in the Application Gateway Release Notes. 72

85 Chapter 6 Broadcast Server Installation Hardware and Software Overview Hardware and Software Overview Broadcast Server is a software-only solution requiring installation of the server software on a computer running Microsoft Internet Information Services. Once installed on the IIS server, users may access Broadcast Server to create and manage content to be distributed, via the Application Gateway, to IP telephones. Broadcasts are received in the order in which they are sent. If a phone is busy, a broadcast is queued. Software Server Requirements Broadcast Server is a software component residing inside Microsoft Internet Information Services. As such, the minimum requirements for Broadcast Server are: 1 GHz Intel Pentium CPU with 256MB RAM and 50MB hard disk space. Windows 2000 Server SP4, Windows XP Service Pack 2, or Windows 2003 Server SP1. Microsoft Internet Information Services (IIS) 5.0 for Windows 2000 or Microsoft IIS 6.0 for Windows 2003 with ASP enabled; Windows XP (limited). Note If your distribution list has 10 or fewer entries and you have a small number of phones, you can also alternatively install BCS on Windows XP and use Microsoft IIS 6.0 for Windows XP. A limitation of Windows XP is that it cannot handle more than 10 concurrent requests. As a result, if this limit is exceeded, IIS will not receive confirmations from the Application Gateway and thus will send duplicate alerts to some subscribers. In addition, Windows XP can subscribe only 10 phones at a time. ActiveX controls must be downloadable from the Web server. The server must have a static IP address. Microsoft Internet Explorer 5.0 or higher. 73

86 Chapter 6 Broadcast Server Installation Installing Broadcast Server Software The server must be configured to use the same NTP time server as the Application Gateway. Client requirements fall into two categories users and subscribers Users: Microsoft Internet Explorer 5.0 or higher Subscribers: Supported Nortel IP telephones (refer to the Pre- Installation Checklist for information on supported phones) Installing Broadcast Server Software No hardware installation is required for Broadcast Server. For information on installing the Application Gateway, refer to the documentation accompanying the Application Gateway. The following topics describe installation: Microsoft IIS Configuration, page 74 Broadcast Server Software Installation, page 76 Connecting the Application Gateway and Broadcast Server, page 76 Synchronizing the Broadcast Server and Application Gateway Clocks, page 77 Confirming Installation and Configuration, page 78 Note For information on upgrading Broadcast Server, refer to the Application Gateway Release Notes. Microsoft IIS Configuration The only IIS services required for Broadcast Server operation are the IIS Admin service and the World Wide Web Publishing service. Note The following items refer to the IIS Snap-in window. Open that window as follows: 1. From the Windows Start menu, go to Control Panel > Administrative Tools > Internet Information Services. 74

87 Chapter 6 Broadcast Server Installation Installing Broadcast Server Software 2. In the left frame, expand the entry for the computer where IIS is running and then expand the Web Sites entry. The IIS Default Website must be listening on localhost. This can be done either through configuring the Default Website to listen on All Unassigned or by using the Advanced tab to add to the listening IP addresses as follows: In the IIS Snap-in window, right-click Default Web Site and choose Properties. In the Properties dialog box, check the IP address setting. It should be All Unassigned or To ensure that Microsoft IIS will correctly handle a broadcast to 100 or more subscribers, configure IIS to handle the maximum capacity (more than 100,000 hits per day) as follows: In the IIS Snap-in window, right-click Default Web Site and choose Properties. Click the Server Extensions tab. For Performance, choose Unlimited or 1000 (Windows 2003 Server) or more than 100,000 (Windows 2000 Server). If you are using Windows 2003 IIS server, you must enable ASP. (Without ASP enabled, you will receive a 404 error when attempting to run the Broadcast Server Configuration Wizard.) In the IIS Snap-in window, enable ASP on the Server Extensions tab. Set the Virtual Directory execute permissions: In the IIS Snap-in window, right-click BCS and choose Properties. In the Virtual Directory tab, set the Execute Permissions to Scripts and Executables. Note: If you later have trouble running the Broadcast Server Configuration Wizard, you might need to lower the Application Protection on the Virtual Directory tab. To start IIS, right-click Default Web Site and choose Properties. 75

88 Chapter 6 Broadcast Server Installation Installing Broadcast Server Software Broadcast Server Software Installation The Broadcast Server installer is provided on a CD-ROM. Onscreen prompts guide you through the required steps. Note that the credentials requested are for Broadcast Server only. To install the software: 1 On the device to be used as Broadcast Server, insert the Broadcast Server CD-ROM in the CD drive. 2 If the installer does not start automatically, run setup.exe. 3 Follow the steps in the Setup Wizard. Upon completion, the Setup program will open a browser window displaying the Broadcast Server Configuration Wizard. 4 Follow the steps in the Configuration Wizard. Use a static IP address for Broadcast Server. Upon completion, the Configuration Wizard will open the Broadcast Server administration window. 5 Log in and complete the items listed in the Outstanding tasks area on the Broadcast Server home page. These steps include changing the administrative password, defining groups and creating users. Connecting the Application Gateway and Broadcast Server To enable the Application Gateway to locate Broadcast Server, you need to specify the route to Broadcast Server in the Application Gateway Administration Tool. The Application Gateway communicates with Broadcast Server server over port To specify the Application Gateway route to Broadcast Server: 1 Make sure that the Application Gateway is running. 2 From a web browser, connect to the Application Gateway by entering the URL: where: - ipaddress is the IP address of your Application Gateway 76

89 Chapter 6 Broadcast Server Installation Installing Broadcast Server Software - adminport is the administration port of your Application Gateway (9001) 3 If a Security Alert dialog box appears, click Yes. 4 Click the Operation tab. The Administration Tool login dialog appears. 5 Enter your administrative username and password for the Application Gateway. The default is root/rootadmin. 6 Go to the Operation > Voice Office > IP Phone page. 7 Enter the following in the Broadcast Server Base URL field: ipaddress/bcs. That URL is the base URL where Broadcast Server is running. 8 Click Submit. The Application Gateway registers with Broadcast Server so that the two servers can communicate. Note After you reboot the Application Gateway, its system log indicates whether the registration was successful: bcs: AG Successfully Registered with BCS at bcs: AG Registration Failed at HTTP Code 500 Synchronizing the Broadcast Server and Application Gateway Clocks The clocks on the Broadcast Server and Application Gateway must be synchronized. If the time on the Broadcast Server is ahead of the time on the Application Gateway, messages are sent to phones after the time difference between the two. If the time of the Broadcast Server is behind the time on the Application Gateway, no messages are sent. The Application Gateway synchronizes with an NTP time server based on the Time Zone and Time Server that you specify on the Administration > Date page. Use an Internet Time Service tool to synchronize the Broadcast Server with specified time server. For more information, refer to tf.nist.gov/service/its.htm. 77

90 Chapter 6 Broadcast Server Installation Installing Broadcast Server Software Confirming Installation and Configuration To test your configuration: 1 From a web browser, connect to the Broadcast Server web-based interface by entering the URL 2 To send a broadcast, you specify the distribution list(s) to receive the alert. You work with automatically created distribution lists and custom distribution lists as follows. a. The Application Gateway supplies distribution lists to Broadcast Server from the departments defined in the LDAP and/or CSV directory sources specified on the Application Gateway Administration Tool Operation > Voice Office > Directory page. You can verify the members of a distribution list on the Broadcast Server Managed Distribution List page. b. You can use the Manage Distribution List page to create a distribution list and add subscribers to it. 3 In Broadcast Server interface, click Messages to create a text alert and send it to one or more distribution lists. Verify that the alert is retrieved correctly by the telephone(s). 4 Create a graphic alert and send it to one or more groups. Verify that the alert is retrieved correctly by the telephone(s). 5 Delete the test alerts created in the previous steps. Broadcast Server is now ready for production. You can begin posting alerts. 78

91 Chapter 7 Zone Paging Configuration Zone Paging enables organizations to leverage their IP telephony systems as a conduit for voice paging, without the expense of installing overhead paging systems. Because Zone Paging uses Nortel IP telephones as speakers, there is no need for the wiring required by traditional overhead paging systems. Zone Paging enables users of supported IP telephones to send and receive pages. The following topics describe how to configure the connection and operation of Zone Paging for Nortel IP telephones: Overview of Zone Paging, page 80 Network Deployment, page 81 Zone List Source, page 81 Paging Setup and Operation with Clusters, page 82 Managing Paging Zones, page 83 The configuration instructions assume that you have completed the configuration described in Voice Office Configuration Requirements, page 41. Note The Application Gateway distribution includes a document, Using Zone Paging on Nortel Internet Telephones, that you can change as needed and distribute to IP phone users. 79

92 Chapter 7 Zone Paging Configuration Overview of Zone Paging Overview of Zone Paging Zone Paging enables you to improve internal communications through an easy to configure and use solution. With a few simple button presses, your IP phone users can quickly make general announcements or emergency broadcasts. IP phone users are restricted to paging only the phones that belong to the same zones as the user. Pages are preceded by an alert tone. The Application Gateway can import paging zones from a directory server (LDAP or CSV-formatted file). You can supplement those zones by creating custom zones from the extensions supplied by the call server. Zone Paging synchronizes with the call server on a configurable schedule to update the mapping of extensions to IP addresses. If the call server is unavailable during a scheduled update, the last available mapping is used. You can specify zone paging permissions for each extension that you add to a custom zone. You cannot change the default zone paging permission (Send and Receive) on imported paging zones. An extension can send and receive pages or can be restricted to sending or receiving only. Zone Paging operation interacts with the IP telephone as follows: A page is blocked if the phone audio is busy. For example, a page is blocked if the phone user is: On a call. Sending a page. If the phone user has placed or received a call and puts the call on hold, the user will not receive pages until about 40 seconds of hold time elapse. If a user is placed on hold by another caller, the user will not receive pages. A page is interrupted if the phone user: Answers or makes a call. Starts listening to voic or any audio-based application. To send a page, a phone user selects a zone and then starts the page. While a zone is selected, it is locked for 10 seconds so that no other user can page to it. If the phone user does not start recording the page before ten seconds elapse, the zone is freed and the user will need to select it again to page. 80

93 Chapter 7 Zone Paging Configuration Network Deployment If you start a page and then hang up, the page zone is freed after 5 seconds. If you start a page and then cancel it from the menu, the page zone is immediately freed. A phone user can put a call on hold to send a page, after about 40 seconds of wait time. For Zone Paging capacity information, refer to the Application Gateway Release Notes. Network Deployment Zone List Source If you have a cluster of Application Gateways, a zone can consist of phones registered to any Application Gateway in the cluster. Thus phones can page across the Application Gateways in a cluster. Each Application Gateway in a cluster is responsible for paging only the devices registered to it. For more information on clusters, see Paging Setup and Operation with Clusters, page 82. For a description of cluster capacity, refer to the Application Gateway Release Notes. The call server supplies the information needed by the Application Gateway to create an IP/DN map. When the Application Gateway detects that an IP telephone has come online, the Application Gateway obtains from the IP telephone its IP address and uses that address to look up the phone s extension in the IP/DN map. Extensions in the IP/DN map are available to the administrator for the creation of custom zones. The Application Gateway also imports departments from the Directory server to create a zone for each department. The Application Gateway synchronizes with those servers and manages IP phone requests to send pages. Note The Application Gateway must be on the same LAN segment as the call server. 81

94 Chapter 7 Zone Paging Configuration Paging Setup and Operation with Clusters Paging Setup and Operation with Clusters When you add an Application Gateway to a cluster, the zones on that Application Gateway are replaced by the cluster-wide zone list. Therefore, when you configure Zone Paging for a cluster it is best to follow these general steps: 1. Configure each Application Gateway to be included in the cluster, including the IP/DN mapping, and synchronization. 2. Add all member Application Gateways to the cluster. 3. Synchronize all Application Gateways in the cluster. 4. Synchronize each Application Gateway with its associated call server. 5. Create the zones to be used by the cluster. Zone Paging operation with a cluster is the same as with a single Application Gateway, except as follows: For zone paging across a cluster, multicasting must be enabled on the router and each Application Gateway must have a different multicast IP address range specified on the Operation > Voice Office > IP Phone page of the Administration Tool The Application Gateway that initiates a page is responsible for pushing paging requests such as start page and end page to the rest of the cluster. On receiving a start page request, an Application Gateway confirms whether the zone is available (not in use). If an Application Gateway does not reply to a start page request, the page is not pushed to that Application Gateway (it is likely offline). Once a page starts, each cluster member listens for RTP traffic on the RTP port. Each cluster members forward the page to and managed paging operation for its registered phones. 82

95 Chapter 7 Zone Paging Configuration Managing Paging Zones Managing Paging Zones When configured to import zones from LDAP, Zone Paging uses the LDAP settings configured on the Directory page of the Administration Tool. When the Application Gateway synchronizes with your directory server, it populates a list of available zones based on the LDAP "department" attribute. You can view the extensions in these imported zones, but cannot change them. You can also add custom paging zones, using the extensions obtained from the IP/DN map. An extension can be included in multiple zones. The following topics describe how to manage paging zones: Viewing Extensions in an Imported Zone, page 83 Adding and Changing Custom Zones, page 84 Viewing Extensions in an Imported Zone The zones that are imported from LDAP consist of the extensions associated with each "department" record. You can view, but not change, the extensions included in an imported zone. Imported zones are updated when the Application Gateway synchronizes with the LDAP server. If an IP phone s license status is changed to Denied in the License Monitor, the extension is removed from the available extensions list. The extension remains in the zone so that you do not have to re-add it to the zone if the license for that set is restored. To view the extensions in an imported zone: 1 In the Administration Tool, go to Operation > Voice Office > Paging. 83

96 Chapter 7 Zone Paging Configuration Managing Paging Zones 2 Click Edit Zone across from a zone name to view details. Adding and Changing Custom Zones When you add a custom zone, you specify each extension that is to be a member of the zone and specify its paging permissions (Send and Receive, Send Only, or Receive Only). You can change a custom zone by adding or deleting its member extensions and changing paging permissions. The list of available extensions is updated when the Application Gateway(s) synchronize with the signaling and call servers to update the IP/DN map. If an IP phone s license status is changed to Denied in the License Monitor, the extension is removed from the list of available zones. If an extension is no longer used, it is not automatically removed from zones, as the system has no way to determine if the extension is temporarily or permanently out of use. Use Operation > Voice Office > Paging to remove unneeded extensions from a zone. To add a paging zone: 1 In the Administration Tool, go to Operation > Voice Office > Paging. 84

97 Chapter 7 Zone Paging Configuration Managing Paging Zones 2 Specify the timeout values for paging and then click Set Timeout. Max Timeout is the maximum number of seconds that Zone Paging audio will stay busy. This setting safeguards against the situation in which a user starts a page and then leaves the phone off-hook. Idle Timeout works with a phone speaker s noise threshold detection. If a speaker picks up only background noise during a page, the phone stops sending audio traffic to the Application Gateway. The Application Gateway waits until the Idle Timeout elapses before ending the page. 3 By default, Zone Paging imports zones from LDAP based on the settings configured on the Operation > Voice Office > Directory page. To import zones, select the checkbox for Import Zones from LDAP and click Import. 4 To add a custom zone, click Add Zone. 85

98 Chapter 7 Zone Paging Configuration Managing Paging Zones 5 To begin adding extensions to a zone, click Start Adding Extensions. The first screenful of extensions appear in the Extensions in Zone list. To see more extensions, scroll to the bottom of the list and click a page number link. 6 To filter the extensions list, enter a filter, using * as a wildcard, in Extension List Filter. For example, to see only the extensions that start with 80, enter 80*. The Extensions in Zone list refreshes to show the filtered extensions. 7 Enter a name for the zone. Limit zone names to 33 characters. 8 The paging permission for an extension defaults to Send and Receive. To change the paging permission for extensions, select the checkbox for each extension and choose a paging permission from Set selected extensions to. 9 To include the zone in the Voice Office menu, select the checkbox for each extension to include the zone, and then select Yes from Default Zone. 10 Select the checkbox of all extensions to appear in the zone and then click Add Selected Extensions. 86

99 Chapter 7 Zone Paging Configuration Managing Paging Zones 11 To add more extensions to the zone, change the Extension List Filter, change the Send/Receive and Default Zone settings as needed, select the extensions to be included, and click Add Selected Extensions. 12 When you have completed adding members to the zone, click Finished Adding Extensions. All extensions that you added to the zone appear. 13 Make further changes as needed and then click Finished Editing Zone. To change a zone: 1 Go to Operation > Voice Office > Paging. 2 Locate the zone name that you want to change and click Edit Zone. 3 To remove an extension, select the checkbox for the extension and click Remove Extensions. 4 To add an extension, click Add Extensions to Zone, filter the list as needed and select the checkbox for each extension to add. Click Add Selected Extensions. 5 To change the paging permission for an extension, select the checkbox for the extension and choose a paging permission. 87

100 Chapter 7 Zone Paging Configuration Managing Paging Zones 6 When you have completed changing the extensions and zone, click Finished Adding Extensions and then click Finished Editing Zone. To delete a paging zone: On Operation > Voice Office > Paging, select the checkbox of each zone that you want to delete, and then click Delete Selected. 88

101 Chapter 8 Visual Voic Configuration Visual Voic enables users of supported Nortel Internet telephones to review and manage voic from the telephone screen. Visual Voic displays messages that are managed by the Nortel Messaging service and transcoded for display by the Application Gateway. For Visual Voic operation, the Application Gateway connects to your network as follows: 89

102 Chapter 8 Visual Voic Configuration Overview of Visual Voic The following topics describe how to configure the connection and operation of Visual Voic for Nortel IP telephones: Overview of Visual Voic , page 90 Configuring Nortel Messaging, page 91 Configuring Visual Voic , page 92 The configuration instructions assume that you have completed the configuration described in Voice Office Configuration Requirements, page 41. Note The Application Gateway distribution includes a document, Using Visual Voic on Nortel Internet Telephones, that you can change as needed and distribute to IP phone users. Overview of Visual Voic Visual Voic enables IP telephone users to: Quickly scan a list of messages. View message details such as the caller name, the day/date/time and length of call, and the status of the message (played or not yet played). Listen to messages in any order. Call back the message sender without having to dial the number. Pause, fast forward, rewind, delete, and create messages. Reply to the sender, to all, or to a list that you create. Forward messages, using the addresses stored in the Express Directory or in an alternate directory, such as your PBX. Messages can be forwarded to multiple recipients. If a telephone user receives a call while logged into Visual Voic , the call takes precedence and the user must press the Expand key to return to Visual Voic after the call is complete. Pages also take precedence over recording in Visual Voic ; the user will need to restart a recording after the page ends. An IP telephone user will be logged out of Visual Voic after an idle period configured in the Operation > Voice Office > Voic page. 90

103 Chapter 8 Visual Voic Configuration Configuring Nortel Messaging A maximum of 64 messages can be in a messages list. For other capacity information, refer to the Application Gateway Release Notes. Configuring Nortel Messaging Visual Voic operation requires the following Nortel Messaging configuration: Visual Voic operation with a particular mailbox requires that you enable the Desktop and Web Messaging mailbox feature in Nortel Messaging Manager (User > Mailbox Classes > Mailbox Class Details, under Keycoded Features). A user s Mailbox Class of Service must be selected as a Desktop Messaging user. A Nortel keycode is required to provide a mailbox access to that Unified Messaging feature. You obtain keycodes from Nortel via an authorized distribution partner. Visual Voic operation with a particular mailbox requires that the user has already created a mailbox password. Visual Voic operation with Nortel Messaging requires that you configure Nortel Messaging to use IMAP for Internet mail clients. In Messaging > Internet Mail Clients, select Enable IMAP and Enable IMAP with Plain Password Authentication. The Application Gateway supports 8-bit G.711 Mu-Law audio CODECs and converts some audio, including the VBK, into G.711. You can configure Nortel Messaging to use G.711 format. Note If phone users can see Visual Voic messages but cannot hear audio when a message plays, verify that the above requirements are met. 91

104 Chapter 8 Visual Voic Configuration Configuring Visual Voic Configuring Visual Voic To configure Visual Voic , you must specify the IMAP server IP address and port. To enable message forwarding, you must configure additional fields. If your site uses VPIM (Voice Profile for Internet Mail), there is no setup required on the Application Gateway. For assistance with VPIM setup on the call server, refer to the Nortel publication Messaging User Guide for my Call Pilot (NTP ). When phone users with a VPIM log in to Visual Voic , they must specify their VPIM+extension in the extension field. To configure Visual Voic 1 On the switch or router port connected to the Application Gateway, turn off VLAN. UNISTIM packets will be lost if VLAN is on. 2 Open the Application Gateway Administration Tool: From a web browser, enter the URL 3 Go to the Operation > Voice Office > Voic page. 4 The Unified Messaging Type defaults to Nortel Messaging. 5 Specify the IP address and the port of your Unified Messaging IMAP server. 6 Specify the IP address and the port of your Unified Messaging SMTP server. 7 To enable message forwarding: a b Specify the IP address and port of your Unified Messaging SMTP server. SMTP is the outgoing mail server, typically running on the same server as IMAP. Specify the server that stores the destination addresses in the attributes field. Typically, you will select the Alternate Address Server (LDAP) checkbox in order to specify the LDAP directory server, such as a PBX, that has the addresses to be used for message forwarding. 92

105 Chapter 8 Visual Voic Configuration Configuring Visual Voic If you do not select the Alternate Address Server (LDAP) checkbox, messages will be forwarded using addresses stored in the server defined on the Directory page. Messages will be forwarded using the settings for Source 1 or, if the directory sources are combined, to the settings for the combined sources. If you select the Alternate Address Server (LDAP) checkbox, complete the fields that appear as described in the tables in the following sections: Configuring the Application Gateway to Use LDAP Directories, page 54 Specifying LDAP Attributes for Voice Office Operations, page 57 8 Specify the Login Timeout value. This value determines how long a Visual Voic session can be idle before the user is logged out of the application. 9 Click Submit. 93

106 Chapter 8 Visual Voic Configuration Configuring Visual Voic 94

107 Chapter 9 Smart Agent Configuration Smart Agent enables users to initiate telephone calls from their desk phone by simply clicking public telephone numbers that appear in s and Web applications or in Microsoft Outlook Contacts. This Click-to-Call functionality is achieved through a Smart Agent connection to the Application Gateway. Click-to-Call is available to Windows PC users only. As a user views messages and web applications, Smart Agent searches them for telephone numbers. When Smart Agent identifies a telephone number, it adds a hypertext link to the number so that users can click the link to call the number. When a user clicks a linked telephone number, Smart Agent sends the number to the Application Gateway, which then pushes the number as a dial rule to the IP phone. Click-to-Call is usable within the following applications: Internet Explorer 6.0 and higher To initiate a call, Smart Agent users click phone numbers that appear on Web pages. Web page controls, such as buttons and link text, can also be customized to dial a number when clicked. Outlook 2000/2002/2003 and Outlook Express 6.0 (refer to the Application Gateway Pre-Installation Requirements for service pack requirements) To initiate a call, Smart Agent users click: In messages received after the user installed Smart Agent, phone numbers in the message body or names in an incoming message header (To, From, CC, BCC fields). Phone numbers, contact names, and addresses that appear in Outlook Contacts and then choose Call Using Smart Agent from the right-click menu. 95

108 Chapter 9 Smart Agent Configuration Windows applications and Web-based applications such as web-based Sales Force Automation (SFA), Customer Relationship Management (CRM), Enterprise Resource Planning (ERP), and other applications that are used to manage customer, partner, or employee data. The following topics describe Smart Agent features, operation, and configuration: Smart Agent Features, page 97 Smart Agent Operation, page 98 Smart Agent Deployment, page 104 Helping Users with Deployment and Use, page 106 Configuring Smart Agent, page 108 Adding Click-to-Call Links to Web Applications, page 113 Adding Click-to-Call Links to Windows Applications, page

109 Chapter 9 Smart Agent Configuration Smart Agent Features Smart Agent Features Smart Agent is easy to install and configure. A summary of administrative and user features follows. Smart Agent administrative features Requires no changes to your call server configuration. Does not require TAPI (telephony application protocol interface) service provider or softphone clients. Provides Smart Agent support to IP phones that are registered and have a session with the Application Gateway. Provides user authentication against a configured LDAP source. Users can also be created locally to supplement the LDAP source. Is configured through the same Administration Tool as the Application Gateway. Enables you to specify the prefix to be dialed for outside calls, as well as the show/hide Caller ID prefixes for your area. Includes an interface for adding Click-to-Call links to Web and Windows applications. Automatic Smart Agent installation and update on client computers keep support at a minimum. For installation requirements, see User Connection Requirements and Notes, page 107. Smart Agent user features Automatically installs when a user visits a secure Web URL provided by the administrator. For installation requirements, see User Connection Requirements and Notes, page 107. Automatically updates when it connects to the Application Gateway and a new version is available. Communicates securely with the Application Gateway over SSL. Works with IPSec and SSL VPN clients, including the Citrix Access Gateway. Launches when a user double-clicks the Smart Agent desktop icon or clicks a phone number link in a supported application. Provides a log of the calls initiated through Smart Agent. 97

110 Chapter 9 Smart Agent Configuration Smart Agent Operation Searches Web pages and s as they are viewed and adds links to phone numbers that are E.164-compliant. This includes numbers in International Direct Distance Dialing (IDDD) format. For more information, see Smart Agent Number Recognition, page 99. Supports HTML messages for Outlook 2003/XP and Outlook (Note: Phone numbers must not have embedded tags. Links in sent from Word or online mail services such as Gmail might not work.) Adds a Call Using Smart Agent command to the menu that appears when you right-click phone numbers, contact names, and addresses that appear in Outlook Contacts. Includes online Help, with information on starting, using, and troubleshooting Smart Agent. Smart Agent Operation The following topics provide a general description of how Smart Agent determines what patterns in Web pages and s are considered a phone number and what changes, if any, are needed to the number before passing it to the telephony system. Smart Agent operation with Microsoft Outlook Contacts is also discussed. Smart Agent Number Recognition, page 99 Smart Agent Number Manipulation, page 100 Overlay Area Codes, page 101 Unsupported Number Patterns and Dialing Provisions, page 102 Other Limitations, page 103 Smart Agent Deployment, page

111 Chapter 9 Smart Agent Configuration Smart Agent Operation Smart Agent Number Recognition Smart Agent parses Web applications and s as the user accesses them, searching for number sequences that appear to be public switched network telephone numbers. Upon finding a candidate number sequence, Smart Agent adds a hypertext link to the number so that it is dialable through a mouse click. Smart Agent finds a high percentage of public telephone numbers in conventionally constructed Web applications, Web pages, and HTML-based s. Smart Agent is not able to parse certain types of Web pages, nor will it recognize numbers that are in unusual formats. For exceptions, see Unsupported Number Patterns and Dialing Provisions, page 102. Smart Agent does not recognize internal or private network telephone numbers. Smart Agent searches Web applications and s for public switched network telephone numbers that are E.164-compliant. E.164 is a standard for phone numbers recommended by the International Telecommunication Union (ITU-T). The majority of the world s telephone numbers conform to the E.164 format, which is typically + or ++ (plus sign), followed by a maximum of fifteen digits consisting of country code, area code, and subscriber number. Smart Agent also looks for numbers prefixed with an international code, such as 00 or 011. If a number is not prefixed with a +, ++, 00, or other international dial prefix, Smart Agent might consider the number a domestic number, if it is unable to recognize the number as international. To enable Smart Agent to recognize and format numbers for a particular locale, you must configure the Application Gateway with the country and area code for the location of the call server associated with the Application Gateway. (For information, see Configuring Phone Number Handling, page 108.) That configuration then guides Smart Agent in its recognition and number manipulation using built-in ITU-T (International Telecommunication Union) standards tables for phone number components such as international and domestic prefixes. 99

112 Chapter 9 Smart Agent Configuration Smart Agent Operation Smart Agent Number Manipulation Smart Agent handles phone numbers as follows: 1. Smart Agent parses Web applications and s for public telephone numbers, as described in Smart Agent Number Recognition, page Smart Agent normalizes the numbers it recognizes into the canonical E.164 format (the universal format for telephone numbers). The fully normalized number is visible when you mouse over a number that has a link added by Smart Agent. 3. Smart Agent then applies built-in dial rules. Smart Agent uses the country code and area code that you configure in the Application Gateway Administration Tool to determine whether the E.164 number should be dialed as a local, domestic, or international number from the locale of the telephone system associated with the Application Gateway. After determining how to dial the number, Smart Agent applies built-in digit manipulation rules to create a locally dialable number. Based on the country code and area code of the Application Gateway, Smart Agent appends the appropriate international prefix (such as O11 or OO) or domestic prefix (such as 1 or O). It may shorten local numbers if that is possible, such as by removing the area code (if permitted in the locale). If an outside line prefix is configured, it is added to the number. The outside line prefix is configured in the Application Gateway Administration Tool on the Operation > Smart Agent > Call Server page. The number to be dialed is visible in the link displayed in the browser status bar when you mouse over the link. You can also view the number in the source of the modified Web page. 100

113 Chapter 9 Smart Agent Configuration Smart Agent Operation The following table shows how Smart Agent normalizes and manipulates some phone numbers when the Application Gateway is configured for the United Kingdom and area code Note that normalization results in the addition of country code and area code (if missing). Number displayed on the Web site Result of Smart Agent normalization Number sent for dialing (0) Overlay Area Codes Smart Agent identifies a phone number in locales served by a single area code. However, some locales have more than one area code in their local dialing area. These multiple area codes are referred to as overlays. In some locales, the domestic prefix is not required when dialing a local number with an overlay; in some locales, the domestic prefix is required. For example, in Denver, Colorado numbers beginning with area codes 303 and 702 are considered local numbers. To dial a local number in Denver, you must always include the area code, but you do not need to include the domestic prefix (1). However, some locales with overlays do require the domestic prefix. To set up Smart Agent for such locales, contact support. For additional information about dialing rules, refer to the Application Gateway Release Notes. 101

114 Chapter 9 Smart Agent Configuration Smart Agent Operation Unsupported Number Patterns and Dialing Provisions Smart Agent does not support the following, either due to number recognition or dialing limitations: Recognition of international numbers that do not begin with +, ++, 00, or another international dial prefix such as 011. This is particularly true if the international number length is the same as the country s area code plus subscriber number length. Dialing a private network number as an extension when the phone number link is the full number. For example, Smart Agent does not recognize that can be dialed as a local extension of Recognition of local numbers that are in a different country code or area code from the call server associated with the Application Gateway. Recognition of numbers that include alphabetic characters. For example: HILTONS Recognition of multiple phone numbers for which only the subscriber number is repeated. For example: Tel: where separates the three subscriber numbers. In this case, will dial correctly, but the second and third partial numbers will not. Similarly, in the following number formats, only the first number listed will dial correctly: / 95 (662) , , Recognition of phone numbers that include non-standard characters or formatting, such as the following: (9:00~18:00) +358-(0) , +358-(0)

115 Chapter 9 Smart Agent Configuration Smart Agent Operation Other Limitations Recognition of phone numbers with the following patterns: ext , ext ext 112 Any of the following replacements for ext also are not supported: fax, tty, and P.O.box. Recognition of phone numbers that are delimited with a bullet character, if the page is using the ISO encoding and uses the 0x95 character instead of the character entity reference for a bullet ( ), such as: This is not an issue in pages that use UTF-8 encoding. To make phone numbers in s dialable, Smart Agent modifies the by inserting links. If the modified is forwarded externally, the presence of the links might confuse the recipients. Smart Agent Operation with Microsoft Outlook Contacts Smart Agent is integrated with Outlook Contacts through an add-in which enables users to make a call from the menu that appears when you right-click a phone number, contact name, or address in Outlook Contacts. When the user right-clicks a contact phone number or address in the Contacts detail view or a contact name in the Contacts folder view, Smart Agent adds to the right-click menu Call Using Smart Agent. (If the user has Smart Tags enabled, the Call Using Smart Agent item will be under Additional Actions in the menu.) 103

116 Chapter 9 Smart Agent Configuration Smart Agent Deployment Smart Agent Deployment Smart Agent uses the Application Gateway Voice Office settings to send requests and information to IP phones through the Application Gateway and its connection to a call server. Smart Agent requires that you specify just a few settings in addition to your Voice Office configuration. Smart Agent operates as follows: 1. When a Smart Agent user clicks a number that is recognized by the Application Gateway as a phone number, the Application Gateway sends a message to the user s phone extension that includes the phone number to be dialed. 2. The user s phone will display information about the call request with soft keys for continuing or canceling the call. 3. When the user confirms the call, the phone passes the call request to the Nortel Communication Server. To deploy Smart Agent, follow these general steps. 1. Verify that your Windows 2003 Server is using Service Pack 1. Phone numbers cannot be turned into links if you are using earlier versions of Windows 2003 Server. Refer to the Pre-Installation Checklist for more information on supported Windows releases. 2. If your site uses Outlook 2002 Service Pack 3, you must install a COM add-in as described in Changing Outlook 2002 Security Settings for Smart Agent, page Install and configure the Application Gateway and the Voice Office Application Suite as described in the Application Gateway Quick Start Guide and this guide. 4. Specify dialing prefixes, as described in Configuring Phone Number Handling, page Provide your users with the Application Gateway URL for the Smart Agent portal, as described in Helping Users with Deployment and Use, page

117 Chapter 9 Smart Agent Configuration Smart Agent Deployment Changing Outlook 2002 Security Settings for Smart Agent Outlook 2002 Service Pack 3 contains security features that limit certain functions of Outlook. If your site uses Outlook 2002, you must install an Outlook add-in that allows you to change an Outlook security setting so that Smart Agent can access addresses. If you do not install the add-in, an attempt by Smart Agent to access Outlook addresses results in the warning message A program is attempting to access addresses it may be a virus. Note Outlook security settings can be changed only if the Outlook clients are using Outlook with Microsoft Exchange Server and have either the Mailbox (MDB) or Offline folders (OST) as the default delivery location. You cannot modify the settings if a client is using a local PST file for a mailbox, or if your organization is using Outlook with a third-party service. The Outlook add-in can be installed by each Smart Agent user, or can be installed on the Exchange Server and pushed to the Outlook clients. To install the Outlook add-in on a Smart Agent user s PC: 1 Go to 2 Scroll to the section Advanced Security for Outlook. 3 Click the download link and save the.zip file to your computer. 4 Install the add-in, referring to the Readme file included in the.zip file. 5 When a prompt asks if Smart Agent should be allowed to run, click Yes. This allows Smart Agent to access addresses without triggering an error message. To install the Outlook add-in on the Exchange Server: Refer to the following article for detailed information about customizing Outlook security features and pushing them out to client PCs: 105

118 Chapter 9 Smart Agent Configuration Helping Users with Deployment and Use Helping Users with Deployment and Use Note Before deploying Smart Agent to users, we recommend that you review the online Help provided with the agent to familiarize yourself with the options available to users. When you inform users of the Smart Agent portal URL, you might also wish to guide the users on the Outlook and Smart Agent option settings that are best for your environment. This guide does not repeat the information contained in the Smart Agent Help. Smart Agent Help is available from the log-in dialog box Help menu and also from the Properties dialog box that you access by right-clicking the Smart Agent icon in the system tray. After you have configured Smart Agent as described in this guide, deployment to users is simple: Let your Windows PC users know the URL from which they can install Smart Agent. The Administration > Downloads page of the Application Gateway Administration Tool contains a sample that you can customize for your site. When users navigate to the Application Gateway URL, the Smart Agent portal page appears and the agent begins to load. Any time that Smart Agent attempts to connect to an Application Gateway which does not have a signed digital certificate installed, the user will see a Security Alert window. You can prevent the Security Alerts from displaying by installing a signed digital certificate on the Application Gateway, as described in Generating a Secure Certificate, page 14. When Smart Agent tries to connect to the Application Gateway, the user is prompted for a user name and password. The user name entered will be automatically filled in for subsequent connections. 106

119 Chapter 9 Smart Agent Configuration Helping Users with Deployment and Use User Connection Requirements and Notes Smart Agent runs under Windows 2000/XP/2002/2003. Under Windows 2000, the installation requires that the user has permission to install programs on the computer. For example, the user must be a member of a non-restricted group such as Power Users or Administrators. (The Users Group restricts a user from installing programs.) This limitation applies to Windows XP for first-time installation only, not for upgrades. Restricted Windows users cannot launch Smart Agent. Note When creating users, Microsoft Windows sets the group membership, by default, to Restricted User. If a user logs in as a Domain User, that user might be assigned to the Users Group and have restricted rights to the local computer. A user must have Standard user rights on the local computer to launch Smart Agent. Users should close supported applications before installing or upgrading Smart Agent. Phone numbers are not clickable in those applications until they have been restarted. Users who see the Internet Explorer message A Runtime Error has occurred. need to disable script debugging. To do that, go to the Internet Explorer window, choose Tools > Internet Options, and click the Advanced tab. Under Browsing, select the checkbox for Disable Script Debugging (Internet Explorer). The Smart Agent interface on a user s computer provides the following information which can help you troubleshoot connection problems: Syslog Viewer Right-click the Smart Agent icon in the system tray and choose Connection Log to view system messages. Connection Properties dialog box Right-click the Smart Agent icon in the system tray and choose Properties to view information such as the Smart Agent connection state and the Application Gateway IP address. 107

120 Chapter 9 Smart Agent Configuration Configuring Smart Agent For 2007 IP phones, a timer in the firmware prevents the use of Click-to-Call for 10 seconds after the audio is released from a call or another voice-based application. Configuring Smart Agent The following topics describe how to configure Smart Agent: Changing the Smart Agent Port, page 108 Configuring Phone Number Handling, page 108 Configuring the LDAP Connection, page 109 Adding Local Smart Agent Users to the Application Gateway, page 111 Testing the Smart Agent Deployment, page 112 Changing the Smart Agent Port The Smart Agent client communicates with the Application Gateway over port 443 by default. To change the port used, go to the Operation > General page and change the Smart Agent field in the Ports area. Configuring Phone Number Handling Note The Call Server Type is set to Use Voice Office Settings, which will use the call server configured on the Operation > Voice Office > IP Phone page. 1 Go to the Operation > Smart Agent > Call Server page. 2 Enter the dialing prefixes. The Outside Line Prefix is any number required to access an outside line. The Application Gateway adds this prefix to any number that a user clicks to call. The Caller ID Prefixes are the codes required in your locale to show or hide the display of caller ID information. A Smart Agent user can choose to hide caller ID information. 108

121 Chapter 9 Smart Agent Configuration Configuring Smart Agent 3 Select the country of the Application Gateway location. Note For correct dialing, the Application Gateway and the PCs that are running Smart Agent must be located in the same country and area code. 4 Enter the area code for the Application Gateway location. For some locations in Europe, the area code is the geographic area code without the domestic dialing prefix. 5 Click Submit. Configuring the LDAP Connection During Smart Agent installation, a user is prompted to enter a user name and password. Smart Agent authenticates the credentials against LDAP. The user name is also used to obtain the associated telephone number for the user. When a user clicks a number to call it, the Application Gateway sends a message to the user s phone. The Application Gateway stores the user name entered during installation in a registry file and automatically fills it in each time the user starts Smart Agent. The Application Gateway connects to an LDAP server. The Application Gateway supports LDAP version 3. Supported LDAP directories include Microsoft Active Directory, OpenLDAP, SunONE/iPlanet LDAP, and Novell edirectory. Note If you also use the Voice Office Application Suite, the LDAP directories that you set up on the Operation > Voice Office > Directory page do not relate to Smart Agent operation. If Smart Agent will use a directory that you configured on the Directory page, you will need to configure that directory on the Call Server page as described in the following steps. 109

122 Chapter 9 Smart Agent Configuration Configuring Smart Agent To specify LDAP connection and attributes: 1 Open the Application Gateway Administration Tool: From a web browser, enter the URL 2 Go to the Operation > Smart Agent > Users page. 3 Complete the LDAP Server Connection fields as follows: Field Server and Server Port Description The IP address or host name and port for your LDAP server. The LDAP Server Port for some LDAP directories is typically 389. If you are using an indexed database, such as Microsoft Active Directory with a Global Catalog, changing the LDAP Server Port to 3268 will significantly speed the LDAP queries. Note If your directory is not indexed, we recommend that you use an administrative connection, rather than an anonymous connection, from the Application Gateway to the database. Download performance improves when you use an administrative connection. Bind DN and Password The Administrator Bind DN and password for queries to your LDAP directory. The Application Gateway binds to the LDAP server using the administrator credentials and then searches for the user. After locating the user, the Application Gateway unbinds the administrator credentials and rebinds with the user credentials. Example syntax for Bind DN: "ou=administrator,dc=ace,dc=com" "user@domain.name" (Active Directory User Principal Name, UPN) "cn=administrator,cn=users,dc=ace,dc=com" (Active Directory) For Active Directory, if you do not use the UPN for the Bind DN, the group name (specified as "cn=groupname") is required. For other LDAP directories, the group name either is not required or, if required, is specified as "ou=groupname". Note that most directories do not return useful information on anonymous binds. 110

123 Chapter 9 Smart Agent Configuration Configuring Smart Agent Field Base DN Authentication Description The Base DN to be used as a starting point for directory searches. Base DN is usually derived from the Bind DN by removing the user name and specifying the group where users are located. Example syntax for Base DN: "ou=users,dc=ace,dc=com" "cn=users,dc=ace,dc=com" (Active Directory) The authentication method to use between the Application Gateway and the LDAP server. The Application Gateway supports Simple authentication. 4 Complete the LDAP Attributes fields as follows: Field User ID Telephone Number Description The LDAP attribute for the user log in name. The telephone number to be used for Smart Agent operation. Defaults to "telephonenumber". 5 Click Submit. The Application Gateway automatically synchronizes with the LDAP server. Adding Local Smart Agent Users to the Application Gateway You can supplement the LDAP users with users that are defined locally on the Application Gateway. Defining a local user requires only that you enter a user name, password, and associated telephone number. When a user starts Smart Agent, the Application Gateway checks first against the local user list. If the user does not appear in the local user list, the Application Gateway then checks the user against the user list obtained from LDAP. To add a local user: 1 In the Application Gateway Administration Tool, go to the Operation > Smart Agent > Users page. 111

124 Chapter 9 Smart Agent Configuration Configuring Smart Agent 2 Enter a user name/password and click Add. The user name will appear in the Local Users list. 3 When you are finished adding users, click Submit. Note To edit user information, you must remove and re-add the user. Testing the Smart Agent Deployment To test your Smart Agent deployment: 1 Use Internet Explorer to access the URL of the Application Gateway. For example: If the Application Gateway does not have a signed certificate installed, a Security Alert dialog box appears. Click Yes to continue. 2 Log in when prompted. 3 Use Internet Explorer to open a Web page that contains a phone number. A phone number that can be clicked to initiate a call will have the same appearance as a link. 4 Click the phone number. 5 Complete the call on your phone. If the number that you clicked is dialed, you have successfully deployed Smart Agent. 112