Versions Compared

Old Version 34

changes.mady.by.user user-0f753

Saved on

compared with

New Version Current

changes.mady.by.user user-0f753

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

You have three way for create new users:

  1. the plain way: manual creation configuration 
  2. the wizard way: automatic activation
  3. the batch way: massive creation 

Each one is going to be detailed in the next paragraphs.

1.1.1.1 Create a new account, the plain way (manual configuration)

The "plain way" is a completely manual creation of the account. In this way you control any feature of the account, but you also need to configure the user's client manually. This way is the opposite of the automatic activation.

Warning

This is the only way for creating valid accounts for the SNOM platformdevices.

In the Account List page (

Xref
AnchorNamesip users table
) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account button in the top of the page.

...

  • Username

  • Password/Repeat Password

  • Virtual Phone Number

  • Account Type

  • Security Model

  • Obfuscation Mode

  • Obfuscation Key

  • Keep-alive Enabled

Username/Password

Fill the Username with a numeric value as suggested by the default value into the fieldUsername field is automatically generated as a random numeric value and you are not required to change it. Type in a password and repeat it in the proper fields.

Warning

If you manually edit Username field, keep in mind that it MUST be unique, as Virtual Phone Number!

Virtual Phone Number

Set a Virtual Phone number as a numeric value of your choice. Please consider that the Virtual Phone Number is the number to be dialed to call the Account (and also the number shown as the caller, when the Account places dials a call). We suggest a three character number such as "111" or "123" for testing purpose. For production please insert the real phone numberSNOM devices and actual mobile phone number for PrivateGSM accounts.

Warning

If you do not insert the international prefix Mobile phone numbers must be formatted with international prefix and + sign, before the real phone number then you cannot use the , eg: +391234567890. If you do not use international format, it will not be possible to use automatic activation features.

Automatic Activation is not meant for SNOM devices or iPad. You need a PrivateGSM client in order to process the URL and the configuration itself. Plus without a phone that can receive a Text Messagean SMS, it wouldn't be delivered at all.

Note

It's still possible to perform an Automatic Activation or to send the installation URL on iPads or devices without phone features using the Provisioning Messages.

Account Type

  • To configure a PrivateGSM account select "PGSM" by the drop down menu in "Account Type".

  • To configure a SNOM account select "SNOM" by the drop down menu in "Account Type".

...

  • To configure a PrivateGSM Enterprise account the security model must be "SDES" in the "Security Model".

  • To configure a PrivateGSM Professional account the security model must be "ZRTP".

  • To configure a Snom account the security model must be "SDES".

...

The Obfuscation mode is a simple but quite efficient trick to let the VoIP pass without being recognised by router that could perform Quality of Service degrading the callrecognized by network equipment intended to block or censor VoIP traffic.

It's not known to be a perfect mask and it aims not to be one, still it works fine until up to now and our suggestion is to keep it enabled as by default,

...

Xrefanchor
AnchorNamePSOM_keep_alive
Keep-alive Enabled
Info
titleNEW FEATURE

Since the present version you can enable a server side check on the user's reachability!

To be reachable the In order to receive secure phone calls, PrivateGSM client must set up a stable socket to the serveran always-on connection to PrivateServer. Each client sends a "keep alive" request to the server it 's is connected to, in order to keep up the socket. This is necessary as the TCP socket has an idle timeout after which the socket is closed. Some aggressive network devices equipment can short shorten the standard timeout under 10 minutes, making impossible for the client to send the "keep alive" request because it would always be late (the client sends its request every 10 minutes or so), less than 10 minutes. This behavior is particularly critical with IOS devices

In order to avoid the socket break caused by such aggressive network devicesequipment, you can set up enable a server side "keep alive" request that is going to be performed every 3 minutes. In this way you can be sure that the socket and thus the connection would remain up and stable under every circumstances.

Note

The downside of this option is that there will be some more traffic on the socket (each passage of the request is 1.8 KiloByte, thus you can count almost 3.6 KB of traffic every 3 minutes)

Warning
titleBattery life warning

This option can afflict the battery life since more traffic means more radio transmission and on same devices the radio wouldn't have a proper timeout for going idle. 

...

Virtual Phone Number (secondary)

This field is not mandatoryoptional and rarely used, still it can prove itself quite useful if you need the account to be reachable by two different phone numbers on two different devicesthe same device. The secondary virtual number can't substitute the primary one, meaning that this field alone won't be accepted as a valid phone number. You still need to configure the primary phone number if you intend to make use of the secondary one.

Info

An Some example for using the secondary phone number can be to configure a SNOM device as a stable secure voice terminal and a PrivateGSM as a mobile one. Both the devices belongs to the same user and you have not to double the accounts used in order to accomplish such configuration.

...

are this scenarios:

  1. User changes his own mobile phone number. Using secondary number it is possible to configure the NEW number as primary and the OLD number as secondary. The user will be able to receive secure calls dialed both on his NEW and OLD number.
  2. User install PrivateGSM client on his business phone, but his colleagues could call him both using business and private phone numbers. Using secondary number it is possible to configure the BUSINESS number as primary and the PRIVATE number as secondary. The user will be able to receive secure calls dialed both on his BUSINESS and PRIVATE number. More often that you could expect, users initiate secure calls using the wrong number, complaining about "it does not work".

1.1.1.1.2 SNOM

In the Account List page (

Xref
AnchorNamesip users table
) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account button in the top of the page.

...

To use the automatic activation even in the plain way go reading the 1.1.4 Automatic Activation.

1.1.1.2 Create a new account, the wizard way (automatic activation)

The "wizard way" is the new method for creating accounts. It's made for easing the load on the service manager's shoulder, letting him/her focusing on the service configuration without having to bother about the installation and configuration of the client.

...

Prepare a .csv file with some account. The file must be formatted as the example below., keeping header names in the first row

Code Block
languagenone
titlebatch users csv
fullName,gsmNumber,email,securityModel,description Alessandro Bergamaschi,+391234567890,alessandro.bergamaschi@privatewave.com,end-to-site,Personal account Luigi Rossi,+3932456753,luigi.rossi@privatewave.com,end-to-site,Personal account Marco Bianchi,+39432242342,mbianchi@gmail.com,end-to-site,Personal account Mario Colombo,+394325346546,colombo.mario@privatewave.com,end-to-site,Personal account

...

Select the default provisioning profile and a group for the newly account created. Upload the file and click create: you'll be leaded to the Group list page.
Once you've done you can choose whether to manually activate the user or to lean on the automatic activation.
 
 Anchor
account_details
account_details
1.1.1.4 Account's details
...
Three tabs are shown in the Account's details window:
  • State
  • History
  • Configuration
State is the default view you get and shows if the Account is connected and his licence status.
 Subtitle
Prefixfigure
SubtitleTextState of the account show he's off-line
AnchorNameshow_account_off_line
History shows any relevant information about the account.
 Subtitle
Prefixfigure
SubtitleTextShow account. History tab
AnchorNameshow_account_history
...
In order to delete the account you have to access at the account details as described in 
 Xref
AnchorNameaccount_details
in paragraph 1.1.1.4. You have to get the Configuration details as in 
 Xref
AnchorNameshow_account_configuration
. At the bottom of the details window you can see a Delete button that's what you're looking for. 
 
 Subtitle
Prefixfigure
SubtitleTextconfirm deletion
AnchorNameconfirm_deletion
Image Added
Press it and confirm the deletion in the next warning pop up window ( 
 Xref
AnchorNameconfirm_sms
)
 Subtitle
Prefixfigure
SubtitleTextThe Account has been deleted
AnchorNameaccount deleted
...
 After you created your new account(s) you have to configure the customer's client application PrivateGSM. In the wizard way it's MANDATORY to use the automatic activation in order to enable the account. In the plain way it's optional, though useful.
When you have The Automatic Activation is quite useful in two occasions:
  1. after you just finished creating 
...
  1. an user
  2. whenever you need a quick account's reconfiguration without involving too much the user
To be able to send text messages with the Automatic Activation you first need to get the Account list (
 Xref
AnchorName
new 
sip 
 account
users table
) or picking up the account from the account list ( see the Account's configuration details (
 Xref
AnchorNameshow_account
 updated
_configuration
) you can send to the customer both a download SMS and a configuration SMS so that he/she would proceed with the installation of the client without any other human help. . From both views it's possible to press the Send Activation Sms which would send automatically the URL of the configuration file via Text Message.
 Info
Click on the "Send installation SMS" to send the link for downloading the application
...
subtitle
Prefixfigure
SubtitleTextconfirm sms
AnchorNameconfirm sms
Image Removed
Confirm as in the above picture and the PrivateServer advices the operation has been completed:
 Subtitle
Prefixfigure
SubtitleTextinstallation sms sent
AnchorNameinstallation sms sent
 Warning
The SMSes SMSs are sent to the account's Virtual Phone Number, so please check it exist as an actual mobile phone number before using the Automatic Activation
...
 Anchor
account_disable
account_disable
1.1.5 Disabling/Enabling an Account
You can search search a group's acc
1.1.6 Searching an Account
You can search search a group's accounts with the search box on the menu bar of the Account list page.If you need to temporary block any account in both directions so that he cannot place or receive calls, then you can just disable him. When a disabled account tries to perform secure voice actions a proper audio message is played warning about the account' status.
Any account is enabled by default.
In order to disable an account you need first to reach the form shown in 
 Xref
AnchorNameshow_account_configuration
. On the top of the form you can read the Disable account link. 
 Subtitle
Prefixfigure
SubtitleTextThe searching interfaceaccount disabled
AnchorNamesearching account
Image Removed
 
The search covers the following fields of accounts:
  • Owner
  • Username
  • Caller id
  • E-mail
  • Description
...
_disabled
Image Added
Just press it and it will change as in 
 Xref
AnchorNameaccount_disabled
. In order to enable the Account again you just have to press the Enable account and check the link and the related icon are changed again to the default.
1.1.6 Searching an Account
You can search search a group's accounts with the search box on the menu bar of the Account list page.
 Subtitle
Prefixfigure
SubtitleTextThe searching interface
AnchorNamesearching account
Image Added
 
The search covers the following fields of accounts:
  • Owner
  • Username
  • Caller id
  • E-mail
  • Description
The search string is interpreted as a list of words, separated by spaces. All words in the search string must match. Words must match exactly, unless they contain wildcards:
...
 Info
The search engine is based on Apache Lucene; see "Query Parser Syntax" for a detailed description of the full syntax of search queries. The field names that can be used in search queries are owner, username, callerid, email and description.
 Anchor
licencing
licencing
 1.1.7 Licensing
The communication model of the licence can change quite a bit based on how user activated his account. Manual account creation leads the licence client on PrivateGSM to communicate directly with PrivateWave's licence server. Automatic Activated clients would communicated with their own PrivateServer, which plays the role of a proxy to PrivateWave's licence server. In the latter case, the current licence is cached on PrivateServer and visible in account details.
 Info
titleexample given
Let's say we have a PrivateServer named test1.privatewave.com. This PrivateServer sent an Automatic Activation text message to the client PGSM_A. PGSM_A would ask to test1.privatewave.com for its licence validation.
If it was a manual configured account, then it would ask its licence validation to the main licence server.
Since the licence validation is an important component of the secure call, it's important that this difference in the behaviour of the client is fully understood by the Operator Manager. For instance if the Services weren't configured to let the HTTPS/SmartPhone Web Service be reachable on the public NIC, then the licence clients of any Automatically Activated PrivateGSMs would never be able to validate their own licences and thus the client would be stuck until its licence status would be cleared somehow.

 Navbar