OpenScape V2.0 Installation Guide

HiPath OpenScape V2.0

Installation Guide

*1PA31003-S5020-S100-1-7620*

1P A31003-S5020-S100-1-7620

The information provided in this document contains merely general descriptions or characteristics of performance which in case of actual use do not always apply as de-scribed or which may change as a result of further development of the products. An obligation to provide the respective characteristics shall only exist if expressly agreed in the terms of contract.

Siemens AG 2004 ● Information and Communication Networks, Hofmannstraße 51, D-81359 München, GermanyReference No.: A31003-S5020-S100-1-7620 Printed in the Federal Republic of Germany. Subject to availability. Right of modification reserved.

5454TOC.fm

Nur für den internen Gebrauch Content

Content 0

1 About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11.1 Prerequisite Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11.2 Purpose of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11.3 How to Use This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11.4 Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31.5 Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12.1 Upgrades from V1 SPCR to V2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

2.1.1 Production Mode with Upgrade of Media Server Software . . . . . . . . . . . . . . . . . . 2-12.1.2 Production Mode with Re-installation of Media Server PC . . . . . . . . . . . . . . . . . . 2-12.1.3 Early Deployment Mode with Upgrade of Media Server Software . . . . . . . . . . . . 2-12.1.4 Early Deployment Mode with Re-installation of Media Server PC . . . . . . . . . . . . 2-1

2.2 System Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12.2.1 OpenScape Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

2.2.1.1 OpenScape Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12.2.1.2 OpenScape Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22.2.1.3 OpenScape Management Console (OMC). . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22.2.1.4 OpenScape MCU (Multipoint Control Unit). . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22.2.1.5 OpenScape Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22.2.1.6 OpenScape Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22.2.1.7 OpenScape Trace File Accumulator (TFA). . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22.2.1.8 OpenScape Early Deployment Mode (EDM) . . . . . . . . . . . . . . . . . . . . . . . . . 2-22.2.1.9 OpenScape Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22.2.1.10 OpenScape Forest Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22.2.1.11 SIP Phones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

2.2.2 Non-Siemens Prerequisite Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32.2.2.1 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32.2.2.2 Windows Server 2003 Active Directory Application Mode (ADAM) . . . . . . . . 2-32.2.2.3 Microsoft SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32.2.2.4 Microsoft Office LC Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32.2.2.5 Microsoft Exchange 2000/2003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32.2.2.6 Microsoft Windows Server 2003. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32.2.2.7 Microsoft .NET Framework V1.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32.2.2.8 Microsoft Web Service Enhancements (WSE) 2.0 . . . . . . . . . . . . . . . . . . . . . 2-4

2.3 OpenScape Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-42.3.1 Infrastructure Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

2.3.1.1 Production Mode vs. Early Deployment Mode . . . . . . . . . . . . . . . . . . . . . . . . 2-52.3.2 OpenScape Application Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-52.3.3 Additional Devices and Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-52.3.4 Deployment Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide 0-1

Content Nur für den internen Gebrauch

5454TOC.fm

2.3.5 Deployment Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-72.3.6 Typical Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

2.4 Installation Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-112.5 OpenScape Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13

2.5.1 Existing Licenses from V1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-132.5.2 New Licenses in V2.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15

2.6 Non-OpenScape Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18

3 Pre-Installation Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13.1 Recommended Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13.2 Infrastructure Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

3.2.1 Required Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13.2.2 OpenScape Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

3.2.2.1 MS SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23.2.2.2 SSL Encryption for MS SQL Server 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23.2.2.3 JAVA Runtime Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33.2.2.4 WSE2.0 for SDK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

3.2.3 OpenScape Routing Dispatcher on LC Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33.2.4 OpenScape Administrator on Client Machine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33.2.5 MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43.2.6 Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43.2.7 OpenScape Trace File Accumulator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43.2.8 OpenScape Early Deployment Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-53.2.9 End Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-53.2.10 Recommendations Based on Number of OpenScape Users . . . . . . . . . . . . . . . . 3-5

3.2.10.1 Normal Traffic Call Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-53.2.10.2 High Traffic Call Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

3.2.11 Database Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-63.3 Infrastructure Server Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

3.3.1 Domain Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73.4 Server Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83.5 Account/Group/Permissions Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

3.5.1 By Network/Domain Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93.5.1.1 Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93.5.1.2 Imported AD Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

3.5.2 By Installer/Local Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123.5.2.1 Account Requirements for OpenScape Management . . . . . . . . . . . . . . . . . . 3-123.5.2.2 Namespace Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

3.6 SIP Phone Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

4 Installing Live Communications Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14.1 Installing the LC Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14.2 Local Machine Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24.3 Installing and Setting Up the Windows Messenger (WM) Client. . . . . . . . . . . . . . . . . . 4-2

4.3.1 Testing with Windows Messenger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

A31003-S5020-S100-1-7620, July 20040-2 HiPath OpenScape V2.0, Installation Guide

5454TOC.fm


4.3.2 Uninstalling Windows Messenger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34.3.3 Installing Windows Messenger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44.3.4 Configuring the WM Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

4.4 Configuring the RTCService Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44.5 LCS Setup Checklist and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

5 Active Directory Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15.1 Environment Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15.2 Attributes and Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

5.2.1 Attributes and Objects Hierarchy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-25.3 Attribute Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45.4 Class Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

5.4.1 siemensOSServices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-55.4.2 siemensOSServiceConnectionPoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-65.4.3 siemensOSGlobalContainer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-65.4.4 siemensOSDomain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-65.4.5 siemensOSTrustedService . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

5.5 Early Deployment Mode or Production Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

6 Setting up OpenScape in Early Deployment Mode (EDM) . . . . . . . . . . . . . . . . . . . . 6-16.1 Installation Requirements for EDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26.2 Domain and System Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26.3 ADAM Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26.4 EDM Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3

6.4.1 Verifying the ADAM Schema Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-46.5 MIgrating from EDM to Production Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4

6.5.1 Installation Requirements for Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-56.5.2 Migrating from ADAM to Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

6.5.2.1 Checking for OpenScape Users that are members of Administrative Groups 6-66.5.3 Verifying the Migration from ADAM to Active Directory. . . . . . . . . . . . . . . . . . . . . 6-7

7 Setting Up a Forest in Production Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17.1 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17.2 Modifying the Enterprise Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17.3 Verifying the Enterprise Schema Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2

8 Preparing the OpenScape Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18.2 Hints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18.3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2

8.3.1 Installing the First OpenScape System into a Prepared Forest . . . . . . . . . . . . . . 8-28.3.2 Installing the Second OpenScape System into a Prepared Forest Upgrade . . . . 8-38.3.3 Complex Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-48.3.4 Brief Description of Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6

8.4 Important . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-78.5 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-88.6 XML File for Environment Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8



5454TOC.fm

8.7 Root Domain Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-98.7.1 Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9

8.7.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-98.7.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

8.7.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-118.8 OpenScape System Domain Preparation and Verification . . . . . . . . . . . . . . . . . . . . . 8-12

8.8.1 Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-128.8.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-128.8.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14

8.8.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-158.9 User Only Domain Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16

8.9.1 Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-168.9.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-168.9.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17

8.9.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-188.10 Root Domain Membership and Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19

8.10.1 Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-198.10.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-198.10.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20

8.10.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-208.11 Domain Membership and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20

8.11.1 Domain Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-208.11.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-208.11.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21

8.11.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-218.12 XML File for System Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-228.13 OpenScape System Preparation and Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . 8-22

8.13.1 System Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-228.13.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-228.13.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-24

8.13.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-278.14 Routing Dispatcher/LCS System Preparation and Verification . . . . . . . . . . . . . . . . . 8-28


8.14.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-308.15 Media Server System Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . 8-30


8.15.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-338.16 MCU System Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33

8.16.1 System Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-338.16.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33


5454TOC.fm


8.16.1.2 Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-358.16.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-35

8.17 TFA System Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-358.17.1 System Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-36

8.17.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . 8-368.17.1.2 Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37

8.17.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-378.18 EDM System Preparation and Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-38

8.18.1 System Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-388.18.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . 8-388.18.1.2 Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-39

8.18.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-40

9 Installing OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19.1 Pre-Installation Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

9.1.1 Raising the Domain Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19.1.2 Synchronizing the Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19.1.3 Windows Server 2003 Terminal Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

9.1.3.1 Remote Administration Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-29.1.3.2 Application Server Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-39.1.3.3 Terminal Services service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3

9.1.4 Setting Up User and Administrator Cross-Functionality . . . . . . . . . . . . . . . . . . . . 9-39.1.5 Firewall Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4

9.1.5.1 Portal Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-49.1.5.2 OpenScape Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4

9.1.6 Virus Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-49.1.7 Account Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4

9.2 Verifying the Server Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-59.3 Installing the OpenScape Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-59.4 Verifying and Configuring Ports and Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-69.5 Installing OpenScape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9

10 Installing OMC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-110.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-110.2 Installing Microsoft Hotfix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-210.3 Installing the OMC Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-210.4 Configuring the OMC, TFA and RD Snap-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-210.5 Configuring the OpenScape Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-310.6 Installing the OpenScape License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-410.7 Configuring the SMTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-510.8 Testing the OMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-510.9 Symptoms and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-510.10 Testing OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6

11 Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-111.1 OpenScape using IPSec Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1



5454TOC.fm

11.2 Special Steps for SDK Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

12 Installing OpenScape MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-112.1 MCU Installation Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-112.2 Installing the Standalone MCU (MC and MP on same box) . . . . . . . . . . . . . . . . . . . 12-112.3 Installing the Standalone MCU (MC and MP(s) on different boxes) . . . . . . . . . . . . . 12-2

12.3.1 Installing MC with MP on a different box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-212.3.2 Installing MP with MC on a different box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3

12.4 Configuring MCU SiP URI and Testing the MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-412.5 One Box Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5

12.5.1 Installing the MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-512.5.2 Configuring the DNS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-512.5.3 Configuring the MC SIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-512.5.4 Configuring the LCS Route and Testing the MCU . . . . . . . . . . . . . . . . . . . . . . . 12-6

13 Installing the OpenScape Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1

14 Service Packs and Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-114.1 Service Packs for Server Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-114.2 Document Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-114.3 Security Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-114.4 RSA SecurID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-214.5 Trace File Accumulator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2

14.5.1 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-214.5.2 Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-314.5.3 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-314.5.4 Symptoms and Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3

15 Installing the OpenScape Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-115.1 Installing the OpenScape Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-115.2 OpenScape Client Registry Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2

16 Installing SIP Phones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-116.1 Configuring DNS SRV Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-116.2 Obtaining a Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-116.3 SIP Phone Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1

16.3.1 Importing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-116.3.2 Verifying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2

16.4 LC Server Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-216.4.1 Identifying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-216.4.2 Verifying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3

16.5 OpenScape Phones Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-316.5.1 Configuring Profiles for SIP Phones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5

16.6 Assigning OpenScape Phones from “Unassigned Phones” . . . . . . . . . . . . . . . . . . . 16-616.6.1 Phone Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-7

17 Final Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1


5454TOC.fm


A References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-1A.1 Adding Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

A.1.1 User Creation via OMC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1A.1.2 User Creation via Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

A.2 Configuring Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2A.3 Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4A.4 Uninstalling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4

A.4.1 Environment Preparation Tool Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4A.4.2 OpenScape (Main Server) Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5A.4.3 Problems Uninstalling OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5A.4.4 OpenScape Client Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6A.4.5 OpenScape MCU Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6A.4.6 Media Server Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6A.4.7 Service Pack Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6

A.5 Creating an SRV Record on DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6A.6 Obtaining a SIP Phone Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7

A.6.1 Creating and Issuing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7A.6.2 Requesting (Windows 2003 Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8A.6.3 Requesting (Windows 2000 Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9A.6.4 Locating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10

B Preparing Exchange 2000/2003 for OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-1B.1 Enabling WebDAV on the Exchange 2003 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1B.2 Configuring the Account Security Privileges in the Exchange Server Stores . . . . . . . B-1B.3 Converting the SiemensIC Account into an OpenScape User . . . . . . . . . . . . . . . . . . B-4B.4 Converting the SiemensCR Account into an OpenScape User. . . . . . . . . . . . . . . . . . B-4B.5 Installing Schedule+FreeBusy Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6B.6 Portals Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-8

B.6.1 Enabling SSL in IIS on the OpenScape Server . . . . . . . . . . . . . . . . . . . . . . . . . . B-8B.6.2 Enabling SSL for Outlook Web Access (OWA) on the Exchange Server . . . . . . . B-9B.6.3 Opening and Verifying the Portals in Internet Explorer. . . . . . . . . . . . . . . . . . . . B-10

C Creating OpenScape Users for Media Server Routing . . . . . . . . . . . . . . . . . . . . . . . .C-1C.1 CRDirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1C.2 CRForward . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2C.3 Creating Forwarding Rule Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-3

D Settings Changed by the Environment Preparation Tool. . . . . . . . . . . . . . . . . . . . . .D-1D.1 Root Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1

D.1.1 Accounts and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1D.1.2 Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1D.1.3 Permissions on the Domain-DNS Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2

D.2 Child Domain Hosting OpenScape Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2D.2.1 Accounts and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2D.2.2 Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-5D.2.3 Permissions on the Domain-DNS Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-5



5454TOC.fm

D.2.4 Permissions on the Service Connection Point (Child of Computer Object for Comput-ers Hosting OpenScape Core, RD, TFA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6

D.2.5 Permissions on the EDM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6D.2.6 Access Rights to the OpenScape Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6D.2.7 Access Rights on the WMI CIM Repository (for servers hosting OpenScape Core, RD,

TFA, EDM, MCU, MS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6D.3 Child Domains Containing User Objects Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-7

D.3.1 Accounts and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-7D.3.2 Permissions on the Domain-DNS Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-7

E IPSec Security Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-1E.1 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-1E.2 Creating a Custom MMC Console for IPSec Configuration . . . . . . . . . . . . . . . . . . . . . E-3E.3 Creating a New IPSec Policy for Media Server on the Media Server Server Machine. E-4

E.3.1 Media Server to LC Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-5E.3.2 LC Server to Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-6E.3.3 Media Server to License Server (OpenScape) . . . . . . . . . . . . . . . . . . . . . . . . . . . E-6

E.4 Creating a New IPSec Policy for LC Server on the LC Server Machine. . . . . . . . . . . . E-8E.4.1 LCS to Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-9E.4.2 Media Server to LCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-9E.4.3 LCS to MCU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-10E.4.4 MCU to LCS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-10E.4.5 LCS to B2BUA (OpenScape Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-11E.4.6 LCS to a Gateway that supports IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-11E.4.7 LCS to a Gateway that does not support IPSec. . . . . . . . . . . . . . . . . . . . . . . . . . E-12

E.5 Creating a New IPSec Policy for OpenScape on the OpenScape Server Machine . . E-14E.5.1 License Server (OpenScape) to Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . E-14E.5.2 B2BUA (OpenScape Server) to the LCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-15E.5.3 License Server (OpenScape) to MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-16

E.6 Creating a New IPSec Policy for MCU on MCU Server Machine . . . . . . . . . . . . . . . . E-17E.6.1 MCU to LCS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-17E.6.2 LCS to MCU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-18E.6.3 MCU to License Server (OpenScape) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-19E.6.4 MC to MP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-19E.6.5 MP to MC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-20

E.7 Setting the Block Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-21

F OpenScape Installation - Tools, Utilities and Hints . . . . . . . . . . . . . . . . . . . . . . . . . . F-1F.1 CheckSPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-1F.2 MSMQ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-1F.3 OpenScape RTC Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-1

F.3.1 Display Current RTC Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-2F.3.2 Create new “RTC Port”. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-2F.3.3 Set “RTC Port Trusted/un-Trusted” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-3F.3.4 Create new “Static Route” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-3


5454TOC.fm


F.3.5 Set “Static Route” Trusted/un-Trusted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-4F.3.6 Create Application Uri . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-5F.3.7 Re-Sequence Application Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-5F.3.8 Configure All OpenScape Specific RTC Settings . . . . . . . . . . . . . . . . . . . . . . . . . F-5

F.4 OpenScape Scripting Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-6F.4.1 Adding Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-7F.4.2 Converting LCS Users to OpenScape Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-8F.4.3 Displaying OpenScape Components on a Server or in a Domain . . . . . . . . . . . F-10

F.5 SOS Script Tool for Serviceability Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-13F.6 Different Storages of User Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-13

F.6.1 HiPath OpenScape Core MSSQL Database “XpSystem”. . . . . . . . . . . . . . . . . . F-13F.6.2 User Attributes in Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-13F.6.3 HiPath OpenScape Tables in LCS (RTC) MSDE Database . . . . . . . . . . . . . . . . F-16

F.7 ConvertAdmins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-18F.7.1 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-19F.7.2 Usage Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-20

G Required Licenses and Software Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . .G-1G.1 Infrastructure Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-1G.2 OpenScape Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-1G.3 OpenScape Administration Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-2G.4 MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-2G.5 Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3G.6 Trace File Accumulator (TFA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3G.7 Early Deployment Mode (EDM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3G.8 Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3G.9 End Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-4G.10 OpenScape Order Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-5

H Upgrade - Production Mode with Upgrade of Media Server Software . . . . . . . . . . .H-1H.1 Pre-Requisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1H.2 Environment Preparation for Upgrade from V1-SPCR to V2 . . . . . . . . . . . . . . . . . . . H-1

H.2.1 Forest Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1H.2.2 Root Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1H.2.3 Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1H.2.4 Add Domain to Root Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-2H.2.5 System Preparation - OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-2H.2.6 System Preparation - RD (LCS Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-3H.2.7 System Preparation - TFA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-3H.2.8 System Preparation - MCU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-3

H.3 Upgrade Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4H.3.1 Backup the OpenScape Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4H.3.2 Uninstall OpenScape and keep the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4H.3.3 Check for Admins as OpenScape Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4H.3.4 Install OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-5



5454TOC.fm

H.3.5 Uninstall Routing Dispatcher (RTC Extension) . . . . . . . . . . . . . . . . . . . . . . . . . . . H-5H.3.6 Install Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-6H.3.7 Uninstall MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . H-6H.3.8 Install MCU (only if installed on a separate Server). . . . . . . . . . . . . . . . . . . . . . . . H-6H.3.9 Uninstalling ComResponse V1 and V1 Third Party Software . . . . . . . . . . . . . . . . H-6H.3.10 System Preparation - Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7H.3.11 Pre-installation of the Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7H.3.12 Install Third Party Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7H.3.13 Install Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7H.3.14 Cleanup Old Groups and Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-8

I Upgrade - Production Mode with Re-Install of Media Server PC . . . . . . . . . . . . . . . . . I-1I.1 Pre-Requisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1I.2 Environment Preparation for Upgrade from V1-SPCR to V2 . . . . . . . . . . . . . . . . . . . . . I-1

I.2.1 Forest Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1I.2.2 Root Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1I.2.3 Domain Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1I.2.4 Add Domain to Root Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-2I.2.5 System Preparation - OpenScape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-2I.2.6 System Preparation - RD (LCS Server). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-3I.2.7 System Preparation - TFA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-3I.2.8 System Preparation - MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-3

I.3 Upgrade Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-4I.3.1 Backup the OpenScape Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-4I.3.2 Uninstall OpenScape and Keep the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-4I.3.3 Check for Admins as OpenScape Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-4I.3.4 Install OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-5I.3.5 Uninstall Routing Dispatcher (RTC Extension) . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-5I.3.6 Install Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-6I.3.7 Uninstall MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . . I-6I.3.8 Install MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . . . . I-6I.3.9 Backup the Media Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-6I.3.10 Backup User-Created Applications on Media Server . . . . . . . . . . . . . . . . . . . . . . I-6I.3.11 Backing Up Report Files on Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-7I.3.12 Reinstall the Operating System on the Media Server PC . . . . . . . . . . . . . . . . . . . I-8I.3.13 System Preparation - Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-8I.3.14 Install Third Party Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-8I.3.15 Restoring the Media Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-8I.3.16 Install Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-8I.3.17 Restoring the User-Created Applications on the Media Server. . . . . . . . . . . . . . . I-9I.3.18 Restoring Report Files on the Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-9I.3.19 Cleanup Old Groups and Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-10

J Upgrade - Early Deployment Mode with Upgrade of Media Server Software. . . . . . J-1J.1 Pre-Requisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-1


5454TOC.fm


J.2 Environment Preparation for Upgrade from V1-SPCR to V2 . . . . . . . . . . . . . . . . . . . . . J-1J.2.1 Root Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-1J.2.2 Domain Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-1J.2.3 Add Domain to Root Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-2J.2.4 System Preparation – EDM/ADAM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-2J.2.5 System Preparation - OpenScape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-2J.2.6 System Preparation - RD (LCS Server). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-3J.2.7 System Preparation - TFA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-3J.2.8 System Preparation - MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-3

J.3 Upgrade Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-4J.3.1 Backup the OpenScape Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-4J.3.2 Uninstall OpenScape and Keep the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-4J.3.3 Check for Admins as OpenScape Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-4J.3.4 Install ADAM and EDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-5J.3.5 Install OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-5J.3.6 Uninstall Routing Dispatcher (RTC Extension) . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-6J.3.7 Install Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-6J.3.8 Uninstall MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . . J-6J.3.9 Install MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . . . . J-6J.3.10 Uninstalling ComResponse V1 and V1 Third Party Software . . . . . . . . . . . . . . . . J-6J.3.11 System Preparation - Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-7J.3.12 Pre-installation of the Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-8J.3.13 Install Third Party Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-8J.3.14 Install Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-8J.3.15 Cleanup Old Groups and Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-8

K Upgrade - Early Deployment Mode with Re-Install of Media Server PC . . . . . . . . . .K-1K.1 Pre-Requisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-1K.2 Environment Preparation for Upgrade from V1-SPCR to V2. . . . . . . . . . . . . . . . . . . . K-1

K.2.1 Root Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-1K.2.2 Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-1K.2.3 Add Domain to Root Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-2K.2.4 System Preparation – EDM/ADAM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-2K.2.5 System Preparation - OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-2K.2.6 System Preparation - RD (LCS Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-3K.2.7 System Preparation - TFA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-3K.2.8 System Preparation - MCU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-3

K.3 Upgrade Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-4K.3.1 Backup the OpenScape Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-4K.3.2 Uninstall OpenScape and Keep the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . K-4K.3.3 Check for Admins as OpenScape Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-4K.3.4 Install ADAM and EDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-5K.3.5 Install OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-6K.3.6 Uninstall Routing Dispatcher (RTC Extension) . . . . . . . . . . . . . . . . . . . . . . . . . . . K-6K.3.7 Install Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-6



5454TOC.fm

K.3.8 Uninstall MCU (only if installed on a separate Server). . . . . . . . . . . . . . . . . . . . . . K-6K.3.9 Install MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . . . . K-6K.3.10 Backup the Media Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-6K.3.11 Backup User-Created Applications on Media Server. . . . . . . . . . . . . . . . . . . . . . K-7K.3.12 Backing Up Report Files on Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-8K.3.13 Reinstall the Operating System on the Media Server PC . . . . . . . . . . . . . . . . . . K-8K.3.14 System Preparation - Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-8K.3.15 Install Third Party Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-9K.3.16 Restoring the Media Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-9K.3.17 Install Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-9K.3.18 Restoring the User-created Applications on the Media Server . . . . . . . . . . . . . . K-9K.3.19 Restoring Report Files on the Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . K-10K.3.20 Cleanup Old Groups and Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-10

List of Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Y-1

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z-1


5454noti.fm

Nur für den internen Gebrauch About This GuidePrerequisite Knowledge

1 About This Guide

This guide describes the installation process for HiPath OpenScape V2.0.

Check the KMOSS website at https://kmoss.icn.siemens.de for the latest version of this guide.

1.1 Prerequisite Knowledge

This guide is intended for VARs, SIs, IT Domain and Enterprise Administrators, etal to help with the installation of OpenScape.

1.2 Purpose of This Guide

This guide provides the steps necessary to install OpenScape and its components.

1.3 How to Use This Guide

Chapter 2, “Overview”, provides a high-level overview of OpenScape and its components.

Chapter 3, “Pre-Installation Checklist”, describes the pre-installation requirements of the server components associated with the OpenScape installation.

Chapter 4, “Installing Live Communications Server”, provides information about installing the Live Communications Server (LCS).

Chapter 5, “Active Directory Reference”, describes the Active Directory changes needed by OpenScape in a production mode.

Chapter 6, “Setting up OpenScape in Early Deployment Mode (EDM)”, describes the steps to prepare the ADAM infrastructure to host servers running OpenScape Server in EDM mode.

Chapter 7, “Setting Up a Forest in Production Mode”, describes the steps necessary to prepare the forest in production mode.

Chapter 8, “Preparing the OpenScape Environment”, provides information about setting up the domain and system environments for OpenScape.

Chapter 9, “Installing OpenScape”, provides information about installing the OpenScape acp-plication.

Chapter 10, “Installing OMC”, describes the procedures for installing the OpenScape Manage-ment Controller (OMC).

Chapter 11, “Security Settings”, provides information about securing the communication be-tween servers.


About This Guide Nur für den internen Gebrauch

5454noti.fm

How to Use This Guide

Chapter 12, “Installing OpenScape MCU”, describes the procedures for installing OpenScape MCU.

Chapter 13, “Installing the OpenScape Media Server”, describes the procedures for installing OpenScape Media Server.

Chapter 14, “Service Packs and Miscellaneous”, describes how to install the service packs and miscellaneous features.

Chapter 15, “Installing the OpenScape Client”, describes the procedures for installing the OpenScape Client.

Chapter 16, “Installing SIP Phones”, provides information for installing the SIP phones.

Chapter 17, “Final Checklist” lists the tasks necessary to complete the installation.

Appendix A, “References”, provides instructions used for reference.

Appendix B, “Preparing Exchange 2000/2003 for OpenScape”, provides instructions for prepar-ing Exchange 2000/2003 for OpenScape by the network administrator.

Appendix C, “Creating OpenScape Users for Media Server Routing” provides instructions for creating OpenScape users by the network administrator.

Appendix D, “Settings Changed by the Environment Preparation Tool” provides details on what accounts, groups and permissions are set by the Environment Preparation Tool.

Appendix E, “IPSec Security Settings”, provides instructions on how to secure communications between servers with Windows IPSec configured on the servers.

Appendix F, “OpenScape Installation - Tools, Utilities and Hints” provides tools, utilities and hints for installing OpenScape.

Appendix G, “Required Licenses and Software Prerequisites” describes the required licenses and software pre-requisites. This section will go into the Planning Guide when it is available.

Appendix H, “Upgrade - Production Mode with Upgrade of Media Server Software” describes the procedure for upgrading from V1 SPCR to V2 in a Production Mode with Upgrade of Media Server Software.

Appendix I, “Upgrade - Production Mode with Re-Install of Media Server PC” describes the pro-cedure for upgrading from V1 SPCR to V2 in a Production Mode with re-installation of the Me-dia Server PC.

Appendix J, “Upgrade - Early Deployment Mode with Upgrade of Media Server Software” de-scribes the procedure for upgrading from V1 SPCR to V2 in an Early Deployment Mode with Upgrade of Media Server Software.

Appendix K, “Upgrade - Early Deployment Mode with Re-Install of Media Server PC” describes the procedure for upgrading from V1 SPCR to V2 in an Early Deployment Mode with re-instal-lation of the Media Server PC.


5454noti.fm

Nur für den internen Gebrauch About This GuideRelated Information

This guide also includes Abbreviations and Index.

1.4 Related Information

The following information sources are available for HiPath OpenScape V2.0:

● Online help provides explanations covering all areas of the user interface.

● HiPath OpenScape V2.0 Administration Guide, A31003-S5020-A900, provides the user with detailed information on how to administer OpenScape.

● HiPath OpenScape User Guide, A31003-S5020-A100

● HiPath OpenScape Project Planning Guide, A31003-S5020-A300

● HiPath OpenScape Media Server V2.0 Installation Guide, A31003-S5020-S200

● HiPath OpenScape V2.0 System Description, A31003-S5020-A400, provides the user with a system description of OpenScape.

1.5 Documentation Feedback

To report a problem with this document, call your next level of support:

When you call, be sure to include the following information. This will help identify which docu-ment you are having problems with.

● Title: HiPath OpenScape V2.0, Installation Guide

● Order Number: A31003-S5020-S100-1-7620


About This Guide Nur für den internen Gebrauch

5454noti.fm

Documentation Feedback


5454ovw.fm

Nur für den internen Gebrauch OverviewUpgrades from V1 SPCR to V2

2 Overview

This section provides an overview of the installation of an OpenScape system as well as up-grades. It covers the components and applications that comprise the OpenScape system and information regarding system wide configurations.

2.1 Upgrades from V1 SPCR to V2

There are 4 different scenarios depending on Production Mode vs. Early Deployment Mode (see Section 2.2.1.8) and whether the Media Server will be re-installed or just upgraded. Re-installation is required if the current operating system for the Media Server is a non-US English version of Win 2K Advanced.

2.1.1 Production Mode with Upgrade of Media Server Software

Refer to Appendix H, “Upgrade - Production Mode with Upgrade of Media Server Software”.

2.1.2 Production Mode with Re-installation of Media Server PC

Refer to Appendix I, “Upgrade - Production Mode with Re-Install of Media Server PC”.

2.1.3 Early Deployment Mode with Upgrade of Media Server Software

Refer to Appendix J, “Upgrade - Early Deployment Mode with Upgrade of Media Server Soft-ware”.

2.1.4 Early Deployment Mode with Re-installation of Media Server PC

Refer to Appendix K, “Upgrade - Early Deployment Mode with Re-Install of Media Server PC”.

2.2 System Components

2.2.1 OpenScape Components

2.2.1.1 OpenScape Application Server

The OpenScape Application Server consists of the OpenScape Base components and Appli-cations. The SDK feature can be installed on this Server.


Overview Nur für den internen Gebrauch

5454ovw.fm

System Components

2.2.1.2 OpenScape Routing Dispatcher

This Dispatcher is an extension that must be installed on the LC Server. In V1.0, this was part of the OpenScape Application Server installation.

2.2.1.3 OpenScape Management Console (OMC)

This is the management interface for the OpenScape system.

2.2.1.4 OpenScape MCU (Multipoint Control Unit)

This is a Siemens product that is a component of OpenScape. The MCU is composed of one Multipoint Controller (MC) and up to 4 Media Processors (MPs).

2.2.1.5 OpenScape Media Server

This is a Siemens product that although integrated with OpenScape, may be sold separately.

2.2.1.6 OpenScape Client

This is the end-user interface to OpenScape.

2.2.1.7 OpenScape Trace File Accumulator (TFA)

This installation package is new in V2.0 and provides the capability to retrieve trace files from computers with OpenScape components.

2.2.1.8 OpenScape Early Deployment Mode (EDM)

This installation package is used only for Early Deployment Mode. This is used if the customer does not extend the Active Directory Enterprise Schema with the Siemens attributes (this is done in the Production Mode).

2.2.1.9 OpenScape Environment Preparation Tool

This tool prepares the environment for OpenScape components to be installed. Note some steps are different if the customer is in Early Deployment Mode (i.e. /EDM switch)

2.2.1.10 OpenScape Forest Preparation Tool

This tool prepares the forest for OpenScape components to be installed in a production mode. In V2.0, the Forest, besides the Domains and all Systems, needs to be prepared prior to the OpenScape installation.


5454ovw.fm

Nur für den internen Gebrauch OverviewSystem Components

2.2.1.11 SIP Phones

This is a Siemens product that although integrated with OpenScape, may be sold separately

2.2.2 Non-Siemens Prerequisite Components

2.2.2.1 Active Directory

OpenScape will use the customer’s existing Active Directory for identifying OpenScape users.

2.2.2.2 Windows Server 2003 Active Directory Application Mode (ADAM)

ADAM is a Lightweight Directory Access Protocol (LDAP) directory service that runs as a user server, rather than as a system service. It is used before OpenScape is deployed into produc-tion mode. With ADAM, the AD schema does not need to be extended.

2.2.2.3 Microsoft SQL Server

OpenScape requires a separate instance of MS SQL Server 2000. The installation of this in-stance is the responsibility of the customer. This instance name has to be provided as input during OpenScape installation.

2.2.2.4 Microsoft Office LC Server

OpenScape will use the customer’s existing LC (Live Communications) Server. Installation of the first instance of LC Server (LCS) will extend the AD schema.

2.2.2.5 Microsoft Exchange 2000/2003

OpenScape will use the customer’s existing MS Exchange.

2.2.2.6 Microsoft Windows Server 2003

OpenScape requires MS Windows Server 2003 for functionality. This is a prerequisite for the OpenScape Application server.

2.2.2.7 Microsoft .NET Framework V1.1

OpenScape applications require the .NET Framework for functionality. MS .NET Framework 1.1 is a prerequisite for the OpenScape Application server, Media Server, TFA, RD, MCU and OMC. It is also required on the machine where the Environment Preparation or Forest Prepa-ration will be performed.



5454ovw.fm

OpenScape Configurations

2.2.2.8 Microsoft Web Service Enhancements (WSE) 2.0

WSE 2.0 is a Microsoft .NET product that is required. Microsoft WSE 2.0 can be installed from http://msdn.microsoft.com/webservices/building/wse/default.aspx. During installation, select the option to install the Administrator setup type.

2.3 OpenScape Configurations

Version 2 of HiPath OpenScape supports a broad variety of deployment options, which are de-pendent on customer environments and functional requirements.

An OpenScape Application deployment requires various components:

● Infrastructure components in the IT environment, which are software and network components

● OpenScape Application components, which are software components installed on Windows servers

● Additional devices or clients, which are used by the user or the system to connect to the current communication infrastructure and to the OpenScape application

Multiple OpenScape systems can be deployed in the network as well. However, the features are not completely transparent in such an environment. Mainly, the users of a other OpenScape are handled like ‘external’ users and information (like presence information) is not shared be-tween different OpenScape systems.

2.3.1 Infrastructure Components

OpenScape is an application based on the Live Communication Service (LCS) product of Mi-crosoft and requires

● An TCP/IP network installation with Active Directory on Windows 2000 or 2003

● One or many LCS installations (on Windows 2003)

● One or many Microsoft Front End server (FES) (optional installation)

● One or many Microsoft Exchange 2000 or 2003

● Microsoft SQL Server 2000 (MS-SQL)

OpenScape installation requires Active Directory schema extensions. If the customer does not allow Active Directory changes the system needs to be deployed in “Early Deployment Mode”, which does require additional software components, but does not require a schema change in Active Directory.

LCS deployments require Active Directory schema changes as well and are still required.


5454ovw.fm

Nur für den internen Gebrauch OverviewOpenScape Configurations

2.3.1.1 Production Mode vs. Early Deployment Mode

Production Mode: This is the recommended mode. OpenScape schema extensions to the Ac-tive Directory are configured.

Early Deployment Mode: This mode can be used as alternative when the customer does not allow the Active Directory to be extended for HiPath OpenScape. Note that LCS schema exten-sions are still required.

There can only be one mode for the whole Active Directory forest at a given time. It is possible to migrate from EDM to Production Mode once the Active Directory schema can be extended.

The advantage of running HiPath OpenScape in Production Mode is better performance espe-cially in a larger deployment in terms of number of users and multiple locations.

Using the Early Deployment Mode requires the following additional components

● Microsoft Active Directory for Early Deployment (ADAM) on Windows 2003

● OpenScape Early Deployment Active Directory Connector (EDM) on Windows 2003

2.3.2 OpenScape Application Components

The following components comprise the OpenScape Application

● Management Console (OMC) on Windows 2000 or 2003 or XP Pro

● OpenScape Application (OS-Core) on Windows 2003

● Routing Dispatcher (RD) on Windows 2003

● Multi Conferencing Unit - Controller (MC) on Windows 2003

● Multi Conferencing Unit – Processor (MP) on Windows 2003

● Media Server Application (MS) on Windows 2000 Advanced

● Trace File Accumulator on Windows 2003 or XP pro

The distribution of the various components is completely flexible, but is dependent on

● operating system requirements

● performance of the hardware

● required performance of the application (number of users and traffic model)

2.3.3 Additional Devices and Components

In addition the following components can be deployed

● SIP Gateways



5454ovw.fm


● SIP phones

● Windows Messenger 5.0

● OpenScape Client

The portal interface does not require any client installation. However, for Outlook or Messenger integration OpenScape client installation is necessary.

2.3.4 Deployment Rules

There is a set of rules which need to be adhered to for the system to work successful. The next section depicts then more concrete implementation scenarios.

1. All components need to be installed in the same (Active Directory) forest.

● That includes the server components

● LCS,FES, OS-Core, MS-SQL, MS, MCU (MC, MP)

● And users (with clients or SIP phones), OMC, Gateways

2. All server components of one OpenScape system need to be installed in the same domain with the exception of RD (see rules 5 and 6 below).

3. An OpenScape installation requires one or more LCS installation in the same forest

● The Microsoft deployment guide for LCS / FES applies

4. Multiple OpenScape systems can be deployed in the same or different domains.

5. The Routing Dispatcher (RD) needs to be installed on each LCS in the forest.

An RD installation is not required if

● all users of this particular LCS are not users of OpenScape;

● these users are not involved in calls with OpenScape users.

For that reason it is recommended to install RD on all LCS of this forest.

6. The RD should be installed on an FES.

7. The LCS can be installed in a different domain (implies also to RD in rule 5.).

8. Users on multiple LCS in different domains can be supported with one OpenScape instal-lation and as well with multiple OpenScape installations.

9. OMC can be installed in different domains (there is always an OMC installed on the OS-Core system) of the same forest.

10. All Windows 2003 components can be installed on the same server or separate servers. This includes:


5454ovw.fm


● LCS with RD

● MS-SQL

● OS-Core

● MCU-MC

● MCU-MP

● TFA

● EDM

● OMC

11. An existing MS-SQL 2000 installation can be extended to be used for an OpenScape in-stallation.

12. An MCU-MC does not require a separate server and should reside with one MCU-MP.

13. MCU-MP residing on a separate machine guarantees voice quality in a higher traffic model scenario. Up to 4 MPs can be deployed, but a single MP is only bound by the CPU perfor-mance and will not limit itself to 72 channels. E.g. a dual processor machine can support 144 channels.

14. There is only one MS per OpenScape system installation.

15. MS requires Windows 2000 Advanced. It is not recommended to install additional software components on this server.

16. Multiple Exchange servers are supported, but

● All need to have the same version (2000 or 2003)

● Each Exchange server can be configured with a different language

2.3.5 Deployment Models

The deployment rules allow a wide variety of configurations.

The figure shows complete configurations with minimum and maximum number of servers.



5454ovw.fm


Figure 2-1 Minimum Complete Server Configuration


5454ovw.fm


Figure 2-2 Maximum Complete Server Configuration



5454ovw.fm


2.3.6 Typical Configurations

The following table allows to identify typical configurations based on the number of users and the traffic model. The “normal” traffic model assumes a call volume of 3 calls per user per hour and the “high” traffic model assumes a call volume of 6 calls per user per hour.

Table 2-1 Typical Configurations

Traffic Scenario 100/250 Users 500/750 Users

Normal

Machine 1● OS-Core● LCS + RD● MS-SQL● MCU (MC+MP)● TFA● EDM (optional)

Machine 2● Media Server

Machine 1● OS-Core● LCS + RD● MS-SQL


Machine 3● MCU (MC+MP)Machines 4, 5, 6 (if required)● for additional MPs

High

Machine 1● OS-Core● LCS + RD● MS-SQL


Machine 3● MCU (MC+MP)

Machine 1● LCS + RD

Machine 2● OS-Core● MS-SQL


Machine 4● MCU (MC+MP)Machines 5, 6, 7(if required)

● for additional MPs

>Note: The administrative components (i.e. TFA, OMC) can be installed on a sepa-rate machine or on a machine with other OpenScape components.

Also, the Routing Dispatcher (RD) must be installed separately on the LC Server.

The OMC, TFA snap-in and RD snap-in can be installed anywhere in the same AD forest as the OpenScape server, on any Windows XP or Server 2003 machine.


5454ovw.fm

Nur für den internen Gebrauch OverviewInstallation Overview

2.4 Installation Overview

Since this document is not intended to supersede the Microsoft documentation and recommen-dations for system configuration, the Microsoft documentation should be used as a primary guide for setting up a system infrastructure. The relevant documentation includes:

Active Directory Deployment:

http://www.microsoft.com/serviceproviders/deployment/ad.asp

Exchange 2000 Deployment:

http://www.microsoft.com/serviceproviders/deployment/exchange_2000_ASP_deploykitP58584.asp

LC Server Deployment:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/of-fice/livecomm2003/default.asp

OpenScape installation software is supplied on multiple CDs as follows:

● OpenScape Installation Programs CD contains:

● OpenScape

● OpenScape Client

● OpenScape EDM

● OpenScape Environment Preparation Tool

● OpenScape Forest Preparation Tool

● OpenScape MC

● OpenScape MCU

● OpenScape Media Server

● OpenScape RD

● OpenScape TFA

● Third Party Software CD contains 3rd Party Software required for the OpenScape applica-tions (there are different versions of this CD for the various languages supported including US English, UK English and German);

>Note: Due to the .NET version dependencies of the system the MCU and Open-Scape must be at the same version level at the time of installation

This means that it is imperative to install the MCU after OpenScape has been installed, but before any service packs are applied to the OpenScape System.



5454ovw.fm

Installation Overview

● OpenScape XX 3rd Party Software CD contains 3rd party software to be installed on Ger-man and UK English Media Server systems;

● Service Pack CD contains OpenScape Service Packs and documentation.

If applicable, perform an upgrade from V1 SPCR to V2 depending on the scenario:

● Production Mode

● With Upgrade of Media Server Software

● With Re-installation of Media Server PC

● Early Deployment Mode

● With Upgrade of Media Server Software

● With Re-installation of Media Server PC

Perform a new installation in the following steps:

● Pre-Installation Checklist

● Verify components

● Verify infrastructure servers (versions, topologies and configurations)

● Install the Live Communications (LC) Server if not already existing

● Install MS SQL Server Instance if not already existing

● Obtain SIP phone data if applicable

● Prepare the OpenScape environment using the Environment Preparation Tool

● Prepare the Forest by running the ForestSetup executable file

● Enter all the necessary and required data into the config.xml file for environment prep-aration

● Prepare all Domains and Systems hosting OpenScape applications by running the En-vironmentSetup executable file; be sure to copy the updated config.xml file to all sys-tems where the preparation is to be performed.

● Install OpenScape Server

● Install OpenScape Routing Dispatcher

● Configure ports and routes from LC Server

>Note: For the period of installation, the OpenScape system will be non-operational. OpenScape installation however does not require the shutdown (restart) of the cus-tomer’s Infrastructure (Domain Controller, Active Directory, Exchange), or LC Server components.


5454ovw.fm

Nur für den internen Gebrauch OverviewOpenScape Licenses

● Install OpenScape Management Console (OMC)

● Configure certificates

● Perform Security Settings

● Install MCU

● Install Media Server

● Install service packs and other items

● Install OpenScape Client

● Install SIP Phones

● Verify OpenScape interoperability

● Troubleshooting

2.5 OpenScape Licenses

The OpenScape systems are delivered with temporary licenses (licenses.txt). A grace period of 7 days is given with these temporary licenses. A permanent or evaluation license must be used within 7 days. Customer have the option of purchasing full licenses listed in these tables.

2.5.1 Existing Licenses from V1.0

Feature License Names License Type

System Maxi-mum Count

Consequences when count is exceeded (“n+1”), or when Li-

cense is “off”

Communication Broker Users

Communication_Broker

Count 2000 The VA will not instantiate the “n+1” user, meaning calls to that user will not follow their rules. Log-in to a portal would still be possible. Note: to avoid this situa-tion, OMC will: (a) not allow con-figuration of the “n+1” user (b) not allow installation of a license file with less Com Broker licenses than users configured in the sys-tem.

Table 2-2 OpenScape License Options - Existing Licenses from V1



5454ovw.fm

OpenScape Licenses

Voice Conference Ports

Voice_Conf_Sessions

Count 288 The MCU will reject the “n+1” call. Note: The MCU checks out all the installed licenses at once at start-up and manages them on its own.

Media Server Ports (VOS-01010501-x.x.x)

SIP_Interaction_Sessions

Count 250 Either the call is not answered or the caller will hear a message “the system is busy”

TTS Ports Text_To_Speech Count 250 Either the call is not answered or the caller will hear a message “the system is busy”

ASR Ports Auto_Speech_Recognition


Media Server VoiceAndSelf-ServePortals

On/Off N/A Either the call is not answered or the caller will hear a message “the system is busy”

Auto-Answer for Media Server

Auto_Answering On/Off N/A Either the call is not answered or the caller will hear a message “the system is busy”

Voice Conferenc-ing

Voice_Conferencing

On/Off N/A The MCU will not accept any calls

Service License N/A On/Off N/A N/A




cense is “off”

Table 2-2 OpenScape License Options - Existing Licenses from V1


5454ovw.fm


2.5.2 New Licenses in V2.0




cense is “off”

Media Server TDM Ports(VOS-01010301-X.X.X)

TDM_Interaction_Sessions


Media Server In-teraction Center with Speech En-abled

VoicePortal_w_Speech

On/Off N/A Either the call is not answered or the caller will hear a message “the system is busy”

Media Server VXML Platform Browser (VOS-01040001-x.x.x)

VXML_Sessions Count 250 Either the call is not answered or the caller will hear a message “the system is busy”

Media Server SALT Platform Browser (VOS-01040002-x.x.x)

SALT_Sessions Count 250 Either the call is not answered or the caller will hear a message “the system is busy”

SDK Runtime Package

SDK_Runtime On/Off N/A No requested web service will come up (initialization of web ser-vices will fail). Entry in error log, exception returned to client.

CSTA III SDK CSTA_III_SDK_Runtime

On/Off N/A CSTA web service will not come up (initialization of web service will fail). Entry in error log, excep-tion returned to client.

XA SDK XA_SDK_Runtime

On/Off N/A XA web service will not come up (initialization of web service will fail). Entry in error log, exception returned to client.

User Notification Service SDK

UNS_SDK_Runtime

On/Off N/A User Notification web service will not come up (initialization of web service will fail). Entry in error log, exception returned to client.



5454ovw.fm

OpenScape Licenses

Web Conferenc-ing SPI

Web_Conf_SPI_Runtime

On/Off N/A Web Conferencing web service will not come up (initialization of web service will fail). Entry in error log, exception returned to client.

Vocalocity Man-agement Server License (VOS-02010001-x.x.x)

VC_MgmtServer Count 1 Either the call is not answered or the caller will hear a message “the system is busy”

Vocalocity Client GUI License (VOS-02010001-x.x.x)

VC_MgmtGUIClient


Vocalocity Report Server License (VOS-02010001-x.x.x)

VC_ReportServer


Vocalocity Report Client License (VOS-02010001-x.x.x)

VC_ReportClient Count 1 Either the call is not answered or the caller will hear a message “the system is busy”

Speech Works Sessions for TTS (VOS-02010001-x.x.x)

SW_TTSSessions


Speech Works Sessions for ASR (VOS-02010001-x.x.x)

SW_ASRSessions


Collaboration Us-ers

Collaboration_User

Count 2000 This license type is not used by any software components in the V2.0 timeframe but is introduced only for packaging and pricing purposes.




cense is “off”


5454ovw.fm


Direct Voice Ac-cess Users

DirectVoiceAc-cessUser


Guest Access Enabling User

GuestAccessEn-ablingUser


Nuance Java Recognition Ex-tension Point (VOS-02010001-x.x.x)

Nuance_ASRSessions

Count 250 To be determined at such time this license is actually used.

Nuance TTS Ex-tension Point (VOS-02010001-x.x.x)

Nuance_TTSSessions


Control Center Server (Distribut-ed) (VOS-02010001-x.x.x)

VC_CCServer Count 1 To be determined at such time this license is actually used.

Control Center GUI Client (Full) (VOS-02010001-x.x.x)

VC_CCClient Count 1 To be determined at such time this license is actually used.

Info Center Serv-er (Distributed) (VOS-02010001-x.x.x)

VC_InfoCenterServer


Info Center GUI Client (Full) (VOS-02010001-x.x.x)

VC_InfoCenterClient





cense is “off”



5454ovw.fm

Non-OpenScape Licenses

Figure 2-3 New Licenses in V2.0

2.6 Non-OpenScape Licenses

The following license can be acquired separately from OpenScape:

● MS SQL server

● Windows Server 2003

● LC Server

● SIP gateway components. Any relevant licensing costs are included the hardware price.

App Center Serv-er (VOS-02010001-x.x.x)

VC_AppCenterServer


App Center Client (VOS-02010001-x.x.x)

VC_AppCenterClient





cense is “off”


5454pre.fm

Nur für den internen Gebrauch Pre-Installation ChecklistRecommended Hardware Requirements

3 Pre-Installation Checklist

This section describes the pre-installation checklist that must be performed before starting the installation.

3.1 Recommended Hardware Requirements

Follow Microsoft hardware recommendations based on O/S. Ensure that the recommended re-quirements are followed as opposed to the minimum requirements.

3.2 Infrastructure Requirements

3.2.1 Required Infrastructure

3.2.2 OpenScape Application Server

>It is the customer’s responsibility to install, in accordance with Microsoft’s operating system software program guidelines, Microsoft service packages and hot fixes, on their network servers and technology-related assets including Siemens’ products.

>Check the latest OpenScape Release Note for information on the current soft-ware versions and service packs used for OpenScape as well as for Microsoft and third party software. This Note is located on the KMOSS website, https://kmoss.icn.siemens.de.

Component/Environment

MS .NET Framework

MS Exchange Server 2000/2003

MS Office Live Communications Server

MS Windows Server 2003 or MS Windows 2000 Server - Standard or Enterprise Edition

Table 3-1 Infrastructure Requirements


HiPath OpenScape Base Server

HiPath OpenScape Management Console

Table 3-2 OpenScape Application Server Requirements


Pre-Installation Checklist Nur für den internen Gebrauch

5454pre.fm

Infrastructure Requirements

3.2.2.1 MS SQL Server

OpenScape requires a separate instance of MS SQL Server 2000. Installation of this instance is the responsibility of the customer. This instance name has to be provided as input during OpenScape installation. This instance should not be installed with the Local System account but with a domain user account with local administrative privileges on the SQL Server.

If MS SQL Server is on a separate server (i.e. remote) from OpenScape, the following addition-al steps need to be done:

● The domain user account that the SQL Server instance is running as should be added to the local Administrators group of the OpenScape Server.

● Microsoft SQL Server Data Engine (MSDE) should be installed by the network administra-tor on the OpenScape server.

3.2.2.2 SSL Encryption for MS SQL Server 2000

SSL client side encryption is used to access the MS SQL Server. The MS SQL Server must have the server certificate which is exported and imported to the client machine. To allow en-cryption, refer to the following MS links:

● http://support.microsoft.com/default.aspx?scid=kb;EN-US;316898

● http://support.microsoft.com/default.aspx?scid=kb;EN-US;276553

MS Windows Server 2003 - Standard or Enterprise Edition

MS .NET Framework

Sun Java 2 Runtime Environment

MS SQL Server 2000 and SP3 - Standard or Enterprise Edition

MS Message Queue Service (MSMQ)

Microsoft ASP.NET

Microsoft IIS

Microsoft Management and Monitoring Tools

>If the OpenScape system is to be installed in a German environment, ensure that the SQL server installation is Unicode compliant in order to preserve German char-acters correctly.


Table 3-2 OpenScape Application Server Requirements


5454pre.fm

Nur für den internen Gebrauch Pre-Installation ChecklistInfrastructure Requirements

3.2.2.3 JAVA Runtime Environment

The CAP License Server (CLT) requires the Java 2 Runtime Environment SE. This package is available from the third party software CD.

3.2.2.4 WSE2.0 for SDK

If you are installing OpenScape and want to use the SDK feature, Microsoft’s WSE2.0 must be installed prior to the OpenScape installation. Microsoft WSE 2.0 can be installed from http://msdn.microsoft.com/webservices/building/wse/default.aspx. During installation, select the op-tion to install the Administrator setup type.

3.2.3 OpenScape Routing Dispatcher on LC Server

Table 3-3 RD Requirements

3.2.4 OpenScape Administrator on Client Machine

>After installing the certificate, MS SQL Server needs to be restarted. This restart must be done regardless of whether SQL Server is co-located on the OpenScape Main server or on a remote server.


HiPath OpenScape RD

MS Windows Server 2003 - Standard or Enterprise Edition

MSMQ


HiPath OpenScape Management Console

MS .NET Framework

MS Windows 2000 or MS Windows XP Professional or Windows Server 2003

MSMQ

Table 3-4 OpenScape Administrator on Client Machine Requirements



5454pre.fm

Infrastructure Requirements

3.2.5 MCU

3.2.6 Media Server

3.2.7 OpenScape Trace File Accumulator


MS .NET Framework

MS Windows Server 2003 Standard or Enterprise Edition

HiPath OpenScape MCU

Table 3-5 MCU Requirements


HiPath OpenScape Media Server

Siemens HiPath CAP Fault Management

Microsoft IE Web Controls

Sun Java 2 Runtime Environment

Microsoft MDAC

MS .NET Framework including Rollup Hotfix KB821156

MS Windows Server 2000 Advanced, SP4 or higher

MSDE 2000

ScanSoft OSR including language dependent part

VocalOS

ScanSoft Speechify core

ScanSoft Mara (US-English)

ScanSoft Tessa (DE-German)

ScanSoft Helen (GB-English)

Table 3-6 Media Server Requirements


MS .NET Framework

MS Windows Server 2003 or Windows XP Professional

HiPath OpenScape TFA


5454pre.fm

Nur für den internen Gebrauch Pre-Installation ChecklistInfrastructure Requirements

Table 3-7 TFA Requirements

3.2.8 OpenScape Early Deployment Mode

Table 3-8 EDM Requirements

3.2.9 End Points

3.2.10 Recommendations Based on Number of OpenScape Users

3.2.10.1 Normal Traffic Call Model

Assumption: (3 events per user per hour) where events include phone calls, portal calls, in-stant messages and status changes)


MS .NET Framework

MS Windows Server 2003 or Windows XP Professional

HiPath OpenScape EDM

Windows Server 2003 Active Directory Application Mode

Endpoints

OptiPoint 400 - Siemens SIP Phone

Windows MessengerMS Windows 2000 or MS Windows XP Professional

Table 3-9 Endpoints

Server 100/250 UsersProcessor/Memory/HD

500/750 Users Processor/Memory/HD

OpenScape Server P4/2 GB/ P4 Xeon/2 GB

MCU server P4/1 GB/>10GB HD P4/1 GB (1 - 2 servers*)

Media server P4/2GB/>18 GB HD two P4 Xeon/2 GB

LC Server/MS SQL (optional on OS server)

Yes on Xeon Yes, if dual processor

Table 3-10 Recommended hardware requirements - Normal Traffic Call Model



5454pre.fm

Infrastructure Server Verification

Note: * The number of MP servers is dependent on the amount of conference resources used (also multiprocessors units can be used).

Minimal configuration: The OpenScape, MCU, LCS and MS SQL can be installed on the same server (P4 Xeon/2 GB). The Media Server needs to be on a separate 2nd server (P4/2 GB).

3.2.10.2 High Traffic Call Model

Assumption: (6 events per user per hour) where events include phone calls, portal calls, in-stant messages and status changes)

Note: * The number of MP servers is dependent on the amount of conference resources used (also multiprocessors units can be used).

3.2.11 Database Size

To determine the size of the OpenScape database needed during OpenScape installation (Section 9.5, “Installing OpenScape”, on page 9-9), ask the Network Administrator to provide

1. the number of OpenScape users that are planned for the system - ___________

2. the number of months of call records that will be kept - _____________

The minimum size = (number of users/2) + ((number of users * number of months)/20). For example, for 250 users and 3 months of call records, the minimum size = 250/2 + ((250 * 3)/20) MB = 163 MB.

3.3 Infrastructure Server Verification

The first step in preparation for installation of the system is to determine whether the infrastruc-ture and configuration meets the OpenScape requirements.

Server 100/250 UsersProcessor/Memory/HD

500/750 Users Processor/Memory/HD

OpenScape Server P4/2 GB/ two P4 Xeon/2 GB

MCU server P4/1 GB/>10GB HD P4/1 GB (1 - 2 servers*)

Media server P4/2GB/>18 GB HD four P4 Xeon/2 GB

LC Server/MS SQL (optional on OS server)

Yes on Xeon Yes, if dual processor

Table 3-11 Recommended hardware requirements - High Traffic Call Model


5454pre.fm

Nur für den internen Gebrauch Pre-Installation ChecklistInfrastructure Server Verification

1. Confirm configuration of the system (Section 2.3.6, “Typical Configurations”, on page 2-10) - THIS SHOULD BE TOLD BY PROJECT MANAGER.

2. Verify the Infrastructure components (Exchange, AD) are appropriate versions.

3. Confirm that users exist in AD and map, based on topology, to the planned OpenScape us-ers.

3.3.1 Domain Mode

OpenScape requires installation in a domain that is at native functionality mode or higher.

By default, when a Windows 2000 Server or Windows Server 2003 DC is installed, it is created in mixed-mode. OpenScape has a requirement for the domain in which it is to be installed to be in native-mode or higher. This elevation of domain mode provides additional security features. The particular feature that OpenScape requires is the enhanced scope of the Domain Local Se-curity Group. This feature exists in native mode and above (i.e. 2003).

Raising the domain functionality is a manual step that must be performed with an account that possesses Domain Administrator privilege. This is a non-reversible change. To raise the do-main functionality, select the target domain in Active Directory Domains and Trusts console. Right click and select Raise Domain Functional Level.

If for whatever reason it is not possible to raise functionality of a production domain, the workaround is to create a new resource domain for OpenScape. This resource domain is a new child domain in the forest, which has been elevated to native-mode and contains the Open-Scape Servers (Application, Conferencing and Media) as well as LCS. This resource domain need not have any OpenScape users in it.

>Note1: There currently exists a restriction with the VegaStream gateway (pre R5.1 T017) that the fully qualified domain name of the LCS/OpenScape server may only be a maximum of 31 characters. If this gateway is to be used with OpenScape, this length restriction must be applied.

>Note2: The IP address for the LCS/OpenScape server should be static.



5454pre.fm

Server Information

3.4 Server Information

Have the customer’s network administrator fill out the following tables.

System Name (SystemID*)

Domain Name

Fully Quali-fied Domain

Name (FQDN)

IP Address Voice Portal Extension

OpenScape

LC Server N/A

Exchange 2000/2003

N/A

MS SQL Server

N/A

MCU N/A

MC (if sepa-rate from MP)

N/A

MP N/A

MP(optional) N/A

MP(optional) N/A

MP(optional) N/A

OMC N/A

Gateway N/A

Root Domain N/A N/A N/A N/A

Table 3-12 Server Information

*NOTE: The systemID is a maximum 11 alphanumeric characters in length.


5454pre.fm

Nur für den internen Gebrauch Pre-Installation ChecklistAccount/Group/Permissions Configuration

3.5 Account/Group/Permissions Configuration

OpenScape requires the creation of users and groups as well as permissions configuration pri-or to installation of the system.

The Environment Preparation Tool is used for this and will be performed in Chapter 8 after in-stalling the LC Server; however, some accounts still need to be created manually.

OpenScape is supported only in native mode or higher domains because there are two groups that require support of users in multiple domains. In native mode or higher, the Domain Local Group has scope over multiple domains.

Some tasks are done by the customer’s network administrator and some are done by the in-staller. Also, some tasks like Forest Prep, root domain prep/add are done by the enterprise ad-ministrator using the Environment Preparation Tool.

3.5.1 By Network/Domain Administrator

3.5.1.1 Accounts

Some accounts are identified as assigned during Chapter 8. Refer to Appendix D, “Settings Changed by the Environment Preparation Tool” for a description of the accounts created as well as groups such as OpenScape Service, OpenScape User and OpenScape Admin.

Application(Server Machine)

Description Port Number

LC server machine Trusted port number on LCS

B2BUA (OpenScape) Port number configured on B2BUA for SIP mes-sages from LCS (default is 21020)

License Server (Open-Scape)

Port number configured for License Server (de-fault is 50000)

Media Server Port Number configured on Media Server to re-ceive SIP messages from LCS (default is 5060)

MCU (MCU) Port number configured on MCU to receive SIP messages from MC (default is 5060)

Table 3-13 Port Number information for Block Rule

>To comply with Windows 2000, the user and group names should be no longer than 20 characters.



5454pre.fm

Account/Group/Permissions Configuration

The network administrator must also work with the site telecom administrator to obtain exten-sion numbers for the specified accounts in the table.

Account Name Password Extn. no.

GroupMembership

Description

OSsvc*(Core Account or Service Account)

_________ N/A See Appendix D ● Used for services● Used by UNS as

LCS user; LCS Us-er* configuration required - see be-low

● Portals also use this account

OSWeb* _________ N/A See Appendix D ●

<systemID>OSRTP* _________ N/A See Appendix D ● Used to get RTP data from LCS

● LCS User*

<systemID>UNS* ________ N/A See Appendix D ●

LCSInstaller ________ N/A - Domain admin privileges- Active Directory schema modifi-cation privileges

● Used only for LCS installation (and un-installation)

<osinstaller> (Should be created by network admin-istrator. Assigned in Chap-ter 8)

________ N/A See Appendix D ● Used for installa-tion of OpenScape, OMC, MCU & Me-dia Server

<systemID>SiemensIC* ________ ________

See Appendix Dr ● Media Server● See Appendix B

<systemID>SiemensCR* ________ ________

See Appendix D ● Media Server● See Appendix B

<systemID>CRDirect* ________ ________

See Appendix D ● Media Server● See Appendix C

<systemID>CRForward* ________ ________

See Appendix D ● Media Server● See Appendix C

* - These accounts are created by the Environment Preparation Tool - see Chapter 8

Table 3-14 Accounts Created by Network Administrator


5454pre.fm


3.5.1.2 Imported AD Users

There may be cases where users for a system are being imported from another pre-Windows 2000 system (i.e. Windows NT). The migration of users into active directory (AD) is the respon-sibility of the customer and the process is not discussed here. For any imported user, you must verify that the user account has a User Logon Name and not a User Logon Name [pre-Win-dows 2000]. See Figure 3-1.

>NOTE: All accounts should be password-enabled. Non-expiring passwords are rec-ommended; however, please follow company policy. If the passwords for the Open-Scape services need to be changed, please refer to the Help for OpenScape Man-agement Console for information on how to change these passwords.The extension numbers should be unique numbers in the dialing plan (like any other OpenScape user). For example, you can access CRDirect “by name” (from WM or portal) or “by number (from WM, portal, or phone).

7Warning

If any password expires and if for any reason any service is stopped, it cannot be restarted rendering the system non-functional. The password needs to be reset in the Active Directory and the Service Control Manager. Then start the services again.

>Each OpenScape installation requires two distinct accounts (<systemID>OSUNS and <systemID>OSRTP). The same two accounts cannot be used by other Open-Scape Installations. New accounts with different names must be created by the En-vironment Preparation Tool.



5454pre.fm


Figure 3-1 User Properties Screen

3.5.2 By Installer/Local Administrator

3.5.2.1 Account Requirements for OpenScape Management

Normally, all the WMI providers are hosted by the company’s RTCB Managed Provider Win-dows service. This service, as like the other OpenScape Windows services, runs under an ac-count that is a member of the OpenScape Service group and needs access to the WMI namespace, the privileges to administer both the OpenScape Admin and OpenScape User groups and any other privileges used by OpenScape Windows services e.g., access to SQL etc.

The account mydomain\OSAdmin needs to have access to the OpenScape server’s, for exam-ple, \root\Siemens\RTCB WMI namespace to reach the WMI providers – after that, the privileg-es of the account that the Siemens RTCB Managed Provider Windows service is running under are used.


5454pre.fm


3.5.2.2 Namespace Permissions

OpenScape uses a namespace in the CIM. The namespace \root\Siemens\RTCB is created on installation of the OpenScape application. For security purposes these permissions must be verified/adjusted on the OpenScape server.

Access to the namespace security is through the Windows Management Instrumentation (WMI) console (wmimgmt.msc). In order to access the security settings, you must be at least a local administrator on the OpenScape server.

The following URL is a link to an MSDN article that discusses how to set the WMI namespace privileges in Windows Server 2003.

http://support.microsoft.com/default.aspx?scid=kb;en-us;325353

Summary of user privileges for root\Siemens\RTCB namespace:

● Administrators: should have all privileges including Remote Enabled

● OpenScape Admin group: If not already in the administrators group, should have all priv-ileges including Remote Enabled.

● OpenScape Service group: same as above.

● Everyone: should modify to deny all inherited rights

CIM Namespace Security

1. On the OpenScape server, logon as <osinstaller>, go to Computer Management->Services and Applications->WMI Control.

2. Right-click Properties.

3. Click the Security tab.

4. Select the Root\Siemens\RTCB namespace.

5. Click Security.

6. Select Everyone from Group or user names.

7. Under Permissions for Everyone, click Deny for the following permissions:

● Execute Methods

● Provider Write

● Enable Account

8. Click Apply, OK, and then OK to close the Computer Management window.

● LOCAL/NETWORK: since winmgmt uses these accounts and communicates with our OpenScape providers the default privileges are acceptable i.e., no change.



5454pre.fm


Summary of user privileges for root\CIMV2 namespace:

● OpenScape Admin group: should have all privileges including Remote Enabled.

Summary of user privileges for root\MicrosoftIISv2 namespace:

● OpenScape Admin group: should have all privileges including Remote Enabled.

The account of anyone that may need to access the WMI providers on the OpenScape server will need at least default permissions (“Execute Methods”, “Provider Write” and “Enable Ac-count”) as well as “Remote Enable”. This would be anyone accessing these providers via OMC or scripting.

The WMI providers are hosted by the company’s RTCB Managed Provider Windows service. Once access is made to the OpenScape WMI namespace (\root\Siemens\RTCB) the privileges of the account that the RTCB Managed Provider Windows service is running under are used. As like the other OpenScape Windows services, the account used is a member of the Open-Scape Service group and needs the privileges to administer both the OpenScape Admin and OpenScape User groups and any other privileges used by OpenScape Windows services e.g., access to SQL etc. Also, this service account (or the OpenScape Service group it belongs to) must have local administrative privileges on the OpenScape server.

Any user wishing to access the OpenScape WMI namespace for management purposes must have local administrative privileges on the OpenScape server. This applies whether the user is accessing the namespace remotely or locally.


5454pre.fm

Nur für den internen Gebrauch Pre-Installation ChecklistSIP Phone Data

3.6 SIP Phone Data

If the customer uses SIP phones, then obtain the following data for each SIP phone user that will be needed in Section 16.5.1, “Configuring Profiles for SIP Phones”, on page 16-5.

Setting Description Value

Phone Network (if not us-ing DHCP)

Terminal IP address range IP address ranges to be as-signed to the phones

Terminal Mask Subnet mask that the phone re-sides on

Primary DNS IP Address Primary DNS server to be used by the phone

Secondary DNS IP Address (optional)

IP address of additional DNS server

Default Routes IP address of gateway on net-work

Domain Names List all domains that phones belong to (need to associate with each phone)

Time and Date (if not using DHCP)

SNTP server address IP address of the time synchro-nization server on the network

Time zone offset Offset that must be applied to the time give by the SNTP server to get current time

KDC

KDC Server Address Host name of the KDC server to be used. This is normally the child domain name or IP ad-dress of the child domain con-troller where the user is locat-ed.

SNTP

SNMP Trap address

Quality of Service (QoS)

Tabelle 3-15 SIP Phone Data for Each User



5454pre.fm

SIP Phone Data

vLAN discovery

Manual VLAN identifier

Qos Mode

Layer 3 voice

Layer 3 signaling

Setting Description Value

Tabelle 3-15 SIP Phone Data for Each User


5454ilcs.fm

Nur für den internen Gebrauch Installing Live Communications ServerInstalling the LC Server

4 Installing Live Communications Server

This section provides information about installing the LC Server (LCS).

Select defaults while installing the LC Server. Only in the User Info screen where it asks for a user id and password, then enter the user id with administrator privileges only along with its password. The installation guide that comes with the LC Server leads you to set up an “LCSService” type user and, by default, that is the one that is displayed in this screen as default. Either you can use it or enter in your own id. This will be the account under which the LCS Ser-vices will run.

4.1 Installing the LC Server

To install the LC Server (refer to the Microsoft LC Server deployment guide at http://www.mi-crosoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/office/livecomm2003/de-fault.asp):

1. Ensure that you do not have WM installed on the LC Server.

2. Install the LC server according to the Microsoft documentation and follow the instructions.

3. Select the defaults except on the User Info screen.

4. In the User Info screen, type the user ID with administrator privileges and password then click Enter. Should assistance be needed to set up an RTCService, refer to the LC Server Installation Guide. The RTCService user ID is the default. You can either use it or type in your own ID.

>Use Microsoft documentation as a primary guide for setting up a system infrastruc-ture.

>Before installing the LC Server, make sure you do not have WM installed on that ma-chine; otherwise, WM uses the default port 5060 (to communicate with the LC Serv-er) depending on who starts up first - WM Client or LCS Service. Usually WM Client controls the 5060 port and, thus, the LC Server is not able to receive any messages from any WM Clients at all. One way to avoid this would be to add another port to the LC Server and use that port number in the server location section on the WM Client configuration screen

>If the expiration date for the password is not explicitly set, then the password expires in 42 days and the system ceases to function.


Installing Live Communications Server Nur für den internen Gebrauch

5454ilcs.fm

Local Machine Groups

5. After LC Server is installed, then install TLS by first installing certificates. Then assign those certificates with the TLS Mutual setup.

4.2 Local Machine Groups

On the OpenScape/LC Server, after LCS installation, there are four new Machine Local Groups created:

● RTC Local Administrators

● RTC Local User Administrators

● RTC Server Applications

● RTC Server Local Group

In Chapter 8, “Preparing the OpenScape Environment”, the OpenScape Service account (see Table 3-14 on page 3-10) is added during installation and becomes a member of these local machine groups.

Refer to Chapter 8 and Appendix D for more details.

4.3 Installing and Setting Up the Windows Messenger (WM) Client

To install or un-install the WM client, you must be logged into the PC as a local administrator only. If you already have a WM version installed, you must first un-install it before installing a newer version.

To un-install WM:

1. At the client’s desktop, click Start > Run.

2. Type C:\Documents and Settings\All Users\Application Data and click OK.

3. Double-click Microsoft directory.

4. Right-click Messenger.msi and select uninstall.

To install WM version 5.0.381, you must first be logged on as a local Administrator. Whenever you log-in to the PC as a domain user for the first time, usually WM client automatically starts your sign-in process using the user id and password as you entered while logging into your PC. If this does not automatically start, click Start > All Programs > Windows Messenger. This starts the WM instance installation. This process takes just less than a minute, and then con-figure your WM client for usage as follows.

>Note: The usage of RTC is interchangeable with LCS. Microsoft changed the name of RTC to LCS.


5454ilcs.fm

Nur für den internen Gebrauch Installing Live Communications ServerInstalling and Setting Up the Windows Messenger (WM) Client

From the menu bar:

1. Click on Tools > Options…

2. Select the Accounts tab.

3. In the Communications Service Account section, select the My contacts include users of a communications service check box.

4. Type the SIP URI in the Sign-in name: field; for example, [email protected] (this is the LCS user’s SIP URI as configured in the Active Directory)

5. Click the Advanced… button located right next to this field.

6. Select Configure settings radio button.

7. Type the rtc-server-host-name.domain.name in the Server name or IP address field. This server name is the name of the server on which you have installed or the LC Server is in-stalled.

8. Select the TLS option at the Connection using options field.

9. Click OK.

10. Click OK.

11. Sign in.

4.3.1 Testing with Windows Messenger

Once your LC Server is configured and before installing OpenScape, make a test call between two WM clients. Attempt a voice call between two clients using both TCP and TLS. This ensures that you have connectivity and the appropriate certificates.

4.3.2 Uninstalling Windows Messenger

To install or un-install the WM client, you must be logged into the PC as a local administrator only. If you already have a VM version installed (pre-version 5.0.292), you must un-install it first before installing the new version.

To un-install Windows Messenger:

1. Click Start->Run.

2. Enter c:\Documents and Settings\All Users\Application Data, then click OK.

3. Double-click on the Microsoft directory.

4. Double-click the Windows Messenger directory and right click on the Messenger.msi file.

5. Select uninstall.



5454ilcs.fm

Configuring the RTCService Account

4.3.3 Installing Windows Messenger

To install Windows Messenger version 5.0.381, log on first as a local administrator.

Whenever you logon to the PC as a domain user for the first time, the WM client usually auto-matically starts your sign-in process using the user id and password you entered while logging onto your PC.

If this sign-in process does not automatically start, click Start->Programs->Windows Mes-senger to start the Windows Messenger copy installation.

4.3.4 Configuring the WM Client

To configure your WM client for usage from the WM menu bar:

1. Click Tools->Options....

2. Select the Accounts tab.

3. In the Communications Service Account section, select the check box My contacts in-clude users of a communications service.

4. Type the SIP URI in the Sign-in name: field.

For example, [email protected] (this is the LCS user’s SIP URI as configured in the Active Directory).

5. Click the Advanced... button.

6. Click Configure settings.

7. Enter LCS-server-host-name.domain.name in the Server name or IP address: field. This server name is the name of the server on which the LC Server is installed.

8. Select TLS from the Connection using: options field.

9. Click OK.

10. Click OK.

11. Sign in.

4.4 Configuring the RTCService Account

The following must be done after the LCS domain prep and before anyone needs to use a phone in a Windows 2000 domain.

On the RtcService Properties dialog box, select the Account tab. Check the Use DES en-cryption types for this account box, then click OK.


5454ilcs.fm

Nur für den internen Gebrauch Installing Live Communications ServerConfiguring the RTCService Account



5454ilcs.fm

LCS Setup Checklist and Troubleshooting

4.5 LCS Setup Checklist and Troubleshooting

You can view LCS settings like Ports, Static Routes, making them Trusted or unTrusted, and displaying only the required settings on the LC Server.

General Checklist

Installation Tasks Done (➼ )

On Windows Messenger (WM) Cli-ents

● Check if version is 5.0.0381.● Transport channel should be set to TLS.● User SIP URI configured should be correct (check spelling and for-

mat).● All users should point to the LCS Home Server on which they are

homed.● To un-install WM on your system, log on as an Administrator and go

to the “\Documents and Settings\All Users\Application Data\Mi-crosoft” directory and double click on WM directory and locate the “.msi” file. Right click on “.msi” file and select uninstall.

DNS Con-figurations

● Check if your system is configured to point to the correct DNS Server.● System should have the correct domain name entries in its search

list.● You should be able to ping all Clients & Gateways in your domain.

Table 4-1 LCS Setup Checklist and Troubleshooting


5454ActiveD.fm

Nur für den internen Gebrauch Active Directory ReferenceEnvironment Recommendations

5 Active Directory Reference

OpenScape V2 requires extending the Active Directory schema with OpenScape specific classes and attributes similar to what Microsoft requires for LCS. Chapter 7, “Setting Up a For-est in Production Mode” describes the steps to extend of the schema.

As alternative to extending the enterprise Active Directory schema OpenScape can be de-ployed in Early Deployment Mode (EDM). EDM uses ADAM (Active Directory Application Mode) which is extended with the Siemens schema enhancements instead. EDM installation is described in Chapter 6, “Setting up OpenScape in Early Deployment Mode (EDM)”. EDM/ADAM does not provide the same versatility as running OpenScape in production mode. It is recommended to install OpenScape in Production mode.

5.1 Environment Recommendations

The following list summarizes the recommendations for placement of Active Directory domain controllers and global catalog servers to support HiPath OpenScape.

● At least one global catalog server must be installed in each domain that contains Hi-Path OpenScape components such as OpenScape or Routing Dispatcher.

● Ensure that the server assigned the infrastructure master role is not a global catalog server (unless the domain only contains one DC).

● Ensure that DNS is correctly configured at the hub site and all branches. Ensure that name resolution and DNS functionality are both operating correctly.

5.2 Attributes and Objects

Forest preparation will extend the Active Directory schema and will add additional attributes and objects in the schema. The changes made include:

● The User object being extended to add attributes for each user that are mostly static, such as Secondary SIP addresses and OpenScape Home Server. The same exten-sion is made on the contact object for cross-forest scenarios.

● A new Siemens container being created under the system object, if it doesn’t already exist.

● A new Siemens OpenScape container being created under the computer object.

Note: The schema extensions to a customer Active Directory Enterprise Schema cannot be re-moved once applied to it! This is a permanent change to AD.


Active Directory Reference Nur für den internen Gebrauch

5454ActiveD.fm

Attributes and Objects

5.2.1 Attributes and Objects Hierarchy

The following structure shows the hierarchy of the new classes and the new attributes:

Note: The above class objects will be added to the root domain

System (container)

Siemens (container)

Siemens Openscape (siemensOSGlobalContainer)

siemensOSExtension:: attribute

<domain> (siemensOSDomain)

siemensOSDomainName:: attribute


<guid> (siemensOSTrustedService)

siemensOSIsMaster :: attribute

siemensOSTrustedServiceFQDN:: attribute


Computers (container)

<Machine-Name>

Siemens Openscape (serviceConnectionPoint)

OS Core Services (siemensOSServices)

siemensOSServiceInfo:: attribute


SB Registration Service (siemensOSServiceConnectionPoint)



5454ActiveD.fm

Nur für den internen Gebrauch Active Directory ReferenceAttributes and Objects

Users (container)

User (extensions)

siemensOSSecondaryAOR:: attribute

siemensOSEnabled:: attribute

siemensOSHomeServer:: attribute

siemensOSRequiredData:: attribute


siemensOSDevices:: attribute

siemensOSUserData1:: attribute




Contacts (container)

Contact (extensions)

siemensOSSecondaryAOR:: attribute

siemensOSEnabled:: attribute

siemensOSHomeServer:: attribute

siemensOSRequiredData:: attribute


siemensOSDevices:: attribute







5454ActiveD.fm

Attribute Definitions

5.3 Attribute Definitions

The following tables shows the new attributes defined in the schema file (ldf) that extends ob-jects for Siemens OpenScape Server.

Attribute Syntax Multi-Value

Object Description

siemensOSServi-ceInfo

Directory String

True siemensOSServices Contains information spe-cific to this Service (e.g. for Core Services DB connectivity)

siemensOSExten-sion

Directory String

True siemensOSServices, si-emensOSServiceCon-nectionPointclass,siemensOSGlobalCon-tainer, siemensOSDo-main, siemensOSTrust-edService, User, Contact

OpenScape extensions

siemensOSSec-ondaryAOR

Directory String

True user Secondary AORs

siemensOSHome-Server

Directory String

False user OpenScape HomeServer

siemensOSEn-abled

Boolean False user Indicates whether user is enabled for OpenScape

siemensOSRe-quiredData

Directory String

True user OpenScape user required information. For Open-Scape backup/restore purposes.

siemensOSDevic-es

Directory String

True user Device(s) assigned to OpenScape user

siemensOSUserData1

Directory String

False user Not currently used

siemensOSUserData2

Directory String


siemensOSUserData3

Directory String


siemensOSUserData4

Directory String


Table 5-1 Siemens Attribute Extensions


5454ActiveD.fm

Nur für den internen Gebrauch Active Directory ReferenceClass Definitions

5.4 Class Definitions

The new Active Directory classes are as follows:

● siemensOSServices

● siemensOSServiceConnectionPoint

● siemensOSGlobalContainer

● siemensOSDomain

● siemensOSTrustedService

Table 5-2 through Table 5-6 describe the new attributes associated with each of these classes.

5.4.1 siemensOSServices

This class stores the Siemens OpenScape Service information and is inherited from the ser-viceConnectionPoint class. The following table shows the new Active Directory class and its OpenScape attributes.

The only possible superior class os siemensOSServices is the serviceConnectionPoint class.

siemensOSDo-mainName

Directory String

False siemensOSDomain A domain configured for OpenScape

siemensOSIsMas-ter

Boolean False siemensOSTrustedSer-vice

This attribute determines whether the user is a master representation or a replicated copy.

siemensOSTrust-edServiceFQDN

Directory String

False siemensOSTrustedSer-vice

Trusted Server FQDN

Attribute Syntax Multi-Value Description

siemensOSServiceInfo Directory String True Contains information specif-ic to this Service (e.g. for Core Services DB connec-tivity)

siemensOSExtension Directory String True OpenScape extensions

Table 5-2 Siemens OS Services Class Attributes

Attribute Syntax Multi-Value

Object Description

Table 5-1 Siemens Attribute Extensions



5454ActiveD.fm

Class Definitions

5.4.2 siemensOSServiceConnectionPoint

The siemensOSServiceConnectionPoint class inherits from the serviceConnectionPoint class and can have only siemensOSServices class objects as it possible superior.

Table 5-3 Siemens OS Service Connection Point Class Attribute

5.4.3 siemensOSGlobalContainer

The siemensOSGlobalContainer class is a container class for Siemens OpenScape global in-formation. This class inherits from the container class and can have other container class ob-jects as it possible superior.

Table 5-4 Siemens OS Global Container Class Attribute

5.4.4 siemensOSDomain

The siemensOSDomain class is used to store all the domains configured for Siemens Open-Scape and is a container class for Siemens OpenScape global information. This class inherits from the container class and can have only siemensOSGlobalContainerclass objects as it pos-sible superior.

Table 5-5 Siemens OS Domain Class Attribute

5.4.5 siemensOSTrustedService

The siemensOSDomain class is used to store all the domains configured for Siemens Open-Scape and is a container class for Siemens OpenScape global information. This class inherits from the container class and can have only siemensOSGlobalContainerclass objects as it pos-sible superior.






siemensOSDomainName Directory String False A domain configured for OpenScape



5454ActiveD.fm

Nur für den internen Gebrauch Active Directory ReferenceEarly Deployment Mode or Production Mode

Table 5-6 Siemens OS Trusted Service Class Attribute

5.5 Early Deployment Mode or Production Mode

If the customer wants to do an OpenScape evaluation without making any changes to the Ac-tive Directory, then proceed to Chapter 6, “Setting up OpenScape in Early Deployment Mode (EDM)”; otherwise, proceed to Chapter 7, “Setting Up a Forest in Production Mode” which will makes changes to AD.


siemensOSIsMaster Boolean False This attribute determines whether the user is a master representation or a replicat-ed copy.

siemensOSTrustedSer-viceFQDN

Directory String False Trusted Server FQDN




5454ActiveD.fm

Early Deployment Mode or Production Mode


5454EDM.fm

Nur für den internen Gebrauch Setting up OpenScape in Early Deployment Mode (EDM)

6 Setting up OpenScape in Early Deployment Mode (EDM)

This chapter details the steps necessary to prepare the ADAM infrastructure to host servers running OpenScape Server in EDM mode and later migrate to a production mode environment.

Go to Chapter 7, “Setting Up a Forest in Production Mode” for a production mode environment.

Installation comparison between Production Mode and Early Deployment Mode:

>Note: Running OpenScape in EDM mode does not require the enterprise Active Di-rectory schema to be extended. Instead ADAM is used beside the existing Active Di-rectory to store the new Siemens OpenScape classes and attributes.

Task Early Deployment Mode Production Mode

Forest Preparation (ForestPrep.exe)● Extending Schema● Creating Enterprise Global objects

Not Required Required

Domain Preparation (EnvironmentSetup.exe)● Extending Schema● Creating Enterprise Global objects

Required (see Section 6.2) Required

EDM System Preparation (EnvironmentSet-up.exe)

Required (see Section 6.2) Not Required

Install ADAM● ADAM is available from MS for Windows

2003 Server


OpenScape EDM installation (OpenScap-eEDM.exe)


Migration to Production Mode (Migrate.exe) Optional (see Section 6.5) Not Required

Installation of OpenScape packages (such as OpenScape, Routing Dispatcher, etc.)

Required (see general OpenScape installation

Required

Table 6-1 Installation Comparison

>Note: Running OpenScape in EDM mode: If a new user is created, the user cannot be converted until Active Directory replicates that user to all domain controllers and the ADAM synchronizer (EDMADC service) replicates that user into ADAM. This may take several minutes depending on the customer’s replication topology. Usually, this will be less than 5 minutes.


Setting up OpenScape in Early Deployment Mode (EDM) Nur für den internen Gebrauch

5454EDM.fm

Installation Requirements for EDM

6.1 Installation Requirements for EDM

The following files are used to set up a forest in early deployment mode. They can be found in the OpenScape EDM and OpenScape EPT folder (except ADAM).

● EnvironmentSetup.exe: Used for Domain and System Preparation steps

● OpenScapeEDM.exe: EDM installation package

● Migrate.exe: Used when migrating to Production Mode

● ConvertAdmins.exe: Used to migrate users that are members of administrative groups

● ADAM: ADAM is an integrated directory service available with Windows Server 2003 and must be downloaded from Microsoft at http://www.microsoft.com/windowsserver2003/adam/default.mspx

6.2 Domain and System Preparation

Before installing ADAM and EDM the Root and Child domains need to be prepared. These are the same steps as for production mode. The only difference is the use of the EDM parameter when using EnvironementSetup.exe.

In preparation for EDM installation the EDM System Preparation needs to be run. See Section 8.18 on page 8-38 on how to prepare the domains and the EDM system.

6.3 ADAM Installation

Once the environment is prepared with root domain prep, child domain prep and EDM system prep, the ADAM and EDM installation can proceed.

ADAM is an integrated directory service available with Windows Server 2003 and must be downloaded from Microsoft at: http://www.microsoft.com/windowsserver2003/adam/de-fault.mspx.

ADAM must be installed on a Windows 2003 Server. For larger deployments it is recommended to install ADAM/EDM on its own server (not on an OpenScape Home Server).

ADAM installation should be run with the <osinstaller> account or an account which has given permission to write its own Service Connection Point, or as domain admin.


5454EDM.fm

Nur für den internen Gebrauch Setting up OpenScape in Early Deployment Mode (EDM)EDM Installation

Note: ADAM backup and restore is described at: http://msdn.microsoft.com/library/de-fault.asp?url=/library/en-us/adam/adam/backing_up_and_restoring.asp

6.4 EDM Installation

Once ADAM is successfully installed the EDM installation can proceed.

EDM must be installed on a Windows 2003 server preferably on the server where ADAM with instance “SiemensOpenScapeEdmV2” has been installed.

Command Where to run as who

What it does

Download ADAM (ADAMretailX86.exe) from:http://www.microsoft.com/downloads/details.as-px?FamilyId=9688F8B9-1034-4EF6-A3E5-2A2A57B5C8E4&displaylang=en

Unzip and Install ADAM (adamsetup.exe):● Select: “ADAM and ADAM administration tool”● Select “A unique instance”● Enter Instance name: SiemensOpenScapeEdmV2”● Accept default ports● Select: “No, do not create an application directory

partition”● Accept Data files● Install ADAM as the OpenScape Service account,

select “This account” and browse to the OSsvc ac-count in the current domain and enter the pass-word.

● On the popup indicating that the account does not have permissions to run as a service, click “Yes”.

● Accept “Currently logged on user: <domain\install-er>”

● Accept: “Do not import LDIF files…”● Finish installation.

ADAM/EDM server, run as installer

ADAM/EDM server, run as InstallerIn-stalls ADAM using predefined instance name “SiemensOpenScapeEdmV2” and runs service as Open-Scape Service ac-count.

Table 6-2 ADAM Installation Steps



5454EDM.fm

MIgrating from EDM to Production Mode

Table 6-3 EDM Installation Steps

6.4.1 Verifying the ADAM Schema Changes

1. Logon to the server where the ADAM instance is installed with the <osinstaller> account.

2. Click Start > All Programs > ADAM > ADAM ASDI Edit. This will open the ADAM ADSI Edit program.

3. On the left pane right-click ADAM ADSI Edit, then click Connect to…. This opens the Connection Settings window.

4. Under Well-known naming context, select Schema, then click OK.

5. Expand My Connection, then click Schema….

6. In the right pane, search for CN=siemens-OSServiceInfo. If present, the schema was successfully propagated. If no such entry exists, then the schema was not modified.

6.5 MIgrating from EDM to Production Mode

There is no expiry in running HiPath OpenScape in EDM mode. There are only a few limitations by running in EDM which mainly is performance impact with a large deployment. Once the per-mission to extend the enterprise is granted, it is recommended to migrate to production mode which replaces the use of ADAM with the extended Active Directory.

Migration involves the following tasks:

● Extend the enterprise Active Directory schema with the Siemens OpenScape extensions.

● Migrate the user data and SCPs from ADAM to Active Directory.

● Disable ADAM and remove the ADAM instance entry published in the Active Directory.

Command Where to run as who What it does

Run OpenScape EDM In-stallation Package (Open-ScapeEDM.exe)

ADAM/EDM server, run as installer

Creates the ADAM schema for LC and OpenScape.Creates the default application partition mirroring the real Active Directory do-main names and sets the defaultNam-ingContext.

>Note: ADAM ADSI Edit is a ADAM administrative tool that may be installed as part of the ADAM installation. The usage of ADAM ADSI Edit is very similar to ADSI Edit for Active Directory.


5454EDM.fm

Nur für den internen Gebrauch Setting up OpenScape in Early Deployment Mode (EDM)MIgrating from EDM to Production Mode

Extending the enterprise schema is done by the forest preparation tool, ForestSetup.exe, de-scribed in 5b. The other two tasks will be done by Migrate.exe tool.

6.5.1 Installation Requirements for Migration

● For Forest Preparation, copy the OpenScape EPT folder locally to the root domain control-ler chosen installation directory.

● For Migration and EDM System Prep un-installation, copy the OpenScape EPT folder lo-cally to the EDM/ADAM server.

6.5.2 Migrating from ADAM to Active Directory

Migration from EDM to Production mode is done in following steps:

1. Prepare the forest by following the instructions in Chapter 7, “Setting Up a Forest in Pro-duction Mode”.

2. Run the root and child domain preparations for Production Mode as described in Chapter 8, “Preparing the OpenScape Environment”.

3. Check for OpenScape users that are members of administrative groups in all OpenScape Servers in the forest and either delete them as OpenScape users or add the privileges for the OpenScape Service group. See Section 6.5.2.1.

4. Logon to the EDM/ADAM server as “Installer” account which was used to install ADAM and EDM. Perform the Migration by typing the following command in a command prompt: Mi-grate.exe /i /l prep.log.

5. Remove OpenScape EDM using Add/Remove Programs.

6. Optionally remove the ADAM instance using Add/Remove Programs.

7. Logon as domain administrator to this server or any other server connected to the current domain.

8. Uninstall EDM System Prep using EnvironmentSetup.exe with ‘x’ switch. See Section 8.18, “EDM System Preparation and Verification”.

9. Rerun the system preps again for installations remaining on this host. For example, if OpenScape is installed on this host and will be kept, then the OpenScape system prep must be rerun.

10. Restart all servers containing HiPath OpenScape installations (e.g. OpenScape, Routing Dispatcher, MCU, Media Server) in the forest.



5454EDM.fm


6.5.2.1 Checking for OpenScape Users that are members of Administrative Groups

In EDM mode members of administrative groups are allowed to be OpenScape users. These accounts are protected for security reasons, and do not inherit the access rights.

For each OpenScape Server one of the following options option must be executed to success-fully migrate these users from EDM to production mode.

● Remove the users that are members of any administrative group from OpenScape. This option requires OpenScape Admin privileges.

● Provide additional permissions to the OpenScape Admin group to be able to set Open-Scape specific attributes of these users. In particular: Read access rights to: Public Info, RTCPropertySet, RTCUserSearchPropertySet, SiemensOSPropertySet and write access rights to the SiemensOSPropertySet. This option requires Domain Admin privileges.

To delete Admin Users from OpenScape, follow the instructions below:

1. Log on to any server in the domain being prepared with the <osinstaller> account or as a member of the OpenScape Admin group.

2. Copy the executable ConvertAdmins.exe and Interop.ActiveDS.dll from the OpenScape EPT folder on the CD to the OpenScape Server.

3. For help on the usage type ConvertAdmins /?.

4. On the command line, type ConvertAdmins /m DELETE /SQLSERVER <sqlserver> /L <logfile>.

5. All the OpenScape Users with AdminCount as 1 will be deleted from OpenScape.

6. Proceed to upgrade the system.

To grant permissions to the OpenScape Admin group and retains these users in OpenScape, follow the instructions below:

1. Log on to any server in domain being prepared as the Domain Administrator.



4. On the command line, type ConvertAdmins /m ADDACE /SQLSERVER <sqlserver> /L <logfile> /TRUSTEE “<Domain>\OpenScape Admin”, where <sqlserver> is the SQL Server’s hostname is the default instance is used, or <hostname\instance name> when a named SQL instance is used for HiPath OpenScape.This will give the appropriate permis-sions to the OpenScape Admin group to all OpenScape user which are members of any administrative group (adminCount attribute set to 1).

5. Proceed to migration.


5454EDM.fm

Nur für den internen Gebrauch Setting up OpenScape in Early Deployment Mode (EDM)MIgrating from EDM to Production Mode

6.5.3 Verifying the Migration from ADAM to Active Directory

To verify the schema extensions, see Section 7.3, “Verifying the Enterprise Schema Changes”.

To verify the migration of OpenScape data from ADAM to Active Directory:

● Using LDP or ADSI Edit navigate to an OpenScape user and verify that this user contains a SiemensOSEnabled attribute set to TRUE.



5454EDM.fm



5454Pmode.fm

Nur für den internen Gebrauch Setting Up a Forest in Production ModeRequirements

7 Setting Up a Forest in Production Mode

This section details the steps necessary to prepare the forest in production mode. Forest prep-aration is required to run OpenScape in Production Mode and must be done before domain and system preparation.

7.1 Requirements

The following files are used to set up a forest in production mode. They can be found in the OpenScape EPT folder.

● .Net Framework 1.1

● Forest functional level must be “Windows 2000 native” or “Windows Server 2003”. If the domain is in “mixed mode”, you need to raise its functional level to Windows 2000 native mode.

● ForestSetup.exe: Forest Preparation executable calling the forestprep.wsf script. This cre-ates a property set and Siemens enterprise global objects.

● Forestprep.wsf: Script used to import the schema definitions of the ldf file. The same script is also used for EDM mode.

● si_schema.ldf; Siemens Active Directory schema definitions. A detailed description of the new classes/attributes can be found in the Active Directory Reference in Chapter 5, “Active Directory Reference”.

7.2 Modifying the Enterprise Schema

1. Log on to the root domain controller as a user with schema administrator credentials.

2. Copy the si_chema.ldf, forestprep.wsf, ForestSetup.exe, and Siemens.EN.RTCB.Ad-cim.ADLib.dll files from the OpenScape EPT folder on the OpenScape CD.

3. Click Start->Run, then enter cmd.

4. Go to (cd) the directory location where the schema file (si_schema.ldf) is located.

5. Enter ForestSetup.exe /i /L prep.log.

6. Upon completion, close the prompt window.

You can verify whether the schema changes are applied to the all the child domains by following the instructions specified in the next section.

>Note: If ADAM is already installed in the forest with “SiemensOpenScapeEdmV2” name, then ADAM always gets the preference even after AD schema is extended and all OpenScape Systems are running in EDM mode.


Setting Up a Forest in Production Mode Nur für den internen Gebrauch

5454Pmode.fm

Verifying the Enterprise Schema Changes

7.3 Verifying the Enterprise Schema Changes

To view the user attributes in Active Directory, the “ADSI Edit” snap-in needs to be installed on your computer. It is part of the “SUPTOOLS.MSI”, which is located under “\EN-GLISH\WIN2003\ENT\SUPPORT\TOOLS” on the Windows 2003 Server disk.

● Add the ADSI Edit snap-in into MMC, or just run “adsiedit.msc”.

● Connect to the Schema Naming Context.

● Expand the Schema container and in the right pane look for the entries beginning with si-emens-OS. If these entries are not there, then the schema has not been extended.


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentPrerequisites

8 Preparing the OpenScape Environment

The network administrator must set up the Domain and System environments for OpenScape.

Domain Preparation is required only once for every domain where OpenScape will be in-stalled. It can also be run to repair the domain.

System Preparation is required once before every fresh installation of OpenScape. It can also be run again to repair the system, or to change some configuration options, such as changing the Logon user, installing LC Server on a different system etc.

Preparation can either be done manually or by using the Environment Preparation Tool. You must use only one method and cannot interchange once started.

8.1 Prerequisites

● Environment Preparation Tool only

● .NET Framework 1.1 should be installed on the PC where the Tool is run.

● Domain Administrator privileges are to required to run this Tool.

● The domain (root & resource) should be in native mode. If it is in mixed mode, you need to raise its functional level to native mode (using AD Domains and Trusts snap-in).

● Prior to Root Domain preparation, the forest preparation has to be completed. This is only true if the customer is installing in a production mode.

● Prior to Domain preparation, LC Server should already have been installed at least once in the domain.

● Prior to System preparation, LC Server should have already been installed for the particu-lar OpenScape system being prepared.

● For System Preparation, the “OpenScape Logon User” (the current user logged on when OpenScape is being installed), should be an existing Domain user.

8.2 Hints

● The default OpenScape Service account is set to OSsvc.

● The default OpenScape RTP account is set to <SystemID>OSRTP.

● The default OpenScape UNS account is set to <SystemID>OSUNS.

● The default OpenScape Web account is set to OSWeb.

● Environment Preparation Tool only:


Preparing the OpenScape Environment Nur für den internen Gebrauch

5454ept.fm

Overview

● The /PWD switch is mandatory for /D, /S and /MSS switches. The password pro-vided for this switch is applied to all accounts created during the Preparation step. If those accounts already exist, their password will be updated with the password provid-ed.

● If you cut and paste the command line input in the following pages to the CLI, there is a chance that the quotation marks, “, will not copy exactly which will cause the com-mand line to fail.

● During a V1 t oV2 upgrade, if there is more than one OpenScape System in the same do-main, the old OpenScape Service group has to remain as it is for V1 OpenScape system to co-exist with V2 OpenScape system. Therefore, the domain prep will automatically re-name the old group to “OpenScape Service V1” and copy all its members to the new group.

● After upgrading all OpenScape Systems in this domain to V2 the following groups and ac-counts are no longer needed:

● OpenScape Service V1 group

● Account <SystemID>OSsrv

Delete this group and account using the AD Users and Computers Snap-in.

8.3 Overview

This section lists the environment preparation steps to be followed in these scenarios:

● Installing the first OpenScape System into a Prepared Forest

● Installing the second OpenScape System into a Prepared Forest Upgrade

● Complex Setup

8.3.1 Installing the First OpenScape System into a Prepared Forest

This scenario corresponds to the Root Domain and Child Domain D1 of Figure 8-1.

Steps to follow:

● Forest Prep (Production Mode Only - refer to Chapter 7, “Setting Up a Forest in Pro-duction Mode”)

● Root Domain Prep (refer to Section 8.7 on page 8-9)

● Domain Prep – OS system (refer to Section 8.8, “OpenScape System Domain Prepa-ration and Verification”)

● Add Domain to Root Domain (refer to Section 8.10 on page 8-19)

● System Prep – OpenScape Server (refer to Section 8.13 on page 8-22)


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentOverview

● System Prep – RD (LCS Server) (refer to Section 8.14 on page 8-28)

● System Prep – Media Server (refer to Section 8.15 on page 8-30)

● System Prep – MCU (If located on separate system) (refer to Section 8.16 on page 8-33)

● System Prep – TFA (If located on separate system) (refer to Section 8.17 on page 8-35)

● System Prep – EDM (refer to Section 8.18 on page 8-38)

8.3.2 Installing the Second OpenScape System into a Prepared Forest Upgrade

This scenario corresponds to the Root Domain and Child Domain D1 of Figure 8-1.

Steps to follow:









5454ept.fm

Overview

8.3.3 Complex Setup

This OpenScape setup consists of 2 OpenScape systems in 2 domains. All users reside in a 3rd domain. See Figure 8-1.

Figure 8-1 Complex Setup - Domain Diagram

Steps to follow:

● Forest Prep (Production Mode Only - refer to Chapter 7, “Setting Up a Forest in Pro-duction Mode”)

● Root Domain Prep (refer to Section 8.7 on page 8-9)

● Domain Prep of D1– OS system (refer to Section 8.8, “OpenScape System Domain Preparation and Verification”, on page 8-12)

● Add Domain D1 to Root Domain (refer to Section 8.10 on page 8-19)





5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentOverview




● Domain Prep of D2– OS system (refer to Section 8.8, “OpenScape System Domain Preparation and Verification”, on page 8-12)


● Add Domain D2 to D1 (refer to Section 8.11 on page 8-20)








● Domain Prep of D3 – user only (refer to Section 8.9, “User Only Domain Preparation and Verification”)








5454ept.fm

Overview

8.3.4 Brief Description of Steps

Step Where to runcommand

Condition Cmd Mode*

Privileges

Forest Prep (refer to Chapter 7, “Setting Up a Forest in Pro-duction Mode”)

Refer to the schema deployment guide

Once for every forest Refer to the schema deploy-ment guide

Root Domain Prep Root Domain Once for every forest RD Root Domain Administrator

Domain Prep - OpenScape system

Child domain con-taining OpenScape systems

Once for every domain containing an Open-Scape system

D Domain Admin-istrator of the child domain

Add domain to Root Domain

Root Domain Once for every child domain that hosts OpenScape servers

RDM Root Domain Administrator

Cross Domain Memberships

Child Domain Once for every child domain that hosts OpenScape servers

DM Child Domain Administrator

Domain Prep - User Only Domain

Child Domain Once for every child domain that hosts OpenScape servers

DU Child Domain Administrator

System Prep - OpenScape Server

Child Domain con-taining OpenScape systems

Once before a fresh in-stallation of each OpenScape system in the domain

S Domain Admin-istrator of the child domain

System Prep - RD (LCS Server)

Child Domain con-taining RD systems

Once before a fresh in-stallation of each OpenScape system in the domain

RDS Domain Admin-istrator of the child domain

System Prep - Me-dia Server


Once before a fresh in-stallation of each MS system in the domain

MSS Domain Admin-istrator of the child domain

System Prep - MCU (if located on sepa-rate systems)


Once before a fresh in-stallation of each MCU system in the domain

MCUS Domain Admin-istrator of the child domain

Table 8-1 Step Description

* - Applicable only if using the Environment Preparation Tool


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentImportant

For a description of the Active Directory groups and accounts created during prepara-tion, refer to Appendix D, “Settings Changed by the Environment Preparation Tool”.

8.4 Important

● Proper sequencing should be followed for Root Domain, Domain and System Preparation.

● The Root Domain Preparation step should be done before the Domain Preparation step.

● The Domain Preparation including all add member steps should be done before the System Preparation step.

● The System Remove step should be done before the Domain Remove step

● DO NOT change the memberships/ rights of the accounts manually. In some cases, such changes are not easy to be reversed and might cause some component to stop functioning. Please use the EPT to change memberships/ permissions.

● Wait at least 5 minutes between successive Prep commands to allow the changes to be replicated.

● The validation step should always be executed prior to the preparation step. If the validation step indicates, that prep was already executed successfully, then the prep step should not be executed again.

● If multiple OS systems are deployed, removing of any root domain or domain prep will have the result that all systems must be re-installed again. Systems installed prior to this change will no longer function

● If multiple OpenScape components are installed on the same system, and un-prep is run for any of these components, preps for all other installed components should be re-run. E.g. if OpenScape Core and Routing Dispatcher are installed on the same server and the un-prep (using the /x option) for RD is run, then the System Prep step for OpenScape core should be re-run.

System Prep - TFA (if located on sepa-rate systems)


Once before a fresh in-stallation of each TFA system in the domain

TFAS Domain Admin-istrator of the child domain

System Prep - EDM (if located on sepa-rate systems)


Once before a fresh in-stallation of each EDM system in the domain

EDMS Domain Admin-istrator of the child domain

Step Where to runcommand

Condition Cmd Mode*

Privileges

Table 8-1 Step Description

* - Applicable only if using the Environment Preparation Tool



5454ept.fm

Using the Environment Preparation Tool

● The SystemID entered in the XML file should be limited to 11 characters.

8.5 Using the Environment Preparation Tool

This is a command line tool

1. Insert the OpenScape Installation Programs CD into the CD drive of where the OpenScape main will be installed.

2. Open the EPT folder, copy the following files to a folder: EnvironmentSetup.exe, Con-fig.xml, and InteropActiveDS.dll.

3. From the command line, change the location to the folder containing the above files, then type EnvironmentSetup /?.

4. The following command line options are displayed.

8.6 XML File for Environment Preparation

The XML file has sections for each step of the Environment Preparation:

- <EnvironmentPrep>

+ <ADConfig>

+ <RootDomainPrep>

+ <RootDomainAdd>


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentRoot Domain Preparation and Verification

+ <DomainPrep>

+ <DomainAdd>

+ <UserDomainPrep>

+ <SystemPrep>

+ <Trustees>

+ <RDSystemPrep>

+ <MSSystemPrep>

+ <MCUSystemPrep>

+ <TFASystemPrep>

+ <EDMSystemPrep>

</EnvironmentPrep>

The file is required for all steps, but only the system preparation steps require an update of the file in their specific section. To prepare or validate any Server in the OpenScape System, first Config.xml file needs to be edited with appropriate system information.

8.7 Root Domain Preparation and Verification

8.7.1 Preparation

8.7.1.1 Using the Environment Preparation Tool

Permissions required:

● The /i and /x options require Root Domain Admin Rights

● The /v option is available for all Domain users

Log on as the Domain Administrator of the Root Domain

Before doing Root Domain Preparation, please check the current status of the domain. For this type EnvironmentSetup /v /m “RD” /r config.xml /l prep.log.

The output on the command line will display the current status of the root domain.

The complete results are stored in the log file (prep.log as in this case).

>Note: If in EDM Mode, type EnvironmentSetup /v /m “RD” /r config.xml /l prep.log /EDM.



5454ept.fm

Root Domain Preparation and Verification

● Option 1:

If the root domain is correct and complete, the output will indicate “Validation Result: Ex-ists & Complete”.

In this case, the root domain does not need to be prepared again, and you can proceed to Domain Preparation.

● Option 2:

If the root domain is incorrect/ incomplete, the output will indicate “Validation Result: Ex-ists but Incomplete”.

In this case, the root domain needs to be prepared again.

Prepare the root domain.

● Option 3:

If the root domain is not prepared yet, the output will indicate “Validation Result: Does not exist”.

In this case, the root domain needs to be prepared. Type the following to prepare the root domain:

EnvironmentSetup /i /m “RD” /r config.xml /l prep.log

8.7.1.2 Manually

1. Open the Active Directory Users and Computers mmc snap-in.

2. Click View, then click Advanced Features.

3. Click View Users, then click Groups and Computers as Containers.

4. In the navigation pane, expand the icon representing the root domain and click Users.

Create a Domain Local group with name OpenScape Service.

5. In the navigation pane, right click the icon representing the root domain, click Properties, click Security and click Advanced.

a) Click Add.

b) Type OpenScape Service as the object name and click OK.

c) Click Properties, change “Apply onto” to User Objects.

d) In the Properties dialog box, check Read Public Information, then click OK.

>Note: If in EDM Mode, type EnvironmentSetup /i /m “RD” /r config.xml /l prep.log /EDM.


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentRoot Domain Preparation and Verification

e) Repeat steps ato d for the following additional Properties:

Read RTCPropertySet

Read RTCUserSearchPropertySet

Read & Write SiemensOSPropertySet (Skip this for EDM Mode)

Click OK twice.

6. In the navigation pane, right click the icon representing the root domain, click Properties, then click Security.

Click Add, then type OpenScape Service. In the permissions for OpenScape Service frame, select Replicate Directory changes. Click OK.

7. In the navigation pane, expand System, Microsoft, RTC Service.

Right-click Global Settings, then click Properties and Security.

Click Add, then enter OpenScape Service.

In the permissions for OpenScape Service frame, select Read, then click OK.

8. In the navigation pane, expand System, Siemens. (Skip this step for EDM Mode)

Right-click OpenScape Global Settings, click Properties then Security and Advanced.

a) Click Add, type OpenScape Service, then click OK.

b) In the Apply onto tab, select This object and all child objects.

c) In the permissions frame, check the following permissions:

● Read All Properties

● Write All Properties

● Create all child objects

● Delete all child objects

d) Click OK.

8.7.2 Verification


2. Click View, then click Advanced Features.





5454ept.fm

OpenScape System Domain Preparation and Verification

Verify that the following group is created - OpenScape Service.

5. In the navigation pane, right click the icon representing the root domain, click Properties, click Security and click Advanced.

Verify that the OpenScape Service group has the following permissions:

● Read Public Information for user objects

● Read RTCPropertySet

● Read RTCUserSearchPropertySet

● Read, Write & Delete SiemensOSPropertySet (Skip this verification for EDM Mode)

● Replicate Directory Changes

Click OK twice.

6. In the navigation pane, right click the icon representing the root domain, click Properties, then click Security.

Click Add, then type OpenScape Service. In the permissions for OpenScape Service frame, select Replicate Directory changes. Click OK.

7. In the navigation pane, expand System, Microsoft, RTC Service.

Right-click Global Settings, then click Properties and Security.

Verify that the OpenScape Service group has Read permissions.

8. In the navigation pane, expand System, Siemens. (Skip this step for EDM Mode)

Right-click OpenScape Global Settings, click Properties then Security and Advanced.


● Read All Properties

● Write All Properties

● Create all child objects

● Delete all child objects

8.8 OpenScape System Domain Preparation and Verification

8.8.1 Domain Preparation


Log on to the child domain being prepared.


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentOpenScape System Domain Preparation and Verification


● The /i and /x option require Domain Admin Rights for this domain.

● The /v option is available for all Domain users.

Before doing Domain Preparation, please check the current status of the domain. For this type EnvironmentSetup /v /m “D” /r config.xml /l prep.log.

The output on the command line will display the current status of the domain.


● Option 1:

If the domain is correct and complete, the output will indicate “Validation Result: Exists & Complete”.

In this case, the domain does not need to be prepared again, and you can proceed to Root Domain Membership Preparation.

● Option 2:

If the domain is incorrect/ incomplete, the output will indicate “Validation Result: Exists but Incomplete”.

In this case, the domain needs t o be prepared again. In this case the existing group will be renamed. If there is more than one OpenScape System in the same domain, the old OpenScape Service group has to remain as it is. Therefore, the domain prep will automat-ically rename the old group to “OpenScape Service V1” and copy all its members to the new group. The group should be deleted after all OpenScape systems in the domain are upgraded to V2.

Prepare the domain.

● Option 3:

If the domain is not prepared yet, the output will indicate “Validation Result: Does not Ex-ist”.

In this case, the domain needs to be prepared. Type the following to prepare the domain

EnvironmentSetup /i /m “D” /r config.xml /l prep.log /pwd <password>.

>Note: If in EDM Mode, type EnvironmentSetup /v /m “D” /r config.xml /l prep.log /EDM.

>Note: If in EDM Mode, type EnvironmentSetup /i /m “D” /r config.xml /l prep.log /pwd <password> /EDM.



5454ept.fm

OpenScape System Domain Preparation and Verification

8.8.1.2 Manually


2. Click View->Advanced Features.


4. In the navigation pane, expand the icon representing the resource domain and click Users.

a) Create a Domain Local group with the name OpenScape User.

b) Create a Domain Local group with the name OpenScape Admin. Make this group a member of OpenScape User.

c) Create a Domain Local group with the name OpenScape Service. Make this group a member of OpenScape User and OpenScape Admin.

d) Create a user with the name OSsvc. Check the option password never expires. Make this user a member of OpenScape Service, OpenScape User, and RTCDomai-nUserAdmins.

e) Create a user with the name OSWeb. Check the option password never expires. Make this user a member of OpenScape Service and OpenScape User.

f) Right-click OpenScape User, click Properties, then click Security. Click Add and type OpenScape Admin. Check Full Control, then click OK.

g) Right-click OpenScape User, click Properties, then click Security. Click Add and type OpenScape Service. Check Full Control, then click OK.

h) Right-click OpenScape Admin, click Properties, then click Security. Click Add and type OpenScape Service. Check Full Control, click OK.

i) Right-click OSsvc, click Properties, then click Security. Click Advanced. Click Add, type OSsvc, then click OK. Check Read All Properties & Write All Properties.Set Apply Onto this object only. Click OK three times.

5. In the navigation pane, right click the icon representing the resource domain, click Securi-ty, then click Advanced.

a) Click Add.




e) Repeat steps a to d for the following additional Properties:



5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentOpenScape System Domain Preparation and Verification


● Read & Write SiemensOSPropertySet (Skip this for EDM Mode)

f) Click Add.

g) Type OpenScape Admin as the object name and click OK.

h) Click Properties, change “Apply onto” to User Objects.

i) In the Properties dialog box, check Read Public Information, then click OK.

j) Repeat steps f to i for the following additional Properties:



● Read SiemensOSPropertySet (Skip this for EDM Mode)

k) Click OK twice.

l) In the navigation pane, right click the icon representing the resource domain, click Properties, then click security.

m) Click Add, then type OpenScape Service. In the permissions for OpenScape Service frame, select Replicate Directory changes. Click OK.

8.8.2 Verification



3. In the navigation pane, expand the icon representing the resource domain and click Users. Verify that the following groups are created:

● OpenScape Admin – Member of OpenScape User

● OpenScape Service – Member of OpenScape User, OpenScape Admin

● OpenScape User

Verify that the following accounts are created:

● OSsvc – Member of OpenScape Service, OpenScape User, RTCDomainUserAdmins

● OSWeb – OpenScape Service, OpenScape User

Right-click OpenScape User, click Properties, then click Security. Verify that OpenScape Admin and OpenScape Service have full control.



5454ept.fm

User Only Domain Preparation and Verification

Right-click OpenScape Admin, click Properties, then click Security. Verify that Open-Scape Service has full control.

Right-click OSsvc, click Properties, then click Security. Click Advanced. Verify that OSs-vc has Read/ Write access to all its properties.

4. In the navigation pane, right click the icon representing the resource domain, click Securi-ty, then click Advanced.





● Read, Write SiemensOSPropertySet (Skip this verification for EDM Mode)


Verify that the OpenScape Admin group has the following permissions:




● Read SiemensOSPropertySet (Skip this verification for EDM Mode)

8.9 User Only Domain Preparation and Verification

8.9.1 Domain Preparation


A USER ONLY domain is a domain without any OpenScape system which contains only LC users.

Log on to the child domain being prepared.


● The /i and /x option require Domain Admin Rights for this domain.


Before doing Domain Preparation, please check the current status of the domain. For this type EnvironmentSetup /v /m “DU” /r config.xml /l prep.log.


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentUser Only Domain Preparation and Verification



● Option 1:


In this case, the domain does not need to be prepared again, and you can proceed to Root Domain Membership Preparation.

● Option 2:


In this case, the domain needs t o be prepared again.

Type EnvironmentSetup /x /m “DU” /r config.xml /l prep.log.

Prepare the domain.

● Option 3:

If the domain is not prepared yet, the output will indicate “Validation Result: Does not Ex-ist”.

In this case, the domain needs to be prepared. Type the following to prepare the domain

EnvironmentSetup /i /m “DU” /r config.xml /l prep.log.

8.9.1.2 Manually




>Note: If in EDM Mode, type EnvironmentSetup /v /m “DU” /r config.xml /l prep.log /EDM.

>Note: If in EDM Mode, type EnvironmentSetup /x /m “DU” /r config.xml /l prep.log /EDM.

>Note: If in EDM Mode, type EnvironmentSetup /i /m “DU” /r config.xml /l prep.log /EDM.



5454ept.fm

User Only Domain Preparation and Verification


Create a Domain Local group with the name OpenScape Service.

5. In the navigation pane, right click the icon representing the user domain, click Security, then click Advanced.

a) Click Add.




e) Repeat steps a to d for the following additional Properties:



● Read & Write SiemensOSPropertySet (Skip this for EDM Mode)

f) Click OK twice.

g) In the navigation pane, right click the icon representing the resource domain, click Properties, click then security.

h) Click Add, type OpenScape Service. In the permissions for OpenScape Service frame, select Replicate Directory changes. Then click OK.

8.9.2 Verification




4. In the navigation pane, expand the icon representing the resource domain and click Users. Verify that the following groups are created:

● OpenScape Service

5. In the navigation pane, right click the icon representing the user domain, click Security, then click Advanced.





5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentRoot Domain Membership and Verification


● Read, Write & Delete SiemensOSPropertySet (Skip this verification for EDM Mode)


8.10 Root Domain Membership and Verification

Log on to the Root domain.

8.10.1 Membership



● The /i and /x option require Root Domain Admin Rights.


Before doing Domain Preparation, please check the current status of the domain. For this type EnvironmentSetup /v /m “RDM” /r config.xml /l prep.log /DOMAIN <domain-name>.

The format of the domain-name should be in NetBios format (e.g. PLUS).



● Option 1:


In this case, the domain does not need to be added again, and you can proceed to Domain Membership Preparation (if necessary) or System Preparation.

● Option 2:


In this case, the domain needs to be prepared again.

● Option 3:

If the domain is not added yet, the output will indicate “Validation Result: Does not Exist”.

In this case, the domain needs to be added. Type the following to add the domain

EnvironmentSetup /i /m “RDM” /r config.xml /l prep.log /DOMAIN <domain-name>.



5454ept.fm

Domain Membership and Verification

8.10.1.2 Manually





Add the OSsvc account from the child domain to the OpenScape Service group of the root domain.

8.10.2 Verification





Verify that the OpenScape Service group has the following member:

● <Child Domain-name>\OSsvc

8.11 Domain Membership and Verification

Log on to the Child domain that provides membership.

8.11.1 Domain Membership



● The /i and /x option require Domain Admin Rights for the domain the member is added to.


Before doing Domain Preparation, please check the current status of the domain. For this type EnvironmentSetup /v /m “DM” /r config.xml /l prep.log /DOMAIN <domain-name>.



● Option 1:


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentDomain Membership and Verification


In this case, the domain does not need to be added again, and you can proceed to System Preparation.

● Option 2:


In this case, the domain needs to be prepared again. Type the following to remove the in-correct configuration:

EnvironmentSetup /x /m “DM” /r config.xml /l prep.log /DOMAIN <domain-name>

Add the domain again.

● Option 3:

If the domain is not added yet, the output will indicate “Validation Result: Does not Exist”.

In this case, the domain needs to be added. Type the following to add the domain

EnvironmentSetup /i /m “DM” /r config.xml /l prep.log /DOMAIN <domain-name>.

8.11.1.2 Manually



3. Click View->Users, Groups and Computers as Containers.


Add the OSsvc account from the other domain to the OpenScape Service group of this do-main.

8.11.2 Verification



3. Click View->Users, Groups and Computers as Containers.


Verify that the OpenScape Service group has the following member:

● <Other Domain-name>\OSsvc



5454ept.fm

XML File for System Preparation

8.12 XML File for System Preparation

The XML file section “Trustees” requires entries for each type of system prep.

The account name used to install any part of the OpenScape System needs to be entered into the Trustee section with the <Type>Installer. In this case the OpenScape Installer account is OSInstaller. Do not change entries for other types of Trustees.

<Trustee>



<Name>OSInstaller</Name>

<Type>Installer</Type>

</Trustee>

XML Notepad or any Xml editor can be used to edit the file. Save the file.

8.13 OpenScape System Preparation and Verification

Log on to any PC in the Child domain where the OpenScape system will be installed.

8.13.1 System Preparation



● The /i and /x option require Domain Admin Rights for this domain and local admin rights on the OpenScape servers.


To prepare/validate the OpenScape System, edit the Config.xml file as follows:

+ <Trustees> (see Section 8.12)

+ <SystemPrep>

To update the SystemPrep section, find the “OpenScapeCore” sub-section and enter the host names for the OpenScape Server, the SQL Server and the LC Server host name (one of the existing LCS used with this OpenScape). In this example, it is BYRD as well:

<OpenScapeCore>



<HostName domain=''>BYRD</HostName>


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentOpenScape System Preparation and Verification



<SQLHost domain=''>BYRD</SQLHost>



<LCServer domain=''>BYRD</LCServer>

<- provide the SystemID -->

<SystemID>BYRD</SystemID>

<OpenScapeCore>


Before doing System Preparation, please check the current status of the system. For this type

EnvironmentSetup /v /m “s” /r config.xml /l prep.log.



● Option 1:

If the system is correct and complete, the output will indicate “Validation Result: Exists & Complete”.

In this case, the system does not need to be prepared again, and the environment is set to install OpenScape.

● Option 2:

If the system is incorrect/incomplete, the output will indicate “Validation Result: Exists but Incomplete”.

In this case, the system needs to be prepared again.

● Option 3:

If the system has not been prepared yet, the output will indicate “Validation Result: Does not Exist”.

Type the following to prepare the OpenScape system:

EnvironmentSetup /i /m “s” /r config.xml /l prep.log /pwd <password>.

NOTE: The /pwd switch is mandatory for OpenScape System preparation; please enter this password in Table 3-14 on page 3-10.



5454ept.fm

OpenScape System Preparation and Verification

8.13.1.2 Manually



3. Click View->Users->Groups and Computers as containers.


a) Create a user with the name <systemID>OSUNS.

Check the option Password never expires. Make this user a member of OpenScape Service and OpenScape User.

In the Properties window of this user, click the Live Communications tab. Check En-able Live Communications for this user and provide a Home Server and SIP URI.

b) Create a user with the name <systemID>OSRTP.

Check the option Password never expires. Make this user a member of OpenScape User.

In the Properties window of this user, click the Live Communications tab. Check En-able Live Communications for this user and provide a Home Server and SIP URI.

c) Make the <installer> account a member of OpenScape Admin, OpenScape Service and RTCDomainUserAdmins.

5. Open the ADSIEdit mmc and connect to the resource domain.

In the navigation pane, expand the icon representing the domain and click Computers.

a) Right click the OpenScape Server, click New, then click Object. Select class service-ConnectionPoint, type Siemens OpenScape as the name and click Finish.

b) Right click Siemens OpenScape, click Properties, then Security.

c) Select Authenticated users, check Read and click Apply.

d) Click Add, type OpenScape Service, click OK, check Full Control and click Apply.

e) Click Add, type the <installer> account name, click OK, check Full Control and click OK.

6. In the AD Users & Computers mmc, right click OpenScape Server, click Manage, then Local Users and Groups, and groups.

a) Right click Administrators. Click Add to group.

b) Add the following members:

● OpenScape Admin


5454ept.fm


● OSsvc

● Installer account

● <SystemID>OSUNS

c) Right click IIS_WPG. Click Add to group.

d) Add the following members:

● OSsvc

● OSWeb

7. On the Computer Management window, click Services and Applications, right click WMI control, click Properties and then Security.

● To create the Root\Siemens\RTCB namespace:

a) Start wbemtest.exe.

b) Click Connect, enter root in Namespace and click Connect.

c) Click Enum Instances..., enter __NAMESPACE and click OK.

d) In Query Result Window click Add, scroll down and double-click the Name entry in the list view.

e) In Property Editor select Not NULL and enter value Siemens, click Save Proper-ty.

f) In Object Editor window click Save Object.

g) Close Query Result window.

h) Click Connect, enter root\Siemens in Namespace and click Connect.

i) Click Enum Instances..., enter __NAMESPACE and click OK.

j) In Query Result Window click Add, scroll down and double-click the Name entry in the list view.

k) In Property Editor select Not NULL and enter value RTCB, click Save Property.

l) In Object Editor window click Save Object.

m) Close Query Result window.

● To set permissions on root\Siemens\RTCB namespace:

a) On the Computer Management window, click Services and Applications, right click WMI control, click Properties and then Security.

b) Expand folder view and select Root->Siemens->RTCB.



5454ept.fm

OpenScape System Preparation and Verification

c) Click Security.

d) In Security dialog window Click Add... and enter OpenScape Service, then click OK.

e) Select OpenScape Service and check all possible Allow checkboxes, then click Apply.

f) In Security dialog window Click Add... and enter OpenScape Admin, then click OK.

g) Select OpenScape Admin and check all possible Allow checkboxes, click Apply.

h) Select Everyone and check the Deny checkboxes which have the grayed out Al-low checkbox checked (these should be Execute Methods, Provider Write and Remote Enable).

i) Click OK.

● To set permissions on root\CIMV2 namespace:

a) On the Computer Management window, click Services and Applications, right click WMI control, click Properties and then Security.

b) Expand folder view and select Root->CIMV2.

c) Click Security.

d) In Security dialog window, click Add... and enter OpenScape Service, then click OK.

e) Select OpenScape Service and check all possible Allow checkboxes, click Ap-ply

f) In Security dialog window, click Add... and enter 'OpenScape Admin, then click OK.

g) Select OpenScape Admin and check all possible Allow checkboxes.

h) Click OK.

8. In the navigation pane, click Computers. Right click the SQL Server, then click Manage.

In the Computer Management window click Local Users and Groups, click groups.





5454ept.fm


8.13.2 Verification




4. In the navigation pane, expand the icon representing the resource domain and click Users. Verify that the following SIP-enabled accounts have been created:

● <systemID>OSUNS: Member of OpenScape Service, OpenScape User

● <systemID>OSRTP: Member of OpenScape User

Verify that the <installer> account is a member of the OpenScape Admin, OpenScape Ser-vice and RTCDomainUserAdmins groups.

5. In the navigation pane, click Computers, then click the OpenScape Server.

Verify that the Siemens OpenScape container has been created. Right click Siemens OpenScape, click Properties, then Security and Advanced.

Verify that Authenticated Users have Read permissions on this object and all child ob-jects.

Verify that the OpenScape Service and the Installer account have full control.

6. In the AD Users & Computers mmc, right click OpenScape Server, click Manage, then Local Users and Groups, and groups.

Verify that the following are members of the local Administrators group:

● OpenScape Admin

● OSsvc


● <SystemID>OSUNS

Verify that the following are members of the local IIS_WPG group:

● OSsvc

● OSWeb


Verify that the OpenScape Service group and OpenScape Admin group have full control over the Root\cimv2 namespace and Root\Siemens\RTCB namespace.

Verify that Everyone is denied Inherited rights over the Root\Siemens\RTCB namespace.



5454ept.fm

Routing Dispatcher/LCS System Preparation and Verification

8. In the navigation pane, click Computers. Right click the SQL Server, then click Manage.

In the Computer Management window click Local Users and Groups, click groups.

Verify that the installer account is a member of the local Administrators group on the SQL server.

8.14 Routing Dispatcher/LCS System Preparation and Verification

Log on to any PC in the Child domain where the Routing Dispatcher will be installed.








+ <RDSystemPrep>

To update the RDSystemPrep section, find the RDServer sub-section and enter the host names for the LC Server. In this example, BYRD is the LCS hostname:



<RDServer>

<RDServerName>>BYRD<RDServerName>

</RDServer>



EnvironmentSetup /v /m “RDS” /r config.xml /l prep.log.



● Option 1:


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentRouting Dispatcher/LCS System Preparation and Verification


In this case, the system does not need to be prepared again, and the environment is set to install OpenScape.

● Option 2:



● Option 3:



EnvironmentSetup /i /m “RDS” /r config.xml /l prep.log.

8.14.1.2 Manually




4. In the navigation pane, click Computers, then click the RD/LC Server (only if the RD is not on the OpenScape server).

Repeat step 5 on page 8-24 for the RD server.

5. Right click RD/LC Server, click Manage, then Local Users and Groups, then groups.



● OpenScape Admin

● OSsvc


c) Right click RTC Server Applications. Click Add to group.

d) Add the following members:

● OSsvc



5454ept.fm

Media Server System Preparation and Verification

6. On the Computer Management window, click Services and Applications, right click WMI control, click Properties and then Security. (only if the RD is not on the Open-Scape server)

Repeat step 7 on page 8-25.

8.14.2 Verification




4. In the navigation pane, click Computers, then click the RD/LC Server.

Verify that the Siemens OpenScape container has been created.

Right click Siemens OpenScape, click Properties, then Security and Advanced.



5. Right click RD/LC Server, click Manage, then Local Users and Groups, then groups.


● OpenScape Admin

● OSsvc


Verify that the following are members of the RTC Server Applications group:

● OSsvc




8.15 Media Server System Preparation and Verification

Log on to any PC in the Child domain containing the Media Server.


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentMedia Server System Preparation and Verification








+ <MSSystemPrep>

To update the MSSystemPrep section, find the MSServer sub-section and enter the host names for the Media Server. In this example, HELIX is the Media Server hostname:



<MSServer>

<MSServerName>>HELIX<MSServerName>

</MSServer>



EnvironmentSetup /v /m “MSS” /r config.xml /l prep.log.



● Option 1:


In this case, the MS system does not need to be prepared again, and the environment is set to install OpenScape.

● Option 2:



● Option 3:



5454ept.fm

Media Server System Preparation and Verification



EnvironmentSetup /i /m “MSS” /r config.xml /l prep.log /pwd <password>

8.15.1.2 Manually





a) Create Xa user with the name <systemID>SiemensCR.

b) Check the option Password never expires. Make this user a member of OpenScape User.

c) In the Properties window of this user, click the Live Communications tab. Check En-able Live Communications for this user and provide a Home Server and SIP URI.

d) Repeat steps a to c for the other three accounts:

● <systemID>SiemensIC

● <systemID>CRDirect

● <systemID>CRForward

5. In the navigation pane, click Computers, then right click the MS Server. Click Manage. On the Computer Management window, click Local Users and Groups, then groups.



● OSsvc





5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentMCU System Preparation and Verification

8.15.2 Verification




4. In the navigation pane, expand the icon representing the resource domain and click Users. Verify that the following SIP-enabled accounts have been created:

● <systemID>SiemensCR: Member of OpenScape User

● <systemID>SiemensIC: Member of OpenScape User

● <systemID>CRDirect: Member of OpenScape User

● <systemID>CRForward: Member of OpenScape User

5. In the navigation pane, click Computers, then right click the MS Server. Click Manage. On the Computer Management window, click Local Users and Groups, then groups.


● OSsvc





8.16 MCU System Preparation and Verification

Log on to any PC in the Child domain containing the MCU server.








5454ept.fm

MCU System Preparation and Verification



+ <MCUSystemPrep>

To update the MCUSystemPrep section, find the MCUServer sub-section and enter the host names for the MCU. In this example, BYRD is the MCU hostname:



<MCUServer>

<MCUServerName>>BYRD<MCUServerName>

</MCUServer>



EnvironmentSetup /v /m “MCUS” /r config.xml /l prep.log.



● Option 1:


In this case, the MCU system does not need to be prepared again, and the environment is set to install MCU.

● Option 2:



● Option 3:



EnvironmentSetup /i /m “MCUS” /r config.xml /l prep.log


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentTFA System Preparation and Verification

8.16.1.2 Manually




4. In the navigation pane, click Computers, then right click the MCU Server. Click Manage. On the Computer Management window, click Local Users and Groups, then groups.



● OSsvc




8.16.2 Verification




4. In the navigation pane, click Computers, then right click the MCU Server. Click Manage. On the Computer Management window, click Local Users and Groups, then groups.


● OSsvc





8.17 TFA System Preparation and Verification

Log on to any PC in the Child domain containing the TFA server.



5454ept.fm

TFA System Preparation and Verification








+ <TFASystemPrep>

To update the TFASystemPrep section, find the TFAServer sub-section and enter the host names for the TFA. In this example, BYRD is the TFA hostname:



<TFAServer>

<TFAServerName>>BYRD<TFAServerName>

</TFAServer>



EnvironmentSetup /v /m “TFAS” /r config.xml /l prep.log.



● Option 1:


In this case, the TFA system does not need to be prepared again, and the environment is set to install OpenScape TFA.

● Option 2:



● Option 3:


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentTFA System Preparation and Verification



EnvironmentSetup /i /m “TFAS” /r config.xml /l prep.log

8.17.1.2 Manually




4. In the navigation pane, expand the icon representing the resource domain. Click Comput-ers, then click the TFA Server. (only if TFA is not on the OpenScape Server)

Repeat step 5 on page 8-24 for the TFA server.

5. In the navigation pane, click Computers. Right click the TFA Server, then click Manage. On the Computer Management window, click Local Users and Groups, then groups.



● OSsvc




8.17.2 Verification




4. In the navigation pane, expand the icon representing the resource domain. Click Comput-ers, then click the TFA Server.





5454ept.fm

EDM System Preparation and Verification



5. In the navigation pane, click Computers. Right click the TFA Server, then click Manage. On the Computer Management window, click Local Users and Groups, then groups.


● OpenScape Admin





8.18 EDM System Preparation and Verification

Perform this only if the customer is using the EDM mode.

Log on to any PC in the Child domain containing the TFA server.








+ <EDMSystemPrep>

To update the EDMSystemPrep section, find the EDMServer sub-section and enter the host names for the EDM. In this example, BYRD is the EDM hostname:



<EDMServer>


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentEDM System Preparation and Verification

<EDMServerName>>BYRD<EDMServerName>

</EDMServer>



EnvironmentSetup /v /m “EDMS” /r config.xml /l prep.log.



● Option 1:


In this case, the EDM system does not need to be prepared again, and the environment is set to install OpenScape EDM.

● Option 2:


In this case, the EDM system needs to be prepared again.

● Option 3:



EnvironmentSetup /i /m “EDMS” /r config.xml /l prep.log

8.18.1.2 Manually




4. In the navigation pane, expand the icon representing the resource domain. Click Comput-ers, then click the EDM Server.

a) Open the ADSIEdit mmc and connect to the resource domain.

b) In the navigation pane, expand the icon representing the domain and click Comput-ers.



5454ept.fm


c) Right click the EDM Server, click New, then click Object. Select class serviceCon-nectionPoint, type Siemens OpenScape as the name and click Finish.

d) Right click the EDM Server, click Properties, then Security.

e) Select Authenticated users, check Read and click Apply.

f) Click Add, type OpenScape Service, click OK, check Full Control and click Apply.

Click Add, type the <installer> account name, click OK, check Full Control and click OK.

5. In the navigation pane, click Computers. Right click the EDM Server, then click Manage. On the Computer Management window, click Local Users and Groups, then groups.



● OSsvc

● OpenScape Admin




8.18.2 Verification




4. In the navigation pane, expand the icon representing the resource domain. Click Comput-ers, then click the EDM Server.




Right click the EDM Server. Click Properties, then Security, then Advanced.


5. In the navigation pane, click Computers. Right click the EDM Server, then click Manage. On the Computer Management window, click Local Users and Groups, then groups.


5454ept.fm

Nur für den internen Gebrauch Preparing the OpenScape EnvironmentEDM System Preparation and Verification


● OSsvc

● OpenScape Admin







5454ept.fm



5454ioas.fm

Nur für den internen Gebrauch Installing OpenScapePre-Installation Check

9 Installing OpenScape

This chapter describes the procedures for installing OpenScape.

9.1 Pre-Installation Check

9.1.1 Raising the Domain Functionality

OpenScape requires installation in a domain that is at native functionality mode or higher.

By default, when a Windows 2000 Server or Windows Server 2003 DC is installed, it is created in mixed-mode. OpenScape requires an installation in a domain that is at native-mode or high-er. This requirement provides additional security features such as the enhanced scope of the Domain Local Security Group.

Raising the domain functionality is a manual step that must be performed with an account that possesses Domain Administrator privilege. To raise the domain functionality:

1. Select the target domain in Active Directory Domains and Trusts console.

2. Right-click and select Raise Domain Functional Level.

9.1.2 Synchronizing the Time

The system time of all servers that OpenScape is a part of must be synchronized for security mechanisms to work and have the ability to correlate maintenance information such as error logs, call records, and trace information.

>You cannot operate the OpenScape system during installation.

OpenScape installation, does not require shutting down (restarting) the customer’s infrastructure (such as Domain Controller, Active Directory and Exchange) or LC Server components.

7Warning

This step cannot be reversed!

>If it is not possible to raise the functionality of a production domain, create a new re-source domain for OpenScape. This resource domain is a new child domain in the forest, which has been elevated to native-mode and contains the OpenScape Serv-ers (Application. Conferencing, Media, and LCS). This resource domain need not have any OpenScape users in it.


Installing OpenScape Nur für den internen Gebrauch

5454ioas.fm

Pre-Installation Check

Ensure that the LC Server also has synchronized time since it is based on the same authenti-cation protocol,

To synchronize the time:

1. Go to the Microsoft website for the procedures to synchronize the time.

2. Ensure that the maximum time difference should be sub-second and must be below five seconds.

9.1.3 Windows Server 2003 Terminal Services

The Windows Server 2003 Terminal Services is a standard feature of Windows Server 2003. It is installed by default. It has two modes: Remote Administration Mode and Application Server Mode. Both modes are supported by the Terminal Services service in the Services console.

Regardless whether you are running the Terminal Services in the Remote Administration mode or the Application Server mode, the Terminal Service service is always running. This service does not impact OpenScape installation.

Customers and VARs/SIs/companies responsible for installing OpenScape must evaluate the need to install and running OpenScape on a Terminal Server. If the requirements are to install and maintain OpenScape remotely, the tasks can be accomplished through the Terminal Ser-vices in Remote Administration mode. If you are running the Terminal Services in the Applica-tion Server mode simply because you would like to install and maintain OpenScape remotely, you would need to convert the system back to a standard server by removing the “Terminal Server” component in the Add/Remove Programs wizard, setup Terminal Services in Remote Administration Mode, and install OpenScape.

Reference Material: Mastering Windows Server 2003, Mark Minasi

http://www.microsoft.com/windowsserver2003/techinfo/overview/termserv.mspx

9.1.3.1 Remote Administration Mode

The Remote Administration Mode is first introduced in Windows XP Professional. It allows the system to be login remotely using the Remote Desktop Connection (RDC) program. To accept an incoming connection, you must enable the Remote Desktop feature by going to Control Pan-el, System, Remote tab, and enable the Allow users to connect remotely to this computer” checkbox.

The Remote Administration is what we use to connect to our office PC remotely from home and other office locations.

>For a server running Windows 2003, time synchronization is automatic and thus no need to do steps below.


5454ioas.fm

Nur für den internen Gebrauch Installing OpenScapePre-Installation Check

OpenScape installation through Remote Administration is supported. OpenScape is able to be installed on a standard server remotely through RDC.

9.1.3.2 Application Server Mode

The other function of the Terminal Services is to convert a standard server into a Terminal Serv-er (Application Server.) To do that, the Windows component, “Terminal Server”, must be added in the Add/Remove Program Wizard. After the “Terminal Server” is added and the system is rebooted, all logins (locally and remotely) are running in Terminal Server sections. Remote us-ers are able to share use programs installed on the Terminal Server.

The Terminal Server is configured and used in places where data processing is preferred on the server. Normally, programs installed on the Terminal Server are used by users every day. Some examples are AutoCAD, PhotoShop, etc.

9.1.3.3 Terminal Services service

Regardless whether you are running the Terminal Services in the Remote Administration mode or the Application Server mode, the Terminal Service service is always running. This service does not impact OpenScape installation.

9.1.4 Setting Up User and Administrator Cross-Functionality

Cross-functionality is the ability of administrative accounts in one domain to administer other domains. User and Administrator cross-functionality may be enabled in multi-domain environ-ments. This recommendation is primarily for ease of administration and portability of users within the domains but may conflict with the customer’s security polity and is not necessary for OpenScape functionality.

Cross-user rights is the ability of an ordinary user account in one domain to have user rights in other domains.

To provide for cross-administration, add the Domain Admins global group from each domain into the Administrators local group in each other domain.

To provide for cross-user rights, add the Domain Users global group from each domain into the Users local group in each other domain.

7Warning

OpenScape installation in a Terminal Server is NOT supported. Installation scripts running in the Terminal Server section fail due to security access reasons.



5454ioas.fm

Pre-Installation Check

9.1.5 Firewall Requirements

The firewall must be configured to publish the web site to direct web requests to the OpenScape server. Also, for access from the outside, the proper ports for http and https must be opened (80 and 443, respectively).

9.1.5.1 Portal Access

In a customer environment, there may be a need for a user to access their portal through the internet. This requires going through a firewall.

To enable this capability, the firewall needs to be able to configure server certificates. A certifi-cate is required for a proxy, that is, if the HTTPS is bridged ending up with one HTTPS connec-tion from the browser to the proxy and one HTTPS connection from the proxy to the portals Web application.

If there is no proxy, HTTPS is tunneled directly from the browser to the portals Web application. This is not secure and is not recommended.

9.1.5.2 OpenScape Management Console

HiPath OpenScape is managed through WMI which uses RPC (Remote Procedure Calls) to access the OpenScape Server. Therefore, OpenScape could be managed through a firewall by configuring RPC Dynamic Port Allocation. Refer to Microsoft Knowledge Base Article 154596 for more information. It is recommended to use an application like Remote Desktop to connect to a server within the firewall instead of allowing RPC calls through the firewall for security rea-sons.

9.1.6 Virus Detection

Virus scans consume the central processing unit (CPU). McAfee VirusScan Enterprise Version 7.0.0 can be configured to scan all files with 50% CPU utilization and to prompt for action when a virus is found.

9.1.7 Account Check

Logon with the <osinstaller> account before starting installation. This account is a domain user account which must be pre-assigned by your domain administrator as the account to install OpenScape on the designated OpenScape computer. If you are not sure that this has been done, contact the domain administrator.

>In a customer environment, it is important that virus detection software is installed on the servers. It is the customer’s responsibility to select, install, and configure virus detection software.


5454ioas.fm

Nur für den internen Gebrauch Installing OpenScapeVerifying the Server Infrastructure

Refer to Appendix F for tools, utilities and hints for installing OpenScape.

9.2 Verifying the Server Infrastructure

This is the first step in preparing for the installation of the OpenScape system to ensure that it meets the OpenScape requirements.

To verify the server infrastructure:

1. Confirm the topology of the OpenScape system. Refer to the OpenScape Project Planning Guide).

2. Verify that the infrastructure components (Exchange, AD) are the appropriate versions. Re-fer to Section 3.2, “Infrastructure Requirements”, on page 3-1.

Refer to the OpenScape Project Planning Guide for information about topology.

3. Confirm that the users exist in AD and map, based on topology, to the planned OpenScape users.

4. Verify that the LC Server has been prepared with the Environment Preparation Tool by the domain administrator. As part of this preparation, the <osinstaller> account is assigned to the LC Server computer as a local administrator. If you are not sure this was done or what account to use, contact the domain administrator.

5. If MSSQL is located on a separate server than OpenScape, then nothing needs to be done; otherwise, the OpenScape server needs to have MSDE installed from the 3rd party CD (re-fer to Section 3.2.2.1 on page 3-2).

9.3 Installing the OpenScape Routing Dispatcher

The RD must be installed on all LC Servers that service OpenScape.

>The network topology at the customer site is the responsibility of the customer’s IT organization.

>There currently exists a restriction with the Vegastream Gateway (pre R5.1 T017) that the fully qualified domain name of the LCS/OpenScape server may only be a maximum of 31 characters.

The IP address for the LCS/OpenScape server should be static.

>Before you install the OpenScape Routing Dispatcher: Open a “Live Communica-tions Server Management Console” and make sure that port 50000 is removed from YOUR LC Server. If not, remove it.



5454ioas.fm

Verifying and Configuring Ports and Routes

Logon with the <osinstaller> account.

1. Insert the OpenScape Installation Programs CD into the CD drive of the LC Server.

2. Open the OpenScape RD folder, then double-click OpenScapeRoutingDispatcher.exe.

3. On the HiPath OpenScape Setup dialog box, select HiPath OpenScape Routing Dis-patcher and select the language for this installation from the drop-down menu, then click Install.

4. On the Welcome to Siemens HiPath OpenScape screen, verify that this is the version you wish to install. If yes, then click Next.

5. On the Customer Information dialog box, enter the customer’s user name and organiza-tion, then click Next.

6. The next screen, Custom Setup, shows the location of the files that are going to be in-stalled and the capacity required on the hard disk.

7. On the HiPath OpenScape Routing Dispatcher Account Information screen, enter the password for the OpenScape Service Account, then click Next.

8. On the HiPath OpenScape Routing Dispatcher LCS Information screen, enter the LCS IPSec Port number, then click Next.

9. On the Ready to Install the Program screen, click Install.

10. When completed, click Finish and proceed to next section.

9.4 Verifying and Configuring Ports and Routes

1. Run OpenScapeRTCtools.exe located in the Tools folder of the Service Pack CD. For more information on this tool, refer to Appendix F.3, “OpenScape RTC Tool”.

2. Click Display Current LCS Configuration to verify all OpenScape related LCS settings are correct. Then click Close.


5454ioas.fm

Nur für den internen Gebrauch Installing OpenScapeVerifying and Configuring Ports and Routes

3. If ok, then continue to Section 9.5 on page 9-9; otherwise, click Configure All OpenScape Related RTC Settings and enter information as follows (refer to Table 3-12 on page 3-8):



5454ioas.fm

Verifying and Configuring Ports and Routes

MCU Server: FQDN of MCU server

Media Server: FQDN of Media Server

Gateway: FQDN of gateway (click + if more than one gateway)

OpenScape Acct: OpenScape Core Account name

Global RTC Domains: FQDN of LCS

Click Perform RTC Configuration

>The OpenScapeRTCtool is used only for checking or configuring any missing con-figuration settings on the LC server. It is not supposed to be run as a mandatory step before installing OpenScape.


5454ioas.fm

Nur für den internen Gebrauch Installing OpenScapeInstalling OpenScape

9.5 Installing OpenScape

1. Verify that the OpenScape Server environment has been prepared (see Chapter 8, “Pre-paring the OpenScape Environment”).

2. Insert the OpenScape Installation Programs CD into the CD drive.

3. Open the OpenScape folder, then double-click OpenScape.exe.

4. On the Choose Setup Language dialog box, select the language for this installation from the drop-down menu, then click OK.

5. On the Welcome to Siemens HiPath OpenScape screen, verify that this is the version you wish to install. If yes, then click Next


7. The next screen, Customer Setup, shows the components and location of the files that are going to be installed and the capacity required on the hard disk.

NOTE: By default, the “HiPath OpenScape Web Services SDK” is set to be installed. It re-quires Microsoft WSE 2.0.

Verify the location of the install, then click Next.

8. On the HiPath OpenScape System Information screen, enter the OpenScape System Name (default - your server name) which will be used by OpenScape applications to reg-ister with a particular system.

Enter the password for the OpenScape service account. The OpenScape System Name has to match what was entered by the Environment Preparation Tool. Then click Next.

9. On the HiPath OpenScape Server Information screen, enter required inputs as follows:

● For the Database Server Name, enter the hostname for the OpenScape Main Server

● For the Database Instance Name, enter the particular instance of MS SQL server that will be used by OpenScape. If the default instance is used, enter MSSQLServer.

● Enter the Default LCS Host Domain and Default LCS Host Name. This is the LC Server where the static routes are configured.

10. This screen, HiPath OpenScape Database Configuration Information, collects info that will be used to determine the size of the database and also the location where the Open-Scape-specific database files will be stored.

Enter the Number of Users and Number of Months. Refer to Section 3.2.11, “Database Size”, on page 3-6 for the number of OpenScape users that are planned for this system and the number of months of call records that will be kept.



5454ioas.fm

Installing OpenScape

Verify the DB Data Path.The default location for the database files is in the OpenScape home under OpenScapeDB folder. This location should be appropriate unless there is a database preserved elsewhere from some previous installation or if the customer has a specific need to store data files elsewhere. Click Next.

11. If you are installing the system for the first time, then you will be asked to confirm the cre-ation of the database. In this case, click Yes to create the Database Client.

12. On the HiPath OpenScape Account Information screen, enter the passwords for UNS and Web Service Account.

13. If HiPath OpenScape Web Services SDK was selected to be installed (default), then the HiPath OpenScape Web Services SDK information screen appears. Change the ports if necessary, then click Next.

14. On the Ready to Install the Program dialog box, click Install. This will take some time.

15. On the Info dialog box, click OK. (Note: You will be configuring a certificate as part of Chap-ter 10, “Installing OMC”).

16. Click Finish on the HiPath OpenScape Completed dialog box.


5454iomc.fm

Nur für den internen Gebrauch Installing OMCOverview

10 Installing OMC

This chapter describes the procedures for installing the OpenScape Management Console (OMC).

10.1 Overview

The OMC installation package deploys the OpenScape Base and OpenScape Management Console. Installation of this package may be on a client machines or it may be directly on the OpenScape server.

If you install this package on a client machine in the network, the client machine must have:

● O/S – either Windows Server 2003 or Windows XP Professional

● MS .NET Framework V1.1

The OpenScape MC installation package is available on the OpenScape Installation Programs CD.

With OpenScape V2, the OMC provides multiple mmc snap-in’s:

● OpenScape [2.0]

● OpenScape Routing Dispatcher [2.0]

● OpenScape Trace File Accumulator [2.0]

The OMC provides English and German language interfaces. If it is desired to use a language other than the primary language of the underlying Windows installation (Use English language OMC on a German Windows installation, use German language OMC on a non-German Win-dows installation), the Language setting for the Administrator may be changed using the stan-dard Windows Control Panel Regional and Language Settings dialog. Note that this “mixed language” feature is only available on certain Windows versions / service packs, as follows:

● Windows 2000 Multi-lingual version (original installation),

● Windows XP with Multilingual User Interface Pack installed, or

● Windows 2003 with Multilingual User Interface Pack installed.

>The account that will be used to access the OMC should have privilege to view/change the OpenScape database. This account requires Admin privileges on the OpenScape SQL DB and access to the WMI namespace at the OpenScape server.

>If OMC is being installed remotely, there may be a need to configure the event viewer to display events and descriptions correctly. For details please refer to MS article:http://support.microsoft.com/?kbid=294893%22


Installing OMC Nur für den internen Gebrauch

5454iomc.fm

Installing Microsoft Hotfix

10.2 Installing Microsoft Hotfix

The Microsoft hotfix, KB821234, must be installed on the OpenScape server, in order for the OMC to work correctly.

To install the Microsoft hotfix:

1. Insert the OMC Installation Package CD into the CD drive.

2. From the \OpenScape MC\MS Q821234 hotfix for OMC\ folder, unzip the desired file (ENU for English or DEU for German) to your local machine.

3. For English, double-click WindowsServer2003-KB821234-x86-ENU-Symbols.exe, then WindowsServer2003-KB821234-x86-ENU.exe.

4. For German, double-click the DEU files.

10.3 Installing the OMC Package

Logon with the <osinstaller> account before starting to install the OMC Package:

1. Insert the OpenScape Installation Programs CD into the CD drive.

2. Open the OpenScape MC folder, then double-click OpenScapeMC.exe.

3. On the Choose Setup Language dialog box, select the language for this installation, then click OK.

4. On the Welcome dialog box, verify that this is the version you wish to install. If yes, then click Next.

5. On the Customer Information dialog box, enter the customer’s user name and organization, then click Next.

6. On the Customer Setup screen, you will see the components and location of the files that are going to be installed and the capacity required on the hard disk. Verify the location of the install, then click Next.

7. On the Ready to Install the Program dialog box, click Install.

8. Click Finish when installation is completed.

10.4 Configuring the OMC, TFA and RD Snap-ins

1. From the OpenScape server, click Start->run.

2. Enter mmc and click OK.

3. Click File->Add/Remove Snap-in, then click Add.

4. Select HiPath OpenScape, then click Add.


5454iomc.fm

Nur für den internen Gebrauch Installing OMCConfiguring the OpenScape Certificate

5. Select HiPath OpenScape Trace File Accumulator, then click Add.

6. Select HiPath OpenScape Routing Dispatcher, then click Add.

7. Wait till the snap-ins appear in the Add/Remove window, then click Close.

8. Click OK to close the Add/Remove window.

9. Click File->Save as, then enter OMC to save as icon on desktop for later use such as Chapter 16, “Installing SIP Phones”.

10.5 Configuring the OpenScape Certificate

This is required if you installed an OpenScape with a new database. To configure the Open-Scape certificate (for more info on configuring certificates, refer to Section A.2):

1. Open the Console Root folder.

2. Expand OpenScape [2.0}, then your OpenScape server, then System Management.

3. Double-click System Data. The System Data Configuration dialog is used to configure sys-tem-wide OpenScape data such as the Security Certificate.

4. The Certificate Configuration tab page of the System Configuration Dialog appears. The Administrator must set this value initially when the OpenScape server software is installed.

This list shows all currently installed certificates. If a certificate has already been selected for OpenScape, it is shown in the Current Certificate text box.

If no server certificate is selected, click Change Certificate.



5454iomc.fm

Installing the OpenScape License

5. Highlight a certificate from the certificates list and click OK. The newly selected certificate is set in the database and its entry in the list is highlighted.

6. THrough the service control manager, verify that Siemens RTCB Service Manager Win-dows Service is set to Automatic. Start this Service.

7. If you installed OpenScape for the first time and created a new database, the services are disabled. Therefore set the disabled OpenScape services to Automatic and restart the server.

10.6 Installing the OpenScape License

1. Open the Console Root folder.

2. Expand OpenScape [2.0}, then your OpenScape server, then System Management.

3. Right-click Licensing and select Configure.

4. Select the Install from File tab, then click Browse.

5. Locate the license file, then click Install License Key(s).

6. Review the Licenses, then click Close.

7. Reboot the OpenScape Server.


5454iomc.fm

Nur für den internen Gebrauch Installing OMCConfiguring the SMTP Server

10.7 Configuring the SMTP Server

To configure the SMTP server for OpenScape:

1. Start OMC.

2. Select the desired target system node from the system tree (WMI provider service must be running on the target system).

3. Select System Data.

4. Right-click Configure.

5. Select the System Parameters tab.

6. Enter the SMTP server and click Save.

10.8 Testing the OMC

If you can do Section 10.7, “Configuring the SMTP Server”, then the OMC is working.

10.9 Symptoms and Troubleshooting

BASIC CHECK: Check if these Siemens RTCB Windows Services (Routing Dispatcher (RD), B2BUA (B2B), and Assistant Engine (AE)) are up and running properly without throwing any exceptions. If that is not the case, first check if the Siemens RTCB Context Agent Windows Ser-vice (XA) is up and running or not.

1. Check component traces to see if the messages are received and what is happening while processing those messages.

2. Look out for any Exceptions being thrown or Errors being logged. In that case, track the sequence of operations from the beginning till that Error condition is received in that par-ticular component.

Example:-

In a Basic Call, if User-1 calls User-2 and the message is not received by User-2 then the possible causes could be any of the following:

– RD could be either down or not registered properly with the LC Server. In that case, RD does not receive any messages from the LC Server and will eventually not pass it on to B2B.

>All components should have tracing enabled.



5454iomc.fm

Testing OpenScape

– B2B could be either down or not able to receive messages from LCS due to a port problem. Check for any Exceptions thrown in the trace file. AE is either down or has not received any 200 OK for the default user registration from the LC Server. This can be easily seen from the traces logged in the trace file. If AE is down then B2B will sim-ply proxy the messages back to the LC Server for normal processing.

– VA is down or is not responding to messages that have been passed to it by AE. Check traces logged in the trace files. Look for any exceptions that could have been thrown.

If you are not able to understand what the problem could be then, switch on the SIP Logger. This traces all messages that are being received and processed by the LCS.

10.10 Testing OpenScape

First, perform the following check from the OpenScape Server:

1. Click Start->Administrative Tools->Live Communications Server.

2. Under Servers, right-click the FQDN of the LC Server and select Properties.

3. Under the Connections tab,

a) Verify that port 5060 is not listed; otherwise, remove it;

b) Verify that port 50000 is the only TCP port.

Now, perform the following tests:

1. WM-WM instant message

2. WM-WM voice call

3. WM-OpenScape voice call and IM

4. OpenScape-WM voice call and IM

5. OpenScape-OpenScape voice call and IM


5454isec.fm

Nur für den internen Gebrauch Security SettingsOpenScape using IPSec Security

11 Security Settings

11.1 OpenScape using IPSec Security

IPSec should be configured in all OpenScape deployments. Security settings must be set in place according to how servers communicate with one another.

● To secure the communication between servers with Windows IPSec configured in the serv-ers, go to Appendix E, “IPSec Security Settings”.

● To secure the communication between servers with IPSec configured in the network cards/switches, refer to the documentation provided by your network card/switch provider.

11.2 Special Steps for SDK Applications

If you are running SDK applications, the following configuration needs to be done manually to the Request and Event Web Services, which runs on the OpenScape application server. This gives permission to the <domain>\OSWeb account to access the certificate’s private keys file.

1. Click Start->Programs->Microsoft WSE 2.0->X509 Certificate Tool.

2. Change the Certificate Location to ‘Local Computer’ and the store name to ‘Personal’.

3. Click Select Certificate From Store.

In the list box that is displayed, choose the certificate that is configured for the SDKs and click OK. You will notice that the fields in the main window are filled up with the particulars of the chosen certificate. [By default, the same certificate that is configured for OpenScape Core is configured for the SDKs]

4. Click OpenPrivateKeyFileProperties.

5. In the dialog that opens up, click the Security tab, then add the <domain>\OSWeb account to the list of allowed users and give it FullControl.

6. Apply the changes.


Security Settings Nur für den internen Gebrauch

5454isec.fm

Special Steps for SDK Applications


5454imcu.fm

Nur für den internen Gebrauch Installing OpenScape MCUMCU Installation Procedure

12 Installing OpenScape MCU

This chapter describes the procedures for installing the OpenScape MCU.

12.1 MCU Installation Procedure

Before installing the MCU, the environment must be prepared using the Environment Prepara-tion Tool. This must be done on the PC that hosts the MC component of the MCU. Verify that Section 8.16, “MCU System Preparation and Verification” has been done.

The OpenScape MCU can be installed in one of three ways (be sure to logon with the <osin-staller> account before installing):

1. Standalone MCU (MC and MP on the same box) - perform steps as follows

a) Section 12.2, “Installing the Standalone MCU (MC and MP on same box)”

b) Section 12.4, “Configuring MCU SiP URI and Testing the MCU”

2. Standalone MCU (MC and MP on different boxes) - perform steps as follows

a) Section 12.3, “Installing the Standalone MCU (MC and MP(s) on different boxes)”

b) Section 12.4, “Configuring MCU SiP URI and Testing the MCU”

3. One Box Solution (on the same server as the LCS and OpenScape), then:

a) Section 12.5, “One Box Configuration”

12.2 Installing the Standalone MCU (MC and MP on same box)

To install the MCU installation package:

1. Insert the OpenScape Installation Programs CD into the client CD drive.

2. Open the OpenScape MCU folder, then double-click OpenScapeMCU.exe.


>The OpenScape MCU can have up to 4 MPs.The MP(s) may or may not be installed on the same machine as the MC. See Table E-1 on page E-2 on supported installation scenarios.

>Due to the .NET version dependencies of the system, the MCU and OpenScape must be at the same version level at time of installation. This means that it is im-perative to install the MCU after OpenScape has been installed, but before any service packs are applied to OpenScape.


Installing OpenScape MCU Nur für den internen Gebrauch

5454imcu.fm

Installing the Standalone MCU (MC and MP(s) on different boxes)

4. On the Welcome screen, verify that this is the version you wish to install, then click Next.


6. The Customer Setup screen shows the components to be installed, the capacity required on the hard disk, and the location of the installed files. Verify the location of the installation, then click Next. (This step will differ for MC and MPs in a different box).

7. Enter the OpenScape System Name, then click Next.

8. Enter the password for the OpenScape service account, then click Next.

9. On the Ready to Install the Program dialog box, click Install.


12.3 Installing the Standalone MCU (MC and MP(s) on different boxes)

12.3.1 Installing MC with MP on a different box

1. Complete steps 1 to 5 from Section 12.2.

2. To install only the MC, disable the MP. Click the pull-down menu next to MP and select X This features would not be available from the list of three choices.

3. Make sure screen looks like this, then click Next.


5454imcu.fm

Nur für den internen Gebrauch Installing OpenScape MCUInstalling the Standalone MCU (MC and MP(s) on different boxes)

4. Complete steps 7 through 10 from Section 12.2.

12.3.2 Installing MP with MC on a different box

1. Complete steps 1 to 5 from Section 12.2.

2. To install only the MP, disable the MC. Click the pull-down menu next to MC and select X This features would not be available from the list of three choices.

3. Make sure screen looks like this, then click Next..



5454imcu.fm

Configuring MCU SiP URI and Testing the MCU

4. Continue with steps 7 on page 12-2 through 10.

12.4 Configuring MCU SiP URI and Testing the MCU

NOTE: This section only applies to the standalone MCU configurations. For the One Box con-figuration, refer to Section 12.5.3.

1. Click Start->Programs->Siemens OpenScape MCU->MC Configuration.

2. Select the SIP tab.

3. Enter the SIP information.

4. In the URI field, enter the MCU FQDN. SIP.URI=<Host Name>,<Primary DNS Suffix> For example, “hypnos.app.devos.net” where hypnos=MC machine name and app.de-vos.net=child domain).

5. Then click Ok.

6. Test the MCU by making a conference call to verify the configuration.


5454imcu.fm

Nur für den internen Gebrauch Installing OpenScape MCUOne Box Configuration

12.5 One Box Configuration

Here the MC shares a machine with the LCS and OpenScape (LCS, OpenScape, MC and op-tionally MP). The customer determines if the MC is on the same server as the LCS and Open-Scape. The MP can either be separate from or on the same server as the MC. The criteria are performance and number of conferencing channels.

12.5.1 Installing the MCU

1. If the MC and MP are both to be located on the same server as LCS and OpenScape, fol-low the steps in Section 12.2, “Installing the Standalone MCU (MC and MP on same box)”, on page 12-1, then proceed with Section 12.5.2, “Configuring the DNS Server”.

2. If only the MC is to be located on the same server as LCS and OpenScape (MP is on an-other server), follow the steps in Section 12.3.1, “Installing MC with MP on a different box”, on page 12-2, then proceed with Section 12.5.2, “Configuring the DNS Server”.

12.5.2 Configuring the DNS Server

With the DNS server, create a new Alias (CNAME) for the OpenScape host that can be used by the MCU. This alias points to the LCS/OpenScape server (for example, mcu.rtcdomain.com->openscapehost.rtcdomain.com).

To add the CNAME alias resource record to the MCU:

1. Open DNS.

2. In the console tree, right-click the applicable forward lookup zone, then click New Alias.

3. In the Alias name field, enter the alias name (for example, “openscapemcu”).

4. In the FQDN for target host field, enter the FQDN of the DNS host computer for which this alias is to be used (for example, openscapehost.rtcdomain.com), or click Browse to browse the DNS namespace for the host.

5. Click OK to add the new record.

6. Ping the alias to see if got added to the zone correctly. (Open a command window and ping the real host name and the alias. The results must be that they both should ping with the same IP (both names resolve to the same IP address.)

12.5.3 Configuring the MC SIP

NOTE: This section only applies to the One Box Configurations for MCU installations. Refer to Section 12.4, “Configuring MCU SiP URI and Testing the MCU” for configuring the MC SIP in a standalone configuration (MC is not on the same server as LCS and OpenScape).



5454imcu.fm

One Box Configuration

From the MCU server,

1. Click Start->Programs->Siemens HiPath OpenScape->HiPath OpenScape MCU->MC Configuration.

2. Click the SIP tab.

3. In the URI field, enter the newly created alias from step 3 in Section 12.5.2. Verify the con-figured SIP port number. The default is 5062 for the One Box solution. This needs to be the same as the port number of the LCS route for the MCU.

4. Click OK.

5. Restart the MC service.

12.5.4 Configuring the LCS Route and Testing the MCU

Add a route in the LC server to point to the correct alias:

1. Open LC server (Logon as LCSInstaller).

2. Find the MCU Server name under Servers.

3. RIght-click the MCU Server name and select Properties.

4. Click the Routing tab.

5. Add a new static route:

user = *

domain = openscapemcu.rtcdomain.com where openscapemcu is the alias name created in Section 12.5.2

fully qualified domain name = openscapehost.rtcdomain.com

Choose TCP for transport;

Enter the port number configured for the MCU SIP port from step 3 in Section 12.5.3;

Leave the rest unchanged.

6. Click OK.

7. Check if a new entry got added resembling the following:

SIP:*@mcu.rtcdomain.com->openscapehost.rtcdomain.com

8. Configure this Static Route as TRUSTED. (Refer to Section 4.5 on page 4-6 and Appendix F.3, “OpenScape RTC Tool”.).

9. Test the MCU by making a conference call to verify the configuration.


5454imed.fm

Nur für den internen Gebrauch Installing the OpenScape Media Server

13 Installing the OpenScape Media Server

To install the Media Server application on the OpenScape Media Server, refer to the HiPath OpenScape Media Server V2.0 Installation Guide.

You will need the information from Table 3-12 on page 3-8 and Table 3-14 on page 3-10 for in-stallation.


Installing the OpenScape Media Server Nur für den internen Gebrauch

5454imed.fm


5454secuB.fm

Nur für den internen Gebrauch Service Packs and MiscellaneousService Packs for Server Machines

14 Service Packs and Miscellaneous

This section describes installing service packs and miscellaneous items.

14.1 Service Packs for Server Machines

Consult the latest OpenScape Release Note which contains information on the current Open-Scape service packs. This Note is located on the KMOSS website, https://kmoss.icn.sie-mens.de.

Insert the Service Pack CD into the CD-ROM drive and open the appropriate service pack fold-er. Open the corresponding folder for the component being upgraded (i.e. core, MCU, OMC, or Client). Run the executable .msp files in the appropriate server. Follow the on-screen directions to install the service pack.

For the Media Server, follow the directions in the Media Server for OpenScape V2.0 Installation Guide.

14.2 Document Storage

For this feature, the following must be configured on the OpenScape system (after the service pack has been installed):

1. Under IIS, click Web Service Extensions. On the right select WebDAV and click Allow to change it from Prohibited to Allowed.

14.3 Security Troubleshooting

1. Check if the OpenScape domain is in native mode or higher. OpenScape does not support mixed mode.

2. The OpenScape Service group should be a Domain Global group or higher. The Open-Scape Admin and User groups should be Domain Local Groups. The OpenScape Admin group should be a member of the OpenScape User group.

3. Ensure that the OpenScape service account belongs to the OpenScape Service group.

4. Ensure that the OpenScape Services, MCU services and the Media Server services that talk to OpenScape are installed under the same OpenScape service account.

5. Ensure that the Media Server and the OpenScape Server are configured with valid certifi-cates. These certificates should be issued by a trusted root CA for this system.

6. Open up the Certificates MMC on the OpenScape and Media Server machines and ensure that the configured certificates are verifiable.


Service Packs and Miscellaneous Nur für den internen Gebrauch

5454secuB.fm

RSA SecurID

7. The DNS should be correctly set up with FQDN for reverse lookup for all the OpenScape servers.

8. Check if Windows2000 server (Media Server machine) has the latest SP4 (hot fix) from Mi-crosoft installed.

14.4 RSA SecurID

If RSA SecurID is enabled on the system, it must be configured so that the Siemens Clients will work on the client machines.

On the OpenScape server:

1. Open the IIS Manager (under Administrative Tools).

2. Expand the Web Sites->Default Web Site->OpenScape folder.

3. Under the Portals folder, locate the WMTab.xml file on the right side; right click this file and select Properties.

4. In the Properties dialog box, select the RSA SecurID tab.

5. Uncheck the Protect This Resource With RSA SecurID box.

6. Click OK to close the Properties dialog box.

14.5 Trace File Accumulator

14.5.1 Deployment

The Trace File Accumulator (TFA) copies trace files from an OpenScape (OS) or RoutingDis-patcher (RD) to the system where the TFA is installed. TFA does not remove the files from the OS or RD system. The intended usage of TFA is to archive large quantities of trace files for 1 to n systems.

Ideally TFA should not be installed on an OS or RD system as this could create storage and/or disk fragmentation problems. Investigation has shown that up to ~1.5 GB of trace files can be generated in a 24 hour period.

The Trace File Accumulator does not manage the accumulated files. An administrator should periodically purge or compress the accumulated files.


5454secuB.fm

Nur für den internen Gebrauch Service Packs and MiscellaneousTrace File Accumulator

14.5.2 Check

Make sure the server TFA to be installed on, was prepared with Environment Preparation Tool by your domain administrator. As part of the preparation, the <osinstaller> account is assigned to the computer as a local administrator. If you are not sure the preparation was done and what account to use, contact the domain administrator.

14.5.3 Installation

Logon with the <osinstaller> account.

1. Insert the OpenScape Installation Programs CD into the CD drive of the Server.

2. Open the OpenScape TFA folder, then double-click OpenScapeTFA.exe.


4. On the Welcome to Siemens HiPath OpenScape screen, verify that this is the version you wish to install. If yes, then click Next.


6. On the Custom Setup screen, click Next.

7. On the HiPath OpenScape TraceFile Accumulator Account Information screen, enter the password for the OpenScape Service Account, then click Next.


9. When completed, click Finish.

14.5.4 Symptoms and Troubleshooting

BASIC CHECK: Check if the Siemens Trace File Accumulator Windows Service is up and run-ning properly without showing any exceptions.


Service Packs and Miscellaneous Nur für den internen Gebrauch

5454secuB.fm

Trace File Accumulator

The Trace File Accumulator will begin to accumulate files after configuration is completed using the OpenScape Trace File Accumulator management console Snap-In (see 7-installOMC.doc).

Shortly after configuration of the TFA the trace files should start to be copied to either

C:\Program Files\Siemens\HiPath OpenScape TFA\OpenScape or

C:\Program Files\Siemens\HiPath OpenScape TFA\RoutingDispatcher.

For example the following screenshot shows that the trace files are being accumulated for


5454icli.fm

Nur für den internen Gebrauch Installing the OpenScape ClientInstalling the OpenScape Client

15 Installing the OpenScape Client

This chapter describes the procedures for installing the OpenScape Client.

15.1 Installing the OpenScape Client15OpenScape Client

To use the OpenScape Client, the OpenScape Client installation package must be installed.

1. Insert the OpenScape Installation Programs CD into the client CD drive.

2. Open the OpenScape Client folder, then double-click OpenScapeClient.exe.


4. On the Welcome screen, verify that this is the correct version. If yes, then click Next.

5. On the Customer Information screen, enter the customer user name and user organiza-tion, then click Next.

6. On the OpenScape System Information screen, enter the name of the OpenScape sys-tem to which this client is registered to, then click Next.

7. On the next OpenScape System Information screen, for the OpenScape Server Name, enter the FQDN of the OpenScape System. For the LC Server Name, enter the FQDN of the LC Server, then click Next. This identifies the servers on where the OpenScape system and LC Server are installed.



>Windows Messenger must be installed first before client installation.If the Client is installed on Windows 2000, then the Siemens tab on WM is not sup-ported.The user must have local admin rights to install the Client.

>The Registry Entries affected on the Client machines are identified in Section 15.2.


OpenScape Client Nur für den internen Gebrauch

5454icli.fm

OpenScape Client Registry Entries

15.2 OpenScape Client Registry Entries

The following registry entries are created during OpenScape Client installation:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService"OEMTabs"="ht-tps://[OpenScapeServerName]/OpenScape/Portals/WMTab.xml"

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\ServiceProvid-ers\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}\Branding\[RTCServerName]

"RegServiceProvider"="SOFTWARE\Microsoft\MessengerService\ServiceProvid-ers\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}\Branding\[RTCServerName]"


5454SIP.fm

Nur für den internen Gebrauch Installing SIP PhonesConfiguring DNS SRV Records

16 Installing SIP Phones

Here are the steps:

● Configure DNS SRV Records

● Obtain a Certificate

● Import the SIP Phone certificate to the OpenScape Server via OMC

● Verify certificates exist on the OpenScape Server

● Configure and install certificate for OpenScape phones

● Assign OpenScape phones from “Unassigned Phones”

16.1 Configuring DNS SRV Records

Ask the network administrator to create an SRV record in DNS configuration so that the SIP phones can be addressed by the LC Server via FQDN addressing. This is done by Domain Prep before installing OpenScape. Refer to Section A.5 on page A-6.

16.2 Obtaining a Certificate

The network administrator should create, request, and export a certificate (to a file) for the SIP phone. This can be done by:

● Using a third party certificate vendor (e.g. Verisign) - wildcard certificates are supported for a cost-effective solution.

● Using a third party vendor software (e.g. Microsoft Certificate Services) - refer to Section A.6 on page A-7 for an example.

Obtain and copy this file to a location on the OpenScape server where it will be imported (refer to Section 16.3.1).

16.3 SIP Phone Certificate

16.3.1 Importing

The following steps are performed on the OpenScape Server where the OpenScape Manage-ment Console is installed.

1. Click OMC shortcut on desktop.

2. In the Add Standalone Snap-in window, select Certificates, then click Add.


Installing SIP Phones Nur für den internen Gebrauch

5454SIP.fm

LC Server Certificate

3. In the Certificates snap-in window, select Computer account, then click Next.

4. In the Select Computer window, select Local computer:..., then click Finish.

5. After the snap-in is added, select and expand Certificates (Local Computer)->Personal->Certificates in the Console Root window.

6. Right-click Certificates, then select All Tasks, then click Import....

7. On the Certificate Import Wizard window, click Next.

8. Then click Browse and locate the SIP Phone certificate file, then click Next.

9. Enter the certificate password and check the box Mark this key as exportable..., then click Next.

10. On the Certificate Store window, select Automatically select the certificate based on the type of certificate, then click Next.

11. On the Completing the Certificate Import Wizard window, verify the settings, then click Fin-ish.

16.3.2 Verifying

1. Expand Console Root->Certificates(Local Computer)->Personal->Certificates.

2. On the right hand panel, verify that you see the certificate installed from Section 16.3.1.

3. Verify that you also see the corresponding Root CA Certificate under Trusted Root Certifi-cation Authority Certificates.

16.4 LC Server Certificate

16.4.1 Identifying

1. Start the LC Server console.

2. From the LC Server console, expand Live Communications Server->Servers.

3. Right-click the LC Server, select Properties, then select the Connections tab.

4. Select the TLS connection, then click Edit.


5454SIP.fm

Nur für den internen Gebrauch Installing SIP PhonesOpenScape Phones Certificate

5. On the Edit Connection window, note the three fields: Issued to:, Issued by: and Valid from that will be used to verify in Section 16.4.2. (Note: Do not make changes.)

6. Click Cancel twice to exit.

16.4.2 Verifying

1. Expand Console Root->Certificates(Local Computer)->Trusted Root Certification Authorities->Certificates.

2. On the right hand panel, verify that you see the trusted root certificate - reference step 5 in Section 16.4.1.

3. If you do not, then contact the network administrator.

16.5 OpenScape Phones Certificate

1. Click the OMC shortcut on the desktop.

2. Expand OpenScape->your OpenScape server->Device Management->Phone Man-agement.

3. Right-click OpenScape Phones, then select Properties.

4. Select the Security tab, then click Change certificate.



5454SIP.fm

OpenScape Phones Certificate

5. Select the SIP Phone Certificate from Section 16.3.2, then click OK.

6. Select the Phone Passwords tab.

7. Enter the Default Administration Password - this is an important step to increase security. The existing default administration password is “123456”.

8. Enter the Default User Password - this is an important step to increase security. The exist-ing default user password is “147258”.

9. Select the LC Servers tab, select the LC server or servers (V2 supports multiple LCS), click Edit, then click Change certificate.

10. Select the LC server certificated identified in Section 16.4.1 on page 16-2.


5454SIP.fm

Nur für den internen Gebrauch Installing SIP PhonesOpenScape Phones Certificate

16.5.1 Configuring Profiles for SIP Phones

1. From the OpenScape Phones Properties window, select the Profiles tab, then click Add to create a new profile.

2. Enter a profile name (i.e. subnet range of SIP phones), then click OK.

3. In the Edit Profile window, select the Network tab.

4. If DHCP is used for SIP phones, then select On (default) for DHCP and continue with next step; otherwise, select Off and fill in the following fields (refer to Section 3.6, “SIP Phone Data”, on page 3-15):

Domain name -

DNS primary server -

Default route -

Then click OK.

5. Select the Authentication tab, and in the KDC server address field, enter the IP address or FQDN of the KDC server (as defined by the Windows domain security policies; i.e. the child domain controller) - refer to Section 3.6, “SIP Phone Data”.

6. Select the Time & Date tab, and in the SNTP server address field, enter the IP address or FQDN of the time server. Select the timezone offset and whether it is daylight saving or not - refer to Section 3.6, “SIP Phone Data”.

7. Select the Components tab, and enable the following settings:

● Presence publishing

● Presence watching

● Contacts

● Instant messages

8. Select the SNMP tab, enter public in the Accepted community name field.

9. If QoS is used, select the QoS tab and set the configuration to match the Ethernet Switch QoS setting (refer to Section 3.6, “SIP Phone Data”).

10. Leave data in other tabs as is since they do not impact OpenScape.

11. Then click OK to complete the Profile configuration.



5454SIP.fm

Assigning OpenScape Phones from “Unassigned Phones”

16.6 Assigning OpenScape Phones from “Unassigned Phones”

For this section, only the two test OpenScape users will be assigned SIP phones. For further details on administering SIP phones, refer to the online Administrator Help.

1. Click OMC icon on desktop.

2. If some or all SIP phones are on a different subnet than the OpenScape server, then the Phone Discovery IP range must be added. Expand OpenScape->your OpenScape serv-er->Device Management->Phone Management. Then right-click Phone Management and select Properties. Select the Phone Discovery tab, then click Add to add the subnet range.

3. Expand OpenScape->your OpenScape server->Device Management->Phone Man-agement->Unassigned Phones.

4. Right-click on an unassigned SIP phone, then select Assign.

5. From the pull down menu, select a test OpenScape user, then enter a name associated with this user. Then click Next.

6. Set the Windows password for this user then click Next. If this password is not known, a different process is required that is covered in the online Administrator Help.

7. Click Download a new Certificate to the phone, then click Use Default Server Certifi-cate.

8. Verify the certificate is the same SIP Phone certificate imported back in Section 16.3.1. If not, click Browse and select the right one. Then click Next.

9. In the Configuration Profile field, use the drop down menu to select the profile configured in Section 16.5.1 on page 16-5. Then click Finish.

10. The Assign Phone Wizard starts writing data to the phone while progress info is displayed.

11. The phone should be registered. Verify by noting that the IP Address field of the Open-Scape phone no longer says “No response” (manual refresh may be required).

>Make sure the user does not touch the phone at this time because it will appear busy; otherwise, this assignment will fail. Once the Wizard is successful, then it is ok.


5454SIP.fm

Nur für den internen Gebrauch Installing SIP PhonesAssigning OpenScape Phones from “Unassigned Phones”

12. The assigned phone is ready for use.

16.6.1 Phone Discovery

Phone Discovery is usually performed with broadcast messages to the endpoints. If the end-points are located behind routers on a different subnet from the OpenScape server, a broadcast message is not possible and it is necessary for the administrator to configure a range of IP Ad-dresses that OpenScape should scan in order to find the SIP Phones. Scanning the endpoints may be perceived as a hacker attack by security tools designed to protect against such attacks.

Phone Discovery occurs at the following times:

1. when the administrator refreshes the list of phones displayed on the OpenScape Man-agement Console

2. when the Scheduled Data Synchronization for the SIP Phones is performed

3. when OpenScape software is attempting to locate a specific SIP Phone given a MAC Address

To prevent false alarms from Intrusion Detection Systems (IDS), the network administrator needs to configure the IDS to ignore UDP messages sent to port 5100. In other words, a filter should be set up in the IDS so that Phone Discovery messages do not trigger a false security alarm



5454SIP.fm

Assigning OpenScape Phones from “Unassigned Phones”


5454fchk.fm

Nur für den internen Gebrauch Final Checklist

17 Final Checklist

After everything has been installed, perform the following checklist:

1. Verify the LCS Service is up and running.

2. Verify TCP port 50000 has been configured and set as Trusted.

3. Verify MTLS (Mutual TLS) port 5061 is configured and set as un-Trusted.

4. Verify OpenScape application URI’s has been configured and at the top of the list. For ex-ample, here is the sequence in which they should appear, top to bottom, when you are looking at the Application URI’s configured on the LC Server via the “Application” node in the LC Server Control Panel):

Application URI Name: Siemens Routing DispatcherApplication URI: http://www.siemens.com/en/rtcb/platform/routingdispatcher

Application URI Name: Age of PresenceApplication URI: http://www.siemens.com/OpenScape/bin/AOP

Application URI Name: Routing Application Setting - DefaultApplication URI: http://www.microsoft.com/RTC/DefaultRouting

5. Verify that if any Static Routes are configured, then they must be set to Trusted.

6. Verify that the SIP URI is the same as each user’s email address (Microsoft’s recommendation and Siemens requirement for V2). Check if the domain-name part (i.e. the one after the “@” symbol) specifies the root domain. If is recommended to create the user’s email account first on Exchange, then when you create the user’s LCS attributes, the SIP URI will default to the users email address.

Format: user-name@domain-name

Example: [email protected]

7. Verify that the LCS users point to the proper LCS Home Server.

8. Verify that the OpenScape Service Account is a member of the RTC Server Applications group.

9. Verify that the SIP URI is enabled for the OpenScape Service Account. That is, make it an LCS User homed on the same server on which the OpenScape Services are running.

10. Verify that the correct domain entries have been added to the “User Services Global Set-tings”. These entries should only be for domains (FQDNs) on which the users are created.

11. Perform the following tests:

a) WM-WM instant message

b) WM-WM voice call


Final Checklist Nur für den internen Gebrauch

5454fchk.fm

c) WM-OpenScape voice call and IM

d) OpenScape-WM voice call and IM

e) OpenScape-OpenScape voice call and IM

f) OpenScape-OpenScape conference call

g) On client portal, assign SIP phone as Preferred Device

h) SIP phone-SIP phone call

i) OpenScape voice call via portal to SIP phone

j) SIP phone - OpenScape user by Primary URI (name)

k) SIP phone - OpenScape user by Secondary URI (number)


5454appa.fm

Nur für den internen Gebrauch ReferencesAdding Users

A References

A.1 Adding Users

To add users to the OpenScape system, users must first be created as LCS users. Users may then be converted to OpenScape users via the OpenScape Management console. Also, users may be also created via the OpenScape Scripting Framework using a user creation script. E-mail address is required in AD before collaboration groups work. If you create a user without giving him an e-mail address he can not start any conferences.

A.1.1 User Creation via OMC

After the OMC has been installed, launch it as follows:

1. Click Start -> Run.

2. Enter MMC, then click OK.

3. In the Console, click File -> Add/Remove Snap-in….

4. Click Add.

5. Add the HiPath OpenScape snap-in.

6. Click Close and then OK.

7. Save this setting.

8. Expand the OpenScape server in the tree view.

9. Click RTC Users. DIFFERENT FOR V2

10. To promote LCS users to OpenScape users, right click on a user and Convert User. DIF-FERENT FOR V2

A.1.2 User Creation via Script

A utility is available through OpenScape for to run vbscript scripts. This utility may be used to:

● Create LCS users

>In order to enable full feature functionality, all OpenScape users need an e-mail ad-dress.

>Note: The OpenScape Service user should NOT be converted to an OpenScape us-er. They should remain only LCS users.

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide A-1

References Nur für den internen Gebrauch

5454appa.fm

Configuring Certificates

● Convert LCS users to OpenScape users

Refer to the OpenScape Scripting Framework in Section F.4 on page F-6.

A.2 Configuring Certificates

If an application running in machine A wants to access a service from a server application run-ning on machine B and use TLS encryption then the Certificate Authority (CA) that issued the certificate to the server B has to be configured as a trusted certificate authority on the local computer A.

Customers are required to use TLS for Windows Messenger.

Windows Messenger users have an additional GUI interface as part of OpenScape. It is imple-mented using TABS that are downloaded from a central server using HTTPS. This server func-tionality can be provided by the OpenScape server since it is running IIS and has a certificate installed. Any other server with IIS configured for TLS can also work.

OpenScape Version 2 supports Internet access to portals using HTTPS (HTTP is not support-ed). This feature does not require a CA to be configured or installed on the client machine as a trusted Root Certificate Authority (root CA) (assuming they are using IE to access the portals instead of WM tabs).

Certificates can be issued by different CA’s (both internal and external) as long as they are con-figured as trusted CAs on local machines for example, the LC Server certificate can be issued by an internal CA and the SIP phone certificates can be issued by an external CA as long as both these CAs are configured as trusted CAs on machines running the client applications that is, LC Server machine, OpenScape machine and SQL server machine and so on.

Depending on how customers acquire their certificates, Table A-1 lists the certificates required by customers who use one certificate vendor/PKI.

Machine Certificate Required

Root Certificate of the CA that should be config-ured as trusted

LC Server Y CA that issued certificate used throughout OpenScape

OpenScape Server * Y CA that issued certificate used throughout OpenScape

SQL Server* Y

Media Server Y CA that issued certificate used throughout OpenScape

MC Server N CA that issued certificate used throughout OpenScape

MP Server(s) N CA that issued certificate used throughout OpenScape

SIP Phone Y CA that issued certificate used throughout OpenScape

Table A-1 Customers that use 1 certificate vendor/PKI(Sheet 1 of 2)

A31003-S5020-S100-1-7620, July 2004A-2 HiPath OpenScape V2.0, Installation Guide

5454appa.fm

Nur für den internen Gebrauch ReferencesConfiguring Certificates

Table A-2 lists the certificates required by customers who use more than one certificate vendor/PKI.

Client workstation inIntranet

N CA that issued certificate used throughout OpenScape

Client Workstation inInternet

N CA that issued certificate used throughout OpenScape

ISA Server Y CA that issued certificate used throughout OpenScape

OMC node N CA that issued certificate used throughout OpenScape

Note: * Running on a separate physical node. You can reuse and share the same machine certificate if installed on the same machine.



LC Server Y CA that issued OpenScape Server certificateCA that issued LC Server certificate if two Home Serv-ers are directly connected with Mutual TLS.

OpenScape Server * Y CA that issued SQL Server certificate CA that issued Media Server certificateCA(s) that issued SIP Phone certificate

SQL Server* Y

Media Server Y CA that issued OpenScape Server certificateCA that issued SQL Server certificate

MC Server N CA that issued OpenScape Server certificateCA that issued SQL Server certificate

MP Server(s) N CA that issued OpenScape Server certificateCA that issued SQL Server certificate

SIP Phone Y CA that issued LC Server certificate

Client workstation inIntranet

N CA that issued OpenScape Server certificateCA that issued LC Server certificateCA(s) that issued SIP Phone certificates (for CTI inter-face and Web Pages interface)

Client Workstation inInternet

N CA that issued ISA Server certificate

Table A-2 Customers that use certificates from more than 1 vendor/PKI(Sheet 1 of 2)



Table A-1 Customers that use 1 certificate vendor/PKI(Sheet 2 of 2)



5454appa.fm

Upgrading

When creating or purchasing certificates, the "common name" of the certificate should be the Fully Qualified Host Name of the machine on which the certificate will be used (e.g. rock-et.d1.research.com where rocket is the host name and d1.research.com is the Fully Qualified Domain Name).

A.3 Upgrading

To upgrade the OpenScape system, you need to back up the data.

Before uninstalling OpenScape, user accounts and groups must be backed up also as these are required when you reinstall OpenScape.

A.4 Uninstalling

A.4.1 Environment Preparation Tool Uninstall

System Preparation must be uninstalled before Domain Preparation.

The /x switch can be used to uninstall any prep step.

A.4.1.1 System Preparation

From the CLI command line, type EPTSetup /x /m “s” /r config.xml /l ept.log to remove sys-tem preparation.

A.4.1.2 Domain Preparation

From the CLI command line, type EPTSetup /x /m “d” /r config.xml /l ept.log to remove do-main preparation.

ISA Server Y CA that issued OpenScape Server certificate

OMC node N CA that issued OpenScape Server certificate

Note: * Running on a separate physical node. You can reuse and share the same machine certificate if installed on the same machine.



Table A-2 Customers that use certificates from more than 1 vendor/PKI(Sheet 2 of 2)


5454appa.fm

Nur für den internen Gebrauch ReferencesUninstalling

A.4.2 OpenScape (Main Server) Uninstall

If necessary, uninstall OpenScape (Main Server):

1. Ensure that you are logged on with the <osinstaller> account.

2. Use Windows Add/Remove Programs utility from the Control Panel to uninstall the OMC.

3. Use Windows Add/Remove Programs utility from the Control Panel to uninstall all Open-Scape programs or run the OpenScape executable.

If you do not want to remove the database, click NO at Uninstall Database client.

A.4.3 Problems Uninstalling OpenScape

If you have problems uninstalling OpenScape:

1. Make sure everything has been removed by following these steps:

● All Siemens strong named assemblies, starting with Siemens.EN.RTCB…in the C:\WINDOWS\assembly directory.

If there are still some remaining, edit and perform the batch to remove these old as-semblies.

● All Siemens services are removed. If not:

a) Copy the UnInstall.bat file batch and directory onto your local hard disk. Edit and then perform the batch.

b) If a service cannot be removed, make sure it is stopped.

c) If it still cannot be removed, restart your computer and try again.

2. Remove the OpenScape directory under “Program Files\Siemens\”.

3. If you want to remove the database:

a) To make sure the database was been removed, open “Programs -> Microsoft SQL Server -> Enterprise Manager” and expand until you are under database.

b) Verify that both containers starting with Xp… are removed. If not just delete them from here.

>Do not remove the OpenScapeDB directory.

If you cannot remove the OpenScape home folder, stop the Windows Manage-ment Instrumentation service from Service Control Manager. This also stops the LCS service.



5454appa.fm

Creating an SRV Record on DNS

4. If the database is retained, verify that the DBInUse attribute in the SystemConfig table of the XpSystem database is 0.

A.4.4 OpenScape Client Uninstall

Use Windows Add/Remove Programs utility to remove the package.

A.4.5 OpenScape MCU Uninstall

Use Windows Add/Remove Programs utility to remove the package.

A.4.6 Media Server Uninstall

Use Windows Add/Remove Programs utility to remove the package and third party software.

A.4.7 Service Pack Uninstall

Due to Windows Installer technical limitation, service packs cannot be uninstalled.

A.5 Creating an SRV Record on DNS

This is done by the network administrator so that SIP phones can be addressed by the LC Serv-er via FQDN addressing.

Here is an example on how to create an SRV record on DNS (usually root domain controller).

1. Click Start->Programs->Administrative Tools->DNS.

2. Expand the forward lookup zone until you get to the child domain name.

3. Right click on child domain.

4. Select other new record.

5. Select service location from resource record type.

6. Select create record.

7. Enter _sips for Service.

8. Enter 5061 for port number.

>If you cannot remove the database, restart the Windows Management Instru-mentation and RTC service then try to delete the database.

If you still can’t delete it, restart your computer.


5454appa.fm

Nur für den internen Gebrauch ReferencesObtaining a SIP Phone Certificate

9. Enter the FQDN of one of your LC servers in the host offering service name field (i.e. “LC-server.domainchild.domainroot.net”).

The LC server could be a FES (Front End Server) if a FES is being used to reduce the load on home servers by redirecting initial registration request from clients to its correct home server.

If there is no FES being implemented, then use one of the LCS home servers. Only one SIP SRV Record on DNS is allowed per child domain.

If the client is not homed on the target of the DNS SRV Record, this server will redirect the registration request to its correct home server within the same domain. The current LC server version will not redirect clients to LC servers across domains.

The current SIP phone firmware will not support registration to LC servers across domains.

10. Click OK to create the SRV.

A.6 Obtaining a SIP Phone Certificate

Here is an example on how to obtain a certificate by using Microsoft Certificate Services. This is done by the network administrator. Certificates may also be obtained from a third party cer-tificate vendor such as Verisign. Wildcard certificates may be deployed to reduce the cost per certificate.

A.6.1 Creating and Issuing

This task must be done from the server where CA (Certification Authority) is installed. The CA server can be the root domain controller server or other server that was configured as the CA server.

1. Verify that the following components have been installed:

a) IIS

b) Certificate Services CA

c) Certificate Services Web enrollment support (this component must be installed after IIS)

2. To request a certificate on:

● Windows 2003, go to Section A.6.2.

● Windows 2002, go to Section A.6.3.



5454appa.fm

Obtaining a SIP Phone Certificate

A.6.2 Requesting (Windows 2003 Only)

Enterprise admin privileges are required to create a certificate. The steps below first involve removing the default certificate and then creating a new certificate.

1. Click Start->Administrative Tools->IIS Manager.

2. Expand Local Computer->Web Sites.

3. Right-click Default Web Site and select Properties.

4. Click the Directory Security tab, then click Server Certificate.

5. On the Welcome to Web Server Certificate Wizard screen, click Next.

6. Select Remove the server certificate, then click Next.

7. On the Remove a Certificate screen, click Next.

8. Click Finish.

9. At the Default Web Site Properties screen, click Server Certificate.

10. On the Welcome to Web Server Certificate Wizard screen, click Next.

11. Select Create a new certificate, then click Next.

12. On the Delayed or Immediate Request screen, select Send the request immediately to an online certification authority, then click Next.

13. Enter a name for the certificate, then click Next.

14. Enter the organization information, then click Next.

15. For the Common Name field, enter the FQDN of where the certificate will be installed (usually the OpenScape server), then click Next.

16. Enter the geographical information, then click Next.

17. On the SSL Port screen, accept the default of 443 and click Next.

18. On the Choose a Certification Authority screen, accept the default of the Root Certificate and click Next.

19. On the Certificate Request Submission screen, click Next.

20. Click Finish.

21. Go to Section A.6.4.


5454appa.fm

Nur für den internen Gebrauch ReferencesObtaining a SIP Phone Certificate

A.6.3 Requesting (Windows 2000 Only)

This task is performed (recommended) on the OpenScape server. The request is done by getting access to the certification service on the CA server.

1. Invoke the IE browser, and enter http://<ca_host>/certsrv, where <ca_host> can be ei-ther the host name or IP address of the CA server.

2. A Windows logon challenge is prompted. Enter the domain administrator user account and password of the CA server. This will bring up the Microsoft Certificate Services Welcome web page.

3. Select Request a certificate under the Select a task category, then click Next. This brings up the Choose Request Type page.

4. Select Advanced request, then click Next. This brings up the Advanced Certificate Re-quest page.

5. Select Submit a certificate request to this CA using a form, then click Next. The Ad-vanced Certificate Request page is displayed.

6. Select Web Server template from the Certificate template pull down menu.

7. Verify the Key Options on this page:

● CSP: Microsoft RSA SChannel Cryptographic Provider

● Key Usage: Exchange

● Key size: 1024

● Create new key set

● Automatic key container name

● Mark keys as exportable

● Request Format: CMC

● Hash Algorithm: SHA-1

8. Scroll down the page and click Submit.

9. A warning dialog of “Potential Scripting Violation” is shown. (No warning is displayed if an IP address is entered in the Name field.) Select Yes to request the certificate. The certifi-cate is now issued (and confirmed by the new web page).

10. Click the Install this certificate hyperlink. A warning dialog of “Potential Scripting Viola-tion” is shown. Select Yes to complete. The certificate is now made available.



5454appa.fm

Obtaining a SIP Phone Certificate

A.6.4 Locating

Performing this task on the OpenScape server is recommended. Logon with the <osinstall-er> account.

1. Invoke mmc via the Run command. Add the following Snap-in’s to the MMC console:

● Certificates – Current User

2. Expand Certificates–>Current User->Personal->Certificates. The certificate made available in the previous step is listed on the right side.

NOTE: The following steps apply to Windows 2000 only and involves exporting the cer-tificate.

3. Right-click on that certificate; select All Tasks and then Export… The Certificate Export Wizard is displayed.

4. Click Next. On the Export Private Key dialog, select Yes, export the private key and click Next again.

5. On the Export File Format dialog, verify that Personal Information Exchange – PKCS #12 (.PFX) is selected with the Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) option checked. Click Next.

6. On the Password dialog, enter and re-type the password for this certificate. (This password will be used during certificate installation.) Click Next.

7. On the File to Export dialog, enter a file name for the exported certificate file and browse to the path where the certificate file will be stored. Click Next.

8. Click Finish to complete the wizard. The certificate file is now ready for import.


5454AppB.fm

Nur für den internen Gebrauch Preparing Exchange 2000/2003 for OpenScapeEnabling WebDAV on the Exchange 2003 Server

B Preparing Exchange 2000/2003 for OpenScape

B.1 Enabling WebDAV on the Exchange 2003 Server

This is only required for the Exchange 2003 server.

Under IIS, click Web Service Extensions. On the right select WebDAV and click Allow to change it from Prohibited to Allowed.

B.2 Configuring the Account Security Privileges in the Exchange Server Stores

1. From the Exchange 2000/2003 server computer, click Programs->Microsoft Exchange->System Manager.

2. Drill down to the Server Storage Group. Repeat steps 3 to 6 for each applicable storage group (Note that Public Folder Store is not required)..

>The steps described in this appendix are to be given to the customer’s net-work administration for reference in how to set up the Exchange 2000/2003 server for OpenScape. This person must also work with the site telecom ad-ministrator to obtain extension numbers when creating the accounts.

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide B-1

Preparing Exchange 2000/2003 for OpenScape Nur für den internen Gebrauch

5454AppB.fm

Configuring the Account Security Privileges in the Exchange Server Stores

3. Right-click Mailbox Store->Properties.

4. On the Mailbox Store (CR-E2K) Properties dialog box, click the Security tab, then click Add.

5. Locate and select the <systemID>SiemensIC account. Click Add and then OK.

6. Click the boxes below for the mandatory permissions.

A31003-S5020-S100-1-7620, July 2004B-2 HiPath OpenScape V2.0, Installation Guide

5454AppB.fm

Nur für den internen Gebrauch Preparing Exchange 2000/2003 for OpenScapeConfiguring the Account Security Privileges in the Exchange Server Stores

7. Click OK and continue to next section.



5454AppB.fm

Converting the SiemensIC Account into an OpenScape User

B.3 Converting the SiemensIC Account into an OpenScape User

1. From the Active Directory window, double-click <systemID>SiemensIC, then click the Live Communications tab.

2. Click Enable Live Communications for this use.

3. For the SIP URI field, enter sip:<systemID>SiemensIC@domainname.

4. For the Home Server field, select the FQDN of the LC Server, then click Apply and OK.

5. Expand the OpenScape snap-in.

6. Expand User Management.

7. Right click on the User Management window, then click Add User.

8. In the Add New User window, do the following:

a) In the LC Home Server drop-down menu, select the LC Server name.

b) In the Search String, enter <systemID>SiemensIC. Click Browse...

c) Click <systemID>SiemensIC. Then click OK.

d) Click Next.

e) In the OpenScape System drop-down menu, select the OpenScape system name.

f) In the drop-down menu for User Type, select HiPath OpenScape. Click Next.

g) (Optional) Enter the Public (DID) Number.

h) Enter an extension number (refer to Table 3-14 on page 3-10). Click Next.

i) Enter a unique User ID Number.

j) Enter a password. Click Next.

k) Click Finish.

9. Confirm that <systemID>SiemensIC is included in the list as an OpenScape user.

B.4 Converting the SiemensCR Account into an OpenScape User

1. From the Active Directory window, double-click <systemID>SiemensCR, then click the Live Communications tab.


3. For the SIP URI field, enter sip:<systemID>SiemensCR@domainname.

4. For the Home Server field, select the FQDN of the LC Server, then click Apply and OK.


5454AppB.fm

Nur für den internen Gebrauch Preparing Exchange 2000/2003 for OpenScapeConverting the SiemensCR Account into an OpenScape User



7. Right click on the User Management window, then click Add User.



b) In the Search String, enter <systemID>SiemensCR. Click Browse...

c) Click <systemID>SiemensCR. Then click OK.

d) Click Next.


f) In the drop-down menu for User Type, select HiPath OpenScape. Click Next.

g) (Optional) Enter the Public (DID) Number.

h) Enter an extension number (refer to Table 3-14 on page 3-10). Click Next.

i) Enter a unique User ID Number.

j) Enter a password. Click Next.

k) Click Finish.

9. Confirm that <systemID>SiemensCR is included in the list as an OpenScape user.



5454AppB.fm

Installing Schedule+FreeBusy Information

B.5 Installing Schedule+FreeBusy Information

1. Verify that it is available.

2. Right-click Schedule+FreeBusy Information..., then click Properties..


5454AppB.fm

Nur für den internen Gebrauch Preparing Exchange 2000/2003 for OpenScapeInstalling Schedule+FreeBusy Information

3. Click the Replication tab and verify that the Public Folder Store for the Exchange 2000/2003 server appears in the list.

a) Multiple Exchange 2000/2003 Servers in the same domain

If there are multiple Exchange 2000/2003 servers servicing the same domain, you must add each Exchange 2000/2003 Public Folder Store in the replication list.



5454AppB.fm

Portals Installation

B.6 Portals Installation

B.6.1 Enabling SSL in IIS on the OpenScape Server

The OpenScape Portals must use a secure connection between the Web Server (IIS) and the Web Browser, so we need to enable Secure Sockets Layer in the IIS Manager.

1. Open the Internet Services (IIS) Manager (under Administrative Tools).

2. Expand the Web Sites folder, right-click the Default Web Site subfolder and select Prop-erties.

3. Select the Web Site tab and enter 443 in the SSL port field (NOTE: If this field is not ac-cessible, then skip to next step since no certificate has been installed.)

4. Select the Directory Security tab, then click Server Certificate. The Server Certificate Wizard will open. If the “View Certificate…” button is enabled, it means that you already have a certificate installed and you do not have to proceed unless you want to change the certificate.


5454AppB.fm

Nur für den internen Gebrauch Preparing Exchange 2000/2003 for OpenScapePortals Installation

5. If you decide to continue, click Next on the Welcome to the Web Server Certificate Wiz-ard screen.

6. On the Server Certificate screen, select Assign an existing certificate, then select Next.

7. On the Available Certificates screen, select the certificate that you have available, then click Next. You will use the same certificate that is used by the LC Server.

8. On the SSL Port screen, enter 443 for the SSL port number, then click Next.

9. Click Next on the Certificate Summary screen.

10. Then click Finish.

B.6.2 Enabling SSL for Outlook Web Access (OWA) on the Exchange Server

To integrate with the OpenScape Portals, the OWA must have Secure Sockets Layer (SSL) en-abled so it can be opened inside the Portals.

1. To enable SSL, we need to install a certificate in the IIS on the Exchange Server machine. Please follow the same instructions in Section B.6.1 on page B-8 (Enable SSL in IIS) and execute them on the Exchange Server (not on the OpenScape Server!). For further details on certificate configuration, refer to Microsoft Exchange documentation.

2. This operation needs to be done only once and please recall that, since there is only one Exchange Server per domain forest, enabling SSL for one Exchange Server will affect all child domains.



5454AppB.fm

Portals Installation

3. If SSL is not enabled for OWA, the following error page is shown instead of the Calendar and Inbox information.

B.6.3 Opening and Verifying the Portals in Internet Explorer

With everything ready and properly setup, you can finally open the Personal Portal web page in IE. The URL is http://<servername>/openscape/portals/default.aspx. The <servername> is your OpenScape server name. Please enter it in its fully qualified format (i.e.: applebee.app.de-vos.net), otherwise you will get a security warning every time you open the Portals.

Verify that the Personal Portal web page can be opened in IE.


5454AppC.fm

Nur für den internen Gebrauch Creating OpenScape Users for Media Server RoutingCRDirect

C Creating OpenScape Users for Media Server Routing

These users will be used in the Media Server Installation Guide.

C.1 CRDirect

1. In the Active Directory Users List, double-click <systemID>CRDirect, then click the Live Communications tab.


3. For the SIP URI field, enter sip:<systemID>CRDirect@domainname.

4. For the Home Server field, select the FQDN of LC Server, then click Apply and OK.



7. Right-click the User Management window, then click Add User.



b) In the Search String, enter <systemID>CRDirect. Click Browse...

c) Click <systemID>CRDirect. Then click OK.

d) Click Next.


f) In the drop-down menu for User Type, select Media Server. Click Next.

g) For the Application Name, enter CRDirectApp.

h) For the Contact Address, enter sip:<extensionno>@FQDN of the Media Server where extension number is the same as in step j. Click Next.

i) Enter the Public (DID) Number.

j) Enter an extension number (refer to Table 3-14 on page 3-10). Click Next.

>The steps described in this appendix are to be given to the network adminis-tration for creating OpenScape users for Live Communications Routing. This person must also work with the site telecom administrator to obtain extension numbers when creating the accounts.

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide C-1

Creating OpenScape Users for Media Server Routing Nur für den internen Gebrauch

5454AppC.fm

CRForward

k) Enter a unique User ID Number.

l) Enter a password. Click Next.

m) Click Finish.

9. Confirm that <systemID>CRDirect is included in the list as an OpenScape user.

C.2 CRForward

1. In the Active Directory Users List, double-click <systemID>CRForward, then click the Live Communications tab.


3. For the SIP URI field, enter sip:<systemID>CRForward@domainname.

4. For the Home Server field, select the FQDN of LC Server, then click Apply and OK.



7. Right-click the User Management window, then click Add User.



b) In the Search String, enter <systemID>CRForward. Click Browse...

c) Click <systemID>CRForward. Then click OK.

d) Click Next.


f) In the drop-down menu for User Type, select Media Server. Click Next.

g) For the Application Name, enter CRForwardApp.

h) For the Contact Address, enter sip:<extensionno>@FQDN of the Media Server where extension number is the same as in step j. Click Next.

i) Enter the Public (DID) Number.

j) Enter an extension number (refer to Table 3-14 on page 3-10). Click Next.

k) Enter a unique User ID Number.

l) Enter a password. Click Next.

m) Click Finish.

A31003-S5020-S100-1-7620, July 2004C-2 HiPath OpenScape V2.0, Installation Guide

5454AppC.fm

Nur für den internen Gebrauch Creating OpenScape Users for Media Server RoutingCreating Forwarding Rule Target

9. Confirm that <systemID>CRForward is included in the list as an OpenScape user.

C.3 Creating Forwarding Rule Target

1. Expand the OpenScape snap-in and the server where CRForward is a member.

2. Expand System Management.

3. Click System Destination.

4. Right-click on the System Destination Administration window, then select Add Destina-tion.

5. For the Destination Name field, enter VoiceMail.

6. For the Contact Address field, enter sip:<systemID>CRForward@<domain_name> where <domain_name> is your domain.

7. For the Destination Type field, select Media Server from the dropdown menu.

8. Click OK.

9. Click Close on the System Destination Administration window.

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide C-3

Creating OpenScape Users for Media Server Routing Nur für den internen Gebrauch

5454AppC.fm

Creating Forwarding Rule Target

A31003-S5020-S100-1-7620, July 2004C-4 HiPath OpenScape V2.0, Installation Guide

5454AppD.fm

Nur für den internen Gebrauch Settings Changed by the Environment Preparation ToolRoot Domain

D Settings Changed by the Environment Preparation Tool

This tool -

● creates the following groups and accounts during OpenScape Environment Prepara-tion in Chapter 8

● sets permissions on Active Directory objects

● sets CIM namespace permissions

D.1 Root Domain

D.1.1 Accounts and Groups

Object: CN=OpenScape Service

D.1.2 Permissions

Object: CN=Global Settings, CN=RTC Service, CN=Microsoft, CN=System, DC=X

Object: CN=OpenScape Global Settings, CN=Siemens, CN=System, DC=X (not set for EDM Mode)

Object Default Name Object Type Members Member of

OpenScape Service Group - Domain Local

Child Domain1\OSsvcChild Domain2\OSsvc

Permissions Trustee

Read Access OpenScape Service group of the root do-main

Permissions Trustee

Read all properties, Write all propertiesCreate all child objects, Delete all child objects

OpenScape Service group of the root do-main

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide D-1

Settings Changed by the Environment Preparation Tool Nur für den internen Gebrauch

5454AppD.fm

Child Domain Hosting OpenScape Servers

D.1.3 Permissions on the Domain-DNS Object

OpenScape Service group is given the following access on the Domain-DNS object:

● Read permission on RTCUserSearchPropertySet

● Read permission on RTCPropertySet

● Read Public information for User objects

● Replicate Directory changes permission

● Read/ Write/ Delete Permissions on SiemensOSPropertySet (not set for EDM Mode)

D.2 Child Domain Hosting OpenScape Servers


Object: CN=OpenScape User

Object: CN=OpenScape Admin


OpenScape User Group - Domain Local

All OpenScape usersOSsvcOSWeb<systemID>OSUNS<systemID>OSRTP<systemID>SiemensCR<systemID>SIemensIC<systemID>CRDirect<systemID>CRForwardOpenScape AdminOpenScape Service


OpenScape Admin Group - Domain Local

OpenScape Service<osinstaller>

OpenScape UserAdministrator (Local on OS, RD, TFA, EDM)

A31003-S5020-S100-1-7620, July 2004D-2 HiPath OpenScape V2.0, Installation Guide

5454AppD.fm

Nur für den internen Gebrauch Settings Changed by the Environment Preparation ToolChild Domain Hosting OpenScape Servers


Object: CN=OSsvc

Object: CN=OSWeb

Object: CN=<systemID>OSRTP



OSsvcOSweb<systemID>OSUNS<osinstaller>Child Domain2\OSsvc

OpenScape UserOpenScape Admin

Object Default Name Object Type Member of

OSsvc UserNot LC User

OpenScape ServiceChild Domain2\OpenScape ServiceUser Domain1\OpenScape ServiceOpenScape UserRTCDomainUserAdminsAdministrators (local on OS, MCU, MS, RD)RTC Server Applications (local on RD server)IIS_WPG (local on OS server)


OSWeb UserNot LC User

OpenScape UserOpenScape ServiceIIS_WPG (local on OS server


<systemID>OSRTP UserSIP-enabled LC User

OpenScape User



5454AppD.fm


Object: CN=<systemID>OSUNS

Object: CN=<osinstaller>

Object: CN=<systemID>SiemensCR

Object: CN=<systemID>CRDirect

Object: CN=<systemID>CRForward

Object: CN=<systemID>SiemensIC


<systemID>OSUNS UserSIP-enabled LC User

OpenScape UserOpenScape ServiceAdministrators (local on OS server)


any but should be a pre-existing user

User Domain UsersOpenScape AdminOpenScape ServiceRTCDomainUserAdminsAdministrators (local on OS, SQL, MCU, MS, RD, TFA)


<systemID>SiemensCR User - SIP-enabled OpenScape User


<systemID>CRDirect User - SIP-enabled OpenScape User


<systemID>CRForward User - SIP-enabled OpenScape User


<systemID>SiemensIC User - SIP-enabled OpenScape User


5454AppD.fm

Nur für den internen Gebrauch Settings Changed by the Environment Preparation ToolChild Domain Hosting OpenScape Servers

D.2.2 Permissions

Object: OpenScape User

Object type: Group

Object: OpenScape Admin

Object type: Group

Object: OSsvc

Object type: User








OpenScape Admin group is given the following access on the Domain-DNS object:




Permissions Trustee

Full Control OpenScape Service

Full Control OpenScape Admin

Permissions Trustee

Full Control OpenScape Service

Permissions Trustee

Read/Write Access to all its properties OSsvc



5454AppD.fm


● Read Permissions on SiemensOSPropertySet (not set for EDM Mode)

D.2.4 Permissions on the Service Connection Point (Child of Computer Object for Computers Hosting OpenScape Core, RD, TFA)

The following Service Connection Point is created: Siemens OpenScape

Object CN=Siemens OpenScape

D.2.5 Permissions on the EDM Server

The following Service Connection Point is created: Siemens OpenScape

Object CN=Siemens OpenScape

Object CN=<EDM Server>

D.2.6 Access Rights to the OpenScape Database

The OpenScape service group and OpenScape Admin group are provided db owner privileges. The OpenScape User group has read permissions on the OpenScape databases.

D.2.7 Access Rights on the WMI CIM Repository (for servers hosting OpenScape Core, RD, TFA, EDM, MCU, MS)

Some OpenScape settings are stored in the Windows Management Instrumentation (WMI) Common Information Model (CIM) repository, therefore:

The following namespace is created: Root\Siemens\RTCB

Namespace: Root\Siemens\RTCB

Permissions Trustee

Read Access, Read Access to all child objects Authenticated Users

Full Control OpenScape Service group<osinstaller> user

Permissions Trustee

Read Access, Read Access to all child objects Authenticated Users

Permissions Trustee

Full Control OpenScape Service group<osinstaller> user


5454AppD.fm

Nur für den internen Gebrauch Settings Changed by the Environment Preparation ToolChild Domains Containing User Objects Only

Namespace: Root\CimV2

D.3 Child Domains Containing User Objects Only










Permissions Trustee

Full Control OpenScape Service groupOpenScape Admin group

Deny inherited rights Everyone

Permissions Trustee

Full Control OpenScape Service groupOpenScape Admin group



Child Domain1\OSsvcChild Domain2\OSsvc

Domain Users



5454AppD.fm

Child Domains Containing User Objects Only


5454secu.fm

Nur für den internen Gebrauch IPSec Security SettingsOverview

E IPSec Security Settings

This appendix provides information and instructions about securing the communication be-tween servers with Windows IPSec configured on the servers. It provides an authentication "white list" to ensure that network messages are accepted only from configured servers, i.e. to ensure that they do not come from an unauthorized endpoint. IPSec also provides privacy and integrity-checking for network messages.

E.1 Overview

The procedures involve:

● Setting up a custom MMC console

● Creating a new IPSec policy

The IPSec policy involves securing communication between servers. OpenScape uses the IP Security (IP Sec) Protocol provided by Windows 2000 and above. IPSec is used between the following servers (refer to Table E-1 on page E-2 for list of supported configurations):

● Media Server and the LC Server

● Media Server and the OpenScape Server

● MCU and the LC Server (if on different machines)

● LCS and the OpenScape Server (if on different machines)

● MCU and the OpenScape Server (if on different machines)

● MC and MP (if on different machines)

● LCS and Gateway (if it supports IPSec)

Note: It is not important where the SQL Server is located for the security settings.

You will be creating IPSec filters from Media Server, LCS, OpenScape and MCU (or MC and MP) based upon the installation scenario.

>NOTE: Logon with the <osinstaller> account to perform these IPSec security settings.

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide E-1

IPSec Security Settings Nur für den internen Gebrauch

5454secu.fm

Overview

Table E-1 lists the supported OpenScape installation scenarios.

Scenario Machine A

Machine B

Machine C

Machine D

Machine E

Machine F

Machine G

Machine H

1 LCS Open-Scape, MC, and MP

Media Server

2 LCS, Open-Scape MC

Media Serve

MP

3 LCS MC and MP

Media Serve

Open-Scape

4 LCS and Open-Scape

Media Serve

MC and MP

5 LCS and MC

Media Serve

Open-Scape

MP MP (op-tional)

MP (op-tional)

MP (op-tional)

6 LCS Media Serve

MC and Open-Scape

MP MP (op-tional)

MP (op-tional)

MP (op-tional

7 LCS and Open-Scape

Media Serve

MC MP MP (op-tional)

MP (op-tional)

MP (op-tional)

8 LCS Media Serve

Open-Scape

MC MP MP (op-tional)

MP (op-tional)

MP (op-tional)

Table E-1 Supported Installation Scenarios

A31003-S5020-S100-1-7620, July 2004E-2 HiPath OpenScape V2.0, Installation Guide

5454secu.fm

Nur für den internen Gebrauch IPSec Security SettingsCreating a Custom MMC Console for IPSec Configuration

E.2 Creating a Custom MMC Console for IPSec Configuration

To create a custom IPSec configuration MMC snap-in for the local computer, on which IPSec is being configured:

1. From the Windows desktop, click Start-> Run, and in the Open textbox, type mmc, then click OK.

2. On the Console menu, click Add/Remove Snap-in.

3. In the Add/Remove Snap-in dialog box, click Add.

4. In the Add Standalone Snap-in dialog box, click IP Security Policy Management and then click Add.

5. Verify that the local computer is selected and click Finish.

6. On the Add Standalone Snap-in dialog box, click Close.

7. On the Add/Remove Snap-in dialog box, click OK.

8. Click the File menu and select Save As…

9. Type a name (Example: IPSecPolicies) and click OK. You will then see the IPSecPolicies Console Root window.



5454secu.fm

Creating a New IPSec Policy for Media Server on the Media Server Server Machine

E.3 Creating a New IPSec Policy for Media Server on the Media Server Server Machine

1. From the IPSec Configuration MMC console menu, click IP Security Policies on Local Computer and then click Create IP Security Policy.

2. On the IPSecurity Policy Wizard welcome screen, click Next.

3. Enter a name for this policy (required) and description (optional), then click Next.

For example, Name: Siemens OpenScape V2.0 IPSec Policy.

4. On the Requests for Secure Communication dialog box, uncheck the Activate the de-fault response rule check box and click Next.

5. On the Completing the IP Security policy wizard dialog box, select the Edit Properties check box, then click Finish.

6. On the new policy’s properties window, click Add.

7. On the Welcome to the Create IP Security Rule Wizard dialog box, click Next.

8. On the Tunnel Endpoint dialog box, select This rule does not specify a tunnel, then click Next.

9. On the Network Type dialog box, select All network connections, then click Next.

10. Windows 2000 server only. On the Authentication Method dialog box, select Active Directory default (Kerberos V5 protocol), then click Next. Ignore this step on Windows 2003 server.

11. On the IP Filter List dialog box, click Add.

12. In the Name file, enter a name for the Media Server IP Filter List. Enter a description also in the Description field.

13. Complete Section E.3.1, Section E.3.2, and Section E.3.3.

14. On the IP Filter List dialog box, select the newly-created filter list that you created in step 12 above, then click Next.

15. On the Filter Action dialog box, select Require Security, then click Next.

16. Windows 2003 server only. On the Authentication Method dialog box, select Active Di-rectory default (Kerberos V5 protocol), then click Next. Ignore this step on Windows 2000 server.

17. On the Completing the New Rule Wizard dialog box, uncheck Edit Properties if it is checked, then click Finish.


5454secu.fm

Nur für den internen Gebrauch IPSec Security SettingsCreating a New IPSec Policy for Media Server on the Media Server Server Machine

18. On the new policy’s properties dialog box, select the newly-created filter list that you cre-ated in step 12 above.

19. Proceed to Section E.7, “Setting the Block Rule”, on page E-21 to setup the Block Rule for the Media Server.

20. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).

21. On the MMC console, right-click the newly-created IPSec security policy and select As-sign. This assigns the security policy to the machine and makes it active. Now you should see Yes under Policy Assigned.

22. Continue to Section E.4 on page E-8.

E.3.1 Media Server to LC Server

1. Click Add to add a filter.

2. On the IP Filter Wizard window, click Next.

3. On Windows 2003 Server, type the description (optional) and keep the Mirrored check box checked. On Windows 2000, this step is not shown.

4. On the IP Traffic Source window, select My IP Address from the Source address drop-down menu, then click Next.

5. On the IP Traffic Destination window, select A specific IP Address from the Destination Address dropdown menu, and enter the IP address of the LC Server machine in the IP address field, then click Next.

6. On the IP Protocol Type window, select TCP from the Select a protocol type dropdown menu, then click Next.



5454secu.fm

Creating a New IPSec Policy for Media Server on the Media Server Server Machine

7. On the IP Protocol Port window, for source, select From any port. Then select To this port and enter the trusted port number configured on LCS or 50000 (default). Click Next.

8. Click Finish.

9. Continue to Section E.3.2.

E.3.2 LC Server to Media Server




4. On the IP Traffic Source window, select A specific IP Address from the Destination Ad-dress dropdown menu and enter the IP address of the LC Server machine (refer to Table 3-12 on page 3-8) in the IP address field, then click Next.

5. On the IP Traffic Destination window, select My IP Address from the Source address dropdown menu, then click Next.

6. On the IP Protocol Type window, select TCP from the Select a protocol type dropdown menu, then click Next).

7. On the IP Protocol Port window, for source, select From any port. Then select To this port and enter 5060 or the port number configured on Media Server for SIP messages from LCS. Click Next.

8. Click Finish.


E.3.3 Media Server to License Server (OpenScape)





5. On the IP Traffic Destination window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the OpenScape Server machine in the IP Address field, then click Next.


5454secu.fm

Nur für den internen Gebrauch IPSec Security SettingsCreating a New IPSec Policy for Media Server on the Media Server Server Machine

6. On the IP Protocol Type window, select UDP from the Select a protocol type dropdown menu, then click Next.

7. On the IP Protocol Port window, select From any port. Then select To this port and enter 4321 in the blank field for the port number, then click Next.

8. Click Finish.

9. Return to step 15 on page E-8.



5454secu.fm

Creating a New IPSec Policy for LC Server on the LC Server Machine

E.4 Creating a New IPSec Policy for LC Server on the LC Server Machine

1. Repeat steps 1 to 11 on page E-4.

2. In the Name file, enter a name for the LC Server IP Filter List. Enter a description also in the Description field.

3. Complete Section E.4.1 and Section E.4.2.

4. If LCS and MCU are on separate servers, then complete Section E.4.3 and Section E.4.4; otherwise, go to next step.

5. If LCS and OpenScape are on separate servers, then complete Section E.4.5; otherwise, go to next step.







12. Proceed to Section E.7, “Setting the Block Rule”, on page E-21 to setup the Block Rule for the LC Server.

13. If you do not have a gateway in your setup, skip this step. Otherwise, if the gateway does not support IPSec (Vegastream, Mediatrix), proceed to Section E.4.7 on page E-12; if it does, proceed to Section E.4.6 on page E-11.





5454secu.fm

Nur für den internen Gebrauch IPSec Security SettingsCreating a New IPSec Policy for LC Server on the LC Server Machine

E.4.1 LCS to Media Server





5. On the IP Traffic Destination window, select A specific IP Address from the Destination Address dropdown menu and enter the IP address of the Media Server machine (refer to Table 3-12 on page 3-8), then click Next.


7. On the IP Protocol Port window, for source, select From any port. Then select To this port and enter 5060 or the port number configured on Media Server for SIP messages from LCS. Click Next.

8. Click Finish.


E.4.2 Media Server to LCS




4. On the IP Traffic Source window, select A specific IP Address from the Destination Ad-dress dropdown menu and enter the IP address of the Media Server Machine (refer to Ta-ble 3-12 on page 3-8), then click Next.



7. On the IP Protocol Port window, select From any port. Then select To this port and enter the trusted port number configured on LCS or 50000 (default). Click Next.

8. Click Finish.



5454secu.fm



E.4.3 LCS to MCU





5. On the IP Traffic Destination window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the MCU Server machine (refer to Table 3-12 on page 3-8) in the IP Address field, then click Next.


7. On the IP Protocol Port window, select From any port. Then select To this port and enter 5060 or the port number configured on the MCU server for SIP messages from LCS. Click Next.

8. Click Finish.


E.4.4 MCU to LCS




4. On the IP Traffic Source window, select A specific IP Address from the Destination ad-dress dropdown menu. Enter the IP address of the MCU Server machine in the IP Ad-dress field, then click Next.


>This section and Section E.4.4 only apply if the LCS and MCU are on separate ma-chines.


5454secu.fm




8. Click Finish.


E.4.5 LCS to B2BUA (OpenScape Server)





5. On the IP Traffic Destination window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the OpenScape Server machine in the IP Address field, then click Next.


7. On the IP Protocol Port window, select From any port. Then select To this port and enter 21020 or the port number configured for B2BUA. Click Next.

8. Click Finish.


E.4.6 LCS to a Gateway that supports IPSec

This procedure applies only when you are using a gateway that supports IPSec. Ensure to set-up IPSec on the gateway by referring to the gateway manufacturer’s documentation.

Do not perform this step If you do not have a gateway in your setup or if your gateway does not support IPSec.

>This section only applies if the LCS and OpenScape Server are on separate ma-chines.



5454secu.fm


1. From LCS: Click Add to add a filter.



4. On the IP Traffic Source window, select A specific IP Address from the Destination ad-dress dropdown menu. Enter the IP address of the gateway in the IP Address field, then click Next.




8. Click Finish.


E.4.7 LCS to a Gateway that does not support IPSec

This procedure is required for gateways that does not support IPSec like Vegastream and Me-diatrix. This filter allows a Gateway to connect to LCS trusted port in spite of setting the Block Rule (Section E.7) that blocks connections to this port from any other IP addresses other than OpenScape, MCU and Media Server.

1. After adding the block rule from step 12 on page E-8, click Add.

2. On the Security Rule Wizard window, click Next.

3. On the Tunnel Endpoint window, select This rule does not specify a tunnel, then click Next.

4. On the Network Type window, select All network connections, then click Next.

5. For Windows 2000 server only: Select Active Directory default (Kerberos V5 proto-col), then click Next. This step does not appear on a Windows 2003 server

6. On the IP Filter List window, click Add.

7. On the next IP Filter List window, enter Allow Gateway in the Name field. Enter a descrip-tion of the new IP filter in the Description field. Then click Add.

8. On the IP Filter Wizard welcome window, click Next.


5454secu.fm



10. On the IP Traffic Source window, select A specific IP Address from the Source address dropdown menu, then enter the IP Address of the Gateway. Click Next.

11. On the IP Traffic Destination window, select My IP Address from the Destination ad-dress dropdown menu and click Next.


13. On the IP Protocol Port window, select From any port Then select To this port and enter the trusted port number of the LC server. Click Next.

14. Click Finish.


16. Check the newly-created IP Filter List radio button, Allow Gateway and click Next.

17. On the Filter Action window, select the Permit radio button and click Next.

18. Uncheck Edit Properties if it is checked and click Finish.

19. Check Allow Gateway, then click Next.

20. On the Filter Action window, select Permit, then click Next.

21. Uncheck Edit Properties if checked, then click Finish.

22. On the Properties window, check Allow Gateway if not already done.





5454secu.fm

Creating a New IPSec Policy for OpenScape on the OpenScape Server Machine

E.5 Creating a New IPSec Policy for OpenScape on the OpenScape Server Machine


2. In the Name file, enter a name for the OpenScape IP Filter List. Enter a description also in the Description field.

3. Complete Section E.5.1.

4. If OpenScape and LCS are on separate servers, then complete Section E.5.2; otherwise, skip to next step.

5. If OpenScape and MCU are on separate servers, then complete Section E.5.3; otherwise, skip to next step.







12. Proceed to Section E.7, “Setting the Block Rule”, on page E-21 to setup the Block Rule for the OpenScape Server.




E.5.1 License Server (OpenScape) to Media Server




5454secu.fm

Nur für den internen Gebrauch IPSec Security SettingsCreating a New IPSec Policy for OpenScape on the OpenScape Server Machine


4. On the IP Traffic Source window, select A specific IP Address from the Destination ad-dress dropdown menu. Enter the IP address of the Media Server machine (refer to Table 3-12 on page 3-8) in the IP Address field, then click Next.



7. On the IP Protocol Port window, select From any port. Then select To this port and enter 4321 in the blank field for the port number, then click Next.

8. Click Finish.


E.5.2 B2BUA (OpenScape Server) to the LCS




4. On the IP Traffic Source window, select A specific IP Address from the Destination ad-dress dropdown menu. Enter the IP address of the OpenScape Server machine (refer to Table 3-12 on page 3-8) in the IP Address field, then click Next.



7. On the IP Protocol Port window, select From any port. Then select To this port and enter the LCS trusted port number or 50000 (default). Click Next.

8. Click Finish.


>This section only applies if the LCS and OpenScape Server are on separate ma-chines.



5454secu.fm

Creating a New IPSec Policy for OpenScape on the OpenScape Server Machine

E.5.3 License Server (OpenScape) to MCU




4. On the IP Traffic Source window, select A specific IP Address from the Destination ad-dress dropdown menu. Enter the IP address of the MCU Server (refer to Table 3-12 on page 3-8) machine in the IP Address field, then click Next.



7. On the IP Protocol Port window, select From any port. Then select To this port and enter 4321. Click Next.

8. Click Finish.


>This section only applies if the MCU and OpenScape Server are on separate ma-chines.


5454secu.fm

Nur für den internen Gebrauch IPSec Security SettingsCreating a New IPSec Policy for MCU on MCU Server Machine

E.6 Creating a New IPSec Policy for MCU on MCU Server Machine


2. In the Name file, enter a name for the MCU IP Filter List. Enter a description also in the Description field.

3. If MCU and LCS are on separate servers, then complete Section E.6.1 and Section E.6.2; otherwise, skip to next step.

4. If MCU and OpenScape are on separate servers, then complete Section E.6.3; otherwise, skip to next step.

5. If MC and MP are on separate servers, then complete Section E.6.4 and Section E.6.5; otherwise, skip to next step.







12. Proceed to Section E.7, “Setting the Block Rule”, on page E-21 to setup the Block Rule for the MCU Server.



15. Continue to the next chapter.

E.6.1 MCU to LCS

>This section and Section E.6.2 only apply if the LCS and MCU are on separate ma-chines.



5454secu.fm

Creating a New IPSec Policy for MCU on MCU Server Machine





5. On the IP Traffic Destination window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the LC Server machine (refer to Table 3-12 on page 3-8) in the IP Address field, then click Next.



8. Click Finish.


E.6.2 LCS to MCU




4. On the IP Traffic Source window, select A specific IP Address from the Destination ad-dress dropdown menu. Enter the IP address of the LC Server machine in the IP Address field, then click Next.



7. On the IP Protocol Port window, select From any port. Then select To this port and enter 5060 or the port number configured on the MCU for SIP messages from LCS. Click Next.

8. Click Finish.



5454secu.fm

Nur für den internen Gebrauch IPSec Security SettingsCreating a New IPSec Policy for MCU on MCU Server Machine

E.6.3 MCU to License Server (OpenScape)





5. On the IP Traffic Destination window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the OpenScape Server machine (refer to Table 3-12 on page 3-8) in the IP Address field, then click Next.



8. Click Finish.


E.6.4 MC to MP

1. From MC: Click Add to add a filter.



4. On the IP Traffic Source window, select A specific IP Address from the Destination ad-dress dropdown menu. Enter the IP address of the MP machine (refer to Table 3-12 on page 3-8) in the IP Address field, then click Next.


>This section only applies if OpenScape and MCU are on separate machines.

>This section and Section E.6.5 only apply if the MC and MP are on separate ma-chines.



5454secu.fm

Creating a New IPSec Policy for MCU on MCU Server Machine



8. Click Finish.


E.6.5 MP to MC

1. From each MP: Click Add to add a filter.




5. On the IP Traffic Destination window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the MC machine (refer to Table 3-12 on page 3-8) in the IP Address field, then click Next.



8. Click Finish.



5454secu.fm

Nur für den internen Gebrauch IPSec Security SettingsSetting the Block Rule

E.7 Setting the Block Rule

This mandatory configuration step must be performed to secure the trusted port of the LC Serv-er on the LC server machine, B2BUA and license server ports on the OpenScape server ma-chine, MCU and MEGACO ports on MCU server machine, and the Media Server port on the Media Server machine. If this mandatory step is not performed, the LC server, B2BUA, and Me-dia Server will be open to security breaches. This rule is set only for the Media Server, LCS, OpenScape and MCU after the filters are set for those machines.

Complete the block rule for the specified server:

1. After selecting the newly-created filter list, click Add.

2. On the Security Rule Wizard welcome window, click Next.

3. On the Tunnel Endpoint window, select This rule does not specify a tunnel, then click Next.

4. On the Network Type window, select All network connections, then click Next.

5. For Windows 2000 server only: Select Active Directory default (Kerberos V5 proto-col), then click Next. This step does not appear on a Windows 2003 server.

6. On the IP Filter List window, click Add. Then in the new window, enter Block Port as the name of the IP Filter List. Then click Add.

7. On the IP Filter Wizard welcome window, click Next.

8. For Windows 2003 Server only: Enter the description (optional) and keep the Mirrored check box checked. On Windows 2000, this step is not shown.

9. On the IP Traffic Source window, select Any IP Address from the Source address drop-down menu, then click Next.

10. On the IP Traffic Destination window, select My IP Address from the Destination ad-dress drop down menu, then click Next.

11. On the IP Protocol Type window, select port type from Table E-2 depending on the appli-cation, then click Next.



5454secu.fm

Setting the Block Rule

12. On the IP Protocol Port window, select From any port. Then select To this port and enter the port number in Table E-2 depending on the application. Click Next.

13. Click Finish.

14. If two or more applications mentioned in Table E-2 are on the same server machine then repeat steps 7 to 13 for those applications. NOTE: A block rule must be set for each of these applications.


16. Select Block Port, then click Next.

17. In the Filter Action window, click Add.

18. On the Filter Action Wizard welcome window, click Next.

19. On the Filter Action Name window, enter Block in the Name field, then click Next.

20. On the Filter Action General Options window, select Block, then click Next.

21. Click Finish.

22. On the Filter Action window, select the newly-created Block, then click Next.

23. On Completing the New Rule WIzard window, uncheck Edit Properties if it is checked, then click Finish.

24. On the Properties window, check the newly-created Block Port checkbox if not already done.


26. Return to the section that asked to do this block rule.

Application (Server Ma-chine)

Port Number (refer to Table 3-13 on page 3-9)

Port Type

LC server machine Trusted port # on LCS (50000) TCP

B2BUA (OpenScape) Port # configured on B2BUA for SIP messag-es from LCS (default is 21020)

TCP

License Server (Open-Scape) See note below

Port # configured for License Server (default is 4321)

UDP

Media Server Port #r configured on Media Server to receive SIP messages from LCS (default is 5060)

TCP

MCU (MCU) Port # configured on MCU to receive SIP mes-sages from MC (default is 5060)

TCP

MCU (MCU) 2945 (MEGACO port) TCP

Table E-2 Port Number Allocation


5454AppF.fm

Nur für den internen Gebrauch OpenScape Installation - Tools, Utilities and HintsCheckSPN

F OpenScape Installation - Tools, Utilities and Hints

This appendix describes the tools, utilities, and hints used to install OpenScape.

F.1 CheckSPN

CheckSPN is a utility that is available through LCS Administration tools. This utility may be used to verify the Service Principal Name (SPN) for the system. If the SPN for a system is not reg-istered, Kerberos communication is not possible.

To access this utility, installing the LCS Administration tools from the LCS package.

Additional information on this utility is available in the CheckSPNReadme in the Resource Kit.

F.2 MSMQ

To confirm that the Microsoft Messaging Queue Service (MSMQ) is running:

1. In Control Panel, open Add or Remove Programs.

2. Click Add/Remove Windows Components.

3. Click Application Server and click Details.

4. Verify that the status of the Message Queuing service is Started.

F.3 OpenScape RTC Tool

This GUI-based tool allows users to configure the desired RTC Settings without the need to go into the RTC CIM repository directly. This tool should be run ONLY on those machines which has the Microsoft Live Communications Server installed on them.

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide F-1

OpenScape Installation - Tools, Utilities and Hints Nur für den internen Gebrauch

5454AppF.fm

OpenScape RTC Tool

USAGE:

This tool provides you with the following 8 options for perform various configuration tasks on your LCS.

F.3.1 Display Current RTC Configuration

This option will only display the necessary RTC configuration settings that are already existing on your LCS system. It will not create or update any settings as such. From this, you can ana-lyze if you have the correct settings or not. If required you can copy the results from the output screen and save it in a file for reference purposes. On the bottom of the screen you’ll see the “Results” section which says what all settings are appropriate for OpenScape to function prop-erly. Note: By default this tool takes the port as 50000. So, if you see a “FAILED *” message succeeding it, that even though you have created a B2B communication port, it is okay, as you can have a different non 50000 port configured on your system for OpenScape usage.

F.3.2 Create new “RTC Port”

This option will create a new port on your LCS so that your applications can communicate with the LCS on that port. The screen looks like this:

A31003-S5020-S100-1-7620, July 2004F-2 HiPath OpenScape V2.0, Installation Guide

5454AppF.fm

Nur für den internen Gebrauch OpenScape Installation - Tools, Utilities and HintsOpenScape RTC Tool

By default, the port value is set to 50000, which you can change as desired. Selecting the Trusted or Un-trusted option will create this port as “Trusted” or “Un-Trusted”, respectively.

F.3.3 Set “RTC Port Trusted/un-Trusted”

This option will only set an already existing RTC port to Trusted or Un-Trusted as desired. Note: This will not create a new RTC port.

F.3.4 Create new “Static Route”

This option will create a new Static Route based on the information as provided in the fields on the following screen:



5454AppF.fm

OpenScape RTC Tool

Here the default port value has been set as 5060 but you can change it to whatever you need top set it to. Match Uri is required in the format “sip:….” E.g. sip:*@siemens.com because this will be the match pattern, and Next Hop is the FQDN of the domain or “machine-name.fully-qualified-domain” i.e. the destination where all messages that match the pattern set in the Match Uri to this address.

F.3.5 Set “Static Route” Trusted/un-Trusted

This option will not create any new Static Routes; instead will only set an already existing Static Route to Trusted or un-Trusted as desired. This task you can perform from the screen as dis-played below:


5454AppF.fm

Nur für den internen Gebrauch OpenScape Installation - Tools, Utilities and HintsOpenScape RTC Tool

F.3.6 Create Application Uri

This option will help you create an new Application Uri as desired. For doing so, you will need to provide all the information as requested in the fields as shown in the screen below:

Click Browse… to browse though your system file system to get the file and location that you may want to provide in the “Script Path”. This is not a mandatory field as you can have Appli-cation Uri’s that don’t need a routing (i.e. a “.am”) script.

F.3.7 Re-Sequence Application Priority

This option will display a question dialog box confirming to you if you really perform the re-se-quence operation or not.

Click Yes to re-sequence operation on the “Siemens Routing Dispatcher” specific Application Uri that already exists on your LCS system. By re-sequence, it means that it will push the Ap-plication Uri entry for “Siemens Routing Dispatcher” to the top of the Application Priority list in the LCS CIM tables. This will enable all messages (for which the application or service has reg-istered for) to be first presented to the application which has used this Application Uri to register with the LCS. Click No to not do any re-sequence operation.

F.3.8 Configure All OpenScape Specific RTC Settings

This option will help you configure setting on the LCS as required by OpenScape to function properly. Only those fields for which information has been supplied by the user, those specific settings will be performed. No other setting will be performed apart from that. This will be noti-fied to the user in a message box in the form of a WARNING also. That way the user performing this operation will know what all settings were done and what not. By default a few fields will be



5454AppF.fm

OpenScape Scripting Framework

filled with default values. You can change them as desired. Note: When you have keyed in the gateway names and/or the dial plan information, you must click + located on the right side of the list to add it to that list. Without doing so, the Static Routes for that particular gateway will not be created. Same case for the Global RTC Domain settings information, you must add it to the list first and then click Perform RTC Configuration.

The screen for performing this task will look as shown in the figure below:

Click Clear to clear all contents from all fields as displayed on this screen. It will also delete and empty the lists that you might have filled with the gateway or Global RTC Domain information.

F.4 OpenScape Scripting Framework

The OpenScape Scripting Framework provides a way to add multiple users to Active Directory, and configure and enable them as Live Communications users. Additionally, Live Communica-tions users can be automatically converted into OpenScape users with the OpenScape Script-ing Framework.

Additional administration scripts are included with the OpenScape Scripting Framework, but are not described in this document. Refer to the documentation inside the tool.

Installation

The OpenScape Scripting Framework tool is installed during OpenScape installation and is lo-cated in the \Siemens\OpenScape\tools folder, under ScriptingFW.


5454AppF.fm

Nur für den internen Gebrauch OpenScape Installation - Tools, Utilities and HintsOpenScape Scripting Framework

To launch the tool, double click OSScriptingFW.hta.

Recommendations

● The tool should be run by a Domain Administrator, or a user with permissions to read and modify Active Directory and the OpenScape Database.

● The tool should be run on the OpenScape server.

Running the OpenScape Scripting Framework

F.4.1 Adding Users

1. Double-click OSScriptingFW.hta.

2. In the drop-down box labeled Categories, select OpenScape User Management.

3. In the field labeled Tasks, select Create LCS Users.

4. The following screen will appear.

Enter Script Parameters:

● numUsers – the number of user you wish to create.

● OU – the Organizational Unit the users will be added to.

● sAMAccountName – the base account name for the users (account names are in-dexed from 1 to number).



5454AppF.fm


● telephoneNumber – the base telephone number must contain only numeric digits.

● lcServer – the host name of the LC server.

5. Verify that the data you entered is correct, then click Run Command. The following screen will appear.

6. You may verify that the users were created by opening Active Directory Users and Com-puters, expand the node representing your domain, and clicking on the newly created Or-ganizational Unit.

F.4.2 Converting LCS Users to OpenScape Users

1. In the drop-down box labeled Categories, select OpenScape User Management.

2. In the field labeled Tasks, select Create LCS Users.



5454AppF.fm


Enter Script Parameters:

● ou – the Organizational Unit containing the LC users to be converted. If not child of current domain partition, then OU must be fully qualified name.

● systemID – the System ID of the OpenScape server the users will be assigned to.

● numericID – the base OpenScape Numeric ID (5 to 12 digits). Be sure that any num-ber in this range does not yet exist in the database.

● extension (optional) – the base extension number used to build the Extension sec-ondary AOR.

● did (optional) – the base DID number used to build the DID secondary AOR.

4. Verify that the data you entered is correct, then click Run Command. The following screen will appear.



5454AppF.fm


5. To verify that the users were created, check the current list of OpenScape Users in Sie-mens OpenScape Management Console.

The Convert To OpenScape Users script can be used to convert any properly configured, LCS enabled user into an OpenScape user by using the instructions described above. This pro-vides system administrators with the convenience of converting large numbers of LCS enabled users to OpenScape users quickly and automatically.

F.4.3 Displaying OpenScape Components on a Server or in a Domain

1. In the Categories drop-down menu, select OpenScape User Management.

2. In the Tasks field, select Create LCS Users.



5454AppF.fm


4. Verify that the data you entered is correct, then click Run Command.

5. The following screen appears. Note the output contains the type, distinguished name in Ac-tive Directory, fully qualified hostname and version number. Depending on the type more information is displayed such as the SystemID and SQL Server location for the OpenScape Core Server.



5454AppF.fm


Enter Script Parameters (all optional but at least one must be checked):

● Core - check if OpenScape Servers should be searched.

● RD - check if OpenScape Routing Dispatcher Servers should be searched.

● TFA - check if OpenScape Trace File Accumulators should be searched.

● EDM - check if OpenScape Early Deployment Server should be searched.

● domain - check if search should be conducted in the whole current domain.

● hostname - search only on a specific host. Host must be in current domain. Over-writes domain checkbox. Default is localhost.

NOTE: This version does not display Media Servers or MCUs.


5454AppF.fm

Nur für den internen Gebrauch OpenScape Installation - Tools, Utilities and HintsSOS Script Tool for Serviceability Support

F.5 SOS Script Tool for Serviceability Support

To help serviceability, this tool provides snap shot information at any time. All necessary infor-mation is preserved in a text file.

This snap shot information can be used to verify prerequisites before deploying / installing the OpenScape application or to confirm correct installation and configuration when problems are encountered at a later time.

This information does not need to address the internal problems and errors of the OpenScape application, which are to be addressed by the error reporting or trace facility as developed by the project. These error reports provide more detail and accurate information for the internal problems of the applications.

The tool is automatically installed as part of the OpenScape main installation. For details on how to use this tool, refer to the SOS Script Tool for Serviceability Support document located on the KMOSS website - document # INF-04-000232.

F.6 Different Storages of User Information

In HiPath OpenScape V2, the user information is stored in three different places, whereas, in V1, it was only stored in the OpenScape Core MSSQL database.

In V1 and V2, HiPath OpenScape uses LCS and Windows user information from Active Direc-tory.

F.6.1 HiPath OpenScape Core MSSQL Database “XpSystem”

As in V1, the HiPath OpenScape Core MSSQL database, XpSystem, contains the main user information stored in these two tables:

● XpUser

● XpUserDynamic

These tables are synchronized by a HiPath OpenScape Active Directory Connector residing on the OpenScape Server.

To access the XpSystem database, use Microsoft SQL Enterprise Manager and connect to the SQL instance dedicated for HiPath OpenScape. By default the default instance is used.

F.6.2 User Attributes in Active Directory

In addition to the LCS user information Active Directory now also stores HiPath OpenScape user information. A detailed description of the schema extension can be found in Chapter 5, “Active Directory Reference”.



5454AppF.fm

Different Storages of User Information

The main HiPath OpenScape user attributes in Active Directory are:

● siemensOSSecondaryAOR: users secondary addresses of record

● siemensOSHomeServer: the HiPath OpenScape server the user is homed at

● siemensOSEnabled: indicates whether the user is enabled for HiPath OpenScape

● siemensOSDevices: stores the mac addresses of the devices assigned to a user

● siemensOSRequiredData: user data required to recreate user in DB restore cases

The main LCS user attributes in Active Directory used by HiPath OpenScape are:

● msRTCSIP-PrimaryUserAddress: users primary address of record

● msRTCSIP-PrimaryHomeServer: the LC server (or pool) the user is homed at

● msRTCSIP-UserEnabled: indicates whether the user is enabled for LCS

The main Windows user attributes in Active Directory used by HiPath OpenScape are:

● displayName: user’s display name

● mail: user’s email address

● telephoneNumber: user’s telephone number

● samAccountName: user’s windows account name

● msExchHomeServerName: user’s exchange server

Note: Running HiPath OpenScape in Early Deployment Mode (EDM) does not require a Active Directory schema extension. For more details, see Chapter 6, “Setting up OpenScape in Early Deployment Mode (EDM)”.

F.6.2.1 Viewing These User Attributes

These Active Directory user attributes can be best viewed using ADSI Edit or LDP.exe. Both tools are known as the Support Tools and are available on the Windows Server 2000 or Win-dows Server 2003 operating system CD in the \ENGLISH\WIN2003\ENT\SUPPORT\TOOLS folder. Install the support tools by running “SUPTOOLS.MSI” (“Support.cab” in some versions).

Using ADSI Edit:

1. Add the ADSI Edit snap-in into MMC, or just run adsiedit.msc.

2. Connect to your Domain (local domain is the default).

3. Expand Domain, your Domain (e.g. DC=deep,DC=sea,DC=com) and the Users folder.

4. Choose a user object, right-click and select Properties.

5. Scroll down until the attributes starting with siemens… appear.


5454AppF.fm

Nur für den internen Gebrauch OpenScape Installation - Tools, Utilities and HintsDifferent Storages of User Information

Using LDP:

1. Logon to the domain controller with the <osinstaller> account.

2. Start Ldp.exe which should be found at C:\Program Files\Support Tools\LDP.exe.

3. On the Connection menu, click Connect and enter the domain (e.g. deep.sea.com) and then click OK.

4. On the Connection menu, click Bind and then click OK. This will use the default creden-tials of the logged in user. If not logged in with <osinstaller> or Domain Admin, enter the <osinstaller> account information.

5. On the View menu, click Tree, and then click OK.

6. In the left pane, browse to the desired user and view its attributes in the right pane.

F.6.2.2 Viewing these User Attributes in EDM mode

In EDM mode the user attributes are stored in ADAM. The ADAM schema is created as part of the EDM installation.



5454AppF.fm

Different Storages of User Information

LDP.exe usage is identical when connecting to AD or ADAM. To connect to ADAM specify the ADAM server to connect to and bind using the <osinstaller> account.

As part of the ADAM installation ‘ADAM ADSI Edit’ is installed that is equivalent to ADSI Edit but used with ADAM. Refer to ADAM documentation for more details on ADAM ADSI Edit. Con-nect with <osinstaller> privileges.

F.6.3 HiPath OpenScape Tables in LCS (RTC) MSDE Database

The HiPath OpenScape Routing Dispatcher which is installed on a LC server uses five data-base tables that are created in the LCS (RTC) MSDE database ‘RTC’. The tables are:

● OsUsers

● OsHomeServer

● OsAorConflicts

● OsAor

● OsAdcReplicationCookie

These tables are used by the RD for routing purposes and mainly contain a mapping from a SIP URI to a HiPath OpenScape server. These tables are synchronized by a HiPath Open-Scape Active Directory Connector residing on the LC server.

F.6.3.1 Accessing this Database’

By default the LCS MSDE instance is named RTC. HiPath OpenScape requires the LC in-stance to be named RTC.

>Note: If LCS runs on a computer with no MSSQL installed, the “Client Tools Only” needs to be installed. From the MSSQL standard or enterprise edition CD, select SQL Server 2000 Components -> Install Database Server. Go through the initial in-stall screens until you see the following screen and select Client Tools Only. Go through the remaining install screens and install the client tools.


5454AppF.fm

Nur für den internen Gebrauch OpenScape Installation - Tools, Utilities and HintsDifferent Storages of User Information

To connect to the RTC database open SQL Server Enterprise Manager and do the following:

1. Expand Microsoft SQL Servers.

2. Right-click SQL Server Group and select New SQL Server Registration.

3. Click Next on the first pop-up window.

4. On the Register SQL Server Wizard screen, under Available servers enter the RTC server database (i.e. computer_name\RTC). If RTC runs on the local computer, enter (LO-CAL)\RTC.

5. Then click Add, then Next.

6. On the next two windows, click Next and then Finish.



5454AppF.fm

ConvertAdmins

7. You should now be able to navigate to the RTC database and see the above mentioned tables.

F.7 ConvertAdmins

This tool allow members of protected groups in Active Directory to be OpenScape Users.

The protected groups in Active Directory are:

● Administrators

● Account Operators

● Server Operators

● Print Operators

● Backup Operators

● Domain Admins

● Schema Admins

● Enterprise Admins

● Cert Publishers

The members of these groups or users who were once a member of these groups have their AdminCount set as 1.

For further details please refer to http://support.microsoft.com/default.aspx?kbid=817433.

>Note: By default, LCS disables connecting the LCS MSDE database remotely. Therefore, logon to the LC Server and use (local)RTC to connect to the database.


5454AppF.fm

Nur für den internen Gebrauch OpenScape Installation - Tools, Utilities and HintsConvertAdmins

F.7.1 Usage

/? – Help

/L – The full path of the log file, if logging is desired.

/TRUSTEE – The name of the trustee to be given permissions (recommended OpenScape Ad-min). The format is domain\user. E.g. if the domain name is DEV the switch would be /TRUST-EE “DEV\OpenScape Admin”

/SQLSERVER – The name of the SQL Server to read the list of OpenScape users. E.g. if the name of the SQL Server host is SQLServ1, and the default instance is used (MSSQLSERVER), the switch would be /SQLSEVER SQLServ1. If a named instance is used, say OSInstance1, the switch would be /SQLSEVER SQLServ1\OSInstance1

/USERS – A comma separated list of users. If this list is provided, the /SQLSERVER switch is ignored, and the users are read from the user list. The format of the users should be in the do-main\user format. E.g if user1, user2 and user3 in the DEV domain are members of protected groups and need to be OpenScape users, the switch would be /USERS DEV\user1,DEV2\user2,DEV\user3.

/M – Represents the Mode. The user list can be provided using the /USERS switch or the users can be read from the SQL database by providing the /SQLSERVER switch. Can have one of the following values:

DISPLAY – Providing this mode will display all users that are members of protected groups.



5454AppF.fm

ConvertAdmins

DELETE – Delete all users from OpenScape database (valid only with the /SQLSERVER switch)

ADDACE – Enables the trustee to read/ write the SiemensPropertySet for such users.

DELACE – Removes the ACE setting (to read/ write SiemensPropertySet) from the trustee for such users.

DISPLAYACE – It lists all such users for which the trustee has been given permissions to read/ write SiemensPropertySet.

F.7.2 Usage Scenarios

1. Upgrade from OpenScape V1 to V2

OpenScape V1 allowed members of protected groups to be OpenScape users. In Open-Scape V2, this is not allowed by default. In order to upgrade from V1 to V2, these users must be handled in one of the following ways:

a) Adding permissions to read/ write SiemensPropertySet to a trustee (such as the in-staller account, or the OpenScape Admin group) for these users. (user the /ADDACE mode, the /SQLSERVER and the /TRUSTEE switches).

b) Deleting these users from OpenScape (use the /DELETE mode, the /SQLSERVER and the /TRUSTEE switches).

2. Migration from EDM mode to Production mode

In order to upgrade from EDM to Production mode, the OpenScape users that are mem-bers of a protected group must be handled in one of the following ways:

a) Adding permissions to read/ write SiemensPropertySet to a trustee (such as the in-staller account, or the OpenScape Admin group) for these users. (user the /ADDACE mode, the /SQLSERVER and the /TRUSTEE switches).

b) Deleting these users from OpenScape (use the /DELETE mode, the /SQLSERVER and the /TRUSTEE switches).

3. Before adding new OpenScape users that are members of the protected groups

a) Use the /ADDACE mode, the /TRUSTEE switch and provide the list of users using the /USERS switch.

4. The trustee needs to be changed

a) Use /DELACE mode, /SQLSERVER and /TRUSTEE switch to provide the old trustee name.

b) Use the /ADDACE mode, /SQLSERVER and /TRUSTEE switch to provide the new trustee name.


licenses.fm

Nur für den internen Gebrauch Required Licenses and Software PrerequisitesInfrastructure Components

G Required Licenses and Software Prerequisites

This appendix provides information about OpenScape licenses.

G.1 Infrastructure Components

CAL = Client Access License

Note 1: If the customer is licensed for Microsoft Exchange under Software Assurance or an Enterprise Agreement before October 1, 2003, the customer is likely already licensed for Live Communications Server 2000. Refer to Microsoft for details as licensing provisions are sub-ject to change at Microsoft’s discretion. Some helpful links are: http://www.microsoft.com/edu-cation/?id=livecommservertransition and http://www.microsoft.com/office/livecomm/howtobuy/default.mspx.Note 2: Active Directory Application Mode (ADAM) is a part of Microsoft’s fully integrated directory services available with Windows Server 2003. ADAM can be downloaded at http://www.microsoft.com/downloads/details.aspx?FamilyId=9688F8B9-1034-4EF6-A3E5-2A2A57B5C8E4&displaylang=en.

G.2 OpenScape Application Server

Component Server License required?

CALsrequired?

CAL License Type

Quantity

MS Exchange Server 2000/2003

Yes but none spe-cific to Open-

Scape

Yes but none specific to

OpenScape

MS LCSVersion 1.0.4949

Yes YesNote 1

User Mode 1 Server li-cense + 1 CAL/user

Note 1

Active Directory Applica-tion Mode (ADAM)

Note 2

No No


CALs required?

License Type Quantity

OpenScape Base Package

Yes n/a User 1 Server license + user li-cense in package of 25

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide G-1

Required Licenses and Software Prerequisites Nur für den internen Gebrauch

licenses.fm

OpenScape Administration Clients

Note 1: Refer to www.microsoft.com/licensing.

G.3 OpenScape Administration Clients

The only license needed per client is MS Windows 2000, MS Windows 2003, or MS XP Pro-fessional.

G.4 MCU

OpenScape User Package

n/a Yes User Additional 25 user license package

OpenScape Man-agement Console

No No

OpenScape Routing Dis-

patcher

No. Included in OpenScape

Base Package

No n/a n/a

MS Windows Server 2003

Standard or En-terprise Edition

Yes Yes User Mode CAL, and

Server Mode server

1 CAL per user; Server comes with initial 25

CALs; No CALs required for Gateway

MS SQL Server 2000 and SP 3 Standard or En-terprise Edition

Yes No Processor-basedNote 1

1 Server license only

OpenScape EDM No, included in OpenScape

Base Package

No n/a n/a

Microsoft ADAM (refer to Note 2 in

Section G.1)

No No n/a n/a


CALs required? License Type

Quantity

OpenScape MCU No. Covered in the Base OpenScape license for up to full 288 ports on 4 servers

No n/a n/a


CALs required?

License Type Quantity

A31003-S5020-S100-1-7620, July 2004G-2 HiPath OpenScape V2.0, Installation Guide

licenses.fm

Nur für den internen Gebrauch Required Licenses and Software PrerequisitesRouting Dispatcher

G.5 Routing Dispatcher

Nothing needed since it is installed on the LC Server.

G.6 Trace File Accumulator (TFA)

TFA requires a Windows 2003 Server or XP license but no CALs required.

G.7 Early Deployment Mode (EDM)

ADAM requires Windows 2003 but no CALs.

G.8 Media Server

MS Windows Server 2003

Standard or En-terprise Edition

Yes. One for each server. Up to 4 servers may be required

to support all 288 ports

No. Only one set of CALs is sufficient to access all Win200x

servers

Server 1


CALs required? CAL License

Type

Quantity

OpenScape Media Server

No. Included in Base OpenScape

system

No CALs. Thirty Media Server

ports included but ad-ditional ASR/TTS sessions licenses may be required

n/a 1 ASR/TTS session is provided in Base OpenScape pack-

age. Up to 29 more may be purchased.

MS Windows 2000 Advanced

Server + SP4 min-imum

Standard Edition

Yes No. Only one set of CALs is sufficient to access all Win200x

servers. Note 3

User n/a

Speechify TTS Scansoft V2.0

Yes. Already in OpenScape

product structure

No No n/a


CALs required? License Type

Quantity



licenses.fm

End Points

Note 3: According to Microsoft, the fact that no additional CALs are required for the Media Server is based on the assumption that all access to the Media Server is directed through OpenScape and LCS. If in the future, we decided to add features to the Media Server that may enable direct access to it (without going through OpenScape), additional Windows CALs may be required.

G.9 End Points

OSR Scansoft Yes. Already in OpenScape

product structure

No n/a n/a

MSDE 2000 + SP3

No with purchase of Win2K Server

No n/a n/a

VocalOS(Vocalocity)

No with purchase of Win2K Server

No n/a n/a

End Point Server License required?

CALs required?

CAL License Type

Quantity

OptiPoint 400 n/a Already covered by OpenScape

user license

n/a n/a

Windows Messenger Version 5.0

n/a n/a n/a n/a

MS Windows 2000 or MS Windows XP Pro-

fessional

n/a n/a. Part of client machine

n/a n/a


CALs required? CAL License

Type

Quantity


licenses.fm

Nur für den internen Gebrauch Required Licenses and Software PrerequisitesOpenScape Order Examples

G.10 OpenScape Order Examples

This section shows three examples of OpenScape V2.0 orders and lists all the required com-ponents. The examples include some variations in Microsoft licensing agreements.

Item A B C

Customer Configuration

Number of OpenScape users; accessible from various end-points like multiple PCs, SIP phone, voice/self-service portals

150 90 400

Number of conferencing ports 72 30 150

Additional ASR/TTS ports 10 5 25

Number of ports in SIP Gateway that connects OpenScape to the customer’s PBX

48 24 4 x 48

Number of Siemens SIP phones 70 10 100

Software Assurance (SA) for Exchange Agreement) No Yes Yes

Enterprise Agreement No No Yes

OpenScape Components

OpenScape Basic Package(25 users, including service) 1 1 1

25 user packages 5 3 15

Additional ASR ports 10 5 25

Additional TTS ports 10 5 25

HiPath OpenScape Professional Services Packages*

HiPath OpenScape DesignFor the customer specific consulting and creation of the solu-tion design including deployment, test and training concept. Based on results of analysis phase, the customer’s require-ments will be transformed into a specific solution design.

Hourly Hourly Hourly

HiPath OpenScape IntegrationFor the integration in the customer-specific environment


HiPath OpenScape TrainingFor the customer specific creation and implementation of cus-tomer training which reflects the customer’s specific solution implementation


Microsoft Components

Win2003 Server license for the OpenScape server 1 1 1

LC Server license for the OpenScape server 1 1 1



licenses.fm

OpenScape Order Examples

*Note: For the successful implementation of the HiPath OpenScape project, HiPath Open-Scape Professional Services are required (refer to HOSc PS description).

Win2003 Server license for the MCU Server 1 1 3

Win2000 Advanced Server license for the Media Server, 30 ports included

1 1 1

Processor-based SQL Server 2000 license 1 1 0

Windows server user-mode CALs. With a single CAL, each user will be able to access any of the Win2000/Win2003 serv-ers from any device

150 90 0

LCS user-mode CALs (LCS license includes 5 CALs) 145 0 0

Exchange 2000/2003, AD and the client licenses for the XP/Win2K client machines are considered as pre-requisite with no additional licenses required by OpenScape

Additional Equipment

Vega100 48-channel gateway (service extra) 1 1 4

Item A B C


5454appH.fm

Nur für den internen Gebrauch Upgrade - Production Mode with Upgrade of Media Server Pre-Requisites

H Upgrade - Production Mode with Upgrade of Media Server Software

H.1 Pre-Requisites

● The domain should be in native mode. If it is in mixed mode, you need to raise its functional level to native mode (using AD Domains and Trusts snap-in).


● It is recommended to prepare Config.XML file before beginning upgrade. The file should reflect your OpenScape system layout.

H.2 Environment Preparation for Upgrade from V1-SPCR to V2

H.2.1 Forest Preparation

For details on how to do the following steps, refer to Chapter 7, “Setting Up a Forest in Produc-tion Mode”.

● Log on as the ‘Schema Admin’ or the ‘Enterprise Admin’.

● Copy all the Forest Preparation related files from the CD.

● Validate the Forest.

● Depending on the validation results, prepare the Forest or continue.

H.2.2 Root Domain Preparation

For details on how to do the following steps, refer to Section 8.7, “Root Domain Preparation and Verification”.

● Log on as the Root Domain Administrator.

● Copy all the Environment Preparation V2 related files from the CD.

● Validate the Root domain.

● Depending on the validation results, prepare the Root Domain or continue.

H.2.3 Domain Preparation

For details on how to do the following steps, refer to Section 8.8, “OpenScape System Domain Preparation and Verification”.

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide H-1

Upgrade - Production Mode with Upgrade of Media Server Software Nur für den internen Ge-

5454appH.fm

Environment Preparation for Upgrade from V1-SPCR to V2

● Log on as the child Domain Administrator of the domain being prepared.


● Validate the domain.

● Depending on the validation results, prepare the Domain or continue.

H.2.4 Add Domain to Root Domain

For details on how to do the following steps, refer to Section 8.10, “Root Domain Membership and Verification”.



● Validate the root domain membership.

● Depending on the validation results, add the Domain or continue.

H.2.5 System Preparation - OpenScape

For details on how to do the following steps, refer to Section 8.13, “OpenScape System Prep-aration and Verification”.



● Before doing the System Preparation, please check the current status of the Forest and Domains.


● Validate the root domain.


● Validate the Root Domain Membership.

● Edit the Config.xml file (if you did not complete the file as a prerequisite).

● Validate the OpenScape System.

>Note: If there is more than one OpenScape System in the same child domain, the old OpenScape Service group has to remain as it is for V1 OpenScape to co-exist with V2 OpenScape. Therefore, the domain prep will automatically rename the old group to “OpenScape Service V1” and copy all its members to the new group.

Only a restart of the remaining V1 systems in the same child domain is required.

A31003-S5020-S100-1-7620, July 2004H-2 HiPath OpenScape V2.0, Installation Guide

5454appH.fm

Nur für den internen GebrauchUpgrade - Production Mode with Upgrade of Media Server Soft-Environment Preparation for Upgrade from V1-SPCR to V2

● Depending on the validation results, prepare the System or continue.

H.2.6 System Preparation - RD (LCS Server)

For details on how to do the following steps, refer to Section 8.14, “Routing Dispatcher/LCS System Preparation and Verification”.

● Log on as the Domain Administrator on the child domain being prepared.



● Validate the RDS.


H.2.7 System Preparation - TFA

For details on how to do the following steps, refer to Section 8.17, “TFA System Preparation and Verification”.




● Validate the TFA.


H.2.8 System Preparation - MCU

This section is only required if MCU resides on a separate Server.

For details on how to do the following steps, refer to Section 8.16, “MCU System Preparation and Verification”.




● Validate the MCU.




5454appH.fm

Upgrade Software

H.3 Upgrade Software

H.3.1 Backup the OpenScape Database

● Log on with the installer account created by the system preparation.

● Backup the OpenScape DB Using the OMC (use help if needed).

H.3.2 Uninstall OpenScape and keep the Database


● Uninstall OpenScape core and OMC.

If OpenScape and MCU are installed on one server, then

● Uninstall MCU (refer to Section A.4.5 on page A-6).

H.3.3 Check for Admins as OpenScape Users

In OpenScape V1, we might have some accounts as OpenScape Users that might have the AdminCount attribute set in Active Directory. These accounts are members of some protected groups in Active Directory. These accounts are protected for security reasons, and do not in-herit the access rights.

These users cannot be upgraded as such from V1-V2.

To successfully upgrade users from V1 to V2, the following options are available:

● Remove these admin accounts from OpenScape. This option requires OpenScape Admin privileges.



1. Log on as the OS Installer or a member of the OpenScape Admin group on the child do-main being prepared.

2. Copy the ConvertAdmins.exe and Interop.ActiveDS.dll files from the OpenScape EPT folder on the CD to the OpenScape Server.


4. On the command line, type


5454appH.fm

Nur für den internen GebrauchUpgrade - Production Mode with Upgrade of Media Server Soft-Upgrade Software

ConvertAdmins /m DELETE /SQLSERVER <sqlserver> /L <logfile>.



To grant permissions to the OpenScape Admin group and retain these users in Open-Scape, follow the instructions below:

1. Log on as the Domain Administrator of the child domain being prepared.




ConvertAdmins /m ADDACE /SQLSERVER <sqlserver> /L <logfile> /TRUSTEE “<Do-main>\OpenScape Admin”.

5. The appropriate permissions shall be granted to the OpenScape Admin group for all the OpenScape users with AdminCount as 1.


H.3.4 Install OpenScape

For details on how to do the following steps, refer to Chapter 9, “Installing OpenScape”.


● To install a new bind, after you removed all “old” OpenScape applications, make sure your system is cleaned up:

● Check that all Siemens BC files are gone from the C:\Windows\Assembly folder.

● Check that all Siemens services are removed.

● Install OpenScape Core.

● Install OMC.

H.3.5 Uninstall Routing Dispatcher (RTC Extension)

Remove RTC Extension by using the Add/Remove Programs from the Control Panel.



5454appH.fm

Upgrade Software

H.3.6 Install Routing Dispatcher

For details on how to do the following steps, refer to Section 9.3, “Installing the OpenScape Routing Dispatcher”.


H.3.7 Uninstall MCU (only if installed on a separate Server)

Refer to Section A.4.5, “OpenScape MCU Uninstall”.

H.3.8 Install MCU (only if installed on a separate Server)

For details please refer to Chapter 12, “Installing OpenScape MCU”.

H.3.9 Uninstalling ComResponse V1 and V1 Third Party Software

Be sure to be logged on as the user that installed the software before using Add/Remove Pro-grams.

1. From the Service Control panel, select “Siemens HPCR Startup Windows Service” and stop this service. Also select “Siemens HPCR StoreEventService Windows Service” and stop this service.

2. From the Control Panel > Add/Remove Programs:

Remove HiPath ComResponse.

Save the database when prompted (recommended).

3. From the Control Panel > Add/Remove Programs, remove the following components:

Sun Java 2 Runtime Environment, SE V1.4.1

Realspeak and/or L&H Telecom Realspeak SAPI4 V3...

Microsoft Speech API

SpeaKING Engine SAPI4

HiPath CAP Fault Management V1.0

Microsoft SQL Server Desktop Engine (IWR)

Microsoft Internet Explorer WebControls

.NET Framework 1.1 Hotfix (KB821156)

.NET Framework 1.1


5454appH.fm

Nur für den internen GebrauchUpgrade - Production Mode with Upgrade of Media Server Soft-Upgrade Software

.NET Framework 1.0 (if installed)

4. Remove Web Telephony Engine by doing the following:

a) Open a command prompt and go to the C:\Program Files\Web Telephony Engine\ di-rectory.

b) For each ms*.dll in the directory, execute “regsvr32 /u <ms*.dll>”. For example,

regsvr32 /u MSWTECOM.DLL

regsvr32 /u MSWTESHR.DLL

regsvr32 /u MSWTESNP.DLL

c) Restart the Media Server computer.

d) Delete the “Web Telephony Engine” folder and all subfolders located at C:\Program Files\Web Telephony Engine.

e) From the Control Panel > Add/Remove Programs, remove the Web Telephony Engine instance.

H.3.10 System Preparation - Media Server

For details on how to do the following steps, refer to Section 8.15, “Media Server System Prep-aration and Verification”.




● Validate the Media Server.

● Depending on the validatIon results, prepare the System or continue.

H.3.11 Pre-installation of the Media Server

Please refer to Chapters 3 and 4 of the Media Server Installation document.

H.3.12 Install Third Party Software

Please refer to Chapter 5 of the Media Server Installation document.

H.3.13 Install Media Server




5454appH.fm

Upgrade Software

H.3.14 Cleanup Old Groups and Accounts

After upgrading all OpenScape Systems in this domain to V2, the following groups and ac-counts are no longer needed:



Delete the group and account using the AD Users and Computers Snap-in.

The phones may need to be rebooted after an upgrade is done.


5454appI.fm

Nur für den internen GebrauchUpgrade - Production Mode with Re-Install of Media Server Pre-Requisites

I Upgrade - Production Mode with Re-Install of Media Server PC

I.1 Pre-Requisites




I.2 Environment Preparation for Upgrade from V1-SPCR to V2

I.2.1 Forest Preparation

For details on how to do the following steps, refer to Chapter 7, “Setting Up a Forest in Produc-tion Mode”.

● Log on as the ‘Schema Admin’ or the ‘Enterprise Admin’.

● Copy all the Forest Preparation related files from the CD.


● Depending on the validation results, prepare the Forest or continue.

I.2.2 Root Domain Preparation






I.2.3 Domain Preparation


A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide I-1

Upgrade - Production Mode with Re-Install of Media Server PC Nur für den internen Gebrauch

5454appI.fm





● Depending on the validation results prepare the Domain or continue.

I.2.4 Add Domain to Root Domain






I.2.5 System Preparation - OpenScape













A31003-S5020-S100-1-7620, July 2004I-2 HiPath OpenScape V2.0, Installation Guide

5454appI.fm

Nur für den internen Gebrauch Upgrade - Production Mode with Re-Install of Media Server PCEnvironment Preparation for Upgrade from V1-SPCR to V2


I.2.6 System Preparation - RD (LCS Server)







I.2.7 System Preparation - TFA







I.2.8 System Preparation - MCU










5454appI.fm

Upgrade Software

I.3 Upgrade Software

I.3.1 Backup the OpenScape Database



I.3.2 Uninstall OpenScape and Keep the Database




● Uninstall MCU (refer to Section A.4.5, “OpenScape MCU Uninstall”).

I.3.3 Check for Admins as OpenScape Users








2. Copy the ConvertAdmins.exe and Interop.ActiveDS.dll files from the OpenScape EPT folder on the CD to the OpenScape Server.




5454appI.fm

Nur für den internen Gebrauch Upgrade - Production Mode with Re-Install of Media Server PCUpgrade Software




To grant permissions to the OpenScape Admin group and retains these users in Open-Scape, follow the instructions below:








I.3.4 Install OpenScape




● Check that all Siemens BC files are gone from the C:\Windows\Assembly folder.



● Install OMC.

If OpenScape and MCU are installed on one server:

● Install MCU.

I.3.5 Uninstall Routing Dispatcher (RTC Extension)




5454appI.fm

Upgrade Software

I.3.6 Install Routing Dispatcher



I.3.7 Uninstall MCU (only if installed on a separate Server)


I.3.8 Install MCU (only if installed on a separate Server)


I.3.9 Backup the Media Server Database

● Open the Services Management from the Control Panel.

● Stop the “Siemens HPCR Startup Windows Service”. Then, stop the “MSSQL$IWR” service.

● Copy the following files from C:\Program Files\Microsoft SQL Serv-er\MSSQL$IWR\Data to a safe location such as a network server:

● iwrdb.mdf

● iwrdb_log.ldf

● IwrReport.mdf

● IwrReport_log.ldf

● Go back to the Services Management. Start the “MSSQL$IWR” service and the “Sie-mens HPCR Startup Windows Service”.

I.3.10 Backup User-Created Applications on Media Server

Each application created in the Media Server has a corresponding folder on the Server. The following process backs up the folders for the customer-created applications.

● Identify the names of all customer-created applications by doing the following:


● Start the MSSQL$IWR service (if not already started).


5454appI.fm


● Open the Media Server System Administrator via the Start > Programs > Siemens OpenScape > OpenScape Media Server > Media Server Administration.

● Go to the Application Builder.

● Click Custom.

● Write down all the application names of the applications listed under Application Name.

● Click Word Web.


● To save the application folder of the user created application, do the following:

● Using Windows Explorer, go to the folder C:\Program Files\Sie-mens\IWR\www\IWR\Applications.

● For each of the application names that were written down, copy each of the folders with that same name. Make sure all the files and folders beneath it are copied too.

● Save the folders to a safe location such as a network server that is not on the Media Server machine.

● Save any additional files (.wav, .xml, .vxml, etc.) not stored in the application folder that are used by the application. To know if an application uses additional files, do the following:

● Under Custom or Word Web, click on the application name.

● Click view.

● Click on a step.

● Click Step Settings (the magnify glass icon).

● Scroll to the bottom of the webpage.

● Click the Options tab.

● See if there is a file listed in URL. If so, locate the file. Save the path to the file and then save file to a safe location. If the file is already located in a safe location, then there is no need to save it again. But, save the path to the safe location so that later that con-nection to the location can be restored and verified.

● Do this for each step of the application.

I.3.11 Backing Up Report Files on Media Server

The Media Server contains reports that the user generates. The following process backs up the report files.



5454appI.fm

Upgrade Software

● Open the Windows Explorer.

● Go to <IWR home directory>\www\IWR\SA\Report\ReportFiles.

● Copy the report files that you want to save to a safe location such as a network server.

I.3.12 Reinstall the Operating System on the Media Server PC

Reinstall the Operating System on the Media Server PC. After the PC is reinstalled, please re-fer to the Media Server Installation document for installing the Windows Components (Chapter 3) and the pre-installation checklist (Chapter 4).

I.3.13 System Preparation - Media Server







I.3.14 Install Third Party Software


I.3.15 Restoring the Media Server Database

After installing the third party software, do the following steps to restore the database:

● Create a new folder “iwr_save” in the folder C:\Program Files\Microsoft SQL Serv-er\MSSQL$IWR\Data.

● Go to the safe backup location where the database files (iwrdb.mdf, iwrdb_log.ldf, Iwr-Report.mdf, and IwrReport_log.ldf) are stored and copy the files.

● Paste the files in C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Da-ta\iwr_save.

I.3.16 Install Media Server



5454appI.fm


Note: Before installing, be sure that Section I.3.15, “Restoring the Media Server Database” is completed.

I.3.17 Restoring the User-Created Applications on the Media Server

After installing the Media Server, do the following steps to restore the customer-created Appli-cations:

● Go to the safe location where the customer-created application folders are stored.

● Copy each of the customer-created application folders (and all files and folders be-neath it) into the Applications folder located at C:\Program Files\Sie-mens\IWR\www\IWR\Applications.

Note: Do not overwrite anything in the Application folder on the new machine. This copy operation restores all customer-created application folders without disturb-ing the folders that were installed as a part of Media Server. If the copy operation ad-vises you that a folder already exists on the target, or asks for permission to overwrite an existing folder or file, answer “No”.

● Restore any additional files to their original location (with the exact path that they had originally). For the files that were already saved to a safe location, make sure the con-nection to that location is restored.

● To verify that the applications were copied properly, open the System Administrator Application (Start > Programs > Siemens OpenScape > OpenScape Media Server > Media Server Administration). Click on Application Builder. Click on either Custom or Word Web. The applications should be there. View the steps and all the properties of each application, including any media files (.HTML, .WAV, .TXT, etc.) associated with each application.

I.3.18 Restoring Report Files on the Media Server

After installing the Media Server software, do the following steps to restore the report files.

● Go to the safe location where you stored the report files.

● Copy all the files back to <IWR home directory>\www\IWR\SA\Report\ReportFiles.

● To verify that the report files were copied properly, open the System Administrator Applica-tion:

● Click Start->Programs->Siemens OpenScape->OpenScape Media Server->Media Server Administration).

● Click System Administrator->Reports.

● Click Report Jobs. The report files should be there.



5454appI.fm

Upgrade Software

● For each report, click View to open the report file.

I.3.19 Cleanup Old Groups and Accounts







5454appJ.fm

Nur für den internen Gebrauch Upgrade - Early Deployment Mode with Upgrade of Media Pre-Requisites

J Upgrade - Early Deployment Mode with Upgrade of Media Server Software

J.1 Pre-Requisites




J.2 Environment Preparation for Upgrade from V1-SPCR to V2

J.2.1 Root Domain Preparation






J.2.2 Domain Preparation





● Depending on the validation results, prepare the Domain or continue.

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide J-1

Upgrade - Early Deployment Mode with Upgrade of Media Server Software Nur für den in-

5454appJ.fm


J.2.3 Add Domain to Root Domain






J.2.4 System Preparation – EDM/ADAM Server

For details on how to do the following steps, refer to Section 8.18, “EDM System Preparation and Verification”.



● Edit the Config.xml file (if you did not complete the file as a prerequisite)

● Validate the EDM System.


J.2.5 System Preparation - OpenScape








A31003-S5020-S100-1-7620, July 2004J-2 HiPath OpenScape V2.0, Installation Guide

5454appJ.fm

Nur für den internen GebrauchUpgrade - Early Deployment Mode with Upgrade of Media Server Environment Preparation for Upgrade from V1-SPCR to V2






J.2.6 System Preparation - RD (LCS Server)







J.2.7 System Preparation - TFA







J.2.8 System Preparation - MCU







5454appJ.fm

Upgrade Software




J.3 Upgrade Software

J.3.1 Backup the OpenScape Database



J.3.2 Uninstall OpenScape and Keep the Database





J.3.3 Check for Admins as OpenScape Users








5454appJ.fm

Nur für den internen GebrauchUpgrade - Early Deployment Mode with Upgrade of Media Server Upgrade Software
















J.3.4 Install ADAM and EDM


● For ADAM installation please refer to Section 6.3, “ADAM Installation”.

● For EDM Server installation please refer to Section 6.4, “EDM Installation”.

Installation of OpenScape will copy the OpenScape V1 user into ADAM to upgrade them to V2 users.

J.3.5 Install OpenScape




5454appJ.fm

Upgrade Software



● Check the GAC that all Siemens BC files are gone.



● Install OMC.


● Install MCU.

J.3.6 Uninstall Routing Dispatcher (RTC Extension)


J.3.7 Install Routing Dispatcher



J.3.8 Uninstall MCU (only if installed on a separate Server)


J.3.9 Install MCU (only if installed on a separate Server)


J.3.10 Uninstalling ComResponse V1 and V1 Third Party Software

Be sure to be logged on as the user that installed the software before using Add/Remove Pro-grams.

1. From the Service Control panel, select “Siemens HPCR Startup Windows Service” and stop this service. Also select “Siemens HPCR StoreEventService Windows Service” and stop this service.

2. From the Control Panel > Add/Remove Programs:

Remove HiPath ComResponse.


5454appJ.fm

Nur für den internen GebrauchUpgrade - Early Deployment Mode with Upgrade of Media Server Upgrade Software

Save the database when prompted (recommended).

3. From the Control Panel > Add/Remove Programs, remove the following components:

Sun Java 2 Runtime Environment, SE V1.4.1

Realspeak and/or L&H Telecom Realspeak SAPI4 V3...

Microsoft Speech API

SpeaKING Engine SAPI4

HiPath CAP Fault Management V1.0

Microsoft SQL Server Desktop Engine (IWR)

Microsoft Internet Explorer WebControls

.NET Framework 1.1 Hotfix (KB821156)

.NET Framework 1.1

.NET Framework 1.0 (if installed)

4. Remove Web Telephony Engine by doing the following:

a) Open a command prompt and go to the C:\Program Files\Web Telephony Engine\ di-rectory.

b) For each ms*.dll in the directory, execute “regsvr32 /u <ms*.dll>”. For example,

regsvr32 /u MSWTECOM.DLL

regsvr32 /u MSWTESHR.DLL

regsvr32 /u MSWTESNP.DLL

c) Restart the Media Server computer.

d) Delete the “Web Telephony Engine” folder and all subfolders located at C:\Program Files\Web Telephony Engine.

e) From the Control Panel > Add/Remove Programs, remove the Web Telephony Engine instance.

J.3.11 System Preparation - Media Server

For details on how to do the following steps, refer to the OpenScape Installation document






5454appJ.fm

Upgrade Software


● Depending on the validatIon results Prepare the System or continue.

J.3.12 Pre-installation of the Media Server

Please refer to Chapters 3 and 4 of the Media Server Installation document.

J.3.13 Install Third Party Software


J.3.14 Install Media Server


J.3.15 Cleanup Old Groups and Accounts







5454appK.fm

Nur für den internen GebrauchUpgrade - Early Deployment Mode with Re-Install of Media Pre-Requisites

K Upgrade - Early Deployment Mode with Re-Install of Media Server PC

K.1 Pre-Requisites




K.2 Environment Preparation for Upgrade from V1-SPCR to V2

K.2.1 Root Domain Preparation





● Depending on the validation results prepare the Root Domain or continue.

K.2.2 Domain Preparation





● Depending on the validation results prepare the Domain or continue.

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide K-1

Upgrade - Early Deployment Mode with Re-Install of Media Server PC Nur für den internen

5454appK.fm


K.2.3 Add Domain to Root Domain






K.2.4 System Preparation – EDM/ADAM Server

For details on how to do the following steps, refer to Section 8.18, “EDM System Preparation and Verification”.




● Validate the EDM System.


K.2.5 System Preparation - OpenScape








A31003-S5020-S100-1-7620, July 2004K-2 HiPath OpenScape V2.0, Installation Guide

5454appK.fm

Nur für den internen GebrauchUpgrade - Early Deployment Mode with Re-Install of Media Serv-Environment Preparation for Upgrade from V1-SPCR to V2






K.2.6 System Preparation - RD (LCS Server)







K.2.7 System Preparation - TFA







K.2.8 System Preparation - MCU







5454appK.fm

Upgrade Software




K.3 Upgrade Software

K.3.1 Backup the OpenScape Database


● Backup the OpenScape DB Using the OMC (use help if needed).Uninstall OpenScape and keep the Database.




● Uninstall MCU (Section A.4.5, “OpenScape MCU Uninstall”).

K.3.2 Uninstall OpenScape and Keep the Database





K.3.3 Check for Admins as OpenScape Users






5454appK.fm

Nur für den internen GebrauchUpgrade - Early Deployment Mode with Re-Install of Media Serv-Upgrade Software


















K.3.4 Install ADAM and EDM


● For ADAM installation please refer to Section 6.3, “ADAM Installation”.

● For EDM Server installation please refer to Section 6.4, “EDM Installation”.



5454appK.fm

Upgrade Software

Installation of OpenScape will copy the OpenScape V1 user into ADAM to upgrade them to V2 users.

K.3.5 Install OpenScape




● Check the GAC that all Siemens BC files are gone



● Install OMC.


● Install MCU.

K.3.6 Uninstall Routing Dispatcher (RTC Extension)


K.3.7 Install Routing Dispatcher



K.3.8 Uninstall MCU (only if installed on a separate Server)


K.3.9 Install MCU (only if installed on a separate Server)


K.3.10 Backup the Media Server Database



5454appK.fm


● Stop the “Siemens HPCR Startup Windows Service”. Then, stop the “MSSQL$IWR” service.

● Copy the following files from C:\Program Files\Microsoft SQL Serv-er\MSSQL$IWR\Data to a safe location such as a network server:

● iwrdb.mdf

● iwrdb_log.ldf

● IwrReport.mdf

● IwrReport_log.ldf

● Go back to the Services Management. Start the “MSSQL$IWR” service and the “Sie-mens HPCR Startup Windows Service”.

K.3.11 Backup User-Created Applications on Media Server

Each application created in the Media Server has a corresponding folder on the Server. The following process backs up the folders for the customer-created applications.

● Identify the names of all customer-created applications by doing the following:


● Start the MSSQL$IWR service (if not already started).

● Open the Media Server System Administrator via the Start > Programs > Siemens OpenScape > OpenScape Media Server > Media Server Administration.

● Go to the Application Builder.

● Click Custom.


● Click Word Web.


● To save the application folder of the user created application, do the following:

● Using Windows Explorer, go to the folder C:\Program Files\Sie-mens\IWR\www\IWR\Applications.

● For each of the application names that were written down, copy each of the folders with that same name. Make sure all the files and folders beneath it are copied too.



5454appK.fm

Upgrade Software

● Save the folders to a safe location such as a network server that is not on the Media Server machine.

● Save any additional files (.wav, .xml, .vxml, etc.) not stored in the application folder that are used by the application. To know if an application uses additional files, do the following:

● Under Custom or Word Web, click on the application name.

● Click view.

● Click on a step.

● Click Step Settings (the magnify glass icon).

● Scroll to the bottom of the webpage.

● Click the Options tab.

● See if there is a file listed in URL. If so, locate the file. Save the path to the file and then save file to a safe location. If the file is already located in a safe location, then there is no need to save it again. But, save the path to the safe location so that later that con-nection to the location can be restored and verified.

● Do this for each step of the application.

K.3.12 Backing Up Report Files on Media Server

The Media Server contains reports that the user generates. The following process backs up the report files.

● Open the Windows Explorer.

● Go to <IWR home directory>\www\IWR\SA\Report\ReportFiles.

● Copy the report files that you want to save to a safe location such as a network server.

K.3.13 Reinstall the Operating System on the Media Server PC

Reinstall the Operating System on the Media Server PC. After the PC is reinstalled, please re-fer to the Media Server Installation document for installing the Windows Components (Chapter 3) and the pre-installation checklist (Chapter 4).

K.3.14 System Preparation - Media Server




5454appK.fm






K.3.15 Install Third Party Software


K.3.16 Restoring the Media Server Database

After installing the third party software, do the following steps to restore the database:

● Create a new folder “iwr_save” in the folder C:\Program Files\Microsoft SQL Serv-er\MSSQL$IWR\Data.

● Go to the safe backup location where the database files (iwrdb.mdf, iwrdb_log.ldf, Iwr-Report.mdf, and IwrReport_log.ldf) are stored and copy the files.

● Paste the files in C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Da-ta\iwr_save.

K.3.17 Install Media Server


Note: Before beginning the installation, be sure that the Section K.3.16, “Restoring the Media Server Database” is completed.

K.3.18 Restoring the User-created Applications on the Media Server

After installing the Media Server, do the following steps to restore the customer-created Appli-cations:

● Go to the safe location where the customer-created application folders are stored.

● Copy each of the customer-created application folders (and all files and folders be-neath it) into the Applications folder located at C:\Program Files\Sie-mens\IWR\www\IWR\Applications.



5454appK.fm

Upgrade Software

Note: Do not overwrite anything in the Application folder on the new machine. This copy operation restores all customer-created application folders without disturb-ing the folders that were installed as a part of Media Server. If the copy operation ad-vises you that a folder already exists on the target, or asks for permission to overwrite an existing folder or file, answer “No”.

● Restore any additional files to their original location (with the exact path that they had originally). For the files that were already saved to a safe location, make sure the con-nection to that location is restored.

● To verify that the applications were copied properly, open the System Administrator Application (Start > Programs > Siemens OpenScape > OpenScape Media Server > Media Server Administration). Click on Application Builder. Click on either Custom or Word Web. The applications should be there. View the steps and all the properties of each application, including any media files (.HTML, .WAV, .TXT, etc.) associated with each application.

K.3.19 Restoring Report Files on the Media Server

After installing the Media Server software, do the following steps to restore the report files.

● Go to the safe location where you stored the report files.

● Copy all the files back to <IWR home directory>\www\IWR\SA\Report\ReportFiles.

● To verify that the report files were copied properly, open the System Administrator Applica-tion:

● Click Start->Programs->Siemens OpenScape->OpenScape Media Server->Media Server Administration).

● Click System Administrator->Reports.

● Click Report Jobs. The report files should be there.

● For each report, click View to open the report file.

K.3.20 Cleanup Old Groups and Accounts







5454abbr.fm

Nur für den internen Gebrauch List of Abbreviations

List of Abbreviations Y

This table shows some important abbreviations.

Abbreviation Definition

AD Active Directory

ADAM Active Directory Application Mode

ASR Auto Speech Recognition

CA Certificate Authority

CLT CAP License Server

EDM Early Deployment Mode

FQDN Fully Qualified Domain Name

IPSec IP Security Protocol

LCS Live Communications Server

MCU Multipoint Control Unit

MC Multipoint Controller

MP Media Processor

MSMQ Microsoft Messaging Queue

OMC OpenScape Management Console

PKI Public Key Infrastructure

Root CA Root Certificate Authority

RD Routing Dispatcher

SIP Session Initiation Protocol

TCP Transmission Control Protocol

TFA Trace File Accumulator

TLS Transport Layer Security

TTS Text-to-Speech

WM Windows Messenger

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide Y-1

List of Abbreviations Nur für den internen Gebrauch

5454abbr.fm

A31003-S5020-S100-1-7620, July 2004Y-2 HiPath OpenScape V2.0, Installation Guide

5454IX.fm

Nur für den internen Gebrauch Index

Index Z

AAccess Rights

OpenScape Database D-6WMI CIM Repository D-6

Account Check 9-4account requirements

for OpenScape management 3-12Account Security Privileges B-1Active Directory

Attribute Definitions 5-4Attributes and Objects 5-1Attributes and Objects Hierarchy 5-2Class Definitions 5-5Environment Recommendations 5-1

adding filters from MP to MC E-20Adding Users A-1Application Server Mode 9-3Assigning OpenScape Phones from “Unas-signed Phones” 16-6

BB2BUA E-11, E-15block rule E-21

CCAP License Server (CLT) 3-3Certifcate Authority (CA) A-2certificate configuration 10-3checklist

final installation 8-1, 17-1MCU installation 12-1

checkSPN F-1Child Domain Hosting OpenScape Servers D-2

Child Domains Containing User Objects Only D-7

CIM Namespace Security 3-13Client

installing 15-1Complex Setup 8-4

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide

configurationminimum complete server 2-5

ConfiguringDNS Server 12-5LCS Route 12-6MC SIP 12-5MCU SipURI 12-4

configuringOpenScape certificate 10-3SMTP server 10-5WM client 4-4

Configuring Certificates A-2Configuring Profiles for SIP Phones 16-5Configuring the Account Security Privileges in the Exchange Server Stores B-1

Configuring the RTCService Account 4-4ConvertAdmins F-18CRDirect C-1creating

custom MMC console E-3new IPSec policy E-4, E-8, E-14, E-17

Creating an SRV Record on DNS A-6CRForward C-2

DDeployment Models 2-7Deployment Rules 2-6detecting virus 9-4Different Storages of User Information F-13DNS Server 12-5DNS SRV Records 16-1Document Storage 14-1Domain Admins 9-3Domain Mode 3-7Domain Preparation 8-9

EEarly Deployment Mode 2-5, 3-5, G-3Early Deployment Mode or Production Mode 5-7

Z-1

Index Nur für den internen Gebrauch

5454IX.fm

Early Deployment Mode with Re-installation of Media Server PC 2-1

Early Deployment Mode with Upgrade of Me-dia Server Software 2-1

Enabling SSL for Outlook Web Access (OWA) on the Exchange Server B-9

Enabling SSL in IIS on the OpenScape Serv-er B-8

Enabling WebDav on the Exchange 2003 Server B-1

endpoints requirements 3-5Environment Preparation Tool 2-2

Brief Description of Steps 8-6Domain Preparation 8-9

Ffeedback, documentation 1-3firewall requirements 9-4Forwarding Rule Target C-3

GGateway permit rule E-12

Hhardware

recommendations 3-5hardware requirements 3-1High Traffic Call Model 3-6

Iimported AD users 3-11Importing

SIP Phone Certificate 16-1infrastructure

requirements 3-1Infrastructure Components 2-4Installation Requirements

EDM 6-2Installing

Microsoft Hotfix 10-2OMC 10-1OpenScape 9-9

installingOMC package 10-2OpenScape Client 15-1

Windows Messenger 4-4WM client 4-2

IPSec policy E-4, E-8, E-14, E-17IPSec Security 11-1

LLC Server 2-3LC Server Certificate 16-2LCS

setup checklist and troubleshooting 4-6LCS (RTC) MSDE Database F-16LCS Route 12-6LCS, local machine groups 4-2licenses 2-13

non-OpenScape 2-18local machine groups 4-2

MMC SIP 12-5MCU

installation checklist 12-1requirements 3-4

MCU SipURI 12-4MCU System Preparation and Verification 8-33

Media Server 3-4Media Server System Preparation and Verifi-cation 8-30

Microsoft .NET Framework V1.1 2-3Microsoft Hotfix 10-2Migrating from ADAM to Active Directory 6-5MIgrating from EDM to Production Mode 6-4minimum complete server

configuration 2-5MMC console E-3MSMQ F-1

NNamespace Permissions 3-13Non-OpenScape licenses 2-18Non-Siemens system components

MS SQL Server 3-2Normal Traffic Call Model 3-5

A31003-S5020-S100-1-7620, July 2004Z-2 HiPath OpenScape V2.0, Installation Guide

5454IX.fm

Nur für den internen Gebrauch Index

OObtaining a Certificate 16-1OMC

installing the package 10-2overview 10-1

OMC Snap-in 10-2One Box Configuration 12-5OpenScape

Adding Users A-1administration Client requirements 3-3licenses 2-13scripting framework F-6

OpenScape Application Server 2-1requirements 3-1

OpenScape Certificate 10-3OpenScape Client Registry Entries 15-2OpenScape Licenses 2-13OpenScape Management Console 2-2, 9-4OpenScape MCU 2-2OpenScape Phones Certificate 16-3OpenScape Routing Dispatcher 2-2OpenScape Scripting Framework F-6OpenScape System Domain Preparation and Verification 8-12

Ppasswords for the OpenScape services 3-11Permissions

Domain-DNS Object D-5EDM Server D-6Service Connection Point D-6

Permissions on AD Objects D-5permit rule for Gateway E-12Phone Discovery 16-7Portal Access 9-4Ports and Routes 9-6ports and routes 9-6Problems Uninstalling OpenScape A-5Production Mode 2-5Production Mode with Re-installation of Me-dia Server PC 2-1

Production Mode with Upgrade of Media Server Software 2-1

RRemote Administration Mode 9-2Requirements

Forest in Production Mode 7-1requirements

endpoints 3-5firewall 9-4for OpenScape management 3-12infrastructure 3-1MCU 3-4Media Server 3-4OpenScape administration Client 3-3OpenScape Application Server 3-1

Root Domain D-1Root Domain Membership and Verification 8-19

Routing Dispatcher 3-3, 9-5, G-3Routing Dispatcher/LCS System Preparation and Verification 8-28

RSA SecurID 14-2RTC Tool F-1RTCService Account 4-4

SSchedule+FreeBusy Information B-6SDK Applications 11-1Security Troubleshooting 14-1Server Information 3-8setting up

user and administrator cross-functionality 9-3

WM client 4-2siemensOSDomain 5-6siemensOSGlobalContainer 5-6siemensOSServiceConnectionPoint 5-6siemensOSServices 5-5siemensOSTrustedService 5-6SIP Phone Certificate 16-1

Creating and Issuing A-7Locating and Exporting A-10Requesting A-9

SIP Phone Discovery 16-7SIP Phones, obtaining a certificate 16-1SMTP server 10-5

A31003-S5020-S100-1-7620, July 2004HiPath OpenScape V2.0, Installation Guide Z-3

Index Nur für den internen Gebrauch

5454IX.fm

SOS Script Tool for Serviceability Support F-13

SQL Server 2-3SRV Record on DNS

Creating A-6SSL Encryption 3-2SSL Encryption for MS SQL Server 2000 3-2Synchronizing the Time 9-1

TTerminal Services service 9-3testing

with Windows Messenger 4-3TFA System Preparation and Verification 8-35

Trace File Accumulator 2-2, 3-4, 14-2, G-3Troubleshooting

Security 14-1Unintstalling OpenScape A-5

Uuninstalling

Windows Messenger 4-3Upgrade - Early Deployment Mode with Re-Install of Media Server PC K-1

Upgrade - Early Deployment Mode with Up-grade of Media Server Software J-1

Upgrade - Production Mode with Re-Install of Media Server PC I-1

Upgrade - Production Mode with Upgrade of Media Server Software H-1

Upgrades from V1 SPCR to V2 2-1User Creation via OpenScape Management A-1

User Creation via Script A-1users

imported AD 3-11

Vverifying

server infrastructure 9-5virus detection 9-4

WWeb Service Enhancements 2-4

WebDAV B-1WebDav B-1Windows Messenger

client configuration 4-4installing 4-2, 4-4setting up 4-2testing with 4-3uninstalling 4-3

Windows Messenger (WM) Client 4-2Windows Server 2003 Terminal Services 9-2WSE2.0 for SDK 3-3

XXML File 8-8, 8-22XpSystem F-13

A31003-S5020-S100-1-7620, July 2004Z-4 HiPath OpenScape V2.0, Installation Guide

www.siemens.com/hipath

Siemens AG 2004 • Information and Communication Networks • Hofmannstraße 51 • D-81359 München, GermanyReference No.: A31003-S5020-S100-1-7620 Printed in the Federal Republic of Germany. Subject to availability. Right of modification reserved.

The information provided in this document contains merely general de-

scriptions or characteristics of performance which in case of actual use do

not always apply as described or which may change as a result of further

development of the products.

An obligation to provide the respective characteristics shall only exist if

expressly agreed in the terms of contract.

*1PA31003-S5020-S100-1-7620*