Versions Compared

Old Version 16

changes.mady.by.user user-0f753

Saved on

compared with

New Version Current

changes.mady.by.user user-e1945

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

By default, PrivateServer's services runs on all network interfaces. Actual availability depends on embedded firewall, which can be configured.

You can decide how to distribute the services of PrivateServer using the "network segregation" . You tools which you can access the configuration page via the Services link in the main menu.

2.2.1 Services

The page is divided in three parts: the first one is actually about the network segregation itself, as shown in the below picture.:

Subtitle
Prefixfigure
SubtitleTextApplication Matrix
AnchorNameapplication_matrix

...

  • SQL/3306 - DataBase: that's the remote access to the DBE DBMS (Data Base EngineManagement System), useful for exporting views and access data used by the appliance
  • HTTPS - Management Console: here you have the very same web administrative console you are actually using
  • SSH - Secure Shell: the well known secure text console for remote administration. This is useful for extraordinary management tasks.
  • SIP/TLS: VoIP service (signaling part) over TLS connection. Long story short: Secure VoIPsignaling protocol, protected by TLS connection, for secure calls.
  • SIP/UDP: dsfafas part of the VoIP service used to connect the PrivateServer appliance to another PBXVoIP signaling protocol, without protection, useful to connect company and/or legacy PBX that do not support secure calls.
  • TCP/5666: by activating this service it becomes possible to reach the Nagios monitoring service on the appliance.
  • HTTPS/SmartPhone Web Service: Services provided by the PrivateServer in order to make the PrivateGSM clients work fine:

Please note that the configuration shown in 

Xref
AnchorNameapplication_matrix
 represents a likely production one as suggested in (TO BE ADDED THE SUGGESTED CONFIUGURATION PAGE)in PSAM 2.9 Suggested network configuration

Info

The NICs on the appliance are automatically detected by PrivateServer and listed here.

...

Warning

The NIC are shown as applicable even if they are not configured, so please check your Network configuration before assigning or deverting a service from a NIC.

2.2.2 TLS Certificates

The second part is about certificate assign. When you divide your services amongst the NIC you are using them on different IPs as well. This implies you might choose different certificates each one related to each IP of the NIC your service is bound to. 

...

After you're done, just press the "Update" button.

2.2.3 Provisioning

The third part is about configuring the hostnames that are going to be used for provisioning service.

...

The HTTPS - Smartphone Web Services URI is the base URL for downloading both the PrivateGSM application and its configuration. This can be perceived as tricky but here's how it works. When we send an Automatic Activation SMS (AGGIUNGI IL RIFERIMENTO) what cfr PSAM 2.7 Automatic Activation) what we really send is the URI for the configuration resource. This resource is MIME formatted so that the Mobile OS knows it needs PrivateGSM in order to manage it. Thus when the customer clicks on the URI in the SMS, the operating system opens the browser, contacts via HTTPS the server hostname we specified here and ultimately asks for the configuration resource. Then (via the MIME configuration) it asks PrivateGSM to handle it. Once you understood this mechanism it should be pretty straightforward what this field is about: it's the protocol://hostname part of the link that would be sent for any automatic activation.

...