TBE006 - Solutions For Remote User Access - OpenTouch R2.2.1 - Ed05d

Solutions for Remote User Access OpenTouch R2.2.
1
November 2016
Solution for Remote User Access - ed05d

Pre-Sales
With slide notes
1
COPYRIGHT 2016 ALE International - ALL RIGHTS RESERVED
History
Edition 01: creation
Edition 02: updated information
Edition 03: updated for OT R2.1.1
* add WebRTC support
* add new client OTC One
Edition 04: updated for OT R2.2
Edition 05: updated for OT R2.2.1
* OTES Removal
Disclaimer
This documentation is provided for reference purposes only and does not fully describe the capabilities of each Product and related features. Therefore, ALE International
declines any liability for inaccuracies contained herein. For an exhaustive view on features list and product limits for the current product release please see the required
Feature List/Product Limits document available through the ALE eBusiness Portal web site.
In the interest of continued product development, ALE International reserves the right to make improvements or other changes to this document and the products it
describes at any time without prior notice.
Copyright
Copyright ALE International 2016. Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder.
Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the
copyright holder.

Pre-Sales
2
Preamble
Objective of this presentation is to describe the different scenarios that can be
proposed to a customer to provide remote access to the communication

services of the OTMS+OXE solution (or OTBE) in release 2.2.1
The remote users can be employees of the company or external guests (invited
into a multi-party conference with web collaboration)

Different technological solutions are described in this presentation, referring
to existing products or components of ALE portfolio or 3rd party products from

partners. For more details on these products you should refer to related
documents/presentations as mentioned in the last section of this presentation.
This specific sign
in the next slides indicates that there are reference
documents available to get more information

Pre-Sales
3
Agenda
1. Introduction
2. Edge Servers solution and use cases
3. Remote connectivity (public/private FQDN) and user authentication
4. Solutions Packaging
5. Conclusion
6. Document reference

Pre-Sales
4
Agenda
1. Introduction
5. Conclusion

Pre-Sales
5
Introduction
Customer needs
As a customer, I want to provide the access to my conference/web

collaboration system from the external to my partners/customers
As a customer, I want to provide remote access to my OpenTouch
system for my employees for web collaboration even if these employees
do not have an account on the OpenTouch system
As a customer, I want that employees who benefit from an OTC client
(PC/Tablet/Mobile) be able to connect remotely from the Internet to the
OpenTouch system with full services

Pre-Sales
6
Internet
Internet
Internet
OTES Removal
Recommendation
OpenTouch release 2.2.1 supports now the Desktop Sharing feature through a
Reverse Proxy.
So, from this release it is strongly recommended to not deploy anymore an OTES
for new offers requesting a remote access (external access).

For OpenTouch configuration with OTES already deployed, then OTES can be kept.
Today only NGINX-Plus has been validated and is supported

NGINX release 10 is mandatory
A configuration guide line is available
NGINX (NGINX-Plus without support) works but the customer will not obtain support
Pre-Sales
7
OTES Removal
Non NGINX Reverse Proxy
The customer has already a reverse proxy but not a NGINX+
In that case suggest to customer to juxtapose a NGINX+ reverse proxy to the
existing one
BlueCoat or AudioCodes reverse proxies have not been validated yet for
Desktop/Application sharing feature

Validation of these reverse proxies and writing of a status should be done soon

Pre-Sales
8
No
Introduction
Topology and solutions
mo
re r
PSTN
External/Guest user
remote access via Edge
Servers
Corporate user with

Servers
Corporate user with

remote access via VPN *
DMZ
cellula
r
eco
mm
e
Corporate
Network
nde
Edge
Servers
dw
ith
O
TES
Corporate user
Reverse
Proxy
OTES
Interne
t
OT SBC
VPN
Gateway
OTMS+OXE
VPN
Corporate user using software clients managed by the OTMS

External guest user
* VPN access scenario that is a technological alternative is described in backup slides of this presentation
Pre-Sales
9
Introduction
Topology and solutions
PSTN
External/Guest user
Servers
Corporate user with

Servers
Corporate user with

remote access via VPN *
DMZ
cellula
r
Corporate
Network
Edge
NGINX+ Servers
Corporate user
Reverse
Proxy
Interne
t
OT SBC
VPN
Gateway
OTMS+OXE
VPN
Corporate user using software clients managed by the OTMS

External guest user
* VPN access scenario that is a technological alternative is described in backup slides of this presentation
Pre-Sales
10
Agenda
1. Introduction
5. Conclusion

Pre-Sales
11
Edge Servers Solution

Role of the different components
OpenTouch relies on two Edge components to address the needs for remote access
Reverse Proxy (RP) in charge of managing all HTTP based sessions involved between remote clients and Telephony
and UCC services exposed by the OpenTouch solution. The reverse proxy enables both the remote workers and the remote
conference guests use cases. The RP exposes a connected users interface to support remote workers, that
authenticates corporate users typically thru back-end enterprise LDAP or RADIUS servers, and acts as an
applicative gateway between remote clients and the OpenTouch server. It also exposes a web collaboration interface
for enabling access to OpenTouch scheduled conferencing services to remote guests participants. This interface does not
implement users authentication but filtering rules are enforced so only relevant resources can be accessed, and web
access codes are used to control access to conferences at OpenTouch level. The Reverse Proxy is a 3rd party product
that is not provided by ALU-E
ALU-E OpenTouch Session Border Controller (OT SBC) in charge of managing and securing the SIP and WebRTC
session and the media streams (audio and video) based on RTP or SRTP (encrypted media streams). Its a gateway
between remote clients and OXE and OpenTouch SIP services. OT SBC also support the WebRTC sessions for VoIP with
compatible web browsers running OTC Web client.
These 2 elements put together allow implementing all the use cases for remote access to OT services. It
is possible to deploy only the RP in case remote VoIP service are not required on the deployment
Pre-Sales
12

Guest user for collaboration in a scheduled conference
The scheduled conference has been created by a corporate user and invitation is sent to the Guest user
Features
IM
Document
Sharing
Desktop
Sharing
NGINX+
OT
device
DMZ
Reverse
Proxy
Internet
OTC for Web
Reverse Proxy
: means the flow can be encrypted (recommended)
Features
Guest
external
device
Vocal Access

Pre-Sales
Voice
PSTN
cellula
r
Voice over PSTN

13
Scheduled conference
created by a corporate
user
OTMS+OXE

Guest user for collaboration in a scheduled conference
Guest user with WebRTC for VoIP within the web browser:
Features
IM
Document
Sharing
Desktop
Sharing
Voice
NGINX+
OT
device
Internet
OTC for Web
Reverse proxy
OT SBC
DMZ
Reverse
Proxy
OT SBC
Guest

Pre-Sales
14
Scheduled conference
created by a corporate
user
OTMS+OXE

Corporate user with a software client on smartphone
Software clients available on smartphones
Features
Telephony
Services
(1)
Voice
(over IP)
OT
device
OTC for iPhone
Video
IM
DMZ
Document
Sharing
NGINX+
CV user
N/A
N/A
OTC for Android

smartphone
CV user
N/A
N/A
OTC for iPhone

CT user
N/A
N/A
N/A
OTC for Android

smartphone
CT user
N/A
N/A
N/A
Revers
e
proxy
OT SBC (2)
Internet
OT SBC
OTMS+OXE
Reverse
Proxy
PSTN
cellula
r
Reverse
proxy

N/A : not applicable because feature not provided by the client in current release
Voice over PSTN
(in case of no VoIP)
(1) Directory access, call control, visual voice mail, Call log, notification, routing
management
(2) Mandatory OT SBC if VoIP required (CV user only)
For more information refer to Product Presentations OTC for smartphone (available on eBP/Resources Center)
Pre-Sales
15

Call Flows
Illustration of the call flows for the OTC for Smartphone client :
Trusted
environment
DMZ
Untrusted
environment
OTC
Smartphon
eclient
(CV user)
NGINX+
OXE Call Server
External
firewall
internet
box Pub@
Priv@
HOME
Pub@
OpenTouc
h SBC
SIP TLS
SIP

Pre-Sales
Priv@
CORPORATE
NAT
NAT5
Hosted NAT
Traversal (SIP)
HTTPS
RTP
Reverse
Proxy
Internal
firewall
Internet
cellula
r
Pub@
SRTP
Enterprise LAN
16
OTMS server

Corporate user with a software client on PC/MAC and Web browser
Software clients available on PC and Web browser
Features
Telephony
Services
(1)
Voice
(over IP)
Video
IM
Document
Sharing
Desktop
Sharing
DMZ
OT
device
OT SBC
OTC for PC
OTMS+OXE
Internet
N/A
OTC for MAC
N/A
N/A
NGINX+
OTC for Web
N/A
N/A
N/A
OTC One
Revers
e
proxy
OT SBC
Reverse
Proxy

N/A : not applicable because feature not provided by the client in current release
(1) Directory access, call control, visual voice mail (except OTC One), Call log, notification, routing
management,
17

Pre-Sales
Reverse
Proxy

Corporate user with a software client on Tablet
Software clients available on Tablet
DMZ
Features
Telephony
Services
(1)
Voice
(over IP)
Video
IM
Document
Sharing
Desktop
Sharing
OT SBC
OT
device
OTMS+OXE
Internet
OTC for iPad
NGINX+
N/A
OTC for
Android tablet
Revers
e
proxy
OT SBC
Reverse
Proxy
(1) Directory access, call control, visual voice mail, Call log, notification, routing
management
Pre-Sales
18
Reverse
Proxy

Call Flows
Trusted
environment
Illustration of the call flows for the OTC for Tablet

client :
DMZ
Untrusted
environment
OTC Tablet
client
(CV user)
Priv@
HOME
NGINX+
OXE Call Server
External
firewall
internet
box Pub@
Enterprise LAN
Reverse
Proxy
Internal
firewall
Internet
Pub@
OpenTouc
h SBC
Priv@
CORPORATE
NAT
NAT5
Hosted NAT
Traversal (SIP)
HTTPS
SRTP
RTP
SIP TLS
SIP

Pre-Sales
19
OTMS server

Summary of the clients and Edge Servers usage
Solutions
Clients
OTC Web
Reverse
Proxy
OT SBC
(for Voice over IP)
Yes**
Yes
(based on WebRTC)
OTC iPad for Conversation user
Yes
Yes (audio and video)
OTC Android Tablet for Conversation user
Yes
Yes
OTC iPhone for Conversation user
Yes
Yes
OTC Android Smartphone for Conversation

user
Yes
Yes
OTC iPhone for Connection user
Yes
N/A
OTC Android Smartphone for Connection

user
Yes
N/A
OTC for PC
Yes
Yes (audio and video)
OTC for MAC
Yes
Yes
OpenTouch Conversation One
Yes
N/A

Pre-Sales
20
Remark
Agenda
1. Introduction
2. Edge Servers technology and use cases
5. Conclusion

Pre-Sales
21
Remote Connectivity
Public/Private URL configuration
Public FQDNs are configured on Public DNS side to allow the access to the Edge Servers
installed in the DMZ of the corporate network. Public FQDNs point to public IP addresses
accessible from the Internet
Private FQDNs are configured on Private DNS side to allow direct access of the clients to the
OpenTouch server inside the corporate network. Private FQDNs point to IP address of the OTMS
server
Public FQDN for the Reverse Proxy and the OT SBC and Private FQDN for the OTMS server must
be different
For more technical details about configuration of FQDN in Remote User Access configuration, please refer to the
Technical Communication : TC1990 - OpenTouch from zero to Remote User - Installation/Configuration guideline
Pre-Sales
22
Remote Workers Only

HTTPS (ics WS + config)
HTTPS (acs services, data conferencing)
HTTPS Device Management for remote

OTC PC pure softphones
SIP Signaling
Private DNS
Audio/Video media
Public FQDNs
Public DNS
oxe.company.com @IP OXE

ot.company.com @IP OT
conference.company.com @IP ACS cluster of OT
Enterprise Network
DMZ
Pub-sip-services.company.com @IP SBC

Pub-ot.company.com @IP RP
NB: No public DNS entry for oxe.company.com
and ot.company.com
pub-sip-services.company.com
SBC
Internet
OXE
Connected Users public interface

pub-ot.company.com
RP
OpenTouch
conference.company.com @IP ACS cluster
RP configuration
Remote OTC users

(connected clients)
User manual configuration of
server public FQDN:
pub-ot.company.com
(other URLs come automativally
from IcsLocator Service as
configured thru 8770)
Reverse Proxy (high level) redirect rules:

Connected Users interface
pub-ot.company.com ot.company.com* and
8770.company.com for DM
pub-ot.company.com:8016 ot.company.com*:8016
OV8770
8770.company.com @IP 8770

8770 config for public FQDNs, sent by
IcsLocator to OTC Clients
pub-ot.company.com
pub-ot.company.com:8016
*Or OT IP@. (ICS Service IP @ in case of OT HA)
pub-ot.company.com
Web Collab interface

Not confiigured
pub-ot.company.com
NB: OTC Web cannot be used for remote users, the conferencei URL is not
resolvablein this case (ie clicking on the URL in outlook would not work)

Pre-Sales
Private FQDNs
23
Remote Users and Conference Guests Openness

HTTPS Device Management for remote
OTC PC pure softphones

SIP Signaling
WebRTC Signaling
Audio/Video media
WebRTC Audio/Video media
Private DNS
Public FQDNs
Public DNS
Enterprise Network
DMZ
SBC

Pub-ot.company.com @IP RP
Conference.company.com @IP RP
NB: No public DNS entry for oxe.company.com and
ot.company.com
Internet
OXE
Connected Users public interface

pub-ot.company.com
RP
OpenTouch
Web collaboration public Interface
conference.company.com
RP configuration
Remote OTC users
(connected clients)
User manual configuration of

server public FQDN:
pub-ot.company.com
(other URLs come
automatically from IcsLocator
Service as configured thru
8770)

Pre-Sales
OV8770

pub-ot.company.com ot.company.com* and
8770.company.com for DM
pub-ot.company.com:8016 ot.company.com*:8016
OTC Web
(external guests users or remote
corporate users joining from OTC Web)
Any user clicks on conference URL:
Join online meeting:
https://conference.company.com/call/73
84972
Private FQDNs

Conference.company.com (lan side)
conference.company.com**
*Or OT IP@. (ICS Service IP @ in case of OT HA)
**Or OT Conferencing Service IP@ (ACS cluster IP)
NB: in this config, OT clients (except OTC Web) never hit

conference.company.com FQDN as IcsLocator informs them to keep using the
24 of OT Server (not ACS public URL). From OT clients
public FQDN
perspective, the IP flows are exactly the same as in case
8770 config for public FQDNs, sent by

IcsLocator to OTC Clients
pub-ot.company.com
pub-ot.company.com:8016
pub-ot.company.com
pub-ot.company.com
Guests Users Only

WebRTC Signaling
WebRTC Audio/Video media
Public FQDNs
Public DNS
Private DNS
DMZ

Conference.company.com @IP RP
SBC
NB: No public DNS entry for ot.company.com
OXE
Internet
OpenTouch
RP
OTC Web (guest)
OT Private FQDNs
conference.company.com
Enterprise Network
Any user clicks on conference
URL:
Join online meeting:
https://conference.company.com
/call/7384972
RP configuration
Not configured
Conference.company.com (lan side)
conference.company.com**
**Or OT Conferencing Service IP@ (ACS cluster IP)

Pre-Sales
25
Specific case: RP config for OT Networking

In OpenTouch network topologies (OT Networking supported from OT2.2.1), the reverse proxy MUST expose both the connected users
interface and the web collaboration interfaces for the back-end OpenTouch server it is associated with, even if only remote workers are
deployed (no external guests). This is necessary so connected users benefit full collaboration features between each other, regardless of
the OpenTouch server they are located on.
This configuration can be implemented with a single RP addressing several OpenTouch nodes, or with several RP for topology or scalability
reasons. If a single RP exposes several OT nodes, the RP configuration for connected users and web collaboration interfaces is strictly
identical to a single OT configuration, but replicated for each public FQDN of back-end OpenTouch instances.

Pre-Sales
26
Remote User Authentication

Authentication methods depending on OTC client
OTC client
Authentication methods
with Reverse Proxy product
OTC Web
No authentication on RP
OpenTouch Conversation iPad
Login/Password or Certificate user
OpenTouch Conversation Android Tablet
Login/Password
OpenTouch Conversation iPhone for Conversation user
OpenTouch Conversation Android Smartphone for

Conversation user
OpenTouch Conversation iPhone for Connection user
OpenTouch Conversation Android Smartphone for

Connection user
OpenTouch Conversation for PC
Login/Password
OpenTouch Conversation for MAC
Login/Password
Note: Kerberos authentication mechanism for SSO is not compatible with remote access through the Reverse Proxy
See slide notes for more information and refer to the product Technical Documentation for details
Pre-Sales
27
Agenda
1. Introduction
5. Conclusion

Pre-Sales
28
Solution Packaging
ALE OpenTouch SBC General Information
WHAT ?
OpenTouch SBC is a Session Border Controller product that is used to manage the SIP session and Media
sessions of the remote clients and devices. It is able to take care of the IP address translation between the
public network Internet and private network corporate. It is a security element acting as a VoIP firewall
OT SBC is provided as a pure software package to be installed on top of a virtualized infrastructure
(Vmware, KVM or HyperV)

WHERE ?
OpenTouch SBC is part of the ALE catalog for MLE Offer. It can be configured using the ACTIS tool
HOW ?
Reference documentation (available in eBusiness Portal):
- Presales Presentation : OpenTouch SBC (Session Border Controller) Design and Quotation Guidance
- Offer documentation : Standard Offer (Security section for OT SBC Product Description)
- Application Note : OPENTOUCH SBC / A SECURE SOLUTION FOR BORDERLESS CONVERSATIONS
Pre-Sales
29
Solution Packaging
ALE OpenTouch SBC Packaging
SW solution
OT SBC
No Dongle
OS Linux CentOS
VM
Hypervis
or

Pre-Sales
Not delivered by ALE:

Licenses for Vmware/MS Hyper-V/KVM
Hardware appliance server
30
Solution Packaging
ALE OpenTouch SBC How To Quote in ACTIS
OTBE
OTMS
For more information about OT SBC quotation guidance refer to OT SBC presales presentation (available on eBP/Resources Center)
Pre-Sales
31
Solution Packaging
Reverse Proxy products General Information
WHAT ?
The Reverse Proxy addresses the role of security gateway for Web services by providing authentication of
internal users connected remotely over Internet. The Reverse Proxy equipment performs the user
authentication towards a corporate AAA server (that may or not be the same as the OpenTouch server)
The Reverse Proxy is provided by 3rd party vendor as there is no such product in ALE portfolio
WHERE ?
The Reverse Proxy vendor should be part of the AAPP. It is the case of BlueCoat and NGINX vendors
The Reverse Proxy could be eventually from another vendor but the technical pre-requisites provided by ALE
must be applied on the given product (refer to the dedicated Application Note) and the end-to-end
configuration is under the responsibility of the business partner
HOW ?
Reference documentation (available in eBusiness Portal):
- AAPP web site : IWR (Interworking Report) documents between OpenTouch product and Reverse Proxy products
- Application Note : Official statement regarding reverse proxies/equipment non validated by ALU-E
Pre-Sales
32
Solution Packaging
Reverse Proxy products AAPP partnership
AAPP partners: Blue Coat and NGINX

Blue Coat company delivers the products below:
Hardware Proxy SGxxx series (Physical server with hardware SSL acceleration)
Software Virtual Appliance for Proxy SG
Inter Working Report between is available on AAPP portal
NGINX company provides delivers the product below:

Software NGINX PLUS is built on the open source NGINX including advanced feature and support for production
environments (for more details http://nginx.com/products). NGINX PLUS product supports virtualization
Inter Working Report between is available on AAPP portal

Pre-Sales
33
Solution Packaging
Blue Coat Reverse Proxy products

How to quote ?
Alcatel-Lucent doesnt directly resell Blue Coat product, so the Blue Coat reverse proxy (included
software and hardware support) has to be bought through the Bluecoat reseller
Please use the link https://www.bluecoat.com/contact-us to contact the right Blue Coat sales person
depending on your country

Pre-Sales
34
Solution Packaging
NGINX Reverse Proxy products

An Interworking Reports (IWR) stipulates the exact scope of NGINX Integration with
OpenTouch
Business Partners buy AAPP Certified products directly from AAPP Partners. Contacts details
are mentioned in the IWR
How to quote ?
Alcatel-Lucent doesnt directly resell NGINX product
Contact NGINX reseller in your country
Refer to IWR document for NGINX-Plus product sizing
Pre-Sales
35
Solution Packaging
Edge Servers Packaging optimization for VMware virtualized environment
If the two Edge Servers components (OT SBC + RP) need to be deployed then an optimization of the platform
can be proposed by virtualizing the two components in a VMware virtualized infrastructure:

Partner SW package deliverable
ALE SW package deliverable

OT SBC
Revers
e Proxy
CentOS
VM#1
VM#2
VMware ESXi

Pre-Sales
36
Not delivered by ALE:

VMware, HW
Agenda
1. Introduction
5. Conclusion

Pre-Sales
37
Conclusion
Customers, partners
OPENNESS
SECURE
Nomads
Remote workers

Pre-Sales
INTEGRATED
EDGE SERVERS TECHNOLOGY ALLOWS OPENNESS AND FLEXIBILITY

SHARING AND COLLABORATION WITH YOUR PARTNERS AND CUSTOMERS
BOYD POLICY COMPLIANT WITHOUT INTRUSIVE VPN CLIENT TO MANAGE
ENCRYPTION OF SIGNALING AND MEDIA (AUDIO AND VIDEO) OVER INTERNET

CORPORATE USERS AUTHENTICATED WITH THEIR UNIQUE CORPORATE ID
ALE TECHNOLOGICAL SOLUTION WITH PARTNERSHIP

ONE STOP SHOPPING FOR OPENTOUCH COMPONENTS
AAPP PROGRAM FOR VALIDATED REVERSE PROXY SOLUTION
38
Agenda
1. Introduction
5. Conclusion

Pre-Sales
39
Reference Documentation
Documentation available in eBusiness Portal:
Resources Center > Presales Documentations
Presales Presentation - OpenTouch SBC Design and Quotation Guidance
Presales Presentation - WebRTC Technology in OpenTouch Suite for MLE
Presales Presentation Solution for Remote User Access (this presentation)

Pre-Sales
40
Reference Documentation
Documentation available in eBusiness Portal:
Customer Support > Technical Support
TC1990 : OpenTouch from zero to Remote User - Installation/Configuration guideline
Application Note : Official statement regarding reverse proxies/equipment non validated by ALU-E
AAPP (ALE Application Partner Program) Documentation
InterWorking Report (IWR) NGINX Reverse Proxy product
InterWorking Report (IWR) BlueCoat Reverse Proxy product

Pre-Sales
41
enterprise.alcatel-lucent.com

Pre-Sales
42
Follow us on:
Twitter.com/ALUEnterprise
Facebook.com/ALUEnterprise
Youtube.com/user/enterpriseALU
Linkedin.com Group: Alcatel-Lucent Enterprise
Slideshare.net/tagged/Enterprise
Storify.com/ALUEnterprise

Pre-Sales
43
BACKUP SLIDES

Pre-Sales
44
Remote User Access

VPN solutions overview
The VPN connectivity solution:
- A VPN can be established between the declared user connected remotely and the corporate network
- VPN can be managed at the level of the user device (e.g. VPN IPSec client on PC laptop) or in a more specific way
linked to the client application running on the device (i.e. applicative VPN that is not launched on the device by
default but only with the client application and dedicated to carry IP flows of this application)
- VPN can also be provided based on an additional VPN hardware device: e.g. RAP (Remote Access Point) for a
employee working at home with Internet connectivity or OmniAccess ESR for SOHO
VPN technology advantages:

- Mature technology
- Secure for employees of the company and applying to all the applications running on the device
VPN technology drawbacks:

- Limited to corporate employees and needs VPN client application to be installed/managed on each device (except RAP
solution but that requires additional hardware / increase TCO)

- Central VPN Gateway is a critical component where all the IP flows for all the remote users will have to converge
Pre-Sales
45
Remote User Access

Trusted
environment
Corporate VPN IPSec client on the device

Typical use case : OT user with corporate PC
Untrusted
environment
Enterprise LAN
OXE Call Server
OTC PC
client
External
firewall
Internet
internet
Pub@
box
Pub@
Priv@
CORPORATE
VPN IPSec
DMZ
VPN
Gateway
Internal
firewall
Priv@
CORPORATE
HTTPS
RTP
SIP

Pre-Sales
46
OTMS server
Remote User Access

Trusted
environment

Typical use case : OT user with iPad or iPhone
Untrusted
environment
DMZ
OXE Call Server
OTC for iPad or

iPhone
Internet
(Wifi)
internet
Pub@
box
External
firewall
Pub@
VPN
Gateway
Internal
firewall
Priv@
CORPORATE
Priv@
CORPORATE
VPN IPSec
Enterprise LAN
HTTPS
RTP
SIP

Pre-Sales
47
OTMS server
Remote User Access

Trusted
environment

Typical use case : corporate user with PC but no softphone
Untrusted
environment
DMZ
Enterprise LAN
OXE Call Server
OTC Web
client
Residential
phone or
cellular
Internet
internet
Pub@
box
Priv@
CORPORATE
AUDIO
VPN IPSec
HTTPS
External
firewall
Pub@
VPN
Gateway
Internal
firewall
Priv@
CORPORATE
PSTN
PSTN
Gateway
cellula
r
RTP
Pre-Sales
OTMS server
48
Remote User Access

WLAN Controllers
RAP models
Up to 64 RAP
Up to 512 RAP
one 10/100BASE-T port
Up to 256 RAP
Up to 1024 RAP
four 10/100/1000BASE-T ports
Up to 512 RAP
Remote User
Up to 2056 RAP
Corporate Network (DMZ)
For more information refer to VoWLAN Design Guide and presales presentation (available on eBP/Presales Corner)
Pre-Sales
49
Remote User Access

OmniAccess ESR
Compatible VPN IPSec software

client installed on the device
(PC/Tablet/Smartphone)
OR
OA ESR model adapted to Remote
User use case
OA 5720
OA 5710
Remote User
OA 5725A
OA 5725R
OA 5840
Corporate Network (DMZ)
For more information refer to OmniAccess ESR Datasheets (available on eBP)

Pre-Sales
OA 5850
50
Remote User Access

Solutions comparison
Services
/Flows
User
profile
Employee
Data
(Web Services)
VPN
Media
(Voice / Video)
VPN

Pre-Sales
Guest user
Employee
Corporate user
Edge
VPN
(RP)
PSTN
(Voice only)
Edge
(OT SBC)
51
Guest user
External or Employee
Edge
(RP)
PSTN
(Voice only)
Product
roadmap to
address this
scenario based
on Edge Servers
(WebRTC
technology)

TBE006 - Solutions For Remote User Access - OpenTouch R2.2.1 - Ed05d

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

TBE006 - Solutions For Remote User Access - OpenTouch R2.2.1 - Ed05d

Загружено:

Авторское право:

Доступные форматы

Solutions for Remote User Access OpenTouch R2.2.

Solution for Remote User Access - ed05d

With slide notes

Solution for Remote User Access - ed05d

proposed to a customer to provide remote access to the communication

into a multi-party conference with web collaboration)

to existing products or components of ALE portfolio or 3rd party products from

Solution for Remote User Access - ed05d

Solution for Remote User Access - ed05d

Solution for Remote User Access - ed05d

As a customer, I want to provide the access to my conference/web

Solution for Remote User Access - ed05d

for new offers requesting a remote access (external access).

Today only NGINX-Plus has been validated and is supported

Desktop/Application sharing feature

Solution for Remote User Access - ed05d

Corporate user with

Corporate user with

Corporate user using software clients managed by the OTMS

Corporate user with

Corporate user with

Corporate user using software clients managed by the OTMS

Solution for Remote User Access - ed05d

Edge Servers Solution

Edge Servers Solution

OTC for Web

: means the flow can be encrypted (recommended)

Solution for Remote User Access - ed05d

Voice over PSTN

Edge Servers Solution

OTC for Web

: means the flow can be encrypted (recommended)

Solution for Remote User Access - ed05d

Edge Servers Solution

OTC for Android

OTC for iPhone

OTC for Android

: means the flow can be encrypted (recommended)

Voice over PSTN

(in case of no VoIP)

Edge Servers Solution

Solution for Remote User Access - ed05d

Edge Servers Solution

OTC for Web

: means the flow can be encrypted (recommended)

Solution for Remote User Access - ed05d

COPYRIGHT 2016 ALE International - ALL RIGHTS RESERVED

Edge Servers Solution

OTC for iPad

: means the flow can be encrypted (recommended)

COPYRIGHT 2016 ALE International - ALL RIGHTS RESERVED

Edge Servers Solution

Illustration of the call flows for the OTC for Tablet

Solution for Remote User Access - ed05d

Edge Servers Solution

OTC iPad for Conversation user

Yes (audio and video)

OTC Android Tablet for Conversation user

OTC iPhone for Conversation user

OTC Android Smartphone for Conversation

OTC iPhone for Connection user

OTC Android Smartphone for Connection

Yes (audio and video)