Home > Lucent Technologies > Communications System > Lucent Technologies DEFINITY Enterprise Communications Server Release 8.2 Administration For Network Connectivity Manual

Lucent Technologies DEFINITY Enterprise Communications Server Release 8.2 Administration For Network Connectivity Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies DEFINITY Enterprise Communications Server Release 8.2 Administration For Network Connectivity Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    Page
    of 524
    							Japan TTC Q931-a Private Networking Protocols 
    401
    Administration for Network Connectivity
    555-233-504— Issue 1 — April 2000 CID: 77730
    B  Private Networking
    TTC Q931-a Protocols
    The TTC defined private networking ISDN protocol is largely based upon ITU-T 
    Q.931 protocol.  DEFINITY ECS supports the following TTC defined protocols:
    Basic Call support as defined in JT-Q931-a “Digital Interface between PBXs 
    (Common Channel Signaling) — Layer 3”
    Number Identification Services as defined in JT-Q951-a “Digital Interface between 
    PBXs (Supplementary Services) — Number Identification Services”
    Differences from ITU-T Q.931 include:
    •symmetrical operation as Peers similar to QSIG protocol, i.e. No Network/User 
    definition
    •different protocol discriminator
    •Progress Indicator IE not supported in DISCONNECT messages
    •Timers T310 and T313 are disabled
    •Sending Complete IE not supported
    •NOTIFY messages are not supported. 
    						
    							Japan TTC Q931-a Private Networking Protocols B  Private Networking
    Administration for Network Connectivity
    CID: 77730 555-233-504 — Issue 1 — April 2000
    402
    Setting Up TTC Q931-a
    Complete the following steps to set up TTC connections.
    Begin
    Steps
    1  
    Verify that you have the appropriate DEFINITY circuit pack for integration 
    2  Enter “change system-parameters customer-options” on the command line of 
    your system administration screen.
    3  On page 1, verify that the G3 Version field is V8 or later
    4  On page 2, verify that ISDN-PRI field is y.
    5  Administer the TTC DS-1 circuit pack. 
    Check for the following field entries:
    ~Connect field — pbx
    ~Interface — peer-master or peer-slave
    ~Peer Protocol — TTC
    ~D-channel: (This item must match between the local and receiving switches)
    ~Channel Numbering — sequential or timeslot  (This item must match between 
    the local and receiving switches)
    6  Administer or check the TTC ISDN trunk group(s) associated with the DS1 
    circuit pack.
    Check for the following field entries on page 1 of the Trunk Group screen:
    ~Group type: isdn
    ~Supplementary Service protocol — a
    ~Outgoing Display? y
    Check for the following field entries On page 2
    ~Disconnect Supervision — y
    ~Numbering format — public, private, unknown, unk-pvt
    ~Send Called/Busy/Connected Number — y
    ~Sending Calling Number — y
    ~Send Name — n
    End 
    						
    							403Administration for Network Connectivity555-233-504 — Issue 1 — April 2000  CID: 77730
    C    Security Issues
    This Appendix briefly discusses issues related to system security for DEFINITY ECS in a TCP/IP 
    network environment.
    Network Security Issues
    This section describes a strategy to ensure the security of an intranet that is connected to DEFINITY 
    ECS R7 or later systems. 
    Overview
    The TCP/IP connectivity available with Release 7 and later of DEFINITY 
    ECS makes it possible to connect one or more DEFINITY ECS systems in a 
    network that includes connections to a company’s existing data network 
    (LAN or intranet). This integration of networks introduces the possibility of 
    unauthorized access  — to the DEFINITY network through the LAN/intranet 
    and to the LAN/intranet through the DEFINITY network.
    Security concerns
    Security can mean many different things. The strategy described here focuses 
    on three key concerns from a customer perspective:
    1  How can a customer network be protected from unauthorized outside access 
    through a DEFINITY ECS? That is, how can a hacker be prevented from dialing 
    into a DEFINITY ECS and getting on the customer LAN?
    2  How can a customer network be protected from unauthorized access by Lucent 
    services personnel?
    3  How can a DEFINITY ECS be protected from unauthorized access through the 
    customer LAN?
    Security solutions
    The first and most important line of defense in any security strategy is access 
    control. Damage to the network or theft of proprietary information by hackers 
    can be prevented by completely denying access to unauthorized users.
    Access control can be provided by three means:
    •network topology
    •network administration
    •authentication  
    						
    							Network Security Issues C  Security Issues
    Administration for Network Connectivity
    CID: 77730 555-233-504 — Issue 1 — April 2000
    404
    A second line of defense can be thought of as damage control — how to limit the 
    amount of damage that can be done if someone does gain unauthorized access to the 
    system? Damage control can be provided by application restrictions.
    Each of these control methods is described below.
    Access control — 
    network topologyNetwork topology refers to how the DEFINITY ECS network is connected to the 
    customers network.
    Private network
    One option to restrict access is to make sure that the DEFINITY ECS network is not 
    connected to any other network; that is, the DEFINITY ECS network is private. This 
    topology clearly solves all three access security concerns mentioned above. However, 
    a private network is not an option for all customers.
    Private segment
    Another topology is to put the DEFINITY ECS network on a private segment, behind 
    a router or a firewall. This approach can also solve all three concerns above by 
    implementing packet filtering in the router/firewall such that only legitimate traffic 
    can pass through.
    Open network
    One other topology that may be chosen is a completely open network, where 
    DEFINITY ECS nodes are placed on the customer network just like any other piece 
    of data networking equipment. An open network topology addresses none of the three 
    security concerns above, and other methods of access control must be used for these 
    installations.
    Access control — 
    network administrationNetwork administration refers to how a DEFINITY ECS (specifically, the C-LAN 
    circuit pack) is administered in terms of dial-up PPP ports and routing information. A 
    carefully administered system has only dialup ports in service for DCS and adjunct 
    sessions that will be established at boot time. This means that normally there will not 
    be any ports available for a hacker to dial into. Additionally, the C-LAN circuit pack 
    should be administered only with routes specific to the DCS and adjunct nodes. This 
    ensures that anyone getting into a DEFINITY ECS can only get to other DCS or 
    adjunct nodes, not anywhere else on the customer network. Careful administration 
    will address concerns #1 and #2 above.
    Note that no new access to the system access terminal (SAT), such as network-based 
    SAT, is introduced in Release 7. As in earlier releases of DEFINITY ECS, all port 
    and route administration can be done only via the SAT, and all changes are logged.
    Access control — 
    authenticationAuthentication also plays a role in providing access control to dial-up PPP ports. All 
    of these ports can be protected by Challenge Handshake Authentication Protocol 
    (CHAP). This provides an extra level of assurance that no unauthorized user will be 
    able to connect to a PPP port on C-LAN. 
    						
    							Network Security Issues 
    405
    Administration for Network Connectivity
    555-233-504— Issue 1 — April 2000 CID: 77730
    C  Security Issues
    Damage control — 
    application restrictionsRelease 7 provides damage control by what can be termed application restrictions. 
    This simply means that DEFINITY ECS R7 has been designed to support only 
    specific applications; that is, DCS and adjuncts. Other applications that could present 
    security risks have been deliberately disabled. Specifically, there is no support for 
    telnet or rlogin into or out of a DEFINITY ECS, making it difficult for anyone to 
    maneuver between the DEFINITY ECS network and the customer network. 
    Additionally, because of the application restrictions, little damage can be done by 
    someone attempting to hack into a DEFINITY ECS from the customer network 
    (concern #3). It would be very difficult, via the network, to modify administration or 
    perpetrate toll fraud. At worst, a hacker could cause a temporary interruption of DCS, 
    CMS, or Intuity connections.
    In SummaryAll three security concerns presented above can be addressed by a combination of one 
    or more of the security methods described here. Probably the two most important 
    methods to prevent unauthorized access to a network are:
    1  Choose a network topology for the DEFINITY ECS network that satisfies 
    security needs. 
    2  Carefully administer the DEFINITY ECS network to minimize the possibility of 
    the LAN or intranet being accessed by unauthorized personnel. 
    						
    							Network Security Issues C  Security Issues
    Administration for Network Connectivity
    CID: 77730 555-233-504 — Issue 1 — April 2000
    406 
    						
    							407Administration for Network Connectivity555-233-504 — Issue 1 — April 2000  CID: 77730
    D  Capacities and Performance
    This Appendix discusses issues related system capacities and performance for DEFINITY ECS in 
    an IP network environment. It provides a method of estimating the number of C_LAN and 
    MedPro circuit packs that are needed to support various levels of traffic.
    This appendix provides performance and traffic configuration guidelines for the C-LAN (TN799B) and the 
    MedPro (TN802B) circuit packs. It assumes DEFINITY switch connections in which both signaling and voice 
    data are carried over a LAN or WAN using TCP/IP.
    Capacities and Resource Requirements
    The following table gives capacity limits for IP connections for DEFINITY ECS and 
    the IP Interface circuit packs. 
    For DEFINITY Capacity Limits
    Number of network regions
    £10
    Number of C-LAN circuit packs
    £10
    Number of MedPro circuit packs
    £46 for the r 
    13 for the si and csi
    Number of simultaneous 
    TCP/UDP connections per C-LAN
    £508 
    Number of audio streams per 
    TN802B
    £22 using G.723.1 or G.729A codecs
    31 using G.711 codec 
    						
    							 D  Capacities and Performance
    Administration for Network Connectivity
    CID: 77730 555-233-504 — Issue 1 — April 2000
    408
    The following table gives the number of sockets (connections) needed for IP 
    softphones and H.323 trunks.
    As a worst-case example of these limits, assume 1000 active H.323 endpoints, each 
    requiring 3 C-LAN connections and G.723 codec processing. This configuration 
    would require 3x1000/508 = 6 C-LANS and 1000/22 = 46 MedPros.
    For C-LANNumber of Sockets Required
    Number of sockets per 
    road-warrior application
    (The H.323 sockets are held up 
    while registered if the endpoint is 
    administered as a Permanent user or 
    while the call is active if administered 
    as an As Needed user
    )
    =3 (1 DCP + 2 H.323)
    2 (1 DCP + 1 H.323 with tunneling)
    Number of sockets per 
    telecommuter application
    =1 (while registered)
    Number of sockets per Native 
    Mode station
    =1 per call with tunneling
    2 per call without tunneling
    Number of sockets per H.323 Tie 
    trunk 
    (the numbers depend on whether 
    signaling groups are shared by trunks 
    and whether tunneling is used
    )
    =sharing & tunneling: 1 /sig grp (default)
    sharing, no tunneling: 1 /sig grp + 1/call
    no sharing, tunneling: 1 /call
    no sharing, no tunneling: 2 /call
    Number of sockets per H.323 
    DID trunk
    =2 (while on call) 
    						
    							 
    409
    Administration for Network Connectivity
    555-233-504— Issue 1 — April 2000 CID: 77730
    D  Capacities and Performance
    Performance
    OverviewThis section presents methods for estimating:
    •the impact on the processor
    •the impact on the TDM bus
    •the number of C-LAN boards
    •the number of MedPro boards
    Given assumptions about:
    •the number of H.323 endpoints:
    ~# of road-warrior applications
    ~# of telecommuter applications
    ~# of native H.323 phones
    ~# of H.323 Tie trunks
    ~# of H.323 DID trunks
    •average number of C-LAN connections per H.323 endpoint
    •number of audio streams per DSP
    •grade of service (GOS)
    •average call holding times
    Definitions Offered Load.  The telephone traffic arriving at a system for processing. The offered 
    load is equal to or greater than the carried load.
    Carried Load .  The telephone traffic actually processed by a system. The carried 
    load is equal to or less than the offered load.
    Endpoint Carried Load.  The average number of IP Softphones + H.323 trunks on 
    active calls to the DEFINITY system.
    Socket Carried Load.  The average number of active C-LAN connections between 
    the local DEFINITY system and the IP Softphones + H.323 trunk-connected remote 
    DEFINITY systems.
    Socket.  A software data structure associated with a connection between the C-LAN 
    board and an endpoint.
    Grade of Service (GOS).  If the call load offered to a system can exceed its 
    maximum capacity, there is a probability that some calls will be blocked. The GOS is 
    a specification of the probability that one or more calls will be blocked. The 
    probability is expressed in the form, P0...0X. For example, a GOS of P01 specifies 
    that, in the long run, calls will be block 1% of the time; P0001 specifies that calls will 
    be blocked 1/100th of 1% of the time.
    Full Availability.  The capacity is sized to the carried load. 
    						
    							 D  Capacities and Performance
    Administration for Network Connectivity
    CID: 77730 555-233-504 — Issue 1 — April 2000
    410
    Erlang.  The Erlang is a unit of measure of the intensity of telephone traffic. It 
    measures the average utilization of a set of system resources during a given time 
    period. For example, if a server (trunk) is busy for 30 seconds over a measurement 
    period of 2 minutes, the traffic intensity for that measurement period is 0.25 
    (30sec/120sec) Erlangs. An intensity of one Erlang represents the full utilization of 
    one call server, or an average of 1/n
    th utilization of n servers, over the measurement 
    time period. Since the Erlang is time divided by time, it is a dimensionless unit.
    The maximum capacity of one trunk is one Erlang and the maximum capacity of a 
    group of trunks is equal to the number of trunks in Erlangs. For example, the 
    maximum capacity of a group of 30 trunks is 30 Erlangs. If, during a given hour the 
    utilization of the trunk group was 10 Erlangs, on average 10 trunks were busy. This 
    could have happened for 10 one-hour calls (unlikely) or 600 one-minute calls, or any 
    combination of calls and durations that result in 36,000 call-seconds.
    Another measure of traffic intensity is the CCS, or hundred (century) call-seconds per 
    hour. Since one Erlang is equal to 3600 call-seconds per hour, one Erlang is equal to 
    36 CCS per hour. 
    Erlang B.  The probability distribution used to estimate the number of trunks needed 
    to carry a given amount of traffic for a “loss system.” It assumes that when a call 
    arriving at random finds all trunks busy, it vanishes and doesn’t return (“lost calls 
    cleared”). 
    Erlang C.  The probability distribution used to estimate the number of trunks needed 
    to carry a given amount of traffic for a “delay system.” It assumes that all calls will 
    wait indefinitely to get through.
    Processor performanceThe number of thousands busy-hour calls (KBHC) can be estimated as a function of 
    the processor occupancy estimate (POE) and the time per call (T), in milliseconds, as 
    follows:
    KBHC 
    £ 36*POE / T
    The following table gives the estimated BHC capacity for the G3r and G3si models 
    given various values of POE and T. 
    TDM bus performanceThe impact of H.323 voice-only calls on the TDM bus is the same as for circuit 
    switch voice calls.G3r G3si
    T(ms)POE = 
    57%POE = 
    65%T(ms)POE = 
    52%POE = 
    60%
    100 20,500 23,400 200 9,400 10,800
    150 13,700 15,600 300 6,200 7,200
    200 10,300 11,700 400 4,700 5,400 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies DEFINITY Enterprise Communications Server Release 8.2 Administration For Network Connectivity Manual