AvayaScopiaPathFinderFirewallTraversalDeploymentGuide PDF

Avaya Scopia PathFinder Firewall
Traversal Deployment Guide
Release 8.3
For Solution 8.3 (Intel servers only)
Issue 3
April 2016
2014-2016, Avaya, Inc.
All Rights Reserved.

Notice
While reasonable efforts have been made to ensure that the
information in this document is complete and accurate at the time of
printing, Avaya assumes no liability for any errors. Avaya reserves
the right to make changes and corrections to the information in this
document without the obligation to notify any person or organization
of such changes.
Documentation disclaimer
Documentation means information published in varying mediums
which may include product information, operating instructions and
performance specifications that are generally made available to users
of products. Documentation does not include marketing materials.
Avaya shall not be responsible for any modifications, additions, or
deletions to the original published version of Documentation unless
such modifications, additions, or deletions were performed by or on
the express behalf of Avaya. End User agrees to indemnify and hold
harmless Avaya, Avaya's agents, servants and employees against all
claims, lawsuits, demands and judgments arising out of, or in
connection with, subsequent modifications, additions or deletions to
this documentation, to the extent made by End User.
Link disclaimer
Avaya is not responsible for the contents or reliability of any linked
websites referenced within this site or Documentation provided by
Avaya. Avaya is not responsible for the accuracy of any information,
statement or content provided on these sites and does not
necessarily endorse the products, services, or information described
or offered within them. Avaya does not guarantee that these links will
work all the time and has no control over the availability of the linked
pages.
Warranty
Avaya provides a limited warranty on Avaya hardware and software.
Refer to your sales agreement to establish the terms of the limited
warranty. In addition, Avayas standard warranty language, as well as
information regarding support for this product while under warranty is
available to Avaya customers and other parties through the Avaya
Support website: https://support.avaya.com/helpcenter/
getGenericDetails?detailId=C20091120112456651010 under the link
Warranty & Product Lifecycle or such successor site as designated
by Avaya. Please note that if You acquired the product(s) from an
authorized Avaya Channel Partner outside of the United States and
Canada, the warranty is provided to You by said Avaya Channel
Partner and not by Avaya.
IF YOU DO NOT WISH TO ACCEPT THESE TERMS OF USE, YOU

MUST NOT ACCESS OR USE THE HOSTED SERVICE OR
AUTHORIZE ANYONE TO ACCESS OR USE THE HOSTED
SERVICE.
Licenses
THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA
WEBSITE, HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO,
UNDER THE LINK AVAYA SOFTWARE LICENSE TERMS (Avaya
Products) OR SUCH SUCCESSOR SITE AS DESIGNATED BY
AVAYA, ARE APPLICABLE TO ANYONE WHO DOWNLOADS,
USES AND/OR INSTALLS AVAYA SOFTWARE, PURCHASED
FROM AVAYA INC., ANY AVAYA AFFILIATE, OR AN AVAYA
CHANNEL PARTNER (AS APPLICABLE) UNDER A COMMERCIAL
AGREEMENT WITH AVAYA OR AN AVAYA CHANNEL PARTNER.
UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING,
AVAYA DOES NOT EXTEND THIS LICENSE IF THE SOFTWARE
WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN
AVAYA AFFILIATE OR AN AVAYA CHANNEL PARTNER; AVAYA
RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU
AND ANYONE ELSE USING OR SELLING THE SOFTWARE
WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR
USING THE SOFTWARE, OR AUTHORIZING OTHERS TO DO SO,
YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM
YOU ARE INSTALLING, DOWNLOADING OR USING THE
SOFTWARE (HEREINAFTER REFERRED TO
INTERCHANGEABLY AS YOU AND END USER), AGREE TO
THESE TERMS AND CONDITIONS AND CREATE A BINDING
CONTRACT BETWEEN YOU AND AVAYA INC. OR THE
APPLICABLE AVAYA AFFILIATE (AVAYA).
Avaya grants You a license within the scope of the license types
described below, with the exception of Heritage Nortel Software, for
which the scope of the license is detailed below. Where the order
documentation does not expressly identify a license type, the
applicable license will be a Designated System License. The
applicable number of licenses and units of capacity for which the
license is granted will be one (1), unless a different number of
licenses or units of capacity is specified in the documentation or other
materials available to You. Software means computer programs in
object code, provided by Avaya or an Avaya Channel Partner,
whether as stand-alone products, pre-installed on hardware products,
and any upgrades, updates, patches, bug fixes, or modified versions
thereto. Designated Processor means a single stand-alone
computing device. Server means a Designated Processor that
hosts a software application to be accessed by multiple users.
Instance means a single copy of the Software executing at a
particular time: (i) on one physical machine; or (ii) on one deployed
software virtual machine (VM) or similar deployment.
Hosted Service means an Avaya hosted service subscription that

You acquire from either Avaya or an authorized Avaya Channel
Partner (as applicable) and which is described further in Hosted SAS
or other service description documentation regarding the applicable
hosted service. If You purchase a Hosted Service subscription, the
foregoing limited warranty may not apply but You may be entitled to
support services in connection with the Hosted Service as described
further in your service description documents for the applicable
Hosted Service. Contact Avaya or Avaya Channel Partner (as
applicable) for more information.
License type(s)
Hosted Service
Concurrent User License (CU). End User may install and use the
Software on multiple Designated Processors or one or more Servers,
so long as only the licensed number of Units are accessing and using
the Software at any given time. A Unit means the unit on which
Avaya, at its sole discretion, bases the pricing of its licenses and can
be, without limitation, an agent, port or user, an e-mail or voice mail
account in the name of a person or corporate function (e.g.,
webmaster or helpdesk), or a directory entry in the administrative
database utilized by the Software that permits one user to interface
with the Software. Units may be linked to a specific, identified Server
or an Instance of the Software.
THE FOLLOWING APPLIES ONLY IF YOU PURCHASE AN AVAYA

HOSTED SERVICE SUBSCRIPTION FROM AVAYA OR AN AVAYA
CHANNEL PARTNER (AS APPLICABLE), THE TERMS OF USE
FOR HOSTED SERVICES ARE AVAILABLE ON THE AVAYA
WEBSITE, HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO
UNDER THE LINK Avaya Terms of Use for Hosted Services OR
SUCH SUCCESSOR SITE AS DESIGNATED BY AVAYA, AND ARE
APPLICABLE TO ANYONE WHO ACCESSES OR USES THE
HOSTED SERVICE. BY ACCESSING OR USING THE HOSTED
SERVICE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON
BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE
DOING SO (HEREINAFTER REFERRED TO INTERCHANGEABLY
AS YOU AND END USER), AGREE TO THE TERMS OF USE. IF
YOU ARE ACCEPTING THE TERMS OF USE ON BEHALF A
COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT
YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THESE
TERMS OF USE. IF YOU DO NOT HAVE SUCH AUTHORITY, OR
Designated System(s) License (DS). End User may install and use
each copy or an Instance of the Software only on a number of
Designated Processors up to the number indicated in the order.
Avaya may require the Designated Processor(s) to be identified in
the order by type, serial number, feature key, Instance, location or
other specific designation, or to be provided by End User to Avaya
through electronic means established by Avaya specifically for this
purpose.
Database License (DL). End User may install and use each copy or
an Instance of the Software on one Server or on multiple Servers
provided that each of the Servers on which the Software is installed
communicates with no more than one Instance of the same
database.
CPU License (CP). End User may install and use each copy or
Instance of the Software on a number of Servers up to the number
indicated in the order provided that the performance capacity of the

Server(s) does not exceed the performance capacity specified for the
Software. End User may not re-install or operate the Software on
Server(s) with a larger performance capacity without Avayas prior
consent and payment of an upgrade fee.
software. The Third Party Terms shall take precedence over these
Software License Terms, solely with respect to the applicable Third
Party Components to the extent that these Software License Terms
impose greater restrictions on You than the applicable Third Party
Terms.
Named User License (NU). You may: (i) install and use each copy or
Instance of the Software on a single Designated Processor or Server
per authorized Named User (defined below); or (ii) install and use
each copy or Instance of the Software on a Server so long as only
authorized Named Users access and use the Software. Named
User, means a user or device that has been expressly authorized by
Avaya to access and use the Software. At Avayas sole discretion, a
Named User may be, without limitation, designated by name,
corporate function (e.g., webmaster or helpdesk), an e-mail or voice
mail account in the name of a person or corporate function, or a
directory entry in the administrative database utilized by the Software
that permits one user to interface with the Software.
The following applies only if the H.264 (AVC) codec is distributed with
the product. THIS PRODUCT IS LICENSED UNDER THE AVC
PATENT PORTFOLIO LICENSE FOR THE PERSONAL USE OF A
CONSUMER OR OTHER USES IN WHICH IT DOES NOT RECEIVE
REMUNERATION TO (i) ENCODE VIDEO IN COMPLIANCE WITH
THE AVC STANDARD (AVC VIDEO) AND/OR (ii) DECODE AVC
VIDEO THAT WAS ENCODED BY A CONSUMER ENGAGED IN A
PERSONAL ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO
PROVIDER LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS
GRANTED OR SHALL BE IMPLIED FOR ANY OTHER USE.
ADDITIONAL INFORMATION MAY BE OBTAINED FROM MPEG
LA, L.L.C. SEE HTTP://WWW.MPEGLA.COM.
Shrinkwrap License (SR). You may install and use the Software in
accordance with the terms and conditions of the applicable license
agreements, such as shrinkwrap or clickthrough license
accompanying or applicable to the Software (Shrinkwrap License).
Service Provider
Heritage Nortel Software

Heritage Nortel Software means the software that was acquired by
Avaya as part of its purchase of the Nortel Enterprise Solutions
Business in December 2009. The Heritage Nortel Software is the
software contained within the list of Heritage Nortel Products located
at https://support.avaya.com/LicenseInfo under the link Heritage
Nortel Products or such successor site as designated by Avaya. For
Heritage Nortel Software, Avaya grants Customer a license to use
Heritage Nortel Software provided hereunder solely to the extent of
the authorized activation or authorized usage level, solely for the
purpose specified in the Documentation, and solely as embedded in,
for execution on, or for communication with Avaya equipment.
Charges for Heritage Nortel Software may be based on extent of
activation or use authorized as specified in an order or invoice.
Copyright
Except where expressly stated otherwise, no use should be made of
materials on this site, the Documentation, Software, Hosted Service,
or hardware provided by Avaya. All content on this site, the
documentation, Hosted Service, and the product provided by Avaya
including the selection, arrangement and design of the content is
owned either by Avaya or its licensors and is protected by copyright
and other intellectual property laws including the sui generis rights
relating to the protection of databases. You may not modify, copy,
reproduce, republish, upload, post, transmit or distribute in any way
any content, in whole or in part, including any code and software
unless expressly authorized by Avaya. Unauthorized reproduction,
transmission, dissemination, storage, and or use without the express
written consent of Avaya can be a criminal, as well as a civil offense
under the applicable law.
Virtualization
The following applies if the product is deployed on a virtual machine.
Each product has its own ordering code and license types. Note that
each Instance of a product must be separately licensed and ordered.
For example, if the end user customer or Avaya Channel Partner
would like to install two Instances of the same type of products, then
two products of that type must be ordered.
Third Party Components
Third Party Components mean certain software programs or
portions thereof included in the Software or Hosted Service may
contain software (including open source software) distributed under
third party agreements (Third Party Components), which contain
terms regarding the rights to use certain portions of the Software
(Third Party Terms). As required, information regarding distributed
Linux OS source code (for those products that have distributed Linux
OS source code) and identifying the copyright holders of the Third
Party Components and the Third Party Terms that apply is available
in the products, Documentation or on Avayas website at: https://
support.avaya.com/Copyright or such successor site as designated
by Avaya. The open source software license terms provided as Third
Party Terms are consistent with the license rights granted in these
Software License Terms, and may contain additional rights benefiting
You, such as modification and distribution of the open source
THE FOLLOWING APPLIES TO AVAYA CHANNEL PARTNERS

HOSTING OF AVAYA PRODUCTS OR SERVICES. THE PRODUCT
OR HOSTED SERVICE MAY USE THIRD PARTY COMPONENTS
SUBJECT TO THIRD PARTY TERMS AND REQUIRE A SERVICE
PROVIDER TO BE INDEPENDENTLY LICENSED DIRECTLY
FROM THE THIRD PARTY SUPPLIER. AN AVAYA CHANNEL
PARTNERS HOSTING OF AVAYA PRODUCTS MUST BE
AUTHORIZED IN WRITING BY AVAYA AND IF THOSE HOSTED
PRODUCTS USE OR EMBED CERTAIN THIRD PARTY
SOFTWARE, INCLUDING BUT NOT LIMITED TO MICROSOFT
SOFTWARE OR CODECS, THE AVAYA CHANNEL PARTNER IS
REQUIRED TO INDEPENDENTLY OBTAIN ANY APPLICABLE
LICENSE AGREEMENTS, AT THE AVAYA CHANNEL PARTNERS
EXPENSE, DIRECTLY FROM THE APPLICABLE THIRD PARTY
SUPPLIER.
WITH RESPECT TO CODECS, IF THE AVAYA CHANNEL
PARTNER IS HOSTING ANY PRODUCTS THAT USE OR EMBED
THE G.729 CODEC, H.264 CODEC, OR H.265 CODEC, THE
AVAYA CHANNEL PARTNER ACKNOWLEDGES AND AGREES
THE AVAYA CHANNEL PARTNER IS RESPONSIBLE FOR ANY
AND ALL RELATED FEES AND/OR ROYALTIES. THE G.729
CODEC IS LICENSED BY SIPRO LAB TELECOM INC. SEE
WWW.SIPRO.COM/CONTACT.HTML. THE H.264 (AVC) CODEC IS
LICENSED UNDER THE AVC PATENT PORTFOLIO LICENSE FOR
THE PERSONAL USE OF A CONSUMER OR OTHER USES IN
WHICH IT DOES NOT RECEIVE REMUNERATION TO: (I)
ENCODE VIDEO IN COMPLIANCE WITH THE AVC STANDARD
(AVC VIDEO) AND/OR (II) DECODE AVC VIDEO THAT WAS
ENCODED BY A CONSUMER ENGAGED IN A PERSONAL
ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO PROVIDER
LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS GRANTED
OR SHALL BE IMPLIED FOR ANY OTHER USE. ADDITIONAL
INFORMATION FOR H.264 (AVC) AND H.265 (HEVC) CODECS
MAY BE OBTAINED FROM MPEG LA, L.L.C. SEE HTTP://
WWW.MPEGLA.COM.
Compliance with Laws
You acknowledge and agree that it is Your responsibility for
complying with any applicable laws and regulations, including, but not
limited to laws and regulations related to call recording, data privacy,
intellectual property, trade secret, fraud, and music performance
rights, in the country or territory where the Avaya product is used.
Preventing Toll Fraud
Toll Fraud is the unauthorized use of your telecommunications
system by an unauthorized party (for example, a person who is not a
corporate employee, agent, subcontractor, or is not working on your
company's behalf). Be aware that there can be a risk of Toll Fraud
associated with your system and that, if Toll Fraud occurs, it can
result in substantial additional charges for your telecommunications
services.
Avaya Toll Fraud intervention
If You suspect that You are being victimized by Toll Fraud and You
need technical assistance or support, call Technical Service Center
Toll Fraud Intervention Hotline at +1-800-643-2353 for the United
States and Canada. For additional support telephone numbers, see
the Avaya Support website: https://support.avaya.com or such

successor site as designated by Avaya.
Security Vulnerabilities
Information about Avayas security support policies can be found in
the Security Policies and Support section of https://
support.avaya.com/security.
Suspected Avaya product security vulnerabilities are handled per the
Avaya Product Security Support Flow (https://
support.avaya.com/css/P8/documents/100161515).
Downloading Documentation
For the most current versions of Documentation, see the Avaya
Support website: https://support.avaya.com, or such successor site
as designated by Avaya.
Contact Avaya Support
See the Avaya Support website: https://support.avaya.com for
product or Hosted Service notices and articles, or to report a problem
with your Avaya product or Hosted Service. For a list of support
telephone numbers and contact addresses, go to the Avaya Support
website: https://support.avaya.com (or such successor site as
designated by Avaya), scroll to the bottom of the page, and select
Contact Avaya Support.
Trademarks
The trademarks, logos and service marks (Marks) displayed in this
site, the Documentation, Hosted Service(s), and product(s) provided
by Avaya are the registered or unregistered Marks of Avaya, its
affiliates, its licensors, its suppliers, or other third parties. Users are
not permitted to use such Marks without prior written consent from
Avaya or such third party which may own the Mark. Nothing
contained in this site, the Documentation, Hosted Service(s) and
product(s) should be construed as granting, by implication, estoppel,
or otherwise, any license or right in and to the Marks without the
express written permission of Avaya or the applicable third party.
Avaya is a registered trademark of Avaya Inc.
All non-Avaya trademarks are the property of their respective owners.
Linux is the registered trademark of Linus Torvalds in the U.S. and
other countries.
Contents
Chapter 1: About PathFinder................................................................................................... 8
Main Features of PathFinder.................................................................................................... 9
Technical Specifications.........................................................................................................10
Change history......................................................................................................................12
Chapter 2: Preparing the PathFinder server Setup............................................................. 13
Planning Your Topology for PathFinder...................................................................................13
Ports to Open on PathFinder.................................................................................................. 15
Checking Site Suitability.........................................................................................................20
Unpacking the Device............................................................................................................20
Inspecting for Damage...........................................................................................................21
Chapter 3: Setting up the Device...........................................................................................22
Mounting the Device on to the Rack........................................................................................22
Preparing the Rack and Rails for Mounting the Device....................................................... 22
Mounting the Outer Rails on to the Rack........................................................................... 25
Mounting the Device on to the Outer Rails.........................................................................28
Connecting Cables to the Device............................................................................................32
Obtaining the License Key of the PathFinder server................................................................. 33
Verifying the PathFinder server Installation..............................................................................34
Chapter 4: Performing the Initial Configuration of the PathFinder server........................ 35
Configuring the IP Addresses of the PathFinder server.............................................................35
Configuring Ports on the PathFinder server............................................................................. 40
Configuring the UDP Port for RAS on the PathFinder server............................................... 40
Limiting the TCP/UDP Port Range for H.323 Direct Access Calls on the PathFinder server... 41
Limiting the TCP/UDP port range on the internal interface of PathFinder..............................41
Configuring Port Access for H.460 Endpoints.................................................................... 42
Integrating the PathFinder server with Other Scopia Solution Components.............................. 45
Integrating the PathFinder server with ECS....................................................................... 45
Integrating the PathFinder server with NAT....................................................................... 46
Enabling Internal Endpoints to Call External Endpoints.............................................................47
Configuring Access for H.323 Legacy Endpoints................................................................47
URI Dialing Functionality..................................................................................................49
Enabling URI Dialing to External Endpoints....................................................................... 50
Enabling IP Dialing to External Endpoints..........................................................................54
Configuring Priority of Audio or Video......................................................................................57
Chapter 5: Scalability, High Availability and Load Balancing with PathFinder................ 59
Workflow to Configure PathFinder server for Redundancy........................................................ 61
Configuring Radware Load Balancer for PathFinder servers..................................................... 62
Configuring the F5 BIG-IP LTM for PathFinder servers............................................................. 64
Configuring PathFinder servers for the Load Balancer..............................................................67
April 2016
Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Comments on this document? infodev@avaya.com
Contents
Chapter 6: Performing Maintenance Procedures................................................................ 70

Updating, Backing Up and Restoring the PathFinder server...................................................... 70
Upgrading the PathFinder server...................................................................................... 71
Backing Up the Configuration Settings.............................................................................. 73
Restoring the Configuration Settings................................................................................. 75
Filtering and Monitoring Events in PathFinder server................................................................76
Managing Logs..................................................................................................................... 80
Configuring the Alert Level and Size of Logs......................................................................80
Retrieving Application and Operating System Logs............................................................ 81
Capturing Network Traces for Troubleshooting........................................................................ 83
Viewing PathFinder Hardware and License Information............................................................ 85
Glossary...................................................................................................................................87
April 2016

Chapter 1: About PathFinder
Avaya Scopia PathFinder provides a complete firewall and NAT traversal solution for H.323
deployments, enabling secure connectivity between enterprise networks and remote sites.
Avaya Scopia PathFinder is part of the Scopia Solution the components of which can be
combined to fit the existing network topology and videoconferencing requirements of the
organization.
PathFinder maintains the security and advantages of firewall and NAT over heterogeneous video
networks and allows seamless integration with existing video endpoints and infrastructure
components.
Figure 1: PathFinder Functionality on page 8 illustrates the functionality of PathFinder.
Figure 1: PathFinder Functionality
PathFinder uses the H.460 protocol. H.460 enhances the standard H.323 protocol to manage
firewall/NAT traversal, employing ITU-T standards.
Endpoints which are already H.460 compliant can communicate directly with the PathFinder server,
where the endpoint acts as an H.460 client to the PathFinder server which acts as an H.460 server.
The endpoints in a private network can communicate with the endpoints located in the public
network via the PathFinder server. Endpoints in the public network can join a conference hosted in
the private network via the PathFinder server if there is an open connection through the firewall. The
ECS provides standalone address resolution functionality in H.323 networks.
April 2016

Main Features of PathFinder
The PathFinder server offers external endpoints a static address when joining conferences hosted in
your organization. You can dial1234@pathfinder.company.com to access from outside the firewall,
or you can dial 1234 directly if you are an H.460 client logged in to the PathFinder server.
Related links
Main Features of PathFinder on page 9
Technical Specifications on page 10
Main Features of PathFinder

Avaya Scopia PathFinder enables firewall and NAT traversal for secure connectivity between
enterprise networks and remote sites. PathFinder has many powerful features including:
Works with any firewall, endpoint and gatekeeper
PathFinder solves near-end and far-end firewall issues by allowing you to maintain existing
security measures with no changes to existing firewalls. All H.323 standards-based endpoints
and gatekeepers are supported. PathFinder is also fully compatible with Avaya Scopia ECS
Gatekeeper features: enhanced dial plan, hierarchy, conference hunting, CDR records and API
for integration.
Highly secured
The PathFinder server uses a hardened version of the Linux operating system which has a
proven track record in secured system access.
The PathFinder server also provides uncompromised security by separating and restricting IP
traffic between the external and internal network cards (NICs). The external NIC accepts
access only from a very specific range of ports and media types, which significantly limits
intrusive attempts on the system.
Customers can restrict access of all management interfaces to a single NIC which resides
either in the DMZ or in the secured zone.
The PathFinder server works as an application layer firewall for H.323 calls and inspects the
contents of the traffic, blocking specific content, such as invalid H.323/RTP/RTCP packets. The
PathFinder server routes only validated H.323 based packets or RTCP/RTP based packets
from the external NIC to the internal NIC.
Scalable and distributed
You can now deploy multiple PathFinder servers for improved availability for dial in and dial out
from your organization. As a result, enterprises can improve reliability or accommodate more
external endpoints joining videoconferences by adding more PathFinder servers to their
deployments.
The PathFinder server works with an external load balancer providing unlimited scalability and
solid redundancy for large deployments.
Guest user dial-in
April 2016

About PathFinder
The PathFinder server supports Direct Public Access (DPA). Any public H.323 endpoint can
directly call through the PathFinder server without the need to deploy an additional Scopia
PathFinder client. Public H.323 endpoints which do not support the H.460 standard can directly
call the PathFinder server and easily and securely participate in any call or conference call
inside the organization.
URI Dialing
With support for URI dialing PathFinder enables seamless and intuitive connectivity between
enterprises, with customers and home workers. The following dialing methods are supported
for both outgoing public calls and incoming public calls:
- <Number>@<Domain> e.g. 5640@company.com
- <Number>@<IP Address> e.g. 5640@216.2.12.310
- <Name>@<Domain> e.g. Paul@company.com
- <Name>@<IP Address> e.g. Paul@216.2.12.310
Enhanced management capabilities
Avaya Scopia Management fully supports the PathFinder server providing comprehensive
maintenance tools such as user management, real-time monitoring, traps and alarms,
automated log collection, and direct web access.
Integrated web-based event log
Use the event log for quick and effective troubleshooting
Related links
About PathFinder on page 8
Technical Specifications
This section lists important information about the device you purchased. Refer to this information
when preparing system setup and afterwards to verify that the environment still complies with these
requirements.
This information lists the technical specifications of the Avaya Scopia PathFinder server.
System power requirements:
- 600W, 100-240VAC input, 50/60Hz auto-switched
Environmental requirements:
- Operating temperature: 5C to 35C (41F to 95F)
- Humidity: 8% to 90% non-condensing
- Storage and transit temperature: -40C to 60C (-40F to 140F)
April 2016

10
Technical Specifications
Physical dimensions:
- Size: 437mm (17.2) width x 43mm (1.7) height x 650mm (25.6) depth
- Weight: ~16.3kg (~36lbs)
External interfaces:
- Dual Gigabit NICs
- 1 x DB9 serial port connector
- 2 x USB 2.0 connectors
Communications:
- H.323
- IPv4
- Bit rate: up to 4Mbps per call
Call capacity:
- Up to 100 concurrent calls
- Up to 600 registered devices
Scalability:
- Radware AppDirector 208
- Radware AppDirector 1000
- F5 BIG-IP Load Traffic Manager 1600 Series
Firewall traversal:
- H.460.18, H.460.19 including support for multiplexed media
- Direct Public Access (DPA) solution for direct communication between internal endpoints in
the internal network and external ones in the public network.
- If the remote system includes an installation of the Scopia PathFinder client, you can tunnel
communication through the firewall securely by routing traffic via the Scopia PathFinder
client.
Security:
- H.235 for call privacy in all traversal modes (H.460, tunneling, DPA)
Related links
About PathFinder on page 8
April 2016

11
About PathFinder
Change history
Issue
Date
Summary of changes
April 2016
Removed obsolete content
April 2016

12
Chapter 2: Preparing the PathFinder server

Setup
Perform procedures in this section to prepare the site and device for installation.
Related links
Planning Your Topology for PathFinder on page 13
Ports to Open on PathFinder on page 15
Checking Site Suitability on page 20
Unpacking the Device on page 20
Inspecting for Damage on page 21
Planning Your Topology for PathFinder

Communication in the deployment comprises management, external communication traffic
(unsecured), and internal communication traffic (secured). The Avaya Scopia PathFinder server
supports these communication protocols used by the system:
Table 1: Protocols supported by the PathFinder server
Type of Network Traffic
Protocols supported by the PathFinder server
Management
External management (TCP-XML based), HTTP, SSH, SFTP
External communication (insecure)
H.460, proprietary client-server tunneling, DNS
Internal communication (secure)
H.323
To create a secure deployment, administrators in organizations need to separate the various types
of network traffic in the deployment.
The PathFinder server houses two NIC cards. The PathFinder server provides uncompromised
security by using the two NICs for separating and restricting IP traffic in the deployment. The
external NIC accepts access only from a very specific range of ports and media types, which
significantly limits intrusive attempts on the system. The internal NIC is dedicated to the local traffic.
We recommend configuring the second NIC to also support management traffic.
There are two recommended ways of deploying the dual-NIC PathFinder server:
Bypassing the enterprise firewall
April 2016

13
Preparing the PathFinder server Setup
The external NIC is connected to the external network while the internal NIC resides in the
enterprise LAN. The external endpoints have access to the external NIC through the firewall
and the NAT. The internal NIC communicates with the components of the internal network and
bypasses the firewall to the enterprise LAN. Figure 2: Deploying a Dual-NIC PathFinder server
bypassing the enterprise firewall on page 14 illustrates this type of deployment.
Figure 2: Deploying a Dual-NIC PathFinder server bypassing the enterprise firewall
Located in the DMZ

The PathFinder server is located in the DMZ behind the firewalls. The DMZ is divided into two
subnets. The external NIC is connected to the outer DMZ and the internal NIC is connected to
the inner DMZ. The subnets do not communicate between them. Figure 3: Deploying a highsecurity Dual-NIC PathFinder server on page 14 illustrates this highly secure deployment.
Figure 3: Deploying a high-security Dual-NIC PathFinder server
April 2016

14
Ports to Open on PathFinder
Deploying the PathFinder server requires configuring the unit itself as well as several other
components. For information on components that are part of the Scopia Solution, see the Scopia
Solution guide.
SCOPIA PathFinder Servers can also be clustered behind a load balancing system for scalability
and high availability. See Scalability, High Availability and Load Balancing with PathFinder on
page 59.
Important:
Small and medium-size enterprises that set up videoconferences within their enterprise can
choose to deploy PathFinder server with a single NIC. Contact Customer Support for
information on that type of deployment.
Related links
Preparing the PathFinder server Setup on page 13

Avaya Scopia PathFinder is Scopia Solutions answer to firewall traversal. The PathFinder server
is an H.460 server, typically deployed in the DMZ, while the Scopia PathFinder client is a tunneling
client, typically deployed outside the enterprise firewall alongside the remote H.323 endpoint (see
Figure 4: H.323 connections to PathFinder server on page 16).
Many recent H.323 endpoints have built-in H.460 functionality (which enables secure
communication), thereby avoiding the need for a Scopia PathFinder client. If an H.323 endpoint
located in a partner company does not have H.460 capabilities, it must communicate via the
Scopia PathFinder client to access the PathFinder server in the DMZ (see Figure 4: H.323
connections to PathFinder server on page 16).
Important:
There must be no firewall between the H.323 endpoint (device) and the Scopia PathFinder
client.
An H.323 endpoint in the public network can also directly dial the PathFinder server using direct port
access (ports 4000-5000).
April 2016

15
Figure 4: H.323 connections to PathFinder server
When opening ports to and from PathFinder server, use the following as a reference:
If opening ports that are both to and from the PathFinder server, see Table 2: Bidirectional
Ports to Open the PathFinder server on page 17.
If opening ports that are both to and from the Scopia PathFinder client, see Table 3:
Bidirectional Ports to Open on the Scopia PathFinder client on page 19.
Important:
In order for an H.323 endpoint (or other H.323 device) within the enterprise to successfully
connect to the PathFinder server in the DMZ via the enterprise firewall (see Figure 5: Contacting
PathFinder server from within the enterprise on page 17), you must do one of the following:
Install a Scopia PathFinder client within the enterprise
Use H.460-enabled endpoints
Open the internal firewall to the PathFinder server (1024-65535, bidirectional)
April 2016

16
Figure 5: Contacting PathFinder server from within the enterprise
Important:
The specific firewalls you need to open ports on depends on where your PathFinder server,
Scopia PathFinder client, and other Scopia Solution products are deployed.
Table 2: Bidirectional Ports to Open the PathFinder server
Port Range
Protocol
Destination
Functionality
Result of
Blocking Port
Required
22
SSH/SFTP
(TCP)
SSH client
endpoint
Enables initial
configuration, log
download and
server upgrade
Cannot initialize
the server,
download logs and
upgrade the server
Mandatory for
configuring the
PathFinder
server
53
DNS (UDP)
DNS server
Enables querying
the DNS for
domains per call
Cannot support
domain name calls
and dialing by URI
Mandatory if
using URI dialing
1719
UDP
H.460.18
endpoint/ H.
460.18 client
gatekeeper
Enables H.460.18
RAS capabilities
H.460.18
endpoints cannot
register through
PathFinder server,
firewall traversal
function based on
H.460.18 and H.
460.19 cannot
function.
Mandatory for H.
460 endpoints
Any H.323
device using Q.
931 signaling in
DPA mode
Enables IP call
signaling
No signaling
capabilities: guest
users cannot dial
Mandatory if in
DPA mode
1720
TCP
To configure,
see Configuring
the UDP Port for
RAS on the
PathFinder
server on
page 40
Table continues
April 2016

17
Port Range
Protocol
Destination
Functionality
Result of
Blocking Port
into internal
endpoints
Required
2776
TCP, UDP
H.460.18
endpoint/ H.
460.18 client
gatekeeper
Enables H.460.18
Call Signaling, H.
460.19 Multiplex
Media Channel
H.460.18
endpoints cannot
register through
PathFinder server
or set up logical
channels. Firewall
traversal function
based on H.460.18
and H.460.19
cannot function.
Mandatory for H.
460 endpoints
2777
TCP, UDP
H.460.18
endpoint/ H.
460.18 client
gatekeeper
Enables H.460.18
and H.460.19 Call
Control, H.460.19
Multiplex Media
Control Channel
H.460.18
endpoints cannot
set up Call Control
channels or logical
channels. Firewall
traversal function
based on H.460.18
and H.460.19
cannot function.
Mandatory for H.
460 endpoints
3089
TCP, UDP
Scopia
Enables signaling
PathFinder client and media traversal
If the TCP port is

Mandatory if
blocked, Scopia
using Scopia
PathFinder client
PathFinder client
cannot connect to
PathFinder server.
Legacy H.323
endpoints behind
the Scopia
PathFinder client
cannot call external
endpoints. If the
UDP port is
blocked, Scopia
PathFinder client
can only traverse
media via TCP.
3089
TCP, UDP
PathFinder
server
Enables signaling
and media
connection to
neighbor server
Cannot connect or
traverse media to
neighbor server
4000-5000
TCP, UDP
Any H.323
device using Q.
931 signaling in
DPA mode
Enables Direct
Public Access
(DPA) for H.323 call
signaling, control
and media traversal
Cannot setup/
Mandatory if in
connect DPA mode DPA mode
calls
To limit range,
see Limiting the
Mandatory if
using a neighbor
server
Table continues
April 2016

18
Port Range
Protocol
Destination
Functionality
Result of
Blocking Port
Required
TCP/UDP Port
Range for H.323
Direct Access
Calls on the
PathFinder
server on
page 41
8080
HTTP (TCP)
Web client/
browser
Provides access to
the web user
interface
Cannot configure
PathFinder server
Mandatory for
configuring the
PathFinder
application
8089
XML (TCP)
XML API Client
Enables managing
PathFinder server
via XML API
The External
Management
System cannot get
PathFinder server
status or receive
traps from
PathFinder server
Optional
Table 3: Bidirectional Ports to Open on the Scopia PathFinder client

Port Range
Protocol
Destination
Functionality
Result of
Blocking Port
Required
3478
STUN (UDP)
STUN server
Enables an endpoint
located in the
remote network to
send a STUN
Binding Request
when connecting to
another endpoint in
the same network
Scopia
PathFinder client
cannot
determine its
public IP
address. Smart
Direct Media
Connect cannot
function.
Recommended
Important:
If there is a firewall between the H.323 client and the Scopia PathFinder client, all high ports
must be opened in both directions (1024-65535). We therefore recommend no firewall between
the endpoint and the Scopia PathFinder client.
Related links
April 2016

19
Checking Site Suitability

Prior to setting up your device, you need to verify your site suitability for:
System power requirements
System environmental requirements
The device physical dimensions.
For more information, see Technical Specifications on page 10 to learn about these requirements.
Ensure the site conforms to the listed requirements.
Related links
Unpacking the Device

About this task
We strongly recommend that you follow safety guidelines described in this section during unpacking.
Procedure
1. Inspect the shipping box to verify that it is not seriously damaged during shipping.
2. Place the shipping box on a horizontal surface paying attention to the This Side Up symbol
on the shipping box (Figure 6: This Side Up symbol on page 20).
Figure 6: This Side Up symbol
Caution:
The accessories kit is situated on top of the device inside the shipping box and can be
damaged if the box is placed upside down. Pay attention to the This Side Up symbol on
the shipping box to handle the box correctly at all times.
Caution:
To prevent injury and equipment damage, follow the lifting guidelines described in the
Safety Guide when lifting or moving the shipping box.
3. Cut the plastic straps.
April 2016

20
Inspecting for Damage
Caution:
The plastic straps are tightly stretched and can hit you when you cut them. To avoid this,
make sure you do not face the side of the box secured by the straps before you cut the
straps.
4. Cut the strapping tape.
5. Open the shipping box.
6. Take the accessories kit out of the shipping box.
7. Take the device out of the shipping box.
8. Carefully open the additional boxes, remove the packing material, and remove the drives
and other contents.
Important:
We recommend keeping the packaging materials in case you need to repack the device.
9. Remove the cellophane wrapping from the server case.
10. After opening the shipping box, check the shipment is complete. Compare the contents of
the shipment with the packing list included in the box.
Related links
Inspecting for Damage

After you verify that all of the equipment is included, carefully examine the , power supplies and
cables for any damage resulting from shipping. If you suspect any damage from shipping, contact
your local freight carrier for procedures on damage claims. If you observe any physical defects in
the items you ordered, contact Technical Support for Return Material Authorization (RMA) form.
Important:
Before proceeding with the installation, verify that all of the ordered parts are present and in
good condition. Keep a record of the parts and serial numbers. If any parts are missing or
damaged, contact your sales representative.
Related links
April 2016

21
Chapter 3: Setting up the Device
These sections describe how to set up the device:

Related links
Mounting the Device on to the Rack on page 22
Connecting Cables to the Device on page 32
Obtaining the License Key of the PathFinder server on page 33
Verifying the PathFinder server Installation on page 34
Mounting the Device on to the Rack

To mount the device, perform these tasks in the order listed:
Related links
Setting up the Device on page 22
Preparing the Rack and Rails for Mounting the Device on page 22
Mounting the Outer Rails on to the Rack on page 25
Mounting the Device on to the Outer Rails on page 28
Preparing the Rack and Rails for Mounting the Device

About this task
This section describes how to prepare all the equipment required to mount the device onto the rack,
including choosing the rack and finding the right place on the rack to mount the device.
Before you begin

Ensure that the room is suitable for the device and remove the device from its box, as described in
Preparing the PathFinder server Setup on page 13.
Procedure
1. Verify that you have a 19 rack that meets the EIA-310 standards. This standard includes the
exact specifications, including the shape of the holes, their size, the depth of the rack and
other features.
The rack should be sturdy enough to support the device when you slide it in and out.
April 2016

22
We recommend choosing a rack without doors. If installing in an enclosed rack, ensure that
the rack has adequate ventilation.
2. Ensure that the environment is suitable and set up the rack, considering factors such as the
ambient temperature of the room. Read the safety instructions that came with your rack for
details.
Important:
Maintain a minimum clearance of 30 inches (76.2 cm) in the rear of the rack to allow
adequate airflow.
Ensure the rack is stable. The leveling jacks at the bottom of the rack should be fully
extended.
3. Decide where on the rack to place the device, using the guidelines listed below. Mark this
location on the rack, ensuring that the height is the same on each rack post.
Proper placement prevents the device from overheating and ensures that the rack is stable.
Find a space on the rack which is 3 empty square holes in height (1U), as shown in Figure
7: One rack unit of space on the rack on page 23.
Note that the holes on the rack posts are not spaced equally. They form a repeating
pattern of two holes close together, then one hole separate, then two holes close together
and so on.
The top of the device should start on the lower of the two holes which are close together.
Figure 7: One rack unit of space on the rack
If there are few devices mounted in the rack, find the lowest possible location to mount the
device, to ensure the rack remains stable.
April 2016

23
Setting up the Device
4. Make sure you have the following items, which were shipped with the device and are used to
mount the rails to the rack (Figure 8: Preparing the parts required to mount the rails on
page 24):
Two long outer rails and two short outer rails, to be attached to the rack itself (as
described in Mounting the Outer Rails on to the Rack on page 25)
Two inner rail extensions, used to attach the device to the outer rails on the rack (as
described in Mounting the Device on to the Outer Rails on page 28)
Eight flat-head long screws (Phillips cross recessed flat-head machine screws M5x12mm).
You need only four to mount the device.
Eight brackets (finishing washers M5). You need only four to mount the device.
Two flat-head short screws (Phillips cross recessed flat-head machine screws 6-32
UNCx3/16")
Figure 8: Preparing the parts required to mount the rails
5. Continue with Mounting the Outer Rails on to the Rack on page 25.
Related links
April 2016

24
Mounting the Outer Rails on to the Rack

About this task
This procedure describes how to mount the outer rails on to the rack. The outer rails are used to
support the inner rails, which are attached to the device.
After fastening the outer rails to the rack itself, you attach the inner rails to the device. You can then
slide the inner rails along the outer rails to mount the device on to the rack.
Before you begin

Make sure you have the correct type of rack and know where to mount the outer rails, as
described in Preparing the Rack and Rails for Mounting the Device on page 22.
Make sure you have the following items, which were shipped with the device and are used to
mount the outer rails to the rack (Figure 9: Preparing the parts required to mount the rails on
page 25):
- Two long outer rails
- Two short outer rails
- Two flat-head long screws (Phillips cross recessed flat-head machine screws M5x12mm)
- Two brackets (finishing washers M5)
Figure 9: Preparing the parts required to mount the rails
April 2016

25
Procedure
1. Connect the long and short outer rails to each other by sliding the knob on the short rail
through the rounded end of the slot on the long rail (Figure 10: Connecting the two outer
rails on page 26).
Figure 10: Connecting the two outer rails
2. Attach the rails to the rack posts, at the location you marked in Preparing the Rack and Rails
for Mounting the Device on page 22:
a. Starting at the rear of the rack, attach the short rail by aligning the two square knobs
with the rack holes (Figure 11: Attaching the short rail to the rear of the rack on
page 26).
The rails are spring-loaded and lock into place on the rack with a safety latch.
Figure 11: Attaching the short rail to the rear of the rack
b. Slide the long rail towards the front of the rack, adjusting the length according to the
depth of the rack. Attach it to the front of the rack as you did to the rear of the rack.
April 2016

26
Important:
To unfasten the rail pins from the rack, push the safety latch to release:
Figure 12: Removing the rack from the rails
c. Secure the rail by inserting a long screw and a washer through the rear rack post only
(Figure 13: Securing the rail to the rack on page 27). Insert the washer between the
long screw and the rail, as shown below.
The rail is secured to the front of the rack only after the device is mounted, as described
in Mounting the Device on to the Outer Rails on page 28.
Figure 13: Securing the rail to the rack
April 2016

27
The outer rail is now attached to the rack, as shown in Figure 14: Side view of rack with
the outer rail attached on page 28.
Figure 14: Side view of rack with the outer rail attached
3. Repeat all steps to mount the outer rails to the other side of the rack.
4. Continue with Mounting the Device on to the Outer Rails on page 28.
Related links
Mounting the Device on to the Outer Rails

About this task
After you have attached the outer rails to the rack to form a support for the device, you can attach
the inner rail extensions to the device and mount the device on to the rack.
Caution:
To prevent injury and equipment damage, follow the lifting guidelines described in the Safety
Guide when lifting or moving the device.
Before you begin

Read the safety guidelines described in the Safety Guide.
Attach the outer rails to the rack, as described in Mounting the Outer Rails on to the Rack on
page 25.
April 2016

28
Make sure you have the following items, which were shipped with the device and are used to
mount the rails to the rack (Figure 15: Preparing the parts required to mount the device onto
the rails on page 29):
- Two inner rail extensions
- Two flat-head short screws (Phillips cross recessed flat-head machine screws 6-32
UNCx3/16")
- Two flat-head long screws (Phillips cross recessed flat-head machine screws M5x12mm)
- Two brackets (finishing washers M5)
Figure 15: Preparing the parts required to mount the device onto the rails
Procedure
1. Attach the inner rail extension to the rear of the device:
a. Slide the rear inner rail extension towards the front of the device (see Figure 16:
Attaching inner rail extensions to the device on page 29).
The hooks on the side of the device fasten the inner rail in place.
Figure 16: Attaching inner rail extensions to the device
b. Secure the rear inner rail extension through one of the two holes on the rail extension,
using one flat-headed short screw (Figure 17: Securing rail extensions to the device on
page 30).
April 2016

29
Figure 17: Securing rail extensions to the device
c. Repeat these steps on the other side of the device.

2. Slide the device on to the rails until the holes on the device front panel align with the front
post (see Figure 18: Sliding the device onto the rails on page 30).
As you slide, you should hear two clicks; one mid-way and one near the end. These are the
safety latches to stop the device from accidentally sliding out.
Figure 18: Sliding the device onto the rails
April 2016

30
Important:
To pull out the device, you need to slide the long part of the latch on each side
simultaneously to release the safety lock. Slide the right latch up and slide the left latch
down (Figure 19: Removing the device from the rails on page 31).
Figure 19: Removing the device from the rails
3. Secure the device to each front post using a long screw. Insert a washer between the screw
and the device panel.
This secures the front panel to the front of the rack and the outer rail to the rack.
The outer rail was already secured in Mounting the Outer Rails on to the Rack on page 25.
April 2016

31
Figure 20: Securing the front panel of the device to the front post
Related links
Connecting Cables to the Device

About this task
Follow this procedure to connect the power, network, and serial cable supplied with the accessories
kit.
Important:
The serial connection is used only for configuring the IP address of the device.
Caution:
During this procedure, follow the safety guidelines described in the Safety Guide.
Procedure
1. On the rear panel, connect the power cable to the AC power connector (Figure 21: Rear
panel of the device on page 33).
April 2016

32
Obtaining the License Key of the PathFinder server
Figure 21: Rear panel of the device
2. Connect the other end of the power cable to the AC power.

3. Use a serial cable to connect a PC to the device's serial port. This connection is required for
local configuration and maintenance.
Important:
Do not connect a screen or a keyboard to the device directly. Define the device's basic
settings via the serial connection only.
4. Connect a network cable to the NIC1 Ethernet connector on the rear panel (see Figure 21:
Rear panel of the device on page 33).
Related links
Obtaining the License Key of the PathFinder server

You need a license key for installing and operating the Avaya Scopia PathFinder server. To obtain
the license key, carefully read the instructions enclosed in the customer support letter you received
when you purchased the product.
April 2016

33
Related links
Verifying the PathFinder server Installation

About this task
After you installed the device and performed its initial configuration, you need to verify that it is
installed and configured correctly.
Procedure
1. On the front panel, verify that the power LED is lit green.
Figure 22: Locating the front panel LEDs
2. Verify that the status LED is lit green .

3. Check the network connection by verifying that the Ethernet activity LED is lit green.
Related links
April 2016

34
Chapter 4: Performing the Initial

Configuration of the PathFinder
server
After connecting the cables and switching on the Avaya Scopia PathFinder server, perform the
initial configuration as described in these sections:
Related links
Configuring the IP Addresses of the PathFinder server on page 35
Configuring Ports on the PathFinder server on page 40
Integrating the PathFinder server with Other Scopia Solution Components on page 45
Enabling Internal Endpoints to Call External Endpoints on page 47
Configuring Priority of Audio or Video on page 57
Configuring the IP Addresses of the PathFinder server

About this task
There are two network cards (NICs) in the Avaya Scopia PathFinder server to enable deploying it
with better security and management of network traffic:
NIC 1 (Ethernet port defined as eth0) always supports the external traffic.
NIC 2 (Ethernet port defined as eth1) is always dedicated to the internal network traffic.
For a highly secure dual-NIC deployment we recommend to also configure the management role to
eth1. This procedure describes how to configure this type of topology. Figure 23: The role of the
dual-NIC PathFinder server in a deployment on page 36 illustrates these roles.
April 2016

35
Performing the Initial Configuration of the PathFinder server
Figure 23: The role of the dual-NIC PathFinder server in a deployment
Before you begin

Make sure you have these items:
A PC with available serial port
Serial cable provided with your PathFinder server. Use the serial port on the server's rear panel
to assign the new IP addresses.
A client program to configure the administration console of your PathFinder server using an
SSH connection. We recommend using PuTTY. You can download this free application from
http://www.chiark.greenend.org.uk/~sgtatham/putty/
IP address of each NIC in the PathFinder server
Dedicated subnet mask for the PathFinder server
Important:
In a dual-NIC deployment we strongly recommend connecting the NICs to two different
subnets.
IP address of the default router the PathFinder server uses to communicate over the network
IP address of the DNS server
Fully Qualified Domain Name (FQDN) for the PathFinder server
Procedure
1. Login to the administration shell menu of your PathFinder server.
a. Start PuTTY on your PC
b. Select the Serial page in the PuTTY Configuration dialog box.
c. Verify that the connection fields are setup as follows:
April 2016

36
Field Name
Value
Serial line to connect to
COM1
Speed (baud)
9600
Data bits
Stop bits
Parity
None
Flow Control
None
d. Turn on the power to your PathFinder server.

e. When prompted, enter a user name and password to login to PathFinder server. The
password is encrypted with a 2048-bit key. The default user name and password are
both admin.
2. Configure the NIC interfaces.
a. Once in the Main Menu, enter 2 to access the Network administration menu.
b. Enter 2 to access the Change network configuration menu (Figure 24: Configuring
NIC 0 (external NIC) on page 37).
The display shows the current network interface configuration. The HWaddr field
displays the MAC address of eth0.
Figure 24: Configuring NIC 0 (external NIC)
c. Enter 1 to configure eth0(external NIC 1).

d. Enter the IP address of eth0(NIC 1).
e. Enter the IP address of the subnet mask to which eth0 belongs.
f. Enter the IP address of the default gateway.
The window displays the new settings. The External access, Management access,
and Internal access fields are automatically enabled.
External access is enabled so that the NIC can communicate with the external network.
Traffic on the NIC typically comprises H.460, tunneling, DNS query traffic, and H.323.
Management access and internal access are automatically disabled after you enable
these fields in eth1(NIC 2).
April 2016

37
g. Enter 2 to configure eth1(internal NIC 2).

h. Enter y in the Interface status to enable eth1.
i. Enter the IP address of eth1(NIC 2).
j. Enter the IP address of the subnet mask to which eth1 belongs.
k. Enter y to enable the Management role of eth1.
l. Enter y to enable the Internal role of eth1.
Field
Description
Internal access
Enable this field so that the NIC can handle standard H.

323 traffic in the internal network.
Management access
Enable this field for the NIC's handling of management

traffic such as:
HTTP, required for accessing the web user interface of
Avaya Scopia PathFinder server
SSH, required for accessing the shell administration
menu of Avaya Scopia PathFinder server
SFTP, for uploading or downloading resources of Avaya
Scopia PathFinder server
XML over TCP, required for third-party management
interface.
The system automatically disables the external role of eth1. The window displays the
NIC configuration as illustrated in Figure 25: The network interface configuration
screen on page 38.
Figure 25: The network interface configuration screen
The configuration automatically sets the IP addresses of the NICs in the web interface
of the PathFinder server. To view this page, login to the web interface and navigate to
April 2016

38
Settings > General (Figure 26: The page displaying the NIC IP addresses in the
Settings tab on page 39).
Figure 26: The page displaying the NIC IP addresses in the Settings tab
3. Configure the DNS server as your enterprise DNS server.

a. In the Network administration menu enter 3 to access the DNS configuration menu.
b. Enter A to add a DNS server.
c. Enter the IP address of the new server.
4. Configure the new FQDN.
a. In the Network administration menu, enter 4 to access the FQDN configuration menu.
b. Enter the FQDN of the PathFinder server. The system displays the host name and
domain name, as well as the new FQDN of the PathFinder server.
5. Add a static route to define call paths so that they are redirected from the PathFinder server
to ECS and internal endpoints on other subnets.
A static route is required if the internal network has many subnets. For example:
If the internal NIC is in network 168.168.1.10, and all internal endpoints and the ECS are
also located in network 192.168.1.0, there is no need for a static route.
If the internal network has many subnets (such as 168.168.2.0, 172.16.0.0), you need to
configure the static route so that the PathFinder server can communicate with devices
inside subnets other than 168.168.1.0.
a. In the Network administration menu enter 6 to access the static route configuration
menu.
b. Enter A to add a new static route.
c. Enter the routing rule as: <host_ip|network_ip/prefix> via <gateway>>
6. Close the SSH session.
Related links
Performing the Initial Configuration of the PathFinder server on page 35
April 2016

39
Configuring Ports on the PathFinder server

This section provides instructions of how to configure the following ports and port ranges on the
Avaya Scopia PathFinder server:
Related links
Configuring the IP Addresses of the PathFinder server on page 35
Configuring the UDP Port for RAS on the PathFinder server on page 40
Limiting the TCP/UDP Port Range for H.323 Direct Access Calls on the PathFinder server on
page 41
Limiting the TCP/UDP port range on the internal interface of PathFinder on page 41
Configuring Port Access for H.460 Endpoints on page 42
Configuring the UDP Port for RAS on the PathFinder server

About this task
The Avaya Scopia PathFinder server assumes the gatekeeper uses 1719 as the designated port
for RAS (communication with the gatekeeper). You can configure a different port for RAS (if, for
example, port 1719 is busy).
Procedure
1. Access the PathFinder server Administrator web interface.
2. Log in to the PathFinder web user interface.
3. Select Settings > General.
4. Locate the Gatekeeper area (see Figure 27: Gatekeeper Settings on page 40).
Figure 27: Gatekeeper Settings
5. Modify the port range in the Port field.

6. Select Save.
Related links
April 2016

40
Limiting the TCP/UDP Port Range for H.323 Direct Access Calls
on the PathFinder server
About this task
The Avaya Scopia PathFinder server has designated ports 4000-5000 for H.323 Direct Public
Access (DPA), which allows non-H.460 public endpoints to call internal endpoints without being
registered to the PathFinder server. To provide additional security for your firewall, you can limit this
range.
To calculate approximately how many ports the PathFinder server uses, multiply the number of
simultaneous DPA calls by 10. The multiplication factor is lower for audio-only calls and higher for
calls with dual video. We recommend using 10 as an approximation.
Procedure
3. Enable H.323 Direct Access by selecting the checkbox next to H.323 Direct Access (Figure
28: H.323 Direct Access Settings on page 41).
Figure 28: H.323 Direct Access Settings
4. Modify the port range in the Port Range fields.

5. Select Save.
Related links
Limiting the TCP/UDP port range on the internal interface of

PathFinder
About this task
PathFinder has a designated port range of 12000-15000 for H.323 calls to the internal interface. For
additional security for your firewall, you can limit this range.
April 2016

41
To calculate the number of ports PathFinder uses, add the two figures that you get by the following
methods:
Multiply the number of simultaneous H.323 calls by 10.
The multiplication factor is lower for audio-only calls and higher for calls with dual video. Use
10 as an approximate multiplication factor.
Count one port for each endpoint registration.
For example, if you have 100 endpoints, count 100 ports.
You must restart PathFinder after you modify the port range.
Procedure
2. Click Settings > General.
3. In the Internal interface section, set the port range to 12000 up to 15000.
The maximum port range is from 9000 to 65535. The port range setting requires a minimum
range of 300 ports.
4. Click Save.
Next steps
Restart PathFinder
Related links
Configuring Port Access for H.460 Endpoints

About this task
The Avaya Scopia PathFinder server acts as an H.460 server, enabling H.460 endpoints (which
are H.460 clients) to register with the PathFinder server.
H.460 enhances the standard H.323 protocol to manage firewall/NAT traversal, employing ITU-T
standards. Endpoints which are already H.460 compliant can communicate directly with the
PathFinder server, where the endpoint acts as an H.460 client to the PathFinder server which acts
as an H.460 server.
(Figure 29: H.460 endpoints register with PathFinder server on page 43).
April 2016

42
Figure 29: H.460 endpoints register with PathFinder server
If an external H.460 endpoint in the public internet can dial the E.164 number of an endpoint within
the enterprise, the ports used are:
1. The H.460 endpoint requests registration (RRQ) to the PathFinder server via port 1719.
2. The PathFinder server confirms RRQ.
3. The endpoint sends a call request in the form of two connections to the PathFinder server:
Port 2776 for call setup with H.225. H.225 is part of the set of H.323 protocols. It defines
the messages and procedures used by gatekeepers to set up calls.
Port 2777 for signaling with H.245
Signaling, also known as call control, sets up, manages and ends a connection or call.
These messages include the authorization to make the call, checking bandwidth, resolving
endpoint addresses, and routing the call through different servers. Signaling is transmitted
via the H.225.0/Q.931 and H.225.0/RAS protocols in H.323 calls, or by the SIP headers in
SIP calls. Signaling occurs before the control aspect of call setup.
The PathFinder server in turn routes these requests to the ECS.
For more information on the firewall's port configuration see Ports to Open on PathFinder on
page 15. The PathFinder server ports are configured by default to support these calls. Follow this
procedure to change the default configuration.
Procedure
2. Select Settings > H.460. The window displays the default port values for H.460 endpoint
port access.
April 2016

43
Carefully read this information before changing the default values:

If you leave these fields blank, the system does not change the port's origin value.
As these ports are unique, you cannot define more than one of these to the same port.
Both the native port and the public port face the external network. Native ports are used
on the PathFinder server, while public ports are opened on the NAT/firewall. Public ports
must match those configured on your external firewall/NAT.
Figure 30: Configuring PathFinder server for H.460 endpoint access

Field
Description
Ras Port
RAS (Registration, Admission, Status) is required for

communication between the remote endpoint and the PathFinder
server. It allows the endpoint to request admission of the call.
Important:
Avoid changing the default value of the RAS public port. This
change requires changing the port value for all endpoints in
your deployment.
April 2016
Call Signal Port
Used for call setup, call proceeding, alerts, connection, call

release upon completion.
Call Control Port
Provides control service to the multimedia session that has been

established.
RTCP Port
Real-time Transmission Control Protocol provides statistics on the

quality of the multimedia session in place.
RTP Port
Real-Time Transport Protocol port carries the media flow.
Multiplex
When enabled, reduces the number of required ports by sending

media and control communications over RTP/RTCP via UDP
ports 2776 and 2777. The Multiplex option is automatically
enabled when you enable NAT support (see Integrating the
PathFinder server with NAT on page 46).

44
Integrating the PathFinder server with Other Scopia Solution Components
Related links
Integrating the PathFinder server with Other Scopia

Solution Components
Your Avaya Scopia PathFinder server is part of the Scopia Solution and must be integrated with
other components:
Related links
Integrating the PathFinder server with ECS on page 45
Integrating the PathFinder server with NAT on page 46
Integrating the PathFinder server with ECS

About this task
To allow endpoints from the external network to communicate with endpoints in the internal network,
you need to configure the IP address of ECS in the PathFinder server. Endpoints participating in
calls can be legacy H.323 and H.460 compliant. Calls can be dialed using IP addresses, URI dialing,
and E.164 dialing.
URI dialing requires resolving a destination like name@company.com or number@company.com
into the IP of an endpoint. This is performed by the gatekeeper. When the URI address refers to a
destination in another network, it requires the PathFinder server and the ECS to work together.
Important:
In the settings of the gatekeeper, add the IP address of the PathFinder server at port 1719 as
the gatekeeper's neighbor, as described in Enabling URI Dialing to External Endpoints on
page 50.
Before you begin

Verify you have the IP address of the Avaya Scopia ECS Gatekeeper.
Procedure
2. Select the Settings tab.
3. In the General tab navigate to the Gatekeeper Address field. See Figure 31: Integrating the
PathFinder server with ECS on page 46.
April 2016

45
Figure 31: Integrating the PathFinder server with ECS
4. Enter the IP address of the ECS.

5. If required, change the port number which is set to 1719 by default.
Related links
Integrating the PathFinder server with NAT

About this task
Enable this functionality if the external NIC of the PathFinder server uses a private IP address to
communicate with endpoints outside the organization.
Do not enable NAT support if the server's external NIC communicates with the Internet by using a
public IP address.
Before you begin

Verify you have the NAT IP address.
Procedure
2. Select Settings > General > NAT Support.
Figure 32: Configuring NAT support
3. Configure the NAT settings as follows:

Table 4: Configuring NAT support
Field
Description
NAT Support
Enable NAT Support if the external NIC of the PathFinder server

uses a private IP address to communicate with endpoints outside
the organization.
If deploying the PathFinder with a load balancer, you must enable
NAT Support. For more information, see Configuring PathFinder
servers for the Load Balancer on page 67.
Address
April 2016
Enter the public IP address of the NAT device in the Address field.
Table continues

46
Enabling Internal Endpoints to Call External Endpoints
Field
Description
Important:
In the firewall/NAT device, verify that the NAT address is
mapped to the private IP address of the PathFinder server's
external NIC.
Port
If required, change the Scopia PathFinder client port number which

is set to 3089 by default.
Related links

Endpoints in the organization call external endpoints using their IP address (including dialing the
device, then # or ##, then the meeting ID) or URI. If the external endpoint is registered to the Avaya
Scopia ECS Gatekeeper, it can also dial the endpoint's E.164 number. Since external endpoints
are typically not registered to the gatekeeper, this requires the gatekeeper to work with the Avaya
Scopia PathFinder server to complete the call.
A gatekeeper routes audio and video H.323 calls by resolving dial strings (H.323 alias or URI) into
the IP address of an endpoint, and handles the initial connection of calls. The Avaya Scopia ECS
Gatekeeper provides address resolution functionality in H.323 networks and also manages video
traffic over IP networks. When the destination address is located in another network, the gatekeeper
forwards the request to the PathFinder server to complete the call and resolve the destination.
You must configure both the PathFinder server and the ECS to support IP and URI dialing, as
described in the following topics:
Related links
Configuring Priority of Audio or Video on page 57
Configuring Access for H.323 Legacy Endpoints on page 47
URI Dialing Functionality on page 49
Enabling URI Dialing to External Endpoints on page 50
Enabling IP Dialing to External Endpoints on page 54
Configuring Access for H.323 Legacy Endpoints

About this task
Direct Public Access enables opening a direct dial line to the Avaya Scopia PathFinder server to
call external H.323 legacy endpoints.
April 2016

47
To set up this connection, you need to configure the PathFinder server to accept H.323 calls and
forward them. You also need to configure the Avaya Scopia ECS Gatekeeper to one or more
PathFinder servers to facilitate the routing of these calls. For more information on configuring the
ECS, see the Reference Guide for Avaya Scopia ECS Gatekeeper.
Procedure
3. Configure the following settings for Direct Public Access:
Figure 33: Configuring Access for H.323 Legacy Endpoints

Table 5: Configuring Access for H.323 Legacy Endpoints
Field
Description
H.323 Direct Access
Enable H.323 Direct Access to open a direct dial line to the

PathFinder server for H.323 endpoints that do not support the
secure H.460 protocol.
Port Range
Define the range of ports used for direct H.323 calls in the
field.
Important:
If the external NIC of the PathFinder server is located
behind a firewall, this range of port must also be opened
in the firewall, as well as port 1720 for H.323 signaling.
Default Extension
Enter the default extension that you usually configure to the

MCU IVR (Interactive Voice Response). PathFinder server
redirects a call to the default extension when the endpoint
dials only the server's IP address without any extension.
4. Select Save.
Related links
April 2016

48
URI Dialing Functionality

The Scopia Solution fully supports URI dialing, a dial format for contacting endpoints outside your
organization.
URI is an address format used to locate a device on a network, where the address consists of the
endpoint's name or number, followed by the domain name of the server to which the endpoint is
registered. For example,<endpoint name>@<server_domain_name>. When dialing URI between
organizations, the server might often be the Avaya Scopia PathFinder server of the organization.
All Scopia Solution endpoints work transparently with URI dials, including the Avaya Scopia XT
Series and Scopia Desktop Clients. You can also perform URI dials from the conference control of
Avaya Scopia Management.
URI dialing is compatible with Avaya Scopia PathFinder (for H.323 endpoint) and other third party
firewall traversal systems such as SBCs (for SIP endpoints). Dialing an endpoint from one
organization to another requires first traversing your own firewall with PathFinder, out through the
internet, and then into the firewall of the recipients organization using their firewall traversal system
(Figure 34: URI dialing between two enterprises using PathFinder on page 49).
Figure 34: URI dialing between two enterprises using PathFinder
To access an endpoint in the other company, the URIs domain name is the second companys
firewall traversal system, like the name of their PathFinder server, or the organization's domain
April 2016

49
name. For example, in Figure 34: URI dialing between two enterprises using PathFinder on
page 49, dialing to the partner company requires knowing the following:
The name or number of the endpoint, in this example xt1
The domain name of the PathFinder server of that company, public.partner.com in this
example, or the organization's domain name, partner.com.
Important:
As with regular web domain names, the name of the PathFinder server resolves to an IP
address via standard DNS lookup if it has been allocated a global DNS name. If the servers IP
address does not have a DNS name, the URI dial should directly specify the servers IP address
instead. For example, the URI xt1@123.456.789.1 specifies the alias followed by the servers IP
address.
To set up this connection, you need to configure the PathFinder server to accept H.323 calls and
forward them. You also need to configure the ECS to define one or more PathFinder servers as
ECSs neighbor, to facilitate the routing of these calls.
Related links
Enabling URI Dialing to External Endpoints

About this task
A gatekeeper routes audio and video H.323 calls by resolving dial strings (H.323 alias or URI) into
the IP address of an endpoint, and handles the initial connection of calls. The Avaya Scopia ECS
Gatekeeper provides address resolution functionality in H.323 networks and also manages video
traffic over IP networks.
You can call endpoints using their IP address, URI, or E.164 number. This procedure describes how
to set the gatekeeper to forward URI calls from internal endpoints to external endpoints in another
enterprise, via the PathFinder server. Since external endpoints are not registered to the gatekeeper,
this requires the gatekeeper to work with the PathFinder server to complete the call.
URI is an address format used to locate a device on a network, where the address consists of the
endpoint's name or number, followed by the domain name of the server to which the endpoint is
registered. For example,<endpoint name>@<server_domain_name>. When dialing URI between
organizations, the server might often be the Avaya Scopia PathFinder server of the organization.
When the URI address refers to a destination in another network, the gatekeeper forwards the
request to the PathFinder server to complete the call and resolve the destination (Figure 35: URI
dialing between two enterprises using PathFinder on page 51).
April 2016

50
Figure 35: URI dialing between two enterprises using PathFinder
Endpoints participating in calls can be legacy H.323 and H.460 compliant.

You can also configure the gatekeeper to forward IP calls to the PathFinder server, as described in
Enabling IP Dialing to External Endpoints on page 54. For deployments with multiple PathFinder
servers, including several servers acting as one server behind a load balancer, perform this
procedure for each server. For more information about configuring multiple PathFinder servers
behind a load balancer, see Scalability, High Availability and Load Balancing with PathFinder on
page 59.
Before you begin

Enable Direct Public access on the PathFinder server, as described in Configuring Access for
H.323 Legacy Endpoints on page 47. This allows internal endpoints to call external legacy H.
323 endpoints that do not support H.460.
If you are configuring multiple PathFinder servers, with or without a load balancer, do this for
each PathFinder server.
To allow endpoints from the external network to communicate with endpoints in the internal
network, you need to configure the IP address of ECS in the PathFinder server, as described in
Integrating the PathFinder server with ECS on page 45.
Verify you have the IP address of the PathFinder server NIC connected to the internal network.
Procedure
2. Navigate to Settings > General > Dialing URI Support.
April 2016

51
Figure 36: Configuring URI dialing support
3. Configure the PathFinder server to handle the domain name or IP address included in the
URI dialing of inbound or outbound calls, as described below.
Table 6: Configuring URI support
Field
Description
Local Domain Name
Enter the domain name of the organization in which the PathFinder

server is physically located. This configuration enables the server to
optimize the handling of calls when used with Resolve on Server
First, described below.
Resolve on Server First
Select to strip the domain name/IP address from the dialed string
before transferring the relevant message to its destination.
Important:
We recommend enabling this setting to optimize the handling
of call transfer.
Do not select this option if your organization has a policy of
transferring a message to its destination by using the complete
endpoint's dial string (for example, 1234@5.6.7.8) instead of
its alias (1234 in this example).
4. Access the ECS web interface.

If you are using Scopia Management's built-in gatekeeper, log in to the administrator portal
of Scopia Management and access the link from the gatekeeper's page (for more
information on accessing Scopia Management, see Administrator Guide for Avaya Scopia
Management).
5. Select Hierarchy > Neighbors.
April 2016

52
Figure 37: Configuring a Neighboring PathFinder server for outgoing URI calls
6. Configure the PathFinder server as a neighboring server to the ECS to facilitate outgoing
URI dialing, as described below.
This is required since the external endpoint is not registered to the gatekeeper, and therefore
it cannot resolve the address of the external endpoint. When an internal endpoint calls an
external endpoint using its URI address, the gatekeeper sends the request to all devices
configured as its neighbor, which may include other gatekeepers and PathFinder servers, to
check which one can resolve the address.
Table 7: Configuring a Neighboring PathFinder server for outgoing URI calls
Field
Description
Add
Select to add the PathFinder server.
Prefix
Leave this field empty since URI dialing does not route calls
to zones using dial prefixes. URI dialing routes calls using
the domain name in the URI string, which is resolved to any
zone worldwide.
Description
Enter the name of your PathFinder server.
IP Address
Enter the IP address of your PathFinder server. This is the

IP address of the internal NIC connected to the internal
network.
Port
The default port value, 1719, is mandatory for URI dialing.
7. Select Upload.
8. If your deployment includes multiple PathFinder servers, including several servers acting as
one server behind a load balancer, repeat the steps above for each PathFinder server.
April 2016

53
Related links
Enabling IP Dialing to External Endpoints

About this task
You can call endpoints using their IP address (including dialing the device, then # or ##, then the
meeting ID), URI, or E.164 number. This procedure describes how to set the gatekeeper to forward
IP calls from internal endpoints to public endpoints, via the PathFinder server. Since external
endpoints are not registered to the gatekeeper, this requires the gatekeeper to work with the
PathFinder server to complete the call (Figure 38: IP call to an external endpoint on page 54).
Figure 38: IP call to an external endpoint
You can also configure the gatekeeper to forward URI calls to the PathFinder server, as described
in Enabling Internal Endpoints to Call External Endpoints on page 47. For deployments with multiple
PathFinder servers, including several servers acting as one server behind a load balancer, perform
this procedure for each server. For more information about configuring multiple PathFinder servers
behind a load balancer, see Scalability, High Availability and Load Balancing with PathFinder on
page 59.
Before you begin

Verify you have the IP address of the Avaya Scopia PathFinder server NIC connected to the
internal network.
Enable Direct Public access on the PathFinder server, as described in Configuring Access for
H.323 Legacy Endpoints on page 47. This allows internal endpoints to call external legacy H.
323 endpoints that do not support H.460.
Verify you have the Direct Public Access address of the PathFinder server:
April 2016

54
1. From the PathFinder server web interface, select Client Status > Client Name that has
the format paProxy@<IP address>. The PathFinder server automatically created this
proxy address when you enabled Direct Public Access.
2. Note the address (IP address and port) under Q.931 Address > Registration
Information(see Figure 39: Registration information required for configuring the ECS on
page 55).
You need this registration information to configure IP dialing.
Figure 39: Registration information required for configuring the ECS
Procedure
1. Access the ECS web interface.
If you are using Scopia Management's built-in gatekeeper, log in to the administrator portal
of Scopia Management and access the link from the gatekeeper's page (for more
information on accessing Scopia Management, see Administrator Guide for Avaya Scopia
Management).
2. Select Settings > Calls.
Figure 40: Configuring IP dialing in the ECS
3. Configure IP dialing as follows:
April 2016

55
Table 8: Enabling IP Dialing

Field
Description
Route IP calls to
Select this option to enable routing IP calls to the PathFinder server.
Add
Select to add the PathFinder server to the list of servers. The

gatekeeper routes IP calls to the PathFinder server(s) in the list.
IP Address
Enter the IP address and port of the PathFinder server that it

automatically created when you enabled H.323 Direct Access. For
more information, see Configuring Access for H.323 Legacy
Endpoints on page 47.
Port
You need to add the PathFinder server's IP address to instruct the

gatekeeper where to forward all IP calls when the destination IP
address is not registered to the gatekeeper.
4. Select OK.
5. Select Upload.
6. If your deployment includes multiple PathFinder servers, including several servers acting as
one server behind a load balancer:
a. Repeat the steps above for each PathFinder server.
b. Verify you have the correct redundancy policy set up between the gatekeeper and each
PathFinder server.
The ECS has its own load balancing method to work with multiple PathFinder servers
for outgoing calls from internal endpoints to external endpoints (Figure 41: Forwarding
traffic to the PathFinder server on page 57). By default, it is configured to the
Scalability policy, enabling it to send requests to each PathFinder server in the cluster,
in a round robin manner.
Alternatively, you can set the ECS to work with the Priority policy, where the ECS can
route the call to the first PathFinder server in the list and continue to the next one only if
a failure occurred. Contact Customer Support to configure this setting.
Important:
This is separate from the redundancy policy you configured for the load balancer,
which instructs it how to direct incoming traffic from the external network to the
internal network (Figure 41: Forwarding traffic to the PathFinder server on
page 57). For more information about setting up the load balancer, see
Scalability, High Availability and Load Balancing with PathFinder on page 59.
April 2016

56
Configuring Priority of Audio or Video
Figure 41: Forwarding traffic to the PathFinder server
Related links
Configuring Priority of Audio or Video

About this task
Quality of Service helps solve network performance issues by assigning relative priorities to the
following packets:
Audio, which is one of the media sent during a call. For example, by assigning high priority to
audio under poor network conditions with high packet loss, you determine that audio is the
most important element of the videoconference to be maintained at the expense of better video
quality. Audio is transmitted via the RTP and RTCP protocols in H.323 calls.
Video, which includes shared data stream like a presentation, also known as dual video. Far
end camera control (FECC) is another example of information carried on the data stream.
Video is transmitted via the RTP and RTCP protocols in H.323 calls.
Control, which includes signaling and media control.
- Signaling, also known as call control, sets up, manages and ends a connection or call.
These messages include the authorization to make the call, checking bandwidth, resolving
endpoint addresses, and routing the call through different servers. Signaling is transmitted
via the H.225.0/Q.931 and H.225.0/RAS protocols in H.323 calls. Signaling occurs before
the control aspect of call setup.
- Control, or media control, sets up and manages the media of a call (its audio, video and
data). Control messages include checking compatibility between endpoints, negotiating
April 2016

57
video and audio codecs, and other parameters like resolution, bitrate and frame rate. Control
is communicated via H.245 in H.323 endpoints. Control occurs within the framework of an
established call, after signaling.
Follow this procedure to determine the relative priorities for audio, video, and control transmitted via
the PathFinder server.
Procedure
2. Select the Settings > General > QoS tab.
3. In the General tab navigate to QoS.
Figure 42: Configuring QoS in the PathFinder server
4. Select the Quality of Service level according to your network requirements.

Important:
During low-bandwidth conditions, Scopia Management uses these priority settings to
adjust the quality of the meeting.
Field
Description
None
Select this setting when the network has sufficient bandwidth for each
stream (audio, video, and media control) and does not require any
prioritization of the different streams.
Default
Select this setting to use the following default priority values for each
stream:
48 for the media Control stream. This highest priority ensures that calls
are set up properly even if it means that other calls ongoing may reduce
their video or audio during a call setup. All TCP connections use the QoS
value set in this field.
46 for the Audio stream. This priority ensures that audio is always given
precedence over video. This audio applies to multiple video channels
(e.g., sound stream for endpoint microphones and presentations).
34 for the Video stream. The lowest default priority is given to video
image quality. It applies to endpoint camera images and also covers data
streams like far end camera control.
Customized
Enter your own relative priorities as a number from 0-255 to represent the
relative priority of Audio, Video, and Control.
Related links
April 2016

58
Chapter 5: Scalability, High Availability and

Load Balancing with PathFinder
Avaya Scopia PathFinder servers provide firewall traversal and NAT solution services to both H.
460-compliant and non-H.460 endpoints. You can provide both scalability and high availability for
your PathFinder servers by deploying multiple PathFinder servers behind a load balancer. High
availability is a state where you ensure better service and less downtime by deploying additional
servers. Scalability describes the ability to increase the capacity of a network device by adding
another identical device (one or more) to your existing deployment.
A load balanced group of PathFinder servers, also known as a cluster, act as a single virtual server.
A load balancer can distribute traffic among the servers in the cluster, so that if one PathFinder
server has too many incoming calls at a given time, for example, another PathFinder server can
take up the load of managing incoming calls in a round-robin manner. Other load balancing methods
can be configured for the load balancer, according to your deployment's requirements. Likewise, if
one server fails, the remaining servers can continue working, providing high availability of the
deployment.
Figure 43: Load balancing PathFinder server in the enterprises DMZ on page 60 illustrates a
typical deployment of multiple PathFinder servers with a load balancer.
April 2016

59
Scalability, High Availability and Load Balancing with PathFinder
Figure 43: Load balancing PathFinder server in the enterprises DMZ
Load balancing multiple PathFinder servers is also often required for service provider deployments,
where the large capacity can serve multiple enterprises within one deployment. This topology is
similar to the one illustrated in Figure 43: Load balancing PathFinder server in the enterprises
DMZ on page 60.
In each case, the deployment requires the following components:
PathFinder servers
The servers are configured as a cluster that has a virtual IP address for routing calls inbound to
the local network. We recommend connecting both network interface cards (NIC) of each
PathFinder server:
- The first NIC connects to a DMZ switch along with the load balancer
- The second NIC connects to the companys internal network
For more information about a dual NIC configuration, see Configuring the IP Addresses of the
PathFinder server on page 35. PathFinder server s with one NIC can also be part of the
cluster.
A load balancer
A load balancer groups together a set (or cluster) of servers to give them a single IP address,
known as a virtual IP address. It distributes client service requests amongst a group of servers.
It distributes loads according to different criteria such as bandwidth, CPU usage, or cyclic
(round robin). Load balancers are also known as application delivery controllers (ADC).
April 2016

60
Workflow to Configure PathFinder server for Redundancy
The following load balancers are certified for the current version of PathFinder server:
- Radware AppDirector
- F5 BIG-IP Load Traffic Manager (LTM)
PathFinder server redundancy can also be managed using other third-party load balancers.
A gatekeeper
A gatekeeper routes audio and video H.323 calls by resolving dial strings (H.323 alias or URI)
into the IP address of an endpoint, and handles the initial connection of calls. Gatekeepers also
implement the dial plan of an organization by routing H.323 calls depending on their dial
prefixes. Scopia Management includes a built-in Avaya Scopia Gatekeeper, while ECS is a
standalone gatekeeper.
H.323 endpoints
Your deployment can include H.323 endpoints that are H.460 compliant or H.323 (legacy)
endpoints which do not support H.460. Both types of endpoints can reside either in the
enterprise (secured network) or in the Internet. Endpoints that want to register to the
PathFinder server do so via the clusters virtual IP address or register to the Scopia
PathFinder client if they are not H.460-compliant. The Scopia PathFinder client registers to
the PathFinder server via the clusters virtual IP address.
For information on the components that are part of the Scopia Solution, see the Scopia Solution
Guide.
Related links
Workflow to Configure PathFinder server for Redundancy on page 61
Configuring Radware Load Balancer for PathFinder servers on page 62
Configuring the F5 BIG-IP LTM for PathFinder servers on page 64
Configuring PathFinder servers for the Load Balancer on page 67
Workflow to Configure PathFinder server for Redundancy

About this task
To configure the main components required for Avaya Scopia PathFinder redundancy, perform the
tasks as they are listed in the workflow below.
Radware AppDirector
F5 BIG-IP Load Traffic Manager (LTM)
Procedure
1. Install and configure one of the PathFinder servers, as described in:
April 2016

61

2. Test the deployments operability to verify that the Scopia Solution functions with a single
PathFinder server.
You can now deploy multiple servers behind a load balancer by going through the tasks
listed below.
3. Configure your load balancer to work with PathFinder server, as follows:
If configuring the Radware AppDirector, see Configuring Radware Load Balancer for
PathFinder servers on page 62.
If configuring the F5 BIG-IP LTM, see Configuring the F5 BIG-IP LTM for PathFinder
servers on page 64.
4. Configure the PathFinder server to work with the load balancer, as described in Configuring
PathFinder servers for the Load Balancer on page 67.
5. For each PathFinder server in the cluster, perform the necessary configurations described in
Performing the Initial Configuration of the PathFinder server on page 35.
Important:
All PathFinder servers in the cluster must be configured identically, apart from their
native IP addresses. For more information about configuring the IP address, see
Configuring the IP Addresses of the PathFinder server on page 35.
Related links
Scalability, High Availability and Load Balancing with PathFinder on page 59
Configuring Radware Load Balancer for PathFinder

servers
About this task
The procedure in this topic describes the initial settings required for the Radware AppDirector to
function with the PathFinder deployment. For the detailed configuration of the load balancer, see
Radwares AppDirector documentation.
Radware AppDirector is one of the load balancers that was certified for this release of the
PathFinder deployment. To configure the F5 BIG-IP Load Traffic Manager, see Configuring the F5
BIG-IP LTM for PathFinder servers on page 64.
See Scalability, High Availability and Load Balancing with PathFinder on page 59 for an overview of
scalability and load balancing with PathFinders.
April 2016

62
Configuring Radware Load Balancer for PathFinder servers
Before you begin

Important:
This procedure should only be performed by certified Radware implementation specialists. This
section focuses only on the settings which may be different from a standard Radware
implementation. For more information on standard Radware deployments, see the Radware
documentation.
Verify that you have all the IP addresses of the Avaya Scopia PathFinder servers, required to
configure the load balancer.
Procedure
1. Log in to the AppDirector user interface.
2. Create a server farm for PathFinder servers in the load balancer, as described in the
AppDirector documentation. A farm is the term used by AppDirector to refer to a cluster of
servers.
The settings described below are specific to PathFinder server and may differ from a typical
AppDirector deployment:
Table 9: Virtual farm settings specific to PathFinder server
Field
Description
Farm Name
Enter the name of the server farm.
Aging Time
Indicates the number of seconds before the connection between

a source IP to the server is timed out (disconnected). The source
IP refers to either the endpoint or the Scopia PathFinder client,
depending on whether the endpoint is connecting directly or via
the Scopia PathFinder client.
Set the aging time to a high value (for example, 90000). Within
that period of time, AppDirector routes the reconnecting client to
that specific server.
Dispatch Method
Select the method the load balancer uses for distributing traffic
between servers in this farm. We recommend one of the
following:
Round Robin: Directs each endpoint service request to
another PathFinder server, in turn.
Least Amount of Traffic: Directs endpoint service requests to
the PathFinder server with the least amount of traffic.
Sessions Mode
Select EntryPerSession to ensure the load balancer continues

to route packets from the same client to the same PathFinder
server throughout the duration of the videoconference.
3. Configure a virtual IP address for the farm, as described in the AppDirector documentation.
This is the address the load balancer uses to forward endpoint service requests to the
PathFinder servers grouped in the farm.
April 2016

63
4. Configure the Layer 4 rules (or policies) the load balancer uses to manage traffic, as
described in the AppDirector documentation.
AppDirector uses the Layer 4 protocol and the requests destination port to select the
required farm. TCP (Transmission Control protocol) and UDP (User Datagram Protocol) are
part of the Layer 4 protocol. AppDirector manages the virtual IP addresses using Layer 4
policies.
Use the same farm name as above
Set L4 Protocol to Any. This ensures the farm supports any IP protocol, including TCP
and UDP.
5. Add each PathFinder server to the farm as described in the AppDirector documentation.
Enter the server's details, such as the IP address
Verify that Client NAT is set to Disabled.
6. To ensure communication is possible with the PathFinders, add the farm's virtual IP address
and service port to the organization's firewalls.
7. Continue with Configuring PathFinder servers for the Load Balancer on page 67 to
configure the PathFinder servers to function with a load balancer.
Related links
Configuring the F5 BIG-IP LTM for PathFinder servers

About this task
The procedure in this topic describes the settings required for the F5 BIG-IP Load Traffic Manager
(LTM) to function with the Avaya Scopia PathFinder deployment. For the detailed configuration of
the load balancer, see the F5s documentation.
The F5 BIG-IP LTM is one of the load balancers that was certified for this release of the PathFinder
deployment. To configure the Radware AppDirector, see Configuring Radware Load Balancer for
PathFinder servers on page 62.
Before you begin

Important:
This procedure should only be performed by certified F5 BIG-IP LTM implementation
specialists. This section focuses only on the settings which may be different from a standard
implementation, and does not elaborate on specific F5 terminology necessary to understand
April 2016

64
Configuring the F5 BIG-IP LTM for PathFinder servers
when deploying the load balancer. For more information on standard F5 BIG-IP LTM
deployments, see the F5 documentation.
Verify that you have all the IP addresses of the PathFinder servers and the F5 (including its default
gateway, also known as its router). This is required to configure the load balancer.
Procedure
1. Access the F5 web interface.
2. Set up a virtual LAN (VLAN) for all PathFinder servers, as described in the F5
documentation.
A VLAN is similar to a physical LAN, but is used to group devices based on specific
attributes rather than a common location. Any data packets passing in and out of the VLAN
must be done via the F5's router (also known as the default gateway).
3. Add a Self IP for the VLAN you created, as described in the F5 documentation.
This IP address represents the range of IP addresses of the servers in the cluster. The load
balancer uses this IP address to determine which VLAN to forward the request.
4. Add a Node for each PathFinder server and the default gateway, as described in the F5
documentation.
The VLAN consists of nodes, where each node is a physical server.
5. Add a pool that contains all PathFinder servers in your deployment, as described in the F5
documentation. A pool is the term used by F5 to refer to a cluster of servers.
Configure the PathFinder server pool settings, as described in the F5 documentation.
F5 deployment:
Table 10: Pool settings specific to PathFinder server
Field
Description
Configuration
From the list, select Advanced.
Name
Enter a name to identify this as the PathFinder server cluster, such

as PathFinder_Pool.
Health Monitors
Select the gateway_icmp health monitor.

gateway_icmp is a pre-configured health monitor available by
default on the F5. Health monitors check devices to verify that they
are running, at specified intervals. For more information, see the F5
documentation.
Load Balancing Method
From the list, select the method the load balancer uses for
distributing traffic between servers in this pool. The default method
is Round Robin, which directs each endpoint service request to
another PathFinder server, in turn.
Table continues
April 2016

65
Field
Description
Node List
Select this option. A list of the PathFinder servers you added as

nodes appears.
Service Port
Enter 0 to indicate that this field should not be used. The PathFinder
server's service port is configured on the firewall.
New Members
Add each PathFinder server.
6. Add a pool that contains the default gateway, as described in the F5 documentation.
The pool may include more than one gateway, depending on your network setup.
F5 deployment:
Table 11: Gateway pool settings specific to PathFinder server
Field
Description
Configuration
From the list, select Advanced.
Name
Enter a name to identify this as the gateway cluster, such as

Gateway_Pool.
Health Monitors
Select the gateway_icmp health monitor.

gateway_icmp is a pre-configured health monitor available by
default on the F5. Health monitors check devices to verify that they
are running, at specified intervals. For more information, see the F5
documentation.
New Address
Select this option and enter the IP address of the F5's default
gateway (router).
Service Port
Enter 0 to indicate that this field should not be used. The PathFinder
server's service port is configured on the firewall.
New Members
Add the F5's default gateway as a member to this pool.
7. (Optional) After configuring the pools, we recommend verifying that the servers are running
by checking the list of members in each pool, as described in the F5 documentation.
8. Set up the default gateway as the router for the PathFinder server pool, as described in the
F5 documentation.
9. Add a virtual server, which includes all PathFinder servers in your deployment, as described
in the F5 documentation.
10. Configure the virtual server, as described in the F5 documentation.
F5 deployment:
April 2016

66
Configuring PathFinder servers for the Load Balancer
Table 12: Virtual server settings specific to PathFinder server

Field
Description
Default Pool
From the list, select the PathFinder server pool you

created.
Default Persistence Profile
From the list, select source_address. This instructs the

load balancer to send all session requests from the same
source IP to the same PathFinder server.
11. Configure static network address translation (SNAT) to translate the source IP from an actual
PathFinder server to a virtual public IP, as described in the F5 documentation. This is used
to convert a request to the virtual cluster IP into the real IP of one of the servers in the
cluster.
F5 deployment:
Table 13: SNAT settings specific to PathFinder server
Field
Description
Name
Enter a name to identify this as the NAT for the PathFinder

server cluster, such as PathFinder_SNAT.
Translation
Select IP address from the list and enter the IP address of the
PathFinder virtual server you just created.
Origin
Select Address List from the list.
Type
Select Host.
Address
Add the IP addresses of the PathFinder servers in the pool.
12. To ensure communication is possible with the PathFinders, add the IP address and service
port of the PathFinder virtual server to the organization's firewalls.
13. Continue with Configuring PathFinder servers for the Load Balancer on page 67 to
configure the PathFinder servers to function with a load balancer.
Related links

About this task
This procedure describes how to configure the PathFinder servers in the cluster to function with the
load balancer.
Important:
All PathFinder servers in the cluster must be configured identically, apart from their native IP
addresses.
April 2016

67
Radware AppDirector
F5 BIG-IP Load Traffic Manager (LTM)
For more information, see:
Scalability, High Availability and Load Balancing with PathFinder on page 59 for an overview of
scalability and load balancing with PathFinder servers.
Important:
The load balancer maps the traffic based on the source IP address. All endpoint requests
that originate from the same IP address are always mapped to the same PathFinder
server.
The load balancer's documentation.
Before you begin

Verify the default gateway of each PathFinder server is set to the native IP address of the load
balancer. For more information on setting the device's default gateway, see Configuring the IP
Addresses of the PathFinder server on page 35.
Procedure
2. Select Settings > General > NAT Support.
Figure 44: Configuring NAT support
3. Configure NAT support for each PathFinder server in the cluster, as follows:
Table 14: Configuring NAT support
Field
Description
NAT Support
Enable NAT Support to use the virtual IP address (VIP) of

the cluster when communicating with external endpoints,
instead of the IP address of this PathFinder server.
This is mandatory when deploying PathFinder server with a
load balancer.
Address
Enter the VIP of the PathFinder server's cluster, as follows:

If you have a single NIC configuration, or a dual NIC
configuration with the external NIC secured behind a
firewall, enter the public IP address with NAT translation to
the cluster's VIP.
If you have a dual NIC configuration with the external NIC
directly in the public network, set the NAT address to the
Table continues
April 2016

68
Field
Description
VIP of the cluster and deploy your load balancer in the
public network.
Important:
In the firewall/NAT device, verify that the NAT address
is mapped to the private VIP address of the PathFinder
server cluster's external NIC.
Port
If required, change the Scopia PathFinder client port

number which is set to 3089 by default.
4. Select Save.
5. For each PathFinder server in the cluster, perform the necessary configurations described in
Performing the Initial Configuration of the PathFinder server on page 35.
Important:
All PathFinder servers in the cluster must be configured identically, apart from their
native IP addresses. For more information about configuring the IP address, see
Configuring the IP Addresses of the PathFinder server on page 35.
Related links
April 2016

69
Chapter 6: Performing Maintenance

Procedures
This section details to the ongoing administrator tasks required to maintain your video network:
Related links
Updating, Backing Up and Restoring the PathFinder server on page 70
Filtering and Monitoring Events in PathFinder server on page 76
Managing Logs on page 80
Capturing Network Traces for Troubleshooting on page 83
Viewing PathFinder Hardware and License Information on page 85
Updating, Backing Up and Restoring the PathFinder server

You should back up your application and system configuration files on a regular basis. It is general
practice to back up the latest configuration before performing maintenance procedures such as an
upgrade.
Depending on your support contract, you can update the Avaya Scopia PathFinder server
application to:
The next major version.
Updating a major version requires a new license.
This kind of update changes one of the first two digits in a version number. For example,
updating from version 7.7 to version 8.2 requires a new license.
An incremental version.
Updating an incremental version does not require a new license.
This kind of update changes the third, fourth and fifth digits in the version number. For
example, updating from 8.2.0.0.29 to 8.2.0.0.34 does not require a new license.
The update procedure may vary depending on the release number and the size of the jump from the
current installation to the new release.
April 2016

70
Important:
You can restore the operating system of the PathFinder server to any version of the server as
long as you use the Intel server's backup packages.
For details about updating, backing up, restoring the PathFinder server application and its operating
system, see the following topics:
Related links
Performing Maintenance Procedures on page 70
Upgrading the PathFinder server on page 71
Backing Up the Configuration Settings on page 73
Restoring the Configuration Settings on page 75
Upgrading the PathFinder server

About this task
If Customer Support sends you an upgrade of the Avaya Scopia PathFinder server application or
operating system, you need to upgrade your system to the latest software version for the best
performance and enhanced features. This procedure describes how to upgrade the PathFinder
server and covers both the upgrading of system components and of the PathFinder server
application from version 7.7.x to version 8.2.x or later.
Important:
Use the same procedure to roll back to a previous version. For information on rolling back to a
PathFinder server application version prior to 7.7.x, contact Customer Support.
Before you begin

Verify you have the IP address of the PathFinder server.
Download the upgrade file to your computer.
If required, make sure you have the license key at hand.
You need software tools to perform this procedure. We recommend using these freeware
applications:
- WinSCP, a Secure FTP client, to save the file(s) to the desired location. You can download
this application from http://winscp.net/eng/download.php
- PuTTY, an SSH client, to connect to the PathFinder server administration console to perform
the procedure in this section. You can download this application from http://
www.chiark.greenend.org.uk/~sgtatham/putty/
Make sure no active calls are running on the PathFinder server, as the upgrade disconnects
these calls.
Back up the configuration files of both the PathFinder server and the operating system before
performing this procedure, as described in Backing Up the Configuration Settings on
page 73.
April 2016

71
Performing Maintenance Procedures
Procedure
1. Run WinSCP to transfer the file.
2. Configure the connection to your PathFinder server in the WinSCP Login dialog box, as
follows:
Table 15: Configuring WinSCP settings
Field
Description
Host name
Enter the IP address of the PathFinder server.
User name
Enter the username to access PathFinder server. This is always

uadmin.
Password
Enter the password. The default is admin. If you modified the

default password, enter the new value here.
File protocol
Select SFTP to enable the SSH File Transfer Protocol capability.
3. Select Login.
4. Drag the new .pkg update file to the /updates folder in the PathFinder server and select
Copy when prompted (Figure 45: Screen showing the application upgrade file in the
PathFinder server on page 72).
Figure 45: Screen showing the application upgrade file in the PathFinder server
5. Run PuTTY to connect to the PathFinder server.

6. Configure the connection to the PathFinder server in the Session tab of the PuTTY
Configuration dialog box, as follows:
Table 16: Configuring the PuTTY session
Field
Description
Host Name (or IP address)
SSH
Verify the Secure Shell protocol is enabled.
7. Install the update as follows:

a. Enter 4 in the Main menu to access the System Menu.
b. Enter the menu item corresponding to the required update (Figure 46: Updating the
PathFinder server application version on page 73): 1 to update the operating system
components, or 2 to upgrade the PathFinder server version.
April 2016

72
Figure 46: Updating the PathFinder server application version
c. Enter the menu item corresponding to the installation file you just transferred to the
PathFinder server (Figure 47: Screen showing the installation of the PathFinder server
application update on page 73).
Figure 47: Screen showing the installation of the PathFinder server application update
d. If this is a major update of the PathFinder server application, enter the license key
(Figure 47: Screen showing the installation of the PathFinder server application
update on page 73). Otherwise, press Enter to use the current license key.
The PathFinder server reboots automatically after each installation procedure.
Related links
Backing Up the Configuration Settings

About this task
You can use this procedure to backup the Avaya Scopia PathFinder server application or system
configuration settings to a single file, which you can then archive elsewhere using FTP. You can
also send the backup file to Customer Support, if required. To restore from the backup file to the
PathFinder server, see Restoring the Configuration Settings on page 75.
This is different from saving settings and logs into a Customer Support Package, along with other
system log files. For more information, see Retrieving Application and Operating System Logs on
page 81.
Important:
You cannot restore from a Customer Support Package; you can only restore from a backup.
Before you begin

You need a software tool to perform this procedure. We recommend PuTTY, a free SSH client,
to connect to the PathFinder server administration console to perform the procedure in this
section. You can download this application from http://www.chiark.greenend.org.uk/~sgtatham/
putty/
April 2016

73
Procedure
Field
Description
SSH
3. Create a backup of the configuration settings as follows:

a. Enter 3 in the Main menu to access the Backup/Restore menu option.
b. Enter the menu item corresponding to the required backup (Figure 48: Selecting the
configuration backup on page 74): 1 to backup the PathFinder server configuration, or
3 to backup the operating system configuration.
Figure 48: Selecting the configuration backup
Depending on the backup you selected, the configuration is saved to a file that has the
format <sysconfig_yyyy-mm-dd-hh-mm-ss.tgz> or <pfsconfig_yyyy-mm-dd-hh-mmss.tgz> (Figure 49: Screen showing the backing up the PathFinder server application
configuration on page 74). The file is located in the server folder /updates/bckp.
Figure 49: Screen showing the backing up the PathFinder server application
configuration
c. Press Enter to return to the Main menu.

d. Enter Q to exit the session.
Related links
April 2016

74
Restoring the Configuration Settings

About this task
The restore tool of Avaya Scopia PathFinder server offers the safest and most reliable method to
restore a backup of PathFinder server application or system configurations. Depending on the
backup you selected, the file has the name format <pfsconfig_yyyy-mm-dd_hh-mmss.tgz>(application) or <sysconfig_yyyy-mm-dd_hh-mm-ss.tgz>(system). The file is located in the
PathFinder server under the folder /updates/bckp. For more information on creating a backup, see
Backing Up the Configuration Settings on page 73.
Important:
Before you begin

You need a software tool to perform this procedure. We recommend PuTTY, a free SSH client,
to connect to the PathFinder server administration console to perform the procedure in this
section. You can download this application from http://www.chiark.greenend.org.uk/~sgtatham/
putty/
Procedure
Field
Description
SSH
3. Restore the configuration backup to the PathFinder server as follows:

a. Enter 3 in the Main menu to access the Backup/Restore menu option.
b. Enter the menu item corresponding to the required configuration restore (Figure 50:
Restoring the PathFinder server configuration settings on page 75): 2 to restore the
PathFinder server configuration, or 4 to restore the operating system configuration.
Figure 50: Restoring the PathFinder server configuration settings
April 2016

75
c. Enter the item number corresponding to the configuration restore (Figure 51: Screen
showing how to restore the PathFinder server application configuration on page 76).
Figure 51: Screen showing how to restore the PathFinder server application configuration
d. Press Enter. After the configuration is restored, the display returns to the Backup/
Restore menu.
Related links
Filtering and Monitoring Events in PathFinder server

About this task
You can filter the log of events generated by Avaya Scopia PathFinder server, so that the list
includes or excludes certain types of events or alerts. An event can be:
An information notice on a video device's behavior or status (for example, time and date when
the server was brought online, or a login to the PathFinder server). No immediate action is
necessary, but the log keeps the administrator informed.
A warning or error indicating a problem which affects system operation and requires the
administrator's intervention.
PathFinder displays these events, also known as alerts or traps, in its web interface. You can
forward traps to a server which manages PathFinder (usually Scopia Management) for further
monitoring. To forward a trap, add a new user to the PathFinder server list of users, whose role is
Collaborator. The default username for this purpose is Collab, but each management server must
have its own dedicated username with the Collaborator role, reserved only for a management
server to login and to obtain the events information.
If Scopia Management manages the PathFinder server, you can automatically share the Collab
default username and password. To achieve this, first configure the PathFinder server for third-party
management as explained in the procedure below, and then add it to Scopia Management.
To connect with Scopia Management, see Administrator Guide for Avaya Scopia Management.
To connect with a third-party event or managing server other than Scopia Management, contact
your local support representative.
The PathFinder server clears a warning or error automatically when the problem causing it is solved
and informs Scopia Management that the alarm is no longer relevant.
To configure and retrieve logs for customer support, see Managing Logs on page 80.
April 2016

76
Procedure
2. To pass events and messages to a management server, enable the Third Party
Management API field in the General tab.
Figure 52: Connecting a third-party management or event server
The management server uses the dedicated username whose role is Collaborator,
displayed in the Users tab. The default username is Collab with password balloC.
Figure 53: Adding the third-party server as a collaborator
3. To filter traps sent to the management server, select Settings > Alerts.
4. Select Enable next to the event for which you want to send a trap, or Select All to enable
the complete list of events. Table 19: Filtering the display of certain types of events on
page 78 lists some of the Event Types you can choose to configure.
To change the default severity level of the monitored event, select the new setting
(Information, Warning, Critical) from the dropdown list.
April 2016

77
Figure 54: Event types

Table 19: Filtering the display of certain types of events
Field
Description
Power Up
The PathFinder server went online after an automatic or manual restart of

the software. PathFinder caches this message until the management
server is properly connected and then sends it.
Power Down
The PathFinder server went offline. Possible causes include: an orderly

shutdown followed by an automatic restart, or a configuration change
prompting you to select Restart in the General tab.
Endpoint Registered
The specified remote endpoint successfully registered in the PathFinder

server so it can route calls from and to this endpoint. The event includes
the endpoint's name, IP address, date and time.
Endpoint
Unregistered
An endpoint is no longer registered in the PathFinder server.
GK Changed
The PathFinder server has registered to a new gatekeeper.

This is a critical event, therefore we recommend not removing this from
the list of displayed events. An administrator must always manually
change a gatekeeper. If the PathFinder server starts routing calls
incorrectly, look for this event as a possible cause.
High Level CPU Meter The PathFinder server has reached the maximum CPU usage, set in the
Threshold field in the same row (Figure 54: Event types on page 78).
Client Connected
A Scopia PathFinder client established a connection to the PathFinder

server. The event includes the client's name, IP address, date and time.
Client Disconnected
A Scopia PathFinder client has disconnected from the PathFinder server.

Table continues
April 2016

78
Field
Description
Port Utilization
The PathFinder server has reached the maximum percentage of

simultaneous calls, set in the Threshold field in the same row.
The default license supports 10 concurrent calls. You need to purchase a
license to increase the threshold. Depending on the license you purchase,
you can reach a maximum capacity of 100 concurrent calls.
If you see this event when the threshold is at maximum, consider raising
capacity by purchasing additional PathFinder servers and deploying them
with a load balancer.
Registration
Utilization
The PathFinder server has reached the maximum percentage of

registration capacity, set in the Threshold field in the same row.
The default license supports 60 registered endpoints. You need to
purchase a license to increase the threshold. Depending on the license
you purchase, you can reach a maximum capacity of 600 registered
endpoints.
User logged in
A user (for example, an administrator) successfully logged into the

PathFinder server web interface.
User logged out
A user successfully logged out from the PathFinder server web interface.
Authentication
Failure
A user failed to log into the PathFinder server web interface.
License Update
Displays details of the PathFinder server new license (for example,

number of concurrent calls and number of registered endpoints).
Link Down
PathFinder's external NIC cannot see the network. Possible causes

include a bad cable, disabled network port, or network failure.
5. Where available, set the Threshold value from the dropdown list. For example, when the
server's CPU load exceeds the 85% you configured in High Level CPU Meter, the alert
remains active until the usage decreases below the configured value.
The server sends clearing messages to Scopia Management for the High Level CPU
Meter, Port Utilization, or Registration Utilization events.
6. Select Save.
7. Access the PathFinder server web interface and monitor the trap messages in the Event
Logs tab (Figure 55: Trap messages in PathFinder server on page 79).
Figure 55: Trap messages in PathFinder server
Related links
April 2016

79
Managing Logs
Logs are important for troubleshooting. This section describes the log managing provided in the
Avaya Scopia PathFinder server:
Related links
Configuring the Alert Level and Size of Logs on page 80
Retrieving Application and Operating System Logs on page 81
Configuring the Alert Level and Size of Logs

About this task
Log files contain important information for troubleshooting the system. You can set the level of alerts
in the Avaya Scopia PathFinder server. You can also define the size and number of log files kept
on the hard disk of the PathFinder server for further troubleshooting.
Procedure
2. Select the Settings tab.
3. Navigate to the Logging area of the General tab (Figure 56: Configuring the logs on
page 80).
Figure 56: Configuring the logs
4. Select the log level required for this PathFinder server.

Field Name
Description
Detail
Saves call details, warnings, and critical system errors to the log file.
Warning
Saves warnings issued by the system and critical system errors to the log
file.
Error
Saves critical system errors only to the log file.
Disabled
Disables the PathFinder server logging.
5. Select the log file size in the Size Limit field. The size of an individual log file is configured to
500KB by default. The maximum size of an individual log file is 10000KB.
6. Define how many log files are created in the Number of Log Files field. By default the
maximum number of log files that are kept on the PathFinder server is 300. The maximum
number of log files is 1000. When the maximum number is reached and a new log file is
created, it replaces the oldest log file.
Related links
April 2016

80
Managing Logs
Retrieving Application and Operating System Logs

About this task
When reporting a problem to customer support, they may ask you to retrieve and send logs from the
Avaya Scopia PathFinder server. This procedure describes how to download the Customer
Support Package, which is a zipped file of bundled logs and configuration files that you can send to
customer support.
The Customer Support Package collects the following information:
PathFinder server application and operating system configurations
PathFinder server application and operating system logs
Operating system run time information (including CPU usage, memory usage, and networking
status)
PathFinder server application run time information (including memory status and other details).
You can retrieve the Customer Support Package from PathFinder server, or via Scopia
Management as detailed in Administrator Guide for Scopia Management.
Alternatively, you can retrieve the PathFinder server application and operating system
configurations from the PathFinder administration console as explained in Backing Up the
Configuration Settings on page 73.
Important:
You can set the level of detail in the logs of the PathFinder server and define the size and number of
log files kept on the server's hard disk. For more information, see Configuring the Alert Level and
Size of Logs on page 80.
Before you begin

You could need a software tool to perform this procedure. We recommend WinSCP, a Secure FTP
client, to save the file(s) to the desired location. You can download this application from http://
winscp.net/eng/download.php
Procedure
2. Select General > Customer Support (Figure 57: Accessing the screen for generating the
Customer Support Package on page 81).
Figure 57: Accessing the screen for generating the Customer Support Package
3. To collect today's log, select Capture last day.
April 2016

81
Figure 58: Selecting the log file
4. To select log files collected during a period of time:

a. Select Capture from... to (Figure 58: Selecting the log file on page 82).
b. Select, hold and scroll through the year and month lists for the required date (Figure 59:
Choosing the log file dates on page 82).
Figure 59: Choosing the log file dates
c. Select the relevant day in the calendar.

d. If necessary, select Reset to change dates.
5. Select Generate.
6. (Optional) To download the package from the PathFinder server to your PC using the HTTP
connection, select /updates/logs/pfcspkg_<date > .zip (Figure 60: Retrieving the Customer
Support Package on page 83).
April 2016

82
Capturing Network Traces for Troubleshooting
Figure 60: Retrieving the Customer Support Package
7. (Optional) To download the package from the PathFinder server to your PC using WinSCP,
run the application and perform the steps below to transfer the file.
follows:
Field
Description
Host name
User name

uadmin.
Password

File protocol
9. Select Login.
10. Drag the log file from the /updates/logs folder to the relevant folder on your computer The
PathFinder server names logs as pfcspkg_<selected_dates>.zip by default.
11. Close WinSCP and confirm ending the session to save the changes.
Related links
Capturing Network Traces for Troubleshooting

About this task
This section describes how to track and capture packet traffic on the Avaya Scopia PathFinder
server, using the built-in TCPDUMP packet analyzer (http://www.tcpdump.org/).
April 2016

83
You can retrieve the network captures as files and use them to troubleshoot problems.
Before you begin

You need software tools to perform this procedure. We recommend using these freeware
applications:
- PuTTY, an SSH client, to connect to the PathFinder server administration console to perform
the procedure in this section. You can download this application from http://
www.chiark.greenend.org.uk/~sgtatham/putty/
- WinSCP, a Secure FTP client, to save the file(s) to the desired location. You can download
this application from http://winscp.net/eng/download.php
Procedure
Field
Description
SSH
3. Create a network trace file with PuTTy as follows:

a. Enter 4 in the Main menu to access the System Menu.
b. Enter 7 to capture network traces (Figure 61: Capturing network traces on page 84).
Figure 61: Capturing network traces
c. Enter Y to confirm starting to capture the network traces (Figure 62: Creating the
network capture files on page 84).
Figure 62: Creating the network capture files
The PathFinder server starts the trace, which you can end by pressing Ctrl-C. It creates
a single or multiple .pcap files, depending on the duration of the capture. It also
April 2016

84
Viewing PathFinder Hardware and License Information
generates a .tgz file which compresses all these .pcap files to a single package (Figure
63: Downloading the network capture files to your computer on page 85). As each file
is dated and time stamped, you can download and review only the files which captured
issues you are interested in troubleshooting.
d. Press Enter to return to the Main Menu.
e. Press Q to exit the session.
4. Run WinSCP to transfer the file.
follows:
Field
Description
Host name
User name

uadmin.
Password

File protocol
6. Select Login.
7. Drag the relevant network capture file from the /updates/nw_traces folder to the relevant
folder on your computer (Figure 63: Downloading the network capture files to your
computer on page 85).
Figure 63: Downloading the network capture files to your computer
8. Close WinSCP and confirm ending the session to save the changes.
Related links
Viewing PathFinder Hardware and License Information

About this task
Use this feature to find useful information about the system. This information is also required when
you contact Customer Support.
April 2016

85
Procedure
2. Select the About tab. The screen displays system information.
Table 23: Viewing Information on PathFinder
Field Name
Description
Version Number
Displays the version number of the PathFinder server.
MAC Address
Displays the MAC address of the PathFinder server.
Serial Number
Displays the serial number of the PathFinder server.
Expiration Date
Displays the date on which your current license expires. For

demonstration versions only.
Max. Connected
Endpoints
Displays the maximum allowed number of connected endpoints, as

determined by your license.
Max. Concurrent Calls
Displays the maximum allowed number of concurrent calls, as

determined by your license.
Related links
April 2016

86
Glossary
1080p
See Full HD on page 90.
2CIF
2CIF describes a video resolution of 704 x 288 pixels (PAL) or 704 x 240
(NTSC). It is double the width of CIF, and is often found in CCTV products.
2SIF
2SIF describes a video resolution of 704 x 240 pixels (NTSC) or 704 x 288
(PAL). This is often adopted in IP security cameras.
4CIF
4CIF describes a video resolution of 704 x 576 pixels (PAL) or 704 x 480
(NTSC). It is four times the resolution of CIF and is most widespread as the
standard analog TV resolution.
4SIF
4SIF describes a video resolution of 704 x 480 pixels (NTSC) or 704 x 576
(PAL). This is often adopted in IP security cameras.
720p
See HD on page 92.
AAC
AAC is an audio codec which compresses sound but with better results
than MP3.
AGC (Automatic Gain

Control)
Automatic Gain Control (AGC) smooths audio signals through

normalization, by lowering sounds which are too strong and strengthening
sounds which are too weak. This is relevant with microphones situated at
some distance from the speaker, like room systems. The result is a more
consistent audio signal within the required range of volume.
Alias
An alias in H.323 represents the unique name of an endpoint. Instead of

dialing an IP address to reach an endpoint, you can dial an alias, and the
gatekeeper resolves it to an IP address.
Auto-Attendant
Auto-Attendant, also known as video IVR, offers quick access to meetings

hosted on MCUs, via a set of visual menus. Participants can select menu
options using standard DTMF tones (numeric keypad). Auto-Attendant
works with both H.323 and SIP endpoints.
Balanced
Microphone
A balanced microphone uses a cable that is built to reduce noise and

interference even when the cable is long. This reduces audio disruptions
resulting from surrounding electromagnetic interference.
April 2016

87
Glossary
BFCP (Binary Floor

Control Protocol)
BFCP is a protocol which coordinates shared videoconference features in

SIP calls, often used by one participant at a time. For example, when
sharing content to others in the meeting, one participant is designated as
the presenter, and is granted the floor for presenting. All endpoints must be
aware that the floor was granted to that participant and react appropriately.
Bitrate
Bitrate is the speed of data flow. Higher video resolutions require higher
bitrates to ensure the video is constantly updated, thereby maintaining
smooth motion. If you lower the bitrate, you lower the quality of the video. In
some cases, you can select a lower bitrate without noticing a significant
drop in video quality; for example during a presentation or when a lecturer
is speaking and there is very little motion. In video recordings, the bitrate
determines the file size for each minute of recording. Bitrate is often
measured in kilobits per second (kbps).
Call Control
See Signaling on page 97.
Cascaded
Videoconference
A cascaded videoconference is a meeting distributed over more than one

physical Scopia Elite MCU, where a master MCU connects to one or more
slave MCUs to create a single videoconference. It increases the meeting
capacity by combining the resources of several MCUs. This can be
especially useful for distributed deployments across several locations,
reducing bandwidth usage.
CIF
CIF, or Common Intermediate Format, describes a video resolution of 352

288 pixels (PAL) or 352 x 240 (NTSC). This is sometimes referred to as
Standard Definition (SD).
Content Slider
The Scopia Content Slider stores the data already presented in the
videoconference and makes it available for participants to view during the
meeting.
Continuous
Presence
Continuous presence enables viewing multiple participants of a

videoconference at the same time, including the active speaker. This
graphics-intensive work requires scaling and mixing the images together
into one of the predefined video layouts. The range of video layouts
depends on the type of media processing supported, typically located in the
MCU.
Control
Control, or media control, sets up and manages the media of a call (its
audio, video and data). Control messages include checking compatibility
between endpoints, negotiating video and audio codecs, and other
parameters like resolution, bitrate and frame rate. Control is communicated
via H.245 in H.323 endpoints, or by SDP in SIP endpoints. Control occurs
within the framework of an established call, after signaling.
CP
See Continuous Presence on page 88.
April 2016

88
Dedicated Endpoint
Dedicated Endpoint
A dedicated endpoint is a hardware endpoint for videoconferencing

assigned to a single user. It is often referred to as a personal or executive
endpoint, and serves as the main means of video communications for this
user. For example, Scopia XT Executive. It is listed in the organization's
LDAP directory as associated exclusively with this user.
Dial Plan
A dial plan defines a way to route a call and to determine its characteristics.
In traditional telephone networks, prefixes often denote geographic
locations. In videoconferencing deployments, prefixes are also used to
define the type and quality of a call. For example, dial 8 before a number for
a lower bandwidth call, or 6 for an audio-only call, or 5 to route the call to a
different branch.
Dial Prefix
A dial prefix is a number added at the beginning of a dial string to route it to

the correct destination, or to determine the type of call. Dial prefixes are
defined in the organization's dial plan. For example, dial 9 for an outside
line, or dial 6 for an audio only call.
Distributed
Deployment
A distributed deployment describes a deployment where the solution

components are geographically distributed in more than one network
location.
DNS Server
A DNS server is responsible for resolving domain names in your network by

translating them into IP addresses.
DTMF
DTMF, or touch-tone, is the method of dialing on touch-tone phones, where

each number is translated and transmitted as an audio tone.
Dual Video
Dual video is the transmitting of two video streams during a

videoconference, one with the live video while the other is a shared data
stream, like a presentation.
Dynamic Video
Layout
The dynamic video layout is a meeting layout that switches dynamically to

include the maximum number of participants it can display on the screen
(up to 9 on the XT Series, or up to 28 on Scopia Elite MCU). The largest
image always shows the active speaker.
E.164
E.164 is an address format for dialing an endpoint with a standard

telephone numeric keypad, which only has numbers 0 - 9 and the symbols:
* and #.
Endpoint
An endpoint is a tool through which people can participate in a

videoconference. Its display enables you to see and hear others in the
meeting, while its microphone and camera enable you to be seen and
heard by others. Endpoints include dedicated endpoints, like Scopia XT
Executive, software endpoints like Scopia Desktop Client, mobile device
endpoints like Scopia Mobile, room systems like XT Series, and
telepresence systems like Scopia XT Telepresence.
April 2016

89
Glossary
Endpoint Alias
See Alias on page 87.
FEC
Forward Error Correction (FEC) is a proactive method of sending redundant

information in the video stream to preempt quality degradation. FEC
identifies the key frames in the video stream that should be protected by
FEC. There are several variants of the FEC algorithm. The Reed-Solomon
algorithm (FEC-RS) sends redundant packets per block of information,
enabling the sender (like the Scopia Elite MCU) to manage up to ten
percent packet loss in the video stream with minimal impact on the
smoothness and quality of the video.
FECC
Far End Camera Control (FECC) is a feature of endpoint cameras, where

the camera can be controlled remotely by another endpoint in the call.
Forward Error
Correction
See FEC on page 90.
FPS
See Frames Per Second on page 90.
Frame Rate
See Frames Per Second on page 90.
Frames Per Second
Frames Per Second (fps), also known as the frame rate, is a key measure
in video quality, describing the number of image updates per second. The
average human eye can register up to 50 frames per second. The higher
the frame rate, the smoother the video.
Full HD
Full HD, or Full High Definition, also known as 1080p, describes a video
resolution of 1920 x 1080 pixels.
Full screen Video

Layout
The full screen view shows one video image. Typically, it displays the
remote presentation, or, if there is no presentation, it displays the other
meeting participant(s).
Gatekeeper
A gatekeeper routes audio and video H.323 calls by resolving dial strings
(H.323 alias or URI) into the IP address of an endpoint, and handles the
initial connection of calls. Gatekeepers also implement the dial plan of an
organization by routing H.323 calls depending on their dial prefixes.
Scopia Management includes a built-in Avaya Scopia Gatekeeper, while
ECS is a standalone gatekeeper.
Gateway
A gateway is a component in a video solution which routes information

between two subnets or acts as a translator between different protocols.
For example, a gateway can route data between the headquarters and a
partner site, or between two protocols like the TIP Gateway, or the Scopia
100 Gateway.
GLAN
GLAN, or gigabit LAN, is the name of the network port on the XT Series. It
is used on the XT Series to identify a 10/100/1000MBit ethernet port.
April 2016

90
H.225
H.225
H.225 is part of the set of H.323 protocols. It defines the messages and
procedures used by gatekeepers to set up calls.
H.235
H.235 is the protocol used to authenticate trusted H.323 endpoints and

encrypt the media stream during meetings.
H.239
H.239 is a widespread protocol used with H.323 endpoints, to define the

additional media channel for data sharing (like presentations) alongside the
videoconference, and ensures only one presenter at a time.
H.243
H.243 is the protocol used with H.323 endpoints enabling them to remotely
manage a videoconference.
H.245
H.245 is the protocol used to negotiate call parameters between endpoints,

and can control a remote endpoint from your local endpoint. It is part of the
H.323 set of protocols.
H.261
H.261 is an older protocol used to compress CIF and QCIF video

resolutions. This protocol is not supported by the XT Series.
H.263
H.263 is an older a protocol used to compress video. It is an enhancement

to the H.261 protocol.
H.264
H.264 is a widespread protocol used with SIP and H.323 endpoints, which
defines video compression. Compression algorithms include 4x4 transforms
and a basic motion comparison algorithm called P-slices. There are several
profiles within H.264. The default profile is the H.264 Baseline Profile, but
H.264 High Profile uses more sophisticated compression techniques.
H.264 Baseline
Profile
See H.264 on page 91.
H.264 High Profile
H.264 High Profile is a standard for compressing video by up to 25% over

the H.264 Baseline Profile, enabling high definition calls to be held over
lower call speeds. It requires both sides of the transmission (sending and
receiving endpoints) to support this protocol. H.264 High Profile uses
compression algorithms like:
CABAC compression (Context-Based Adaptive Binary Arithmetic
Coding)
8x8 transforms which more effectively compress images containing
areas of high correlation
These compression algorithms demand higher computation requirements,
which are offered with the dedicated hardware available in Scopia
Solution components. Using H.264 High Profile in videoconferencing
requires that both the sender and receiver's endpoints support it. This is
different from SVC which is an adaptive technology working to improve
quality even when only one side supports the standard.
April 2016

91
Glossary
H.320
H.320 is a protocol for defining videoconferencing over ISDN networks.
H.323
H.323 is a widespread set of protocols governing the communication

between endpoints in videoconferences and point-to-point calls. It defines
the call signaling, control, media flow, and bandwidth regulation.
H.323 Alias
See Alias on page 87.
H.350
H.350 is the protocol used to enhance LDAP user databases to add video
endpoint information for users and groups.
H.460
H.460 enhances the standard H.323 protocol to manage firewall/NAT

traversal, employing ITU-T standards. Endpoints which are already H.460
compliant can communicate directly with the PathFinder server, where the
endpoint acts as an H.460 client to the PathFinder server which acts as an
H.460 server.
HD
A HD ready device describes its high definition resolution capabilities of

720p, a video resolution of 1280 x 720 pixels.
High Availability
High availability is a state where you ensure better service and less
downtime by deploying additional servers. There are several strategies for
achieving high availability, including deployment of redundant servers
managed by load balancing systems.
High Definition
See HD on page 92.
High Profile
See H.264 High Profile on page 91.
HTTPS
HTTPS is the secured version of the standard web browser protocol HTTP.
It secures communication between a web browser and a web server
through authentication of the web site and encrypting communication
between them. For example, you can use HTTPS to secure web browser
access to the web interface of many Scopia Solution products.
Image Resolution
See Resolution on page 96.
KBps
Kilobytes per second (KBps) measures the bitrate in kilobytes per second,
not kilobits, by dividing the number of kilobits by eight. Bitrate is normally
quoted as kilobits per second (kbps) and then converted to kilobytes per
second (KBps). Bitrate measures the throughput of data communication
between two devices.
kbps
Kilobits per second (kbps) is the standard unit to measure bitrate,

measuring the throughput of data communication between two devices.
Since this counts the number of individual bits (ones or zeros), you must
divide by eight to calculate the number of kilobytes per second (KBps).
LDAP
LDAP is a widespread standard database format which stores network

users. The format is hierarchical, where nodes are often represented
April 2016

92
Lecture Mode
asbranch location > department > sub-department, orexecutives >

managers > staff members. The database standard is employed by most
user directories including Microsoft Active Directory, IBM Sametime and
others. H.350 is an extension to the LDAP standard for the
videoconferencing industry.
Lecture Mode
Scopia Desktop's lecture mode allows the participant defined as the

lecturer to see all the participants, while they see only the lecturer. All
participants are muted except the lecturer, unless a participant asks
permission to speak and is unmuted by the lecturer. This mode is tailored
for distance learning, but you can also use it for other purposes like when
an executive addresses employees during company-wide gatherings.
Load balancer
A load balancer groups together a set (or cluster) of servers to give them a
single IP address, known as a virtual IP address. It distributes client service
requests amongst a group of servers. It distributes loads according to
different criteria such as bandwidth, CPU usage, or cyclic (round robin).
Load balancers are also known as application delivery controllers (ADC).
Location
A location is a physical space (building) or a network (subnet) where video

devices can share a single set of addresses. A distributed deployment
places these components in different locations, often connected via a VPN.
Management
Management refers to the administration messages sent between

components of the Scopia Solution as they manage and synchronize data
between them. Management also includes front-end browser interfaces
configuring server settings on the server. Management messages are
usually transmitted via protocols like HTTP, SNMP, FTP or XML. For
example, Scopia Management uses management messages to monitor
the activities of an MCU, or when it authorizes the MCU to allow a call to
proceed.
MBps
Megabytes per second (MBps) is a unit of measure for the bitrate. The
bitrate is normally quoted as kilobits per second (kbps) and then converted
by dividing it by eight to reach the number of kilobytes per second (KBps)
and then by a further 1000 to calculate the MBps.
MCU
An MCU, or Multipoint Control Unit, connects several endpoints to a single

videoconference. It manages the audio mixing and creates the video
layouts, adjusting the output to suit each endpoint's capabilities.
MCU service
See Meeting Type on page 94.
Media
Media refers to the live audio, video and shared data streams sent during a
call. Presentation and Far end camera control (FECC) are examples of
information carried on the data stream. Media is transmitted via the RTP
and RTCP protocols in both SIP and H.323 calls. The parallel data stream
of both live video and presentation, is known as dual video.
April 2016

93
Glossary
Media Control
See Control on page 88.
Meeting Type
Meeting types (also known as MCU services) are meeting templates which
determine the core characteristics of a meeting. For example, they
determine if the meeting is audio only or audio and video, they determine
the default video layout, the type of encryption, PIN protection and many
other features. You can invoke a meeting type by dialing its prefix in front of
the meeting ID. Meeting types are created and stored in the MCU, with
additional properties in Scopia Management.
Moderator
A moderator has special rights in a videoconference, including blocking the

sound and video of other participants, inviting new participants,
disconnecting others, determining video layouts, and closing meetings. In
Scopia Desktop Client, an owner of a virtual room is the moderator when
the room is protected by a PIN. Without this protection, any participant can
assume moderator rights.
MTU
The MTU, or Maximum Transmission Unit, is the maximum size of data

packets sent around your network. This value must remain consistent for all
network components, including servers like the MCU and Scopia Desktop
server, endpoints like XT Series and other network devices like LDAP
servers and network routers.
Multi-Point
A multi-point conference has more than two participants.
Multi-tenant
Service provider, or multi-tenant, deployments enable one installation to

manage multiple organizations. All the organizations can reside as tenants
within a single service provider deployment. For example, Scopia
Management can manage a separate set of users for each organization,
separate local administrators, separate bandwidth policies etc. all within a
single multi-tenant installation.
Multicast Streaming
Multicast streaming sends a videoconference to multiple viewers across a

range of addresses, reducing network traffic significantly. Scopia Desktop
server multicasts to a single IP address, and streaming clients must tune in
to this IP address to view the meeting. Multicasts require that routers,
switches and other equipment know how to forward multicast traffic.
NAT
A NAT, or Network Address Translation device, translates external IP

addresses to internal addresses housed in a private network. This enables
a collection of devices like endpoints in a private network, each with their
own internal IP address, can be represented publicly by a single, unique IP
address. The NAT translates between public and private addresses,
enabling users toplace calls between public network users and private
network users.
NetSense
NetSense is a proprietary Scopia Solution technology which optimizes the

video quality according to the available bandwidth to minimize packet loss.
As the available bandwidth of a connection varies depending on data traffic,
April 2016

94
Packet Loss
NetSense's sophisticated algorithm dynamically scans the video stream,

and then reduces or improves the video resolution to maximize quality with
the available bandwidth.
Packet Loss
Packet loss occurs when some of the data transmitted from one endpoint is
not received by the other endpoint. This can be caused by narrow
bandwidth connections or unreliable signal reception on wireless networks.
PaP Video Layout
The PaP (Picture and Picture) view shows up to three images of the same
size.
Phantom Power
Microphones which use phantom power draw their electrical power from the
same cable as the audio signal. For example, if your microphone is
powered by a single cable, it serves both to power the microphone and
transmit the audio data. Microphones which have two cables, one for sound
and a separate power cable, do not use phantom power.
PiP Video Layout
The PiP (Picture In Picture) view shows a video image in the main screen,
with an additional smaller image overlapping in the corner. Typically, a
remote presentation is displayed in the main part of the screen, and the
remote video is in the small image. If the remote endpoint does not show
any content, the display shows the remote video in the main part of the
screen, and the local presentation in the small image.
Point-to-Point
Point-to-point is a feature where only two endpoints communicate with each

other without using MCU resources.
PoP Video Layout
The PoP (Picture out Picture) view shows up to three images of different
size, presented side by side, where the image on the left is larger than the
two smaller images on the right.
Prefix
See Dial Prefix on page 89.
PTZ Camera
A PTZ camera can pan to swivel horizontally, tilt to move vertically, and
optically zoom to devote all the camera's pixels to one area of the image.
For example, the XT Standard Camera is a PTZ camera with its own power
supply and remote control, and uses powerful lenses to achieve superb
visual quality. In contrast, fixed cameras like webcams only offer digital
PTZ, where the zoom crops the camera image, displaying only a portion of
the original, resulting in fewer pixels of the zoomed image, which effectively
lowers the resolution. Fixed cameras also offer digital pan and tilt only after
zooming, where you can pan up to the width or length of the original
camera image.
Q.931
Q.931 is a telephony protocol used to start and end the connection in H.323
calls.
April 2016

95
Glossary
QCIF
QCIF, or Quarter CIF, defines a video resolution of 176 144 pixels (PAL)
or 176 x 120 (NTSC). It is often used in older mobile handsets (3G-324M)
limited by screen resolution and processing power.
Quality of Service
(QoS)
Quality of Service (QoS) determines the priorities of different types of

network traffic (audio, video and control/signaling), so in poor network
conditions, prioritized traffic is still fully transmitted.
Recordings
A recording of a videoconference can be played back at any time.

Recordings include audio, video and shared data (if presented). In Scopia
Desktop, any participant with moderator rights can record a meeting. Users
can access Scopia Desktop recordings from the Scopia Desktop web
portal or using a web link to the recording on the portal.
Redundancy
Redundancy is a way to deploy a network component, in which you deploy

extra units as 'spares', to be used as backups in case one of the
components fails.
Registrar
A SIP Registrar manages the SIP domain by requiring that all SIP devices
register their IP addresses with it. For example, once a SIP endpoint
registers its IP address with the Registrar, it can place or receive calls with
other registered endpoints.
Resolution
Resolution, or image/video resolution, is the number of pixels which make

up an image frame in the video, measured as the number of horizontal
pixels x the number of vertical pixels. Increasing resolution improves video
quality but typically requires higher bandwidth and more computing power.
Techniques like SVC, H.264 High Profile and FEC reduce bandwidth usage
by compressing the data to a smaller footprint and compensating for packet
loss.
Restricted Mode
Restricted mode is used for ISDN endpoints only, when the PBX and line
uses a restricted form of communication, reserving the top 8k of each
packet for control data only. If enabled, the bandwidth values on these lines
are in multiples of 56kbps, instead of multiples of 64kbps.
Room System
A room system is a hardware videoconferencing endpoint installed in a

physical conference room. Essential features include its camera's ability to
PTZ (pan, tilt, zoom) to allow maximum flexibility of camera angles enabling
participants to see all those in the meeting room or just one part of the
room.
RTCP
Real-time Control Transport Protocol, used alongside RTP for sending

statistical information about the media sent over RTP.
RTP
RTP or Real-time Transport Protocol is a network protocol which supports

video and voice transmission over IP. It underpins most videoconferencing
April 2016

96
RTSP
protocols today, including H.323, SIP and the streaming control protocol
known as RTSP. The secured version of RTP is SRTP.
RTSP
RTSP or Real-Time Streaming Protocol controls the delivery of streamed

live or playback video over IP, with functions like pause, fast forward and
reverse. While the media itself is sent via RTP, these control functions are
managed by RTSP
Sampling Rate
The sampling rate is a measure of the accuracy of the audio when it is

digitized. To convert analog audio to digital, it must collect or sample the
audio at specific intervals. As the rate of sampling increases, it raises audio
quality.
SBC
A Session Border Controller (SBC) is a relay device between two different

networks. It can be used in firewall/NAT traversal, protocol translations and
load balancing.
Scalability
Scalability describes the ability to increase the capacity of a network device

by adding another identical device (one or more) to your existing
deployment. In contrast, a non-scalable solution would require replacing
existing components to increase capacity.
Scopia Content
Slider
See Content Slider on page 88.
SD
Standard Definition (SD), is a term used to refer to video resolutions which

are lower than HD. There is no consensus defining one video resolution for
SD.
Service
Also known as MCU service. See Meeting Type on page 94.
SIF
SIF defines a video resolution of 352 x 240 pixels (NTSC) or 352 x 288
(PAL). This is often used in security cameras.
Signaling
Signaling, also known as call control, sets up, manages and ends a
connection or call. These messages include the authorization to make the
call, checking bandwidth, resolving endpoint addresses, and routing the call
through different servers. Signaling is transmitted via the H.225.0/Q.931
and H.225.0/RAS protocols in H.323 calls, or by the SIP headers in SIP
calls. Signaling occurs before the control aspect of call setup.
Single Sign On
Single Sign On (SSO) automatically uses your network login and password
to access different enterprise systems. Using SSO, you do not need to
separately login to each system or service in your organization.
SIP
Session Initiation Protocol (SIP) is a signaling protocol for starting,

managing and ending voice and video sessions over TCP, TLS or UDP.
Videoconferencing endpoints typically are compatible with SIP or H.323,
and in some cases (like Avaya Scopia XT Series), an endpoint can be
April 2016

97
Glossary
compatible with both protocols. As a protocol, it uses fewer resources than

H.323.
SIP Registrar
See Registrar on page 96.
SIP Server
A SIP server is a network device communicating via the SIP protocol.
SIP URI
See URI on page 100.
Slider
See Content Slider on page 88.
SNMP
Simple Network Management Protocol (SNMP) is a protocol used to

monitor network devices by sending messages and alerts to their registered
SNMP server.
Software endpoint
A software endpoint turns a computer or portable device into a

videoconferencing endpoint via a software application only. It uses the
system's camera and microphone to send image and sound to the other
participants, and displays their images on the screen. For example,
Scopia Desktop Client or Scopia Mobile.
SQCIF
SQCIF defines a video resolution of 128 x 96 pixels.
SRTP
Secure Real-time Transport Protocol (SRTP) adds security to the standard

RTP protocol, which is used to send media (video and audio) between
devices in SIP calls. It offers security with encryption, authentication and
message integrity. The encryption uses a symmetric key generated at the
start of the call, and being symmetric, the same key locks and unlocks the
data. So to secure transmission of the symmetric key, it is sent safely
during call setup using TLS.
SSO
See Single Sign On on page 97.
Standard Definition
See SD on page 97.
Streaming
Streaming is a method to send live or recorded videoconferences in one

direction to viewers. Recipients can only view the content; they cannot
participate with a microphone or camera to communicate back to the
meeting. There are two types of streaming supported in Scopia Solution:
unicast which sends a separate stream to each viewer, and multicast which
sends one stream to a range of viewers.
STUN
A STUN server enables you to directly dial an endpoint behind a NAT or

firewall by giving that computers public internet address.
SVC
SVC extends the H.264 codec standard to dramatically increase error

resiliency and video quality without the need for higher bandwidth. It is
especially effective over networks with high packet loss (like wireless
networks) which deliver low quality video. It splits the video stream into
layers, comprising a small base layer and then additional layers on top
April 2016

98
SVGA
which enhance resolution, frame rate and quality. Each additional layer is
only transmitted when bandwidth permits. This allows for a steady video
transmission when available bandwidth varies, providing better quality
when the bandwidth is high, and adequate quality when available
bandwidth is poor.
SVGA
SVGA defines a video resolution of 800 x 600 pixels.
Switched video
Switching is the process of redirecting video as-is without transcoding, so

you see only one endpoint's image at a time, usually the active speaker,
without any video layouts or continuous presence (CP). Using video
switching increases the port capacity of the Scopia Elite MCU only by four
times.
Important:
Use switched video only when all endpoints participating in the
videoconference support the same resolution. If a network experiences
high packet loss, switched video might not be displayed properly for all
endpoints in the videoconference.
SXGA
SXGA defines a video resolution of 1280 x 1024 pixels.
Telepresence
A telepresence system combines two or more endpoints together to create

a wider image, simulating the experience of participants being present in
the same room. Telepresence systems always designate one of the
endpoints as the primary monitor/camera/codec unit, while the remainder
are defined as auxiliary or secondary endpoints. This ensures that you can
issue commands via a remote control to a single codec base which leads
and controls the others to work together as a single telepresence endpoint.
Telepresence - Dual
row telepresence
room
Dual row telepresence rooms are large telepresence rooms with two rows
of tables that can host up to 18 participants.
TLS
TLS enables network devices to communicate securely using certificates, to

provide authentication of the devices and encryption of the communication
between them.
Transcoding
Transcoding is the process of converting video into different sizes,

resolutions or formats. This enables multiple video streams to be combined
into one view, enabling continuous presence, as in a typical
videoconferencing window.
UC (Unified
Communications)
UC, or unified communications deployments offer solutions covering a wide

range of communication channels. These include audio (voice), video, text
(IM or chat), data sharing (presentations), whiteboard sharing (interactive
annotations on shared data).
April 2016

99
Glossary
Unbalanced
Microphone
An unbalanced microphone uses a cable that is not especially built to

reduce interference when the cable is long. As a result, these unbalanced
line devices must have shorter cables to avoid audio disruptions.
Unicast Streaming
Unicast streaming sends a separate stream of a videoconference to each

viewer. This is the default method of streaming in Scopia Desktop server.
To save bandwidth, consider multicast streaming.
URI
URI is an address format used to locate a device on a network, where the

address consists of the endpoint's name or number, followed by the domain
name of the server to which the endpoint is registered. For
example,<endpoint name>@<server_domain_name>. When dialing URI
between organizations, the server might often be the Avaya Scopia
PathFinder server of the organization.
URI Dialing
Accessing a device via its URI on page 100.
User profile
A user profile is a set of capabilities or parameter values which can be

assigned to a user. This includes available meeting types (services),
access to Scopia Desktop and Scopia Mobile functionality, and allowed
bandwidth for calls.
VFU
See Video Fast Update (VFU) on page 100.
VGA
VGA defines a video resolution of 640 x 480 pixels.
Video Fast Update

(VFU)
Video Fast Update (VFU) is a request for a refreshed video frame, sent
when the received video is corrupted by packet loss. In response to a VFU
request, the broadcasting endpoint sends a new intra-frame to serve as the
baseline for the ongoing video stream.
Video Layout
A video layout is the arrangement of participant images as they appear on

the monitor in a videoconference. If the meeting includes a presentation, a
layout can also refer to the arrangement of the presentation image together
with the meeting participants.
Video Resolution
See Resolution on page 96.
Video Switching
See Switched video on page 99.
Videoconference
A videoconference is a meeting of more than two participants with audio

and video using endpoints. Professional videoconferencing systems can
handle many participants in single meetings, and multiple simultaneous
meetings, with a wide interoperability score to enable a wide variety of
endpoints to join the same videoconference. Typically you can also share
PC content, like presentations, to other participants.
Virtual Room
A virtual room in Scopia Desktop and Scopia Mobile offers a virtual

meeting place for instant or scheduled videoconferences. An administrator
can assign a virtual room to each member of the organization. Users can
April 2016

100
VISCA Cable
send invitations to each other via a web link which brings you directly into
their virtual room. Virtual meeting rooms are also dialed like phone
extension numbers, where a users virtual room number is often based on
that persons phone extension number. You can personalize your virtual
room with PIN numbers, custom welcome slides and so on. External
participants can download Scopia Desktop or Scopia Mobile free to
access a registered user's virtual room and participate in a
videoconference.
VISCA Cable
A crossed VISCA cable connects two PTZ cameras to enable you to use
the same remote control on both.
Waiting Room
A waiting room is a holding place for participants waiting for the host or
moderator to join the meeting. While waiting, participants see a static image
with the name of the owner's virtual room, with an optional audio message
periodically saying the meeting will start when the host arrives.
Webcast
A webcast is a streamed live broadcast of a videoconference over the

internet. Enable Scopia Desktop webcasts by enabling the streaming
feature. To invite users to the webcast, send an email or instant message
containing the webcast link or a link to the Scopia Desktop portal and the
meeting ID.
WUXGA
WUXGA defines a video resolution of 1920 x 1200 pixels.
XGA
XGA defines a Video resolution of 1024 x 768 pixels.
Zone
Gatekeepers like Avaya Scopia ECS Gatekeeper split endpoints into

zones, where a group of endpoints in a zone are registered to a
gatekeeper. Often a zone is assigned a dial prefix, and usually corresponds
to a physical location like an organization's department or branch.
April 2016

101

AvayaScopiaPathFinderFirewallTraversalDeploymentGuide PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AvayaScopiaPathFinderFirewallTraversalDeploymentGuide PDF

Uploaded by

Copyright:

Available Formats

Avaya Scopia PathFinder Firewall

Traversal Deployment Guide

2014-2016, Avaya, Inc.

All Rights Reserved.

IF YOU DO NOT WISH TO ACCEPT THESE TERMS OF USE, YOU

Hosted Service means an Avaya hosted service subscription that

THE FOLLOWING APPLIES ONLY IF YOU PURCHASE AN AVAYA

indicated in the order provided that the performance capacity of the

Heritage Nortel Software

THE FOLLOWING APPLIES TO AVAYA CHANNEL PARTNERS

the Avaya Support website: https://support.avaya.com or such

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Chapter 6: Performing Maintenance Procedures................................................................ 70

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Chapter 1: About PathFinder

Figure 1: PathFinder Functionality

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Main Features of PathFinder

Main Features of PathFinder

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Removed obsolete content

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Chapter 2: Preparing the PathFinder server

Planning Your Topology for PathFinder

Protocols supported by the PathFinder server

External management (TCP-XML based), HTTP, SSH, SFTP

External communication (insecure)

H.460, proprietary client-server tunneling, DNS

Internal communication (secure)

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Preparing the PathFinder server Setup

Figure 2: Deploying a Dual-NIC PathFinder server bypassing the enterprise firewall

Located in the DMZ

Figure 3: Deploying a high-security Dual-NIC PathFinder server

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Ports to Open on PathFinder

Ports to Open on PathFinder

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Preparing the PathFinder server Setup

Figure 4: H.323 connections to PathFinder server

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Ports to Open on PathFinder

Figure 5: Contacting PathFinder server from within the enterprise

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Preparing the PathFinder server Setup

If the TCP port is

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Ports to Open on PathFinder

XML API Client

Table 3: Bidirectional Ports to Open on the Scopia PathFinder client

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Preparing the PathFinder server Setup

Checking Site Suitability

Unpacking the Device

Figure 6: This Side Up symbol

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Inspecting for Damage

Inspecting for Damage

Avaya Scopia PathFinder Firewall Traversal Deployment Guide

Chapter 3: Setting up the Device

These sections describe how to set up the device: