Beruflich Dokumente
Kultur Dokumente
0
Installation Guide
*1PA31003-S5020-S100-1-7620*
1P A31003-S5020-S100-1-7620
Siemens AG 2004
Information and Communication Networks,
Hofmannstrae 51, D-81359 Mnchen, Germany
Reference No.: A31003-S5020-S100-1-7620 Printed in the Federal Republic of Germany.
Subject to availability. Right of modification reserved.
5454TOC.fm
Nur fr den internen Gebrauch
Content
Content
1-1
1-1
1-1
1-1
1-3
1-3
2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1 Upgrades from V1 SPCR to V2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.1 Production Mode with Upgrade of Media Server Software . . . . . . . . . . . . . . . . . .
2.1.2 Production Mode with Re-installation of Media Server PC . . . . . . . . . . . . . . . . . .
2.1.3 Early Deployment Mode with Upgrade of Media Server Software . . . . . . . . . . . .
2.1.4 Early Deployment Mode with Re-installation of Media Server PC . . . . . . . . . . . .
2.2 System Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1 OpenScape Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.1 OpenScape Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.2 OpenScape Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.3 OpenScape Management Console (OMC). . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.4 OpenScape MCU (Multipoint Control Unit). . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.5 OpenScape Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.6 OpenScape Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.7 OpenScape Trace File Accumulator (TFA). . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.8 OpenScape Early Deployment Mode (EDM) . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.9 OpenScape Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.10 OpenScape Forest Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.11 SIP Phones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2 Non-Siemens Prerequisite Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.1 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.2 Windows Server 2003 Active Directory Application Mode (ADAM) . . . . . . . .
2.2.2.3 Microsoft SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.4 Microsoft Office LC Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.5 Microsoft Exchange 2000/2003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.6 Microsoft Windows Server 2003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.7 Microsoft .NET Framework V1.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.8 Microsoft Web Service Enhancements (WSE) 2.0 . . . . . . . . . . . . . . . . . . . . .
2.3 OpenScape Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.1 Infrastructure Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.1.1 Production Mode vs. Early Deployment Mode . . . . . . . . . . . . . . . . . . . . . . . .
2.3.2 OpenScape Application Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.3 Additional Devices and Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.4 Deployment Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2-1
2-1
2-1
2-1
2-1
2-1
2-1
2-1
2-1
2-2
2-2
2-2
2-2
2-2
2-2
2-2
2-2
2-2
2-3
2-3
2-3
2-3
2-3
2-3
2-3
2-3
2-3
2-4
2-4
2-4
2-5
2-5
2-5
2-6
0-1
5454TOC.fm
Content
0-2
4-1
4-1
4-2
4-2
4-3
5454TOC.fm
Nur fr den internen Gebrauch
Content
4-3
4-4
4-4
4-4
4-6
5-1
5-1
5-1
5-2
5-4
5-5
5-5
5-6
5-6
5-6
5-6
5-7
6-1
6-2
6-2
6-2
6-3
6-4
6-4
6-5
6-5
6-6
6-7
7-1
7-1
7-1
7-2
8-1
8-1
8-1
8-2
8-2
8-3
8-4
8-6
8-7
8-8
8-8
0-3
5454TOC.fm
Content
0-4
5454TOC.fm
Nur fr den internen Gebrauch
Content
8.16.1.2 Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.16.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.17 TFA System Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.17.1 System Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.17.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . .
8.17.1.2 Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.17.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.18 EDM System Preparation and Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.18.1 System Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.18.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . .
8.18.1.2 Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.18.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8-35
8-35
8-35
8-36
8-36
8-37
8-37
8-38
8-38
8-38
8-39
8-40
9 Installing OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1 Pre-Installation Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.1 Raising the Domain Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.2 Synchronizing the Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.3 Windows Server 2003 Terminal Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.3.1 Remote Administration Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.3.2 Application Server Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.3.3 Terminal Services service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.4 Setting Up User and Administrator Cross-Functionality . . . . . . . . . . . . . . . . . . . .
9.1.5 Firewall Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.5.1 Portal Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.5.2 OpenScape Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.6 Virus Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.7 Account Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.2 Verifying the Server Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.3 Installing the OpenScape Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.4 Verifying and Configuring Ports and Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.5 Installing OpenScape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9-1
9-1
9-1
9-1
9-2
9-2
9-3
9-3
9-3
9-4
9-4
9-4
9-4
9-4
9-5
9-5
9-6
9-9
10 Installing OMC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.2 Installing Microsoft Hotfix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.3 Installing the OMC Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.4 Configuring the OMC, TFA and RD Snap-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.5 Configuring the OpenScape Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.6 Installing the OpenScape License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.7 Configuring the SMTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.8 Testing the OMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.9 Symptoms and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.10 Testing OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10-1
10-1
10-2
10-2
10-2
10-3
10-4
10-5
10-5
10-5
10-6
0-5
5454TOC.fm
Content
12-1
12-1
12-1
12-2
12-2
12-3
12-4
12-5
12-5
12-5
12-5
12-6
14-1
14-1
14-1
14-1
14-2
14-2
14-2
14-3
14-3
14-3
16-1
16-1
16-1
16-1
16-1
16-2
16-2
16-2
16-3
16-3
16-5
16-6
16-7
0-6
5454TOC.fm
Nur fr den internen Gebrauch
Content
A References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
A.1 Adding Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
A.1.1 User Creation via OMC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
A.1.2 User Creation via Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
A.2 Configuring Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2
A.3 Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
A.4 Uninstalling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
A.4.1 Environment Preparation Tool Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
A.4.2 OpenScape (Main Server) Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5
A.4.3 Problems Uninstalling OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5
A.4.4 OpenScape Client Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6
A.4.5 OpenScape MCU Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6
A.4.6 Media Server Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6
A.4.7 Service Pack Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6
A.5 Creating an SRV Record on DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6
A.6 Obtaining a SIP Phone Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7
A.6.1 Creating and Issuing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7
A.6.2 Requesting (Windows 2003 Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8
A.6.3 Requesting (Windows 2000 Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9
A.6.4 Locating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10
B Preparing Exchange 2000/2003 for OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
B.1 Enabling WebDAV on the Exchange 2003 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
B.2 Configuring the Account Security Privileges in the Exchange Server Stores . . . . . . . B-1
B.3 Converting the SiemensIC Account into an OpenScape User . . . . . . . . . . . . . . . . . . B-4
B.4 Converting the SiemensCR Account into an OpenScape User. . . . . . . . . . . . . . . . . . B-4
B.5 Installing Schedule+FreeBusy Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6
B.6 Portals Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-8
B.6.1 Enabling SSL in IIS on the OpenScape Server . . . . . . . . . . . . . . . . . . . . . . . . . . B-8
B.6.2 Enabling SSL for Outlook Web Access (OWA) on the Exchange Server . . . . . . . B-9
B.6.3 Opening and Verifying the Portals in Internet Explorer. . . . . . . . . . . . . . . . . . . . B-10
C Creating OpenScape Users for Media Server Routing . . . . . . . . . . . . . . . . . . . . . . . . C-1
C.1 CRDirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1
C.2 CRForward . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2
C.3 Creating Forwarding Rule Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-3
D Settings Changed by the Environment Preparation Tool. . . . . . . . . . . . . . . . . . . . . . D-1
D.1 Root Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1
D.1.1 Accounts and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1
D.1.2 Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1
D.1.3 Permissions on the Domain-DNS Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2
D.2 Child Domain Hosting OpenScape Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2
D.2.1 Accounts and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2
D.2.2 Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-5
D.2.3 Permissions on the Domain-DNS Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-5
A31003-S5020-S100-1-7620, July 2004
HiPath OpenScape V2.0, Installation Guide
0-7
5454TOC.fm
Content
D.2.4 Permissions on the Service Connection Point (Child of Computer Object for Computers Hosting OpenScape Core, RD, TFA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6
D.2.5 Permissions on the EDM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6
D.2.6 Access Rights to the OpenScape Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6
D.2.7 Access Rights on the WMI CIM Repository (for servers hosting OpenScape Core, RD,
TFA, EDM, MCU, MS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6
D.3 Child Domains Containing User Objects Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-7
D.3.1 Accounts and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-7
D.3.2 Permissions on the Domain-DNS Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-7
E IPSec Security Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-1
E.1 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-1
E.2 Creating a Custom MMC Console for IPSec Configuration . . . . . . . . . . . . . . . . . . . . . E-3
E.3 Creating a New IPSec Policy for Media Server on the Media Server Server Machine. E-4
E.3.1 Media Server to LC Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-5
E.3.2 LC Server to Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-6
E.3.3 Media Server to License Server (OpenScape) . . . . . . . . . . . . . . . . . . . . . . . . . . . E-6
E.4 Creating a New IPSec Policy for LC Server on the LC Server Machine. . . . . . . . . . . . E-8
E.4.1 LCS to Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-9
E.4.2 Media Server to LCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-9
E.4.3 LCS to MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-10
E.4.4 MCU to LCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-10
E.4.5 LCS to B2BUA (OpenScape Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-11
E.4.6 LCS to a Gateway that supports IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-11
E.4.7 LCS to a Gateway that does not support IPSec. . . . . . . . . . . . . . . . . . . . . . . . . . E-12
E.5 Creating a New IPSec Policy for OpenScape on the OpenScape Server Machine . . E-14
E.5.1 License Server (OpenScape) to Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . E-14
E.5.2 B2BUA (OpenScape Server) to the LCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-15
E.5.3 License Server (OpenScape) to MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-16
E.6 Creating a New IPSec Policy for MCU on MCU Server Machine . . . . . . . . . . . . . . . . E-17
E.6.1 MCU to LCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-17
E.6.2 LCS to MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-18
E.6.3 MCU to License Server (OpenScape) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-19
E.6.4 MC to MP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-19
E.6.5 MP to MC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-20
E.7 Setting the Block Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-21
F OpenScape Installation - Tools, Utilities and Hints . . . . . . . . . . . . . . . . . . . . . . . . . .
F.1 CheckSPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.2 MSMQ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.3 OpenScape RTC Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.3.1 Display Current RTC Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.3.2 Create new RTC Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.3.3 Set RTC Port Trusted/un-Trusted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.3.4 Create new Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
0-8
F-1
F-1
F-1
F-1
F-2
F-2
F-3
F-3
5454TOC.fm
Nur fr den internen Gebrauch
Content
0-9
5454TOC.fm
Content
0-10
5454TOC.fm
Nur fr den internen Gebrauch
Content
J-1
J-1
J-1
J-2
J-2
J-2
J-3
J-3
J-3
J-4
J-4
J-4
J-4
J-5
J-5
J-6
J-6
J-6
J-6
J-6
J-7
J-8
J-8
J-8
J-8
0-11
5454TOC.fm
Content
0-12
5454noti.fm
About This Guide
Prerequisite Knowledge
This guide describes the installation process for HiPath OpenScape V2.0.
Check the KMOSS website at https://kmoss.icn.siemens.de for the latest version of this guide.
1.1
Prerequisite Knowledge
This guide is intended for VARs, SIs, IT Domain and Enterprise Administrators, etal to help with
the installation of OpenScape.
1.2
This guide provides the steps necessary to install OpenScape and its components.
1.3
1-1
5454noti.fm
Chapter 12, Installing OpenScape MCU, describes the procedures for installing OpenScape
MCU.
Chapter 13, Installing the OpenScape Media Server, describes the procedures for installing
OpenScape Media Server.
Chapter 14, Service Packs and Miscellaneous, describes how to install the service packs and
miscellaneous features.
Chapter 15, Installing the OpenScape Client, describes the procedures for installing the
OpenScape Client.
Chapter 16, Installing SIP Phones, provides information for installing the SIP phones.
Chapter 17, Final Checklist lists the tasks necessary to complete the installation.
Appendix A, References, provides instructions used for reference.
Appendix B, Preparing Exchange 2000/2003 for OpenScape, provides instructions for preparing Exchange 2000/2003 for OpenScape by the network administrator.
Appendix C, Creating OpenScape Users for Media Server Routing provides instructions for
creating OpenScape users by the network administrator.
Appendix D, Settings Changed by the Environment Preparation Tool provides details on what
accounts, groups and permissions are set by the Environment Preparation Tool.
Appendix E, IPSec Security Settings, provides instructions on how to secure communications
between servers with Windows IPSec configured on the servers.
Appendix F, OpenScape Installation - Tools, Utilities and Hints provides tools, utilities and
hints for installing OpenScape.
Appendix G, Required Licenses and Software Prerequisites describes the required licenses
and software pre-requisites. This section will go into the Planning Guide when it is available.
Appendix H, Upgrade - Production Mode with Upgrade of Media Server Software describes
the procedure for upgrading from V1 SPCR to V2 in a Production Mode with Upgrade of Media
Server Software.
Appendix I, Upgrade - Production Mode with Re-Install of Media Server PC describes the procedure for upgrading from V1 SPCR to V2 in a Production Mode with re-installation of the Media Server PC.
Appendix J, Upgrade - Early Deployment Mode with Upgrade of Media Server Software describes the procedure for upgrading from V1 SPCR to V2 in an Early Deployment Mode with
Upgrade of Media Server Software.
Appendix K, Upgrade - Early Deployment Mode with Re-Install of Media Server PC describes
the procedure for upgrading from V1 SPCR to V2 in an Early Deployment Mode with re-installation of the Media Server PC.
1-2
5454noti.fm
Nur fr den internen Gebrauch
1.4
Related Information
The following information sources are available for HiPath OpenScape V2.0:
Online help provides explanations covering all areas of the user interface.
HiPath OpenScape V2.0 System Description, A31003-S5020-A400, provides the user with
a system description of OpenScape.
1.5
Documentation Feedback
To report a problem with this document, call your next level of support:
When you call, be sure to include the following information. This will help identify which document you are having problems with.
1-3
5454noti.fm
1-4
5454ovw.fm
Overview
Upgrades from V1 SPCR to V2
Overview
This section provides an overview of the installation of an OpenScape system as well as upgrades. It covers the components and applications that comprise the OpenScape system and
information regarding system wide configurations.
2.1
There are 4 different scenarios depending on Production Mode vs. Early Deployment Mode
(see Section 2.2.1.8) and whether the Media Server will be re-installed or just upgraded. Reinstallation is required if the current operating system for the Media Server is a non-US
English version of Win 2K Advanced.
2.1.1
Refer to Appendix H, Upgrade - Production Mode with Upgrade of Media Server Software.
2.1.2
Refer to Appendix I, Upgrade - Production Mode with Re-Install of Media Server PC.
2.1.3
Refer to Appendix J, Upgrade - Early Deployment Mode with Upgrade of Media Server Software.
2.1.4
Refer to Appendix K, Upgrade - Early Deployment Mode with Re-Install of Media Server PC.
2.2
System Components
2.2.1
OpenScape Components
2.2.1.1
The OpenScape Application Server consists of the OpenScape Base components and Applications. The SDK feature can be installed on this Server.
2-1
5454ovw.fm
Overview
System Components
2.2.1.2
This Dispatcher is an extension that must be installed on the LC Server. In V1.0, this was part
of the OpenScape Application Server installation.
2.2.1.3
This is a Siemens product that is a component of OpenScape. The MCU is composed of one
Multipoint Controller (MC) and up to 4 Media Processors (MPs).
2.2.1.5
This is a Siemens product that although integrated with OpenScape, may be sold separately.
2.2.1.6
OpenScape Client
This installation package is new in V2.0 and provides the capability to retrieve trace files from
computers with OpenScape components.
2.2.1.8
This installation package is used only for Early Deployment Mode. This is used if the customer
does not extend the Active Directory Enterprise Schema with the Siemens attributes (this is
done in the Production Mode).
2.2.1.9
This tool prepares the environment for OpenScape components to be installed. Note some
steps are different if the customer is in Early Deployment Mode (i.e. /EDM switch)
2.2.1.10
This tool prepares the forest for OpenScape components to be installed in a production mode.
In V2.0, the Forest, besides the Domains and all Systems, needs to be prepared prior to the
OpenScape installation.
2-2
5454ovw.fm
Nur fr den internen Gebrauch
2.2.1.11
Overview
System Components
SIP Phones
This is a Siemens product that although integrated with OpenScape, may be sold separately
2.2.2
2.2.2.1
Active Directory
OpenScape will use the customers existing Active Directory for identifying OpenScape users.
2.2.2.2
ADAM is a Lightweight Directory Access Protocol (LDAP) directory service that runs as a user
server, rather than as a system service. It is used before OpenScape is deployed into production mode. With ADAM, the AD schema does not need to be extended.
2.2.2.3
OpenScape requires a separate instance of MS SQL Server 2000. The installation of this instance is the responsibility of the customer. This instance name has to be provided as input
during OpenScape installation.
2.2.2.4
OpenScape will use the customers existing LC (Live Communications) Server. Installation of
the first instance of LC Server (LCS) will extend the AD schema.
2.2.2.5
OpenScape requires MS Windows Server 2003 for functionality. This is a prerequisite for the
OpenScape Application server.
2.2.2.7
OpenScape applications require the .NET Framework for functionality. MS .NET Framework 1.1
is a prerequisite for the OpenScape Application server, Media Server, TFA, RD, MCU and
OMC. It is also required on the machine where the Environment Preparation or Forest Preparation will be performed.
2-3
5454ovw.fm
Overview
OpenScape Configurations
2.2.2.8
WSE 2.0 is a Microsoft .NET product that is required. Microsoft WSE 2.0 can be installed from
http://msdn.microsoft.com/webservices/building/wse/default.aspx. During installation, select
the option to install the Administrator setup type.
2.3
OpenScape Configurations
Version 2 of HiPath OpenScape supports a broad variety of deployment options, which are dependent on customer environments and functional requirements.
An OpenScape Application deployment requires various components:
Additional devices or clients, which are used by the user or the system to connect to
the current communication infrastructure and to the OpenScape application
Multiple OpenScape systems can be deployed in the network as well. However, the features
are not completely transparent in such an environment. Mainly, the users of a other OpenScape
are handled like external users and information (like presence information) is not shared between different OpenScape systems.
2.3.1
Infrastructure Components
OpenScape is an application based on the Live Communication Service (LCS) product of Microsoft and requires
OpenScape installation requires Active Directory schema extensions. If the customer does not
allow Active Directory changes the system needs to be deployed in Early Deployment Mode,
which does require additional software components, but does not require a schema change in
Active Directory.
LCS deployments require Active Directory schema changes as well and are still required.
2-4
5454ovw.fm
Nur fr den internen Gebrauch
2.3.1.1
Overview
OpenScape Configurations
Production Mode: This is the recommended mode. OpenScape schema extensions to the Active Directory are configured.
Early Deployment Mode: This mode can be used as alternative when the customer does not
allow the Active Directory to be extended for HiPath OpenScape. Note that LCS schema extensions are still required.
There can only be one mode for the whole Active Directory forest at a given time. It is possible
to migrate from EDM to Production Mode once the Active Directory schema can be extended.
The advantage of running HiPath OpenScape in Production Mode is better performance especially in a larger deployment in terms of number of users and multiple locations.
Using the Early Deployment Mode requires the following additional components
2.3.2
2.3.3
SIP Gateways
2-5
5454ovw.fm
Overview
OpenScape Configurations
SIP phones
OpenScape Client
The portal interface does not require any client installation. However, for Outlook or
Messenger integration OpenScape client installation is necessary.
2.3.4
Deployment Rules
There is a set of rules which need to be adhered to for the system to work successful. The next
section depicts then more concrete implementation scenarios.
1.
2.
All server components of one OpenScape system need to be installed in the same domain
with the exception of RD (see rules 5 and 6 below).
3.
An OpenScape installation requires one or more LCS installation in the same forest
4.
5.
The Routing Dispatcher (RD) needs to be installed on each LCS in the forest.
An RD installation is not required if
7.
The LCS can be installed in a different domain (implies also to RD in rule 5.).
8.
Users on multiple LCS in different domains can be supported with one OpenScape installation and as well with multiple OpenScape installations.
9.
OMC can be installed in different domains (there is always an OMC installed on the OSCore system) of the same forest.
10. All Windows 2003 components can be installed on the same server or separate servers.
This includes:
2-6
5454ovw.fm
Nur fr den internen Gebrauch
LCS with RD
MS-SQL
OS-Core
MCU-MC
MCU-MP
TFA
EDM
OMC
Overview
OpenScape Configurations
11. An existing MS-SQL 2000 installation can be extended to be used for an OpenScape installation.
12. An MCU-MC does not require a separate server and should reside with one MCU-MP.
13. MCU-MP residing on a separate machine guarantees voice quality in a higher traffic model
scenario. Up to 4 MPs can be deployed, but a single MP is only bound by the CPU performance and will not limit itself to 72 channels. E.g. a dual processor machine can support
144 channels.
14. There is only one MS per OpenScape system installation.
15. MS requires Windows 2000 Advanced. It is not recommended to install additional software
components on this server.
16. Multiple Exchange servers are supported, but
2.3.5
Deployment Models
2-7
5454ovw.fm
Overview
OpenScape Configurations
Figure 2-1
2-8
5454ovw.fm
Nur fr den internen Gebrauch
Figure 2-2
Overview
OpenScape Configurations
2-9
5454ovw.fm
Overview
OpenScape Configurations
2.3.6
Typical Configurations
The following table allows to identify typical configurations based on the number of users and
the traffic model. The normal traffic model assumes a call volume of 3 calls per user per hour
and the high traffic model assumes a call volume of 6 calls per user per hour.
Traffic Scenario
100/250 Users
Normal
High
Table 2-1
>
Machine 1
OS-Core
LCS + RD
MS-SQL
MCU (MC+MP)
TFA
EDM (optional)
Machine 2
Media Server
Machine 1
OS-Core
LCS + RD
MS-SQL
Machine 2
Media Server
Machine 3
MCU (MC+MP)
500/750 Users
Machine 1
OS-Core
LCS + RD
MS-SQL
Machine 2
Media Server
Machine 3
MCU (MC+MP)
Machines 4, 5, 6 (if required)
Machine 1
LCS + RD
Machine 2
OS-Core
MS-SQL
Machine 3
Media Server
Machine 4
MCU (MC+MP)
Machines 5, 6, 7(if required)
Typical Configurations
Note: The administrative components (i.e. TFA, OMC) can be installed on a separate machine or on a machine with other OpenScape components.
Also, the Routing Dispatcher (RD) must be installed separately on the LC Server.
The OMC, TFA snap-in and RD snap-in can be installed anywhere in the same AD
forest as the OpenScape server, on any Windows XP or Server 2003 machine.
2-10
5454ovw.fm
Nur fr den internen Gebrauch
2.4
Overview
Installation Overview
Installation Overview
Since this document is not intended to supersede the Microsoft documentation and recommendations for system configuration, the Microsoft documentation should be used as a primary
guide for setting up a system infrastructure. The relevant documentation includes:
Active Directory Deployment:
http://www.microsoft.com/serviceproviders/deployment/ad.asp
Exchange 2000 Deployment:
http://www.microsoft.com/serviceproviders/deployment/
exchange_2000_ASP_deploykitP58584.asp
LC Server Deployment:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/office/livecomm2003/default.asp
>
Note: Due to the .NET version dependencies of the system the MCU and OpenScape must be at the same version level at the time of installation
This means that it is imperative to install the MCU after OpenScape has been
installed, but before any service packs are applied to the OpenScape System.
OpenScape
OpenScape Client
OpenScape EDM
OpenScape MC
OpenScape MCU
OpenScape RD
OpenScape TFA
Third Party Software CD contains 3rd Party Software required for the OpenScape applications (there are different versions of this CD for the various languages supported including
US English, UK English and German);
2-11
5454ovw.fm
Overview
Installation Overview
OpenScape XX 3rd Party Software CD contains 3rd party software to be installed on German and UK English Media Server systems;
>
Note: For the period of installation, the OpenScape system will be non-operational.
OpenScape installation however does not require the shutdown (restart) of the customers Infrastructure (Domain Controller, Active Directory, Exchange), or LC Server
components.
Production Mode
Pre-Installation Checklist
Verify components
Enter all the necessary and required data into the config.xml file for environment preparation
Prepare all Domains and Systems hosting OpenScape applications by running the EnvironmentSetup executable file; be sure to copy the updated config.xml file to all systems where the preparation is to be performed.
2-12
5454ovw.fm
Overview
OpenScape Licenses
Configure certificates
Install MCU
Troubleshooting
2.5
OpenScape Licenses
The OpenScape systems are delivered with temporary licenses (licenses.txt). A grace period
of 7 days is given with these temporary licenses. A permanent or evaluation license must be
used within 7 days. Customer have the option of purchasing full licenses listed in these tables.
2.5.1
Feature
Communication
Broker Users
Table 2-2
Communication_ Count
Broker
System
Maximum
Count
2000
2-13
5454ovw.fm
Overview
OpenScape Licenses
Feature
License Names
License
Type
System
Maximum
Count
288
Media Server
Ports (VOS01010501-x.x.x)
SIP_Interaction_ Count
Sessions
250
TTS Ports
Text_To_Speech Count
250
ASR Ports
Auto_Speech_R
ecognition
Count
250
Media Server
VoiceAndSelfServePortals
On/Off
N/A
Auto-Answer for
Media Server
Auto_Answering
On/Off
N/A
N/A
Service License
N/A
N/A
Table 2-2
2-14
N/A
On/Off
5454ovw.fm
Overview
OpenScape Licenses
2.5.2
Feature
System
Maximum
Count
Media Server
TDM_Interaction Count
TDM Ports
_Sessions
(VOS-01010301X.X.X)
288
N/A
Media Server
VXML Platform
Browser (VOS01040001-x.x.x)
VXML_Sessions Count
250
Media Server
SALT Platform
Browser (VOS01040002-x.x.x)
SALT_Sessions
Count
250
SDK Runtime
Package
SDK_Runtime
On/Off
N/A
CSTA_III_SDK_
Runtime
On/Off
N/A
XA SDK
XA_SDK_Runtim On/Off
e
N/A
N/A
2-15
5454ovw.fm
Overview
OpenScape Licenses
Feature
License Names
License
Type
System
Maximum
Count
Web_Conf_SPI_ On/Off
Runtime
N/A
VC_MgmtServer Count
Speech Works
SW_TTSSession Count
Sessions for TTS s
(VOS-02010001x.x.x)
250
Speech Works
SW_ASRSessio
Sessions for ASR ns
(VOS-02010001x.x.x)
250
2000
Count
2-16
5454ovw.fm
Overview
OpenScape Licenses
Feature
System
Maximum
Count
DirectVoiceAccessUser
Count
2000
Guest Access
Enabling User
GuestAccessEn- Count
ablingUser
2000
Nuance Java
Nuance_ASRSe Count
Recognition Ex- ssions
tension Point
(VOS-02010001x.x.x)
250
250
Control Center
VC_CCServer
Server (Distributed) (VOS02010001-x.x.x)
Count
Control Center
VC_CCClient
GUI Client (Full)
(VOS-02010001x.x.x)
Count
Count
2-17
5454ovw.fm
Overview
Non-OpenScape Licenses
Feature
License Names
License
Type
System
Maximum
Count
Figure 2-3
2.6
Non-OpenScape Licenses
MS SQL server
LC Server
SIP gateway components. Any relevant licensing costs are included the hardware price.
2-18
5454pre.fm
Pre-Installation Checklist
Recommended Hardware Requirements
Pre-Installation Checklist
This section describes the pre-installation checklist that must be performed before starting the
installation.
3.1
Follow Microsoft hardware recommendations based on O/S. Ensure that the recommended requirements are followed as opposed to the minimum requirements.
3.2
Infrastructure Requirements
>
>
Check the latest OpenScape Release Note for information on the current software versions and service packs used for OpenScape as well as for Microsoft
and third party software. This Note is located on the KMOSS website, https://
kmoss.icn.siemens.de.
3.2.1
Required Infrastructure
Component/Environment
MS .NET Framework
MS Exchange Server 2000/2003
MS Office Live Communications Server
MS Windows Server 2003 or MS Windows 2000 Server - Standard or Enterprise Edition
Table 3-1
3.2.2
Infrastructure Requirements
3-1
5454pre.fm
Pre-Installation Checklist
Infrastructure Requirements
Component/Environment
MS Windows Server 2003 - Standard or Enterprise Edition
MS .NET Framework
Sun Java 2 Runtime Environment
MS SQL Server 2000 and SP3 - Standard or Enterprise Edition
MS Message Queue Service (MSMQ)
Microsoft ASP.NET
Microsoft IIS
Microsoft Management and Monitoring Tools
Table 3-2
3.2.2.1
OpenScape requires a separate instance of MS SQL Server 2000. Installation of this instance
is the responsibility of the customer. This instance name has to be provided as input during
OpenScape installation. This instance should not be installed with the Local System account
but with a domain user account with local administrative privileges on the SQL Server.
If MS SQL Server is on a separate server (i.e. remote) from OpenScape, the following additional steps need to be done:
The domain user account that the SQL Server instance is running as should be added to
the local Administrators group of the OpenScape Server.
Microsoft SQL Server Data Engine (MSDE) should be installed by the network administrator on the OpenScape server.
>
3.2.2.2
SSL client side encryption is used to access the MS SQL Server. The MS SQL Server must
have the server certificate which is exported and imported to the client machine. To allow encryption, refer to the following MS links:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;316898
http://support.microsoft.com/default.aspx?scid=kb;EN-US;276553
3-2
5454pre.fm
Pre-Installation Checklist
Infrastructure Requirements
>
3.2.2.3
After installing the certificate, MS SQL Server needs to be restarted. This restart
must be done regardless of whether SQL Server is co-located on the OpenScape
Main server or on a remote server.
JAVA Runtime Environment
The CAP License Server (CLT) requires the Java 2 Runtime Environment SE. This package is
available from the third party software CD.
3.2.2.4
If you are installing OpenScape and want to use the SDK feature, Microsofts WSE2.0 must be
installed prior to the OpenScape installation. Microsoft WSE 2.0 can be installed from http://
msdn.microsoft.com/webservices/building/wse/default.aspx. During installation, select the option to install the Administrator setup type.
3.2.3
HiPath OpenScape RD
MS Windows Server 2003 - Standard or Enterprise Edition
MSMQ
Table 3-3
3.2.4
RD Requirements
3-3
5454pre.fm
Pre-Installation Checklist
Infrastructure Requirements
3.2.5
MCU
Component/Environment
MS .NET Framework
MS Windows Server 2003 Standard or Enterprise Edition
HiPath OpenScape MCU
Table 3-5
3.2.6
MCU Requirements
Media Server
Component/Environment
3.2.7
MS .NET Framework
MS Windows Server 2003 or Windows XP Professional
HiPath OpenScape TFA
3-4
5454pre.fm
Pre-Installation Checklist
Infrastructure Requirements
Table 3-7
TFA Requirements
3.2.8
MS .NET Framework
MS Windows Server 2003 or Windows XP Professional
HiPath OpenScape EDM
Windows Server 2003 Active Directory Application Mode
Table 3-8
EDM Requirements
3.2.9
End Points
Endpoints
Endpoints
3.2.10
3.2.10.1
Assumption: (3 events per user per hour) where events include phone calls, portal calls, instant messages and status changes)
Server
100/250 Users
Processor/Memory/HD
500/750 Users
Processor/Memory/HD
OpenScape Server
P4/2 GB/
P4 Xeon/2 GB
MCU server
P4/1 GB/>10GB HD
P4/1 GB (1 - 2 servers*)
Media server
P4/2GB/>18 GB HD
two P4 Xeon/2 GB
3-5
5454pre.fm
Pre-Installation Checklist
Infrastructure Server Verification
Note: * The number of MP servers is dependent on the amount of conference resources used
(also multiprocessors units can be used).
Minimal configuration: The OpenScape, MCU, LCS and MS SQL can be installed on the
same server (P4 Xeon/2 GB). The Media Server needs to be on a separate 2nd server (P4/2
GB).
3.2.10.2
Assumption: (6 events per user per hour) where events include phone calls, portal calls, instant messages and status changes)
Server
100/250 Users
Processor/Memory/HD
500/750 Users
Processor/Memory/HD
OpenScape Server
P4/2 GB/
two P4 Xeon/2 GB
MCU server
P4/1 GB/>10GB HD
P4/1 GB (1 - 2 servers*)
Media server
P4/2GB/>18 GB HD
four P4 Xeon/2 GB
Note: * The number of MP servers is dependent on the amount of conference resources used
(also multiprocessors units can be used).
3.2.11
Database Size
To determine the size of the OpenScape database needed during OpenScape installation
(Section 9.5, Installing OpenScape, on page 9-9), ask the Network Administrator to provide
1.
the number of OpenScape users that are planned for the system - ___________
2.
3.3
The first step in preparation for installation of the system is to determine whether the infrastructure and configuration meets the OpenScape requirements.
3-6
5454pre.fm
Nur fr den internen Gebrauch
Pre-Installation Checklist
Infrastructure Server Verification
1.
Confirm configuration of the system (Section 2.3.6, Typical Configurations, on page 2-10)
- THIS SHOULD BE TOLD BY PROJECT MANAGER.
2.
3.
Confirm that users exist in AD and map, based on topology, to the planned OpenScape users.
>
Note1: There currently exists a restriction with the VegaStream gateway (pre R5.1
T017) that the fully qualified domain name of the LCS/OpenScape server may only
be a maximum of 31 characters. If this gateway is to be used with OpenScape, this
length restriction must be applied.
>
3.3.1
Domain Mode
3-7
5454pre.fm
Pre-Installation Checklist
Server Information
3.4
Server Information
Have the customers network administrator fill out the following tables.
System Name
(SystemID*)
Domain
Name
IP Address
Voice Portal
Extension
OpenScape
LC Server
N/A
Exchange
2000/2003
N/A
MS SQL
Server
N/A
MCU
N/A
N/A
MP
N/A
MP(optional)
N/A
MP(optional)
N/A
MP(optional)
N/A
OMC
N/A
Gateway
N/A
Root Domain
Table 3-12
N/A
N/A
N/A
N/A
Server Information
3-8
5454pre.fm
Pre-Installation Checklist
Account/Group/Permissions Configuration
Application
(Server Machine)
Description
LC server machine
B2BUA (OpenScape)
Port number configured on B2BUA for SIP messages from LCS (default is 21020)
Media Server
Port Number configured on Media Server to receive SIP messages from LCS (default is 5060)
MCU (MCU)
Table 3-13
3.5
Port Number
Account/Group/Permissions Configuration
OpenScape requires the creation of users and groups as well as permissions configuration prior to installation of the system.
The Environment Preparation Tool is used for this and will be performed in Chapter 8 after installing the LC Server; however, some accounts still need to be created manually.
OpenScape is supported only in native mode or higher domains because there are two groups
that require support of users in multiple domains. In native mode or higher, the Domain Local
Group has scope over multiple domains.
>
To comply with Windows 2000, the user and group names should be no longer than
20 characters.
Some tasks are done by the customers network administrator and some are done by the installer. Also, some tasks like Forest Prep, root domain prep/add are done by the enterprise administrator using the Environment Preparation Tool.
3.5.1
By Network/Domain Administrator
3.5.1.1
Accounts
Some accounts are identified as assigned during Chapter 8. Refer to Appendix D, Settings
Changed by the Environment Preparation Tool for a description of the accounts created as well
as groups such as OpenScape Service, OpenScape User and OpenScape Admin.
3-9
5454pre.fm
Pre-Installation Checklist
Account/Group/Permissions Configuration
The network administrator must also work with the site telecom administrator to obtain extension numbers for the specified accounts in the table.
Account Name
OSsvc*
(Core Account or Service
Account)
Password
Extn.
no.
_________ N/A
Group
Membership
See Appendix D
Description
OSWeb*
_________ N/A
See Appendix D
<systemID>OSRTP*
_________ N/A
See Appendix D
<systemID>UNS*
________
N/A
See Appendix D
LCSInstaller
________
N/A
- Domain admin
privileges
- Active Directory
schema modification privileges
N/A
See Appendix D
<systemID>SiemensIC*
Media Server
See Appendix B
________
<systemID>SiemensCR* ________
<systemID>CRDirect*
________
<systemID>CRForward* ________
Media Server
See Appendix B
Media Server
See Appendix C
Media Server
See Appendix C
* - These accounts are created by the Environment Preparation Tool - see Chapter 8
Table 3-14
3-10
5454pre.fm
Nur fr den internen Gebrauch
>
>
3.5.1.2
Pre-Installation Checklist
Account/Group/Permissions Configuration
NOTE: All accounts should be password-enabled. Non-expiring passwords are recommended; however, please follow company policy. If the passwords for the OpenScape services need to be changed, please refer to the Help for OpenScape Management Console for information on how to change these passwords.
The extension numbers should be unique numbers in the dialing plan (like any other
OpenScape user). For example, you can access CRDirect by name (from WM or
portal) or by number (from WM, portal, or phone).
Warning
If any password expires and if for any reason any service is stopped, it cannot be
restarted rendering the system non-functional. The password needs to be reset in
the Active Directory and the Service Control Manager. Then start the services again.
Each OpenScape installation requires two distinct accounts (<systemID>OSUNS
and <systemID>OSRTP). The same two accounts cannot be used by other OpenScape Installations. New accounts with different names must be created by the Environment Preparation Tool.
Imported AD Users
There may be cases where users for a system are being imported from another pre-Windows
2000 system (i.e. Windows NT). The migration of users into active directory (AD) is the responsibility of the customer and the process is not discussed here. For any imported user, you must
verify that the user account has a User Logon Name and not a User Logon Name [pre-Windows 2000]. See Figure 3-1.
3-11
5454pre.fm
Pre-Installation Checklist
Account/Group/Permissions Configuration
Figure 3-1
3.5.2
By Installer/Local Administrator
3.5.2.1
Normally, all the WMI providers are hosted by the companys RTCB Managed Provider Windows service. This service, as like the other OpenScape Windows services, runs under an account that is a member of the OpenScape Service group and needs access to the WMI
namespace, the privileges to administer both the OpenScape Admin and OpenScape User
groups and any other privileges used by OpenScape Windows services e.g., access to SQL
etc.
The account mydomain\OSAdmin needs to have access to the OpenScape servers, for example, \root\Siemens\RTCB WMI namespace to reach the WMI providers after that, the privileges of the account that the Siemens RTCB Managed Provider Windows service is running under
are used.
3-12
5454pre.fm
Nur fr den internen Gebrauch
3.5.2.2
Pre-Installation Checklist
Account/Group/Permissions Configuration
Namespace Permissions
OpenScape Admin group: If not already in the administrators group, should have all privileges including Remote Enabled.
On the OpenScape server, logon as <osinstaller>, go to Computer Management>Services and Applications->WMI Control.
2.
Right-click Properties.
3.
4.
5.
Click Security.
6.
7.
Under Permissions for Everyone, click Deny for the following permissions:
8.
Execute Methods
Provider Write
Enable Account
Click Apply, OK, and then OK to close the Computer Management window.
LOCAL/NETWORK: since winmgmt uses these accounts and communicates with our
OpenScape providers the default privileges are acceptable i.e., no change.
3-13
5454pre.fm
Pre-Installation Checklist
Account/Group/Permissions Configuration
OpenScape Admin group: should have all privileges including Remote Enabled.
OpenScape Admin group: should have all privileges including Remote Enabled.
The account of anyone that may need to access the WMI providers on the OpenScape server
will need at least default permissions (Execute Methods, Provider Write and Enable Account) as well as Remote Enable. This would be anyone accessing these providers via OMC
or scripting.
The WMI providers are hosted by the companys RTCB Managed Provider Windows service.
Once access is made to the OpenScape WMI namespace (\root\Siemens\RTCB) the privileges
of the account that the RTCB Managed Provider Windows service is running under are used.
As like the other OpenScape Windows services, the account used is a member of the OpenScape Service group and needs the privileges to administer both the OpenScape Admin and
OpenScape User groups and any other privileges used by OpenScape Windows services e.g.,
access to SQL etc. Also, this service account (or the OpenScape Service group it belongs to)
must have local administrative privileges on the OpenScape server.
Any user wishing to access the OpenScape WMI namespace for management purposes must
have local administrative privileges on the OpenScape server. This applies whether the user is
accessing the namespace remotely or locally.
3-14
5454pre.fm
Pre-Installation Checklist
SIP Phone Data
3.6
If the customer uses SIP phones, then obtain the following data for each SIP phone user that
will be needed in Section 16.5.1, Configuring Profiles for SIP Phones, on page 16-5.
Setting
Description
Value
Terminal Mask
Domain Names
KDC
KDC Server Address
SNTP
SNMP Trap address
Quality of Service (QoS)
Tabelle 3-15
3-15
5454pre.fm
Pre-Installation Checklist
SIP Phone Data
Setting
Description
Value
vLAN discovery
Manual VLAN identifier
Qos Mode
Layer 3 voice
Layer 3 signaling
Tabelle 3-15
3-16
5454ilcs.fm
Installing Live Communications Server
Installing the LC Server
>
>
Before installing the LC Server, make sure you do not have WM installed on that machine; otherwise, WM uses the default port 5060 (to communicate with the LC Server) depending on who starts up first - WM Client or LCS Service. Usually WM Client
controls the 5060 port and, thus, the LC Server is not able to receive any messages
from any WM Clients at all. One way to avoid this would be to add another port to
the LC Server and use that port number in the server location section on the WM
Client configuration screen
Select defaults while installing the LC Server. Only in the User Info screen where it asks for a
user id and password, then enter the user id with administrator privileges only along with its
password. The installation guide that comes with the LC Server leads you to set up an
LCSService type user and, by default, that is the one that is displayed in this screen as default.
Either you can use it or enter in your own id. This will be the account under which the LCS Services will run.
4.1
To install the LC Server (refer to the Microsoft LC Server deployment guide at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/office/livecomm2003/default.asp):
1.
2.
Install the LC server according to the Microsoft documentation and follow the instructions.
3.
4.
In the User Info screen, type the user ID with administrator privileges and password then
click Enter. Should assistance be needed to set up an RTCService, refer to the LC Server
Installation Guide. The RTCService user ID is the default. You can either use it or type in
your own ID.
>
If the expiration date for the password is not explicitly set, then the password expires
in 42 days and the system ceases to function.
4-1
5454ilcs.fm
>
5.
4.2
Note: The usage of RTC is interchangeable with LCS. Microsoft changed the
name of RTC to LCS.
After LC Server is installed, then install TLS by first installing certificates. Then assign
those certificates with the TLS Mutual setup.
On the OpenScape/LC Server, after LCS installation, there are four new Machine Local Groups
created:
In Chapter 8, Preparing the OpenScape Environment, the OpenScape Service account (see
Table 3-14 on page 3-10) is added during installation and becomes a member of these local
machine groups.
Refer to Chapter 8 and Appendix D for more details.
4.3
To install or un-install the WM client, you must be logged into the PC as a local administrator
only. If you already have a WM version installed, you must first un-install it before installing a
newer version.
To un-install WM:
1.
2.
3.
4.
To install WM version 5.0.381, you must first be logged on as a local Administrator. Whenever
you log-in to the PC as a domain user for the first time, usually WM client automatically starts
your sign-in process using the user id and password as you entered while logging into your PC.
If this does not automatically start, click Start > All Programs > Windows Messenger. This
starts the WM instance installation. This process takes just less than a minute, and then configure your WM client for usage as follows.
4-2
5454ilcs.fm
Nur fr den internen Gebrauch
2.
3.
In the Communications Service Account section, select the My contacts include users of
a communications service check box.
4.
Type the SIP URI in the Sign-in name: field; for example, userid@domain.name (this is
the LCS users SIP URI as configured in the Active Directory)
5.
6.
7.
8.
9.
Click OK.
4.3.1
Once your LC Server is configured and before installing OpenScape, make a test call between
two WM clients. Attempt a voice call between two clients using both TCP and TLS. This ensures
that you have connectivity and the appropriate certificates.
4.3.2
To install or un-install the WM client, you must be logged into the PC as a local administrator
only. If you already have a VM version installed (pre-version 5.0.292), you must un-install it first
before installing the new version.
To un-install Windows Messenger:
1.
Click Start->Run.
2.
3.
4.
Double-click the Windows Messenger directory and right click on the Messenger.msi file.
5.
Select uninstall.
4-3
5454ilcs.fm
4.3.3
4.3.4
Click Tools->Options....
2.
3.
In the Communications Service Account section, select the check box My contacts include users of a communications service.
4.
5.
6.
7.
8.
9.
Click OK.
4.4
The following must be done after the LCS domain prep and before anyone needs to use a
phone in a Windows 2000 domain.
On the RtcService Properties dialog box, select the Account tab. Check the Use DES encryption types for this account box, then click OK.
4-4
5454ilcs.fm
Nur fr den internen Gebrauch
4-5
5454ilcs.fm
4.5
General
Checklist
On
Windows
Messenger
(WM) Clients
Installation Tasks
DNS Configurations
Table 4-1
Done
()
You can view LCS settings like Ports, Static Routes, making them Trusted or unTrusted, and
displaying only the required settings on the LC Server.
4-6
5454ActiveD.fm
Active Directory Reference
Environment Recommendations
OpenScape V2 requires extending the Active Directory schema with OpenScape specific
classes and attributes similar to what Microsoft requires for LCS. Chapter 7, Setting Up a Forest in Production Mode describes the steps to extend of the schema.
As alternative to extending the enterprise Active Directory schema OpenScape can be deployed in Early Deployment Mode (EDM). EDM uses ADAM (Active Directory Application
Mode) which is extended with the Siemens schema enhancements instead. EDM installation
is described in Chapter 6, Setting up OpenScape in Early Deployment Mode (EDM). EDM/
ADAM does not provide the same versatility as running OpenScape in production mode. It is
recommended to install OpenScape in Production mode.
5.1
Environment Recommendations
The following list summarizes the recommendations for placement of Active Directory domain
controllers and global catalog servers to support HiPath OpenScape.
At least one global catalog server must be installed in each domain that contains HiPath OpenScape components such as OpenScape or Routing Dispatcher.
Ensure that the server assigned the infrastructure master role is not a global catalog
server (unless the domain only contains one DC).
Ensure that DNS is correctly configured at the hub site and all branches. Ensure that
name resolution and DNS functionality are both operating correctly.
5.2
Forest preparation will extend the Active Directory schema and will add additional attributes
and objects in the schema. The changes made include:
The User object being extended to add attributes for each user that are mostly static,
such as Secondary SIP addresses and OpenScape Home Server. The same extension is made on the contact object for cross-forest scenarios.
A new Siemens container being created under the system object, if it doesnt already
exist.
A new Siemens OpenScape container being created under the computer object.
Note: The schema extensions to a customer Active Directory Enterprise Schema cannot be removed once applied to it! This is a permanent change to AD.
5-1
5454ActiveD.fm
5.2.1
The following structure shows the hierarchy of the new classes and the new attributes:
System (container)
Siemens (container)
Siemens Openscape (siemensOSGlobalContainer)
siemensOSExtension:: attribute
<domain> (siemensOSDomain)
siemensOSDomainName:: attribute
siemensOSExtension:: attribute
<guid> (siemensOSTrustedService)
siemensOSIsMaster :: attribute
siemensOSTrustedServiceFQDN:: attribute
siemensOSExtension:: attribute
Note: The above class objects will be added to the root domain
Computers (container)
<Machine-Name>
Siemens Openscape (serviceConnectionPoint)
OS Core Services (siemensOSServices)
siemensOSServiceInfo:: attribute
siemensOSExtension:: attribute
SB Registration Service (siemensOSServiceConnectionPoint)
siemensOSExtension:: attribute
5-2
5454ActiveD.fm
Nur fr den internen Gebrauch
Users (container)
User (extensions)
siemensOSSecondaryAOR:: attribute
siemensOSEnabled:: attribute
siemensOSHomeServer:: attribute
siemensOSRequiredData:: attribute
siemensOSExtension:: attribute
siemensOSDevices:: attribute
siemensOSUserData1:: attribute
siemensOSUserData2:: attribute
siemensOSUserData3:: attribute
siemensOSUserData4:: attribute
Contacts (container)
Contact (extensions)
siemensOSSecondaryAOR:: attribute
siemensOSEnabled:: attribute
siemensOSHomeServer:: attribute
siemensOSRequiredData:: attribute
siemensOSExtension:: attribute
siemensOSDevices:: attribute
siemensOSUserData1:: attribute
siemensOSUserData2:: attribute
siemensOSUserData3:: attribute
siemensOSUserData4:: attribute
5-3
5454ActiveD.fm
5.3
Attribute Definitions
The following tables shows the new attributes defined in the schema file (ldf) that extends objects for Siemens OpenScape Server.
Attribute
Syntax
siemensOSServiceInfo
MultiValue
Directory True
String
Object
siemensOSServices
Description
siemensOSSecondaryAOR
user
Secondary AORs
user
OpenScape HomeServer
siemensOSEnabled
Boolean
user
siemensOSRequiredData
Directory True
String
user
siemensOSDevices
Directory True
String
user
Device(s) assigned to
OpenScape user
user
user
user
user
Table 5-1
5-4
Directory True
String
False
5454ActiveD.fm
Attribute
Syntax
siemensOSDomainName
Directory False
String
siemensOSTrustedServiceFQDN
5.4
Object
Description
siemensOSDomain
False
siemensOSTrustedService
Directory False
String
siemensOSTrustedService
siemensOSIsMas- Boolean
ter
Table 5-1
MultiValue
Class Definitions
siemensOSServices
siemensOSServiceConnectionPoint
siemensOSGlobalContainer
siemensOSDomain
siemensOSTrustedService
Table 5-2 through Table 5-6 describe the new attributes associated with each of these classes.
5.4.1
siemensOSServices
This class stores the Siemens OpenScape Service information and is inherited from the serviceConnectionPoint class. The following table shows the new Active Directory class and its
OpenScape attributes.
The only possible superior class os siemensOSServices is the serviceConnectionPoint class.
Attribute
Syntax
Multi-Value
Description
siemensOSServiceInfo
Directory String
True
siemensOSExtension
Directory String
True
OpenScape extensions
Table 5-2
5-5
5454ActiveD.fm
5.4.2
siemensOSServiceConnectionPoint
siemensOSExtension
Table 5-3
5.4.3
Syntax
Directory String
Multi-Value
True
Description
OpenScape extensions
siemensOSGlobalContainer
The siemensOSGlobalContainer class is a container class for Siemens OpenScape global information. This class inherits from the container class and can have other container class objects as it possible superior.
Attribute
siemensOSExtension
Table 5-4
5.4.4
Syntax
Directory String
Multi-Value
True
Description
OpenScape extensions
siemensOSDomain
The siemensOSDomain class is used to store all the domains configured for Siemens OpenScape and is a container class for Siemens OpenScape global information. This class inherits
from the container class and can have only siemensOSGlobalContainerclass objects as it possible superior.
Attribute
Syntax
Multi-Value
Description
False
siemensOSExtension
True
OpenScape extensions
Table 5-5
5.4.5
Directory String
siemensOSTrustedService
The siemensOSDomain class is used to store all the domains configured for Siemens OpenScape and is a container class for Siemens OpenScape global information. This class inherits
from the container class and can have only siemensOSGlobalContainerclass objects as it possible superior.
5-6
5454ActiveD.fm
Attribute
Syntax
Multi-Value
Description
siemensOSIsMaster
Boolean
False
siemensOSTrustedServiceFQDN
Directory String
False
siemensOSExtension
Directory String
True
OpenScape extensions
Table 5-6
5.5
If the customer wants to do an OpenScape evaluation without making any changes to the Active Directory, then proceed to Chapter 6, Setting up OpenScape in Early Deployment Mode
(EDM); otherwise, proceed to Chapter 7, Setting Up a Forest in Production Mode which will
makes changes to AD.
5-7
5454ActiveD.fm
5-8
5454EDM.fm
Setting up OpenScape in Early Deployment Mode (EDM)
This chapter details the steps necessary to prepare the ADAM infrastructure to host servers
running OpenScape Server in EDM mode and later migrate to a production mode environment.
Go to Chapter 7, Setting Up a Forest in Production Mode for a production mode environment.
>
Note: Running OpenScape in EDM mode does not require the enterprise Active Directory schema to be extended. Instead ADAM is used beside the existing Active Directory to store the new Siemens OpenScape classes and attributes.
Extending Schema
Not Required
Production
Mode
Required
Extending Schema
Install ADAM
Table 6-1
>
Required
Installation Comparison
Note: Running OpenScape in EDM mode: If a new user is created, the user cannot
be converted until Active Directory replicates that user to all domain controllers and
the ADAM synchronizer (EDMADC service) replicates that user into ADAM. This
may take several minutes depending on the customers replication topology. Usually,
this will be less than 5 minutes.
6-1
5454EDM.fm
6.1
The following files are used to set up a forest in early deployment mode. They can be found in
the OpenScape EDM and OpenScape EPT folder (except ADAM).
ADAM: ADAM is an integrated directory service available with Windows Server 2003 and
must be downloaded from Microsoft at http://www.microsoft.com/windowsserver2003/
adam/default.mspx
6.2
Before installing ADAM and EDM the Root and Child domains need to be prepared. These are
the same steps as for production mode. The only difference is the use of the EDM parameter
when using EnvironementSetup.exe.
In preparation for EDM installation the EDM System Preparation needs to be run. See Section
8.18 on page 8-38 on how to prepare the domains and the EDM system.
6.3
ADAM Installation
Once the environment is prepared with root domain prep, child domain prep and EDM system
prep, the ADAM and EDM installation can proceed.
ADAM is an integrated directory service available with Windows Server 2003 and must be
downloaded from Microsoft at: http://www.microsoft.com/windowsserver2003/adam/default.mspx.
ADAM must be installed on a Windows 2003 Server. For larger deployments it is recommended
to install ADAM/EDM on its own server (not on an OpenScape Home Server).
ADAM installation should be run with the <osinstaller> account or an account which has given
permission to write its own Service Connection Point, or as domain admin.
6-2
5454EDM.fm
Nur fr den internen Gebrauch
Command
Where to run
as who
What it does
Finish installation.
Table 6-2
ADAM/EDM server,
run as InstallerInstalls ADAM using
predefined instance
name
SiemensOpenScap
eEdmV2 and runs
service as OpenScape Service account.
6.4
EDM Installation
6-3
5454EDM.fm
Command
Table 6-3
6.4.1
What it does
1.
Logon to the server where the ADAM instance is installed with the <osinstaller> account.
2.
Click Start > All Programs > ADAM > ADAM ASDI Edit. This will open the ADAM ADSI
Edit program.
3.
On the left pane right-click ADAM ADSI Edit, then click Connect to. This opens the
Connection Settings window.
4.
5.
6.
In the right pane, search for CN=siemens-OSServiceInfo. If present, the schema was
successfully propagated. If no such entry exists, then the schema was not modified.
>
6.5
Note: ADAM ADSI Edit is a ADAM administrative tool that may be installed as part
of the ADAM installation. The usage of ADAM ADSI Edit is very similar to ADSI Edit
for Active Directory.
There is no expiry in running HiPath OpenScape in EDM mode. There are only a few limitations
by running in EDM which mainly is performance impact with a large deployment. Once the permission to extend the enterprise is granted, it is recommended to migrate to production mode
which replaces the use of ADAM with the extended Active Directory.
Migration involves the following tasks:
Extend the enterprise Active Directory schema with the Siemens OpenScape extensions.
Migrate the user data and SCPs from ADAM to Active Directory.
Disable ADAM and remove the ADAM instance entry published in the Active Directory.
6-4
5454EDM.fm
Nur fr den internen Gebrauch
Extending the enterprise schema is done by the forest preparation tool, ForestSetup.exe, described in 5b. The other two tasks will be done by Migrate.exe tool.
6.5.1
For Forest Preparation, copy the OpenScape EPT folder locally to the root domain controller chosen installation directory.
For Migration and EDM System Prep un-installation, copy the OpenScape EPT folder locally to the EDM/ADAM server.
6.5.2
Prepare the forest by following the instructions in Chapter 7, Setting Up a Forest in Production Mode.
2.
Run the root and child domain preparations for Production Mode as described in Chapter
8, Preparing the OpenScape Environment.
3.
Check for OpenScape users that are members of administrative groups in all OpenScape
Servers in the forest and either delete them as OpenScape users or add the privileges for
the OpenScape Service group. See Section 6.5.2.1.
4.
Logon to the EDM/ADAM server as Installer account which was used to install ADAM and
EDM. Perform the Migration by typing the following command in a command prompt: Migrate.exe /i /l prep.log.
5.
6.
7.
Logon as domain administrator to this server or any other server connected to the current
domain.
8.
Uninstall EDM System Prep using EnvironmentSetup.exe with x switch. See Section 8.18,
EDM System Preparation and Verification.
9.
Rerun the system preps again for installations remaining on this host. For example, if
OpenScape is installed on this host and will be kept, then the OpenScape system prep
must be rerun.
10. Restart all servers containing HiPath OpenScape installations (e.g. OpenScape, Routing
Dispatcher, MCU, Media Server) in the forest.
6-5
5454EDM.fm
6.5.2.1
In EDM mode members of administrative groups are allowed to be OpenScape users. These
accounts are protected for security reasons, and do not inherit the access rights.
For each OpenScape Server one of the following options option must be executed to successfully migrate these users from EDM to production mode.
Remove the users that are members of any administrative group from OpenScape. This
option requires OpenScape Admin privileges.
Provide additional permissions to the OpenScape Admin group to be able to set OpenScape specific attributes of these users. In particular: Read access rights to: Public Info,
RTCPropertySet, RTCUserSearchPropertySet, SiemensOSPropertySet and write access
rights to the SiemensOSPropertySet. This option requires Domain Admin privileges.
Log on to any server in the domain being prepared with the <osinstaller> account or as a
member of the OpenScape Admin group.
2.
3.
4.
5.
All the OpenScape Users with AdminCount as 1 will be deleted from OpenScape.
6.
To grant permissions to the OpenScape Admin group and retains these users in OpenScape,
follow the instructions below:
1.
2.
3.
4.
5.
Proceed to migration.
6-6
5454EDM.fm
Nur fr den internen Gebrauch
6.5.3
To verify the schema extensions, see Section 7.3, Verifying the Enterprise Schema Changes.
To verify the migration of OpenScape data from ADAM to Active Directory:
Using LDP or ADSI Edit navigate to an OpenScape user and verify that this user contains
a SiemensOSEnabled attribute set to TRUE.
6-7
5454EDM.fm
6-8
5454Pmode.fm
Setting Up a Forest in Production Mode
Requirements
This section details the steps necessary to prepare the forest in production mode. Forest preparation is required to run OpenScape in Production Mode and must be done before domain and
system preparation.
>
7.1
Requirements
The following files are used to set up a forest in production mode. They can be found in the
OpenScape EPT folder.
Forest functional level must be Windows 2000 native or Windows Server 2003. If the
domain is in mixed mode, you need to raise its functional level to Windows 2000 native
mode.
ForestSetup.exe: Forest Preparation executable calling the forestprep.wsf script. This creates a property set and Siemens enterprise global objects.
Forestprep.wsf: Script used to import the schema definitions of the ldf file. The same script
is also used for EDM mode.
7.2
1.
Log on to the root domain controller as a user with schema administrator credentials.
2.
Copy the si_chema.ldf, forestprep.wsf, ForestSetup.exe, and Siemens.EN.RTCB.Adcim.ADLib.dll files from the OpenScape EPT folder on the OpenScape CD.
3.
4.
Go to (cd) the directory location where the schema file (si_schema.ldf) is located.
5.
6.
You can verify whether the schema changes are applied to the all the child domains by following
the instructions specified in the next section.
A31003-S5020-S100-1-7620, July 2004
HiPath OpenScape V2.0, Installation Guide
7-1
5454Pmode.fm
7.3
To view the user attributes in Active Directory, the ADSI Edit snap-in needs to be installed on
your computer. It is part of the SUPTOOLS.MSI, which is located under \ENGLISH\WIN2003\ENT\SUPPORT\TOOLS on the Windows 2003 Server disk.
Add the ADSI Edit snap-in into MMC, or just run adsiedit.msc.
Expand the Schema container and in the right pane look for the entries beginning with siemens-OS. If these entries are not there, then the schema has not been extended.
7-2
5454ept.fm
Preparing the OpenScape Environment
Prerequisites
The network administrator must set up the Domain and System environments for OpenScape.
Domain Preparation is required only once for every domain where OpenScape will be installed. It can also be run to repair the domain.
System Preparation is required once before every fresh installation of OpenScape. It can also
be run again to repair the system, or to change some configuration options, such as changing
the Logon user, installing LC Server on a different system etc.
Preparation can either be done manually or by using the Environment Preparation Tool. You
must use only one method and cannot interchange once started.
8.1
Prerequisites
Environment Preparation Tool only
.NET Framework 1.1 should be installed on the PC where the Tool is run.
The domain (root & resource) should be in native mode. If it is in mixed mode, you need to
raise its functional level to native mode (using AD Domains and Trusts snap-in).
Prior to Root Domain preparation, the forest preparation has to be completed. This is only
true if the customer is installing in a production mode.
Prior to Domain preparation, LC Server should already have been installed at least once
in the domain.
Prior to System preparation, LC Server should have already been installed for the particular OpenScape system being prepared.
For System Preparation, the OpenScape Logon User (the current user logged on when
OpenScape is being installed), should be an existing Domain user.
8.2
Hints
8-1
5454ept.fm
The /PWD switch is mandatory for /D, /S and /MSS switches. The password provided for this switch is applied to all accounts created during the Preparation step. If
those accounts already exist, their password will be updated with the password provided.
If you cut and paste the command line input in the following pages to the CLI, there is
a chance that the quotation marks, , will not copy exactly which will cause the command line to fail.
During a V1 t oV2 upgrade, if there is more than one OpenScape System in the same domain, the old OpenScape Service group has to remain as it is for V1 OpenScape system
to co-exist with V2 OpenScape system. Therefore, the domain prep will automatically rename the old group to OpenScape Service V1 and copy all its members to the new group.
After upgrading all OpenScape Systems in this domain to V2 the following groups and accounts are no longer needed:
Account <SystemID>OSsrv
Delete this group and account using the AD Users and Computers Snap-in.
8.3
Overview
This section lists the environment preparation steps to be followed in these scenarios:
Complex Setup
8.3.1
This scenario corresponds to the Root Domain and Child Domain D1 of Figure 8-1.
Steps to follow:
8-2
Forest Prep (Production Mode Only - refer to Chapter 7, Setting Up a Forest in Production Mode)
Domain Prep OS system (refer to Section 8.8, OpenScape System Domain Preparation and Verification)
5454ept.fm
Nur fr den internen Gebrauch
System Prep MCU (If located on separate system) (refer to Section 8.16 on page
8-33)
System Prep TFA (If located on separate system) (refer to Section 8.17 on page
8-35)
8.3.2
This scenario corresponds to the Root Domain and Child Domain D1 of Figure 8-1.
Steps to follow:
System Prep MCU (If located on separate system) (refer to Section 8.16 on page
8-33)
System Prep TFA (If located on separate system) (refer to Section 8.17 on page
8-35)
8-3
5454ept.fm
8.3.3
Complex Setup
This OpenScape setup consists of 2 OpenScape systems in 2 domains. All users reside in a
3rd domain. See Figure 8-1.
Figure 8-1
Steps to follow:
8-4
Forest Prep (Production Mode Only - refer to Chapter 7, Setting Up a Forest in Production Mode)
5454ept.fm
Nur fr den internen Gebrauch
System Prep MCU (If located on separate system) (refer to Section 8.16 on page
8-33)
System Prep TFA (If located on separate system) (refer to Section 8.17 on page
8-35)
System Prep MCU (If located on separate system) (refer to Section 8.16 on page
8-33)
System Prep TFA (If located on separate system) (refer to Section 8.17 on page
8-35)
Domain Prep of D3 user only (refer to Section 8.9, User Only Domain Preparation
and Verification)
8-5
5454ept.fm
8.3.4
Where to run
command
Condition
Cmd
Mode*
Forest Prep (refer to Refer to the schema Once for every forest
Chapter 7, Setting deployment guide
Up a Forest in Production Mode)
Root Domain Prep
Root Domain
Privileges
Refer to the
schema deployment guide
RD
D
Root Domain
Administrator
Domain Administrator of the
child domain
RDM
Root Domain
Administrator
Cross Domain
Memberships
Child Domain
DM
Child Domain
Administrator
DU
Child Domain
Administrator
System Prep Child Domain con- Once before a fresh inOpenScape Server taining OpenScape stallation of each
systems
OpenScape system in
the domain
System Prep - RD
(LCS Server)
Child Domain con- Once before a fresh intaining RD systems stallation of each
OpenScape system in
the domain
RDS
Child Domain con- Once before a fresh intaining OpenScape stallation of each MS
systems
system in the domain
MSS
System Prep - MCU Child Domain con- Once before a fresh in- MCUS Domain Admin(if located on sepa- taining OpenScape stallation of each MCU
istrator of the
rate systems)
systems
system in the domain
child domain
Table 8-1
Step Description
8-6
5454ept.fm
Nur fr den internen Gebrauch
Step
Where to run
command
Condition
System Prep - TFA Child Domain con- Once before a fresh in(if located on sepa- taining OpenScape stallation of each TFA
rate systems)
systems
system in the domain
Cmd
Mode*
Privileges
TFAS
System Prep - EDM Child Domain con- Once before a fresh in- EDMS Domain Admin(if located on sepa- taining OpenScape stallation of each EDM
istrator of the
rate systems)
systems
system in the domain
child domain
Table 8-1
Step Description
8.4
Important
Proper sequencing should be followed for Root Domain, Domain and System Preparation.
The Root Domain Preparation step should be done before the Domain Preparation
step.
The Domain Preparation including all add member steps should be done before the
System Preparation step.
The System Remove step should be done before the Domain Remove step
DO NOT change the memberships/ rights of the accounts manually. In some cases,
such changes are not easy to be reversed and might cause some component to stop
functioning. Please use the EPT to change memberships/ permissions.
Wait at least 5 minutes between successive Prep commands to allow the changes to be
replicated.
The validation step should always be executed prior to the preparation step. If the validation
step indicates, that prep was already executed successfully, then the prep step should not
be executed again.
If multiple OS systems are deployed, removing of any root domain or domain prep will have
the result that all systems must be re-installed again. Systems installed prior to this change
will no longer function
If multiple OpenScape components are installed on the same system, and un-prep is run
for any of these components, preps for all other installed components should be re-run.
E.g. if OpenScape Core and Routing Dispatcher are installed on the same server and the
un-prep (using the /x option) for RD is run, then the System Prep step for OpenScape core
should be re-run.
8-7
5454ept.fm
8.5
Insert the OpenScape Installation Programs CD into the CD drive of where the OpenScape
main will be installed.
2.
Open the EPT folder, copy the following files to a folder: EnvironmentSetup.exe, Config.xml, and InteropActiveDS.dll.
3.
From the command line, change the location to the folder containing the above files, then
type EnvironmentSetup /?.
4.
8.6
The XML file has sections for each step of the Environment Preparation:
- <EnvironmentPrep>
+ <ADConfig>
+ <RootDomainPrep>
+ <RootDomainAdd>
8-8
5454ept.fm
Nur fr den internen Gebrauch
+ <DomainPrep>
+ <DomainAdd>
+ <UserDomainPrep>
+ <SystemPrep>
+ <Trustees>
+ <RDSystemPrep>
+ <MSSystemPrep>
+ <MCUSystemPrep>
+ <TFASystemPrep>
+ <EDMSystemPrep>
</EnvironmentPrep>
The file is required for all steps, but only the system preparation steps require an update of the
file in their specific section. To prepare or validate any Server in the OpenScape System, first
Config.xml file needs to be edited with appropriate system information.
8.7
8.7.1
Preparation
8.7.1.1
Permissions required:
>
The output on the command line will display the current status of the root domain.
The complete results are stored in the log file (prep.log as in this case).
A31003-S5020-S100-1-7620, July 2004
HiPath OpenScape V2.0, Installation Guide
8-9
5454ept.fm
Option 1:
If the root domain is correct and complete, the output will indicate Validation Result: Exists & Complete.
In this case, the root domain does not need to be prepared again, and you can proceed to
Domain Preparation.
Option 2:
If the root domain is incorrect/ incomplete, the output will indicate Validation Result: Exists but Incomplete.
In this case, the root domain needs to be prepared again.
Prepare the root domain.
Option 3:
If the root domain is not prepared yet, the output will indicate Validation Result: Does not
exist.
In this case, the root domain needs to be prepared. Type the following to prepare the root
domain:
EnvironmentSetup /i /m RD /r config.xml /l prep.log
>
8.7.1.2
Manually
1.
2.
3.
4.
In the navigation pane, expand the icon representing the root domain and click Users.
Create a Domain Local group with name OpenScape Service.
5.
In the navigation pane, right click the icon representing the root domain, click Properties,
click Security and click Advanced.
a) Click Add.
b) Type OpenScape Service as the object name and click OK.
c)
d) In the Properties dialog box, check Read Public Information, then click OK.
8-10
5454ept.fm
Nur fr den internen Gebrauch
Click OK twice.
6.
In the navigation pane, right click the icon representing the root domain, click Properties,
then click Security.
Click Add, then type OpenScape Service. In the permissions for OpenScape Service
frame, select Replicate Directory changes. Click OK.
7.
8.
In the navigation pane, expand System, Siemens. (Skip this step for EDM Mode)
Right-click OpenScape Global Settings, click Properties then Security and Advanced.
a) Click Add, type OpenScape Service, then click OK.
b) In the Apply onto tab, select This object and all child objects.
c)
d) Click OK.
8.7.2
Verification
1.
2.
3.
4.
In the navigation pane, expand the icon representing the root domain and click Users.
8-11
5454ept.fm
In the navigation pane, right click the icon representing the root domain, click Properties,
click Security and click Advanced.
Verify that the OpenScape Service group has the following permissions:
Read RTCPropertySet
Read RTCUserSearchPropertySet
Read, Write & Delete SiemensOSPropertySet (Skip this verification for EDM Mode)
Click OK twice.
6.
In the navigation pane, right click the icon representing the root domain, click Properties,
then click Security.
Click Add, then type OpenScape Service. In the permissions for OpenScape Service
frame, select Replicate Directory changes. Click OK.
7.
8.
In the navigation pane, expand System, Siemens. (Skip this step for EDM Mode)
Right-click OpenScape Global Settings, click Properties then Security and Advanced.
Verify that the OpenScape Service group has the following permissions:
8.8
8.8.1
Domain Preparation
8.8.1.1
5454ept.fm
Nur fr den internen Gebrauch
Permissions required:
The /i and /x option require Domain Admin Rights for this domain.
Before doing Domain Preparation, please check the current status of the domain. For this type
EnvironmentSetup /v /m D /r config.xml /l prep.log.
>
The output on the command line will display the current status of the domain.
The complete results are stored in the log file (prep.log as in this case).
Option 1:
If the domain is correct and complete, the output will indicate Validation Result: Exists
& Complete.
In this case, the domain does not need to be prepared again, and you can proceed to Root
Domain Membership Preparation.
Option 2:
If the domain is incorrect/ incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the domain needs t o be prepared again. In this case the existing group will
be renamed. If there is more than one OpenScape System in the same domain, the old
OpenScape Service group has to remain as it is. Therefore, the domain prep will automatically rename the old group to OpenScape Service V1 and copy all its members to the
new group. The group should be deleted after all OpenScape systems in the domain are
upgraded to V2.
Prepare the domain.
Option 3:
If the domain is not prepared yet, the output will indicate Validation Result: Does not Exist.
In this case, the domain needs to be prepared. Type the following to prepare the domain
EnvironmentSetup /i /m D /r config.xml /l prep.log /pwd <password>.
>
8-13
5454ept.fm
8.8.1.2
Manually
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain and click Users.
a) Create a Domain Local group with the name OpenScape User.
b) Create a Domain Local group with the name OpenScape Admin. Make this group a
member of OpenScape User.
c)
Create a Domain Local group with the name OpenScape Service. Make this group a
member of OpenScape User and OpenScape Admin.
d) Create a user with the name OSsvc. Check the option password never expires.
Make this user a member of OpenScape Service, OpenScape User, and RTCDomainUserAdmins.
e) Create a user with the name OSWeb. Check the option password never expires.
Make this user a member of OpenScape Service and OpenScape User.
f)
Right-click OpenScape User, click Properties, then click Security. Click Add and
type OpenScape Admin. Check Full Control, then click OK.
g) Right-click OpenScape User, click Properties, then click Security. Click Add and
type OpenScape Service. Check Full Control, then click OK.
h) Right-click OpenScape Admin, click Properties, then click Security. Click Add and
type OpenScape Service. Check Full Control, click OK.
i)
5.
Right-click OSsvc, click Properties, then click Security. Click Advanced. Click Add,
type OSsvc, then click OK. Check Read All Properties & Write All Properties.Set
Apply Onto this object only. Click OK three times.
In the navigation pane, right click the icon representing the resource domain, click Security, then click Advanced.
a) Click Add.
b) Type OpenScape Service as the object name and click OK.
c)
d) In the Properties dialog box, check Read Public Information, then click OK.
e) Repeat steps a to d for the following additional Properties:
8-14
Read RTCPropertySet
5454ept.fm
Nur fr den internen Gebrauch
f)
Read RTCUserSearchPropertySet
Click Add.
In the Properties dialog box, check Read Public Information, then click OK.
j)
Read RTCPropertySet
Read RTCUserSearchPropertySet
k)
Click OK twice.
l)
In the navigation pane, right click the icon representing the resource domain, click
Properties, then click security.
m) Click Add, then type OpenScape Service. In the permissions for OpenScape Service
frame, select Replicate Directory changes. Click OK.
8.8.2
Verification
1.
2.
3.
In the navigation pane, expand the icon representing the resource domain and click Users.
Verify that the following groups are created:
OpenScape User
Right-click OpenScape User, click Properties, then click Security. Verify that OpenScape
Admin and OpenScape Service have full control.
8-15
5454ept.fm
Right-click OpenScape Admin, click Properties, then click Security. Verify that OpenScape Service has full control.
Right-click OSsvc, click Properties, then click Security. Click Advanced. Verify that OSsvc has Read/ Write access to all its properties.
4.
In the navigation pane, right click the icon representing the resource domain, click Security, then click Advanced.
Verify that the OpenScape Service group has the following permissions:
Read RTCPropertySet
Read RTCUserSearchPropertySet
Verify that the OpenScape Admin group has the following permissions:
Read RTCPropertySet
Read RTCUserSearchPropertySet
8.9
8.9.1
Domain Preparation
8.9.1.1
A USER ONLY domain is a domain without any OpenScape system which contains only LC
users.
Log on to the child domain being prepared.
Permissions required:
The /i and /x option require Domain Admin Rights for this domain.
Before doing Domain Preparation, please check the current status of the domain. For this type
EnvironmentSetup /v /m DU /r config.xml /l prep.log.
8-16
5454ept.fm
Nur fr den internen Gebrauch
>
The output on the command line will display the current status of the domain.
The complete results are stored in the log file (prep.log as in this case).
Option 1:
If the domain is correct and complete, the output will indicate Validation Result: Exists
& Complete.
In this case, the domain does not need to be prepared again, and you can proceed to Root
Domain Membership Preparation.
Option 2:
If the domain is incorrect/ incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the domain needs t o be prepared again.
Type EnvironmentSetup /x /m DU /r config.xml /l prep.log.
>
If the domain is not prepared yet, the output will indicate Validation Result: Does not Exist.
In this case, the domain needs to be prepared. Type the following to prepare the domain
EnvironmentSetup /i /m DU /r config.xml /l prep.log.
>
8.9.1.2
Manually
1.
2.
3.
8-17
5454ept.fm
4.
In the navigation pane, expand the icon representing the resource domain and click Users.
Create a Domain Local group with the name OpenScape Service.
5.
In the navigation pane, right click the icon representing the user domain, click Security,
then click Advanced.
a) Click Add.
b) Type OpenScape Service as the object name and click OK.
c)
d) In the Properties dialog box, check Read Public Information, then click OK.
e) Repeat steps a to d for the following additional Properties:
f)
Read RTCPropertySet
Read RTCUserSearchPropertySet
Click OK twice.
g) In the navigation pane, right click the icon representing the resource domain, click
Properties, click then security.
h) Click Add, type OpenScape Service. In the permissions for OpenScape Service
frame, select Replicate Directory changes. Then click OK.
8.9.2
Verification
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain and click Users.
Verify that the following groups are created:
5.
OpenScape Service
In the navigation pane, right click the icon representing the user domain, click Security,
then click Advanced.
Verify that the OpenScape Service group has the following permissions:
Read RTCPropertySet
8-18
5454ept.fm
Nur fr den internen Gebrauch
Read RTCUserSearchPropertySet
Read, Write & Delete SiemensOSPropertySet (Skip this verification for EDM Mode)
8.10
8.10.1
Membership
8.10.1.1
Permissions required:
Before doing Domain Preparation, please check the current status of the domain. For this type
EnvironmentSetup /v /m RDM /r config.xml /l prep.log /DOMAIN <domain-name>.
The format of the domain-name should be in NetBios format (e.g. PLUS).
The output on the command line will display the current status of the domain.
The complete results are stored in the log file (prep.log as in this case).
Option 1:
If the domain is correct and complete, the output will indicate Validation Result: Exists
& Complete.
In this case, the domain does not need to be added again, and you can proceed to Domain
Membership Preparation (if necessary) or System Preparation.
Option 2:
If the domain is incorrect/ incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the domain needs to be prepared again.
Option 3:
If the domain is not added yet, the output will indicate Validation Result: Does not Exist.
In this case, the domain needs to be added. Type the following to add the domain
EnvironmentSetup /i /m RDM /r config.xml /l prep.log /DOMAIN <domain-name>.
8-19
5454ept.fm
8.10.1.2
Manually
1.
2.
3.
4.
In the navigation pane, expand the icon representing the root domain and click Users.
Add the OSsvc account from the child domain to the OpenScape Service group of the root
domain.
8.10.2
Verification
1.
2.
3.
4.
In the navigation pane, expand the icon representing the root domain and click Users.
Verify that the OpenScape Service group has the following member:
8.11
<Child Domain-name>\OSsvc
8.11.1
Domain Membership
8.11.1.1
Permissions required:
The /i and /x option require Domain Admin Rights for the domain the member is added to.
Before doing Domain Preparation, please check the current status of the domain. For this type
EnvironmentSetup /v /m DM /r config.xml /l prep.log /DOMAIN <domain-name>.
The output on the command line will display the current status of the domain.
The complete results are stored in the log file (prep.log as in this case).
Option 1:
8-20
5454ept.fm
Nur fr den internen Gebrauch
If the domain is correct and complete, the output will indicate Validation Result: Exists
& Complete.
In this case, the domain does not need to be added again, and you can proceed to System
Preparation.
Option 2:
If the domain is incorrect/ incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the domain needs to be prepared again. Type the following to remove the incorrect configuration:
EnvironmentSetup /x /m DM /r config.xml /l prep.log /DOMAIN <domain-name>
Option 3:
If the domain is not added yet, the output will indicate Validation Result: Does not Exist.
In this case, the domain needs to be added. Type the following to add the domain
EnvironmentSetup /i /m DM /r config.xml /l prep.log /DOMAIN <domain-name>.
8.11.1.2
Manually
1.
2.
3.
4.
In the navigation pane, expand the icon representing the root domain and click Users.
Add the OSsvc account from the other domain to the OpenScape Service group of this domain.
8.11.2
Verification
1.
2.
3.
4.
In the navigation pane, expand the icon representing the root domain and click Users.
Verify that the OpenScape Service group has the following member:
<Other Domain-name>\OSsvc
8-21
5454ept.fm
8.12
The XML file section Trustees requires entries for each type of system prep.
The account name used to install any part of the OpenScape System needs to be entered into
the Trustee section with the <Type>Installer. In this case the OpenScape Installer account is
OSInstaller. Do not change entries for other types of Trustees.
<Trustee>
<!-- provide the name of the account which will be used to install OpenScape -->
<Name>OSInstaller</Name>
<Type>Installer</Type>
</Trustee>
XML Notepad or any Xml editor can be used to edit the file. Save the file.
8.13
Log on to any PC in the Child domain where the OpenScape system will be installed.
8.13.1
System Preparation
8.13.1.1
Permissions required:
The /i and /x option require Domain Admin Rights for this domain and local admin rights on
the OpenScape servers.
8-22
5454ept.fm
Nur fr den internen Gebrauch
The output on the command line will display the current status of the domain.
The complete results are stored in the log file (prep.log as in this case).
Option 1:
If the system is correct and complete, the output will indicate Validation Result: Exists &
Complete.
In this case, the system does not need to be prepared again, and the environment is set to
install OpenScape.
Option 2:
If the system is incorrect/incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the system needs to be prepared again.
Option 3:
If the system has not been prepared yet, the output will indicate Validation Result: Does
not Exist.
Type the following to prepare the OpenScape system:
EnvironmentSetup /i /m s /r config.xml /l prep.log /pwd <password>.
NOTE: The /pwd switch is mandatory for OpenScape System preparation; please enter
this password in Table 3-14 on page 3-10.
8-23
5454ept.fm
8.13.1.2
Manually
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain and click Users.
a) Create a user with the name <systemID>OSUNS.
Check the option Password never expires. Make this user a member of OpenScape
Service and OpenScape User.
In the Properties window of this user, click the Live Communications tab. Check Enable Live Communications for this user and provide a Home Server and SIP URI.
b) Create a user with the name <systemID>OSRTP.
Check the option Password never expires. Make this user a member of OpenScape
User.
In the Properties window of this user, click the Live Communications tab. Check Enable Live Communications for this user and provide a Home Server and SIP URI.
c)
5.
d) Click Add, type OpenScape Service, click OK, check Full Control and click Apply.
e) Click Add, type the <installer> account name, click OK, check Full Control and click
OK.
6.
In the AD Users & Computers mmc, right click OpenScape Server, click Manage, then
Local Users and Groups, and groups.
a) Right click Administrators. Click Add to group.
b) Add the following members:
8-24
OpenScape Admin
5454ept.fm
Nur fr den internen Gebrauch
c)
OSsvc
Installer account
<SystemID>OSUNS
7.
OSsvc
OSWeb
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
d) In Query Result Window click Add, scroll down and double-click the Name entry
in the list view.
e) In Property Editor select Not NULL and enter value Siemens, click Save Property.
f)
j)
In Query Result Window click Add, scroll down and double-click the Name entry
in the list view.
k)
In Property Editor select Not NULL and enter value RTCB, click Save Property.
l)
8-25
5454ept.fm
c)
Click Security.
d) In Security dialog window Click Add... and enter OpenScape Service, then click
OK.
e) Select OpenScape Service and check all possible Allow checkboxes, then click
Apply.
f)
In Security dialog window Click Add... and enter OpenScape Admin, then click
OK.
g) Select OpenScape Admin and check all possible Allow checkboxes, click Apply.
h) Select Everyone and check the Deny checkboxes which have the grayed out Allow checkbox checked (these should be Execute Methods, Provider Write and
Remote Enable).
i)
Click OK.
Click Security.
d) In Security dialog window, click Add... and enter OpenScape Service, then click
OK.
e) Select OpenScape Service and check all possible Allow checkboxes, click Apply
f)
In Security dialog window, click Add... and enter 'OpenScape Admin, then click
OK.
In the navigation pane, click Computers. Right click the SQL Server, then click Manage.
In the Computer Management window click Local Users and Groups, click groups.
a) Right click Administrators. Click Add to group.
b) Add the following members:
8-26
Installer account
5454ept.fm
Nur fr den internen Gebrauch
8.13.2
Verification
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain and click Users.
Verify that the following SIP-enabled accounts have been created:
Verify that the <installer> account is a member of the OpenScape Admin, OpenScape Service and RTCDomainUserAdmins groups.
5.
In the navigation pane, click Computers, then click the OpenScape Server.
Verify that the Siemens OpenScape container has been created. Right click Siemens
OpenScape, click Properties, then Security and Advanced.
Verify that Authenticated Users have Read permissions on this object and all child objects.
Verify that the OpenScape Service and the Installer account have full control.
6.
In the AD Users & Computers mmc, right click OpenScape Server, click Manage, then
Local Users and Groups, and groups.
Verify that the following are members of the local Administrators group:
OpenScape Admin
OSsvc
Installer account
<SystemID>OSUNS
Verify that the following are members of the local IIS_WPG group:
7.
OSsvc
OSWeb
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
Verify that the OpenScape Service group and OpenScape Admin group have full control
over the Root\cimv2 namespace and Root\Siemens\RTCB namespace.
Verify that Everyone is denied Inherited rights over the Root\Siemens\RTCB namespace.
8-27
5454ept.fm
8.
In the navigation pane, click Computers. Right click the SQL Server, then click Manage.
In the Computer Management window click Local Users and Groups, click groups.
Verify that the installer account is a member of the local Administrators group on the SQL
server.
8.14
Log on to any PC in the Child domain where the Routing Dispatcher will be installed.
8.14.1
System Preparation
8.14.1.1
Permissions required:
The /i and /x option require Domain Admin Rights for this domain and local admin rights on
the OpenScape servers.
The output on the command line will display the current status of the domain.
The complete results are stored in the log file (prep.log as in this case).
Option 1:
8-28
5454ept.fm
Nur fr den internen Gebrauch
If the system is correct and complete, the output will indicate Validation Result: Exists &
Complete.
In this case, the system does not need to be prepared again, and the environment is set to
install OpenScape.
Option 2:
If the system is incorrect/incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the system needs to be prepared again.
Option 3:
If the system has not been prepared yet, the output will indicate Validation Result: Does
not Exist.
Type the following to prepare the OpenScape system:
EnvironmentSetup /i /m RDS /r config.xml /l prep.log.
8.14.1.2
Manually
1.
2.
3.
4.
In the navigation pane, click Computers, then click the RD/LC Server (only if the RD is
not on the OpenScape server).
Repeat step 5 on page 8-24 for the RD server.
5.
Right click RD/LC Server, click Manage, then Local Users and Groups, then groups.
a) Right click Administrators. Click Add to group.
b) Add the following members:
c)
OpenScape Admin
OSsvc
Installer account
OSsvc
8-29
5454ept.fm
6.
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security. (only if the RD is not on the OpenScape server)
Repeat step 7 on page 8-25.
8.14.2
Verification
1.
2.
3.
4.
In the navigation pane, click Computers, then click the RD/LC Server.
Verify that the Siemens OpenScape container has been created.
Right click Siemens OpenScape, click Properties, then Security and Advanced.
Verify that Authenticated Users have Read permissions on this object and all child objects.
Verify that the OpenScape Service and the Installer account have full control.
5.
Right click RD/LC Server, click Manage, then Local Users and Groups, then groups.
Verify that the following are members of the local Administrators group:
OpenScape Admin
OSsvc
Installer account
Verify that the following are members of the RTC Server Applications group:
6.
OSsvc
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
Verify that the OpenScape Service group and OpenScape Admin group have full control
over the Root\cimv2 namespace and Root\Siemens\RTCB namespace.
Verify that Everyone is denied Inherited rights over the Root\Siemens\RTCB namespace.
8.15
8-30
5454ept.fm
Nur fr den internen Gebrauch
8.15.1
System Preparation
8.15.1.1
Permissions required:
The /i and /x option require Domain Admin Rights for this domain and local admin rights on
the OpenScape servers.
The output on the command line will display the current status of the domain.
The complete results are stored in the log file (prep.log as in this case).
Option 1:
If the system is correct and complete, the output will indicate Validation Result: Exists &
Complete.
In this case, the MS system does not need to be prepared again, and the environment is
set to install OpenScape.
Option 2:
If the system is incorrect/incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the system needs to be prepared again.
Option 3:
8-31
5454ept.fm
If the system has not been prepared yet, the output will indicate Validation Result: Does
not Exist.
Type the following to prepare the OpenScape system:
EnvironmentSetup /i /m MSS /r config.xml /l prep.log /pwd <password>
8.15.1.2
Manually
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain and click Users.
a) Create Xa user with the name <systemID>SiemensCR.
b) Check the option Password never expires. Make this user a member of OpenScape
User.
c)
In the Properties window of this user, click the Live Communications tab. Check Enable Live Communications for this user and provide a Home Server and SIP URI.
5.
<systemID>SiemensIC
<systemID>CRDirect
<systemID>CRForward
In the navigation pane, click Computers, then right click the MS Server. Click Manage. On
the Computer Management window, click Local Users and Groups, then groups.
a) Right click Administrators. Click Add to group.
b) Add the following members:
6.
OSsvc
Installer account
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
Repeat step 7 on page 8-25.
8-32
5454ept.fm
Nur fr den internen Gebrauch
8.15.2
Verification
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain and click Users.
Verify that the following SIP-enabled accounts have been created:
5.
In the navigation pane, click Computers, then right click the MS Server. Click Manage. On
the Computer Management window, click Local Users and Groups, then groups.
Verify that the following are members of the local Administrators group:
6.
OSsvc
Installer account
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
Verify that the OpenScape Service group and OpenScape Admin group have full control
over the Root\cimv2 namespace and Root\Siemens\RTCB namespace.
Verify that Everyone is denied Inherited rights over the Root\Siemens\RTCB namespace.
8.16
8.16.1
System Preparation
8.16.1.1
Permissions required:
The /i and /x option require Domain Admin Rights for this domain and local admin rights on
the OpenScape servers.
8-33
5454ept.fm
The output on the command line will display the current status of the domain.
The complete results are stored in the log file (prep.log as in this case).
Option 1:
If the system is correct and complete, the output will indicate Validation Result: Exists &
Complete.
In this case, the MCU system does not need to be prepared again, and the environment is
set to install MCU.
Option 2:
If the system is incorrect/incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the system needs to be prepared again.
Option 3:
If the system has not been prepared yet, the output will indicate Validation Result: Does
not Exist.
Type the following to prepare the OpenScape system:
EnvironmentSetup /i /m MCUS /r config.xml /l prep.log
8-34
5454ept.fm
Nur fr den internen Gebrauch
8.16.1.2
Manually
1.
2.
3.
4.
In the navigation pane, click Computers, then right click the MCU Server. Click Manage.
On the Computer Management window, click Local Users and Groups, then groups.
a) Right click Administrators. Click Add to group.
b) Add the following members:
5.
OSsvc
Installer account
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
Repeat step 7 on page 8-25.
8.16.2
Verification
1.
2.
3.
4.
In the navigation pane, click Computers, then right click the MCU Server. Click Manage.
On the Computer Management window, click Local Users and Groups, then groups.
Verify that the following are members of the local Administrators group:
5.
OSsvc
Installer account
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
Verify that the OpenScape Service group and OpenScape Admin group have full control
over the Root\cimv2 namespace and Root\Siemens\RTCB namespace.
Verify that Everyone is denied Inherited rights over the Root\Siemens\RTCB namespace.
8.17
8-35
5454ept.fm
8.17.1
System Preparation
8.17.1.1
Permissions required:
The /i and /x option require Domain Admin Rights for this domain and local admin rights on
the OpenScape servers.
The output on the command line will display the current status of the domain.
The complete results are stored in the log file (prep.log as in this case).
Option 1:
If the system is correct and complete, the output will indicate Validation Result: Exists &
Complete.
In this case, the TFA system does not need to be prepared again, and the environment is
set to install OpenScape TFA.
Option 2:
If the system is incorrect/incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the system needs to be prepared again.
Option 3:
8-36
5454ept.fm
Nur fr den internen Gebrauch
If the system has not been prepared yet, the output will indicate Validation Result: Does
not Exist.
Type the following to prepare the OpenScape system:
EnvironmentSetup /i /m TFAS /r config.xml /l prep.log
8.17.1.2
Manually
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain. Click Computers, then click the TFA Server. (only if TFA is not on the OpenScape Server)
Repeat step 5 on page 8-24 for the TFA server.
5.
In the navigation pane, click Computers. Right click the TFA Server, then click Manage.
On the Computer Management window, click Local Users and Groups, then groups.
a) Right click Administrators. Click Add to group.
b) Add the following members:
6.
OSsvc
Installer account
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
Repeat step 7 on page 8-25.
8.17.2
Verification
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain. Click Computers, then click the TFA Server.
Verify that the Siemens OpenScape container has been created.
Right click Siemens OpenScape, click Properties, then Security and Advanced.
8-37
5454ept.fm
Verify that Authenticated Users have Read permissions on this object and all child objects.
Verify that the OpenScape Service and the Installer account have full control.
5.
In the navigation pane, click Computers. Right click the TFA Server, then click Manage.
On the Computer Management window, click Local Users and Groups, then groups.
Verify that the following are members of the local Administrators group:
6.
OpenScape Admin
Installer account
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
Verify that the OpenScape Service group and OpenScape Admin group have full control
over the Root\cimv2 namespace and Root\Siemens\RTCB namespace.
Verify that Everyone is denied Inherited rights over the Root\Siemens\RTCB namespace.
8.18
8.18.1
System Preparation
8.18.1.1
Permissions required:
The /i and /x option require Domain Admin Rights for this domain and local admin rights on
the OpenScape servers.
5454ept.fm
Nur fr den internen Gebrauch
<EDMServerName>>BYRD<EDMServerName>
</EDMServer>
XML Notepad or any Xml editor can be used to edit the file. Save the file.
Before doing System Preparation, please check the current status of the system. For this type
EnvironmentSetup /v /m EDMS /r config.xml /l prep.log.
The output on the command line will display the current status of the domain.
The complete results are stored in the log file (prep.log as in this case).
Option 1:
If the system is correct and complete, the output will indicate Validation Result: Exists &
Complete.
In this case, the EDM system does not need to be prepared again, and the environment is
set to install OpenScape EDM.
Option 2:
If the system is incorrect/incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the EDM system needs to be prepared again.
Option 3:
If the system has not been prepared yet, the output will indicate Validation Result: Does
not Exist.
Type the following to prepare the OpenScape system:
EnvironmentSetup /i /m EDMS /r config.xml /l prep.log
8.18.1.2
Manually
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain. Click Computers, then click the EDM Server.
a) Open the ADSIEdit mmc and connect to the resource domain.
b) In the navigation pane, expand the icon representing the domain and click Computers.
8-39
5454ept.fm
c)
Right click the EDM Server, click New, then click Object. Select class serviceConnectionPoint, type Siemens OpenScape as the name and click Finish.
Click Add, type OpenScape Service, click OK, check Full Control and click Apply.
Click Add, type the <installer> account name, click OK, check Full Control and click OK.
5.
In the navigation pane, click Computers. Right click the EDM Server, then click Manage.
On the Computer Management window, click Local Users and Groups, then groups.
a) Right click Administrators. Click Add to group.
b) Add the following members:
6.
OSsvc
OpenScape Admin
Installer account
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
Repeat step 7 on page 8-25.
8.18.2
Verification
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain. Click Computers, then click the EDM Server.
Verify that the Siemens OpenScape container has been created.
Right click Siemens OpenScape, click Properties, then Security and Advanced.
Verify that Authenticated Users have Read permissions on this object and all child objects.
Right click the EDM Server. Click Properties, then Security, then Advanced.
Verify that the OpenScape Service and the Installer account have full control.
5.
In the navigation pane, click Computers. Right click the EDM Server, then click Manage.
On the Computer Management window, click Local Users and Groups, then groups.
8-40
5454ept.fm
Nur fr den internen Gebrauch
Verify that the following are members of the local Administrators group:
6.
OSsvc
OpenScape Admin
Installer account
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
Verify that the OpenScape Service group and OpenScape Admin group have full control
over the Root\cimv2 namespace and Root\Siemens\RTCB namespace.
Verify that Everyone is denied Inherited rights over the Root\Siemens\RTCB namespace.
8-41
5454ept.fm
8-42
5454ioas.fm
Installing OpenScape
Pre-Installation Check
Installing OpenScape
> OpenScape installation, does not require shutting down (restarting) the customers
infrastructure (such as Domain Controller, Active Directory and Exchange) or LC
Server components.
9.1
Pre-Installation Check
9.1.1
Warning
1.
Select the target domain in Active Directory Domains and Trusts console.
2.
>
9.1.2
If it is not possible to raise the functionality of a production domain, create a new resource domain for OpenScape. This resource domain is a new child domain in the
forest, which has been elevated to native-mode and contains the OpenScape Servers (Application. Conferencing, Media, and LCS). This resource domain need not
have any OpenScape users in it.
The system time of all servers that OpenScape is a part of must be synchronized for security
mechanisms to work and have the ability to correlate maintenance information such as error
logs, call records, and trace information.
A31003-S5020-S100-1-7620, July 2004
HiPath OpenScape V2.0, Installation Guide
9-1
5454ioas.fm
Installing OpenScape
Pre-Installation Check
>
For a server running Windows 2003, time synchronization is automatic and thus no
need to do steps below.
Ensure that the LC Server also has synchronized time since it is based on the same authentication protocol,
To synchronize the time:
1.
2.
Ensure that the maximum time difference should be sub-second and must be below five
seconds.
9.1.3
The Windows Server 2003 Terminal Services is a standard feature of Windows Server 2003. It
is installed by default. It has two modes: Remote Administration Mode and Application Server
Mode. Both modes are supported by the Terminal Services service in the Services console.
Regardless whether you are running the Terminal Services in the Remote Administration mode
or the Application Server mode, the Terminal Service service is always running. This service
does not impact OpenScape installation.
Customers and VARs/SIs/companies responsible for installing OpenScape must evaluate the
need to install and running OpenScape on a Terminal Server. If the requirements are to install
and maintain OpenScape remotely, the tasks can be accomplished through the Terminal Services in Remote Administration mode. If you are running the Terminal Services in the Application Server mode simply because you would like to install and maintain OpenScape remotely,
you would need to convert the system back to a standard server by removing the Terminal
Server component in the Add/Remove Programs wizard, setup Terminal Services in Remote
Administration Mode, and install OpenScape.
Reference Material: Mastering Windows Server 2003, Mark Minasi
http://www.microsoft.com/windowsserver2003/techinfo/overview/termserv.mspx
9.1.3.1
The Remote Administration Mode is first introduced in Windows XP Professional. It allows the
system to be login remotely using the Remote Desktop Connection (RDC) program. To accept
an incoming connection, you must enable the Remote Desktop feature by going to Control Panel, System, Remote tab, and enable the Allow users to connect remotely to this computer
checkbox.
The Remote Administration is what we use to connect to our office PC remotely from home and
other office locations.
9-2
5454ioas.fm
Nur fr den internen Gebrauch
Installing OpenScape
Pre-Installation Check
The other function of the Terminal Services is to convert a standard server into a Terminal Server (Application Server.) To do that, the Windows component, Terminal Server, must be added
in the Add/Remove Program Wizard. After the Terminal Server is added and the system is
rebooted, all logins (locally and remotely) are running in Terminal Server sections. Remote users are able to share use programs installed on the Terminal Server.
The Terminal Server is configured and used in places where data processing is preferred on
the server. Normally, programs installed on the Terminal Server are used by users every day.
Some examples are AutoCAD, PhotoShop, etc.
7
9.1.3.3
Warning
Regardless whether you are running the Terminal Services in the Remote Administration mode
or the Application Server mode, the Terminal Service service is always running. This service
does not impact OpenScape installation.
9.1.4
9-3
5454ioas.fm
Installing OpenScape
Pre-Installation Check
9.1.5
Firewall Requirements
The firewall must be configured to publish the web site to direct web requests to the OpenScape
server. Also, for access from the outside, the proper ports for http and https must be opened
(80 and 443, respectively).
9.1.5.1
Portal Access
In a customer environment, there may be a need for a user to access their portal through the
internet. This requires going through a firewall.
To enable this capability, the firewall needs to be able to configure server certificates. A certificate is required for a proxy, that is, if the HTTPS is bridged ending up with one HTTPS connection from the browser to the proxy and one HTTPS connection from the proxy to the portals Web
application.
If there is no proxy, HTTPS is tunneled directly from the browser to the portals Web application.
This is not secure and is not recommended.
9.1.5.2
HiPath OpenScape is managed through WMI which uses RPC (Remote Procedure Calls) to
access the OpenScape Server. Therefore, OpenScape could be managed through a firewall by
configuring RPC Dynamic Port Allocation. Refer to Microsoft Knowledge Base Article 154596
for more information. It is recommended to use an application like Remote Desktop to connect
to a server within the firewall instead of allowing RPC calls through the firewall for security reasons.
9.1.6
>
Virus Detection
In a customer environment, it is important that virus detection software is installed
on the servers. It is the customers responsibility to select, install, and configure virus
detection software.
Virus scans consume the central processing unit (CPU). McAfee VirusScan Enterprise Version
7.0.0 can be configured to scan all files with 50% CPU utilization and to prompt for action when
a virus is found.
9.1.7
Account Check
Logon with the <osinstaller> account before starting installation. This account is a domain user
account which must be pre-assigned by your domain administrator as the account to install
OpenScape on the designated OpenScape computer. If you are not sure that this has been
done, contact the domain administrator.
9-4
5454ioas.fm
Nur fr den internen Gebrauch
Installing OpenScape
Verifying the Server Infrastructure
Refer to Appendix F for tools, utilities and hints for installing OpenScape.
9.2
This is the first step in preparing for the installation of the OpenScape system to ensure that it
meets the OpenScape requirements.
To verify the server infrastructure:
1.
Confirm the topology of the OpenScape system. Refer to the OpenScape Project Planning
Guide).
>
2.
The network topology at the customer site is the responsibility of the customers
IT organization.
Verify that the infrastructure components (Exchange, AD) are the appropriate versions. Refer to Section 3.2, Infrastructure Requirements, on page 3-1.
>
There currently exists a restriction with the Vegastream Gateway (pre R5.1
T017) that the fully qualified domain name of the LCS/OpenScape server may
only be a maximum of 31 characters.
The IP address for the LCS/OpenScape server should be static.
Refer to the OpenScape Project Planning Guide for information about topology.
3.
Confirm that the users exist in AD and map, based on topology, to the planned OpenScape
users.
4.
Verify that the LC Server has been prepared with the Environment Preparation Tool by the
domain administrator. As part of this preparation, the <osinstaller> account is assigned to
the LC Server computer as a local administrator. If you are not sure this was done or what
account to use, contact the domain administrator.
5.
If MSSQL is located on a separate server than OpenScape, then nothing needs to be done;
otherwise, the OpenScape server needs to have MSDE installed from the 3rd party CD (refer to Section 3.2.2.1 on page 3-2).
9.3
>
9-5
5454ioas.fm
Installing OpenScape
Verifying and Configuring Ports and Routes
Insert the OpenScape Installation Programs CD into the CD drive of the LC Server.
2.
3.
On the HiPath OpenScape Setup dialog box, select HiPath OpenScape Routing Dispatcher and select the language for this installation from the drop-down menu, then click
Install.
4.
On the Welcome to Siemens HiPath OpenScape screen, verify that this is the version
you wish to install. If yes, then click Next.
5.
On the Customer Information dialog box, enter the customers user name and organization, then click Next.
6.
The next screen, Custom Setup, shows the location of the files that are going to be installed and the capacity required on the hard disk.
7.
On the HiPath OpenScape Routing Dispatcher Account Information screen, enter the
password for the OpenScape Service Account, then click Next.
8.
On the HiPath OpenScape Routing Dispatcher LCS Information screen, enter the LCS
IPSec Port number, then click Next.
9.
9.4
1.
Run OpenScapeRTCtools.exe located in the Tools folder of the Service Pack CD. For
more information on this tool, refer to Appendix F.3, OpenScape RTC Tool.
2.
Click Display Current LCS Configuration to verify all OpenScape related LCS settings
are correct. Then click Close.
9-6
5454ioas.fm
Nur fr den internen Gebrauch
3.
Installing OpenScape
Verifying and Configuring Ports and Routes
If ok, then continue to Section 9.5 on page 9-9; otherwise, click Configure All OpenScape
Related RTC Settings and enter information as follows (refer to Table 3-12 on page 3-8):
9-7
5454ioas.fm
Installing OpenScape
Verifying and Configuring Ports and Routes
>
9-8
The OpenScapeRTCtool is used only for checking or configuring any missing configuration settings on the LC server. It is not supposed to be run as a mandatory step
before installing OpenScape.
5454ioas.fm
Nur fr den internen Gebrauch
9.5
Installing OpenScape
Installing OpenScape
Installing OpenScape
1.
Verify that the OpenScape Server environment has been prepared (see Chapter 8, Preparing the OpenScape Environment).
2.
3.
4.
On the Choose Setup Language dialog box, select the language for this installation from
the drop-down menu, then click OK.
5.
On the Welcome to Siemens HiPath OpenScape screen, verify that this is the version
you wish to install. If yes, then click Next
6.
On the Customer Information dialog box, enter the customers user name and organization, then click Next.
7.
The next screen, Customer Setup, shows the components and location of the files that
are going to be installed and the capacity required on the hard disk.
NOTE: By default, the HiPath OpenScape Web Services SDK is set to be installed. It requires Microsoft WSE 2.0.
Verify the location of the install, then click Next.
8.
On the HiPath OpenScape System Information screen, enter the OpenScape System
Name (default - your server name) which will be used by OpenScape applications to register with a particular system.
Enter the password for the OpenScape service account. The OpenScape System Name
has to match what was entered by the Environment Preparation Tool. Then click Next.
9.
On the HiPath OpenScape Server Information screen, enter required inputs as follows:
For the Database Server Name, enter the hostname for the OpenScape Main Server
For the Database Instance Name, enter the particular instance of MS SQL server that
will be used by OpenScape. If the default instance is used, enter MSSQLServer.
Enter the Default LCS Host Domain and Default LCS Host Name. This is the LC
Server where the static routes are configured.
10. This screen, HiPath OpenScape Database Configuration Information, collects info that
will be used to determine the size of the database and also the location where the OpenScape-specific database files will be stored.
Enter the Number of Users and Number of Months. Refer to Section 3.2.11, Database
Size, on page 3-6 for the number of OpenScape users that are planned for this system
and the number of months of call records that will be kept.
9-9
5454ioas.fm
Installing OpenScape
Installing OpenScape
Verify the DB Data Path.The default location for the database files is in the OpenScape
home under OpenScapeDB folder. This location should be appropriate unless there is a
database preserved elsewhere from some previous installation or if the customer has a
specific need to store data files elsewhere. Click Next.
11. If you are installing the system for the first time, then you will be asked to confirm the creation of the database. In this case, click Yes to create the Database Client.
12. On the HiPath OpenScape Account Information screen, enter the passwords for UNS
and Web Service Account.
13. If HiPath OpenScape Web Services SDK was selected to be installed (default), then the
HiPath OpenScape Web Services SDK information screen appears. Change the ports if
necessary, then click Next.
14. On the Ready to Install the Program dialog box, click Install. This will take some time.
15. On the Info dialog box, click OK. (Note: You will be configuring a certificate as part of Chapter 10, Installing OMC).
16. Click Finish on the HiPath OpenScape Completed dialog box.
9-10
10
5454iomc.fm
Installing OMC
Overview
Installing OMC
This chapter describes the procedures for installing the OpenScape Management Console
(OMC).
10.1
Overview
The OMC installation package deploys the OpenScape Base and OpenScape Management
Console. Installation of this package may be on a client machines or it may be directly on the
OpenScape server.
>
The account that will be used to access the OMC should have privilege to view/
change the OpenScape database. This account requires Admin privileges on the
OpenScape SQL DB and access to the WMI namespace at the OpenScape server.
If you install this package on a client machine in the network, the client machine must have:
>
If OMC is being installed remotely, there may be a need to configure the event viewer
to display events and descriptions correctly. For details please refer to MS article:
http://support.microsoft.com/?kbid=294893%22
OpenScape [2.0]
The OMC provides English and German language interfaces. If it is desired to use a language
other than the primary language of the underlying Windows installation (Use English language
OMC on a German Windows installation, use German language OMC on a non-German Windows installation), the Language setting for the Administrator may be changed using the standard Windows Control Panel Regional and Language Settings dialog. Note that this mixed
language feature is only available on certain Windows versions / service packs, as follows:
10-1
5454iomc.fm
Installing OMC
Installing Microsoft Hotfix
10.2
The Microsoft hotfix, KB821234, must be installed on the OpenScape server, in order for the
OMC to work correctly.
To install the Microsoft hotfix:
1.
2.
From the \OpenScape MC\MS Q821234 hotfix for OMC\ folder, unzip the desired file
(ENU for English or DEU for German) to your local machine.
3.
4.
10.3
Logon with the <osinstaller> account before starting to install the OMC Package:
1.
2.
3.
On the Choose Setup Language dialog box, select the language for this installation, then
click OK.
4.
On the Welcome dialog box, verify that this is the version you wish to install. If yes, then
click Next.
5.
On the Customer Information dialog box, enter the customers user name and organization,
then click Next.
6.
On the Customer Setup screen, you will see the components and location of the files that
are going to be installed and the capacity required on the hard disk. Verify the location of
the install, then click Next.
7.
8.
10.4
1.
2.
3.
4.
10-2
5454iomc.fm
Nur fr den internen Gebrauch
Installing OMC
Configuring the OpenScape Certificate
5.
6.
7.
Wait till the snap-ins appear in the Add/Remove window, then click Close.
8.
9.
Click File->Save as, then enter OMC to save as icon on desktop for later use such as
Chapter 16, Installing SIP Phones.
10.5
This is required if you installed an OpenScape with a new database. To configure the OpenScape certificate (for more info on configuring certificates, refer to Section A.2):
1.
2.
Expand OpenScape [2.0}, then your OpenScape server, then System Management.
3.
Double-click System Data. The System Data Configuration dialog is used to configure system-wide OpenScape data such as the Security Certificate.
4.
The Certificate Configuration tab page of the System Configuration Dialog appears. The
Administrator must set this value initially when the OpenScape server software is installed.
This list shows all currently installed certificates. If a certificate has already been selected
for OpenScape, it is shown in the Current Certificate text box.
If no server certificate is selected, click Change Certificate.
10-3
5454iomc.fm
Installing OMC
Installing the OpenScape License
5.
Highlight a certificate from the certificates list and click OK. The newly selected certificate
is set in the database and its entry in the list is highlighted.
6.
THrough the service control manager, verify that Siemens RTCB Service Manager Windows Service is set to Automatic. Start this Service.
7.
If you installed OpenScape for the first time and created a new database, the services are
disabled. Therefore set the disabled OpenScape services to Automatic and restart the
server.
10.6
1.
2.
Expand OpenScape [2.0}, then your OpenScape server, then System Management.
3.
4.
5.
6.
7.
10-4
5454iomc.fm
Nur fr den internen Gebrauch
10.7
Installing OMC
Configuring the SMTP Server
Start OMC.
2.
Select the desired target system node from the system tree (WMI provider service must be
running on the target system).
3.
4.
Right-click Configure.
5.
6.
10.8
If you can do Section 10.7, Configuring the SMTP Server, then the OMC is working.
10.9
>
BASIC CHECK: Check if these Siemens RTCB Windows Services (Routing Dispatcher (RD),
B2BUA (B2B), and Assistant Engine (AE)) are up and running properly without throwing any
exceptions. If that is not the case, first check if the Siemens RTCB Context Agent Windows Service (XA) is up and running or not.
1.
Check component traces to see if the messages are received and what is happening while
processing those messages.
2.
Look out for any Exceptions being thrown or Errors being logged. In that case, track the
sequence of operations from the beginning till that Error condition is received in that particular component.
Example:In a Basic Call, if User-1 calls User-2 and the message is not received
by User-2 then the possible causes could be any of the following:
RD could be either down or not registered properly with the LC Server. In that case,
RD does not receive any messages from the LC Server and will eventually not pass it
on to B2B.
10-5
5454iomc.fm
Installing OMC
Testing OpenScape
B2B could be either down or not able to receive messages from LCS due to a port
problem. Check for any Exceptions thrown in the trace file. AE is either down or has
not received any 200 OK for the default user registration from the LC Server. This can
be easily seen from the traces logged in the trace file. If AE is down then B2B will simply proxy the messages back to the LC Server for normal processing.
VA is down or is not responding to messages that have been passed to it by AE. Check
traces logged in the trace files. Look for any exceptions that could have been thrown.
If you are not able to understand what the problem could be then, switch on the SIP Logger.
This traces all messages that are being received and processed by the LCS.
10.10
Testing OpenScape
2.
Under Servers, right-click the FQDN of the LC Server and select Properties.
3.
2.
3.
4.
5.
10-6
11
Security Settings
11.1
5454isec.fm
Security Settings
OpenScape using IPSec Security
IPSec should be configured in all OpenScape deployments. Security settings must be set
in place according to how servers communicate with one another.
To secure the communication between servers with Windows IPSec configured in the servers, go to Appendix E, IPSec Security Settings.
To secure the communication between servers with IPSec configured in the network cards/
switches, refer to the documentation provided by your network card/switch provider.
11.2
If you are running SDK applications, the following configuration needs to be done manually to
the Request and Event Web Services, which runs on the OpenScape application server. This
gives permission to the <domain>\OSWeb account to access the certificates private keys file.
1.
2.
Change the Certificate Location to Local Computer and the store name to Personal.
3.
4.
Click OpenPrivateKeyFileProperties.
5.
In the dialog that opens up, click the Security tab, then add the <domain>\OSWeb account
to the list of allowed users and give it FullControl.
6.
11-1
5454isec.fm
Security Settings
Special Steps for SDK Applications
11-2
12
5454imcu.fm
Installing OpenScape MCU
MCU Installation Procedure
This chapter describes the procedures for installing the OpenScape MCU.
12.1
Before installing the MCU, the environment must be prepared using the Environment Preparation Tool. This must be done on the PC that hosts the MC component of the MCU. Verify that
Section 8.16, MCU System Preparation and Verification has been done.
The OpenScape MCU can be installed in one of three ways (be sure to logon with the <osinstaller> account before installing):
1.
Standalone MCU (MC and MP on the same box) - perform steps as follows
a) Section 12.2, Installing the Standalone MCU (MC and MP on same box)
b) Section 12.4, Configuring MCU SiP URI and Testing the MCU
2.
3.
One Box Solution (on the same server as the LCS and OpenScape), then:
a) Section 12.5, One Box Configuration
>
>
Due to the .NET version dependencies of the system, the MCU and OpenScape
must be at the same version level at time of installation. This means that it is imperative to install the MCU after OpenScape has been installed, but before any
service packs are applied to OpenScape.
12.2
2.
3.
On the Choose Setup Language dialog box, select the language for this installation, then
click OK.
12-1
5454imcu.fm
4.
On the Welcome screen, verify that this is the version you wish to install, then click Next.
5.
On the Customer Information dialog box, enter the customers user name and organization, then click Next.
6.
The Customer Setup screen shows the components to be installed, the capacity required
on the hard disk, and the location of the installed files. Verify the location of the installation,
then click Next. (This step will differ for MC and MPs in a different box).
7.
8.
Enter the password for the OpenScape service account, then click Next.
9.
12.3
12.3.1
1.
2.
To install only the MC, disable the MP. Click the pull-down menu next to MP and select X
This features would not be available from the list of three choices.
3.
12-2
5454imcu.fm
Nur fr den internen Gebrauch
4.
12.3.2
1.
2.
To install only the MP, disable the MC. Click the pull-down menu next to MC and select X
This features would not be available from the list of three choices.
3.
12-3
5454imcu.fm
4.
12.4
NOTE: This section only applies to the standalone MCU configurations. For the One Box configuration, refer to Section 12.5.3.
1.
2.
3.
4.
In the URI field, enter the MCU FQDN. SIP.URI=<Host Name>,<Primary DNS Suffix> For
example, hypnos.app.devos.net where hypnos=MC machine name and app.devos.net=child domain).
5.
6.
12-4
5454imcu.fm
Nur fr den internen Gebrauch
12.5
Here the MC shares a machine with the LCS and OpenScape (LCS, OpenScape, MC and optionally MP). The customer determines if the MC is on the same server as the LCS and OpenScape. The MP can either be separate from or on the same server as the MC. The criteria are
performance and number of conferencing channels.
12.5.1
1.
If the MC and MP are both to be located on the same server as LCS and OpenScape, follow the steps in Section 12.2, Installing the Standalone MCU (MC and MP on same box),
on page 12-1, then proceed with Section 12.5.2, Configuring the DNS Server.
2.
If only the MC is to be located on the same server as LCS and OpenScape (MP is on another server), follow the steps in Section 12.3.1, Installing MC with MP on a different box,
on page 12-2, then proceed with Section 12.5.2, Configuring the DNS Server.
12.5.2
With the DNS server, create a new Alias (CNAME) for the OpenScape host that can be used
by the MCU. This alias points to the LCS/OpenScape server (for example, mcu.rtcdomain.com>openscapehost.rtcdomain.com).
To add the CNAME alias resource record to the MCU:
1.
Open DNS.
2.
In the console tree, right-click the applicable forward lookup zone, then click New Alias.
3.
In the Alias name field, enter the alias name (for example, openscapemcu).
4.
In the FQDN for target host field, enter the FQDN of the DNS host computer for which this
alias is to be used (for example, openscapehost.rtcdomain.com), or click Browse to
browse the DNS namespace for the host.
5.
6.
Ping the alias to see if got added to the zone correctly. (Open a command window and ping
the real host name and the alias. The results must be that they both should ping with the
same IP (both names resolve to the same IP address.)
12.5.3
NOTE: This section only applies to the One Box Configurations for MCU installations. Refer to
Section 12.4, Configuring MCU SiP URI and Testing the MCU for configuring the MC SIP in
a standalone configuration (MC is not on the same server as LCS and OpenScape).
12-5
5454imcu.fm
2.
3.
In the URI field, enter the newly created alias from step 3 in Section 12.5.2. Verify the configured SIP port number. The default is 5062 for the One Box solution. This needs to be the
same as the port number of the LCS route for the MCU.
4.
Click OK.
5.
12.5.4
2.
3.
4.
5.
6.
Click OK.
7.
8.
Configure this Static Route as TRUSTED. (Refer to Section 4.5 on page 4-6 and Appendix
F.3, OpenScape RTC Tool.).
9.
12-6
13
5454imed.fm
Installing the OpenScape Media Server
To install the Media Server application on the OpenScape Media Server, refer to the HiPath
OpenScape Media Server V2.0 Installation Guide.
You will need the information from Table 3-12 on page 3-8 and Table 3-14 on page 3-10 for installation.
13-1
5454imed.fm
13-2
14
5454secuB.fm
Service Packs and Miscellaneous
Service Packs for Server Machines
14.1
Consult the latest OpenScape Release Note which contains information on the current OpenScape service packs. This Note is located on the KMOSS website, https://kmoss.icn.siemens.de.
Insert the Service Pack CD into the CD-ROM drive and open the appropriate service pack folder. Open the corresponding folder for the component being upgraded (i.e. core, MCU, OMC, or
Client). Run the executable .msp files in the appropriate server. Follow the on-screen directions
to install the service pack.
For the Media Server, follow the directions in the Media Server for OpenScape V2.0 Installation
Guide.
14.2
Document Storage
For this feature, the following must be configured on the OpenScape system (after the service
pack has been installed):
1.
Under IIS, click Web Service Extensions. On the right select WebDAV and click Allow to
change it from Prohibited to Allowed.
14.3
Security Troubleshooting
1.
Check if the OpenScape domain is in native mode or higher. OpenScape does not support
mixed mode.
2.
The OpenScape Service group should be a Domain Global group or higher. The OpenScape Admin and User groups should be Domain Local Groups. The OpenScape Admin
group should be a member of the OpenScape User group.
3.
Ensure that the OpenScape service account belongs to the OpenScape Service group.
4.
Ensure that the OpenScape Services, MCU services and the Media Server services that
talk to OpenScape are installed under the same OpenScape service account.
5.
Ensure that the Media Server and the OpenScape Server are configured with valid certificates. These certificates should be issued by a trusted root CA for this system.
6.
Open up the Certificates MMC on the OpenScape and Media Server machines and ensure
that the configured certificates are verifiable.
14-1
5454secuB.fm
7.
The DNS should be correctly set up with FQDN for reverse lookup for all the OpenScape
servers.
8.
Check if Windows2000 server (Media Server machine) has the latest SP4 (hot fix) from Microsoft installed.
14.4
RSA SecurID
If RSA SecurID is enabled on the system, it must be configured so that the Siemens Clients
will work on the client machines.
On the OpenScape server:
1.
2.
3.
Under the Portals folder, locate the WMTab.xml file on the right side; right click this file
and select Properties.
4.
5.
6.
14.5
14.5.1
Deployment
The Trace File Accumulator (TFA) copies trace files from an OpenScape (OS) or RoutingDispatcher (RD) to the system where the TFA is installed. TFA does not remove the files from the
OS or RD system. The intended usage of TFA is to archive large quantities of trace files for 1
to n systems.
Ideally TFA should not be installed on an OS or RD system as this could create storage and/or
disk fragmentation problems. Investigation has shown that up to ~1.5 GB of trace files can be
generated in a 24 hour period.
The Trace File Accumulator does not manage the accumulated files. An administrator should
periodically purge or compress the accumulated files.
14-2
5454secuB.fm
Nur fr den internen Gebrauch
14.5.2
Check
Make sure the server TFA to be installed on, was prepared with Environment Preparation Tool
by your domain administrator. As part of the preparation, the <osinstaller> account is assigned
to the computer as a local administrator. If you are not sure the preparation was done and what
account to use, contact the domain administrator.
14.5.3
Installation
Insert the OpenScape Installation Programs CD into the CD drive of the Server.
2.
3.
On the Choose Setup Language dialog box, select the language for this installation, then
click OK.
4.
On the Welcome to Siemens HiPath OpenScape screen, verify that this is the version
you wish to install. If yes, then click Next.
5.
On the Customer Information dialog box, enter the customers user name and organization, then click Next.
6.
7.
8.
9.
14.5.4
BASIC CHECK: Check if the Siemens Trace File Accumulator Windows Service is up and running properly without showing any exceptions.
14-3
5454secuB.fm
The Trace File Accumulator will begin to accumulate files after configuration is completed using
the OpenScape Trace File Accumulator management console Snap-In (see 7-installOMC.doc).
Shortly after configuration of the TFA the trace files should start to be copied to either
C:\Program Files\Siemens\HiPath OpenScape TFA\OpenScape
or
For example the following screenshot shows that the trace files are being accumulated for
14-4
15
5454icli.fm
Installing the OpenScape Client
Installing the OpenScape Client
This chapter describes the procedures for installing the OpenScape Client.
>
15.1
15OpenScape Client
To use the OpenScape Client, the OpenScape Client installation package must be installed.
1.
2.
3.
On the Choose Setup Language dialog box, select the language for this installation, then
click OK.
4.
On the Welcome screen, verify that this is the correct version. If yes, then click Next.
5.
On the Customer Information screen, enter the customer user name and user organization, then click Next.
6.
On the OpenScape System Information screen, enter the name of the OpenScape system to which this client is registered to, then click Next.
7.
On the next OpenScape System Information screen, for the OpenScape Server Name,
enter the FQDN of the OpenScape System. For the LC Server Name, enter the FQDN of
the LC Server, then click Next. This identifies the servers on where the OpenScape system
and LC Server are installed.
8.
9.
>
The Registry Entries affected on the Client machines are identified in Section 15.2.
15-1
5454icli.fm
OpenScape Client
OpenScape Client Registry Entries
15.2
The following registry entries are created during OpenScape Client installation:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService"OEMTabs"="https://[OpenScapeServerName]/OpenScape/Portals/WMTab.xml"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\ServiceProviders\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}\Branding\[RTCServerName]
"RegServiceProvider"="SOFTWARE\Microsoft\MessengerService\ServiceProviders\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}\Branding\[RTCServerName]"
15-2
16
5454SIP.fm
Installing SIP Phones
Configuring DNS SRV Records
Obtain a Certificate
Import the SIP Phone certificate to the OpenScape Server via OMC
16.1
Ask the network administrator to create an SRV record in DNS configuration so that the SIP
phones can be addressed by the LC Server via FQDN addressing. This is done by Domain
Prep before installing OpenScape. Refer to Section A.5 on page A-6.
16.2
Obtaining a Certificate
The network administrator should create, request, and export a certificate (to a file) for the SIP
phone. This can be done by:
Using a third party certificate vendor (e.g. Verisign) - wildcard certificates are supported for
a cost-effective solution.
Using a third party vendor software (e.g. Microsoft Certificate Services) - refer to Section
A.6 on page A-7 for an example.
Obtain and copy this file to a location on the OpenScape server where it will be imported (refer
to Section 16.3.1).
16.3
16.3.1
Importing
The following steps are performed on the OpenScape Server where the OpenScape Management Console is installed.
1.
2.
In the Add Standalone Snap-in window, select Certificates, then click Add.
16-1
5454SIP.fm
3.
In the Certificates snap-in window, select Computer account, then click Next.
4.
In the Select Computer window, select Local computer:..., then click Finish.
5.
After the snap-in is added, select and expand Certificates (Local Computer)->Personal>Certificates in the Console Root window.
6.
7.
8.
Then click Browse and locate the SIP Phone certificate file, then click Next.
9.
Enter the certificate password and check the box Mark this key as exportable..., then
click Next.
10. On the Certificate Store window, select Automatically select the certificate based on
the type of certificate, then click Next.
11. On the Completing the Certificate Import Wizard window, verify the settings, then click Finish.
16.3.2
Verifying
1.
2.
On the right hand panel, verify that you see the certificate installed from Section 16.3.1.
3.
Verify that you also see the corresponding Root CA Certificate under Trusted Root Certification Authority Certificates.
16.4
LC Server Certificate
16.4.1
Identifying
1.
2.
3.
Right-click the LC Server, select Properties, then select the Connections tab.
4.
16-2
5454SIP.fm
Nur fr den internen Gebrauch
5.
On the Edit Connection window, note the three fields: Issued to:, Issued by: and Valid
from that will be used to verify in Section 16.4.2. (Note: Do not make changes.)
6.
16.4.2
Verifying
1.
2.
On the right hand panel, verify that you see the trusted root certificate - reference step 5 in
Section 16.4.1.
3.
16.5
1.
2.
3.
4.
16-3
5454SIP.fm
5.
Select the SIP Phone Certificate from Section 16.3.2, then click OK.
6.
7.
Enter the Default Administration Password - this is an important step to increase security.
The existing default administration password is 123456.
8.
Enter the Default User Password - this is an important step to increase security. The existing default user password is 147258.
9.
Select the LC Servers tab, select the LC server or servers (V2 supports multiple LCS),
click Edit, then click Change certificate.
10. Select the LC server certificated identified in Section 16.4.1 on page 16-2.
16-4
5454SIP.fm
Nur fr den internen Gebrauch
16.5.1
1.
From the OpenScape Phones Properties window, select the Profiles tab, then click Add
to create a new profile.
2.
Enter a profile name (i.e. subnet range of SIP phones), then click OK.
3.
4.
If DHCP is used for SIP phones, then select On (default) for DHCP and continue with next
step; otherwise, select Off and fill in the following fields (refer to Section 3.6, SIP Phone
Data, on page 3-15):
Domain name DNS primary server Default route Then click OK.
5.
Select the Authentication tab, and in the KDC server address field, enter the IP address
or FQDN of the KDC server (as defined by the Windows domain security policies; i.e. the
child domain controller) - refer to Section 3.6, SIP Phone Data.
6.
Select the Time & Date tab, and in the SNTP server address field, enter the IP address
or FQDN of the time server. Select the timezone offset and whether it is daylight saving
or not - refer to Section 3.6, SIP Phone Data.
7.
Presence publishing
Presence watching
Contacts
Instant messages
8.
Select the SNMP tab, enter public in the Accepted community name field.
9.
If QoS is used, select the QoS tab and set the configuration to match the Ethernet Switch
QoS setting (refer to Section 3.6, SIP Phone Data).
10. Leave data in other tabs as is since they do not impact OpenScape.
11. Then click OK to complete the Profile configuration.
16-5
5454SIP.fm
16.6
For this section, only the two test OpenScape users will be assigned SIP phones. For further
details on administering SIP phones, refer to the online Administrator Help.
1.
2.
If some or all SIP phones are on a different subnet than the OpenScape server, then the
Phone Discovery IP range must be added. Expand OpenScape->your OpenScape server->Device Management->Phone Management. Then right-click Phone Management
and select Properties. Select the Phone Discovery tab, then click Add to add the subnet
range.
3.
4.
5.
From the pull down menu, select a test OpenScape user, then enter a name associated
with this user. Then click Next.
6.
Set the Windows password for this user then click Next. If this password is not known, a
different process is required that is covered in the online Administrator Help.
7.
Click Download a new Certificate to the phone, then click Use Default Server Certificate.
8.
Verify the certificate is the same SIP Phone certificate imported back in Section 16.3.1. If
not, click Browse and select the right one. Then click Next.
9.
In the Configuration Profile field, use the drop down menu to select the profile configured
in Section 16.5.1 on page 16-5. Then click Finish.
10. The Assign Phone Wizard starts writing data to the phone while progress info is displayed.
>
Make sure the user does not touch the phone at this time because it will appear
busy; otherwise, this assignment will fail. Once the Wizard is successful, then it is ok.
11. The phone should be registered. Verify by noting that the IP Address field of the OpenScape phone no longer says No response (manual refresh may be required).
16-6
5454SIP.fm
Nur fr den internen Gebrauch
16.6.1
Phone Discovery
Phone Discovery is usually performed with broadcast messages to the endpoints. If the endpoints are located behind routers on a different subnet from the OpenScape server, a broadcast
message is not possible and it is necessary for the administrator to configure a range of IP Addresses that OpenScape should scan in order to find the SIP Phones. Scanning the endpoints
may be perceived as a hacker attack by security tools designed to protect against such attacks.
Phone Discovery occurs at the following times:
1.
when the administrator refreshes the list of phones displayed on the OpenScape Management Console
2.
when the Scheduled Data Synchronization for the SIP Phones is performed
3.
when OpenScape software is attempting to locate a specific SIP Phone given a MAC
Address
To prevent false alarms from Intrusion Detection Systems (IDS), the network administrator
needs to configure the IDS to ignore UDP messages sent to port 5100. In other words, a filter
should be set up in the IDS so that Phone Discovery messages do not trigger a false security
alarm
A31003-S5020-S100-1-7620, July 2004
HiPath OpenScape V2.0, Installation Guide
16-7
5454SIP.fm
16-8
17
5454fchk.fm
Final Checklist
Final Checklist
2.
Verify TCP port 50000 has been configured and set as Trusted.
3.
Verify MTLS (Mutual TLS) port 5061 is configured and set as un-Trusted.
4.
Verify OpenScape application URIs has been configured and at the top of the list. For example, here is the sequence in which they should appear, top to bottom, when you are
looking at the Application URIs configured on the LC Server via the Application node in
the LC Server Control Panel):
Application URI Name: Siemens Routing Dispatcher
Application URI:
http://www.siemens.com/en/rtcb/platform/routingdispatcher
Application URI Name: Age of Presence
Application URI:
http://www.siemens.com/OpenScape/bin/AOP
Application URI Name: Routing Application Setting - Default
Application URI:
http://www.microsoft.com/RTC/DefaultRouting
5.
Verify that if any Static Routes are configured, then they must be set to Trusted.
6.
Verify that the SIP URI is the same as each users email address (Microsofts recommendation and
Siemens requirement for V2). Check if the domain-name part (i.e. the one after the @ symbol)
specifies the root domain. If is recommended to create the users email account first on Exchange,
then when you create the users LCS attributes, the SIP URI will default to the users email address.
Format:
user-name@domain-name
Example: johnsmith@xpdev.net
7.
Verify that the LCS users point to the proper LCS Home Server.
8.
Verify that the OpenScape Service Account is a member of the RTC Server Applications
group.
9.
Verify that the SIP URI is enabled for the OpenScape Service Account. That is, make it an
LCS User homed on the same server on which the OpenScape Services are running.
10. Verify that the correct domain entries have been added to the User Services Global Settings. These entries should only be for domains (FQDNs) on which the users are created.
11. Perform the following tests:
a) WM-WM instant message
b) WM-WM voice call
A31003-S5020-S100-1-7620, July 2004
HiPath OpenScape V2.0, Installation Guide
17-1
5454fchk.fm
Final Checklist
c)
j)
k)
17-2
References
A.1
Adding Users
5454appa.fm
References
Adding Users
To add users to the OpenScape system, users must first be created as LCS users. Users may
then be converted to OpenScape users via the OpenScape Management console. Also, users
may be also created via the OpenScape Scripting Framework using a user creation script. Email address is required in AD before collaboration groups work. If you create a user without
giving him an e-mail address he can not start any conferences.
>
A.1.1
In order to enable full feature functionality, all OpenScape users need an e-mail address.
2.
3.
4.
Click Add.
5.
6.
7.
8.
9.
10. To promote LCS users to OpenScape users, right click on a user and Convert User. DIFFERENT FOR V2
>
A.1.2
Note: The OpenScape Service user should NOT be converted to an OpenScape user. They should remain only LCS users.
A utility is available through OpenScape for to run vbscript scripts. This utility may be used to:
A-1
5454appa.fm
References
Configuring Certificates
A.2
Configuring Certificates
If an application running in machine A wants to access a service from a server application running on machine B and use TLS encryption then the Certificate Authority (CA) that issued the
certificate to the server B has to be configured as a trusted certificate authority on the local
computer A.
Customers are required to use TLS for Windows Messenger.
Windows Messenger users have an additional GUI interface as part of OpenScape. It is implemented using TABS that are downloaded from a central server using HTTPS. This server functionality can be provided by the OpenScape server since it is running IIS and has a certificate
installed. Any other server with IIS configured for TLS can also work.
OpenScape Version 2 supports Internet access to portals using HTTPS (HTTP is not supported). This feature does not require a CA to be configured or installed on the client machine as
a trusted Root Certificate Authority (root CA) (assuming they are using IE to access the portals
instead of WM tabs).
Certificates can be issued by different CAs (both internal and external) as long as they are configured as trusted CAs on local machines for example, the LC Server certificate can be issued
by an internal CA and the SIP phone certificates can be issued by an external CA as long as
both these CAs are configured as trusted CAs on machines running the client applications that
is, LC Server machine, OpenScape machine and SQL server machine and so on.
Depending on how customers acquire their certificates, Table A-1 lists the certificates required
by customers who use one certificate vendor/PKI.
Machine
LC Server
OpenScape Server *
SQL Server*
Media Server
MC Server
MP Server(s)
SIP Phone
Table A-1
A-2
5454appa.fm
References
Configuring Certificates
Machine
Client workstation in
Intranet
Client Workstation in
Internet
ISA Server
OMC node
Note: * Running on a separate physical node. You can reuse and share the same machine
certificate if installed on the same machine.
Table A-1
Table A-2 lists the certificates required by customers who use more than one certificate vendor/
PKI.
Machine
LC Server
OpenScape Server *
SQL Server*
Media Server
MC Server
MP Server(s)
SIP Phone
Client workstation in
Intranet
Client Workstation in
Internet
Table A-2
A-3
5454appa.fm
References
Upgrading
Machine
ISA Server
OMC node
Note: * Running on a separate physical node. You can reuse and share the same machine
certificate if installed on the same machine.
Table A-2
When creating or purchasing certificates, the "common name" of the certificate should be the
Fully Qualified Host Name of the machine on which the certificate will be used (e.g. rocket.d1.research.com where rocket is the host name and d1.research.com is the Fully Qualified
Domain Name).
A.3
Upgrading
A.4
Uninstalling
A.4.1
System Preparation
From the CLI command line, type EPTSetup /x /m s /r config.xml /l ept.log to remove system preparation.
A.4.1.2
Domain Preparation
From the CLI command line, type EPTSetup /x /m d /r config.xml /l ept.log to remove domain preparation.
A-4
5454appa.fm
Nur fr den internen Gebrauch
A.4.2
References
Uninstalling
2.
Use Windows Add/Remove Programs utility from the Control Panel to uninstall the OMC.
3.
Use Windows Add/Remove Programs utility from the Control Panel to uninstall all OpenScape programs or run the OpenScape executable.
If you do not want to remove the database, click NO at Uninstall Database client.
A.4.3
2.
> If you cannot remove the OpenScape home folder, stop the Windows Management Instrumentation service from Service Control Manager. This also stops the
LCS service.
3.
A-5
5454appa.fm
References
Creating an SRV Record on DNS
>
If you cannot remove the database, restart the Windows Management Instrumentation and RTC service then try to delete the database.
If you still cant delete it, restart your computer.
4.
If the database is retained, verify that the DBInUse attribute in the SystemConfig table of
the XpSystem database is 0.
A.4.4
A.4.5
A.4.6
Use Windows Add/Remove Programs utility to remove the package and third party software.
A.4.7
A.5
This is done by the network administrator so that SIP phones can be addressed by the LC Server via FQDN addressing.
Here is an example on how to create an SRV record on DNS (usually root domain controller).
1.
2.
Expand the forward lookup zone until you get to the child domain name.
3.
4.
5.
6.
7.
8.
A-6
5454appa.fm
Nur fr den internen Gebrauch
9.
References
Obtaining a SIP Phone Certificate
Enter the FQDN of one of your LC servers in the host offering service name field (i.e. LCserver.domainchild.domainroot.net).
The LC server could be a FES (Front End Server) if a FES is being used to reduce the load
on home servers by redirecting initial registration request from clients to its correct home
server.
If there is no FES being implemented, then use one of the LCS home servers. Only one
SIP SRV Record on DNS is allowed per child domain.
If the client is not homed on the target of the DNS SRV Record, this server will redirect the
registration request to its correct home server within the same domain. The current LC
server version will not redirect clients to LC servers across domains.
The current SIP phone firmware will not support registration to LC servers across domains.
A.6
Here is an example on how to obtain a certificate by using Microsoft Certificate Services. This
is done by the network administrator. Certificates may also be obtained from a third party certificate vendor such as Verisign. Wildcard certificates may be deployed to reduce the cost per
certificate.
A.6.1
This task must be done from the server where CA (Certification Authority) is installed.
The CA server can be the root domain controller server or other server that was configured as
the CA server.
1.
2.
Certificate Services Web enrollment support (this component must be installed after
IIS)
A-7
5454appa.fm
References
Obtaining a SIP Phone Certificate
A.6.2
Enterprise admin privileges are required to create a certificate. The steps below first involve
removing the default certificate and then creating a new certificate.
1.
2.
3.
4.
5.
6.
7.
8.
Click Finish.
9.
10. On the Welcome to Web Server Certificate Wizard screen, click Next.
11. Select Create a new certificate, then click Next.
12. On the Delayed or Immediate Request screen, select Send the request immediately to
an online certification authority, then click Next.
13. Enter a name for the certificate, then click Next.
14. Enter the organization information, then click Next.
15. For the Common Name field, enter the FQDN of where the certificate will be installed
(usually the OpenScape server), then click Next.
16. Enter the geographical information, then click Next.
17. On the SSL Port screen, accept the default of 443 and click Next.
18. On the Choose a Certification Authority screen, accept the default of the Root Certificate
and click Next.
19. On the Certificate Request Submission screen, click Next.
20. Click Finish.
21. Go to Section A.6.4.
A-8
5454appa.fm
Nur fr den internen Gebrauch
A.6.3
References
Obtaining a SIP Phone Certificate
This task is performed (recommended) on the OpenScape server. The request is done by
getting access to the certification service on the CA server.
1.
Invoke the IE browser, and enter http://<ca_host>/certsrv, where <ca_host> can be either the host name or IP address of the CA server.
2.
A Windows logon challenge is prompted. Enter the domain administrator user account and
password of the CA server. This will bring up the Microsoft Certificate Services Welcome
web page.
3.
Select Request a certificate under the Select a task category, then click Next. This brings
up the Choose Request Type page.
4.
Select Advanced request, then click Next. This brings up the Advanced Certificate Request page.
5.
Select Submit a certificate request to this CA using a form, then click Next. The Advanced Certificate Request page is displayed.
6.
Select Web Server template from the Certificate template pull down menu.
7.
8.
9.
10. Click the Install this certificate hyperlink. A warning dialog of Potential Scripting Violation is shown. Select Yes to complete. The certificate is now made available.
A-9
5454appa.fm
References
Obtaining a SIP Phone Certificate
A.6.4
Locating
Performing this task on the OpenScape server is recommended. Logon with the <osinstaller> account.
1.
Invoke mmc via the Run command. Add the following Snap-ins to the MMC console:
2.
NOTE: The following steps apply to Windows 2000 only and involves exporting the certificate.
3.
Right-click on that certificate; select All Tasks and then Export The Certificate Export
Wizard is displayed.
4.
Click Next. On the Export Private Key dialog, select Yes, export the private key and click
Next again.
5.
On the Export File Format dialog, verify that Personal Information Exchange PKCS
#12 (.PFX) is selected with the Enable strong protection (requires IE 5.0, NT 4.0 SP4
or above) option checked. Click Next.
6.
On the Password dialog, enter and re-type the password for this certificate. (This password
will be used during certificate installation.) Click Next.
7.
On the File to Export dialog, enter a file name for the exported certificate file and browse
to the path where the certificate file will be stored. Click Next.
8.
Click Finish to complete the wizard. The certificate file is now ready for import.
A-10
5454AppB.fm
Preparing Exchange 2000/2003 for OpenScape
Enabling WebDAV on the Exchange 2003 Server
>
B.1
The steps described in this appendix are to be given to the customers network administration for reference in how to set up the Exchange 2000/2003
server for OpenScape. This person must also work with the site telecom administrator to obtain extension numbers when creating the accounts.
B.2
1.
From the Exchange 2000/2003 server computer, click Programs->Microsoft Exchange>System Manager.
2.
Drill down to the Server Storage Group. Repeat steps 3 to 6 for each applicable storage
group (Note that Public Folder Store is not required).
.
B-1
5454AppB.fm
3.
4.
On the Mailbox Store (CR-E2K) Properties dialog box, click the Security tab, then click
Add.
5.
Locate and select the <systemID>SiemensIC account. Click Add and then OK.
6.
B-2
5454AppB.fm
7.
B-3
5454AppB.fm
B.3
1.
From the Active Directory window, double-click <systemID>SiemensIC, then click the
Live Communications tab.
2.
3.
4.
For the Home Server field, select the FQDN of the LC Server, then click Apply and OK.
5.
6.
7.
Right click on the User Management window, then click Add User.
8.
d) Click Next.
e) In the OpenScape System drop-down menu, select the OpenScape system name.
f)
In the drop-down menu for User Type, select HiPath OpenScape. Click Next.
9.
B.4
i)
j)
k)
Click Finish.
1.
From the Active Directory window, double-click <systemID>SiemensCR, then click the
Live Communications tab.
2.
3.
4.
For the Home Server field, select the FQDN of the LC Server, then click Apply and OK.
B-4
5454AppB.fm
Nur fr den internen Gebrauch
5.
6.
7.
Right click on the User Management window, then click Add User.
8.
d) Click Next.
e) In the OpenScape System drop-down menu, select the OpenScape system name.
f)
In the drop-down menu for User Type, select HiPath OpenScape. Click Next.
9.
i)
j)
k)
Click Finish.
B-5
5454AppB.fm
B.5
1.
2.
B-6
5454AppB.fm
Nur fr den internen Gebrauch
3.
Click the Replication tab and verify that the Public Folder Store for the Exchange 2000/
2003 server appears in the list.
B-7
5454AppB.fm
B.6
Portals Installation
B.6.1
The OpenScape Portals must use a secure connection between the Web Server (IIS) and the
Web Browser, so we need to enable Secure Sockets Layer in the IIS Manager.
1.
2.
Expand the Web Sites folder, right-click the Default Web Site subfolder and select Properties.
3.
Select the Web Site tab and enter 443 in the SSL port field (NOTE: If this field is not accessible, then skip to next step since no certificate has been installed.)
4.
Select the Directory Security tab, then click Server Certificate. The Server Certificate
Wizard will open. If the View Certificate button is enabled, it means that you already
have a certificate installed and you do not have to proceed unless you want to change the
certificate.
B-8
5454AppB.fm
Nur fr den internen Gebrauch
5.
If you decide to continue, click Next on the Welcome to the Web Server Certificate Wizard screen.
6.
On the Server Certificate screen, select Assign an existing certificate, then select
Next.
7.
On the Available Certificates screen, select the certificate that you have available, then
click Next. You will use the same certificate that is used by the LC Server.
8.
On the SSL Port screen, enter 443 for the SSL port number, then click Next.
9.
B.6.2
To integrate with the OpenScape Portals, the OWA must have Secure Sockets Layer (SSL) enabled so it can be opened inside the Portals.
1.
To enable SSL, we need to install a certificate in the IIS on the Exchange Server machine.
Please follow the same instructions in Section B.6.1 on page B-8 (Enable SSL in IIS) and
execute them on the Exchange Server (not on the OpenScape Server!). For further details
on certificate configuration, refer to Microsoft Exchange documentation.
2.
This operation needs to be done only once and please recall that, since there is only one
Exchange Server per domain forest, enabling SSL for one Exchange Server will affect all
child domains.
B-9
5454AppB.fm
3.
If SSL is not enabled for OWA, the following error page is shown instead of the Calendar
and Inbox information.
B.6.3
With everything ready and properly setup, you can finally open the Personal Portal web page
in IE. The URL is http://<servername>/openscape/portals/default.aspx. The <servername> is
your OpenScape server name. Please enter it in its fully qualified format (i.e.: applebee.app.devos.net), otherwise you will get a security warning every time you open the Portals.
Verify that the Personal Portal web page can be opened in IE.
B-10
5454AppC.fm
Creating OpenScape Users for Media Server Routing
CRDirect
>
The steps described in this appendix are to be given to the network administration for creating OpenScape users for Live Communications Routing. This
person must also work with the site telecom administrator to obtain extension
numbers when creating the accounts.
C.1
CRDirect
1.
In the Active Directory Users List, double-click <systemID>CRDirect, then click the Live
Communications tab.
2.
3.
4.
For the Home Server field, select the FQDN of LC Server, then click Apply and OK.
5.
6.
7.
8.
d) Click Next.
e) In the OpenScape System drop-down menu, select the OpenScape system name.
f)
In the drop-down menu for User Type, select Media Server. Click Next.
j)
Enter an extension number (refer to Table 3-14 on page 3-10). Click Next.
C-1
5454AppC.fm
k)
l)
m) Click Finish.
9.
C.2
CRForward
1.
In the Active Directory Users List, double-click <systemID>CRForward, then click the
Live Communications tab.
2.
3.
4.
For the Home Server field, select the FQDN of LC Server, then click Apply and OK.
5.
6.
7.
8.
d) Click Next.
e) In the OpenScape System drop-down menu, select the OpenScape system name.
f)
In the drop-down menu for User Type, select Media Server. Click Next.
j)
Enter an extension number (refer to Table 3-14 on page 3-10). Click Next.
k)
l)
m) Click Finish.
C-2
5454AppC.fm
Nur fr den internen Gebrauch
9.
C.3
1.
Expand the OpenScape snap-in and the server where CRForward is a member.
2.
3.
4.
Right-click on the System Destination Administration window, then select Add Destination.
5.
6.
7.
For the Destination Type field, select Media Server from the dropdown menu.
8.
Click OK.
9.
C-3
5454AppC.fm
C-4
5454AppD.fm
Settings Changed by the Environment Preparation Tool
Root Domain
This tool
creates the following groups and accounts during OpenScape Environment Preparation in Chapter 8
D.1
Root Domain
D.1.1
OpenScape Service
D.1.2
Object Type
Group - Domain
Local
Members
Member of
Child Domain1\OSsvc
Child Domain2\OSsvc
Permissions
Read Access
Trustee
Object: CN=OpenScape Global Settings, CN=Siemens, CN=System, DC=X (not set for
EDM Mode)
Permissions
Trustee
D-1
5454AppD.fm
D.1.3
OpenScape Service group is given the following access on the Domain-DNS object:
Read/ Write/ Delete Permissions on SiemensOSPropertySet (not set for EDM Mode)
D.2
D.2.1
OpenScape User
Object Type
Group - Domain
Local
Members
Member of
OpenScape Admin
D-2
Object Type
Group - Domain
Local
Members
OpenScape Service
<osinstaller>
Member of
OpenScape User
Administrator (Local on
OS, RD, TFA, EDM)
5454AppD.fm
OpenScape Service
Object Type
Group - Domain
Local
Members
Member of
OSsvc
OSweb
<systemID>OSUNS
<osinstaller>
Child Domain2\OSsvc
OpenScape User
OpenScape Admin
Object: CN=OSsvc
Object Default Name
OSsvc
Object Type
User
Not LC User
Member of
OpenScape Service
Child Domain2\OpenScape Service
User Domain1\OpenScape Service
OpenScape User
RTCDomainUserAdmins
Administrators (local on OS, MCU, MS, RD)
RTC Server Applications (local on RD server)
IIS_WPG (local on OS server)
Object: CN=OSWeb
Object Default Name
OSWeb
Object Type
User
Not LC User
Member of
OpenScape User
OpenScape Service
IIS_WPG (local on OS server
Object: CN=<systemID>OSRTP
Object Default Name
<systemID>OSRTP
Object Type
User
SIP-enabled LC
User
Member of
OpenScape User
D-3
5454AppD.fm
Object: CN=<systemID>OSUNS
Object Default Name
<systemID>OSUNS
Object Type
User
SIP-enabled LC
User
Member of
OpenScape User
OpenScape Service
Administrators (local on OS server)
Object: CN=<osinstaller>
Object Default Name
Object Type
Member of
Domain Users
OpenScape Admin
OpenScape Service
RTCDomainUserAdmins
Administrators (local on OS, SQL, MCU, MS,
RD, TFA)
Object: CN=<systemID>SiemensCR
Object Default Name
Object Type
Member of
Object: CN=<systemID>CRDirect
Object Default Name
<systemID>CRDirect
Object Type
Member of
Object: CN=<systemID>CRForward
Object Default Name
Object Type
Member of
Object: CN=<systemID>SiemensIC
Object Default Name
<systemID>SiemensIC
D-4
Object Type
Member of
5454AppD.fm
Nur fr den internen Gebrauch
D.2.2
Permissions
Trustee
Full Control
OpenScape Service
Full Control
OpenScape Admin
Full Control
Trustee
OpenScape Service
Object: OSsvc
Object type: User
Permissions
D.2.3
Trustee
OSsvc
OpenScape Service group is given the following access on the Domain-DNS object:
Read/ Write/ Delete Permissions on SiemensOSPropertySet (not set for EDM Mode)
OpenScape Admin group is given the following access on the Domain-DNS object:
D-5
5454AppD.fm
D.2.4
Trustee
D.2.5
Trustee
Full Control
D.2.6
Trustee
The OpenScape service group and OpenScape Admin group are provided db owner privileges.
The OpenScape User group has read permissions on the OpenScape databases.
D.2.7
Some OpenScape settings are stored in the Windows Management Instrumentation (WMI)
Common Information Model (CIM) repository, therefore:
The following namespace is created: Root\Siemens\RTCB
Namespace: Root\Siemens\RTCB
D-6
5454AppD.fm
Permissions
Trustee
Full Control
Everyone
Namespace: Root\CimV2
Permissions
Trustee
Full Control
D.3
D.3.1
OpenScape Service
D.3.2
Object Type
Group - Domain
Local
Members
Member of
OpenScape Service group is given the following access on the Domain-DNS object:
Read/ Write/ Delete Permissions on SiemensOSPropertySet (not set for EDM Mode)
D-7
5454AppD.fm
D-8
5454secu.fm
IPSec Security Settings
Overview
This appendix provides information and instructions about securing the communication between servers with Windows IPSec configured on the servers. It provides an authentication
"white list" to ensure that network messages are accepted only from configured servers, i.e. to
ensure that they do not come from an unauthorized endpoint. IPSec also provides privacy and
integrity-checking for network messages.
E.1
Overview
The IPSec policy involves securing communication between servers. OpenScape uses the IP
Security (IP Sec) Protocol provided by Windows 2000 and above. IPSec is used between the
following servers (refer to Table E-1 on page E-2 for list of supported configurations):
Note: It is not important where the SQL Server is located for the security settings.
>
NOTE: Logon with the <osinstaller> account to perform these IPSec security
settings.
You will be creating IPSec filters from Media Server, LCS, OpenScape and MCU (or MC and
MP) based upon the installation scenario.
E-1
5454secu.fm
Machine
B
LCS
OpenScape,
MC, and
MP
Media
Server
LCS,
Media
OpenServe
Scape MC
MP
LCS MC
and MP
Media
Serve
OpenScape
LCS and
OpenScape
Media
Serve
MC and
MP
LCS and
MC
Media
Serve
LCS
Table E-1
E-2
Machine
C
Machine
D
Machine
E
Machine
F
Machine
G
OpenScape
MP
MP (optional)
MP (optional)
MP (optional)
Media
Serve
MC and
OpenScape
MP
MP (optional)
MP (optional)
MP (optional
LCS and
OpenScape
Media
Serve
MC
MP
MP (optional)
MP (optional)
MP (optional)
LCS
Media
Serve
OpenScape
MC
MP
MP (optional)
MP (optional)
Machine
H
MP (optional)
5454secu.fm
Nur fr den internen Gebrauch
E.2
To create a custom IPSec configuration MMC snap-in for the local computer, on which IPSec
is being configured:
1.
From the Windows desktop, click Start-> Run, and in the Open textbox, type mmc, then
click OK.
2.
3.
4.
In the Add Standalone Snap-in dialog box, click IP Security Policy Management and then
click Add.
5.
6.
7.
8.
9.
Type a name (Example: IPSecPolicies) and click OK. You will then see the IPSecPolicies
Console Root window.
E-3
5454secu.fm
E.3
Creating a New IPSec Policy for Media Server on the Media Server
Server Machine
1.
From the IPSec Configuration MMC console menu, click IP Security Policies on Local
Computer and then click Create IP Security Policy.
2.
3.
Enter a name for this policy (required) and description (optional), then click Next.
For example, Name: Siemens OpenScape V2.0 IPSec Policy.
4.
On the Requests for Secure Communication dialog box, uncheck the Activate the default response rule check box and click Next.
5.
On the Completing the IP Security policy wizard dialog box, select the Edit Properties
check box, then click Finish.
6.
7.
On the Welcome to the Create IP Security Rule Wizard dialog box, click Next.
8.
On the Tunnel Endpoint dialog box, select This rule does not specify a tunnel, then
click Next.
9.
On the Network Type dialog box, select All network connections, then click Next.
10. Windows 2000 server only. On the Authentication Method dialog box, select Active
Directory default (Kerberos V5 protocol), then click Next. Ignore this step on Windows
2003 server.
11. On the IP Filter List dialog box, click Add.
12. In the Name file, enter a name for the Media Server IP Filter List. Enter a description also
in the Description field.
13. Complete Section E.3.1, Section E.3.2, and Section E.3.3.
14. On the IP Filter List dialog box, select the newly-created filter list that you created in step
12 above, then click Next.
15. On the Filter Action dialog box, select Require Security, then click Next.
16. Windows 2003 server only. On the Authentication Method dialog box, select Active Directory default (Kerberos V5 protocol), then click Next. Ignore this step on Windows
2000 server.
17. On the Completing the New Rule Wizard dialog box, uncheck Edit Properties if it is
checked, then click Finish.
E-4
5454secu.fm
18. On the new policys properties dialog box, select the newly-created filter list that you created in step 12 above.
19. Proceed to Section E.7, Setting the Block Rule, on page E-21 to setup the Block Rule for
the Media Server.
20. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).
21. On the MMC console, right-click the newly-created IPSec security policy and select Assign. This assigns the security policy to the machine and makes it active. Now you should
see Yes under Policy Assigned.
E.3.1
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select My IP Address from the Source address dropdown menu, then click Next.
5.
On the IP Traffic Destination window, select A specific IP Address from the Destination
Address dropdown menu, and enter the IP address of the LC Server machine in the IP
address field, then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
E-5
5454secu.fm
7.
On the IP Protocol Port window, for source, select From any port. Then select To this
port and enter the trusted port number configured on LCS or 50000 (default). Click
Next.
8.
Click Finish.
9.
E.3.2
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination Address dropdown menu and enter the IP address of the LC Server machine (refer to Table
3-12 on page 3-8) in the IP address field, then click Next.
5.
On the IP Traffic Destination window, select My IP Address from the Source address
dropdown menu, then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next).
7.
On the IP Protocol Port window, for source, select From any port. Then select To this
port and enter 5060 or the port number configured on Media Server for SIP messages
from LCS. Click Next.
8.
Click Finish.
9.
E.3.3
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select My IP Address from the Source address dropdown menu, then click Next.
5.
On the IP Traffic Destination window, select A specific IP Address from the Destination
address dropdown menu. Enter the IP address of the OpenScape Server machine in the
IP Address field, then click Next.
E-6
5454secu.fm
6.
On the IP Protocol Type window, select UDP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
4321 in the blank field for the port number, then click Next.
8.
Click Finish.
9.
E-7
5454secu.fm
E.4
1.
2.
In the Name file, enter a name for the LC Server IP Filter List. Enter a description also in
the Description field.
3.
4.
If LCS and MCU are on separate servers, then complete Section E.4.3 and Section E.4.4;
otherwise, go to next step.
5.
If LCS and OpenScape are on separate servers, then complete Section E.4.5; otherwise,
go to next step.
6.
Click OK (on Windows 2003 server) or Close (on Windows 2000 server).
7.
On the IP Filter List dialog box, select the newly-created filter list that you created in step
2 above, then click Next.
8.
On the Filter Action dialog box, select Require Security, then click Next.
9.
Windows 2003 server only. On the Authentication Method dialog box, select Active Directory default (Kerberos V5 protocol), then click Next. Ignore this step on Windows
2000 server.
10. On the Completing the New Rule Wizard dialog box, uncheck Edit Properties if it is
checked, then click Finish.
11. On the new policys properties dialog box, select the newly-created filter list that you created in step 2 above.
12. Proceed to Section E.7, Setting the Block Rule, on page E-21 to setup the Block Rule for
the LC Server.
13. If you do not have a gateway in your setup, skip this step. Otherwise, if the gateway does
not support IPSec (Vegastream, Mediatrix), proceed to Section E.4.7 on page E-12; if it
does, proceed to Section E.4.6 on page E-11.
14. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).
15. On the MMC console, right-click the newly-created IPSec security policy and select Assign. This assigns the security policy to the machine and makes it active. Now you should
see Yes under Policy Assigned.
16. Continue to Section E.5 on page E-14.
E-8
5454secu.fm
E.4.1
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select My IP Address from the Source address dropdown menu, then click Next.
5.
On the IP Traffic Destination window, select A specific IP Address from the Destination
Address dropdown menu and enter the IP address of the Media Server machine (refer to
Table 3-12 on page 3-8), then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, for source, select From any port. Then select To this
port and enter 5060 or the port number configured on Media Server for SIP messages
from LCS. Click Next.
8.
Click Finish.
9.
E.4.2
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination Address dropdown menu and enter the IP address of the Media Server Machine (refer to Table 3-12 on page 3-8), then click Next.
5.
On the IP Traffic Destination window, select My IP Address from the Source address
dropdown menu, then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
the trusted port number configured on LCS or 50000 (default). Click Next.
8.
Click Finish.
E-9
5454secu.fm
9.
E.4.3
>
LCS to MCU
This section and Section E.4.4 only apply if the LCS and MCU are on separate machines.
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select My IP Address from the Source address dropdown menu, then click Next.
5.
On the IP Traffic Destination window, select A specific IP Address from the Destination
address dropdown menu. Enter the IP address of the MCU Server machine (refer to Table
3-12 on page 3-8) in the IP Address field, then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
5060 or the port number configured on the MCU server for SIP messages from LCS.
Click Next.
8.
Click Finish.
9.
E.4.4
MCU to LCS
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the MCU Server machine in the IP Address field, then click Next.
5.
On the IP Traffic Destination window, select My IP Address from the Source address
dropdown menu, then click Next.
E-10
5454secu.fm
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
the trusted port number configured on LCS or 50000 (default). Click Next.
8.
Click Finish.
9.
E.4.5
>
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select My IP Address from the Source address dropdown menu, then click Next.
5.
On the IP Traffic Destination window, select A specific IP Address from the Destination
address dropdown menu. Enter the IP address of the OpenScape Server machine in the
IP Address field, then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
21020 or the port number configured for B2BUA. Click Next.
8.
Click Finish.
9.
E.4.6
This procedure applies only when you are using a gateway that supports IPSec. Ensure to setup IPSec on the gateway by referring to the gateway manufacturers documentation.
Do not perform this step If you do not have a gateway in your setup or if your gateway does not
support IPSec.
E-11
5454secu.fm
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the gateway in the IP Address field, then
click Next.
5.
On the IP Traffic Destination window, select My IP Address from the Source address
dropdown menu, then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
the trusted port number configured on LCS or 50000 (default). Click Next.
8.
Click Finish.
9.
E.4.7
This procedure is required for gateways that does not support IPSec like Vegastream and Mediatrix. This filter allows a Gateway to connect to LCS trusted port in spite of setting the Block
Rule (Section E.7) that blocks connections to this port from any other IP addresses other than
OpenScape, MCU and Media Server.
1.
After adding the block rule from step 12 on page E-8, click Add.
2.
3.
On the Tunnel Endpoint window, select This rule does not specify a tunnel, then click
Next.
4.
On the Network Type window, select All network connections, then click Next.
5.
For Windows 2000 server only: Select Active Directory default (Kerberos V5 protocol), then click Next. This step does not appear on a Windows 2003 server
6.
7.
On the next IP Filter List window, enter Allow Gateway in the Name field. Enter a description of the new IP filter in the Description field. Then click Add.
8.
E-12
5454secu.fm
9.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
10. On the IP Traffic Source window, select A specific IP Address from the Source address
dropdown menu, then enter the IP Address of the Gateway. Click Next.
11. On the IP Traffic Destination window, select My IP Address from the Destination address dropdown menu and click Next.
12. On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
13. On the IP Protocol Port window, select From any port Then select To this port and enter
the trusted port number of the LC server. Click Next.
14. Click Finish.
15. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).
16. Check the newly-created IP Filter List radio button, Allow Gateway and click Next.
17. On the Filter Action window, select the Permit radio button and click Next.
18. Uncheck Edit Properties if it is checked and click Finish.
19. Check Allow Gateway, then click Next.
20. On the Filter Action window, select Permit, then click Next.
21. Uncheck Edit Properties if checked, then click Finish.
22. On the Properties window, check Allow Gateway if not already done.
23. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).
24. Return to step 15 on page E-8.
E-13
5454secu.fm
E.5
1.
2.
In the Name file, enter a name for the OpenScape IP Filter List. Enter a description also in
the Description field.
3.
4.
If OpenScape and LCS are on separate servers, then complete Section E.5.2; otherwise,
skip to next step.
5.
If OpenScape and MCU are on separate servers, then complete Section E.5.3; otherwise,
skip to next step.
6.
Click OK (on Windows 2003 server) or Close (on Windows 2000 server).
7.
On the IP Filter List dialog box, select the newly-created filter list that you created in step
2 above, then click Next.
8.
On the Filter Action dialog box, select Require Security, then click Next.
9.
Windows 2003 server only. On the Authentication Method dialog box, select Active Directory default (Kerberos V5 protocol), then click Next. Ignore this step on Windows
2000 server.
10. On the Completing the New Rule Wizard dialog box, uncheck Edit Properties if it is
checked, then click Finish.
11. On the new policys properties dialog box, select the newly-created filter list that you created in step 2 above.
12. Proceed to Section E.7, Setting the Block Rule, on page E-21 to setup the Block Rule for
the OpenScape Server.
13. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).
14. On the MMC console, right-click the newly-created IPSec security policy and select Assign. This assigns the security policy to the machine and makes it active. Now you should
see Yes under Policy Assigned.
15. Continue to Section E.6 on page E-17.
E.5.1
1.
2.
E-14
5454secu.fm
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the Media Server machine (refer to Table
3-12 on page 3-8) in the IP Address field, then click Next.
5.
On the IP Traffic Destination window, select My IP Address from the Source address
dropdown menu, then click Next.
6.
On the IP Protocol Type window, select UDP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
4321 in the blank field for the port number, then click Next.
8.
Click Finish.
9.
E.5.2
>
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the OpenScape Server machine (refer to
Table 3-12 on page 3-8) in the IP Address field, then click Next.
5.
On the IP Traffic Destination window, select My IP Address from the Source address
dropdown menu, then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
the LCS trusted port number or 50000 (default). Click Next.
8.
Click Finish.
9.
E-15
5454secu.fm
E.5.3
>
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the MCU Server (refer to Table 3-12 on
page 3-8) machine in the IP Address field, then click Next.
5.
On the IP Traffic Destination window, select My IP Address from the Source address
dropdown menu, then click Next.
6.
On the IP Protocol Type window, select UDP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
4321. Click Next.
8.
Click Finish.
9.
E-16
5454secu.fm
Nur fr den internen Gebrauch
E.6
1.
2.
In the Name file, enter a name for the MCU IP Filter List. Enter a description also in the
Description field.
3.
If MCU and LCS are on separate servers, then complete Section E.6.1 and Section E.6.2;
otherwise, skip to next step.
4.
If MCU and OpenScape are on separate servers, then complete Section E.6.3; otherwise,
skip to next step.
5.
If MC and MP are on separate servers, then complete Section E.6.4 and Section E.6.5;
otherwise, skip to next step.
6.
Click OK (on Windows 2003 server) or Close (on Windows 2000 server).
7.
On the IP Filter List dialog box, select the newly-created filter list that you created in step
2 above, then click Next.
8.
On the Filter Action dialog box, select Require Security, then click Next.
9.
Windows 2003 server only. On the Authentication Method dialog box, select Active Directory default (Kerberos V5 protocol), then click Next. Ignore this step on Windows
2000 server.
10. On the Completing the New Rule Wizard dialog box, uncheck Edit Properties if it is
checked, then click Finish.
11. On the new policys properties dialog box, select the newly-created filter list that you created in step 2 above.
12. Proceed to Section E.7, Setting the Block Rule, on page E-21 to setup the Block Rule for
the MCU Server.
13. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).
14. On the MMC console, right-click the newly-created IPSec security policy and select Assign. This assigns the security policy to the machine and makes it active. Now you should
see Yes under Policy Assigned.
15. Continue to the next chapter.
E.6.1
>
MCU to LCS
This section and Section E.6.2 only apply if the LCS and MCU are on separate machines.
E-17
5454secu.fm
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select My IP Address from the Source address dropdown menu, then click Next.
5.
On the IP Traffic Destination window, select A specific IP Address from the Destination
address dropdown menu. Enter the IP address of the LC Server machine (refer to Table
3-12 on page 3-8) in the IP Address field, then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
the trusted port number configured on LCS or 50000 (default). Click Next.
8.
Click Finish.
9.
E.6.2
LCS to MCU
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the LC Server machine in the IP Address
field, then click Next.
5.
On the IP Traffic Destination window, select My IP Address from the Source address
dropdown menu, then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
5060 or the port number configured on the MCU for SIP messages from LCS. Click
Next.
8.
Click Finish.
9.
E-18
5454secu.fm
Nur fr den internen Gebrauch
E.6.3
>
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select My IP Address from the Source address dropdown menu, then click Next.
5.
On the IP Traffic Destination window, select A specific IP Address from the Destination
address dropdown menu. Enter the IP address of the OpenScape Server machine (refer
to Table 3-12 on page 3-8) in the IP Address field, then click Next.
6.
On the IP Protocol Type window, select UDP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
4321. Click Next.
8.
Click Finish.
9.
E.6.4
>
MC to MP
This section and Section E.6.5 only apply if the MC and MP are on separate machines.
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the MP machine (refer to Table 3-12 on
page 3-8) in the IP Address field, then click Next.
5.
On the IP Traffic Destination window, select My IP Address from the Source address
dropdown menu, then click Next.
E-19
5454secu.fm
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
2945. Click Next.
8.
Click Finish.
9.
E.6.5
MP to MC
1.
2.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select My IP Address from the Source address dropdown menu, then click Next.
5.
On the IP Traffic Destination window, select A specific IP Address from the Destination
address dropdown menu. Enter the IP address of the MC machine (refer to Table 3-12 on
page 3-8) in the IP Address field, then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
2945. Click Next.
8.
Click Finish.
9.
E-20
5454secu.fm
Nur fr den internen Gebrauch
E.7
This mandatory configuration step must be performed to secure the trusted port of the LC Server on the LC server machine, B2BUA and license server ports on the OpenScape server machine, MCU and MEGACO ports on MCU server machine, and the Media Server port on the
Media Server machine. If this mandatory step is not performed, the LC server, B2BUA, and Media Server will be open to security breaches. This rule is set only for the Media Server, LCS,
OpenScape and MCU after the filters are set for those machines.
Complete the block rule for the specified server:
1.
2.
3.
On the Tunnel Endpoint window, select This rule does not specify a tunnel, then click
Next.
4.
On the Network Type window, select All network connections, then click Next.
5.
For Windows 2000 server only: Select Active Directory default (Kerberos V5 protocol), then click Next. This step does not appear on a Windows 2003 server.
6.
On the IP Filter List window, click Add. Then in the new window, enter Block Port as the
name of the IP Filter List. Then click Add.
7.
8.
For Windows 2003 Server only: Enter the description (optional) and keep the Mirrored
check box checked. On Windows 2000, this step is not shown.
9.
On the IP Traffic Source window, select Any IP Address from the Source address dropdown menu, then click Next.
10. On the IP Traffic Destination window, select My IP Address from the Destination address drop down menu, then click Next.
11. On the IP Protocol Type window, select port type from Table E-2 depending on the application, then click Next.
E-21
5454secu.fm
12. On the IP Protocol Port window, select From any port. Then select To this port and enter
the port number in Table E-2 depending on the application. Click Next.
Application (Server Machine)
Port Number
(refer to Table 3-13 on page 3-9)
Port Type
LC server machine
TCP
B2BUA (OpenScape)
Port # configured on B2BUA for SIP messages from LCS (default is 21020)
TCP
UDP
Media Server
TCP
MCU (MCU)
TCP
MCU (MCU)
TCP
Table E-2
5454AppF.fm
OpenScape Installation - Tools, Utilities and Hints
CheckSPN
This appendix describes the tools, utilities, and hints used to install OpenScape.
F.1
CheckSPN
CheckSPN is a utility that is available through LCS Administration tools. This utility may be used
to verify the Service Principal Name (SPN) for the system. If the SPN for a system is not registered, Kerberos communication is not possible.
To access this utility, installing the LCS Administration tools from the LCS package.
Additional information on this utility is available in the CheckSPNReadme in the Resource Kit.
F.2
MSMQ
2.
3.
4.
F.3
This GUI-based tool allows users to configure the desired RTC Settings without the need to go
into the RTC CIM repository directly. This tool should be run ONLY on those machines which
has the Microsoft Live Communications Server installed on them.
A31003-S5020-S100-1-7620, July 2004
HiPath OpenScape V2.0, Installation Guide
F-1
5454AppF.fm
USAGE:
This tool provides you with the following 8 options for perform various configuration tasks on
your LCS.
F.3.1
This option will only display the necessary RTC configuration settings that are already existing
on your LCS system. It will not create or update any settings as such. From this, you can analyze if you have the correct settings or not. If required you can copy the results from the output
screen and save it in a file for reference purposes. On the bottom of the screen youll see the
Results section which says what all settings are appropriate for OpenScape to function properly. Note: By default this tool takes the port as 50000. So, if you see a FAILED * message
succeeding it, that even though you have created a B2B communication port, it is okay, as you
can have a different non 50000 port configured on your system for OpenScape usage.
F.3.2
This option will create a new port on your LCS so that your applications can communicate with
the LCS on that port. The screen looks like this:
F-2
5454AppF.fm
Nur fr den internen Gebrauch
By default, the port value is set to 50000, which you can change as desired. Selecting the
Trusted or Un-trusted option will create this port as Trusted or Un-Trusted, respectively.
F.3.3
This option will only set an already existing RTC port to Trusted or Un-Trusted as desired.
Note: This will not create a new RTC port.
F.3.4
This option will create a new Static Route based on the information as provided in the fields on
the following screen:
F-3
5454AppF.fm
Here the default port value has been set as 5060 but you can change it to whatever you need
top set it to. Match Uri is required in the format sip:. E.g. sip:*@siemens.com because this
will be the match pattern, and Next Hop is the FQDN of the domain or machine-name.fullyqualified-domain i.e. the destination where all messages that match the pattern set in the
Match Uri to this address.
F.3.5
This option will not create any new Static Routes; instead will only set an already existing Static
Route to Trusted or un-Trusted as desired. This task you can perform from the screen as displayed below:
F-4
5454AppF.fm
Nur fr den internen Gebrauch
F.3.6
This option will help you create an new Application Uri as desired. For doing so, you will need
to provide all the information as requested in the fields as shown in the screen below:
Click Browse to browse though your system file system to get the file and location that you
may want to provide in the Script Path. This is not a mandatory field as you can have Application Uris that dont need a routing (i.e. a .am) script.
F.3.7
This option will display a question dialog box confirming to you if you really perform the re-sequence operation or not.
Click Yes to re-sequence operation on the Siemens Routing Dispatcher specific Application
Uri that already exists on your LCS system. By re-sequence, it means that it will push the Application Uri entry for Siemens Routing Dispatcher to the top of the Application Priority list in
the LCS CIM tables. This will enable all messages (for which the application or service has registered for) to be first presented to the application which has used this Application Uri to register
with the LCS. Click No to not do any re-sequence operation.
F.3.8
This option will help you configure setting on the LCS as required by OpenScape to function
properly. Only those fields for which information has been supplied by the user, those specific
settings will be performed. No other setting will be performed apart from that. This will be notified to the user in a message box in the form of a WARNING also. That way the user performing
this operation will know what all settings were done and what not. By default a few fields will be
A31003-S5020-S100-1-7620, July 2004
HiPath OpenScape V2.0, Installation Guide
F-5
5454AppF.fm
filled with default values. You can change them as desired. Note: When you have keyed in the
gateway names and/or the dial plan information, you must click + located on the right side of
the list to add it to that list. Without doing so, the Static Routes for that particular gateway will
not be created. Same case for the Global RTC Domain settings information, you must add it to
the list first and then click Perform RTC Configuration.
The screen for performing this task will look as shown in the figure below:
Click Clear to clear all contents from all fields as displayed on this screen. It will also delete and
empty the lists that you might have filled with the gateway or Global RTC Domain information.
F.4
The OpenScape Scripting Framework provides a way to add multiple users to Active Directory,
and configure and enable them as Live Communications users. Additionally, Live Communications users can be automatically converted into OpenScape users with the OpenScape Scripting Framework.
Additional administration scripts are included with the OpenScape Scripting Framework, but
are not described in this document. Refer to the documentation inside the tool.
Installation
The OpenScape Scripting Framework tool is installed during OpenScape installation and is located in the \Siemens\OpenScape\tools folder, under ScriptingFW.
F-6
5454AppF.fm
Nur fr den internen Gebrauch
The tool should be run by a Domain Administrator, or a user with permissions to read and
modify Active Directory and the OpenScape Database.
F.4.1
Adding Users
1.
Double-click OSScriptingFW.hta.
2.
3.
4.
sAMAccountName the base account name for the users (account names are indexed from 1 to number).
F-7
5454AppF.fm
telephoneNumber the base telephone number must contain only numeric digits.
5.
Verify that the data you entered is correct, then click Run Command. The following screen
will appear.
6.
You may verify that the users were created by opening Active Directory Users and Computers, expand the node representing your domain, and clicking on the newly created Organizational Unit.
F.4.2
1.
2.
3.
F-8
5454AppF.fm
Nur fr den internen Gebrauch
4.
systemID the System ID of the OpenScape server the users will be assigned to.
numericID the base OpenScape Numeric ID (5 to 12 digits). Be sure that any number in this range does not yet exist in the database.
extension (optional) the base extension number used to build the Extension secondary AOR.
did (optional) the base DID number used to build the DID secondary AOR.
Verify that the data you entered is correct, then click Run Command. The following screen
will appear.
F-9
5454AppF.fm
5.
To verify that the users were created, check the current list of OpenScape Users in Siemens OpenScape Management Console.
The Convert To OpenScape Users script can be used to convert any properly configured,
LCS enabled user into an OpenScape user by using the instructions described above. This provides system administrators with the convenience of converting large numbers of LCS enabled
users to OpenScape users quickly and automatically.
F.4.3
1.
2.
3.
F-10
5454AppF.fm
Nur fr den internen Gebrauch
4.
Verify that the data you entered is correct, then click Run Command.
5.
The following screen appears. Note the output contains the type, distinguished name in Active Directory, fully qualified hostname and version number. Depending on the type more
information is displayed such as the SystemID and SQL Server location for the OpenScape
Core Server.
F-11
5454AppF.fm
Enter Script Parameters (all optional but at least one must be checked):
hostname - search only on a specific host. Host must be in current domain. Overwrites domain checkbox. Default is localhost.
F-12
5454AppF.fm
Nur fr den internen Gebrauch
F.5
To help serviceability, this tool provides snap shot information at any time. All necessary information is preserved in a text file.
This snap shot information can be used to verify prerequisites before deploying / installing the
OpenScape application or to confirm correct installation and configuration when problems are
encountered at a later time.
This information does not need to address the internal problems and errors of the OpenScape
application, which are to be addressed by the error reporting or trace facility as developed by
the project. These error reports provide more detail and accurate information for the internal
problems of the applications.
The tool is automatically installed as part of the OpenScape main installation. For details on
how to use this tool, refer to the SOS Script Tool for Serviceability Support document located
on the KMOSS website - document # INF-04-000232.
F.6
In HiPath OpenScape V2, the user information is stored in three different places, whereas, in
V1, it was only stored in the OpenScape Core MSSQL database.
In V1 and V2, HiPath OpenScape uses LCS and Windows user information from Active Directory.
F.6.1
As in V1, the HiPath OpenScape Core MSSQL database, XpSystem, contains the main user
information stored in these two tables:
XpUser
XpUserDynamic
These tables are synchronized by a HiPath OpenScape Active Directory Connector residing on
the OpenScape Server.
To access the XpSystem database, use Microsoft SQL Enterprise Manager and connect to the
SQL instance dedicated for HiPath OpenScape. By default the default instance is used.
F.6.2
In addition to the LCS user information Active Directory now also stores HiPath OpenScape
user information. A detailed description of the schema extension can be found in Chapter 5,
Active Directory Reference.
F-13
5454AppF.fm
The main LCS user attributes in Active Directory used by HiPath OpenScape are:
The main Windows user attributes in Active Directory used by HiPath OpenScape are:
Note: Running HiPath OpenScape in Early Deployment Mode (EDM) does not require a Active
Directory schema extension. For more details, see Chapter 6, Setting up OpenScape in Early
Deployment Mode (EDM).
F.6.2.1
These Active Directory user attributes can be best viewed using ADSI Edit or LDP.exe. Both
tools are known as the Support Tools and are available on the Windows Server 2000 or Windows Server 2003 operating system CD in the \ENGLISH\WIN2003\ENT\SUPPORT\TOOLS
folder. Install the support tools by running SUPTOOLS.MSI (Support.cab in some versions).
Using ADSI Edit:
1.
Add the ADSI Edit snap-in into MMC, or just run adsiedit.msc.
2.
3.
Expand Domain, your Domain (e.g. DC=deep,DC=sea,DC=com) and the Users folder.
4.
5.
F-14
5454AppF.fm
Nur fr den internen Gebrauch
Using LDP:
1.
2.
3.
On the Connection menu, click Connect and enter the domain (e.g. deep.sea.com) and
then click OK.
4.
On the Connection menu, click Bind and then click OK. This will use the default credentials of the logged in user. If not logged in with <osinstaller> or Domain Admin, enter the
<osinstaller> account information.
5.
6.
In the left pane, browse to the desired user and view its attributes in the right pane.
F.6.2.2
In EDM mode the user attributes are stored in ADAM. The ADAM schema is created as part of
the EDM installation.
F-15
5454AppF.fm
LDP.exe usage is identical when connecting to AD or ADAM. To connect to ADAM specify the
ADAM server to connect to and bind using the <osinstaller> account.
As part of the ADAM installation ADAM ADSI Edit is installed that is equivalent to ADSI Edit
but used with ADAM. Refer to ADAM documentation for more details on ADAM ADSI Edit. Connect with <osinstaller> privileges.
F.6.3
The HiPath OpenScape Routing Dispatcher which is installed on a LC server uses five database tables that are created in the LCS (RTC) MSDE database RTC. The tables are:
OsUsers
OsHomeServer
OsAorConflicts
OsAor
OsAdcReplicationCookie
These tables are used by the RD for routing purposes and mainly contain a mapping from a
SIP URI to a HiPath OpenScape server. These tables are synchronized by a HiPath OpenScape Active Directory Connector residing on the LC server.
F.6.3.1
By default the LCS MSDE instance is named RTC. HiPath OpenScape requires the LC instance to be named RTC.
>
F-16
Note: If LCS runs on a computer with no MSSQL installed, the Client Tools Only
needs to be installed. From the MSSQL standard or enterprise edition CD, select
SQL Server 2000 Components -> Install Database Server. Go through the initial install screens until you see the following screen and select Client Tools Only. Go
through the remaining install screens and install the client tools.
5454AppF.fm
Nur fr den internen Gebrauch
To connect to the RTC database open SQL Server Enterprise Manager and do the following:
1.
2.
Right-click SQL Server Group and select New SQL Server Registration.
3.
4.
On the Register SQL Server Wizard screen, under Available servers enter the RTC
server database (i.e. computer_name\RTC). If RTC runs on the local computer, enter (LOCAL)\RTC.
5.
6.
F-17
5454AppF.fm
7.
You should now be able to navigate to the RTC database and see the above mentioned
tables.
>
F.7
Note: By default, LCS disables connecting the LCS MSDE database remotely.
Therefore, logon to the LC Server and use (local)RTC to connect to the database.
ConvertAdmins
This tool allow members of protected groups in Active Directory to be OpenScape Users.
The protected groups in Active Directory are:
Administrators
Account Operators
Server Operators
Print Operators
Backup Operators
Domain Admins
Schema Admins
Enterprise Admins
Cert Publishers
The members of these groups or users who were once a member of these groups have their
AdminCount set as 1.
For further details please refer to http://support.microsoft.com/default.aspx?kbid=817433.
F-18
5454AppF.fm
Nur fr den internen Gebrauch
F.7.1
Usage
/? Help
/L The full path of the log file, if logging is desired.
/TRUSTEE The name of the trustee to be given permissions (recommended OpenScape Admin). The format is domain\user. E.g. if the domain name is DEV the switch would be /TRUSTEE DEV\OpenScape Admin
/SQLSERVER The name of the SQL Server to read the list of OpenScape users. E.g. if the
name of the SQL Server host is SQLServ1, and the default instance is used (MSSQLSERVER),
the switch would be /SQLSEVER SQLServ1. If a named instance is used, say OSInstance1,
the switch would be /SQLSEVER SQLServ1\OSInstance1
/USERS A comma separated list of users. If this list is provided, the /SQLSERVER switch is
ignored, and the users are read from the user list. The format of the users should be in the domain\user format. E.g if user1, user2 and user3 in the DEV domain are members of protected
groups and need to be OpenScape users, the switch would be /USERS
DEV\user1,DEV2\user2,DEV\user3.
/M Represents the Mode. The user list can be provided using the /USERS switch or the users
can be read from the SQL database by providing the /SQLSERVER switch. Can have one of
the following values:
DISPLAY Providing this mode will display all users that are members of protected
groups.
F-19
5454AppF.fm
DELETE Delete all users from OpenScape database (valid only with the /SQLSERVER
switch)
ADDACE Enables the trustee to read/ write the SiemensPropertySet for such users.
DELACE Removes the ACE setting (to read/ write SiemensPropertySet) from the trustee
for such users.
DISPLAYACE It lists all such users for which the trustee has been given permissions to
read/ write SiemensPropertySet.
F.7.2
1.
Usage Scenarios
OpenScape V1 allowed members of protected groups to be OpenScape users. In OpenScape V2, this is not allowed by default. In order to upgrade from V1 to V2, these users
must be handled in one of the following ways:
a) Adding permissions to read/ write SiemensPropertySet to a trustee (such as the installer account, or the OpenScape Admin group) for these users. (user the /ADDACE
mode, the /SQLSERVER and the /TRUSTEE switches).
b) Deleting these users from OpenScape (use the /DELETE mode, the /SQLSERVER
and the /TRUSTEE switches).
2.
In order to upgrade from EDM to Production mode, the OpenScape users that are members of a protected group must be handled in one of the following ways:
a) Adding permissions to read/ write SiemensPropertySet to a trustee (such as the installer account, or the OpenScape Admin group) for these users. (user the /ADDACE
mode, the /SQLSERVER and the /TRUSTEE switches).
b) Deleting these users from OpenScape (use the /DELETE mode, the /SQLSERVER
and the /TRUSTEE switches).
3.
Before adding new OpenScape users that are members of the protected groups
a) Use the /ADDACE mode, the /TRUSTEE switch and provide the list of users using the
/USERS switch.
4.
a) Use /DELACE mode, /SQLSERVER and /TRUSTEE switch to provide the old trustee
name.
b) Use the /ADDACE mode, /SQLSERVER and /TRUSTEE switch to provide the new
trustee name.
F-20
licenses.fm
Required Licenses and Software Prerequisites
Infrastructure Components
G.1
Infrastructure Components
Server License
required?
MS Exchange Server
2000/2003
CALs
required?
CAL License
Type
Quantity
User Mode
1 Server license + 1
CAL/user
Note 1
MS LCS
Version 1.0.4949
Yes
Yes
Note 1
No
No
Note 1: If the customer is licensed for Microsoft Exchange under Software Assurance or an
Enterprise Agreement before October 1, 2003, the customer is likely already licensed for Live
Communications Server 2000. Refer to Microsoft for details as licensing provisions are subject to change at Microsofts discretion. Some helpful links are: http://www.microsoft.com/education/?id=livecommservertransition and http://www.microsoft.com/office/livecomm/howtobuy/
default.mspx.
Note 2: Active Directory Application Mode (ADAM) is a part of Microsofts fully integrated
directory services available with Windows Server 2003. ADAM can be downloaded at http://
www.microsoft.com/downloads/details.aspx?FamilyId=9688F8B9-1034-4EF6-A3E52A2A57B5C8E4&displaylang=en.
G.2
Component
Server License
required?
CALs
required?
License Type
Quantity
OpenScape Base
Package
Yes
n/a
User
G-1
licenses.fm
Component
Server License
required?
CALs
required?
License Type
Quantity
OpenScape User
Package
n/a
Yes
User
No
No
OpenScape
Routing Dispatcher
No. Included in
OpenScape
Base Package
No
n/a
n/a
MS Windows
Server 2003
Standard or Enterprise Edition
Yes
Yes
User Mode
CAL, and
Server Mode
server
MS SQL Server
2000 and SP 3
Standard or Enterprise Edition
Yes
No
Processorbased
Note 1
No
n/a
n/a
Microsoft ADAM
(refer to Note 2 in
Section G.1)
No
n/a
n/a
No
G.3
The only license needed per client is MS Windows 2000, MS Windows 2003, or MS XP Professional.
G.4
MCU
Component
Server License
required?
CALs required?
License
Type
Quantity
OpenScape MCU
No
n/a
n/a
G-2
licenses.fm
Component
Server License
required?
CALs required?
MS Windows Yes. One for each server. Up No. Only one set of
Server 2003
to 4 servers may be required CALs is sufficient to
Standard or Ento support all 288 ports
access all Win200x
terprise Edition
servers
G.5
License
Type
Quantity
Server
Routing Dispatcher
G.6
G.7
G.8
Media Server
Component
OpenScape
Media Server
Server License
required?
CALs required?
No. Included in
No CALs.
Base OpenScape Thirty Media Server
system
ports included but additional ASR/TTS
sessions licenses
may be required
CAL
License
Type
Quantity
n/a
1 ASR/TTS session
is provided in Base
OpenScape package. Up to 29 more
may be purchased.
MS Windows
2000 Advanced
Server + SP4 minimum
Standard Edition
Yes
User
n/a
Speechify TTS
Scansoft V2.0
Yes. Already in
OpenScape
product structure
No
No
n/a
G-3
licenses.fm
Component
Server License
required?
CALs required?
CAL
License
Type
Quantity
OSR Scansoft
Yes. Already in
OpenScape
product structure
No
n/a
n/a
MSDE 2000 +
SP3
No with purchase
of Win2K Server
No
n/a
n/a
VocalOS
(Vocalocity)
No with purchase
of Win2K Server
No
n/a
n/a
Note 3: According to Microsoft, the fact that no additional CALs are required for the Media
Server is based on the assumption that all access to the Media Server is directed through
OpenScape and LCS. If in the future, we decided to add features to the Media Server that may
enable direct access to it (without going through OpenScape), additional Windows CALs may
be required.
G.9
End Points
End Point
Server License
required?
CALs
required?
CAL
License Type
Quantity
OptiPoint 400
n/a
Already covered
by OpenScape
user license
n/a
n/a
Windows Messenger
Version 5.0
n/a
n/a
n/a
n/a
MS Windows 2000 or
MS Windows XP Professional
n/a
n/a
n/a
G-4
licenses.fm
G.10
This section shows three examples of OpenScape V2.0 orders and lists all the required components. The examples include some variations in Microsoft licensing agreements.
Item
Number of OpenScape users; accessible from various endpoints like multiple PCs, SIP phone, voice/self-service portals
150
90
400
72
30
150
10
25
48
24
4 x 48
70
10
100
No
Yes
Yes
Enterprise Agreement
No
No
Yes
25 user packages
15
10
25
10
25
Hourly
Hourly
Hourly
Hourly
Hourly
Hourly
Hourly
Hourly
Hourly
Customer Configuration
OpenScape Components
Microsoft Components
G-5
licenses.fm
Item
150
90
145
*Note: For the successful implementation of the HiPath OpenScape project, HiPath OpenScape Professional Services are required (refer to HOSc PS description).
G-6
5454appH.fm
Nur fr den internen Gebrauch Upgrade - Production Mode with Upgrade of Media Server
Pre-Requisites
H.1
Pre-Requisites
The domain should be in native mode. If it is in mixed mode, you need to raise its functional
level to native mode (using AD Domains and Trusts snap-in).
For System Preparation, the OpenScape Logon User (the current user logged on when
OpenScape is being installed), should be an existing Domain user.
H.2
H.2.1
Forest Preparation
For details on how to do the following steps, refer to Chapter 7, Setting Up a Forest in Production Mode.
Copy all the Forest Preparation related files from the CD.
H.2.2
For details on how to do the following steps, refer to Section 8.7, Root Domain Preparation and
Verification.
Copy all the Environment Preparation V2 related files from the CD.
H.2.3
Domain Preparation
For details on how to do the following steps, refer to Section 8.8, OpenScape System Domain
Preparation and Verification.
A31003-S5020-S100-1-7620, July 2004
HiPath OpenScape V2.0, Installation Guide
H-1
5454appH.fm
Upgrade - Production Mode with Upgrade of Media Server Software Nur fr den internen GeEnvironment Preparation for Upgrade from V1-SPCR to V2
Copy all the Environment Preparation V2 related files from the CD.
>
Note: If there is more than one OpenScape System in the same child domain, the
old OpenScape Service group has to remain as it is for V1 OpenScape to co-exist
with V2 OpenScape. Therefore, the domain prep will automatically rename the old
group to OpenScape Service V1 and copy all its members to the new group.
Only a restart of the remaining V1 systems in the same child domain is required.
H.2.4
For details on how to do the following steps, refer to Section 8.10, Root Domain Membership
and Verification.
Copy all the Environment Preparation V2 related files from the CD.
H.2.5
For details on how to do the following steps, refer to Section 8.13, OpenScape System Preparation and Verification.
H-2
Copy all the Environment Preparation V2 related files from the CD.
Before doing the System Preparation, please check the current status of the Forest
and Domains.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
5454appH.fm
Nur fr den internen GebrauchUpgrade
- Production Mode with Upgrade of Media Server SoftEnvironment Preparation for Upgrade from V1-SPCR to V2
H.2.6
For details on how to do the following steps, refer to Section 8.14, Routing Dispatcher/LCS
System Preparation and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
H.2.7
For details on how to do the following steps, refer to Section 8.17, TFA System Preparation
and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
H.2.8
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
H-3
5454appH.fm
Upgrade - Production Mode with Upgrade of Media Server Software Nur fr den internen GeUpgrade Software
H.3
Upgrade Software
H.3.1
H.3.2
H.3.3
In OpenScape V1, we might have some accounts as OpenScape Users that might have the
AdminCount attribute set in Active Directory. These accounts are members of some protected
groups in Active Directory. These accounts are protected for security reasons, and do not inherit the access rights.
These users cannot be upgraded as such from V1-V2.
To successfully upgrade users from V1 to V2, the following options are available:
Remove these admin accounts from OpenScape. This option requires OpenScape Admin
privileges.
Provide additional permissions to the OpenScape Admin group to be able to set OpenScape specific attributes of these users. In particular: Read access rights to: Public Info,
RTCPropertySet, RTCUserSearchPropertySet, SiemensOSPropertySet and write access
rights to the SiemensOSPropertySet. This option requires Domain Admin privileges.
1.
Log on as the OS Installer or a member of the OpenScape Admin group on the child domain being prepared.
2.
Copy the ConvertAdmins.exe and Interop.ActiveDS.dll files from the OpenScape EPT
folder on the CD to the OpenScape Server.
3.
4.
H-4
5454appH.fm
Nur fr den internen GebrauchUpgrade
5.
All the OpenScape Users with AdminCount as 1 will be deleted from OpenScape.
6.
To grant permissions to the OpenScape Admin group and retain these users in OpenScape, follow the instructions below:
1.
2.
3.
4.
5.
The appropriate permissions shall be granted to the OpenScape Admin group for all the
OpenScape users with AdminCount as 1.
6.
H.3.4
Install OpenScape
For details on how to do the following steps, refer to Chapter 9, Installing OpenScape.
To install a new bind, after you removed all old OpenScape applications, make sure
your system is cleaned up:
Check that all Siemens BC files are gone from the C:\Windows\Assembly folder.
Install OMC.
H.3.5
Remove RTC Extension by using the Add/Remove Programs from the Control Panel.
H-5
5454appH.fm
Upgrade - Production Mode with Upgrade of Media Server Software Nur fr den internen GeUpgrade Software
H.3.6
For details on how to do the following steps, refer to Section 9.3, Installing the OpenScape
Routing Dispatcher.
H.3.7
H.3.8
H.3.9
Be sure to be logged on as the user that installed the software before using Add/Remove Programs.
1.
From the Service Control panel, select Siemens HPCR Startup Windows Service and
stop this service. Also select Siemens HPCR StoreEventService Windows Service and
stop this service.
2.
3.
From the Control Panel > Add/Remove Programs, remove the following components:
Sun Java 2 Runtime Environment, SE V1.4.1
Realspeak and/or L&H Telecom Realspeak SAPI4 V3...
Microsoft Speech API
SpeaKING Engine SAPI4
HiPath CAP Fault Management V1.0
Microsoft SQL Server Desktop Engine (IWR)
Microsoft Internet Explorer WebControls
.NET Framework 1.1 Hotfix (KB821156)
.NET Framework 1.1
H-6
5454appH.fm
Nur fr den internen GebrauchUpgrade
d) Delete the Web Telephony Engine folder and all subfolders located at C:\Program
Files\Web Telephony Engine.
e) From the Control Panel > Add/Remove Programs, remove the Web Telephony Engine
instance.
H.3.10
For details on how to do the following steps, refer to Section 8.15, Media Server System Preparation and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
H.3.11
H.3.12
H.3.13
H-7
5454appH.fm
Upgrade - Production Mode with Upgrade of Media Server Software Nur fr den internen GeUpgrade Software
H.3.14
After upgrading all OpenScape Systems in this domain to V2, the following groups and accounts are no longer needed:
Account <SystemID>OSsrv
Delete the group and account using the AD Users and Computers Snap-in.
The phones may need to be rebooted after an upgrade is done.
H-8
5454appI.fm
Nur fr den internen GebrauchUpgrade - Production Mode with Re-Install of Media Server
Pre-Requisites
I.1
Pre-Requisites
The domain should be in native mode. If it is in mixed mode, you need to raise its functional
level to native mode (using AD Domains and Trusts snap-in).
For System Preparation, the OpenScape Logon User (the current user logged on when
OpenScape is being installed), should be an existing Domain user.
I.2
I.2.1
Forest Preparation
For details on how to do the following steps, refer to Chapter 7, Setting Up a Forest in Production Mode.
Copy all the Forest Preparation related files from the CD.
I.2.2
For details on how to do the following steps, refer to Section 8.7, Root Domain Preparation and
Verification.
Copy all the Environment Preparation V2 related files from the CD.
I.2.3
Domain Preparation
For details on how to do the following steps, refer to Section 8.8, OpenScape System Domain
Preparation and Verification.
A31003-S5020-S100-1-7620, July 2004
HiPath OpenScape V2.0, Installation Guide
I-1
5454appI.fm
Upgrade - Production Mode with Re-Install of Media Server PC Nur fr den internen Gebrauch
Environment Preparation for Upgrade from V1-SPCR to V2
Copy all the Environment Preparation V2 related files from the CD.
>
Note: If there is more than one OpenScape System in the same child domain, the
old OpenScape Service group has to remain as it is for V1 OpenScape to co-exist
with V2 OpenScape. Therefore, the domain prep will automatically rename the old
group to OpenScape Service V1 and copy all its members to the new group.
Only a restart of the remaining V1 systems in the same child domain is required.
I.2.4
For details on how to do the following steps, refer to Section 8.10, Root Domain Membership
and Verification.
Copy all the Environment Preparation V2 related files from the CD.
I.2.5
For details on how to do the following steps, refer to Section 8.13, OpenScape System Preparation and Verification.
I-2
Copy all the Environment Preparation V2 related files from the CD.
Before doing the System Preparation, please check the current status of the Forest
and Domains.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
5454appI.fm
Nur fr den internen Gebrauch
I.2.6
For details on how to do the following steps, refer to Section 8.14, Routing Dispatcher/LCS
System Preparation and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
I.2.7
For details on how to do the following steps, refer to Section 8.17, TFA System Preparation
and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
I.2.8
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
I-3
5454appI.fm
Upgrade - Production Mode with Re-Install of Media Server PC Nur fr den internen Gebrauch
Upgrade Software
I.3
Upgrade Software
I.3.1
I.3.2
I.3.3
In OpenScape V1, we might have some accounts as OpenScape Users that might have the
AdminCount attribute set in Active Directory. These accounts are members of some protected
groups in Active Directory. These accounts are protected for security reasons, and do not inherit the access rights.
These users cannot be upgraded as such from V1-V2.
To successfully upgrade users from V1 to V2, the following options are available:
Remove these admin accounts from OpenScape. This option requires OpenScape Admin
privileges.
Provide additional permissions to the OpenScape Admin group to be able to set OpenScape specific attributes of these users. In particular: Read access rights to: Public Info,
RTCPropertySet, RTCUserSearchPropertySet, SiemensOSPropertySet and write access
rights to the SiemensOSPropertySet. This option requires Domain Admin privileges.
1.
Log on as the OS Installer or a member of the OpenScape Admin group on the child domain being prepared.
2.
Copy the ConvertAdmins.exe and Interop.ActiveDS.dll files from the OpenScape EPT
folder on the CD to the OpenScape Server.
3.
4.
I-4
5454appI.fm
Nur fr den internen Gebrauch
5.
All the OpenScape Users with AdminCount as 1 will be deleted from OpenScape.
6.
To grant permissions to the OpenScape Admin group and retains these users in OpenScape, follow the instructions below:
1.
2.
3.
4.
5.
The appropriate permissions shall be granted to the OpenScape Admin group for all the
OpenScape users with AdminCount as 1.
6.
I.3.4
Install OpenScape
For details on how to do the following steps, refer to Chapter 9, Installing OpenScape.
To install a new bind, after you removed all old OpenScape applications, make sure
your system is cleaned up:
Check that all Siemens BC files are gone from the C:\Windows\Assembly folder.
Install OMC.
I.3.5
Install MCU.
Remove RTC Extension by using the Add/Remove Programs from the Control Panel.
I-5
5454appI.fm
Upgrade - Production Mode with Re-Install of Media Server PC Nur fr den internen Gebrauch
Upgrade Software
I.3.6
For details on how to do the following steps, refer to Section 9.3, Installing the OpenScape
Routing Dispatcher.
I.3.7
I.3.8
I.3.9
Stop the Siemens HPCR Startup Windows Service. Then, stop the MSSQL$IWR
service.
Copy the following files from C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Data to a safe location such as a network server:
I.3.10
iwrdb.mdf
iwrdb_log.ldf
IwrReport.mdf
IwrReport_log.ldf
Go back to the Services Management. Start the MSSQL$IWR service and the Siemens HPCR Startup Windows Service.
Each application created in the Media Server has a corresponding folder on the Server. The
following process backs up the folders for the customer-created applications.
I-6
5454appI.fm
Nur fr den internen Gebrauch
Open the Media Server System Administrator via the Start > Programs > Siemens
OpenScape > OpenScape Media Server > Media Server Administration.
Click Custom.
Write down all the application names of the applications listed under Application
Name.
Write down all the application names of the applications listed under Application
Name.
To save the application folder of the user created application, do the following:
For each of the application names that were written down, copy each of the folders with
that same name. Make sure all the files and folders beneath it are copied too.
Save the folders to a safe location such as a network server that is not on the Media
Server machine.
Save any additional files (.wav, .xml, .vxml, etc.) not stored in the application folder that are
used by the application. To know if an application uses additional files, do the following:
Click view.
Click on a step.
See if there is a file listed in URL. If so, locate the file. Save the path to the file and then
save file to a safe location. If the file is already located in a safe location, then there is
no need to save it again. But, save the path to the safe location so that later that connection to the location can be restored and verified.
I.3.11
The Media Server contains reports that the user generates. The following process backs up the
report files.
A31003-S5020-S100-1-7620, July 2004
HiPath OpenScape V2.0, Installation Guide
I-7
5454appI.fm
Upgrade - Production Mode with Re-Install of Media Server PC Nur fr den internen Gebrauch
Upgrade Software
Copy the report files that you want to save to a safe location such as a network server.
I.3.12
Reinstall the Operating System on the Media Server PC. After the PC is reinstalled, please refer to the Media Server Installation document for installing the Windows Components (Chapter
3) and the pre-installation checklist (Chapter 4).
I.3.13
For details on how to do the following steps, refer to Section 8.15, Media Server System Preparation and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
I.3.14
I.3.15
After installing the third party software, do the following steps to restore the database:
Create a new folder iwr_save in the folder C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Data.
Go to the safe backup location where the database files (iwrdb.mdf, iwrdb_log.ldf, IwrReport.mdf, and IwrReport_log.ldf) are stored and copy the files.
I.3.16
I-8
5454appI.fm
Nur fr den internen Gebrauch
Note: Before installing, be sure that Section I.3.15, Restoring the Media Server Database is
completed.
I.3.17
After installing the Media Server, do the following steps to restore the customer-created Applications:
Go to the safe location where the customer-created application folders are stored.
Copy each of the customer-created application folders (and all files and folders beneath it) into the Applications folder located at C:\Program Files\Siemens\IWR\www\IWR\Applications.
Note: Do not overwrite anything in the Application folder on the new machine.
This copy operation restores all customer-created application folders without disturbing the folders that were installed as a part of Media Server. If the copy operation advises you that a folder already exists on the target, or asks for permission to overwrite
an existing folder or file, answer No.
Restore any additional files to their original location (with the exact path that they had
originally). For the files that were already saved to a safe location, make sure the connection to that location is restored.
To verify that the applications were copied properly, open the System Administrator
Application (Start > Programs > Siemens OpenScape > OpenScape Media Server >
Media Server Administration). Click on Application Builder. Click on either Custom or
Word Web. The applications should be there. View the steps and all the properties of
each application, including any media files (.HTML, .WAV, .TXT, etc.) associated with
each application.
I.3.18
After installing the Media Server software, do the following steps to restore the report files.
To verify that the report files were copied properly, open the System Administrator Application:
I-9
5454appI.fm
Upgrade - Production Mode with Re-Install of Media Server PC Nur fr den internen Gebrauch
Upgrade Software
I.3.19
After upgrading all OpenScape Systems in this domain to V2, the following groups and accounts are no longer needed:
Account <SystemID>OSsrv
Delete the group and account using the AD Users and Computers Snap-in.
The phones may need to be rebooted after an upgrade is done.
I-10
5454appJ.fm
Nur fr den internen Gebrauch Upgrade - Early Deployment Mode with Upgrade of Media
Pre-Requisites
J.1
Pre-Requisites
The domain should be in native mode. If it is in mixed mode, you need to raise its functional
level to native mode (using AD Domains and Trusts snap-in).
For System Preparation, the OpenScape Logon User (the current user logged on when
OpenScape is being installed), should be an existing Domain user.
J.2
J.2.1
For details on how to do the following steps, refer to Section 8.7, Root Domain Preparation and
Verification.
Copy all the Environment Preparation V2 related files from the CD.
J.2.2
Domain Preparation
For details on how to do the following steps, refer to Section 8.8, OpenScape System Domain
Preparation and Verification.
Copy all the Environment Preparation V2 related files from the CD.
J-1
5454appJ.fm
Upgrade - Early Deployment Mode with Upgrade of Media Server Software Nur fr den inEnvironment Preparation for Upgrade from V1-SPCR to V2
>
Note: If there is more than one OpenScape System in the same child domain, the
old OpenScape Service group has to remain as it is for V1 OpenScape to co-exist
with V2 OpenScape. Therefore, the domain prep will automatically rename the old
group to OpenScape Service V1 and copy all its members to the new group.
Only a restart of the remaining V1 systems in the same child domain is required.
J.2.3
For details on how to do the following steps, refer to Section 8.10, Root Domain Membership
and Verification.
Copy all the Environment Preparation V2 related files from the CD.
J.2.4
For details on how to do the following steps, refer to Section 8.18, EDM System Preparation
and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite)
J.2.5
For details on how to do the following steps, refer to Section 8.13, OpenScape System Preparation and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Before doing the System Preparation, please check the current status of the Forest
and Domains.
J-2
5454appJ.fm
Nur fr den internen GebrauchUpgrade - Early Deployment Mode with Upgrade of Media Server
Edit the Config.xml file (if you did not complete the file as a prerequisite).
J.2.6
For details on how to do the following steps, refer to Section 8.14, Routing Dispatcher/LCS
System Preparation and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
J.2.7
For details on how to do the following steps, refer to Section 8.17, TFA System Preparation
and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
J.2.8
Copy all the Environment Preparation V2 related files from the CD.
J-3
5454appJ.fm
Upgrade - Early Deployment Mode with Upgrade of Media Server Software Nur fr den inUpgrade Software
Edit the Config.xml file (if you did not complete the file as a prerequisite).
J.3
Upgrade Software
J.3.1
J.3.2
J.3.3
In OpenScape V1, we might have some accounts as OpenScape Users that might have the
AdminCount attribute set in Active Directory. These accounts are members of some protected
groups in Active Directory. These accounts are protected for security reasons, and do not inherit the access rights.
These users cannot be upgraded as such from V1-V2.
To successfully upgrade users from V1 to V2, the following options are available:
Remove these admin accounts from OpenScape. This option requires OpenScape Admin
privileges.
Provide additional permissions to the OpenScape Admin group to be able to set OpenScape specific attributes of these users. In particular: Read access rights to: Public Info,
RTCPropertySet, RTCUserSearchPropertySet, SiemensOSPropertySet and write access
rights to the SiemensOSPropertySet. This option requires Domain Admin privileges.
J-4
5454appJ.fm
Nur fr den internen GebrauchUpgrade - Early Deployment Mode with Upgrade of Media Server
Upgrade Software
1.
Log on as the OS Installer or a member of the OpenScape Admin group on the child domain being prepared.
2.
3.
4.
5.
All the OpenScape Users with AdminCount as 1 will be deleted from OpenScape.
6.
To grant permissions to the OpenScape Admin group and retains these users in OpenScape, follow the instructions below:
1.
2.
3.
4.
5.
The appropriate permissions shall be granted to the OpenScape Admin group for all the
OpenScape users with AdminCount as 1.
6.
J.3.4
For EDM Server installation please refer to Section 6.4, EDM Installation.
Installation of OpenScape will copy the OpenScape V1 user into ADAM to upgrade them to V2
users.
J.3.5
Install OpenScape
For details on how to do the following steps, refer to Chapter 9, Installing OpenScape.
J-5
5454appJ.fm
Upgrade - Early Deployment Mode with Upgrade of Media Server Software Nur fr den inUpgrade Software
To install a new bind, after you removed all old OpenScape applications, make sure
your system is cleaned up:
Install OMC.
J.3.6
Install MCU.
Remove RTC Extension by using the Add/Remove Programs from the Control Panel.
J.3.7
For details on how to do the following steps, refer to Section 9.3, Installing the OpenScape
Routing Dispatcher.
J.3.8
J.3.9
J.3.10
Be sure to be logged on as the user that installed the software before using Add/Remove Programs.
1.
From the Service Control panel, select Siemens HPCR Startup Windows Service and
stop this service. Also select Siemens HPCR StoreEventService Windows Service and
stop this service.
2.
J-6
5454appJ.fm
Nur fr den internen GebrauchUpgrade - Early Deployment Mode with Upgrade of Media Server
Upgrade Software
Save the database when prompted (recommended).
3.
From the Control Panel > Add/Remove Programs, remove the following components:
Sun Java 2 Runtime Environment, SE V1.4.1
Realspeak and/or L&H Telecom Realspeak SAPI4 V3...
Microsoft Speech API
SpeaKING Engine SAPI4
HiPath CAP Fault Management V1.0
Microsoft SQL Server Desktop Engine (IWR)
Microsoft Internet Explorer WebControls
.NET Framework 1.1 Hotfix (KB821156)
.NET Framework 1.1
.NET Framework 1.0 (if installed)
4.
d) Delete the Web Telephony Engine folder and all subfolders located at C:\Program
Files\Web Telephony Engine.
e) From the Control Panel > Add/Remove Programs, remove the Web Telephony Engine
instance.
J.3.11
For details on how to do the following steps, refer to the OpenScape Installation document
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
J-7
5454appJ.fm
Upgrade - Early Deployment Mode with Upgrade of Media Server Software Nur fr den inUpgrade Software
J.3.12
J.3.13
J.3.14
J.3.15
After upgrading all OpenScape Systems in this domain to V2, the following groups and accounts are no longer needed:
Account <SystemID>OSsrv
Delete the group and account using the AD Users and Computers Snap-in.
The phones may need to be rebooted after an upgrade is done.
J-8
5454appK.fm
Nur fr den internen Gebrauch Upgrade - Early Deployment Mode with Re-Install of Media
Pre-Requisites
K.1
Pre-Requisites
The domain should be in native mode. If it is in mixed mode, you need to raise its functional
level to native mode (using AD Domains and Trusts snap-in).
For System Preparation, the OpenScape Logon User (the current user logged on when
OpenScape is being installed), should be an existing Domain user.
K.2
K.2.1
For details on how to do the following steps, refer to Section 8.7, Root Domain Preparation and
Verification.
Copy all the Environment Preparation V2 related files from the CD.
K.2.2
Domain Preparation
For details on how to do the following steps, refer to Section 8.8, OpenScape System Domain
Preparation and Verification.
Copy all the Environment Preparation V2 related files from the CD.
K-1
5454appK.fm
>
Note: If there is more than one OpenScape System in the same child domain, the
old OpenScape Service group has to remain as it is for V1 OpenScape to co-exist
with V2 OpenScape. Therefore, the domain prep will automatically rename the old
group to OpenScape Service V1 and copy all its members to the new group.
Only a restart of the remaining V1 systems in the same child domain is required.
K.2.3
For details on how to do the following steps, refer to Section 8.10, Root Domain Membership
and Verification.
Copy all the Environment Preparation V2 related files from the CD.
K.2.4
For details on how to do the following steps, refer to Section 8.18, EDM System Preparation
and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
K.2.5
For details on how to do the following steps, refer to Section 8.13, OpenScape System Preparation and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Before doing the System Preparation, please check the current status of the Forest
and Domains.
K-2
5454appK.fm
Nur fr den internen GebrauchUpgrade - Early Deployment Mode with Re-Install of Media Serv-
Edit the Config.xml file (if you did not complete the file as a prerequisite).
K.2.6
For details on how to do the following steps, refer to Section 8.14, Routing Dispatcher/LCS
System Preparation and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
K.2.7
For details on how to do the following steps, refer to Section 8.17, TFA System Preparation
and Verification.
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
K.2.8
Copy all the Environment Preparation V2 related files from the CD.
K-3
5454appK.fm
Edit the Config.xml file (if you did not complete the file as a prerequisite).
K.3
Upgrade Software
K.3.1
Backup the OpenScape DB Using the OMC (use help if needed).Uninstall OpenScape
and keep the Database.
K.3.2
K.3.3
In OpenScape V1, we might have some accounts as OpenScape Users that might have the
AdminCount attribute set in Active Directory. These accounts are members of some protected
groups in Active Directory. These accounts are protected for security reasons, and do not inherit the access rights.
These users cannot be upgraded as such from V1-V2.
To successfully upgrade users from V1 to V2, the following options are available:
K-4
Remove these admin accounts from OpenScape. This option requires OpenScape Admin
privileges.
5454appK.fm
Nur fr den internen GebrauchUpgrade - Early Deployment Mode with Re-Install of Media Serv-
Upgrade Software
Provide additional permissions to the OpenScape Admin group to be able to set OpenScape specific attributes of these users. In particular: Read access rights to: Public Info,
RTCPropertySet, RTCUserSearchPropertySet, SiemensOSPropertySet and write access
rights to the SiemensOSPropertySet. This option requires Domain Admin privileges.
1.
Log on as the OS Installer or a member of the OpenScape Admin group on the child domain being prepared.
2.
3.
4.
5.
All the OpenScape Users with AdminCount as 1 will be deleted from OpenScape.
6.
To grant permissions to the OpenScape Admin group and retains these users in OpenScape, follow the instructions below:
1.
2.
3.
4.
5.
The appropriate permissions shall be granted to the OpenScape Admin group for all the
OpenScape users with AdminCount as 1.
6.
K.3.4
For EDM Server installation please refer to Section 6.4, EDM Installation.
K-5
5454appK.fm
Installation of OpenScape will copy the OpenScape V1 user into ADAM to upgrade them to V2
users.
K.3.5
Install OpenScape
For details on how to do the following steps, refer to Chapter 9, Installing OpenScape.
To install a new bind, after you removed all old OpenScape applications, make sure
your system is cleaned up:
Install OMC.
K.3.6
Install MCU.
Remove RTC Extension by using the Add/Remove Programs from the Control Panel.
K.3.7
For details on how to do the following steps, refer to Section 9.3, Installing the OpenScape
Routing Dispatcher.
K.3.8
K.3.9
K.3.10
K-6
5454appK.fm
Nur fr den internen GebrauchUpgrade - Early Deployment Mode with Re-Install of Media Serv-
Upgrade Software
Stop the Siemens HPCR Startup Windows Service. Then, stop the MSSQL$IWR
service.
Copy the following files from C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Data to a safe location such as a network server:
K.3.11
iwrdb.mdf
iwrdb_log.ldf
IwrReport.mdf
IwrReport_log.ldf
Go back to the Services Management. Start the MSSQL$IWR service and the Siemens HPCR Startup Windows Service.
Each application created in the Media Server has a corresponding folder on the Server. The
following process backs up the folders for the customer-created applications.
Open the Media Server System Administrator via the Start > Programs > Siemens
OpenScape > OpenScape Media Server > Media Server Administration.
Click Custom.
Write down all the application names of the applications listed under Application
Name.
Write down all the application names of the applications listed under Application
Name.
To save the application folder of the user created application, do the following:
For each of the application names that were written down, copy each of the folders with
that same name. Make sure all the files and folders beneath it are copied too.
K-7
5454appK.fm
Save the folders to a safe location such as a network server that is not on the Media
Server machine.
Save any additional files (.wav, .xml, .vxml, etc.) not stored in the application folder that are
used by the application. To know if an application uses additional files, do the following:
Click view.
Click on a step.
See if there is a file listed in URL. If so, locate the file. Save the path to the file and then
save file to a safe location. If the file is already located in a safe location, then there is
no need to save it again. But, save the path to the safe location so that later that connection to the location can be restored and verified.
K.3.12
The Media Server contains reports that the user generates. The following process backs up the
report files.
Copy the report files that you want to save to a safe location such as a network server.
K.3.13
Reinstall the Operating System on the Media Server PC. After the PC is reinstalled, please refer to the Media Server Installation document for installing the Windows Components (Chapter
3) and the pre-installation checklist (Chapter 4).
K.3.14
For details on how to do the following steps, refer to Section 8.15, Media Server System Preparation and Verification.
K-8
5454appK.fm
Nur fr den internen GebrauchUpgrade - Early Deployment Mode with Re-Install of Media Serv-
Upgrade Software
Copy all the Environment Preparation V2 related files from the CD.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
K.3.15
K.3.16
After installing the third party software, do the following steps to restore the database:
Create a new folder iwr_save in the folder C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Data.
Go to the safe backup location where the database files (iwrdb.mdf, iwrdb_log.ldf, IwrReport.mdf, and IwrReport_log.ldf) are stored and copy the files.
K.3.17
K.3.18
After installing the Media Server, do the following steps to restore the customer-created Applications:
Go to the safe location where the customer-created application folders are stored.
Copy each of the customer-created application folders (and all files and folders beneath it) into the Applications folder located at C:\Program Files\Siemens\IWR\www\IWR\Applications.
K-9
5454appK.fm
Note: Do not overwrite anything in the Application folder on the new machine.
This copy operation restores all customer-created application folders without disturbing the folders that were installed as a part of Media Server. If the copy operation advises you that a folder already exists on the target, or asks for permission to overwrite
an existing folder or file, answer No.
Restore any additional files to their original location (with the exact path that they had
originally). For the files that were already saved to a safe location, make sure the connection to that location is restored.
To verify that the applications were copied properly, open the System Administrator
Application (Start > Programs > Siemens OpenScape > OpenScape Media Server >
Media Server Administration). Click on Application Builder. Click on either Custom or
Word Web. The applications should be there. View the steps and all the properties of
each application, including any media files (.HTML, .WAV, .TXT, etc.) associated with
each application.
K.3.19
After installing the Media Server software, do the following steps to restore the report files.
To verify that the report files were copied properly, open the System Administrator Application:
K.3.20
After upgrading all OpenScape Systems in this domain to V2, the following groups and accounts are no longer needed:
Account <SystemID>OSsrv
Delete the group and account using the AD Users and Computers Snap-in.
The phones may need to be rebooted after an upgrade is done.
K-10
5454abbr.fm
Nur fr den internen Gebrauch
List of Abbreviations
List of Abbreviations
Definition
AD
Active Directory
ADAM
ASR
CA
Certificate Authority
CLT
EDM
FQDN
IPSec
IP Security Protocol
LCS
MCU
MC
Multipoint Controller
MP
Media Processor
MSMQ
OMC
PKI
Root CA
RD
Routing Dispatcher
SIP
TCP
TFA
TLS
TTS
Text-to-Speech
Windows Messenger
WM
Y-1
5454abbr.fm
List of Abbreviations
Y-2
5454IX.fm
Index
Index
configuration
minimum complete server 2-5
Configuring
DNS Server 12-5
LCS Route 12-6
MC SIP 12-5
MCU SipURI 12-4
configuring
OpenScape certificate 10-3
SMTP server 10-5
WM client 4-4
Configuring Certificates A-2
Configuring Profiles for SIP Phones 16-5
Configuring the Account Security Privileges in
the Exchange Server Stores B-1
Configuring the RTCService Account 4-4
ConvertAdmins F-18
CRDirect C-1
creating
custom MMC console E-3
new IPSec policy E-4, E-8, E-14, E-17
Creating an SRV Record on DNS A-6
CRForward C-2
Access Rights
OpenScape Database D-6
WMI CIM Repository D-6
Account Check 9-4
account requirements
for OpenScape management 3-12
Account Security Privileges B-1
Active Directory
Attribute Definitions 5-4
Attributes and Objects 5-1
Attributes and Objects Hierarchy 5-2
Class Definitions 5-5
Environment Recommendations 5-1
adding filters from MP to MC E-20
Adding Users A-1
Application Server Mode 9-3
Assigning OpenScape Phones from Unassigned Phones 16-6
E
Early Deployment Mode 2-5, 3-5, G-3
Early Deployment Mode or Production Mode
5-7
Z-1
5454IX.fm
Index
F
feedback, documentation 1-3
firewall requirements 9-4
Forwarding Rule Target C-3
G
Gateway permit rule E-12
H
hardware
recommendations 3-5
hardware requirements 3-1
High Traffic Call Model 3-6
I
imported AD users 3-11
Importing
SIP Phone Certificate 16-1
infrastructure
requirements 3-1
Infrastructure Components 2-4
Installation Requirements
EDM 6-2
Installing
Microsoft Hotfix 10-2
OMC 10-1
OpenScape 9-9
installing
OMC package 10-2
OpenScape Client 15-1
Z-2
L
LC Server 2-3
LC Server Certificate 16-2
LCS
setup checklist and troubleshooting 4-6
LCS (RTC) MSDE Database F-16
LCS Route 12-6
LCS, local machine groups 4-2
licenses 2-13
non-OpenScape 2-18
local machine groups 4-2
M
MC SIP 12-5
MCU
installation checklist 12-1
requirements 3-4
MCU SipURI 12-4
MCU System Preparation and Verification 833
Media Server 3-4
Media Server System Preparation and Verification 8-30
Microsoft .NET Framework V1.1 2-3
Microsoft Hotfix 10-2
Migrating from ADAM to Active Directory 6-5
MIgrating from EDM to Production Mode 6-4
minimum complete server
configuration 2-5
MMC console E-3
MSMQ F-1
N
Namespace Permissions 3-13
Non-OpenScape licenses 2-18
Non-Siemens system components
MS SQL Server 3-2
Normal Traffic Call Model 3-5
5454IX.fm
Index
P
passwords for the OpenScape services 3-11
Permissions
Domain-DNS Object D-5
EDM Server D-6
Service Connection Point D-6
Permissions on AD Objects D-5
permit rule for Gateway E-12
Phone Discovery 16-7
Portal Access 9-4
Ports and Routes 9-6
ports and routes 9-6
Problems Uninstalling OpenScape A-5
Production Mode 2-5
Production Mode with Re-installation of Media Server PC 2-1
Production Mode with Upgrade of Media
Server Software 2-1
S
Schedule+FreeBusy Information B-6
SDK Applications 11-1
Security Troubleshooting 14-1
Server Information 3-8
setting up
user and administrator cross-functionality
9-3
WM client 4-2
siemensOSDomain 5-6
siemensOSGlobalContainer 5-6
siemensOSServiceConnectionPoint 5-6
siemensOSServices 5-5
siemensOSTrustedService 5-6
SIP Phone Certificate 16-1
Creating and Issuing A-7
Locating and Exporting A-10
Requesting A-9
SIP Phone Discovery 16-7
SIP Phones, obtaining a certificate 16-1
SMTP server 10-5
Z-3
5454IX.fm
Index
T
Terminal Services service 9-3
testing
with Windows Messenger 4-3
TFA System Preparation and Verification 835
Trace File Accumulator 2-2, 3-4, 14-2, G-3
Troubleshooting
Security 14-1
Unintstalling OpenScape A-5
WebDAV B-1
WebDav B-1
Windows Messenger
client configuration 4-4
installing 4-2, 4-4
setting up 4-2
testing with 4-3
uninstalling 4-3
Windows Messenger (WM) Client 4-2
Windows Server 2003 Terminal Services 9-2
WSE2.0 for SDK 3-3
X
XML File 8-8, 8-22
XpSystem F-13
U
uninstalling
Windows Messenger 4-3
Upgrade - Early Deployment Mode with ReInstall of Media Server PC K-1
Upgrade - Early Deployment Mode with Upgrade of Media Server Software J-1
Upgrade - Production Mode with Re-Install of
Media Server PC I-1
Upgrade - Production Mode with Upgrade of
Media Server Software H-1
Upgrades from V1 SPCR to V2 2-1
User Creation via OpenScape Management
A-1
User Creation via Script A-1
users
imported AD 3-11
V
verifying
server infrastructure 9-5
virus detection 9-4
W
Web Service Enhancements 2-4
Z-4
www.siemens.com/hipath
The information provided in this document contains merely general descriptions or characteristics of performance which in case of actual use do
not always apply as described or which may change as a result of further
development of the products.
An obligation to provide the respective characteristics shall only exist if
expressly agreed in the terms of contract.
*1PA31003-S5020-S100-1-7620*