ale application partner program inter-working report...edition 4: minor changes in nginx config file...
TRANSCRIPT
ALE Application Partner Program – Inter-working report - Edition 8 - page 1/45
Copyright © 2018 ALE , All rights reserved
ALE Application Partner Program Inter-Working Report
Partner: NGINX
Application type: Reverse Proxy
Application name: NGINX Plus R14
Alcatel-Lucent Platform: OpenTouch™
The product and release listed have been tested with the Alcatel-Lucent Enterprise Communication Platform and the release specified hereinafter. The tests concern only the inter-working between the AAPP member’s product and the Alcatel-Lucent Enterprise Communication Platform. The inter-working report is valid until the AAPP member’s product issues a new major release of such product (incorporating new features or functionality), or until ALE International issues a new major release of such Alcatel-Lucent Enterprise product (incorporating new features or functionalities), whichever first occurs. ALE INTERNATIONAL MAKES NO REPRESENTATIONS, WARRANTIES OR CONDITIONS WITH RESPECT TO THE APPLICATION PARTNER PRODUCT. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, ALE INTERNATIONAL HEREBY EXPRESSLY DISCLAIMS ANY AND ALL REPRESENTATIONS, WARRANTIES OR CONDITIONS OF ANY NATURE WHATSOEVER AS TO THE AAPP MEMBER’S PRODUCT INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE AND ALE INTERNATIONAL FURTHER SHALL HAVE NO LIABILITY TO AAPP MEMBER OR ANY OTHER PARTY ARISING FROM OR RELATED IN ANY MANNER TO THIS CERTIFICATE.
ALE Application Partner Program – Inter-working report - Edition 8 - page 2/45
Copyright © 2018 ALE , All rights reserved
Certification overview
Date of certification January 2018
ALE International representative Claire Dechristé
AAPP member representative Paul Oh
Alcatel-Lucent Enterprise Communication Platform
OpenTouch BE/MS
Alcatel-Lucent Enterprise Communication Platform Release
OT 2.3.1 (14.0.009.003)
AAPP member application version NGINX plus R14 (1.13.7)
Application Category Gateway Collaboration & UC Security
Author(s): Claire Dechristé Reviewer(s): Himmi Rachid, Frank Gadot
Revision History
Edition 1: creation of the document – February 2015
Edition 2: LDAP authentication added – April 2015 Edition 3: Remove sslv3 protocol for poodle vulnerability – December 2015
Edition 4: Minor changes in NGINX config file – February 2016 Edition 5: New edition for OT 2.2.1 and OTES replacement -November 2016.
Edition 6: Nginx configuration file Update -December 2016.
Edition 7: remove the configuration file and add a reference to associated Technical Communication Edition 8: Update for Nginx plus R14 and OT 2.3.1
Test results
Refer to the section 0 for a summary of the test results.
IWR validity extension
None
Passed Refused Postponed
Passed with restrictions
ALE Application Partner Program – Inter-working report - Edition 8 - page 3/45
Copyright © 2018 ALE , All rights reserved
AAPP Member Contact Information
Contact name: Paul Oh Title: Business Development Address: 85 Federal Street Zip Code: 94107 State: CA City: San Fransisco Country: USA Phone:
Fax: Mobile Phone:
Web site: http://nginx.com Email address: [email protected]
ALE Application Partner Program – Inter-working report - Edition 8 - page 4/45
Copyright © 2018 ALE , All rights reserved
TABLE OF CONTENTS 1 INTRODUCTION ........................................................................................................................................ 6
1.1 GLOSSARY .................................................................................................................................................. 7
2 VALIDITY OF THE INTERWORKING REPORT ................................................................................. 8
3 LIMITS OF THE TECHNICAL SUPPORT .............................................................................................. 9
3.1 CASE OF ADDITIONAL THIRD PARTY APPLICATIONS ...................................................................................... 9
4 SUMMARY OF TEST RESULTS ............................................................................................................. 10
4.1 SUMMARY OF THE MAIN FEATURES TESTED................................................................................................. 10 4.2 SUMMARY OF PROBLEMS ........................................................................................................................... 11 4.3 SUMMARY OF LIMITATIONS ........................................................................................................................ 11 4.4 NOTES, REMARKS ..................................................................................................................................... 11
5 APPLICATION INFORMATION ........................................................................................................... 12
6 TEST ENVIRONMENT ............................................................................................................................. 14
6.1 TESTS PERFORMED ................................................................................................................................... 14 6.2 GENERAL ARCHITECTURE .......................................................................................................................... 15
6.2.1 OTES replacement ........................................................................................................................... 15 6.2.2 Virtual interfaces on RP and SBC .................................................................................................... 16 6.2.3 Remote worker authentication: ........................................................................................................ 17
6.3 HARDWARE CONFIGURATION ..................................................................................................................... 18 6.4 SOFTWARE CONFIGURATION ...................................................................................................................... 18
6.4.1 ALE OpenTouch server ................................................................................................................ 18 6.4.2 Partner Application ....................................................................................................................... 18
7 TEST RESULT TEMPLATE ...................................................................................................................... 19
8 TEST RESULTS ......................................................................................................................................... 20
8.1 CLIENT INITIALIZATION AND AUTHENTICATION .......................................................................................... 20 8.2 OUTGOING CALLS ..................................................................................................................................... 21 8.3 INCOMING CALLS ...................................................................................................................................... 22 8.4 FEATURES DURING CONVERSATION ............................................................................................................ 23 8.5 WEB SERVICES ......................................................................................................................................... 25 8.6 COLLABORATION SERVICES ON OTC CLIENTS ............................................................................................ 26 8.7 CONFERENCE AND COLLABORATION SERVICES (OTC WEB) ........................................................................ 26
9 APPENDIX A : AAPP MEMBER’S APPLICATION DESCRIPTION .............................................. 28
10 APPENDIX B: CONFIGURATION REQUIREMENTS OF THE AAPP MEMBER’S
APPLICATION .............................................................................................................................................. 29
10.1 NGINX CERTIFICATE FOR SSL ................................................................................................................. 29 10.2 LDAP AUTHENTICATION MODULE ............................................................................................................ 29 10.3 CONFIGURATION FILES ........................................................................................................................... 30 10.4 FIREWALL CONFIGURATION ..................................................................................................................... 31 10.5 NGINX PLUS SIZING GUIDE FOR OPENTOUCH........................................................................................... 31
11 APPENDIX C : DNS ENTRIES ............................................................................................................... 32
12 APPENDIX D: ALCATEL-LUCENT ENTERPRISE COMMUNICATION PLATFORM:
CONFIGURATION REQUIREMENTS ..................................................................................................... 33
12.1 REVERSE PROXY CONFIGURATION ON OT ................................................................................................ 33 12.2 SBC CONFIGURATION ON OT ................................................................................................................. 34 12.3 CONFERENCE SERVICE ADDRESS/FQDN .................................................................................................. 36
ALE Application Partner Program – Inter-working report - Edition 8 - page 5/45
Copyright © 2018 ALE , All rights reserved
12.4 OTC PC SIP CLIENT CONFIGURATION..................................................................................................... 37
13 APPENDIX D: AAPP MEMBER’S ESCALATION PROCESS ........................................................ 39
14 APPENDIX E: AAPP PROGRAM ........................................................................................................ 40
14.1 ALCATEL-LUCENT APPLICATION PARTNER PROGRAM (AAPP) ................................................................... 40 14.2 ENTERPRISE.ALCATEL-LUCENT.COM ........................................................................................................ 41
15 APPENDIX F: AAPP ESCALATION PROCESS ............................................................................... 42
15.1 INTRODUCTION ...................................................................................................................................... 42 15.2 ESCALATION IN CASE OF A VALID INTER-WORKING REPORT ..................................................................... 43 15.3 ESCALATION IN ALL OTHER CASES ........................................................................................................... 44 15.4 TECHNICAL SUPPORT ACCESS .................................................................................................................. 45
ALE Application Partner Program – Inter-working report - Edition 8 - page 6/45
Copyright © 2018 ALE , All rights reserved
1 Introduction
This document is the result of the certification tests performed between the AAPP member’s application and Alcatel-Lucent Enterprise’s platform.
It certifies proper inter-working with the AAPP member’s application.
Information contained in this document is believed to be accurate and reliable at the time of printing.
However, due to ongoing product improvements and revisions, ALE International cannot guarantee accuracy of printed material after the date of certification nor can it accept responsibility for errors
or omissions. Updates to this document can be viewed on:
- the Technical Support page of the Enterprise Business Portal
(https://businessportal.alcatel-lucent.com) in the Application Partner Interworking Reports corner (restricted to Business Partners)
- the Application Partner portal (https://applicationpartner.alcatel-lucent.com) with free access.
ALE Application Partner Program – Inter-working report - Edition 8 - page 7/45
Copyright © 2018 ALE , All rights reserved
1.1 Glossary
ACS OT Collaboration server
API Application Programming Interface
AAA Authentication, Authorization and Accounting
CA Certificate Authority. It is part of a PKI. It issues and verifies digital certificates.
DMS Device Management Server
CSR Certificate Signing Request. This is file generated by a server to get signed by a
CA which will deliver a signed certificate.
DN Distinguished Name
DNS Domain Name System. Server that translates FQDN into IP addresses.
EVS Event server
FQDN Fully Qualified Domain Name. A domain name that specifies its exact location in
the tree hierarchy of the Domain Name System (DNS). It specifies all domain levels, including the top-level domain, relative to the root domain. Ex: “myhost.mydomain.com”
IM Instant Messaging
OTC PC OpenTouch Conversation and connection for PC
OTC Web Web client used for the access to OT conference
LDAP Lightweight Directory Access Protocol. This is a directory that can be used as an
authentication server.
OT OpenTouch
OTES Opentouch Edge Server
PKI Public Key Infrastructure. It provides digital certificates that can identify an individual or an organization and directory services that can store and, when necessary,
revoke the certificates.
RADIUS Remote Authentication Dial In User Service. This is an Authentication Server.
RP Reverse Proxy
SAN Subject Alternative Name
SBC Session Border Controller
SSL – TLS Transport Layer Security (formerly Secure Socket Layer). It allows client/server applications to communicate across a network in a way designed to prevent
eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and
communications confidentiality over the Internet using cryptography.
WSS Web Socket Secure
ALE Application Partner Program – Inter-working report - Edition 8 - page 8/45
Copyright © 2018 ALE , All rights reserved
2 Validity of the InterWorking Report
This InterWorking report specifies the products and releases which have been certified.
This inter-working report is valid unless specified until the AAPP member issues a new major release of such product (incorporating new features or functionalities), or until ALE International
issues a new major release of such Alcatel-Lucent Enterprise product (incorporating new features
or functionalities), whichever first occurs.
A new release is identified as following: a “Major Release” is any x. enumerated release. Example Product 1.0 is a major product
release.
a “Minor Release” is any x.y enumerated release. Example Product 1.1 is a minor product
release
The validity of the InterWorking report can be extended to upper major releases, if for example the
interface didn’t evolve, or to other products of the same family range. Please refer to the “IWR validity extension” chapter at the beginning of the report.
Note: The InterWorking report becomes automatically obsolete when the mentioned product releases are end of life.
ALE Application Partner Program – Inter-working report - Edition 8 - page 9/45
Copyright © 2018 ALE , All rights reserved
3 Limits of the Technical support
Technical support will be provided only in case of a valid InterWorking Report (see chapter
Erreur ! Source du renvoi introuvable. “Validity of the InterWorking Report) and in the scope
of the features which have been certified. That scope is defined by the InterWorking report via the tests cases which have been performed, the conditions and the perimeter of the testing as well as
the observed limitations. All this being documented in the IWR. The certification does not verify the functional achievement of the AAPP member’s application as well as it does not cover load capacity
checks, race conditions and generally speaking any real customer's site conditions.
Any possible issue will require first to be addressed and analyzed by the AAPP member before being
escalated to ALE International
For any request outside the scope of this IWR, ALE International offers the “On Demand
Diagnostic” service where assistance will be provided against payment.
For more details, please refer to Appendix F “AAPP Escalation Process”.
3.1 Case of additional Third party applications In case at a customer site an additional third party application NOT provided by ALE International
is included in the solution between the certified Alcatel-Lucent Enterprise and AAPP member products, ALE International will consider that situation as to that where no IWR exists. ALE
International will handle this situation accordingly (for more details, please refer to Appendix F
“AAPP Escalation Process”).
ALE Application Partner Program – Inter-working report - Edition 8 - page 10/45
Copyright © 2018 ALE , All rights reserved
4 Summary of test results
4.1 Summary of the main features tested
Depending on the application tested, some features might not be available, see section 4.3
Summary of limitations or chapter 8 Test Results for more details.
Feature N/A OK OK
But NOK
Application initialization and authentication
Start and stop phase
Authentication on RP using LDAP
Outgoing calls
Local call
External call
2nd outgoing call
Video call
Incoming calls
Local call
External call
2nd incoming call
Video call
Features during conversation
Hold / Resume
Back and forth
Push/Get call (Transfer to another user’s device)
Transfer
Video call
Web Services
Event notification
Voicemail
Directory search
Routing profile modification
Collaboration services
IM
Attachment / Presentation
Desktop sharing
Routing profile modification
OTC Web
Join the conference with audio
Join the conference without audio
IM
Promote leader
Attachment / Presentation
Desktop sharing
ALE Application Partner Program – Inter-working report - Edition 8 - page 11/45
Copyright © 2018 ALE , All rights reserved
4.2 Summary of problems OT problems:
o None
NGINX problems:
o None
4.3 Summary of limitations
OT limitations:
o None
NGINX limitations: o None
4.4 Notes, remarks
The same tests could have been done with encryption of signaling (SIP-TLS) and audio (SRTP).
This has no impact on the feature tested (web services) related to the reverse proxy.
WARNING: Due to some problems found in NGINX and NGINX+ during the interworking tests, it is mandatory to use following Nginx versions:
NGINX+: version >= R10
ALE Application Partner Program – Inter-working report - Edition 8 - page 12/45
Copyright © 2018 ALE , All rights reserved
5 Application information Application commercial name: NGINX Application version: Nginx plus R14 (1.13.7) Interface type: through configuration files
Interface version (if relevant): Brief application description:
NGINX is a lightweight, high performance web server/reverse proxy. It runs on UNIX, GNU/Linux, BSD variants, Mac OS X, Solaris, and Microsoft Windows.
Nginx is available in three versions, for technology professionals through to businesses and
enterprises. For more information: http://nginx.com/products/
NGINX Plus product is built on the open source NGINX product and includes advanced features to support mission critical production environments. In contrast to legacy hardware-based networking
appliances, NGINX Plus originates from the world of application software and provides an
innovative new set of features to bridge users and applications.
NGINX Plus frees applications from the heavy lifting of HTTP by managing all of the complexities of application request routing, application security, content delivery and acceleration without incurring
unnecessary costs in time or capital.
Advanced Features of NGINX Plus Include:
Application Health Checking
Commercial-Grade Activity Monitoring
Advanced Load Balancing
Dynamic On-The-Fly Reconfiguration
Extended Logging Capabilities
High Availability Setup
Adaptive Media Streaming
Services Available With NGINX Plus Include:
Configuration and Tuning
Performance Optimization
Technical Account Management
ALE Application Partner Program – Inter-working report - Edition 8 - page 13/45
Copyright © 2018 ALE , All rights reserved
Figure 1 Global Principle
The following diagram describes a typical redirection policy implemented on the Nginx RP for the
ALE solution.
Figure 2 Redirection policy
ALE Application Partner Program – Inter-working report - Edition 8 - page 14/45
Copyright © 2018 ALE , All rights reserved
6 Test environment
6.1 Tests performed
This document describes the tests done for remote worker scenario and guest access to Opentouch conferences in the context of OT 2.3.1 solution with NGINX plus configured as a reverse
proxy.
OTC Clients tested in this report are:
OTC PC
OTCT/OTCV Android smartphone OTCV Android Tablet
OTCT/OTCV iPhone
OTCV ipad OTC Web with OTC Sharing (application for screen sharing)
OTC client applications use an internet connection in the WAN. Remote users are connected to the enterprise network through a reverse proxy in HTTPS/WSS and through an SBC in SIP.
The way to configure OT server, OTC clients and NGINX RP is described in the Appendix. In these
tests, Nginx is running in a linux virtual server.
ALE Application Partner Program – Inter-working report - Edition 8 - page 15/45
Copyright © 2018 ALE , All rights reserved
6.2 General Architecture The reverse proxy manages the access to OpenTouch Web Services for remote corporate users.
OTC remote clients send web requests to NGINX Reverse Proxy which forwards the traffic to the OT server located in the trusted zone.
Users can be authenticated by the RP using LDAP or OT authentication web service.
SBC server manages SIP sessions and the media streams for audio and video.
Fig 3 Test architecture in OT2.3.1
6.2.1 OTES replacement
Before OT 2.2.1, the external access to OT conferences required the installation of an OTES server
in addition to RP and SBC.
Since OT 2.2.1, this configuration has been simplified and the OTES has been removed from the topology. It is now the role of the reverse proxy to handle following use cases:
1- Corporate remote workers authentication and access to web services and eventing. This is mostly unchanged (same as before 2.2.1)
2- Corporate access to full conference features including desktop sharing (new) 3- Anonymous access to OpenTouch conferences only (new)
When this configuration is chosen (without OTES), the RP manages the OTC client connections to Opentouch server as well as the external accesses to conference and collaboration services.
ALE Application Partner Program – Inter-working report - Edition 8 - page 16/45
Copyright © 2018 ALE , All rights reserved
6.2.2 Virtual interfaces on RP and SBC
Since OT2.2.1, the Reverse Proxy exposes two virtual interfaces:
- Opentouch public server FQDN (pub-ot.company.com) :
Remote workers connect with OTCv clients to Opentouch services using opentouch public FQDN pub-ot.company.com exposed by the reverse proxy.
OTCv clients send HTTPS/WSS requests on port 443 and 8016 to the reverse proxy which forwards the traffic to the internal FQDN of the OT ot.company.com.
- Conferencing service FQDN (conference.company.com)
These are typically remote workers or non corporate users (guests) that join Opentouch scheduled
conferences through OTC Web application.
They use conference.company.com FQDN to reach conference and collaboration services through
HTTPS/WSS on port 443.
Conferencing FQDN must be the same in LAN and WAN: conference.company.com must be resolved by a public DNS to the RP public IP address
it must be resolved on LAN by the private DNS to OT ACS cluster IP address:
In the LAN, conference FQDN= ACS cluster FQDN
On SBC side, one public interface is needed:
- pub-sip-services.company.com: SBC FQDN for SIP and media services
ALE Application Partner Program – Inter-working report - Edition 8 - page 17/45
Copyright © 2018 ALE , All rights reserved
6.2.3 Remote worker authentication:
In this IWR, remote users are authenticated on RP using LDAP.
As NGINX+ does not natively implement LDAP, user authentication is done by an external module
delivered by NGINX: LDAP Auth Daemon. Authentication requests are sent to this module for each
protected URL.
Hereunder is the flowchart describing the different steps of the authentication process:
More information on auth-ldap module can be found here:
http://nginx.com/blog/nginx-plus-authenticate-users/
ALE Application Partner Program – Inter-working report - Edition 8 - page 18/45
Copyright © 2018 ALE , All rights reserved
6.3 Hardware configuration NGINX plus
HP Proliant DL380p Gen8 hosting vmware esxi 5.1
ALE OpenTouch:
HP Proliant DL120 G6 hosting vmware esxi 5.1
6.4 Software configuration Software configuration
NGINX Plus Reverse Proxy Deployment: Public fqdn: https://opentouch2.aapp-etesting.com
Public IP address: 89.225.243.249
Internal fqdn: rpnginx2.aapp-etesting.com
Internal IP address: 10.1.2.44 Operating system: Linux CentOS 6.8
Following Linux distributions have also been tested:
Debian 8.5 Ubuntu 14.04.4
ALE OpenTouch server:
IP address: 10.1.2.85 fqdn: ice2.aapp-etesting.com
DNS: 10.1.2.15
6.4.1 ALE OpenTouch server
OTMS version 2.3.109.003
OTC PC 2.3.100.017
OTCT/OTCV Android smartphone 2.31.02.5
OTCT/OTCV iPhone 2.31.08.07
OTCV ipad 2.20.02.004
6.4.2 Partner Application
Nginx plus R14
Ldap-auth daemon from https://github.com/nginxinc/nginx-ldap-auth
(ldap-auth is compatible with Nginx plus R14)
ALE Application Partner Program – Inter-working report - Edition 8 - page 19/45
Copyright © 2018 ALE , All rights reserved
7 Test Result Template
The results are presented as indicated in the example below:
Test
Case Id
Test Case N/A OK NOK Comment
1
Test case 1 Action
Expected result
2
Test case 2 Action
Expected result
The application waits for PBX timer or
phone set hangs up
3
Test case 3
Action
Expected result
Relevant only if the
CTI interface is a direct CSTA link
4
Test case 4 Action
Expected result
No indication, no error message
… …
Test Case Id: a feature testing may comprise multiple steps depending on its complexity. Each
step has to be completed successfully in order to conform to the test. Test Case: describes the test case with the detail of the main steps to be executed the and the
expected result
N/A: when checked, means the test case is not applicable in the scope of the application OK: when checked, means the test case performs as expected
NOK: when checked, means the test case has failed. In that case, describe in the field “Comment” the reason for the failure and the reference number of the issue either on ALE International side or
on AAPP member side Comment: to be filled in with any relevant comment. Mandatory in case a test has failed especially
the reference number of the issue.
ALE Application Partner Program – Inter-working report - Edition 8 - page 20/45
Copyright © 2018 ALE , All rights reserved
8 Test Results
In all following sections, the client under test is an external user; It has been declared on the public side of the RP. For this remote user, OTC client has been configured to connect to OT via Nginx
RP.
8.1 Client initialization and authentication These tests cover OTC clients initialization and authentication.
User authentication is performed using LDAP. LDAP requests are sent by NGINX external module
ldap-auth-daemon.
Test
Case Id
Test Case N/A OK NOK Comment
1 Application initialization
A
OTC client connection to the OT through
reverse proxy using HTTP basic authentication
Check OT login/password verification
Go through OTC application menus and verify that
the application is responding correctly.
B
OTC client connection to the OT through reverse proxy using LDAP authentication
Check credentials validation
C
OTC client connection to the OT through
reverse proxy using certificate authentication
Check OT login/password verification
Go through OTC application menus and verify that
the application is responding correctly.
Not supported on
OTC PC
3 Application exit
A
Stop OTC client.
OTC user is unregistered.
ALE Application Partner Program – Inter-working report - Edition 8 - page 21/45
Copyright © 2018 ALE , All rights reserved
8.2 Outgoing calls
Test Case
Id
Test Case N/A OK NOK Comment
1 Internal outgoing call
A
Call from remote User A (OTC client) to User B
Check that the call is established
2 External outgoing call
A
External call from remote User A (OTC client)
to user B
Check that the call is correctly established
3 Outgoing video call
A
Video Call from remote User A (OTC client) to
user B
Check that audio/video streams are correctly established
Available on OTC PC
only
4 Second outgoing call
A
Call from remote User A (OTC client) to User B Call from remote User A (OTC client) to User C
Check that the 2nd call is correctly established
OTCV ipad, OTCV Android Tablet: Not
possible to make a
second call, the application is not
multi-line, but it is possible dial a number
to start a conference
OTC PC, OTCV
Android smartphone,
OTCV iphone
ALE Application Partner Program – Inter-working report - Edition 8 - page 22/45
Copyright © 2018 ALE , All rights reserved
8.3 Incoming calls
Test Case
Id
Test Case N/A OK NOK Comment
1 Internal incoming call
A
Internal call from User B to User A (OTC client)
Check that the call is correctly presented and
established
2 External outgoing call
A
External call from remote User A (OTC client) to user B
Check that the call is correctly established
3 Incoming video call
A
Video call from User B to User A (OTC PC
client)
Check that the call is correctly presented and the audio/video streams are correctly established
Available on OTC PC
only
4 Second incoming call
A
Call from User B to User A (OTC client) Call from User C to User A (OTC client)
Check that the 2nd call is correctly presented and is correctly established
OTC PC, OTCV ipad,
OTCV Android, OTC iPhone: Not possible
to receive a second
call. The 2nd call is routed to the other
user’s devices or to the voice mail.
ALE Application Partner Program – Inter-working report - Edition 8 - page 23/45
Copyright © 2018 ALE , All rights reserved
8.4 Features during conversation
Test Case
Id
Test Case N/A OK NOK Comment
1 Hold/Resume
A
Call from User A (OTC Client) to User B and establish the call.
Put User B on hold.
Verify the music on hold is played
Verify you can resume the call by clicking on it
again.
OTCV ipad, OTCV Android Tablet: hold
feature is not available
2 Back and forth
A
Call from User A (OTC Client) to User B. Establish the call.
Call from User A (OTC Client) to User C Establish the call.
User B must be put on hold.
Check that you can retrieve User B.
User C must be on hold. Check that you can retrieve User C.
User B must be on hold.
OTCV ipad, OTCV Android Tablet: Not
possible to make a second call, the
application is not multi-line
OTC PC, OTCV
Android smartphone, OTCV iphone
3
Transfer to another user’s device (Push call/Get call)
A
Internal call from User B to User A (OTC
Client), establish the communication, then OTC user transfers the call to another of his
device (OTC Phone deskphone for example)
Check that the call is correctly presented to OTC
Phone and can be correctly established
From OTC Client, get the current call again.
Check that the call is correctly presented to OTC
client and can be correctly established
ALE Application Partner Program – Inter-working report - Edition 8 - page 24/45
Copyright © 2018 ALE , All rights reserved
Test
Case Id
Test Case N/A OK NOK Comment
4 Transfer to another user
A
Call from User A (OTC Client) to User B.
Establish the call.
Call from User A (OTC Client) to User C Establish the call.
Transfer User C to User B
OTCV ipad, OTCV
Android Tablet: Not possible to make a
second call, the application is not
multi-line
5 User picture
A
Call from User B to User A (OTC Client)
Check that the caller’s picture is correctly presented
ALE Application Partner Program – Inter-working report - Edition 8 - page 25/45
Copyright © 2018 ALE , All rights reserved
8.5 Web services
Test Case
Id
Test Case N/A OK NOK Comment
1 Event notifications
A
Missed call event
From another user or station, call OTC Client
user but do not answer.
Check that the event logs show a missed call.
Check that it is propagated to other user’s devices. Check the that the missed call event disappears
after consultation. Check that it is propagated to other user’s devices.
B
Voice mail event
User B (OTC Phone) calls User A (OTC Client)
and leaves a message.
User A can see a voice message in his events logs.
Check that it is propagated to other user’s devices.
User A can listen to the voice message, and delete
it. The voice mail event must disappear.
Check that it is propagated to other user’s devices.
2 Directory Search (dial by name)
A
User A (OTC client) calls an OT user using dial by name
Verify that dial by name feature is working. Check that the call can be established
3 Routing profile modification
A
On User A (OTC client), change the routing
profile of the remote user
Check that that the routing modification is working.
Check that it is propagated to other user’s devices.
ALE Application Partner Program – Inter-working report - Edition 8 - page 26/45
Copyright © 2018 ALE , All rights reserved
8.6 Collaboration services on OTC clients
Test
Case Id
Test Case N/A OK NOK Comment
1 IM
A
Check IM is possible between remote worker and an internal user
1
Application/desktop sharing
B
Check that presentation and sharing session is possible between remote worker and an
internal user
OTC PC, OTCV ipad, OTCV Android Tablet:
It is possible to share a presentation and to
modify it
OTCV Android
smartphone, OTCV iphone: Feature not
available
8.7 Conference and collaboration services (OTC Web) In this section all tests are performed with OTC web application (including OTC Sharing).
Test
Case
Id
Test Case N/A OK NOK Comment
1 Join a conference
A
Join conference without audio
B Join conference with audio
2
IM
ALE Application Partner Program – Inter-working report - Edition 8 - page 27/45
Copyright © 2018 ALE , All rights reserved
Test
Case Id
Test Case N/A OK NOK Comment
A Check that the chat session is working
between remote users and internal users
3
Promote/disconnect a participant
A
Promote / unpromote a leader
B Remove a participant from the conference
4
Application/Desktop sharing
A
Desktop sharing application installation
B Document sharing
C Web presentation and annotation
D Desktop sharing session
ALE Application Partner Program – Inter-working report - Edition 8 - page 28/45
Copyright © 2018 ALE , All rights reserved
9 Appendix A : AAPP member’s Application description
Protocols and performance • HTTP/1.1, HTTP/2, HTTPS, SPDY (depreciated), WebSocket
• IMAP, POP3, SMTP with an external HTTP based authentication
• IPv4 and IPv6 • 1 million concurrent connections
• 10,000+ virtual servers multi-tenancy • Connection multiplexing pools for low latency communications
Request Routing
• HTTP, FastCGI, SCGI, uwsgi, memcached
• Exact, prefix, regex-based URL/URI path switching • Reverse proxy and load balancer with round-robin,least-connected, ip-hash
• Session persistence • Application backend health monitoring
SSL Termination • TLSv1.1/TLSv1.2/SSL/SNI/PFS/PCI-DSS
• OCSP Stapling
Security • Bandwidth, connection and request policing
• Protocol isolation and request filtering
• Header manipulation
Edge Cache and Origin Server • Content offload and caching
• On-the-fly content compression and optimization
• HTTP video streaming with MP4/FLV/HDS/HLS
Configuration and Management • Live reconfiguration of server pools to change
upstream settings on the fly
• Activity monitoring • Geo-IP configuration
• Logging to syslog
High Availability • Active-Standby (NGINX AMI on EC2 only)
• Live binary upgrades to eliminate downtime
• Graceful restart with non-stop request processing
Supported Operating Systems and Architectures • Ubuntu, Debian, CentOS, Amazon Linux, Red Hat,
SuSE, Solaris, SmartOS, *BSD
• x86_64, i386, ARM
ALE Application Partner Program – Inter-working report - Edition 8 - page 29/45
Copyright © 2018 ALE , All rights reserved
10 Appendix B: Configuration requirements of the AAPP member’s application
Please note that complementary information can be found in Technical Communication TC2257
available on the Business Portal.
After having installed nginx on your server (download the rpm, then yum install nginx on CentOS),
following steps are needed before starting the tests:
10.1 Nginx certificate for SSL For this IWR, the Root CA of etesting lab PKI has been used to sign OT and RP certificates.
The RP certificate has been generated with subject CN=<OT public FQDN> and SAN field including ACS cluster FQDN
Note: A wildcard server certificate could also have been deployed.
The location for NGINX certificate and its private key is configurable in the config file: ssl_certificate /etc/nginx/cert/cert.pem; ssl_certificate_key /etc/nginx/key/cert.key;
10.2 LDAP authentication module
LDAP user authentication is done using ldap-auth daemon developed by NGINX.
Module installation:
Prerequisites: python2 and python-ldap modules must be installed on the server.
nginx-ldap-auth-daemon.py: Python code for the ldap-auth daemon
nginx-ldap-auth-daemon-ctl.sh (optional): Sample shell script for starting and stopping the daemon. Install on the same host as the ldap-auth daemon.
Copy the files ngx-ldap-auth-daemon.py and nginx-ldap-auth-daemon-ctl.sh on your server and lauch the control script:
nginx-ldap-auth-daemon-ctl.sh start By default, ldap-auth-daemon listens on port 8888.
Modify NGINX ldap configuration file as stated in section 10.3 with your LDAP server settings.
Now each client requests to a protected location are authenticated using the credentials provided in the login screen of OTC clients.
Here are the logs of the ldap daemon for one authentication request:
ALE Application Partner Program – Inter-working report - Edition 8 - page 30/45
Copyright © 2018 ALE , All rights reserved
For each protected URL, NGINX sets a cookie with the provided login/password and save it to cache. LDAP requests are done on a frequency depending on the cache key lifetime. By default, the
time which a response is cached isn’t limited. But this can be modified by proxy_cache_valid directive. In following configuration file, it has been set to 10mn. Once the cache is cleared, at next
attempt from the client to access a protected URL, NGINX will start a new request to auth daemon
by sending the cookie. Auth daemon decrypts the cookie and starts the LDAP request. The user does not have to re-enter his credentials.
More information on installation and configuration here:
https://github.com/nginxinc/nginx-ldap-auth
10.3 Configuration files
The configuration files provided in the archive must be copied in /etc/nginx/conf.d/ except nginx.conf which should be copied in /etc/nginx/
After having adapted the files according to your needs (fqdn, ssl, ldap configuration ...) , we recommend running the “nginx –t” command to verify that the files are valid.
To start/stop NGINX process:
/etc/init.d/nginx start/stop/restart
Or if it is already running, run the following command to reload the configuration file:
nginx -s reload
There are 2 main configuration files corresponding to the 2 hostnames proxied:
opentouch2.aapp-etesting.com.conf
hostname opentouch2.aapp-etesting.com (OpenTouch fqdn):
Used by remote OT clients to interact with OpenTouch server. The authentication is performed in LDAP before accessing to OT services. This interface exposes the public FQDN of the OpenTouch
server (API public URL) as defined in 8770 for OT Reverse Proxy parameters (see section Reverse proxy configuration).
conf2.aapp-etesting.com.conf: conf2.aapp-etesting.com (conference service fqdn)
This interface exposes the “conferencing service FQDN or ACS service FQDN”, as defined in OT
post-install wizard (see section Reverse proxy configuration).
As conferences can be accessed by external guests which are not authenticated by the RP, filtering rules are applied to control the access to conference and collaboration ressources.
Conferencing service FQDN can be found on WBM, refer to section Reverse proxy configuration.
There are 3 possible deployment scenario:
1. remote workers only: In that case, you can only install opentouch2.aapp-etesting.com file
and associated ssl and ldap files
2. anonymous guests only (no remote worker): In that case, you can install conf2.aapp-
etesting.com file and associated ssl and global variables files.
ALE Application Partner Program – Inter-working report - Edition 8 - page 31/45
Copyright © 2018 ALE , All rights reserved
3. both of the above : all the files are needed
Notes:
RP listens to ports 443 and 8016
chunk mode must be enabled (should be by default) proxy buffering has been disabled
To download an example of configuration file, refer to the Technical Communication TC2257 where a FTP server is mentionned for that.
10.4 Firewall configuration On the server where the RP is running, configure the firewall to accept packets on port 443, 8443
and 8016:
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 8016 -j ACCEPT
10.5 Nginx Plus sizing guide for OpenTouch
Following figures are recommendations of sizing based on typical busy hour load of 5 call/h/user
and corresponding level of other collaboration features usage, and the sizing includes a significant safety margin to comply more intensive usages. Observations of the CPU and memory consumption
under real customer deployment conditions should be done to adjust the sizing to end customer real needs.
Number of Remote Clients NGINX sizing recommendation
Up to 500 1 core VM, 1GB RAM*
*OS RAM excluded
Up to 1500 2 cores VM, 2GB RAM
Up to 5000 4 cores VM, 4GB RAM
ALE Application Partner Program – Inter-working report - Edition 8 - page 32/45
Copyright © 2018 ALE , All rights reserved
11 Appendix C : DNS entries
Public DNS entries:
FQDN Name IP address
OT public fqdn opentouch2.aapp-etesting.com RP public IP address
Conference fqdn conf2.aapp-etesting.com RP public IP address
SBC fqdn sbc2.aapp-etesting.com SBC public IP address
Internal DNS entries:
FQDN Name IP address
OT internal fqdn ice2.etesting.lab OT IP address
Conference fqdn (*) conf2.aapp-etesting.com (*) ACS cluster IP address cf (*)
(*): for ACS cluster fqdn/IP see section 12.3 Conference service address/FQDN
ALE Application Partner Program – Inter-working report - Edition 8 - page 33/45
Copyright © 2018 ALE , All rights reserved
12 Appendix D: Alcatel-Lucent Enterprise Communication Platform: configuration requirements
12.1 Reverse proxy configuration on OT For more details, please refer to technical OT documentation.
To declare the reverse proxy and the mapping between public and private URLs of servers, select System services > Topology > Reverse proxy
OT is listening on 2 ports:
- 443 for web services - 8016 for event management
• API: enter the public FQDN of the OpenTouch server • EVS: enter the public FQDN of the OpenTouch server followed by the 8016 port
Number • ACS:
• If there is no OTES (OpenTouch Edge Server), enter the public FQDN of the OpenTouch
server • If there is an OTES, enter the ACS Cluster Name/FQDN.
• DMS (Device Management): enter the public FQDN of the OpenTouch server followed by the path
/DM/MYICPCSIP
ALE Application Partner Program – Inter-working report - Edition 8 - page 34/45
Copyright © 2018 ALE , All rights reserved
12.2 SBC configuration on OT A SBC is needed for SIP signaling and audio management. Here is the way to declare it on the OT.
SBC configuration is not detailed here.
SBC declaration on user side (Windows Desktop) :
ALE Application Partner Program – Inter-working report - Edition 8 - page 35/45
Copyright © 2018 ALE , All rights reserved
ALE Application Partner Program – Inter-working report - Edition 8 - page 36/45
Copyright © 2018 ALE , All rights reserved
12.3 Conference service address/FQDN
ACS cluster FQDN and IP are configured during OpenTouch post installation:
To find OT conference FQDN and IP address (ACS cluster FQDN), open the WBM tool,
open the collaboration services, configuration window on the OpenTouch Select Domains, click the Edit button in the Settings column
If the ACS Cluster is not configured at OpenTouch post-installation (Conferencing Service address
not configured), it can be created using OpenTouch rehosting operation (see TC 1986).
ALE Application Partner Program – Inter-working report - Edition 8 - page 37/45
Copyright © 2018 ALE , All rights reserved
12.4 OTC PC SIP client configuration During the installation process or at connection time, modify Reverse access entries with public URL
of your reverse proxy and ldap credentials of the user (they might be different from the OT login/password).
ALE Application Partner Program – Inter-working report - Edition 8 - page 38/45
Copyright © 2018 ALE , All rights reserved
Create a new profile “remote_worker”:
ALE Application Partner Program – Inter-working report - Edition 8 - page 39/45
Copyright © 2018 ALE , All rights reserved
13 Appendix D: AAPP member’s escalation process
In order to get support from NGINX, customer will need to subscribe to either NGINX Plus Standard
or NGINX Plus Premium version. The difference in the versions is described at
http://nginx.com/products/
Subscribed customers can open service requests through the NGINX Customer Portal at
http://cs.nginx.com/
ALE Application Partner Program – Inter-working report - Edition 8 - page 40/45
Copyright © 2018 ALE , All rights reserved
14 Appendix E: AAPP program
14.1 Alcatel-Lucent Application Partner Program (AAPP)
The Application Partner Program is designed to support companies that develop communication applications for the enterprise market, based on Alcatel-Lucent Enterprise's product family.
The program provides tools and support for developing, verifying and promoting compliant third-party applications that complement Alcatel-Lucent Enterprise's product family. ALE International
facilitates market access for compliant applications.
The Alcatel-Lucent Application Partner Program (AAPP) has two main objectives:
Provide easy interfacing for Alcatel-Lucent Enterprise communication products: Alcatel-Lucent Enterprise's communication products for the enterprise market include
infrastructure elements, platforms and software suites. To ensure easy integration, the
AAPP provides a full array of standards-based application programming interfaces and fully-documented proprietary interfaces. Together, these enable third-party applications to
benefit fully from the potential of Alcatel-Lucent Enterprise products.
Test and verify a comprehensive range of third-party applications:
to ensure proper inter-working, ALE International tests and verifies selected third-party
applications that complement its portfolio. Successful candidates, which are labelled Alcatel-Lucent Enterprise Compliant Application, come from every area of voice and data
communications.
The Alcatel-Lucent Application Partner Program covers a wide array of third-party applications/products designed for voice-centric and data-centric networks in the enterprise market,
including terminals, communication applications, mobility, management, security, etc.
ALE Application Partner Program – Inter-working report - Edition 8 - page 41/45
Copyright © 2018 ALE , All rights reserved
Web site
The Application Partner Portal is a website dedicated to the AAPP program and where the
InterWorking Reports can be consulted. Its access is free at http://applicationpartner.alcatel-lucent.com
14.2 Enterprise.Alcatel-Lucent.com
You can access the Alcatel-Lucent Enterprise website at this URL: http://www.enterprise.alcatel-lucent.com/
ALE Application Partner Program – Inter-working report - Edition 8 - page 42/45
Copyright © 2018 ALE , All rights reserved
15 Appendix F: AAPP Escalation process
15.1 Introduction
The purpose of this appendix is to define the escalation process to be applied by the ALE
International Business Partners when facing a problem with the solution certified in this document.
The principle is that ALE International Technical Support will be subject to the existence of a valid
InterWorking Report within the limits defined in the chapter “Limits of the Technical support”.
In case technical support is granted, ALE International and the Application Partner, are engaged as following:
(*) The Application Partner Business Partner can be a Third-Party company or the ALE
International Business Partner itself
ALE Application Partner Program – Inter-working report - Edition 8 - page 43/45
Copyright © 2018 ALE , All rights reserved
15.2 Escalation in case of a valid Inter-Working Report The InterWorking Report describes the test cases which have been performed, the conditions of the
testing and the observed limitations.
This defines the scope of what has been certified.
If the issue is in the scope of the IWR, both parties, ALE International and the Application Partner,
are engaged:
Case 1: the responsibility can be established 100% on ALE International side.
In that case, the problem must be escalated by the ALE Business Partner to the ALE
International Support Center using the standard process: open a ticket (eService Request –eSR)
Case 2: the responsibility can be established 100% on Application Partner side.
In that case, the problem must be escalated directly to the Application Partner by opening a
ticket through the Partner Hotline. In general, the process to be applied for the Application Partner is described in the IWR.
Case 3: the responsibility can not be established.
In that case the following process applies:
The Application Partner shall be contacted first by the Business Partner (responsible for
the application, see figure in previous page) for an analysis of the problem.
The ALE International Business Partner will escalate the problem to the ALE International Support Center only if the Application Partner has demonstrated with
traces a problem on the ALE International side or if the Application Partner (not the
Business Partner) needs the involvement of ALE International
In that case, the ALE International Business Partner must provide the reference of the Case Number on the Application Partner side. The Application Partner must provide to ALE
International the results of its investigations, traces, etc, related to this Case Number.
ALE International reserves the right to close the case opened on his side if the
investigations made on the Application Partner side are insufficient or do not exist. Note: Known problems or remarks mentioned in the IWR will not be taken into account.
For any issue reported by a Business Partner outside the scope of the IWR, ALE International offers
the “On Demand Diagnostic” service where ALE International will provide 8 hours assistance against payment .
IMPORTANT NOTE 1: The possibility to configure the Alcatel-Lucent Enterprise PBX with ACTIS
quotation tool in order to interwork with an external application is not
the guarantee of the availability and the support of the solution. The reference remains the existence of a valid InterWorking Report.
Please check the availability of the Inter-Working Report on the AAPP (URL:
https://private.applicationpartner.alcatel-lucent.com) or Enterprise Business Portal (Url: Enterprise Business Portal) web sites.
IMPORTANT NOTE 2: Involvement of the ALE International Business Partner is mandatory, the access to the Alcatel-Lucent Enterprise platform (remote access, login/password) being the
Business Partner responsibility.
ALE Application Partner Program – Inter-working report - Edition 8 - page 44/45
Copyright © 2018 ALE , All rights reserved
15.3 Escalation in all other cases These cases can cover following situations:
1. An InterWorking Report exist but is not valid (see Chap Erreur ! Source du renvoi
introuvable. “Validity of an Interworking Report”)
2. The 3rd party company is referenced as AAPP participant but there is no official
InterWorking Report (no IWR published on the Enterprise Business Portal for Business Partners or on the Alcatel-Lucent Application Partner web site) ,
3. The 3rd party company is NOT referenced as AAPP participant
In all these cases, Alcatel-Lucent offers the “On Demand Diagnostic” service where ALE International will provide 8 hours assistance against payment.
ALE Application Partner Program – Inter-working report - Edition 8 - page 45/45
Copyright © 2018 ALE , All rights reserved
15.4 Technical support access The ALE International Support Center is open 24 hours a day; 7 days a week:
e-Support from the Application Partner Web site (if registered Alcatel-Lucent Application
Partner): http://applicationpartner.alcatel-lucent.com e-Support from the ALE International Business Partners Web site (if registered Alcatel-
Lucent Enterprise Business Partners): https://businessportal.alcatel-lucent.com click under
“Contact us” the eService Request link e-mail: [email protected]
Fax number: +33(0)3 69 20 85 85
Telephone numbers:
ALE International Business Partners Support Center for countries:
Country Supported language Toll free number
France
French
+800-00200100
Belgium
Luxembourg
Germany
German Austria
Switzerland
United Kingdom
English
Italy
Australia
Denmark
Ireland
Netherlands
South Africa
Norway
Poland
Sweden
Czech Republic
Estonia
Finland
Greece
Slovakia
Portugal
Spain Spanish
For other countries:
English answer: + 1 650 385 2193
French answer: + 1 650 385 2196 German answer: + 1 650 385 2197
Spanish answer: + 1 650 385 2198
END OF DOCUMENT