1.1.1 Accounts Management
Once you have almost one group you can fulfill it with SIP Accounts. In the Group List (PSOM 1.0 Groups) click on the Accounts icon on the right of each group's row.
You have three way for create new users:
the plain way: manual creation
the wizard way: automatic activation
tha batch way: massive creation
1.1.1.1 Create a new account, the plain way
The "plain way" is a completely manual creation of the account. In this way you control any feature of the account, but you also need to configure the user's client manually. This way is the opposite of the automatic activation.
This is the only way for creating valid accounts for the SNOM platform.
In the Account List page (figure 1. The Sip Users Table) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account button in the top of the page.
You can create both PGSM (PrivateGSM) or SNOM accounts and they do differ a while.
1.1.1.1.1 PGSM
The Create Account page will show a form with many fields. Mandatory ones are:
Username
Password/Repeat Password
Virtual Phone Number
Account Type
Security Model
Obfuscation Mode
Obfuscation Key
Keep-alive Enabled
Username/Password
Fill the Username with a numeric value as suggested by the default value into the field. Type in a password and repeat it in the proper fields.
Username MUST be unique as Virtual Phone Number!
Virtual Phone Number
Set a Virtual Phone number as a numeric value of your choice. Please consider that the Virtual Phone Number is the number to be dialed to call the Account (and also the number shown as the caller, when the Account places a call). We suggest a three character number such as "111" or "123" for testing purpose. For production please insert the real phone number.
If you do not insert the international prefix before the real phone number then you cannot use the automatic activation features
Account Type
To configure a PrivateGSM account select "PGSM" by the drop down menu in "Account Type".
To configure a SNOM account select "SNOM" by the drop down menu in "Account Type".
Security Models
To configure a PrivateGSM Enterprise account the security model must be "SDES" in the "Security Model".
To configure a PrivateGSM Professional account the security model must be "ZRTP".
To configure a Snom account the security model must be "SDES".
Obfuscation Mode
The Obfuscation mode is a simple but quite efficient trick to let the VoIP pass without being recognised by router that could perform Quality of Service degrading the call.
It's not known to be a perfect mask and it aims not to be one, still it works fine until now and our suggestion is to keep it enabled as by default,
Obfuscation Key
The key used by the obfuscator can be an arbitrary one, still "9" is the default value. It doesn't matter which number you put in here as long as it is the very same one you set up on the client side.
If the Obfuscation Key value is not the same on both client's account and server's one, then the call won't be placed properly and it might end suddenly voiceless.
Keep-alive Enabled
NEW FEATURE
Since the present version you can enable a server side check on the user's reachability!
To be reachable the client must set up a stable socket to the server. Each client sends a "keep alive" request to the server it's connected to in order to keep up the socket. This is necessary as the TCP socket has an idle timeout after which the socket is closed. Some aggressive network devices can short the standard timeout under 10 minutes, making impossible for the client to send the "keep alive" request because it would always be late (the client sends its request every 10 minutes or so).
In order to avoid the socket break caused by such aggressive network devices, you can set up a server side "keep alive" request that is going to be performed every 3 minutes. In this way you can be sure that the socket and thus the connection would remain up and stable under every circumstances.
The downside of this option is that there will be some more traffic on the socket (each passage of the request is 1.8 KiloByte, thus you can count almost 3.6 KB of traffic every 3 minutes)
Battery life warning
This option can afflict the battery life since more traffic means more radio transmission and on same devices the radio wouldn't have a proper timeout for going idle.
The actual default value for the keep-alive interval is 60 seconds. You can configure the general keep-alive timeout in the NAT configuration form. Please read PSAM 2.4 Asterisk advanced configurations to get informations about it.
older clients issue
All the PrivateGSM clients prior to the 11.1 version cannot respond to the keep-alive request and thus if such option was enabled for their users, then those users won't ever be on-line and reachable.
1.1.1.1.2 SNOM
In the Account List page (figure 1. The Sip Users Table) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account button in the top of the page.
There are some few but still important differences between the figure 3. Sip SNOM Account creation form and the figure 2. Sip Account creation form: security model, obfuscation Mode and Obfuscation Key fields are gone and instead you can read Mac, Deny and Permit. Due to the type of hardware underlying the SNOM account, we do assume that the hardware would be wired connected on a desktop. Also no obfuscation is possible because the device doesn't allow it. Instead the wired channel can provide us an easy to go access list, based on the LAN IP addresses. We can create both one White-List and one Black-List in order to bind the user's access to one specific device which can be identified by the LAN IP address. The different option shown are:
- Mac
- Deny
- Permit
Mac
The Mac is for putting in the MAC Address of the SNOM in order to bind the user to a specific hardware.
OLD FEATURE!
Deny
Deny represent the blacklist based on the IP address and the net mask we want to deny when associated to the current user. You have to write this in the form: <ipaddress>/<network mask>
Examples:
- 192.168.0.38/255.255.255.255 : Denies traffic from this IP address
- 0.0.0.0/0.0.0.0 : Denies every address
Permit
Permit is the exact opposite of the Deny option. It represent the whitelist based on the IP address and the net mask we want to have access. You have to write this in the form: <ipaddress>/<network mask>
Example:
- 192.168.0.38/255.255.255.0 : Allows traffic from this Network
EXAMPLE
You may have multiple rules for masking traffic. Combining together the Deny and the Permit option let you have a fine grain rule of access for any single user's account.
Please keep in mind that the access rules are processed from the first to the last, meaning that the Deny will be used first and then will be analysed the Permit one.
So:
Deny: 0.0.0.0/0.0.0.0
Permit: 216.27.242.66/255.255.255.255
Deny every address except for the only one allowed.
1.1.1.1.3 Actually create the Account
After you filled in the form (either the PGSM or the SNOM one), please click on the Create icon at the page's bottom.
An information line advice the operation just performed.
You'll get back the Account List page and the table shows now your new user (figure 4. new SIP account).
Using this way makes the account enabled by default.
To use the automatic activation even in the plain way go reading the 1.1.4 Automatic Activation.
1.1.1.2 Create a new account, the wizard way
The "wizard way" is the new method for creating accounts. It's made for easing the load on the service manager's shoulder, letting him/her focusing on the service configuration without having to bother about the installation and configuration of the client.
In the Account List page (figure 1. The Sip Users Table) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account (Activation Wizard) button in the top of the page.
You'll see the "Edit Account page" with a precompiled, non-editable username as in figure 5. new account by wizard.
Please set a Virtual Phone Number and choose a Provisioning Profile.
If you do not insert the international prefix before the real phone number then you cannot use the automatic activation features
If not differently configured, the default values for the Obfuscation are fine. The other fields are optional.
In this mode the password is automatically chosen by the system and it's not editable
Compile all necessary fields of the new account, select a Provisioning Profile and click on "Create". Now jump to paragraph 1.0.3.6 for activate the user.
In the "wizard way" the user's account are DISABLED until the automatic activation is performed!
1.1.1.3 Create a new account, the batch way
The "batch way" is an account creation mode designed specifically for large number of users to be created quickly.
Starting from Account List page figure 1. The Sip Users Tableclick on the Create batch account action to open Create batch account page:
Prepare a .csv file with some account. The file must be formatted as the example below.
fullName,gsmNumber,email,securityModel,description Alessandro Bergamaschi,+391234567890,alessandro.bergamaschi@privatewave.com,end-to-site,Personal account Luigi Rossi,+3932456753,luigi.rossi@privatewave.com,end-to-site,Personal account Marco Bianchi,+39432242342,mbianchi@gmail.com,end-to-site,Personal account Mario Colombo,+394325346546,colombo.mario@privatewave.com,end-to-site,Personal account
Select the default provisioning profile and a group for the newly account created. Upload the file and click create: you'll be leaded to the Group list page
1.1.2 Update
To change the SIP Account values you must first select it from the Accounts List: just click on the Username and the Edit Account form is shown (figure 2. Sip Account creation form).
Change the values you need to and then click on the Update button at the bottom of the form to save the changes. The new values are shown into the Accounts' table back in the "Account List" page.
A line will warn you about the update.
1.1.3 Delete
Select the Account from the Account List and get the Edit Account page. Click on the Delete button at the bottom of the page to delete the SIP Account. A warning pop up window will be shown.
Just select the "Ok" button or press Enter to confirm. The Account List page will show up without the Account.
1.1.4 Automatic Activation
After you created your new account(s) you have to configure the customer's client application PrivateGSM. In the wizard way it's MANDATORY to use the automatic activation in order to enable the account. In the plain way it's optional, though useful.
When you have just finished creating the new account (as in figure 4. new SIP account) or picking up the account from the account list ( see figure 7. The Account has been updated) you can send to the customer both a download SMS and a configuration SMS so that he/she would proceed with the installation of the client without any other human help. Click on the "Send installation SMS" to send the link for downloading the application.
Confirm as in the above picture and the PrivateServer advices the operation has been completed:
The SMSes are sent to the account's Virtual Phone Number, so please check it exist as an actual mobile phone number before using the Automatic Activation
Getting back to the account list you can read the exact status and the time of its change:
So what's happened is that the status has changed from "Created" to "Installation SMS sent" and the "Last Status date" has been updated to the time the SMS has been sent to the customer.
The Automatic Activation and the Provisioning Profiles must be set up to have this procedure to work.
After the customer has downloaded and installed the application, the "Last status" changes to "Installed" but the "Enabled" is still "False". "Last Status date" is updated as well.
Next step is to send the "Activation SMS" in order to enable the user to place and receive calls.
Just click on the related link at the end of the customer's row in the Account list table. As for the "Installation SMS" you are requested to confirm the action (refer to figure 9. confirm sms).
Note the change in the "Last Status" and in the "Last Status date": the former is now "Activation SMS sent", the latter is updated to the new time the action was performed.
You can know for sure that the user has configured his/her PrivateGSM application because after the action has been performed the account's "Last Status" becomes "Activated" and the "Last Status date" is updated as in the former cases.
Now the "Enabled" fields is changed to "true" meaning that the customer is ready to go.
Please remember that if you created the account in plain way then the account is enabled by default, no matter if you sent the Activation SMS or not.
If the customer actually goes on line with the PrivateGSM application, than the "Last Status" becomes "Connected".
You can check if the customer is connected using the "Registered Account" menu.