U m i, U s e r – Datatek UMI User Manual

Page 61

Advertising
background image

U N I V E R S A L M E D I A T I O N I N T E R F A C E ( U M I ) U S E R M A N U A L

04/30/09

61

1 3 A P P E N D I X

F :

U M I

C L O S E D

U S E R

G R O U P

D E M O N S T R A T I O N

The UMI supports the notion of Closed User Groups (CUGs). In a BNS network, CUGs are
administered on the affected nodes, in order to restrict UMI virtual ports (i.e., SAM504 ports) to
specific BNS endpoints, and vice versa. CUGs may also be fully extended from a UMI virtual port
into the IP network. This can apply in either call direction (IP to BNS or BNS to IP), providing a
secure firewall for BNS-IP connectivity. This is an important feature for protecting sensitive
endpoints in a corporate-wide network without the burden of special “security servers.

In the following diagram, there is a corporate IP network infrastructure which may be used by
endpoints throughout the network. Some endpoints require access to Network Elements (NE)
reachable via the BNS network, and some endpoints are not to be allowed such access. Those IP
endpoints which are allowed access to the NE are placed in a CUG associated with a UMI virtual
port. (The same CUG may be associated with any number of UMI virtual ports. Any one virtual
port may have up to 128 CUGs.) A UMI virtual port is treated by the BNS Control Computer as a
SAM504 port belonging to a BNS CUG, and the far endpoint in the BNS network also has a
corresponding CUG association. Jointly, these CUG arrangements provide end-to-end security.

NE

NE

UMI

IP Network

10BaseT

Endpoint “A”

Endpoint “B”

BNS
Network

Referring to the above diagram,

Endpoint A is allowed access to all the NEs. Endpoint B is not

allowed access. Both are allowed access to the BNS network in general.

The UMI is configured with CUG 1 with the address of

Endpoint A, as follows:

cug 1 ipaddr=135.17.59.5 submask=255.255.255.255

The protected virtual ports (i.e., those forming a hunt group which will be given access to the
NEs via a separate node-administered BNS CUG) are set up with CUG 1 assigned to them, as
follows:

Advertising
See also other documents in the category Datatek Equipment: