Nortel NN42030-300 - Manuals

Page 3 - Contents

3 . Contents New in this release 7 Features 7 Other changes 7 How to get help 9 Finding the latest updates on the Nortel Web site 9 Getting help from the Nortel Web site 9 Getting help over the telephone from a Nortel Solutions Center 9 Getting help from a specialist by using an Express Routing Code...

Page 7 - New in this release; Features; This section describes the features that impact the book.; Other changes; streamlined the How to get help chapter and Introduction chapter

7 . New in this release This section details what’s new in Nortel Mobile Communication Gateway3100 Installation and Upgrades (NN42030-300) for Nortel MobileCommunication 3100 (MC 3100) Release 2.1. Features This section describes the features that impact the book. This release provides support for t...

Page 8 - Revision history

8 New in this release Revision history May 2008 Standard 02.03. This document is issued to support NortelMobile Communication 3100 Release 2.1. Only the releasedate changed. April 2008 Standard 02.02. This document is issued to support NortelMobile Communication 3100 Release 2.1. Added the DNS portt...

Page 9 - How to get help; Finding the latest updates on the Nortel Web site; and navigate to the Technical Documentation page; Getting help from the Nortel Web site; download software, documentation, and product bulletins; Getting help over the telephone from a Nortel Solutions Center

9 . How to get help This chapter explains how to get help for Nortel products and services. Finding the latest updates on the Nortel Web site The content of this documentation is current at the time the productis released. To check for updates to the latest documentation forthe Nortel Mobile Communi...

Page 10 - Getting help from a specialist by using an Express Routing Code

10 How to get help Getting help from a specialist by using an Express Routing Code To access some Nortel Technical Solutions Centers, you can use anExpress Routing Code (ERC) to quickly route your call to a specialist inyour Nortel product or service. To locate the ERC for your product orservice, go...

Page 11 - Introduction; This chapter contains the following topics:; Subject; Intended audience; Conventions; Text conventions; describes the text conventions in

11 . Introduction This chapter contains the following topics: • “Subject” (page 11) • “Conventions” (page 11) • “Related information” (page 12) Subject This document describes the Nortel Mobile Communication Gateway3100 (MCG 3100) server installation, which is part of the Nortel MobileCommunication ...

Page 12 - Terminology; Related information

12 Introduction Table 1Text conventions (cont’d.) Convention Description Italic text Indicates document titles, for example:See the Mobile Communication Client3100 for Windows Mobile User Guide(NN42030-100). CLI command text Indicates CLI command prompts,input, and output, for example: REQ NEW <z...

Page 13 - NTPs; The following NTPs are referenced in this document:

Related information 13 NTPs The following NTPs are referenced in this document: • Linux Platform Base and Applications Installation and Commissioning(NN43001-315) • Nortel Mobile Communication 3100 Series — Planning andEngineering (NN42030-200) • Nortel Mobile Communication Gateway 3100 — Administra...

Page 15 - Fundamentals; Overview; The MCG 3100 supports the following clients:; ATTENTION

15 . Fundamentals This chapter contains the following topics: • “Overview” (page 15) • “MCG 3100 server components” (page 15) • “Installation options” (page 17) • “Overview of the MC 3100 installation” (page 17) Overview This section describes the Nortel Mobile Communication Gateway 3100(MCG 3100) s...

Page 16 - describes the supported; Software components

16 Fundamentals ATTENTION You must install the MCG 3100 software on a dedicated server that runs noother applications. Hardware components The MCG 3100 server runs only on the following supported commercialoff-the-shelf (COTS) hardware: • HP DL320G4 (NTDU97AAE5) • IBM x306m (NTDU99AAE5) Table 2 "...

Page 17 - Installation options; Two installation options exist:; Overview of the MC 3100 installation; shows the task flow for the MCG

Overview of the MC 3100 installation 17 Installation options Two installation options exist: • MCG 3100 Server is installed on one server—all software componentsare installed on one supported COTS server. This is the nonredundantconfiguration. • MCG 3100 Server is installed on two servers—all softwa...

Page 19 - Preinstallation; Install the Nortel Linux operating system (OS) on the host server.; Linux base installation

19 . Preinstallation This chapter contains the following topics: • “Overview” (page 19) • “Linux base installation” (page 19) • “Enterprise network verification” (page 20) Overview Before you install the Mobile Communication Gateway 3100 (MCG 3100)server software, you must perform some preinstallati...

Page 20 - lists the reserved; Enterprise network verification; Lightweight Directory Access Protocol (LDAP) server

20 Preinstallation ATTENTION Carefully observe the labels for the network interfaces of the specificplatforms. — HP COTS platform: The network interfaces can be labelled (0,1) or (1, 2).The lower number is eth0 and the higher number is eth1. — IBM 306M platform: The network interfaces are labelled b...

Page 21 - Supported LDAP servers

Enterprise network verification 21 To verify communication with the LDAP server, use the ping command.After the installation and commissioning is complete, you can verifythat LDAP is working by performing a Corporate Directory (Corp Dir)search from a client. You should ensure that the DNS and LDAP s...

Page 23 - Installation

23 . Installation This chapter contains the following topics: • “Overview” (page 23) • “Nonredundant and redundant server implementations” (page 23) • “Software installation” (page 24) Overview After you complete the preinstallation tasks, you install the Nortel MobileCommunication Gateway 3100 (MCG...

Page 24 - Rules for redundant server implementations; If the backup server is found in ACTIVE mode, the backup server; Software installation; Step; Log on to the server as nortel.

24 Installation Rules for redundant server implementations In a redundant server configuration, mobile clients access the activeserver, and not the inactive backup server. The two servers switch rolesfreely, and the following rules determine the status—either ACTIVE orINACTIVE: • If you do not enter...

Page 25 - appinstall

Software installation 25 3 Locate the MCG 3100 software on the CD and enter thefollowing command: appinstall The installation script prompts you for the root password. 4 Enter the root password. The following prompt appears: Do you want to check the media [Y][N]? 5 To verify the media, enter Y (Yes)...

Page 26 - Please follow post; OR; For a redundant server implementation, repeat

26 Installation ...RPM installation complete. Please follow post installation instructions. The term postinstallation instructions refers to the postinstallationconfiguration procedures. For more information, see “Postinstallation” (page 27) . 10 Remove the CD. 11 Proceed to postinstallation configu...

Page 27 - Postinstallation; “MCG 3100 parameter configuration” (page 28)

27 . Postinstallation This chapter contains the following topics: • “Overview ” (page 27) • “MCG 3100 Web Console logon” (page 27) • “MCG 3100 parameter configuration” (page 28) • “License file” (page 31) • “Manage TLS certificates” (page 33) After the MCG 3100 installation completes, the client sof...

Page 28 - where; MCG 3100 parameter configuration; Lightweight Directory Access Protocol (LDAP) Server; Lock—locks the configuration parameter fields.

28 Postinstallation Step Action 1 In a Web browser address bar, enter one of the followingaddresses: http://<hostname>:8282/adminserver OR https://<hostname>:8553/adminserver/ where <hostname> is the domain name of the server. 2 At the Web Console log on screen, enter the following...

Page 29 - Procedure 2 “Logging

MCG 3100 parameter configuration 29 Step Action 1 Log on to the MCG 3100 Web Console using the Administratorusername and password, as described in Procedure 2 “Logging on to the MCG 3100 Web Console” (page 27) . 2 Click Gateway. 3 Click Configuration for the Gateway you want to modify. 4 Click Unloc...

Page 31 - License file; Procedure 4 “Adding a

License file 31 Table 4MCG 3100 configuration parameter fields (cont’d.) Field Description Dial In Service DN This is the number in the request URI for service DN calls proxiedby the CS 1000 SPS to the MCG 3100. The service DN allowsMCG 3100 users to place calls directly from their wireless devicest...

Page 32 - Licence file troubleshooting

32 Postinstallation 9 For a redundant server implementation, repeat Step 2 to Step 8 on the redundant server. --End-- Licence file troubleshooting Before you contact Nortel to report a licensing issue, perform the followingtroubleshooting measures: • Check the time, date, and time zone of the server...

Page 33 - Manage TLS certificates; Perform the following tasks to configure the PKI:; Enroll with a Certificate Authority

Manage TLS certificates 33 Table 5Common server license status errors (cont’d.) ServerLicense Status Issue description Resolution ERROR 103: Client’ssystem clock issuspect and/or theclient configurationhas been tamperedwith. This error indicates that the systemclock was changed after a previousactiv...

Page 35 - “Change the keystore default password” (page

Manage TLS certificates 35 A keystore is a file that can contain trusted certificates and combinationsof private keys with their corresponding certificates. The information withinthe keystore is organized by alias, for example: • tomcat (required): stores the public/private key pair and the SignedTL...

Page 36 - Organization—your company or organization’s formal name; Example; What is your first and last name?; To change ownership of the keystore from root to mobility, enter:

36 Postinstallation ATTENTION For the mobile clients that use TLS security, you must enterthe same FQDN in the device System Settings. For informationabout the configuration of the System Settings on the device,see Nortel Mobile Communication Client 3100 for BlackberryUser Guide (NN42030-101) , Nort...

Page 37 - firsthand; A1UEChs4lBMHQ XJpem9uYTENA1UEBxMETWVzYTEf; Signed TLS certificate; Procedure 6 “Obtaining a signed TLS certificate” (page 37)

Manage TLS certificates 37 firsthand The CSR text appears as in the following example: Sample CSR text -----BEGIN NEW CERTIFICATE REQUEST-----MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4G A1UEChs4lBMHQ XJpem9uYTENA1UEBxMETWVzYTEf MB0GA1UEChMWTWVs3XbnzYSBDb 21tdW5pdHkgQ2 9sbGVnZTEA1UEAxMTd3d3Lm1jLm1hcmljb...

Page 38 - “Root and; CA root and intermediate certificates; Procedure 7

38 Postinstallation OR Upload the CSR.txt file. 4 Request a signed TLS certificate. The CA generates a signed TLS certificate and sends it to thecertificate administrator’s e-mail address. 5 Save the signed TLS certificate to a location that is accessiblefrom the MCG 3100 Server. You require the sig...

Page 39 - Root and signed certificate installation; The keystore must contain the following certificates:; At the MCG 3100 Server, log on to the server as nortel.

Manage TLS certificates 39 4 Save both formats of the certificate to a directory location that isaccessible from the MCG 3100 Server. --End-- Root and signed certificate installation The keystore must contain the following certificates: • the CA root or intermediate certificate (or both as required ...

Page 40 - Viewing the contents of the keystore; At the MCG server, log on to the server as nortel.; su

40 Postinstallation ATTENTION Nortel strongly recommends that you back up the keystore directoryto protect the files against overwriting, deletion, or corruption. 6 Restart the server: /sbin/service mobilitygw restart 7 When prompted, enter the root password. --End-- Importing a preinstalled CA root...

Page 41 - CA root certificate distribution

Manage TLS certificates 41 /usr/java/jdk1.5.0_03/bin/keytool -storepasswd-new <new_password> -storepass <od_password>-keystore /opt/SQMobilityGW where <old_password> is the existing keystore password.<new_password> is your chosen password. 4 Change the working directory: cd /...

Page 42 - In the Documents folder, select the certificate.; Specify a label for the certificate and click OK.; On the PC, connect the mobile device using a USB cable.

42 Postinstallation ATTENTION If a user attempts to log on and the root certificate is not installed, a promptappears asking for permission to allow access to the MCG 3100 Server. Ifpermission is granted and the connection fails or times out, the user must installthe root certificate on the mobile c...

Page 43 - At the continuation prompt , click Accept.; The certificate installs on the device.

Manage TLS certificates 43 4 On the device, locate the certificate using File Explorer and clickon it. 5 At the continuation prompt , click Accept. The certificate installs on the device. --End-- Nortel Mobile Communication 3100 Series Portfolio Nortel Mobile Communication Gateway 3100 Installation ...

Page 45 - System software maintenance; System software upgrades; You can upgrade the system using

45 . System software maintenance This chapter contains the following topics: • “System software upgrades” (page 45) • “System software uninstallation” (page 49) • “Admin shell access” (page 50) • “Shell commands” (page 50) System software upgrades After you complete the initial Mobile Communication ...

Page 47 - swVersionShow; Configuration installed:; pload; mobilitybase Relocations:

System software upgrades 47 The document contains information about SUs for CS 1000. 4 Download the appropriate patches to a location that you canconnect to from the MCG 3100. 5 Log on to the MCG 3100 as nortel. For more information, see “Admin shell access” (page 50) . 6 Transfer the SU you downloa...

Page 48 - XX is the load number being installed.

48 System software maintenance mobilitybase-2.1-75.src.rpmSize : 72043134 License: Commercial Signature : (none)Summary : Mobility Gateway Base distribution packageDescription :facility for the configuration of the platform forthe mobility gw The server completes the installation. 13 Enter sudo /opt...

Page 49 - GEN; XX is the load number being removed.; System software uninstallation

System software uninstallation 49 The server responds with information about the SU status. Forexample, In system patches:1Patch handle 0*Filename /var/opt/nortel/patch/mobilitybase-2.1.75.el4Patch release version: 5.00.38 Reference number: ISS1:1OF1 Patch is in-serviceIn-service date: 14/02/08 15:1...

Page 50 - WARNING; Admin shell access

50 System software maintenance Procedure 15Uninstalling the MCG 3100 system software WARNING This procedure removes the MCG 3100 software from theserver. Use Procedure 14 “Removing an SU” (page 48) to remove patches. Step Action 1 Log on to the server as nortel. 2 From any directory, enter the unins...

Page 51 - Procedure 19 “Checking the Gateway Server processes” (page 52)

Shell commands 51 • Procedure 19 “Checking the Gateway Server processes” (page 52) • Procedure 20 “Checking the Administration Server processes” (page53) • Procedure 21 “Backing up the databases” (page 54) • Procedure 22 “Restoring the databases” (page 54) Procedure 16Starting, stopping, and restart...

Page 54 - CAUTION; Service Interruption

54 System software maintenance CAUTION Service Interruption The database backup and restore procedures take the serverout of service for two or more minutes. Nortel recommends thatyou perform these procedures during periods of low server use. The database stores configuration data and licensed user ...

Page 57 - lists the port usage details for the

57 . Appendix APort numbers and protocols Table 6 "Port usage" (page 57) lists the port usage details for the MCG 3100. Table 6Port usage Port Protocol Function Application Configurable Portmappedthroughfirewall 21 TCP FTP Base Linux No No 22 TCP SSH Base Linux No No 53 UDP Domain NameServer...

Page 59 - The default value is

59 . Appendix BSelf-signed certificate generation As an alternative to using a Certificate Authority, you can generate anduse self-signed certificates. ATTENTION Self-signed certificates do not provide the same level of security as CA-signedcertificates. Use self-signed certificates for test or demo...

Page 60 - Nortel recommends using a value of; Generate the client certificate:; service mobilitygw restart

60 Appendix B Self-signed certificate generation 90 days. Nortel recommends using a value of 3650. ATTENTION Use the host name (including domain name) of the server as thecommon name (cn). 6 Generate the client certificate: /usr/java/jdk1.5.0_03/bin/keytool -export-alias Tomcat -file publickey.der-s...

Page 61 - Index

61 . Index A Administration Server restarting 51 starting 51 stopping 51 B backup, database 54 C CA intermediate certificate obtaining 38 CA root certificate distribution 41 installation 39 obtaining 38 Certificate Authority, (CA) 33 Certificate Signing Request, (CSR) 34 generating 35 D database bac...