Nortel Networks NN44470-100 Remote Desktop Protocol, Application Administrator AA, Logon banners

Page 28

- 28 -

MAS administration and security

Application Administrator (AA)

The Application Administrator (AA) performs administrative functions that relate to the operation of applications on the MAS system, and can perform all operations within the MAS Console. The Application Administrator can install MAS software patches, but cannot access Event Viewer Security Logs.

Logon banners

A logon banner is a message screen that is displayed to users before a logon to the system is attempted.

The logon banner does the following:

informs users that they are logging onto a secure and private system, and warns unauthorized users that unless they are authorized they should not proceed.

warns both authorized and unauthorized users that they are subject to monitoring to detect unauthorized use.

A logon banner can be displayed to users before the login screen for the MAS platform is displayed. Using a logon banner is optional. The banner title and text values can be configured to display information for the system. The logon banner is configured with default values when system is installed. After installation, the customer is responsible for modifying the logon banner settings if the default banner is not sufficient for their system.

Remote Desktop Protocol

Existing administrative access to the MAS is accomplished using the Microsoft Remote Desktop Connection Client. This client is based on the Remote Desktop Protocol (RDP) that provides for separate virtual channels. IPSEC policy (with preshared key) is used to secure RDP. The RDP feature for MAS 6.0 for AS 5300 continues to leverage IPSEC policy, however replaces the preshared key with a TLS certificate (PKCS-12 format).

The following requirements apply to the MAS 6.0 for AS 5300 release:

Management access control is restricted to a limited number of authorized IP addresses. The number of IP addresses must be equal to or less than the number of network administrators. A valid username and password is required for access to the MAS.

A timeout feature, set to 15 minutes, is used to disconnect idle connections.

Management ports that receive three consecutive failed logon attempts are unavailable for at least 60 seconds (port 3389 for RDP).

Network connected management ports drop a connection or session that is interrupted for any reason within 15 seconds.

Nortel Media Application Server 6.0 for AS 5300

Fundamentals

NN44470-100 01.01 Standard

Release 6.0 03 June 2008

Copyright © 2008, Nortel Networks

Image 28
Contents Fundamentals Page Contents Nortel MAS Console Features New in this releaseNavigation Other changesIntroduction MAS installation Architecture and supported hardware and softwareSystem architecture Network architectureSession controller Vxml browserSIP Multimedia Conductor Sipmc Multimedia ControllerMultimedia Content Store MAS installationIVR media processor Ivrmp Conference media processorOptions for MAS application deployment Application deployment options Music On HoldAnnouncements Unified CommunicationsMaintenance Releases Co-resident deploymentCo-resident Application Deployment including Meet Me Co-resident Application Deployment excluding Meet MePackaged application installation and licensing MAS commissioningAS 5300 commissioning for MAS Packaged applicationsMAS clusters Configuration dataOperational state Persistent content storage Controller Peer Ring SIP properties SIP signalingSIP domains SIP accounts SIP trusted nodesSIP routes SIP proxy serversMedia conferencing SIP registrar serversBasic conferencing algorithm Premium conferencing algorithmMixing different codecs Media settings Audio codecsVideo codecs Digit relayQuality of Service ConferencingQoS properties Property Description Directory provider Continuous streamingRSS provider RSS 2.0 sample document MAS administration and security Access security setupUser accounts Security Auditor SARemote Desktop Protocol Application Administrator AALogon banners Ipsec configuration Security toolsCertificate management File system integrity and the fcheck toolAutomatic and manual backups Service and configuration data backupService data Service data Content Store data Backup of configuration dataRestrictions Backups System maintenanceEvent logs MAS performance management Fault management architecture MAS fault managementPolling management data Snmp management Supported MIBsSyslog Event logsSecurity Logs Field DescriptionAlarms MAS Console security logsField Description Generic Nortel MAS Console Counters & GaugesNortel MAS Console IP InterfacesSignaling Media SettingsAdvanced Settings LoggingConfiguration properties Dialog boxesTranslation properties Translation Properties dialog box SIP domain properties SIP Domain Properties dialog boxSIP account properties SIP Trusted Nodes properties SIP route propertiesModify SIP Route dialog box Audio codec configuration Video codec configuration Video Codec Configuration dialog box Digit relay configuration Users properties User Properties dialog box Terminology Differentiated Services Code Point Dual-tone multi-frequencyManagement Information Base Media Application ServerRedundant Array of Independent Disks Session Description ProtocolSession Information Protocol Simple Network Management ProtocolUniversal Resource Indicator User Datagram ProtocolVideo codec Voice Extensible Markup LanguagePage Fundamentals