Course13:IT Connect - 06 Managing Devices

From innovaphone-wiki

Revision as of 16:58, 12 February 2019 by Sga (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

This books describes the Devices App which can be used to manage all devices that belong to a single installation.

Contents

The Devices App

Devices mission is to manage all the devices that belong to a single installation.

When it starts, it shows a list of domains on the left side (because the Domains tab is active initially). After having run the Install, there is screenshot.png only one domain in there, which is the one you defined during the Install. In many projects, there will be no more domains. But in some projects, where you serve multiple customers with a single system (a.k.a. multi-tenant, for example when a hoster runs individual PBXs for many customers), more domains will appear here. During this course, we will not cover such scenarios.


In the Devices tab, there is a list of devices known in this installation. You could limit this list to the devices which belong to a certain domain by selecting one or more particular domains in the Domains tab. Of course, in this course, it doesn't make a difference as we only have one domain.

But isn't there a domain called Unassigned devices? This of course is a pseudo domain which selects all devices that are connected to Devices but not in its device database. This for example may happen if a device was previously part of the installation but had been removed. If the device still connects to the Devices App, it is listed here.

Looking at the list in the Devices tab, we see screenshot.png a number of entries:
  • AP - apps.yourdomain or apps.<first-select-network&gt
    The application platform

  • PBX - yourlocation.yourdomain or hq.<first-select-network&gt
    The PBX
  • hq IP Phone-IP111-jdu
    Jean Dupont's IP 111
  • and some more phones
Both the AP and the PBX are located on the IP411LEFT which you have set up using the Install. One is the PBX itself, the other the application platform running the apps (AP). As they run on different CPUs (well actually different CPU cores) and run different software, they are treated as separate devices in Devices.


Device related Functions

When you are in the Devices tab and a particular device is selected, a number of functions on that device are available in the right pane.

Edit

The Edit tab allows you to
  • change the devices nickname (as it is shown in Devices)
    You rename the device to your likes, the name has no significance
  • move the device to a different domain
    As discussed before, this only makes sense when you run multiple domains (i.e. tennants) in a single system. So in this course, this will not happen

Admin UI

This tab gives you access to the individual device admin user interface.


Before v13r1, this user interface was the only method to configure the whole system. From v13r1, you still have full access to it and you can do all device configurations as you like on it. However, in many cases, you won't need it any more as you have the Apps doing the work for you. Especially if you need to do some configuration on multiple devices to implement a specific function, the Apps can do it for you on a single place which greatly simplifies your life as an administrator.

However, even if you decide to use the traditional admin user interface in some cases, Devices has some interesting benefits for you
  • you have a central and convenient place to find all your devices. No more remembered IP addresses or painful maintenance of browser shortcuts to your devices
  • there is no need any more to authenticate to each device individually. As soon as you are logged-in to myApps (and have the appropriate rights), you can access any device in your system without typing in passwords over and over again
  • accessing the individual device user interface even works, if the device is not reachable from your network

Accessing Remote Devices


Let us look at the last point in some more detail.

The technology used to provide you with the device's user interface is known as WebSocket. The devices you add to your installation will always try to establish a WebSocket connections to the Devices App on your App Platform. When the connection is up, Devices will tunnel all your usage of the user interface through this connection. This way, you can access devices even though they are located behind a remote NAT router. No special configuration on the remote NAT router is required (for example, no port forwardings).

This is a great tool if you have to maintain devices in remote sites, like when you have home offices or when you run a hosted PBX service and you need to access remote phones for example.

Categories

You can assign categories to devices. If you like, categories are just names for groups of devices. Therefore, one application of such categories is to filter the device list.

For example, to filter all IP phones, you would
(Further Hints) Don't forget to uncheck the category again after trying this, so you see all devices again!

Defining Categories

You can screenshot.png add multiple categories for a device.

Before you can assign a category to a device, you must define the category. This is done in the Categories tab. Some useful categories are already created by the Install but you can screenshot.png add more.

Normally, categories are used for filtering in the list of devices. However, if you tick the screenshot.png Provisioning category check-mark, the category will also be available to select devices for provisioning of specific device configurations. We will come back to this later.

Note that while you can assign multiple categories to a device, you can only assign a single category with the Provisioning category check-mark to a device.


Searching Devices


While we are at filtering the device list: you can also filter the device list ad-hoc using a search term in the device list

Remove

If you have physically removed a device from your installation, Devices will screenshot.png show it as missing. In this case, you can also remove it from the Devices database.

(Further Hints) Be sure though that the device is obsolete really. In many cases, when the device does not connect to Devices, there is some network issue that keeps the device from connecting. In a clean installation, no devices should be marked disconnected.

Adding a Gateway

When we look at the screenshot.png list of devices present in the system, we see some which were added by the Install (the PBX and AP) and some that were added by the admin (the phones when they were provisioned). Let us see now how extra gateway devices are added to the system.

The process of provisioning a gateway is quite similar to provisioning a phone. So you would
  • select a provisioning category for the new device
  • create a provisioning code
  • enter the code to the device
As opposed to the phones however, you first need to access the devices web user interface, as it does not have keys or something similar that would allow you to type in the code.

In that respect, the provisioning process resembles the Install we have used to set up the first device (the PBX). So the process here is
We can try this out by adding our IP811 to the system. If you like, you can do the factory reset and IP address determination, but you don't have to. moodle was nice enough to set up your IP811 so it is in factory reset state. Also, when we start the Install, we want to make sure that it is started in English so that it matches the screen shots in this book. So here is the link to start the Install:

Start Install on IP811
In a real-life scenario, you would just type in the device's IP address of course.

The web page you will see is the same as when you ran the Install for the PBX. However, as you do not want to create a new system, you screenshot.png select the Add the device to an installation mode.

The next page will look familiar to you too. Here you need to define the basic IP settings. As you probably will remember, all values you need here are already correct, so you just screenshot.png dont change anything:
  • IP address is left empty as the device will receive its IP address with DHCP
  • Second DNS server and Second NTP server are left empty as there are no backup servers in the training installation
  • the firmware version (Select the version to update to) is left empty as moodle already has updated the IP811 to the correct version
The only thing you need to take care of is actually the thing that differs to the initial PBX Install: the field Provisioning code. We screenshot.png obtain the provisioning code from Devices by
  • switching to the Devices tab
  • clicking + Provision a gateway
  • selecting an appropriate provisioning category
  • and defining a pretty name for the new device (which will be shown in the list of devices later on)
Devices will screenshot.png create the provisioning code and we can cut & screenshot.png paste it to the Install that runs on our IP811.

The device will then reboot with the update network settings (well, potentially updated network settings, as discussed, we don't have to change anything here in the training).

When we click on Next then, the Install will show Waiting for provisioning for a short while and then screenshot.png we are done!

When we switch back to Devices, we see that our screenshot.png IP811 has been added to the list of devices.

Domain related Functions

When screenshot.png you are in the Domains tab and a particular domain is selected, a number of functions on that device are available in the right pane.

Edit

The screenshot.png Edit tab seems to have a pretty obvious function: you can rename the domain and set its password.

However, it will probably be a rare occasion that you change the name of the domain. The Install has asked you for the PBX's Domain name during initial setup. This name (<first-select-network&gt in your case) was then used in a lot of places and the domain name here in the Devices app is one of them. If you rename it here, it will in fact only rename it here. You can do this and it won't do any harm, but it might be confusing to you later on - as the name now differs from the various other places where the initial domain name was used.

You can also change the password for the domain. This password is interesting if you run a multi-tennant system (e.g. a hosted PBX solution). As we mentioned before, you would create a separate domain for each of your customers. The domain password would then be used by your customer to log in to your Devices so that he has access to his own domain only.

However, in a single customer installation (and also in this training), you wont need it.

Using your own Provisioning Server


In a previous topic (Managing Users), we used so-called provisioning codes to provision devices. Such codes are provided by a service which is run by innovaphone (http://config.innovaphone.com) and is thus not available if your installation has no internet access.

It is possible to run your own instance of this service. In this case, you would configure the URL to your instance in the URL to generate provisioning codes field. However, we will not cover this option in this course, so you should never configure it during the training.

Deploy the domain password on all devices

Apart from being used as described above, the domain password is also used as the administrator password for the individual device user interfaces (that is, when you access the device directly with the browser, we will talk about this later in more detail). When the Deploy the domain password on all devices check-mark is set, Devices will change this password. In real-life, this is a very good idea indeed (as a device with a non-secure device password is a security breach).

(Further Hints) However, in the training, it would be a problem if a student looses for whatever reason access to myApps and the trainer needs to fix it through the web UI. So never set this check mark in the training (Further Hints)

Access Rights

In this tab, you can screenshot.png specify a list of domains that should also have access to the current domain. This is of course again useful in a multi-tennant system only. This way, you can specify a domain whoose administrator also can manage some other domains. This might happen in a hosted-PBX scenario where a reseller manages some but not all of the PBXs in the hosting system.

In this training, we will not use it.

Software Rental

This will be covered in a separate topic (most likely wink )

Update

This tab allow you to update the firmware and apps on your system.

Defining the Versions to be used



To run firmware and software updates you first need to define which version shall be used. This is done in the screenshot.png Update settings dialogue.

The screenshot.png dialogue might look a bit scary first, but its not that difficult. Let's see what it has:
  • first there are 2 URLs
    They are used to fetch the most up-do-date firmware (firmware.json) and app (apps.json) definitions. These are plain files and by default, they are fetched from a site hosted by innovaphone (store.innovaphone.com/release/download)
  • The existing definitions (you do not have them so far) and
  • The new definitions found in the above mentioned files
When you think you are ready to update to these new versions, screenshot.png tick the Apply available versions check-mark and click on Apply.

After that, the dialogue changes, as there are now screenshot.png no newer versions available.

Go ahead and set your Update settings so that you can update devices to the latest-greatest.

Applying new Firmware and Software

So far, no firmware or Apps update happened. To apply the versions you selected in the previous step, you need to screenshot.png create an update job.

You screenshot.png can define:
  • The Date and Time when the update shall begin
  • The Major version for the update
    Only devices which already run this major version are affected by the update (but see below)
  • an optional Category name. If you select a category here, only devices in this category will be affected
All devices which are currently connected to Devices (and match the criteria) will be updated at the selected date and time. When a device connects to Devices later on (for example because it has been added to the installation or it is simply turned on), the firmware it runs will be checked an an update will be initiated if it does not match.

In fact, Devices does not do the update itself. Instead, it tells the device to do so. Therefore, the device must have access to the server that has been set for the URLs in the Update settings before. Also, not all the devices will receive this request at the same time. Devices will initiate an update on 20 devices at the same time. Further devices will receive it once another device has completed the update.

Now you can create an update job that updates all of your devices to the latest-greatest version. Of course, this won't change anything really as moodle has already updated all of your devices to the proper firmware. But at least, you now know how to do it in real life wink

Special Updates

Devices can also update the boot code at the same time when the Update bootcode check-mark is ticked.

Also, Devices can upgrade devices to the latest major version by ticking the Major firmware upgrade check-mark.

Updating an Update Job

To update to a newer firmware and Apps version as before, you can simply create a new update job. When there are multiple update jobs defined for a particular device category, Devices will only apply the newest one. This allows you to keep the history of older update jobs.

Keep in mind that before you create the new job, you must update your Update settings as described above (otherwise, the new job will behave like the old one).

To create a new job with the same settings as an existing one (except for the versions used), you can clone the current one by clicking on the screenshot.png little + sign.

However, if you always create new update jobs, over time many obsolete jobs will populate your Update view and this may become confusing. For this reason, when you are cloning a job, the option screenshot.png Delete old update job is available and checked by default. Of course, you can also delete the old ones eventually.

Finally, you can also simply edit an existing job. However, the edited job will retain its existing history and the firmware to be deployed will not be changed (even if you have changed your Update settings before). Therefore, to deploy new firmware, you must create a new job (or clone an old one).

Private Firmware and Apps Sources

As discussed before, the version definitions are fetched from a site hosted by innovaphone, store.innovaphone.com. This of course means that you can not control their contents. As shown, you can select when to upgrade to the latest-greatest version. But you can not select which one this shall be.

However, an administrator can choose to provide his own version of these files and host them on a local web server. The following files must be available via HTTP and HTTPS (assuming your local web server is reachable as mystore.mydomain.tld)

  • mystore.mydomain.tld/apps.json - definitions for the Apps versions
  • mystore.mydomain.tld/firmware.json - definitions for the firmware versions
  • a directory whose name is the version to be used (e.g. mystore.mydomain.tld/131987 if version 131987 is to be used)
  • all the required firmware files in this directory (e.g. mystore.mydomain.tld/131987/ip232.bin for the IP232)
  • a directory called arm in this directory with sub-directories for each App service and the required files therein (e.g. mystore.mydomain.tld/131987/arm/devices) if you run your application platform on a gateway device and/or
  • a directory called x86_64 in this directory with sub-directories for each App service and the required files therein (e.g. mystore.mydomain.tld/131987/arm/devices) if you run your application platform on a virtual machine

In other words, if you want to provide your own definitions, you also have to provide the binaries.

For the mindful among us: moodle is using this trick and provides its own server on http://class.innovaphone.com/moodle2/webbuild/release/download/ so it can control the versions used regardless of the official releases. To make it even more feel like in real-life (where the default server is store.innovaphone.com), it also has configured an overriding DNS entry for store.innovaphone.com in your IP411RIGHT.

Let us try to change the file source. video2.png Modify your update settings so that they point to http://class.innovaphone.com/moodle2/webbuild/release/download/firmware.json and http://class.innovaphone.com/moodle2/webbuild/release/download/apps.json. Note that Devices took care to create an appropriate new description also (class.innovaphone.com 7.1.2019 in the video).

Of course, this doesn't change anything really because http://class.innovaphone.com/moodle2/webbuild is simply an alias for http://store.innovaphone.com in the training (as explained above).

Backup

Devices can do regular backups for all of your devices. This is done in the screenshot.png Backup tab.

  • will create device backups on a regular basis
  • optionally limited to a device category
  • which will be sent to an external WebDAV server (more precisely, to a web server which allows the HTTP PUT verb)
  • multiple backups for the same device can be kept
It is recommended to save the backups to a WebDAV server that is not part of the PBX system itself. However, if such a web server is not available, the Files App on the application platform can be used.

For each backup job you created, you will see screenshot.png its state, when you click on the screenshot.png little caret (^) on the right of its entry in the list of backups.

Using the Files App for backup


Although it is safer to backup a system outside of the system, an internal backup is better than none wink

Therefore, the Files App allows you to store backups. This work flow is quite simple:
  • you start the Files App
  • you create a folder
  • you share it
  • for the share, you specify a user and a password
  • you look up the new folder's URL
  • and you use this (along with the user and password) in your backup job

First video2.png add the Files App to your home screen and open it. Here is video2.png how create a folder for your backups in Files:
  • in the Files App, click on New Folder and create a folder called backups
  • tick the little check-mark on the upper right. All items in your current folder are now ticked. Make sure that only your new folder is ticked (which is easy, as you probably only have one wink)
  • click on the 3 dots on the upper right and select Share
  • enter backups as User and pwd as Password ((Further Hints) please, in real life, choose a better password!)
  • click on Share, the folder is now available via HTTP/WebDAV using the credentials you have set
  • to learn the URL used to access the folder, click on the 3 dots on the upper right again and select Info
  • take note of the URL shown. It should be https://apps.<first-select-network&gt/<first-select-network&gt/files/root/backups
You might have observed that the User and Password fields are marked as optional. If you leave both empty, the files will not be available via HTTP/WebDAV easily. Instead, they are available to other Apps (for example the Waiting Queue where Files is used to store media files - we'll get back to this later).

You can close the Files App now.

Then create the screenshot.png appropriate backup job:
  • go back to the Devices App
  • add a new backup job which does a backup for all your devices on each day
  • set the time-of-day so that it will be done in 2 minutes from now
  • set the Webserver URL to https://apps.<first-select-network&gt/<first-select-network&gt/files/root/backups
  • set the Webserver username to backups
  • set the Webserver password to pwd
  • no Category name restriction
When the time has come, you will see screenshot.png a number of backups appearing in the backup folder in the Files App.


Restore

Restoring a system is not that trivial. If you run in to a situation where you need to do a partial or complete restore, contact mail.bmp presales@innovaphone.com for advice.




Delete

You can of course delete a domain.

However, this will also delete all domain related information (such as categories and devices), so it is rarely a good idea to delete a domain.

Device Configuration

Devices can deploy configurations to all the devices which belong to an installation. Various aspects of device configuration can be controlled and different settings can be deployed based on device categories.

A defined configuration will be pushed to the device when
  • it is added to the domain
  • a category is assigned to it
  • a configuration job relevant to it is modified

Creating a new device configuration

To create a device configuration, you select the domain and the Device configuration tab and screenshot.png click on the + Define device configuration button. You then can screenshot.png select the type of configuration you want to add.

The specifics of the available types of configuration jobs are described in the next sub chapters. However, all types share the following properties:
  • Description: a free text with no relevance other than reminding you of what the job is intended to do
  • Categories: a list of provisioning categories (as defined in the Categories tab of Devices - see Device related Functions/Categories above - and assigned to individual devices in the Devices tab). Configuration jobs are only executed for devices which have at least one of the listed categories assigned. If you are sure that the setings shall be deployed to all devices in your installation, tick the Apply to all devices check-mark
Some types have optional properties. They are screenshot.png deployed only when checked. Otherwise, possibly existing current settings for these properties on the device are not modified.

Alarm server

innovaphone devices can send messages reflecting possible issues (so-called events and alarms) to a central service. The administrator then has the possibility to browse through the messages generated by all these devices in a single place.

In addition to that, log messages reflecting normal operation can be sent to a central service which helps administrators to understand what is going on.

The Alarm server type of device configuration lets you screenshot.png configure the URLs of those two services. The URL for the log messages server is optional.

How to configure


(Further Hints) Install has created a useful device configuration of this type. So let us screenshot.png look at screenshot.png what it has created.
  • in most installations, all devices should sent these messages to the same service. For this reason, Install has set the Description to Global (indicating that this configuration applies to all devices)
  • it also added categories hq App Platform, hq Gateway and hq IP phone. These categories cover all possible devices, as any device is either an App Platform (IP411LEFT), a gateway (IP411LEFT, IP811) or an IP phone (IP111, IP112, IP222, IP232).
    Note that analogue phones are not a device that can be configured. Instead, an FXS interface on a gateway is configured, so the hq Gateway category will apply
  • the Alarm server URL is configured and points to https://apps.<first-select-network&gt/<first-select-network&gt/events/innovaphone-alarms.
    As you might recall, this URL points to the App Platform on your IP411LEFT. This is because one of the Apps installed is the Events App, which provides the service to collect alarm and event messages and it often makes sense to use it
  • also,the Logging URL is configured. As this property is optional, the corresponding check-mark is ticked. The URL is https://apps.<first-select-network&gt/<first-select-network&gt/events/innovaphone-logging. This is a different service provided by the Events App intended to collect log messages

Media

innovaphone devices which can terminate voice (a.k.a. media) have a number of settings which influence the way media-data is sent or received.

The Media type of device configuration lets you screenshot.png configure these settings.

How to configure


(Further Hints) Install has created a useful device configuration of this type. So let us screenshot.png look at screenshot.png what it has created.
  • in most installations, all devices should use the same media configuration. For this reason, Install has set the Description to Global (indicating that this configuration applies to all devices)
  • it also added categories hq Gateway and hq IP phone. These categories cover all devices which can handle media. An App platform does not handle VoIP media and therefore, hq App Platform is not in the list of categories
  • the STUN server is set to stun.innovaphone.com.
    This is a public STUN server operated by innovaphone. If the customer runs his own STUN server, or if the customer's SIP- or Internet-provider has one, it is better to use these. However, if they don't or if you don't know, the setting created by the Install will do
  • in contrast, the TURN server is set to hq.<first-select-network&gt. As you will recall, this points to your own PBX.
    The thing you need to understand here is that a TURN server is consuming a substantial amount of both CPU and network traffic resources. It is therefore not an option to use a service operated by innovaphone. Instead, it would be best to use a TURN server that is provided by the customer's SIP-provider or by the customer itself. However, such services rarely exist nowadays. Therefore, the Install has enabled your own TURN server on your PBX and has set the TURN server to this PBX.
    Both the TURN username and the TURN password must match the settings in the TURN server that is used. The Install, when it enabled the TURN server on the PBX, used turn as username and turn.<first-select-network&gt as password
  • the remaining fields are left empty so that the firmware defaults are used. These should work well in most installations.
    You may want to ask your network administrator though, if layer 3 fish-help.png Quality of service is used in your installation. If so, make sure that the values for TOS priority - RTP data and TOS priority - signaling match with the settings used in your networking gear

     

Phone

VoIP phones (such as your IP111/112/222/232) need a number of settings to be able to register with your PBX.

The Phone type of device configuration lets you screenshot.png configure these settings.

How to configure


(Further Hints) Install has created a useful device configuration of this type. So let us screenshot.png look at screenshot.png what it has created.
  • the settings needed to register with a PBX obviously depend on the PBX to register with. For different domains, you will have different PBXs. For this reason, Install has set the Description to <first-select-network&gt (indicating that this configuration applies to all devices).
    In larger installations, you may have more than one PBX. In this case, phones will need to register with one of those. So, strictly speaking, the settings depend less on the domain, but on the PBX used for registration. Therefore, you could arguably say that hq.<first-select-network&gt would have been an even better choice. However, in this course (and in many installations), there is only one PBX and so it doesn't matter
  • these settings are intended for IP phones only. Therefore, only hq IP Phone is set as category
  • the Primary gatekeeper is set to the value you noted in your setup.xls as DNS name of this PBX: hq.<first-select-network&gt.
    You may think that you could also use your PBX's IP address here. This would indeed work - as long as you do not want to register with your PBX from remote locations (such as home offices or mobile devices on the Internet). So it is better to use the DNS name, if you have one
  • the Secondary gatekeeper would be the DNS name (or IP address) of a hot standby device for the PBX. However, the Install does not support this configuration and we do not cover it in this course, so it is left empty here
  • the Gatekeeper ID is set to the value you noted in your setup.xls as Domain name: <first-select-network&gt
  • the Dial tone is the tone users hear when they go off-hook on a phone before they dial the digits and is country specific. Users expect a different dial tone in a PBX compared to the public networks. In most countries, EUROPE-PBX is a good choice for this. For some countries however, there are country specific options (such as for example ITALY-PBX and ITALY-PUBLIC). The Install sets that to EUROPE-PBX but there are situations where you need to change this to accommodate user expectations.
    So here are your choices:
    • AUSTRALIA
    • AUSTRIA
    • BELGIUM
    • BRAZIL
    • CZECH-PBX
    • CZECH-PUBLIC
    • DENMARK
    • EUROPE-PBX
    • EUROPE-PUBLIC
    • FINLAND
    • FRANCE
    • GERMANY
    • IRELAND
    • ITALY-PBX
    • ITALY-PUBLIC
    • MALAYSIA
    • NETHERLANDS
    • NEWZEALAND
    • NORWAY
    • RUSSIA
    • SOUTH AFRICA
    • SPAIN
    • SWEDEN
    • SWISS
    • TURKEY
    • UK
    • US
  • the Preferred coder defines the voice compression method (a.k.a. as codec) which should be used in your installation whenever possible. You don't need to know much about about codecs, simply keep in mind that OPUS-WB is best. This is why the Install has configured it this way.
    In some cases, where you must make sure to save on bandwidth, you may consider using OPUS-NB. All other options are rarely used if you encounter interoperability issues with 3rd party devices
  • the same goes true for Framesize [ms] (20), Exclusive (not ticked), SRTP key exchange (SDES-DTLS) and SRTP cipher (AES128/32). These should be set differently only in very special circumstances when you know what you are doing (or the innovaphone support has advised doing so)
  • the Recording URL is used only if you intend to do voice recording (e.g. in a call center) and is not covered in this course. It would contain the URL of the recording service (which probably would be the Recording App, not installed by Install). Also, as you would normally only select some devices for which recording should be enabled, this property is optional and the Install has not ticked its check-mark
  • there are also some Advanced settings and they are by default hidden with good reason. None of them are ticked in the device config created by Install:
    • Silence compression, Audio only and No DTMF detection should be ticked only if you know what you are doing (or the innovaphone support has advised doing so)
    • No transfer on hangup disables the automatic transfer of the two remote parties if you have 2 calls on a phone (one connected and one on hold)
    • Protect configuration at phone stops users from modifying the phone configuration directly on the phone
    • Hide complete configuration additionally does not even display the phone configuration on the phone
    • Hide administration configuration at phone only shows user preference related configurations options on the phone, no administration settings
      For more information on configuration hiding, you may want to have a look at fish-help.png Concept Fine grained function hiding. However, this is neither used nor discussed further in this course

TLS profile

VoIP systems usually work with full encryption of voice streams and other data. TLS is one of the protocols used for this.

The TLS profile type of device configuration lets you screenshot.png configure these settings.

How to configure

The short answer is: you don't!

In some more detail: modifying the TLS profile is rarely a good idea. There is a huge number of settings for TLS and modifying is for experts only. innovaphone has therefore created 3 profiles which implement different Security levels: Normal, Fast and Highest Security.

Of course, higher security seems to be a good thing. However, as often in life, better things are not for free. In this case, when selecting highest security, you will impose much higher CPU load on all the devices. Especially on a PBX or on a media-gateway, this will significantly reduce performance so that you can only accommodate much less users with a certain type of device.

On the other side, when you run your system with with a lot of users (and perhaps already out of spec as far as user numbers are concerned), you may benefit from the fact that fast security settings result in a notable reduction of CPU usage. For sure though, fast in this case also means less secure.

We recommend to use normal settings always unless you really know what you do (see fish-help.png IP4/General/TLS for some more detail). This is also the default and therefore, the Install has not configured a device configuration of type TLS profile at all.

In any case, if you intend to work with a non-standard profile, you should use those on all devices uniformly. To make sure this happens, you must add categories so that all devices are covered (you can have a look at the Media device configuration created by the Install to see how that works).

Analogue phone/fax

Analogue phones do not register themselves with the PBX. Instead, the FXS interfaces used to attach the phone do so. So they need a number of settings to be able to register with your PBX, very similar to the Phone settings we discussed before.

So the Analogue phone/fax type of device configuration lets you screenshot.png configure these settings.

How to configure


(Further Hints) Install has created a useful device configuration of this type. So let us screenshot.png look at screenshot.png what it has created.

Watch out! Install has created two configuration settings of this type: <first-select-network&gt Analog Phone and <first-select-network&gt Fax Device. Make sure you open the first one.
  • the Description has been set to <first-select-network&gt Analog Phone for the reason explained earlier for the Phone type of settings
  • the categories used must make sure that only FXS interfaces used for an analogue phone are configured. Therefore, the Install has created a category hq Analog Phone and added only this to the Categories
  • Primary gatekeeper, Secondary gatekeeper, Gatekeeper ID, Dial tone, Preferred coder, Framesize [ms], Exclusive, SRTP key exchange, SRTP cipher and Recording URL are the same as for the Phone configuration
  • the Fax device check-mark is unique to the Analogue phone/fax type of device configuration. It must be ticked for any fax device for it to work properly. If turned on, a special Fax transmission protocol (T.38) is enabled and the feature codes are turned of (as a fax device won't use them anyway and also this disables call waiting on a fax line which would disturb an active fax transmission). It must be un-checked for an analogue phone
  • there are only a few Advanced settings: Silence compression and No DTMF detection and they are the same as for the Phone configuration
Fax Devices
Fax devices are pretty much similar to analogue phones, but there are differences. To accommodate these differences, the Install has created a second device configuration of the same type called <first-select-network&gt Fax Device. The only differences are
  • the category used is hq Fax Device
  • the Preferred coder is G711 (as only G711 can transport fax information when T.38 is not available one of the two ends of the fax transmission)
  • the Fax device check-mark is ticked
     
Personal tools