Avaya Mobile Communication Gateway 3100 User Manual

Download

Page 1

Nortel Mobile Communication 3100

Nortel Mobile Communication 3100 Administration and Security

Release: 3.0 Document Revision: 03.08

www.nortel.com

NN42030-600

Page 2

Nortel Mobile Communication 3100 Release: 3.0 Publication: NN42030-600 Document release date: 17 July 2009

agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are subject to change without notice.

Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks. All other trademarks are the property of their respective owners.

Page 3

Contents

New in this release 7

Features 7

Other changes 8

Introduction 11

References 12

Using the MC 3100 Web Console 13

Overview 13

Logging on to the MC 3100 Web Console as an administrator 15

Logging on to the MC 3100 Web Console as a user 18 Changing the MC 3100 Web Console password 18

Administration 21

Administration enhancements 7 User interface enhancements 8

MC 3100 Web Console buttons 13

Logging on to the standalone MC 3100 Web Console as an administrator 16

Gateway administration 23

Adding an MCG 3100 server 23 Deleting an MCG 3100 server 24 Locking and unlocking an MCG 3100 server 25 Configuring the Gateway settings 26 Configuring the dial plan conversion parameters 32 Configuring the device settings 33 Configuring the emergency telephone numbers 37 Configuring the Administration server port settings 37 Adding a license file 38 Checking Gateway server statistics 40 Checking Gateway server status 42 Checking Gateway server license file information 45 Managing the server processes from the Web Console 46 Managing the server processes from the command line 47

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 4

Mobile client administration 49

Client upgrade methods 49 Uploading the mobile client software files 53 Deleting files in the software repository 54 Filtering the mobile client software files 54 Downloading software files as Administrator 55 Downloading client software from the software repository to a computer 56 Tracking license usage 57 Installing or upgrading the MCC 3100 for BlackBerry using the BlackBerry

Enterprise Server 58 Checking Instant Conferencing status 59 Client language support 60

User administration 61

Configuring user parameters for autoconfiguration 61 Filtering users 62 Logging off users 63 Removing users 63 Clearing a user message 64 Checking user status 64 Checking user statistics 67

Security 69 Server certificate management 71

Enrolling with a CA 73 Generating a CSR for MCG 3100 Gateway Server 74 Generating a CSR for MCG 3100 Administration Server 76 Obtaining a signed certificate 78 Obtaining the CA signed SSL/TLS certificate for MCG 3100 Gateway Server 79 Obtaining the CA-signed certificate for the MCG 3100 Administration Server 79 Installing the root and signed certificates on the MCG 3100 Gateway Server 80 Installing the root and signed certificates on the Administration Server 81 Copy single server keystore 82

Client certificate management 83

Installing a root certificate on a Nokia device 83 Installing a root certificate on a Windows Mobile device 84 Installing a root certificate on a BlackBerry device in the non-BES

configuration 85

Server certificate administration 87

Changing the certificate keystore default password 87 Generating a self-signed certificate for MCG 3100 Gateway Server 89 Generating a self-signed certificate for MCG 3100 Administration Server 91

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 5

Maintenance 95

Backing up the MCG 3100 server databases 95 Restoring the MCG 3100 server databases 96 Checking the MCG 3100 Software Version 97 Sending a system notification to all users 97 Sending a system notification to individual users 98 Network configuration changes 98

Common procedures 101

Accessing the server command line as nortel 101 Accessing the server command line as superuser 101

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 6

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 7

New in this release

The following sections detail what’s new in Nortel Mobile Communication 3100 Administration and Security (NN42030-600) for Mobile

Communication 3100 (MC 3100) Release 3.0.

•

"Features" (page 7)

•

"Other changes" (page 8)

Features

The following sections describe the features introduced for MC 3100 Release 3.0.

•

"Administration enhancements" (page 7)

•

"User interface enhancements" (page 8)

Administration enhancements

The Enterprise Common Manager (ECM) integrates the MC 3100 Web Console tools with the Nortel Enterprise Management tools to simplify MC 3100 administration. The ECM:

• Launches the administrative user interface

•

Permits single-sign-on

•

Performs certificate generation and distribution

• Integrates with the Enterprise Subscriber Manager to create fixed

mobile convergence line (FMCL) universal extensions (UEXTs) for MC 3100 users

For information about the interworking of the MC 3100 and ECM, see

Nortel Mobile Communication 3100 and Communication Server 1000 Solution Integration Guide (NN49000-315).

Attention: MC 3100 release 3.0 SU130 and higher does not support ECM integration.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 8

8 New in this release

User interface enhancements

The Web Console contains new parameters to support MC 3100 Release 3.0.

Other changes

This document is issued to support MC 3100 Release 3.0. This document was restructured to conform to Modular Task-Based

Information standards. The port tables moved to Nortel Mobile Communication 3100 Planning and Engineering (NN42030-200).

Revision history

July 2009

June 2009

April 2009

January 2009

Standard 03.08. This document is issued to support Nortel Mobile Communication 3100 Release 3.0 and the Communication Server 2100 (CS 2100). Information regarding the CS 2100 was added.

Standard 03.07. This document is up-issued to support Nortel Mobile Communication 3100 Release 3.0. Updates were made to the Procedure job aid table.

Standard 03.06. This document is issued to support Nortel Mobile Communication 3100 Release 3.0 SU3. Updates were made to the Configuring the device settings section.

Standard 03.05 This document is issued to support Nortel Mobile Communication 3100 Release 3.0. The following sections were deleted from this document:

• Installing the ECM MCG 3100 software

• Adding the MCG 3100 as an element from the primary

ECM

• Upgrading to a different network framework

• Accessing the MC 3100 Web Console from the ECM

Standard 03.04 This document is issued to support Nortel Mobile Communication 3100 Release 3.0. Changes were made to address formatting issues, including changes to the procedure "Configuring the device settings" (page 33) and the creation of the procedure "Configuring the emergency

telephone numbers" (page 37).

December 2008

Nortel Mobile Communication 3100 Administration and Security

Standard 03.03. This document is issued to support Nortel Mobile Communication 3100 Release 3.0. Added the Native Dialing Numbers field to "Configuring the device

settings" (page 33). Numerous updates to "Server certificate management" (page 71) and "Client certificate management" (page 83).

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 9

Other changes 9

December 2008

September 2008

May 2008

April 2008

November 2007

October 2007

Standard 03.02. This document is issued to support Nortel Mobile Communication 3100 Release 3.0. Updates were made to include links to multimedia presentations and to update technical content.

Standard 03.01. This document is issued to support Nortel Mobile Communication 3100 Release 3.0.

Standard 02.03. This document is issued to support Nortel Mobile Communication 3100 Release 2.1. A sample email was updated.

Standard 02.02. This document is issued to support Nortel Mobile Communication 3100 Release 2.1. Added the DNS port to the Port table.

Standard 02.01. This document is issued to support Nortel Mobile Communication 3100 Release 2.1.

Standard 01.04. This document is up-issued to include changes in technical content for the packet dump utility, E.164 fully qualified international format numbers, CallPilot, and Call Detail Recording (CDR).

Standard 01.03. This document is up-issued to include changes in technical content including an MCC 3100 for BlackBerry/Nokia implementation workflow and updated screen captures.

October 2007

September 2007

Standard 01.02. This document is up-issued to include changes in technical content for MCG 3100 configuration parameter fields and network configuration changes.

Standard 01.01. This document is issued to support the Nortel Mobile Communications 3100 Series Portfolio on Nortel Communication Server 1000 Release 5.0 and Nortel Multimedia Communication Server 5100 Release 4.0.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 10

10 New in this release

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 11

Introduction

This document provides information about the administration and security of the Nortel Mobile Communication 3100 (MC 3100).

MC 3100 contains the following components:

•

Nortel Mobile Communication Gateway 3100 (MCG 3100)

• Nortel Mobile Communication Client 3100 (MCC 3100) for BlackBerry

•

Nortel MCC 3100 for Nokia

• Nortel MCC 3100 for Windows Mobile

The MCG 3100 extends network feature functionality to the MCC 3100 application on mobile devices. Internally, the MCG 3100 contains the MCG 3100 Gateway Server and the MC 3100 Administration Server.

The MCC 3100 application registers to the MCG 3100 to access the enterprise network. After registration, users can perform a variety of functions such as:

•

Manage friends by using the MCC 3100 local directory. MCC 3100 for BlackBerry users can also manage friends by using the BlackBerry address book.

• Search the corporate directory and the MCC 3100 local directory.

• Use the logs to view the most recent related incoming and outgoing

calls, voice mail indicator, and system events.

• Create a user group that contains multiple friends and then initiate an

ad hoc conference call to the group members.

• Redirect incoming calls to alternative contact locations (for example.

office, home, or other).

• Associate a single number with all of outbound calls.

• Handle the message waiting indicator (MWI) for new voice mail

messages.

This document refers to the supported clients using the generic term mobile client.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 12

12 Introduction

Navigation

Attention: Mobile client devices must have an internet connection.

•

"Using the MC 3100 Web Console" (page 13)

• "Administration" (page 21)

• "Gateway administration" (page 23)

•

"Mobile client administration" (page 49)

•

"User administration" (page 61)

•

"Security" (page 69)

•

"Server certificate management" (page 71)

•

"Client certificate management" (page 83)

•

"Server certificate administration" (page 87)

•

"Maintenance" (page 95)

References

•

"Common procedures" (page 101)

For more information, see the following documents:

• Nortel Mobile Communication Client 3100 for BlackBerry User Guide

(NN42030-101)

• Nortel Mobile Communication Client 3100 for Nokia User Guide

(NN42030-102)

•

Nortel Mobile Communication Client 3100 for Windows Mobile User Guide (NN42030-107)

• Nortel Mobile Communication 3100 Fundamentals (NN42030-109)

• Nortel Mobile Communication 3100 Planning and Engineering

(NN42030-200)

• Nortel Mobile Communication 3100 Installation and Commissioning

(NN42030-300)

• Nortel Mobile Communication 3100 Troubleshooting (NN42030-700)

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 13

Using the MC 3100 Web Console

The following module describes the Mobile Communication 3100 (MC 3100) Web Console.

Navigation

•

"Overview" (page 13)

•

"Logging on to the MC 3100 Web Console as an administrator" (page

15)

•

"Logging on to the MC 3100 Web Console as a user" (page 18)

•

"Changing the MC 3100 Web Console password" (page 18)

Overview

You perform administrative tasks for the Mobile Communication Gateway 3100 (MCG 3100) server using the MC 3100 Web Console, a Web-based tool. You access the standalone MC 3100 Web Console through Microsoft Internet Explorer or Mozilla Firefox.

Attention: ECM does not support Mozilla Firefox. ECM integration is not

supported in MC 3100 release 3.0 SU130 and higher.

Two access levels exist for the MC 3100 Web Console:

• Administrator access

•

Enterprise user access

MC 3100 Web Console buttons

The following table describes all the MC 3100 Web Console buttons and their actions.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 14

14 Using the MC 3100 Web Console

Table 1 Web Console buttons

Button Screen Description

Displays the Add Gateway window. Only active when an MCG 3100

Add Gateway System Configuration

server can be added.

Advanced View User Info

Displays all the configuration parameters.

Browse Admin Portal, License Information Enables you to find a required file.

Send Notification Message, Configure

Cancel

Gateway, Configure Service, Lock Gateway, Add Gateway

Enables you to cancel the Configuration.

Starts a packet capture for

Capture Tools Clear

Messages User Info

troubleshooting. Clears queued user messages if the

user’s queue exceeds normal levels.

Gateway Statistics, User Statistics,

Close Configure

Gateway Configure

Services

Configure Gateway, Configure Service, Closes the window. System Configuration (Gateway Actions

button) System Configuration (Gateway Actions

button)

Displays the Configure Gateway window.

Displays the Configure Service window

Displays a subset of the user

Default View User Info Download

(hyperlink) Admin Portal, User Portal

configuration parameters. Starts the download of the client file

to the computer.

Download all logs (hyperlink) Tools

Displays information on how to get the logs.

Device Configuration, Configure

Edit

Gateway, Configure Service Enables changes to parameters.

Uses search parameters to select a

Filter User Info Gateway

Actions System Configuration

subset of the information. Enables you to manage and

configure the gateway server.

Group Actions System Configuration Displays the Add Gateway button.

Displays the MC 3100 pages on

Help Web Console main window

ww.nortel.com

Enables you to install the

Install License Information

System Configuration (Gateway Actions

License

button)

Nortel Mobile Communication 3100

Nortel Mobile Communication 3100 Administration and Security

NN42030-600 03.08 17 July 2009

information. Displays the License Information

window

Page 15

Logging on to the MC 3100 Web Console as an administrator 15

Table 1 Web Console buttons (cont’d.)

Button Screen Description

User ID (hyperlink) User Info

System Configuration (Gateway Actions

Lock

Logout Web Console main window Logs you out of the Web Console. No Removal Confirmation Cancels the removal request.

Notify

OK Lock Gateway, Add Gateway

Refresh Gateway Statistics, User Statistics

Remove Admin Portal Remove from

Group

Restart

button) Displays the Lock Gateway window. User Info Logs the user out of their client.

User Info, System Configuration (Gateway Actions button)

User Info

System Configuration (Gateway Actions button)

Displays the User Statistics window for the selected user.

Displays the Send Notification Message window

Enables you to confirm the changes made to the fields.

Refreshes the statistics when automatic refresh is disabled.

Remove users and deallocate their licenses.

Removes the client file from the MCG 3100 server.

Displays the Removal Confirmation window.

Enables you to restart the Gateway server.

Device Configuration, Tools, Configure

Save

Send Send Notification Message

Start

Stop

Unlock View User

Portal Admin Portal Displays the User Portal.

Yes Removal Confirmation

Gateway, Configure Service

System Configuration (Gateway Actions button)

Tools, System Configuration (Gateway Actions button) Stops the packet capture.

System Configuration (Gateway Actions button)

Saves the changes made to the fields.

Enables you to send the notification message.

Enables you to start the Gateway server.

Displays the Unlock Gateway window.

Enables you to confirm the removal of the file.

Logging on to the MC 3100 Web Console as an administrator

This module describes the procedures you use to log on to MC 3100 Web Console to perform administration tasks.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 16

16 Using the MC 3100 Web Console

Logging on to the Web Console as an administrator task ﬂow

The following flowchart depicts the procedures you perform to log on to the Web Console as an administrator. To link to any procedure, go to

"Navigation to Logging on to the Web Console as an administrator " (page

16)

Figure 1 Logging on to the Web Console as an administrator task flow

Navigation to Logging on to the Web Console as an administrator

• "Logging on to the standalone MC 3100 Web Console as an

administrator" (page 16)

Logging on to the standalone MC 3100 Web Console as an administrator

Log on to the MC 3100 Web Console as an administrator to manage the system, monitor the users, monitor Instant Conferencing, and manage the client server repository.

Attention: Wait two minutes after starting the MCG 3100 before accessing the MC 3100 Web Console.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 17

Logging on to the MC 3100 Web Console as an administrator 17

Prerequisites

• You need the administrator user id and password to perform this

procedure.

• Access the MC 3100 Web Console using a web browser.

Attention: User names and passwords are case-sensitive.

Procedure steps

Step Action

In the Address field of your Web browser, enter

http://<IP address | hostname>:8282/adminserver

https://<IP address | hostname>:8553/adminserver

2 3 In the Password field, type the admin password.

In the Username field, type the user name.

Attention: Nortel recommends that you change the default

administrator password. For more information, see "Changing

the MC 3100 Web Console password" (page 18).

4 5 Click a tab at the top of the MC 3100 Web Console to view the

Click Sign In.

corresponding page.

--End--

Variable definitions

Variable Definition

<IP address | hostname> The name of the MCG server in fully qualified

domain name (FQDN) format, or the IP

address of the server. user name Default: admin admin password Default: password

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 18

18 Using the MC 3100 Web Console

Logging on to the MC 3100 Web Console as a user

Log on to the MC 3100 Web Console as a user to access the User Portal to download client files.

Procedure steps

Step Action

In the Address field of your Web browser, enter one of the following addresses.

• http://<hostname>:8282/adminserver/userportal

.html

• https://<hostname>:8553/adminserver/userport

al.html

2 Press Enter.

The User Portal screen displays.

--End--

Variable deﬁnitions

Variable Definition

<hostname> The name of the MCG server in fully qualified

domain name (FQDN) format, or the IP address of the server.

Changing the MC 3100 Web Console password

Change the MC 3100 Web Console password from the default password.

Prerequisites

• You must be logged into the MC 3100 Web Console as administrator.

For more information, see "Logging on to the standalone MC 3100 Web

Console as an administrator" (page 16).

Procedure steps

Step Action

1 On the MC 3100 Web Console main page, click the Tools tab. 2 In the Admin Server Password section, in the Current

Nortel Mobile Communication 3100 Administration and Security

Password box, type the current password.

Attention: Passwords are case-sensitive.

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 19

Changing the MC 3100 Web Console password 19

3 In the New Password box, type a new password. 4 5

In the Confirm New Password box, retype the new password. In the Admin Server Password section, click Save.

--End--

Variable deﬁnitions

Variable Definition

Current Password Existing password.

The default password for new servers is password.

New password New password for the Admin server.

Secure passwords use a mix of letters, numbers and alphabetic characters and can be up to 19 characters in length.

Confirm New Password New password for confirmation.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 20

20 Using the MC 3100 Web Console

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 21

Administration

The following modules describe administration procedures for the Mobile Communication 3100 (MC 3100).

Navigation

•

"Gateway administration" (page 23)

• "Mobile client administration" (page 49)

• "User administration" (page 61)

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 22

22 Administration

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 23

Gateway administration

This module describes procedures for gateway administration.

Navigation

•

"Adding an MCG 3100 server" (page 23)

•

"Deleting an MCG 3100 server" (page 24)

•

"Locking and unlocking an MCG 3100 server" (page 25)

•

"Configuring the Gateway settings" (page 26)

•

"Configuring the dial plan conversion parameters" (page 32)

•

"Configuring the device settings" (page 33)

•

"Configuring the emergency telephone numbers" (page 37)

•

"Configuring the Administration server port settings" (page 37)

•

"Adding a license file" (page 38)

•

"Checking Gateway server statistics" (page 40)

•

"Checking Gateway server status" (page 42)

•

"Checking Gateway server license file information" (page 45)

•

"Managing the server processes from the Web Console" (page 46)

•

"Managing the server processes from the command line" (page 47)

Adding an MCG 3100 server

Add the MCG 3100 using the MC 3100 Web Console.

Prerequisites

• The MCG 3100 software must be installed on the server.

• You must be logged into the MC 3100 Web Console as administrator.

For more information, see "Logging on to the MC 3100 Web Console

as an administrator" (page 15).

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 24

24 Gateway administration

Procedure steps

Step Action

1 2 On the System Configuration page, select Group Actions,

Click the System Configuration tab.

Add MG.

Attention: In a redundant system, add the local server first.

Enter the Gateway Address as an IP Address or Fully Qualified Domain Name (FQDN).

4 Click OK. 5 If you receive a prompt to restart the gateway,

To restart the gateway, click Yes. OR To restart at a later time, click No.

Attention: Nortel recommends that you restart the gateway.

--End--

Procedure job aid

Use the following table to help you understand the Add Gateway parameters.

Field Description

Gateway Address The IP address or FQDN of the new MCG 3100

gateway server being added.

Deleting an MCG 3100 server

Delete an MCG 3100 on the MCG 3100 Web Console. This procedure only removes the MCG 3100 from management by the Web Console; the gateway continues to operate.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 25

Attention: In a redundant system, delete the remote server first.

Prerequisites

•

You must be logged in to the MC 3100 Web Console as administrator. For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 Click System Configuration tab. 2 Select Gateway Actions, Remove from Group.

3 If you receive a prompt to restart the gateway,

Locking and unlocking an MCG 3100 server 25

The MCG 3100 is deleted. The MCG 3100 software remains installed.

To restart the gateway, click Yes.

OR To restart at a later time, click No.

--End--

Locking and unlocking an MCG 3100 server

Lock and unlock an MCG 3100 server to perform maintenance. The following table helps you understand the types of server locks.

Table 2 Server locks

Lock type New calls

accepted?

Unlocked

(Default)

Graceful No Calls remain

Immediate No In progress calls

Yes Calls are active. Users can log in.

Current call actions

active

continue, but no MCG 3100 features can be used.

Current user actions

Users who are not in a call are logged off.

Users are logged off immediately,

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 26

26 Gateway administration

Attention: Lock the server before performing system maintenance or

changing gateway configuration parameters.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 Click System Configuration tab. 2 To unlock the server, click Gateway Actions, Unlock. 3 To lock the server, click Gateway Actions, Lock and then

perform one of the following actions:

• Select Graceful Lock and click OK.

•

Select Immediate Lock and click OK.

Conﬁguring the Gateway settings

Configure the Gateway settings to enable the MCG 3100 to interact with the network elements. In redundant MC 3100 deployments, most of the Gateway settings are shared between the two servers.

Prerequisites

• You must be logged into the MC 3100 Web Console as administrator.

For more information, see "Logging on to the MC 3100 Web Console

as an administrator" (page 15).

• Add the MCG 3100 server before beginning this procedure.

Procedure steps

Step Action

--End--

1 Click the System Configuration tab. 2 Select Gateway Actions, Configure Gateway. 3 In redundant configurations, select the gateway.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 27

Configuring the Gateway settings 27

4 5 Modify the Gateway settings.

Click Edit.

Attention: When configuring the redundant server, only

configure the local server parameters.On a redundant system, parameters marked with an L in the user interface are unique to the local gateway.

6 Click Save. 7

Click Close. You receive a prompt to restart the server.

To restart the system, click Yes. The updated Gateway settings are applied.

To restart the system at a later time, click No. The updated Gateway settings are applied when the system is restarted later.

Attention: Nortel recommends that you restart the gateway.

9 On a redundant system, open the Gateway Configuration

window for both gateways and check that their settings match. If there is a mismatch, re-enter the settings and restart the system.

--End--

Procedure job aid

Use the following table to help you understand the Gateway settings.

Field Description Mobility Server

Server Address Enter the address that the local MCG 3100 uses for SIP

traffic. Format: <IP address l FQDN>

This parameter is unique to the local server.

SIP Port Enter the SIP server port. The default value is 5060.

This parameter applies to both servers in the redundant configuration.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 28

28 Gateway administration

Field Description

Domain Enter the SIP registration domain defined on the Enterprise

Call Server (ECS). This parameter applies to both servers in the redundant configuration.

Gateway name Enter the gateway identity defined on the ECS for the

MCG 3100. This parameter applies to both servers in the redundant configuration.

Media Server Enter the address and port of the Instant Conferencing

Server. Format: <IP address l FQDN> :<port> This parameter is unique to the local server.

Incoming Call Reliable Timer Specify the amount of time, in seconds, that the MCG 3100

waits before it redirects a call after receiving no response from the client. The value is set to one half of the call unanswered timeout period. The default is 7 seconds. This parameter applies to both servers in the redundant configuration.

Primary ECS Address Enter the address and port of the primary ECS.

Format: <IP address l FQDN> :<port> This parameter applies to both servers in the redundant configuration.

Secondary ECS Address Enter the address and port of the secondary ECS.

Format: <IP address l FQDN> :<port> This parameter applies to both servers in the redundant configuration.

Device Access

HTTP Port Select the hypertext transport protocol (HTTP) port used by

clients to access the system and to download software over the air. The valid range is 8080 to 8089; the default is 8080. Select 0 to disable the port.

This parameter applies to both servers in the redundant configuration.

HTTPS Port Select the HTTP Secure (HTTPS) port used by clients to

access the system and to download software over the air. The valid range is 8440 to 8449; the default is 8443. Select 0 to disable the port.

Use HTTPS when a certificate infrastructure exists on the clients and MCG 3100.

This parameter applies to both servers in the redundant configuration.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 29

Configuring the Gateway settings 29

Field Description

HTTPS certificate password Enter the password used for the HTTPS certificate

transmitted by clients to the MCG 3100 server. The default

nortel.

is This parameter applies to both servers in the redundant configuration.

Dial Plan

User Prefix/Phone-context for Call Origination

Enter the user name prefix or phone context for call origination. This prefix applies to calls originated by the MCG 3100 server and to the calling address. This parameter applies to both servers in the redundant configuration.

User Prefix for Call Termination Enter the user name prefix for call termination. This prefix

applies to calls received by the MCG 3100 server and to the called address. This parameter applies to both servers in the redundant configuration.

Dial-In Service DN

Enter the Service Directory Number (DN) for client calls that will arrive at the MCG3100 on the SIP network. This field is mandatory. The Service DN allows MCC 3100 for BlackBerry, MCC 3100 for Windows Mobile, and MCC 3100 for Nokia users to place calls directly from their wireless devices to other parties using Direct Outbound call mode. The PSTN numbers that are dialed by the mobile on the PSTN are defined on the device configuration page. When the call arrives at the enterprise the PSTN number must be converted to an internal format for use on the SIP network, routed by the NRS, and which will eventually arrive at the MCG3100.

Mobility Prefix: 555 Username 343XXXX Password XXXXXXX

Outgoing Call Service DN +41123456 789

The mobile phone will dial +41123456789 for direct outbound calls. This PSTN number will be routed to the enterprise as a DID number. When the number arrives at the Enterprise we must manipulate the PSTN number (+41123456789) to be routed on the SIP network.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 30

30 Gateway administration

Field Description

Attention: If you have a mapping on the incoming

trunk route on the call server to map a PSTN service DN number: +41123456789 to 5550006789, you would configure the service DN on the MCG3100 as

0006789. In the case where an enterprise has multiple service DN’s all incoming PSTN service DN calls must map to the single service DN number configured in this

For Example:+1613132 4567 to 5550006789.

field.

Dialplan Conversion List For information on configuring this field, see "Configuring the

dial plan conversion parameters" (page 32).

DTR

Initial port for DTR (27000-27499) Enter the first port in the range of ports used by the

MCG 3100 server Digital Tone Receiver (DTR) engine. A DTR recognizes Dual Tone Multi-Frequency (DTMF). 1500 ports are allotted for DTR. The port must be an even number (for example, 27000).

This parameter applies to both servers in the redundant configuration.

Mid-Call Cellular Prefix Enter the prefix used by clients to invoke mid-call features

using DTMF. Permitted values include the characters star (*) and pound (#), and the numerals 0 to 9, entered in any combination. The default value is *, which needs to be changed only if it conflicts with other network resources. For example, if clients use * to access conference features, then you must change the Mid-Call Cellular Prefix to a different value such as # or #99.

This parameter applies to both servers in the redundant configuration.

LDAP

URL Enter the address and port of the Lightweight Directory

Access Protocol (LDAP) server that hosts the corporate directory. Obtain this value from the directory administrator. Format: ldap://<IP address l FQDN> :<port> This parameter applies to both servers in the redundant configuration.

Search Base Enter the distinguished name of the search base object

(node) that defines the location in the directory from which the LDAP search begins. Obtain this value from the directory administrator.

This parameter applies to both servers in the redundant configuration.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 31

Configuring the Gateway settings 31

Field Description

LDAP Username Enter the user name required to gain access to the LDAP

server that hosts the corporate directory. Obtain this value from the directory administrator. This parameter applies to both servers in the redundant configuration.

Authorization Enter the authorization mechanism required to connect to

the LDAP server. The default value is simple, which causes user names and passwords to be sent as clear text.

This parameter applies to both servers in the redundant configuration.

Password Enter the password required to gain access to the LDAP

server that hosts the corporate directory. Obtain this value from the directory administrator.

This parameter applies to both servers in the redundant configuration.

LDAP tag for user ID Enter the tag for the User ID attribute on the LDAP server.

The default is ipPhone. This parameter applies to both servers in the redundant configuration.

LDAP tag for user first name Enter the tag for the User First Name attribute on the LDAP

server. The default is givenName. This parameter applies to both servers in the redundant configuration.

LDAP tag for user’s last name Enter the tag for the User Last Name attribute on the LDAP

server. The default is sn. This parameter applies to both servers in the redundant configuration.

LDAP tag for user display name

Enter the tag for the User Display Name attribute on the LDAP server. The default is displayName. This parameter applies to both servers in the redundant configuration.

LDAP tag for user business #

Enter the tag for the User Business Phone Number attribute on the LDAP server. The default is telephoneNumber. This parameter applies to both servers in the redundant configuration.

LDAP tag for user mobile #

Enter the tag for the User Mobile Phone Number attribute on the LDAP server. The default is ipPhone. This parameter applies to both servers in the redundant configuration.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 32

32 Gateway administration

Field Description

LDAP tag for user’s email

LDAP tag for user extension

Enter the tag for the User E-mail Address attribute on the LDAP server. The default is mail. This parameter applies to both servers in the redundant configuration.

Enter the tag for the User Extension attribute on the LDAP server. The default is ipPhone.

This parameter applies to both servers in the redundant configuration.

Conﬁguring the dial plan conversion parameters

Use this procedure to facilitate dial plan conversion.

Prerequisites

•

You must be logged into the MC 3100 Web Console as administrator. For more information, see "Logging on to the MC 3100 Web Console

as an administrator" (page 15).

• Understand the dial plan of the Enterprise Communication Server

(ECS). For more information, see the ECS documentation.

• Understand the format of telephone numbers in the corporate directory

server.

Procedure steps

Step Action

1 2 Select Gateway Actions, Configure Gateway. 3 On redundant systems, select a gateway. 4 Click Edit. 5 Click the Dialplan Conversion List field. 6

7 Repeat step 5 to add additional entries.

8 To save the changes, click OK.

Click the System Configuration tab.

Enter <number combination> and click Add. The number appears in the Dialplan Conversion List field.

The system automatically inserts commas between the entries in the list.

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 33

Configuring the device settings 33

Variable deﬁnitions

Field Description

<number combination> Represents the elements of a dialable number and what these

elements translate to in order to be dialed. Format: <original combination>=<converted number> Example: ESN=6 If the corporate directory gives a telephone number as ESN1234567, the ESN is changed to the digit 6 when the number is dialed, resulting in the number 61234567 being dialed.

Rules that use the carat sign

When you write a rule without the carat (^) sign, the MCG 3100 replaces all occurrences of what is on the left side of the equal (=) sign with what is on the right. For example, if you have the following rule 0=00, the rule changes a phone number dialed on the MCC 3100 as 0123456789 to 00123456789 but also changes a phone number like 01230123 to 0012300123

When you write a rule with the ^ sign, the MCG 3100 replaces only the leading occurrence of the string of what is on the left side of the equal (=) sign with what is on the right. For example, you have a rule ^0=00. If the phone number dialed on the MCC 3100 is 0123456789, the number changes to 00123456789. However, if the phone number dialed is 01230123, the number changes to 001230123.

You can use the ^ sign when writing rules in North America or Europe to dial national numbers without adding the access code of 1 used within the enterprise. You can write a rule to look for a leading 0 in Europe or 1 in North America and insert the proper access code to make the number dialable in the enterprise. For example, in North America the rule would be ^1=61 assuming an access code of 6. This takes a number dialed as 16131234567 and substitutes 6161231234567 to make the number dialable in the enterprise. In Europe, this same rule would be ^0=00. This adds an extra 0 to any number that a user dials on the MCC 3100. For example, 0123456789 becomes 00123456789 or 00411234567890 becomes 00041123456789.

Conﬁguring the device settings

The mobile device settings can automatically download to all the clients. A null value downloads if a parameter is not configured.

By default, whenever a user logs in, the device setting downloads to the device. You can change this behavior so that settings only download when the user first logs in.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 34

34 Gateway administration

Prerequisites

• You must be logged into the MC 3100 Web Console as administrator.

For more information, see "Logging on to the MC 3100 Web Console

as an administrator" (page 15).

•

Add the MCG 3100 server before beginning this procedure.

•

Configure the Gateway settings before beginning this procedure.

Procedure steps

Step Action

1 Click the Device Configuration tab. 2 Click Edit. 3 4

Modify the Device settings. Click Save. The new device settings are applied upon the next successful

--End--

Procedure job aid

Use the following table to help you understand the Devices settings.

Field Description Primary MG (all configurations)

External: Address (IP/host:Port)

External: Use Secure Connection Select Yes to enable HTTPS connections on the primary

Enter the address of the primary MCG 3100 public interface on the Internet. Client application users connect to this address. Format: <IP address l FQDN> :<port>

MCG 3100 public interface using security certificates on the clients on MCG 3100. Select No to enable HTTP. Use HTTPS when the clients use certificates to encrypt

communication with the MCG 3100.

The Nokia and Windows Mobile devices, along with BlackBerry devices that do not employ the enterprise-hosted BlackBerry Enterprise Server (BES), can use HTTPS and certificates.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 35

Field Description

Configuring the device settings 35

Internal: Address (IP/host:Port)

Enter the address of the primary MCG 3100 private interface on the network.

Configure this parameter if your MC 3100 system implementation uses BlackBerry devices that use the BES.

Internal: Use Secure Connection Select Yes to enable HTTPS connections on the primary

MCG 3100 private interface. Select No to enable HTTP. Default: No

Secondary MG (redundant system configuration only)

External: Address (IP/host:Port)

Enter the address of the secondary MCG 3100 public interface on the Internet. Client application users connect to this address when the primary MCG 3100 fails. Format: <IP address l FQDN> :<port>

External: Use Secure Connection Select Yes to enable HTTPS connections on the secondary

MCG 3100 public interface using security certificates on the clients on MCG 3100. Select No to enable HTTP. Use HTTPS when the clients use certificates to encrypt communication with the secondary MCG 3100.

The Nokia and Windows Mobile devices, along with BlackBerry devices that do not employ the enterprise-hosted BlackBerry Enterprise Server (BES), can use HTTPS and certificates.

Internal: Address (IP/host:Port)

Enter the address of the secondary MCG 3100 private interface on the network. Configure this parameter if your MC 3100 system implementation uses BlackBerry devices that use the BES.

Internal: Use Secure Connection Select Yes to enable HTTPS connections on the secondary

MCG 3100 private interface. Select No to enable HTTP. Default: No

Access Numbers

Voice Mail Number Enter the list of valid regional or office based numbers

users of the system can use to call and access their voice mail.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 36

36 Gateway administration

Field Description

Service Number Enter the list of valid regional or office-based Direct

Outbound Mode numbers for client calls. These numbers are PSTN/E.164 numbers. MC 3100 users use service numbers to place calls directly from their wireless devices to other parties using Direct Outbound call mode. On the CS 1000, the PSTN number must map to the gateway name assigned to the MCG 3100 as a trunk steering code.

On the CS 2100, the PSTN number must map to the number populated in table DNROUTE of the CS 2100.

Dial Plan

Corporate Prefix Number Enter the digits that must be dialed to make a call within

the company. For example, if the telephone dialing plan requires that corporate calls be made using a specific trunk, the digits required to access that trunk can be programmed in this field. The Corporate Prefix Number is also known as the trunk steering code.

Local Prefix Number Enter the local out-dial prefix.

For example, if your telephone dialing plan requires a 9 to reach the Public Switched Telephone Network (PSTN), enter 9.

Long Distance Prefix Number Enter the long distance prefix.

For example, if your telephone company requires that long distance calls be prefixed with a 1, enter 1.

International Prefix Number Enter the international prefix.

For example, if your telephone company requires that international calls be prefixed with a 011, enter 011.

Native Dialing Numbers For information on configuring this field, see "Configuring

the emergency telephone numbers" (page 37)

Auto-Download of Device Configuration

Allow Client Override Controls the automatic downloading of the device

configuration (including blank values) to the clients. Select No to download the configuration every time a user logs in. The download overwrites local updates. Select Yes to download the configuration the first time each user logs in. After the initial download, users can change their configuration.

Default: No

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 37

Configuring the Administration server port settings 37

Conﬁguring the emergency telephone numbers

Add one or more entries to facilitate emergency number dialing from the device’s native phone.

Prerequisites

•

You must be logged into the MC 3100 Web Console as administrator. For more information, see "Logging on to the MC 3100 Web Console

as an administrator" (page 15).

•

You must know the emergency telephone numbers for your location.

Procedure steps

Step Action

1 Click the field to display the Native Dialing Numbers dialog. 2

3 4 Click OK to save your changes.

In the Add box, enter a dialable telephone number and click Add.

Repeat to add other entries to the list.

For example, to enable emergency number dialing in North America, add 911. When a mobile client user dials that number, the MCC 3100 switches to the native device phone and places the call over the cellular network.

--End--

Conﬁguring the Administration server port settings

You access the Administration server using HTTP or HTTP ports. By default, both ports are enabled. If desired, you can disable one port.

Attention: In redundant systems, each server must have identical ports enabled.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 38

38 Gateway administration

Procedure steps

Step Action

1 2 On the Tools page, in the Admin Server Port Setting section,

Click the Tools tab.

select the check box next to each control to enable or disable each port.

When you clear the check box for a port, port access is blocked.

--End--

Procedure job aid

Use the following table to help you understand the Admin Server Port Setting parameters. Each parameter contains two numbers. The first number indicates the total number of events since the server came online. The second number indicates the number of events since the table was last refreshed.

Field Description

Enable HTTP port Select this box to enable access to HTTP port . Enable HTTPS port Select this box to enable access to HTTPS port .

For more information on ports, see Nortel Mobile Communication 3100 Planning and Engineering (NN42030-200).

Adding a license ﬁle

The license file controls how many mobile client users can log on to the system. For example, if your organization purchases a 100-seat license, a maximum of 100 users can be licensed and can log on.

The specific license order code determines the license generation. After you order a license, the code passes to the Nortel Keycode Retrieval System (KRS). The KRS interacts with the license generator to obtain the license. You retrieve licenses from the KRS.

Attention: The system allocates licenses on a first-come, first-served basis, and the licenses remain allocated until the system administrator removes the user.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 39

You must order and install a license file to allow MCC 3100 and MCG 3100 use. You can update your license file if you require additional licenses. The additional license adds more licenses to the existing licenses. For example, if you have 100 licenses already, purchasing and installing a 50-user license gives you 150 licenses.

Attention: Install the license file on each gateway server.

Attention: Make sure you save a backup copy of your license files in a

secure location. You will need these files if you reinstall or perform major upgrades on the MCG 3100.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Adding a license file 39

• Obtain the license file from Nortel, and store it in a location that can

be accessed from the MCG 3100.

• Add the MCG 3100 server before beginning this procedure.

Procedure steps

Step Action

1 2 On the System Configuration page, click Gateway Actions >

3 4 In the Choose file dialog box, locate and select the license file. 5 Click Open. 6 Click Install.

7 Click Close.

Click the System Configuration tab.

License.

On the License Information window, click Browse.

The License Information window is updated.

License State is updated on the System Configuration page. If the installation is successful, the state appears as “Licensed”

and users can begin logging in and receiving their individual

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 40

40 Gateway administration

8 On a redundant system, repeat the procedure on the second

licenses. If the installation is unsuccessful, the state appears as “Unlicensed” or “Invalid.”

For information on troubleshooting license file problems,

Nortel Mobile Communication 3100 Troubleshooting

see (NN42030-700).

(remote) gateway using the same license file.

Attention: User licenses are allocated on a first-come first-serve basis, and remain allocated until the user is removed from the system. Login status does not affect the status of user licenses.

--End--

Checking Gateway server statistics

Check Gateway server statistics to check the number of outgoing calls, incoming calls, Instant Conferencing, log ins and log offs, and corporate directory searches by all registered users.

As soon as the Gateway server comes online, the system records the number of events processed for all users. The statistics display in tabular form, with each item displaying the total number of events since the server came online and in brackets the number of events since the table last refreshed. By default, the table refreshes every 5 seconds.

To reset the server statistics, you must restart the system.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 Click the System Status tab. 2 In the System Status section, click the IP Address link for the

Gateway Server for which you want to obtain statistics. The Gateway Statistics window appears.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 41

Checking Gateway server statistics 41

3 4

Check the Gateway statistics. To update the statistics snapshot, click Refresh.

To automatically refresh the statistics every 5 seconds, click the check box.

Click Close.

--End--

Procedure job aid

Use the following table to help you understand the Gateway Server statistics parameters. Each parameter contains two numbers. The first number indicates the total number of events since the server came online. The second number indicates the number of events since the table last refreshed.

Field Description Calling

Incoming call (IC) The total number of incoming calls processed by the server for this user Outgoing call (OC) The total number of outgoing calls processed by the server for this user Move call (MV) The total number of calls that have been moved between the users’ desktop

phones and the client application. Swap call (SC) The total number of swap call operations. Transfer call (TC) The total number of call transfers. Call cancel (CCL) The total number of cancelled calls.

Buddy List

Buddy group renames (BGN)

Buddy group adds (BGA)

Buddy group removes (BGR)

Buddy adds (BDA) The total number of buddies added. Buddy queries

(BDQ) Buddy removes

(BDR)

Features

Conference (CF) The total number of conference calls.

The total number of buddy groups renamed.

The total number of buddy groups added.

The total number of buddy groups deleted.

The total number of buddy queries.

The total number of buddies deleted.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 42

42 Gateway administration

Field Description

Instant Conference (GC)

Instant messages sent (IMS)

Instant messages received (IMR)

Corporate directory queries (DRQ)

Call screen set (CSS)

Presence updates (PRU)

Presence sets (PRS)

Presence queries (PRQ)

Connection

The total number of instant conferences.

The total number of instant messages sent.

The total number of instant messages received.

The total number of corporate directory searches.

The total number of call screening operations processed by the server for

all users. Call screening occurs when calls redirect to an alternate contact

location or call handling point, such as voice mail.

The total number of presence status updates.

The total number of presence status updates on the network.

The total number of presence status queries.

Logout (LGO) The total number of log outs processed by the server. Loss of Service

(LOS)

The total number of times that clients have lost service.

Checking Gateway server status

Check the Gateway server status to view the information such as the number of connections and the system load.

The System Status page lists the server processes and autoupdates every five seconds.

Prerequisites

• You must be logged into the MC 3100 Web Console as administrator.

For more information, see "Logging on to the MC 3100 Web Console

as an administrator" (page 15).

Procedure steps

Step Action

1 Click the System Status tab.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 43

Checking Gateway server status 43

The System Status window appears.

2 On the System Status page, monitor the status of the Gateway

Server.

--End--

Procedure job aid

Use the following table to help you understand the Gateway Server System status fields.

Field Description

IP Address Contains the IP Address of the Gateway Server. Status

information appears to the right of this field. Click the IP Address to view statistical data related to the associated server.

If the IP Address displays in red, the server is not responding, which can indicate a server software problem or system outage.

If the IP Address displays in grey, the server is

unavailable. Domain Name Contains the Domain name for the MCG 3100 server. Status Indicates the status of the Gateway Servers.

• Running—The server is running and active.

•

Network Error—Connectivity to the server has been lost.

• Stopped—The server is stopped.

•

Running-Standby—The server is in standby mode.

If users cannot log in for any reason, the gateway status

appears in red. If the server is running but needs a restart

(for example, to apply pending configuration changes),

the gateway status appears in orange and an asterisk (*)

appears beside the text.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 44

44 Gateway administration

Field Description

Last Alarm Entry Click this field to open the alarm log file. The timestamp

(MM/DD/YYYY HH:MM:SS) indicates the time of the most

recent SEVERE or WARNING alarm message. The total

number of outstanding alarms appears in brackets. For

example, (5) indicates that five alarms have been raised

but not yet cleared.

Message examples:

•

The “MandatoryGatewayConfig” alarm indicates that you must enter configuration settings and restart the server.

•

The “GatewayStopped” information message indicates that the server has been stopped from the web console or command line.

Notes:

• You can access the alarm log file from the Tools page

under Server Logs.

• To clear an alarm, you must solve the original error

condition.

•

Whenever the MCG 3100 server stops, all alarms and informational messages clear. However, persistent error conditions (such as missing or incorrect configuration settings) immediately generate new alarms. To permanently delete an alarm, you must solve the original error condition.

• Recurrent events only generate one alarm.

Active Connections Indicates the current number of active connections

(clients) handled by the server. The license key

determines the maximum number of connections. Queued Messages Indicates the current number of queued message waiting

to be sent from the server to the client.

The CPU and number of server processes determines

the maximum number of queued messages. A large

number of queued messages can be caused by network

congestion or by users having lost service. If the queue

reaches the maximum number, system stability can be

compromised.

You can check the message queue for individuals or clear

the message queue for individual users.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 45

Checking Gateway server license file information 45

Field Description

System Load Indicates the current load on the server CPU, expressed

as a percentage, averaged over the last minute. The

system load indicates the average number of processes

that are currently running on the system.

A system load exceeding 100% adversely affects system

performance. Tx (kbps) Indicates the current number of messages transmitted

by the server, expressed in kilobits per second (kbps),

averaged over the preceding minute. Rx (kbps) Indicates the current number of messages received by the

server, expressed in kbps, averaged over the preceding

minute. License Used/Limit Displays the current number of licenses used against the

total number of licenses available.

Checking Gateway server license ﬁle information

This procedure shows you, at a glance, how many licenses your system is licensed for, and how many licenses are allocated. You use this information to determine if you need to purchase additional licenses.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 2 Monitor the license file status using the Licenses Used/Limit field.

Procedure job aid

Use the following table to help you understand the Gateway license file information in the License Used/Limit field.

Field Description

Single Indicates the number of single-mode client licenses allocated to users and the

total number of licenses of this type.

Click the System Status tab.

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 46

46 Gateway administration

Field Description

Dual Indicates the number of dual-mode client licenses allocated to users and the

total number of licenses of this type. Not currently used.

Dual-VPN Indicates the number of dual-mode Virtual Private Network (VPN) client

licenses allocated to users and the total number of licenses of this type. Not currently used.

Managing the server processes from the Web Console

Use this procedure to start, stop, and restart server processes from the Web Console.

Stopping the server causes the clearing of message queues for all users on the system. Restarting the server causes the server to stop and then start again.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

Click the System Configuration tab. The Status field indicates which server is currently active. In a

single-server system, this is always the local server.

2 To stop the server processes, click Gateway Actions beside the

server to be stopped and select Stop.

3 To start the server processes, click Gateway Actions beside the

server to be started and select Start.

To restart the server processes, click Gateway Actions beside the server to be restarted and select Restart.

--End--

Procedure job aid

The following table provides field descriptions for the status of the Gateway Server.

Field Description

Running The server is running. In redundant configuration, the server is the

active server.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 47

Managing the server processes from the command line 47

Field Description

Connecting The server is trying to connect to the MC 3100 server. Network Error Connectivity to the server has been lost. Stopped The server is stopped. Running-Standby The server is in standby mode in a redundant configuration.

Managing the server processes from the command line

Instead of using the Web Console, you can use the Linux command line to check, start, stop, and restart server processes.

Prerequisites

•

You must be logged into the server as superuser. For more information, see "Accessing the server command line as superuser"

(page 101).

Procedure steps

Step Action

To check the server processes, enter

appstart status

The system responds with the status of the server processes.

2 To start the server, enter

appstart start

3 To stop the server, enter

appstart stop

4 To restart the server, enter

appstart restart

Attention: Some implementations of the MCG 3100 do not include the restart command.

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 48

48 Gateway administration

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 49

Mobile client administration

This module provides information and describes procedures you use to administer the mobile clients.

Navigation

•

"Client upgrade methods" (page 49)

•

"Uploading the mobile client software files" (page 53)

•

"Deleting files in the software repository" (page 54)

• "Filtering the mobile client software files" (page 54)

• "Downloading software files as Administrator" (page 55)

• "Downloading client software from the software repository to a

computer" (page 56)

•

"Tracking license usage" (page 57)

•

"Installing or upgrading the MCC 3100 for BlackBerry using the BlackBerry Enterprise Server" (page 58)

•

"Checking Instant Conferencing status" (page 59)

•

"Client language support" (page 60)

Client upgrade methods

Upgrading the mobile client software takes place in a number of ways:

• You place the software on a file server, notify the users where to locate

the files, and have the users upgrade their devices from their computer.

• You place the software on a file server, give the users the Uniform

Resource Locator (URL) to the server, and have the users upgrade their devices over the air.

• For MCC 3100 for BlackBerry users only, you can push the software

through the BlackBerry Enterprise Server (BES). For more information, see "Installing or upgrading the MCC 3100 for BlackBerry using the

BlackBerry Enterprise Server" (page 58).

The following table describes the advantages of each method.

Nortel Mobile Communication 3100 Administration and Security

NN42030-600 03.08 17 July 2009

Nortel Mobile Communication 3100

Page 50

50 Mobile client administration

Table 3 Client upgrade comparisons

Install or upgrade type Advantages Disadvantages

From a computer

Over the air

From the BlackBerry Enterprise Server (BES)

Attention: Nortel recommends the use of the Over the air download technique.

•

retains a copy of the software on the computer for backup purposes

• users can install or update

at any time, without being tied to their computers

•

reduces configuration steps

• less chance for users to

access the wrong load

• BlackBerry users receive

the new loads automatically

•

users must be connected to their computers

• additional configuration

may be required

•

users can select an incorrect load

• no backup copy of the files

for reloading so users need to go back to the server to refresh the software load

•

only for the BlackBerry; must use alternate methods for Nokia and Windows Mobile users

You use E-mail to announce the availability of new software and give the download instructions in the E-mail messages. The E-mail message to your users should contain the following information:

• How to obtain and install the client software.

• How to start the application and enter basic configuration, including the

MCG 3100 connection details, Username, Password, and mobile phone number.

• How to install a root certificate (if required).

•

How to log in to the MC 3100.

The remainder of this section contains sample e-mail messages. For more information on the installation and upgrade methods, see:

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 51

• Nortel Mobile Communication Client 3100 for BlackBerry User Guide

(NN42030-101)

• Nortel Mobile Communication Client 3100 for Nokia User Guide

(NN42030-102)

•

Nortel Mobile Communication Client 3100 for Windows Mobile User Guide (NN42030-107)

Figure 2 "Sample E-mail - MCC 3100 for BlackBerry over the air download" (page 51) is a sample message you can send to a BlackBerry

user for the over the air download. Substitute your server addresses for the <URL> in the message.

Figure 2 Sample E-mail - MCC 3100 for BlackBerry over the air download

Client upgrade methods 51

Figure 3 "Sample E-mail - MCC 3100 for Nokia over the air download" (page 52) is a sample message you can send to a Nokia user for the over

the air download. Substitute your server addresses for the <URL> in the message.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 52

52 Mobile client administration

Figure 3 Sample E-mail - MCC 3100 for Nokia over the air download

Figure 4 "Sample E-mail - MCC 3100 for Windows Mobile over the air download" (page 53) is a sample message that you could send to a

Windows Mobile user for the over the air download. Substitute your server addresses for the <URL> in the message.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 53

Uploading the mobile client software files 53

Figure 4 Sample E-mail - MCC 3100 for Windows Mobile over the air download

Uploading the mobile client software ﬁles

Use this procedure to manually upload new mobile client software files to the User Portal to provide access for users.

When you upgrade the software (for example, for a Service Upissue), the mobile client software updates automatically on the User Portal.

Attention: Only the administrator can access the Administrative Portal.In systems with redundant MCG 3100 servers, both servers must be equipped with matching client software loads.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

• You must have downloaded the updated files from the Nortel Web site,

and have the files accessible from the PC running the Web Console.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 54

54 Mobile client administration

Procedure steps

Step Action

1 2 Click Browse. 3 On the Choose File dialog box, navigate to the location of the

Click the Admin Portal tab.

zipped file.

4 Click the file to select it. 5

Click Open. The file is unzipped..

6 In the Submit File dialog box, click Yes.

The software repository updates with the new files.

--End--

Deleting ﬁles in the software repository

Delete files in the software repository to remove old software files.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 2 On the Admin Portal page, in the Software Repository section,

Click the Admin Portal tab.

click Delete beside the file that you want to delete. A confirmation dialog box appears.

3 Select Yes to delete the software.

OR Select No to retain the software.

--End--

Filtering the mobile client software ﬁles

Filter the mobile client software files to view the files by product, platform, and language.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 55

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 Click the Admin Portal tab.

Downloading software files as Administrator 55

On the Admin Portal page, select your criteria from the Product Name , Platform Name ,orLanguages lists.

--End--

Downloading software ﬁles as Administrator

Use this procedure to download client software as Administrator. Over-the-air download is termed such because it involves the transfer of

files via a wireless connection. When the user performs an OTA software installation, the system recommends a software load that matches their device’s particular operating system, features, and language. The user can accept the recommendation or select a different load.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 2 Click Download beside the file that you want to download. 3 Click Save. 4 Navigate to the folder where you want to save the software, 5 Click Save. 6 Upload and install the software on your mobile device

Click the Admin Portal tab.

as described in Nortel Mobile Communication Client

3100 for BlackBerry User Guide (NN42030-101), Nortel Mobile Communication Client 3100 for Nokia User Guide

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 56

56 Mobile client administration

(NN42030-102), or Nortel Mobile Communication Client 3100 for Windows Mobile User Guide (NN42030-107).

--End--

Downloading client software from the software repository to a computer

Users can download client software from the software repository to a PC prior to uploading the files to their mobile devices. This procedure can be used in the E-mail you send to the users, as described in "Client upgrade

methods" (page 49).

Prerequisites

This procedure requires the user to have:

•

an Internet connection to download the software to their PC

•

a USB connection to upload the software from the computer to the mobile device

Procedure steps

Step Action

2 In the Software Repository section, select one of the following

In the Address field of a Web browser on a PC, enter

http://<IP | hostname>:8282/adminserver/userportal.html OR https://<IP | hostname>:8553/adminserver/userportal.html

options:

•

Product Name menu to filter by the product

• Platform Name menu to filter by device model

• Languages menu to filter by language

3 Select the Download link beside the required software load.

The file name format is <device>_<model>_<language>_<version_number>.zip

4 Click Save. 5 In the Choose file dialog box, navigate to the location where you

want to save the file.

6 Click Save.

The software downloads to the specified folder.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 57

The user must then upload the software to the device. For more information, see:

• Nortel Mobile Communication Client 3100 BlackBerry User

Guide (NN42030-101)

• Nortel Mobile Communication Client 3100 Nokia User Guide

(NN42030-102)

•

Nortel Mobile Communication Client 3100 Windows Mobile User Guide (NN42030-107)

--End--

Variable deﬁnitions

Variable Definition

Tracking license usage 57

Tracking license usage

Use this procedure to monitor the license usage. For information on troubleshooting license file problems, see Nortel Mobile

Communication 3100 Troubleshooting (NN42030-700).

Prerequisites

•

You must be logged in to the MC 3100 Web Console as administrator. For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

Click the System Status tab.

The name of the MCG server in fully qualified domain name (FQDN) format, or the IP address of the server.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 58

58 Mobile client administration

On the System Status page, the License Used/Limit field displays:

•

Number of single mode licenses used/available

• Number of dual mode licenses used/available (Not currently

used)

• Number of dual mode VPN licenses used/available (Not

currently used)

--End--

Installing or upgrading the MCC 3100 for BlackBerry using the BlackBerry Enterprise Server

You can deploy the MC 3100 for BlackBerry by placing the software on the BlackBerry Enterprise Server (BES), and allow the BES to push the software to the user. The user does not need to manually install or upgrade the software.

Three push methods exist:

•

deploy to devices directly connected to the administration computer

•

deploy to devices connected to computers with the Desktop Manager

•

deploy to devices connected to the wireless network

Table 4 "BES deployment options" (page 58) describes the options,

advantages and limitations of each method.

Table 4 BES deployment options

Deployment option Uses and advantages Limitations

Device connected directly to the administration computer

•

Provides complete control over the software installation process.

• Can be used to perform

initial and update software installations.

• Quick file transfer speed.

•

The number of communication ports that are available on the administration computer limit the number of devices that can be updated at one time.

• The devices must be

connected directly to the administration computer.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 59

Checking Instant Conferencing status 59

Table 4 BES deployment options (cont’d.)

Deployment option Uses and advantages Limitations

Device connected to the user’s computer

Device connected to the wireless network

•

Enables software to deploy to devices connected to users’ computers.

•

Can be used to perform initial and update software installations.

•

Enables software deployment to devices connected to the wireless network.

• Can be used to perform

initial and upgrade software installations.

•

Enables the software to be deployed to multiple devices simultaneously.

• The devices must be

connected to the users’ computers during the software installation.

•

The Research in Motion (RIM) Desktop Manager must be installed on the users’ computers.

•

LAN capacity limits the file transfer speed.

•

Initial configuration information (for example, username and password) must be sent to the users, which can result in errors or cause security concerns.

•

The capacity of the wireless network limits the file transfer speed. Typical installations can take more than four hours.

For information on uploading the updates to the BES, see the BlackBerry Enterprise Server documentation.

Checking Instant Conferencing status

Check Instant Conferencing status to see an overview of active calls on the Instant Conferencing Server.

Prerequisites

•

You must be logged in to the MC 3100 Web Console as administrator. For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 Click the Instant Conferencing tab.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 60

60 Mobile client administration

Monitor the Instant Conferences.

--End--

Procedure job aid

The following table provides field descriptions for the Instant Conferencing window.

Field Description

Gateway The IP Address or the host name of the server hosting the

Instant Conference.

Instant Conference ID A randomly generated number that uniquely identifies the Instant

Conference. Use the Instant Conferencing ID to identify related records in the session log.

Initiator The extension, telephone number, or mobile phone number of

the Instant Conferencing initiator.

Active Participants Displays the extension, telephone number, or mobile phone

number of each participant, including the Instant Conference initiator, currently engaged in the Instant Conference.

Missing Participants Indicates the number of participants not yet participating in the

Instant Conference.

Creation Time The Instant Conference initiation date and time.

Client language support

The clients support the following languages:

• Chinese

•

Dutch

•

English

• French

• German

• Japanese

• Norwegian

•

Swedish

When the user installs a client a load using the Over the air download method, the system recommends a software load that matches the operating system, features, and language of the device. The user can reconfigure the device so that the system recommends a different a different load. For example, if a user changes the language from English to French on the device, the system will recommend a French load instead of an English load.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 61

User administration

This module describes procedures used to administer users.

Navigation

•

"Configuring user parameters for autoconfiguration" (page 61)

•

"Filtering users" (page 62)

•

"Logging off users" (page 63)

•

"Removing users" (page 63)

•

"Clearing a user message" (page 64)

•

"Checking user status" (page 64)

• "Checking user statistics" (page 67)

Conﬁguring user parameters for autoconﬁguration

The Mobile Communication Gateway 3100 (MCG 3100) server automatically distributes default settings to all users, to speed the user configuration and reduce the chance of input errors.

Prerequisites

•

Add and configure the gateway settings before beginning this procedure.

Procedure steps

Step Action

1 Configure an account for each user on the Enterprise Call Server

2 Configure the fields in the job aid on each device.

Nortel Mobile Communication 3100 Administration and Security

(ECS).

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 62

62 User administration

Attention: You can give the users instructions to do this

configuration themselves in the email you send to users to install the client application on their devices.

The users can now log in and automatically receive all the parameters required to place calls and exchange instant messages with the client application.

--End--

Procedure job aid

Field Description

Server Address The IP Address or Fully Qualified Domain Name (FQDN) of the

MCG 3100 Server. Login Name The user’s account user name on the network. Login Password The user’s login password on the network. Mobile Phone Number The user device telephone number on the network.

Filtering users

Filter users to view a specific list of users.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

Procedure steps

Step Action

1 2 In the Filter dialog box, type the search parameters by which

3 Click Filter.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Select the User Info tab.

you want to filter.

A list of the users that match the search parameters displays. You can also sort the list by clicking on the User Info page field

headings.

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 63

Logging off users

Use the MC 3100 Web Console to log off one or more users from the system. For example, if a user loses a mobile device, you can log the user off and reprogram the username and password on the ECS. The user can log on again using a new mobile device.

Prerequisites

•

You must be logged in to the MC 3100 Web Console as administrator. For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 Click the User Info tab. 2 On the User Info page, select the check box next to the users

Removing users 63

that you want to log off.

Removing users

Use this procedure to remove one or more users and de-allocate their licenses.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

Procedure steps

Step Action

1 Click the User Info tab. 2 On the User Info page, select the check box next to the users

Click Logout. The system logs off the selected users and changes their status

to inactive.

--End--

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

that you want to remove.

3 Click Logout.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 64

64 User administration

Attention: You must log out users before removing them from

the system.

4 Click Remove.

The system removes the selected users and their licenses are de-allocated.

Clearing a user message

You can clear user messages if the user’s queue exceeds normal levels due because of spam received while the user was logged off. You can clear the message queue for one user or multiple users.

Prerequisites

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

--End--

Procedure steps

Step Action

1 2 On the User Info page, type the filter parameter in the Filter box. 3 Click Filter. 4 5 Click Clear Messages.

Click the User Info tab.

Select check box for one user, multiple users, or all users.

The message queue is cleared for the selected users.

Checking user status

Check user status to see the status of all registered users. In the User window, a single record displays for each user. If a user has

multiple devices (for example, desktop phone, desktop client, mobile client), the record applies to the last device to log on.

Users can only be logged on to one MC 3100 server at a time.

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 65

Attention: Reset the system to restore the server statistics to null values.

Prerequisites

•

You must be logged in to the MC 3100 Web Console as administrator. For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

Checking user status 65

Click the User Info tab. The User Info page appears with the users currently registered

to the MCG 3100.

2 Click Advanced View to view all fields.

OR Click Default View to view a subset of all fields.

3 To sort the list, click on the field headings. 4

Monitor the status of the users.

--End--

Procedure job aid

Use the following table to understand the user status fields.

Field Description

User ID The user ID configured on the Enterprise Call Server (ECS). User Name The User Name configured on the ECS. Extension The User Extension configured on the ECS. Gateway The IP address or the host name of the MCG 3100 server that the

user is registered to. In a redundant system, all users are logged into the active unit.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 66

66 User administration

Field Description

Status Indicates the current status of the user.

•

Active—The client is connected.

•

In Call (Mobile)—The client is active and in a cellular call.

•

Inactive—Indicates one of the following reasons: — The client has been logged out by the user. — The client has been logged out by the administrator. — The client has been logged out by the server. — The client has been closed by the user. — The client is connecting. — The client is disconnecting.

•

Out of Coverage—The client cannot communicate with the server.

The Status field updates in real time. Permission Indicates the license type assigned to the user. Mobile Number The mobile phone number configured on the user’s mobile device. Queued Messages The number of messages queued on the server for delivery to a

client device or application. Last Status Change The date and time that the user’s status last changed. Device Make The brand of the user’s mobile device (for example, RIM, Nokia,

Windows Mobile 5, Windows Mobile 6). Device Model The model of the user’s mobile device (for example, Nokia E60,

8703e or Nokia E61). Device ID The device ID can be used to keep track of the device in Microsoft

Exchange, Lotus Notes, and the Research in Motion BlackBerry

Enterprise Server (BES).

• Windows Mobile devices—16-byte identifier for the device that

consists of two parts: — platform ID (hardware type) — preset ID (unique value)

• BlackBerry devices—RIM-assigned Personal Identification

Number (PIN) for the device.

Software Version The version number of the Mobile Communication Client software

loaded on the user’s mobile device. Session ID A randomly generated number that identifies the communication

session. The session ID tracks related sessions in the session log.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 67

Checking user statistics

Check the user statistics for calls, buddies, features, and connections.

Prerequisites

•

You must be logged in to the MC 3100 Web Console as administrator. For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 Click the User Info tab.

Checking user statistics 67

On the User Info page, click the User ID of the user whose statistics you want to check.

3 Check the User statistics. 4 To update the statistics snapshot, click Refresh.

To automatically refresh the statistics every 5 seconds, click the check box.

--End--

Procedure job aid

Use the following table to understand user statistics fields.

Field Description Calling

Incoming call (IC) The total number of incoming calls for this user Outgoing call (OC) The total number of outgoing calls for this user Move call (MV) The total number of calls that have moved between the user’s desktop phone

and the client application. Swap call (SC) The total number of swap call operations. Transfer call (TC) The total number of call transfers. Call cancel (CCL) The total number of cancelled calls.

Buddy List

Buddy group renames (BGN)

Buddy group adds (BGA)

The total number of buddy groups renamed.

The total number of buddy groups added.

Nortel Mobile Communication 3100

Nortel Mobile Communication 3100 Administration and Security

NN42030-600 03.08 17 July 2009

Page 68

68 User administration

Field Description

Buddy group

The total number of buddy groups deleted. removes (BGR)

Buddy adds (BDA) The total number of buddies added. Buddy queries

The total number of buddy queries. (BDQ)

Buddy removes

The total number of buddies deleted. (BDR)

Features

Conference (CF) The total number of conference calls. Instant Conference

The total number of instant conference calls. (GC)

Instant messages

The total number of instant messages sent. sent (IMS)

Instant messages

The total number of instant messages received. received (IMR)

Corporate

The total number of corporate directory searches for this user directory queries (DRQ)

Call screen set (CSS)

The total number of call screens processed by this user. Calls are screened

when they are redirected to an alternate contact location or call handling

point, such as voice mail. Presence updates

The total number of presence status updates. (PRU)

Presence sets

The total number of presence status updates on the network. (PRS)

Presence queries

The total number of presence status queries. (PRQ)

Connection

Login (LGI) The total number of log ons for this user. Logout (LGO) The total number of log offs for this user. Loss of Service

The number of times the user lost service. (LOS)

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 69

Security

The following modules describe security procedures for the MC 3100.

Security navigation

•

"Server certificate management" (page 71)

•

"Client certificate management" (page 83)

•

"Server certificate administration" (page 87)

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 70

70 Security

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 71

Server certiﬁcate management

This module describes the procedures you use to manage server certificates. You implement a certificate infrastructure to encrypt the following traffic:

•

Signaling traffic exchanged between the client devices and the Mobile

Communication Gateway 3100 (MCG 3100). This type of traffic

includes caller ID information, call setup commands, instant messaging,

and corporate directory search requests and results. BlackBerry clients

do not require certificates if deployed using the BlackBerry Enterprise

Server (BES). The BES protects the data channel.

• Service management traffic exchanged between PC-based Web

Console clients and the MCG 3100 administration server. This type of

traffic includes log in requests and configuration updates.

MC 3100 supports

•

Certificate Authority (CA) signed certificates—A certificate authority

(CA) acts as a trusted third-party that issues and validates the

certificates. You can employ a commercial CA, such as VeriSign or

CACert, or build your own using tools such as those provided with

Microsoft Exchange Server.

•

Self-signed certificates—As an alternative to using a CA, you can

generate your own certificates on the MCG 3100. Nortel recommends

that self-signed certificates be used only for test purposes.

You implement the certificates on the MCG 3100 Gateway server and

MCG 3100 Administration server.

The MCG 3100 installation provides default, self-signed certificates, to enable security immediately. However, self-signed certificates do not provide the same level of security as CA-signed certificates. Self-signed certificates should be used only for test or demonstration purposes. For information on generating self-signed certificates, see "Generating a

self-signed certificate for MCG 3100 Gateway Server" (page 89).

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 72

72 Server certificate management

Attention: On redundant systems, you must generate CSRs and obtain

CA-signed certificates for both servers.

You must obtain the CA root certificate in two formats:

• PEM format for installation on the MCG 3100 Administration Server,

client PCs, and Windows Mobile 6 devices.

•

DER format for installation on the MCG 3100 server, Windows Mobile 5

devices, Nokia devices, and RIM BlackBerry devices.

To obtain the CA root or intermediate certificate, use the certificate management tool provided by the CA.

Attention: In some cases the root certificates for some well-known CAs (such as VeriSign and Entrust) are pre-installed on the server and many client devices. Do not download root certificates that you already have.In some cases the CA provides an intermediate certificate instead of, or in addition to, the root certificate. Read all instructions provided by the CA carefully. Follow the same procedure to download an intermediate certificate, as for the root certificate.

Server certiﬁcate management task ﬂow

The following flowchart depicts the procedures you perform to manage server certificates. To link to any procedure, go to "Server certificate

management procedures" (page 73).

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 73

Figure 5 Server certificate management task flow

Enrolling with a CA 73

Server certiﬁcate management procedures

•

"Enrolling with a CA" (page 73)

• "Generating a CSR for MCG 3100 Gateway Server" (page 74)

• "Generating a CSR for MCG 3100 Administration Server" (page 76)

• "Obtaining a signed certificate" (page 78)

• "Obtaining the CA signed SSL/TLS certificate for MCG 3100 Gateway

Server" (page 79)

• "Obtaining the CA-signed certificate for the MCG 3100 Administration

Server" (page 79)

• "Installing the root and signed certificates on the MCG 3100 Gateway

Server" (page 80)

• "Installing the root and signed certificates on the Administration Server"

(page 81)

• "Copy single server keystore" (page 82)

Enrolling with a CA

To get a CA-signed certificate, you enroll with a commercial Certificate Authority.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 74

74 Server certificate management

Procedure steps

Step Action

1 2 Enroll with the CA, providing information about the person who

Select a commercial CA.

will use or maintain the certificates in your organization (your certificate administrator).

Most CAs require the following information (at minimum):

•

Contact first and last name—the name of the certificate administrator

• Contact email—the email address of the certificate

administrator. Nortel recommends that you use an email alias (for example, certadmin@company.com).

• Other information requested by the CA.

--End--

Generating a CSR for MCG 3100 Gateway Server

Generate a Certificate Signing Request (CSR) for the MC 3100 Gateway Server.

Click here to view a multimedia presentation on generating a CSR (www31.nortel.com/webcast.cgi?id=7489)

Prerequisites

• You must be logged into the web console as administrator. For more

information, see "Logging on to the MC 3100 Web Console as an

administrator" (page 15).

• You must be logged into the server as superuser. For more

information, see "Accessing the server command line as superuser"

(page 101).

Procedure steps

Step Action

1 Change to the certificate keystore directory.

2 Delete the default MC 3100 Gateway Server keystore.

Nortel Mobile Communication 3100 Administration and Security

cd /opt/mobilitygw-2.0/server/default/data

rm ssl-keystore

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 75

Generating a CSR for MCG 3100 Gateway Server 75

If the keystore does not exist, you see the message

rm: cannot Istat ’ssl-keystore’: No such file or directory

3 Generate the MC 3100 Gateway Server keystore and private

key.

/usr/java/jdk1.5.0_03/bin/keytool -genkey

-validity <valDays> -alias smog-ssl -keyalg RSA

-keystore ssl-keystore

4 When prompted, enter the MC 3100 Gateway Server keystore

password. You should choose a strong password.

5 When prompted for a first and last name, enter the Common

Name for the MC 3100 Gateway Server. Use a fully qualified domain name (FQDN), for example, mg.domain.com.

Attention: The same FQDN must be entered on all mobile clients that employ Secure Socket Layer/Transport Layer Security (SSL/TLS).

If required by your CA, enter the optional information (for example, organization or city) when prompted.

7 When prompted to enter the key password for SMOG-SSL, press

Return to use the keystore password specified in step 5.

Change ownership of the MC 3100 Gateway Server keystore from root to mobility with the following two commands:

chown mobility:mobility ssl-keystore

chmod 755 ssl-keystore

9 Generate the certificate signing request for the MC 3100

Gateway Server.

/usr/java/jdk1.5.0_03/bin/keytool -certreq

-keyalg RSA -alias smog-ssl -file mgcertreq.csr

-keystore ssl-keystore

10 In the Web Console, select the System Configuration tab. 11

Select Gateway Actions,Configure Gateway,Edit. The Gateway Configuration window displays.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 76

76 Server certificate management

In the HTTPS certificate password field, enter the password from step 5

•

--End--

Job aid

Use the following table to understand the parameters.

Parameter Description

The number of days that the certificate is valid.

Range: 0 to 3600

Generating a CSR for MCG 3100 Administration Server

Generate a Certificate Signing Request (CSR) for the MCG 3100 Administration Server.

Prerequisites

• You must be logged into the web console as administrator. For more

information, see "Logging on to the MC 3100 Web Console as an

administrator" (page 15).

•

You must be logged into the server as superuser. For more

information, see "Accessing the server command line as superuser"

(page 101).

Procedure steps

Step Action

2 Delete the default MC 3100 Administration Server keystore.

3 Generate the MC 3100 Administration Server keystore and

Change to the certificate keystore directory.

cd /opt/mobilitygw-2.0/server/default/data

rm admin-ssl-keystore

If the keystore does not exist, you see the message

rm: cannot Istat ’ssl-keystore’: No such file directory

private key.

/usr/java/jdk1.5.0_03/bin/keytool -genkey

-validity <valDays> -alias smog-ssl -keyalg RSA

-keystore ssl-keystore

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 77

Generating a CSR for MCG 3100 Administration Server 77

When prompted, enter the MC 3100 Administration Server keystore password. You should choose a strong password.

When prompted for a first and last name, enter the Common Name for the MC 3100 Administration Server. Use a fully qualified domain name (FQDN), for example, mg.domain.com.

Attention: The same FQDN must be entered on all mobile clients that employ SSL/TLS.

6 If required by your CA, enter the optional information (for

example, organization or city) when prompted.

When prompted to enter the key password for SMOG-SSL, press

Return to use the keystore password specified in Step 4.

8 Change ownership of the MC 3100 Administration Server

keystore from root to mobility with the following two commands:

chown mobility:mobility admin-ssl-keystore

chmod 755 admin-ssl-keystore

9 Generate the certificate signing request for the MC 3100

Administration Server.

/usr/java/jdk1.5.0_03/bin/keytool -certreq

-keyalg RSA -alias smog-ssl -file mgcertreq.csr

-keystore admin-ssl-keystore

10 Update the HTTPS certificate password for the MC 3100

Administration Server with the password specified in Step

4 using the following command:

/usr/java/jdk1.5.0_03/bin/java

-cp ../lib/jbosssx.jar org.jboss.security.plugins.FilePassword mobility 13 <password> keystore.password

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 78

78 Server certificate management

Variable deﬁnitions

Variable Definition

<password> The new password for the keystore

<valDays> The number of days that the

Obtaining a signed certiﬁcate

Obtain your signed certificates from the Certificate Authority (CA) and save them in an accessible location.

Some CA root certificates may be preinstalled on your system or devices, and these preinstalled certificates do not need to be reinstalled. Also, some CAs provide intermediate certificates instead of root certificates. This procedure handles intermediate certificates and root certificates.

Procedure steps

Default: mobility

certificate is valid.

Range: 0 to 3600

Step Action

Use the certificate management tools provided by your CA to access the prompt or Web page where you can request certificates.

2 3 4 Paste the contents into the prompt or Web page. 5

If prompted to specify a server type, select Apache. Open the CSR file (mgcertreq.csr or admincertreq.csr).

Request your signed SSL/TLS certificate. The CA generates your signed SSL/TLS certificate and E-mails it

to your enterprise certificate administrator.

Save the SSL/TLS certificate to a location that is accessible from the server.

7 Distribute the certificate to clients. For instructions on

how to install certificates on PC-based clients, consult the documentation provided with your web browser. For instructions on installing certificates on mobile clients, see "Client certificate

management" (page 83).

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 79

Obtaining the CA-signed certificate for the MCG 3100 Administration Server 79

Obtaining the CA signed SSL/TLS certiﬁcate for MCG 3100 Gateway Server

Obtain your signed SSL/TLS certificates from the CA, and save them in an accessible location.

Procedure steps

Step Action

1 Use the certificate management tools provided by your CA

to access the prompt or Web page where you can request certificates.

2 If prompted to specify a server type, select Apache. 3 Open the CSR file (mgcertreq.csr). 4 5 Request your signed SSL/TLS certificate.

Paste the contents into the prompt or Web page.

The CA generates your signed SSL/TLS certificate and E-mails it to your enterprise certificate administrator.

6 Save the SSL/TLS certificate to a location that is accessible from

the server.

--End--

Obtaining the CA-signed certiﬁcate for the MCG 3100 Administration Server

Obtain your signed SSL/TLS certificates from the CA, and save them in an accessible location.

Attention: If the MCG 3100 Server and MCG 3100 Administration Server are on the same machine, you can skip this procedure.

Procedure steps

Step Action

1 Use the certificate management tools provided by your CA

to access the prompt or Web page where you can request certificates.

2 If prompted to specify a server type, select Apache. 3 Open the CSR file (admincertreq.csr).

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 80

80 Server certificate management

4 5 Request your signed SSL/TLS certificate.

Paste the contents into the prompt or Web page.

The CA generates your signed SSL/TLS certificate and e-mail it to your enterprise certificate administrator.

Save the SSL/TLS certificate to a location that is accessible from the server.

--End--

Installing the root and signed certiﬁcates on the MCG 3100 Gateway Server

Install the root and signed certificates onto the MCG 3100 Gateway Administration Server.

Prerequisites

• You must be logged into the server as superuser. For more

information, see "Accessing the server command line as superuser"

(page 101).

• The root and signed certificates must be saved in a location that is

accessible from the MCG 3100 server.

Procedure steps

Step Action

3 To import your signed TLS certificate for the MCG 3100 Gateway

To change to the certificate keystore directory, enter

cd /opt/mobilitygw-2.0/server/default/data

To import the CA root or intermediate certificate to the MCG 3100 Gateway Server, enter

/usr/java/jdk1.5.0_03/bin/keytool -import

-trustcacerts -keystore ssl-keystore -alias root

-file <path-root_cert_file>

Server, enter

/usr/java/jdk1.5.0_03/bin/keytool -import

-keystore ssl-keystore -alias smog-ssl -file <path-signed_mgcert_file>

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 81

Installing the root and signed certificates on the Administration Server 81

Variable deﬁnitions

Variable Definition

<path-root_cert_file> The full name of the root certificate file,

including the path

<path-signed_mgcert_file> The full name of the MCG 3100 TLS certificate,

including the path

Installing the root and signed certiﬁcates on the Administration Server

Install the root and signed certificates onto the MCG 3100 Administration Server.

Prerequisites

•

You must be logged into the server as superuser. For more

information, see "Accessing the server command line as superuser"

(page 101).

•

The root and signed certificates must be saved in a location that is

accessible from the MCG 3100 server.

Procedure steps

Step Action

4 To restart the server, enter

To change to the certificate keystore directory, enter

cd /opt/mobilitygw-2.0/server/default/data

To import the CA root or intermediate certificate to the MCG 3100 Administration Server, enter

/usr/java/jdk1.5.0_03/bin/keytool -import

-trustcacerts -keystore admin-ssl-keystore -alias root -file <path-root_cert_file>

To import your signed TLS certificate for the MC 3100 Administration Server, enter

/usr/java/jdk1.5.0_03/bin/keytool -import

-keystore admin-ssl-keystore -alias smog-ssl -file <path-signed_admincert_file>

appstart restart

Attention: Do not use the Web Console to restart the server.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 82

82 Server certificate management

Enter the root password when prompted.

Attention: Make a backup copy of your keystore databases (ssl-keystore and admin-ssl-keystore). This is a vital step as a precaution against overwriting, deleting, or corrupting the file.

--End--

Variable deﬁnitions

Variable Definition

<path-root_cert_file> The full name of the root certificate file,

including the path

<path-signed_admincert_file> The full name of the MCG 3100 TLS certificate,

including the path

Copy single server keystore

To copy the Gateway Server keystore to the administration server for the single server.

Prerequisites

• You must be logged into the server as superuser. For more

information, see "Accessing the server command line as superuser"

(page 101).

• The root and signed certificates must be saved in a location that is

accessible from the MCG 3100 server.

Procedure steps

Step Action

1 Change to the certificate keystore directory:

2 Enter the following command:

cd /opt/mobilitygw2.0/server/default/data

cp ssl-keystore admin-ssl-keystore

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 83

Client certiﬁcate management

This module describes the procedures you use to manage client certificates on the devices.

Typically, you E-mail the root certificate to your users, and they must install the certificates on their devices. Root certificates have two formats—DER and PEM. Distribute the DER-formatted certificates to Windows Mobile Version 5, Nokia and BlackBerry users. Distribute the PEM-formatted certificates to Windows Mobile Version 6 users.

Navigation

•

"Installing a root certificate on a Nokia device" (page 83)

•

"Installing a root certificate on a Windows Mobile device" (page 84)

•

"Installing a root certificate on a BlackBerry device in the non-BES

configuration" (page 85)

Installing a root certiﬁcate on a Nokia device

Install a root certificate on a Nokia device to implement security and enable the user to engage in secure communications sessions. This procedure can be used in the E-mail you send to the users, as described in "Client upgrade methods" (page 49).

Procedure steps

Step Action

1 Download the certificate to your computer. 2 Connect the device to your computer with a USB cable. 3 On the computer, select Start, Programs, Nokia PC Suite,

Nokia PC Suite.

4 Click File Manager. 5 Copy the root certificate file (.cer extension) to the Nokia Phone

Browser, Nokia-xxx, Phone memory, Data, Documents

directory.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 84

84 Client certificate management

6 7

On the device, press the Menu key. Select Office, File mgr, Documents. On some Nokia devices, you start by selecting Tools before

selecting the rest of the menu entries.

8 9

Select the certificate. Select Options, Open. The Save Certificate window appears, asking you to save or

discard the certificate.

Select Save. You see a prompt warning that the certification might be unsecure.

11 Select Save.

You see a prompt asking for a label for the certificate.

12 13 When the Certificate Uses prompt appears, select the Internet

Select OK.

check box. The root certificate is installed in the device.

--End--

Installing a root certiﬁcate on a Windows Mobile device

Install a root certificate on a Windows Mobile device to implement security and enable the user to engage in secure communications sessions. This procedure can be used in the E-mail you send to the users, as described in "Client upgrade methods" (page 49).

Procedure steps

Step Action

1 Download the certificate to your computer. 2 3 On the computer, start ActiveSync, and then click Explore. 4 Copy the root certificate file (.cer extension) to the device. 5 On the device, locate the certificate using File Explorer and

6 Windows Mobile Version 6 users see a message about the

7 Select Install to install the root certificate on your device.

Connect the mobile device to your computer with a USB cable.

select it.

certificate. Select More to read the remainder of the message.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 85

Installing a root certificate on a BlackBerry device in the non-BES configuration 85

Attention: If the CA’s root certificate is not installed, you

should still be able to log in, although you will receive a warning message that the client is using “Unknown Certificate Authority.”

--End--

Variable deﬁnitions

Variable Definition

<certificate name> Name of the root certificate file. <CA Name> Name of the Certification Authority.

Installing a root certiﬁcate on a BlackBerry device in the non-BES conﬁguration

Install a root certificate on a BlackBerry in the non-BES configuration to implement security and enable the user to engage in secure communication sessions. This procedure can be used in the E-mail you send to the users, as described in "Client upgrade methods" (page 49).

Procedure steps

Step Action

1 2 3

5 Click Next. 6 Click Place all certificates in the following store. 7 Click Browse. 8 Click Trusted Root Certification Authorities. 9 10 Click Finish. 11 In the Security Warning dialog box, click Yes.

Download the certificate to your computer. On the computer, right-click the root certificate. Click Install certificate. You receive the prompt

Do you want to open this file?

Select Open. The Certificate Import Wizard appears.

Click Next.

The confirmation prompt appears.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 86

86 Client certificate management

12 13 Connect your BlackBerry to the BlackBerry Desktop Manager. 14

Click OK.

Double-click Certificate Synch.

Attention: If you do not have the certificate synchronization tool, reinstall the BlackBerry Desktop Software using the custom installation option and install the certificate synchronization tool, before doing this step.

15 On the Root Certificate tab, select the certificate to download. 16

Click Synchronize to load the certificate on the device.

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 87

Server certiﬁcate administration

This module describes the procedures you use to administer server certificates.

Navigation

•

"Changing the certificate keystore default password" (page 87)

•

"Generating a self-signed certificate for MCG 3100 Gateway Server"

(page 89)

•

"Generating a self-signed certificate for MCG 3100 Administration

Server" (page 91)

Changing the certiﬁcate keystore default password

MC 3100 applications use the information in the Gateway server configuration (HTTPS certificate password field) to access the keystore used for client-server communications (ssl-keystore). The password is only used within the MCG 3100.

The default password for the ssl-keystore is mobility. You can change the default ssl-keystore password to increase security or if administrative access to the MCG 3100 is compromised.

Attention: Do not change the keystore password for administrative access (admin-ssl-keystore). This keystore must always use the mobility password.

Click here to view a multimedia presentation on changing the keystore default password (www31.nortel.com/webcast. cgi?id=7490)

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 88

88 Server certificate administration

Prerequisites

• You must be logged into the server as superuser. For more

information, see "Accessing the server command line as superuser"

(page 101).

•

You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 At the command line, execute the following commands:

cd /opt/mobilitygw-2.0/server/default/data

/usr/java/jdk1.5.0_03/bin/keytool -storepasswd

-new <newpw> -storepass <oldpw> -keystore /opt/MobilityGateway/server/default/data/ssl-k eystore

/usr/java/jdk1.5.0_03/bin/keytool -keypasswd

-alias smog-ssl -keypass <oldpw>

-new <newpw> -keystore ssl-keystore

2 At the prompt, enter <newpw>. 3

Change the keystore owner to mobility:

chown mobility:mobility ssl-keystore

4 On the MCG 3100 Web Console, select System Configuration,

Gateway Actions, Configure Gateway.

5 6 Click Save. 7

In the HTTPS certificate password field, enter <newpw>

To restart the service, access the command line and enter:

appstart restart

Attention: Do not use the Web Console to restart the server.

8 Enter the root password when prompted.

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 89

Generating a self-signed certificate for MCG 3100 Gateway Server 89

Variable deﬁnitions

Variable Definition

<oldpw> Existing keystore password.

Default: mobility

<newpw> Your new chosen password.

Generating a self-signed certiﬁcate for MCG 3100 Gateway Server

Generate a self-signed certificate as an alternative to enrolling with a Certificate Authority. Self-signed certificates do not provide the same level of security as CA-signed certificates and should be used only for test or demonstration purposes. You must create certificates for the MCG 3100 Gateway Server and the MCG 3100 Administration Server.

After you complete this procedure, you need to distribute the client certificate as described in "Client certificate management" (page 83).

Click here to view a multimedia presentation on generating self-signed certificates (www31.nortel.com/webcast.cgi? id=7491)

Prerequisites

• You must be logged into the server as superuser. For more

information, see "Accessing the server command line as superuser"

(page 101).

• You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 Change to the certificate keystore directory for the MCC 3100

2 Delete the MCG 3100 Gateway server default keystore.

system:

cd /opt/mobilitygw-2.0/server/default/data

rm ssl-keystore

Attention: For extra security, you can back up the keystore before deleting it.

3 Generate the self-signed certificate keystore for the MCG 3100

Gateway server.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 90

90 Server certificate administration

/usr/java/jdk1.5.0_03/bin/keytool -genkey

-validity <valDays> -keyalg RSA -keystore ssl-keystore -alias smog-ssl -keypass <password>

-storepass <password>

Respond to the prompts. For the common name (first and last name), enter a fully qualified domain name (FQDN) such as mg.domain.com.

Change ownership of the MCG 3100 Gateway server keystore from root to mobility with the following command:

chown mobility:mobility ssl-keystore

chmod 755 ssl-keystore

6 Generate the client certificate (for installation on the client

devices):

/usr/java/jdk1.5.0_03/bin/keytool -export

-keystore ssl-keystore -alias smog-ssl -file ssl-keystore.der -storepass <password> -keypass <password>

To create the certificate for the Windows Mobile users, enter the following command:

cp ssl-keystore.der ssl-keystore.cer

On the MC 3100 Web Console, select System Configuration, Gateway Actions, Configure Gateway, and Edit.

In the HTTPS certificate password field, enter <password>.

10 Click Save 11 Distribute the certificate to clients. For instructions on

how to install certificates on PC-based clients, consult the documentation provided with your web browser. For instructions on how to install certificates on mobile clients see "Client

certificate management" (page 83).

Variable deﬁnitions

Variable Definition

<password> The password for the keystore. <valDays>

The number of days that the certificate is valid.

Range: 0 to 3600

Nortel Mobile Communication 3100

Nortel Mobile Communication 3100 Administration and Security

NN42030-600 03.08 17 July 2009

--End--

Page 91

Generating a self-signed certificate for MCG 3100 Administration Server 91

Generating a self-signed certiﬁcate for MCG 3100 Administration Server

Prerequisites

•

You must be logged into the server as superuser. For more

information, see "Accessing the server command line as superuser"

(page 101).

Procedure steps

Step Action

At the command line for MC 3100 systems, change to the certificate keystore directory:

cd /opt/mobilitygw-2.0/server/default/data

At the server command line, delete the MCG 3100 Administration Server default keystore.

rm admin-ssl-keystore

Attention: For extra security, you can back up the keystore before deleting it.

Generate the self-signed certificate keystore for the MCG 3100 Administration server.

/usr/java/jdk1.5.0_03/bin/keytool -genkey

-validity <valDays> -keyalg RSA -keystore admin-ssl-keystore -alias smog-ssl -keypass <password> -storepass <password>

Attention: The admin-ssl-keystore password must always be mobility.

4 Respond to the prompts. For the common name (first and last

name), enter a FQDN such as mg.domain.com.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 92

92 Server certificate administration

Change ownership of the MCG 3100 Administration keystore from root to mobility with the following command:

chown mobility:mobility admin-ssl-keystore

chmod 755 admin-ssl-keystore

6 Generate the client certificate for the MCG 3100 Administration

server.

/usr/java/jdk1.5.0_03/bin/keytool -export

-keystore admin-ssl-keystore -alias smog-ssl -file admin-ssl-keystore.der -storepass <password>

-keypass <password>

Attention: The admin-ssl-keystore password must always be mobility.

Attention: If the clients use the Over the air download mechanism exclusively, you do not require the client certificate for the Administration server.

Use the password specified in step 3 to program the HTTPS certificate password for the MCG 3100 Administration Server.

/usr/java/jdk1.5.0_03/bin/java -cp ../lib/jbosssx .jar org.jboss.security.plugins.FilePassword mobility 13 <password> keystore.password

8 Restart the server:

appstart restart

Attention: Do not use the Web Console to restart the server.

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 93

Generating a self-signed certificate for MCG 3100 Administration Server 93

Variable deﬁnitions

Variable Definition

<password> The password for the keystore. Must be mobility. <valDays>

The number of days that the certificate is valid.

Range: 0 to 3600

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 94

94 Server certificate administration

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 95

Maintenance

This module describes procedures for maintaining the MC 3100.

Navigation

•

"Backing up the MCG 3100 server databases" (page 95)

•

"Restoring the MCG 3100 server databases" (page 96)

•

"Checking the MCG 3100 Software Version" (page 97)

•

"Sending a system notification to all users" (page 97)

•

"Sending a system notification to individual users" (page 98)

•

"Network configuration changes" (page 98)

Backing up the MCG 3100 server databases

Use this procedure to back up the databases and current system configuration. You should perform this procedure after each installation or upgrade, and after you change the system configuration. The backup is created on the server. You should also store the backup in a different location (for example, on another server).

Prerequisites

•

You must be logged into the server as nortel. For more information,

see "Accessing the server command line as nortel" (page 101).

Procedure steps

Step Action

1 To verify that the backup directory exists, enter:

2 To backup the current system configuration, enter:

Nortel Mobile Communication 3100 Administration and Security

ls /admin/nortel/backup

You should see mobilitybase in the directory list.

sudo /opt/mobilitybase/backup.sh

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 96

96 Maintenance

The system creates the backup file /admin/nortel/backup/mobilitybase/mobilitybasebackup.tar

Attention: Nortel recommends that this backup file be copied to another server or other media.

--End--

Restoring the MCG 3100 server databases

Use this procedure when you need to restore system parameters.

Attention: Perform the database restore procedure during a period of low system use because the system is out of service for two or more minutes, depending on the size of the databases.

Prerequisites

• You must be logged into the server as superuser. For more

information, see "Accessing the server command line as superuser"

(page 101).

• Obtain a copy of the backup file if not available on the system.

Attention: This procedure does not restore the shared files for the Instant Conferences.

Procedure steps

Step Action

1 To stop the server processes, enter the following command:

2 To restore the backup, enter the following command:

3 To start the server processes, enter the following command:

appstart stop

/opt/mobilitybase/restore.sh

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 97

Sending a system notification to all users 97

appstart start

--End--

Checking the MCG 3100 Software Version

The MCG 3100 current software version is displayed on the System Configuration page.

Prerequisites

•

You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 Click the System Configuration tab.

The software version number appears on the right side of the System Configuration page.

--End--

Sending a system notiﬁcation to all users

Use this procedure to send a message to all registered users.

Prerequisites

•

You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 Click the System Configuration tab. 2 Select Gateway Actions, Notify. 3 In the Send Notification Message window, type a Subject and

Message.

4 Click Send.

A Notification Message Sent dialog box appears if the notification is sent successfully.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 98

98 Maintenance

A Notification Message Failed dialog box appears if the notification is not sent successfully.

Click Close.

--End--

Sending a system notiﬁcation to individual users

Use this procedure to send a message to an individual registered user or a group of users.

Prerequisites

•

You must be logged in to the MC 3100 Web Console as administrator.

For more information on logging in as an administrator, see "Logging

on to the MC 3100 Web Console as an administrator" (page 15).

Procedure steps

Step Action

1 2 On the User Info page, type the filter parameters by which you

3 Click Filter.

Select the User Info tab.

want to filter.

4 Select the check box for one user, multiple users, or all users. 5 6 In the Send Notification Message window, type a Subject and

Click the Notify tab.

Message.

7 Click Send.

A Notification Message Sent dialog box appears if the notification is sent successfully.

A Notification Message Failed dialog box appears if the notification is not sent successfully.

8 Click Close.

Network conﬁguration changes

If you must change the network configuration parameters of the MCG 3100, you use the networkconfig script to change network parameters configured during the initial installation (for example, IP address or default gateway). This script is part of the Linux Base installation. You must

--End--

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 99

Network configuration changes 99

reboot the MCG 3100 after you run the script. For more information about the networkconfig script, see Linux Platform Base and Applications Installation and Commissioning (NN43001-315).

Attention: The license check uses the hostname as part of the machine identification. If you change the hostname of the MCG 3100, you must reactivate the license. After you reboot the MCG 3100, reload the license file to trigger the reactivation.

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009

Page 100

100 Maintenance

Nortel Mobile Communication 3100 Administration and Security

Nortel Mobile Communication 3100

NN42030-600 03.08 17 July 2009