Installation and configuration manual - Alcatel-Lucent Eye-box Support

Extended Communication
Server
Installation & Configuration
Manual
Release 4.2
April 2010
Alcatel-Lucent Office Communication Solutions
All Rights Reserved © Alcatel-Lucent 2010

Legal notice:
Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of
Alcatel-Lucent. All other trademarks are the property of their respective
owners.
The information presented is subject to change without notice.
Alcatel-Lucent assumes no responsibility for inaccuracies contained herein.
Copyright © 2010 Alcatel-Lucent. All rights reserved.
The CE mark indicates that this product conforms to the following Council
Directives:
- 2004/108/EC (concerning electro-magnetic compatibility)
- 2006/95/EC (concerning electrical safety)
- 1999/5/EC (R&TTE)

Chapter 1
Overview
Scope of this Document ...................................................................... 1.1
Product Overview ................................................................................... 1.1
Hardware Description ........................................................................... 1.2
User Profiles and Graphical Interfaces .......................................... 1.3
Graphical Administration Interface ............................................................ 1.4
Virtual Desktop ............................................................................................ 1.5
Introduction to Installation and Configuration ............................ 1.6
Before Installation .................................................................................. 1.7
Chapter 2
Installing and Starting Up
Introduction .............................................................................................. 2.1
Starting Up with a Direct Access ...................................................... 2.1
Starting Up from a Local PC ............................................................... 2.2
Administration Interface Limited Access ...................................... 2.4
0-1

Chapter 3
Unlocking the Software Pack
Principles .................................................................................................. 3.1
How to Unlock the Software Pack .................................................... 3.1
Chapter 4
Network Configuration
Principles .................................................................................................. 4.1
General Network Parameters ............................................................. 4.2
Network Connections ........................................................................... 4.3
General Points on Network Connection Configuration ........................... 4.3
WAN ADSL PPPoE Connection .................................................................. 4.4
LAN Ethernet Connection ........................................................................... 4.5
Ethernet Bridge Connection ....................................................................... 4.6
Ethernet LAN DMZ Connection .................................................................. 4.7
Ethernet LAN Alias Connection ................................................................. 4.8
DHCP Service .......................................................................................... 4.9
Global Configuration ................................................................................... 4.9
Machines Declared .....................................................................................4.10
DHCP Leases ..............................................................................................4.10
Remote Proxy .........................................................................................4.10
Chapter 5
Registration, Activation and Updates
0-2

General Points ......................................................................................... 5.1
Registering and Generating the Activation Key .......................... 5.1
Activating the License .......................................................................... 5.2
Software Updates ................................................................................... 5.4
Chapter 6
User Management
General Points ......................................................................................... 6.1
ECS Directory Management ............................................................... 6.2
User Groups and User Accounts ............................................................... 6.2
User Privileges ............................................................................................. 6.3
External Directory Synchronization ................................................ 6.4
Synchronization Overview .......................................................................... 6.4
Configuration ............................................................................................... 6.5
User Connection .........................................................................................6.10
LOGS ...........................................................................................................6.11
Chapter 7
Security Management
Overview .................................................................................................... 7.1
Firewall Management ............................................................................ 7.1
General Points ............................................................................................. 7.1
Firewall Advanced Settings ........................................................................ 7.3
Proxy Server Management .................................................................. 7.6
Proxy Services ............................................................................................. 7.6
Activating the Proxy Cache Service .......................................................... 7.7
Web Access Control .................................................................................... 7.7
Web Filtering ................................................................................................ 7.8
0-3

Client Configuration ...................................................................................7.10
Proxy Cache Statistics ...............................................................................7.11
Certificates Management ....................................................................7.11
Overview ......................................................................................................7.11
Creating a User Certificate ........................................................................7.12
Using a Certificate ......................................................................................7.13
Enabling Automatic Regeneration of Certificates ...................................7.14
Chapter 8
Voice and Data Convergence
General Points ......................................................................................... 8.1
Activating Voice and Data Convergence ....................................... 8.2
Retrieving information .......................................................................... 8.3
Chapter 9
Messaging Management
General Points ......................................................................................... 9.1
Internal Messaging ................................................................................ 9.1
Extending the Service to the Internet ............................................. 9.1
Configuring for a Fat Mail Client ....................................................... 9.3
Additional settings ................................................................................. 9.3
Domain names ............................................................................................. 9.3
Anti-relay / Relay Authorisation ................................................................. 9.5
Remote Email Service ................................................................................. 9.6
Mail Filtering ................................................................................................ 9.6
0-4

Chapter 10
Instant Messaging
Overview ...................................................................................................10.1
Server Configuration ............................................................................10.1
Configuration Overview .............................................................................10.1
Generic Parameters ....................................................................................10.1
Options ........................................................................................................10.1
Web Gateway ..............................................................................................10.2
Gateways .....................................................................................................10.4
Instant Messaging Status ..........................................................................10.4
User Configuration ...............................................................................10.4
DNS Configuration ................................................................................10.5
Configuration Example with Heavy Clients .................................10.5
Inside the Same Domain and Same LAN ..................................................10.5
Inside the Same Domain with Different Networks ...................................10.6
Different Domains and Different Networks ..............................................10.7
Different Domains and the Same Networks .............................................10.8
Chapter 11
Fax Server Management
Overview ...................................................................................................11.1
Configuration ..........................................................................................11.1
OmniPCX Office Configuration .................................................................11.1
Fax Call Routing (or Fax Call Switching) .................................................11.6
Extended Communication Server Fax Server Configuration ............... 11.13
Compatibility with VoIP – SIP Service ......................................... 11.17
Configuration 1 ......................................................................................... 11.17
0-5

Configuration 2 ......................................................................................... 11.18
Configuration 3 ......................................................................................... 11.18
Extended Communication Server Fax Server Integration in a
Microsoft® Exchange® Environment .......................................... 11.18
Company Environment Parameters ........................................................ 11.19
Exchange® Configuration ....................................................................... 11.20
Chapter 12
Web Hosting
Site Hosting Overview .........................................................................12.1
Configuring the Hosting Service .....................................................12.2
Specifying the Webmaster .........................................................................12.2
Creating the Site .........................................................................................12.3
Associating a Database with the Site .......................................................12.4
Name Resolution ........................................................................................12.5
Loading the Site into the Server ......................................................12.7
Loading by FTP ...........................................................................................12.7
Using Microsoft Network Neighborhood ..................................................12.7
Reverse Proxy Configuration ...........................................................12.7
Limits and Restrictions .......................................................................12.8
Chapter 13
SIP Telephony over the Internet
Introduction .............................................................................................13.1
Basic Configuration for SIP Telephony over the Internet .......13.2
Prerequisites ...............................................................................................13.2
Activating SIP Telephony over the Internet .............................................13.2
Configuring User Access Rights ..............................................................13.3
0-6

Configuration For Interoperability With OmniPCX Office .......13.4
Prerequisites ...............................................................................................13.4
Configuring Interoperability with OmniPCX Office .................................13.4
Adding a Click to Call Button on a Web Site ...............................13.5
Prerequisites ...............................................................................................13.5
Obtaining the Identification Key ...............................................................13.5
Adding the Click to Call Button to the Web Site ......................................13.6
Chapter 14
Push Mobile
Overview ...................................................................................................14.1
Prerequisite .............................................................................................14.1
Activating the Push Mobile Service ................................................14.1
Configuring the Push Mobile Service ............................................14.2
Configuring User Access to Push Mobile Service ....................14.2
Technical Architecture ........................................................................14.2
Push Mobile SYNCML Service ..........................................................14.3
General Description ...................................................................................14.3
Technical Architecture ...............................................................................14.4
Syncml Parameters ....................................................................................14.4
List of Synchronized Parameters ..............................................................14.4
LOGS .........................................................................................................14.5
Chapter 15
Backup and Restore
Functional Description ........................................................................15.1
Overview ......................................................................................................15.1
Hardware Compatibility .............................................................................15.1
0-7

Software Compatibility ...............................................................................15.1
Saved and Restored Elements ..................................................................15.1
Backup ......................................................................................................15.2
Restore ......................................................................................................15.3
Restrictions .............................................................................................15.4
Software ......................................................................................................15.4
Hardware .....................................................................................................15.4
Chapter 16
Appendixes
How to Quote ..........................................................................................16.1
How to Order ...........................................................................................16.1
Chapter 17
Migration from Release 4.1 to Release 4.2
Migration to R4.2 ...................................................................................17.1
Rollback ....................................................................................................17.1
0-8

1
1.1 Scope of this Document
The Extended Communication Server includes a user-friendly administration
graphical-interface the administrator can access using a Web browser. This graphical interface
provides a comprehensive online help, which is enough for common administration operations.
This document intends to guide the administrator through the first installation and configuration
steps, so that he is able to insert the server in the customer network and allow the end-users
to communicate. The administrator will later explore by himself the numerous available
features and settings the Extended Communication Server provides, referring to the online
help for information when needed.
1.2 Product Overview
Extended Communication Server is a powerful collaboration and mobility solution for small and
medium-sized enterprises (SMEs) including:
- a set of collaboration tools to share information efficiently within a team, a group, a project,
or the company
- a mobile, secure and easy access to all enterprise collaboration tools
- a unified communication solution integrated with OmniPCX Office
- a secure Web management and an easy deployment
- a full set of information technology (IT) servers
- a Web hosting server
Extended Communication Server is a key component of Office Communication Solutions.
1-1

Chapter 1
1.3 Hardware Description
Figure 1.1: Position in Office Communication Solutions
The Extended Communication Server hardware platform is available in two editions:
- The Compact edition is a desktop server, also rack-mountable, designed for small
companies with up to 25 users.
- The Premium edition is a rack shelf platform designed for medium enterprises with from
25 to 200 users.
Both Extended Communication Server editions are managed in the same way. Unless
explicitly specified, all information and procedures included in this document apply to both
Compact edition and Premium edition.
1-2

Figure 1.2: Hardware Platforms
The following table lists Compact and Premium edition platform characteristics.
table 1.1: Hardware Platform Characteristics
Compact Edition Premium Edition
- Via C3 1.5 GHz processor
- 512 Mb RAM
- 160 Gb 7200 hard disk drive
- 3 RJ-45 10/100 Mbps Ethernet
interfaces
- 1 PCI port (*)
- 1 console port
- 1 VGA port
- 1 printer port
1.4 User Profiles and Graphical Interfaces
- Processor Intel® Core 2 Duo E6320
- Chipset Intel E3000 (Mukilteo-2)
- 2 Gb DDR2-667 SDRAM
- 3x HDD 250 / 500 Gb Hot-swap SATA-2
- 3x network Gigabytes Interfaces (RJ-45)
- Graphical Function ATI ES 1000
- DVD_ROM slimline
- 2x Front USB 2.0 Ports
- 1 Serial COM Port
- Alim. 300 Watt
The Extended Communication Server accepts three kinds of users:
- One administrator, who manages the user accounts and controls and monitors all
resources and features, such as network architecture, security measures, e-mail facilities,
Web access, etc. Administration is done using a graphical administration interface.
- A number of users, who manage their own accounts and benefit from available services
through a graphical user interface called the Virtual Desktop. Users can also access these
services from the Mobile Virtual Desktop using mobile terminals such as PDA (Personal
Digital Assistant).
1-3

Chapter 1
- Some delegated administrators, who are users that have a limited set of administration
rights. A delegated administrator can access both the Virtual Desktop and the graphical
administration interface limited to some menus.
The administrator and the users access the graphical administration interface or the Virtual
desktop in the same way, using a Web browser. When the user logs on, the Extended
Communication Server serves whether the graphical administration interface or the Virtual
Desktop according to the user identity and password that have been typed in. A delegated
administrator can swap from the Virtual Desktop to the graphical administration interface, or
vice versa, by the means of graphical buttons only available to delegated-administrator profile
users.
Note:
The administrator is not exactly a user as he is not registered in the user database. The administrator
must create a user account for himself if he needs to access the Virtual Desktop.
1.4.1 Graphical Administration Interface
The graphical administration interface access is via a secured connection (https) using any
standard Web browser (Internet Explorer, Mozilla Firefox, Netscape Navigator...). The
administrator accesses this interface from the local network or remotely, over the Internet. As
an alternative, he can display the administration interface on a screen connected directly on
the server, together with a keyboard and a mouse.
The administration interface is an easy-to-use tool providing four main menus to manage the
Extended Communication Server, the services, the end-users, and control and monitor the
traffic.
1-4

Figure 1.3: Graphical Administration Interface
All menus provide a set of submenus, which the administrator access from the left-hand panel
or by clicking corresponding icons. According to his own preference, the administrator can
minimize the left hand panel for accessing the submenus through icons only.
The administration interface provides a permanent help button ( ) the administrator can click
whatever menu or submenu is displayed. This opens a pop-up window, which provides a
useful contextual online help. Each help page is printable.
Figure 1.4: Contextual Online Help Example
Using the intuitive administration interface together with the online help, the administrator can
explore the number of available features and services the Extended Communication Server
provides.
1.4.2 Virtual Desktop
A user Connects to the Virtual Desktop in the same way the administrator connects to the
administration interface except that the name and password are those of a standard user.
1-5

Chapter 1
When the Virtual Desktop session is open, the user can manage his services: Web mails,
calendar, contacts, favorite sites, and so on.
Figure 1.5: View of the Virtual Desktop
The Virtual Desktop consists of a set of intuitive interface controls to manage the services and
a comprehensive online help to obtain information when needed.
1.5 Introduction to Installation and Configuration
This document introduces the first steps an administrator is recommended to follow when
installing the Extended Communication Server in the customer premises and configuring the
network and services.
These steps are further detailed in next chapters.
table 1.2: Installation and Configuration First-steps Summary
Recommended
order
Steps Objectives
Step 1 Installing and starting-up Start up the server and access the graphical
administration interface
Step 2 Unlocking the software pack Unlock the software pack and access all
administration interface menus
Step 3 Network configuration Insert the server in the customer network
and access the Web
1-6

Recommended
order
Steps Objectives
Step 4 Registration, software activation
and updates
Access the technical support, activate the
full license and benefit from the last software
packss
Step 5 User management Create user accounts and manage user
rights
Step 6 Security management Control outgoing and incoming flows of
traffic
Step 8 Voice and data convergence Associate user accounts with phoning facilities
Step 9 Messaging management Allow users to send and receive messages
within the LAN and over the Internet
Additional chapters describe useful functionalities that can be implemented later.
1.6 Before Installation
First of all, we recommend you to read this document and examine the customer needs
thoroughly.
You should then prepare the Extended Communication Server installation considering the
following topics:
- Network architecture:
• LAN
• DMZ (Demilitarized Zone)
• Internet Access
- IP addressing plan, including:
• Local machines that need static addresses
• Dynamic assignment planning
- Information from the ISP (Internet Service Provider), such as IP addresses of the DNS
servers.
- Public domain name
- User management, including:
• User groups
• User accounts
• User access rights to services
• Delegated administrators, if any
- Security policy, including firewall and proxy management
1-7

Chapter 1
1-8

2
After reading this chapter, you will be able to start up the Extended Communication Server and
access the graphical administration interface.
2.1 Introduction
Two modes are provided for accessing the administration interface for the first time:
- A direct access, the server being equipped with a screen, a keyboard and a mouse
- From a local PC connected to the server
Figure 2.1: Using a Direct Access or a Local PC
2.2 Starting Up with a Direct Access
To start up and access the Extended Communication Server administration interface with a
direct access
1. Unpack the server.
2. Connect the power cable.
3. Connect a screen, a keyboard and a mouse to the server.
The server has one VGA port for connecting the screen, and PS/2 ports or USB ports for
connecting a keyboard and a mouse.
4. Switch on the server.
2-1

Chapter 2
The Linux Kernel starts up.
5. At the login prompt:
• Type the default identifier: superadmin
• Type the default password: %rV&A1uc
• Click OK
The integrated Web browser starts up.
6. A message warns you that you are about to enter a secured session. Click yes to continue.
7. A login dialog box is displayed:
• Type the default identifier: superadmin
• Type the default password: %rV&A1uc
• Click OK
You have now access to the administration interface.
2.3 Starting Up from a Local PC
To start up the Extended Communication Server from a local PC
1. Unpack the server.
2. Connect the power cable.
3. Switch on the server.
4. Using an Ethernet crossover cable, connect the local PC to the LAN1 (eth0) Ethernet
interface of the server.
Note 1:
If the PC Ethernet port is "autosensing", an Ethernet straight cable can also be used.
Note 2:
Both Compact and Premium edition platforms have three Ethernet interfaces. Looking at the back
panel, the LAN1 Ethernet port (eth0) is the left-most Ethernet port.
2-2

Figure 2.3: Ethernet Port Locations
5. Check that the PC network settings are compatible with the server default settings.
The server default network settings are:
• IP address: 192.168.92.1
• Network mask: 255.255.255.0
• Dynamic Host Configuration Protocol (DHCP) is not activated
Any address from 192.168.92.2 to 192.168.92.254 is then suitable.
6. Using a standard Web browser, type https://192.168.92.1
7. A message warns you that you are about to enter a secured session. Click yes to continue.
8. A login dialog box is displayed:
2-3

Chapter 2
• Type the default identifier: superadmin
• Type the default password: %rV&A1uc
• Click OK
You have now access to the administration interface.
2.4 Administration Interface Limited Access
The first time you starts up the Extended Communication Server and enters an administration
session, most of menus are not accessible to you because the software pack is locked.
A useful Quick Start Guide displayed on the left-hand side guides you through the very first
steps of the server configuration, such as selecting the language and unlocking the software
pack by entering the product license (also described in next chapters). You can use the Quick
Start Guide in combination with this document. The Quick Start Guide ban be closed if needed
and reopened later using the question mark icon located in the top banner of the left-hand
panel.
Figure 2.5: The Quick Start Guide
2-4

3
After reading this chapter, you will be able to unlock the administration-interface software pack.
You will then have a full access to the administration menus.
3.1 Principles
The full license activation consists of two steps:
1. Software pack unlocking. This is the aim of this chapter. When this task is completed,
the software pack is unlocked for 31 days. During this limited period of time, also called the
trial period, all features and services are available.
2. License activation. You can perform this task immediately after software pack unlocking
or later, within the 31-day trial period.
. It is easier to perform this task after the Internet access has been installed. The license
can be then activated online, by a simple click. Otherwise, the license activation key must
be entered manually. After license has been activated, all features and services remain
available for an unlimited duration.
3.2 How to Unlock the Software Pack
To unlock the software pack:
1. You first need to obtain the software key (also called licence number) that corresponds to
the product. You can retrieve the software key on the Alcatel-Lucent Business Partner
Web site (http://www.businesspartner.alcatel-lucent.com/), accessing the following page:
ONLINE SERVICES > eBuy > e-Licenses Services > My ECS Keys
2. Once you have obtained the software key, open the administration interface and select the
Appliance management > Licences & Releases > Packs & licences menu.
3. Select the New pack tab.
4. In the Activation Key or Licence number field, enter the software key.
5. Click OK.
3-1

Chapter 3
After the software pack has been unlocked, the panel foot displays information about the
licence including the number of days that are remaining before the trial period will end.
Remember that you will have to activate the product license within this trial period.
Figure 3.2: After the Software Pack Has Been Unlocked
3-2

4
After reading this chapter, you will be able to insert the Extended Communication Server in the
customer network and access the Internet from the administration interface.
4.1 Principles
The three network interfaces and the comprehensive set of available configuration parameters
the Extended Communication Server provides allow you to insert it in any network
architecture.
However, this document does not intend to consider all possible architectures. It aims at
explaining you the basics, while giving you some useful examples corresponding to most usual
situations.
Below is an example of the way a Extended Communication Server can be inserted in a
standard network topology:
- The LAN (Local Area Network) is connected to interface eth0 (LAN1).
- The Internet access is connected to interface eth1.
- The DMZ (Demilitarized Zone) is connected to interface eth2. A DMZ is a LAN subnetwork
that contains the external services accessible from the Internet, such as a Web server or
an FTP server. Using a DMZ for external services, facilitates the security management.
Figure 4.1: A Standard Network Topology
This chapter details the main Service management > Network service management
submenus you should deal with in the following order:
4-1

Chapter 4
1. General Network Parameters
2. Network connections. After you have configured the network connections, you can
access the Internet from the administration Interface (unless a remote proxy controls the
Internet access, see the note below).
3. DHCP. After you have activated the DHCP (Dynamic Host Configuration Protocol) service,
you can access the administration interface and the Virtual Desktop from any workstation
located in the LAN. As an alternative, it is possible to assign a static IP address to each
machine of the LAN.
Note:
An additional section deals with the Remote proxy submenu. Follow this section instructions if a remote
proxy controls the Internet access (usually, in large companies only).
4.2 General Network Parameters
To set the general network parameters:
1. Select the Service management > Network service management > General Network
Parameters menu.
The general network parameter form is displayed.
2. In the Appliance host name field, enter the server name that will identify the server in the
network. Any name can be used.
3. In the Appliance domain name field, enter the name of the domain the server belongs to,
such as "mycompany.com".
Important:
The domain name is later used in many other settings, such as email addresses.
4. If the WAN access address is dynamically assigned or if it is a PPPoE connection, the first
and second name resolution servers are assigned automatically.
Else assign them manually:
• In the First name resolution server field, enter the DNS (Domain Name System)
server address provided by the ISP (Internet Service Provider).
• In the Second name resolution server field, enter the second DNS server address
provided by the ISP. The second DNS server address is optional.
5. Click OK.
4-2

4.3 Network Connections
Figure 4.2: Setting the General Network Parameters
4.3.1 General Points on Network Connection Configuration
4.3.1.1 Network Interfaces
Both Compact and Premium edition servers have three network interfaces. Depending on the
server edition and version, network interfaces may be labelled or not on the back panel.
Anyway, we call in this document LAN1 the Ethernet interface eth0, which corresponds to the
left-most back-panel RJ-45 port. LAN1 is the eth0 default name.
All three interfaces can equally be used for any network connection.
At the first start, only interface LAN1 exists by default, as an Ethernet LAN connection. You
cannot delete this connection or modify its type, but you can modify all other settings.
4.3.1.2 Network Connection Types
When creating a new network connection, you must select its type among one of the five
following options:
- WAN ADSL PPPoE
- Ethernet LAN
- Ethernet Bridge
- Ethernet LAN DMZ
- Ethernet LAN Alias
These five options are further described in next sections.
4.3.1.3 Network Connection List
To access the connection list select the Service management > Network service
4-3

Chapter 4
management > Network connections menu.
A list of existing connections is displayed.
From this list you can:
- create a new connection by clicking the Add button
- configure an existing connection by clicking the modification button
4.3.2 WAN ADSL PPPoE Connection
A WAN ADSL PPPoE connection marks the border between the private and the public area.
In example below, the Internet is accessed via an external ADSL modem. The eth1 IP address
is public.
Figure 4.4: WAN ADSL PPPoE Connection on eth1
To create or configure an WAN ADSL PPPoE connection:
1. Select the Service management > Network service management > Network
4-4

connections menu. This opens the connection list.
2. If you are creating a new connection:
a. Click Add.
b. Select the WAN ADSL PPPoE option
c. Click OK.
Otherwise, if you are modifying an existing WAN ADSL PPPoE connection:
a. Select the WAN ADSL PPPoE connection in the list.
b. Click the modification button .
3. In the displayed form, enter the connection name. You can give any name that clearly
identifies the connection.
4. The WAN connection can be dynamically configured by the ISP.
If it is not configured automatically:
a. Enter the PPPoE settings given by the ISP (connection identifier, connection password
and confirmation).
b. Select whether the DNS server addresses provided by the ISP should be used
(recommended).
5. Select the Ethernet interface (eth1/eth2 if available).
6. Activate the interface by selecting Yes.
7. Validate the settings by clicking OK.
4.3.3 LAN Ethernet Connection
Within the private area, network interfaces must have the LAN Ethernet connection type. In
figure below and considering the Internet access, the interface eth0 IP address is private while
the router IP address is public. The LAN1 interface is also a LAN Ethernet connection
Figure 4.5: Ethernet LAN Connections on eth0 and eth1
To create or configure an Ethernet LAN connection:
4-5

Chapter 4
1. Select the Service management > Network service management > Network
connections menu. This opens the connection list.
2. If you are creating a new connection:
a. Click Add.
b. Select the Ethernet LAN option
c. Click OK.
Otherwise, if you are modifying an existing Ethernet LAN connection:
a. Select the Ethernet LAN connection in the list.
b. Click the modification button .
3. In the displayed form, enter the connection name. You can give any name that clearly
identifies the connection.
4. Select whether the network connection IP address is static or assigned by a DHCP server.
If the network connection IP address is assigned by an external DHCP server, skip next
step.
5. Enter the network connection settings:
• Network connection IP address.
• Network mask or equivalent prefix.
• If there is an external gateway (case of a default gateway to the Internet only), enter
the gateway address.
Note:
This field does not concern a router used to access an internal subnetwork. If there is no external
gateway, let the gateway field empty.
6. If several network interfaces are available, select the Ethernet interface (ethx). This field is
read-only in all other cases.
7. Activate the interface by selecting Yes.
8. Validate the settings by clicking OK.
4.3.4 Ethernet Bridge Connection
This option creates an Ethernet bridge between two interfaces or more. This merges related
interfaces in one subnetwork.
As an example, a Wi-Fi interface can be bridged on interface LAN1 so that the local network
extends to the Wi-Fi devices. (see figure below).
4-6

Figure 4.6: Bridge Connection of a Wi-Fi interface on LAN1
To create or configure an Ethernet bridge connection:
1. Select the Service management > Network service management > Network
connections menu. This opens the connection list.
2. If you are creating a new connection:
a. Click Add.
b. Select the Ethernet bridge option
c. Click OK.
Otherwise, if you are modifying an existing Ethernet bridge connection:
a. Select the Ethernet bridge connection in the list.
b. Click the modification button .
3. In the displayed form, enter the connection name. You can give any name that clearly
identifies the connection.
4. If the bridge does not concern LAN1, enter the Ethernet bridge IP settings.
Otherwise check the LAN1 checkbox. As a consequence, IP setting fields are
automatically filled in.
5. Select the interfaces that are involved in the Ethernet bridge.
6. Activate the interface by selecting Yes.
7. Validate the settings by clicking OK.
4.3.5 Ethernet LAN DMZ Connection
Use an "Ethernet LAN DMZ" connection to connect a local demilitarized-zone network, which
will be accessible from the Internet as shown in figure: A Standard Network Topology .
4-7

Chapter 4
To create or configure an Ethernet LAN DMZ connection:
1. Select the Service management > Network service management > Network
connections menu. This opens the connection list.
2. If you are creating a new connection:
a. Click Add.
b. Select the Ethernet LAN DMZ option
c. Click OK.
Otherwise, if you are modifying an existing Ethernet LAN DMZ connection:
a. Select the Ethernet LAN DMZ connection in the list.
b. Click the modification button .
3. In the displayed form, enter the connection name. You can give any name that clearly
identifies the connection.
4. Enter the network connection settings:
• Network connection IP address.
• Network mask or equivalent prefix.
• If there is an external gateway, enter the gateway address.
5. If several network interfaces are available, select the Ethernet interface (ethx). This field is
read-only in all other cases.
6. Activate the interface by selecting Yes.
7. Validate the settings by clicking OK.
4.3.6 Ethernet LAN Alias Connection
Use an "Ethernet LAN Alias" connection to create a virtual interface from an existing one. In
this way, you can assign different IP addresses to one physical network interface.
To create or configure an Ethernet LAN Alias connection:
1. Select the Service management > Network service management > Network
connections menu. This opens the connection list.
2. If you are creating a new connection:
a. Click Add.
b. Select the Ethernet LAN Alias option
c. Click OK.
Otherwise, if you are modifying an existing Ethernet LAN Alias connection:
a. Select the Ethernet LAN Alias connection in the list.
b. Click the modification button .
3. In the displayed form, enter the connection name. You can give any name that clearly
identifies the connection.
4. Enter the network connection settings:
• Network connection IP address.
• Network mask or equivalent prefix.
5. If several network interfaces are available, select the physical Ethernet interface (ethx).
This field is read-only otherwise.
4-8

6. Activate the interface by selecting Yes.
7. Validate the settings by clicking OK.
4.4 DHCP Service
If the DHCP service is activated on a given network interface, the Extended Communication
Server is the DHCP server for all the peripherals that belongs to the corresponding
subnetwork. In that case, the server assigns a dynamic IP address each time it detects a new
client peripheral, which avoids maintaining static addresses manually.
In example below, the DHCP service is activated on LAN1.
Figure 4.7: DHCP Service Activated on LAN1
The DHCP service is accessible through the Service management > Network service
management > DHCP submenu. It provides three tabs, described in the following sections.
Note:
After you have configured the DHCP service, you must activate it by selecting the Active option.
4.4.1 Global Configuration
To configure the DHCP service:
1. Select the Global configuration tab.
2. Select the appropriate network connection.
4-9

Chapter 4
3. Specify the duration of a DHCP lease, i.e. the length of time for which the IP address
allocation is valid.
4. Specify the IP address range reserved for DHCP (start of range, end of range).
5. Enter the gateway IP address (generally, the address of the concerned network interface).
6. Enter the DNS server IP addresses:
• If the DNS service is activated, enter here the address of the concerned network
interface.
• If the DNS service is not activated, enter here the DNS server addresses provided by
the ISP.
7. Enter the WINS server IP addresses (optional). WINS stands for Windows Internet Name
Service, which is used for Windows network sharing.
• If the DNS service is activated, enter here the address of the concerned network
interface.
• If the DNS service is not activated, enter here the DNS server addresses provided by
the ISP.
8. Click OK.
4.4.2 Machines Declared
Use the Machines declared tab to specify particular behaviors considering the DHCP service,
such as:
- One machine needs a static IP address (for example a server, or a printer).
- You want to limit the DHCP service to a particular list of machines (for example to avoid
that visitors equipped with laptop computers can connect to the local network).
To declare a machine:
1. Select the Machines declared tab.
2. Select the appropriate network connection.
3. Give any name that clearly identifies the machine in the network.
4. Enter its MAC address. A Media Access Control address (MAC address) is a unique
identifier attached to the machine network adapter.
5. Select whether this machine IP address is static or dynamic (assigned by the DHCP
server).
6. If the machine IP address is static, enter its IP address. This address must be in the
concerned network and outside the IP address range reserved for DHCP.
7. Click OK.
4.4.3 DHCP Leases
The DHCP leases tab is for consultation only. It lists the DHCP leases that have been
assigned to machines.
4.5 Remote Proxy
4-10

Some large organizations use their own proxies (not hosted on the Extended Communication
Server) to control access to the Internet. If this is the case, you must configure the remote
proxy access in order to allow the server to reach the Internet, which is mandatory for the
automatic update feature.
To access the Internet through a remote proxy:
1. Select the Service management > Network service management > Remote proxy
menu.
This displays the remote-proxy access configuration-form.
2. Select the following option: The Internet connection goes through the following remote
proxy.
3. Enter the access parameters that fit the remote proxy configuration:
• Remote-proxy IP address
• Listening port
• Authentication by login and password, if any
4. Click OK.
4-11

Chapter 4
4-12

5
After reading this chapter, you will be able to access the Extended Communication Server
online technical-support, to activate the full license and to update the software packs.
5.1 General Points
As you can now access the Internet from the administration interface, it is the right moment to
activate the license for an unlimited duration and update the software packs. Updating the
software packs offers you the guarantee that you benefit from the last software developments.
They may also correct any software malfunction.
You must first register your Extended Communication Server product before you can perform
the license activation and any software update.
5.2 Registering and Generating the Activation Key
The Extended Communication Server product registration is mandatory for accessing the
technical support.
To register a product and generate the activation key:
1. From any PC connected to the Internet, go to the Alcatel-Lucent Extended Communication
Server-support Web site (http://support.rightvision.com/).
2. If you already have a user account:
a. Enter your login and password, and click OK.
b. Select On-line services > Registering.
c. Follow the instructions given to you.
5-1

Chapter 5
If you do not have a user account:
a. Select On-line services > Registering.
b. Enter the contract number or Extended Communication Server serial number and click
OK. You can find the serial number on a sticker that is stuck on the server chassis.
c. Follow the instructions for creating your user account.
d. Once created, use this account to log in.
3. Select On_line services > Activation of my licenses.
4. Enter the requested ID number. You can find this ID number in the administration interface
using the Appliance management > Licences & Releases > Software Releases menu.
5. Click on the button.
6. Enter the license number.
An activation key is then generated, that you will use to activate the license from the
administration interface. If you want to activate the license manually, copy this activation
key and paste it in any text file.
5.3 Activating the License
You must perform a license activation before the 31-day trial period ends.
To activate the license:
1. Select the Appliance management > Licences & Releases > Packs & licences menu.
2. Select the New pack tab.
5-2

3. Two activation methods are available to you:
• If Internet can be accessed, perform an online activation by clicking the ACTIVATE
button.
• If Internet is not accessible, use the activation key you previously stored in a text file
(see § Registering and Generating the Activation Key ).
Copy this activation key, paste it in the Activation Key or Licence number field, and
click OK.
When the license activation has completed successfully, the New pack tab displays an history
of licenses.
Figure 5.4: History of Licenses After License Activation
5-3

Chapter 5
5.4 Software Updates
The Extended Communication Server system is pre-configured for updating automatically from
the Web on a per week basis.
Note 1:
Some software packs cannot be updated automatically. They must be updated manually.
We recommend you to:
- Keep the automatic update always on.
- Perform a manual update after installation or after the server has been reset.
To perform a manual update:
1. Select the Appliance management > Appliance updates > Update from the web menu.
2. Click the MANUAL UPDATE button.
3. Follow the instructions given to you.
Note 2:
Some exceptional updates may need the use of a CD-Rom or a USB device. In such a case, use the Ap-
pliance management > Appliance updates > Update from CD-ROM / USB menu and follow the in-
structions given to you.
5-4

6
After reading this chapter, you will have an overview of user group and user account
management. Please refer to online help for details.
6.1 General Points
The way the users are distributed in user groups should reflect the enterprise structure, meet
the enterprise needs, and prepare for future evolutions. We recommend you to plan the way
you will distribute the users in user groups before creating groups and accounts.
The Extended Communication Server administrator manages two types of user groups:
- Standard groups
Each user belongs to one standard group or subgroup. You must create first a standard
group or subgroup before you can create related user accounts.
- Virtual groups. A user can belong to none or several virtual groups. You can create virtual
groups at any time and affect any existing user account to anyone of them.
Here below is an example of the way standard and virtual groups can be used to describe an
enterprise.
Figure 6.1: Example of a Structure
There are several ways to create users in the ECS directory:
- Via administration commands: the administrator creates users one by one
- Via the synchronization tool: users are imported from a remote database. This must be a
6-1

Chapter 6
Microsoft® Active Directory
6.2 ECS Directory Management
6.2.1 User Groups and User Accounts
Select the Directory > User accounts menu to manage user groups and user accounts.
The displayed form is divided into two parts:
- The left-hand side part is the group zone. It is composed of the user group list and
associated management buttons.
- The right-hand side part is the user zone. It is composed of the user account list and
associated management buttons.
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
6.2.1.1 Creating User Groups
To create a user group:
Figure 6.2: Group Zone and User Zone
1. If you are about to create a standard group, select the parent group (the root group or an
existing group) in the left-hand side of the form.
2. Click Add.
3. Enter the name of the group.
4. Select whether the group is Standardor Virtual.
5. Describe it if necessary.
6. Enter the group email address. An email sent to this address will be received by all the
6-2

users of the group.
7. Click OK.
After you have created a group:
- If it is a standard group , you can create user accounts for it.
- If it is a virtual group , you can add already existing user accounts in it. In a virtual
group, users are considered as guests that are invited into the group.
6.2.1.2 Creating User Accounts
Note 1:
You must have first created a standard group or subgroup before you can add a user account to it.
To create a user account:
1. In the left-hand side of the form, select the standard group or subgroup to which the user
will belong.
2. In the right-hand side of the form, click Add.
3. Enter the user description (name, first name, and so on). A star * comes before fields that
are mandatory.
4. Select whether the user account is active or not. A user account is active by default. This
option makes it possible to deactivate a user account instead of deleting it.
5. Assign disk space quotas to the user account if necessary.
6. Specify FTP service access and Web access authorizations.
7. Specify the user privileges, if any. User privileges are further discussed in next section.
8. Assign e-mail addresses to the user.
9. If necessary, allow the user to send and receive emails that are managed by a remote
server (remote messaging).
10. Click OK.
Note 2:
The administration interface also offers you the possibility to import user accounts using the CSV
(Comma-separated Values) format. To do this, select the Directory > Users Import/Export > Users im-
port (CSV format) menu and follow the online help instructions. Among other explanations, the online
help fully describes the CSV format.
6.2.2 User Privileges
You can assign special roles to some users:
- One Delegated administrator per user group can manage the user accounts of this group
or of another group. This person can add / modify / delete user accounts, and assign some
access rights to services. Web sites, such as an Intranet site, can be on the responsibility
of a delegated administrator.
- One Virtual Desk graphic designer is responsible for the Virtual Desktop graphical
charter (logo, colors, etc.)
- One News administrator is responsible for the news distribution to all users
6-3

Chapter 6
- One News administrator for the group is responsible for the news distribution to the
users of the group
6.3 External Directory Synchronization
6.3.1 Synchronization Overview
Synchronization is used to import users from a Microsoft® Active Directory’s to the Extended
Communication Server LDAP directory. All remote users are imported from this directory.
This method removes the task of creating each contact individually.
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Other features:
- Automatic daily synchronization
Figure 6.3: Synchronization Overview
- Possibility to work in mixed mode with users created in the Extended Communication
Server directory only
6-4

- Exclusion of some accounts from the synchronization
- Visibility of deactivated accounts in Active Directory
User features:
- All Extended Communication Server services are available for imported users (Virtual
desktop, Email, FTP, mobility, FAX …)
- Password management is deactivated on Extended Communication Server
6.3.2 Configuration
6.3.2.1 External Directory Configuration
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
To configure the external directory:
1. Navigate to Directory > Synchronization with an external directory (Active Directory)
2. Select the Configuration tab. The External directory connection configuration page is
displayed:
Figure 6.4: External Directory Configuration Page
3. Fill in the fields:
• IP address or name of the external directory: enter the IP address or the name of
the external directory
• DN of the link account: enter the DN (Distinguished Name) of the link account. This
account must "Read" enable to access the information contained in the directory.
Example of DN: cn=link link,cn=user,dc=domain,dc=loc
6-5

Chapter 6
• Link account password: enter the user password as defined in DN of the link
account
• Directory domain: this field is automatically completed from the domain defined in
DN of the link account. It can be modified.
This field represents the domain to which the external directory belongs.
• Base from which the synchronization will be done: enter the field specifying the
sub-tree of the directory from where the synchronization is performed.
For example: dc=domain,dc=loc
• Base group in which the users will be retrieved: enter the target group name where
the users are to be placed
• Time when the automatic synchronization will start: select the time of the daily
synchronization
• Encrypt the connection with the Active Directory server: validate the check box to
encrypt information between the remote directory and Extended Communication
Server.
To do this, you can import the public part of the authority certificate used on the Active
Directory in ASCII(Base64) format. This option can be used without importing the
authority certificate.
4. Click OK
This operation generates an LDAP (port 389) or LDAPS (port 636) connection to the Active
Directory server according to the security option.
Note:
In the case of LDAPS synchronization with the Active Directory server, the Extended Communication
Server server asks the superadmin to authenticate again.
If parameters sent by the Extended Communication Server are correct, the Active Directory
server returns the user list.
The administrator can exclude some users from the synchronization (See the Exclusion tab).
6.3.2.2 How-to Retrieve the Link Account Information in the Windows® Server
The link account is an Active Directory user with admin rights. It must be created in the
windows server with the Active Directory users and computers administrative tool. See below
an example of link account link link is created in the group Domain Admin.
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
6-6

_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 6.5: User Properties Example
The DN of the link account has the following form :
cn=name,cn=Users,dc=domain,dc=domain_extension.
Example with an Active Directory domain named domain.loc :
cn=link link,cn=Users,dc=domain,dc=loc
The base from which the synchronization is performed has the following form:
dc=domain,dc=domain_extension
Example with an Active Directory domain named domain.loc:
dc=domain,dc=loc
This information can be retrieved from the Active Directory server with an LDAP browser. Here
is an example of use of the LDAP browser from the Windows® server:
1. Enter the command: Start / Run /ldp.exe.
The LDAP Connect window is displayed:
6-7

Chapter 6
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 6.6: LDAP Connection
2. LDAP Connection: enter the information for the LDAP to the connect to the server and
click OK
The Bind window is displayed:
Figure 6.7: User Binding
3. Bind type : select Bind as currently logged on user and click OK
The search window is displayed:
6-8

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 6.8: Searching a User
4. Search the users in the database: fill the appropriate fields and click Run
Example of result of a search:
Important:
Figure 6.9: Search Result
When the connection from the Extended Communication Server to the Active Directory fails, it is
recommended to perform some connection tests from a LDAP browser installed on a client PC.
The connection from the Extended Communication Server does not work as long as the connec-
tion from the LDAP browser does not work. In this case, check the Windows® server configura-
tion and parameters.
6.3.2.3 Synchronization
Once the user list is retrieved from the Active Directory server, the administrator can change
the service status to On in order to activate the service.
Click the Synchronize button at the bottom of the frame in order to launch the first
6-9

Chapter 6
synchronization.
This operation will retrieve the user information from Active Directory and create the users in
the Extended Communication Server base group. The retrieved information are:
- User login
- User first name
- User last name
- Phone number
- Mobile phone number
- Email addresses
Once the first synchronization is done, you can activate the daily synchronization process
which will repeat the operation described above.
6.3.2.4 Deactivated Account
This list presents user accounts deleted or deactivated in the external directory. They have
been deactivated on the Extended Communication Server server. They will be activated again
if the account is reactivated or recreated in the external directory. They are available in this
interface so that they can be deleted by the administrator.
6.3.3 User Connection
6.3.3.1 User Authentication
Users authenticate to the Extended Communication Server services by using their usual Active
Directory login/password.
The first time, the Extended Communication Server forwards the authentication request to the
Active Directory server and saves locally the encrypted password.
If the user is successfully authenticated, any following requests are handle directly by the
Extended Communication Server until the user password is changed.
6.3.3.2 Login Policy
On Extended Communication Server a user login must be made up of the following characters:
[a..z],[A..Z],[0..9],[-],[_].
The Extended Communication Server login policy is more restrictive than the Active Directory
login policy where special characters are allowed.
- Special characters are replaced according to the following table:
Special
Characters
Replacement
Characters
Special
Characters
table 6.1: Conversion Rules
@ á é í ó ú ý Á É Í Ó Ú Ý
a a e i o u y A E I O U Y
à è ì ò ù À È Ì Ò Ù
6-10

Replacement
Characters
Special
Characters
Replacement
Characters
Special
Characters
Replacement
Characters
Special
Characters
Replacement
Characters
a e i o u A E I O U
ä ë ï ö ü ÿ Ä Ë Ï Ö Ü
a e i o u y A E I O U
â ê î ô û Â Ê î Ô Û
a e i o u A E I O U
å Å # Ø ß ç Ç ã ñ õ Ã Ñ Õ
a A o O s c C a n o A N O
- Other ASCII characters are converted as follows:
ASCII Code Range Replacement Characters Exceptions
00-1F [nothing]
20-2F _ (underscore)
3A-40 _ (underscore) "@" (Hex: 40) is replaced with "a"
5B-60 _ (underscore) "\" (Hex: 5c) is simply removed
7B-FF [nothing] Many characters handled as
shown in the above table
For more information on ASCII table visit: http://www.asciitable.com.
6.3.3.3 Passwords Policy
On Extended Communication Server, a user password can only use the following characters: [
a-z A-Z 0-9 _ / \ & ~ " # ' { } ( ) [ ] < > ` @ = ? ; : ! + . , % $ * - ].
Important:
As long as passwords are imported from Active Directory (without possible modification on Ex-
tended Communication Server), passwords on Active Directory must be made up of characters
belonging to the above list.
6.3.3.4 Restrictions
The number of users which can be imported cannot exceed the maximum number of licensed
users.
For imported users, the following information cannot be modified:
- Password
6.3.4 LOGS
- Phone information
6-11

Chapter 6
The system logs for this service are available in:
Control panel / system logs/tab System in the file:
/var/log/syslog
6-12

7
This chapter introduces you to the different possibilities the Extended Communication Server
offers for managing information security and for monitoring traffic. After reading it, you will be
able to plan the organization information security and implement it.
7.1 Overview
For managing security, the Extended Communication Server is equipped with:
- An internal proxy server
- An internal firewall
By default, the firewall is active but the proxy server is not active.
Note:
We recommend you to configure and activate proxy and firewall services.
Moreover, for a better network security, we recommend you to use the Extended Communication Server
options: Kaspersky, for an efficient antivirus protection.
7.2 Firewall Management
7.2.1 General Points
When it is activated, a firewall filters the flows of traffic circulating between the different
network interfaces. Its main role is to separate the organization internal information and
resources from the Internet traffic.
Firewall management consists in specifying rules that authorize or forbid a given service or
group of services for a given flow.
7.2.1.1 Traffic Flows
A traffic flow is defined by:
- Two endpoints. For example LAN1 (connected to the organization LAN) and the network
interface connected to the Internet.
- The traffic sense. For example, from LAN1 to the network interface connected to the
Internet.
The administration interface automatically displays existing traffic flows according to the
network interfaces you have created.
7.2.1.2 Services and Service Groups
A service is defined by:
- A name. It can be any name, usually the service protocol name (for example HTTP).
- A port number. Port numbers identify sending and receiving applications. For example,
port 80 identifies the http service.
- A transport protocol: TCP (Transmission Control Protocol) or UDP (User Datagram
Protocol).
7-1

Chapter 7
The system handles a preexisting list of services that you can consult thanks to the Service
management > Security > Firewall > Services and service groups menu, selecting the
Services tab. You can also add new services to this list for specific needs.
Figure 7.1: List of Available Services
Services can be gathered into service groups to facilitate the firewall management. For
example a group called MAIL which contains SMTP, POP and IMAP services, can be used to
authorize or forbid all three services in one single operation.
Some service groups preexist in the system. Using the Service groups tab, you can display
existing groups and add your own groups if needed.
7.2.1.3 Firewall Rules
Figure 7.2: List of Service Groups
The administration interface provides two different views on existing rules:
- The Basic settings menu displays the main rules that protect the network, grouped by
7-2

main flows. Use this menu to have an overview on firewall rules or for basic needs.
- The Advanced settings menu displays all available flows and associated rules. Use this
menu if you have specific needs.
By default, all services are forbidden.
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
7.2.2 Firewall Advanced Settings
Figure 7.3: The Basic Settings Tabbed-panel
The Extended Communication Server automatically creates all the rules you need to manage
the firewall according to the network interfaces you have declared. Usually, all you have to do
is to modify the preexisting rules to authorize or forbid a given service on a given flow.
However, you may have to create rules manually in specific cases. The example below
describes a situation where a part of the LAN is hidden behind a router (from the server point
of view). A new rule must be created to authorize services to the subnetwork users (mail
service, in our procedure example).
7-3

Chapter 7
To create a rule for such a subnetwork:
Figure 7.4: A LAN Including a Subnetwork
1. Select the Service management > Security > Firewall > Advanced settings menu.
2. Select the Computer, networks tab.
3. In the Name of new group or network field, enter a name for the subnetwork.
4. Click Create.
A creation form is displayed.
a. In this form, select the network option.
b. Enter the network address and mask.
c. Click OK.
7-4

_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
The new item is added to the list of computers and networks.
5. Select the Rules tab
6. Using the drop-down lists located at the top of the form, select the flow (in our example,
from MySubnetwork to Appliance).
7. Click Create a new rule.
A rule creation form is displayed.
a. In this form, select a service or a service group (in our example, the MAIL service
group). It is also possible to create new services from this form if necessary.
b. Click Add.
c. Click OK.
The rule is now displayed in the rule list.
7-5

Chapter 7
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Select the Order level of the new rule.
The firewall scans messages from the lowest order rule to the highest order rule. The first
rule which matches decides if a message is allowed or refused.
que se passe t il quand aucune regle ne match?????
The three service protocols of the MAIL service group (i.e. SMTP, POP, IMAP) are authorized
for this flow.
Note:
After you have created the firewall rules, we recommend you to save them via the Service management
> Security > Firewall > Back up and restore rules menu.
7.3 Proxy Server Management
7.3.1 Proxy Services
The proxy server is an internal application which processes the client workstation requests to
the Internet and provides the following services:
- Caching service. If the caching service is active, the proxy server keeps local copies of
the different client requests. In this way, it can serve a request by retrieving content from
previous requests instead of contacting remote servers. This significantly saves bandwidth
while increasing performance.
The caching service also provides statistics on Web traffic.
- Web access control. The proxy server can permit or block Web access for each user
7-6

individually.
- Web filtering. Web filtering is done through black and white lists of URLs or keywords that
forbid or authorize access to certain Web sites. Filters apply to all users or to specific user
groups.
Note:
These services need that the client Web browser is configured so that the Web traffic is sent to the proxy
server.
Important:
If the proxy server is used for Web traffic control and filtering, the firewall should block http and
https traffic. Blocking direct Web access forces Web traffic to pass through the proxy server,
which is essential to an efficient control and filtering service.
7.3.2 Activating the Proxy Cache Service
To activate the proxy cache service:
Figure 7.9: Web Access Through the Proxy Server Only
1. Select the Service management > Network service management > Proxy Cache
Service menu.
2. Change the Activate Proxy Cache option to On.
7.3.3 Web Access Control
To control Web access:
1. Select the Service management > Security > Web access control menu.
2. For each user, select whether the Web access is permitted or forbidden.
3. Select On to activate the User Web browsing control .
7-7

Chapter 7
7.3.4 Web Filtering
Figure 7.10: The Web Access Control Form
The Web filtering service relies on lists of URLs and keywords that prohibit/authorize access:
- Black lists. A black list contains all URLs or keywords for which users cannot access
related contents. All other contents are accessible.
Examples 1:
forbiddensite.com, sex, .mp3
- White lists. A white list contains all URLs or keywords for which users can access related
contents. All other contents are not accessible.
Note:
Examples 2:
www.alcatel-lucent.com, .edu
The proxy cache service must be active for the Web filtering to be effective.
7.3.4.1 All-User Web-Access Filtering
To filter all-user Web access:
1. Select the Service management > Security > Black and White lists menu.
2. select the Main lists tab.
3. Click the button that corresponds to the list you want to modify (black or white list).
4. In the List tab.
• Enter the URLs and/or keywords.
• Click OK.
Note:
Lists can also be modified by export/import facilities.
7-8

5. If you want the list to be automatically updated from an FTP server:
a. Select the Update tab.
b. Enter the FTP server characteristics: name, path, etc.
c. Click OK.
6. Come back to the Main lists menu.
7. Enable the list by clicking Enabled.
7.3.4.2 User-Group Web-Access Filtering
To filter user-group Web access:
Figure 7.11: Black and White Lists For All Users
1. Select the Service management > Security > Black and White lists menu.
2. select the Lists by group tab.
3. In the Lists by group form:
a. Enter the list name.
b. Select whether the list is a white list or a black list.
c. Click ADD.
The new list is now displayed in the form.
4. Click the button to modify the new list.
5. In the List tab.
• Enter the URLs and/or keywords.
• Click OK.
Note:
Lists can also be modified by export/import facilities.
6. In the Groups tab, select the concerned groups.
7. If you want the list to be automatically updated from an FTP server:
a. Select the Update tab.
b. Enter the FTP server characteristics: name, path, etc.
7-9

Chapter 7
c. Click OK.
8. Come back to the Lists by group menu.
9. Enable the Black and White lists by group filtering by clicking On.
7.3.5 Client Configuration
Figure 7.12: Black and White Lists For User Groups
Client workstations must be configured so that they can access the proxy server.
To configure a client workstation Web browser:
1. Go to the browser connection settings.
For example, for Microsoft Internet Explorer:
a. Select the Tools > Internet Options menu.
b. Select the Connections tab.
c. Click the LAN Settings button
7-10

Figure 7.13: Example of Settings (Microsoft Internet Explorer)
Other Web browsers have equivalent settings.
2. Enter the proxy server address. For example, if the workstation belongs to the LAN
connected to LAN1, then the proxy server address is the LAN1 IP address.
3. Enter the proxy port number: 8080.
7.3.6 Proxy Cache Statistics
You can also use the proxy cache to examine the Web traffic and generate reports.
To activate proxy cache statistics:
1. Select the Control panel > Proxy cache flow analysis menu.
2. At the Activate/de-activate statistics option, click On.
7.4 Certificates Management
7.4.1 Overview
A certificate is an electronic document which incorporates a digital signature to bind together a
key with an identity. The signature is delivered by a CA (Certification Authority).
Among other information, a certificate includes:
- the organization name
- a validity period
- The digital signature.
The Extended Communication Server hosts its own certification authority. This CA signs the
certificates delivered by the server for all secured services.
7-11

Chapter 7
7.4.2 Creating a User Certificate
To create a user certificate:
1. Select the Service management > Certificate management menu.
2. Select the User certificates tab.
3. To create a private certificate:
a. Click New.
This displays a form.
b. Enter requested information that identifies the organization.
c. Give a name to the certificate.
d. Click OK.
The certificate is created, but is not yet valid as it is not signed.
e. Select the certificate and copy it to clipboard.
4. Select the Certification authorities tab.
5. Using , open the certification authority panel.
6. Select the Signing a request tab.
7. Paste the certificate you had copied.
8. Enter the validity period.
9. Click OK.
The certificate is now signed and valid.
7-12

7.4.3 Using a Certificate
Once the user certificate is created, it must be assigned to services. The example below
shows how to affect the certificate to the Web access service.
To assign a certificate to the Web access service:
1. Select the Appliance management > Configuring the access from an Internet
connection menu.
2. Select the SSL certificate tab
3. Select the desired certificate.
Figure 7.16: Certificate Assignment to Web Access Service
Security alert messages relating to certificates may concern:
- The date validity, which may have expired.
- The name validity, which may not match the site name.
- The certification authority, which may be unknown.
7-13

Chapter 7
Figure 7.17: Security Alert Example
To avoid the security alert shown in figure above, you must install the CA certificate on your
client device.
To install the CA certificate:
1. Select the Service management > Certificate management menu.
2. Select the Certification authorities tab.
3. Using , open the certification authority panel.
4. Click Click here to export the certificate.
5. A dialog box offers you several options:
• Click Open to install the certificate on the current machine. This supposes that you
repeat this procedure on each machine.
• Click Save to install later the certificate on all machines, from the file you are saving.
7.4.4 Enabling Automatic Regeneration of Certificates
A certificate depends on the host name of the Extended Communication Server. As such, it
must be regenerated each time the host name is modified. Provided the corresponding option
is enabled, certificates can be automatically regenerated each time the hostname of the
Extended Communication Server is modified.
1. Select the Service management > Network service management > General Network
Parameters menu.
If you have already generated and signed certificates, the window displays a Regenerate
the SSL certificate by default form.
7-14

2. Select whether you wish the certificates to be automatically regenerated when the host
name is changed. Click yes or no.
3. Select the services on which the new certificates are to apply.
7-15

Chapter 7
7-16

8
Read this chapter if your Extended Communication Server works together with an OmniPCX
Office. After reading it, you will be able to carry out Internet and telephone services
convergence.
8.1 General Points
The voice/data convergence service allows users to access the telephone functions from the
Virtual Desktop and benefit from additional services on telephone terminals: call forwarding,
unified messaging, click to call, and so on.
Figure 8.1: Voice and data convergence
The extended communication pack must be installed so that you can access the OmniPCX
Office menu in the Service management panel.
8-1

Chapter 8
Figure 8.2: OmniPCX Office Icon and menu
8.2 Activating Voice and Data Convergence
Note:
For efficiency reasons, we recommend that both Extended Communication Server and OmniPCX Office
belong to the same subnetwork.
To activate voice and data convergence:
1. Select the Service management >OmniPCX Office > Detection and Configuration
menu.
2. Select the IP detection tab.
3. Click Detection of the OmniPCX Office IP address.
After some seconds, the OmniPCX Office IP address is displayed.
4. If automatic detection does not succeed: in the IP address OmniPCX Office field, enter
the OmniPCX Office IP address
5. Select the Country of the OmniPCX Office
6. Select the Area code of the OmniPCX Office (optional)
This information is used to convert a call number, retrieved from the Click to Call
application, to a local area number or a national number before being transmitted to the
OmniPCX Office.
7. Click OK
8. Change the Status of the Voice / Data convergence service option button to On.
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
8-2

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
8.3 Retrieving information
Figure 8.3: Voice and Data Convergence Service Activation
After the service is activated, you can retrieve information from the OmniPCX Office:
- Use the Synchronization of terminals menu to retrieve the list of telephone terminals or
devices connected to the OmniPCX Office. This functionality allows you to manage user
accounts and telephone terminal tables in a synchronized way.
- Use the User import menu to help you creating user accounts from the OmniPCX Office
user table. This retrieves information (name, first name, internal numbers) from the
OmniPCX Office and create user accounts automatically. You can modify these accounts
later to add information the Extended Communication Server requires.
- Each synchronized terminal must be now associated with an existing user account or a
new user account.
Consult the online help for more information.
8-3

Chapter 8
8-4

9
After reading this chapter, you will be able to manage internal and external email messaging.
9.1 General Points
The Extended Communication Server includes a mail server which can be used as a
standalone mail server or relayed by an external mail server.
The Extended Communication Server mail service handles the following protocols:
- SMTP (Simple Mail transfer Protocol), to "push" email messages into email boxes.
- POP (Post Office Protocol) or IMAP (Internet Message Access Protocol) to "pull" email
messages from email boxes.
SMTP service must be activated so that the messaging service can work properly, and one of
POP or IMAP services if a fat mail client is used.
As different configurations can be used to make the messaging service available, following
sections will introduce you to the messaging service settings in four steps:
1. Internal messaging, so that users can exchange emails inside the organization.
2. External messaging, so that users can send and receive messages via the Internet.
3. Configuring for a fat mail client.
4. Additional settings that may be useful according to the organization characteristics. You
can also refer to the online help for more information.
Note:
We recommend you to test the messaging service from Virtual Desktop sessions.
9.2 Internal Messaging
To activate the internal messaging service:
1. Select the Service management > Email > SMTP menu.
2. Change the SMTP status option button to On.
All users that have email addresses and authorizations can now exchange internal emails.
9.3 Extending the Service to the Internet
SMTP must be configured so that the mail service is extended to the Internet.
To configure SMTP for the Internet:
1. Select the Service management > Email > SMTP > Basic configuration menu.
2. Select the Send method tab.
3. Enter the email address that will receive messaging errors.
4. If the enterprise has a public domain name, select Use Internet mode.
With this option, the mail server exchanges emails directly with other mail servers over the
Internet.
9-1

Chapter 9
Note 1:
You must verify that the MX (Mail eXchange) DNS record point the server public IP address. Contact
the registrar that manages the domain name to verify this particular point.
Figure 9.1: Direct Access to Mail Servers
5. If the enterprise does not have a public domain name:
a. Select Operate only in Relay mode.
With this option, the mail server exchanges emails with a mail server of the ISP
(Internet Service Provider). The ISP mail server operates as a relay for the Extended
Communication Server mail server.
Note 2:
Relay name, login and password are then provided by the ISP.
b. Enter the relay name or IP address.
c. Enter the login and password if the ISP mail server need them.
9-2

d. Click OK.
Figure 9.2: Operating in Relay Mode
9.4 Configuring for a Fat Mail Client
Some additional settings are needed if a fat mail client, such as Microsoft Outlook or Mozilla
Thunderbird, is used.
On the server side, you must activate one of the POP/IMAP services:
1. Select the Service management > Email > POP/IMAP menu.
2. Change to On one of the POP status or IMAP status option buttons, or both.
On the client side, you must configure each mail account in accordance with the server
settings:
- Protocol
- User identifier and password
9.5 Additional settings
9.5.1 Domain names
Use the Domain Names menu if several domain names are to be used.
By default, the system manages only one domain name. This name is the main domain name
9-3

Chapter 9
you declared in the General network parameters form. If the organization has several
domain names, declare them to the system to optimize email processing. Email addresses that
belong to domains declared to the system do not need external DNS queries.
To declare a domain name to the system:
1. Select the Service management > Email > SMTP > Domain names menu.
2. Click Add.
This opens a Declaration of the domain names managed by the appliance form.
3. Enter the new domain name.
Figure 9.3: Declaration of Domain Names Form
4. For the Transport option:
• Select Local if the mail server manages all emails belonging to this domain.
• Select Via SMTP if several email servers manage emails belonging to this domain.
When such an email is to be processed, the mail server tries first to process it from its
own tables. If the email address is not found there, the message is sent to a next mail
server via SMTP. You must specify this next mail server by its Server name and
Login/Password if required.
Several mail servers can be chained this way.
5. Click OK.
Once the new domain name is declared, you can create new email addresses for each user
who needs an email address with this domain name.
Example below shows the list of domain names after a second domain name has been
created.
9-4

9.5.2 Anti-relay / Relay Authorisation
Figure 9.4: List of Domain Names
This feature aims at prevent malicious use of the mail server, such as spam relaying. Use this
feature to control user authorizations for accessing mail services, especially for remote users.
By default, users located behind the LAN1 interface are authorized to use the Extended
Communication Server mail server as a relay to the Internet.
To manage anti-relay / relay:
1. Select the Service management >Email >SMTP > Anti-relay / Relay authorization
menu.
This opens a tabbed-panel, which first panel lists network interfaces and relay
authorizations.
Figure 9.5: Relay Authorization Tabbed-panel
2. Select the desired network interfaces.
Selecting the network interface only allow local users located behind this interface to
access the Internet.
For remote users, you must configure the authorizations described in next steps.
3. To authorize the relay to the Internet by client authentication:
• Click the Authentication tab.
• Change Enable the relay to Yes.
• Click OK.
9-5

Chapter 9
Note:
Remote users email-client must be configured to authenticate when accessing the service.
4. To authorize the relay to the Internet by name or IP address:
• Click the Name or IP address tab.
• Click Add.
• Enter the desired name or IP address.
• Click OK.
The other tabs (HELO/EHLO and Remote blacklist) can also be used to restrict the
authorizations and filter the email addresses.
9.5.3 Remote Email Service
Use this menu to retrieve shared account emails or to authorize users to retrieve their personal
email accounts.
To activate the remote email service:
1. Select the Service management >Email > Remote e-mail service menu.
2. Select the Frequency tab.
3. If you want to change the mail fetch frequency:
• Enter the mail fetch frequency. Default is 15 minutes.
• Click OK.
4. Change the Synchronization status to On.
These first steps are enough to allow users to manage personal email accounts via the
Virtual Desktop.
Use next steps, in addition, if emails are retrieved from shared accounts (a unique mail box
per domain) hosted by the ISP, or if emails are stored by the ISP and served on demand
via an ETRN command, for example because of a non-permanent Internet connection.
5. If shared accounts are to be managed:
a. Select the Shared accounts tab.
b. Select the protocol and enter required information that corresponds to the ISP mail
server.
c. Configure the fetching service.
d. Click OK.
6. If the remote server is an ETRN (Extended Turn) server:
a. Select the ETRN tab.
b. Enter the server name.
c. Change Activate fetch to Yes.
d. Click OK.
9.5.4 Mail Filtering
The mail filtering function consists of several filtering services that you can activate and
configure separately. These services filter on email addresses, on email contents or on
attachments.
9-6

Figure 9.6: Mail Filtering Services
The Service management > Email > Mail filtering menu is divided in three submenus
corresponding to three complementary services:
- The Filter by grey list service use the greylisting method to filter received emails. The
mail transfer agent temporarily rejects any email from a sender it does not recognize. If the
email is legitimate, the originating server will try again to send it later, at which time the
agent will accept it. If the email is from a spammer, it will probably not retry to send it.
To avoid important emails to be delayed or rejected, the administrator maintains a White
list that contains authorized addresses. The administrator can also allow users to handle
their own White lists.
- The Anti-Virus/Anti-Spam e-mail content filtering service consists of three software
plug-ins.
• ClamAV (Clam AntiVirus) is an open source antivirus software toolkit which main use is
to scan email viruses. ClamAV is pre-installed and license free. It does not scan http
and ftp flows of traffic.
• SpamAssassin is a software program used for email spam filtering. SpamAssassin is
pre-installed and license free.
• Kasperky is a powerful anti-virus software toolkit which needs a license to be activated.
You can activate the service using the Configuration of the function menu and configure
each plug-in separately.
- The Filtering by type of attachment service filters according to the extension type or the
MIME (Multipurpose Internet Mail Extensions) type of files attached to emails.
9-7

Chapter 9
9-8

10
10.1 Overview
The Instant Messaging application allows a user to:
- Exchange instant messages with one or several users
- Know the status of other users
10.2 Server Configuration
10.2.1 Configuration Overview
To configure the Instant Messaging server:
- Navigate to Service management > Instant messaging
- Select the Basic parameters tab
- Modify server options as described in the sections below
- Click OK
A popup window informs you that modifications are taken into account.
10.2.2 Generic Parameters
10.2.3 Options
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 10.1: Generic Parameters Section
- Administrator: select the Instant Messaging administrator.
The administrator is able to sent notifications to all users (connected or not connected)
- Domain of Identifiers: select the domain of the Instant Messaging users
- Server public IP: enter your server address used by external users. This address is used
for automatic creation of xmpp DNS entries.
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
10-1

Chapter 10
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 10.2: Option Section
- By default, allow connection server to server:
• On: all instant messaging servers are allowed to connect to Extended Communication
Server except servers belonging to the black list
• Off: all instant messaging servers are not allowed to connect to Extended
Communication Server except servers belonging to the white list
- Authorize creation and use of chat rooms: users can create and/or use chat rooms
(chat room is for heavy clients only)
- Pre-fill of the buddy list:
• None: user's buddy list are not pre-filled
• With members of groups: buddy lists of users are automatically filled with members
of their groups
• With members of virtual groups: buddy lists of users are automatically filled with
members of their virtual groups
• With members of groups and virtual groups: buddy lists of users are automatically
filled with members of their groups and virtual groups
- Number of simultaneous sessions by user: enter the number of simultaneous chats per
user
10.2.4 Web Gateway
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
10-2

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 10.3: Web Gateway Section
- Activate the web gateways:
• On: users can use some features only available through the web and to connect to the
instant messaging without firewall restrictions.
In addition, the Presence feature can be hosted on a remote server
• Off: no web access is available
- Website name: select the domain name used by Extended Communication Server users
to access the web features
- Listening interface for the web gateways: select the network interface used for FTP
transfer. Only heavy client use FTP to transfer.
- Authorize the web presence: this feature allows your users to display their availability on
a website.
- Activate web presence by default for all users: by activating this option, all the users
can use the feature, otherwise they have to activate it through their instant messaging
client.
- Activate the http-polling:
• On: specific clients can connect to the instant messaging application via a URL. For
example: http://xmpp.domain.loc/http-poll/
Note 1:
All clients do not support this protocol
• Off: all clients must use the 5222 port
- Activate the files transfer proxy:
• On: file transfers to users outside the Extended Communication Server domain are
allowed
10-3

Chapter 10
10.2.5 Gateways
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Note 2:
The use of a proxy is not available on all instant messaging clients.
• Off: no file transfer outside the Extended Communication Server domain
Activate IRC gateway:
Figure 10.4: Gateways Section
You can allow your users to connect to some IRC servers
- On: users, declared on this Extended Communication Server, can connect to a remote IRC
(Internet Relay Chat) server
- Off:
10.2.6 Instant Messaging Status
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Instant messaging status:
Figure 10.5: Instant Messaging Status
- Click On to enable the instant messaging application
- Click Off to disable the instant messaging application
10.3 User Configuration
To enable instant messaging, each individual user must be configured:
- Navigate to : Directory > User accounts
- Select the group
10-4

_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
- Select the user
- Click Modify
- In the Instant messaging section click:
• On to allow instant messaging
• Off to bar instant messaging
10.4 DNS Configuration
Figure 10.6: Instant Messaging Section in the User Properties
When all users do not belong to the same domain or to the same network, the DNS server
must be configured.
When an external DNS is used, it must include the following lines:
_jabber._tcp.mydomain.com SRV 5 0 5269 xmppserver.mydomain.com
_xmpp-client._tcp.mydomain.com SRV 5 0 5222 xmppserver.mydomain.com
_xmpp-server.mydomain.com SRV 5 0 5269 xmppserver.mydomain.com
In the example above, the parameter Domain of Identifiers is set to mydomain.com.
The external DNS server is configured in section: module Installing the system - Network
Configuration § General Network Parameters .
10.5 Configuration Example with Heavy Clients
10.5.1 Inside the Same Domain and Same LAN
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
10-5

Chapter 10
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 10.7: Configuration Example with Users in the Same Domain and Same LAN
Instant Messaging configuration:
- Domain of identifiers: mydomain.com
- By default allow connection server to server: off
- Authorize creation and use of chat rooms: off
- Pref-fill of the buddy list: None
- Number of simultaneous session by user: 1
Firewall configuration:
- Traffic LAN -> ECS on port 5222 (or 5223) must be allowed
10.5.2 Inside the Same Domain with Different Networks
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
10-6

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 10.8: Configuration Example with Users in the Same Domain and Different LAN
Instant Messaging configuration:
- Domain of identifiers: mydomain.com
- By default allow connection server to server: off
- Authorize creation and use of chat rooms: off
- Pref-fill of the buddy list: None
- Number of simultaneous session by user: 1
Firewall configuration:
- Traffic from LAN to ECS on port 5222 (or 5223) must be allowed
- Traffic from WAN to ECS on port 5222 (or 5223) must be allowed
10.5.3 Different Domains and Different Networks
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
10-7

Chapter 10
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 10.9: Configuration Example with Users in the Different Domain and Different LAN
Instant Messaging configuration:
- Domain of identifiers: mydomain.com
- By default allow connection server to server: on
(or add the remote server name in the white list)
- Authorize creation and use of chat rooms: off
- Pref-fill of the buddy list: None
- Number of simultaneous session by user: 1
Firewall configuration:
- Traffic LAN -> ECS on port 5222 (or 5223) must be allowed
- Traffic WAN -> ECS on port 5269
10.5.4 Different Domains and the Same Networks
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
10-8

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 10.10: Configuration Example with Users in the Different Domain and Same LAN
Instant Messaging configuration:
- Domain of identifiers: mydomain.com
- By default allow connection server to server: on
(or add the remote server name in the white list)
- Authorize creation and use of chat rooms: off
- Pref-fill of the buddy list: None
- Number of simultaneous session by user: 1
Firewall configuration:
- Traffic LAN -> ECS on port 5222 (or 5223) must be allowed
- Traffic WAN ECS on port 5269 must be allowed
10-9

Chapter 10
10-10

11
This document explains how to configure the fax server on the Extended Communication
Server and OmniPCX Office.
11.1 Overview
The Extended Communication Server can host a fax server.
The main technical characteristics of the fax server are:
- The connections to OmniPCX Office uses SIP protocol
- Communications from Extended Communication Server to the OmniPCX Office use the
port number 5060
- Communications from OmniPCX Office to the Extended Communication Server use the
port number 5059
- Protocols RTP and SRTP are supported
- Connections from OmniPCX Office to the public network must be performed via ISDN or
analogic lines. Public SIP providers are not supported.
11.2 Configuration
11.2.1 OmniPCX Office Configuration
Compatibility: This feature is applicable with OmniPCX Office release R7.0 and higher.
This paragraph describes the basic configuration for the following topology:
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
11.2.1.1 SIP protocol configuration
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.1: FAX Server Overview
11-1

Chapter 11
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.2: VOIP Parameters Settings 1
- Number of VoIP-Trunk Channels: select a value # 2
- VoIP Protocol: select SIP (a warm reset is required)
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
11-2

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.3: VOIP Parameters Setting 2
- H323 End of Dialing Timeout: select 5.0. By default, the OmniPCX Office uses a timer for
outgoing calls on VoIP trunk (SIP / H.323)
- End of Dialing table used: validate the check box and configure the associated table
(Numbering - EoD Table)
11.2.1.2 Traffic Sharing and Barring
To allow Fax reception/transmission between the public network and the Extended
Communication Server through Alcatel-Lucent OmniPCX Office Communication Server, do not
forget to manage the traffic sharing & barring tables for the transit calls:
Public trunk VoIP link
11.2.1.3 Numbering Plan Configuration
Configure the installation number:
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
11-3

Chapter 11
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.4: Installation Numbers Settings
In the public numbering plan, the Fax DDI number is sent to the ARS table:
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.5: Public Numbering Plans Settings
VoIP trunk is a private trunks: in the Private Numbering Plan, configure the prefix for outgoing
calls to enable Fax transmission from Extended Communication Server to the public network
(on Extended Communication Server, the prefix for public calls is configured with the value 0).
11-4

_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
11.2.1.4 ARS Configuration
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.6: Private Numbering Plans Settings
Figure 11.7: ARS Configuration Parameters
(*) Reminder: the prefix for Fax DDI number is equal to the Installation Number plus the DDI
11-5

Chapter 11
(91330 4000). If the Installation number is empty, then the prefix in the ARS table must be the
DDI part only (prefix = 4000). In this case, the CLI send to the public exchange for outgoing
calls will be the DDI part only and not the public number.
11.2.2 Fax Call Routing (or Fax Call Switching)
Since OmniPCX Office R7.1 it is possible to use the OmniPCX Office Fax Call Routing feature
with the Extended Communication Server fax server.
Reminder:
- A unique DDI number is used for subscriber and fax call
- General pre-announcement before call distribution must be configured
- Control by the noteworthy address FaxCRActiv (must be enabled = 01)
See OmniPCX Office Expert documentation fore more details.
This paragraph describes the basic configuration for the following topology (based on the
previous example, with the Fax 300):
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
11.2.2.1 Create Virtual Terminals
Figure 11.8: Fax Routing Example
Constraints: as the Fax Call Routing feature in OmniPCX Office only allows an internal
subscriber as a fax destination, it is necessary to use virtual terminal to route the user's fax
11-6

EDN to the Extended Communication Server.
Create 2 Virtual Terminals (one VT per user):
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
11.2.2.2 Virtual Terminal Configuration Details
Figure 11.9: Subscriber List
It is mandatory to configure the virtual terminals with ISDN Service 1 = Fax 2/3:
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
11-7

Chapter 11
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.10: ISDN Services
Enable external forwarding for the virtual terminals:
11-8

_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.11: Feature Rights Part 1
11-9

Chapter 11
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.12: Feature Rights Part 2
Configure immediate call forwarding to the Extended Communication Server Fax extension
(for example: 301 for USER A):
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
11.2.2.3 Numbering Plan Configuration
Figure 11.13: Forwarding Definition
Public numbering plan: configure the subscriber DDI numbers with the respective VT for fax
destination
11-10

_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.14: Public Numbering Plan Definition
In the internal numbering plan, the Extended Communication Server fax numbers (301-302)
are routed to the ARS table:
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.15: Internal Numbering Plan Definition
11-11

Chapter 11
ARS table configuration: configure the Extended Communication Server as the destination
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Note:
Figure 11.16: ARS Destination for Extended Communication Server
The other ARS parameters are the same as for the fax server in the previous paragraph.
11.2.2.4 Miscellaneous
If USER A wants to send a fax to USER B, the public number is used by the Extended
Communication Server and the call is routed through the public network. It is possible to
re-route the call directly to the Extended Communication Server using the ARS table.
Private numbering plan: route the outgoing calls from the Extended Communication Server
through the ARS table (in the Extended Communication Server, the prefix for public calls is
configured with the value 0).
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.17: Private Numbering Plan
Figure 11.18: ARS Table Configuration
1. When the Extended Communication Server dials the public number of USER B, the
number -913304002- is replaced by 302 and re-routed to the Extended Communication
Server (note: 2 SIP channels are used)
11-12

2. Other numbers are sent to the public network
11.2.3 Extended Communication Server Fax Server Configuration
11.2.3.1 Default Configuration
The fax server is set by default in demo mode. This means you can try the solution which is
totally functional with 2 channels.
The main restriction of the demo mode is the word Evaluation written on all transmitted and
received faxes.
11.2.3.2 Fax Server Configuration
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
- Navigate to Service management > Fax Server
- Select the Basic Parameters tab
The fax server configuration is displayed:
Figure 11.19: Fax Server Basic Parameters
- Fill:
• Default recipient address mail (this must be a valid address)
• SIP gateway IP address: IP address of the OmniPCX Office VoIP card
• Listening port of the SIP gateway must be set to 5060
• Some options allow the administrator to manage dedicated channels for sending or
reception as well as the transmission attempts.
11-13

Chapter 11
Note:
The channels not dedicated to sending or reception are mixed by default.
11.2.3.3 Profile and Coversheet Configuration
11.2.3.3.1 Define a New Profile Tab
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.20: Coversheet Profile Definition
In the Define a new profile tab you can create new profiles:
- Enter the new profile name in the field Profile description
- Select the profile language in the field Profile language
- Select the user group associated with this new profile in the field Associate the profile to
the group (optional)
- Click OK
Note:
The number of profiles is not limited.
11.2.3.3.2 Add Coversheet Tab
11-14

_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
In the Add coversheets tab, you can:
Figure 11.21: Fax Server Coversheet Definition
- Download the coversheet editor to create or modify coversheets
- Upload and configure a new coversheet:
• Select the language in the field Profile language
• Select your new coversheet: click Browse... and navigate on your machine to select
the new coversheet
• Click OK
Note:
The number of coversheets is not limited.
11.2.3.3.3 Coversheets and Profiles Tab
11-15

Chapter 11
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.22: Fax Server Coversheets and Profiles Definition
In the Coversheets and profiles tab, you can associate a coversheet to a profile:
1. Select the Profile language
The drop down list includes the default profiles (language profiles) and your specific
profiles.
2. Click OK
All coversheets associated with the selected profile are displayed.
3. Select a coversheet
The coversheet list includes the default coversheets and you specific coversheets.
4. Click OK
11.2.3.4 Fax Server Enabling
Activate the fax server:
- At the bottom of the Fax server page
- Fax server status: click On to enable the fax server (or Off to disable)
11.2.3.5 Fax User Configuration
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
To set fax parameter for a user:
- Navigate to Directory > Users accounts
- Select the a group and a user
- Click Modify
The user definition page is displayed:
11-16

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
In the Fax Service section:
Figure 11.23: User Fax Number Definition
- FaxServer Profile: select the fax user profile. This parameter defines the coversheet and
the language of faxes sent by the user.
The default profile is set to the profile associated to the user group if it exists. Otherwise
the default profile is set to the profile associated to the user language.
For this parameter, the choice includes all language profiles and new profiles created in
the Define a new porfile tab.
If you want to associate a specific coversheet to a user:
• In the Define a new profile tab, create a new profile with no associated group
• In the Add coversheets tab, upload the new coversheet created with the coversheet
editor
• In the Coversheets and profiles tab, associate the new coversheet to the new profile
• In the user settings, associate the new profile to the user
- Internal Fax Number: enter the internal phone number associate to the fax of the user.
- External Fax Number: enter the number on which the user will receive his faxes
11.3 Compatibility with VoIP – SIP Service
It is not possible to create simultaneously 2 SIP trunks with different properties between the
Alcatel-Lucent OmniPCX Office Communication Server and the Extended Communication
Server using the same IP address.
It is not possible to have fax server and VoIP SIP activated on the same Extended
Communication Server IP address.
Supported configurations:
11.3.1 Configuration 1
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
11-17

Chapter 11
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.24: VoIP SIP Service on the Extended Communication Server WAN
This is the recommended configuration because it allows the home worker configuration.
11.3.2 Configuration 2
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
11.3.3 Configuration 3
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.25: VoIP SIP service on the Extended Communication Server LAN2
Figure 11.26: VoIP SIP service on an Ethernet alias
11.4 Extended Communication Server Fax Server Integration in a
Microsoft® Exchange® Environment
The purpose of this chapter is to describe the fax server solution integration for companies
already using an Exchange® server as main email server hosted on the LAN. The Extended
Communication Server is not used as email server but the email service is activated for
fax2mail/mail2fax purpose.
We assume the following:
- Extended Communication Server fax server is configured and is working independently of
11-18

the Exchange® server
This can be validated by sending/receiving faxes from user virtual desktop.
- The Exchange® is configured and is working independently of the fax server
- DNS service is managed locally in the Microsoft® server
- Extended Communication Server and Exchange® main email domain names are the same
- Users using the FAX server feature are created on both Windows® and Extended
Communication Server directories. The users exchange@ email addresses should be
created on Extended Communication Server, (The sender address must be known by the
Extended Communication Server to send faxes)
The following image shows a schematic view of the network architecture treated in this
chapter.
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
11.4.1 Company Environment Parameters
Figure 11.27: Environment Overview
The following parameters describe the configuration example.
Active directory domain name : server1.local
Exchange® server hostname : appliance.server1.local
Company email domain name managed in Exchange®: eman704.dyndns.org
Extended Communication Server hostname : manu.eman704.dyndns.org
11-19

Chapter 11
Extended Communication Server IP address : 192.168.92.2
Exchange® server IP address : 192.168.92.10
11.4.2 Exchange® Configuration
The configuration described below is only an example validated with a Microsoft® SBS 2003
server. We assume this configuration can be reproduced with other Exchange® versions
11.4.2.1 Sending Faxes
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
This section describes how-to declare the fax domain as an SMTP domain in Exchange® and
how to forward the fax domain to the Extended Communication Server.
1. Create a new DNS zone
This section is specified as a reminder. In most of cases, the main company email domain
is already declared in the DNS server
• In server management, Right click on the Forward Lookup Zone to display the menu
and select New Zone (See Fig. below) and click Next to follow-up the wizard.
Figure 11.28: New Zone Menu Access
• Select Primary zone and store the zone in active directory if needed then click Next:
11-20

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.29: New Zone Wizard First Page
• Select To all domain controllers as zone replication scope:
11-21

Chapter 11
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.30: Zone Replication Definition
• Enter your email domain name (for example: eman704.dyndns.org) then click Next
:
11-22

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.31: Zone Name
• Select the Allow only secure dynamic updates option, click Next and Finish :
11-23

Chapter 11
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.32: Dynamic Update Definition
• The new DNS zone is now created and displayed in the forward lookup zone list
11-24

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.33: Forward Lookup Zone List
2. Create the Extended Communication Server host in the DNS
• Right click on the DNS zone and click New host:
11-25

Chapter 11
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.34: New Host Creation
• Enter the Extended Communication Server hostname and IP address and click Add
host:
11-26

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.35: New Host Definition
3. Create a SMTP connector
• Open Exchange system manager, right click on Connector, select New then select
SMTP connector …
11-27

Chapter 11
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.36: New SMTP Connector Creation
• In General tab, enter the connector name (for example: ECS-fax), select the option
Forward all mails … and enter your fax domain name (for example:
fax.manu.eman704.dyndns.org), then click Add …:
Figure 11.37: New SMTP Connector Properties
• Select the Exchange® server as Default SMTP Virtual Server and click OK:
11-28

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.38: Default SMTP Virtual Server Selection
• In Address Space tab, click Add …, select SMTP then click OK:
11-29

Chapter 11
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.39: Address Space Selection
• Enter your fax domain (for example: fax.manu.eman704.dyndns.org) as E-mail
domain and click OK:
11-30

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.40: Address Space Properties
• In Delivery option tab, select Always run:
11-31

Chapter 11
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.41: Delivery Option
• In Advanced tab select the settings shown in the following figures:
11-32

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
Figure 11.42: Advanced Properties
11-33

Chapter 11
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.43: Outbound Security
• Click OK to confirm the SMTP connector creation.
The SMTP connector is now configured. Faxes can be sent by users from Outlook®.
Syntax example: faxnumber@ fax.manu.eman704.dyndns.org.
11.4.2.2 Receiving Faxes via a Pop Connector (Recommended)
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
The pop connector is natively available in the Microsoft® SBS software suite but not in
Exchange® server. However, this feature is available in various third party software which can
be installed on the Windows® server.
The following section describes the configuration for SBS:
1. Create POP connectors for each user.
In this example, each user retrieves faxes from the Extended Communication Server
mailbox and delivers faxes in the Exchange® user’s mailbox via a personal pop connector:
• Right click on POP3 Connector Manager and click Add …
• In Mailbox tab, enter the Extended Communication Server users’ parameters:
11-34

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 11.44: POP3 Mailbox Properties
• - In Scheduling … tab, define the schedule (Maximum frequency is 4 times per
hour):
11-35

Chapter 11
Figure 11.45: POP3 Scheduling
• In Troubleshooting tab, select the user who receives emails in error
• This operation must be repeated for every user receiving faxes
11.4.2.3 Receiving Faxes via a Forward SMTP
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
If the pop connector is not implemented in the Windows® server, it is possible to forward faxes
from the Extended Communication Server to the Exchange® server via a SMTP connector
and an email forwarding rule. This forwarding rule should be setup in each Extended
Communication Server users’ accounts receiving faxes. The target email address should be
the user’s active directory email address.
In this example, the user has 2 email addresses:
- user@eman704.dyndns.org (Primary email address)
- user@server1.local (Secondary email address created by default in the active
directory domain)
- In the Extended Communication Server administration interface, Menu Services
management > Email > SMTP > Domain names, create the SMTP connector as shown
in the figure below :
Figure 11.46: Extended Communication Server SMTP Connector Creation
11-36

_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
- In the user’s virtual desktop web mail:
1. Navigate to Filters
2. Click Add a new Rule
3. Select the option All messages
4. Click Move on step 2
5. Select the option Redirect to the following email address: and enter the
user@server1.local address
6. Follow instructions to terminate the wizard and save changes
Figure 11.47: Rule Definition
11-37

Chapter 11
11-38

12
After reading this chapter, you will have an overview of the Web hosting service the Extended
Communication Server offers and you will be able to create an Extended Communication
Server hosted website.
12.1 Site Hosting Overview
The Extended Communication Server can be used to host one or several websites such as:
- An Intranet site, for sharing and distributing internal information. An Intranet site is
associated with a private network interface (LAN).
- An Extranet site, for providing external users (authorized customers, suppliers or partners)
with access to a part of internal information. An Extranet site is associated with a public
network interface (WAN). The visitor must authenticate to access the site content.
- An Internet site, for a large distribution of information and to extend the enterprise visibility.
An Internet site is associated with a public network interface (WAN). No authentication is
required.
With such a solution the enterprise holds its own data rather than with a third party, which
significantly reduces both costs and risks of piracy.
Note:
Hosting an Internet or an Extranet sites requires that the Internet access bandwidth supports the number
of connections expected on the website.
Figure 12.1: An Intranet Site Hosted locally
Creating a locally hosted site requires that you follow the procedures described in next
sections in this order.
12-1

Chapter 12
12.2 Configuring the Hosting Service
12.2.1 Specifying the Webmaster
The site webmaster can be:
- The server administrator identified by the superadmin login. By default, the administrator
is the webmaster.
- A delegated administrator. This kind of user has some privileges that include
webmastering.
The server administrator can grant the delegated administrator rights to a user when creating
or modifying user accounts (menu: Directory > User accounts).
Figure 12.2: How to Grant the Delegated Administrator Rights to a User
If a delegated administrator is to be the site webmaster, the server administrator must first
specify the rights of this webmaster.
To declare a delegated administrator as webmaster:
1. From the administrator interface, select the Service management > Web > Delegated
administration menu.
2. Click Add.
3. If there are several delegated administrators, select the concerned one.
4. Click Add.
This opens a tabbed-panel.
12-2

Figure 12.3: Webmaster Rights Tabbed-panel
5. Specify the webmaster rights:
a. In the General parameters tab, specify the number of sites and other parameters.
b. Click OK.
c. In the Add IP tab, select the IP address (network interface) you want to assign to this
webmaster.
d. Click OK.
The List of IP addresses in use tab now displays the IP addresses you assigned.
12.2.2 Creating the Site
Important:
Figure 12.4: IP Addresses Assigned to a Webmaster
The site must be created from the webmaster account. The following procedure is intended for
the webmaster.
To create the site:
1. Enter the administration interface:
12-3

Chapter 12
• If you are webmaster and server administrator, the administration interface is already
running.
• If you are webmaster and delegated administrator, click the Administration button
located at the right-hand side of the Virtual Desktop.
This opens the administration interface limited to the menus you are authorized to use
and the resources you are authorized to administrate.
2. Select the Service management > Web > Configuring web sites menu.
A tabbed-panel is displayed.
3. Select the tab corresponding to the concerned site type:
• Web sites: by name (http)
• Web sites: by IP (http)
• Secure web sites: by IP (https)
4. Click Add.
5. Depending on the type you selected, enter the full name (e.g. www.business.com) or the
IP address.
6. Select the network interface used to access the website:
• A WAN interface for an Internet or Extranet website.
• A LAN interface for an Intranet site.
7. Click OK.
The new website is now displayed in the list of web servers.
8. Click the Status button to activate the site. The button turns then from orange to green.
Figure 12.6: A Website List
12.2.3 Associating a Database with the Site
If needed, one or several databases can be associated with the website.
12-4

The Extended Communication Server supports two database management systems:
- PostgreSQL
- MySQL
Important:
- The server administrator creates the database and associates it with the site that has been
previously created by the webmaster.
- The database has the name of the associated website.
- The webmaster administrates the database.
For example, to create a MySQL database:
1. Select the Service management > Databases > MySQL menu.
2. In the Select a domain name list, select the concerned website.
3. Click Add.
The form displays the database name and the database administrator name.
4. Click OK.
The form confirms the database creation.
12.2.4 Name Resolution
For an Internet or an Extranet site, the name resolution relies on the public domain name.
For an Intranet site the name resolution must be configured locally.
To configure the name resolution:
12-5

Chapter 12
1. Select the Service management > Naming service > DNS naming > DNS zone
management menu.
2. Select the Primary zone tab.
3. Enter the domain name (the name of the Intranet site).
Examples 1:
For a URL named intra.business.loc the domain name is bus1ness.loc
For a URL named www.business.com the domain name is business.com
4. Enter the administrator email address.
5. Click OK.
6. Select the Service management > Naming service > DNS naming > Register machine
menu menu.
7. Click the Modify button that corresponds to the site.
8. In the Registered machines part of the form, click Add
9. Enter the machine name.
Examples 2:
For a URL named intra.business.loc the machine name is intra
For a URL named www.business.com the machine name is www
10. Enter the associated IP address
11. Click ADD.
12. Click OK.
12-6

13. Change the Status of DNS server to Active.
12.3 Loading the Site into the Server
Two methods can be used to load the site into the server:
- FTP (webmaster only)
- Microsoft Network Neighborhood
12.3.1 Loading by FTP
The Webmaster can use any FTP utility.
The following parameters are required:
- The IP address. This address does not depend on the network interface used to access
the site. It depends on the FTP configuration you can find selecting the Service
management > Management of FTP service > FTP: standard server menu.
- The webmaster identifier and password.
- The destination, which is the /ftpgroups//html directory.
12.3.2 Using Microsoft Network Neighborhood
The webmaster has several ways for accessing the website location, such as the
\\\ address. You can find the NetBIOS name using
the Service management > Files server and domain controller > Global settings menu, in
the Configuration tab.
The webmaster then copies the website data to the html directory.
12.4 Reverse Proxy Configuration
The reverse proxy allows to expose internal web sites from your intranet to the outside world
through your Virtualdesk site.
The Reverse Proxy tab displays system reverse proxy mappings and allows to add user
mapping.
To add a user defined mapping:
- Navigate to Service management > Web > Advanced configuration
- Select the Reverse Proxy tab
12-7

Chapter 12
- Enter the parameters:
• Path: enter the path below the front side web site root directory where the proxified
web site will appear
• URL: enter the URL of the proxified web site
• Auth.: click On if you want the access to be authentified with the Appliance directory
- Click Add
To delete a user define mapping: click the icon associated with the mapping.
12.5 Limits and Restrictions
The Extended Communication Server supports the following protocols and tools versions:
- Apache-Tomcat: version 5.5.12
- php: version 5.1.4
- MySQL: version 4.1.19
- PostgreSQL: version 8.0.7
12-8

13
13.1 Introduction
Extended Communication Server enables to access telephony free of charge over the internet
network:
- Between two users connected to the Virtual Desktop (in or out of company premises). The
user connected on the Virtual Desktop uses a downloaded softphone installed on his
machine. This solution requires Internet Explorer 6 (or higher) and ActiveX must be
enabled.
To implement this solution, see § Basic Configuration for SIP Telephony over the Internet .
Figure 13.1: Peer to Peer Communications
- Between a user connected to the Virtual Desktop and a user on the Alcatel-Lucent
OmniPCX Office Communication Server. This solution requires Internet Explorer 6 (or
higher) and ActiveX must be enabled.
To implement this solution, see § Configuration For Interoperability With OmniPCX Office .
Figure 13.2: Communications Between Virtual Desktop and OmniPCX Office
- Between an internet user visiting the company web site and a user on the Alcatel-Lucent
OmniPCX Office Communication Server. The internet user clicks a call button on the web
site to start a call. The first time this user clicks the button, a plug-in is installed. This
13-1

Chapter 13
plug-in requires Internet Explorer 6 (or higher) and ActiveX must be enabled.
To implement this solution, see § Adding a Click to Call Button on a Web Site .
Figure 13.3: Web Accessibility
13.2 Basic Configuration for SIP Telephony over the Internet
After reading this section, you will be able to carry out SIP telephony over the internet between
two users connected on Virtual Desktops.
Note:
In the example below, the Extended Communication Server is the DNS (Domain Name System) server
for the domain name used for SIP telephony over the internet.
13.2.1 Prerequisites
- The DNS service must be activated on the Extended Communication Server.
- A certificate must be created for the domain name used for SIP telephony over the
internet. For more information on certificate creation, see module Installing the system -
Security Management § Creating a user certificate .
- The following ports must be authorized for user stations behind a firewall:
• Port 5061 TCP from the computer to internet
• Range 8000:9000 TCP/UDP from the computer to internet
13.2.2 Activating SIP Telephony over the Internet
To configure and activate SIP telephony over the internet:
1. Select the Service management > Telephony over Internet (VoIP - SIP) >
Configuration menu.
2. Select the Basic Configuration tab.
13-2

3. In the VOIP - SIP Domain Name field, enter the name of the domain used for SIP
addresses. This domain is managed by the Extended Communication Server DNS. This
domain name can be the same as the Appliance Domain Name.
4. Validate the Automatic creation of the associated DNS zone checkbox so that specific
fields are automatically created in the Extended Communication Server DNS.
5. Select the Server Public IP address in the drop-down list.
6. In the VoIP stations numbering range field, enter a range containing at least 100
numbers.
7. Click OK.
8. Select the SSL certificate tab.
9. Select the certificate to be used for the VOIP - SIP domain name.
10. Activate the Telephony on Internet server.
13.2.3 Configuring User Access Rights
To grant or deny a user the right to access SIP telephony over the internet:
1. Select the Service management > Telephony over Internet (VoIP - SIP) > VoIP
stations configuration menu
2. For each user, specify whether VoIP telephony is activated.
13-3

Chapter 13
Note:
By default, VoIP telephony is activated for all users.
3. Click OK.
13.3 Configuration For Interoperability With OmniPCX Office
After reading this section, you will be able to carry out SIP telephony over the internet between
a user connected on Virtual Desktop and a user of the OmniPCX Office.
13.3.1 Prerequisites
- Basic Configuration for SIP Telephony over the internet must be performed.
- Alcatel-Lucent OmniPCX Office Communication Server must be R7.0 or higher and SIP
trunking must be configured.
13.3.2 Configuring Interoperability with OmniPCX Office
1. Select the Service management > OmniPCX Office > Detection and Configuration
menu.
2. Select the IP detection tab.
3. Click the Detection of the OmniPCX Office IP address button.
After some seconds, the OmniPCX Office IP address is displayed.
4. Click OK and activate the service.
5. Select the Service management > Telephony over Internet (VoIP - SIP) >
Configuration menu.
13-4

6. Under OmniPCX Office - VoIP SIP configuration, check the Use this server to do
VoIP-SIP checkbox.
7. In the IP address field, enter the IP address of the VoIP board of the Alcatel-Lucent
OmniPCX Office Communication Server.
8. In the Login and Password fields, enter the login and password of the SIP gateway of the
Alcatel-Lucent OmniPCX Office Communication Server.
9. Click OK.
10. Click the Check the Connection button to check the configuration.
13.4 Adding a Click to Call Button on a Web Site
After reading this section, you will be able to add a click to call button enabling a web site
visitor to call a user of the OmniPCX Office.
13.4.1 Prerequisites
- Basic configuration for SIP telephony over the internet and configuration for interoperability
with OmniPCX Office must be performed.
- The web site must have been created with an Extended Communication Server version
supporting SIP telephony over the internet: see module Installing the system - Web
Hosting .
13.4.2 Obtaining the Identification Key
13-5

Chapter 13
To obtain the identification key corresponding to the user to be called by the click to call
button:
1. Select the Service management > Web > Configuring web sites menu.
2. Click the Modify button.
3. Select the VoIP tab.
4. Activate the VoIP extensions for this site by clicking On.
5. Select the user who will be called by the click to call button and click Add.
6. Copy the Identification key to the clipboard (or to a text file): this key is used to build the
html code of the click to call button.
13.4.3 Adding the Click to Call Button to the Web Site
To add a click to call button to the web site:
1. Create an html file with the following code
Click to call
where Click to Call must be replaced by the text to be displayed on the click to call
button of the web site and 89ee2fd28baa89b003f7068eef6eaf3d must be replaced by
13-6

the Identification key copied at the previous step in the administration interface
2. Transfer the html file to the server: see module Installing the system - Web Hosting §
Loading the Site into the server
3. Go to the web site and test the button
13-7

Chapter 13
13-8

14
After reading this section, you will be able to implement the push mobile service.
14.1 Overview
The push mobile service allows:
- To synchronize e-mails from the Extended Communication Server to a device running
under Windows Mobile 5 or 6. The push mobile service checks periodically (by default
every five minutes) if there are new e-mails in the Extended Communication Server user
account. If this is the case, e-mails received since the last synchronization (or in the last
five days if it is the first synchronization) are "pushed" to the mobile device.
- To synchronize groupware elements (contacts, calendar events and tasks) between the
Extended Communication Server to a device running under Windows Mobile 5 or 6: the
push mobile service checks periodically (by default every five minutes) if there are new
groupware elements in the Extended Communication Server user account. If this is the
case, the groupware elements created since the last synchronization in the Extended
Communication Server user account are "pushed" to the mobile device and the groupware
elements created on the mobile device are "pushed" to the Extended Communication
Server user account.
14.2 Prerequisite
Note:
If there are no new groupware elements in the Extended Communication Server user account, there
is no automatic synchronization from the device to the user account: in this case, synchronization
must be triggered manually be the user.
Before activating and configuring the push mobile service, you must:
- Install the corresponding service pack.
- Enter the license number.
14.3 Activating the Push Mobile Service
To activate the push mobile service:
1. Select the Service management > Push Mobile menu.
Figure 14.1: Push Mobile Service Activation
14-1

Chapter 14
2. Activate the Push Mobile service status by clicking On.
A connection to the push mobile relay server on the port https (443) is established to
retrieve the following information:
• ComID: Extended Communication Server ID on the push mobile relay server. The
ComID is a unique identifier delivered by the relay server to the Extended
Communication Server using the Push Mobile service.
• Total number of authorized users: This number should corresponds to your license.
• Number of licences used: This is the number of users currently using the push
mobile service. This number is equal to 0 at the first activation of the service.
• List of authorized users: This list is empty at the first activation of the service.
After a few minutes, the connection status switches to green.
Figure 14.2: Push Mobile Service Status
14.4 Configuring the Push Mobile Service
The periodicity of synchronization of e-mails and groupware events can be configured.
Note:
To prevent network congestion, the synchronization period should be of at least one minute.
14.5 Configuring User Access to Push Mobile Service
To grant or deny a user the right to access the push mobile service:
1. Select the Directory > User Accounts menu.
2. For each user, select whether the Access to Push Mobile is permitted or forbidden.
Note:
Once granted with access to push mobile, a user must download the push mobile client from the virtual
desktop or mobile virtual desktop. For more information on push mobile client installation, refer to the cor-
responding user guide.
14.6 Technical Architecture
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
14-2

_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
Figure 14.3: Push Mobile Achitecture
The Push Mobile service is based on « outgoing » connections. No network connection from
Internet to the LAN is needed.
All the information shared between the mobile device and the Extended Communication
Server is done through a VPN tunnel. This VPN tunnel is established by the Alcatel-Lucent
Enterprise relay server which also provides the ComID.
The VPN session keeping between the mobile device and the Extended Communication
Server uses approximately 1 MB per month.
Supported architectures:
- Extended Communication Server connected directly to Internet with a public IP
- Extended Communication Server in a LAN “nated” behind a FW or a router
- Extended Communication Server hosted in a DMZ
- Mobile device with data connection to Internet
- Mobile device connected to Internet through WIFI
Not supported architecture : Extended Communication Server behind a proxy.
14.7 Push Mobile SYNCML Service
14.7.1 General Description
14-3

Chapter 14
The push mobile service hosts a syncml server compliant with mobile devices under Symbian
OS and running syncml 1.1. The behavior is based on a standard “on demand”
synchronization process from the client device.
The synchronized elements are the user’s personal contacts and calendar. Contrary to the
service for windows mobile, there is no client to be installed and no push feature. The service
is totally based on the standard syncml 1.1 client installed on the device.
Because the synchronization is made through a SSL tunnel, the end user must install his own
user certificate on the Symbian device.
The most serviceable is to install first the Extended Communication Server certification
authority, and then the user certificate signed by the Extended Communication Server
certification authority. Both are available in the Extended Communication Server mobile virtual
desktop (See user guide for more information).
14.7.2 Technical Architecture
The Extended Communication Server syncml synchronization service needs the following
pre-requisites to work correctly:
- The Extended Communication Server must host a public fixed IP
- The Extended Communication Server must be reachable from the device on the port 443
for calendar and contacts synchronization
- The Extended Communication Server must be reachable on the port 143 for IMAP
synchronization
- The Extended Communication Server hostname must be resolved by a public DNS
14.7.3 Syncml Parameters
- SyncML server version: 1.1
- Remote host URL (ECS): https://hostname.domainname/syncml/ (The IP address must not
be used)
- Server port: 443
- Calendar database name: Calendar
- Contact database name: Contacts
See user guide for more information.
14.7.4 List of Synchronized Parameters
The synchronized elements depend on the device limits. The elements listed below are
potentially synchronized.
Contacts Calendar
Last name Brief Description
Name Full Description
Company Date
Title Time
14-4

14.8 LOGS
Web site End date
Note End time
Emails (3 max) Access
Address Reminder
Phone number (5 max) Participants
In case of problems, you can:
Repeat parameters
- Consult logs in the events log of Push Mobile service or in the control panel
- Launch a diagnostic from the user mobile phone
14-5

Chapter 14
14-6

15
After reading this chapter you will be able to backup the Extended Communication Server
configuration and data so that you can restore all or a part of them if necessary.
15.1 Functional Description
15.1.1 Overview
The configuration backup/restore feature is useful for the following purposes:
- Backup and restore an Extended Communication Server configuration on an empty
machine:
• An administrator installs the same configuration on multiple machines
• The technical support gets the customer’s Extended Communication Server
configuration to test it
• The trainer set quickly the Extended Communication Server in a configured state
- Backup and restore an Extended Communication Server configuration on a configured
machine:
• Recovery procedure to restore the configuration and the directory (restart from scratch)
• Recovery procedure to restore only the configuration part of the Services (Users are
not modified)
15.1.2 Hardware Compatibility
The configuration backup restore is compatible between the PREMIUM and COMPACT.
There are some exceptions linked to network devices.
15.1.3 Software Compatibility
A backup archive can be restored only on an Extended Communication Server with a software
level equal or higher.
Example:
A configuration backup archive made on an Extended Communication Server 4.0 can be restored on an
Extended Communication Server 4.1.
A configuration backup archive from an Extended Communication Server 4.2 cannot be restored on an
Extended Communication Server 4.1 because the software level of the destination Extended Communic-
ation Server is lower.
15.1.4 Saved and Restored Elements
The following services are saved/restored :
- Network
- Telnet/SSH
- Directory [OPTIONAL]
15-1

Chapter 15
- Virtual desk preferences
- Email filters
- Mysql web sites databases
- Postgresql web sites databases
- Ftp
- DNS
- Web
- File sharing
- Print Server
- DynDNS
- DHCP
- Mail (including Antivirus, Antispam)
- Firewall (including port redirection)
- PPTP
- Squid
- Black & White lists
- Web access control
- Backup scheduling
- VPN
- OXO
- SNMP
- Certificates management
The restore process REPLACES (not MERGES) the current configuration and associated
data. The previous configuration is deleted.
Following services data will be lost:
- Web sites
- Ftp anonymous directory
- Samba shares
15.2 Backup
- Mysql databases content
- Postgresql databases content
Moreover, the configuration restore including the directory (users and groups) will first delete
existing users and groups including their data in their home directories, mails and in their
virtual desk content.
To perform a configuration backup:
- Navigate to Appliance management > Backup / Restore
15-2

_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
15.3 Restore
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
- Select the Backup tab
- Create a backup profile with the option Configuration backup
- Click Start the backup to perform an immediate
Important:
The authentication will be requested during the restore procedure. The superadmin password is
set to rv during the restore process.
To perform a configuration restore:
- Navigate to Appliance management > Backup / Restore
- Select the Restore tab
The list of backups are displayed:
It is possible to display the LDAP database and the patch-list of the backup by clicking the
15-3

Chapter 15
_
_
_
c
h
a
n
g
e
-
b
e
g
i
n
_
_
_
_
_
_
c
h
a
n
g
e
-
e
n
d
_
_
_
lup icon.
- Select the option to restore or not restore the directory (users and groups) and click
Restore
The restore resume is displayed:
15.4 Restrictions
15.4.1 Software
15.4.2 Hardware
- Licenses won’t be saved/restored
- The software (and patch) level must be higher on the destination Extended Communication
Server than on the source one
- The restore process cannot restore more users than allowed by the license installed on the
Extended Communication Server. If the backup file contains more users, then the restore
process will stop
- The configuration backup/restore is cross compatible between PREMIUM and COMPACT
- There are some exceptions linked to network devices. The restore process includes a
network devices checking. The hardware network devices configuration must be the same
between both source and destination Extended Communication Server.
15-4

15-5

Chapter 15
15-6

16
16.1 How to Quote
Use the Actis quotation tool to quote a solution that includes an Extended Communication
Server. This does not require any specific option. You just need to quote for a basic Extended
Communication Server solution while indicating the number of end users who will use the
Extended Communication Server services, as showed in figure below.
16.2 How to Order
Figure 16.1: How to Quote with Actis
To order an Extended Communication Server, use the Alcatel-Lucent Business Partner
Website (http://www.businesspartner.alcatel-lucent.com/). Select the ONLINE SERVICES >
eBuy > Ordering rules > Alcatel Eye-box menu. Then refer to the Extended Communication
Server Order Entry Guide.
16-1

Chapter 16
16-2

17
17.1 Migration to R4.2
Before migration, a full backup is strongly recommended. This backup is used only in case of
rollback (see: § Rollback ).
Migration procedure:
1. Connect a USB 2.0 DVD drive to the Extended Communication Server
2. Introduce the Extended Communication Server R4.2 DVD in the driver
3. Reboot the Extended Communication Server
By default, the Extended Communication Server boot sequence is:
a. DVD
b. Hard disk
The Extended Communication Server reboots from the DVD, the migration welcome page
is displayed.
4. Validate the migration option. If you do not validate within 60 seconds, the Extended
Communication Server boots on hard disk (release 4.1) and the migration process is
canceled.
When the migration option is validated, the Extended Communication Server performs:
• A copy of the database to the /home directory
• The Extended Communication Server R4.2 software installation
This installation spends several minutes.
A reboot is required.
5. Remove the DVD
6. Reboot the Extended Communication Server
The Extended Communication Server migrates the user database to R4.2
A reboot is required.
7. Reboot the Extended Communication Server
8. Validate new feature licences if required.
For license validation, see: module Installing the system - Unlocking the Software Pack .
17.2 Rollback
The rollback procedure is used to return to R4.1 when an unfixable error happens during
migration.
Rollback procedure:
- Introduce the Extended Communication Server R4.1 DVD in the driver
- Reboot the Extended Communication Server
The Extended Communication Server boots on DVD and install the R4.1 software.
- Recover the user database from the full backup previously performed
17-1

Chapter 17
17-2