Versions Compared

Old Version 2

changes.mady.by.user Luca Guerrieri

Saved on

compared with

New Version Current

changes.mady.by.user Luca Guerrieri

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Once you have almost one group you can fulfill it with SIP Accounts. In the Group List (PSOM 1.0 Groups) click on the Accounts icon on the right of each group's row. 

...

Send Activation Sms is good for sending via Text message a link meant to be used to download and thus install the

Brand
brandclient
application. More about the Automatic Activation and about the Provisioning can be read in paragraph 1.1.4 Automatic Activation.

Info

The customer's platform is automatically detected.

...

You have three way for create new users:

...

:

...

  1. the wizard way: automatic activation
  2. the plain way: manual configuration
  3. the batch way

Each one is going to be detailed in the next paragraphs.

1.1.1.1 Create a new account, the

...

wizard way (

...

automatic activation)

The "plain wizard way" is a completely manual creation of the account. In this way you control any feature of the account, but you also need to configure the user's client manually. This way is the opposite of the automatic activation.

...

the new method for creating accounts. It's made for easing the load on the service manager's shoulder, letting him/her focusing on the service configuration without having to bother about the installation and configuration of the client.

In the Account List page (

Xref
AnchorNamesip users table
) you can see an empty list of accounts. To create a new Sip User you have to click on the New AccountAccount (Activation Wizard) button in the top of the page.

You can create both PGSM (

Brand
brandclient
) or SNOM accounts and they do differ a while.

1.1.1.1.1 PGSM

Subtitle
Prefixfigure
SubtitleTextSip Account creation form
AnchorNameaccount creation form

Image Removed

The Create Account page will show a form with many fields. Mandatory ones are:

  • Username

  • Password/Repeat Password

  • Virtual Phone Number

  • Account Type

  • Security Model

  • Obfuscation Mode

  • Obfuscation Key

  • Keep-alive Enabled

Username/Password

Username field is automatically generated as a random numeric value and you are not required to change it. Type in a password and repeat it in the proper fields.

Warning

If you manually edit Username field, keep in mind that it MUST be unique, as Virtual Phone Number!

Virtual Phone Number

...

Subtitle
Prefixfigure
SubtitleTextnew account by wizard
AnchorNamenew account by wizard

Image Added

 

You'll see the "Edit Account page" with a precompiled, non-editable username  as in 

Xref
AnchorNamenew account by wizard
.

Please set a Virtual Phone Number and choose a Provisioning Profile.

Warning

If you do not insert the international prefix before the real phone number then you cannot use the automatic activation features

If not differently configured, the default values for the Obfuscation are fine. The other fields are optional.

Note

In this mode the password is automatically chosen by the system and it's not editable

Compile all necessary fields of the new account, select a Provisioning Profile and click on "Create". Now jump to 1.1.4 Automatic Activation for activate the user.

Warning

In the "wizard way" the user's account are DISABLED until the automatic activation is performed!

1.1.1.2 Create a new account, the plain way (manual configuration)

The "plain way" is a completely manual creation of the account. In this way you control any feature of the account, but you also need to configure the user's client manually. This way is the opposite of the automatic activation.

Warning

This is the way for creating valid accounts for the SNOM devices.

In the Account List page (

Xref
AnchorNamesip users table
) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account button in the top of the page.

You can create both PGSM (

Brand
brandclient
) or SNOM accounts .

Warning

Mobile phone numbers must be formatted with international prefix and + sign, before the real phone number, eg: +391234567890. If you do not use international format, it will not be possible to use automatic activation features.

Automatic Activation is not meant for SNOM devices. You need a

Brand
brandclient
client in order to process the URL and the configuration itself. Plus without a phone that can receive an SMS, it wouldn't be delivered at all.

Note

It's still possible to perform an Automatic Activation or to send the installation URL on iPads or devices without phone features using the Provisioning Messages.

Account Type

  • To configure a

    Brand
    brandclient
    account select "PGSM" by the drop down menu in "Account Type".

  • To configure a SNOM account select "SNOM" by the drop down menu in "Account Type".

 

Obfuscation Mode

The Obfuscation mode is a simple but quite efficient trick to let the VoIP pass without being recognized by network equipment intended to block or censor VoIP traffic.

It's not known to be a perfect mask and it aims not to be one, still it works fine up to now and our suggestion is to keep it enabled as by default,

Obfuscation Key

The key used by the obfuscator can be an arbitrary one, still "9" is the default value. It doesn't matter which number you put in here as long as it is the very same one you set up on the client side.

Warning

If the Obfuscation Key value is not the same on both client's account and server's one, then the call won't be placed properly and it might end suddenly voiceless.

Xrefanchor
AnchorNamePSOM_keep_alive
Keep-alive Enabled

In order to receive secure phone calls,

Brand
brandclient
client must set up an always-on connection to
Brand
brandserver
. Each client sends a "keep alive" request to the server it is connected to, in order to keep up the socket. This is necessary as the TCP socket has an idle timeout after which the socket is closed. Some aggressive network equipment can shorten the standard timeout, less than 10 minutes. This behavior is particularly critical with IOS devices. 

In order to avoid the socket break caused by such aggressive network equipment, you can enable a server side "keep alive" request. In this way you can be sure that the socket and thus the connection would remain up and stable under every circumstances.

Note

The downside of this option is that there will be some more traffic on the socket (each passage of the request is 1.8 KiloByte, thus you can count almost 3.6 KB of traffic)

Warning
titleBattery life warning

This option can afflict the battery life since more traffic means more radio transmission and on same devices the radio wouldn't have a proper timeout for going idle. 

The actual default value for the keep-alive interval is 60 seconds. You can configure the general keep-alive timeout in the NAT configuration form. Please read PSAM 2.4 Asterisk advanced configurations to get informations about it.

Warning
titleolder clients issue

All the

Brand
brandclient
clients prior to the 11.1 version cannot respond to the keep-alive request and thus if such option was enabled for their users, then those users won't ever be on-line and reachable.

Virtual Phone Number (secondary)

This field is optional and rarely used, still it can prove itself quite useful if you need the account to be reachable by two different phone numbers on the same device. The secondary virtual number can't substitute the primary one, meaning that this field alone won't be accepted as a valid phone number. You still need to configure the primary phone number if you intend to make use of the secondary one.

Info

Some example for using the secondary phone number are this scenarios:

  1. User changes his own mobile phone number. Using secondary number it is possible to configure the NEW number as primary and the OLD number as secondary. The user will be able to receive secure calls dialed both on his NEW and OLD number.
  2. User install
    Brand
    brandclient
    client on his business phone, but his colleagues could call him both using business and private phone numbers.     Using secondary number it is possible to configure the BUSINESS number as primary and the PRIVATE number as secondary. The user will be able to receive secure calls dialed both on his BUSINESS and PRIVATE number. More often that you could expect, users initiate secure calls using the wrong number, complaining about "it does not work".

1.1.1.1.2 SNOM

In the Account List page (

Xref
AnchorNamesip users table
) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account button in the top of the page.

Subtitle
Prefixfigure
SubtitleTextSip SNOM Account creation form
AnchorNameaccount creation form SNOM

Image Removed

There are some few but still important differences between the 

Xref
AnchorNameaccount creation form SNOM
 and the 
Xref
AnchorNameaccount creation form
: security model, obfuscation Mode and Obfuscation Key fields are gone and instead you can read Deny and Permit. Due to the type of hardware underlying the SNOM account, we do assume that the hardware would be wired connected on a desktop. Also no obfuscation is possible because the device doesn't allow it. Instead the wired channel can provide us an easy to go access list, based on the LAN IP addresses. We can create both one White-List and one Black-List in order to bind the user's access to one specific device which can be identified by the LAN IP address. The different option shown are:

  • Deny
  • Permit 
Deny

Deny represent the blacklist based on the IP address and the net mask we want to deny when associated to the current user. You have to write this in the form: <ipaddress>/<network mask>

Examples:
  • 192.168.0.38/255.255.255.255 : Denies traffic from this IP address
  • 0.0.0.0/0.0.0.0 : Denies every address
Permit

Permit is the exact opposite of the Deny option. It represent the whitelist based on the IP address and the net mask we want to have access. You have to write this in the form: <ipaddress>/<network mask>

Example:
  • 192.168.0.38/255.255.255.0 : Allows traffic from this Network
Tip
titleEXAMPLE

You may have multiple rules for masking traffic. Combining together the Deny and the Permit option let you have a fine grain rule of access for any single user's account.

Please keep in mind that the access rules are processed from the first to the last, meaning that the Deny will be used first and then will be analysed the Permit one.

So:

  Deny: 0.0.0.0/0.0.0.0

  Permit: 216.27.242.66/255.255.255.255

 Deny every address except for the only one allowed.

1.1.1.1.3 Actually create the Account

After you filled in the form (either the PGSM or the SNOM one), please click on the Create icon at the page's bottom. 

Subtitle
Prefixfigure
SubtitleTextnew SIP account
AnchorNamenew sip account

Image Removed

Tip

An information line advice the operation just performed. 

You'll get back the Account List page and the table shows now your new user (

Xref
AnchorNamenew sip account
).

Note

Using this way makes the account enabled by default.

To use the automatic activation even in the plain way go reading the 1.1.4 Automatic Activation.

1.1.1.2 Create a new account, the wizard way (automatic activation)

The "wizard way" is the new method for creating accounts. It's made for easing the load on the service manager's shoulder, letting him/her focusing on the service configuration without having to bother about the installation and configuration of the client.

In the Account List page (

Xref
AnchorNamesip users table
) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account (Activation Wizard) button in the top of the page.and they do differ a while.

1.1.1.2.1 PGSM

Subtitle
Prefixfigure
SubtitleTextSip Account creation form
AnchorNameaccount creation form

Image Added

The Create Account page will show a form with many fields. Mandatory ones are:

  • Username

  • Password/Repeat Password

  • Virtual Phone Number

  • Account Type

  • Security Model

  • Obfuscation Mode

  • Obfuscation Key

  • Keep-alive Enabled

Username/Password

Username field is automatically generated as a random numeric value and you are not required to change it. Type in a password and repeat it in the proper fields.

Warning

If you manually edit Username field, keep in mind that it MUST be unique, as Virtual Phone Number!

Virtual Phone Number

Set a Virtual Phone number as a numeric value of your choice. Please consider that the Virtual Phone Number is the number to be dialed to call the Account (and also the number shown as the caller, when the Account dials a call). We suggest a three character number such as "111" or "123" for SNOM devices and actual mobile phone number for

Brand
brandclient
accounts.

Warning

Mobile phone numbers must be formatted with international prefix and + sign, before the real phone number, eg: +391234567890. If you do not use international format, it will not be possible to use automatic activation features.

Automatic Activation is not meant for SNOM devices. You need a

Brand
brandclient
client in order to process the URL and the configuration itself. Plus without a phone that can receive an SMS, it wouldn't be delivered at all.

Note

It's still possible to perform an Automatic Activation or to send the installation URL on iPads or devices without phone features using the Provisioning Messages.

Account Type

  • To configure a

    Brand
    brandclient
    account select "PGSM" by the drop down menu in "Account Type".

  • To configure a SNOM account select "SNOM" by the drop down menu in "Account Type".

 

Obfuscation Mode

The Obfuscation mode is a simple but quite efficient trick to let the VoIP pass without being recognized by network equipment intended to block or censor VoIP traffic.

It's not known to be a perfect mask and it aims not to be one, still it works fine up to now and our suggestion is to keep it enabled as by default,

Obfuscation Key

The key used by the obfuscator can be an arbitrary one, still "9" is the default value. It doesn't matter which number you put in here as long as it is the very same one you set up on the client side.

Warning

If the Obfuscation Key value is not the same on both client's account and server's one, then the call won't be placed properly and it might end suddenly voiceless.

Xrefanchor
AnchorNamePSOM_keep_alive
Keep-alive Enabled

In order to receive secure phone calls,

Brand
brandclient
client must set up an always-on connection to
Brand
brandserver
. Each client sends a "keep alive" request to the server it is connected to, in order to keep up the socket. This is necessary as the TCP socket has an idle timeout after which the socket is closed. Some aggressive network equipment can shorten the standard timeout, less than 10 minutes. This behavior is particularly critical with IOS devices. 

In order to avoid the socket break caused by such aggressive network equipment, you can enable a server side "keep alive" request. In this way you can be sure that the socket and thus the connection would remain up and stable under every circumstances.

Note

The downside of this option is that there will be some more traffic on the socket (each passage of the request is 1.8 KiloByte, thus you can count almost 3.6 KB of traffic)

Warning
titleBattery life warning

This option can afflict the battery life since more traffic means more radio transmission and on same devices the radio wouldn't have a proper timeout for going idle. 

The actual default value for the keep-alive interval is 60 seconds. You can configure the general keep-alive timeout in the NAT configuration form. Please read PSAM 2.4 Asterisk advanced configurations to get informations about it.

Warning
titleolder clients issue

All the

Brand
brandclient
clients prior to the 11.1 version cannot respond to the keep-alive request and thus if such option was enabled for their users, then those users won't ever be on-line and reachable.

Virtual Phone Number (secondary)

This field is optional and rarely used, still it can prove itself quite useful if you need the account to be reachable by two different phone numbers on the same device. The secondary virtual number can't substitute the primary one, meaning that this field alone won't be accepted as a valid phone number. You still need to configure the primary phone number if you intend to make use of the secondary one.

Info

Some example for using the secondary phone number are this scenarios:

  1. User changes his own mobile phone number. Using secondary number it is possible to configure the NEW number as primary and the OLD number as secondary. The user will be able to receive secure calls dialed both on his NEW and OLD number.
  2. User install
    Brand
    brandclient
    client on his business phone, but his colleagues could call him both using business and private phone numbers.     Using secondary number it is possible to configure the BUSINESS number as primary and the PRIVATE number as secondary. The user will be able to receive secure calls dialed both on his BUSINESS and PRIVATE number. More often that you could expect, users initiate secure calls using the wrong number, complaining about "it does not work".

1.1.1.2.2 SNOM

In the Account List page (

Xref
AnchorNamesip users table
) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account button in the top of the page.

Subtitle
Prefixfigure
SubtitleTextSip SNOM Account creation form
AnchorNameaccount creation form SNOM

Image Added

There are some few but still important differences between the 

Xref
AnchorNameaccount creation form SNOM
 and the 
Xref
AnchorNameaccount creation form
: security model, obfuscation Mode and Obfuscation Key fields are gone and instead you can read Deny and Permit. Due to the type of hardware underlying the SNOM account, we do assume that the hardware would be wired connected on a desktop. Also no obfuscation is possible because the device doesn't allow it. Instead the wired channel can provide us an easy to go access list, based on the LAN IP addresses. We can create both one White-List and one Black-List in order to bind the user's access to one specific device which can be identified by the LAN IP address. The different option shown are:

  • Deny
  • Permit 
Deny

Deny represent the blacklist based on the IP address and the net mask we want to deny when associated to the current user. You have to write this in the form: <ipaddress>/<network mask>

Examples:
  • 192.168.0.38/255.255.255.255 : Denies traffic from this IP address
  • 0.0.0.0/0.0.0.0 : Denies every address
Permit

Permit is the exact opposite of the Deny option. It represent the whitelist based on the IP address and the net mask we want to have access. You have to write this in the form: <ipaddress>/<network mask>

Example:
  • 192.168.0.38/255.255.255.0 : Allows traffic from this Network
Tip
titleEXAMPLE

You may have multiple rules for masking traffic. Combining together the Deny and the Permit option let you have a fine grain rule of access for any single user's account.

Please keep in mind that the access rules are processed from the first to the last, meaning that the Deny will be used first and then will be analysed the Permit one.

So:

  Deny: 0.0.0.0/0.0.0.0

  Permit: 216.27.242.66/255.255.255.255

 Deny every address except for the only one allowed.

1.1.1.2.3 Actually create the Account

After you filled in the form (either the PGSM or the SNOM one), please click on the Create icon at the page's bottom. 

Subtitle
Prefixfigure
SubtitleTextnew SIP account by wizard
AnchorNamenew account by wizard

Image Removed

sip account

Image Added

Tip

An information line advice the operation just performed. 

You'll see the "Edit Account page" with a precompiled, non-editable username  as in get back the Account List page and the table shows now your new user (

Xref
AnchorNamenew account by wizard
.

Please set a Virtual Phone Number and choose a Provisioning Profile.

Warning

If you do not insert the international prefix before the real phone number then you cannot use the automatic activation features

If not differently configured, the default values for the Obfuscation are fine. The other fields are optional.

Note

In this mode the password is automatically chosen by the system and it's not editable

Compile all necessary fields of the new account, select a Provisioning Profile and click on "Create". Now jump to paragraph 1.1.4 for activate the user.

Warning

In the "wizard way" the user's account are DISABLED until the automatic activation is performed!

sip account
).

Note

Using this way makes the account enabled by default.

To use the automatic activation even in the plain way go reading the 1.1.4 Automatic Activation.

1.1.1.3 Create a new account, the batch way

The "batch way" is an account creation mode designed specifically for large number of users to be created quickly.

...

Subtitle
Prefixfigure
SubtitleTextaccount configuration
AnchorNameshow_account_configuration

Image RemovedImage Added

From this summary of the account's configurations you can manage the account itself. It's possible to Send Activation Sms, action which we explore deeper in paragraph 1.1.4, as well as to Disable account. Disable action inhibits the user to call or to be called and a specific Audio Message is issued by the

Brand
brandserver
to inform the user, the last action Revoke all Keys, this will revoke tls Keypair which is used to send and receive End-to-End Secure Messages, the only way to upload a new tls Keypair from client side are re-provision device by sending a new activation link, enabling/disabling PIN or when duress code is used.

...

Subtitle
Prefixfigure
SubtitleTextform for changing account's parameters
AnchorNameedit_account_form

Image RemovedImage Added

In the form that would be presented to you (shown in

Xref
AnchorNameedit_account_form
) it's possible to change any value you need to. Once you're done, click on the Update button at the bottom of the form to save the changes. Only Virtual Phone Numbers (primary and secondary) are not editable. In order to change them it is necessary to delete and re-create the account.

...

Anchor
automatic_activation
automatic_activation
1.1.4 Automatic Activation of the Account

 After After you created your new account(s) you have to configure the customer's client application

Brand
brandclient
. In the wizard way it's MANDATORY to use the automatic activation in order to enable the account. In the plain way it's optional, though useful.

The Automatic Activation is quite useful in two occasions:

...

To be able to send text messages with the Automatic Activation you first need to get the Account list (

Xref
AnchorNamesip users table
) or the Account's configuration details (
Xref
AnchorNameshow_account_configuration
). From both views it's possible to press the Send Activation Sms which would send automatically the URL of the configuration file via Text Message.

...

.

Confirm as in the above picture and the

Brand
brandserver
advices the operation has been completed:

Subtitle
Prefixfigure
SubtitleTextinstallation sms sent
AnchorNameinstallation sms sent

Image Removed

Warning

The SMSs are sent to the account's Virtual Phone Number, so please check it exist as an actual mobile phone number before using the Automatic Activation

Getting back to the account list you can read the exact status and the time of its change:

Subtitle
Prefixfigure
SubtitleTextaccount statusinstallation sms sent
AnchorNameaccount status

Image Removed

So what's happened is that the status has changed from "Created" to "Installation SMS sent" and the "Last Status date" has been updated to the time the SMS has been sent to the customer.

Note

The Automatic Activation and the Provisioning Profiles must be set up to have this procedure to work.

After the customer has downloaded and installed the application, the "Last status" changes to "Installed" but the "Enabled" is still "False". "Last Status date" is updated as well.

Next step is to send the "Activation SMS" in order to enable the user to place and receive calls.

Just click on the related link at the end of the customer's row in the Account list table. As for the "Installation SMS" you are requested to confirm the action (refer to 

Xref
AnchorNameconfirm sms
).

Note the change in the "Last Status" and in the "Last Status date": the former is now "Activation SMS sent", the latter is updated to the new time the action was performed. 

...

installation sms sent

Image Added

Warning

The SMSs are sent to the account's Virtual Phone Number, so please check it exist as an actual mobile phone number before using the Automatic Activation

Getting back to the account list you can read the exact status and the time of its change:

Subtitle
Prefixfigure
SubtitleTextaccount status
AnchorNameaccount status

Image Added

So what's happened is that the status has changed from "Created" to "Installation SMS sent" and "Activation SMS sent" and the "Last Status date" has been updated to the time the SMS has been sent to the customer.

Note

The Automatic Activation and the Provisioning Profiles must be set up to have this procedure to work.

After the customer has downloaded and installed the application, the "Last status" changes to "Installed" but the "Enabled" is still "False". "Last Status date" is updated as well.

After the customer has clicked on the "Activate" link in mobile web page he has opened you can know for sure that the user has configured his/her

Brand
brandclient
application because after the action has been performed the account's "Last Status" becomes "Activated" and the "Last Status date" is updated as in the former cases.

Now the "Enabled" fields is changed to "true" meaning that the customer is ready to go.

...

Tip

You can check if the customer is connected using the "Registered AccountClients" menu.

Anchor
account_disable
account_disable
1.1.5 Disabling/Enabling an Account

...

Subtitle
Prefixfigure
SubtitleTextaccount disabled
AnchorNameaccount_disabled

Image RemovedImage Added

Just press it and it will change as in 

Xref
AnchorNameaccount_disabled
. In order to enable the Account again you just have to press the Enable account and check the link and the related icon are changed again to the default.

...