Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication
Gateway 3100 Installation and
Upgrades
Release: 2.1
Document Revision: 02.03
NN42030-300
.
Download from Www.Somanuals.com. All Manuals Search And Download.
3
.
Contents
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
4
Procedures
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
5
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
6
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
7
.
New in this release
This section details what’s new in Nortel Mobile Communication Gateway
3100 Installation and Upgrades (NN42030-300) for Nortel Mobile
Communication 3100 (MC 3100) Release 2.1.
Features
This section describes the features that impact the book.
This release provides support for the new client, the Nortel Mobile
Communication Client (MCC) 3100 for Windows Mobile Single Mode.
The Mobile Communication Gateway 3100 supports the MCC 3100 for
Windows Mobile Single Mode (unlike the MCC 3100 for Windows Mobile
Dual Mode which does not interact with the MCG 3100).
MCG 3100 supports two methods to access the web console: Hypertext
Transport Protocol (HTTP) and Secure HTTP (HTTPS).
Other changes
This document has been renamed from Nortel Mobile Communication
Gateway 3100 Installation to Nortel Mobile Communication Gateway 3100
Installation and Upgrades.
The following changes were made to the document for MC 3100 Release
2.1
•
•
•
streamlined the How to get help chapter and Introduction chapter
remove references to specific communication servers, where possible
Service update (SU) functionality added
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
8
New in this release
Revision history
May 2008
April 2008
April 2008
Standard 02.03. This document is issued to support Nortel
Mobile Communication 3100 Release 2.1. Only the release
date changed.
Standard 02.02. This document is issued to support Nortel
Mobile Communication 3100 Release 2.1. Added the DNS port
Standard 02.01. This document is issued to support Nortel
Mobile Communication 3100 Release 2.1.
December
2007
Standard 01.04. This document is up-issued to include
changes in technical content documented in CR Q01788812.
October 2007 Standard 01.03. This document is up-issued to include
changes in technical content for software installation and root
certificates.
October 2007 Standard 01.02. This document is up-issued to include
changes in technical content for MCG 3100 configuration
parameter fields.
September
2007
Standard 01.01. This document is issued to support the Nortel
Mobile Communications 3100 Series Portfolio Release 2.0 on
Nortel Communication Server 1000 Release 5.0 and Nortel
Multimedia Communication Server 5100 Release 4.0.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
9
.
How to get help
This chapter explains how to get help for Nortel products and services.
Finding the latest updates on the Nortel Web site
The content of this documentation is current at the time the product
is released. To check for updates to the latest documentation for
the Nortel Mobile Communication 3100 Series Portfolio, go to
http://www.nortel.com and navigate to the Technical Documentation page
for Mobile Communication 3100.
Getting help from the Nortel Web site
The best way to get technical support for Nortel products is from the Nortel
Technical Support Web site:
This site provides quick access to software, documentation, bulletins, and
tools to address issues with Nortel products. From this site, you can:
•
•
download software, documentation, and product bulletins
search the Technical Support Web site and the Nortel Knowledge Base
for answers to technical issues
•
•
sign up for automatic notification of new software and documentation
for Nortel equipment
open and manage technical support cases
Getting help over the telephone from a Nortel Solutions Center
If you do not find the information you require on the Nortel Technical
Support Web site, and you have a Nortel support contract, you can also
get help over the telephone from a Nortel Solutions Center.
In North America, call 1-800-4NORTEL (1-800-466-7835). Outside North
America, go to the following Web site to obtain the telephone number for
your region:
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
10 How to get help
Getting help from a specialist by using an Express Routing Code
To access some Nortel Technical Solutions Centers, you can use an
Express Routing Code (ERC) to quickly route your call to a specialist in
your Nortel product or service. To locate the ERC for your product or
service, go to:
Getting help through a Nortel distributor or reseller
If you purchased a service contract for your Nortel product from a
distributor or authorized reseller, contact the technical support staff for that
distributor or reseller.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
11
.
Introduction
This chapter contains the following topics:
•
•
•
Subject
This document describes the Nortel Mobile Communication Gateway
3100 (MCG 3100) server installation, which is part of the Nortel Mobile
Communication 3100 Series Portfolio.
Intended audience
This document is intended for network administrators and those involved
in systems planning. Knowledge of telecommunications and IP telephony
networks is required.
Conventions
The following sections describe the conventions used in this document.
Text conventions
Table 1 "Text conventions" (page 11) describes the text conventions in
this document.
Table 1
Text conventions
Convention
Bold text
Description
Indicates a user interface object, for
example a menu choice or screen
name, for example: Press the OK soft
key.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
12 Introduction
Table 1
Text conventions (cont’d.)
Convention
Description
Italic text
Indicates document titles, for example:
See the Mobile Communication Client
3100 for Windows Mobile User Guide
(NN42030-100).
CLI command text
Indicates CLI command prompts,
input, and output, for example: REQ
NEW <zone #>.
Terminology
This document refers to the supported communication servers
generically as communication server. For information on the supported
Related information
This section lists information sources that relate to this document.
•
•
•
•
•
•
•
•
•
•
Nortel Mobile Communication Client 3100 for Blackberry User Guide
(NN42030-101)
Nortel Mobile Communication Client 3100 for Nokia User Guide
(NN42030-102)
Nortel Mobile Communication Client 3100 for Blackberry Quick
Reference (NN42030-105)
Nortel Mobile Communication Client 3100 for Nokia Quick Reference
(NN42030-106)
Nortel Mobile Communication Client 3100 for Windows Mobile Single
Mode User Guide (NN42030-107)
Nortel Mobile Communication Client 3100 for Windows Mobile Single
Mode Quick Reference (NN42030-108)
Nortel Mobile Communication 3100 Series — Planning and
Engineering (NN42030-200)
Nortel Mobile Communication Gateway 3100 — Administration
(NN42030-600)
Nortel Mobile Communication Client 3100 for Windows Mobile Dual
Mode — Administration (NN42030-601)
Nortel Mobile Communication Gateway 3100 Release Notes
(NN42030-403)
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Related information 13
NTPs
The following NTPs are referenced in this document:
•
•
•
Linux Platform Base and Applications Installation and Commissioning
(NN43001-315)
Nortel Mobile Communication 3100 Series — Planning and
Engineering (NN42030-200)
Nortel Mobile Communication Gateway 3100 — Administration
(NN42030-600)
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
14 Introduction
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
15
.
Fundamentals
This chapter contains the following topics:
•
•
•
•
Overview
This section describes the Nortel Mobile Communication Gateway 3100
(MCG 3100) server hardware and software components and provides an
overview of the installation options.
The MCG 3100 supports the following clients:
•
•
•
Nortel Mobile Communication Client 3100 (MCC 3100) for BlackBerry
Nortel Mobile Communication Client 3100 for Nokia
Nortel Mobile Communication Client 3100 for Windows Mobile Single
Mode
This document refers to the supported clients using the generic term
clients.
ATTENTION
The MCG 3100 does not support the MCC 3100 for Windows Mobile Dual Mode.
The MCC 3100 for Windows Mobile Dual Mode communicates directly with the
communication server.
MCG 3100 server components
Nortel supports the MCG 3100 server software installed only on the Nortel
Linux Base, which is provided by Nortel.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
16 Fundamentals
ATTENTION
You must install the MCG 3100 software on a dedicated server that runs no
other applications.
Hardware components
The MCG 3100 server runs only on the following supported commercial
off-the-shelf (COTS) hardware:
•
HP DL320G4 (NTDU97AAE5)
IBM x306m (NTDU99AAE5)
•
Table 2 "Hardware requirements" (page 16) describes the supported
hardware requirements.
Table 2
Hardware requirements
Hardware
Specification
Processor
3.0 GHz
Memory
2 GB DRAM
Hard Disk Drive
Network Interface Card
Power Supply
1-80 GB SATA Disk
2 1-GB Ethernet Cards
1 power supply
Software components
The MCG 3100 software installation includes the following software
components:
•
•
•
Mobile Communication Gateway (MCG) 3100—enables the clients to
access advanced collaborative IP telephony services on the enterprise
network. Using the clients, users can search the corporate directory,
manage voice mail, dial by extension number, and hold group calls
with predefined groups of users.
MCG 3100 Administration Server—includes the Web Console, a
Web-based tool that administrators use to start, stop, and reload
server processes, update operating parameters, monitor users, track
messaging statistics, and manage the distribution of client software.
The Administration server also includes a database of server activity.
MCG 3100 Group Call Server—hosts ad hoc conference calls with
predefined groups of users within the enterprise network. The Group
Call server includes a database of group call activities.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Overview of the MC 3100 installation 17
Installation options
Two installation options exist:
•
MCG 3100 Server is installed on one server—all software components
are installed on one supported COTS server. This is the nonredundant
configuration.
•
MCG 3100 Server is installed on two servers—all software components
are installed on two supported COTS servers, configured identically. If
one server fails or is unavailable, the clients switch to the other server.
This is the redundant configuration.
For more information about these options, see “Nonredundant and
For a list of supported COTS servers, see “Hardware components” (page
16).
For more information about MCG 3100 redundant servers, see Nortel
Mobile Communication Gateway 3100 — Administration (NN42030-600).
Overview of the MC 3100 installation
Figure 1 "Installation overview" (page 17) shows the task flow for the MCG
3100 installation.
Figure 1
Installation overview
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
18 Fundamentals
Before you start the installation, read Nortel Mobile Communication 3100
Series — Planning and Engineering (NN42030-200).
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
19
.
Preinstallation
This chapter contains the following topics:
•
•
•
Overview
Before you install the Mobile Communication Gateway 3100 (MCG 3100)
server software, you must perform some preinstallation configuration and
verification. To preconfigure the host server and the network enterprise
network, perform the following tasks:
•
•
Install the Nortel Linux operating system (OS) on the host server.
Verify the enterprise network setup—the Lightweight Directory Access
Protocol (LDAP) servers and Domain Name Server (DNS) must be
installed and started.
Linux base installation
MCG 3100 uses the same Linux base as Nortel Communication Server
(CS) 1000. However, during the Linux base installation for MCG 3100, you
make the following platform-specific configuration changes:
•
Physical connection
Use only the eth1 physical network interface.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
20 Preinstallation
ATTENTION
Carefully observe the labels for the network interfaces of the specific
platforms.
— HP COTS platform: The network interfaces can be labelled (0,1) or (1,
2).
The lower number is eth0 and the higher number is eth1.
— IBM 306M platform: The network interfaces are labelled backwards.
Interfaces (0, 1) are eth1 and eth0 respectively.
•
IP addresses
During the Linux base installation, the software prompts you to enter
the TLAN and ELAN network interface IP addresses.
— Configure the ELAN network interface IP with an unused private
IP address.
The IP standard reserves specific address ranges within Class
A, Class B, and Class C for use by private networks (intranets).
Table 3 "Reserved IP address ranges" (page 20) lists the reserved
ranges of the IP address space.
Table 3
Reserved IP address ranges
Class
Private starting address
10.0.0.0
Private ending address
10.255.255.255
A
B
C
172.16.0.0
172.31.255.255
192.168.0.0
192.168.255.255
— Configure the TLAN network interface IP to the same IP address as
the MCG 3100 and corresponding physical eth1 network interface.
To familiarize yourself with the Linux base installation procedure, see
Linux Platform Base and Applications Installation and Commissioning
(NN43001-315).
Enterprise network verification
The following requisites must be installed and configured on the enterprise
network:
•
Domain Name Server (DNS)
ATTENTION
Nortel recommends that you program the DNS with the IP addresses of the
License Server, the primary Enterprise Communication Server (ECS), and
the alternate ECS.
To verify that DNS is functional, use the ping command and enter the
fully qualified domain name (FQDN) of a server on the network.
•
Lightweight Directory Access Protocol (LDAP) server
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Enterprise network verification 21
To verify communication with the LDAP server, use the ping command.
After the installation and commissioning is complete, you can verify
that LDAP is working by performing a Corporate Directory (Corp Dir)
search from a client.
You should ensure that the DNS and LDAP server can be accessed from
the MCG 3100.
Supported LDAP servers
You can configure the MCG 3100 server to query a corporate directory
so that the mobile clients can use the Directory lookup feature on their
devices.
The Directory lookup feature uses LDAP to perform the query on one of
the following supported directory servers:
•
•
Active Directory/Exchange Server 2000 or 2003
Nortel Common Network Directory (CND)
Telephony Manager (TM) 3.1 in CS 1000 includes CND.
For information about configuring LDAP parameters on the MCG 3100,
see Nortel Mobile Communication Gateway 3100 — Administration
(NN42030-600).
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
22 Preinstallation
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
23
.
Installation
This chapter contains the following topics:
•
•
•
Overview
After you complete the preinstallation tasks, you install the Nortel Mobile
Communication Gateway 3100 (MCG 3100) software in a nonredundant
or redundant server implementation. During the MCG 3100 software
installation, a number of prompts appear. You can accept the default
value, or enter a new value at each prompt.
Nonredundant and redundant server implementations
For a nonredundant server implementation, install the software on a
standalone server. For a redundant server implementation, install the
software on two servers.
ATTENTION
You must install the license file on each of the servers in a redundant
implementation.
Nonredundant server option
A nonredundant (or standalone) server implementation does not provide
redundancy and therefore provides no failover protection. If a server
component fails or becomes inaccessible, the mobile clients are denied
access until the server recovers.
Redundant server option
A redundant server implementation provides high availability. If an active
server component fails or becomes inaccessible, the mobile clients can
restart a communication session with the backup server.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
24 Installation
Rules for redundant server implementations
In a redundant server configuration, mobile clients access the active
server, and not the inactive backup server. The two servers switch roles
freely, and the following rules determine the status—either ACTIVE or
INACTIVE:
•
If you do not enter a backup IP address in the MCG 3100 Web
Console, the server starts in ACTIVE mode.
•
If you enter a backup IP address in the MCG 3100 Web Console, the
server starts in STANDBY mode and attempts to locate the backup
server.
•
•
•
•
If the backup server is found in STANDBY mode, the server with the
lower IP address is declared ACTIVE.
If the backup server is found in ACTIVE mode, the backup server
remains ACTIVE.
If the backup server is not found within approximately 45 seconds, the
local server is declared ACTIVE.
If the ACTIVE server stops, the STANDBY server becomes ACTIVE
after approximately 45 seconds.
ATTENTION
If the MCG 3100 server fails, the Administration Server and Group Call Server
fail also.
Software installation
Install the MCG 3100 software after you complete the preinstallation
During the software installation, a number of prompts appear. You can
either accept the default value or enter a new value at each prompts.
ATTENTION
You must know the root password to perform the following procedure.
Procedure 1
Installing the MCG 3100 software
Step
1
Action
At the server (host server), insert the MCG 3100 software CD
into the CD-ROM drive.
2
Log on to the server as nortel.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Software installation 25
3
Locate the MCG 3100 software on the CD and enter the
following command:
appinstall
The installation script prompts you for the root password.
Enter the root password.
4
5
The following prompt appears:
Do you want to check the media [Y][N]?
To verify the media, enter Y (Yes).
For a new installation, the following prompt appears:
Installation stage Nortel MCG 3100 Mobile Gateway
Installation 1. MCG 3100 5.00.20
Please select the supported configuration # to
install.
For a software reinstallation, you receive a prompt to remove any
previous installations.
6
OR
To start a software reinstallation, select Y (Yes) to confirm the
7
8
If you receive a prompt to perform a reinstall (1) or an upgrade
(2), enter 1 for a reinstall.
The application RPM files are installed in the /opt/mobilitybase
directory.
Read the Nortel software license agreement.
NORTEL SOFTWARE LICENSE - IMPORTANT NOTICE:
Carefully read this license agreement ("License")
BEFORE (a) downloading this software ("Software"),
(b) installing, using or accessing the software
provided (also "Software"), or (c) installing or
using the hardware unit provided with pre-enabled
software (also "Software") or using or accessing
such Software.
...
...
...
Do you agree to the above license terms? [yes or no]
9
To agree to the license agreement, enterYES
The software installation proceeds.
Nortel Mobile Communications Gateway 3100
installation in progress
...
...
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
26 Installation
...
RPM installation complete. Please follow post
installation instructions.
The term postinstallation instructions refers to the postinstallation
configuration procedures. For more information, see
10
11
Remove the CD.
Proceed to postinstallation configuration.
OR
10 on the second server.
--End--
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
27
.
Postinstallation
This chapter contains the following topics:
•
•
•
•
•
After the MCG 3100 installation completes, the client software must be
installed on the devices. For instructions on installing the client software,
see Nortel Mobile Communication Gateway 3100 — Administration
(NN42030-600).
Overview
Before you can use the Nortel Mobile Communication Gateway 3100
(MCG 3100) server to provide IP telephony services, you must perform
the following postinstallation tasks:
•
•
•
•
MCG 3100 Web Console logon
You must log on to the Web Console to configure the MCG 3100
parameters and to add the license file.
Procedure 2
Logging on to the MCG 3100 Web Console
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
28 Postinstallation
Step
Action
1
In a Web browser address bar, enter one of the following
addresses:
OR
where
<hostname> is the domain name of the server.
2
At the Web Console log on screen, enter the following default
username and password:
• Username: admin
• Password: password
The username and password are case sensitive.
ATTENTION
Nortel recommends that you change the default password.
3
Click Sign In.
--End--
MCG 3100 parameter configuration
You must configure the MCG 3100 parameters to communicate with the
following network elements:
•
•
•
Enterprise Communications Server (ECS)
Backup MCG 3100 (if installed)
Lightweight Directory Access Protocol (LDAP) Server
Use the Configuration window buttons for the following tasks:
•
Unlock—unlocks the configuration parameters to enable them to be
updated.
•
•
•
Lock—locks the configuration parameter fields.
Save—saves updates and prompts you to restart the server.
Load current values—restores the current server values to the
parameter fields.
Procedure 3
Configuring the MCG 3100 parameters
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
MCG 3100 parameter configuration 29
Step
1
Action
Log on to the MCG 3100 Web Console using the Administrator
username and password, as described in Procedure 2 “Logging
2
3
4
Click Gateway.
Click Configuration for the Gateway you want to modify.
Click Unlock.
The configuration parameters unlock and can be modified.
Modify the configuration parameters as required.
5
For a description of the parameter fields, see Table 4
6
7
Click Save to save the modified parameters.
Click OK to restart the server.
--End--
Table 4
MCG 3100 configuration parameter fields
Field
Description
Gateway Address
The IP address that the local MCG 3100 uses for HTTP traffic.
Backup Gateway SIP
Listening Address
The IP address and port of the second MCG 3100 in a redundant
pair.
Syntax: [IP]:[port]
Example: 192.167.130.76:5060
Gateway SIP Listening
Address
The host name or IP address where the SIP gateway receives
inbound SIP requests over UDP.
Syntax: [IP]:[port]
Example: 192.167.130.75:5060
Primary ECS Address
The IP address and port of the primary Enterprise Communication
Server. For CS 1000, this is the primary SIP Proxy Server (SPS).
Syntax: [IP]:[port]
Example: 192.167.101.2:5060
Secondary ECS Address
Group Call Server Address
The IP address and port of the secondary Enterprise
Communication Server (if available).
Syntax: [IP]:[port]
Example: 192.167.101.2:5060
The IP address and port of the group call server.
The group call server IP address is the local MCG 3100 IP
address with the port configured on the group call server page.
Syntax: [IP]:[port]
Example: 192.167.130.75:5072
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
30 Postinstallation
Table 4
MCG 3100 configuration parameter fields (cont’d.)
Field
Description
LDAP Server Address
The IP address and port of the LDAP server that hosts the
corporate directory. Obtain this value from the directory
administrator.
Syntax: [IP]:[port]
Example: 192.167.3.99:389
LDAP Username
The username required to gain access to the LDAP server that
hosts the corporate directory.
Syntax: domain\username
LDAP Password
The password required to gain access to the LDAP server that
hosts the corporate directory.
LDAP Search Base
The unique name of the search base object (node) that defines
the location in the directory from which the LDAP search begins.
LDAP Security Authorization
The authorization mechanism used to connect to the LDAP
server.
The options are:
• None (no authentication, anonymous)
• Simple (usernames and passwords sent as clear text)
The default value is simple.
Mobile Number Prefix
When Mobile Users accept an incoming call notification, they can
choose where to take the call. They can take the call on their
cell phone, home phone, an office extension, or on any of the
preconfigured contact numbers on the MCC 3100. If the chosen
number begins with the Mobile Number Prefix (usually a +), the
caller hears a call progress announcement. If the chosen number
does not have the prefix, the caller does not hear a progress
announcement.
Gateway name
The gateway ID for the MCG 3100 that is defined on the
communication server.
For CS 1000, this is the gateway endpoint name for the
MCG 3100 configured on the SPS.
User Prefix for Call
Termination
The mobility Home Location Code (HLOC) that is added to the
Personal Call Assistant (PCA) target Directory Number (DN) on
the CS 1000 to ensure a uniquely routable number from the PCA
to the MCG 3100. The MCG 3100 uses this parameter to strip
leading digits from the request-URI to produce the username of
the MCC 3100 for which the call is destined.
User Prefix/Phone-context for
Call Origination
The parameter applied to the p-asserted-id (PAI) as input to the
Sourced-based routing (SBR) feature on the CS 1000 SPS. If
the input is a digit the digit is prepended to the username portion
of the PAI. If the input is not a digit, a phone-context=<input>
parameter is added.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
License file 31
Table 4
MCG 3100 configuration parameter fields (cont’d.)
Field
Description
Dial In Service DN
This is the number in the request URI for service DN calls proxied
by the CS 1000 SPS to the MCG 3100. The service DN allows
MCG 3100 users to place calls directly from their wireless devices
to other parties using Direct Outbound call mode.
Enterprise numbers are
directly dialable
This parameter is permanently enabled on the MCG 3100
Domain
The realm for SIP registration defined on the Enterprise
Communication Server.
License file
The license file controls how many MCC 3100 users can log on to the
MCG 3100. For example, if your organization purchased a 100-seat
license, a maximum of 100 users can be licensed and log on.
ATTENTION
Licenses are allocated on a first-come, first-served basis, and they remain
allocated until the Administrator deallocates them.
The Administrator must obtain the license file from Nortel and install it on
the MCG 3100 Server. For more information, see Procedure 4 “Adding a
Procedure 4
Adding a license file
Step
1
Action
Obtain the license file and store it in a location that is accessible
from the MCG 3100 Server.
2
Log on to the MCG 3100 Web Console as an administrative
user.
3
4
5
Select the Tools tab.
On the Tools page, under License Upgrade, click Browse.
In the Choose file dialog, locate and select the license file to
upload, and then click Open.
6
7
8
Click Upload.
Select the Gateway tab.
Click Restart.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
32 Postinstallation
9
8 on the redundant server.
--End--
Licence file troubleshooting
Before you contact Nortel to report a licensing issue, perform the following
troubleshooting measures:
•
•
•
•
•
Check the time, date, and time zone of the server.
Check the route to the license server (ping).
Verify DNS for the license server.
Check error diagnostics on Gateway Configuration page.
Restart the MCG 3100 server.
ATTENTION
Always restart the MCG 3100 server after you provide a valid license file or
perform any changes to solve any licensing issue.
Table 5 "Common server license status errors" (page 32) lists some of the
most common server license status errors that can occur.
Table 5
Common server license status errors
Server
License Status
Issue description
The license file is not uploaded.
Resolution
License file not found
Upload a valid license file and
restart.
License is invalid
License expired
This error indicates that the license Upload a valid license file and
file is already activated on another
server.
restart.
This error indicates that the license Upload a valid license file and
file is already activated on another
server.
restart.
ERROR 23:
protocol violation
This error indicates that the local
system clock is out of sync with the
time on the licensing server.
Reset the system clock and restart.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Manage TLS certificates 33
Table 5
Common server license status errors (cont’d.)
Server
License Status
Issue description
Resolution
ERROR 103: Client’s
system clock is
suspect and/or the
client configuration
has been tampered
with.
This error indicates that the system Reset the system clock and restart.
clock was changed after a previous
activation.
ERROR 17:
key limit exceeded
This error indicates that the license Contact Nortel.
file that you provided was activated
before on another machine and
there is no seat available for you to
activate.
ATTENTION
If you start the MCG 3100 for the very first time without a valid license, errors
occur until you upload a valid license and restart the server. You must always
restart the MCG 3100 after you add or modify the license file.
Manage TLS certificates
A Public Key Infrastructure (PKI) uses Transport Layer Security (TLS)
certificates to provide server authentication and private communication.
With a PKI, the communication between the mobile clients and the
MCG 3100 server is secure.
Perform the following tasks to configure the PKI:
•
•
•
•
Enroll with a Certificate Authority (CA).
Generate a Certificate Signing Request (CSR).
Obtain a signed TLS certificate.
Obtain the CA root certificate, intermediate certificate, or both as
required by the CA..
•
•
Install the root or intermediate (or both as required by the CA) and
signed certificates.
Distribute the CA root certificate.
Enroll with a Certificate Authority
Some CAs, such as VeriSign or Entrust, charge a fee for their services.
Others, such as CACert or RapidSSL, provide free or low-cost solutions.
As an alternative to using a commercial CA, you can build your own. For
example, Microsoft Exchange Server includes tools that enable you to
build a CA server that is exclusive to your organization.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
34 Postinstallation
Whether you select a commercial Certificate Authority (CA) or build your
own CA Server, you must provide the following information to enroll:
•
•
•
first and last name of the certificate administrator
e-mail address of the certificate administrator
any other information requested by the CA
ATTENTION
Nortel strongly recommends that you create an e-mail alias for the certificate
administrator. The CA sends renewal notifications and other important
information to this e-mail address. If the administrative responsibilities are
shared, any administrator can access the notifications.
For additional information about commercial Certificate Authorities, go to
any one of the following company Web sites:
•
•
•
•
VeriSign
Entrust
CACert
RapidSSL
For additional information about building your own CA server with
Microsoft Exchange Server 2007, go to the Microsoft Web site at
authority.
Certificate Signing Request generation
A Certificate Signing Request (CSR) is the unique fingerprint of the server
and includes your private and public key pair. You need a CSR to enroll
for a TLS certificate.
Procedure 5 “Generating a CSR” (page 35) describes the steps to
generate a CSR by using Java keytool and sample directories. In this
procedure, you use Java keytool, which is the recommended method. You
can use another tool to generate a CSR if your environment requires that
you do so.
search on the keyword keytool.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Manage TLS certificates 35
A keystore is a file that can contain trusted certificates and combinations
of private keys with their corresponding certificates. The information within
the keystore is organized by alias, for example:
•
tomcat (required): stores the public/private key pair and the Signed
TLS Certificate from the CA
•
•
root (required): stores the CA root certificate information
intermediate (required for some CAs): stores the CA intermediate
certificate information
Procedure 5
Generating a CSR
Step
Action
1
2
At the MCG 3100 Server, log on to the server as nortel.
To become the superuser, enter the following command:
su
3
4
5
To change to the certificate keystore directory, enter:
cd /opt/SQMobilityGW
To delete the default keystore, enter:
rm .keystore
To generate a certificate keystore and private key, enter:
/usr/java/jdk1.5.0_03/bin/keytool -genkey
-alias tomcat -keyalg RSA -keystore .keystore
6
At the prompt, enter the password for the keystore:
firsthand
The default password for the keystore is firsthand. If you
want to change the default password, you must modify the
.xml configuration file for the MCG 3100 Server. For more
information, see “Change the keystore default password” (page
40).
7
Enter the following information as required by the CA:
• First and last name—the Common Name of the keystore.
Use the host name (including domain name) of the server as
the common name (cn). For example: mg.mydomain.com
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
36 Postinstallation
ATTENTION
For the mobile clients that use TLS security, you must enter
the same FQDN in the device System Settings. For information
about the configuration of the System Settings on the device,
see Nortel Mobile Communication Client 3100 for Blackberry
User Guide (NN42030-101) , Nortel Mobile Communication Client
3100 for Nokia User Guide (NN42030-102) and Nortel Mobile
Communication Client 3100 for Windows Mobile Single Mode
User Guide (NN42030-107).
• Organization—your company or organization’s formal name
• Organizational unit—the department, division or other
organizational unit that will use this certificate
• City/Location—the city in which your organization is located
• State/Province—the state or province in which your
organization is located
• Country—the country in which your organization is located
Example
What is your first and last name?
[Unknown]: mcg3100.nortel.com
What is the name of your organizational unit?
[Unknown]: Tech Trials
What is the name of your organization?
[Unknown]: Nortel networks
What is the name of your City or Locality?
[Unknown]: Belleville
What is the name of your State or Province?
[Unknown]: Ontario
What is the two-letter country code for this
unit?
[Unknown]: CA
8
At the prompt, enter the key password for <tomcat>.
OR
If the password is the same as the keystore password, press
Enter.
9
To change ownership of the keystore from root to mobility, enter:
chown nortel:nortel .keystore
chmod 755 .keystore
10
11
To generate the CSR, enter:
/usr/java/jdk1.5.0_03/bin/keytool -certreq
-alias tomcat -keystore .keystore
Enter the keystore password:
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Manage TLS certificates 37
firsthand
The CSR text appears as in the following example:
Sample CSR text
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4G
A1UEChs4lBMHQ XJpem9uYTENA1UEBxMETWVzYTEf
MB0GA1UEChMWTWVs3XbnzYSBDb 21tdW5pdHkgQ2
9sbGVnZTEA1UEAxMTd3d3Lm1jLm1hcmljb3BhLmV
kdTBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQDRNU6
xslWjG41163gA rsj/P108sFmjkjzMuUUFYbmtZX4
RFxf/U7cZZdMagz4IMmY0F9cdp DLTAutULTsZKD
cLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTLg
fmBVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J
0vauJ5VkjXz 9aevJ8dzx37ir3P4XpZ+NFxK1R=
-----END NEW CERTIFICATE REQUEST-----
12
13
Copy the entire CSR text, including -----BEGIN NEW
CERTIFICATE REQUEST----- and -----END NEW
CERTIFICATE REQUEST----- and save it as a text file, for
example CSR.txt.
Store the CSR text file in a safe location.
You require the CSR text file to request a signed TLS certificate
from the CA.
--End--
Signed TLS certificate
You must obtain a signed TLS certificate from the CA and install it in
your keystore. To obtain the signed TLS certificate from the CA, follow
Before you begin, ensure that you have access to the CSR file that you
Procedure 6
Obtaining a signed TLS certificate
Step
1
Action
Using the certificate management tool provided by your CA,
access the prompt or Web page where you request certificates.
2
3
If you receive a prompt to specify the server type, select
Apache.
At the prompt or Web page, paste the entire CSR text, including
-----BEGIN NEW CERTIFICATE REQUEST----- and
-----END NEW CERTIFICATE REQUEST-----.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
38 Postinstallation
OR
Upload the CSR.txt file.
Request a signed TLS certificate.
4
The CA generates a signed TLS certificate and sends it to the
certificate administrator’s e-mail address.
5
Save the signed TLS certificate to a location that is accessible
from the MCG 3100 Server.
You require the signed TLS certificate to perform “Root and
--End--
CA root and intermediate certificates
You must obtain the CA root or intermediate certificate in two formats:
•
•
TXT format for installation on the server
DER format for installation on the mobile devices
To obtain the CA root or intermediate certificate, use the certificate
management tool provided by the CA and follow the steps in Procedure 7
ATTENTION
In some cases the CA provides an intermediate certificate instead of, or
in addition to, the root certificate. Read all instructions provided by the CA
carefully. Follow the same procedure to download an intermediate certificate, as
for the root certificate.
Procedure 7
Obtaining a CA root or intermediate certificate
Step
1
Action
Using the certificate management tool provided by your CA,
locate the root or intermediate certificate in both TXT and DER
formats.
2
3
Download the TXT format for the server.
You can skip this step if your server is preconfigured with your
CA root certificate.
Download the DER format for the client devices.
You can skip this step if the client devices are preconfigured with
your CA root or intermediate certificate.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Manage TLS certificates 39
4
Save both formats of the certificate to a directory location that is
accessible from the MCG 3100 Server.
--End--
Root and signed certificate installation
The keystore must contain the following certificates:
•
the CA root or intermediate certificate (or both as required by the CA)
in TXT format
•
your signed TLS certificate
39) describes the steps to import the certificates. You must know the root
password to perform the following procedure. Root certificate files require
Read and Write permissions for the user nortel.
ATTENTION
The root certificates for some well-known CAs (such as Verisign and Entrust)
are preinstalled on the server and many client devices. If you receive a message
stating that a certificate is already installed, select Yes to replace it, or No to use
the existing certificate.
Procedure 8
Installing the root and signed certificates
Step
Action
1
2
At the MCG 3100 Server, log on to the server as nortel.
Change to the certificate keystore directory:
cd /opt/SQMobilityGW
3
If the CA requires a root certificate, import it (in TXT format):
/usr/java/jdk1.5.0_03/bin/keytool -import
-trustcacerts -keystore .keystore -alias root
-file <absolute_path_root_certificate_file>
4
If the CA requires an intermediate certificate, import it (in TXT
format):
/usr/java/jdk1.5.0_03/bin/keytool -import
-trustcacerts -keystore .keystore
-alias intermediate
-file <absolute_path_intermediate_cert_file>
5
Import the signed TLS certificate:
/usr/java/jdk1.5.0_03/bin/keytool -import
-trustcacerts -keystore .keystore -alias tomcat
-file <absolute_path_signed_certificate_file>
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
40 Postinstallation
ATTENTION
Nortel strongly recommends that you back up the keystore directory
to protect the files against overwriting, deletion, or corruption.
6
Restart the server:
/sbin/service mobilitygw restart
When prompted, enter the root password.
7
--End--
Importing a preinstalled CA root or intermediate certificate
You must know the absolute path to import a preinstalled CA root
certificate into the keystore. Enter one of the following commands:
/usr/java/jdk1.5.0_03/bin/keytool -import
-trustcacerts -keystore .keystore -alias root
-file <absolute_path_root_certificate_file>
OR
/usr/java/jdk1.5.0_03/bin/keytool -import -trustcacerts
-keystore .keystore -alias intermediate -file
<absolute_path_intermediate_cert_file>
Viewing the contents of the keystore
To assist with troubleshooting, you can review the contents of the
keystore. Enter the following command:
/usr/java/jdk1.5.0_03/bin/keytool -list -v -keystore
.keystore
Change the keystore default password
The default password for the keystore is firsthand. For security reasons,
you should change the default password.
Procedure 9
Changing the keystore default password
Step
Action
1
2
At the MCG server, log on to the server as nortel.
To become the superuser, enter the following command:
su
3
To change the keystore default password, enter the following
command:
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Manage TLS certificates 41
/usr/java/jdk1.5.0_03/bin/keytool -storepasswd
-new <new_password> -storepass <od_password>
-keystore /opt/SQMobilityGW
where
<old_password> is the existing keystore password.
<new_password> is your chosen password.
4
Change the working directory:
cd /opt/SQmobilityGW/tomcat/conf/
5
6
Open the server.xml file using an available editor (for example,
vi).
Locate the following default line:
clientAuth="false" sslProtocol="TLS" key
storeFile="/opt/SQMobilityGW/.keystore"
keypass="firsthand"
7
Change keypass="firsthand" to keypass="<new_passwo
rd>" .
where
<new_password> is the password entered in the
keytool command.
8
9
Save and close the server.xml file.
Restart the service:
sudo /sbin/service mobilitygw restart
--End--
CA root certificate distribution
You must ensure the CA root certificate is installed (in DER format) on all
mobile client devices that register with the MCG 3100 Server. Depending
on which CA you choose, the root certificates are preinstalled or you
distribute the root certificates to the clients for manual installation.
Various methods of root certificate distribution are available. Typically, the
administrator e-mails the root certificate to the mobile client users who
need it (Windows Mobile Single Mode and Nokia clients). The users must
install the certificate on their devices.
After the user installs the root certificate, the mobile client communicates
with the MCG 3100 using TLS security.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
42 Postinstallation
ATTENTION
If a user attempts to log on and the root certificate is not installed, a prompt
appears asking for permission to allow access to the MCG 3100 Server. If
permission is granted and the connection fails or times out, the user must install
the root certificate on the mobile client device.
When you send the root certificate to the users, you should send the
following procedures in the e-mail.
Procedure 10
Installing a root certificate on a Nokia device
Step
Action
1
On the PC, open the Nokia PC Suite by choosing Start >
Programs > Nokia PC Suite > Nokia PC Suite.
2
3
Click File Manager.
In the Nokia Phone Browser, browse to the folder that contains
the root certificate, and then select and copy the root certificate.
4
Paste the root certificate into the Nokia Phone Browser > Nokia
<E6x> > Phone memory > Data > Documents folder.
5
6
7
8
On the Nokia phone, press the Menu key.
On the Menu screen, select Office > File mgr > Documents.
In the Documents folder, select the certificate.
Select Options > Open.
You receive a prompt to save the certificate and a security
warning appears.
9
Click Yes.
10
11
Specify a label for the certificate and click OK.
After the Certificate Uses prompt appears, select Internet.
The root certificate installs in the Tools > Settings > Security >
Certif. Management directory.
--End--
Procedure 11
Installing a root certificate on a Windows Mobile Single Mode device
Step
Action
1
2
3
On the PC, connect the mobile device using a USB cable.
On the PC, start the ActiveSync program, and click Explore.
Copy the root certificate file (a .cer file) to the device.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Manage TLS certificates 43
4
5
On the device, locate the certificate using File Explorer and click
on it.
At the continuation prompt , click Accept.
The certificate installs on the device.
--End--
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
44 Postinstallation
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
45
.
System software maintenance
This chapter contains the following topics:
•
•
•
•
System software upgrades
After you complete the initial Mobile Communication Gateway (MCG) 3100
system software installation (a fresh install), you can upgrade the system
software.
You can upgrade the system using
•
an MC 3100 software CD
For more information, see Procedure 12 “Upgrading the MCG 3100
•
a software Service Update (SU) or patch downloaded from the Web
For more information, see Procedure 13 “Upgrading the MCG 3100
You can also remove an SU. For more information, see Procedure 14
ATTENTION
If you have previously installed an SU, you must remove it before installing a
new SU. For more information, see Procedure 14 “Removing an SU” (page 48)
Procedure 12
Upgrading the MCG 3100 system software from CD
ATTENTION
You must know the root password to perform the following procedure.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
46 System software maintenance
Step
1
Action
At the server (host server), insert the MCG 3100 software CD
into the CD-ROM drive.
2
3
Log on to the server as nortel.
Locate the MCG 3100 software on the CD and run the following
command:
appinstall
4
5
Enter the root password.
If you are prompted to remove a previous installation, enter Y
(Yes) to confirm the deletion.
6
If you are prompted to perform a reinstall (1) or an upgrade (2),
press Enter to accept the default value (2).
The application RPM files are installed in the /opt/mobilitybase
directory.
7
8
9
Read the Nortel software license agreement.
To agree to the license agreement, enter YES
8 on the second server.
--End--
Procedure 13
Upgrading the MCG 3100 system software from the Web
ATTENTION
You must have access to the Nortel Enterprise Solutions PEP Library (ESPL)
and you must know the MCG 3100 root password to perform the following
procedure.
ATTENTION
If you have previously installed an SU, you must remove it before installing a
new SU. For more information, see Procedure 14 “Removing an SU” (page 48)
Step
1
Action
From an internet-connected computer, connect to
2
3
After logging in, read the warning and then click Click Here.
Scroll to the Communication Server 1000 / Meridan 1 PEP Tools
section, locate the Patching Reference for CS 1000 Release 5.0
Systems, and click Click Here beside the entry.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
System software upgrades 47
The document contains information about SUs for CS 1000.
4
5
Download the appropriate patches to a location that you can
connect to from the MCG 3100.
Log on to the MCG 3100 as nortel.
6
Transfer the SU you downloaded to the /var/opt/nortel/patch
directory of the MCG 3100.
ATTENTION
The patching software requires all patch files to be stored in the
/var/opt/nortel/patch directory.
7
8
Access the MCG 3100 command line.
To view the current version of software, enter swVersionShow
The MCG 3100 responds with the current version of the
software, for example:
Configuration installed: MCG3100
Configuration version: 5.00.20
mobilitybase 2.1-48
nortel-cs1000-linuxbase 5.00.38
9
To install the load, enter pload
10
When the program prompts Patch filename?, enter the patch
filename.
The MCG 3100 installs the SU, and reports on the success of
the installation. For example:
Patch filename?mobilitybase-2.1.75.el4
Patch mobilitybase-2.1.75.el4
Patch successfully installed.
11
12
To put the SU in service, enter pins 0
The MCG 3100 responds:
Patch handle: 0
The application mobilitybase should be stopped
before putting in service this Service Update
Do you want to continue? (Y/N) [N]?
Enter y
The installation continues, displaying its progress. For example:
Performing the installation:
Name : mobilitybase Relocations: (not
relocatable)
Version : 2.1 Vendor: (none)
Release : 75 Build Date: Thu 14 Feb 2008 12:53:03
PM EST
Install Date: (not installed) Build Host:
masterserver.sipquest.com
Group Applications/Communications Source RPM:
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
48 System software maintenance
mobilitybase-2.1-75.src.rpm
Size : 72043134 License: Commercial Signature :
(none)
Summary : Mobility Gateway Base distribution
package
Description :
facility for the configuration of the platform for
the mobility gw
The server completes the installation.
13
14
Enter
sudo /opt/mobilitybase-2.1-XX/postpatch.sh
where
XX is the load number being installed.
The server completes the installation, which ends with the
message Post patch complete.
To check the SU installation, enter pstat
The server responds with information about the SU status. For
example,
In system patches:1
Patch handle 0*
Filename /var/opt/nortel/patch/mobilitybase-2.1.
75.el4
Patch release version: 5.00.38
Reference number: ISS1:1OF1
Patch is in-service
In-service date: 14/02/08 15:15:46
Patch category: GEN
Patch special instructions: no
Patch member type: RPM
Patch members: mobilitybase-2.1-75.i386.rpm
15
Verify that the version of the SU displays in the server response.
--End--
If you need to remove an SU, use the following procedure.
Procedure 14
Removing an SU
Step
1
Action
Log on to the MCG 3100 as nortel.
To list the current patches and SUs in service, enter pstat
2
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
System software uninstallation 49
The server responds with information about the SU status. For
example,
In system patches:1
Patch handle 0*
Filename /var/opt/nortel/patch/mobilitybase-2.1.
75.el4
Patch release version: 5.00.38
Reference number: ISS1:1OF1
Patch is in-service
In-service date: 14/02/08 15:15:46
Patch category: GEN
Patch special instructions: no
Patch member type: RPM
Patch members: mobilitybase-2.1-75.i386.rpm
3
To take a patch or SU out of service, enter poos 0
The server responds
Patch handle: 0
The application mobilitybase should be stopped before putting
out of service this Service Update
Do you want to continue? (Y/N) [N]?
4
5
Enter y
The RPM patch removal completes.
To complete the removal, enter
sudo /opt/mobilitybase-2.1-XX/postunpatch.sh
where
XX is the load number being removed.
The server continues the removal, which ends with the message
Pre uninstall phase done.
Post uninstall phase done.
Updating iptables rules: [ OK ].
6
To verify that the SU was removed correctly, enter
swVersionShow
The server responds with the version. For example,
Configuration installed: MCG3100
Configuration version: 5.00.20
mobilitybase 2.1-48
nortel-cs1000-linuxbase 5.00.38
--End--
System software uninstallation
You uninstall the Nortel Mobile Communication Gateway 3100
(MCG 3100) system software from the command line.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
50 System software maintenance
Procedure 15
Uninstalling the MCG 3100 system software
WARNING
This procedure removes the MCG 3100 software from the
remove patches.
Step
Action
1
2
Log on to the server as nortel.
From any directory, enter the uninstall command:
sudo rpm -e mobilitygw mobilityadmin sq-base
sq-conf mobileclients
--End--
Admin shell access
Many of the maintenance procedures require that you access the admin
shell and log on using the nortel user account. You have two options for
admin shell access:
•
•
serial port connection
Secure Shell (SSH)
For more information about accessing the admin shell, see Linux Platform
Base and Applications Installation and Commissioning (NN43001-315).
Shell commands
You can use Linux shell commands to perform the following tasks:
•
•
•
Start, stop, or restart the server processes
Check whether the server processes are running
Back up and restore the server databases
For more information, see the following procedures:
•
•
•
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Shell commands 51
•
•
•
•
Procedure 16
Starting, stopping, and restarting the MCG 3100 Server
Step
Action
1
2
Log on to the server as nortel.
To start the MCG 3100, enter
sudo /sbin/service mobilitygw start
To stop the MCG 3100, enter
3
4
sudo /sbin/service mobilitygw stop
To restart the MC 3100, enter
sudo /sbin/service mobilitygw restart
--End--
Procedure 17
Starting, stopping, and restarting the Administration Server
Step
Action
1
2
Log on to the server as nortel.
To start the Administration server, enter
sudo /sbin/service mobilityadmin start
To stop the Administration server, enter
sudo /sbin/service mobilityadmin stop
To restart the Administration server, enter
sudo /sbin/service mobilityadmin restart
3
4
--End--
Procedure 18
Starting, stopping, and restarting the Group Call Server
Step
1
Action
Log on to the server as nortel.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
52 System software maintenance
2
3
4
To start the Group Call Server, enter
sudo /sbin/service sipconf start
To stop the Group Call Server, enter
sudo /sbin/service sipconf stop
To restart the Group Call Server, enter
sudo /sbin/service sipconf restart
--End--
Procedure 19
Checking the Gateway Server processes
Step
1
Action
Log on to the server as nortel.
At the command prompt, enter the following command:
ps -ef | grep SQMobilityGW
2
The following sample output indicates that the process is
running. If only one line appears, the process is stopped and you
must use the restart the procedure. For more information, see
mobility 2400 1 0 Jun12 ? 00:22:22
/usr/java/jdk1.5.0_03/bin/java -Xmx512m -Dcom
.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.port=9800
-Dcom.sun.management.jmxremote.ssl=false -Djava.
util.logging.manager=org.apache.juli.ClassLoader
LogManager -Djava.util.logging.config.file=/opt/
SQMobilityGW/tomcat/conf/logging.properties
-Djava.endorsed.dirs=/opt/SQMobilityGW/tom
cat/common/endorsed -classpath :/opt/SQMobi
lityGW/tomcat/bin/bootstrap.jar:/opt/SQMob
ilityGW/tomcat/bin/commons-logging-api.jar
-Dcatalina.base=/opt/SQMobilityGW/tomcat
-Dcatalina.home=/opt/SQMobilityGW/tomcat
-Djava.io.tmpdir=/opt/SQMobilityGW/tomcat/temp
org.apache.catalina.startup.Bootstrap start
root 9498 9367 0 14:02 pts/0 00:00:00 grep
SQMobilityGW
If the process is not running, only the following line appears:
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Shell commands 53
root 9498 9367 0 14:02 pts/0 00:00:00 grep
SQMobilityGW
--End--
Procedure 20
Checking the Administration Server processes
Step
1
Action
Log on to the server as nortel.
At the command prompt, enter the following command:
ps -ef | grep SQMobilityAdmin
2
The following sample output indicates that the process is
running. If only one line appears, the process is stopped and
you must use the restart the procedure. For more information,
root 2374 1 0 Jun12 ? 00:50:10
/usr/java/jdk1.5.0_03/bin/java -Xmx512m -Dcom
.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.port=9801
-Dcom.sun.management.jmxremote.ssl=false -Djava.
util.logging.manager=org.apache.juli.ClassLoader
LogManager -Djava.util.logging.config.file=/opt
/SQMobilityAdmin/tomcat/conf/logging.properties
-Djava.endorsed.dirs=/opt/SQMobilityAdmin/tom
cat/common/endorsed -classpath :/opt/SQMobili
tyAdmin/tomcat/bin/bootstrap.jar:/opt/SQMobi
lityAdmin/tomcat/bin/commons-logging-api.jar
-Dcatalina.base=/opt/SQMobilityAdmin/tomcat
-Dcatalina.home=/opt/SQMobilityAdmin/tomcat -Dj
ava.io.tmpdir=/opt/SQMobilityAdmin/tomcat/temp
org.apache.catalina.startup.Bootstrap start
root 9542 9367 0 14:04 pts/0 00:00:00 grep
SQMobilityAdmin
If the process is not running, only the following line appears:
root 9542 9367 0 14:04 pts/0 00:00:00 grep
SQMobilityAdmin
--End--
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
54 System software maintenance
CAUTION
Service Interruption
The database backup and restore procedures take the server
out of service for two or more minutes. Nortel recommends that
you perform these procedures during periods of low server use.
The database stores configuration data and licensed user data. You must
know the root password to perform the database backup and restore
procedures.
Procedure 21
Backing up the databases
Step
Action
1
2
Log on to the server as nortel.
To become the root user, enter
su - root
3
4
Enter the password for root.
Stop the server processes by entering
/sbin/service sipconf stop
/sbin/service mobilitygw stop
/sbin/service mobilityadmin stop
5
6
7
Create a backup directory:
mkdir /opt/backup
Change to the backup directory:
cd /opt/backup
At the command prompt, enter:
mysqldump --opt --all-databases >backup.sql
Copy the backup file to an off-site location or removable media.
Start the server processes:
8
9
/sbin/service sipconf start
/sbin/service mobilitygw start
/sbin/service mobilityadmin start
--End--
Procedure 22
Restoring the databases
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Shell commands 55
ATTENTION
You must have a copy of the backup file to restore.
Shared files for group calls and conferences are not restored with this
procedure.
Step
Action
1
2
Log on to the server as nortel.
To become the root user, enter
su - root
3
4
Enter the password for root.
To stop the server processes, enter
/sbin/service sipconf stop
/sbin/service mobilitygw stop
/sbin/service mobilityadmin stop
5
To change to the backup directory, enter
cd /opt/backup
6
7
Copy the backup file from the off-site location or removable
media to the backup directory.
Enter the following commands:
mysql <backup.sql
mysqladmin flush-privileges
8
To start the server processes, enter
/sbin/service sipconf start
/sbin/service mobilitygw start
/sbin/service mobilityadmin start
--End--
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
56 System software maintenance
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
57
.
Appendix A
Port numbers and protocols
Table 6 "Port usage" (page 57) lists the port usage details for the
MCG 3100.
Table 6
Port usage
Port
mapped
through
firewall
Port
21
Protocol
Function
Application
Base Linux
Base Linux
Configurable
TCP
TCP
UDP
FTP
SSH
No
No
No
No
No
No
22
53
Domain Name MCG 3100
Server (DNS)
queries to
external DNS
123
TCP
TCP
NTP
Base Linux
MySQL
No
No
No
No
3306
SQL Client
access
5060
5072
UDP
MCG 3100
SIP interface
MCG 3100
MCG 3100
Yes
Yes
No
No
UDP
TCP
MCG 3100
Group Call SIP
interface
7800
8080
TCP
TCP
MCG 3100
data
replication
MCG 3100
No
No
No
MCG 3100
Client
MCG 3100 Gateway No
interface
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
58 Appendix A Port numbers and protocols
Table 6
Port usage (cont’d.)
Port
mapped
through
firewall
Port
Protocol
Function
Application
Configurable
8282
TCP
MCG 3100
Admin
interface
MCG 3100 Admin
No
No
No
No
No
No
No
8443
8553
9800
9801
TCP
TCP
TCP
TCP
UDP
MCG 3100
Secure Client
interface
MCG 3100 Gateway No
MCG 3100
Secure Admin Administration
interface
MCG 3100
No
JVM
Management
interface
MCG 3100 Gateway No
JVM
JVM
Management
interface
MCG 3100
Administration
JVM
No
26 000 –
26 999
RTP Stream
port range
MCG 3100
Group Call
Yes
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
59
.
Appendix B
Self-signed certificate generation
As an alternative to using a Certificate Authority, you can generate and
use self-signed certificates.
ATTENTION
Self-signed certificates do not provide the same level of security as CA-signed
certificates. Use self-signed certificates for test or demonstration purposes only.
d search on the keyword keytool.
Procedure 23
Generating self-signed certificates
Step
Action
1
2
Log on to the server as nortel.
To become the superuser, enter the following command:
su
3
4
5
Change to the certificate keystore directory:
cd /opt/SQMobilityGW/
Delete the default keystore:
rm .keystore
Generate a self-signed certificate keystore and certificate:
/usr/java/jdk1.5.0_03/bin/keytool -genkey
-alias Tomcat -keyalg RSA -storepass firsthand
-keypass firsthand -dname ’cn=<common name>’
-keystore .keystore -validity xxx
where
xxx represents the number of days until the
certificate expires. The default value is
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
60 Appendix B Self-signed certificate generation
90 days. Nortel recommends using a value of
3650.
ATTENTION
Use the host name (including domain name) of the server as the
common name (cn).
6
Generate the client certificate:
/usr/java/jdk1.5.0_03/bin/keytool -export
-alias Tomcat -file publickey.der
-storepass firsthand -keypass firsthand
-keystore .keystore
7
8
Use a file management utility to move the client certificate to a
location where it can be distributed to users.
Restart the server by entering
service mobilitygw restart
--End--
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
62
T
U
W
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and Upgrades
NN42030-300 02.03 Standard
9 May 2008
Copyright © 2007, 2008 Nortel Networks
Download from Www.Somanuals.com. All Manuals Search And Download.
.
Download from Www.Somanuals.com. All Manuals Search And Download.
Nortel Mobile Communication 3100 Series Portfolio
Nortel Mobile Communication Gateway 3100 Installation and
Upgrades
Copyright © 2007, 2008 Nortel Networks
All Rights Reserved.
Sourced in Canada
Release: 2.1
Publication: NN42030-300
Document status: Standard
Document revision: 02.03
Document release date: 9 May 2008
To provide feedback or to report a problem in this document, go to www.nortel.com/documentfeedback.
LEGAL NOTICE
This document contains Nortel confidential and proprietary information. It is not to be copied, disclosed or distributed in any
manner, in whole or in part, without Nortel’s express written authorization. While the information in this document is believed to
be accurate and reliable, except as otherwise expressly agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS"
WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products
described in this document are subject to change without notice.
Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
All other trademarks are the property of their respective owners.
Download from Www.Somanuals.com. All Manuals Search And Download.
|