You can decide how to distribute the services of PrivateServer using the "network segregation". You can access the configuration page via Services link in the main menu.

2.1 Services

The page is divided in three parts: the first one is actually about the network segregation itself, as shown in the below picture.

Enterprise Voice Security Suite 3.4 > PSAM 2.2 Network Segregation > Interface_binding.png

shows a simple matrix made from services and NICs thus you can choose which service would be accessible on which interface and in this way profile your network design accordingly.

The Applications are the following:

SQL/3306 - DataBase: that's the remote access to the DBE (Data Base Engine), useful for exporting views and access data used by the appliance
HTTPS - Management Console: here you have the very same web administrative console you are actually using
SSH - Secure Shell: the well known text console for remote administration. This is useful for extraordinary management tasks.
SIP/TLS: VoIP service (signaling part) over TLS connection. Long story short: Secure VoIP.
SIP/UDP: dsfafas part of the VoIP service used to connect the PrivateServer appliance to another PBX
TCP/5666: by activating this service it becomes possible to reach the Nagios monitoring service on the appliance.
HTTPS/SmartPhone Web Service: Services provided by the PrivateServer in order to make the PrivateGSM clients work fine:
- Licence Cache
- Presence

Please note that the configuration shown in represents a likely production one as suggested in (TO BE ADDED THE SUGGESTED CONFIUGURATION PAGE)

The NICs on the appliance are automatically detected by PrivateServer and listed here.

After you're done, just press the "Update" button to apply your configuration.

The NIC are shown as applicable even if they are not configured, so please check your Network configuration before assigning or deverting a service from a NIC.

2.2 TLS Certificates

The second part is about certificate assign. When you divide your services amongst the NIC you are using them on different IPs as well. This implies you might choose different certificates each one related to each IP of the NIC your service is bound to.

Enterprise Voice Security Suite 3.4 > PSAM 2.2 Network Segregation > TLS_certificates.png

As shown in the above , two are the services that need a valid certificate in order to guarantee the proper security levels:

HTTPS - Management Console
SIP/TLS

In both cases the goal is to avoid MITM (Man In The Middle) attacks and to identify the server's identity without possible mistakes. In case number 1 the certificate identifies the server in order to Administration Web Interface. In case number 2 it works the same way for the Secure VoIP service.

So we need to install a proper certificate for the HTTPS interface's hostname and then we have to bind it to the HTTPS service to in order to have a "closed padlock" web connection without warnings or exception to be added by the user.

Quite the same behaviour stands for the SIP interface, although in this case the PrivateGSM is the client and it's not going to be connected to the SIP/TLS service unless a proper certificate is issued.

Please consider that the certificates are strictly bounded to the name they are released for, so you make sure you assigned via DNS the proper name to the IP where the service is published

You can load as many certificates as you need and then assign one of them to one of the two above services, as it suites you better.

After you're done, just press the "Update" button.

2.3 Provisioning

The third part is about configuring the hostnames that would be used for the provisioning.

Enterprise Voice Security Suite 3.4 > PSAM 2.2 Network Segregation > Provisioning.png

The Asterisk hostname is the name of the PBX which would be included into the provisioned configuration to be sent to the client.

The Provisioning full path is the base URL for downloading both the PrivateGSM application and its configuration. It will be used to fulfill the proper fields in the automatic activation.