Courseware:IT Advanced - 02 PBX - initial Configuration
		
		
		
		Jump to navigation
		Jump to search
		
This book explains the initial configuration of a PBX.
PBX and Application Platform
In the IT Connect training we have seen how to install, configure and maintain the system using the tools and interfaces provided by the Install and all the Apps available in myApps (which are implemented either as part of the PBX firmware or on the Application Platform). 
In this book however, we will look at the details of the PBX and gateway components more deeply. Therefore, we will setup the system using the advanced user interface of the components (as available in the Devices App or directly through the web server built-in to each device).
Some of this stuff will sound familiar to you because you have worked through the The individual Device User Interface book during your IT Connect training. So this will be a recap partly but we will also go in to some more detail.
Access to the advanced UI
As said before, we will proceed with installing an entire system without using the Install facility. When we access the device however (for example using http://172.31.31.2/), the Install will be shown. So we need a way to bypass it. You of course still remember from the IT Connect training how to do that: you add the path admin.xml?xsl=admin.xsl to the URL so that you end up with http://172.31.31.2/admin.xml?xsl=admin.xsl. The default administration user is called admin and the password is ip411.
 In real life, the first thing you would do is to generate a strong and secure password (you may want to try one of the many online secure password generators,
 In real life, the first thing you would do is to generate a strong and secure password (you may want to try one of the many online secure password generators,  
  Note that passwords in the innovaphone system must not be longer than 15 characters.
 Note that passwords in the innovaphone system must not be longer than 15 characters.Installing the PBX
To begin with, we will setup a fresh PBX system using the advanced user interface (that is, we will not use the Install as we have done in the IT Connect training). This gives us the chance to have a decent look at all the details which need to be configured and understand what the Install is doing for us. Also, we will discuss various features which are not available by merely using the Install and the Settings App  user interface available in myApps. 
The PBX software is integral part of the  gateways firmware. So there is no need to "install" it, as it is already there. However, in order to use it, it must be licensed and configured properly. In this course, we will not go through licensing in much detail. See
 gateways firmware. So there is no need to "install" it, as it is already there. However, in order to use it, it must be licensed and configured properly. In this course, we will not go through licensing in much detail. See  
 www.innovaphone.com: en/services/licenses.html  for all the details.
 gateways firmware. So there is no need to "install" it, as it is already there. However, in order to use it, it must be licensed and configured properly. In this course, we will not go through licensing in much detail. See
 gateways firmware. So there is no need to "install" it, as it is already there. However, in order to use it, it must be licensed and configured properly. In this course, we will not go through licensing in much detail. See  
 While working through this book, we will configure a PBX scenario step-by-step.
 To begin with - if you have not yet done so - load the start configurations on to the devices now by clicking on
 To begin with - if you have not yet done so - load the start configurations on to the devices now by clicking on Uploading and refresh of the involved devices may take up to 5 minutes - so please stay patient. Your devices page should look something like this then:
The PBX will be configured on the IP411LEFT  during the course. 
Licensing
Without a proper license installed, the PBX will not work. It will show up and allow configuration but phones will not be able to register.
In this course however, we will work without licenses, using the so-called test mode. This mode can be turned
 on and
 on and  off for any device that needs licenses in
 off for any device that needs licenses in  reset is required.
 reset is required.In real life however, you will use real licenses of course. There are several options to install licenses:
- You can download a license file from   my.innovaphone.com and upload it to the device in the upload it to the device in theGeneral / License tab of the user interface
- If you have configured the box in your   my.innovaphone.com , you can have your box download your licenses directly. This of course requires your box to have access to the public internet and you need to enter your my.innovaphone.com credentials into the device. have your box download your licenses directly. This of course requires your box to have access to the public internet and you need to enter your my.innovaphone.com credentials into the device.
- If you have configured the box in your   my.innovaphone.com , you can rent licenses. In this case, licenses are made available on your system subject to payment of a rental fee. See  Concept Software Rental and Options of Acquiring & Operating innovaphone Software Licenses for details Options of Acquiring & Operating innovaphone Software Licenses for details
Working with my.innovaphone is beyond the scope of this book. There is a decent tutorial available at  
 www.innovaphone.com: myTutorial  as well as a  wiki article. For details on the available licenses, see the
 wiki article. For details on the available licenses, see the  the latest innovaphone Licensing Guidelines.
 the latest innovaphone Licensing Guidelines.
 
  wiki article. For details on the available licenses, see the
 wiki article. For details on the available licenses, see the  the latest innovaphone Licensing Guidelines.
 the latest innovaphone Licensing Guidelines.PBX Modes
A PBX can run in one of the following modes: 
Master
In a simple case, a PBX is running on a  single gateway device. VoIP devices involved register to this PBX. This single PBX is known as the master.
 single gateway device. VoIP devices involved register to this PBX. This single PBX is known as the master.
 single gateway device. VoIP devices involved register to this PBX. This single PBX is known as the master.
 single gateway device. VoIP devices involved register to this PBX. This single PBX is known as the master. To setup a PBX as master, you need to
 To setup a PBX as master, you need to  set the PBX Mode property in the
 set the PBX Mode property in the Standby
To ensure maximum availability, a PBX can have a duplicate, known as standby. This is a gateway device that can take over the role of the master should it fail for whatever reason. In normal operation, a standby PBX does not accept any registrations and does nothing except monitoring the PBX it is a standby for. This is done by  registering to the active PBX.
 registering to the active PBX.
 registering to the active PBX.
 registering to the active PBX.When the active PBX fails, the standby will consider the PBX lost. In this case, the standby takes over. It will start to accept registrations and thus  become the active PBX. It will go back to standby mode as soon as the master is available again.
 become the active PBX. It will go back to standby mode as soon as the master is available again.
 become the active PBX. It will go back to standby mode as soon as the master is available again.
 become the active PBX. It will go back to standby mode as soon as the master is available again.A standby doesn't need to be a physical duplicate of the master PBX. The only requirement is that the standby can handle as much registrations and object definitions as the failing master had, so it is able to take over. In other words, an IP811 may well stand in for an IP411.
Slave
There may be several reasons to use multiple PBXs in a customer installation: 
- load balancing
- enhanced availability for remote locations
- scaling
In this case, individual PBXs are setup in a  tree-like structure with one being the master. All others are known as slave and register with the master (well, in fact, you can also create multi-level PBX trees but this is a rare case). Although the PBXs form a tree, the extensions registered to those PBXs do not. In other words, any extension can be registered to any of the PBXs.
 tree-like structure with one being the master. All others are known as slave and register with the master (well, in fact, you can also create multi-level PBX trees but this is a rare case). Although the PBXs form a tree, the extensions registered to those PBXs do not. In other words, any extension can be registered to any of the PBXs.
 tree-like structure with one being the master. All others are known as slave and register with the master (well, in fact, you can also create multi-level PBX trees but this is a rare case). Although the PBXs form a tree, the extensions registered to those PBXs do not. In other words, any extension can be registered to any of the PBXs.
 tree-like structure with one being the master. All others are known as slave and register with the master (well, in fact, you can also create multi-level PBX trees but this is a rare case). Although the PBXs form a tree, the extensions registered to those PBXs do not. In other words, any extension can be registered to any of the PBXs.Standby/Slave
A PBX in Standby/Slave mode is a standby to a Slave mode PBX.
 As a matter of fact any PBX system always has a master PBX. If there are no slaves, the setup is known as single master scenario. If there are slaves, the setup is known as master/slave scenario. In both scenarios, standby PBXs can be added to all or some of the PBXs.
 As a matter of fact any PBX system always has a master PBX. If there are no slaves, the setup is known as single master scenario. If there are slaves, the setup is known as master/slave scenario. In both scenarios, standby PBXs can be added to all or some of the PBXs. In this book, we will discuss single master scenarios only. Master/slave scenarios are discussed in-depth in a later course. 
Some of the PBX configuration properties must be shared by all PBX instances (master, standbys and slaves). They are configured (among others) in the PBX / Config / General  tab and need to be consistent through all PBXs in a system.
 In any case, you must set it so that it could be a DNS name. As a simple rule of thumb, only use A-Z, a-z, 0-9 as wells as . (dot) and - (hyphen). The System Name must not start with a . (dot) however. Note that identifiers such as System Name are case-sensitive in many places. Therefore, while you can use upper and lower case letters, you must make sure that you use the same spelling everywhere (or use lower case letters only in the first place, which is what we recommend)
 In any case, you must set it so that it could be a DNS name. As a simple rule of thumb, only use A-Z, a-z, 0-9 as wells as . (dot) and - (hyphen). The System Name must not start with a . (dot) however. Note that identifiers such as System Name are case-sensitive in many places. Therefore, while you can use upper and lower case letters, you must make sure that you use the same spelling everywhere (or use lower case letters only in the first place, which is what we recommend)
 So go ahead and configure
 So go ahead and configure dvl-ckl2.net  as System Name in PBX / Config / General  and also tick the Use as domain check-mark now.
 Of course you could reset the device and refresh the page when the gateway is back in service. But here is a little trick to deal with the Reset required message a bit quicker: you can also
 Of course you could reset the device and refresh the page when the gateway is back in service. But here is a little trick to deal with the Reset required message a bit quicker: you can also  turn the PBX off and on again. In this case, the new settings get effective and no reset is required
 turn the PBX off and on again. In this case, the new settings get effective and no reset is required  Unfortunately, this only works for the settings found in
 Unfortunately, this only works for the settings found in PBX / Config / General . 
 So do the little trick now to activate your changes without a reset.
 So do the little trick now to activate your changes without a reset.
 set the No of Regs w/o Pwd. to
 set the No of Regs w/o Pwd. to 0 
 In this course, our policy is to allow external call transfers. So tick the Enable External Transfer check-mark.
 In this course, our policy is to allow external call transfers. So tick the Enable External Transfer check-mark.
 This check-mark is also ticked by the Install as most users will consider it a bug if this doesn't work. So be sure you turn it off when your customer's system policy differs.
 This check-mark is also ticked by the Install as most users will consider it a bug if this doesn't work. So be sure you turn it off when your customer's system policy differs.
 As we will in this course use a (simulated
 As we will in this course use a (simulated  ) trunk line in Mannheim, Germany, the values shall be
) trunk line in Mannheim, Germany, the values shall be 000 00 0  for Subscriber.
 With our simulated SIP trunk we're using in this course, the country code has to be set to '
 With our simulated SIP trunk we're using in this course, the country code has to be set to '49 ' and the area code to '621 ' .
System Name
Identifies the PBX instances that belong to the same PBX installation. In almost all situations, you will  use the customers domain name here (e.g. dvl-ckl2.net). Therefore, you will also set the Use as domain check-mark.
 use the customers domain name here (e.g. dvl-ckl2.net). Therefore, you will also set the Use as domain check-mark. 
 use the customers domain name here (e.g. dvl-ckl2.net). Therefore, you will also set the Use as domain check-mark.
 use the customers domain name here (e.g. dvl-ckl2.net). Therefore, you will also set the Use as domain check-mark. Strictly speaking, you do not need to set the Use as domain check-mark. You could as well configure all users (more precisely: all callable objects) with their full domain name (like john.doe@dvl-ckl2.net). This would allow you to have users from multiple domains in a single PBX. However, in real life, you don't do that. 
In H.323, the System Name is used as the gatekeeper id. This information might be useful to you when you configure VoIP endpoints. Also, this gatekeeper id is used to route VoIP connections through innovaphone's Reverse Proxy (which will be discussed later in this course). 
 In any case, you must set it so that it could be a DNS name. As a simple rule of thumb, only use A-Z, a-z, 0-9 as wells as . (dot) and - (hyphen). The System Name must not start with a . (dot) however. Note that identifiers such as System Name are case-sensitive in many places. Therefore, while you can use upper and lower case letters, you must make sure that you use the same spelling everywhere (or use lower case letters only in the first place, which is what we recommend)
 In any case, you must set it so that it could be a DNS name. As a simple rule of thumb, only use A-Z, a-z, 0-9 as wells as . (dot) and - (hyphen). The System Name must not start with a . (dot) however. Note that identifiers such as System Name are case-sensitive in many places. Therefore, while you can use upper and lower case letters, you must make sure that you use the same spelling everywhere (or use lower case letters only in the first place, which is what we recommend) So go ahead and configure
 So go ahead and configure Don't forget to confirm your entry with OK at the bottom of the window. Upon confirmation, you will see a red Reset required link appearing below the window. This happens when changing any settings which influence the system behavior. 
 Of course you could reset the device and refresh the page when the gateway is back in service. But here is a little trick to deal with the Reset required message a bit quicker: you can also
 Of course you could reset the device and refresh the page when the gateway is back in service. But here is a little trick to deal with the Reset required message a bit quicker: you can also  turn the PBX off and on again. In this case, the new settings get effective and no reset is required
 turn the PBX off and on again. In this case, the new settings get effective and no reset is required  Unfortunately, this only works for the settings found in
 Unfortunately, this only works for the settings found in  So do the little trick now to activate your changes without a reset.
 So do the little trick now to activate your changes without a reset.PBX Password
PBX instances share a number of encrypted data, most notably user passwords. Such data is communicated in encrypted form between PBXs, so they all need to share an encryption secret (password), known as the PBX password.
The PBX password is used to encrypt PBX user passwords and also to authenticate a standby to the PBX it stands in for. So it needs to be set to the same value on all the PBXs in a system obviously. The Install would generate a random and strong password and you should do the same in real life. However, in this course it is more convenient to use a simple password so your trainer can help you easily in case of wrong configuration
Unknown Registrations
Turning on  the Unknown Registrations check-mark enables a special PBX mode known as Zero Administration Deployment (ZAD). This was a common method to register phones to the PBX in previous versions of the PBX. We do not recommend to use this anymore.
 the Unknown Registrations check-mark enables a special PBX mode known as Zero Administration Deployment (ZAD). This was a common method to register phones to the PBX in previous versions of the PBX. We do not recommend to use this anymore.
 the Unknown Registrations check-mark enables a special PBX mode known as Zero Administration Deployment (ZAD). This was a common method to register phones to the PBX in previous versions of the PBX. We do not recommend to use this anymore.
 the Unknown Registrations check-mark enables a special PBX mode known as Zero Administration Deployment (ZAD). This was a common method to register phones to the PBX in previous versions of the PBX. We do not recommend to use this anymore.No of Regs w/o Pwd.
The  No of Regs w/o Pwd. setting allows registrations to the PBX even without valid credentials. This is a legacy feature and seen as a security risk nowadays, so make a habit to always
 No of Regs w/o Pwd. setting allows registrations to the PBX even without valid credentials. This is a legacy feature and seen as a security risk nowadays, so make a habit to always
 No of Regs w/o Pwd. setting allows registrations to the PBX even without valid credentials. This is a legacy feature and seen as a security risk nowadays, so make a habit to always
 No of Regs w/o Pwd. setting allows registrations to the PBX even without valid credentials. This is a legacy feature and seen as a security risk nowadays, so make a habit to always set the No of Regs w/o Pwd. to
 set the No of Regs w/o Pwd. to Enable External Transfer
When users have an external call and create a second external call (a.k.a. consultation call), they might want to transfer both like with internal calls. In some installations however, this is seen as a risk as the transferred call is still charged to the local trunk line but cannot be controlled (more specifically: terminated) anymore. This feature must be turned on explicitly therefore.
To do so, the Enable External Transfer check-mark has to be set. As this is usually a system policy (as opposed to a location- or site-policy), the check-mark should be set the same way in all PBXs.
 Enable External Transfer check-mark has to be set. As this is usually a system policy (as opposed to a location- or site-policy), the check-mark should be set the same way in all PBXs.
 Enable External Transfer check-mark has to be set. As this is usually a system policy (as opposed to a location- or site-policy), the check-mark should be set the same way in all PBXs.
 Enable External Transfer check-mark has to be set. As this is usually a system policy (as opposed to a location- or site-policy), the check-mark should be set the same way in all PBXs. In this course, our policy is to allow external call transfers. So tick the Enable External Transfer check-mark.
 In this course, our policy is to allow external call transfers. So tick the Enable External Transfer check-mark. This check-mark is also ticked by the Install as most users will consider it a bug if this doesn't work. So be sure you turn it off when your customer's system policy differs.
 This check-mark is also ticked by the Install as most users will consider it a bug if this doesn't work. So be sure you turn it off when your customer's system policy differs.Prefix for Intl/Ntl/Subscriber
In certain situations, the PBX needs to map numbers sent as International, National and Subscriber type of number. To do this, it needs to know the  various prefixes of the trunk line used.
 various prefixes of the trunk line used.
 various prefixes of the trunk line used.
 various prefixes of the trunk line used. As we will in this course use a (simulated
 As we will in this course use a (simulated  ) trunk line in Mannheim, Germany, the values shall be
) trunk line in Mannheim, Germany, the values shall be Even in a multi-PBX system, all PBXs must share the same settings for this. You may think but what if I need different settings in different locations? We will see how this can be handled later on, when we discuss multi-node systems.
Country-Code/ Area-Code/Subscriber
The system sometimes needs to perform some number normalization. For this, it needs to know some number properties of the trunk line, namely  area- and country code.
 area- and country code. 
 area- and country code.
 area- and country code.  With our simulated SIP trunk we're using in this course, the country code has to be set to '
 With our simulated SIP trunk we're using in this course, the country code has to be set to 'You can also put the subscriber number into the Subscriber field, or even the maximum length of extensions (Max. length internal number). However, in many cases this will not be necessary, so we leave them alone. Also, the Install won't set them either.
As before with the various prefixes, even in a multi-PBX system, all PBXs must share the same settings for this (except for some rare case where individual PBXs have their own trunk lines).
Instance specific Properties
 Each PBX instance has a number of  properties that may be configured individually in the
 properties that may be configured individually in the PBX / Config / General  tab. Most of them influence the handling of calls that flow through this particular PBX instance.
 properties that may be configured individually in the
 properties that may be configured individually in the Many of the default settings are fine as is. However, some need to be changed. 
PBX Name
One property that needs to be set explicitly is the PBX Name. It must be unique throughout the system, so no slave must share the name of the master (and of course neither the name of another slave). Except however, that a standby to a (master- or slave-) must share the name of the PBX it shall stand-in for of course.
 PBX Name. It must be unique throughout the system, so no slave must share the name of the master (and of course neither the name of another slave). Except however, that a standby to a (master- or slave-) must share the name of the PBX it shall stand-in for of course. 
 PBX Name. It must be unique throughout the system, so no slave must share the name of the master (and of course neither the name of another slave). Except however, that a standby to a (master- or slave-) must share the name of the PBX it shall stand-in for of course.
 PBX Name. It must be unique throughout the system, so no slave must share the name of the master (and of course neither the name of another slave). Except however, that a standby to a (master- or slave-) must share the name of the PBX it shall stand-in for of course. Although you may call a PBX just whatever you want, we recommend the PBX Name should be a short name that identifies the physical location of this PBX. So, master is not a good idea, headquarter probably is!
Also, you should avoid names with country specific letters, spaces etc. Just think of it as something like a DNS name and make sure it consists of characters that are valid in a DNS name too. So it should contain only the ASCII letters 'a' through 'z', 'A' through 'Z', the digits '0' through '9' and the hyphen-minus character ('-'). Again, using lowercase letters only simplifies your life!
 For this course, we use the name
 For this course, we use the name PBX Name/DNS
Enter the  DNS name (FQDN) you created in the DNS server for your PBX in to the DNS field. Strictly speaking, this is not really required as long as you do not intend to allow external access to your PBX. However, more or less each of your customers will eventually ask for this feature. So we strongly recommend to configure it from the very beginning (and it is quite a pain to change the installation later on from IP-only to DNS name driven).
 DNS name (FQDN) you created in the DNS server for your PBX in to the DNS field. Strictly speaking, this is not really required as long as you do not intend to allow external access to your PBX. However, more or less each of your customers will eventually ask for this feature. So we strongly recommend to configure it from the very beginning (and it is quite a pain to change the installation later on from IP-only to DNS name driven).
 DNS name (FQDN) you created in the DNS server for your PBX in to the DNS field. Strictly speaking, this is not really required as long as you do not intend to allow external access to your PBX. However, more or less each of your customers will eventually ask for this feature. So we strongly recommend to configure it from the very beginning (and it is quite a pain to change the installation later on from IP-only to DNS name driven).
 DNS name (FQDN) you created in the DNS server for your PBX in to the DNS field. Strictly speaking, this is not really required as long as you do not intend to allow external access to your PBX. However, more or less each of your customers will eventually ask for this feature. So we strongly recommend to configure it from the very beginning (and it is quite a pain to change the installation later on from IP-only to DNS name driven). As we use hq as PBX Name and dvl-ckl2.net as System Name, the DNS name could be hq.dvl-ckl2.net.
 As we use hq as PBX Name and dvl-ckl2.net as System Name, the DNS name could be hq.dvl-ckl2.net.But my customer has no domain name
If your customer currently has no domain name, we recommend to discuss with the customer if he is sure not to want one in the near future. It might be the right time now to get one. If the customer still is not interested, consider to use appropriate DNS host names of a subdomain of your own domain (e.g. customers.yourdomain.tld, the PBX's DNS name then would be hq-customer1.customers.yourdomain.tld). 
 In this course, we choose a similar approach. As we use hq as PBX Name and all our DNS names reside in the training.innovaphone.com domain, the DNS name has to be
 In this course, we choose a similar approach. As we use hq as PBX Name and all our DNS names reside in the training.innovaphone.com domain, the DNS name has to be  You could of course choose to create individual DNS sub-domains for each customer and use host names in this sub-domain (such as in hq.customer1.customers.yourdomain.tld). While this would work, it would create difficulties with your reverse proxy setup later on. This is because a wildcard certificate for *.customers.yourdomain.tld would not cover your sub-domains (only hosts in the customers domain). So a separate wildcard certificate would be required for each customer.
 You could of course choose to create individual DNS sub-domains for each customer and use host names in this sub-domain (such as in hq.customer1.customers.yourdomain.tld). While this would work, it would create difficulties with your reverse proxy setup later on. This is because a wildcard certificate for *.customers.yourdomain.tld would not cover your sub-domains (only hosts in the customers domain). So a separate wildcard certificate would be required for each customer.IP address for App Platform
DNS names are frequently used throughout the system configuration, especially for URLs pointing towards your Application Platform (AP). Often, the DNS system is not yet properly set up while you are installing the system. To work around this, you may enable what is known as the DNS-less Install mode. In this mode,  references to the DNS name of your AP are replaced by the IP address of your AP on the fly. To enable this mode, configure the DNS name of your AP in IP address for App Platform/DNS and the IP address in IP address for App Platform/IP and turn on the Operation without DNS check-mark.
 references to the DNS name of your AP are replaced by the IP address of your AP on the fly. To enable this mode, configure the DNS name of your AP in IP address for App Platform/DNS and the IP address in IP address for App Platform/IP and turn on the Operation without DNS check-mark.
 references to the DNS name of your AP are replaced by the IP address of your AP on the fly. To enable this mode, configure the DNS name of your AP in IP address for App Platform/DNS and the IP address in IP address for App Platform/IP and turn on the Operation without DNS check-mark.
 references to the DNS name of your AP are replaced by the IP address of your AP on the fly. To enable this mode, configure the DNS name of your AP in IP address for App Platform/DNS and the IP address in IP address for App Platform/IP and turn on the Operation without DNS check-mark. Once the DNS is set up properly, be
 Once the DNS is set up properly, be  sure to turn off
 sure to turn off the Operation without DNS check-mark again and remove the DNS and IP address from IP address for App Platform. The DNS-less Install mode is not meant to be used in normal operation!
 the Operation without DNS check-mark again and remove the DNS and IP address from IP address for App Platform. The DNS-less Install mode is not meant to be used in normal operation!In the course, our DNS has been setup auto-magically (in your IP411RIGHT) so we do not need to turn on the DNS-less mode.
 All other properties on this page can be left as is for now.
 All other properties on this page can be left as is for now.Device Name
At this point you may notice that your browser shows  YourName-IP411LEFT: (empty) as title for the browser tab.
 YourName-IP411LEFT: (empty) as title for the browser tab. 
This name is taken from the Device Name value for each device. This can be set inGeneral / Admin .
 YourName-IP411LEFT: (empty) as title for the browser tab.
 YourName-IP411LEFT: (empty) as title for the browser tab. This name is taken from the Device Name value for each device. This can be set in
Required PBX Object
A common mistake is to not configure the required PBX node objects properly.
In a multi-PBX system, all PBXs are arranged in a so-called  PBX tree where leaves (a.k.a. slave PBXs) are registered to the master PBX (even more: the
 PBX tree where leaves (a.k.a. slave PBXs) are registered to the master PBX (even more: the  PBX tree may consist of several levels so that a slave PBX is registered to another slave PBX which is registered to the master).
 PBX tree may consist of several levels so that a slave PBX is registered to another slave PBX which is registered to the master).
 PBX tree where leaves (a.k.a. slave PBXs) are registered to the master PBX (even more: the
 PBX tree where leaves (a.k.a. slave PBXs) are registered to the master PBX (even more: the  PBX tree may consist of several levels so that a slave PBX is registered to another slave PBX which is registered to the master).
 PBX tree may consist of several levels so that a slave PBX is registered to another slave PBX which is registered to the master).Each PBX in the PBX tree must have a corresponding  PBX type object entry in the
 PBX type object entry in the PBX / Objects  object list. This is true even if there is only a single master. Configuring an object for a PBX may be confusing sometimes, so make it a habit to configure the object for each PBX you set up right away.
 PBX type object entry in the
 PBX type object entry in the  Note that standby PBXs are not reflected in the PBX tree. This is because they are not separate entities but merely replacements for and exact copies of their respective siblings.
 Note that standby PBXs are not reflected in the PBX tree. This is because they are not separate entities but merely replacements for and exact copies of their respective siblings. Since we are dealing with a single master only in this topic, the "PBX tree" is quite simple -  it consists of this one master only
 it consists of this one master only  . So the bottom line is: we need to configure a PBX type object on the master PBX for the master PBX.
. So the bottom line is: we need to configure a PBX type object on the master PBX for the master PBX.
 it consists of this one master only
 it consists of this one master only  . So the bottom line is: we need to configure a PBX type object on the master PBX for the master PBX.
. So the bottom line is: we need to configure a PBX type object on the master PBX for the master PBX.Name
 In our scenario, it has to be
 In our scenario, it has to be We recommend to set Name and Long name equal, as there is no use in choosing different names and it is just confusing. 
 
Parent node
For now, we won't deal with multi-node PBX system but we will stick to single-PBX, single node systems. The only node we use therefore is the root node and you will never use anything but root as Parent node for a PBX.
Parent PBX
For the master's PBX object, the Parent PBX must be the Name of the object itself (in other words, in the PBX tree the master PBX is the one with the Parent PBX attribute pointing to itself). 
Number
Any PBX object must have a number. Unfortunately, the use of this number is not that obvious for nodes representing a PBX. So for now, make it a habit and use a number that is unlikely to be needed in your dial plan ever, like numbers which start with a star (*) or hash (#).
Password
Above we stated "slave PBXs are registered to the master PBX". For this to work, slave PBXs must use the master's Name and Password for the registration. This is not only true for slaves, but also for standby PBXs (which also need to register to their sibling in normal operation). 
 Make sure you use a strong password here (like the one the Install generates for you).
 Make sure you use a strong password here (like the one the Install generates for you).  In this course however, we use a simple password to make sure your trainer can help you with the configuration at any time. So set the Password (as well as Retype password) to
 In this course however, we use a simple password to make sure your trainer can help you with the configuration at any time. So set the Password (as well as Retype password) to You can leave all other fields in this tab as is. 
Security
 There are various issues to consider regarding the security of a PBX, especially if it is accessible from the public internet. These will be covered in a later topic in more detail.
Registrations: IP Filter
In any case, you should set the  IP-Filter property for registration without authentication and registration with authentication in the
 IP-Filter property for registration without authentication and registration with authentication in the PBX / Config / Filter  tab to make sure endpoints register only from within networks you are expecting them to do so!
 IP-Filter property for registration without authentication and registration with authentication in the
 IP-Filter property for registration without authentication and registration with authentication in the In this course, we will limit registrations to our own training network (both for authenticated and un-authenticated registrations which should not be possible anyway due to the setting of No of Regs w/o Pwd.)
Calls: Filter
In some installations, users will only have restricted access to phone numbers. For example, a site administrator could decide to inhibit calls to premium rate numbers. This is done using Filters and we will discuss this in-depth later.
Note that the above settings are kept up-to-date automatically on each PBX in the system (in case of a multi-PBX system). In other words: they are replicated.
Access to the advanced UI: Allowed stations
Access to the advanced UI is critical and should be kept secure obviously. For this, we can restrict access to the device's HTTP server using the Allowed stations properties in
 Allowed stations properties in Services / HTTP / Server  tab.
 Allowed stations properties in
 Allowed stations properties in  You could set Address to 172.31.31.0 and Mask to 255.255.255.0, as we did for the registrations before. However, for practical reasons it is useful to allow your trainer to access your devices too. For this reason,
 You could set Address to 172.31.31.0 and Mask to 255.255.255.0, as we did for the registrations before. However, for practical reasons it is useful to allow your trainer to access your devices too. For this reason, Set Address to
 Set Address to In real life you would set it to the network and mask used in your customers network, which will be given to you by the network administrator.
 Note that this is not blocking access to the advanced UI through the Devices App. Since you would use access via Devices in normal operation, you could restrict this mask to those stations that you would only use for direct access to the advanced user interface in an emergency. However, clients like myApps and also the TAPI CTI driver use HTTP to access the PBX. The mask you enter here must therefore include all computers on which myApps or a TAPI driver is installed.
 Note that this is not blocking access to the advanced UI through the Devices App. Since you would use access via Devices in normal operation, you could restrict this mask to those stations that you would only use for direct access to the advanced user interface in an emergency. However, clients like myApps and also the TAPI CTI driver use HTTP to access the PBX. The mask you enter here must therefore include all computers on which myApps or a TAPI driver is installed. Adding Users
In order to use a phone with a PBX or to use the myApps client to run some Apps, you need to create a  user object in the
 user object in the PBX / Objects  tab.
We will see how to configure such user objects in the course of the next sub-chapters.
 user object in the
 user object in the We will see how to configure such user objects in the course of the next sub-chapters.
User Object Properties
 The user object is one of the most generic of the PBX object types, so most of its properties are actually  common properties shared by most objects. As all other objects are, it is created using the
 common properties shared by most objects. As all other objects are, it is created using the  New link next to the object type drop down in the
 New link next to the object type drop down in the PBX / Objects  tab.
 common properties shared by most objects. As all other objects are, it is created using the
 common properties shared by most objects. As all other objects are, it is created using the  New link next to the object type drop down in the
 New link next to the object type drop down in the Technically, the minimal configuration for a user consists of 
- the Long Name
Anything else is optional. However, in almost all cases, you will also set 
- the Name
- the Node
- the PBX
This is also the minimal configuration the UsersAdmin App requires in order to create/modify a user object (in other words: the UsersAdmin App  would complain about missing fields when you try to save such a user object).
 would complain about missing fields when you try to save such a user object).
 would complain about missing fields when you try to save such a user object).
 would complain about missing fields when you try to save such a user object).In reality you would probably also want to assign a Number (a.k.a. extension) to the user, so you can call the user by dialing a number, although this is not strictly required.
 Now go ahead and
 Now go ahead and  create a user with the following properties:
 create a user with the following properties:| Field | Value | 
| Long Name | |
| Name | |
| Number | |
| Password | |
| Node | |
| PBX | 
Using phones
Using this configuration, the user still cannot do phone calls (neither with a hard- nor with a soft-phone). More precisely, no phones can register on behalf of the user.
For this to work, you need to add at least one device to the user's  Devices list. An entry in the
 Devices list. An entry in the Devices list is essentially a name that can be used to register a device (such as a hard- or soft-phone). This name (given in the Hardware Id property of the device entry) then could be used to configure the registration on a phone. In normal operation with an innovaphone phone, you would use the phone's serial number (such as 009033280075 or IP111-28-00-75). We will look in to this later.
 Devices list is essentially a name that can be used to register a device (such as a hard- or soft-phone). This name (given in the Hardware Id property of the device entry) then could be used to configure the registration on a phone. In normal operation with an innovaphone phone, you would use the phone's serial number (such as 009033280075 or IP111-28-00-75). We will look in to this later.
 Devices list. An entry in the
 Devices list. An entry in the Devices list is essentially a name that can be used to register a device (such as a hard- or soft-phone). This name (given in the Hardware Id property of the device entry) then could be used to configure the registration on a phone. In normal operation with an innovaphone phone, you would use the phone's serial number (such as 009033280075 or IP111-28-00-75). We will look in to this later.
 Devices list is essentially a name that can be used to register a device (such as a hard- or soft-phone). This name (given in the Hardware Id property of the device entry) then could be used to configure the registration on a phone. In normal operation with an innovaphone phone, you would use the phone's serial number (such as 009033280075 or IP111-28-00-75). We will look in to this later.For historical reasons and in contrast to the operation of the UsersAdmin App, the advanced user interface  will automatically create an entry whose Hardware Id equals the user's Name property (john.doe in our case).
 will automatically create an entry whose Hardware Id equals the user's Name property (john.doe in our case). 
 will automatically create an entry whose Hardware Id equals the user's Name property (john.doe in our case).
 will automatically create an entry whose Hardware Id equals the user's Name property (john.doe in our case).  Unless you intend to allow this user to register from arbitrary phones (hot desking), you should actually remove this automatic entry in the Devices list.
 Unless you intend to allow this user to register from arbitrary phones (hot desking), you should actually remove this automatic entry in the Devices list. How to set all these names
So what exactly is a Name and a Long Name? The Name is a property you can use to call a user. Technically, you can call an extension using its Name property just like you can using its Number property. In contrast, the Long Name is what is displayed e.g. at the remote end when a user does a call. Both Name and Long Name must be unique system wide. So if you want a name to be displayed with a call that is not unique, you can use the Display Name property, which overrides the Long Name then and does not need to be unique!
You may ask yourself the question how you should set all these properties for objects you create. Here is a simple rule of thumb:
 
- set the Name to the user's shortest email address leaving away the domain part (so if the user has an email of joe@example.com, then set Name to joe).
 In any case, you must set it so that it could be a valid user-part of a SIP-URI. As a simple rule of thumb, only use A-Z, a-z, 0-9 as well as . (dot) and - (hyphen). The Name must not start with a . (dot) however. Although it is not strictly required, we recommend to use no upper-case letters
- set the Long Name to the user's full name (e.g. Joe Satriani). Make sure the name is unique throughout the system. If the pure name is not, add a department name or similar (e.g. Joe Satriani, Sales). There are no character restrictions for the Long Name but for practical reasons, we recommend to use 17 or less characters
- if you don't like the Long Name to be used as the display name, set a Display Name of your choice. Otherwise leave it empty. The display name does not need to be unique
 In many parts of the system, a user is identified by its Name property. For example, if you change a user's Name, some App data will get lost. We therefore recommend to avoid changing the Name property. However, changing Long Name or Display Name is ok.
 In many parts of the system, a user is identified by its Name property. For example, if you change a user's Name, some App data will get lost. We therefore recommend to avoid changing the Name property. However, changing Long Name or Display Name is ok.Some Apps like Connect do recover the user data when the Name is changed though. In rare cases however, this may not be not desired. Use theNew Account check-mark in such cases.
Number
The Number property actually defines the user's phone extension.
User objects (to be more precise: all objects) must not have similar extension numbers. So if you try to add an object and assign a Number which is already allocated to another object, the PBX will deny it. However, it will search for the next best free number and suggest it for use (you already have seen such a mechanism in the UserAdmin App). So if you try to save the new object again, it will be created with the extension number found and suggested.
As phone numbers generally can be dialed digit-by-digit (overlapped sending), this also implies that one extension must not be a prefix of another. In other words: if you have an object with extension 9, you cannot have another with e.g. 95, as 9 is a prefix of 95. The two extensions are considered similar (despite not equal).
In certain situations, the PBX needs to know the users email address. You can enter this to the  E-Mail field. However, if you follow our recommendation to use the local part of the user's email address for the user's Name property, you can simply tick the check-mark next to the user's name just in front of the E-Mail field. This will tell the PBX to always use whatever is in the user's Name field as email address (the domain part is taken from the PBX's System Name field as we have ticked the Use as Domain check-mark before).
 E-Mail field. However, if you follow our recommendation to use the local part of the user's email address for the user's Name property, you can simply tick the check-mark next to the user's name just in front of the E-Mail field. This will tell the PBX to always use whatever is in the user's Name field as email address (the domain part is taken from the PBX's System Name field as we have ticked the Use as Domain check-mark before).
 E-Mail field. However, if you follow our recommendation to use the local part of the user's email address for the user's Name property, you can simply tick the check-mark next to the user's name just in front of the E-Mail field. This will tell the PBX to always use whatever is in the user's Name field as email address (the domain part is taken from the PBX's System Name field as we have ticked the Use as Domain check-mark before).
 E-Mail field. However, if you follow our recommendation to use the local part of the user's email address for the user's Name property, you can simply tick the check-mark next to the user's name just in front of the E-Mail field. This will tell the PBX to always use whatever is in the user's Name field as email address (the domain part is taken from the PBX's System Name field as we have ticked the Use as Domain check-mark before). The check-mark is only available if a Name is set. So you need to click on Apply after setting the Name to make it available
 The check-mark is only available if a Name is set. So you need to click on Apply after setting the Name to make it availablePassword
Of course, an object's password should be as strong as possible. This applies to any type of object, not just Users. Again, you can use a secure online password generator to create a secure password.
Please note that you as an administrator may choose any password here, regardless of a password policy you may have set for your system (we will discuss password policies later).
If No of Regs w/o Pwd. is set to 0 you do not have to configure a password. In fact, it is better to leave it empty because the No of Regs w/o Pwd. option forces a password. This way no registration is possible if no password is configured.
Node/PBX
Within this course, as no multi-pbx or multi-node scenarios will be covered, the Node will always be root and the PBX will always be the Name of the node entry representing your single master PBX.
 As you can see, these are actually the default settings. So no need to change either of them.
 As you can see, these are actually the default settings. So no need to change either of them.Filter / Diversion Filter
When you switch from the General tab to the User tab, you can (and should) set the Filter and Diversion Filter properties to one of the filters you defined before.
However, as we haven't defined filters yet (we will do this in the next book), we can leave those fields empty.
What's left
All other properties in both the General and the other tabs can be left empty for now. 
So we end up with a slightly modified  recommended configuration.
 recommended configuration. 
 recommended configuration.
 recommended configuration. Controlling registrations
 It is important to understand that a user is not a phone. A User object basically represents an extension (which is linked to a user, hence the object's name).
The PBX manages many types of objects that an endpoint can register with. Such an endpoint might be a phone of course but it could also be a gateway interface, a door intercom etc. However, more than one endpoint can register with the same PBX object. If this does happen, it is said that there are multiple registrations on that object.
As we have seen, Devices need to be configured if a registration shall be possible on an object. If there is no Device defined for the PBX object, no endpoint can register. So, more precisely, endpoints do not register with PBX objects, they register with Devices defined for PBX objects. By default, multiple concurrent registrations of endpoints can use the same Devices entry.
Call handling
When a call comes in for a user, it is sent to all the registered devices for the user. When any of the registered devices calls out, the users Name and Number is sent (in other words, the remote end does not see any differences between calls from devices registered to the same user).
Device properties
A  Device has a number of properties:
 Device has a number of properties:
 Device has a number of properties:
 Device has a number of properties:- Hardware Id. This is the name that an endpoint must provide (possibly along with a password) to register with the Device and hence the PBX object. It should be clear that it needs to be unique through all Device entries in all PBX objects in the whole system
- Name. This is a user friendly nickname for the Device. It is shown in end-user interfaces and does not need to be unique (for example, you could have a Device for each user that has the respective phone serial number as Hardware Id (unique) but always My Deskphone as nickname
- App. We will look into this later  
- PBX Pwd. Require the PBX password from PBX / Config / Security instead of the user password for authentication. This is a legacy mode and we recommend not to use it any more. It makes sure that device registrations are not affected when user passwords are changed. Use certificate based registration instead (see also TLS only below)
- No IP Filter. Disregard the registration IP-Filter we have set in PBX / Config / Filter . Only rarely used
- TLS only. Enforce secure registration based on TLS certificates. Should be used whenever possible (might fail for some 3rd party devices though)
- No Mobility. While a device with this check-mark ticked is registered, the mobility feature (forking incoming calls to the user's mobile phone) is disabled. You may want to set that for the Device used by the softphone on your PC, Laptop or Tablet. Unfortunately, it is less useful on your mobile phone, as this will drop the registration after some inactivity (this is done to save energy)
- Config VOIP. Enables additional VoIP configuration options. Rarely used
- Reverse Proxy. If ticked, registrations from abroad (e.g. home office) are allowed
- Single Reg. If ticked, only one registration is allowed for this Device. Makes sense in most situations
- Media Relay. Some third party devices do work correctly only if the media data is passed through the PBX. While this option fixes some interop issues, it should be avoided if possible, as it adds substantial load to the PBX
- No SRTP. Again, some third party devices do not work correctly if encrypted media (SRTP) is used. If this check-mark is ticked in addition to the Media Relay check-mark, no encrypted media is used with the device. Although this option fixes some interop problems, it should be avoided if possible, as it reduces the security of the connections
 Please note that the softphone available in myApps (both on your PC or on your mobile phone) behaves a bit different from a hardware phone. The softphone is not a device that registers using SIP or H.323. Instead, it is more like just any App in myApps which uses HTTP(S) to connect to the PBX. Starting Apps is always secured by the users account and password so that the TLS only flag is not applicable. Also, the Reverse Proxy flag is irrelevant to softphones (in other words: they always work via reverse proxy).
 Please note that the softphone available in myApps (both on your PC or on your mobile phone) behaves a bit different from a hardware phone. The softphone is not a device that registers using SIP or H.323. Instead, it is more like just any App in myApps which uses HTTP(S) to connect to the PBX. Starting Apps is always secured by the users account and password so that the TLS only flag is not applicable. Also, the Reverse Proxy flag is irrelevant to softphones (in other words: they always work via reverse proxy). Looking up the object for a registration
Registering with a name
In order to use a phone, it needs to register with the PBX, more precisely, it needs to register with a Device defined for a PBX object. When the PBX receives a registration it will try to match the provided identification with one of the Hardware-Id values of an existing object. If there is a match, the registration is accepted (after potential verification of an associated password).
In fact, when an endpoint registers with a PBX object, it needs to present one of the Hardware Ids present in the Devices list as registering name. Although multiple registrations are possible using the same Hardware Id, it is best practice to  define different  Hardware Ids for different registrations (that is, registering endpoints) and to set the Single Reg check-mark. This way, you can
 define different  Hardware Ids for different registrations (that is, registering endpoints) and to set the Single Reg check-mark. This way, you can distinguish the different registrations in the Device column of the PBX's
 distinguish the different registrations in the Device column of the PBX's PBX / Registrations  tab. Please note that Hardware Ids must be unique in your entire PBX (as they are used to identify an object during registration). The Name property however does not need to be unique (that is, the Name property in the Devices list, the one in the general part needs to be unique).
 define different  Hardware Ids for different registrations (that is, registering endpoints) and to set the Single Reg check-mark. This way, you can
 define different  Hardware Ids for different registrations (that is, registering endpoints) and to set the Single Reg check-mark. This way, you can distinguish the different registrations in the Device column of the PBX's
 distinguish the different registrations in the Device column of the PBX's Registering with a number
Sometimes, endpoints will use an extension number instead of a name to register. So as an alternative, the registration may convey the Number property of an existing PBX object. In this case, the PBX behaves like if the registration came in presenting the value of the Name property of the PBX object as registration name. In other words, to allow a registration with the PBX object's Name property or Number property, there must be a Devices entry in the object that  has its Hardware Id set equal to the user object's Name property.
 has its Hardware Id set equal to the user object's Name property.
 has its Hardware Id set equal to the user object's Name property.
 has its Hardware Id set equal to the user object's Name property.While both methods work fine, there is a problem with both of it: in order to register a phone, it needs to receive a specific configuration (either name or number). This practically requires an administrator or advanced user to get the phone in hands and do the necessary configuration.
 
Device Authentication
In a real life environment, user objects (more precisely: all objects) which shall allow an endpoint to register with (i.e. have at least one Device), should have a password assigned for security reasons.
The user/object password is not used only for device registrations. User passwords are also used by normal end users to login to their web UI (that is, myApps). This of course implies that users will change their password once in a while. If their standard hard phone is registered using the user password this will result in a non-functional phone, as long as the password is not changed in the device too.
You should thus make it a habit not to register phones using the user password.
Use the device certificate instead of a password
Each innovaphone hardware IP-phone has a built-in certificate. This can be used to verify its identity to other devices. This allows us to configure a Device in a PBX user object that allows a registration from a single device exclusively. 
To do so, you would create an entry in the Devices list whose Hardware Id is  equal to the serial number of the phone and whose TLS only check-mark is ticked.
 equal to the serial number of the phone and whose TLS only check-mark is ticked.
 equal to the serial number of the phone and whose TLS only check-mark is ticked.
 equal to the serial number of the phone and whose TLS only check-mark is ticked.Allowing personal ad hoc Registrations
To allow users to register other phones using their own password (e.g. to do an ad-hoc login on another telephone), you would add  another entry in the Devices list with TLS only not checked. As an administrator, you should carefully decide if or if not to create such an entry. As you do not have control over the registration password (the user defines it), it presents a security risk!
 another entry in the Devices list with TLS only not checked. As an administrator, you should carefully decide if or if not to create such an entry. As you do not have control over the registration password (the user defines it), it presents a security risk!
 another entry in the Devices list with TLS only not checked. As an administrator, you should carefully decide if or if not to create such an entry. As you do not have control over the registration password (the user defines it), it presents a security risk!
 another entry in the Devices list with TLS only not checked. As an administrator, you should carefully decide if or if not to create such an entry. As you do not have control over the registration password (the user defines it), it presents a security risk! To practice, configure both variations as entries in the Devices list of the PBX User object John Doe:
 To practice, configure both variations as entries in the Devices list of the PBX User object John Doe:- Use john.doe as Hardware Id for the entry allowing ad-hoc registrations
- and 0090334f22f9 for the entry allowing certificate based registrations
 The latter will allow your IP111 to register based on the certificate
- Furthermore  add a Name for each of your devices (we suggest add a Name for each of your devices (we suggestHot Desking for the john.doe entry andIP111 for the 0090334f22f9 entry)
- and enter phone in the App column for both entries. We need to associate them with the phone app so we can use it later on to control the device with myApps
- enable TLS only for the Hardware ID 0090334f22f9
Setting Phones to send their Certificate
As discussed before, many phones (for example innovaphone hard-phones) can send their identity in a secure fashion during registration. However, this requires use of a TLS based protocol and this in turn disables gatekeeper discovery. 
So we need two settings on the phones to make registrations based on certificates possible:
- the phones need to know the address of their PBX (that is, the gatekeeper)
- the phones need to be configured to use a TLS based protocol
For backward compatibility, phones use UDP based H.323 and gatekeeper discovery by default.
Settings on the Phone
 Fortunately, as you have already seen in the IT Connect course, the device provisioning in the Devices App can do this for us. 
 However, here we want to do these  two settings on the phone (let's say the IP111) directly so you see what's going on under the hood when provisioning a phone with Devices. Also, you may have to do this manually for some phones (e.g. 3rd party phones).
 two settings on the phone (let's say the IP111) directly so you see what's going on under the hood when provisioning a phone with Devices. Also, you may have to do this manually for some phones (e.g. 3rd party phones). 
 two settings on the phone (let's say the IP111) directly so you see what's going on under the hood when provisioning a phone with Devices. Also, you may have to do this manually for some phones (e.g. 3rd party phones).
 two settings on the phone (let's say the IP111) directly so you see what's going on under the hood when provisioning a phone with Devices. Also, you may have to do this manually for some phones (e.g. 3rd party phones).  
  To manually register your IP111 with user John Doe configure the phone's registration data in
 To manually register your IP111 with user John Doe configure the phone's registration data in - change the Protocol from H.323 to H.323/TLS to enable certificate based registration
- set the Primary Gatekeeper property to the address of your PBX. As we already know from the IT Connect training, moodle has configured a customer DNS on your IP411RIGHT. So you can use hq-dvl-ckl2.training.innovaphone.com 
 Note that you need to configure neither Name nor Number to register. innovaphone devices will always use their serial number as Name then. In your case, this is 0090334f22f9, which is what you have configured as Hardware Id in one of the Devices entries for John Doe before.
 Note that you need to configure neither Name nor Number to register. innovaphone devices will always use their serial number as Name then. In your case, this is 0090334f22f9, which is what you have configured as Hardware Id in one of the Devices entries for John Doe before. Using DHCP
There is also a legacy method of provisioning with DHCP. However, we do not recommend to use this method anymore, as it interferes with the provisioning implemented in the Devices App. 
Certificate Registration for Interfaces
We have seen how the phone can be registered to the PBX with no password based on its certificate. This can be done for interfaces (e.g. the TEL1 FXS interface of your IP411LEFT) too!
The device interface will behave similarly to a phone and send its serial number as registration name to the PBX when configured with no Name and no Number for the Internal Registration. However, to be able to distinguish the individual interfaces of the device, it will append the interface name to it.
Let's assume we want to register an analog phone attached to your IP411LEFT's TEL1 interface for John Doe.
- the interface, when configured to register to the PBX with H.323/TLS with neither Name nor Number would use a registration name which is built up by its serial number (0090334000b3), a hyphen (-) and the name of the interface (TEL1)
- the interface needs to be configured to register to the PBX (hq-dvl-ckl2.training.innovaphone.com in your case)
- there must be an entry in the Devices list of John Doe's user object that has  this name set as Hardware Id this name set as Hardware Id
- create an additional Devices entry in John Doe's User object with 0090334000b3-TEL1 as Hardware Id
- configure POTS phone as value for the Name property of this device and enterphone as value for the App property
- tick the TLS only check-mark for the new entry
- set the Protocol to H.323/TLS in the TEL1 interface configuration onGateway / Interfaces / TEL1 
-       set the Gatekeeper Address (primary) tohq-dvl-ckl2.training.innovaphone.com 
- you might also want to set a value for the Name property of the interface
 In this special case, the interface (TEL1) is physically on the same box as the PBX runs. Therefore, we could also use 127.0.0.1 (localhost) or 172.31.31.2 as gatekeeper address.
 In this special case, the interface (TEL1) is physically on the same box as the PBX runs. Therefore, we could also use 127.0.0.1 (localhost) or 172.31.31.2 as gatekeeper address.If all is done well, you will see  two registrations for John Doe listed in
 two registrations for John Doe listed in PBX / Registrations  showing 0090334f22f9  (the IP111) and 0090334000b3-TEL1  (TEL1) as Device (it make take a while for the TEL1 registration to appear).
 two registrations for John Doe listed in
 two registrations for John Doe listed in 
 and
 and  for any device that needs licenses in
 for any device that needs licenses in  is required.
 is required. directly. This of course requires your box to have access to the public internet and you need to enter your my.innovaphone.com credentials into the device.
 directly. This of course requires your box to have access to the public internet and you need to enter your my.innovaphone.com credentials into the device. device. VoIP devices involved register to this PBX. This single PBX is known as
 device. VoIP devices involved register to this PBX. This single PBX is known as  in the
 in the  .
. . It will go back to standby mode as soon as the master is available again.
. It will go back to standby mode as soon as the master is available again. with one being the master. All others are known as
 with one being the master. All others are known as  here (e.g. dvl-ckl2.net). Therefore, you will also set the Use as domain check-mark.
 here (e.g. dvl-ckl2.net). Therefore, you will also set the Use as domain check-mark.  in
 in  enables a special PBX mode known as Zero Administration Deployment (ZAD). This was a common method to register phones to the PBX in previous versions of the PBX. We do not recommend to use this anymore.
 enables a special PBX mode known as Zero Administration Deployment (ZAD). This was a common method to register phones to the PBX in previous versions of the PBX. We do not recommend to use this anymore. setting allows registrations to the PBX even without valid credentials. This is a legacy feature and seen as a security risk nowadays, so make a habit to always
 setting allows registrations to the PBX even without valid credentials. This is a legacy feature and seen as a security risk nowadays, so make a habit to always has to be set. As this is usually a system policy (as opposed to a location- or site-policy), the check-mark should be set the same way in all PBXs.
 has to be set. As this is usually a system policy (as opposed to a location- or site-policy), the check-mark should be set the same way in all PBXs. of the trunk line used.
 of the trunk line used. .
.  It must be unique throughout the system, so no slave must share the name of the master (and of course neither the name of another slave). Except however, that a standby to a (master- or slave-) must share the name of the PBX it shall stand-in for of course.
 It must be unique throughout the system, so no slave must share the name of the master (and of course neither the name of another slave). Except however, that a standby to a (master- or slave-) must share the name of the PBX it shall stand-in for of course.  you created in the DNS server for your PBX in to the DNS field. Strictly speaking, this is not really required as long as you do not intend to allow external access to your PBX. However, more or less each of your customers will eventually ask for this feature. So we strongly recommend to configure it from the very beginning (and it is quite a pain to change the installation later on from IP-only to DNS name driven).
 you created in the DNS server for your PBX in to the DNS field. Strictly speaking, this is not really required as long as you do not intend to allow external access to your PBX. However, more or less each of your customers will eventually ask for this feature. So we strongly recommend to configure it from the very beginning (and it is quite a pain to change the installation later on from IP-only to DNS name driven). on the fly. To enable this mode, configure the DNS name of your AP in IP address for App Platform/DNS and the IP address in IP address for App Platform/IP and turn on the Operation without DNS check-mark.
 on the fly. To enable this mode, configure the DNS name of your AP in IP address for App Platform/DNS and the IP address in IP address for App Platform/IP and turn on the Operation without DNS check-mark. 
  where leaves (a.k.a. slave PBXs) are registered to the master PBX (even more: the
 where leaves (a.k.a. slave PBXs) are registered to the master PBX (even more: the  so that a slave PBX is registered to another slave PBX which is registered to the master).
 so that a slave PBX is registered to another slave PBX which is registered to the master). 
  for your new PBX object.
 for your new PBX object. for your new PBX object.
 for your new PBX object. for your new PBX object.
 for your new PBX object. to
 to  in
 in  next to the object type drop down in the
 next to the object type drop down in the  about missing fields when you try to save such a user object).
 about missing fields when you try to save such a user object). is essentially a name that can be used to register a device (such as a hard- or soft-phone). This name (given in the Hardware Id property of the device entry) then could be used to configure the registration on a phone. In normal operation with an innovaphone phone, you would use the phone's serial number (such as 009033280075 or IP111-28-00-75). We will look in to this later.
 is essentially a name that can be used to register a device (such as a hard- or soft-phone). This name (given in the Hardware Id property of the device entry) then could be used to configure the registration on a phone. In normal operation with an innovaphone phone, you would use the phone's serial number (such as 009033280075 or IP111-28-00-75). We will look in to this later. whose Hardware Id equals the user's Name property (john.doe in our case).
 whose Hardware Id equals the user's Name property (john.doe in our case).  However, if you follow our recommendation to use the local part of the user's email address for the user's Name property, you can simply tick the check-mark next to the user's name just in front of the E-Mail field. This will tell the PBX to always use whatever is in the user's Name field as email address (the domain part is taken from the PBX's System Name field as we have ticked the Use as Domain check-mark before).
 However, if you follow our recommendation to use the local part of the user's email address for the user's Name property, you can simply tick the check-mark next to the user's name just in front of the E-Mail field. This will tell the PBX to always use whatever is in the user's Name field as email address (the domain part is taken from the PBX's System Name field as we have ticked the Use as Domain check-mark before). next to the E-Mail field
 next to the E-Mail field .
.  for different registrations (that is, registering endpoints) and to set the Single Reg check-mark. This way, you can
 for different registrations (that is, registering endpoints) and to set the Single Reg check-mark. This way, you can in the Device column of the PBX's
 in the Device column of the PBX's  .
. .
. . As an administrator, you should carefully decide if or if not to create such an entry. As you do not have control over the registration password (the user defines it), it presents a security risk!
. As an administrator, you should carefully decide if or if not to create such an entry. As you do not have control over the registration password (the user defines it), it presents a security risk! for each of your devices (we suggest
 for each of your devices (we suggest  on the phone (let's say the IP111) directly so you see what's going on under the hood when provisioning a phone with Devices. Also, you may have to do this manually for some phones (e.g. 3rd party phones).
 on the phone (let's say the IP111) directly so you see what's going on under the hood when provisioning a phone with Devices. Also, you may have to do this manually for some phones (e.g. 3rd party phones).  set as Hardware Id
 set as Hardware Id for John Doe listed in
 for John Doe listed in