Académique Documents
Professionnel Documents
Culture Documents
OpenScape
V1.0
A31003-S5010-A400-1-7618
Siemens Internal Use Only
Warning
Hackers who unlawfully gain access to customer telecommunications systems are criminals. Currently, we do
not know of any telecommunications system that is immune to this type of criminal activity. Siemens Information and Communication Networks, Inc. will not accept liability for any damages, including long distance charges, which result from unauthorized use. Although Siemens has designed security features into its products, it
is your sole responsibility to use the security features and to establish security practices within your company,
including training, security awareness, and call auditing.
Siemens sales and service personnel, as well as Siemens business partners, are available to work with you
to help you guard against this unauthorized use of your telecommunications system.
October 2003
Copyright Siemens Information and Communication Networks, Inc. 2003. All rights reserved.
5350hist.fm
History of Changes
History of Changes
Revision Number
Date
Summary
00
October 2003
Original publication
0-1
5350hist.fm
History of Changes
0-2
5350SystemTOC.fm
Siemens Internal Use Only
Contents
Contents
1-1
1-1
1-1
1-1
3-1
3-1
3-2
3-3
3-4
3-5
3-6
3-6
3-7
0-3
5350SystemTOC.fm
Contents
0-4
5-1
5-3
5-4
5-5
5-5
5-5
5350SystemTOC.fm
Siemens Internal Use Only
Contents
6-1
6-2
6-2
6-2
6-4
6-4
0-5
5350SystemTOC.fm
Contents
8.3 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.4 Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.5 Siemens SIP Phone Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.6 Certificate Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.6.1 Server Certificates and Root CAs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.6.2 Workstation Certificates and Root CAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.6.3 SIP Phone Certificates and Root CAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.6.4 Non-Siemens Gateway Certificates and Root CAs . . . . . . . . . . . . . . . . . . . . . . . .
8.7 Remote Access to Portals via the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.7.1 Scenarios for Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.7.2 How Access to Personal Portal May Be Provided from the Internet . . . . . . . . . . .
8-2
8-3
8-3
8-3
8-4
8-4
8-4
8-4
8-5
8-5
8-5
9 Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
9.1 Basic Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
9.1.1 Forests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
9.1.2 Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
9.1.3 Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
9.2 Network Infrastructure Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
9.2.1 OpenScape Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
9.2.2 OpenScape Application Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
9.2.3 OpenScape Administration Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3
9.2.4 MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3
9.2.5 Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3
9.2.6 End Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
9.3 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5
9.3.1 Deployment Scenario Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
9.3.2 Single Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10
9.3.3 Multiple Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11
9.3.4 Multiple OpenScape Systems - Separate Domains . . . . . . . . . . . . . . . . . . . . . . . 9-12
9.3.5 Multiple OpenScape Systems - Same Domain . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14
9.3.6 Multiple RTC Servers behind Front-End RTC Server. . . . . . . . . . . . . . . . . . . . . . 9-17
9.4 Mix of OpenScape and non-OpenScape RTC Users . . . . . . . . . . . . . . . . . . . . . . . . . 9-18
9.4.1 Separate Server for OpenScape Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19
9.4.2 Single Server for OpenScape and non-OpenScape Users . . . . . . . . . . . . . . . . . 9-20
9.4.3 OpenScape in a Network of RTC Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-20
10 SIP Phones and Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.1 optiPoint 400 standard SIP V3.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.2 Third-party SIP Phones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.2.1 Third-party Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10-1
10-1
10-1
10-2
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X-1
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X-1
0-6
5350pref.fm
About This Guide
Who Should Use This Guide
1.1
This guide is provided for anyone who needs more information about the capabilities of OpenScape.
1.2
Related Information
1.3
Formatting Conventions
1-1
5350pref.fm
1-2
5350over.fm
An Overview of OpenScape
OpenScape Platform
An Overview of OpenScape
A user can set her preferences for various communications media, specify which people
she will take calls from and how they can reach her. For example, if shes out of the office
for the afternoon, she can have all incoming calls between noon and 5:00 p.m. routed to
her assistant. But when a special customer calls her office phone, that customer can be
routed to a self-service center where the customer can retrieve a document and request
an appointment with the OpenScape user.
With a glance at her contact list, a user can see how a particular contact has set his status
(for example, in the office, in a meeting) and determine the best way to reach him (voice,
instant messaging, email).
With a single click, a user can initiate a voice conference with his team members and share
documents. He can also launch a multi-media session by starting a WebEx meeting.
2.1
OpenScape Platform
Other configurations are possible. Refer to the Installation Guide for more information.
Figure 2-1 on page 2-2 shows the deployment of a typical OpenScape system.
2-1
Media Server
MCU
Cell
phone
PSTN
PCTN
SIP Terminal
DNS/DHCP
Domain Controller
WM
Router
Siemens
3rd Party
SIP phones
SIP Gateway
System DB
SIP Gateway
PSTN
phone
Active Directory
OpenScape
PBX
PBX
phone
Exchange
2000 Server
Siemens components =
Figure 2-1
Typical Deployment
Personal Assistant
Workgroup Assistant
Context Manager
Knowledge Manager
Services
on RTC Server
platform
5350over.fm
Application Servers
An Overview of OpenScape
OpenScape Platform
2-2
5350over.fm
2.1.1
An Overview of OpenScape
OpenScape Platform
This server provides the following basic capabilities: instant messaging, presence and peer-topeer communications. It also contains the Session Initiation Protocol (SIP) proxy and registrar
functions which are part of the RTC server application.
Figure 2-2 shows the shows the OpenScape features that run on this server.
Personal Portal
Media Advance
Instant Conference
Conference View
Multi-resource
Conferencing
Self-service Portal
Rules Wizard
Word Web
Intelligent Reach
Voice Portal
OpenScape Suite
Audio Conferencing
Workgroup Portal
Operating System
Communication Broker
Interworking Services
Context Manager
Options
Figure 2-2
Configuration and
Management
SIP Clients
Telephony Features
Reports and
Data Storage
SDK Toolkits
OpenScape Features
2-3
5350over.fm
An Overview of OpenScape
OpenScape Platform
2.1.2
Communications Broker
The Communications Broker encompasses the OpenScape architecture components described in Section 2.2 on page 2-5. It provides an open, modular, standards-based middleware
architecture with common access to various multi-media services across various underlying
communications platforms. It enables the OpenScape portals, as well as OpenScape applications and third party applications.
The Communications Broker contains both basic services and OpenScape assistant services
that will (in Version 2) expose SDK interfaces that portals and applications can use.
2.1.3
Media Server
The Media Server running on Windows 2000 is a system resource based on the Windows 2000
Web Telephony Engine (WTE) that provides multimodal user interfaces to the applications. Refer to Section 2.2.9 on page 2-10 for more information on the Media Server architecture and
features.
2.1.4
MCU
The MCU running on Windows 2003 provides media mixing (that is, combining the audio channels from multiple parties) for conference calls that OpenScape users may be involved in. Refer
to Section 2.2.10 on page 2-11 for more information on the MCU architecture and features.
2.1.5
SIP Gateway
The Session Initiation Protocol (SIP) gateway provides a signaling and media path into circuitswitched networks. It has to convert SIP into the appropriate protocol of the circuit-switched
network and convert the media stream considering the appropriate media codec. As shown in
Figure 2-1 on page 2-2, the gateway can be used to connect to either the public network or a
PBX network.
2.1.6
>
SIP Endpoints
This section will be updated as RTC-compatible devices become available.
OpenScape is designed to interact with any standard SIP endpoint. In Version 1, it is tested
with Windows Messenger and the Siemens optiPoint 400 SIP phone. Because OpenScape is
based V1 is based on the SIP protocol standard and the Microsoft RTC platform, any SIP
phone that is interoperable with Microsoft RTC should also interoperate with OpenScape.
2-4
5350over.fm
An Overview of OpenScape
OpenScape Architecture
Specifically, Cisco 7960 and Pingtel Xpressa phones will be tested for interoperability with
OpenScape V1 as soon as RTC-compliant versions of these phones are available.
Refer to Chapter 10 for more information on the SIP phones.
2.2
OpenScape Architecture
Follows a horizontal approach that fully utilizes the communication features of the enterprise server operating system and desktop PC environment (e.g. Windows Server 2003,
Microsoft RTC Server, Windows Messenger)
Management, for example Windows Management Instrumentation (WMI) and Microsoft Management Console (MMC)
Integrates with the enterprise groupware environment for message store, calendar, contact, and shared folders, for example Exchange 2000
Follows industry standards that promote inter operability with third party devices and applications, for example SIP, SIMPLE, XML, Integrated Services Digital Network (ISDN),
QSIG.
Will offer (in Version 2) open Application Programming Interfaces (APIs), again based on
standards, for extensibility and customization (for example, based on web services architecture)
OpenScape application features are designed to be media and device independent. The application features are accessible through a wide range of devices, including Microsoft Outlook,
Windows Messenger, Internet Explorer web browser, SIP phones, regular phones, and mobile
phones.
in Version 2, the open interfaces of OpenScape will make it a powerful platform for communications-enabling a wide range of business applications, such as Enterprise Resource Planning
(ERP), Customer Relationship Management (CRM), and eCommerce applications.
OpenScape is delivered as a closely integrated set of components. The major components are
shown in Figure 2-3.
2-5
Serviceability Broker
Knowledge Manager
Context Data
Record (XDR)
Internet
Information
Server
Context Manager
UAC/UAS (B2BUA)
License Server
Workgroup Portal
Personal Portal
Conf CAn
Conf CA2
Conf CA1
Virtual Assistant
Routing Dispatcher
RTC PAS
Registrar
Portals
IP (TCP/TLS/QoS)
SIP Terminal
MCU
SQL
DB
Exchange
2000
Server
SIP Phone
Figure 2-3
Architecture Components
Active
Directory
Media Server
5350over.fm
Dispatcher
An Overview of OpenScape
OpenScape Architecture
2-6
Assistant Engine
RD AM
Workgroup Assistant
5350over.fm
2.2.1
An Overview of OpenScape
OpenScape Architecture
OpenScape is intended to support SIP users who are registered on a Windows RTC Server
2003.
As part of the OpenScape system, an OpenScape Routing Dispatcher application is installed
on the RTC server. The Routing Dispatcher uses the RTC Server application interface to monitor all SIP calls handled by the RTC server.
Calls identified as being of interest to the OpenScape application (involving an OpenScape user) are routed to the OpenScape Back-to-Back User Agent (B2BUA). This is done using the
RTC server application interface to specify a different destination for the call.
The only call-related interface to the RTC server is by the Routing Dispatcher. The other OpenScape applications deal with SIP calls that are routed to them by the RTC server with the help
of the Routing Dispatcher. In addition, the Microsoft PAS service that is part of the RTC server
is accessed to view and set the presence of RTC users by the OpenScape application.
The RTC server requires that all SIP users that wish to register with it be defined in Active Directory. Active Directory provides authentication and routing information for the RTC server.
The OpenScape application requires that all SIP users be defined in Active Directory. While
OpenScape stores most of the user information it needs in its local storage, it does depend on
some information from Active Directory and does store a portion of the user information it needs
in Active Directory.
2.2.2
Virtual Assistant
The Virtual Assistant is the OpenScape component that allows the user to control the processing of a communication session. A communication session may be a single phone call, an email
or an instant message session.
The core functionality is the set of rules called Priority Profiles that are called into play when
any session associated with the user, outbound or inbound, occurs. The Assistant is aware of
the devices associated with the user. These can include registered devices (SIP phones and
clients registered to the user) and associated devices (mobile phones or home phones). The
Assistant uses the Priority Profiles and information about the presence of the users and the
availability of their devices (registered and associated) to connect sessions to the user using
the appropriate device.
Refer to Section 4.1.10 on page 4-8 for more information on device types.
2-7
5350over.fm
An Overview of OpenScape
OpenScape Architecture
2.2.3
Workgroup Assistant
The Workgroup Assistant enhances an OpenScape users capability to create and manage collaborative sessions. Workgroups can be set up once and remain persistent over multiple voice
or multimedia conferencing sessions. Each workgroup can have a data storage area that contains documents and files that members may wish to access before, during, or after the voice
conference. Workgroups include definition of participants, storage, and/or retrieval of associated documents, and notification to users.
2.2.4
Assistant Engine
The Assistant Engine component provides an application programming interface (API) on top
of the SIP protocol stack. This API is based on the industry standard ECMA-323 (also known
as CSTA-3 XML) and provides an abstraction layer which greatly simplifies application development. It performs this function by acting on SIP messages and translating the SIP messages
to CSTA-3 events. It also accepts CSTA-3 requests, and generates SIP messages to implement the requests. This functionality allows a CSTA-3 application such as the Personal Assistant or Workgroup Assistant to influence the handling of a session.
The use of CSTA-3 also opens up the opportunity to adapt and re-use a wide range of enterprise communication applications available on CSTA, such as Customer Relationship Management (CRM), Enterprise Resource Planning (ERP), and eCommerce applications. SIP is still
the signaling protocol on the wire; therefore, inter-operability with third party SIP devices is
maintained.
2.2.5
Knowledge Manager
The Knowledge Manager is responsible for knowledge enabling the OpenScape system. The
first and the most crucial step in the knowledge-enabling process is gathering the right information. This requires instrumenting the OpenScape components to generate the right information.
The second step in the knowledge-enabling process is to analyze information to yield OpenScape system and user characteristics. The Knowledge Manager performs two crucial roles in
this step:
Analyze and derive OpenScape system characteristics for the administrators (e.g. troubleshooting, resource utilization)
In future versions, analyze and derive OpenScape user characteristics for use by other
OpenScape components (e.g. analyze a users contacts and recommend adding/deleting
contacts to/from the contact list.).
The third step completes the knowledge loop by delivering the analysis to the system administrators and other components for appropriate action.
2-8
5350over.fm
2.2.6
An Overview of OpenScape
OpenScape Architecture
Context Manager
The Context Manager is the service that ties together a view of all users. This view may include
the presence and availability of users, the state of users (e.g. in a voice call), each users workgroup session associations, etc. The result is a detailed view of what the user and their devices
are doing at any point in time. This information is used by other OpenScape users and system
components to make decisions about the best means to contact the user. This service also interworks with Microsoft presence model to ensure compatibility with Windows Messenger user
interface.
2.2.6.1
The XDR service collects session data (primarily voice-call related) and stores it as database
records. It performs a similar function to Call Detail Recording (CDR) because it allows administrators to retrieve the data and use it for analysis, bill-back, etc.
Refer to the Administration Guide for information on the data stored by XDR.
2.2.7
The User Notification Service is designed to provide a mechanism to send a notification message to users. It can send emails, instant messages, SMS messages, and pager messages.
The purpose of the notification is to let a user know of an event. For example if a users Personal Assistant has been told to look for an email from an important customer, it can send a
notification that the email has arrived to the users pager. The notification would indicate that
the email has arrived but because of the limitations of the pager cannot contain the entire content of the email.
2.2.8
Portals
Refer to Chapter 4, Personal Portal, Chapter 7, Voice Portal and Self-Service Portal, and
Chapter 6, Workgroup Portalfor a description of the various portals.
2-9
5350over.fm
An Overview of OpenScape
OpenScape Architecture
2.2.9
Media Server
OpenScape offers a web-based platform, the Media Server (Figure 2-4 on page 2-10), that renders interactive telephony applications. Features include:
Scripts for applications can be created using Siemens-provided building blocks and / or Microsoft Word.
SAPI
Figure 2-4
In future versions, the Media Server will be based on Speech Application Language Tags
(SALT) and Voice XML and will support the creation of multimodal user interfaces with advanced speech recognition features.
2-10
5350over.fm
2.2.10
An Overview of OpenScape
OpenScape Architecture
MCU
The MCU is responsible for providing media mixing (combining the audio channels from multiple parties) for conference calls that OpenScape users may be involved in.
The MCU resource controller is accessed by OpenScape applications to allocate an MCU for
a conference. The access occurs at the point that the application wishes to connect parties to
the conference. The controller is responsible for checking the availability and capacities of the
possibly multiple MCU components that are part of the OpenScape system.
The MCU is built using a decomposed model. Media processing is distributed over multiple
servers using the Megaco protocol. (Figure 2-5 on page 2-11)
MC
MP
Megaco
(H.248)
SIP
MCU
Megaco
(H.248)
IP
RTC
IP
server
Figure 2-5
RTP
MCU Architecture
The MCU contains internally one central MC (Multipoint Controller) which deals with the SIP
signaling and controls the mixing of the voice and up to four Media Processors that perform the
actual mixing of the voice samples.
The MCU supports the following:
Ad-hoc and dynamic conference creation from the contact list following the SIP conferencing model for ad-hoc conferences
A single Media Processor running on a 2 GHz Pentium 4 can support 72 channels G.711
or 24 channels of G723.1 or a mix thereof.
2-11
5350over.fm
An Overview of OpenScape
Call Flow Examples
2.3
2.3.1
Scenario: (Figure 2-6) User A initiates a call from their portal to User B (non OpenScape user)
1.
In this scenario the request for the call is transferred from the Portal to the OpenScape application (1).
2.
The request causes the OpenScape application to initiate a call to the preferred voice device of user A. User A answers the call and is placed in a hold state until the call is completed to Party B. The steps to establish this call are shown in (2).
3.
Once User A is connected, a call is placed to Party B. The steps to establish this call are
shown in (3). As part of answering the call, Party B sends their media capabilities for establishing the voice connection.
4.
Once OpenScape has this information, it repeats the call setup to User A with the media
capabilities of Party B. This is shown in (4).
5.
The response to the Re-Invite contains the media capabilities of User A which are sent to
Party B (5). This allows the two terminals to establish the media stream.
2-12
5350over.fm
2-13
An Overview of OpenScape
Call Flow Examples
5350over.fm
An Overview of OpenScape
Call Flow Examples
2.3.2
Scenario: User A initiates a call to User B. In this scenario, User A Initiates the call using their
SIP terminal.
1.
This generates an Invite (1) addressed to User B. As part of the processing for the invite
in the OpenScape application, any outgoing rules that User A may have for operations
such as logging the call take place.
2.
In addition the OpenScape application will evaluate User Bes current identity context,
rules, and device presence to determine the correct device to process this call. This is the
device that is selected to receive the invite (2). When the selected device of User B receives the Invite it responds with an indication that the device is ringing.
3.
This is passed to the OpenScape application and on to the terminal of user A (3).
4.
When User A answers the call, an indication that the device is call is answered is sent (4).
This is passed to the OpenScape application and on to the terminal of user A.
5.
When the answer is received by User As terminal it responds with an ACK that is sent to
the OpenScape application and on to User Bs terminal (5).
At this point in time the two terminals are able to establish the media stream for the call.
2-14
5350over.fm
2-15
An Overview of OpenScape
Call Flow Examples
5350over.fm
An Overview of OpenScape
Call Flow Examples
2.3.3
Scenario: User A selects a list of parties (user B and C) to be part of the conference from their
portal.
1.
Once the list is selected the conference operation is selected. The request for the conference is transferred from the portal to the OpenScape application (1).
2.
The request causes OpenScape to allocate resources for the conference from the MCU
resource controller (2)
3.
OpenScape then initiates a call to the MCU. The MCU answers the call and is placed in a
hold state until the call is completed to User A. The steps to establish this call are shown
in (3).
4.
Once the MCU is connected, a call is placed to the preferred voice device of User A. The
steps to establish this call are shown in (4). As part of answering the call, User A sends
their media capabilities for establishing the voice connection.
5.
Once OpenScape has this information, it repeats the call setup (re-invite) to the MCU with
the media capabilities of User A. This is shown in (5).
6.
The response to the re-invite contains the media capabilities of the MCU which are sent to
user in a re-invite sequence sent to User As terminal (6).
This allows the terminal and the MCU to establish the media stream. The sequence 3-6 are
repeated for each participant in the conference (B and C).
2-16
5350over.fm
An Overview of OpenScape
Call Flow Examples
Figure 2-8
5350over.fm
An Overview of OpenScape
System Capacities
2.4
System Capacities
500
72 channels G.711
24 channels of G723.1
Can have up to 4 MPs
288
2.5
An emergency call placed from an OpenScape user on a SIP phone is handled as a normal
SIP call. Emergency calls extended through a gateway to the PSTN will be delivered to an
emergency response center (for example, 911 in the U.S.), by the local Central Office switch.
The call will be processed by OpenScape and will be transferred to the emergency number.
Note the following:
An indication of the emergency callers location, based on the location of the SIP phone,
may be provided assuming that the location is defined.
Depending on where the SIP gateway is located, the emergency call may be routed to a
fire or police department that is in a different location from the caller.
Emergency calls do not have a higher priority higher than other off-net calls. Emergency
calls are completed only if there is a free trunk available at the time an emergency call is
initiated.
2-18
5350man.fm
Management
Architecture
Management
This chapter describes the various components of OpenScape management, including the administration interface (the OpenScape Management Console, or OMC).
3.1
Architecture
OpenScape management builds on the Microsoft Management Console (MMC) and Windows
Management Instrumentation (WMI) architecture (Figure 3-1).
Management Client
Windows Script host
WMI Interface
OpenScape Server
OpenScape SQL Database
Figure 3-1
Management Overview
The OpenScape Management user interface, provided as a snap-in, provides the following
functions:
Using the WMI interface and the database layer API, examines and modifies OpenScape
configuration information that is stored in the Windows Active Directory / SQL database,
primarily in the form of user profiles and device profiles.
Through an interface with the Serviceability Broker, monitors and updates serviceability
and dependability data in other OpenScape applications (as exposed using the Serviceability API in the application).
Using the Microsoft .NET System.Management API and the OpenScape Management
Schema, monitors and updates configuration data within OpenScape applications.
3-1
5350man.fm
Management
Licensing
The OpenScape snap-in may be loaded into the MMC together with other snap-ins provided
by Microsoft or third parties. This allows for a seamless transition between Windows and OpenScape administrative tasks. Dedicated OpenScape administration group facilitates management.
Management access to the data repository is done through a WMI interface on the OpenScape
server. The OpenScape snap-in can connect to one or more OpenScape servers locally or remotely using this WMI interface. Security for remote access is provided by the Microsoft WMI
framework. The WMI interface can also be accessed by the Windows Script Host (WSH).
JScript or VBScript applications can be written to automate management functions or to execute operations in batch mode. The functionality available through WSH is the same as the one
provided by the OpenScape snap-in.
The management snap-in provides multi-language support. In OpenScape Version 1.0, English
and German are provided. The language is automatically set based on the Windows user locale.
There are three server components in OpenScape: the Communication Broker, MCU, and Media Server. In the first version of OpenScape, only the Communication Broker is fully integrated
into the Windows management architecture as shown in Figure 3-1. The MCU provides a native Win32 user interface and the Media Server provides native web-based management interfaces.
Microsoft SQL Server 2000 is used for the data repository. Database management tasks are
described in Section 3.8.2 on page 3-11.
3.2
Licensing
IPurchase of the OpenScape Base Suite entitles the purchaser to all components in the product
structure, specifically:
Personal Productivity Package, including Personal Portal, Word Web feature, Auto-answer
feature, Self-Service Portal
3-2
5350man.fm
Management
OpenScape Management Console
The OpenScape Management interface provides a way to add licenses to the system and to
view the number of purchased licenses on a feature basis as well as the number of licenses
that are currently used. Refer to Section 3.8.7 on page 3-14 for information about licensing
management.
3.3
The administration interface for OpenScape, the OpenScape Management Console (OMC,
Figure 3-1), is available in two languages, English and German.
The Siemens-developed OpenScape snap-in, which is a DLL that runs under an instance of
the Microsoft-provided mmc.exe process, has multiple functions, where each function is represented as a tree node. Within the OpenScape snap-in, there is one primary node and multiple
child nodes for each installed OpenScape server. These OpenScape servers are automatically
discovered by the OMC. The screen shot in Figure 3-1 on page 3-4 shows four servers in the
netservxx family.
As Figure 3-1 on page 3-4 shows, for each OpenScape system node the following functions
are available:
Configuration operations that modify the data repository are logged in an audit trail. The audit
trail information indicates for each operation the time and date, the data being changed, and
the administrators account.
3-3
5350man.fm
Management
Server Management
3.4
Server Management
The administrator can start or stop the OpenScape software and verify the current state of the
OpenScape server, including the following conditions:
An error has occurred while trying to determine the state of the OpenScape software
The OMC is currently trying to determine the state of the OpenScape software.
3-4
5350man.fm
3.5
Management
User Management
User Management
The administrator can add new OpenScape users, and display, modify, enable, disable, and
delete existing users. Both OpenScape users and RTC users who have not been configured
for OpenScape can be displayed.
To add an OpenScape user, the administrator must first enable a new or existing Windows user
account for RTC. This can be accomplished using either the Microsoft RTC Server MMC Snapin or the Microsoft AD (Active Directory) MMC Snap-in.
To convert an existing RTC user to an OpenScape user, or to modify the parameters of an existing OpenScape user, the system administrator uses the appropriate OMC dialog box and
sets or modifies the following parameters:
Password
Phone Number Either a custom phone number for this user, or a phone number copied
from Active Directory entry for the users Windows account
User Groupwhether the user will be added to the OpenScape User group or the OpenScape Administrator group.
View and configure the Siemens SIP phones associated with an OpenScape user. Only
phones that have been configured via the OMC are displayed.
3-5
5350man.fm
Management
Device Management
3.6
Device Management
The Device Management function allows administrators to manage OptiPoint 400 SIP V3.0
phones. It provides Phone Management and Real-time Transport Protocol (RTP) Statistics.
>
3.6.1
Although the system administrator can configure an OptiPoint 400 SIP phone using
the phones menus or the phones Web Management Interface (each OptiPoint 400
SIP phone has a built-in web server), it is recommended that the system administrator uses only OMC to configure OptiPoint 400 SIP V3.0 phones for OpenScape users.
General Parameters
>
The OMC provides management of Siemens SIP phones only; third-party SIP
phones have their own management interfaces.
Administrators can manage the following general parameters for all SIP phones in a particular
OpenScape system:
The start date and time and recurrence for data synchronization
SNMP parameters
QoS parameters
Phone-specific data profiles used when configuring new phones. The administrator can
add new profiles, for example for executives, for lobby phones, etc.
The default phone administration password and the default wildcard server certificate that
are used to configure new OpenScape phones.
The parameters to be used to discover the phones for a particular OpenScape system
3-6
5350man.fm
3.6.2
Management
Device Management
Phone-specific Parameters
The administrator can view and configure the phones associated with the OpenScape users in
that system. Only phones that have been configured via the OMC are displayed. For an individual phone or group of phones, the administrator can modify the following settings:
Network settings
Authentication settings such as Kerberos Key Distribution Center (KDC) server address
and port
System settings such as voice mail destination and number for message waiting
File Transfer settings such as FTP server address and account name
Time & Date settings such as whether daylight savings is off or on.
Speech settings for jitter buffer, compression codec, audio mode, and silence suppression
Settings (on or off) for components such as instant messaging and contacts
Key layout
Menus
Dial plan
Disassociate a phone from an OpenScape user. This causes the phones data to be reset
in the phone and removed from the OpenScape database.
Initiate software updates for the phones. The administrator can also download a new file
for Music-on-Hold.
Initiate a consistency check between the data stored in the phones and the data stored in
the OpenScape database.
3-7
5350man.fm
Management
Device Management
3.6.3
The administrator can manage the following parameters for a single SIP phone:
The Windows password that the phone uses to authenticate itself with the RTC server
The Server Certificate and Private Key stored in the phone that is used to enable a
secure connection on the phones external interfaces
3.6.4
The administrator can manage the Siemens IP phones detected via the auto-discovery protocol that have not been configured for OpenScape. The administrator can:
3.6.5
Enable and disable the collection of RTP statistics for a specific phone.
Set the maximum number of statistics files and the maximum size per file
3-8
5350man.fm
3.7
Management
Application Management
Application Management
The administrator uses Application Management to administer data, options settings, and trace
operations for the various applications (services) in the OpenScape system. The Application
Management screen lists every OpenScape Service, with its current software version information and execution state.
3.7.1
Application Properties
This section describes the properties that can be administered for the various services in the
OpenScape system.
3.7.1.1
Community Assistant
The following properties can be administered for the Community Assistant application:
Access to Collaboration Web Pageused to enter the URLs of the internal and external
Collaboration web site.
Collaborationsthe maximum number of collaborations, the maximum number of members per collaboration, the maximum number of parties in a conference, and an indication
of whether or not the call should be dropped when only non-OpenScape users are left in it.
Emailthe default email text that is sent in various situations with the Workgroup Portal.
3.7.1.2
Data Synchronizer
The OpenScape Data Synchronizer application synchronizes RTC user data stored in the Windows Active Directory with corresponding user data in the OpenScape database.
This application contains one configurable property, the synchronization interval, which specifies the interval for the one-way synchronization from the Active Directory user information to
the OpenScape user information. This synchronizes users from all Active Directory domains
that house a user for this RTC Server.
3.7.1.3
The Platform Resource Monitor application monitors administrator-defined system and process resources by polling them in regular intervals. The administrator can specify how often
the resources should be polled.
3-9
5350man.fm
Management
Application Management
3.7.1.4
The Context Data Recorder (XDR) application provides per-session logging. The administrator
can configure:
Session Data: information regarding calls and messaging between various endpoints
for OpenScape users
Session Interaction Data: information associated with call sessions such as account
codes, subject, etc.
PeriodicityContext data is eventually stored in the database for persistent storage from
intermediate locations at periodic intervals. The Periodicity defines the interval in the range
of 1 to 3600 minutes.
Disk Quotathe maximum hard disk space used by context data intermediate locations.
The quota defines the space in megabytes with a minimum value of 10MB.
Generate Switch -If not selected, the context data for this data category would not be
stored.
Incomplete Record Location - Context data location to store the incomplete records for the
data category. This data will be moved to database once the records are completed.
3.7.2
Trace Control
Trace Settings
The maximum number of trace files that can be generated by the application, and the
maximum size each file can attain before another trace file is created.
The trace level value and trace status (enabled or disabled) for each sub -component
in the selected application.
File Retrieval retrieves the generated trace files for selected application from the server
on which the application is running, and stores those files on the system on which the OMC
is running.
3-10
5350man.fm
3.8
Management
System Management
System Management
System Management is used to administer system options settings (those that do not relate to
a specific application), and to invoke various system-related tasks.
3.8.1
The System Data function is used to configure system-wide data such as:
Default phone number type and number rulesdefines whether the Phone Number field
in Active Directory is used to create the Phone Number (Secondary URI) of a OpenScape
user or the administrator enters the Phone Number individually for each user.
Dynamic Port Range for the range of communications ports used by the various OpenScape services.
OpenScape internally uses dynamic ports for communication. The administrator has the
option to define the range of consecutive ports that can be used at runtime by the OpenScape services. The low port number has to be greater than 1024 and lower than the high
port number. The range has to be at least 30 in order for the system to operate properly. It
is recommended that the dynamic ports start at higher numbers to make sure that they
don't interfere with reserved ports (1025~10000).
3.8.2
Storage Administration
This function allows the administrator to invoke on-demand backup, restore, and purge operations for the OpenScape database and to schedule operations for later (and repeated) execution.
3.8.2.1
Database Backup
The administrator can back up the OpenScape database to a location accessible from the
local servers file system. Three types of backup are available:
Incrementalback up only files modified since the last backup of the transaction log.
3-11
5350man.fm
Management
System Management
Back up OpenScape via the OMC on a regular basis. The system prompts the administrator to perform a backup before a software upgrade.
>
NOTE: A backup should be taken at a time when the system is idle or under very
low load. This ensures that the performance of other system components is not affected during backup and also that the backed up data is in a consistent state.
For a restore, the system has to be in an idle state and may also require that some
of the services/components be stopped completely. For backup purposes a separate
device is required at the customer site. Currently only disk devices will be supported.
3.8.2.2
Database Restore
The administrator can restore the OpenScape database from a location accessible from the
local servers file system.
3.8.2.3
The Purge function can be used to delete historical voluminous data that is no longer needed
by the system, but which is occupying a lot of database space. The following types of Purge
are available:
XDR Session data in the SQL database XDR data can be exported to a file and optionally
be purged after the export operation completes.
The Purge should be run from the OMC Storage Management screens during idle conditions
when there is minimal load on the system. It can be run on-demand or scheduled to run at recurring intervals.
3.8.3
Storage Monitor
The administrator can monitor the OpenScape database and view the log file generated by
that task. The log file can also be saved as a Word or text document.
3-12
5350man.fm
3.8.4
Management
System Management
Specify where email notifications for the Fault Diagnostic Report or System Statistics Report should be sent
3.8.5
Resource Monitor
Resource Monitor monitors resource usages of OpenScape system. The monitored resources
can be grouped in two categories: system resources and application resources. The system
resources that are monitored for the host machines running the OpenScape system are CPU,
hard disk and memory. The application resources that are monitored for each OpenScape application are CPU and memory.
The following resources can be monitored by the Platform Resource Monitor service:
The remote host machines running on the OpenScape server. A new host machine can be
added
3.8.6
Systems Destination
3-13
5350man.fm
Management
Administration of Other Components
3.8.7
Licensing Management
3.9
SIP Gateways
MCU
Media Server
3.10
Fault Management
Error collection: Archives errors and warnings generated by OpenScape components. This
includes Siemens SIP phones, MCU, Media Server, and the OpenScape core applications.
Errors are posted into the Windows event logs. Third-party components or applications
such as gateways can also send errors to the OpenScape management via SNMP.
Error analysis: Performed on the collected data. If it is determined during error analysis that
actions need to be taken by the administrator, a report detailing these steps is generated.
Also if error analysis determines that the system is in a critical state and requires immediate intervention, a notification is sent to the administrator.
User notification: Notification targets can be configured for e-mail, page, SMS, and Instant
Messaging.
Trace utility: An extensive trace utility is provided as described in Section 3.7.2 on page
3-10.
3-14
5350man.fm
3.11
Management
Installation of OpenScape
Installation of OpenScape
All OpenSpace client applications and server components are provided as Microsoft Installer
(MSI) packages. The server packages are: Communication Broker, MCU, and Media Server.
The client packages are the Management snap-in, Windows Management Add-In, and Outlook
Add-In. Installation wizards are provided. Automation of client distribution can be achieved by
using the IntelliMirror feature in Active Directory.
3-15
5350man.fm
Management
Installation of OpenScape
3-16
5350Pport.fm
Personal Portal
Personal Portal in a Browser Window
Personal Portal
The Personal Portal provides a unified way to manage all communication tasks, handling voice
calls, emails, and instant messages. It can be:
Accessed as a Microsoft Outlook folder web page (Figure 4-2 on page 4-2)
>
Note that OpenScape uses the Exchange 2000 server. For the desktop client, users
can have Outlook 2000 or higher.
4.1
As Figure 4-1 shows, when the Personal Portal appears in a browser window, users can use
the Inbox and Calendar functions provided by the Exchange server.
Figure 4-1
4-1
5350Pport.fm
Personal Portal
Personal Portal as Outlook or Messenger Plug-in
4.2
When the Personal Portal appears as part of Outlook (Figure 4-2 on page 4-2) or Windows
Messenger (Figure 4-3 on page 4-2), My Inbox and My Calendar do not appear.
Figure 4-2
Figure 4-3
4-2
5350Pport.fm
4.3
Personal Portal
My Status
My Status
My Status (Figure 4-4) is the primary variable that OpenScape checks to determine how to
route communications. It provides a basis for the rules that give users control over how their
communications work.
In addition, any OpenScape user can view the status of another user who has been configured
as a contact. (However the contact can choose to block another user from viewing his status
and media availability.)
Figure 4-4
My Status
Working remotely
In Office
Be Right Back
In Meeting
No Interruptions
Out of Office
On Business Trip
On Vacation
>
There is no correlation between status in OpenScape and status in Windows Messenger. An OpenScape users status must be set manually; there is no option to
change status automatically.
Refer to Section 4.10 on page 4-10 for more information on how My Status is used.
4-3
5350Pport.fm
Personal Portal
My Preferred Phone
4.4
My Preferred Phone
Users set their preferred voice device from the Personal Portal. Other preferred phones and
devices are available and configured with Options...Devices. (Refer to Section 4.8.3 on page
4-8 for more information about devices.)
For maximum flexibility, users can configure a number of associated devices and then set their
rules (described in Chapter 5) to route incoming calls to the preferred device. An outgoing call
that a user places through My Calls is routed through the preferred device.
4.5
My Calls
Place a call on the device that has been designated as the preferred device.
Take actions on current calls: put on hold, release the hold, hang up, add a caller, or show
the parties in the call.
Figure 4-5
4-4
My Calls
5350Pport.fm
Personal Portal
My Contacts
Note that My Calls knows only about the calls that are routed through OpenScape. For example, if someone calls a users OpenScape number and is routed to his cell phone, then OpenScape continues to monitor the progress of the call and can act on it. However, if a caller dials
a users cell phone directly, then OpenScape has no knowledge of the call and cannot act on it.
The Number field is provided for users to enter the phone numbers of parties who are not in
their contact list or their Outlook Address book.
4.6
My Contacts
My Contacts (Figure 4-6) allows users to manage their contacts and take the following actions:
View the contacts availability for a phone call, IM, and email
Figure 4-6
My Contacts
The state of the icon next to the contact's name tells you whether that contact is reachable by
phone, instant messaging, or email.
When the voice icon is grayed out, the contact's preferred phone is not available (but voice
mail is always available).
When the IM icon is missing, the contact is not available for instant messaging.
4-5
5350Pport.fm
Personal Portal
My Work Groups
4.6.1
Contacts in Outlook
OpenScape contacts are separate and distinct from Outlook contacts. There is no facility to import contacts from Outlook to OpenScape or vice-versa.
In OpenScape, the term contacts is used in the same sense that Microsoft uses the term for
Windows Messenger. It essentially means a buddy in the buddy list. In OpenScape V.1, these
contacts are limited to other OpenScape users. When users use the Address Book as an input
source to select parties for a conference, they can access only the Global Address Book (not
the Contacts Address Book).
In Outlook, contacts describes names and addresses that a user saves in the Outlook address
book. These people tend to be external to the enterprise. The Contacts directory in Outlook is
unique for each person and can be accessed in the same way that the Global Address Book is
accessed through the Address Book function.
OpenScape users can configure special properties for their Outlook contacts (that is, for people
external to the enterprise) that allow them to have guest access to OpenScape and the features
of the Self-Service Portal. (Refer to Section 7.2 on page 7-4 for information about the Self-Service Portal.)
4.6.2
The OpenScape My Contacts list contains only other OpenScape users. The Windows Messenger contact list can contain OpenScape and non-OpenScape users.
4.7
My Work Groups
See the status of the existing work groups (idle, conference meeting in progress, WebEx
meeting in progress)
Take action:
Only the person who set up the work group can modify it or delete members from it. When a
work group is deleted, all information including membership, options, and documents are deleted. A backup owner can take over when the owner is deleted (for example, when the owner
leaves the company.)
4-6
5350Pport.fm
Figure 4-7
Personal Portal
Options
My Work Groups
4.8
Options
This section describes the following options available in the Personal Portal:
Language
Preferences
Devices
4.8.1
Language
Users can select either English or German as the language of the Personal Portal.
4-7
5350Pport.fm
Personal Portal
Options
4.8.2
When the Personal Portal appears in a browser, users can determine which components of
OpenScape appear on their desktop. The possibilities are:
Show all components (My Calls, My Contacts, My Collaboration Groups, Inbox, Calendar)
Hide My Inbox
Hide My Calendar
Hide Outlook
4.8.3
Devices
In OpenScape, device refers to any entity that can act as a communications endpoint: phones,
instant messaging, or email. There are two categories of devices, registered devices and associated devices.
Registered devices are automatically configured for a user. SIP phones and Windows
Messenger are considered registered devices because they register with a part of the
RTC server called the SIP Registrar. They are automatically recognized by the system.
Each registered device has a name and an ID key. For phones, the ID key is the physical
address of the phone. For Windows Messenger, it is the name of the machine that it is running on. Users can edit the name of the registered devices but cannot change the ID key.
They can also edit the supported modes of the device (voice, IM, email) unless supplied
by the device itself (as is the case with the Siemens SIP phones.)
4-8
5350Pport.fm
4.9
Personal Portal
Interaction with Windows Messenger
Windows Messenger provides an OpenScape tab as an alternative way of accessing the Personal Portal. In addition, Windows Messenger:
Provides the ability to add and delete contacts and manage the allow / block list.
Provides the instant messaging window for sending and receiving instant messages.
Users can take advantage of the Windows Messenger capabilities such as application sharing,
file transfer, and point-to-point video when cameras are installed.
Because Windows Messenger availability is taken into account by OpenScape when it considers to which device a particular voice call, email, or instant message should be delivered, it is
recommended that OpenScape users should mark themselves Online when they want their
Windows Messenger to be included and mark it Away when they do not want it included.
4-9
5350Pport.fm
Personal Portal
OpenScape Presence and Availability Model
4.10
The OpenScape presence and availability model is based on the Microsoft presence model
and enhances it with value-added Siemens propositions. It consists of two separate elements:
An overall availability for each media type (voice, email, instant message) that is supported by any of the devices owned by a user. The overall availability for each media type takes
into account the state (busy, online, unknown, offline) of each device that supports that media type. Then those states are combined (or aggregated) to determine overall availability.
There is no direct link between a users status and the overall availability for each media type.
While the media states are aggregated from actual device settings, the status is not.
4.10.1
Status
Every OpenScape user has a status at all times. Status can be set from the Personal Portal or
the Voice Portal and can be one of the following:
Working remotely
In Office
Be Right Back
In Meeting
No Interruptions
Out of Office
On Business Trip
On Vacation
There is an additional status value of Unknown that is used by the OpenScape system in situations where the status is not currently available or where the user is prohibited from seeing
the status value. Note that only the OpenScape system can set this value; users cannot.
Status is one of the key means by which an OpenScape user personalizes the behavior of the
OpenScape system. In particular:
Status determines which rule set will be applied for the user.
Status is displayed as part of the contact list for each of the contacts who are OpenScape
users.
4-10
5350Pport.fm
4.10.2
Personal Portal
OpenScape Presence and Availability Model
Availability
Voice
Instant messages
As Figure 4-8 shows, it is arrived at by taking into account whether each device that is capable
of that media type is busy, online, offline, or whether its availability is unknown. Those individual
states are summed up to arrive at the combined availability.
Combined
Availability
availability
for IM
for IM
Availability
for voice
Availability
for email
IM
Voice
Figure 4-8
IM
Voice
IM
Voice
Voice
Based on the availability information about each media type (for example, available via phone,
not available via instant messaging, available via email), OpenScape can make the appropriate
routing decision.
4-11
5350Pport.fm
Personal Portal
OpenScape Presence and Availability Model
>
Besides enabling OpenScape to make routing decisions, the overall availability by media type
also appears for each contact on the Contact List in the Personal Portal.
4.10.3
The Siemens Presence and Availability Model provides the following enhancements to the native Microsoft presence model:
Support for other, non-SIP registered devices (associated devices)This extends the
reach of the communications solution to legacy devices (connected to private networks,
the PSTN, the CSPN, etc.)
Aggregation by media typeThis provides users with a better idea of what kind of communications their contacts are willing to accept.
Communications rules based on the users statusThese provide more appropriate behavior than that provided by default in the Microsoft solution.
Ability to manage basic presence (user status) from any telephone in the world and from
any web browser that can access the OpenScape site.
4-12
5350Pport.fm
4.10.4
>
Personal Portal
OpenScape Presence and Availability Model
Use OpenScapes My Status (and the associated rule set) to indicate their own personal
status and control which OpenScape rules are in effect.
Use Windows Messenger Status only to indicate the availability of their Windows Messenger device.
4-13
5350Pport.fm
Personal Portal
OpenScape Presence and Availability Model
4-14
5350rules.fm
Rules Wizard
Rules Wizard
With the Rules Wizard (Figure 5-1), users set up rules to determine how, when, and where they
can be reached. For example:
For an incoming call received after Wednesday November 12th, 2003 and before Wednesday
November 19th, 2003 and received after 16:00 PST and before 04:00 PST, redirect to cell
phone and where redirect fails, redirect to voice mail and where redirect fails, notify by SMS to
cell phone with 'missed call'.
Figure 5-1
Rules Wizard
A user creates a rule with the Rule Wizard and puts it into effect by assigning it to one or more
statuses (Working Remotely, In Office, etc.). When a user sets My Status, only those rules that
are assigned to this status are executed when a primary condition is triggered.
Each rule consists of:
5-1
5350rules.fm
Rules Wizard
This selection determines the set of supported conditions, actions, and exceptions that are
unique for each primary condition.
Actions
A valid rule contains at least one action. The user can specify multiple actions (for example,
redirect to cell phone AND where that redirect fails, redirect to voice mail). No action can
appear in a rule more than once. Actions can be cumulative or conflicting:
Conflicting actions: only the action belonging to the higher priority rule is executed. Priority is determined by placement in the rule set, with the topmost rule set having highest priority. (The rules can be reordered to reflect the desired priority.)
Exceptions
After selecting actions, the user can optionally include one or more exceptions. The exceptions are identical to the conditions but with except if or except added at the beginning.
No exception can appear in a rule more than once. Multiple exceptions are separated by
an OR. Therefore, if any exception is TRUE, the rule will be evaluated as FALSE and no
action associated with that rule will be used.
For example: Assume that the rule states, For an incoming call from Bill Gates, redirect to
my preferred device OR to My Assistant except if after 19:00 and before 08:00. If a call from
Bill Gates arrived at 7:30 p.m., the call would not be redirected.
When there is no action that takes precedence, the default rules are used. The final default rule
is route to voice mail so if no other condition or exception applied, the call would be directed
to the users voice mail.
5-2
5350rules.fm
5.1
Rules Wizard
Rules for Incoming Calls
A user can create rules for incoming calls using any of the conditions in Table 5-1.
>
When a term is underlined, (for example, people) it indicates that the user has to
specify parameters. In the Rules Wizard, the underline signifies a link that displays
the available values or a place to enter data.
Condition
Parameter Values
From people
Where my device...
Preferred IM Device
Aggregated Voice
Aggregated IM
Available
Unavailable
Online
Offline
Busy
Do not disturb
Unknown
Multiple
Entries?
Y
N
N
Received on certain
dates
Received in a specific
date range
Received in a specific
time range
Received on certain
days of the week
Table 5-1
*
When the device specified is an associated device, the context used will be as it was set in the Options Devices Associated Devices screen
5-3
5350rules.fm
Rules Wizard
Rules for Incoming Calls
5.1.1
A rule for incoming calls must include one or more of either class of the following actions.
Cumulative Actions
Conflicting Actions
Values
destinations
Notification methods (email, IM, pager, SMS) and target address, for example By email to Preferred Email Device and by
IM to Lynn Nottbohm
specific message
The message text. Standard information such as the calling party information and time and date of the call are always sent
when possible by the notification method.
text string
my device or
person list
my device or
person
Table 5-2
5-4
Multiple
Entries?
5350rules.fm
Parameter
Values
account code
Table 5-2
5.1.2
Rules Wizard
Rules for Outgoing Calls
Multiple
Entries?
N
5.2
A user can configured rules for outgoing calls using any of the following conditions:
To people
5.2.1
Cumulative Actions
5-5
5350rules.fm
Rules Wizard
Rules for Incoming Instant Messages
Conflicting Actions
5.2.2
Any of the following exceptions can be included. No exception can be used more than once.
Except if to people
5.3
A user can create rules for incoming calls using any of the conditions in Table 5-3.
Condition
Parameter Values
From people
Where my device...
Preferred IM Device
Aggregated Voice
Aggregated IM
Table 5-3
5-6
Multiple
Entries?
5350rules.fm
Rules Wizard
Rules for Incoming Instant Messages
Condition
Parameter Values
Multiple
Entries?
available
unavailable
online
offline
busy
DND
unknown
Received on certain
dates
Received in a specific
date range
Received in a specific
time range
Received on certain
days of the week
Table 5-3
*
When the device specified is an associated device, the context used will be as it was set in the Options Devices Associated Devices screen.
5.3.1
A rule for incoming calls must include one or more of either class of the following actions:
Cumulative Actions
Conflicting Actions
Table 5-4 describes the action parameters for incoming instant messages.
5-7
5350rules.fm
Rules Wizard
Rules for Incoming Instant Messages
Parameter
Values
destinations
Notification methods (email, IM, pager, SMS) and target address, for example By email to Preferred Email Device and by
IM to Lynn Nottbohm
specific message
The message text. Standard information such as the calling party information and time and date of the call are always sent
when possible by the notification method.
text string
my device or
person list
Preferred IM Device
my device or
person
Same as above
account code
Table 5-4
5.3.2
Multiple
Entries?
For an incoming instant message, any of the following exceptions can be included:
5-8
5350rules.fm
5.4
Rules Wizard
Rules for Outgoing Instant Messages
For outgoing instant messages, any of the following conditions can be included:
To people
5.4.1
A rule for incoming calls must include one or more of either class of the following actions:
Cumulative Actions
Conflicting Actions
The parameters for the actions are described in Table 5-4 on page 5-8.
5.4.2
For an outgoing instant message, any of the following exceptions can be included:
Except if to people
5-9
5350rules.fm
Rules Wizard
Rules for Incoming Emails
5.5
For incoming emails, any of the conditions in Table 5-5 can be included:
Condition
Parameter Values
From people
Specific words
Urgent
Multiple
Entries?
high importance
normal importance
low importance
Received on certain
dates
Received in a specific
date range
Received in a specific
time range
Received on certain
days of the week
Table 5-5
5.5.1
For incoming emails, one or more of either class of the following actions must be included.
Cumulative Actions
Conflicting Actions
The parameters for these actions are described in Table 5-2 on page 5-4.
5-10
5350rules.fm
5.5.2
Rules Wizard
Default Rules
The parameters for exceptions are identical to the parameters for conditions in section 2.1.5.1
and wont be repeated here.
5.6
Default Rules
Default rules are available from the system, based on the status that the user sets. A user who
is configured in OMC as an administrator can modify the default rules. Any user can override
the default rules by using the Rules Wizard to set up custom rules. Custom user rules are always prioritized above default rules when conflicting actions are evaluated.
If the user sets his status to: In Office, Working Remotely, Be Right Back, In Meeting, the default
rules are:
For an incoming callRedirect to preferred voice device and where redirect fails, redirect
to voice mail and log call to journal
For an incoming instant messageRedirect to preferred IM device and dont log message
to journal
If the user sets his status to On Business Trip, Out of Office, On Vacation, Unavailable, or if it
is unknown:
5-11
5350rules.fm
Rules Wizard
Default Rules
For an incoming instant messageRedirect to preferred IM device and dont log message
to journal
5-12
5350work.fm
Workgroup Portal
Workgroup Portal
The Workgroup Collaboration application, accessible from the Workgroup Portal, facilitates
document sharing, instant set-up of voice conferences and the automatic launch of WebEx application sharing.
Figure 6-1 shows the Workgroup Portal with a document open in the Document Viewer.
Figure 6-1
Workgroup Portal
Workgroup members can use this portal to manage a voice conference or WebEx meeting, including the following tasks:
Sharing documents
6-1
5350work.fm
Workgroup Portal
Viewing Conference Details
6.1
>
OpenScape users must have an email address in Active Directory in order to participate in a workgroup conference.
While participating in a workgroup conference, whether a voice conference or a WebEx meeting, the members of the workgroup can see:
The time the conference started and the number of callers in the conference. This display
remains active for the duration of the media conference and is updated in real time with
any changes, for example when a participant drops out.
The names of the participants who are in the voice conference or WebEx meeting and the
names of workgroup members or requested conference participants who are not in the
voice conference or WebEx meeting.
6.2
Sharing Documents
Members of a workgroup have access to a common storage area of documents. The storage
area, an Exchange folder, holds whatever documents and files that members may wish to
access. Any type of document or file may be included in the storage area and then accessed
from a portal as long as the document type is already associated with Internet Explorer and
the correct Internet Explorer plug-in for this type of document is installed on the users PC.
6.3
Creating Workgroups
6-2
5350work.fm
Figure 6-2
Workgroup Portal
Creating Workgroups
Workgroup Properties
>
With this option set, workgroup members should be careful about forwarding
their phones. If forwarding is set, someone other than the person intended could
get invited to the conference or the persons call can be forwarded to voice mail.
The person can accept or decline. A timeout indicates decline. (This is the default.)
Customized email message: An email is sent to the new members whenever a workgroup
is created or a member is added. The default email is configured in the OpenScape Management Console, but the user can create custom text to include in the email with this option.
6-3
5350work.fm
Workgroup Portal
Launching a Workgroup Session
These documents can be in any format but are viewable only if the user has the appropriate
browser plug-in to view that document type.
The groups backup owner. This person becomes the owner in the case where the owner
is deleted as an OpenScape user.
To finish up the creation of the workgroup, the workgroup can be saved or an immediate voice
or WebEx conference can be launched.
Once the workgroup is saved with a name, members are notified by email that the workgroup
exists and they can access the associated documents. If the conference is immediately
launched, then no email notification is sent.
6.4
Once a workgroup is set up, a user can invoke a session with one click from either the Personal
Portal or Workgroup Portal. OpenScape automatically calls all workgroup members who have
been specified to be in the conference and if they are available, puts them in a voice conference.
Participants in the conference hear a beep when people join or leave the conference.
After the session begins, any participant can add parties to a conference. Any participant that
is a member of the workgroup can drop other parties.
In an ad-hoc conference, no special warning messages (besides standard beeps) are played
if parties are being dropped by other participants. In the case when the system parameter is set
to drop the conference if it contains only non-OpenScape users, there is also no warning message.
6.4.1
Start voice and WebEx conference together. When the first party is connected via voice,
the WebEx conference is launched.
Start WebEx in an ongoing voice conference (unless the conference was launched from
Voice Portal, in which case the user is assumed to be on the phone and has a voice-only
connection to OpenScape)
6-4
5350work.fm
Workgroup Portal
Launching a Workgroup Session
An ad-hoc WebEx conference can be launched from My Calls and My Contacts in the same
manner as conference calls. If the user selects one contact and starts a WebEx conference, a
two-party WebEx session can be created but it will be treated as a conference by the system.
6-5
5350work.fm
Workgroup Portal
Launching a Workgroup Session
6-6
5350Vport.fm
Voice Portal and Self-Service Portal
Voice Portal Access for OpenScape Users
This chapter describes the Voice Portal and the Self-Service Portal, both accessible by telephone.
7.1
By phone, OpenScape users can set their status, initiate conferences, set their preferred
phone, and access the Exchange server for both voice and email messages, contact lists, and
calendars. This section describes the full capabilities of the Voice Portal.
Users who call in to the Voice Portal are authenticated by entering their OpenScape ID and
password. The caller is allowed three tries before authentication fails and the call is disconnected.
7.1.1
Users can use the Voice Portal to listen to messages in their Inbox. The user hears the date
and time the message was received and the type of the message (voice or email). Voice messages are in 8khz, 16-bit mono PCM format.
For an email message, the body of the message is rendered by text-to-speech. The system
advises the user if there is an attachment but mail attachments are not rendered.
The following message controls are in effect during and after the message playback of the
message:
Go to previous message
Delete
Mark unread
Reply to message. A user can reply to any message as long as the message sender has
a defined email address. The delivery mechanism is via email.
Users address messages using Dial-By-Name or by entering an extension number.
Users can filter the messages by voice or email, by urgency, newness (i.e. unread messages),
or simply listen to all messages in the order received.
7-1
5350Vport.fm
7.1.2
An OpenScape user can create a voice message, forward a message with a comment, or reply
to a voice or email message. The message is sent immediately (not held until the end of the
session.) Messages cannot be marked private, so any message can be forwarded.
Messages are deleted on request (not at the end of a session) and moved to the Deleted Items
folder. The next time the user accessing his emails via Outlook closes the Outlook session, (depending on his Outlook settings) the message may be permanently deleted. (This depends on
his Outlook settings). Once the message is deleted, the user cannot reply to it or forward it.
There is no Saved folder for messages.
7.1.3
OpenScape users can access their calendars from the Voice Portal to do the following:
Play all appointments for a specific date and time range. The user must enter the desired
date and the desired time range. Time range will be determined by asking for the start time
and end time.
Block a specific date and time range in the calendar. No invitees are specified. Note that
the appointment will be blocked even if there is already an appointment in that time range.
Review upcoming appointments. All appointments with a tentative meeting status within
the specified time frame are played, one after the other, and the user can accept or reject
each one. When a meeting is rejected, the busy status is changed from tentative to free
and the user can still see the meeting in his or her calendar. The user can then delete the
rejected appointment and it is moved to the Deleted Items folder.
If the user is the originator of the appointment or if a contact guest made the appointment,
the user can delete the appointment. (Refer to Section 7.2.1 on page 7-4 for a description
of guest access.)
7-2
5350Vport.fm
7.1.4
To bypass the menu that presents the selections in the Voice Portal, users can set up shortcuts
to the following tasks:
Leave a message
Start a conference
Retrieve documents
A default Phone Favorites is available and users can customize it to suit their preferences by
rearranging or deleting options and changing the terms that are used, for example, next meeting instead of next appointment.
If automatic speech recognition is available, the user can also say Check appointments (or
other words of her choosing) to bypass other menu choices and go directly to that selection.
7.1.5
The user can review contact information from the Voice Portal. The user dials the contact by
name and hears all the matches for that name. Once a selection is made, the user hears: Contact: <first name> <last name> <home phone number> <business phone number> <fax number> <e-mail address>.
7-3
5350Vport.fm
7.2
The Self-Service Portal allows guests calling into the system to help themselves to information
that the user has made available. Each user controls access to his or her own Self-Service Portal.
A guest accesses the users Self-Service Portal by first dialing the users extension number and
then making the appropriate selection from the list of choices.
>
The OpenScape user specifies these choices in the web greeting that he sets up. If
the user has not set up his web greeting, the caller can only leave a message.Section 7.4.3.1 on page 7-13 has more information on the web greeting.
Document access functionsread, or retrieve by email or fax a document stored in Exchange folders
7.2.1
There are two kinds of guest users for the Self-Service Portal:
Anonymous guest a person who is not listed in the users Contact folder in Outlook. This
type of guest has limited access.
Contactsa person who is listed in the users Contact folder in Outlook. A contact guest
has full access to the Self-Service Portal.
The user must assign a numeric password for the contact guest. It is the responsibility of the
user to:
Create this new field via Outlook and communicate it to the contact.
Enter and manage this person in Contacts via Outlook or Outlook Web Access. Note that
this person must be an Outlook contact; whether or not he or she is an OpenScape contact
is irrelevant for this feature.
7-4
5350Vport.fm
7.2.2
Contact guests who call in to the Self-Service Portal are authenticated as follows:
a)
The caller is asked to enter (via DTMF name dialing) their last name and first name
until there is a match and then the numeric password.
b)
If there is a conflict on the name, the caller is asked for their business phone number.
If there is no unique match found for either case (a) or (b), the caller is directed to leave a message.
The caller is allowed three attempts to authenticate. If the authentication fails, the caller is directed to leave a voice message.
7.2.3
Contacts and anonymous guests can leave voice messages for one or more OpenScape users:
By directly calling the Guest Access Number created by the system administrator.
When a guest calls this number, he can record a message. Before recording, the guest is
asked to enter the destination of the message, via DTMF name dialing or by entering the
extension number.
If the caller reaches the users web greeting and chooses to leave a voice message or if
the users rules redirect the caller to his web greeting.
There are two message delivery options: normal and urgent. The default delivery option is normal. A caller must explicitly mark a message urgent.
The maximum recording length is five minutes. The message is recorded in 8kHz 16-bit mono
pulse code modulation (PCM) format.
The recording controls are Stop-Record, Replay, and Erase-And-Record Again.
The message is delivered when the caller explicitly chooses the option to deliver the message
or when the caller records a message and immediately hangs up.
The guest can also enter multiple destinations for the message to be delivered to. When the
extension has been identified, the system plays the users name or repeats the extension number entered and asks the guest for confirmation.
Once the caller has finished recording the message, contact guests who are logged on can use
other guest features of the system like transferring to another extension.
7-5
5350Vport.fm
7.2.4
>
Schedule Appointments
Note that this feature is available to contact guests, but not to anonymous guests.
A contact guest who is logged on can schedule an appointment with the user. The guest can
request the following for a particular user:
Tell me next available appointment today (one hour slot only). Once the system prompts
the availability, the guest has the option to accept the appointment or request the next
available appointment or exit the system.
Tell me the first available appointment on a particular day. The guest enters the month and
date on the phone keypad. Once the system prompts the availability, the guest has the option to accept the appointment, request the next available appointment, or exit the system.
The guest can enter a date and time and the system will respond with the availability.
When a guest accepts an appointment, an email notification is sent to the user and the calendar
appointment appears as a tentative appointment on the users Outlook calendar. When the
user accepts or rejects the appointment, the guest will be sent an e-mail confirmation.
Once the guest accepts the appointment, he cannot modify it but can remove it from the calendar and start the request process again. A guest can only remove an appointment that he or
she made.
A guest can make one appointment per day (of one hour duration) per user but cannot make
recurring appointments.
The subject field of the appointment is pre-defined by the system. For example: Appointment
with <first name> <last name>. The caller can also record a message up to three minutes in
length and attach this message to the appointment.
7-6
5350Vport.fm
7.2.5
Access Documents
A user can store documents of any kind in predefined Exchange folders to make them available
to guests who access the Self-Service Portal.
>
The documents reside in folders for the user in the Exchange 2000 Server. The management of these folders is the responsibility of the user.
The user can make a specific association between a resource and an authenticated contact
guest by specifying the URL of the greeting set up for that contact guest in the Web page address field of the Contact properties for that guest.
The documents can be accessed as follows:
A document can be emailed as attachment to a contact guest if the email address is available.
The contact must have a fax number listed as a Contact Property in Outlook or must
enter one via the phone keypad.
Users can also make documents available to be faxed to anonymous guests but the guest must
enter the fax number.
7-7
5350Vport.fm
7.3
The Media Server provides telephony applications that are used in interactive dialogs, including the following:
For the situations listed above, the Media Server provides a set of generic greetings for all users. These greetings are interactive dialogs such as Welcome to my personal web page. Press
1 to leave a voice message.... The greetings are HTML pages created with the Word Web feature (typed into Word and saved as HTML).
The Media Server provides the text-to-speech and routing capabilities that allow callers to hear
and interact with the greetings.
7.3.1
The Media Server also provides the ComResponse administration tool that allows the system
administrator to do the following:
Set up the routing table in ComResponse to route incoming calls to the appropriate greetings.
The default greetings (and any new greetings created by the user) are stored in predefined
Outlook folders belonging to each OpenScape user.
Each user can customize his or her own greetings using the Word Web feature.
7.3.2
2.
Incoming calls for OpenScape users that are not answered or routed elsewhere by their
Rules are routed to their web greetings, stored in their Forward Access folders.
3.
Maria is on vacation and the default rules route her incoming calls to her web greeting.
4.
7-8
Outside caller
(1)
(3)
(2)
....
Media Server running ComResponse
.....
....Called party number Forward Access Application points to
Web Greeting HTML page
....
........
Figure 7-1
5350Vport.fm
7-9
(4)
5350Vport.fm
7.3.3
In this scenario (Figure 7-2 on page 7-10), Maria is going to be out of the office on vacation but
wants to let callers know whom they can contact in her absence.
1.
2.
She saves the document as HTML and drags and drops it in the appropriate Outlook folder,
making sure that it is correctly named.
3.
When her web greeting is read to the callers, the Media Server inserts the instructions
Press 1 for... Press 2 for...
(1)
Welcome to
Marias web
page
Media Server
running
ComResponse
(2)
Figure 7-2
7-10
5350Vport.fm
7.3.4
Before she leaves for her ski vacation in Switzerland, Maria has been trying to reach Sandra,
a special customer in Zurich. She would like to call on Sandra while she is Switzerland but is
having trouble setting up the meeting. So she gives Sandra access to the Self-Service Portal:
1.
Maria creates a simple Word Web greeting that is customized for Sandra and she stores it
in a dedicated folder.
Hello Sandra, I am looking forward to meeting with you between February 1 and February
8. Please choose a time that is convenient for you.
Maria configures the Contact information in Outlook for Sandra with the location of the special greeting and a password. She sends Sandra an email communicating the password
and the request to schedule a meeting.
2.
Sandra calls and hears Marias greeting to all callers. She presses 3 to log in and hears
the special greeting. Once she has accessed the Self-Service Portal, she follows the voice
prompts to schedule an appointment.
3.
Maria (now on vacation in Switzerland), calls in to the Voice Portal and hears the details of
the appointment that Sandra has scheduled.
OpenScape & Exchange
(1)
Media Server
running
ComResponse
(2)
Figure 7-3
7-11
5350Vport.fm
7.4
Besides the functions of the Voice Portal that give OpenScape users access to messages received in their Inbox and Calendar appointments, there are other important functions provided
by Outlook and the Exchange Server.
7.4.1
For each Contact Guest who will be able to access the Self-Service Portal, the user must configure a password, a business phone number, and an email address. If the user wants to provide custom content (such as a personalized greeting for that guest), he can configure the URL
where the content is stored. A fax number can also be configured to use when faxing documents to contacts.
7.4.2
Folders specifically for use with OpenScape are set up in each users Folder List:
Figure 7-4
>
7.4.3
The names of folders and default files are fixed and may not be changed.
The user who wants to customize a default greeting can change the content but not
the name of the file.
The Interaction Center folder contains the resources for OpenScape that are described in this
section.
>
7-12
The folders described in this section contain subfolders with English (en-US) and
German (de-DE) files. Users should be sure to access the appropriate language
files.
5350Vport.fm
7.4.3.1
ForwardAccess Folder
Language-dependent subfolders under this folder contain the menu of selections that users
provide to callers (Press 1 to leave a message, etc.). The source is an HTML document (created with Word Web) called WebGreeting. The Word Web document to use must be located in
the ToUse sub-folder. Users can modify the content but should not change the name of this
greeting.
7.4.3.2
PersonalizedGreetings Folder
This folder and its subfolders contains the initial wav file that will be played to all callers. A user
can change the greeting by recording a new wav file on a PC or recording a voice message for
himself via the phone and dropping the wav file into the Outlook folder. The greeting to be used
must be in the ToUse folder.
>
7.4.3.3
The wav greeting must be in 8Khz 16-bit mono PCM format. If this greeting is
not in the folder (or if more than one greeting is in the folder), nothing will be
played.
SelfService Folder
The folder contains documents that the user wishes to make available to callers. Guests accessing this folder may have text or voice documents read to them and may have any document emailed or faxed, depending on the Outlook Contact properties for that guest.
The user may configure subfolders in the SelfService folder. File and folder names are defined
by the user and must be compatible with URL conventions.
>
7.4.3.4
Callers can browse subfolders. A user should keep this in mind when setting up
the structure for folders and not include restricted-access subfolders under a
folder that everyone can access.
GuestContent Folder
This folder contains the HTML document for greeting a contact guest, along with any associated wav files. The folder is accessed when a call from a contact, for example Bill Gates, is routed
to the SelfService Portal, and Bill Gates logs in with the password provided to him earlier.
It is recommended that users manage their guest greetings by creating subfolders, for example, a folder called BillGates. When the user configures Bill Gates as a contact in Outlook, he
adds the location of his folder to the Contact Property sheet in Outlook.
>
Note that the documents to be supplied to the guest should be in the SelfService
folder.
7-13
5350Vport.fm
7.4.3.5
PhoneFavorites Folder
This folder contains the Word Web document called PhoneFavorites.html that users hear when
they call in to the Voice Portal, log in, and dial *9. It contains shortcuts to their most commonly
used tasks.
7.4.4
Outlook Journal
Using the Rules Wizard, users can specify that certain activities should be logged in the Outlook Journal. Depending on how a user has set up his or her rules, OpenScape logs the following activities when log in journal is specified:
Body: Call at <time and date>, connected to <device name and address>, elapsed
time <time>
Body: Call at <time and date>, called from <device name and address>, elapsed time
<time>
Body: instant message at <time and date>, send to <device name and address>
When the user specifies write text string to journal, the text provided is appended to the appropriate Journal item.
Journal entries created by OpenScape can be viewed only in Outlook. The entry in the Journal
appears as a push-pinned yellow post-it icon that contains the information described above.
7-14
5350sec.fm
Security
Password Access
Security
OpenScape fulfills stringent security requirements. It is the mission of Siemens to provide security that:
Integrates Siemens products into customers solutions with outstanding security features
8.1
Password Access
To protect access to the OpenScape system, logon is restricted with user IDs and passwords.
The following types of password access exist:
The users Windows domain user-name and password are used for portals that support alphanumeric input, such as the users Personal Portal. This is the same user-name / password that is used to log on to the network domain in Windows.
A fully numeric OpenScape user ID and password are supported for easy access from devices that do not easily support alphabetic input such as a telephone keypad. The OpenScape user ID and password are used to access the users Voice Portal.
The Siemens SIP Phone has the following three passwords configured on it:
a) Windows domain password to register with the SIP registrar
b) Administrator password to allow administrators to configure administrative data on the
phone
c)
User password to allow the phones user the following types of access to the phone:
local configuration
CTI interface.
8-1
5350sec.fm
Security
Authentication
8.2
Authentication
OpenScape uses the Kerberos Version 5 IETF standard protocol to provide a highly secure
method of user authentication. OpenScape components authenticate with, and get tickets from,
a Key Distribution Center (KDC). The KDC authenticates users via Microsoft Active Directory
and provides a Ticket Granting Ticket (TGT) if authentication is successful. OpenScape components get service tickets from the KDC that are subsequently used to securely access services in the system.
OpenScape uses the Transport Layer Security (TLS) Version 1.0 IETF standard protocol to perform machine authentication using certificates and encryption. The OpenScape components
running on the RTC Server may use the same certificate installed for the RTC Server itself. The
certificate to be used for a particular server is configurable. The customer can configure it so
that OpenScape uses the same certificate as that used for the RTC Server.
8.3
Encryption
OpenScape uses two standard protocols to perform encryption of network signaling messages:
Transport Layer Security (TLS) IETF standard protocol Note again that TLS requires certificates either purchased from a certificate authority vendor or created by the customer.
TLS is used for the following interfaces:
>
8-2
Note that the TLS option of Windows Messenger must be turned on.
Internet Protocol Security (IPSec) IETF standard protocol. IPSec is used for the following
interfaces:
On the SIP interface between the OpenScape Server and the RTC Server
5350sec.fm
8.4
Security
Authorization
Authorization
User authorization to determine whether the user is an OpenScape user. A user cannot do
configuration.
8.5
The Siemens optiPoint 400 SIP phone supports outstanding security features that use Kerberos for user authentication and TLS for encryption. The users Windows domain user-name
and password are stored on the phone to provide secure access to the RTC Server using Kerberos tickets. TLS requires a certificate purchased from a certificate authority vendor or created
by the customer. A wildcard certificate from a certificate authority vendor is supported to reduce
the certificate cost per phone.
8.6
Certificate Strategy
OpenScape V.1 certificate strategy is based on either third-party certificates issued by a globally known trusted certificate authority (such as Verisign) of the customers choice, or the customers own PKI using customer-specific certificates. The RTC Server platform also requires
the installation of a certificate of the customers choice as a prerequisite for TLS. The certificate
installed as a prerequisite for the RTC Server and TLS may be used by OpenScape on that
machine.
It is the customers responsibility to choose a certificate with a high degree of security. For example, test certificates, expired certificates, and class-0 (email/demo) certificates should not be
chosen.
Microsoft Internet Explorer 6 comes with approximately 60 root certificate authorities (CAs).
The certificate chosen by the customer should either be one issued by one of those 60 CAs, or
a customer-specific certificate that has an associated root CA stored on the machines with Windows Messenger.
8-3
5350sec.fm
Security
Certificate Strategy
8.6.1
The RTC Server and the Media Server should have either a third-party server certificate of the
customers choice installed and configured by the customer, or a customer-specific certificate
installed and configured by the customer. The MCU does not require a certificate because it is
not the server in any TLS interface.
Each of the OpenScape servers will have the common 60 root CAs as part of Internet Explorer
that comes with Windows. If customer-specific certificates are used, customer-specific root
CAs should be installed on the servers.
OpenScape Management Console can run on multiple servers in the system to perform remote
management. However a certificate is not necessary for the servers from which remote management is performed.
Mutual TLS (MTLS) is used to communicate from one RTC Server to another RTC Server. If
this configuration is deployed, Microsoft documentation should be consulted for instructions on
certificate installation and configuration.
8.6.2
OpenScape users PCs do not require the installation of a certificate because they have the
common 60 root CAs as part of Internet Explorer. If the customer is using customer-specific
certificates on the servers, the workstation machines should be installed and configured with
customer-specific root CAs by the customer.
If the customer deploys a workstation that is not running a Windows operating system, it is the
responsibility of the customer to install a root CA that matches the certificates that were chosen
for the servers and the phones.
8.6.3
The SIP Phones require the installation of either a server certificate (and key) issued by one of
the common 60 CAs, or a customer-specific certificate (and key).
8.6.4
Non-Siemens gateway may or may not require the installation of a certificate. This depends on
the following factors:
Customers should follow the instructions in the gateways documentation for certificate support
(if existing).
8-4
5350sec.fm
8.7
Security
Remote Access to Portals via the Internet
Users can remotely access OpenScape Personal Portals and Workgroup Portals via the internet using Internet Explorer (IE). Users cannot remotely access those portals from Outlook or
Windows Messenger.
8.7.1
The following scenarios are examples of remote features that are supported:
An OpenScape user is sitting in an Internet caf or is visiting another company. The user wants
to change her preferred device to her cell phone number and to perform other preference selections via her OpenScape portal. She opens an IE browser and inputs the URL to obtain access to her company. After authenticating with RSA and then with the portal (and optionally
Outlook Web Access OWA), she gains access and makes the desired changes.
For example:
She can send email from the Contact list in the Personal Portal using the email client (Outlook or Outlook Express) configured in the local IE browser. Note that the sender ID of the
email (the from field) may or may not identify the user, depending on IE configuration.
She can view and manage her Inbox and Calendar (obtained via OWA)
She can retrieve a document from Exchange via the Workgroup Portal (HTTPS should be
used for this)
She can initiate a WebEx collaboration session from the Workgroup Portal
Initiate a call from the local Windows Messenger via the portal
8.7.2
RSA SecurID and Microsoft Internet Security and Acceleration (ISA) firewall and Web proxy
services may be used to provide secure access. Some companies may choose to use a corporate firewall or multiple firewalls in addition to ISA. Figure 8-1 shows one possible deployment. (DMZ is where ISA is located.)
8-5
5350sec.fm
Security
Remote Access to Portals via the Internet
Internet
External Firewall 1
ISA
DMZ
OWA
Figure 8-1
Internal Firewall 1
Exchange
Server
OpenScape
Server
The user types in an HTTP URL. That redirects to an HTTPS URL as the portal presents the
first Web page to the user. (TO BE CONFIRMED) Because the portals support both HTTP and
HTTPS, both ports 80 and 443 must be open in the corporate firewalls to support access. Note
also that port 1270 should be open and not redirected for WebEx.
Internet Security and Acceleration (ISA) supports a standard agent interface to Microsoft Internet Information Server (IIS). ISA is used to proxy the following items:
URLThe ISA server can be configured to provide an external URL and hide the internet
URL.
HTTPS the ISA server takes HTTPS from the internet and relays it to HTTPS in the intranet. HTTPS is used for all communication between the browser in the Internet and the
server applications.
OWA runs on IIS. The IIS application used by OWA may be the same IIS used by the portals
Web application, or the IIS application used by OWA may be on a separate machine.
Five levels of security are supported:
8-6
5350sec.fm
Security
Remote Access to Portals via the Internet
Here the user enters the first authentication: RSA user name and passcode. The passcode
consists of a keyword and a numeric authenticator which changes on a continuing basis.
The numeric authenticator is obtained from a fob that the user carries and that has been
synchronized with the RSA SecurID server.
The customer must install a certificate for the Microsoft Internet Security and Acceleration (ISA)
Server (firewall) for OpenScape access from the Internet (if a proper certificate is not already
installed) and configure it (if necessary) according to ISA Server documentation.
8-7
5350sec.fm
Security
Remote Access to Portals via the Internet
8-8
5350conndw.fm
Connectivity
Basic Definitions
Connectivity
9.1
Basic Definitions
Active Directory provides authentication and routing information for the RTC Server. AD is typically viewed from a logical perspective without regard for the physical location of a companys
offices, server or people. The primary logical objects related to AD are: Forests, Trees, and Domains.
9.1.1
Forests
A forest is a collection of trees and is the highest level in Active Directory. There can be multiple
forests in your Active Directory (for example, to accommodate subsidiaries, outside business
entities or merger partners).
Graphically, a forest is sometimes represented by a large box that contains everything else.
Forests are most common in large enterprises.
9.1.2
Trees
Trees are a collection of domains, typically arranged in a hierarchical view. One defining characteristic is that trees share a common root domain name, such as siemens.com.
A Windows 2003 Active Directory domain tree is a set of Windows 2003 domains connected
via a two-way transitive trust, sharing a common schema (database), configuration (topology)
and Global Catalog (quick search engine).
Larger organizations such as enterprises would actually speak of trees.
A tree appears as lines connecting multiple domains but does not implicitly have a shape itself.
9.1.3
Domains
Security requirements
Replication processes
Administration
Domains are the core of Active Directory and take on the name of the registered Internet domain name.The top-level domain is called the parent domain and the lower-level domains (typically placed beneath parent domain in a figure) are considered a child domain.
A31003-S5010-A400-1-7618, Preliminary July 25, 2003
OpenScape, System Description
9-1
5350conndw.fm
Connectivity
Network Infrastructure Requirements
9.2
>
9.2.1
Component
Type/Edition/Company
Base Server
Version
V1.0
Siemens
V1.0
Siemens
V1.0
V1.0
.Net Framework
Microsoft
1.1
Sun
v1.4.1
Standard Edition or
Enterprise Edition
Microsoft
Table 9-1
>
9.2.2
Component
Tested Edition
Professional edition
Professional edition
Table 9-2
Version
9-2
5350conndw.fm
9.2.3
Connectivity
Network Infrastructure Requirements
Component
Type/Edition/Company
Version
V1.0
.Net Framework
Microsoft
Microsoft
9.2.4
MCU
Component
Type/Edition/Company
OpenScape MCU
Version
V1.0
Standard Edition or
Enterprise Edition
RTM
MS .Net Framework
Microsoft
1.1
Microsoft
Table 9-4
9.2.5
Media Server
Refer to the ComResponse for OpenScape V1.0 Installation Guide for the correct versions.
Component
Type/Edition/Company
OpenScape ComResponse
Version
2.03.02.00
Standard Edition
Internet Explorer
Microsoft
IE 6.0+SP1
Siemens
V1.0
MS .Net Framework
Microsoft
V1.0 + SP2
Sun
V1.4.1
ScanSoft
V2.0
SAPI 4.0a
Microsoft
V4.0a
Table 9-5
9-3
5350conndw.fm
Connectivity
Network Infrastructure Requirements
MediaInterface
Dresden GmbH
v1.01
IE Web Controls
Microsoft
v1.0.3705.0
MDAC
Microsoft
2.70.9001.0
Microsoft
2000 + SP2
Microsoft
1.1.965.0
Microsoft
Hotfix 7
Mobile Toolkit
Microsoft
1.0.2506
Table 9-5
9.2.6
End Points
Component
Type/Edition/Company
Version
optiPoint 400
SIP phone
V3.0
Windows Messenger
Microsoft
V5.0
9-4
5350conndw.fm
9.3
Connectivity
Deployment Scenarios
Deployment Scenarios
The network topology at a customer site is the responsibility of the customers IT organization.
This section outlines the supported scenarios for the system and identifies some key factors
for the main components.
This section describes four scenarios supported by OpenScape V1.0:
Single domain - all components and users are in a single child domain
Multiple domains - components and users are distributed across multiple domains
There are two key principles that need to be satisfied by any topology for OpenScape to be
functional. These are:
The root domain contains a master Active Directory. A domain controller of each domain in the
domain hierarchy contains a partial copy of Active Directory. This copy contains the configuration and schema partitions containing information about the entire forest. The copy also contains a domain partition with information on all objects and attributes within that domain. A domain controller in each domain must also contain the Global Catalog which contains a full
replica of its own domain objects as well as a partial replica of all other domain objects in the
forest. Thus, some contact information (i.e. username and address) about all users in the forest
is available to the system.
Microsoft allows for multiple RTC Servers to be installed in multiple domains in the forest; however, OpenScape restricts this topology by requiring a single RTC Server per OpenScape system. So for users to be considered as members of a particular OpenScape system, they need
to be registered with an appropriate RTC Server.
In the sections that follow, the four scenarios (topologies) are discussed. For all these, the Exchange Server is denoted as being in its own separate domain because its actual physical location need not be co-located with the OpenScape system.
All the figures show an organization siteA.com and its forest forest1.siteA.com. The root domain of the forest root.forest1.siteA.com contains the master Active Directory, domain controllers and a Global Catalog.
The figures show the locations of the OpenScape Systems (OS1, OS2) and the RTC Home
Servers (RTC HS1, RTC HS2). Other RTC Servers may exist in the same domain whose users
are not OpenScape (OS) users.
A31003-S5010-A400-1-7618, Preliminary July 25, 2003
OpenScape, System Description
9-5
5350conndw.fm
Connectivity
Deployment Scenarios
O
pe
n
Sc
a
pe
Main Server
MCU Server
OpenScape
Management Console
MCU MC
Application
OpenScape Application
MCU MP
Application
OpenScape Base
OpenScape Base
MS IIS
Windows Server
2003
Windows 2000
Server + SP3
OMC
Administration
Client
OpenScape Base
Active
Directory
Exchange
2000
Windows Server
2003 or Windows
2000 Server
Windows 2000
Server
OpenScape Base
MS IIS
MSDE, MDAC
RTC
OpenScape Management
Console
Exchange
Server
ComResponse
Application
JAVA Runtime
Windows Server
2003
Domain
Controller
JAVA Runtime
OS
Required Infrastructure
Media Server
(ComResponse)
OpenScape Client
Plugin
SIP Gateway
Windows 2000
or XP Pro
The minimum configuration has three servers: the OpenScape Server, MCU Server and Media
Server.
The MCU Server contains the MC and up to four MPs. The minimum configuration is one server
containing one MC and one MP. An additional 3 servers each containing one MP is possible.
The 3rd Party SIP Gateway is connected to the OpenScape System.
>
9-6
5350conndw.fm
Connectivity
Deployment Scenarios
OpenScape System
O
pe
n
Sc
a
pe
Main Server
MCU Server
OpenScape
Management Console
MCU MC
Application
OpenScape Application
OpenScape Base
Required Infrastructure
Media Server
(ComResponse)
Exchange
2000
Windows Server
2003 or Windows
2000 Server
Windows 2000
Server
MS IIS
MSDE, MDAC
MS IIS
RTC Server
Active
Directory
OpenScape Base
JAVA Runtime
Windows Server
2003
Exchange
Server
ComResponse
Application
MCU MP
Application
OpenScape Base
JAVA Runtime
OS
Domain
Controller
Windows Server
2003
Windows 2000
Server + SP3
MS SQL
Server
O
pe
n
Sc
a
pe
OpenScape Base
Infrastructure
OS
OpenScape Base
RTC
MS-SQL Server
2000
Windows Server
2003
Windows Server
2003 or Windows
2000 Server
OMC
Administration
Client
OpenScape
User Clients
OpenScape Management
Console
OpenScape Base
SIP Gateway
Windows 2000
or XP Pro
9.3.1
OpenScape Users
OpenScape Client
Plugin
SIP Phones
Windows 2000
or XP Pro
RTC/OpenScape may only be installed in child domains, Microsoft specifically recommends against installing RTC Server in a root or grandchild domain.
9-7
5350conndw.fm
Connectivity
Deployment Scenarios
All users registered to a single OpenScape system must be members of domains within a
single forest.
Users registered to a single OpenScape may be in multiple domains as long as they on are
on the same Active Directory and share the same Exchange and can register with the RTC
server.
Firewall SupportConnectivity with firewalls between network components is not supported. However, the remote access feature RSA-SecureID is supported. Refer to Chapter 8,
Security for more details.
Exchange 2000 All users must use Microsoft Exchange 2000 as their primary mail and
calendaring server.
Client Operating System All users must have Microsoft Windows XP or Windows 2000
installed as their client operating system.
However, there are limitations with Windows 2000. Windows Messenger has reduced features: no echo cancellation, no white boarding, application sharing, or video. In addition,
versions of Windows earlier than Windows XP do not support Universal Plug and Play (UPnP)-aware Network Address Translation (NAT) or firewall transversal.
Outlook 2000 All users must use Microsoft Outlook 2000 as their primary mail client.
IE 5.0 or later All users must have Microsoft Internet Explorer 5.0 or later installed.
Windows Messenger 5.5 All users must have Microsoft Windows Messenger 5.5 or later
installed.
9-8
5350conndw.fm
Connectivity
Deployment Scenarios
Separate SQL Server 2000 instance - OpenScape will use the customers existing MS SQL
Server if the prerequisites for version and storage space are met. OpenScape requires one
dedicated instance of SQL running on the MS SQL Server.
>
This instance cannot be shared with other applications. OpenScape installation will
prompt the user for this named instance of SQL. If it does not exist, then create a
dedicated instance before continuing the OpenScape installation. The installation of
MS SQL Server remains the responsibility of the customer.
9-9
5350conndw.fm
Connectivity
Deployment Scenarios
9.3.2
Single Domain
The simplest scenario has the entire OpenScape System and associated users in one domain.
siteA.com
DC - Domain Controller
GC - Global Catalog
forest1.siteA.com
root.forest1.siteA.com
DC
GC
domain2.root.forest1.siteA.com
domain1.root.forest1.siteA.com
DC
DC
Figure 9-1
GC
Exchange
2000
Single Domain
Here four users are shown belonging to the child domain domain1. There is one OpenScape
system (OS1) with one RTC Server (RTC HS1) installed on the OpenScape Home Server. Inside OS1 is the OS Home Server (which contains MS SQL and RTC HS1), MCU Server and
Media Server.
9-10
5350conndw.fm
Connectivity
Deployment Scenarios
>
It is also possible in this scenario to have several parallel and independent OpenScape installations each with one RTC server.
9.3.3
Multiple Domain
Here users exist across domains though associated with a particular OpenScape system.
siteA.com
DC - Domain Controller
GC - Global Catalog
forest1.siteA.com
root.forest1.siteA.com
DC
GC
domain2.root.forest1.siteA.com
domain2.root.forest1.siteA.com
domain1.root.forest1.siteA.com
DC
GC
DC
user1, user2, user3, user4
w/SIP phone
GC
Exchange
2000
domain3.root.forest1.siteA.com
DC
Remote access
for user5
Figure 9-2
VPN
Multiple Domain
9-11
5350conndw.fm
Connectivity
Deployment Scenarios
Here four users are shown belonging to the child domain domain1, with an additional three users belonging to domain3. There is one OpenScape system (OS1) with one RTC Server (RTC
HS1) installed on the OpenScape Home Server in domain1.
For each OpenScape system, the contact list can only contain buddies within same OS
system.
There is an implicit trust between the peer domains domain1 and domain3. Microsoft recommends the explicit creation of a 2-way trust between the peer domains for performance reasons. This may be done via domain administration.
Users user5, user6 and user7 are configured in Active Directory as belonging to
domain3.root.forest1.siteA.com via domain administration.
NOTE: Users may access the system from a remote location via VPN. In this situation, the user
is effectively logging into the local domain. This type of access is possible in any of the supported scenarios.
9.3.4
Here multiple OpenScape systems co-exist in one site. In this scenario, as long as the OpenScape and RTC requirements are met, many OpenScape systems may exist within one forest.
OpenScape systems in separate forests would follow the Single or Multiple Domain scenarios.
9-12
5350conndw.fm
Connectivity
Deployment Scenarios
siteA.com
DC - Domain Controller
GC - Global Catalog
forest1.siteA.com
root.forest1.siteA.com
DC
GC
domain2.root.forest1.siteA.com
domain1.root.forest1.siteA.com
domain2.root.forest1.siteA.com
DC
DC
GC
GC
Exchange
2000
2-way trust
domain3.root.forest1.siteA.com
DC
2-way trust
DC
GC
user8, user9, user10, user11
OpenScape System OS2
Figure 9-3
9-13
5350conndw.fm
Connectivity
Deployment Scenarios
Here four users are shown belonging to child domain domain1, three users to domain3 and
an additional four users to domain4. There are two OpenScape systems (OS1 and OS2) each
with one RTC Server (RTC HS1, RTC HS2) installed on their OpenScape Home Server. The
two OpenScape systems are in two separate domains.
If the OpenScape systems are installed in a multiple server configuration, it is possible to locate
the MS SQL Server on a separate machine. However, each OpenScape system must refer to
one and only one instance of the database server. There may be multiple instances of SQL
Server on the same machine.
There is an implicit trust between the peer domains domain1 and domain3 and between peer
domains domain3 and domain4. Microsoft recommends the explicit creation of a 2-way trust
between the peer domains for performance reasons. This may be done via domain administration.
Users user1 through user4 are configured with RTC HS1 as their home server by RTC
administration.
Users user8 through user11 are configured with RTC HS2 as their home server by RTC
administration.
Users user5, user 6 and user7 can be assigned to either RTC HS1 or RTC HS2 as their
home server by RTC administration but not to both. For example, user5 to RTC HS1 and
user6 and user7 to RTC HS2.
Users user1 through user5 are configured as OS1 users and users user6 through user11
are configured as OS2 users by OpenScape administration.
9.3.5
Here multiple OpenScape systems co-exist in one site and in one domain. Similarly, in this scenario, as long as the OpenScape and RTC requirements are met, there may be multiple OpenScape systems within one domain.
9-14
5350conndw.fm
Connectivity
Deployment Scenarios
siteA.com
DC - Domain Controller
GC - Global Catalog
forest1.siteA.com
root.forest1.siteA.com
DC
GC
domain2.root.forest1.siteA.com
domain2.root.forest1.siteA.com
domain3.root.forest1.siteA.com
DC
DC
GC
Exchange
2000
2-way trust
domain1.root.forest1.siteA.com
DC
GC
user1, user2, user3,
user4
OpenScape System OS1
Figure 9-4
9-15
5350conndw.fm
Connectivity
Deployment Scenarios
Here eight users are shown belonging to child domain domain1 and three users to domain3.
There are two OpenScape systems (OS1 and OS2) each with one RTC Server (RTC HS1, RTC
HS2) installed on their OpenScape Home Server. The two OpenScape systems are in the
same domain.
If the OpenScape systems are installed in a multiple server configuration, it is possible to locate
the MS SQL Server on a separate machine. However, each OpenScape system must refer to
one and only one instance of the database server. There may be multiple instances of SQL
Server on the same machine.
There is an implicit trust between the peer domains domain1 and domain3. Microsoft recommends the explicit creation of a 2-way trust between the peer domains for performance reasons. This may be done via domain administration.
Users user1 through user4 and user8 through user11 are configured in Active Directory
as belonging to domain1.root.forest1.siteA.com via domain administration.
Users user1 through user4 are configured with RTC HS1 as their home server by RTC
administration.
Users user8 through user11 are configured with RTC HS2 as their home server by RTC
administration.
Users user5, user 6 and user7 can be assigned to either RTC HS1 or RTC HS2 as their
home server by RTC administration but not to both. For example, user5 to RTC HS1 and
user6 and user7 to RTC HS2.
Users user1 through user5 are configured as OS1 users and users user6 through user11
are configured as OS2 users by OpenScape administration.
9-16
5350conndw.fm
9.3.6
Connectivity
Deployment Scenarios
In this scenario, OpenScape V1.0 supports a redirecting front-end RTC server. Microsoft does
not support a proxying front-end RTC server.
This front-end RTC server is located in the same domain where OpenScape resides. Essentially, this server overlays onto any of the 4 supported scenarios.This server acts as a load balancer to redirect traffic. Also, this server does not home anyone.
The home servers only service the users that are homed to it. These servers do not provide
any redirect services, as the front-end server does that. Once a user discovers the address of
their home server from the front-end server, it no longer needs to communicate with the frontend server until the users DNS cache expires.
siteA.com
DC - Domain Controller
GC - Global Catalog
forest1.siteA.com
root.forest1.siteA.com
Front-End
Server
DC
GC
domain2.root.forest1.siteA.com
domain1.root.forest1.siteA.com
DC
DC
Figure 9-5
GC
Exchange
2000
9-17
5350conndw.fm
Connectivity
Mix of OpenScape and non-OpenScape RTC Users
9.4
PUT INTO SEPARATE CHAPTER - GREG KAISER ACTION ITEM TO DEFINE VARIOUS
ENDPOINTS, FEATURES, CAPABILITIES, CONSTRAINTS, ETC.
notes after meeting w/Randy Wuerfel:
RTC recognizes EITHER numbers or name to route calls to users (i.e. RTC users have only
one address). OS recognizes numbers AND names to route calls to users.
SIP gateways should be connected to RTC server w/OS thus incoming calls to OS users with
numbers can be mapped to OS user names in this server; if number does not reside here, then
it must be defined in AD to route call to an RTC user that has only number configured for that
user. If SIP gateway is connected to an RTC server w/o OS, then incoming calls can only be
connected to users defined with a number that match.
Randys feeling is that people have mis-interpreted this section.
Two viewpoints on what features are supported between a call with OS user and non-OS user:
A) Invoking features from a SIP device:
Windows Messenger - whatever features supported from either OS user or non-OS user (i.e.
add video, drop call)
SIP phones - any feature supported on that SIP Phone from either OS user or non-OS user
B) Portals - obviously not supported by non-OS user; from OS user, all 4 buttons available (i.e.
hold, add, transfer and drop)
WebEx - Ask Padma G.
Document sharing - Ask Padma.
The key to remember is all users are under one forest (unless making simple offnet calls or conferencing offnet users) regardless of the number of RTC users deployed throughout the forest/
trees.
-------------------------------------------------------------------------------------------------------comment from Dave: KEY ISSUES ARE DOCUMENT THE CAPABILITIES/LIMITATIONS OF
WHAT OS USERS CAN DO WITH NON-OS USERS (AND VICE-VERSA); MORE IMPORTANTLY NEED TO GET DEVELOPMENT TPL APPROVAL AS TO WHAT HAS BEEN VERIFIED TO WORK BEYOND THE EXPECTED - VOICE, VIDEO AND IM. I have left the comments in from previous review below; however, I have changed the section on deployment
scenarios to match those that are in Biankas installation document.
The mixed OpenScape scenarios are typical of the environment seen when the RTC server is
used for Presence and Instant Messaging (IM) and possibly voice communications and OpenScape is added for individual groups within the enterprise.
9-18
5350conndw.fm
Connectivity
Mix of OpenScape and non-OpenScape RTC Users
In this environment:
OpenScape userscan put other OpenScape users on their OpenScape contact list and
have full access to all OpenScape features for all communications they receive or initiate.
They can place OpenScape and non-OpenScape users on the contact list of Windows
Messenger or an IP phone and can communicate with them using voice, video and IM.
Non-OpenScape RTC userscan have OpenScape users on their contact lists and communicate with them using voice, video, and IM.
9.4.1
In a mixed OpenScape user environment it is possible to set up a separate RTC server to host
the OpenScape users. This is shown in Figure 9-6. This is the preferred deployment option for
OpenScape in a mixed environment. This configuration ensures that the processing required
to support the non-OpenScape users does not impact the processing needed to ensure good
response for the OpenScape users.
In this configuration, the non-OpenScape users are not able to contact the OpenScape users
using an alternate address such as a phone number. They are required to use a SIP URI instead. When installing the new RTC server for the OpenScape users it is necessary to set up
the routing information that the RTC server needs to identify the server that is hosting a particular RTC user.
Mixed OpenScape and non-OpenScape Users
RTC Server A
Figure 9-6
RTC Server +
OpenScape
9-19
5350conndw.fm
Connectivity
Mix of OpenScape and non-OpenScape RTC Users
9.4.2
In a mixed OpenScape user environment it is possible to add the OpenScape applications and
OpenScape users to an existing RTC server that is hosting non-OpenScape RTC users. This
is shown in Figure 9-7. This configuration simplifies the RTC routing requirements. It may also
reduce the hardware cost if the existing RTC server has enough excess capacity.
In this configuration the non-OpenScape users are able to contact the OpenScape users using
an alternate address such as a phone number.
Mixed OpenScape and non-OpenScape Users
RTC Server +
OpenScape
OpenScape Users
RTC Us-
Figure 9-7
9.4.3
Large enterprises may have a network of RTC servers used to provide communications services to a large set of SIP users. It is possible to install one or more OpenScape applications in
such a network. Each OpenScape application serves a separate set of OpenScape users. It
also has a separate management/fault reporting interface. This is shown in Figure 9-8.
In this environment:
OpenScape userscan put other OpenScape users on their OpenScape contact list and
have full access to all OpenScape features for all communications they receive or initiate.
They can place OpenScape and non-OpenScape users on the contact list of Windows
Messenger or an IP phone and can communicate with them using voice, video and IM
Non-OpenScape RTC userscan have OpenScape users on their contact lists and communicate with them using voice, video and IM.
9-20
5350conndw.fm
Connectivity
Mix of OpenScape and non-OpenScape RTC Users
In this configuration the non-OpenScape users be able to contact OpenScape users using an
alternate address such as a phone number only if they are hosted on the same RTC server as
the OpenScape user. OpenScape users are not able to contact OpenScape users on other
servers using an alternate address such as a phone number.
Network of OpenScape and non-OpenScape Users
RTC Server A +
OpenScape
RTC Server B
RTC Server
OpenScape
RTC B Users
OpenScape A
Users
Figure 9-8
RTC A Users
C +
9-21
5350conndw.fm
Connectivity
Mix of OpenScape and non-OpenScape RTC Users
9-22
10
5350phone.fm
SIP Phones and Gateways
optiPoint 400 standard SIP V3.0
This chapter describes the SIP phones and gateways that work with OpenScape.
10.1
This Siemens IP telephone uses SIP for connections to Voice-over-IP communications systems.
The hardware dependent features include:
Integrated mini-switch
The only limitation is that there is no automatic or preconfigured association of a telephone with
a specific PC or office location. Therefore in the hot-desking scenario, the user will have to log
onto both devices. The user will not be able to logon to his SIP device.
For more information on the optiPoint 400 standard V3.0, refer to:
http://www.siemensenterprise.com/prod_sol_serv/products/workpoint_clients/optipoint/
service_user_guide.shtml
10.2
OpenScape v1.0 is based on the SIP protocol standard and the Microsoft RTC platform. As
such, any SIP phone that is interoperable with Microsoft RTC should also interoperate with
OpenScape v1.0. Specifically, Cisco 7960 and Pingtel Xpressa phones will be tested for interoperability with OpenScape v1.0 as soon as RTC-compliant versions of these phones are
available.
10-1
5350phone.fm
10.2.1
Third-party Gateways
OpenScape V1 requires a SIP media gateway in order to connect to the time-division-multiplexing (TDM) world such as the PSTN and PBX systems. Such gateways must meet the following
criteria:
Be able to operate in standalone mode, that is, not require the gateway vendors softswitch, proxy server, etc.
The third party SIP gateways listed in Table 10-1 have been tested and recommended to be
deployed with OpenScape V1:
Vendor
Product Name
Analog/Digital
Num
Ports
Region
VegaStream*
Vega50
Analog
U.S.
VegaStream*
Vega50
BRI
4 spans
IM
VegaStream*
Vega100
T1/E1
1-60
spans
U.S./IM
Cisco
2620
T1/E1
Table 10-1
*
10-2
5350glossary.fm
Siemens Internal Use Only
Glossary
Glossary
A
Active Directory
See Microsoft Active Directory.
American Standard Code for Information Interchange (ASCII)
The most common format for text files in computers and on the Internet. In an ASCII file,
each alphabetic, numeric, or special character is represented with a 7-bit binary number (a
string of seven 0s or 1s). 128 possible characters are defined.
API
See Application Programming Interface
Application Programming Interface (API)
The specific method prescribed by a computer operating system or by an application program by which a programmer writing an application program can make requests of the operating system or another application.
ASCII
See American Standard Code for Information Interchange.
B
B2BUA
See Back-to-Back User Agent
Back-to-Back User Agent (B2BUA)
A SIP-based logical entity that can receive and process INVITE messages as a SIP User
Agent Server (UAS). It also acts as a SIP User Agent Client (UAC) that determines how
the request should be answered and how to initiate outbound calls. Unlike a SIP proxy
server, the B2BUA maintains complete call state and participates in all call requests.
C
Collaboration Group
The people who belong to or have access to the collaboration session and its data form a
collaboration group.
Communications Broker
Collection of interfaces and adapting layers enabling communications in an open environment.
X-1
5350glossary.fm
Glossary
D
DHCP
See Dynamic Host Configuration Protocol.
DNS
See Domain Name System.
Domain Name System (DNS)
The way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember "handle" for an Internet
address.
DTMF
See Dual-tone Multifrequency.
Dual-Tone Multifrequency (DTMF)
The signal to the phone company that you generate when you press an ordinary telephone's touch keys.
Dynamic Host Configuration Protocol (DHCP)
A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network. Using the Internet Protocol, each machine that can connect to the Internet needs a unique IP
address.
X-2
5350glossary.fm
Siemens Internal Use Only
Glossary
E
Enterprise Resource Planning (ERP)
An industry term for the broad set of activities supported by multi-module application software that helps a manufacturer or other business manage the important parts of its business, including product planning, parts purchasing, maintaining inventories, interacting
with suppliers, providing customer service, and tracking orders.
ERP
See Enterprise Resource Planning.
H
H.323
One of the first and most popular protocols for handling multimedia communications over
IP networks. In recent times H.323 has fallen out of favor with many vendors and customer
due to its complexity in implementation.
I
IIS
See Internet Information Server.
Internet Information Server (IIS)
A group of internet servers (including a Web or Hypertext Transfer Protocol server and a
File Transfer Protocol server) with additional capabilities for Microsoft's Windows NT and
Windows 2000 Server operating systems.
Integrated Services Digital Network (ISDN)
A system of digital phone connections that allows data to be transmitted simultaneously
across the world using end-to-end digital connectivity.
Intelligent Reach
The OpenScape feature that provides presence status of members of a users contact list.
Internet Protocol (IP)
The method or protocol by which data is sent from one computer to another on the Internet.
Internet Security and Acceleration (ISA)
The successor to Microsoft's Proxy Server 2.0 and part of Microsoft's .NET support. ISA
Server provides the two basic services of an enterprise firewall and a Web proxy/cache
server.
IP
See Internet Protocol.
X-3
5350glossary.fm
Glossary
IpSec
A protocol for negotiating encryption and authentication at the IP (host-to-host) level.
ISA
See Internet Security and Acceleration
ISDN
See Integrated Services Digital Network.
J
J2EE
See JAVA 2 Enterprise Edition.
JAVA 2 Enterprise Edition (J2EE)
A web services programming language. J2EE is the standard used by IBM to support their
WebSphere e-business applications.
K
KDC
See Key Distribution Center.
Kerberos
A secure method for authenticating a request for service in a computer network; the users
password does not have to pass through the network.
Key Distribution Center
A domain service that runs on each Windows 2000 domain and provides Authentication
Service and Ticket Granting Service.
Knowledge Manager
An OpenScape architecture component that
M
MCU
See Multi-channel Conferencing Unit.
Megaco
Media Gateway Control Protocol (MGCP), also known as H.248 and Megaco, is a standard
protocol for handling the signaling and session management needed during a multimedia
conference. The protocol defines a means of communication between a media gateway,
which converts data from the format required for a circuit-switched network to that required
for a packet-switched network and the media gateway controller.
X-4
5350glossary.fm
Siemens Internal Use Only
Glossary
MGCP/Megaco/H.248
A protocol designed for the carrier side of VoIP, to handle the integration of circuit-switched
carrier SS7 systems with new carrier-class VoIP systems.
Microsoft Active Directory
A component of Windows 2000 architecture, Active Directory presents organizations with
a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and
users while acting as the central authority for network security. In addition to providing comprehensive directory services to a Windows environment, Active Directory is designed to
be a consolidation point for isolating, migrating, centrally managing, and reducing the number of directories that companies require.
Microsoft Management Console (MMC)
An application that provides a graphical-user interface (GUI) and a programming framework in which consoles (collections of administrative tools) can be created, saved, and
opened.
MMC
See Microsoft Management Console
Multi-Channel Conferencing Unit (MCU)
Provides users the ability to set up ad hoc voice, data, or multimedia conferencing sessions.
O
OMC
See OpenScape Management Console.
OpenScape Management Console (OMC)
The administration interface for OpenScape.
P
PBX
See Private Branch Exchange.
PCTN
See Public Cellular Telephone Network.
Private Branch Exchange (PBX)
Avtelephone system within an enterprise that switches calls between enterprise users on
local lines while allowing all users to share a certain number of external phone lines.
PSTN
See Public Switched Telephone Network.
A31003-S5010-A400-1-7618, Preliminary July 25, 2003
OpenScape, System Description
X-5
5350glossary.fm
Glossary
Q
QSig
A global signalling system for corporate networks.
QoS
See Quality of Service.
Quality of Service (QoS)
The idea that transmission rates, error rates, and other characteristics can be measured,
improved, and, to some extent, guaranteed in advance. QoS is of particular concern for the
continuous transmission of high-bandwidth video and multimedia information.
R
Real-time Communications
RTC
See Real-time Communications.
S
SALT
See Speech Application Language Tags.
SDK
See Software Development Kit.
Self-Service Portal
Provides access to OpenScape features for callers.
Session Initiation Protocol (SIP)
Signaling protocol defined by the IETF for handling multimedia communications over IP
networks.
X-6
5350glossary.fm
Siemens Internal Use Only
Glossary
X-7
5350glossary.fm
Glossary
T
TCP
See Transmission Control Protocol.
TDM
See Time-Division Multiplexing
TGT
See Ticket Granting Ticket.
Ticket Granting Ticket (TGT)
Part of the Kerberos Version 5 IETF standard protocol that provides user authentication.
Time-division multiplexing (TDM)
A method of putting multiple data streams in a single signal by separating the signal into
many segments, each having a very short duration. Each individual data stream is reassembled at the receiving end based on the timing.
TLS
See Transport Layer Security.
Transmission Control Protocol (TCP)
A set of rules (protocol) used along with the Internet Protocol (IP) to send data in the form
of message units between computers over the Internet. While IP takes care of handling the
actual delivery of the data, TCP takes care of keeping track of the individual units of data
(called packets) that a message is divided into for efficient routing
Transport Layer Security
A protocol that ensures privacy between communicating applications and their users on
the Internet. When a server and client communicate, TLS ensures that no third party may
eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer
(SSL).
U
User Notification Service
The architecture component that provides a mechanism for sending a notification message
to users.
V
Voice Portal
Provides voice (telephone) access to OpenScape features.
X-8
5350glossary.fm
Siemens Internal Use Only
Glossary
W
Web Telephony Engine (WTE)
A run-time engine in Windows 2000 that uses HTML to enable the use of standard web
authoring tools to create a variety of telephony solutions, such as Interactive Voice Response (IVR), voice mail, automatic call distribution, and call centers.
Word Web
The OpenScape feature that allows users to create a document using Microsoft Word 2000
that can be saved as HTML and used as a voice application.
Windows Management Instrumentation (WMI)
Microsoft's implementation of Web-Based Enterprise Management (WBEM) technology.
WBEM is a standard that the Distributed Management Task Force (DMTFan industry
consortium) defines. The WBEM standard encompasses the design of an extensible enterprise data-collection and management facility that has the flexibility and extensibility required to manage local and remote systems that comprise arbitrary components.
Windows Scripting Host (WSH)
A Windows administration tool that creates an environment for hosting scripts. That is,
when a script arrives at your computer, WSH plays the part of the host it makes objects
and services available for the script and provides a set of guidelines within which the script
is executed. Among other things, Windows Script Host manages security and invokes the
appropriate script engine
Workgroup Collaboration Portal
The part of the OpenScape user interface that allows users to manage collaboration sessions.
WMI
See Windows Management Instrumentation.
WSH
Windows Script Host
WTE
See Web Telephony Engine
X
XML
eXtensible Markup Language, a standard for the exchange of structured and networked
data on the Web. XML documents can define their own tags, providing outstanding flexibility. XML makes it easy to define, author and manage SGML-defined documents and
makes easy to share and transmit these documents.
X-9
5350glossary.fm
Glossary
X-10
5350SystemIX.fm
Index
Index
A
Active Directory, role of 2-7
administration interface 3-3
anonymous guest, definition 7-4
application programming interface (API) 2-8
appointments, scheduling from Self-Service
Portal 7-6
Assistant Engine 2-8
associated devices 4-8
B
Back-to-Back User Agent (B2BUA) 2-7
browser view of Personal Portal 4-1
C
calendar appointments, user checking by
phone 7-2
capacities 2-18
Communications Broker package 3-2
ComResponse administration tool 7-8
contact access through Self-Service Portal 74
contact guests for Self-Service Portal 7-5
contact information, reviewing through Voice
Portal 7-3
contact, password for using Self-Service Portal 7-4
contacts in OpenScape 4-3
contacts, communicating with 4-5
Context Data Record (XDR) Service 2-9
Context Manager 2-9
CSTA-3 events 2-8
D
data storage for work groups 2-8
default rules 5-11
deployment, typical 2-1
device management in OMC 3-6
devices, configuring 4-8
devices, registered and associated 2-7
A31003-S5010-A400-1-7618, Preliminary July 25, 2003
OpenScape, System Description
F
fault management 3-14
G
guest access to Self Service Portal 7-4
guests, contacts and anonymous 7-4
I
incoming calls, exceptions 5-5
incoming calls, possible actions 5-4, 5-7
incoming calls, rules for 5-3
incoming emails, actions 5-10
incoming emails, exceptions 5-11
incoming emails, rules for 5-10
incoming instant messages, exceptions 5-8
industry standard ECMA-323 2-8
installation of OpenScape 3-15
instant messages, rules for 5-6
interactive dialogs provided by Media Server
7-8
K
knowledge management reports 3-13
Knowledge Manager 2-8
L
language support 3-2
languages for OMC 3-3
languages for OpenScape 4-7
layouts for Personal Portal 4-8
licensing 3-2
Licensing Management function in OMC 314
M
management architecture 3-1
management console for OpenScape 3-3
MCU description 2-4
Z-1
5350SystemIX.fm
Index
N
notification to users 2-9
number of users supported 2-18
O
OMC 3-1
OpenScape dependencies on RTC 2-7
OpenScape features on RTC server 2-3
OpenScape interaction with Media Server 78
OpenScape management 3-1
OpenScape Management Console 3-3
OpenScape user package 3-2
options that can be purchased 3-2
optiPoint 400 standard SIP V3.0 10-1
outgoing calls, exceptions 5-6
outgoing calls, possible actions 5-5
outgoing calls, rules for 5-5
outgoing instant messages, exceptions 5-9
outgoing instant messages, possible actions
5-9
outgoing instant messages, rules for 5-9
Outlook and Exchange Server, interaction
with OpenScape 7-12
Outlook Contacts, configuration of 7-12
Z-2
P
password for Self-Service Portal 7-4
Personal Portal 4-1
My Calls 4-4
My Preferred Phone 4-4
My Status 4-3
My Work Groups 4-6
MyStatus 4-3
Personal Portal in Outlook 4-2
Personal Productivity Package 3-2
phone access for OpenScape users 7-1
phone favorites in Voice Portal 7-3
Pre-defined Outlook folders 7-12
predefined statuses for users 4-3
preferred phone 4-4
presence and availability of users 2-9
presence model 2-9
product structure 3-2
purchasable options 3-2
R
Real-Time Communications (RTC) Server 21
registered devices 4-8
reports on knowledge management 3-13
Resource Monitor in OMC 3-13
Routing Dispatcher 2-7
RTC server, capabilities 2-3
rules for incoming calls 5-3
rules for incoming emails 5-10
rules for incoming instant messages 5-6
rules for outgoing calls 5-5
rules for outgoing instant messages 5-9
Rules Wizard, 5-1
rules, default 5-11
S
Self-Service Portal 7-4
Self-Service Portal and Media Server 7-8
servers that comprise OpenScape 2-1
Session Initiation Protocal (SIP) proxy and
registrar functions 2-3
A31003-S5010-A400-1-7618, Preliminary July 25, 2003
OpenScape, System Description
5350SystemIX.fm
Siemens Internal Use Only
Index
T
tex-to-speech licenses 3-2
third-party gateways 10-2
typical deployment 2-1
U
User Notification Service 2-9
user status 4-3
users, number supported 2-18
V
Virtual Assistant 2-7
voice and email messages, listening 7-1
voice conferencing sessions, number of 3-2
voice conferencing sessions, number supported 3-2
voice messages, creating and deleting 7-2
Voice Portal 7-1
W
Windows Messenger view of Personal Portal
4-2
Windows RTC Server 2003 2-3
work groups 2-8
Workgroup Assistant 2-8
Workgroup Collaboration Package 3-2
Workgroup Portal 6-1
Workgroup properties 6-3
Z-3
5350SystemIX.fm
Index
Z-4