Nortel Networks NN10029-111 manual Security and Administration

Page 97

Nortel Networks Confidential

97

 

 

Security and Administration

How this chapter is organized

This chapter is organized as follows:

“Security” on page 97

“OAM&P strategy” on page 97

Security

The SIP Application Module with Back-to-Back User Agent functionality controls the Media Portal (Media NAT) over an MGCP-type protocol. The SIP Application Module ensures security of clients and the network in the following ways:

Uses MGCP+ to communicate with the Media Portal (over the private LAN) to control which ports are opened or closed.

All signaling traffic traverses the SIP Application Module. It is the only node to which clients terminate SIP signaling.

Hides address assigned by the Enterprise NAT from other users.

Helps maintain connection to clients through NAT and/or firewall by the keep-alive mechanism.

Provides client authentication.

Port 5060 is the only port required to be opened on the public interface.

The SIP Application Module is managed from the private LAN. A management interface is not available from the public interface.

OAM&P strategy

The Management Module performs the security and administrative functions for the SIP Application Module. For additional information on the Management Module, refer to the MCP Management Module Basics and the MCP System Management Console Basics documents.

Copyright © 2003, Nortel Networks

MCP SIP Application Module Basics

Page 96 Page 98
Image 97
Page 96 Page 98
Contents MCP SIP Application Module Page How this chapter is organized OverviewFunctional description OverviewAgent Client Internal Protocol Back-to-Back User Agent service UserANetwork configuration BiggerMart.com BigMart.comPublic network InterfacesProtocols PCPSQL Hardware Services and featuresRouting and Translation services Foreign termination Local termination Call Transfer serviceTelephony routing Relationship between Telephony routing stages SIP Aliases Multiple Route Termination Call Processing Language Interworking services Discriminator serviceService package enforcement Privacy Control serviceAuthentication services Bearer Path ControlConverged PC service Network/Address Hiding service Enterprise Clients Notification support Presence Instant MessagingVoicemail server interoperability and MWI Nortel Networks Confidential Overview Registration-static and dynamic Overload control Network address bookReliability and fault tolerance Manual failover OAM&P strategy Updating the SIP Application Module software UpgradesUpdating the Application Module from the menu tree Updating the SIP Application Module from the pull-down menu Load list for updating Progress of update Page Procedure 1 Clearing the SLE701 Slee Health Monitor alarm Alarm clearing proceduresProcedure 2 Clearing the SMDI101 alarm Configuration Configuration Nortel Networks Confidential Displaying help text Adding a component Procedure 1 Adding a componentAdding a component Configuration window top half Adding Services Progress dialog box Configuring the SIP Application Module tabs Field Value Description Application Server tab field descriptions Sheet 2Configuration Nortel Networks Confidential Nortel Networks Confidential Configuration Configuration Nortel Networks Confidential URL Configuration Nortel Networks Confidential Nortel Networks Confidential Configuration Configuration Nortel Networks Confidential Completing the Database Base tab fields DNS SRV Completing the Data Synchronization tab fields Locate User Svc tab field descriptions Sheet 2Configuration Nortel Networks Confidential Nortel Networks Confidential Configuration Configuration Nortel Networks Confidential Nortel Networks Confidential Configuration Completing the Local Accounting Manager tab fields Completing the In Memory Database tab fields Configuration Nortel Networks Confidential Memory Database tab field descriptions Sheet 2 Completing the Location Service tab fields Location Service tab field descriptions Sheet 2 Configuration Nortel Networks Confidential Nortel Networks Confidential Configuration Configuration Nortel Networks Confidential Nortel Networks Confidential Configuration Privatestaticaddress whose value Server.blade.host.label forCompleting the Server Subscription tab fields Addrsip Porthttp Portprotocol Nortel Networks Confidential Configuration Configuration Nortel Networks Confidential Nortel Networks Confidential Configuration Configuration Nortel Networks Confidential SipFwdAdapter tab field descriptions Sheet 2 Completing the Transport Management tab fields Nortel Networks Confidential Configuration Configuration Nortel Networks Confidential Nortel Networks Confidential Configuration Configuration Nortel Networks Confidential Nortel Networks Confidential Configuration Figure above Nortel Networks Confidential Configuration Transport Management tab subfields, cont’d Transport Management tab subfield descriptions Active-standby server group configuration Nortel Networks Confidential Configuration TCF Config details Additional SIP TCF Base tab configuration informationUDP/TCP/SSL Config values Parameter Value Description ExampleRetransmission Off parameter Invite Timer parameterTime Transaction parameter Add Defaults parameterCheck Mandatory Headers parameter Accounting management Page Performance management Page Security Security and AdministrationPage Voice plus video Appendix a Basic call flowsClient-to-client voice plus video diagram Application Client a Module Client B Client-to-client voice plus video call flowCall transfer Call transfer to client diagram Client a Client C Client BApplication Client a Module Client B Client C Call transfer blind to client call flowAppendix a Basic call flows Nortel Networks Confidential Failed call transfer call flow Appendix a Basic call flows Nortel Networks Confidential Authentication diagram AuthenticationApplication Client a Module Database Authentication call flowNortel Networks Confidential Appendix a Basic call flows Page Page Page Page MCP SIP Application Module
Top Page Image Contents