Candace Holman
<holman@post.harvard.edu> (March 2005, November 2004(November 2004)
Avaya
[name
Bruce Mazza and/or his department?] agagreed to help expand the Internet 2 SIP.edu
project by constructing an LDAP plugin, known as the Handle-Based Dialing feature, that performsed a similar
function to one that described in Columbia University’s SIP.edu deployment with
SER. The Handle-Based Dialing feature is expected to
become a feature of Avaya’s Converged Communications Server version 3.0 in
Spring 2005.
In order to map email
addresses to PBX extensions, a call that comes in to the Avaya SIP proxy will
first attempt to deliver it to one of its own provisioned stations. If there is no provisioned station, the call is eventually handed off to
the Avaya gateway connected by PRI to various other PBXs (traditional and IP-based).
In detail, when an inbound
SIP call is made to an unprovisioned SIP extension, the Avaya Converged
Communications Server (CCS), Avaya’s SIP proxy, passes control to the new LDAP plugin. The plugin converts the URI into an email address, looks it up in the LDAP directory, and returns
a directory number
that is converted
to a number-based SIP URI. (http://www.columbia.edu/acis/networks/advanced/sip.edu.html) and
explained in detail in the Directory Considerations section (url).
As the last step, the
number-based URI is routed
through an Avaya Communication Manager (CM) IP-PBX gateway over an ISDN
connection to either
an IP PBX or a
legacy PBX. The abstract architecture of the system is shown below.
In order to map email addresses to PBX extensions,
a call that comes in to the Avaya SIP proxy will first attempt to deliver it to
a registered station (check- is
it trying to deliver it to a registered or a recorded (but offline) station?). If the call cannot be delivered via the
Avaya proxy it is handed off to the Avaya gateway connected by PRI to our legacy 5ESS
PBX.
Some of the Avaya user
documentation is out of date and use of
this cookbook as a guide is recommended.
The hardest part was getting
console access and an administrative interface. There were several required passwords missing or wrong.
This documents covers the CCS
SIP implementation and assumes that an Avaya IP-PBX is already installed.
Traditionally, Avaya has
delivered a technician-assisted customer solution and guards configuration
options with special access passwords for their technicians or authorized resellers. The Avaya user documentation is only
beginning to come up to speed for self-maintaining customers, so use of this
cookbook as a guide is recommended. The
hardest part of the installation and configuration is getting console access
and an administrative interface. There
were also several required passwords missing from the documentation or listed incorrectly.
·
Configuring Avaya Converged Communications ServerReferences
from the Avaya web site include
·
Avaya SIP.edu LDAP Plugin
·
Configuring Avaya Communication Manager 2.1.1
·
Miscellaneous References for Harvard/Avaya SIP.edu
Special thanks to the
following people:
Harvard University
David Laporte, Patrick McEvilly – linux and network concepts
Jane Hill – directory concepts
Avaya
Bruce Mazza – project institution, project liaison
Michael West – developer, development liaison
Len Mahoney – technician, technical liaison
MIT
Dennis Baron – SIP.edu concepts,
directory concepts
The Avaya Converged
Communications Server (CCS) performs SIP proxy, registration, and redirection
functions. In this configuration guide,
CCS runs with the S8300 Media Server (a module in the gateway with Avaya Communication
Manager (CM) 2.0+ call processing
software) to provide features that are not standardized for SIP, such as SIP
and non-SIP endpoint interoperability and SIP and non-SIP gateway
interoperability. (true?) The Media Server is also known as a Primary Management Interface (PMI), a Communication Manager or a Media Gateway
Controller. The G350 gateway is known
as a Media Gateway and is a chassis that houses Avaya S8300 Media Server (the processor) and digital and analog
circuit boards.
This configuration guide
may be applicable
in other architectures that include CM s8500/s8700 or G650/G700 Media Gateways.
Both CCS and S8300 run on a
modified version of Red Hat Linux 8.0-8.
Updates to Red Hat Enterprise are scheduled for the CCS 3.1 release,
which is expected late 2005.
Although not
discussed in this write-up, some campuses may have other Avaya
hardware platforms running Communication Manager such as the S8500 or S8700 Media Servers with G650 or G700 Media Gateways that work in a similar fashion with CCS.
The CCS serves as a Home/Edge hybrid server and will process requests from both the internal domain as well as forward requests to external domains.
Avaya is expecting to release CCS 3.0 in Spring 2005 which will support the Handle-Based Dialing LDAP
plug-in as an optional feature, plus will add presence server capability, a personal user profile
manager via web access, support for the network-asserted identity header to help reduce voice spam, and new
SIP endpoints. Both CCS
and S8300 run on Red Hat Linux 8.0-8year
The CCS serves as a
Home/Edge hybrid server and will process requests from both the internal domain
as well as forward requests to external domains.
The hardware for the CCS proxy
server is an Avaya S8500
Media Server, which is based on an IBM x305IBM x305, as re-sold by Avaya. Since we are self-maintainers, and due to internal remote
access policies, we
chose to iIgnore any user manual comments about
adding an IBM RSA module or USB modem [todo - check]. In order for Avaya Services to provide remote support, a modem or secure IP access is necessary.
1. License and password files issued by Avaya representative and copied to the laptop to be used for installation/configuration. The file extensions are .lic and .pwd
2.
CDs
or files issued by Avaya representative: Avaya-packaged Linux, CCS 2.1-35 or higher, CM 2.1.1 with patch, or higher version of CM, and CM
2.1 Installer, or equivalent to arrive at CM version 2.1.1 or higher.
3.
DB9-connector
null modem cable
4. Laptop PC for console access, set with IP Address 192.11.13.5, Subnet Mask 255.255.255.252. Also need monitor, keyboard, mouse during installation.
5. Server needs: IP address, netmask, default gateway, hostname, domain, DNS server info
1. Configure Console (example is for Windows Hyperterminal)
a. Use serial cable/DB9 (aka null modem, or cross-connect C5 cable) connected from a laptop PC to the Avaya Services Port
b.
Configure serial port for 9600 (?) bits per
second, 8 data bits, no parity, 1 stop bit, hardware(?) flow control
, vt100 emulation, and telnet terminal id vt100 (if necessary).
c.
If the configuration in step b doesn’t work, use F1 to enter
BIOS configuration on the server and set console redirect to 9600 baud ( or
adjust Hyperterminal to match the BIOS
baud)
2. Install Red Hat Linux packaged by Avaya
a. Boot from the provided Linux CD. See step 1c if this doesn’t appear on screen. It takes at most 3 minutes for the Services Port to be ready..
b. Use TAB and ENTER keys to navigate and select options during the installation, but most often just select the default
c. After the installation is finished, the Avaya Services Port will go out of service. Disconnect, change the console baud rate to 115200 and reconnect the terminal session.
d. Wait for the server to eject the CD and reboot on its own
3. Install CCS software
a.
At this point the Services Port no longer works. Plug into a keyboard/mouse/monitor *
b.
Reboot single user touser to set root
password (hold shift key until LILO boot: prompt appears and type a1 single) *
c. Reboot and login as root
d. Type ifconfig to get the MAC address of eth0
e.
Type swversion andswversion and confirm these minimum settingversions:
Operating System: Linux 2.4.20-AV14 i686 i686
CCS Release String: CCS-2.1.0.0-35
Software Load: CCS02.1-01.0.035.0
f. Type ccsInstaller and enter the host configuration information: short hostname (no domain), DNS domain name, IP address, Subnet Mask, Gateway, DNS Server/s
g. Unless applicable, ignore the questions about RSA Card and answer High Availability = n.
h. Master Admin on this machine = y
i.
Select the mvss password, but make sure it has only
alphanumeric characters *
j. Start CCS service now = y
4. Post Installation Tasks
a. Login as admin/admin01
b. Type statapp to display the status of the CCS Server applications: Watchdog, Tracelogger, INADS AlarmAgent, CCS TrapAgent, GMM, SNMP Manager, ImLogger, SIP Server, and SME should all show “UP” and Mon may show “partially UP”
c.
Type server to show
the status of the CCS Server, which should look likeinclude these statuses:
Mode: Active
Server Hardware: okay
Processes: okay
1. Login as admin/admin01 to the web interface http://hostname to configure the proxy
2. Change admin password now.
3. Launch the Administration Web Interface and configure:
a.
Domain:
cChoose
Setup to setup the domain
b.
Hosts
[screen
shot]
c. Default User Profile
d. Media Servers (if applicable)
e. Complete any other Setup screens that show under Setup
4. License management
a. Choose Top – Server Configuration – Manage Licenses
b. Login to WebLM as admin
c. Enter license path of the XML license file (must reside on machine that is browsing this interface)
d. Click Install
e. Change the password
f. Choose Services and Stop Proxy Server and Start Proxy Server
g. Choose Hosts – Update all to save the change. Confirm that there are no errors.
5. Adding Users
a.
Choose
Users – Add
b.
Click
Update, and a link
“Update” will appear at the bottom of the left side Menu
c.
After
completing your changes, click the Update link from the left side Menu, to ensure your changes are
permanent
[screen
shot]
Configuring Media Server (optional)
a.Select
Enter a name for the map
Set a regular expression
pattern for the extension numbers you’ll assign (see
below)
·
Avaya Converged Communication Server
Installation and Administration, 555-245-705, August 2004
·
Avaya CCS 2.1 Quick Setup, September 2004
·
Avaya CCS 2.0 Quick Setup, June 2004
To obtain the latest versions
of these Avaya documents, go to http://support.avaya.com and
click on the link for documentation.
Locate the page for Converged Communication Server.
To do - Directory Consideration- note
Harvard uses inetOrgPerson
Address Map Notes
Pattern
(Required) This is a Linux regular expression that will match the extension
numbers you wish to map. Regular expressions are a way to describe text through
pattern matching. The regular expression is a string containing a combination
of normal text characters, which match themselves, and special metacharacters,
which may represent items like quantity, location or types of character(s).
(NOTE: You do not need to match punctuation like dashes, periods or parentheses
which may sometimes be used to enhance the readability of telephone
extensions.) For example, [0-9] represents any single digit and * represents
any number of digits or characters. So the example in the preceding
illustration
^sip:538[0-9]*
would match any SIP invite message (^ matches the beginning of a line) for any
extension 3 or more digits in length, beginning with the digits 538, and ending
with any other other sequence of digits.
Square brackets contain a selection of characters to be matched, with a hyphen
indicating a range; so in our example,[ 0-9] matches any digit, or for another
example, [13579] matches odd-numbered digits. Curly brackets which contain a
whole number match that number of instances of the preceding item. For example,
[0-9]{4} matches any four digits. Note that the braces may require escape
characters: \{4\}
Another helpful metacharacter is dot (period), which matches any single
character; for example, the regular expression .* matches any quantity of any
character(s).
For more information, refer to "SIP Support in Avaya Communication Manager
2.0, 555-245-206".
Replace URI
In case the contact information in this map is that of an endpoint (e.g., a SIP
phone or a user on a media server running Communication Manager), then this box
should be checked for "yes." The box is checked by default, because
the SIP proxy on a Converged Communications Server will overwrite the URI of
the SIP request for these cases. If, however, you wish to configure this proxy
to forward requests to another entity (i.e., another SIP proxy server) so that
the other entity can resolve the contact and route the request, then uncheck
the "Replace URI" box.
Add user notes
Handle
(Required) Enter a "handle" (i.e., alias) name for the user of at
least 3 alphanumeric characters in length. Each handle must be unique within
the domain, but users may have more than one assigned to them.
User ID
Enter an identifying name, which is at least 3 alphanumeric characters in
length and is used to authenticate user clients (for example, IP Softphone to
IM server). Each user has exactly one user ID. If you do not specify a
different
The CCS Handle-Based Dialing
service LDAP
Plugin was written in C++ to act as a type of call-processing bridge when
routing an incoming SIP URI to a destination.
Given a SIP URI like sip:username@bigu.edu, the LDAP Plugin will convert
it to an email address by removing the sip: prefix, and perform an LDAP query
for a unique telephone number belonging to a person with that email
address. The plugin bridge routine is
used for routing calls only when there is no matching registrant on the CCS
proxy.
·
Avaya CCS proxy server installed and configured to
run CCS 2.1.1 or higher version
·
Anonymous or authenticated read access rights to a
local LDAP server from the proxy server
·
LDAP Plugin files: configuration file ldapmod.cfg and shared library module modldap.so
·
Configuration file information as defined below
1.
Login
with privileged access.
2.
Define the module in the /usr/impress/sip-server/etc/modules.def file. (Note that modccsldap-params belongs in modules.def and
not ccs.conf):
[modccsldap]
lib=modldap.so
path=/usr/impress/sip-server/module
interfaces=ContactResolver
instances=single
[modccsldap-params]
configFile=/usr/local/etc/ldapmod.cfg
3.
Add
the configuration file parameters to /usr/impress/sip-server/etc/ccs.conf
file. The LocationService alternateCondition
parameter specifies the conditions in call routing that will invoke the module
– – notfound in CCS database (URI doesn’t exist), nocontacts in CCS database (URI exists but person is not
registered with the CCS proxy), or never to disable the module.
[LocationService]
AlternateLookupModule=modccsldap
AlternateCondition=nocontacts,notfound
For troubleshooting later:
[Tracing]
Enabled=true
TraceFile=/usr/local/etc/ccs.log
MaxFileSize=5000000
UseSeparator=true
ShowDate=true
All=off
; trace categories
LocationService=on
modccsldap=on
4.
Copy
the modldap.so shared library to the /usr/impress/sip-server/module
(Note that this is not /modules) directory. Remember to set the execute permissions.
5.
Login
to https://hostname and use the Administration
Web Pages to restart the proxy server service
a.
choose
Services – click Stop on Proxy Server, wait until the status is DOWN then click
Start
1.
Edit
the ldapmod.cfg for your environment, following the formatting in the example
file below:
version:3
onevalue:1
prefix:9
handler:
yourCommunicationManager.domain.edu
database:yourldapserver.domain.edu
auth:your bind DN (e.g.,
uid=youruid,ou=yourauthou,o=youro,dc=yourdc)
passwd:yourbindpassword
base:your base DN (e.g.
ou=yourbaseou,o=youro,dc=yourdc)
key:email
element:telephoneNumber
The
unique fields can
occur only once in the configuration file:
version – This specifies the LDAP
version to use. This will be either a “2” or “3”. It is strongly recommended
that “3” be used unless there is a specific reason to use “2”
onevalue – This specifies what to do
when more than one telephoneNumber is returned for a single email. If "onevalue" is
"1", then it will only return a value if a single value was found –
returns nothing if multiple values were found. If "onevalue" is
"0" then it will return the full list found. The functionality for a full list of
telephoneNumber values may be implemented in the future to scroll through a
list of telephoneNumbers to reach an intended user.
prefix –This specifies a string that
is to be prepended to the phone number returned from the LDAP directory
handler – This specifies the
Communication Manager server to use. Must be a fully qualified domain name, or
an IP address
These fields occur for each LDAP database that is
to be searched. If more than one is
listed, make sure the group of fields is listed completely and in the order listed below.
database – The fully qualified domain
name or IP address of the LDAP database server.
auth – The bind DN to use for the
bind authorization. (optional)
passwd – The password to use for
the bind authorization.(optional)
base – The base DN to use for the
search.
key – The LDAP field name to
search against.
element – The LDAP field name whose
value is to be returned.
2.
Copy
the ldapmod.cfg to /usr/local/etc
3.
Restart
CCS to post the changes (login to admin web interface and stop and restart the
proxy process)
1.
Make
sure system log files reflect that the service is running
a.
look
in the /usr/local/etc/ccs.log for entries similar to this:
AlternateLookupModule=modccsldap
loaded ContactResolver from module modccsldap
ContactResolver interface enabled for
nocontacts=yes notfound=yes
establishing database connection
connect okay
2.
Make
a call to a non-provisioned sip URI that is a facsimile of an email address that
exists in the LDAP directory and check your trace file for correct entry. Make sure that the dial string is reflected properly in your dial plan:
a.
tail -f /usr/local/etc/ccs.log should look similar to this:
sip:jstudent@big.edu not found, invoking alternate
lookup module
0: value being used: +1 999 999 9999
result to return is
sip:919999999999@yourCM.edu;transport=tls
module returned 1 contacts
·
Avaya SIP Trial, Candace Holman, March 2004
·
CCS-LDAP Plugin Requirements, Avaya BCSI Services
Offer, Version 0.3, June 2004
·
CCS/LDAP Plug In Installation, Avaya BCSI Services
Offer, Version 0.2, September 2004
·
SIP.edu Cookbook, http://web.mit.edu/sip/sip.edu/
·
Columbia University’s LDAP Plugin: http://www.columbia.edu/acis/networks/advanced/sip.edu.html
To implement traditional telephony features via gateway, at a minimum you must also configure a primary
management interface (PMI), register the G350 to a Media Gateway Controller,
configure SIP and ISDN trunks, and configure a SIP signal group.
To Configure the Media
Gateway and Trunks, you will need to access the ANSI graphical interface called
System Access
Terminal (SAT) on the PMI. After configuring the PMI in step II, login
to it and type sat. Use Esc-h for help, Esc-e to submit a change, and Esc-x to cancel.
Type logoff to exit. The most
common commands begin with add, change, display, and remove.
When you can access the SAT
interface, verify
that you have the required (licensed) access to configure these options by entering the command display system-parameters customer-options. Verify that you are able to administer IP trunks, SIP trunks, etc.
1.
login to the G350 and issue these commands
2.
interface vlan 1
3.
pmi
4.
exit
5.
Set mgc list [gateway ip
address]
6.
copy running-config
start-config
7.
show pmi
8.
show mgc list
9.
show running-config
10.
reset
Collect info for media
gateway – G350 serial number, name, IP
address, media gateway controller IP address, modules. To get serial number from the gateway prompt type: serialnumber –l
Collect provider info for T1
– direction, service type, COR, etc. Connect the T1 interface to your provider and verify it is working.
1.
from
the SAT prompt
2.
add media-gateway 1 (diagram
avayaSATMediaGateway)
3.
add ds1 v2 (diagrams avayaSATDS1-1 and
–2) Check with provider on how to set connect: pbx/network/host/etc, and interface: user/network/etc
4.
add signaling-group 1, group-type isdn-pri
5.
Add trunk-group 1, group-type isdn , service-type: public-ntwrk (check with provider)
6.
Change trunk 1 to set group member assignments: set
23 ports for a T1/PRI,
with port name in format gateway:module:circuit so that port 1 in this case is numbered 001V201. Also indicate the proper signaling group to use.
7.
Add/change ars-analysis and set up the dialed strings
that you want to route over the trunk (especially if there are restrictions)
8.
Change route-pattern 1 to set up a route pattern for this
trunk. Use this to mark which digits of the dial
string are routed over the ISDN trunk or for any special formatting or codes required by
the provider.
9.
Change public-unknown-numbering and configure for your
extensions so that they pass the complete caller id.
1.
Display system
customer-options – verify maximum administered sip trunks > 0 (page 2/10)
and ip trunks = y (page 4/10)
2.
Change system features - set trunk-to-trunk transfer
= all
3.
Change node-names ip [hostname] and set the host name and ip address of your CCS
4.
List node-names ip and verify an entry exists for procr with ip address of your gateway
5.
Change ip-network-region 1 = domain of the home proxy
CCS as defined in the CCS Administration Web
Interface under Server Configuration – System Properties
6.
Add signaling-group 2. You need at least one
signaling group, but can add more if you have more than one SIP proxy server in your architecture.
a.
Group
Type: sip
b.
Transport
Method: tls
c.
Near-end
node: procr as
verified in step 4
d.
Far-end
node: CCS entry as
set in step 3
e.
Near-end
and far-end listen ports: these must match, default is 5061
f.
Far-end
network region: blank unless different than
the CCS proxy’s
network region
g.
Far-end
domain: blank
h.
DTMF
over IP: rtp-payload
7.
Add trunk-group 2. You need at least one trunk group, but can add more if you have
more than one SIP proxy server in your architecture.
a.
Group
Type:sip
b.
CDR
Reports: y (if
required for
billing or auditing)
c.
Signaling-group:
1 (as entered in
step 2 above)
d.
Service
Type: public-netwrk (or check with provider)
e.
Number
of Members: sum of
all sip trunk-groups, members cannot exceed system-parameters customer-options Max Administered
SIP Trunks
f.
Send
name: y
g.
Send
calling number: y
h.
Format:
public (default for SIP, check with provider
for recommended encoding of Numbering Plan
Indicator)
i.
Send
connected number: y
j.
Group
Member assignments should fill automatically based on the number of members you entered
8.
Add/change route-pattern 2 to distinguish calls that
will travel over the sip trunk. Set secure-sip:n (unless it’s supported)
9.
Add/change ars analysis for your numbered SIP
extensions (if any)
10.
Add/change
public-unknown-numbering to complete your dial plan for the SIP extensions
·
Administrator’s Guide for Avaya Communication
Manager,
January 2005
·
SIP Support in Avaya Communication Manager 2.1.1
running on the Avaya s8300, s8500, or s8700 Media Server, 555-245-506, September 2004.
To obtain the latest versions
of these Avaya documents, go to http://support.avaya.com and click
on the link for documentation. Locate
the page for Communication Manager.
If you set up a SIP->PSTN
trunk via G350 and Communication Manager, first set up a route pattern in SAT for the dialed strings you
choose. Then make sure that you trunk your dialed strings
to that route pattern. By default most
dialed strings are denied a route. In this example, only one area code is represented
on campus, but there are several exchanges.
Check dialed strings:
list ars analysis
Check route patterns:
list route-pattern
Set up a route pattern to route:
add/change route-pattern x
Set up the ARS dial strings
to use that route pattern:
Add/change ars analysis [areacode] and indicate proper Min and
Max digits, the route pattern number you set above, call type fnpa
usage: sipserver
[ -s | --check-config ]
[ -c configFile | --config-file=configFile ]
[ -d | --daemon-mode ]
[ --home-dir=homeDir ]
[ --module-defs=modDefsFile ]
[ --module-dir=modDirectory ]
[ --quiet ]
[ --services-file=servicesFile ]
[ -s ssfConfig | --ssf-config=ssfConfig ]
[ -t | --trace ]
[ --trace-dir=ssfTraceDir ]
[ -w workDir |
--working-dir=workDir ]
[ -h | --help ]
Perform this upgrade during a maintenance window,
as it will cause interruptions in service.
The server must be configured properly before upgrading. Caveats – I had to reset the phones afterward. It also erased all of my ldap plugin stuff,
but I was able to revert to the previous boot partition.
1.
Open a management session to the CCS proxy server
via web browser: http://hostname
2.
Login
with your admin account and choose Launch Maintenance Web Interface
3.
Under
Data Backup/Restore, choose Backup Now and backup your data using any of the
given methods
4.
Under
Miscellaneous, choose Download Files and download the tar.gz file, e.g.
CCS02.1-01.0.038.0.tar
5.
Under
Server Upgrades choose Install New Software and follow the wizard steps,
choosing the software file you just downloaded
a.
Choose
software
b.
Choose
License Source – use current license or install a new one
c.
Review
Notices – review the notices carefully and take suggested measures where
appropriate
d.
Begin
Installation – lists the options you chose and asks you to confirm
e.
Install
in Progress – review for errors as the installation proceeds
f.
Reboot
Server – confirm that you want to interrupt service by rebooting
g.
Reboot
in Progress – wait a few minutes and check the status of the reboot by pressing
Continue. Do not exit the browser.
h.
Update
Tripwire Database
i.
Install
License Files - optional
j.
Installation
Complete
6.
Under
Server Upgrades, choose make Upgrade Permanent
7.
Under
Miscellaneous, choose Download Files and load your backup data tar.gz
files
8.
Under
Data Backup/Restores, choose View/Restore Data
9.
Choose
Restore History to verify the data restoration
10.
Under
Server, choose Software Version to verify the new software version
Harvard’s Directory Product
Manager requested that we honor privacy settings on LDAP records. Harvard record components such as phone
number and email address may be distinctly protected, so both phone and mail
record privacy settings are honored for SIP.edu. If a user has a private email address, or a public email address
but a private phone number, then a lookup for phone number via email address is
not granted. The number of reachable
parties fluctuates depending on how the end users have set their privacy flags.