Course13:IT Connect - 06 Managing Devices

From innovaphone-wiki

Jump to: navigation, search

This books describes the Devices App which can be used to manage all devices that belong to a single installation.

Contents

The Devices App

Devices mission is to manage all the devices that belong to a single installation.

When it starts, it shows a list of domains on the left side (because the Domains tab is active initially). After having run the Install, there is screenshot.png only one domain in there, which is the one you defined during the Install. In many projects, there will be no more domains. But in some projects, where you serve multiple customers with a single system (a.k.a. multi-tenant, for example when a hoster runs individual PBXs for many customers), more domains will appear here. During this course, we will not cover such scenarios.


In the Devices tab, there is a list of devices known in this installation. You could limit this list to the devices which belong to a certain domain by selecting one or more particular domains in the Domains tab. Of course, in this course, it doesn't make a difference as we only have one domain.

But isn't there a domain called Unassigned devices? This of course is a pseudo domain which selects all devices that are connected to Devices but not in its device database. This for example may happen if a device was previously part of the installation but had been removed. If the device still connects to the Devices App, it is listed here.

Looking at the list in the Devices tab, we see screenshot.png a number of entries:
  • AP - apps.yourdomain (apps.dvl-ckl2.net)
    The application platform

  • PBX - yourlocation.yourdomain (hq.dvl-ckl2.net)
    The PBX
  • hq IP Phone-IP111-jdu
    Jean Dupont's IP 111
  • and some more phones
Both the AP and the PBX are located on the IP411LEFT which you have set up using the Install. One is the PBX itself, the other the application platform running the apps (AP). As they run on different CPUs (well actually different CPU cores) and run different software, they are treated as separate devices in Devices.


Device related Functions

When you are in the Devices tab and a particular device is selected, a number of functions on that device are available in the right pane.

Edit

The Edit tab allows you to
  • change the devices nickname (as it is shown in Devices)
    You rename the device to your likes, the name has no significance
  • move the device to a different domain
    As discussed before, this only makes sense when you run multiple domains (i.e. tennants) in a single system. So in this course, this will not happen

Admin UI

This tab gives you access to the individual device admin user interface (also known as advanced UI).


Before v13r1, this user interface was the only method to configure the whole system. From v13r1, you still have full access to it and you can do all device configurations as you like on it. However, in many cases, you won't need it any more as you have the Apps doing the work for you. Especially if you need to do some configuration on multiple devices to implement a specific function, the Apps can do it for you on a single place which greatly simplifies your life as an administrator.

However, even if you decide to use the traditional admin user interface in some cases, Devices has some interesting benefits for you
  • you have a central and convenient place to find all your devices. No more remembered IP addresses or painful maintenance of browser shortcuts to your devices
  • there is no need any more to authenticate to each device individually. As soon as you are logged-in to myApps (and have the appropriate rights), you can access any device in your system without typing in passwords over and over again
  • accessing the individual device user interface even works, if the device is not reachable from your network

Accessing Remote Devices


Let us look at the last point in some more detail.

The technology used to provide you with the device's user interface is known as WebSocket. The devices you add to your installation will always try to establish a WebSocket connections to the Devices App on your App Platform. When the connection is up, Devices will tunnel all your usage of the user interface through this connection. This way, you can access devices even though they are located behind a remote NAT router. No special configuration on the remote NAT router is required (for example, no port forwardings).

This is a great tool if you have to maintain devices in remote sites, like when you have home offices or when you run a hosted PBX service and you need to access remote phones for example.

Categories

You can assign categories to devices. If you like, categories are just names for groups of devices. Therefore, one application of such categories is to filter the device list.

For example, to filter all IP phones, you would
(Further Hints) Don't forget to uncheck the category again after trying this, so you see all devices again (note the little check-mark above the Categories tab header which reminds you of the fact that you have restricted your list to only some categories)!

Defining Categories

Before you can assign a category to a device, you must define the category. This is done in the Categories tab. Some useful categories are already created by the Install but you can screenshot.png add more.

Normally, categories are used for filtering in the list of devices. However, if you tick the screenshot.png Provisioning category check-mark, the category will also be available to select devices for provisioning of specific device configurations. We will come back to this later.

Note that while you can assign multiple categories to a device, you can only assign a single category with the Provisioning category check-mark to a device.

video2.png Create a new category invalid member reference '.username' in 'username''s devices for filtering and add it to your IP232:
  • switch to the Categories tab
  • click on + Add category
  • enter invalid member reference '.username' in 'username''s devices as name
  • do not tick the Provisioning category for device configuration deployment check-mark
  • switch to the Devices tab
  • select the hq IP Phone-IP232-invalid member reference '.username' in 'username' device
  • click on Categories
  • add invalid member reference '.username' in 'username''s devices to the Configuration of categories
  • switch back to the Categories tab
  • tick the new category in the category list
  • switch back to the Devices tab
  • you will see only your IP232 listed

Searching Devices


While we are at filtering the device list: you can also filter the device list ad-hoc using a search term in the device list

Remove

If you have physically removed a device from your installation, Devices will screenshot.png show it as missing. In this case, you can also remove it from the Devices database.

(Further Hints) Be sure though that the device is obsolete really. In many cases, when the device does not connect to Devices, there is some network issue that keeps the device from connecting. In a clean installation, no devices should be marked disconnected.

Adding a Gateway

When we look at the screenshot.png list of devices present in the system, we see some which were added by the Install (the PBX and AP) and some that were added by the admin (the phones when they were provisioned). Let us see now how extra gateway devices are added to the system.

The process of provisioning a gateway is quite similar to provisioning a phone. So you would
  • select a provisioning category for the new device
  • create a provisioning code
  • enter the code to the device
As opposed to the phones however, you first need to access the devices web user interface, as it does not have keys or something similar that would allow you to type in the code.

In that respect, the provisioning process resembles the Install we have used to set up the first device (the PBX). So the process here is
We can try this out by adding our IP811 to the system. If you like, you can do the factory reset and IP address determination, but you don't have to. moodle was nice enough to set up your IP811 so it is in factory reset state. Also, when we start the Install, we want to make sure that it is started in English so that it matches the screen shots in this book. So here is the link to start the Install:
Start Install on IP811
In a real-life scenario, you would just type in the device's IP address of course.

The web page you will see is the same as when you ran the Install for the PBX. However, as you do not want to create a new system, you screenshot.png select the Add the device to an installation mode.

The next page will look familiar to you too. Here you need to define the basic IP settings. As you probably will remember, all values you need here are already correct, so you just screenshot.png don't change anything:
  • IP address is left empty as the device will receive its IP address with DHCP
  • Second DNS server and Second NTP server are left empty as there are no backup servers in the training installation
  • the firmware version (Select the version to update to) is set to 13r1 Training [xxxxxx]. This is a very common situation when adding a device: the firmware that runs on the device is older than the latest-greatest available. In this case, Install will download and install the up-to-date version automatically. However, if you don't want that to happen for whatever reason, you can select the empty entry in the firmware dropdown and Install will leave the firmware as-is. Here in the training. you can choose to go either way - we will update the device firmware for all devices in a later step anyway
The only thing you need to take care of is actually the thing that differs to the initial PBX Install: the field Provisioning code. We screenshot.png obtain the provisioning code from Devices by
  • switching to the Devices tab
  • clicking + Provision a gateway
  • selecting an appropriate provisioning category
  • and defining a pretty name for the new device (which will be shown in the list of devices later on)
Devices will screenshot.png create the provisioning code and we can cut & screenshot.png paste it to the Install that runs on our IP811.

The device will then reboot with the updated network settings (well, potentially updated network settings, as discussed, we don't have to change anything here in the training).

When we click on Next then, the Install will show Waiting for provisioning for a short while and then screenshot.png we are done!

When we switch back to Devices, we see that our screenshot.png IP811 has been added to the list of devices.

Domain related Functions

When screenshot.png you are in the Domains tab and a particular domain is selected, a number of functions on that domain are available in the right pane.

Edit

The screenshot.png Edit tab seems to have a pretty obvious function: you can rename the domain and set its password.

However, it will probably be a rare occasion that you change the name of the domain. The Install has asked you for the PBX's Domain name during initial setup. This name (dvl-ckl2.net in your case) was then used in a lot of places and the domain name here in the Devices app is one of them. If you rename it here, it will in fact only rename it here. You can do this and it won't do any harm, but it might be confusing to you later on - as the name now differs from the various other places where the initial domain name was used.

You can also change the password for the domain. This password is interesting if you run a multi-tennant system (e.g. a hosted PBX solution). As we mentioned before, you would create a separate domain for each of your customers. The domain password would then be used by your customer to log in to your Devices so that he has access to his own domain only.

However, in a single customer installation (and also in this training), you wont need it.

Using your own Provisioning Server


In this and a previous topic (Managing Users), we used so-called provisioning codes to provision devices. Such codes are provided by a service which is run by innovaphone (http://config.innovaphone.com) and is thus not available if your installation has no internet access.

It is possible to run your own instance of this service. In this case, you would configure the URL to your instance in the URL to generate provisioning codes field. However, we will not cover this option in this course, so you should never configure it during the training.

Rental

With v13, innovaphone introduces a rental scheme. Both the Email address(es) for rental expiration warning and the Rental project name in my.innovaphone field are related to this. However, as rental is not covered in this training, you can leave both empty.

Deploy the domain password on all devices

Apart from being used as described above, the domain password is also used as the administrator password for the individual device user interfaces (that is, when you access the device directly with the browser, we will talk about this later in more detail). When the Deploy the domain password on all devices check-mark is set, Devices will change this password. In real-life, this is a very good idea indeed (as a device with a non-secure device password is a security breach).

(Further Hints) However, in the training, it would be a problem if a student looses for whatever reason access to myApps and the trainer needs to fix it through the web UI. So never set this check mark in the training (Further Hints)

Access Rights

In this tab, you can screenshot.png specify a list of domains that should also have access to the current domain. This is of course again useful in a multi-tennant system only. This way, you can specify a domain whoose administrator also can manage some other domains. This might happen in a hosted-PBX scenario where a reseller manages some but not all of the PBXs in the hosting system.

In this training, we will not use it.

Software Rental

As mentioned before, rental will not be covered in this course.

Update

This tab allow you to update the firmware and apps on your system.

Defining the Versions to be used



To run firmware and software updates you first need to define which version shall be used. This is done in the screenshot.png Update settings dialogue.

Let's see what it has:
  • first there are 2 URLs
    They are used to fetch the most up-do-date firmware (firmware.json) and app (apps.json) definitions. These are plain files and by default, they are fetched from a site hosted by innovaphone (store.innovaphone.com/release/download), the so-called AppStore
    As you already know, moodle has set it differently for you (class.innovaphone.com/webbuild/store.php/1/)
  • existing definitions and
  • updated definitions, if found in the above mentioned files
When there are updated version in your AppStore, the screenshot.png dialogue might look a bit scary first, but its not that difficult. You can screenshot.png tick the Apply available versions check-mark and click on Apply then.

In the course moodle has arranged things so that there are updates for all your devices and apps available (unless you have already upgraded your IP811 lately, then it is already on the latest-greatest version as the version information used here is the same as used by the Install). If there would be no newer versions available, the form would say screenshot.png no newer versions available.


Applying new Firmware and Software

If you want to update your devices to the latest version as shown, you need to tick the Apply available versions check-mark and hit Apply. This actually does not initiate the firmware update. It just says that the new versions will be used if you do an update! You can also screenshot.png set a name for the new settings which helps you to determine later which version is installed on a particular device.

So far, no firmware or Apps update happened. To apply the versions you selected in the previous step, you need to screenshot.png create an update job.

You screenshot.png can define:
  • The Date and Time when the update shall begin
  • The Major version for the update
    Only devices which already run this major version are affected by the update (but see below)
  • an optional Category. If you select a category here, only devices in this category will be affected
  • an optional Exclude category. If you select a category here, devices in this category will not be affected even though they match the above Category
All devices which are currently connected to Devices (and match the criteria) will be updated at the selected date and time. When a device connects to Devices later on (for example because it has been added to the installation or it is simply turned on), the firmware it runs will be checked and an update will be initiated if it does not match.

In fact, Devices does not do the update itself. Instead, it tells the device to do so. Therefore, the device must have access to the server that has been set for the URLs in the Update settings before. Also, not all the devices will receive this request at the same time. Devices will initiate an update on 20 devices at the same time. Further devices will receive it once another device has completed the update.

Now you can create an update job that updates all of your devices to the latest-greatest version. Be sure to set the time a minute or so in the future, otherwise you may have to wait until to tomorrow for the update to happen wink

When you unfold the screenshot.png status area you will see how your devices do the update in real-time.

Note that eventually the Devices App will restart. This is because during the update, also the App Platform (more precisely, the App Services running on the App Platform) will be re-started for the update.

Special Updates

Devices can also update the boot code at the same time when the Update bootcode check-mark is ticked.

Also, Devices can upgrade devices to the latest major version by ticking the Major firmware upgrade check-mark.

Updating an Update Job

To update to a newer firmware and Apps version as before, you can simply create a new update job. When there are multiple update jobs defined for a particular device category, Devices will only apply the newest one. This allows you to keep the history of older update jobs.

Keep in mind that before you create the new job, you must update your Update settings as described above (otherwise, the new job will behave like the old one).

To create a new job with the same settings as an existing one (except for the versions used), you can clone the current one by clicking on the screenshot.png little + sign.

However, if you always create new update jobs, over time many obsolete jobs will populate your Update view and this may become confusing. For this reason, when you are cloning a job, the option screenshot.png Delete old update job is available and checked by default. Of course, you can also delete the old ones eventually.

Finally, you can also simply edit an existing job. However, the edited job will retain its existing history and the firmware to be deployed will not be changed (even if you have changed your Update settings before). Therefore, to deploy new firmware, you must create a new job (or clone an old one).

Private Firmware and Apps Sources

As discussed before, the version definitions are fetched from a site hosted by innovaphone, store.innovaphone.com. This of course means that you can not control their contents. As shown, you can select when to upgrade to the latest-greatest version. But you can not select which one this shall be.

However, an administrator can choose to provide his own version of these files and host them on a local web server. They must be reachable both by HTTP and HTTPS. In other words, if you want to provide your own definitions, you also have to provide the binaries.

The content can be created easily:
  • open http://store.innovaphone.com/release/download.htm
  • click on Preselection
  • click on innovaphone/13r1 and firmware/13r1
  • click on Apply selection
  • click on Download package
This will download the complete content you need for your own store server.


Installing and updating myApps

Windows


myApps for Windows needs to be installed initially using the myApps installer (.msi) available in the AppStore (see myApps for Windows in the Software section of link_intern.png store.innovaphone.com). You can either download and execute the msi on the target computer or use your favorite software rollout tool (see MSI parameters in fish-help.png Concept myApps ).

However, myApps for Windows can do automated updates for you. When Devices does a successful firmware update to a PBX device, it will note the firmware build number as well as the AppStore URL in the PBX. Whenever a myApps client connects to the PBX, the up-to-date myApps version will be fetched from the AppStore and installed.

For such updates, trace files called myAppsInstall.txt and myAppsUpdateService-...txt will be written to %windir%\Temp.

iOS and Android

iOS and Android installs and updates are done using their respective App Stores (Apple App Store or Google Play Store).

Backup

Devices can do regular backups for all of your devices. This is done in the screenshot.png Backup tab.

  • will create device backups on a regular basis
  • optionally limited to a device category
  • which will be sent to an external WebDAV server (more precisely, to a web server which allows the HTTP PUT verb)
  • multiple backups for the same device can be kept
It is recommended to save the backups to a WebDAV server that is not part of the PBX system itself. However, if such a web server is not available, the Backup Files App on the application platform can be used.

For each backup job you created, you will see screenshot.png its state, when you click on the screenshot.png little caret (^) on the right of its entry in the list of backups.

Using the Backup Files App for backup


Although it is safer to backup a system outside of the system, an internal backup is better than none wink

Therefore, the Files App allows you to store files and hence also backups.

Well, technically, yes. Practically, there is a little problem. As the Files App is a regular App among others, sending a backup to the Files App would also backup the content of the Files App itself to the Files App. Next time you do it, the backup you did the last time would be part of this content and so forth - so your backups would grow dramatically over time.

For this reason, the Install has created two instances of the Files App for you:
  • one for regular use (called Files)
  • one only to put backups on it (called Backup Files)
Now you can exclude the Backup Files instance from your regular backups.

The work flow is quite simple:
  • you start the Backup Files App
  • you create a folder
  • you share it
  • for the share, you specify a user and a password
  • you look up the new folder's URL
  • and you use this (along with the user and password) in your backup job

First video2.png add the Backup Files App to your home screen and open it. Here is video2.png how to create a folder for your backups in Backup Files:
  • in the Backup Files App, click on the screenshot.png create directory icon on the upper right edge and create a folder called backups
  • tick the screenshot.png little check-mark on the upper right. All items in your current folder are now ticked. Make sure that only your new folder is ticked (which is easy, as you probably only have one wink)
  • click on the Share symbol on the upper right
  • enter backups as User and pwd as Password ((Further Hints) please, in real life, choose a better password!)
  • click on Share, the folder is now available via HTTP/WebDAV using the credentials you have set
  • to learn the URL used to access the folder, first click on the folder to open its content and then on the screenshot.png little i (for Info) on the upper right
  • take note of the URL shown. It should be https://apps.dvl-ckl2.net/dvl-ckl2.net/backup-files/root/backups
You might have observed that the User and Password fields are marked as optional. If you leave both empty, the files will not be available via HTTP/WebDAV easily. Instead, they are available to other Apps (for example the Waiting Queue where Files is used to store media files - we'll get back to this later).

You can close the Files App now.

Back in Devices, create the video2.png appropriate backup job:
  • go back to the Devices App
  • add a new backup job which does a backup for all your devices on each day
  • set a Description so that you can easily recall what this backup job does, e.g. backup everything
  • set the time-of-day so that it will be done in 2 minutes from now
  • you may want a full week of daily backups, so set Keep backups to 7
  • you may or may not set a Prefix for the filename, in the training please use everything
  • set the Webserver URL to https://apps.dvl-ckl2.net/dvl-ckl2.net/backup-files/root/backups/
  • set the Webserver username to backups
  • set the Webserver password to pwd
  • no Category name restriction
  • no Exclude category
  • hit OK
When the time has come, you will see screenshot.png backup progress in Devices and screenshot.png a number of backups appearing in the backups folder in the Backup Files App.

Backup now

You can also do an immediate backup using the screenshot.png backup now icon.

Restore

Restoring a system is not that trivial. If you run in to a situation where you need to do a partial or complete restore, refer to fish-help.png Restore an App Platform in our wiki or contact mail.bmp presales@innovaphone.com for advice.




Delete

You can of course delete a domain.

However, this will also delete all domain related information (such as categories and devices), so it is rarely a good idea to delete a domain.

Device Configuration

Devices can deploy configurations to all the devices which belong to an installation. Various aspects of device configuration can be controlled and different settings can be deployed based on device categories.

A defined configuration will be pushed to the device when
  • it is added to the domain
  • a category is assigned to it
  • a configuration job relevant to it is modified

Creating a new device configuration

To create a device configuration, you select the domain and the Device configuration tab and screenshot.png click on the + Define device configuration button. You then can screenshot.png select the type of configuration you want to add.

The specifics of the available types of configuration jobs are described in the next sub chapters. However, all types share the following properties:
  • Description: a free text with no relevance other than reminding you of what the job is intended to do
  • Apply to all devices: if this check-mark is set, the configuration applies to all devices.
  • Categories: a list of provisioning categories (as defined in the Categories tab of Devices - see Device related Functions/Categories above - and assigned to individual devices in the Devices tab), if Apply to all devices is not checked is not checked. Configuration jobs are only executed for devices which have at least one of the listed categories assigned. If you are sure that the settings shall be deployed to all devices in your installation, tick the Apply to all devices check-mark. Otherwise, you must select at least one category
Some types have optional properties. They are screenshot.png deployed only when checked. Otherwise, possibly existing current settings for these properties on the device are not modified.

Alarm server

innovaphone devices can send messages reflecting possible issues (so-called events and alarms) to a central service. The administrator then has the possibility to browse through the messages generated by all these devices in a single place.

In addition to that, log messages reflecting normal operation can be sent to a central service which helps administrators to understand what is going on.

The Alarm server type of device configuration lets you screenshot.png configure the URLs of those two services. The URL for the log messages server is optional.

How to configure


(Further Hints) Install has created a useful device configuration of this type. So let us screenshot.png look at screenshot.png what it has created.
  • in most installations, all devices should sent these messages to the same alarm and event service. For this reason, Install has set the Description to Global (indicating that this configuration applies to all devices)
  • it also ticked the Apply to all devices check-mark
  • the Alarm server URL is configured and points to https://apps.dvl-ckl2.net/dvl-ckl2.net/events/innovaphone-alarms.
    As you might recall, this URL points to the App Platform on your IP411LEFT. This is because one of the Apps installed is the Events App, which provides the service to collect alarm and event messages and it often makes sense to use it
  • also,the Logging URL is configured. As this property is optional, the corresponding check-mark is ticked. The URL is https://apps.dvl-ckl2.net/dvl-ckl2.net/events/innovaphone-logging. This is a different service provided by the Events App intended to collect log messages

Media

innovaphone devices which can terminate voice (a.k.a. media) have a number of settings which influence the way media-data is sent or received.

The Media type of device configuration lets you screenshot.png configure these settings.

How to configure


(Further Hints) Install has created a useful device configuration of this type. So let us screenshot.png look at screenshot.png what it has created.
  • in most installations, all devices which can handle media should use the same media configuration. For this reason, Install has set the Description to Global (indicating that this configuration applies to all devices)
  • it also ticked the Apply to all devices check-mark for this reason.
    Not all devices can handle media (or more precisely, can terminate a media stream). For example, the App Platform currently never works as a media endpoint. However, Devices is smart enough to not apply configurations to devices which do not provide the configuration options. So it will silently not apply this media configuration to an App Platform - even though the Apply to all devices check-mark is ticked
  • the STUN server is set to stun.innovaphone.com.
    This is a public STUN server operated by innovaphone. If the customer runs his own STUN server, or if the customer's SIP- or Internet-provider has one, it is better to use these. However, if they don't or if you don't know, the setting created by the Install will do
  • in contrast, the TURN server is set to hq.dvl-ckl2.net. As you will recall, this points to your own PBX.
    The thing you need to understand here is that a TURN server is consuming a substantial amount of both CPU and network traffic resources. It is therefore not an option to use a service operated by innovaphone. Instead, it would be best to use a TURN server that is provided by the customer's SIP-provider or by the customer itself. However, such services rarely exist nowadays. Therefore, the Install has enabled your own TURN server on your PBX and has set the TURN server to this PBX.
    Both the TURN username and the TURN password must match the settings in the TURN server that is used. The Install, when it enabled the TURN server on the PBX, used turn as username and turn.dvl-ckl2.net as password
  • the remaining fields are left empty so that the firmware defaults are used. These should work well in most installations.
    You may want to ask your network administrator though, if layer 3 wikipedia.ico Quality of service is used in your installation. If so, make sure that the values for TOS priority - RTP data and TOS priority - signaling fish-help.png match with the settings used in your networking gear

     

Phone

VoIP phones (such as your IP111/112/222/232) need a number of settings to be able to register with your PBX.

The Phone type of device configuration lets you screenshot.png configure these settings.

How to configure


(Further Hints) Install has created a useful device configuration of this type. So let us screenshot.png look at screenshot.png what it has created.
  • the settings needed to register with a PBX obviously depend on the PBX to register with. For different domains, you will have different PBXs. For this reason, Install has set the Description to dvl-ckl2.net (indicating that this configuration applies phones registered to your PBX).
    In larger installations, you may have more than one PBX. In this case, phones will need to register with one of those. So, strictly speaking, the settings depend less on the domain, but on the PBX used for registration. Therefore, you could arguably say that hq.dvl-ckl2.net would have been an even better choice. However, in this course (and in many installations), there is only one PBX and so it doesn't matter
  • these settings are intended for IP phones only. Therefore, only hq IP Phone is set as category and Apply to all devices is not ticked
  • the Primary gatekeeper is set to the value you noted in your setup.xls as DNS name of this PBX: hq.dvl-ckl2.net.
    You may think that you could also use your PBX's IP address here. This would indeed work - as long as you do not want to register with your PBX from remote locations (such as home offices or mobile devices on the Internet). So it is better to use the DNS name, if you have one
  • the Secondary gatekeeper would be the DNS name (or IP address) of a hot standby device for the PBX. However, the Install does not support this configuration and we do not cover it in this course, so it is left empty here
  • the Gatekeeper ID is set to the value you noted in your setup.xls as Domain name: dvl-ckl2.net
  • the Dial tone is the tone users hear when they go off-hook on a phone before they dial the digits and is country specific. Users expect a different dial tone in a PBX compared to the public networks. In most countries, EUROPE-PBX is a good choice for this. For some countries however, there are country specific options (such as for example ITALY-PBX and ITALY-PUBLIC). The Install sets that to EUROPE-PBX but there are situations where you need to change this to accommodate user expectations
  • the Preferred coder defines the voice compression method (a.k.a. as codec) which should be used in your installation whenever possible. You don't need to know much about about codecs, simply keep in mind that OPUS-WB is best. This is why the Install has configured it this way.
    In some cases, where you must make sure to save on bandwidth, you may consider using OPUS-NB. All other options are only rarely used if you encounter interoperability issues with 3rd party devices
  • the same goes true for Framesize [ms] (20), Exclusive (not ticked), SRTP key exchange (SDES-DTLS) and SRTP cipher (AES128/32). These should be set differently only in very special circumstances when you know what you are doing (or the innovaphone support has advised doing so)
  • the Recording URL is used only if you intend to do voice recording (e.g. in a call center) and is not covered in this course. It would contain the URL of the recording service (which probably would be the Recording App, not installed by Install). Also, as you would normally only select some devices for which recording should be enabled, this property is optional and the Install has not ticked its check-mark
  • there are also some screenshot.png Advanced settings and they are by default hidden with good reason. None of them are ticked in the device config created by Install:
    • Silence compression, Audio only and No DTMF detection should be ticked only if you know what you are doing (or the innovaphone support has advised doing so)
    • No transfer on hangup disables the automatic transfer of the two remote parties if you have 2 calls on a phone (one connected and one on hold)
    • Protect configuration at phone stops users from modifying the phone configuration directly on the phone
    • Hide complete configuration additionally does not even display the phone configuration on the phone
    • Hide administration configuration at phone only shows user preference related configurations options on the phone, no administration settings
      For more information on configuration hiding, you may want to have a look at fish-help.png Concept Fine grained function hiding. However, this is neither used nor discussed further in this course

TLS profile

VoIP systems usually work with full encryption of voice streams and other data. TLS is one of the protocols used for this.

The TLS profile type of device configuration lets you screenshot.png configure these settings.

How to configure

The short answer is: you don't!

In some more detail: modifying the TLS profile is rarely a good idea. There is a huge number of settings for TLS and modifying is for experts only. innovaphone has therefore created 3 profiles which implement different Security levels: Normal, Fast and Highest Security.

Of course, Highest Security seems to be a good thing. However, as often in life, better things are not for free. In this case, when selecting highest security, you will impose much higher CPU load on all the devices. Especially on a PBX or on a media-gateway, this will significantly reduce performance so that you can only accommodate much less users with a certain type of device.

On the other side, when you run your system with a lot of users (and perhaps already out of spec as far as user numbers are concerned), you may benefit from the fact that Fast security settings result in a notable reduction of CPU usage. For sure though, fast in this case also means less secure.

We recommend to use Normal settings always unless you really know what you do (see fish-help.png IP4/General/TLS for some more detail). This is also the default and therefore, the Install has not configured a device configuration of type TLS profile at all.

In any case, if you intend to work with a non-standard profile, you should use those on all devices uniformly. To make sure this happens, you should tick the Apply to all devices check-mark.

Analogue phone/fax

Analogue phones do not register themselves with the PBX. Instead, the FXS interfaces used to attach the phone do so. So they need a number of settings to be able to register with your PBX, very similar to the Phone settings we discussed before.

So the Analogue phone/fax type of device configuration lets you screenshot.png configure these settings.

How to configure


(Further Hints) Install has created a useful device configuration of this type. So let us screenshot.png look at screenshot.png what it has created.

Watch out! Install has created two configuration settings of this type: dvl-ckl2.net Analog Phone and dvl-ckl2.net Fax Device. Make sure you open the first one.
  • the Description has been set to dvl-ckl2.net Analog Phone for the reason explained earlier for the Phone type of settings
  • the categories used must make sure that only FXS interfaces used for an analogue phone are configured. Therefore, the Install has created a category hq Analog Phone and added only this to the Categories. The Apply to all devices check-mark is therefor not checked
  • Primary gatekeeper, Secondary gatekeeper, Gatekeeper ID, Dial tone, Preferred coder, Framesize [ms], Exclusive, SRTP key exchange, SRTP cipher and Recording URL are the same as for the Phone configuration
  • the Fax device check-mark is unique to the Analogue phone/fax type of device configuration. It must be ticked for any fax device for it to work properly. If turned on, a special Fax transmission protocol (T.38) is enabled and the feature codes are turned of (as a fax device won't use them anyway and also this disables call waiting on a fax line which would disturb an active fax transmission). It must be un-checked for an analogue phone
  • there are only a screenshot.png few Advanced settings: Silence compression and No DTMF detection and they are the same as for the Phone configuration
Fax Devices
Fax devices are pretty much similar to analogue phones, but there are differences. To accommodate these differences, the Install has created a second device configuration of the same type called dvl-ckl2.net Fax Device. The only differences are
  • the category used is hq Fax Device
  • the Preferred coder is G711 (as only G711 can transport fax information when T.38 is not available one of the two ends of the fax transmission)
  • the Fax device check-mark is ticked
     
Personal tools