ASCOM IP-DECT Large systems and advanced settings. ASCOM IP-DECT R3 Ascom Training 2008 1

ASCOM IP-DECT Large systems and advanced settings ASCOM IP-DECT R3 Ascom Training 2008 1

Contents Multi s and large systems Load Distribution (PBX Cluster) Active Directory data base replication IP security (https:) Fault reporting and statistics ASCOM IP-DECT R3 Ascom Training 2008 2

The purpose of the Multi- concept Increase the number of users (> 2.000) Scalable from small to large systems Minimum off changes when growing Increase number of Base Stations (> 1.000 IPBS) Multiple sites, 1.000 BS per site Multi site installations Local functionality at WAN connectivity loss High load traffic Load sharing between s ASCOM IP-DECT R3 Ascom Training 2008 3

LARGE IP-DECT SYSTEMS IP-DECT MULTI-MASTER CONCEPT Site A IP-DECT Mobility WAN Site B IP-DECT IP-DECT IP-DECT BS BS BS BS BS BS BS BS BS Roaming Roaming / Handover ASCOM IP-DECT R3 Ascom Training 2008 4

Software Components R3 Is a software interface between the IP-DECT system and the IP- PBX (SIP/H.323) Contains the user database for this master Registers DECT handsets to the Pari Is assigning PARI:s and sys object data to the radios associated R3 IPBS/IPBL Give information to the radios about master home location Mobility Contains virtual data base of all handsets master home location and visitors temporary database Is a software interface between DECT and VoIP (H.323) Statically connected to the Pari Dynamically connected to the Pari Mobility ASCOM IP-DECT R3 Ascom Training 2008 5

Single Installation Lines shows the logical connections between the software modules All radios has a static RAS connection to the Pari (RAS = Registration, Admission and Signaling) A dynamic RAS connection is established between the master and when a handset is in the coverage area for one of the radios Capacity with one master 1.000 users 1.000 IPBS radios or 100 IPBL radios or a mix of IPBS/IPBL (100 IPBL + 600 IPBS, 50 IPBL + 800 IPBS) Site A Pari Static RAS connection H.225 Dynamic RAS connection H.225 Coverage area ASCOM IP-DECT R3 Ascom Training 2008 6

Multiple Site / Single Installation With this solution the handset will be able to roam to a different site and it will be possible to receive incoming and make outgoing calls Possible to do external handover between radios with overlapping coverage Capacity same as single site Site A Pari Site B Site C Site X ASCOM IP-DECT R3 Ascom Training 2008 7

Multiple Installation All radios has a static RAS connection to the Pari All masters has a static RAS connection to the Mobility A dynamic RAS connection is established between the radio and master when handset is in the coverage area for the specific radio A dynamic RAS connection is established between the master and when a radio has a RAS connection to the master (handset is in the coverage area for the specific radio) Site A Mobility 0 1 Pari Static RAS connection H.225 Dynamic RAS connection H.225 ASCOM IP-DECT R3 Ascom Training 2008 8

Multiple Installation Capacity with several masters 1.000 users/master 20.000 users/pari master Mobility 100 masters/mobility master 100.000 users/mobility master 1.000 IPBS radios/pari master or 100 IPBL radios/pari master or a mix of IPBS/IPBL Site A 0 1 Pari X Always use standby (alternative) for different master functions Mobility, Pari,, Sync, LDAP and GK/Proxy ASCOM IP-DECT R3 Ascom Training 2008 9

Multiple Site / Multiple Installation Same philosophy as multi site / single master Capacity same as multi site Site A Mobility 0 Pari 1 Site B Site X ASCOM IP-DECT R3 Ascom Training 2008 10

Multiple Site / Multiple Installation Local functionality for local users on each site at connectivity loss between the sites Mobility Site A 0 Pari 1 2 Pari Site B ASCOM IP-DECT R3 Ascom Training 2008 11

Multiple Site / Mobility Installation All mobility masters has a static RAS connection to other Mobility s With this solution the handset will be able to roam to a different site and it will be possible to receive incoming and make outgoing calls Local functionality for local users on each site at connectivity loss between the sites Mobility Mobility Site A Site B 0 Pari 1 2 Pari 3 ASCOM IP-DECT R3 Ascom Training 2008 12

Multiple Site / Mobility Installation Capacity with several mobility masters 10 mobility master 1.000.000 Users/system 1.000.000 IPBS/system or 100.000 IPBL/system or Mobility Mobility a mix of IPBS/IPBL Site A Site B 0 Pari 1 2 Pari 3 For large installations (heavy load) it is recommended to use a IPBL as masters and deactivate the radio Also to avoid users on the Pari Mobility Standby Mobility Pari Standby Pari Standby ASCOM IP-DECT R3 Ascom Training 2008 13

Synchronization in Multi Site installations Pari To avoid synchronization to a radio with lower hop rate but bad field strength use a Pari Sync Pari with different sys ID at each site Sync Slave Site A Sync Sync Slave Site B Sync Slave ASCOM IP-DECT R3 Ascom Training 2008 14

Messaging in Multiple installations Users on each master logically connected to corresponding IMS Messaging from handsets SMS using UNS to look-up users in ESS Mobile alarm/data using Distribution List for destination to UNITE modules Base Station Location need different sys ID on Pari s (max 36) Site A 0 1 IMS 0 IMS 1 Central Phone Book and BAM local on each IMS Messaging to handsets UNITE ESS Message from UNITE module using UNS to look-up users in ESS BAM local on each IMS for activating messages but using UNS to look-up users in ESS for sending messages Distribution List UNS look-up ASCOM IP-DECT R3 Ascom Training 2008 15

LARGE IP-DECT SYSTEMS Messaging in Multi Site / Multiple installations ESS capacity 10.000 messaging users + 100 ranges of users Mobility Mobility Site A Site B 0 1 2 3 IMS 0 IMS 1 IMS 2 IMS 3 No LDAP replication to ESS No redundancy for ESS ESS ASCOM IP-DECT R3 Ascom Training 2008 16

DESIGN RECOMMENDATIONS For single site One Pari for multiple masters Always use standby (alternative) for different master functions must be activated on the Use separate Pari s on different sites to have local functionality at connectivity loss between the sites To avoid synchronization to a radio with lower hop rate but bad field strength use a Pari with different sys ID at each site To avoid same RFP number on Base Station Location use Pari s with different sys ID For large installations (heavy load) Use a IPBL as masters and deactivate the radio Avoid users on the Pari ASCOM IP-DECT R3 Ascom Training 2008 17

LARGE IP-DECT SYSTEMS WORKSHOP The company mocsa word-wide needs to get a DECT solution Standard network equipment, local solution Need mobility between all sites including Central Phone Book application International sales (Neighbour country) 300 users Two buildings Alarms at factory sites Your task Make a brief design solution (no details) What needs to be discussed with mocsa (regarding R3 features) Time! Head Quater Factory 4500 users Large area Local factory 1500 users Medium area Regional sales 100 users One building ASCOM IP-DECT R3 Ascom Training 2008 18

LOAD BALANCING IN IP-DECT ASCOM IP-DECT R3 Ascom Training 2008 19

Multiple :s Fixed connection for users on each towards multiple :S This is used when there is a limit of possible users on the Always use alternative Gate Keeper/ Proxy for redundancy 0 1 Pari Mobility 2 ASCOM IP-DECT R3 Ascom Training 2008 20

Load balancing towards cluster Connection for users on each towards network using DNS services This is used to balance the load towards the :s and get redundancy A DNS server assign each user with a primary and a secondary proxy address using DNS-SRV service mechanism A local proxy server e.g. SRST can be used on each site to make emergency phone call in case of PBX lost 0 Pari 1 2 DNS Server ASCOM IP-DECT R3 Ascom Training 2008 21

Settings in IP-DECT DNS Server IP-address to DNS Server Proxy Domain name used for DNS Service Record SRV ASCOM IP-DECT R3 Ascom Training 2008 22

Setting up DNS-SRV records ASCOM IP-DECT R3 Ascom Training 2008 23

DATABASE REPLICATION IN IP-DECT ASCOM IP-DECT R3 Ascom Training 2008 24

LDAP replication in Single installations Separate databases in IP-DECT/ The /Pari is configured as a LDAP server The Standby /Pari is configured as a LDAP replicator Both IPBS master and must contain an identical number plan for DECT users Number Plan LDAP Pari Server Standby Pari LDAP Replicator Number plan ASCOM IP-DECT R3 Ascom Training 2008 25

LDAP replication in Single installations Common database in IGWP/IP6000 can be used as a LDAP server and Standby is configured as LDAP replicators IMS is configured for LDAP request Pari LDAP Replicator IGWP/ IP6000 Number Plan LDAP Server Standby Pari LDAP Replicator IMS Phonebook LDAP Request ASCOM IP-DECT R3 Ascom Training 2008 26

Active Directory in Multiple installations Common database in Active Directory can act as a LDAP server s and is configured as LDAP replicators The /Pari is configured as a LDAP server for Standby /Pari and the Standby /Pari is configured as a LDAP replicator IMS is configured for LDAP request to the AD ESS contain number plan for messaging users LDAP Server Pari Standby Pari LDAP Replicator LDAP Replicator IMS Phonebook Active Directory LDAP Server LDAP Request LDAP Server Standby LDAP Replicator LDAP Replicator IMS Phonebook LDAP Request LDAP Replicator ESS Number plan ASCOM IP-DECT R3 Ascom Training 2008 27

Setting up for AD replication in IPBS Active Directory Replication IP-address to AD Server Distinguished Name DN, search base for AD users Domain Name Component DC, domain on the AD server LDAP Filter to retrieve IP-DECT users only, in this example grp_ipdect is the group created for IP-DECT users User and password of a user with read access and enterprise administrator rights ASCOM IP-DECT R3 Ascom Training 2008 28

Setting up for AD replication in IPBS Attribute Mapping How IP-DECT is handled the obtained AD information In Maps define witch attributes of the incoming objects that are replicated and how they are used Out Maps define how the local temporary variables configured for In Maps are assigned to the internal IP-DECT attributes ASCOM IP-DECT R3 Ascom Training 2008 29

Setting up replication in AD The IP-DECT supports simple binding Authentification only IP-DECT with AD replication One-way AD replication with filtering on #n Active Directory #1 #2 #3 ASCOM IP-DECT R3 Ascom Training 2008 30

IP SECURITY IN IP-DECT ASCOM IP-DECT R3 Ascom Training 2008 31

Secure Web Access (https:) Secure web-based applications rely on cryptography. Crypto graphical systems are only as secure as their keys There are basically three certificate handling options Default Device Certificate The default certificate is supplied with the device off the factory. It is is a self-signed certificate. Self-signed certificates provide only encryption, not authentication Self-signed certificate This option is for customers not wanting to bother with public or private CAs. Self-signed certificates are good for encrypting data, but there is no process to identify the Web server as authentic Certificates signed by a Certificate Authority (CA) A) Certificates signed by the customer s own CA. Customers possessing the knowledge and infrastructure to house their own CA could build an internal enterprise CA, making the customer a private CA. B) Certificates signed by a trusted public third party entity/organization. There are only about a dozen issuers who has the authority to sign certificates for servers worldwide. An example is VeriSign ASCOM IP-DECT R3 Ascom Training 2008 32

Settings for certificate in IP-DECT HTTP access should be disabled Port sets to 0, default 80 Secure https access should be enabled HTTPS-Port, default 443 ASCOM IP-DECT R3 Ascom Training 2008 33

Using certificate in IP-DECT Access via https without certificate ASCOM IP-DECT R3 Ascom Training 2008 34

Using certificate in IP-DECT Access via https with certificate Download certificate PEM ASCOM IP-DECT R3 Ascom Training 2008 35

Using certificate in IP-DECT Upload certificate to browser Access via https ASCOM IP-DECT R3 Ascom Training 2008 36

THANK YOU! ASCOM IP-DECT R3 Ascom Training 2008 37