Course12:Advanced - V12 News
V12 News
Overview
Overview
The most important V12 features are listed in this book. For detailed information on these features, there are links to further topics of this advanced training plus references to our wiki.
With V12 there are plenty of new features and products. Some main highlights are:
-
IP112 phone
- new gateways
cloud-based innovaphone PBX services
enhanced security features
webRTC and myPBX enhancements
New Software Products
New software products
Within Firmware version 12, innovaphone introduces some new functionalities which are described in the following roughly. For some of them, you will find more information or also lessons in the following topics of this training.
Note: As always with innovaphone, it's possible to use new firmware versions as well on existing hardware types. In general for version 12 this applies too - but:
There's an exception in terms of hardware which owns too little on-board memory. Version 12 requires gateways providing at least 32MB DRAM size, which at the small gateways IP302 and IP305 is available since hardware version 307. So older hardware versions of these gateways will not be able to run Version 12 (btw: Version 11 as well not).
The following subchapters will present you the new software features.
Reverse Proxy
Reverse Proxy
Starting with Version 12, any innovaphone device can act as a Reverse Proxy.
What is an Reverse Proxy?
A Reverse Proxy is taking requests from the internet (in our case e.g. external phone users) and forward them to servers in an internal network (e.g. the PBX). Externals making requests to the Reverse Proxy may not be aware of the internal network itself.
The function is similar to a NAT Port Forwarding, where incoming TCP/TLS connections are forwarded to a defined target.
All incoming connections are terminated in the Reverse Proxy, which creates a new session to the opposite network.
Target definition is not only done by IP-ports, but also by application content of the payload.
A connection between the Reverse Proxy and the PBX can be trusted by validation of certificates used.
Reverse Proxy Usecases
Following two examples on potential usecases for Reverse Proxy:
Cloud Installation
- ReverseProxy is operated in a DMZ with a private and a public IP address
- provision of one centralized point of access for endpoint registration including certificate validation
- access is done using H.323/TLS or SIP/TLS
- limited access to the PBX for myPBX service is granted by use of HTTP(S)
- central phone book access is granted using LDAP(S)
- ReverseProxy is installed in the PBX itself (when no DMZ is in place) or on any extra device within the local network
- PBX access is limited to configured protocols
- HTTP/S access is limited as well for special services only (e.g. myPBX)
- PBX access is made through the NAT router by port forwarding in the ReverseProxy
Supported Feature Set
- TCP/TLS may be different between the far and local end
- service ports can be configured for non-standard ports
- Attack defense:
- Suspicious requests are detected based on unsuccessful connects
- Attack requests are displayed in counters
- Attackers IP address is automatically added to a built-in blacklist which can be displayed
- Each time an entry is added to the blacklist, a system event is generated
- Administrational access to the blacklist for address removal or explicit adding to built-in whitelist.
- Limitation on specific networks can be done
Protocol support
Supported protocols of the innovaphone Reverse Proxy are:
- H.323/TCP and H.323/TLS
- SIP/TCP, SIP/TLS
- HTTP, HTTPS
- LDAP, LDAPS
- SOAP
Non supported protocols and services are:
- H.323 over RAS-UDP
- Kerberos (Admin-UI access)
- IPv6 (not yet)
As an exception access to myPBX is possible (of course).
TURN
TURN
What is TURN
- It works with all kinds of NAT, including restrictive NAT routers/firewalls.
- As TURN requires resources at the host which may create delays, it should be used only if a direct communication is not possible. To overcome this drawback in general, a TURN server can be operated in a separate innovaphone box.
- ICE ensures that TURN is only used when no STUN gathered ICE-candidates are available -> can be configured always
OPUS
OPUS
New Hardware Products
New hardware products
New phone IP112
The IP111 - which was introduced in V11 - was extended to a new product called IP112.
Following features have been added to the IP112:
- offers 2 Gigabit Ethernet connections (1000Mbit/s) and is either powered by PoE or an external power supply.
- offers one USB 2.0 port for exclusive headset use (not other devices are supported nor allowed).
- Next to the well known voice codecs, the IP112 (and the IP111 as well) offers support for G.729 and the new OPUS codec.
- By the way: Existing IP111 supports OPUS as well!
New gateways
Starting in 2016, there will be a bunch of new gateways offering different interface settings for different use cases:
- IP311 - entry level VoIP-PBX and gateway,
providing 4 analogue trunk lines (FXO), 2 analogue extensions (FXS) and 6 on-board DSPs. - IP411 - entry level VoIP-PBX and gateway,
providing 2 ISDN-BRI trunk lines and 2 analogue extensions (FXS) and 6 on-board DSPs.
The IP411 replaces the former models IP302 and IP305. - IP811 - mid size VoIP-PBX and gateway,
providing 5 ISDN-BRI trunk lines and 10 on-board DSPs.
The IP811 replaces the former models IP800 and IP810. - IP3011 - advanced level VoIP-PBX and gateway,
providing 1 ISDN-PRI trunk line and 30 on-board DSPs.
The IP3011 replaces the former model IP3010 - but without BRI for sync purposes. - IP1130 - media gateway without PBX functionality,
providing one ISDN-PRI trunk line and 30 on-board DSPs.
Two IP1130 replaces one former model IP1060.
Remark: max. size of a single conference is limited to 30 channels - also by use of two IP1130. - IP0011 - dedicated for use as pure media gateway and stand-alone Reverse Proxy/SBC
Platform for up to 500 PBX Users (all-in-one) (no conferences)!
The IP0011 replaces the former IP0010.
- 2 Gigabit Ethernet ports each
- new CPU with better Linux performance due to more Linux RAM (now 768 - 1536 MB vs. 256 MB previously)
- OPUS audio codec at on-board DSPs (narrowband only)
- built-in Flash Disk (known as /DRIVE/FLASH) with following sizes
- 128 MB für IP311 and IP411
- 1GB for IP811, IP3011, IP0011
- optional mSATA SSD (known as /DRIVE/CF0). All new devices offer an internal SSD card holder for SSD according to our recommendations. Installation is optional and to be done by partner.
- enhanced internal clock resolution (5ppm, previously 50ppm)
- on-board Linux Application Platform available on all new xx11/11xx gateways (except of IP1130) by use of optional SSD
- all devices can act as Reverse Proxy and offer various SBC functionalities
New adapter
- IP29 - IP adapter for eight analogue extensions FXS.
It replaces the former IP28.
PBX Enhancements
PBX enhancements
As always with release of a new firmware version, one main area of improvements is the PBX and the embedded functions and services.
myPBX webRTC
Starting with V12, innovaphone has extended the webRTC features by
Video
Next to H.264, webRTC now as well supports VP8 video codec.
VP8 is a codec providing similar quality as H.264 and consumes as well approx. 300kbps bandwidth.Restrictions:
- Chrome currently supports VP8 only (they intend implementation of H.264).
- innovaphone conference interfaces do not support VP8 - so (currently) no video conferences using Chrome.
Application Sharing
In former times AS was only possible by using the myPBX Windows Launcher, now AS is possible between both Launcher and webRTC users.
- webRTC is still not supported by InternetExplorer and Safari
- webRTC users cannot share their own screen - but they are able to control launcher-shared screens
- no compatibility with 3rd party devices
Audio Codecs
Next to G.711, within webRTC OPUS is now supported as well.
This comes from the browser and now creates compatibility for calls between webRTC and new phone users (IP111/112) or gateways (IPxx11, IP29).
ICE/TURN
Next to the V11 implementation, where webRTC was only able to use ICE/STUN, which may have led to missing audio data, TURN was implemented for use of other NAT networks than full-cone as well
Toolbox
myPBX general
Netlogon
- use with Active Directory only
- one domain only
- requirement to use NTLM (v1 only), port 135/TCP
- the PBX needs to have an AD account and a connection to the domain controller
- the account configuration is made in the PBX
- myPBX SingleSignOn not applicable for phones or HotDesking
Gateway Enhancements
Gateway Enhancements
Conferencing
SIP Provider Profiles
License Enhancements
License enhancements
New licenses
webRTC License
For use of webRTC - which acts "like" a software phone - a new license is introduced with V12.
The license is per channel (a.k.a. per call), that is as many webRTC licenses are available as many calls can be made simultaneously via webRTC.
The webRTC license is a PBX license and by this "floatable" from a license-master.
Maximum amount of concurrent webRTC calls at a dedicated PBX can be set via PBX/Config/General/"Max WebRTC calls".
Note: In any case, webRTC usage requires at least a port license for the webRTC-user (as always); and - if requested by customer - video and/or application sharing licenses for these features to work.
Changes
Simplified Port License
Till V11, the first registration on an object took one license - regardless what type.
Starting with V12, the first registration on an User, Executive, Gateway or Trunk object will take one license.
Benefit is that unexpected licenses are eliminated. These are
- registration on a waiting queue for setting diversions
- slave registrations on a master pbx
- registration of a master pbx on a license-only master
End of Life
End of life
Following gateways will be end of life:
- IP28 - replaced by IP29
- IP302 - replaced by IP411
- IP305 - replaced by IP411
- IP800 - replaced by IP811
- IP810 - replaced by IP811
- IP0010 - replaced by IP0011
- IP1060 - replaced by IP1130 (two pieces needed when going for equivalent amount of channels)
- IP3010 - replaced by IP3011
IP22, IP24, IP38 and IP6010 remain in the portfolio!
IP6010 will be the only gateway providing loop-in functionality, 2 PRIs and 60 DSP channels useable for conference as well.