1 Chapter 1 Introduction Congratulations on your purchase of the NET SatisFAXtion IP Port Server from FaxBack, Inc. Many years of effort have gone into developing a system that will give you the functionality you desire today and a platform that can accommodate your growing needs in the years to come. How to Use This Manual To make the guide clear and easy to read, symbols have been used to identify information that is critical to the operation of your FaxBack system. Please pay close attention to anything identified as Important Information. About this Guide This guide is written with both the systems implementer and systems administrator in mind. It shows you how to install and configure the NET SatisFAXtion IP Port Server. It also shows you how to install and configure client software. Customer Service FaxBack is dedicated to giving our customers world class support. New purchases include 30 days of free Port Server support from the date of purchase. Extended support plans, including telephone, fax, and remote dial in support, are available on an annual basis. To find out more about FaxBack s portfolio of electronic and person to person technical support options designed to meet your needs, please visit our web site at: There are several ways to purchase a new software subscription or to renew an existing subscription: Web Phone 800 FAXBACK ( ) or (503) Knowledge Base and Technical Support If you need technical support on your FaxBack products, your first and best option is to search the FaxBack Knowledge Base which can be found at: This technical database gives you access to valuable information on installation, configuration and maintenance issues. The extensive database includes powerful search capabilities, allowing you to access information quickly. If you need help and cannot find your answers in this manual or in the Knowledge Base, please feel free to contact us. Comments and suggestions regarding the documentation are also welcome. The Knowledge Base is available for free to all FaxBack customers. To obtain technical support by telephone, fax or , you must provide the six digit Server ID that was provided to you. With this code and a current support agreement, you can contact Port Server support in one of the following methods:
2 Support E mail Support Telephone (503) Please be prepared to fully describe your hardware and network setup, the conditions under which the problem is occurring and the effects of the problem.
3 Chapter 2 Server Overview The NET SatisFAXtion IP Port Server enables telecom service providers to offer e fax services to their customers. It is robust and highly scalable up to DS3 (672 ports) densities. Its modular nature allows it to be adapted to fit nearly any network architecture. What role does the Port Server play in the existing VoIP infrastructure? Port Server Overview Figure 2 1: Overview of the NET SatisFAXtion IP Port Server Architecture There are three major components of the NET SatisFAXtion IP Port Server. They are the Connection Server, the Port Server and the HTTPS Proxy. The components communicate between themselves using HTTP so they can be installed either all on the same server, distributed across multiple servers on the same LAN, or even geographically distributed across a WAN.
4 Connection Server The Connection Server is the component that clients log in to in order to send and receive faxes, and administrators connect to in order to manage user accounts, inbound DID routing assignments, and send routing rules. It provides session tracking, authentication, quota and usage tracking functions. Port Server The Port Server is the component that facilitates SIP+T.38 VoIP Fax connections with media gateways. Client software interacts with the port server using HTTP or HTTPS connections, using a real time protocol that is better able to handle delays compared to a pure T.38 connection. The more timing sensitive T.38 protocol is only implemented between the port server and the media gateway. Although clients interact directly with the port server, the port server does not maintain a list of accounts. Send and receive connections are always initiated first between the connection server and the port server, resulting in a unique session id. The port server will only interact with clients that can produce this session id. Https Proxy The HTTPS Proxy is the component that enables client access to the Connection and Port Servers securely across the open Internet. The HTTPS Proxy is an ASP.NET 2.0 application hosted on an IIS server. Implementation Overview Which Components Are Needed? The fewest components required are just the Connection Server and the Port Server. This will allow sending and receiving of faxes over unsecured HTTP through the port server to a T.38 media gateway. It is not recommended to put the Port Server directly on the Internet. The HTTPS Proxy is used to provide Internetaccessible secure communication. Implementation Patterns There are three general types of NET SatisFAXtion IP Port Server installations. Single Server (Consolidated) Figure 2 2: Single Server Installation
5 The HTTPS Proxy, Connection Server, Port Server, and SQL Server are all installed on a single server. This is sufficient for small installations of ports. Multiple Servers Figure 2 3: Multiple Server Installation The HTTPS Proxy and SQL Server are installed on separate servers. The Connection Server and Port Server may be installed on separate servers, and there may be multiple Port Servers. This is the typical installation for a regional provider. Multiple Port Servers Figure 2 4: Distributed Installation There is a single HTTPS Proxy and Connection Server that the clients connect to, but multiple, geographically distributed Port Servers. The SQL Servers are also distributed and replicate databases.
6 Scalability & Reliability By default, the Connection Server will load balance amongst the configured Port Servers. Port Servers can also be brought on line and dynamically added to routing groups in case of failure. Both Connection Servers and Port Servers can be disabled for maintenance without disrupting connected clients or their faxes. While disabled, that particular server will refuse any new faxes, and any logged in clients will be migrated to another Connection Server. Any faxes in progress when the server is disabled will finish without interruption, but new faxes will be routed to alternate servers, if available. Infrastructure Requirements IIS / SQL Server Any version of IIS that supports ASP.NET 2.0 is sufficient to run the HTTPS Proxy. A Microsoft SQL Server version 2000 or above is required for the Port Server and Billing databases. For smaller installations, MSDE or SQL Server Express versions are sufficient. SIP+T.38 media gateway The Port Server must be connected to media gateways that support SIP and T.38. For outbound faxes, the media gateway must re INVITE for T.38 if a fax is detected. For inbound faxes, the Port Server will immediately re INVITE for T.38. Each Port Server can be configured to use a SIP proxy instead using a per Port Server user name and password. Each Port Server can be configured to send REGISTER requests to a SIP registrar. Media gateways that are known to work include (but are not limited to): AudioCodes TrunkPack and Mediant series Most Cisco routers T.38 traffic is expected to consume approximately 60kbps per active fax port. Upstream SIP Trunking Provider A Port Server can be configured to use an upstream SIP trunking provider instead of a media gateway. Insure that the upstream provider supports end to end T.38 for reliable faxing. It is also important to have a low latency link (less than 50ms round trip) to the provider. LAN / WAN topology At this time, only IPv4 networks are supported. HTTPS traffic is expected consume approximately 15kbps per active fax port.
7 Firewall considerations The HTTPS Proxy needs only TCP port 443 (https) open to the Internet. From the proxy to the Connection Server & Port Server components, each one s corresponding port must be open. These ports are configurable but default to 60 (CS) and 61 (PS). NAT traversal and client server communication Hardware and Software Requirements CPU & RAM Operating System Connection Server & Port Server require one of these operating systems: Microsoft Windows Server 2008, any version (except Server Core) Microsoft Windows Server 2003 Service Pack 2, any version Microsoft Windows Server 2003 R2 Service Pack 2, any version NET SatisFAXtion Port Server supports 32 bit (x86) and 64 bit (x64) versions of these operating systems. Itanium is not supported. Other Software The full CD Image installer will install all prerequisite software. For speed of installation, it is also possible to install prerequisites before installing the NET SatisFAXtion Port Server. The following software is required for NET SatisFAXtion Port Server: Microsoft.NET Framework o 2.0 SP1 o 3.0 SP1 o 3.5 SP1 Microsoft SQL Server Compact 3.5 SP1
8 Chapter 3 Client Overview What features does the Port Server bring your users? NET SatisFAXtion IP Port Server leverages your existing VoIP network to allow your users to send and receive faxes from their desktops transparently. Your users can also continue to use their existing fax machines without the need for a dedicated extra phone line. Available Clients NET SatisFAXtion Client: The NET SatisFAXtion fax server can connect to the Port Server to provide all the features of a LAN fax server to users, including server side print conversion and additional desktop clients such as the Client Suite and Microsoft Fax. Microsoft Fax Client: This fax application ships with Windows XP and Vista (except the Home editions of Vista), and may be downloaded from the Microsoft web site for Windows A Microsoft Fax server is also a part of Windows Small Business Server, Windows Server 2003 and Windows Server A plug in is provided to allow both of these to use the Port Server to send and receive faxes. Because this is built in to the operating system it has a very low support and maintenance overhead. Fax Machine Client: This store and forward server enables any SIP+T.38 ATA device or IAD to send and receive faxes via the Port Server. Typically this will be installed on a Windows server on the same network as the ATA device(s). FaxOut Client: This client provides a virtual printer for desktop conversion of documents and attaches them to . The printer driver works with all applications, simply using the system default mail client. SDK Client: This client provides a powerful API for software developers to create custom fax solutions. The Effects of Connected/Disconnected Clients Most of the clients (excluding the Outlook Add in) maintain an HTTPS connection to the Port Server. If that link is not established (the client isn t logged in) then the Port Server will return a busy (486 Busy Here) for any faxes to that client s associated DIDs.
9 Chapter 4 Port Server Installation License Key: Each Port Server installation will be issued an individual product key. This key controls the number of ports each Port Server can be configured for, as well as enabling licensed features. Keep this key in a safe place and note whichh Port Server is using which key. Connectionn & Port Server Installationn from CD: Run setup.exe in the root of the CD to begin the installation. Installationn from Download: The downloaded EXE is a self extracting archive. Run it to extract the installationn files into C:\NSPortServer CD Image\. This directory is identical to the official CD, and can be burned onto a CD to perform the installation, if necessary. Run setup.exee from this directory to begin the installation. Important: Do not attempt to install from a network share. Microsoft.NET security settings will likely prevent this. By running the setup.exee program, the Port Server files will be installed. After this is complete, the Fax Hardware Setup wizard will run. At this point, the Port Server software is installed, just not configured. If the Fax Hardware Setup wizard is canceled, it can be run again from the Start menu (Start > All Programs > NET SatisFAXtion Port Server > Fax Hardware Setup). The welcome screen is where you will enter your License Key. Paste or type this server s Licensee Key in the field provided. By entering the serial number, the remainder of the installation will be customized for you based on the features that will be unlocked by the serial number. Figure 4 1: Entering the Server s License Key
10 The Next button will remain grayed out until a valid Product Key is entered. Once you have entered the key, click Next. The next screen will allow you to configure which SIP+T.38 media gateway this Port Server will use. You may also configure a SIP Proxy as well as a SIP Registrar here. You can browse the local LAN segment for VoIP Gateway devices by clicking Browse. The Browse feature will only be able to discover AudioCodes and Cisco devices on the same local network. If the VoIP Gateway is not on the local LAN segment, simply enter its hostname or IP address in the Gateway entry. Figure 4 2: Configuring the SIP+T.38 Media Gateway Figure 4 3: Browsing the Local Subnet for a Media Gateway
11 Next, a list of configured ports is displayed. This allows the per port configurationn of default CSID and dial prefix. Certain ports can also be reserved for inbound or outbound traffic. Figure 4 4: Setting Individual Port Settings Next, you will be able to choose if this installation will be a Connection Server, a Port Server, or both. The HTTPS Proxy and the SQL Server is also configured from this screen. Beforee continuing, you may want to complete the installationn of the HTTPS proxy and SQL Server. If not, this screen can be revisited once those steps are complete. If using host names for the Connection Server or the Port Server, insure the names assigned are valid and resolvable from all HTTPS proxies, Connection Servers and Port Servers.
12 Figure 4 5: Configuringg Port Server Parameters HTTPS Proxy Check the Http proxy on IIS checkbox and enter the fully qualified domain name of your IIS server, followed by the path to the nsps application. The default will be something similar to: https://secure.netsatisfaxtion.com/nsps/nsps.aspx Once entered, you will see the Client access Urls for the Connection Server and Port Server change to point to the HTTPS Proxy. Databases A default installation of the NET SatisFAXtion IP Port Server will store its account list and accounting information in a Microsoft SQL Compact database. This is sufficient for initial testing, but is not intended for production use. There are five supported database types: SQL RADIUS SQL Compact Access/MDB (Microsoft JET); not available on 64 bit. External Provider DLL Most installations will utilize SQL, but RADIUS is supported for optional integration with existing AAA infrastructure.
13 SQL NET SatisFAXtion Port Server uses the database for user authentication and fax routing (NSPortServerMain), and billing (NSPortServerBilling). Each table may be independently configured and named, and may reside in a different database, in the same database, or even each on a completely separate database server. Figure 4 6: Port Server Databases Figure 4 7: SQL Database Properties Modify each entry to point to the correct SQL Server and configure authentication as needed. If you have sufficient rights, you can allow the Fax Hardware Setup program to create the required tables and/or databases. Your installation of this Port Server is now complete. You may now begin testing.
14 RADIUS One or more RADIUS servers may be specified. The Port Server will use RADIUS calls to authenticate users, identify ownership of DIDs, and for call logging (CDRs). Please see the Port Server RADIUS Support document for more information about implementing RADIUS. The following tables may be implemented with RADIUS: AccountsDb ReceiveDb BillingDb Note that using RADIUS does not completely remove the need for SQL. The following tables will still be stored in SQL: SndRoutingDb ServersDb External Provider DLL An external DLL may be specified, which the Port Server will call to authenticate users, identify ownership of DIDs, and for call logging (CDRs). Please refer to the appropriate documentation to develop your own external provider DLL. HTTPS Proxy In order to provide security for Internet faxing, NET SatisFAXtion IP Port Server provides an ASP application that proxies communication between the clients and the Port Server. The HTTPS proxy may be installed on an IIS server either running on the Port Server itself, or on a separate server. When using an HTTPS proxy server, your clients will be connecting to a URL similar to: https://secure.netsatisfaxtion.com/nsps/nsps.aspx?target=conserv Prior to installation, the Web Site you are using must have an SSL certificate, and be accessible via https. It is advisable to require SSL communications. For using self signed SSL certificates for testing, please see Chapter 12 Testing, Validation & Troubleshooting, page 42. Prerequisites Microsoft Internet Information Services (IIS) with : o World Wide Web Service o ASP.NET support ASP.NET 2.0 must be an allowed Web Service Extension. Creating the nsps Application Directory If you are installing the HTTPS proxy on a server that doesn t have the Port Server installed, copy the proxy application directory from the Port Server server. It can be found (by default) in C:\Program Files\NSPortServer\Http Proxy\.
15 Open IIS Manager and locate the Default Web Site. Right click on it and create a new Virtual Directory. Its Alias will be nsps : Next, choose the directory the HTTPS proxy is installed in. The default is C:\Program Files\NSPortServer\Http Proxy\. Allow the following permissions: Read, Run scripts (such as ASP). Finish the Wizard. Next, right click on the nsps virtual directory and open its properties. Next, go to the ASP.NET tab and verify the ASP.NET version used is
16 Next, go to the Virtual Directory tab, click on Configuration, then the Options tab, and disable both enable session state and enable buffering. Insure ASP.NET v is allowed in IIS. Navigate to Web Service Extensions. Select ASP.NET v and click the Allow button.
17 It may be necessary to manually register ASP.NET 2.0 with IIS. Run C:\WINDOWS\Microsoft..NET\Framework\v \aspnet_regiis.exe /i.. Configuringg the HTTPS Proxy Routing Table If the proxy is installed on the same server as NET SatisFAXtion IP Port Server, you may use the GUI within Fax Hardware Setup to configure the routing table: If not, the XML file will need to be edited manually. It can be found in \NSPortServer\Http Proxy\Bin\IP PFSProxy.xml.. Figure 4 8: HTTPS Proxy Configuration
18 <IPFSProxy> <RoutingTable> <Route Target="conserv"> </Route> <Route Target="portserv"> </Route> </RoutingTable> </IPFSProxy> Simply update these URLs to reflect the internal names/ip addresses and ports of the Connection Server and Port Server. These names need only be resolvable from the HTTPS Proxy server. Note: The host names used in the proxy routing table must match exactly the host names and port numbers specified in the Port Server Setup wizard. If they do not match, then Setup will be unable to identify the correct Client Access URLs, and will display *** UNABLE TO LOCATE PROXY URL! ***. For example if the routing table uses localhost:60 in the Connection Server URL, set the Connection Server s Http host name to localhost and Port number to 60 as well. SQL Server NET SatisFAXtion Port Server uses the Microsoft.NET Framework Data Provider for SQL Server, and so it can only connect to Microsoft SQL Server versions 7.0 or newer. Specifically, SQL Server 2000, SQL Server 2005, Microsoft Desktop Engine (MSDE), and SQL Server 2005 Express are supported. The SQL Server may be installed on the same server or remotely. NET SatisFAXtion Port Server can use an existing database, and has simple built in methods for creating the databases and tables as needed. SQL Server Remote Connections All on site Connection and Port Servers will need to connect to the SQL Server because it is used to store most configuration information. Insure each system can connect to the SQL Server when implementing a multiple server Port Server configuration. SQL Server Security and Required Permissions NET SatisFAXtion Port Server can use either SQL Server authentication (username and password) or Windows Authentication (if on a domain). SQL Server Authentication The simplest authentication method is SQL Server authentication. Simply create a login on the SQL Server and then specify this login and password in the Connection Server s Hardware Setup. Windows Authentication Windows Authentication may be used when both NET SatisFAXtion Port Server and the SQL Server are on the same domain or if there is sufficient trust between them.
19 When running the NET SatisFAXtion Port Server s Fax Hardware Setup program, it will use the credentials of the current user using Windows Authentication. In order to make use of its automatic database and table creation features, the current user must have sufficient permissions on the SQL Server (e.g. a member of the Domain Admins group). NET SatisFAXtion Port Server will run as the SYSTEM account. This is important because if a remote SQL Server is in use, it will refuse the Connection Server by default. Be sure to create a login for the DOMAIN\SERVERNAME$ account on the SQL Server and give it permissions (listed below under running permissions ) to the NSPortServerMain and NSPortServerBilling databases or equivalents. Both the Connection Server module and the Port Server module(s) require a database connection so each server used must have SQL permissions. Setup Permissions The account used when running the NET SatisFAXtion Port Server s Fax Hardware Setup program must have the following permissions: Create Databases: Create Tables: Grant server wide Create any database permission. Grant database specific Create table permission. Running Permissions Grant the following permissions: Connect Delete Insert Select Update Databases and Tables Note that the NET SatisFAXtion Port Server s Fax Hardware Setup program can only automatically create its databases if the SQL Server is installed locally. The databases must be manually created if the SQL Server is running remotely. The NET SatisFAXtion Port Server s Fax Hardware Setup program can create tables on a remote SQL Server. The database names listed below are defaults only. Each table may be named differently and reside in a different database. Type Database Table Used By BillingDb NSPortServerBilling BILLING_TABLE PS / CS AccountsDb NSPortServerMain ACCOUNTS_TABLE CS RcvRoutingDb NSPortServerMain RCV_ROUTING_TABLE CS SndRoutingDb NSPortServerMain SND_ROUTING_TABLE CS
20 ServersDb NSPortServerMain SERVERS_TABLE PS / CS PS Port Server module CS Connection Server module Specific information about these tables, their columns, and the data they containn may be found in Chapter 9 Integration. RADIUS 4 9: Port Server Databases configured for RADIUS Set AccountsDb and RcvRoutingDb to port Set BillingDb to port : RADIUS Database properties
21 Chapter 5 Additional Components SMTP Gateway for Fax To Requirements Installation Managing Account Associations to Fax with the SMTP Gateway and the Document Conversion Server The conversion process; advantages and limitations Troubleshooting conversion issues
22 Chapter 6 Administration and Configuration 6 1: NET SatisFAXtion Port Server Manager For Manage Accounts : please see Chapter 7 Accounts and Clients, page 30. For Manage Send Routing : please seee Send Routing, page 37. Server Passwords There are three passwords that are used by the Port Server, beyond the normal account passwords. These are Admin, Server, and Billing passwords.
23 Connectionn Server Properties General Tab Name: A human readable name for this Connection Server. Admin password, Serverr password: See Server Passwords on page 23. Catch all DID: This allows an alternate character to be used as the catch all DID. The default is * (asterisk). Diagnostic log level: The level of detail to log to \NSPortServer\Logs NSPSConnectionServer\ \IPFS[%date%].log. Levels higher than Brief are only needed for diagnostic purposes and will cause log files to grow rapidly. Note that the logging system can only create up to 100 log files per day. Leaving debug level logging running for an extended period of time can result in log entries being lost. Enabled: This Connectionn Server will only accept new account logins and faxes when enabled. Disabling the Connectionn Server will migrate connected clients to other Connection Servers. Use this option in preparation for maintenance or to take this Connectionn Server offline. After disabling the Connection Server, monitor the Client Logins graph. Wait for the logged in count to reach zero, indicating all clients have migrated elsewhere and taking this Connection Server offline will not interrupt service.
24 For Groups : please seee Login and Receive Routing Groups on page 35 Accept CDRs: Whether this Connectionn Server will accept Call Detail Records from Port Servers when they are configured to send CDRs to a Connection Server. Include fax device info: Save the completed fax s CAS Tag List with the CDR. This includes some useful troubleshooting information such as V21 and ECM error counts. Billing password: See Server Passwords on page 23. Per fax CDR info delimiter: The Connection Server will split the dial string on this character. All characters before the delimiter will be the dial string, and all characters following the delimiter will be included in the CDR as PerFaxCDRInfo (RADIUS attribute FB Per Fax CDR Info).
25 For Alerts : please see Alerts on page 29. These settings control monitoring by the Port Server Management application. Unlike the other Connection Server Properties tabs, these are local settingss to the current Port Server Management application. Monitor the server: Disabling this prevents the Management application from connecting to the server at all. Seconds between updates: How often to poll the server s performance counters and status. Retrieve counts and display server activity graph: Disabling this removes the server s graph from the Management application. Server Record: Displays internal information about the server, including access URLs, version, and host CPU (followed by configured port count).
26 Port Serverr Properties Name: A human readable name for this Connection Server. Admin password, Serverr password: See Server Passwords on page 23. For Groups : please seee Login and Receive Routing Groups on page 35 Diagnostic log level: The level of detail to log to \NSPortServer\Logs NSPSPortServer\IPFS[%date%]. log. Levels higher than Brief are only needed for diagnostic purposes and will cause log files to grow rapidly. Log fax device info: When enabled, the Port Server will log the completed fax s CAS Tag List in the above log file in an XML format. This includes some useful troubleshooting information such as V21 and ECM error counts. This information will appear in an <Event/> tag, for example: <Event Time=" T11:24:00.752" Process="PortServer" Message= ="Fax devicee info for session 587b]DorZXdMGoTAU3FCoN4ya"> xml data </Event> This is only needed for diagnostic purposes and will cause log files to grow rapidly. Enabled: This Port Server will only accept new faxes when enabled. Disabling the Port Server will prevent new faxes from being routed through this Port Server. The Port Server will respond to new inbound faxes with a busy (486 Busy Here). Use this option in preparation for maintenance or to take this Port Server offline. After disabling the Port Server, monitor the Send/Receive Fax graph. Wait for the sending and receiving counts to reach zero, indicating all faxes have completed and taking this Port Server offline will not interrupt outbound service. If the SIP Trunk or VoIP Gateway is configured to route traffic to an alternatee server on busy, taking this Port Server offline will not interrupt inbound service either.
27 Log targets: Call Detail Records can be sent directly to the database, or to a Connection Server if the Port Server and the Connection Server do not share databases. The Connection Server involved with the fax session is the Connection Server where the sending or receiving client is logged in. When using a billing password, the Connection Server will inform the Port Server what its billing password is during call setup. For Alerts : please see Alerts on page 29.
28 These settings control monitoring by the Port Server Management application. Unlike the other Connection Server Properties tabs, these are local settingss to the current Port Server Management application. Monitor the server: Disabling this prevents the Management application from connecting to the server at all. Seconds between updates: How often to poll the server s performance counters and status. Retrieve counts and display server activity graph: Disabling this removes the server s graph from the Management application. Server Record: Displays internal information about the server, including access URLs, version, and host CPU (followed by configured port count). Alerts Alerts can be automatically sent by the Port Server by and/or logged to the server s Application Event Log. Alerts will be sent when an exception occurs, when one server component loses connection with another component, or (optionally) when the service loads or unloads.
29 Chapter 7 Accounts and Clients The Port Server is designed to route faxes through it in real time, similar to a PBX or other telephone equipment. Therefore an account must be currently logged in to send or (more importantly) receive faxes. In the case of multiple Connection Servers, the account can only be logged in to one of the Connection Servers. The minimum required for a valid account is an AccountId and a Password. Once created, a client can log in to the Connection Server using the account and send faxes. The minimum required to receive faxes is to route a DID to that account. The client will receive faxes for that DID. AccountId and Password are each limited to 64 characters. When using RADIUS, most of these fields will be grayed out and will display information about that user provided by the RADIUS server.