Enterprise Border Session Controller (E-SBC) for Network Inter-Connectivity.
AnyConnect Gateway protects enterprise networks from attacks with topology hiding and provides secure delivery of SIP, voice, and video conferencing services. AnyConnect Gateway supports TLS encryption for secure SIP signaling and SRTP encryption and VPN connections for secure data transport with confidentiality, message authentication, and replay protection. Together these protocols protect voice, video conferencing, and unified communications from eavesdroppers, hackers and spoofers.
AnyConnect Gateway protects enterprise networks from attacks with topology hiding and provides secure delivery of SIP, voice, and video conferencing services. AnyConnect Gateway supports TLS encryption for secure SIP signaling and SRTP encryption and VPN connections for secure data transport with confidentiality, message authentication, and replay protection. Together these protocols protect voice, video conferencing, and unified communications from eavesdroppers, hackers and spoofers.
AnyFirewall Engine is a software toolkit, based on STUN, TURN, and ICE, which enables guaranteed firewall and NAT traversal for fixed and mobile applications over any fixed or mobile network, through any NAT or firewall, and to any device.
AnyFirewall Engine is the world’s most widely deployed NAT and firewall traversal toolkit, having been deployed to more than 20 million subscribers by licensees including Comcast, Digital Lifeboat, Intel, Maxis, Nokia, Nokia Siemens Networks, Polycom, BlackBerry, Smartvue, and more.
AnyFirewall Engine can be deployed with AnyFirewall Server and AnyFirewall Gateway for an end-to-end firewall and NAT traversal solution, or can be combined with third-party, standards-based products.
AnyBandwidth Engine is a mobile voice and video engine which enables guaranteed voice and video quality for IP voice and video conferencing applications over any fixed or mobile network and on any device. AnyBandwidth Engine dynamically optimizes frame rate, picture quality and CPU capacity to deliver best possible VoIP and video experience possible – every time.
AnyBandwidth Engine has been deployed to more than 20 million subscribers by licensees including Comcast, FujiFilm, Intel, Maxis, Research in Motion, and more.
AnyBandwidth Engine can be deployed with other Eyeball Networks products as part of an end-to-end IM, voice, and video conferencing solution, or can be integrated with third-party products.
Messenger SDK is a mobile softphone toolkit which enables instant messaging, voice, and video conferencing based on SIP, XMPP, STUN, TURN, and ICE. Messenger SDK is the only mobile softphone toolkit which delivers instant, seamless, and guaranteed calls and voice and video quality over any fixed or mobile network, across any NAT or firewall, and on any device, with the added benefits of peer-to-peer media transport and carrier-grade scalability.
MS-SIP Library enables application developers to integrate Microsoft Lync presence, instant messaging, voice, video, and web conferencing into endpoints, servers, gateways, and services.
Messenger SDK WebRTC is a set of libraries which enable WebRTC-compatible voice calling, video chat, and P2P file sharing with no plugins! With Messenger SDK WebRTC, you can build WebRTC applications for all major platforms including Android, Internet Explorer, iOS, OS X, Safari, Windows, Windows RT, and more.
Messenger SDK WebRTC includes STUN/TURN/ICE for guaranteed connections on any fixed or mobile network, through any NAT or firewall, and on any device. Messenger SDK WebRTC works with any third-party signaling (e.g. Jingle, SIP, WebSync) and STUN/TURN server or service.
Eyeball Networks AnyFirewall Server V10 Administrator GuideEyeball Networks
AnyFirewall Server supports applications on any mobile or fixed device, and supports all NAT types including full cone, address restricted cone, port restricted cone, and symmetric.
AnyFirewall Server delivers complete TURN server functionality, relaying media traffic in port blocked Enterprise level NAT traversal scenarios.
AnyFirewall Server can be deployed with AnyFirewall Engine and AnyFirewall Gateway for an end-to-end firewall and NAT traversal solution, or can be combined with third-party, standards-based products.
NATs and firewalls break end-to-end connectivity for networked applications including voice, video conferencing, file sharing, and online gaming. AnyFirewall Server is a carrier-grade STUN server, providing NAT traversal support through any NAT, firewall, proxy, or UPnP.
AnyFirewall Engine is the world’s most widely deployed NAT and firewall traversal toolkit, having been deployed to more than 20 million subscribers by licensees including Comcast, Digital Lifeboat, Intel, Maxis, Nokia, Nokia Siemens Networks, Polycom, BlackBerry, Smartvue, and more.
AnyFirewall Engine can be deployed with AnyFirewall Server and AnyFirewall Gateway for an end-to-end firewall and NAT traversal solution, or can be combined with third-party, standards-based products.
NATs and firewalls break end-to-end connectivity for networked applications including voice, video conferencing, file sharing, and online gaming. AnyFirewall Engine is a software toolkit, based on STUN, TURN, and ICE, which enables guaranteed firewall and NAT traversal for fixed and mobile applications over any fixed or mobile network, through any NAT or firewall, and to any device.
AnyConnect Gateway protects enterprise networks from attacks with topology hiding and provides secure delivery of SIP, voice, and video conferencing services. AnyConnect Gateway supports TLS encryption for secure SIP signaling and SRTP encryption and VPN connections for secure data transport with confidentiality, message authentication, and replay protection. Together these protocols protect voice, video conferencing, and unified communications from eavesdroppers, hackers and spoofers.
AnyFirewall Engine is a software toolkit, based on STUN, TURN, and ICE, which enables guaranteed firewall and NAT traversal for fixed and mobile applications over any fixed or mobile network, through any NAT or firewall, and to any device.
AnyFirewall Engine is the world’s most widely deployed NAT and firewall traversal toolkit, having been deployed to more than 20 million subscribers by licensees including Comcast, Digital Lifeboat, Intel, Maxis, Nokia, Nokia Siemens Networks, Polycom, BlackBerry, Smartvue, and more.
AnyFirewall Engine can be deployed with AnyFirewall Server and AnyFirewall Gateway for an end-to-end firewall and NAT traversal solution, or can be combined with third-party, standards-based products.
AnyBandwidth Engine is a mobile voice and video engine which enables guaranteed voice and video quality for IP voice and video conferencing applications over any fixed or mobile network and on any device. AnyBandwidth Engine dynamically optimizes frame rate, picture quality and CPU capacity to deliver best possible VoIP and video experience possible – every time.
AnyBandwidth Engine has been deployed to more than 20 million subscribers by licensees including Comcast, FujiFilm, Intel, Maxis, Research in Motion, and more.
AnyBandwidth Engine can be deployed with other Eyeball Networks products as part of an end-to-end IM, voice, and video conferencing solution, or can be integrated with third-party products.
Messenger SDK is a mobile softphone toolkit which enables instant messaging, voice, and video conferencing based on SIP, XMPP, STUN, TURN, and ICE. Messenger SDK is the only mobile softphone toolkit which delivers instant, seamless, and guaranteed calls and voice and video quality over any fixed or mobile network, across any NAT or firewall, and on any device, with the added benefits of peer-to-peer media transport and carrier-grade scalability.
MS-SIP Library enables application developers to integrate Microsoft Lync presence, instant messaging, voice, video, and web conferencing into endpoints, servers, gateways, and services.
Messenger SDK WebRTC is a set of libraries which enable WebRTC-compatible voice calling, video chat, and P2P file sharing with no plugins! With Messenger SDK WebRTC, you can build WebRTC applications for all major platforms including Android, Internet Explorer, iOS, OS X, Safari, Windows, Windows RT, and more.
Messenger SDK WebRTC includes STUN/TURN/ICE for guaranteed connections on any fixed or mobile network, through any NAT or firewall, and on any device. Messenger SDK WebRTC works with any third-party signaling (e.g. Jingle, SIP, WebSync) and STUN/TURN server or service.
Eyeball Networks AnyFirewall Server V10 Administrator GuideEyeball Networks
AnyFirewall Server supports applications on any mobile or fixed device, and supports all NAT types including full cone, address restricted cone, port restricted cone, and symmetric.
AnyFirewall Server delivers complete TURN server functionality, relaying media traffic in port blocked Enterprise level NAT traversal scenarios.
AnyFirewall Server can be deployed with AnyFirewall Engine and AnyFirewall Gateway for an end-to-end firewall and NAT traversal solution, or can be combined with third-party, standards-based products.
NATs and firewalls break end-to-end connectivity for networked applications including voice, video conferencing, file sharing, and online gaming. AnyFirewall Server is a carrier-grade STUN server, providing NAT traversal support through any NAT, firewall, proxy, or UPnP.
AnyFirewall Engine is the world’s most widely deployed NAT and firewall traversal toolkit, having been deployed to more than 20 million subscribers by licensees including Comcast, Digital Lifeboat, Intel, Maxis, Nokia, Nokia Siemens Networks, Polycom, BlackBerry, Smartvue, and more.
AnyFirewall Engine can be deployed with AnyFirewall Server and AnyFirewall Gateway for an end-to-end firewall and NAT traversal solution, or can be combined with third-party, standards-based products.
NATs and firewalls break end-to-end connectivity for networked applications including voice, video conferencing, file sharing, and online gaming. AnyFirewall Engine is a software toolkit, based on STUN, TURN, and ICE, which enables guaranteed firewall and NAT traversal for fixed and mobile applications over any fixed or mobile network, through any NAT or firewall, and to any device.
Messenger SDK is a mobile softphone toolkit which enables instant messaging, voice, and video conferencing based on SIP, XMPP, STUN, TURN, and ICE. Messenger SDK is the only mobile softphone toolkit which delivers instant, seamless, and guaranteed calls and voice and video quality over any fixed or mobile network, across any NAT or firewall, and on any device, with the added benefits of peer-to-peer media transport and carrier-grade scalability.
Messenger SDK is the world’s most widely deployed fixed and mobile softphone toolkit, having been deployed to more than 20 million subscribers by licensees including Comcast, FujiFilm, Intel, Maxis, Research in Motion, and more.
Messenger SDK can be deployed with other Eyeball Networks products as part of an end-to-end IM, voice, and video conferencing solution, or can be integrated with third-party, standards-based products.
The Aruba Network Rightsizing Best Practices Guide provides an overview of network rightsizing. Network rightsizing is a network capacity planning and cost optimization strategy based on the principle that wired and wireless LANs should be sized and structured to meet current and future demand. After explaining the principles of network rightsizing and how it can benefit your organization, the methodology for analyzing and planning a rightsized network will be discussed. Finally, you will learn how to implement a rightsized yet scalable Aruba 802.11n network.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
Has video really killed the audio star?Cisco Canada
Video has drastically transformed the way we work with remote teams, business partners and customers. We have gone from faceless “who just joined?” audio only solutions to HD quality “better than being there” video options that foster active participation no matter your location or device.
Cisco has modernized and simplified our Video solutions. In this session, we will cover our repertoire of end points (from the pocket to the boardroom), the infrastructure that powers these end points (cloud, hybrid and on-premise), and the integration with other collaboration tools and applications (interoperability with Cisco and other vendor soft phones, hard phones, and conferencing).
This guide focuses on configuration of DHCP fingerprinting, which is used in conjunction with user roles on the Aruba Mobility Controller. When a user authenticates, their device type is taken into account. Based on that device type, a new role can be assigned to the device, such as restricting access to certain protocols or completely blocking access.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
This document describes the process for leveraging the ClearPass Guest captive portal to bypass the Captive Network Assistant (web sheet) that is displayed on iOS devices such as iPhone, iPad, and more recently, OS X machines running Lion (10.7) and above.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
The purpose of this guide is to explain the enhancements in 802.11ac standard and provide guidance towards
migrating to 802.11ac with respect to network design, deployment, and configuration best practices for campus environments like offices, university campus, and dorm environments.
This guide covers the following topics in detail:
- Summary of Recommendations
- 802.11ac Features and Benefits
- 802.11ac Planning and Deployment Guidelines
- Best Practice Recommendations for Deploying 802.11ac WLANs
This guide is intended for those who are willing to learn about the 802.11ac standards and understand the best practices in deploying a high-performing 802.11ac
The Indoor 802.11n Site Survey and Planning guide covers the design and installation of an Aruba WLAN. It includes information on choosing the right AP, performing a virtual survey, and performing a physical survey. The guide also covers using the Aruba Instant AP for physical site surveys.
Integration and Interoperation of existing Nexus networks into an ACI Archite...Cisco Canada
Mike Herbert, Principal Engineer INSBU, at Cisco Connect Toronto focused on the integration and interoperation of existing nexus networks into an ACI architecture.
Messenger SDK is a mobile softphone toolkit which enables instant messaging, voice, and video conferencing based on SIP, XMPP, STUN, TURN, and ICE. Messenger SDK is the only mobile softphone toolkit which delivers instant, seamless, and guaranteed calls and voice and video quality over any fixed or mobile network, across any NAT or firewall, and on any device, with the added benefits of peer-to-peer media transport and carrier-grade scalability.
Messenger SDK is the world’s most widely deployed fixed and mobile softphone toolkit, having been deployed to more than 20 million subscribers by licensees including Comcast, FujiFilm, Intel, Maxis, Research in Motion, and more.
Messenger SDK can be deployed with other Eyeball Networks products as part of an end-to-end IM, voice, and video conferencing solution, or can be integrated with third-party, standards-based products.
The Aruba Network Rightsizing Best Practices Guide provides an overview of network rightsizing. Network rightsizing is a network capacity planning and cost optimization strategy based on the principle that wired and wireless LANs should be sized and structured to meet current and future demand. After explaining the principles of network rightsizing and how it can benefit your organization, the methodology for analyzing and planning a rightsized network will be discussed. Finally, you will learn how to implement a rightsized yet scalable Aruba 802.11n network.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
Has video really killed the audio star?Cisco Canada
Video has drastically transformed the way we work with remote teams, business partners and customers. We have gone from faceless “who just joined?” audio only solutions to HD quality “better than being there” video options that foster active participation no matter your location or device.
Cisco has modernized and simplified our Video solutions. In this session, we will cover our repertoire of end points (from the pocket to the boardroom), the infrastructure that powers these end points (cloud, hybrid and on-premise), and the integration with other collaboration tools and applications (interoperability with Cisco and other vendor soft phones, hard phones, and conferencing).
This guide focuses on configuration of DHCP fingerprinting, which is used in conjunction with user roles on the Aruba Mobility Controller. When a user authenticates, their device type is taken into account. Based on that device type, a new role can be assigned to the device, such as restricting access to certain protocols or completely blocking access.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
This document describes the process for leveraging the ClearPass Guest captive portal to bypass the Captive Network Assistant (web sheet) that is displayed on iOS devices such as iPhone, iPad, and more recently, OS X machines running Lion (10.7) and above.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
The purpose of this guide is to explain the enhancements in 802.11ac standard and provide guidance towards
migrating to 802.11ac with respect to network design, deployment, and configuration best practices for campus environments like offices, university campus, and dorm environments.
This guide covers the following topics in detail:
- Summary of Recommendations
- 802.11ac Features and Benefits
- 802.11ac Planning and Deployment Guidelines
- Best Practice Recommendations for Deploying 802.11ac WLANs
This guide is intended for those who are willing to learn about the 802.11ac standards and understand the best practices in deploying a high-performing 802.11ac
The Indoor 802.11n Site Survey and Planning guide covers the design and installation of an Aruba WLAN. It includes information on choosing the right AP, performing a virtual survey, and performing a physical survey. The guide also covers using the Aruba Instant AP for physical site surveys.
Integration and Interoperation of existing Nexus networks into an ACI Archite...Cisco Canada
Mike Herbert, Principal Engineer INSBU, at Cisco Connect Toronto focused on the integration and interoperation of existing nexus networks into an ACI architecture.
Chapter 4: Objectives
-------------------------------------------------
Configure a router to route between multiple directly connected networks
Describe the primary functions and features of a router.
Explain how routers use information in data packets to make forwarding decisions in a small- to medium-sized business network.
Explain the encapsulation and de-encapsulation process used by routers when switching packets between interfaces.
Compare ways in which a router builds a routing table when operating in a small- to medium-sized business network.
Explain routing table entries for directly connected networks.
Explain how a router builds a routing table of directly connected networks.
Yaser Rahmati | یاسر رحمتی
Rahmati Academy | آکادمی رحمتی
www.yaser-rahmati.ir
www.rahmati-academy.ir
1) Configure a router to route between multiple directly connected networks
2) Describe the primary functions and features of a router.
3) Explain how routers use information in data packets to make forwarding decisions in a small- to medium-sized business network.
4) Explain the encapsulation and de-encapsulation process used by routers when switching packets between interfaces.
5) Compare ways in which a router builds a routing table when operating in a small- to medium-sized business network.
6) Explain routing table entries for directly connected networks.
7) Explain how a router builds a routing table of directly connected networks.
8) Explain how a router builds a routing table using static routes.
9) Explain how a router builds a routing table using a dynamic routing protocol.
Citrix Master Class - Live Upgrade from XenApp 6.5 to 7.6Lee Bushen
Video available here: http://www.citrix.com/tv/#videos/12787
Join technology experts Lee Bushen and Patrick Irwin as they discuss and demonstrate a step-by-step move from XenApp 6.5 to XenApp 7.6. With this live demo, we’ll take a user-centric approach and transition across to a new XenApp 7.6 environment with minimal disruption and retraining. We’ll be showing best-practice methods such as consolidating your old and new system with StoreFront, testing for application compatibility with AppDNA and upgrading a server live into the new XenDesktop 7.6 system.
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Netgear Italia
LI nuovi access point professionali Prosafe che implementano la tecnologia 11AC, maggiori prestazioni, maggiore affidabilità e semplicità di gestione.
Offrono nuove funzionalità e supportano un Captive Portal interno ed una nuova modalità di gestione centralizzata denominata ENSEMBLE che permette di promuovere un AP a controllore di altri AP dello stesso modello.
ALOE Transit SBC is a session border controller that combines security, media management, and transcoding services in a single, highly scalable software platform. The product can be easily deployed in complex network structures and features network topology hiding and distributed architecture, which makes the network less vulnerable to malicious attacks.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
2. 1. Eyeball AnyConnect™ Gateway
Overview
Overview
NATs and firewalls break end-to-end connectivity for VoIP, video conferencing, and unified
communications. AnyConnect™ Gateway is an enterprise session border controller (E-SBC) based on
SIP, STUN, TURN, and ICE, which works with firewalls to enable enterprises to securely use and manage
VoIP, video conferencing, and unified communications on any network, through any firewall or NAT, and
to any device.
AnyFirewall ™ Technology is the world's most widely deployed NAT and firewall traversal technology,
having been deployed to more than 20 million subscribers by licensees including Comcast, Digital
Lifeboat, Fujifilm, Intel, Maxis, Nokia, Nokia Siemens Networks, Polycom, Research in Motion, Smartvue,
and more.
AnyConnect Gateway can be deployed with AnyFirewall Engine and AnyFirewall Server for an end-to-end
firewall and NAT traversal solution, or can be combined with third party, standards-based products.
Network Security
AnyConnect Gateway protects enterprise networks from attacks with topology hiding and provides secure
delivery of SIP, VoIP, and video conferencing services. AnyConnect Gateway supports TLS encryption
for secure SIP signaling and SRTP encryption and VPN connections for secure data transport with
confidentiality, message authentication, and replay protection. Together these protocols protect VoIP,
video conferencing, and unified communications from eavesdroppers, hackers and spoofers.
SIP Trunking
Many ITSPs (Internet Telephony Service Providers) offer SIP trunks - combined Internet and VoIP
connections that provide a flexible and low-cost alternative for connecting VoIP, video conferencing, and
unified communications systems to service provider networks. AnyConnect Gateway offers a broad range
of features for the deployment of SIP trunks in enterprise networks.
AnyConnect Gateway terminates SIP trunks, connects VoIP, video conferencing, and unified
communications systems, secures access to hosted and cloud-based services, and enables
communications with remote workers.
3. Guaranteed Firewall and NAT Traversal
AnyConnect Gateway includes Eyeball's patented AnyFirewall Technology to guarantee 100% call
completion over any fixed or mobile network and through any NAT or firewall.
Supported Platforms
AnyConnect Gateway supports Red Hat Enterprise Linux and CentOS.
Architecture
AnyConnect Gateway consists of two components: an edge server component and a state server
component. Clients connect only to edge servers; state servers are internal servers and should not be
accessible directly. Edge servers and state servers communicate with each other and with the database.
The edge server component handles the signaling and media traffic and the state server serves as in-
memory cache for dynamic information about user and call status.
In the simplest possible configuration, one edge and one state server are required and both server
components can run on the same machine. In addition, both server components of the AnyConnect
Gateway interface with a database to obtain user information (used for authentication, etc.) and to
perform user activity registration. In addition, each server component uses the database to obtain the
status and location of the other server components (edge and state) forming the AnyConnect Gateway.
AnyConnect Gateway supports ODBC as database interface, which means any database with an ODBC
driver can be used.
Load Balancing and Fault Tolerance
Multiple AnyConnect Gateway edge and state server instances can be clustered to support load
balancing and fault tolerance. After being started, new edge or state servers are automatically integrated
into the existing AnyConnect Gateway infrastructure without additional configuration requirement or
interruption of the service. Once the new server is started, it can immediately process requests from
clients (edge server) or will take load off the already existing server components (state server). In the
same manner, it is possible to dynamically take out single servers, e.g., for maintenance reasons. This
will not lead to an interruption of the entire service; the remaining server components will take over the
load from the server that was removed.
4. 2. Eyeball AnyConnect™ Gateway
System Requirements
System Requirements
AnyConnect Gateway has been certified for Red Hat Enterprise Linux 5 and 6 and CentOS 5 and 6.
Eyeball Networks does not guarantee correct operation other than on the certified distributions.
AnyConnect Gateway has been tested using unixODBC, which is freely available from
http://www.unixodbc.org/. AnyConnect Gateway may be configured to use more than one ODBC data
source for fault tolerance and load balancing purposes. In this case, AnyConnect Gateway will randomly
connect to one of the data sources and automatically switch in case of failures.
5. 3. Eyeball AnyConnect™ Gateway
Installation
Installation
The AnyConnect Gateway package contains the binaries of both edge and state server components (
acgd and stated) and the necessary scripts, tools and documentation to install AnyConnect Gateway.
A valid license file (obtained from Eyeball Networks) is required to start each edge server ( acgd). State
servers do not require access to a license file.
For details on installation and setup, please refer to the INSTALL file found in the root directory of the
AnyConnect Gateway package. This file contains a description of the installation and initial configuration
of the server components.
7. 4.1. Eyeball AnyConnect™ Gateway:
Configuration Files
Configuration Files
The configuration files, acgd.conf and stated.conf, are required to run AnyConnect Gateway.
In order for the server to access the configuration file, it must be readable by the owner of the server
process. If not specified by –c command line argument, both server processes will look for their
configuration files in the /etc system directory.
acgd.conf
In the succeeding sections, we give detailed descriptions of the configuration parameters for acgd. Most
of the values should not be changed. The following parameters are available, starting with the parameters
that must be changed in order to get the server running.
8. 4.2. Eyeball AnyConnect™ Gateway:
Network Configuration
Network Configuration
Parameters Description
bind_address
(Must be changed)
Specify this numeric IP address to bind the service to a specific local
interface or to any local interfaces. A system may have more than one
network interface. Use ifconfig command to get a list of available
interfaces. If a specific interface is given, the server will allow connection
only through that interface. If this IP address differs from the one specified
in public_address, it will be used as the internal interface address of
AnyConnect Gateway.
private_address
(No need to be changed)
This numeric IP address will be used to communicate with the state
server and other SIP Edge Proxy Servers. The administration port used to
access the command line interface will also listen on this address. If this
field is not specified, it will default to the bind address. In order to separate
the internal from the external SIP network, internal clients should connect
to the private address and external clients should connect to the public
address.
public_address
(No need to be changed)
This numeric IP address will be put in Via headers in SIP messages. If
this field is not specified, it will default to the value of bind_address. In
order to separate the internal from the external SIP network, internal
clients should connect to the private address and external clients should
connect to the public address.
sip_port
(No need to be changed)
Specifies the port where the AnyConnect Gateway listens to SIP UDP and
TCP client requests. By default, the SIP port is set to 5060. Clients send
messages to this port. Since clients initiate the connection to the server,
you must make sure that clients can reach this port. This can be done by
running the server outside a firewall, opening this port on the firewall, etc.
9. sip_tcp_port
(Should be changed)
Specifies the port where the AnyConnect Gateway listens to SIP TCP
client requests. This is usually set as the TCP port 443 for HTTP tunneling
and TCP port 80. Clients can send messages to this port. Since clients
initiate the connection to the server, you must make sure that clients can
reach this port. This can be done by running the server outside a firewall,
opening this port on the firewall, etc.
sip_tls_port
(Should be changed)
Specifies the port where the AnyConnect Gateway listens to TLS client
requests. This is usually set as the default SIP TLS port 5061. If this is not
set or is set to 0, no TLS port will be opened for client requests. Clients
can send messages to this port. Since clients initiate the connection to the
server, you must make sure that clients can reach this port. This can be
done by running the server outside a firewall, opening this port on the
firewall, etc. Once this parameter is given, the TLS subsystem must be
configured using the other TLS related parameters in the configuration
file. By default, the TLS port is not set. Please refer to Section 7.
xmpp_server_port
(No need to be changed)
Specifies the port where the AnyConnect Gateway listens to TCP server-
to-server connection requests, e.g. by Google Talk. By default, the value
for this port is set to 5269.
domain_name
(Must be changed)
This is the SIP domain used by AnyConnect Gateway. If an incoming SIP
message is addressed to a different domain, the message is forwarded. If
an incoming SIP message is addressed to this domain, it is processed.
No default value provided. You must configure this parameter. For
simplicity, you may use the IP address of the server as the domain. This
parameter takes a string value.
forward_udp_port
(No need to be changed)
This UDP port defaults to 7021. It is used to receive UDP packets
forwarded from other AnyConnect Gateway servers within the distributed
server.
forward_tcp_port
(No need to be changed)
This TCP port defaults to 7020. It is used to receive TCP packets
forwarded from other AnyConnect Gateway servers within the distributed
server.
tcp_connections
(No need to be changed)
This defines the maximum number of simultaneous TCP connections that
the server will accept. This parameter can be used to limit the allowed
number of incoming TCP connections. By default, the maximum number
of TCP connections is 90,000.
10. tls_connections
(No need to be changed)
This defines the maximum number of simultaneous TLS connections that
the server will accept. This parameter can be used to limit the allowed
number of incoming TLS connections. By default, the number of TLS
connections is 90,000.
tcp_connection_timeout
(No need to be changed)
This defines the duration (in seconds) for which TCP/TLS connections are
kept open without any messages being sent or received. By default, there
is no connection timeout, i.e., TCP connections are kept open.
tcp_sendbuffer_size
(No need to be changed)
Specify to change the TCP send buffer size. The default is 10,240 bytes
(10 KB).
recvbuffer_size
(No need to be changed)
Specify to change the TCP receive buffer size. The default is 133,072
bytes (128 KB).
num_threads
(No need to be changed)
Specify the number of worker threads. The default is 16.
11. 4.3. Eyeball AnyConnect™ Gateway:
XMPP Server to Server Communication
(required for peering with Google Talk)
XMPP Server to Server Communication
(required for peering with Google Talk)
Parameter Description
server_to_server
(May be changed)
Enable or disable server-to-server communications. Set this to “Y” to enable
and “N” to disable. By default, server-to-server communications is disabled.
allow_all_domains
(May be changed)
When server-to-server communications is enabled, set to “Y” to allow servers
of all domains to communicate. If this is set to “N”, communication will only be
allowed for domains specified in the XmppPeerDomains database table. By
default, this is set to “N”.
server_require_sasl
(May be changed)
Incoming server-to-server streams require SASL if this is set to “Y”. If this
option and server_require_tls is set to “N”, server dialback will also be
available for those streams as an authentication option. By default, this is set
to “N”. If this is set to “N”, SASL can be required for specific domains by
setting the IncomingRequireSASL column in the XmppPeerDomains table to
“Y”.
server_require_tls
(May be changed)
Incoming server-to-server streams require TLS if this is set to “Y”. If this option
and server_require_sasl is set to “N”, server dialback will also be available for
those streams as an authentication option. By default, this is set to “N”.
12. 4.4. Eyeball AnyConnect™ Gateway: SIP
Behaviour
SIP Behaviour
Parameter Description
max_sip_message_size
(No need to be changed)
This defines the maximum size in bytes of SIP messages accepted by the
server. The server discards messages longer than this value. If this
parameter is omitted, the default value is 65536.
register_challenge
(No need to be changed)
If this parameter is set to “yes”, server will challenge for authentication
(WWW Digest) when it receives a SIP REGISTER message. Setting this
parameter to “no” allows any client/user to register to the server. The default
setting is yes.
proxy_challenge
(No need to be changed)
If this parameter is set to “yes”, server will use proxy authentication
whenever applicable, such as when a SIP INVITE message is received. The
default setting is yes.
stat_reg_timeout
(No need to be changed)
Users that have registered will be removed for statistical purposes after this
timeout. It defaults to 7200 seconds (two hours). Users that have been
registered for more than this time, but have neither re-registered nor logged
out, will be expired and removed from the count of online users. Their
registration will also be added to the SipLoginsHistory table.
stat_calls_timeout
(No need to be changed)
Established calls will be removed for statistical purposes after this timeout. It
defaults to 1,209,600 seconds (two weeks). Calls that are started but not
ended within this time will be added to the CallsHistory table.
13. 4.5. Eyeball AnyConnect™ Gateway:
Administration
Administration
Parameter Description
admin_port
(No need to be changed)
The server listens to this TCP port to receive telnet connections for administrative
commands using the command line interface. The connections to the administration port
are protected by password. See in the succeeding sections for the complete list of
administrative commands.
14. 4.6. Eyeball AnyConnect™ Gateway:
Password File
Password File
Parameter Description
password_file
(No need to be changed)
This file contains the encrypted passwords and user names for various purposes,
such as the password for the server’s command-line interface (user cli), the triple-DES
encryption key (user 3des), the key for the TLS certificate key file (user tls), and the
database user and password.
15. 4.7. Eyeball AnyConnect™ Gateway: Log
Files
Log Files
Parameter Description
log_file
(No need to be changed)
This is the AnyConnect Gateway log file. It is set to /var/log/acgd.log by default.
Depending on the verbosity level specified by the –v command line argument,
the server writes many or few messages to the log file. Please ensure that the
file can be written by the server process owner.
log_max_file_size
(No need to be changed)
This is the maximum size of the AnyConnect Gateway log file. It is
automatically rotated when the maximum size is reached. The default value is
10,000,000 bytes. Upon rotation, the old log file is renamed (a sequence
number is appended to the file name) and stays in the same directory.
log_max_file_count
(No need to be changed)
This is the maximum number of the AnyConnect Gateway log files. The default
value is 100. When the maximum is reached, new log files will be saved with
numbers starting at 1.
pid_file
(No need to be changed)
The AnyConnect Gateway writes the process ID to this file. It is set to
/var/run/acgd.pid by default. Please ensure that the server process owner has
the permissions to write to the file.
16. 4.8. Eyeball AnyConnect™ Gateway:
Database Connection
Database Connection
Parameter Description
database_host
(Recommended to be changed)
The ODBC data source name of the database, exactly as specified in the
/etc/odbc.ini file.
It is possible to define more than one host by providing additional database_host
entries in the configuration file. The AnyConnect Gateway Server will randomly
select one of them and switch in case of failures.
database_user
(Recommended to be changed)
A username used to connect to the database. This user should have INSERT,
DELETE, UPDATE and SELECT privileges. The password for the database user
specified here is stored in an encrypted format in the password file (see the
password_file tag above). This is specified during Eyeball database installation.
log_database_host
(Usually the same as database_host)
(See database_host above)
log_database_user
(Usually the same as database_user)
(See database_user above)
logging_interval
(No need to be changed)
This value specifies the database logging interval in minutes. The value defines
how frequently usage statistics of the AnyConnect Gateway are written to the
database ( see Section 13). The default value, selected when the parameter is
not explicitly specified, is 15 minutes.
17. 4.9. Eyeball AnyConnect™ Gateway:
Licensing
Licensing
Parameter Description
license_name
(Must be changed)
Name of your license that is provided by Eyeball Networks Inc. Your organization
must have a valid production license in order to run Eyeball Server components.
The license name is delivered through the Eyeball Software download page.
license_cert_file
(Must be changed)
Name of the file containing your certificate and the private key of your
organization. This file is provided by Eyeball Networks Inc. through the Eyeball
Software download page. This file must be kept secret.
eyeball_cert_file
(No need to be changed)
Name of the file containing the certificate of Eyeball Networks Inc. This file is
provided to you by Eyeball Networks Inc. through the Eyeball Software
Download page.
18. 4.10. Eyeball AnyConnect™ Gateway:
TLS Certificate
TLS Certificate
Parameter Description
tls_cert_file
(Must be changed)
Name of the file containing the certificate required for TLS. If sip_tls_port is
specified, this must be provided. Otherwise the server will not start. The server
certificate is expected in PEM format. Any intermediate CA certificates that must
be installed in addition to the server certificate must be appended to the server
certificate file.
tls_cert_keyfile
(Must be changed)
Name of the file containing the certificate key required for TLS. If sip_tls_port is
specified, this must be provided. Otherwise the server will not start.
tls_cert_user
(Must be changed)
Name of the user authorized to access the certificate key specified by
tls_cert_keyfile. The username is associated with the password required to access
the certificate key file. The password is stored in the password file (see above)
using the ebpasswd utility as described in the INSTALL document.
Example
A sample configuration file for the acgd edge server is given below.
# Configuration file used by Eyeball AnyConnect Gateway Edge Server (acgd)
# This file provides startup/run parameters
# Copyright (c) 2011 Eyeball Networks Inc. All rights reserved. Patents pending.
# network configuration
bind_address = 32.40.50.60
private_address = 192.168.2.11
sip_port = 5060
sip_tcp_port = 443
19. sip_tcp_port = 80
sip_tls_port = 5061
domain_name = my.domain.com
# administration
admin_port = 7010
password_file = /usr/local/eyeball/conf/eyeball.auth
# log files
log_file = /usr/local/eyeball/logs/acgd.log
pid_file = /usr/local/eyeball/logs/acgd.pid
# connection to database
database_host = eyeball
database_user = server
# SIP behaviour
register_challenge = yes
proxy_challenge = yes
# licensing
license_name = your-company
license_cert_file = /usr/local/eyeball/your-company.crtpvk.pem
eyeball_cert_file = /usr/local/eyeball/eyeball-root.crt.pem.tics
# tls certificate
tls_cert_file = /usr/local/eyeball/conf/tlscert.crt
tls_cert_keyfile = /usr/local/eyeball/conf/tlscert.key
tls_cert_user = tls
stated.conf
Below, we give detailed descriptions of the configuration parameters for the stated server component.
These parameters must be added to the state server’s configuration file.
Parameter Description
bind_address
(No need to be changed)
Specify this numeric IP address that will be used to communicate with the edge
server.
database_host
(Must be changed)
See database_host for acgd.conf.
20. database_user
(Must be changed)
See database_user for acgd.conf.
password_file
(Must be changed)
See password_file for acgd.conf.
pid_file
(No need to be changed)
The SIP State Server writes the process ID to this file. It is set to /var/run/stated.pid by
default. Please ensure that the file can be written by the server process owner.
21. 4.11. Eyeball AnyConnect™ Gateway:
Scalability
Scalability
Introduction
AnyConnect Gateway uses a two layer server architecture with edge servers handling the actual SIP
protocol and media traffic and state server serving as in memory cache for status information and
interface to a database for persistent storage. For example, state servers store information about user
locations, i.e. the actual edge server a SIP user is connected to.
In order to add a new AnyConnect Gateway Edge Server to a cluster of servers, the only requirement is
to setup a new acgd process on a new computer and configure it to connect to the main database using
the database_host parameter in the new edge server’s configuration file. The new server will
automatically be discovered and integrated in the server cluster. The server administrators have to make
sure that client’s requests are directed to the new edge server, for example, by adjusting the DNS
settings accordingly.
The same procedure applies when adding a new state server with the exception that no additional setting
changes are required. New state servers are automatically integrated into the server cluster upon
successful startup and the load is equally balanced among all available state servers.
Adding a AnyConnect Gateway Edge Server
To add an AnyConnect Gateway Edge Server, first start the server by issuing the following command:
$ <install-root>/eyeball-acgd-9.0.0-60-el5/etc/init.d/acgd start
Confirm that the server is up and running by checking the log file.
22. The AnyConnect Gateway Edge Server should write an entry into the SipEdgeServerHistory database
table. The other AnyConnect Gateway Edge Servers and AnyConnect Gateway State Servers are
unaware of the presence of the new AnyConnect Gateway Edge Server, except after a user logs in. A
record of the user will be updated in the SipLoginState database table that indicates that the user is
connected to the new AnyConnect Gateway Edge Server. When there are calls directed to this user,
AnyConnect Gateway messages will be forwarded to the new AnyConnect Gateway Edge Server.
While the AnyConnect Gateway Edge Servers do not maintain a list of other AnyConnect Gateway Edge
Servers, the server load is distributed using DNS load balancing, where different AnyConnect Gateway
clients connect to different AnyConnect Gateway Edge Servers. In this case, DNS SRV entries need to
be added to DNS tables. Please refer to the DNS SRV entries in the example below:
SRV _sip._udp.mydomain.com
_sip._udp.mydomain.com has SRV record 0 100 5060 sip1.mydomain.com.
_sip._udp.mydomain.com has SRV record 0 100 5060 sip2.mydomain.com.
_sip._udp.mydomain.com has SRV record 0 100 5060 sip3.mydomain.com.
In addition, entries in the firewall may be required to allow incoming UDP and/or TCP packets to reach
the new AnyConnect Gateway Edge Server.
Removing a AnyConnect Gateway Edge Server
To remove a AnyConnect Gateway Edge Server, enter the following command:
$ <install-root>/eyeball-acgd-9.0.0-60-el5/etc/init.d/acgd stop
When a AnyConnect Gateway Edge Server is properly shutdown, all TCP connections to that
AnyConnect Gateway Edge Server will be closed, users will be logged out, and active calls will added to
the CallsHistory database table, but no BYE messages will be generated. Please wait for a few seconds if
the AnyConnect Gateway Edge Server does not completely shutdown immediately, as it may be busy
closing connections and logging users out.
SIP clients attempting to connect to the removed AnyConnect Gateway Edge Server should fall back to
one of the other AnyConnect Gateway Edge Servers, which are discovered using a DNS SRV lookup.
23. Adding an AnyConnect Gateway State Server
AnyConnect Gateway State Servers are typically behind a firewall and invisible to the outside world.
Private IP addresses are typically used. The network configuration must allow UDP traffic between
AnyConnect Gateway State Servers and AnyConnect Gateway Edge Servers.
To add an AnyConnect Gateway State Server, first start the server by issuing the following command:
$ ./bin/stated -c etc/stated.conf -s SIP
Confirm that the server is up and running by checking process list.
$ ps ax
The AnyConnect Gateway State Server will register itself in the StateServerRegistry database table. The
AnyConnect Gateway Edge Server will periodically check the entries in this table and send queries to the
new AnyConnect Gateway State Server.
Removing an AnyConnect Gateway State Server
To remove an AnyConnect Gateway State Server, issue the following command:
$ kill `cat stated.pid`
The AnyConnect Gateway State Server will continue running for 10 to 20 seconds, to allow time for the
AnyConnect Gateway Edge Servers to update their internal lists of AnyConnect Gateway State Servers
and stopping making queries to the AnyConnect Gateway State Server that is shutting down.
If the AnyConnect Gateway State Server is terminated improperly, the AnyConnect Gateway Edge
Servers may experience timeouts connecting to the AnyConnect Gateway State Server. This error
condition should only last for at most 20 seconds, after which the AnyConnect Gateway Proxy will resume
normal operation.
24. 5. Eyeball AnyConnect™ Gateway:
Password Settings
Password Settings
Password File
The edge server component of the Eyeball AnyConnect Gateway uses a password file (usually named
eyeball.auth) to store various passwords and keys in encrypted format, e.g., the password for the
command line interface and the key for securing user passwords. The tool ebpasswd found in the
Eyeball AnyConnect Gateway installation package is used to encrypt the contents of the password file.
The password file is generated during the installation (see Section 3. Installation). It contains entries of
the form
<entry>: <encrypted string>,
where < entry> denotes the purpose of the entry (e.g., 3des denotes the key used to encrypt user
passwords) and the encrypted string represents the actual password or key. The cleartext of the
encrypted strings is not stored anywhere.
The following encrypted passwords and keys are by default found in the password file:
1. database password (defined during the installation)
2. command line interface password (default entry: cli)
3. key to encrypt the user passwords (default entry: 3des)
4. TLS key passphrase if TLS was configured (defined during the installation)
In order to change the value of an entry, i.e., a password or key, the ebpasswd tool can be used. The
password for the command line interface can be changed directly from the CLI itself. It is recommended
25. to change the key used to encrypt the user passwords (entry 3des) only if it was compromised. Otherwise
the whole set of user passwords must be re-encrypted.
User Accounts: pass3des
The tool pass3des, found in the Eyeball AnyConnect Gateway installation package, is used to encrypt
and decrypt user’s passwords in the database and used for provisioning (see Section 13.1) or password
changes.
pass3des implements 3DES symmetric encryption. The key used to encrypt user passwords is kept in the
password file stored in the entry 3des (see section Password File above). The Eyeball AnyConnect
Gateway uses this key to access the user passwords stored in the database. In case this key needs to be
changed, e.g., in case it was compromised, it is necessary to decrypt the user passwords with the old key
and re-encrypt the passwords with a new key.
26. 6. Eyeball AnyConnect™ Gateway:
Command Line Arguments
Command Line Arguments
acdg
The acgd executable supports the following command line arguments.
Command Line
Argument
Description
-c, --config
<filename>
Specifies the configuration file. The configuration file is necessary to run the Eyeball
AnyConnect Gateway.
-v, --
verbose
<level>
Set verbosity level of AnyConnect Gateway for logging, the allowed range of values is
from 0 to 5. Higher verbosity level means more verbose mode. With verbose level 0,
only critical issues are printed which do not allow the server to continue. With verbose
level 5, every SIP message is written to the log file. The default and recommended
value is 4 (log summaries of SIP messages).
Please note that higher verbosity levels may result in excessive logging, easily
exceeding several Mbytes/day. As more experience is gained during operation, the
verbosity level can be reduced through the administration port (described below).
-f, --
foreground
By default, the AnyConnect Gateway runs as a background daemon. Using this option
will run the server in foreground. The server output will be written to standard output.
-V, --
version Prints the AnyConnect Gateway version information and exits.
-h, --help Prints help information and exits.
stated
The stated executable supports the following command line arguments.
27. Command Line Argument Description
-c, --config
<filename>
Specifies the configuration file. The configuration file is necessary to run
the stated server component.
-v, --verbose <level> Sets the verbosity level. It can be either 0 (do not log) or 1 (log).
-h, --help Prints help information and exits.
-a, --address
<address>
Server IP address
-p, --port <port> Server port for first instance
-n, --number-instances
<num>
Number of stated processes on the machine.
-s, --server <type> Specify SIP to enable AnyConnect Gateway Edge servers.
28. 7. Eyeball AnyConnect™ Gateway: TLS
Configuration
TLS Configuration
AnyConnect Gateway needs to be configured in order to allow outgoing and incoming SIP connections
using TLS. TLS is also required to enable peering with Google Talk. To enable TLS connections to and
from the AnyConnect Gateway, the parameter sip_tls_port must be set in the configuration file (see
Section 4 Server Configuration) and a TLS certificate must be generated and installed as described in this
section. The server administrator must generate the TLS certificate and the TLS certificate key. Several
options are available for generating the certificate. In this section, the procedure using the publicly
available openssl toolkit is briefly outlined. Please refer to the openssl website ( http://www.openssl.org)
for further reference.
First, a keyfile must be generated. This keyfile is used to protect the certificate and must be specified in
the configuration file (parameter tls_cert_keyfile, see Section 4 Server Configuration). Here is an example
of how this can be done using openssl.
/> openssl genrsa -des3 -out privkey.pem 2048
The program will ask for a password to protect the keyfile and generate the keyfile privkey.pem, which will
be password protected. The password must be added to the eyeball password file using the password
utility ebpasswd. It is possible (but NOT recommended) to omit the password protection. The keyfile must
be protected from unauthorized access as it protects the actual certificate and prevents others from using
the certificate.
After generating the keyfile, an actual certificate request can be generated. This means, a file is
generated that must be sent to a certificate authority (CA). Then the CA will issue a valid certificate for
your server. The certificate request file is generated as follows:
/> openssl req -new -key privkey.pem -out cert.csr
29. The resulting file cert.csr must be sent to the CA. The CA will then issue a valid certificate for your server,
which must be placed in the appropriate directory and added to the configuration file using the parameter
tls_cert_file (see Section 4 Server Configuration).
Another option is to generate a self-signed certificate. This is NOT recommended because it provides no
way for clients to actually verify the integrity and validity of the certificate with any trusted third-party. This
should only be used for testing purposes.
/> openssl req -new -x509 -key privkey.pem -out cert.pem -days 365
The resulting file cert.pem can be used as server certificate and must be added to an appropriate
directory and specified in the configuration file using the parameter tls_cert_file. The certificate file is
expected in PEM format. openssl can be used to convert certificates from other formats to PEM.
In some cases, it is necessary to install one or more intermediate CA certificates in addition to the actual
server certificate. These certificates should be appended to the server certificate file given in tls_cert_file.
30. 8. Eyeball AnyConnect™ Gateway:
Peering with other SIP Domains/SIP
Proxies (Outbound Proxy)
Peering with other SIP Domains/SIP
Proxies (Outbound Proxy)
AnyConnect Gateway can act as SIP proxy and Enterprise Session Border controller, thus not requiring a
separate SIP proxy. In addition, it is possible to only use the Enterprise SBC functionality for terminating
audio/video and data connections, network security, etc. AnyConnect Gateway can act solely as an
outbound proxy This is useful, for example, when AnyConnect Gateway is used in addition to an existing
SIP proxy server.
In order to enable peering with other SIP domains, e.g. in order to use AnyConnect Gateway as outbound
proxy, it is necessary to allow (or deny) the SIP domains AnyConnect Gateway is peering with. This
configuration step is described in the following.
Two files are used to restrict accepting SIP INVITE messages from other domains/computers or
forwarding SIP INVITE messages to other domains/computers. These two files are domain.allow and
domain.deny. AnyConnect Gateway uses a mechanism similar to the one employed on UNIX systems
(which uses host.allow and host.deny files).
domain.allow and domain.deny contain IP addresses or domain names. Each line in the file is an entry.
Each entry is a rule that consists of two fields. The first field is a FROM or a TO. A FROM rule regulates
where messages are accepted from, while a TO rule regulates where messages are forwarded. The
second field is an IP address, a sub-network, a hostname or a SIP domain name.
Rules in domain.allow specify other domains where SIP INVITE messages will be accepted from or
forwarded to. Rules in domain.deny specify other domains where SIP INVITE messages will not be
accepted from or forwarded to. The keyword ALL matches any possible IP address, hostname or domain
name, and can be used as a wildcard.
31. Example (domain.allow):
FROM 123.123.123.123
FROM 64.85.36.162
TO ALL
In the previous example, SIP messages are accepted when they were sent from the IP addresses
123.123.123.123 and 64.85.36.162. These messages are interpreted as messages from other SIP
domains and are not challenged. That means, any message received from those IP addresses will always
be forwarded. The username and the proxy_challenge parameter in the configuration file (see Section 4 .
Server Configuration) will be ignored. In the above example, messages are forwarded to any other SIP
domain, IP address or hostname (indicated by the entry TO ALL).
8.1. Eyeball AnyConnect™ Gateway: Forwarding Messages to other SIP Proxies (TO rules)
8.2. Eyeball AnyConnect™ Gateway: Accepting Messages from other SIP Proxies (FROM rules)
32. 8.1. Eyeball AnyConnect™ Gateway:
Forwarding Messages to other SIP
Proxies (TO rules)
Forwarding Messages to other SIP
Proxies (TO rules)
The basic access control mechanism for forwarding works as follows. First, the SIP message is parsed to
obtain a target domain. Then domain.allow is searched for an entry matching the target domain. The
domain.deny is checked for an entry matching the target domain. The entries are checked one-by-one,
starting from the beginning of the file. The check terminates when the first match is found. If a match is
found in domain.allow, the message will be forwarded, and domain.allow is not checked. When the target
of a message is an IP address or hostname, the same mechanism applies. If no match is found, the proxy
assumes the message should be forwarded.
Restricting the destination for a message is useful, for example, to restrict access to a PSTN gateway
server.
33. 8.2. Eyeball AnyConnect™ Gateway:
Accepting Messages from other SIP
Proxies (FROM rules)
Accepting Messages from other SIP
Proxies (FROM rules)
The access control mechanism employed when deciding whether or not to forward a message is applied
to each incoming SIP INVITE message. It determines whether the message is authenticated, and then
whether to forward the message or not. The mechanism must be applied and configured carefully.
To determine whether a message is from a trusted source, the access control mechanism checks
domain.allow and then domain.deny in the way described in previous subsection. If no match is found,
the proxy assumes the message is from a trusted source.
The SIP proxy resolves SIP domains and hostnames as part of the startup phase. Each entry in the two
files, domain.allow and domain.deny, is checked to determine whether it represents an IP address,
hostname, or SIP domain. This process works as follows:
1. When the entry represents an IP address, this IP address is added to the internal access control
structures.
2. When the entry does not represent an IP address, the SIP proxy checks whether the entry
represents a SIP domain. DNS SRV lookups are carried out for each of the protocols UDP, TCP,
and TLS. When successful, the respective IP addresses are added to the internal access control
structures.
3. When the entry does not represent an IP address and the DNS SRV lookup is unsuccessful, the
SIP proxy tries to interpret the entry as a hostname. If the entry can be resolved to a valid IP
address, this IP address is added to the internal access control structures.
Examples:
1. Defaults
By default, the Eyeball SIP Proxy does not accept messages from other SIP domains, but allows
forwarding to any other SIP domain.
34. domain.allow:
TO ALL
domain.deny:
FROM ALL
2. Default-deny Strategy
The following example shows how to implement a default-deny strategy, denying access from and to any
IP and SIP domain except for those specified in domain.deny. In this example, messages to and from the
SIP domain eyeball.com are accepted.
domain.allow:
TO eyeball.com
FROM eyeball.com
domain.deny:
FROM ALL
TO ALL
The domain eyeball.com is resolved during proxy startup, resulting in one or more IP addresses being
added to the internal access control structures
3. Default-allow Strategy
The following setting results in a default-allow strategy, i.e., messages are accepted and forwarded by
default, with only the exceptions defined in domain.deny. Note, that specifying FROM ALL and/or TO ALL
in domain.allow would lead to acceptance and forwarding of all messages as the search stops when the
first match is found. Thus, the exceptions specified in domain.deny would be ignored.
domain.allow:
domain.deny:
TO xyz.com
FROM 192.168.0.100
FROM 123.123.123.123
It is very important to carefully design the FROM rules. In the case of the default-allow strategy, it cannot
be verified whether or not incoming SIP INVITE messages were really sent from the domain specified in
the message.
35. 9. Eyeball AnyConnect™ Gateway:
Peering with Google Talk
Peering with Google Talk
AnyConnect Gateway supports protocol conversion from SIP to XMPP/Jingle and allows interoperability
of SIP clients with Google Talk for voice and video calls. In order to peer with Google Talk, it is required to
configure the AnyConnect Gateway for inter domain communication using server dialback.
Setting up DNS SRV for Server Callback
Google Talk uses server dialback for inter-domain communication. It is necessary to create DNS SRV
settings to allow Google Talk servers to locate your domain. The following example illustrates the
required DNS SRV setting for two AnyConnect Gateway edge servers (the server names are
acg1.mydomain.com and acg2.mydomain.com and port 5269 is used for inter-domain traffic):
_xmpp-server._tcp.mydomain.com has SRV record 0 50 5269 acg1.mydomain.com
_xmpp-server._tcp.mydomain.com has SRV record 0 100 5269 acg2.mydomain.com
9.1. Eyeball AnyConnect™ Gateway: Specifying the peering method
9.2. Eyeball AnyConnect™ Gateway: Enabling SASL
9.3. Eyeball AnyConnect™ Gateway: Forcing TLS or SASL for incoming connections
9.4. Eyeball AnyConnect™ Gateway: Example: Peering with Google Talk
36. 9.1. Eyeball AnyConnect™ Gateway:
Specifying the peering method
Specifying the peering method
In order to specify a peering method, set the OutgoingAuthMethod column of the XmppPeerDomains
table to one of " auto", " SASL", or " dialback". Setting the " Active" column to "N" will disable peering with
that realm. Incoming and outgoing peering methods need not be the same. For example, it is possible to
specify dialback for incoming and SASL for outgoing connections.
In order to setup peering with Google Talk, the peering method must be set to dialback.
37. 9.2. Eyeball AnyConnect™ Gateway:
Enabling SASL
Enabling SASL
SASL secrets must be created and inserted into the database table XMPPPeerDomains for each domain
you are peering with. Use the pass3des utility to encrypt the secrets with the 3DES key specifically
generated for each server. For each server, encrypt the incoming and outgoing secrets, specify the
server’s key, the domain you are peering with, and the secret on realm a.net:
$ ./tools/pass3des 85987523cbab6d892f645d762a9745f86bbaf7d5b0cdc16d b.net password
$ ./tools/pass3des 85987523cbab6d892f645d762a9745f86bbaf7d5b0cdc16d b.net password2
Add the encrypted secrets to the database table XMPPPeerDomains, specifying the domain you are
peering with.
38. 9.3. Eyeball AnyConnect™ Gateway:
Forcing TLS or SASL for incoming
connections
Forcing TLS or SASL for incoming
connections
Specify either server_require_tls or server_requires_sasl to force incoming peer connections to use TLS
or SASL. Both can be enabled and disabled via the command line interface CLI.
39. 9.4. Eyeball AnyConnect™ Gateway:
Example: Peering with Google Talk
Forcing TLS or SASL for incoming
connections
The following describes how to setup the Eyeball AnyConnect Gateway to peer with Google Talk. This
requires to enable communication with the domain ‘gmail.com’ using dialback.
1. set the xmpp_server_port configuration parameter to port 5269 in the configuration file:
xmpp_server_port = 5269
2. set the server_to_server configuration parameter in the configuration file:
server_to_server = y
3. Specify the servers you would like to peer with by inserting a record of the server into the database
(this applies to both incoming and outgoing connections). In order to enable peering with Google Talk, the
realm ‘ gmail.com’ must be specified by adding a record to the XmppPeerDomains table:
INSERT INTO XmppPeerDomains SET Domain = "gmail.com", OutgoingAuthMethod =
"dialback"
4. Peering with Google Talk is now enabled via dialback, start/restart the AnyConnect Gateway server.
40. 10. Eyeball AnyConnect™ Gateway:
Peering with Microsoft Lync Server
Peering with Microsoft Lync Server
Eyeball AnyConnect Gateway supports protocol conversion from SIP to Microsoft SIP and allows
interoperability of SIP clients with Microsoft Lync Server for voice and video calls.
Setting up connection between ACG and Microsoft
Lync
Connection between ACG and Microsoft Lync can be established in two ways:
Microsoft Lync Server can be configured to initiate a connection to ACG host via TCP or UDP
port 5060.
ACG can be configured via acgd.conf to initiate a connection to Microsoft Lync Server.
Specifying the peering method
In order to specify a peering method, set the OutgoingAuthMethod column of the MicrosoftPeerDomains
table to one of " auto" or " dialback". Setting the " Active" column to " N" will disable peering with that
realm.
Forcing TLS for incoming connections
Specify either server_require_tls to force incoming peer connections to use TLS. This can be enabled and
disabled via the command line interface CLI.
41. 11. Eyeball AnyConnect™ Gateway:
Starting and Stopping the Server
Starting and Stopping the Server
In order to run the Eyeball AnyConnect Gateway, both edge and state server components must be
started. If you are using the init.d scripts provided in the installation package the server may be started
with
<install-root>/ eyeball-acgd-9.0.0-60-el5/etc/init.d/acgd start
When AnyConnect Gateway runs as daemon, the output is redirected to the file specified in the
configuration. Otherwise, the standard output is used.
To ensure that the server is running, please connect to the administration port running the command
telnet localhost 7015 (port 7015 is used for the command line interface in the default configuration). You
can also check that the process is running by using the ps –ef command.
In the event of an unsuccessful startup, the AnyConnect Gateway exits with an error code for one of the
following reasons:
Cannot read the configuration file. The configuration file is not specified or the specified file
cannot be read.
Error during initialization. The Eyeball AnyConnect Gateway gives a detailed error message on
the console or in the output file indicating the cause of the failure. The most common reasons
include failure to obtain a license from Eyeball Monitoring Server, server ports are already in use,
cannot read the database authentication file, or failure to connect to the database.
The servers may be stopped with:
<install-root>/ eyeball-acgd-9.0.0-60-el5/etc/init.d/acgd stop
Unless specified by –f option to run in foreground, the Eyeball AnyConnect Gateway runs as daemon in
the background.
42. 12. Eyeball AnyConnect™ Gateway:
Command Line Interface
Command Line Interface
The Eyeball AnyConnect Gateway can be monitored and administered using the command line interface
available via a telnet connection to the administration port of the server.
Connection to the administration port is password protected. The initial default password is ‘eyeball’.
Changing this password is HIGHLY RECOMMENDED upon first login. The password is encrypted using
the password utility ebpasswd and stored as user cli in the file specified by password_file in the
acgd.conf. Several simultaneous connections to the administration port are possible.
Connection to the administration port can be established using the telnet command. The administration
port is specified in the server configuration file.
43. The AnyConnect Gateway supports the following administrative commands.
Administrative
Command
Description
help:
Print the list of available commands and along with a brief description of each
command.
verbose
<level>:
Change the verbosity level of AnyConnect Gateway to <level>. For the description
of verbosity levels, please refer to Section 14.
rotate log:
This command manually rotates the log file. The current log file is closed and a new
log file is opened. The old log file is renamed (a sequence number is appended to
the file name) and stays in the same directory.
bye, quit,
exit, ^D:
Close the connection to administrative port.
status: Print the connection status of the AnyConnect Gateway.
connections: Print the currently active TCP and TLS connections.
users: Display the number of online users and total users.
print users: Display the online users, IP addresses, and ports.
messages:
Display the number of processed SIP messages and the messages per second
processed during the last half a minute.
stun: Display the number of processed STUN messages.
settings: Display the current settings of the server.
shutdown: Shut down the server.
version: Print the server version.
uptime: Print the server running time.
44. 13. Eyeball AnyConnect™ Gateway:
Database
Database
This section describes how the Eyeball AnyConnect™ Gateway uses the database and how to setup new
accounts. The database tables can be created using the database script included in the Eyeball
AnyConnect™ Gateway package.
If you are running multiple Eyeball servers, it is recommended to use the same database for all servers to
simplify the provisioning process.
Administrators only need to access the tables required for provisioning and statistics. All other tables are
required for internal purposes only and should not be touched or changed.
Adding, removing or modifying information in database tables must be made with great care as it may
interfere with the proper operation of the server .
45. 13.1. Eyeball AnyConnect™ Gateway:
Provisioning
Provisioning
Adding and removing user accounts requires accessing the account table in the database.
The table has the following columns:
Column Type
account_id unsigned auto_increment
user_id varchar (32)
password varchar (32)
active varchar (1)
created datetime
In order to add a new user, the user’s ID (the name of the user, e.g., ‘eyeball’) and the password must be
added to the account table. The server expects the password in encrypted format. The pass3des tool
found in the archive in the tools subdirectory is used to encrypt the password. This tool implements a
3DES encryption of the password. The key is stored in the file eyeball.auth and the respective username
is 3des.
The column active is used to define whether the user’s account is active (‘Y’) or not (‘N’). This can be
used e.g. to temporarily deactivate a user without deleting the account so it can be activated later. In
addition, the account table contains a timestamp of the time when the user account was created. This is
automatically filled with the current timestamp when a new user is added (see Section 13.3).
The Eyeball AnyConnect Gateway installation package also contains a sample script that can be used for
provisioning.
46. 13.2. Eyeball AnyConnect™ Gateway:
Statistics
Statistics
The Eyeball AnyConnect Gateway periodically logs statistics and usage information to the database. In
addition, each user’s activity, e.g., logins, is written to the database when such events occur. The
information can be extracted from the table sipstatistics which is described in Section 13.3. This table
captures status and usage information of the AnyConnect Gateway, which is periodically logged. The
logging interval can be adjusted using the logging_interval parameter in the configuration file. The
information logged to this table covers the logging period.
In order to obtain information about a longer period of time, it is necessary to add the information from all
logging intervals covering the request period. For that purpose, each row in the table indicates the date
and time it was taken.
When used together with Eyeball clients, the Eyeball AnyConnect Gateway also logs information about
the call completion rate. For each call, the AnyConnect Gateway captures whether the call was
completed Peer2Peer or using a relay server. If a relay server was used, the actual relay method (UDP,
TCP, or TCP using HTTP tunnel) is given. Please refer to the table description in Section 13.3 for more
details.
In addition, each login (via SIP REGISTER) to the AnyConnect Gateway and each call are logged to the
database. For that purpose, the database tables siploginhistory and sipcallhistory are used. The
format of those two tables is described in Section 13.3.
47. 13.3. Eyeball AnyConnect™ Gateway:
Database Tables
Database Tables
This section describes and summarizes all the database tables used by the Eyeball AnyConnect
Gateway. The access mode of each table is also specified. The fields mentioned are required for the
proper operation of the server. Other tables and fields can be added on demand. The following two
database tables may optionally be placed in a separate database for logging purposes: sipcallhistory;
siploginhistory; sipserverhistory; and sipstatistics.
account
Used to verify whether an account exists and still active (Active = ’Y’). This is also used to verify the
password for the account. Password contains users’ passwords as a 3DES-encrypted password
generated using the pass3des utility. (SELECT)
CREATE TABLE `account` (
`account_id` int(10) unsigned NOT NULL auto_increment,
`user_id` varchar(32) NOT NULL default ' ',
`password` varchar(32) NOT NULL default ' ',
`active` varchar(1) NOT NULL default 'Y',
`created` datetime NOT NULL default '1970-01-01 00:00:00',
PRIMARY KEY (`account_id`),
UNIQUE KEY `account_user_index_idx` (`user_id`)
)
Enumerated types:
Y: The account is active
N: The account is inactive
48. A: The account is set as abuser (inactive)
accountdetail
This table holds detailed user account information. Other fields in this table (personal information, billing
information, etc.) can be added as necessary. (SELECT)
CREATE TABLE `accountdetail` (
`account_id` int(10) unsigned NOT NULL default '0',
`email` varchar(100) NOT NULL default ' ',
`firstname` varchar(40) NOT NULL default ' ',
`lastname` varchar(40) NOT NULL default ' ',
`birthday` date NOT NULL default '1970-01-01',
`gender` varchar(1) NOT NULL default 'M',
`address` varchar(255) NOT NULL default ' ',
`city` varchar(40) NOT NULL default ' ',
`stateprovince` int(10) unsigned NOT NULL default '0',
`country` int(10) unsigned NOT NULL default '0',
`subscriptiontype` int(10) unsigned NOT NULL default '55288',
`recordtime` datetime default '1970-01-01 00:00:00',
PRIMARY KEY (`account_id`)
)
sipcall
Users that are currently in an audio/video call. A record is inserted when the other party accepts a call. A
record is deleted when either party ends the call. (INSERT, DELETE)
CREATE TABLE `sipcall` (
`callid` varchar(100) NOT NULL default ' ',
`caller` varchar(100) NOT NULL default ' ',
`callee` varchar(100) NOT NULL default ' ',
`starttime` datetime NOT NULL default '1970-01-01 00:00:00',
PRIMARY KEY (`callid`),
KEY `sipcall_caller_index_idx` (`caller`),
KEY `sipcall_callee_index_idx` (`callee`)
)
sipcallhistory
Records ended calls. A record is inserted when either party ends a call. (INSERT)
49. CREATE TABLE `sipcallhistory` (
`callid` varchar(100) NOT NULL default ' ',
`caller` varchar(100) NOT NULL default ' ',
`callee` varchar(100) NOT NULL default ' ',
`starttime` datetime NOT NULL default '1970-01-01 00:00:00',
`endtime` datetime default '1970-01-01 00:00:00',
PRIMARY KEY (`callid`),
KEY `sipcallhistory_index2_idx` (`caller`),
KEY `sipcallhistory_index3_idx` (`callee`)
)
serverconfig
Stores internal State Server information (UPDATE, SELECT)
CREATE TABLE `serverconfig` (
`name` varchar(32) NOT NULL default ' ',
`value` varchar(255) NOT NULL default ' ',
`recordtime` int(11) default NULL,
PRIMARY KEY (`name`)
)
siploginstate
Users that have registered to the AnyConnect Gateway. A record is inserted when a user registers to the
AnyConnect Gateway. A record is updated when a user un-registers from AnyConnect Gateway or
registration expires. (INSERT, UPDATE)
CREATE TABLE `siploginstate` (
`siploginstate_id` int(10) unsigned NOT NULL auto_increment,
`account_id` int(10) unsigned NOT NULL default '0',
`proxyaddress` varchar(32) NOT NULL default ' ',
`contact` varchar(32) NOT NULL default ' ',
`login` datetime NOT NULL default '1970-01-01 00:00:00',
`expires` int(10) unsigned NOT NULL default '0',
`forwardaddress` varchar(32) NOT NULL default ' ',
`hash` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`siploginstate_id`),
KEY `siploginstate_index2_idx` (`hash`)
)
siploginhistory
50. Users that un-registered from AnyConnect Gateway. A record is inserted when a user un-registers or
registration expires. The reason for the logout is given as well: ‘ N’ for normal deregistration, ‘ E’ for expiry
of the registration. The Contact column stores the source address the client used to login as a string in
the format “ <IP>:<port>/<protocol>”. (INSERT)
CREATE TABLE `siploginhistory` (
`siploginhistory_id` int(10) unsigned NOT NULL auto_increment,
`account_id` int(10) unsigned NOT NULL default '0',
`proxyaddress` varchar(32) NOT NULL default ' ',
`contact` varchar(100) NOT NULL default ' ',
`login` datetime NOT NULL default '1970-01-01 00:00:00',
`logout` datetime NOT NULL default '1970-01-01 00:00:00',
`reason` varchar(1) NOT NULL default 'N',
PRIMARY KEY (`siploginhistory_id`),
KEY `siploginhistory_acnt_index_idx` (`account_id`,`login`),
KEY `siploginhistory_log_index_idx` (`login`,`account_id`)
)
sipstatistics
This table stores periodic usage statistics for the AnyConnect Gateway (INSERT). In addition to various
parameters directly related to the AnyConnect Gateway’s operation, the table also reveals information
about the call completion status. This information can only be collected if at least on Eyeball client was
used in the call. The following columns cover the call completion status:
Parameter Description
callsudprelay Calls completed using UDP relay
callstcprelay Calls completed using TCP relay
callshttprelay Calls completed using TCP relay tunneled through HTTP
callsp2p Calls completed Peer2Peer
callsunknown
Call completion could not be detected. This happens when all parties involved are
non-Eyeball clients.
callsrelayerror
An error occurred before the call could be completed. This usually indicates a
network problem at the client.
CREATE TABLE `sipstatistics` (
`sipstatistics_id` int(10) unsigned NOT NULL auto_increment,
`sipserver_id` int(10) unsigned NOT NULL default '0',
`recordtime` datetime NOT NULL default '1970-01-01 00:00:00',
`proxyaddress` varchar(21) NOT NULL default ' ',
`connections` int(10) unsigned NOT NULL default '0',
`onlinecurrent` int(10) unsigned NOT NULL default '0',
`onlinemax` int(10) unsigned NOT NULL default '0',
`calls` int(10) unsigned NOT NULL default '0',
`callminutes` int(10) unsigned NOT NULL default '0',
`throughput` int(10) unsigned NOT NULL default '0',
51. `login` int(10) unsigned NOT NULL default '0',
`logout` int(10) unsigned NOT NULL default '0',
`callsinitiated` int(10) unsigned NOT NULL default '0',
`callsended` int(10) unsigned NOT NULL default '0',
`stun` int(10) unsigned NOT NULL default '0',
`callsp2p` int(10) unsigned NOT NULL default '0',
`callsudprelay` int(10) unsigned NOT NULL default '0',
`callstcprelay` int(10) unsigned NOT NULL default '0',
`callshttprelay` int(10) unsigned NOT NULL default '0',
`callsrelayerror` int(10) unsigned NOT NULL default '0',
`callsunknown` int(10) unsigned NOT NULL default '0',
`avgbps` int(10) unsigned default '0',
`peakbps` int(10) unsigned default '0',
PRIMARY KEY (`sipstatistics_id`)
)
stateserverregistry
State Servers register here periodically to indicate that they are active (UPDATE, SELECT)
CREATE TABLE `stateserverregistry` (
`address` varchar(32) NOT NULL default ' ',
`status` varchar(21) NOT NULL default ' ',
`recordtime` int(11) default NULL,
`usercount` int(10) unsigned NOT NULL default '0',
`processid` int(10) unsigned NOT NULL default '0',
`messagecount` int(10) unsigned NOT NULL default '0',
`responsetime` int(10) unsigned NOT NULL default '0',
`servertype` varchar(4) NOT NULL default 'ALL',
PRIMARY KEY (`address`)
)
52. 14. Eyeball AnyConnect™ Gateway: Log
Files
Log Files
The AnyConnect™ Gateway writes messages to a log file. By default, the log file is written to
/var/log/acgd.log.
Writing to /var/log/acgd.log may require root access. Make sure that acgd is run with the proper user
privileges to write to the log file. The location of the log file can also be specified in the acgd.conf
configuration file with the log_file parameter.
Depending on the verbosity level 0 to 10, the log file may grow slowly or quickly in size. At verbosity level
0, only important messages or critical errors are logged. At verbosity level 5, all SIP messages are
logged. The recommended verbosity level is 4, where summary information about each SIP message is
logged. The verbosity level is set to 4 by default, and can be changed using the –v command line
argument on startup, as well as the verbose command in the command line interface.
When the log file grows too large, it may exceed the operating system file size limit, which may be 2GB in
certain cases. This may cause the server to stop working, blocking on trying to write to the log file. As
well, large log files may take a long time to load and to browse through. Rotating the log file solves this
problem by renaming the current log file with a number appended, and opening a new log file to be
written to.
The server automatically rotates the log file periodically, depending on the size of the current log file. This
eliminates the need for a server administrator to rotate the logs periodically, although it is still possible to
rotate the log file by issuing the rotate log command in the command line interface. The automatic log
rotation is configured by the log_max_file_size and log_max_file_count parameters in the acgd.conf
configuration file. By default, the log is rotated when it reaches 10 MB and a maximum of 100 log files are
stored. When the maximum number of log files is reached, the server will overwrite log files in a cyclical
manner. In other words, the server will write to acgd.log.000099, acgd.log.0000100, and then
acgd.log.0000001, acgd.log.0000002, and so on. This way, the last 1 GB of logs are preserved. Using
that schema, acgd.log.0000002 can be more recently updated than acgd.log.0000050. The sequence of
the log files can be determined by checking the time and date of the log files:
$ ls -l acgd.log.*
53. 15. Eyeball AnyConnect™ Gateway: Port
Settings
Port Settings
The Eyeball AnyConnect™ Gateway requires at least 3 ports to be accessible from the public Internet in
order to allow SIP clients to connect. In addition to the default ports 5060 and 5061, the Eyeball
AnyConnect™ Gateway also listens for connections on ports 443 and port 80 in order to allow clients
behind restricted firewalls and HTTP proxies to connect.
Direction Destination Port Protocol Purpose
Incoming 5060 UDP/TCP SIP
5061 TCP SIP over TLS (if configured)
443 TCP SIP
80 TCP SIP
5269 TCP XMPP
5222 TCP XMPP
Outgoing 443 TCP
Connection to Eyeball licensing servers
ls1.eyeball.com, ls2.eyeball.com, ls3.eyeball.com
Table 1: Default incoming and outgoing port settings required to run the Eyeball AnyConnect™ Gateway
In addition to the ports that need to be accessible from the public Internet, the Eyeball AnyConnect™
Gateway connects periodically (once every hour) to one of Eyeball Networks licensing servers. The
default ports that must be opened in incoming and outgoing direction are listed in Table 1.
54. 16. Eyeball AnyConnect™ Gateway:
Troubleshooting
Troubleshooting
If you have problems running either edge or state server and it cannot be resolved by following the steps
outlined in the INSTALL file or by consulting this document, the log file should be sent to Eyeball
Networks Inc. together with a detailed description of the problem.
55. 17. Eyeball AnyConnect™ Gateway:
Further Information
Further Information
For a more detailed description of the installation process for the Eyeball AnyConnect Gateway, please
refer to the documents included in the Eyeball AnyConnect Gateway package, in particular INSTALL and
README.