4- OmniPCX Office Internet solution
|
OmniPCX Office Internet solution
- OmniPCX Office Internet components 4-2
Shared internet access
- LAN interfaces 4-3
- WAN interfaces 4-3
- ISDN internet
connection 4-3
- ADSL and Leased Line
internet connection 4-4
- Remarks and
recommendations 4-4
Security
- Built-in
Certified firewall 4-5
Access and usage control
- Protocol
authorization 4-6
- Access
restriction 4-6
- Built-in Proxy
server 4-6
Optimized internet access
- Built-in Cache
server 4-7
Integrated e-mail server
- OmniPCX Office e-mail server 4-8
- Flexible configuration 4-8
- Embedded features 4-9
- Unified messaging solution 4-10
VPN
- Internet VPN 4-11
- Remote access 4-11
- LAN to LAN networking 4-12
OmniPCX
Office Internet solution
Based on the all-in-one
concept, Alcatel OmniPCX Office offers a professional internet solution for small
to medium sized businesses including all the necessary features, services and
applications.
Alcatel OmniPCX Office provides:
·
Shared internet
access for all users on the LAN : allows all
employees on the LAN to access simultaneously the Internet using a single
account and a single connection
·
Security
mechanisms for internet access and network /data protection :
OmniPCX Office embeds a certified firewall to protect company
information and it supports also standard internet authentication protocols.
·
Access and usage
control thanks to its embedded proxy server which defines user access
rights and provides detailed statistics on internet and application usage.
·
High speed
optimized internet access using ISDN connection, ADSL(1)
or Leased Line(1) and web cache service which reduces
information access and optimizes connection time
·
Extended
communication capabilities with an integrated fully featured e-mail application
·
Virtual Private
Networking which allows remote access for home workers and for multi site networking
using the internet network with secured standard protocols.
·
A unique and
simple web based management tool for easy
installation and management of internet features, services and applications.
(1) Release 1.1
OmniPCX Office internet components
Shared
Internet access
OmniPCX Office allows multiple
users connected on the LAN (Ethernet) to access the Internet using one single access and connection . It
allows the users to access
the Internet services and applications such as WEB, E-mail or E-commerce
via a single ISDN line, and ADSL(1) modem or a leased line(1)
providing high speed access with a single IP address.
The internet access is performed by sharing WAN ISDN resources (ISDN
B-channels) or by connecting and external ADSL modem or Router. Using one
single connection for many users the resources and the traffic is optimized and
consequently the costs decrease.
For example the ISDN B channels are shared between the voice and
the data applications.
·
Access monitoring
WAN channels
activity and bandwidth usage for the internet traffic can be monitored
using a graphical
real time traffic indicator
LAN Interface
PC to OmniPCX Office are connected using
Ethernet 10BT/100BT standard link that allows connection to any standard
10/100BT HUB or switch port. For small configuration PC can be directly
connected to the OmniPCX Office Ethernet 10/100 LAN switch board.
WAN interfaces
OmniPCX Office
supports various Internet connection :
·
ISDN , DSL(1)
, Leased Line(1)
ISDN internet connection
OmniPCX Office
uses the shared B-channels resources on the ISDN PBX trunks to access the
Internet. It supports multiple interface protocols according to the traffic level
needed.
·
Static 64 Kbps : delivering static bandwidth on 1B channel. (PPP : Point-to-Point-Protocol)
·
Static 128 Kbps : delivering
static bandwidth on 2B channels. B-Channels are aggregated providing high speed
internet access. (MPPP : Multi-link Point-to-Point-Protocol).
·
Bandwidth on
demand from 64 up to 128 Kbps
: bandwidth allocation is
performed dynamically according to the traffic analysis (monitoring the inbound
and outbound stream) and the second B channel is added or removed. It is based
on a Multi-link PPP (MPPP) protocol.
NB
: In addition
to ISDN connection, OmniPCX Office will soon provide support for DSL or Leased
Lines connections by means of external DSL modem or external router.
(1)
release 1.1
Shared
Internet access
|
(1) release 1.1 |
ISDN connectivity
OmniPCX Office supports multiple access modes.
·
Dial-up with
demand dial : The link is only
established when needed and is automatically released if there is no traffic.
For example, the line is established when a user on the LAN
wants to access an Internet
service (browsing the WEB) or when a application
server wants to reach another server over the Internet (sending e-mail). After
a pre defined period of time without traffic the connection is closed.
·
ID-channel ISDN
Call-back : The link is
established on behalf of the ISP while preventing the ISP to be charged. ID-channel Call-back uses the ISDN D-channel to
request the call-back
from the OmniPCX Office system. This does not require
that a call on the ISDN B-channels is first established before call-back can be
requested thus ISP side is not charged. It is used for VPN based remote access
·
Permanent connection : the link between
OmniPCX Office and the ISP is permanently established avoiding the
establishment of the line before access.
ADSL and Leased Lines internet connection
(release 1.1)
In addition to ISDN connection, OmniPCX Office supports DSL or Leased
Line connection for internet access by means of external ADSL modem or external
router providing up to 2Mbps connection. The connection between the system and
the external modem or router is done by means of a second Ethernet plug. This
configuration allows OmniPCX Office to be independent from the material used
which an be part of an operator or and ISP offer.
Internet access using one of these two modes provides permanent
connection.
In ADSL mode OmniPCX Office supports PPPoE connection protocols and PPTP with Alcatel modems.
Remarks and Recommendations :
Although the number of declared internet users is unlimited, recommendations
have to be made according to 3 majors elements :
- The available bandwidth for the internet access
- The number of simultaneous users connected to the Internet
- The type of application used by the users (browsing, e-mail, FTP,…)
For instance, with a 128kbps connection, the number of simultaneous
connected user should not exceed 20.
J Shared Internet access benefits
·
A cost effective solution allowing multiple computers to share
simultaneously a single internet connection and a single communication
·
Eliminate the
need of additional trunk and modems to provide individual connection
·
Offers flexible
internet access in term of interface (ISDN, ADSL, Leased Lines, access mode
(dial up , permanent) and bandwidth (from 64kbps to
2Mbps)
·
Integration of
shared WAN resource for voice , data and internet
·
Easy to
configure, set up and administrate with a single user
friendly web based management tool
Security
OmniPCX Office includes
several security mechanisms to protect company network and data from external
enemies and secure internet accesses.
Built-in Certified firewall
·
Build-in firewall : OmniPCX Office firewall – which has been certified
by the West Coast Labs Checkmark - supports IP packet filtering. The firewall blocks
unwanted traffic at IP level. According to the overall service configuration
(E-mail, VPN, proxy,…) the system automatically sets
up IP packet filters that inspect network datagrams (IP packets) and decides
whether these packets are allowed to pass the filter or not. The decision to
let a filter block certain packets is based on several criteria, being checked
against the contents of the IP packet and environmental parameters such as
source and destination IP addresses, protocols like TCP, UDP,
source and destination port numbers associated with TCP or UDP services , ..This allows the private network to be protected
against Internet attacks such as : intrusion, denial of services (e.g.:
flooding), Port scanning , …. In addition the firewall
logs attacks and port scans.
·
Network Address
Translation (NAT) : NAT hides Internal IP addresses from the outside
world and allows the sharing of a single static or dynamic IP address. This
ensures security since each outgoing or incoming request must go through a
translation process that offers the opportunity to qualify or authenticate the
request or match it to a previous request. NAT also conserves the number of
global IP addresses that a company needs and it lets the company use a single
IP address in its communication with the world.
J Security benefits
·
Efficient and
secured protection for the company private network
·
Centralized
secured access
·
Cost effective solution
providing integrated security components avoiding external server to be
deployed
·
Certified
firewall
·
Easy management
with a common web based management administration tool
Access
and usage control
Security is also ensured with an additional level of control
:
·
Protocols authorization
·
Access restrictions
·
User access control thanks to an embedded proxy
server.
Protocol authorization
Protocols allowed to be used are easily selected through the web based management interface:
- web access (HTTP,
HTTPS, Gopher)
- file transfer (FTP)
- multimedia
- news (NNTP, SNEWS)
- remote connection
(telnet, SSH)
- mail
global
security settings
Access restriction
·
Date and time access
restriction : For each day of
the week (Monday to Sunday), the administrator can define date and time access
restrictions to limit traffic and control internet access (1 continue period or
2 discontinue period).
Built-in
proxy server
OmniPCX Office embeds a proxy server that manages internet access
control per user and per application. It also provides comprehensive statistics
related to internet usage, visited sites, connection time, etc.
OmniPCX Office proxy server is based on the proxy/cache linux awarded product “Squid”.
·
User access
rights
The proxy server acts as an
intermediary between users and the internet for the outgoing traffic. The proxy
server manages the user access rights defined with the following parameters :
- Identification
: user-id and password,
- rights properties
: internet access
·
Black and white
lists management
White & Black URL lists
define which WEB sites and URL are authorized or forbidden. The list combines
explicit URL address and regular expression.
·
Comprehensive
statistics on web usage
The system generates
statistics about the use of the WEB to monitor the activity. Statistics are
defined by user, destination, applications, configurable periodicity.
J Access and control usage
benefits
·
Improve security
by controlling internet access by protocol, user access rights, URL
restriction, authorized applications
·
Control internet usage
with comprehensive statistics
·
Centralized user friendly administration interface
·
Detailed
statistics to improve resource management and usage control
Optimized
Internet access: web caching
Built-in cache server
OmniPCX Office embeds a
cache server which improves performance in web site access and file
downloading. Object caching consists of storing internet objects requested by a
user as a web page including image, file, text, etc and delivers it immediately
to another user without a new internet connection. The information requested is
immediately available and then delivered.
The cache management is
performed automatically by replacing the oldest information with the most
recent one. OmniPCX Office cache server capacity ranges from 300 Mb for the
e-Very Small system to 1.5Gb for other systems. (hard
disk needed)
J Cache server benefits
·
Improve
information access performances
·
Accelerate information
access by immediately delivering information already stored
·
Optimize traffic
on the WAN link. If stored in the cache the information is delivered without
external connection and at no cost
·
Reduce the costs
by reducing connection time
Integrated
e-mail server
OmniPCX
Office e-mail server
OmniPCX Office is an integrated
communication system for enterprises including a fully featured client/server e-mail application based on a state-of-the-art
solution developed on a leading internet messaging solution :
Sendmail.
E-mail is one of the most powerful productivity and communication tools for
information exchange inside the company as well as outside with customers or
providers. Each user can benefit from a personal e-mail address to communicate
with colleagues inside the company and outside with external correspondents.
OmniPCX Office allows standard e-mail services (send/receive/forward,
store, copy, personal address book, personal folder, mailing lists, id/password
protection). It is a flexible solution
able to take into account the customer’s environment in order to deliver the
most suitable e-mail configuration.
OmniPCX Office solution supports e-mail standard protocols
:
-
POP3 (Post Office Protocol 3)
: the most recent version of a standard protocol for receiving e-mail.
-
SMTP/ESMTP (Simple Mail Transfer Protocol) : the most widely used
protocol for sending e-mails and for e-mail exchange between Internet e-mail
servers
-
MIME (Multipurpose Internet Mail Extension): standard IETF format for
handling non text information in a mail (attachments)
Flexible
configurations
OmniPCX Office supports various e-mail configurations.
|
OmniPCX Office acts as an
e-mail server |
||
|
|
POP3 caching |
·
E-mail user accounts are managed at ISP site
(creation, deletion) ·
E-mails are downloaded from ISP accounts to
OmniPCX Office server ·
Scheduled email fetching ·
Supports internal e-mail ·
Supports mailing lists ·
Only user declared at ISP site can receive
external e-mails ·
Supports company domain name ·
Supports multi drop POP3 account (release 1.1) ·
Supports ISP multi domain service (release 1.1) ·
Supports user aliases in multi-drop only (release
1.1) |
|
|
SMTP server NB |
·
E-mail user accounts are managed by OmniPCX Office ·
Supports SMTP relay service .(When
the system is not connected, mail is stored by the ISP until the next
connection) ·
Requires a static IP address Without SMTP relay, when the system is not connected e-mails are not
delivered and the sender gets an error message ·
Scheduled email fetching ·
Supports internal e-mail ·
Supports mailing lists ·
Supports ETRN ·
Supports company Domain Name (company.com) ·
Supports ISP multi domain service (release 1.1) ·
Support user aliases (release 1.1) |
Integrated e-mail server
|
OmniPCX Office is not the
e-mail server |
||
|
|
e-mail server existing on the LAN |
·
OmniPCX Office e-mail server is not activated
(e-mail software key not required). OmniPCX Office acts as an Email server
gateway ·
The traffic is routed to existing e-mail server
through OmniPCX Office Firewall using the port forwarding feature ·
SMTP relay supported |
|
|
No e-mail server at customer site |
·
OmniPCX provides the internet connection to access
ISP e-mail server ·
No internal e-mail ·
The e-mail software key is not required ·
Supports of POP3/SMTP/IMAP4 protocols |
OmniPCX Office e-mail is a client/server e-mail architecture supporting
the most popular POP3/SMTP
client software (e.g: Microsoft® Outlook™, Lotus
Notes®, Netscape Mail, Eudora,...)
·
Alcatel OmniPCX Office e-mail server is a temporary
mail storage facility. Mail is downloaded from the system to the end-user PCs. Typically after download, mail is deleted from the system.
This option is highly recommended to ensure optimum performance from the
system.
·
To optimize connection time, the transfer of the
e-mail is performed by a predefined period (e.g:
every 30 minutes) or when connection is made (piggyback method).
Embedded
features
System features
·
Mailing lists
Mailing lists can be defined on the OmniPCX Office system. They are used to send an e-mail to multiple
users using only one single destination address. Mailing list can includes internal and external addresses.
·
Greetings
A message can be defined and automatically sent to any newly created
electronic mail box to give end-users information or instructions the first
time they access the e-mail system.
·
Aliases
Several email addresses can be defined for a single user. What ever the
email address used, all the mail will be distributed in a single mailbox.
Personal settings
A browser based Graphical User Interface allows end-users to manage
some personal settings : :
·
E-mail forwarding
A per user e-mail forwarding policy can be configured. This allows any e-mail
sent to an end-user to be automatically forwarded to one or many addresses. (e.g: out of the Office period)
·
Auto reply
A per user auto reply message can be setup. This can be used when the
end-user is on vacation to inform them when the user will be back and who can
be contacted during his absence.
·
Account name/password
Each user can define or modify his own account name and password
System management
In line with the whole Ease of Use concept, the OmniPCX Office e-mail
server is Plug and Play. Configuration of the e-mail parameters and the user
parameters are performed using a wizard with a limited number of parameters.
·
Disk storage
policy and disk capacity
According to the client
configuration, messages can be automatically deleted or kept on the server
after download. However, OmniPCX Office is not designed to keep messages
permanently rather it is positioned as a temporary storage device (offline
mode). Thus it is recommended to configure clients so
that messages are deleted after download.
Integrated e-mail server
An e-mail notification is sent to the Administrator when the ratio of
free space goes below 70%.
When the ratio of free space goes below 10%, new e-mails are explicitly
refused.
They will be accepted again when the ratio of free space goes above
70%.
This can be achieved if end-users download their E-mails or if stored
e-mails are sent to the Internet. Note that in any case, e-mails are never
lost.
Unified
Messaging solution
Voice
mail and e-mail integration
With OmniPCX Office , each user can benefit from an e-mail account and a
voice mailbox on the same system. These two applications can be combined at
user desktop level to offer access to e-mail and voice mail from a single user interface : Microsoft® Outlook™.
Voice mail can be
automatically transferred from the OmniPCX Office system to the end user PC who
receive it in his mailbox as an e-mail with an audio file attached (.wav format) .
The voice message is clearly identified with a specific icon and contains
the same level of information as the traditional voice mail :
name or number, date and time. The user can forward this message, answer by
sending back an e-mail, etc.
The user has the choice to store voice messages only on his PC or keep also the
voice messages on the system. Thus the user can
consult his voice mail from its PC inside the company and by phone from an
external site.
NB : The transfer of
the voice mail to the PC is performed using PIMphony
visual mailbox feature. PIMphony Pro or PIMphony Team are mandatory on the end user PC to perform
the voice mail integration.
Fax integration
Taking advantage of its embedded voice mail server and e-mail server,
customer can build a unified messaging solution using the OmniPCX Office
internet access capability to integrate the fax service. Using the internet
shared access capability the OmniPCX Office is able to support a hosted fax
service delivered by an Internet fax Service provider (IFSP) who delivers the
fax services directly
using the e-mail application. Outgoing faxes are sent from the e-mail user
interface – Microsoft® Outlook™ and incoming faxes can be directly received in
the email box as an attachment.
This innovative solution offers several key advantages
:
·
easy to implement unified messaging solution base on
a single platform
·
cost effective solution due to no additional
investment in external server or software.
·
permanently availability of the fax service
·
Same level of service for internal user as well as
the remote user, as soon as they can access their e-mail application.
NB : The OmniPCX
Office Unified messaging solution requires Microsoft® Outlook™ email client.
J Integrated email server
benefits
·
Fully featured client/server
email application
·
Improve enterprise
communication and efficiency
·
No dedicated
hardware or software
·
Standard email
protocols support
·
Flexible solution
to address various
SME needs
·
Cost effective
solution
·
Easy to set up
using web based management tool and wizards
·
Unified messaging
solution
VPN
Internet
VPN
The VPN – Virtual Private Networking - feature allows a remote system
to reach the LAN over the Internet by using an economical and secured
(encrypted) connection, based on tunneling mechanism with authentication
.
The VPN connection is secured because it establishes a “tunnel” through
the Internet between the sites with guarantees integrity and confidentiality by
encryption.
Connection is economical because it is made up of a local internet
connection (POP).
Authentication is required to start a VPN session by using PAP/CHAP
mechanism (User ID + password).
OmniPCX Office supports the 2 major VPN protocols :
·
PPTP for user remote access
·
IPSec for LAN to LAN networking.
Remote
access (remote worker)
Alcatel OmniPCX Office VPN solution allows secured remote activities
over the Internet. At home or in a hotel, remote workers can dial up the
nearest internet Point of Presence (POP) to establish a remote and secure
connection to OmniPCX Office via internet using a VPN tunneling. The user can
access all the applications he usually uses on the LAN.
Specifications:
·
Compatible with Microsoft PPTP client
·
Works with Windows 95/98/NT/2000 clients
·
Windows VPN clients
·
MS-CHAP-V2 authentication
·
Microsoft Point-to-Point 40 - 128 bits encryption
Limits
·
For e-VS model
10 remote workers maximum can be configured.
Recommendation : The number of simultaneous VPN
PPTP connections (remote workers) is 2.
·
For all others models :
Recommendation : The number of simultaneous VPN
PPTP connections (remote workers) is 5.
VPN
LAN
to LAN networking
OmniPCX Office provides a secure LAN to LAN networking solution using
Virtual Private Network tunneling over the Internet. Multiple sites can be networked using the
internet as a WAN infrastructure.
OmniPCX Office supports the IETF IPSec/IKE
standard protocol which provides a high level of security by authentication and
encryption.
Specifications:
·
High level of security with IETF IPSec/IKE
·
Authentication with HMAC-MD5
·
Integrity with 3DES 168 bits encryption
·
ISAKMP/IKE key management
·
Pre-shared keys
·
RSA public/private keys
Limits
The number of simultaneous VPN IPSec
connections for LAN to LAN access is 2 for M, L, XL,
XXL models and 1 for S model.
J Virtual Private Networking
benefits
·
Secure remote
connection over the Internet
·
Support of standard
VPN protocols : PPTP and IPSec
·
Cost effective
remote connection
·
Alternative
solution to Remote Access Server for remote connection