MITEL Remote Management of Mitel IP Communications Solutions

� A P P L I C A T I O N N O T E

M I T E L

Remote Management of Mitel IP Communications Solutions

Productivity Enhancing, Cost-Effective and SecureSupporting IP Communications can present many new service challenges, not the least of which is remote management. Key to maximizing the performance and availability of your customer’sMitel® solution is the ability to remotely monitor and maintain these IP platforms and applications.Having to dispatch on-site service personnel is both costly and time consuming, making the needfor remote management of these systems crucial to providing affordable service level agreementsto your customers and to keeping system downtime to a minimum.

Remote Management Scenario

2 | Mitel Application Note

� R E M O T E M A N A G E M E N T O F M I T E L I P C O M M U N I C A T I O N S S O L U T I O N S

Each customer’s IP Communications solution operatesover a private IP networking infrastructure. Remotelymonitoring and maintaining multiple customers presentsmany challenges such as access security, firewalltraversal, handling non-unique IP addressing, andbandwidth constraints imposed by remote managementconnections and the fact that these connections typicallyneed to be established on demand. To overcome theseissues, remote management solutions typically require a management device or software agent to be installedwithin each customer’s network. It is the role of thismanagement device / agent to provide for localmonitoring and maintenance functions, to provide a reliable means of remote monitoring of the solutionand reporting alarms, and to serve as a secure accessportal for remote service access.

Different remote management options may be requireddepending on the size and complexity of a customer’svoice systems, applications, and the types of

management services being provided. Customers with multiple Mitel systems will typically deploy a localMitel Enterprise Manager while a smaller customer withone or two systems will not. A local Enterprise Managersystem provides consolidated management of all theMitel platform systems and applications within thatcustomer’s network and as such also provides a focalpoint for remote management as well. For smallercustomers, the systems themselves must be remotelymanaged directly. Regardless of the size of customer,a Mitel Management Access Point is typically used to provide secure access, alarm and or performancemonitoring, as well as reliable alarm delivery to yourremote management and technical support operationscenter as shown below. Only the Management AccessPoint is exposed to the Internet via a DMZ address and not the Enterprise Manager or managed systemswhich reside and operate securely behind both the Management Access Point and customer firewall protection.

21 Management AccessPoint in DMZ

Management AccessPoint in DMZ

Mitel Management Access Point


Mitel Application Note | 3

In the case of smaller customers with less than fivesystems (1 above) the Management Access Point unitprovides direct system access for maintenance anddiagnostics as well as additional application support fordirectly monitoring the health and performance of theindividual Mitel systems. For larger customers (2 above),the Management Access Point unit provides secureaccess to the local Mitel Enterprise Manager system fornetwork maintenance and diagnostics. The EnterpriseManager monitors the network for alarms and candirectly send email notifications based on alarm filters

and / or alarm escalation policies. The Enterprise Managercan also forward alarms to the Management Access Pointfor guaranteed delivery to a remote management center.Working on its own or in conjunction with EnterpriseManager, the Management Access Point is able to reliablydeliver alerts to the remote management center via dial-up or Internet connectivity. The Management Access Pointprovides value to benefit both the remote serviceorganization as well as the end customer.

Feature / Function

Remote Management Access

Comprehensive security and IPaddress translation

Remote fault monitoring

Alarm interrogation

Remote performance monitoring

Value to Service Organization

Reduces service costs by 50 percentor more by avoiding many on-site visits

Non-managed systems on thecustomer network are isolated fromthe remote management NOC

Managed systems are never directlyexposed to external access, and must go through Management Access Point

Reduces number of urgent dispatches

Details of the alarm are includedwith the alert notification to savetime in determining the urgency ofthe situation

Catches potential problems beforethey affect service and require urgentattention

Value to End Customer

Improves system availability byreducing mean-time to repair

Only managed devices configured inManagement Access Point can beremotely accessed or monitored

Managed systems are never directlyexposed to external access, and must go through Management Access Point

Improves system availability andavoids costly downtime

More serious problems getimmediate attention to be resolved faster

Improves system availability andavoids costly downtime

When an Enterprise Manager system is deployed on the customer network, it provides a consolidated managementof the entire Mitel solution. Remote access to the Enterprise Manager enables a service organization to run networklevel diagnostics, setup scheduled maintenance tasks, or perform any remote administrative functions.



Some management tools do not function through aproxy / NAT connection or must be run directly on thecustomer network. These would include SoftwareInstaller and the IP Phone Analyzer. In order to utilizethese tools remotely, it is necessary to use a network-based remote control connection such as TightVNCbetween the remote client PC and the EnterpriseManager system as shown above. This allows these tools to be run from the Enterprise Manager. Over a low bandwidth connection such as dialup, remote control also performs better than running the Enterprise Manager client remotely.

VPN AccessUsing the Management Access Point with VPN access is highly desired for performance and remote clientcompatibility. Avoiding using different types of remoteclient VPN connections per customer is desirable since

different clients will run into configuration conflicts whenattempting to install them on the engineer’s laptop PCsystems. The Management Access Point makes use of the Windows PPTP client and requires 128 bit MPPEencryption and MS-CHAPv2 authentication, somethingthat is standard in all Windows® 2000 or newer PCsystems. Once the PPTP VPN connection is establishedand authenticated, the remote client is still subjected to the Management Access Point firewall to limit accessto specific managed systems and ports. The ManagementAccess Point is deployed in the DMZ and works with the customer firewall. TCP port 1723 must be opened to the Management Access Point unit’s DMZ address for inbound PPTP tunnel connections.

Remote Access to Enterprise Manager



When deployed off the DMZ port of a customer’sfirewall, as shown above, the Management Access Pointrequires only one Ethernet port, so any model can beused. Inbound PPTP tunnel connections can be limited to specific origination IP addresses to further lock downsecurity. The Management Access Point authenticates the remote client, translates the IP address and controlswhich systems and ports the client can access. AManagement Access Point E/M/S/U can also be directlyconnected to the Internet for VPN connections using its second Ethernet port.

The Management Access Point is not the only methodthat can be used to obtain remote service access. Thecustomer may be willing to provide the Solution Providerwith service access themselves, or the Solution Providermay elect to deploy a lower cost alternative dialup or VPN access device. The key advantage of theManagement Access Point however, is the additionalremote management capabilities that it offers.

Remote Health MonitoringOne of the key service value propositions SolutionProviders can offer their customers is based on remotehealth monitoring of their IP Communications solution.This can involve both fault as well as performancemonitoring. Monitoring systems for fault conditions can reduce customer downtime per incident by up to 50 percent. In many cases a fault may occur during off business hours and can be corrected remotelywithout any disruption of service, or the technician can be waiting at the door with parts in hand the next business day to minimize downtime. Fault andperformance monitoring decreases the amount of timesthat on-site service must be urgently dispatched versus a scheduled visit.

Virtual Private Network Connectivity



Receive trouble call and collect relevant data 5 100% 5 $4.17 5 5% 0.25 $0.21Receive alarm with relevant data 1 0% 0 $0.00 1 75% 0.75 $0.63Receive notification of auto cleared alarm 1 0% 0 $0.00 1 20% 0.2 $0.17Establish remote connection and diagnose problems 20 100% 20 $16.67 10 80% 8 $6.67Correct problem and verify/test 10 60% 6 $5.00 10 40% 4 $3.33Total cost remote trouble resolution $25.83 $11.00 57%

If unable to resolve remotely - Dispatch someone to siteDispatch to site ASAP 120 40% 48 $40.00 120 20% 24 $20.00Scheduled dispatch to site 0 0% 0 $0.00 0 20% 0 $0.00Make repairs & test 30 40% 12 $10.00 30 40% 12 $10.00Total average service cost per incident $75.83 $41.00 46%Customer average down time per incident 91 49.2 46%Customer cost per minute downtime $25Customer cost per incident $2,275.00 $1,230.00 46%

TypicalDuration

(Min)% of

OccuringAve Min Cost

TypicalDuration

(Min)% of

OccuringAve Min Cost

PercentImprove

mentActivity

* Assumes engineering labor cost of U.S.$50/hr and customer downtime cost of $25/minute

The above example is based on the use of ManagementAccess Point units to monitor remote customer sites for fault conditions. Currently the Management Access Point is able to monitor Mitel 3300 IntegratedCommunications Platforms (ICPs) and Mitel SX-2000®

systems for alarm states, and also supports pingmonitoring of devices such as application servers or remote routers to raise alerts when these devicesbecome unreachable. In the case of larger enterprisenetworks, a single Management Access Point unit can

be used in conjunction with the SNMP trap forwardingfeature of Enterprise Manager Release 2.0. (screen shotbelow). Enterprise Manager is configured to forwardSNMP traps to the Management Access Point which inturn handles the 3300 ICP and SX-2000 alarms in thesame way as if the alarm came directly from themanaged device. The managed devices must still beconfigured in the Management Access Point in order for it to interrogate the device for alarm details toinclude with the alert notification.

An example of the potential savings based on fault monitoring is shown below.

Without Fault Monitoring With Fault Monitoring

Enterprise Manager 2.0 SNMP Trap Forwarding



Once an alarm is received by a Management AccessPoint either directly or forwarded by Enterprise Manager,it immediately interrogates the managed device toobtain details on the nature of the alarm to include with the alert notification. This information helps theservice organization to quickly determine the urgency of the situation and to focus attention on the mostcritical matters first. The following is an example of the type of information provided in an alert.

[m3300] lab 3300 (Karl_Lab) MAJOR Alarm

VerAg:06.00.00.02.00;VerSw:7.0.5.6;VerHw:LX;VerPl:

3300 ICP

Uptime = 1.654 hrs

DSP Status: MINOR Total:16 UnAvail:4 (25%)

DSU msg link: MAJOR Total:4 UnAvail:1 (25%)

E2T Comms: MAJOR Total:1 UnAvail:1 (100%)

Even though an entire customer network might beremotely monitored through the combination of aManagement Access Point and Enterprise Manager at a central location, additional Management Access Pointunits may still be desired for customers with multiplelocations. Having a Management Access Point unit ineach location enables you to remotely access thatlocation even when the interconnecting IP network is

down. This can be very useful to enable access to thatsite in an effort to re-establish IP network connectivity by rebooting or power cycling a remote router or CSU.The Management Access Point provides dial-upconnectivity enabling the Solution Provider to accessnetworking equipment or power management devices at a remote network location to avoid having to dispatch service personnel.

Persistent and Reliable Alarm Delivery The Management Access Point can send alarmnotifications via email. However, this is not always a reliable or urgent means of delivery. Typically, alarmmonitoring involves the establishment of a remotenetwork operations center equipped with a multi-customer and multi-vendor alarm management system.The Management Access Point, like all remote healthmonitoring devices or probes, implements a reliable but proprietary delivery mechanism to guarantee alarm delivery via unreliable dialup or Internet-basedconnections. This is primarily due to the nature of SNMPbeing an unacknowledged protocol. The ManagementAccess Point is compatible with Data Track’s EclipseAlarm Management System (AMS) for central alarmmanagement. This system is available directly from DataTrack Technology, a MiSN partner for management atwww.datatrackplc.com.

You Can Add, Modify, or Deletetraps sent to Enterprise Managerand forward these traps to otherSNMP Management Systems



For Solution Providers who already have an SNMP-basedalarm management system, Data Track also offers aversion of Eclipse AMS for converting the reliable yetproprietary alarms from a Management Access Pointback into standard SNMP alarms for interface with anymanagement system such as HP OpenView. This AlarmManagement Converter (AMC) is a Windows serverapplication available directly from Data Track. The AlarmConverter is typically installed on a Windows serverwithin the DMZ of the service operations center.

Performance MonitoringThe use of SNMP is also industry standard for monitoringthe performance of IP systems. Mitel’s roadmap plansinclude expansion of the SNMP performance statisticsand threshold related SNMP traps available from itsindividual managed devices and from an overall networkperspective via Enterprise Manager. The initial areas offocus are with voice quality, network congestion, andresource limitations. As is the case with remote faultmonitoring, the Management Access Point will provideremote performance monitoring of individual systemsdirectly as well as monitoring of larger networks via theEnterprise Manager installed on those networks.

Management System Data Track



Glossary

AMS Alarm Management System, the Data Track Eclipse AMS system is directlycompatible with alarms sent by the Mitel Management Access Point.

CSU Channel Service Unit, a device used to connect data or voice equipment to widearea transmission facilities such as T1 or E1 services.

DMZ De-Militarized Zone, in data networking a term applied to a firewall controlled sub-network containing computers that are accessible from the Internet but stillisolated from the private enterprise LAN via the firewall rules.

MPPE Microsoft Point to Point Encryption, client VPN based encryption support built into Windows.

MS-CHAPv2 Microsoft version of the Challenge Handshake Authentication Protocol, the v2 version is the most secure.

NAT Network Address Translation, the process of masquerading a computer from onenetwork onto another network by translating its IP address to one that iscompatible with the target network.

NOC Network Operations Center

PPTP Point to Point Tunneling Protocol, a method of establishing a virtual private point to point connection over the Internet or other IP network.

SNMP Simple Network Management Protocol, the standard protocol used formanagement of an IP network.

TCP Transport Control Protocol, the method used for reliable transmission over an IP network.

VNC Virtual Network Computing, the process of remotely controlling a computer over a network based on running server and viewer software components in therespective computers. TightVNC is an enhanced open source version of VNC that is included with Enterprise Manager.

VPN Virtual Private Network, a connection over a public network such as the Internetthat is made secure and private typically using encryption technology.


Companies don‘t make decisions, people do. That is why Mitel is leading the

way toward a new and more personalized approach to communications for

enterprise and small business. Our innovative solutions, applications and

desktop appliances enable you to access, process and control your

communications and information naturally, simply and efficiently.

Our solutions allow you to collaborate over distance and time and to interact

with your customers, colleagues and partners as never before. By combining

the power of voice, data and video over converged high speed networks,

Mitel provides you with flexible and personalized tools that let you leverage

the latest advances for personal and organizational advantage.

www.mitel.comTHIS DOCUMENT IS PROVIDED TO YOU FOR INFORMATIONAL PURPOSES ONLY. The information furnished in this document, believed by Mitel to be accurate as of thedate of its publication, is subject to change without notice. Mitel assumes no responsibility for any errors or omissions in this document and shall have no obligation toyou as a result of having made this document available to you or based upon the information it contains.

M MITEL (design) is a registered trademark of Mitel Networks Corporation. All other products and services are the registered trademarks of their respective holders.

© Copyright 2006, Mitel Networks Corporation. All Rights Reserved. GD 10761 PN 51009392RB-EN

North AmericaTel: (613) 592 2122Fax: 1 800 648 3579

Latin AmericaTel: (613) 592 2122Fax: 1 800 648 3579

UKTel: +44 (0)1291 430000Fax: +44 (0)1291 430400

FranceTel: +33 (0)1 61 37 00 90Fax: +33 (0)1 61 37 00 99

BeneluxTel: +31 (0)30 85 00 030Fax: +31 (0)30 85 00 031

ItalyTel: +39 02 2130231Fax: +39 02 21302333

Germany, Switzerland, AustriaTel: +49 (0)211 5206480Fax: +49 (0)211 52064899

Portugal and SpainTel: +34 91 490 5300Fax: +34 91 490 5301

Middle EastTel: +971 4 3916721Fax: +971 4 3915288

South AfricaTel: +27 82 559 8688Fax: +27 11 784 6916

Asia-PacificTel: +852 2508 9780Fax: +852 2508 9232

South PacificTel: +61 2 9023 9500Fax: +61 2 9023 9501

MITEL Remote Management of Mitel IP Communications Solutions

Documents

Transcript of MITEL Remote Management of Mitel IP Communications Solutions