RSS Atom

Free Real-Time Communications (RTC) Planet

March 21, 2023

• Digium Protecting Your Mission Critical Services When Your Internet Provider Has An Outage

  Late summer of 2022, there was a major multi-day internet outage that happened in Canada that affected many businesses, small and large. Let’s discuss what happened and some of the steps you can take to protect your business if something similar happens to you.

  In July of 2022, Canada’s Rogers Communications suffered a major internet outage. For those of you who haven’t heard of Rogers, it is a very large internet and wireless service provider, on the scale of ~ 20 billion US dollars and 26,000 employees. Rogers suffered an outage due to a packet storm on their network. It was caused by a software upgrade that accidentally removed all the traffic filters to the internet from their network. Without the filters, the Rogers network equipment became quickly overwhelmed and stopped functioning. Rogers serves about 30% of Canada’s internet capacity, so this was a big event and affected many people and businesses. It took about 2-3 days to fully restore services to all customers.

  So, as a business delivering services to your customers, what would you have done in this case, if your internet service provider was down for multiple days? Businesses who had invested in SD-WAN and redundant ISPs were generally okay. However, those without redundancy, or without an SD-WAN platform to prioritize internet service, they unfortunately suffered catastrophic downtime. Some of them even had to rely on manual processes to keep their business running. They would never have thought service from a large and reliable vendor like Rogers would come to a halt like this, so the investment didn’t seem needed. Businesses with backup internet access generally made it through, and the ones that had SD-WAN did not experience any degradation in service, at all. This is because SD-WAN prioritizes real-time traffic, by application. Even if your redundant internet connection is based on inexpensive broadband, SD-WAN will automatically prioritize your most important applications, so that things like voice and point-of-sale (POS) have the capacity they need, while other less critical applications are limited to what’s left over. This is a significant benefit of SD-WAN and something to consider if real-time traffic is important to your business, because without it, your typical failover setup means a loss in all active communications which would need to be re-established once the backup connection becomes active.

  SD-WAN has a couple of other key features as it relates to protection. For instance if your SD-WAN provider is a gateway or private middle mile service, your inbound traffic is also protected because inbound packets will be routed over the best available circuit. Also, if you’re using an SD-WAN provider with gateways or private middle miles, you’ll have built in DDoS protection. So SD-WAN provides a number of protections aside from just managing network resiliency.

  Here’s the interesting takeaway. Even if you had a resilient design, and you had sufficient internet, and you had SD-WAN in place, your vendors and business partners may not. With the Rogers outage, a major credit card transaction system was taken offline, leaving their point of sale customers without the ability to accept credit cards. Another example was cell phone service being disrupted as well. We can imagine that many businesses with critical vendors and applications experienced an impact even if they themselves continue to have strong internet service. It might be far-fetched to try and identify whether or not your key business partners have network redundancy and utilize SD-WAN, but identifying the key providers and confirming with them may actually be a new priority element in your business continuity plan.

  Beyond internet access, what other key services might be exposed to vendor interruption. Is voice critical to your business? Are you using Microsoft Teams for voice or collaboration? For example, what would happen if Microsoft had an issue or you had to quarantine Office 365 because of a cyber event?

  If you’re curious how to protect your environments and learn more about our maintenance-free SD-WAN service, get in touch with one of our Managed SD-WAN specialists.

  The post Protecting Your Mission Critical Services When Your Internet Provider Has An Outage appeared first on Sangoma Technologies.

March 17, 2023

• Enable Security OpenSIPS Security Audit Report is fully disclosed and out there
  It’s almost a year since the OpenSIPS project published a minimized version of our security audit report from 2022. Now, the full version has been published, with all the information intact on how to reproduce the vulnerabilities and extra details in an 80+ page report. The OpenSIPS security audit report can be found here. What is the OpenSIPS security audit? OpenSIPS is a SIP server that often has a critical security function within an IP communications system.

March 16, 2023

• Digium What You Need To Know About The Growing Complexities of Communications Taxes

  It’s definitely a great time to be a Managed Service Provider (MSP), Communication Service Provider (CSP), and Voice Service Provider (VSP), delivering managed communication services. Whether they be a seasoned provider or just starting out, the work-from-home movement has created a massive change in IT infrastructure, which means managed service providers have become very popular and are enticed to deliver more. For instance, the MSP market was valued at $242.9 billion in 2021 and is projected to reach 354.8 billion by 2026, registering a CAGR of 7.9%! This tremendous growth is pushing MSPs to continue to broaden and diversify their offerings. Still, there is a big surprise waiting for inexperienced or ill-informed providers: the increased set of communications tax complexity, obligations, and risk.

  Why are communications taxes more important than ever?

  MSPs, CSPs, and VSPs certainly understand that they are required to charge for and remit communications taxes. If you are reselling, charging, and invoicing for telecom services, such as data, voice, video, and messaging, then you’re in that camp. But what’s been happening, which has become more challenging, is that communications services have become the de facto method for delivering services from the cloud, but not only that, they’re being offered via programmable interfaces, or APIs. So now communication services are being embedded into SaaS platforms, essentially reselling data services. So the lines have become blurred, and knowing whether you need to pay communication taxes is a bit unknown. You need to ask yourself, “Is my business selling services that incorporate voice, video, or data?” If the answer is yes, then you’ll need to make sure you’re up to speed on tax compliance; otherwise, you’ll have some penalties to pay, aside from learning how to pay those taxes going forward.

  So, what are the complexities of communications taxes? And how do MSPs, CSPs, and VSPs know what taxes apply to their services and customers?

  Let’s start with general sales taxes, which apply at the federal, state, county, and city levels. Communication taxes fall under this umbrella too. From there, though, they can be very different, not just in terms of the rate and how it’s applied, but with communications taxes, there are instances of tax on tax in tearing of taxes. In many instances, the jurisdiction for communications taxes will be completely different from what you may have from a sales tax perspective. For instance, there are a lot of communication taxes that are based on school district zones, so even just establishing the jurisdiction that applies can be different. We now have a stacking of communication tax complexity over the existing complexity of sales tax. So, registering with the local jurisdiction, and collecting the tax, is one thing, but then it cascades since communications taxes have different compliance obligations. There are different registration obligations, different filing obligations, and also things like exemption management, where the forms that are needed to be filled out to be exempt from communications taxes are different from what is needed to be collected from a sales and use perspective.

  How many tax returns do you need to file as a service provider?

  This depends on two criteria: jurisdiction and types of services sold. These combined could mean filing 1,000s of compliance tax returns, especially if the provider is selling services nationwide. Voice itself is taxed heavily, as many different types of taxes are applied. Communication taxes are applied at the federal, state, and jurisdictional levels. E-911 is also similarly taxed.

  Recent Developments

  We talked a bit about the blurred lines around knowing if a business is required to pay communication taxes. On top of that, with the plethora of service providers out there, it would be unsustainably time-consuming for the government to find every business out there with communication services, find out if they are simply consuming or reselling them and dig from there. Businesses could easily fly under the radar from paying their taxes.

  The recent robocall mitigation regulations, including the STIR/SHAKEN mandate, has forced VSPs, CSPs, and MSPs to register their telecommunications business by applying for a Federal Registration Number (FRN). Now that their telecommunications business is registered with the FCC, comprehensive compliance is much more important for that business. This includes the rating, collection, and remittance of taxes, fees, and surcharges that are levied by the government in the various states, counties, and cities that they sell in, as well as at the federal level.

  Things to Consider as a Provider

  • Are there communications taxes on video conferencing and softclient calls? In general, concerning communications taxes, voice is the most comprehensively taxed. When it comes to soft clients, such as Slack, Skype, Zoom, and other collaboration tools, even peer-to-peer VoIP communication is taxed. It’s not as heavily taxed as services going through the PSTN, but VOIP to VOIP services are taxed at a lower rate.
  • How do communication taxes work when bundling products and services? This is something that is becoming prevalent as MSPs are bundling more and more services together within their offerings. This is especially true for MSP customers of Sangoma’s Wholesale Carrier Services, who pick and choose carrier service features to bundle and resell; more on that below. An MSP can bundle voice, SMS, fax, and soft clients and more, so figuring out the tax compliance for these individually sourced features is essential, as they are all taxed at different rates and dependent on the region.

  With all that there is to consider and the challenges there are to become well informed of tax compliance, it may be a good idea to pair up with experts in the field for consultation or, better yet, with a vendor having a tax engine, who can automate rating and calculations of services, based on local and service feature.

  How Sangoma’s Telecom Tax Module Can Help Providers

  As part of our wholesale carrier services hosted billing service, we have a built-in tax module that automates the calculation and collection of taxes and regulatory fees for our customers who resell our wholesale carrier services. For readers unfamiliar with our wholesale carrier services, read this blog post. What differentiates us is that we offer a complete set of wholesale VoIP services, from termination/origination, DIDs, SMS, E911, Fax, fraud detection/protection, and telecom compliance toolkits, wrapped around an intuitive portal, which includes our hosted billing platform and tax module.

  Our tax module is the “single pane of glass,” where our customers save a ton of time in tax rating and calculation for all their customers who may be dispersed nationwide using various services we resell. It consolidates taxes on all levels of government and service types. Also, as our customers expand across regions, the tax modules save them time from figuring out new tax compliance information for those areas as well.

  Tax compliance becomes more complex as products become more innovative and are offered in a less traditional fashion. For instance, voice services integrated within APIs were never something tax compliance was designed for. The natural progression is that innovation outpaces tax law but, with time, always catches up. A great example of this is with streaming services, such as Netflix or Amazon Prime, for example. When they came out on the market, communications tax compliance only applied to traditional TV services. So no taxes were applicable for a while, but communication taxes started working their way into these new innovation streaming services as time progressed.

  As an MSP, CSP, or VSP, it’s essential to understand the gray areas of communications tax compliance and be informed to avoid risks and possible penalties.

  Learn more about Sangoma’s Tax module, built into our hosted billing platform, and have your tax rating and calculations automated for you.

  The post What You Need To Know About The Growing Complexities of Communications Taxes appeared first on Sangoma Technologies.

March 14, 2023

• Digium Softclients are a Critical Component of a Unified Communications Solution

  When the day came that we all “had” to work from home, everyone learned how important a phone system client became (whether it was a mobile one, or a desktop one), because that was how we continued to talk to people and keep the business running– because our business phone number could be called, or we could call out on the business phone number – from these clients. And then the clients that integrated chat and video took center stage. Today, this is all part of a typical Unified Communication solution, including those from Sangoma.

  However, as we start to return to the office, will the importance of these clients diminish? I’ve definitely started to see articles about how especially the mobile client experience may not be the best.

  It seems unlikely that client importance will diminish. First, some form of hybrid work seems to be here to stay, as discussed in this article from Forbes. Employees will always be working remotely in some fashion, whether it is from home or from another location. Employees like it, and while there is some debate about it, it seems organization output is not impacted, though organization culture might be impacted. So, while everyone now needs to come back from the cool place they moved, they likely don’t have to go into the office every day.

  And second, just like always, technology will “solve” any problems. We saw it 20 years ago when VoIP first came on the scene. There were issues and they were overcome. And we’ll see it here as well. 5G is one technology that will certainly play a role in improving the mobile client experience.

  Getting back to the clients. So yes, they will remain even more important. And we’ll need to keep innovating them forward since they’ll remain an ever-critical part of a business communication system.

  The post Softclients are a Critical Component of a Unified Communications Solution appeared first on Sangoma Technologies.

March 09, 2023

• Digium Exploring SD-WAN – The Advanced Evolution of Business Networks

  In today’s world, it’s imperative to have access to information from any device, anytime and anywhere. However, this has led to the growth and complexity of the networks that connect everything, making them increasingly challenging to manage.

  LANs vs WANs: A Basic Overview

  The two main types of networks are Local Area Networks (LANs) and Wide Area Networks (WANs). LANs connect devices within a local office, while WANs connect offices across different locations globally. Without WANs, businesses would be restricted to communicating within their local offices, preventing them from accessing the broader online world, the internet.

  The Emergence of SD-WAN: Next-Gen Networking

  SD-WAN, the latest evolution of WAN technology, has recently emerged as a game-changing innovation. SD stands for “software-defined,” and while the concept is not new, it has become a focal point, particularly in infrastructure and networking. SD-WAN essentially leverages software to make IT smarter, faster, and more cost-effective. It is a revolutionary way to construct and manage long-distance networks, providing better bandwidth optimization and ensuring the delivery of real-time applications with improved user experiences.

  Why, How, and What Makes SD-WAN Better?

  Traditional WANs typically have a large number of routers that communicate with each other over extended distances. Within each router is a data plane and a control plane, with the data plane holding the information transmitted or received, and the control plane determining the route the data should take. However, someone needs to program the control plane with rules on how to handle network traffic on the data plane. This is typically done by entering a series of commands into each router’s command line interface, or CLI, by a network administrator. This can be a very manual, time consuming and error prone process. For example, let’s say there is a large business with 100 locations that needs to deploy a new application across all these locations. Let’s assume that each location has one router which needs 20 new commands to implement the correct configurations for the new application. With 100 locations, that’s 2000 (20 x 100) commands and if each command took 40 seconds of time that’s roughly 22 hours of work just to deploy a single application for the business. Also, the CLI can be error prone. Imagine a mistake was made on one of those commands and having to hunt down that error or troubleshoot the application. Staff and IT resources would be impacted and could potentially paralyze the business! To overcome this tedious process, network admins will try to automate this process using programming tools and scripts, however, these tools and procedures add more layers of complexity as well as even more CLI commands with more variables that could compound existing problems.

  With SD-WAN, this process is simplified, as the control plane is centralized, where changes can be grouped and managed simultaneously across the entire WAN, from a centralized management portal. Businesses can use specific rules to automate the process and distribute configurations instantly, eliminating the complexity and errors inherent in the old manual method.

  The Benefits of SD-WAN

  One of the most significant benefits of SD-WAN is the ability to leverage broadband internet connections, reducing the need for expensive private MPLS networks, lowering costs and increasing performance. Moreover, the software-defined capabilities of SD-WAN enable network admins to change characteristics of their entire network from a central management portal, such as:

  • Moving business critical applications to a private MPLS network between locations
  • Block, or lower the priority of social media applications to improve worker productivity

  Once these rules or policies are set, they can be automatically distributed and implemented across the organization in seconds.

  So, with SD-WAN, configuring new or existing networking infrastructure is much easier than the old way of fragile command lines and manual updates.

  What does this all mean about SD-WAN?

  Here are three key takeaways for businesses regarding SD-WAN:

  Agility: SD-WAN enhances agility by simplifying network policy configuration and management.
  Performance: SD-WAN provides higher performance by leveraging multiple paths intelligently, including broadband connections.
  Cost: SD-WAN lowers IT operational costs by simplifying WAN infrastructure and providing a more efficient network.

  Managed SD-WAN: Taking It to the Next Level

  Setting up and managing a WAN has never been easier, provided that it’s software-defined. But taking it a step further, businesses can take advantage of a Managed SD-WAN, where a vendor handles the entire network for them, including deployment, maintenance, updates and technical support. To learn more about this zero-touch network infrastructure get in touch with one of our Managed SD-WAN specialists for more info.

  The post Exploring SD-WAN – The Advanced Evolution of Business Networks appeared first on Sangoma Technologies.

March 07, 2023

• Enable Security SIPVicious PRO incremental update - and Gitlab CI/CD examples
  We just pushed out a new SIPVicious PRO update to our subscribing members! This version does not include any new major features. Instead, it fixes various bugs and brings missing but necessary features to various SIPVicious PRO tools. We have the following highlights in this update: Documentation now includes realistic Gitlab CI/CD examples The RTP fuzzer in the experimental version now supports SRTP Support for new SIP DoS flood request methods The RTP inject tool can now specify the RTP’s SSRC and payload ID The SIP password cracking tool now supports closing the connection upon each attempt The SIP ping utility supports INVITE For the boring details, including a list of bug fixes, do read the release notes for v6.

March 02, 2023

• Tox Redesign of Tox’s Cryptographic Handshake

  In 2017, Jason A. Donenfeld (known for WireGuard®) reported an issue in Tox’s handshake [1]. This issue is called “Key Compromise Impersonation” (KCI). I will try to explain the issue as simple as possible:

  In Tox you don’t register an account (e.g. with username and password), but instead your identity is solely based on (asymmetric) cryptographic information, a so-called asymmetric key pair. Such a key pair consists of a public part (public key) and a private part (private key). The public part, as the naming suggests, is public and contained in your ToxID which you share with your contacts to be able to communicate with them via Tox. The private part, again as the name suggests, needs to stay private! If someone gets in possession of your private key, they stole your Tox identity. This could, for example, be the case if someone got physical access to your computer or successfully installed malware on your system, e.g. a so-called trojan horse, to be able to extract data from it. If this happens, you will most likely have multiple problems and your Tox identity may be just one of them. The password you enter when you create your Tox profile, e.g. when you first start qTox client, is used to encrypt your profile and also your private key on your disk. If you start qTox, you need to enter your password to decrypt your private key, to be able to communicate via Tox. Your private key is then stored unencrypted in memory (i.e. RAM) while qTox is running. This means an attacker either needs to get access to your password (steal or crack it) or to read your Tox private key from memory while your Tox chat client is running.

  If someone successfully stole your Tox identity (i.e. this private key), they are you – at least in the context of Tox. So they can successfully impersonate you in Tox. Now in this case the KCI vulnerability leads to “interesting” behavior. It is clear that someone who stole your identity is able to impersonate you. But because of the KCI vulnerability, they may also be able to impersonate others to you. This means, to exploit this vulnerability in practice, someone not only needs to successfully steal your private key, but additionally:

  • Know the ToxIDs of your Tox friends to be able to impersonate them to you.
  • Control the network connection between you and your friend. This could be the case e.g. if they are in the same (public) WiFi as you, or via the Internet – which is way harder and is most likely only possible for state actors (e.g. the NSA).
  • Implement their own version of toxcore because it’s not possible to exploit this issue with the current implementation. There is no public exploit available which can just be used.

  In summary, KCI is exploitable, but with a huge effort.

  Anyway, this is a real vulnerability and it should be fixed. The current Tox handshake implementation is not state-of-the-art in cryptography and it also breaks the “do not roll your own crypto” principle. As a solution, there is a framework called Noise Protocol Framework (Noise, [2]) which can be used to create a new handshake for Tox. More precisely, the application of Noise will only change a part of Tox handshake — the so-called Authenticated Key Exchange (AKE). Noise-based protocols are already in use in e.g. WhatsApp, which uses it for encrypted client-to-server communication, and WireGuard®, which uses it for establishing Virtual Private Network (VPN) connections. Noise protocols can be used to implement End-to-End Encryption (E2EE) with (perfect) forward secrecy (which is also the case with the current Tox implementation), but further adds KCI-resilience to Tox.

  Tobi (goldroom on GitHub) wrote his master’s thesis (“Adopting the Noise Key Exchange in Tox“) on the KCI issue in Tox, designed a new Handshake for Tox based on NoiseIK and implemented a proof-of-concept (PoC) for this new NoiseIK-based handshake by using Noise-C [3]. This PoC has a few drawbacks, which is why it should not be used in practice (see Appendix). If you want to know more about his master’s thesis, see the update in the initial KCI GitHub issue [4].

  He applied for funding at NLnet foundation and their NGI Assure fund to continue his work on Tox and to be able to implement a production-ready Noise-based handshake for toxcore. Fortunately, this application was successful [5]. NGI Assure is made possible with financial support from the European Commission’s Next Generation Internet programme (https://ngi.eu/).

  The objective of this project is to implement a new KCI-resistant handshake based on NoiseIK in c-toxcore, which is backwards compatible to the current KCI-vulnerable handshake to enable interoperability and smooth transition. The main part of this project is to implement NoiseIK directly in c-toxcore to remove Noise-C as a dependency (as the only other dependency for c-toxcore is NaCl/libsodium) which was used in the PoC and therefore improve maintainability of c-toxcore (see Appendix).

  The tasks in this project are:

  • Implementation of a Noise-based AKE for the use in Tox’s handshake in c-toxcore
    • This task is to implement and test an AKE for the Tox handshake based on a Noise protocol (most likely Noise_IK_25519_ChaChaPoly_SHA512, but it may change due to new insights in c-toxcore).
  • Implementation of a symmetric transport phase encryption based on a Noise-based AKE/handshake
    • This task includes the implementation of a symmetric transport phase encryption based on the secret key(s) generated during the Noise-based AKE during the Tox handshake and evaluation of Noise’s rekey feature.
    • Subtasks:
      • Decision of which symmetric cipher to use for the Tox transport phase encryption (e.g. ChaCha20-Poly1305 or XSalsa20-Poly1305)
      • Evaluation of Noise’s rekey feature to allow for session rekeying to reduce the volume of data encrypted under a single cipher key (cf. section 11.3 of Noise specification, revision 34). This may not be applicable to be implemented in c-toxcore (e.g. changing keys may be expensive). Also, it may not be necessary for ChaCha20 / XSalsa20. Further, it’s dependent on how the transport phase encryption will be implemented.
  • Support for the Noise-based AKE and the KCI-vulnerable AKE for backwards compatibility
    • This task includes the implementation of a mechanism to fall back to the KCI-vulnerable handshake if one of both peers uses a legacy c-toxcore version to provide backwards compatibility for the handshake transition phase (e.g. via cookie phase (request and response) of Tox’s handshake).
  • Error handling and testing, Documentation, Blog posts

  The plan is to implement this new handshake until July 2023. Since it’s not a trivial task, there are still some obstacles:

  1. In Noise it is necessary to differentiate between the initiator and responder of a handshake. Due to the architecture of Tox it is possible that both peers initiate and respond to a handshake at the same time.
  2. Tox is P2P and UDP-based. Therefore packets can be received out-of-order or be lost altogether. In the Noise specification this is only considered for transport messages (cf. [6]).

     • “Note that lossy and out-of-order message delivery introduces many other concerns (including out-of-order handshake messages and denial of service risks) which are outside the scope of this document.” (cf. [6])

  Both points are not ideal for a handshake based on NoiseIK (i.e. it would be way easier to implement it in a client-server model using TCP), but it should be possible to work this out.

  Tobi is available in #toktok (libera.chat) as tobi/@tobi_fh:matrix.org and ready for any input, questions, remarks, discussions or complaints.

  ---

  Appendix

  The PoC shouldn’t be used in practice/in production because it should be improved in the following aspects (for details see chapter five of Tobi’s thesis [4]):

  • The PoC was implemented by using the Noise-C library [3]. Instead of using the library, NoiseIK or more specifically the Noise_IK_25519_ChaChaPoly_SHA512 protocol will be implemented directly in c-toxcore. This will remove Noise-C as a dependency for toxcore (i.e. the only other dependency is NaCl/libsodium) and therefore improve maintainability. Additionally this will reduce the number of possibly vulnerable source lines of code.
    • Notes on maintainability: Noise-C has a lot of code/functionality which is not necessary for c-toxcore. Also Noise-C is currently (?) not actively maintained. If NoiseIK is implemented directly in c-toxcore it is only necessary to maintain the c-toxcore codebase and it is not necessary to care about Noise-C.
  • The PoC implementation uses the ChaCha20-Poly1305 AEAD cipher during the AKE/handshake and XSalsa20-Poly1305 during the transport phase. In this project it should be evaluated if it’s possible to also use ChaCha20 during the transport phase to only use one cipher instead of two different ones (XSalsa20 is not supported by the Noise framework). For details see chapter four of Tobi’s thesis.
  • Further testing of NoiseIK handshake behavior and improved error handling.
  • The PoC implementation is not backwards compatible with the current KCI-vulnerable Tox handshake. In this project a mechanism should be added to enable interoperability with clients based on an old c-toxcore version.

  ---

  References:

  • [1] Tox Handshake Vulnerable to KCI #426: https://github.com/TokTok/c-toxcore/issues/426
  • [2] Noise Protocol Framework: https://noiseprotocol.org/
  • [3] Noise-C Library: https://github.com/rweather/noise-c
    • https://rweather.github.io/noise-c/index.html
  • [4] More information on Tobi/goldroom’s master’s thesis: https://github.com/TokTok/c-toxcore/issues/426#issuecomment-759511593
  • [5] “Adopting the Noise Key Exchange in Tox” project description/information: https://nlnet.nl/project/Noise-Tox/
  • [6] Noise specification, 11.4. Out-of-order transport messages: https://noiseprotocol.org/noise.html#out-of-order-transport-messages

  ---

  “WireGuard” is a registered trademark of Jason A. Donenfeld.

February 28, 2023

• Digium The Importance of Channel Partnerships

  Channel partnerships are the way Sangoma does business. We understand the value the channel partnerships bring to Sangoma, and ultimately to the end-user customers who need business communication solutions. As such, we work hard to ensure our channel programs bring value to our channel partners, that what we offer our channel partners is unique, and ultimately that it is worthwhile for the channel partner to invest their time with Sangoma solutions.

  If you want to learn more, we will likely be at your favorite Telecom Services Distributor / Technology Services Distributor event as they roll their events out across the country.

  We will also be at the channel event of the year, Channel Partners in Las Vegas in early May. We’ll be at booth 1819.

  We’d love to meet you and show you why Sangoma would be a great option to help you service your customers with the best business communication solutions.

  The post The Importance of Channel Partnerships appeared first on Sangoma Technologies.

• Digium The Importance of Channel Partnerships

  Channel partnerships are the way Sangoma does business. We understand the value the channel partnerships bring to Sangoma and, ultimately, to the end-user customers who need business communication solutions. As such, we work hard to ensure our channel programs bring value to our channel partners, that what we offer our channel partners is unique, and ultimately that it is worthwhile for the channel partner to invest their time with Sangoma solutions.

  If you want to learn more, a few ways are coming up where you can meet us and hear more from us:

  1. We will start some national roadshows, with our first one on March 9 in the Dallas area, up in Plano. If you are in the area, we’d love to have you attend for lunch and drinks afterward. Reserve your spot now.
  2. We will be hosting a general webinar to hear about what Sangoma offers and how we have changed over the past few years, on March 2. Click here to register.
  3. We will likely be at your favorite Telecom Services Distributor / Technology Services Distributor event as they roll their events out across the country.
  4. We will be at the channel event of the year, Channel Partners, in Las Vegas in early May. We’ll be at booth 1819.

  We’d love to meet you and show you why Sangoma would be a great option to help you service your customers with the best business communication solutions.

  The post The Importance of Channel Partnerships appeared first on Sangoma Technologies.

• Enable Security WebRTC attacks, FOSDEM'23 and security fixes
  Welcome to the February 2023 edition of RTCSec newsletter. If you are reading this on your email client, you might notice slight formatting changes - the red color of the Communication Breakdown blog and the mascot on the side. Hope that this makes it more distinguishable. Do let me know if you have feedback, by replying to this email. In this edition, we cover: A chat with Arin Sime of WebRTC.

February 15, 2023

• Digium Sangoma Wholesale: Compliance-as-a-Service

  In the mid-2000’s, VoIP Innovations pioneered SIP trunking services for an emerging number of non-facilities-based, value-added resellers and managed service providers. Back then, VoIP for business-use was less common. Today, there are over 40,000 VAR’s/MSP’s and VoIP has replaced POTS lines in the large majority of businesses nationwide.

  As enterprises have all but done away with in-house telecommunications departments, these VAR’s/MSP’s have more heavily relied upon rebilling the tailored services provided by VoIP Innovations. Now known as Sangoma Wholesale Carrier Services, the legacy of innovations continues with Compliant Service Solutions for this continually growing market segment.

  Not only are clients’ technical expectations on VAR’s and MSP’s heightened, so too are the FCC’s expectations and requirements on these non-facilities-based voice service providers.

  For example, In December 2021, the FCC pushed out the Small Provider Order Fourth Report and Order pertaining to STIR SHAKEN. This order is specifically for non-facilities-based, small voice service providers to be in compliance by the revised deadline of June 30, 2022.

  Our many Compliance-as-a-Service solutions provide the tools you need to take care of your SHAKEN requirements yourself. Other compliance-related solutions include SMS Campaign Registry, e911 Dynamic Location Routing, Hosed Billing with comprehensive tax calculations, and HIPAA compliant fax solution services. We have found that the more seamlessly our products work for our VAR’s and MSP’s, the more easily they can customize their services to more profitably meet the needs of their end-users.

  As our reseller partners’ demands are ever evolving, we continue to innovate our products mix to keep up with the FCC’s more demanding requirements.

  Check out another recent blog post Brian Smiley, our VP of Wholesale, created to learn more about reselling the most trusted, best-in-industry, carrier communications services for your clients.

  If you are attending ITEXPO Feb 14-17, please come to booth 617 to meet Brian and/or consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.

  Or visit our website at carrierservices.sangoma.com. Stay tuned for more exciting, innovative offerings coming soon!

  The post Sangoma Wholesale: Compliance-as-a-Service appeared first on Sangoma Technologies.

February 14, 2023

• Digium Overall Managed SD-WAN Benefit Review

  In a December blog, I wrote at a high level about a paper from the Eastern Management Group regarding the benefits of utilizing different types of cloud services, which basically boil down to the following organizational benefits:

  • Reduced IT Effort
  • Deployment Velocity
  • Scalability
  • Business Agility

  Today, according to that paper, I will highlight just a few of the benefits of using Managed SD-WAN services. Software Defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services – including MPLS, LTE, and broadband internet services – to connect users to applications securely. It creates a network managed through cloud software rather than disparate hardware systems. A significant benefit of using SD-WAN is:

  • Removes the need for companies to choose between high-cost private networks or low-cost Internet connections when building corporate networks. Instead, it allows businesses to leverage affordable, widely available broadband connections to boost bandwidth and reduce redundancy. It also prioritizes mission-critical applications such as voice and video while streamlining administration and centralizing management.

  Managed SD-WAN utilizes a third party to oversee the implementation, continued monitoring, and updates of the SD-WAN service. Major benefits include:

  • Proactive monitoring – identifies issues in real time and allows the organization to take corrective action before users notice or complain
  • A managed service provider can deploy additional security solutions and keep your company up to date with the latest developments

  If you are looking for more information on Sangoma’s Managed SD-WAN offering, please go here. If you want to read the full report now, please go here.

  The post Overall Managed SD-WAN Benefit Review appeared first on Sangoma Technologies.

February 08, 2023

• Digium Sangoma Wholesale: Power of the Portal

  More than 15 years in the making, the VI Communication Services portal leads all other SIP trunk providers’ portals in the industry for features and capabilities. As VI Communications is now Sangoma Wholesale Carrier Services, our legacy of innovations continues both in network expansion and portal enhancements.

  The BackOffice Portal is our customer portal for ordering and managing DIDs. And, the end-user portal is our brandable, extensible portal for our customers to pass on some of the powerful capabilities, such as number porting, to their end-users.

  Our award-winning portal simply does more than anyone else’s. And, our industry-leading service further separates us from the competition. At Sangoma Wholesale Carrier Services, customers can always talk to a live person 24/7.

  Often emulated for its ease-of-use, our portals are unrivaled for their comprehensive capabilities.

  What else would you expect from the company known for leading the industry in innovations?

  A true multi-tenancy portal for resellers to organize multiple customer profiles, provisioning, and managing telephone numbers. Our integrated billing platform will exceed expectations for what is possible. Easily process taxes and even other carrier’s call detail records (CDR’s).

  We are so much more than just Trunking as a Service with a great portal. We are your one-stop source for the compliance solutions that you need which are integrated into our nation-wide carrier network.

  Learn about our Hosted Billing and integrated Tax Solutions. Manage SPAM and fraud before it affects your customers. Stay ahead of all the new STIR SHAKEN requirements for VoIP resellers. Keep on top of the changes with Campaign Registry for SMS. And, your customers can remain connected even in emergencies with our e911 Dynamic Location Routing solutions.

  Check out another recent blog post that Brian Smiley, our VP of Wholesale, created to learn more about reselling the most trusted, best-in-industry, carrier communications services for your clients.

  If you are attending ITEXPO Feb 14-17, please come to booth 617 to meet Brian and/or consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.

  The post Sangoma Wholesale: Power of the Portal appeared first on Sangoma Technologies.

February 02, 2023

• Digium Sangoma Wholesale: Empowering Value-Added Resellers

  VI Communications has been the carrier services division of Sangoma since being acquired in 2019. Otherwise known as Sangoma Wholesale Carrier Services, this division is integrated yet operates as an autonomous business unit.

  There is one primary reason for this autonomy. We primarily service and support the important “middleman” or value-added resellers.

  Nationwide, approximately 40,000 managed service providers typically support multiple end-customer businesses’ IT and communication service needs. We have provided wholesale services to these value-added resellers for over 15 years.

  As the wholesale arm of Sangoma, it could be perceived as competing for the same end customer. Our distribution model is designed to be trusted and complement our customers’ unique offerings and expertise.

  Our wholesale division exists to provide value-added resellers access to the best industry products and services possible at a discounted rate to service aggregators. And we follow stringent CPNI (customer proprietary network information) rules to ensure privacy and the protection our customers expect.

  Our reliably engineered network is the foundation for our product and carrier services offerings. Our award-winning BackOffice and End-Client portals with industry-leading, FCC-compliant features are offered in an a la carte manner where you only pay for what your customers use.

  Sangoma Wholesale Carrier Services continues a legacy of innovations in product development, the expansion of our core networks and technological capabilities, and value-added resellers thrive as communications service providers.

  We are so much more than just Trunking as a Service. We are your one-stop source for the compliance solutions you need, which are integrated into our nationwide carrier network.

  Learn about our Hosted Billing and integrated Tax Solutions. Manage SPAM and fraud before it affects your customers. Stay ahead of all of the new STIR SHAKEN requirements for VoIP resellers. Keep on top of the changes with the Campaign Registry for SMS. And your customers can remain connected even in emergencies with our e911 Dynamic Location Routing solutions.

  Check out another recent blog post Brian Smiley, our VP of Wholesale, created to learn more about reselling your clients’ most trusted, best-in-industry carrier communications services.

  If you are attending ITEXPO Feb 14-17, please come to booth 617 to meet Brian and/or consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.

  Or visit our website at carrierservices.sangoma.com. Stay tuned for more exciting, innovative offerings coming soon.

  The post Sangoma Wholesale: Empowering Value-Added Resellers appeared first on Sangoma Technologies.

January 31, 2023

• Digium Sangoma as a Frost and Sullivan FROST RADAR™ North American UCaaS Market Leader

  A couple of months ago, I wrote about being selected, again, for the 9th year in a row, to the Gartner UCaaS Magic Quadrant. It never gets old, just like football teams that consistently get to the playoffs! I’m pleased to announce that we’ve also been designed a Leader in the Frost and Sullivant FROST RADAR North American UCaaS Market for this year.

  It’s very nice to honored like this by key analyst companies. It makes all the hard work, by the entire company, mean something. The recognition is nice.

  We know we can’t just sit still and not innovate if we want to keep getting this recognition. The market is continually changing, and the competition changes as well. I mean who would have thought 9 years ago that video meetings and collaboration would be key features in a UCaaS platform now? But they are. Business phone systems are just different now, in a way that benefits the customers.

  Change is still coming though. If you read the report (and the report can be found here on our website), you‘ll see it mentions that “Integrated platforms delivering UCaaS, CCaaS and CPaaS are at the foundation of next-generation business communications solutions”.

  Sangoma certainly agrees with that statement and we have been driving this on our roadmaps for a while. We have or own CCaaS and CPaaS platforms, that are integrated with our UCaaS. And we are using our CPaaS to create apps that augment our UCaaS solution, whether that be with integrations to other software systems, or productivity improvement apps that supplement UCaaS.

  As Elka Popova, VP of Connected Work Research, ICT of Frost and Sullivan says “Sangoma continues to strategically augment and diversify its extensive UCaaS portfolio and partner network, more recently via the acquisition of Star2Star and NetFortris. Sangoma consistently prevails within the industry as a one-stop shop for complete communications solutions, including UCaaS, CPaaS, SD WAN and communications devices.”

  We certainly intend to continue to offer the best one-stop shop cloud communications solutions, intend to continue to innovate, and thus continue to be recognized as leaders!

  The post Sangoma as a Frost and Sullivan FROST RADAR™ North American UCaaS Market Leader appeared first on Sangoma Technologies.

• Enable Security Kamailio's exec module, SIPVicious still ringing phones and many vulnerabilities
  This new year starts off with a number of RTC security related news and we have some original content to share with you too! In this edition, we cover: Our news: The dangers of using the Kamailio exec module and our pentesting schedule Our news: Updates to the awesome RTC hacking list The Threema weaknesses paper from ETH Zurich Presentations of interest from Blackhat and Nullcon Berlin Receiving calls on your deskphone from SIPVicious - still happening!

January 26, 2023

• Enable Security Kamailio's exec module considered harmful
  Executive summary (TL;DR) The combination of pseudo-variables and Kamailio’s exec can be risky and may result in code injection. By using special SIP headers and environment variables, it becomes effortless to exploit a vulnerable configuration. We have created a Docker environment to assist readers in reproducing this vulnerability and testing solutions. Protection is tricky and the official documentation may have previously misled developers - we aim to fix that by updating the module’s official documentation.

January 17, 2023

• Digium Going to ITEXPO and AstriCon

  It’s been a while. For both an in-person AstriCon and an ITEXPO during its “rightful” time in mid-February in southeast Florida. And they are both converging and happening in a few weeks in Fort Lauderdale.

  The last time we had an in-person AstriCon was in 2019. This will be the first one since Covid. We decided to co-locate it with ITEXPO since, at the last AstriCon, we did not have members of the ecosystem (such as phone vendors that support Asterisk and FreePBX). The ecosystem exists in force at ITEXPO, so it made sense to run AstriCon as a co-located event. To register, please go to this link: https://www.itexpo.com/east/astricon.aspx

  And Sangoma will also have a booth at ITEXPO. Since the last time we did a show, we changed our logo, so you will surely notice that. Sangoma has the widest range of business-focused communication services, and we won’t be able to demonstrate all of them. But we will showcase our UCaaS platforms, phones, MSP Services, Open-Source products (Asterisk and FreePBX), and wholesale carrier services (i.e., VoIP Innovations) offerings.

  We’re looking forward to catching up with you, so please stop by our booth (617)!

  The post Going to ITEXPO and AstriCon appeared first on Sangoma Technologies.

January 12, 2023

• Digium VI Communications is Sangoma Wholesale Carrier Services

  VI Communications is Sangoma Wholesale Carrier Services. Known initially as VoIP Innovations, Sangoma Wholesale was built on over 15 years of Trunking as a Service expertise. Sangoma Wholesale continues the legacy of innovations within its award-winning user and end-client portals.

  Sangoma Wholesale Carrier Services’ innovative solutions are industry-leading and delivered on its own reliably engineered network.

  Ideal for VoIP resellers and communication service providers, wholesale customers can buy unbundled services on an a la carte basis. A full-featured, extensible SIP Trunking platform puts number ordering, management, and provisioning all in your administration or directly into the hands of your end-users. This multi-tenant environment allows for customizable parent-child account relationships. And our integrated Hosted Billing options are popular, complementary add-on services for their ease of use.

  Sangoma Wholesale is much more than a one-stop shop for your carrier services like VoIP, SMS, fax, and video collaboration solutions. Check out our array of Compliance Solutions. Whether it is STIR SHAKEN, Tax Calculation, SMS Campaign Registration, Kari’s Law for e911 Dynamic Location Routing, or Fax solutions that meet all the requirements for HIPAA – we have what you need for resale.

  And likewise, as consumers demand heightened detection and protection from SPAM and Fraudulent calling, we have services you can trust.

  If you are attending ITEXPO Feb 14-17, please come to booth 617 to consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.

  Remember, VI Communications is Sangoma Wholesale Carrier Services.
  Visit us at booth 617 at ITEXPO or learn more at https://carrierservices.sangoma.com/.

  The post VI Communications is Sangoma Wholesale Carrier Services appeared first on Sangoma Technologies.

January 03, 2023

• Digium UCaaS Futures Musings Podcast

  In December, I did a podcast with Isha Mukherjee, our Asia-Pac marketing wiz. We talked about a bunch of things, ranging from our new logo, to what happened to UC in 2022, to my thoughts on UC in 2023.

  If you want listen to whole podcast, just go here.

  For this blog, though, I just want to focus on my thoughts for UC in 2023. I encapsulated my thoughts into the term “Smart Business”. This could mean multiple things, such as making your business smarter through using UC. And I certainly see that. In the Frost and Sullivan blog from a few weeks ago, I talked about the integration of contact center, unified communications, and CPaaS. And I certainly see that moving quite far along in 2023, even bringing in some aspects of AI that’s already in the contact center towards UC. And utilizing CPaaS apps to augment the UC system, so that the UC system is “smart” for your business. In other words, it does what you need it to do.

  And that brings us to another meaning of Smart Business, which is doing business in a smart way. I think we’ll see more one-stop shopping with cloud communications in general. If there is a global slowdown, then businesses unfortunately may not be able to keep the same number of employees. There would likely be retrenchment. And this means you need to do business smarter in order to keep the same level of service, and to even grow. One way to do that, is to get your cloud communications from one provider. One bill, one place to talk to, many less headaches. Focus your people on growing the business, not the back-end that runs the business. UCaaS, Contact Center, Augmentation Apps, Collaboration, Video Meetings, and MSP services – all from one vendor, servicing you well. That is Sangoma.

  The post UCaaS Futures Musings Podcast appeared first on Sangoma Technologies.

December 22, 2022

• Enable Security Highlights from the past year and various security fixes
  Welcome to the last RTCSec newsletter of 2022! In this edition, we cover: Looking back at the past year and best wishes for the New Year Jitsi gets verification for E2EE OSS-Fuzz now testing PJSIP Vulnerabilities fixed in Drachtio, BigBlueButton, Cisco IP Phones and more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.

December 20, 2022

• Digium Overall SaaS Benefit Review

  Sangoma recently partnered with Eastern Management Group regarding a report reviewing the end-customer benefits of Sangoma’s various Communications as a Service offerings. The full report can be found here, and it covers all of Sangoma’s Communications as a Service offerings:

  • Unified Communications as a Service – UCaaS
  • Video Meetings as a Service – MaaS
  • Collaboration as a Service CollaaS
  • Contact Center as a Service – CCaaS
  • Trunking as a Service – TaaS
  • Communication Platforms as a Service – CPaaS
  • Network Connectivity – Network Access as a Service
  • SD-WAN Managed Services
  • Security as a Service – Managed Security
  • Fax as a Service – FaaS
  • Access Control as a Service – ACaaS
  • Desktop as a Service – DaaS

  While each one of these has specific customer benefits, at a high level the value to the end-user of using any managed communications service comes down to the following:

  • Reduced IT Effort
  • Deployment Velocity
  • Scalability
  • Business Agility

  In the next couple of weeks, I will go a more in-depth into some of the Sangoma cloud services, and explore more specific end-user customer benefits of the cloud service discussed that week. If you want to read the full report now, please go here. Otherwise, stay tuned here and I’ll provide a few quick updates for you.

  The post Overall SaaS Benefit Review appeared first on Sangoma Technologies.

December 16, 2022

• Jitsi Self-hosting a fully-featured Jitsi Meet instance just got as easy as pie

  Hey there Fellow Jitsters!

  Have you ever considered adding telephony to your Jitsi Meet self-hosted instance?

  Up until now you only had the option to run Jigasi and deal with telephony yourself. Many of our users do this every day, but when we asked we learned that there was interest in offloading that part. Could someone else host it?

  

  Today we’re launching a new way to quickly connect to the public telephone network and offer dial-in capabilities to your users without the need for hosting and managing the entire telephony infrastructure: JaaS components. You can give it a try today!

  Are you running Jitsi Meet on a Debian instance or are you using Docker? Either way, you can opt-in for this feature and it will be automatically set up. A new JaaS account will be created for you and you’re good to… call.

  If you’re running Jitsi Meet on Debian all you need to do is to answer ‘Yes’ to this question and you will have dial-in capability on your Jitsi instance.

  

  Note: A Let’s Encrypt certificate is required and the email address used to generate the certificate will be used also for creating your new JaaS account.

  If you’re running Jitsi Meet on Docker you’ll need to set the following variables on your .env file:

  • PUBLIC_URL: the domain were Jitsi Meet runs
  • ENABLE_JAAS_COMPONENTS=1
  • A Let’s Encrypt certificate is required so do enable it too

  

  Now you can restart your setup with `docker-compose up –force-recreate`

   

  An email will be sent to you, asking you to set up a password for the JaaS admin account:

  

  From the JaaS admin console you can manage your account, see the overall activity and upgrade to another plan if needed.

  

  You’re all set up now! Let’s make a phone call! Join a call on your Jitsi Meet instance and notice how the dial-in option becomes available when trying to invite participants. You can now dial-in to one of the phone numbers provided in the list and you’ll be connected to the meeting.

  

  Get started today, a free trial is available! Please check the JaaS components website for details on pricing.

  Jigasi is the first Jitsi component offered as a service, with more to come. Stay tuned!

   

  Your personal meetings team.

  ---

  Author: Oana Emilia Ianc

   

  The post Self-hosting a fully-featured Jitsi Meet instance just got as easy as pie appeared first on Jitsi.

December 12, 2022

• Digium Sangoma is Recognized in the Gartner UCaaS Magic Quadrant

  Last week you may have noticed that Gartner, Inc. positioned Sangoma in the 2022 Gartner® Magic Quadrant for Unified Communications as a Service. Sangoma is one of only twelve other companies placed in 2022 and one of six to appear consecutively for the last eight years.

  

  “We are thrilled to be recognized again in this year’s Gartner UCaaS Magic Quadrant,” said Sangoma Chief Marketing and Product Officer Jim Machi. “It’s gratifying to be independently recognized for vision and execution. Sangoma has grown its position in the top tier of cloud communications companies. Sangoma offers the widest set of cloud communication services in the industry, all engineered in-house, to offer partners and customers a single-source, business-oriented cloud-native communications portfolio. UCaaS is the centerpiece of this strategy, but this complete vision goes beyond that to include CCaaS, Video Meetings as a Service, Collaboration, CPaaS, etc., so this recognition is exciting for Sangoma, our partners, and our customers.”

  To read the full report, fill out the form on this page.

  The post Sangoma is Recognized in the Gartner UCaaS Magic Quadrant appeared first on Sangoma Technologies.

December 06, 2022

• Jitsi Trust, but verify: introducing user verification

  It’s been a while since we introduced End-to-End Encryption (E2EE) over two years ago. Back then we started with a simple model consisting of a passphrase everyone needed to type and later migrated to a model with randomly generated keys per participant. Each have different characteristic and we ultimately chose to stick with the latter. Today we are introducing a missing piece in the E2EE puzzle: user verification.

  User verification was not previously possible in Jitsi Meet. Just like our core E2EE we are basing our implementation on the Matrix protocol. Matrix’s libolm / vodozemac provide a Short Authentication String (SAS) mechanism implementation which developers can use. They even have great documentation on how it works, thanks Matrix!

  So, how does it work?

  First, you’d gather in a meeting and turn E2EE on.

  

  Now you’ll see a new option for each participant in their tile menu that allows you to verify them:

  

  After choosing to verify a user a dialog will open with a list of emojis:

  .

  Wait what? Emoji? These emojis conform the SAS. They have been carefully chosen to avoid ambiguity and make the process more user friendly than comparing random numbers. You can find more information in the Matrix spec.  You must verbally compare them with the other participant and if they match, mark it as verified.

  Once a user is verified this will be reflected in the user information tooltip:

  

  At this point you can be sure that not only your data is encrypted end-to-end, but also that there is no man-in-the-middle (MITM) attach happening.

  Availability

  User verification is currently available in Jitsi Meet master and deployed in beta. It will be part of the next stable release, but expect more improvements specially in the UX front.

  Thanks

  We’d like to thank Robertas Maleckas (ETH Zurich), Prof. Kenny Paterson (ETH Zurich) and Prof. Martin Albrecht (Royal Holloway, University of London) for their work researching Jitsi Meet’s E2EE and encouragement, and Matrix for their tools, which make implementing E2EE a much better experience.

   

  ---

  Please note that we still consider our E2EE experimental and are still working on improvements. Please make sure you check out our post on how end-to-end encryption in general does NOT offer a meaningful level of trust and protection when it comes to modern meetings services.

  Your personal meetings team.

  The post Trust, but verify: introducing user verification appeared first on Jitsi.

December 01, 2022

• Jitsi Introducing whiteboards in Jitsi Meet

  Trying to explain something to someone and they just don’t get it? If an image is worth a thousand words how about a diagram? Today we’re excited to announce the availability of whiteboards in Jitsi Meet – the missing piece for all those seeking an educational meeting solution and not only!

  

  We decided to stand in the shoulders of giants on this one. The core implementation comes from Excalidraw, an excellent whiteboarding piece of software, which is Open Source, of course. We made some tweaks and adjustments to have it fit in with our vision. We seek to provide an easy to use feature that enables participants to share ideas and brainstorm without having to seek a third party solution. From now on, meeting moderators can open a whiteboard and have everyone in the call sketch away.

  

  The interface supports a number of tools and settings that keep the collaboration interesting and effective. During a meeting, changes that a participant makes locally via the whiteboard are sent to a server to then distribute those updates only to devices of other participants in the meeting. The whiteboard content can be exported as a png or svg at any time during the meeting, so all that hard work doesn’t go to waste.

  

  If you’re using meet.jit.si, you can go ahead and play with the whiteboard in your meetings right away! For those self-hosting, it can be enabled from the config file, and you’ll need to deploy this simple backend.

  As you might already know, we’re firm believers in the power of Open Source, we seek to collaborate with other communities to build solutions everyone can use and we’re excited to bring more to this feature in the future!

  Your personal meetings team.

  ---

  Author: Mihaela Dumitru

  The post Introducing whiteboards in Jitsi Meet appeared first on Jitsi.

November 30, 2022

• Enable Security DDoS simulation tutorial, WebRTC IP leak and vulnerable RTC libraries
  It is the end of November and with it, we bring some of our own publications and coverage of various advisories, papers and news items in the VoIP and WebRTC security world. In this edition, we cover: How to simulate DDoS attacks on your own Details about the new WebRTC IP leak issue Coverage of interesting talks at Blackhat and TADSummit Advisories concerning Sofia-SIP, Drachtio, PJSIP and more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

November 29, 2022

• Enable Security How to perform a DDoS attack simulation
  TL;DR A DDoS simulation is a practical exercise that various organisations are capable of doing. Understand the reasons why you would want to do this, then combine custom with off-the-shelf attack tools. Follow the best practices, apply solutions and mitigation; and you can finally answer: what if we got attacked? Introduction In this post, we give an overview of how you too can perform your own distributed denial of service (DDoS) simulation exercises.

November 22, 2022

• Digium Multi-Location UCaaS and Multi-Location Connectivity Services

  Sangoma is very proud and honored to be able to service multi-location businesses with our UCaaS system and MSP services. A common dialing plan among the different physical businesses, physical phones that are tightly tied to the UC system, mobile and desktop clients to augment the desk phone, and having a CPaaS system that can enable multi-location business unique requirements to be added to our UCaaS solution has enabled Sangoma to service these businesses well with our UCaaS solutions.

  Beyond UCaaS, though, Sangoma, through its acquisition of NetFortris, now offers connectivity and security services that can be tailored to bring the best connectivity solution to the needs of the overall multi-location business and each of the specific physical buildings. It is hard to manage what is the best connectivity solution, which provider to get it all from, all the different bills, etc. That’s understandable, for sure. The IT department needs to be expert at everything, and that’s downright impossible.

  Someone like Sangoma can determine the best price, the best type of connectivity solution, and the best provider for each location and manage the network for you. You likely do not need the same bandwidth for each building, and the network provider may most likely offer a different economical service all around. Let someone else figure that all out for you and take care of all that for you.

  As your UCaaS provider, it makes sense to get all this from us. We understand the networks, and we’re monitoring the UCaaS anyway, so why not have us manage and monitor your internet connectivity as well?

  And we can also offer you SD-WAN services with this connectivity so that you can get the most efficient routing, a more stable internet (because of the use of multiple connections), and cost savings. And, of course, monitoring by Sangoma. Learn more about our MSP services here.

  The post Multi-Location UCaaS and Multi-Location Connectivity Services appeared first on Sangoma Technologies.

November 21, 2022

• Digium As a Voice Service Provider, How Has the FCC’s Updated Deadline on STIR/SHAKEN Compliance Affected Your Business?

  A few months ago, the FCC released a public notice reminding non-facilities-based “small voice service providers”, that they must implement the STIR/SHAKEN caller ID authentication framework in their Internet Protocol networks no later than June 30, 2022.

  Is this a surprise to you? Well perhaps, considering a 2 year extension was granted to small VPS (those with 100,000 or fewer voice access lines) from the original deadline of June 30th, 2021. So why the sudden change in deadline? What happened was an overwhelming amount of robocalls were observed to be originating from these small VSP from the time that deadline was announced, so much so, the FCC decided to cut the extension by 1 year, significantly moving up the deadline.

  In summary, as a small voice service provider you are no longer subject to a two year extension and must update your certifications and associated filings in the Robocal Mitigation Database (RMD) and implement the authentication framework by June 30, 2022 (which of course has passed at this point in time) or be subject to ”appropriate enforcement action” by the FCC.

  We know that it’s a lot of work, time, and money spent to become compliant. To implement STIR/SHAKEN into your voice network, you’ll likely need to provision a cost-prohibitive session border controller (SBC) or a SIP proxy, which can significantly alter the way you route traffic to your partners. This can create unexpected consequences for you, such as billing, for instance, not to mention the network maintenance and monitoring that’s required for these new points of failure.

  The deadline for compliance has already passed for non-facilities-based providers. Don’t risk waiting for the FCC to contact you and be put under extreme pressure. We have a Zero-maintenance call signing solution for you!

  VI Communication Services’ Call Signing Services help you become compliant, simply by sending your phone calls to our voice network. On our side, we will provision a dedicated server to host your unique certificate and sign calls on your behalf, using the attestation rules that you yourself configured. That’s all! No additional hardware or network maintenance required. We take care of everything for you so that you can focus on running your business. View our product slick.

  Learn more about our Call Signing Service today. We are sure it will save your business the unwanted hassle of STIR/SHAKEN compliance!

  The post As a Voice Service Provider, How Has the FCC’s Updated Deadline on STIR/SHAKEN Compliance Affected Your Business? appeared first on Sangoma Technologies.

November 10, 2022

• Digium What are Managed IT Services?

  A managed IT service is an information technology (IT) task provided by a third-party service provider and delivered to a business customer.

  “Managed services” refers to outsourcing information technology (IT) processes and functions to improve operations and reduce expenses. It’s a way to augment your company IT staff with access to specialized expertise and not worry about the cost and complexities of hiring and staffing for 24/7/365 critical business functions.
  Managed services are ideal for companies that:

  • Rely on IT infrastructure to support their daily business operations
  • Have training or specialty gaps in their IT staff or have teams that have become bogged down in routine maintenance and cannot focus on value-generating objectives
  • Need IT budget predictability and scalability

  What are Managed IT Solutions?

   
  Businesses outsource a plethora of IT-related services to managed IT solutions providers, including:

  • Cloud Communications – This encompasses multiple communications technologies from business phone systems, VoIP calling, email, chat, video conferencing and collaboration, unified communications-as-a-service (UCaaS), virtual call centers, SIP trunking, and more.
  • Networking – A service provider typically develops, controls, and manages communication networks. Services typically offered include:
    • Internet access
    • SD-WAN for network optimization and traffic prioritization
    • Network switches
    • Wireless local area networks (LANs)
    • Wide area networks (WANs)
    • Virtual private networks (VPNs)
    • Wi-Fi and other forms of connectivity
  • Security – Cybersecurity is a specialized field with a range of services encompassing a comprehensive solution that secures an organization’s network and devices on (or off) that network. Services typically include:
    • Next-generation firewalls (NGFW)
    • Backup and disaster recovery
    • Endpoint detection and response (EDR)
    • Managed detection and response (MDR)
    • Remote monitoring and management (RMM)
    • Multi-factor authentication (MFA)
    • Unified threat management (UTM)
    • Patch management
    • Email security
    • DNS protection
    • Security awareness training

  What is a Managed IT Service Provider?

   
  In a managed service arrangement, the managed service provider (MSP) is responsible for the functionality of IT services and equipment for the client, who typically pays on a monthly retainer basis.

  Companies that offer managed services are called managed service providers (MSPs). MSPs are third-party companies that remotely manage IT infrastructure and systems. Small and medium businesses (SMBs), nonprofits, government agencies, and enterprises across various industry verticals leverage MSPs to deploy and manage technology solutions.

  Typically, an MSP delivers applications and management services through the Internet under a contractual service-level agreement (SLA). The SLA details qualitative and quantitative performance metrics that govern the MSP and customer engagement.

  Key Benefits of Managed IT Service Providers for Businesses

  • Reduced technology costs
  • Domain expertise
  • Specialized talent
  • Scalability
  • Emerging tech know-how
  • Future-proof environments

  MSPs handle complex or repetitive tasks required to maintain a client’s IT infrastructure and typically are engaged in managing the following activities:

  • Sourcing and managing IT infrastructure
  • Delivering managed communications and collaboration services
  • Offering technical and software training and support
  • Sourcing and managing security solutions
  • Managing client user accounts in applications and portals
  • Handling contract management for underlying technology vendors
  • Assisting with compliance and risk management
  • Managing third-party contractors
  • More

  Why Outsource to a Managed IT Service Provider?

   
  Businesses of all sizes typically offload the management of select IT services for these key reasons:

  • Issue-Resolution Ownership – MSPs working with you in an ongoing capacity are incented to focus on preventing problems and quickly address issues to continue to win your business each month.
  • Solution Stability – MSPs provide 24/7/365 monitoring and proactive maintenance, which means they can respond to issues quickly and head off system failure and downtime in advance.
  • Predictable Costs – Expenses fit neatly into monthly payments, eliminating the need for significant capital outlays to deploy services. Likewise, you never get an unforeseen bill for something that breaks.
  • Infrastructure Modernization – MSPs go beyond just fixing your existing systems. They provide recommendations and create migration plans for upgrades to new and modernized versions of your underlying network infrastructure components while keeping them up to date and in alignment with your technical and business objectives.

  Ready for Worry-Free Managed IT for Your Business?

   
  Sangoma makes it painless to access a complete suite of managed networking, security, and business communications solutions customizable to your organization’s unique needs.

  The post What are Managed IT Services? appeared first on Sangoma Technologies.

• Jitsi Low-latency conference streaming to very large audiences

  Jitsi today supports life-streaming conferences to large audiences through our Jibri tool – this tool renders all the media from the conference, and forwards it to a streaming service such as YouTube.

  This approach works, but it has limitations.  In addition to being computationally expensive, it also introduces substantial latency to the media.  This can be a problem when interaction is needed between the participants in the conference and the audience, for example for a text-based question-and-answer session.

  This article will describe a new approach to live-streaming media, which uses Jitsi’s builtin functionality, without transcoding, to reach potentially very large audiences with latency comparable to that of a live conference.

  Overview

  The basic approach to media distribution for this solution is straightforward – simply forward media to all the audience members in the same way that they are forwarded today to conference participants – i.e. as individual RTP streams over WebRTC.  This can re-use Jitsi’s existing well-tested technology to distribute the media and have it arrive at receivers and be played out to viewers.

  The challenge, of course, is to scale Jitsi’s back-end services so they can support sending media to very large numbers of viewers, potentially in the hundreds of thousands or more.  The rest of this article will discuss some of the architectural enhancements we need to make to Jitsi to support this.

  The first insight that will make this possible is to realize that in a streaming scenario, while the conference’s active participants need to know that they are being watched by an audience, they don’t need to know all the audience members’ identities or presence in real-time; nor do the audience members need to know about each other.  Thus, the system can be modified such that presence information about individual audience members is not sent to other conference participants, or to unnecessary parts of the backend; this reduces the amount of signaling traffic substantially.

  The second substantial change that we are making to the backend is to be able to have more sophisticated topologies for the Jitsi Videobridges to relay media among them.  Currently, when more than one Jitsi Videobridge is used in a conference (in Jitsi’s Octo/Relay technology), the bridges are connected to each other in a full mesh.  This topology minimizes the latency for media, but would not scale to very large conferences, where e.g. hundreds of thousands of participants might need several hundred bridges.  If every bridge in such a conference were connected to every other one, the bridges could be overloaded just sending media out.

  Instead, we are developing technology that can arrange bridges into more elaborate topologies.  In particular, our plan for very large conferences is to still have the conference’s active participants be connected to bridges which are arranged in a mesh; but the audience members would then be connected to bridges whose interconnection forms a tree extending from various nodes of the core mesh, so that the core media servers would only need to send media out to a limited number of connections to the audience’s bridges, which would then be forwarded out to the audience, possibly relaying through multiple bridges on the way.

  

  Finally, changes need to be made for the signaling servers used by the Jitsi back-end.  While information about audience members only needs to be propagated to selected back-end infrastructure servers, information about a conference’s active participants needs to be forwarded to the entire audience.  The existing XMPP servers that the Jitsi back-end uses aren’t designed for this level of load.  Thus, we are developing solutions such that this participant information can be mirrored from one XMPP server to another, allowing each server to handle only a manageable number of client connections while still getting the information to the entire audience quickly.

  Stay tuned!

  Your personal meetings team.

  ---

  Author: Jonathan Lennox

  The post Low-latency conference streaming to very large audiences appeared first on Jitsi.

November 08, 2022

• Digium UCaaS as PBX Replacement: Part 2

  In my last blog, I wrote about a customer just wanting basic PBX features from “25 years ago” and whether it was possible to buy a business phone system today that would be able to effectively replace one of these older systems.

  The answer is “of course you can get a phone system” that handles the PBX feature requirements from 25 years ago. And it will do exactly what you want it to do, and are used to doing, in terms of calling and call routing and audio conferencing and voice mail, etc. And it can still be on-premises if you wish, but it can also run in the cloud. And you can use a handset just like your current system has. If this is what you want, we have it.

  But it will also come with other features, or the ability to add these features, because that is what many customers want today:

  • Chat
  • Presence
  • Video calling
  • Mobility (Calling to and from your smartphone and laptop)
  • Integrations to CRM systems
  • Ability to customize via adding applications (such as notification apps)

  So don’t be confused and don’t be afraid to upgrade because of the marketing buzzwords used today. You’ll have all your old features, but you’ll be able to use these new features as well. For instance, the mobility feature allows your business phone number to follow you around on your laptop and Smartphone – it will make you “look bigger” to your customers since you’ll be reachable more easily.

  Upgrade so you don’t put your business at risk because of a potentially failing old system. Come talk to us and we’ll be happy to help. PBXs are there today, just in different clothing.

  The post UCaaS as PBX Replacement: Part 2 appeared first on Sangoma Technologies.

November 03, 2022

• Digium Business Voice+ Named Cloud Computing Product of the Year by Cloud Computing Magazine

  We proudly announce that Business Voice+ was named the Cloud Computing Product of the Year Award, presented by Cloud Computing Magazine.

  Business Voice+ is Sangoma’s pure cloud deployment platform. Designed for businesses who want peerless call quality, communications flexibility, and exceptional system support, Business Voice is the perfect, zero-hardware option. With Business Voice, your business can leverage the power of a complete, end-to-end system from an intuitive, browser-based interface.

  The Cloud Computing Product of the Year Award honors vendors with the most innovative, practical, and beneficial cloud products and services deployed within the past year.

  Learn more about Business Voice+!

  The post Business Voice+ Named Cloud Computing Product of the Year by Cloud Computing Magazine appeared first on Sangoma Technologies.

October 31, 2022

• Digium UCaaS and the Education Industry: Equip Your School with Cutting-Edge Communications

  With Sangoma’s Education Solutions, School is Never Out for the Summer

  Education requires total commitment, and for good reason. After all, it involves nothing less than preparing young people for lifelong personal and professional success. Considering the stakes, school systems should prioritize high-quality and worry-free communications, but all too often they face challenges implementing and supporting the latest in telephony. Let’s explore why.

  Barriers to High-Quality School Communication

  School administrators are often confronted with funding shortfalls and end up scrapping IT investments. If that isn’t bad enough, many schools don’t have a permanent IT professional on staff, which means critical communications infrastructure goes unmaintained and improvements fall to the wayside.

  On top of this, user-friendliness inhibits the successful implementation of next-generation communications systems. Educators need systems they can easily pick up and run with, especially given the fact that “13.8 percent of U.S. teachers are either leaving their school or the profession altogether.” With this in mind, it’s clear that successful systems can’t require a steep learning curve. Educators need a solution that lets them focus on what matters most: teaching! 

  Thankfully, there is a solution that overcomes these not-so-insignificant barriers: Unified Communications as a Service (UCaaS). 

  What is UCaaS?

  Educators require an easy way to interact with parents, administrators, students, and coworkers. Many schools have answered that call by discarding existing telephony for cutting-edge voice over internet protocol (VoIP) solutions that pair high-quality voice with unified communication (UC) tools to create UCaaS systems. Uniting technologies like voice, video conferencing, instant messaging, email, SMS, and fax into a single platform, UCaaS is an affordable and customizable system that adapts to the needs of any school network. It can also have hugely positive implications for an organization’s overall effectiveness and culture, with recent survey data showing UCaaS translating to better productivity for 72% of respondents, higher collaboration for 91%, and faster problem solving for 88%.

  Ditch “Old-School” Methods

  “Parent notes” are a critical tool for keeping parents informed, but how often are they left in backpacks, found on the floor of the bus, or worse – eaten by the dog? With UCaaS in an educator’s corner, teachers can ditch these types of archaic communication methods in favor of crystal-clear voice or high-resolution video. Whether it be a one-on-one call with a co-worker or student, or a group video conference with parents, the flexibility maximizes the effectiveness of a school’s messaging by supporting whichever channel works best for the stakeholders involved. And this is just one example; the possibilities are practically endless when technology is on your side. 

  User-Friendly, Affordable Communications are as

  Easy as 1, 2, 3

  As a seasoned IT vendor successfully equipping schools with the best communication solutions for years, Sangoma has discovered an ideal way forward. By striking a much-needed balance through “must have” features while also remaining affordable, we ensure that schools will never be “out for the summer” or any other season when they work with us. 

  “It looks like we are saving about $400 a month so far,” said Sadie O’Brien, IT director for the Shiocton School District, after deciding to transition to [Sangoma] Switchvox.

  By eliminating up-front costs, Sangoma UC expertly walks the fine line between offering advanced communication features without straining an institution’s IT funding. Additional savings are gained from low annual fees, and the solution operates through an all-inclusive pricing model. This fixed, consistent, subscription-style billing structure fits comfortably within school system budgets. 

  What’s in it for You?

  Sangoma UC doesn’t just solve problems created by sparse technology budgets, it also addresses the administrative challenges faced by these institutions. The system can be administered via a single computer connected to the network – with no coding required. Everything is geared toward lowering the learning curve and easing the burden for education professionals right from the get-go. Let’s take a closer look at how it can impact some of the primary stakeholders within a given school district: 

  IT Professionals: IT support staff gain major advantages with Sangoma UC in that it requires no special software, hardware, or license keys – meaning there’s nothing to download or install. The entire system can be managed through a single pane of glass with customizable views and widgets. With a subscription-based model, dealing with lengthy updates or cumbersome maintenance becomes a thing of the past, instead transitioning to the vendor’s responsibility. 

  Teachers: The typical teacher is overworked and overwhelmed, meaning that any technology they use must always help, never hinder. Sangoma UC is simple and intuitive enough that teachers can simply pick it up and immediately start taking advantage of its mobility features, dedicated conference rooms, and more. 

  Administrators: Administrators within school districts have a lot on their plates – from tracking absences, to managing calls from parents and staff, to sending out alerts and emergency messages. Sangoma streamlines these workflows considerably with a full suite of easy-to-learn features, such as IVR, auto attendant, receptionist console, mobile and desktop apps, and RAY BAUM compliance.

  Move Education into the Future with Sangoma

  As a 100% web-based system, Sangoma UC centralizes communications and ensures access to all messages, applications, and tools, regardless of where users are or what device they’re using. 

  Having equipped more than 1,000 schools, we’re well aware of the communication challenges faced by school districts. This includes chronic problems with funding, adequate IT support, and the pressing need for high-quality anytime/anywhere connections between students, teachers, and parents. However, through our UCaaS system, schools can equip themselves with cutting-edge communications that provide comprehensive benefits for less time and effort. 

  Want to learn more about Sangoma and how it can transform your district? Download our free eBook today!

  The post UCaaS and the Education Industry: Equip Your School with Cutting-Edge Communications appeared first on Sangoma Technologies.

• Enable Security Celebrations, presentations and new VoIP security tools
  Welcome to a jam-packed edition of RTCSec newsletter for October. What have we this month? In this edition, we cover: This very newsletter is one year old! We’re looking for freelance pentesters to join us This time, 12 years ago in VoIP security incidents (Sality botnet scanning) Upcoming and past presentations of interest at TADSummit, CTI-Summit, Blackhat & ClueCon WebRTC security news: the “most secure VoIP” award and censorship busting New VoIP security tools and workshop by Jose Luis Verdeguer (Pepelux) And various security advisories, and other reports of concern RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

October 26, 2022

• Enable Security RTCSec newsletter is one year old!
  Roughly a year ago, we sent out the first RTCSec newsletter and have been doing so every month. Each time, we have covered more and more of our favourite topics, VoIP and WebRTC security. And now, it has become our primary way of keep up to date with what is happening, and our most regular publication too. If you are not yet subscribed, do so at https://rtcsec.com/subscribe. The next one is out in a few days!

October 25, 2022

• Digium UCaaS as PBX Replacement: Part 1

  Yes, there are still business systems called “PBX’s” out there. These are on-premises business phone systems that basically just did calling in and out of a building, offered voice mail, could perform an audio conference call, could forward a call, and had a some ‘advanced” calling features like ring groups, or sending group messages (i.e. recording a message, and then sending it to a group of people – like an email but you recorded the email), or call screening. The phone system that ran the business if you will.

  And they ruled the roost at one time. You learned many of the intricacies of these systems to be the most effective communicator out there, augmenting your email with these phone systems features.

  These systems are out there still. Not all have been upgraded yet. But they are old, and many of these systems are even out of maintenanace. Still chugging along…until they are not….
  As VoIP marched on and the internet networks became faster, other communication modes such as chat and video entered the fray, and the need to have the systems on-premises dissipated. Today’s UCaaS systems were born.

  And with it it came newfangled terminology. No more analog and digital. Seats, bandwidth, Unified Communications, trunking, hosted, cloud, multi-tenant, single-tenant, collaboration, single sign-on, UCaaS, mobility, and CPaaS are now typical words used.

  But this doesn’t mean the requirements of the PBXs of 25 years ago are different. The need to have a phone system that “runs the business” is still there. And I’ve had some prospects / customers kind of wondering what is going on – “can’t we just get a phone system?”. And these prospects have not upgraded since it’s kind of confusing to them. They want to, because they know the “chugging along” at some point will simply stop, but they don’t want to make a mistake, or buy something they won’t be able to work well.

  The answer is “of course you can get a phone system”. I’ll talk about this more in my next blog.

  The post UCaaS as PBX Replacement: Part 1 appeared first on Sangoma Technologies.

October 11, 2022

• Digium Let’s Revisit Hot Desking

  Back in June, I wrote a blog about hot desking. And I wrote at the time “But is hot desking of a physical phone an obsolete concept with Unified Communications? Does it even need to be in RFPs anymore? Because with UC, you can make and take phone calls with your work extension from your computer, or from your smartphone, via a UC client. I can do that no matter where I sit in the office.”

  Now, 4 months later, I got an email from a reader asking if I wanted to take that back because with the return to the office, many companies are going to hybrid models. Hybrid, to many, in addition to working both in the office and at home, means there are fewer offices. Because companies have downsized the physical space to save money.

  And now when you show up to the actual office, instead of going to a specific office or cubicle, you might just have to go find a place to sit. And so the phone at the “place to sit” is not hard wired with your extension. What I wrote is still valid and maybe even more-so if this is what hybrid means.

  What I will acknowledge, though, is that maybe there are some specific jobs where the company wants you on a deskphone, instead of on your smartphone, or the UC app. Security issues, for instance might come into play. So yes, I can see this being a part of RFPs with a hybrid environment if the use demands a physical phone while at the office.

  But if the UC client is used when working from home, what’s the difference if you are at home or in the office? Mobility is mobility. That’s all I’ll say.

  The post Let’s Revisit Hot Desking appeared first on Sangoma Technologies.

September 30, 2022

• François Marier Upgrading from chan_sip to res_pjsip in Asterisk 18

  After upgrading to Ubuntu Jammy and Asterisk 18.10, I saw the following messages in my logs:

  WARNING[360166]: loader.c:2487 in load_modules: Module 'chan_sip' has been loaded but was deprecated in Asterisk version 17 and will be removed in Asterisk version 21.
  WARNING[360174]: chan_sip.c:35468 in deprecation_notice: chan_sip has no official maintainer and is deprecated.  Migration to
  WARNING[360174]: chan_sip.c:35469 in deprecation_notice: chan_pjsip is recommended.  See guides at the Asterisk Wiki:
  WARNING[360174]: chan_sip.c:35470 in deprecation_notice: https://wiki.asterisk.org/wiki/display/AST/Migrating+from+chan_sip+to+res_pjsip
  WARNING[360174]: chan_sip.c:35471 in deprecation_notice: https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip
  

  and so I decided it was time to stop postponing the overdue migration of my working setup from chan_sip to res_pjsip.

  It turns out that it was not as painful as I expected, though the conversion script bundled with Asterisk didn't work for me out of the box.

  Debugging

  Before you start, one very important thing to note is that the SIP debug information you used to see when running this in the asterisk console (asterisk -r):

  sip set debug on
  

  now lives behind this command:

  pjsip set logger on
  

  SIP phones

  The first thing I migrated was the config for my two SIP phones (Snom 300 and Snom D715).

  The original config for them in sip.conf was:

  [2000]
  ; Snom 300
  type=friend
  qualify=yes
  secret=password123
  encryption=no
  context=full
  host=dynamic
  nat=no
  directmedia=no
  mailbox=10@internal
  vmexten=707
  dtmfmode=rfc2833
  call-limit=2
  disallow=all
  allow=g722
  allow=ulaw
  
  [2001]
  ; Snom D715
  type=friend
  qualify=yes
  secret=password456
  encryption=no
  context=full
  host=dynamic
  nat=no
  directmedia=yes
  mailbox=10@internal
  vmexten=707
  dtmfmode=rfc2833
  call-limit=2
  disallow=all
  allow=g722
  allow=ulaw
  

  and that became the following in pjsip.conf:

  [transport-udp]
  type = transport
  protocol = udp
  bind = 0.0.0.0
  external_media_address = myasterisk.dyn.example.com
  external_signaling_address = myasterisk.dyn.example.com
  local_net = 192.168.0.0/255.255.0.0
  
  [2000]
  type = aor
  max_contacts = 1
  
  [2000]
  type = auth
  username = 2000
  password = password123
  
  [2000]
  type = endpoint
  context = full
  dtmf_mode = rfc4733
  disallow = all
  allow = g722
  allow = ulaw
  direct_media = no
  mailboxes = 10@internal
  auth = 2000
  outbound_auth = 2000
  aors = 2000
  
  [2001]
  type = aor
  max_contacts = 1
  
  [2001]
  type = auth
  username = 2001
  password = password456
  
  [2001]
  type = endpoint
  context = full
  dtmf_mode = rfc4733
  disallow = all
  allow = g722
  allow = ulaw
  direct_media = yes
  mailboxes = 10@internal
  auth = 2001
  outbound_auth = 2001
  aors = 2001
  

  The different direct_media line between the two phones has to do with how they each connect to my Asterisk server and whether or not they have access to the Internet.

  Internal calls

  For some reason, my internal calls (from one SIP phone to the other) didn't work when using "aliases". I fixed it by changing this blurb in extensions.conf from:

  [speeddial]
  exten => 1000,1,Dial(SIP/2000,20)
  exten => 1001,1,Dial(SIP/2001,20)
  

  to:

  [speeddial]
  exten => 1000,1,Dial(${PJSIP_DIAL_CONTACTS(2000)},20)
  exten => 1001,1,Dial(${PJSIP_DIAL_CONTACTS(2001)},20)
  

  I have not yet dug into what this changes or why it's necessary and so feel free to leave a comment if you know more here.

  PSTN trunk

  Once I had the internal phones working, I moved to making and receiving phone calls over the PSTN, for which I use VoIP.ms with encryption.

  I had to change the following in my sip.conf:

  [general]
  register => tls://555123_myasterisk:password789@vancouver2.voip.ms
  externhost=myasterisk.dyn.example.com
  localnet=192.168.0.0/255.255.0.0
  tcpenable=yes
  tlsenable=yes
  tlscertfile=/etc/asterisk/asterisk.cert
  tlsprivatekey=/etc/asterisk/asterisk.key
  tlscapath=/etc/ssl/certs/
  
  [voipms]
  type=peer
  host=vancouver2.voip.ms
  secret=password789
  defaultuser=555123_myasterisk
  context=from-voipms
  disallow=all
  allow=ulaw
  allow=g729
  insecure=port,invite
  canreinvite=no
  trustrpid=yes
  sendrpid=yes
  transport=tls
  encryption=yes
  

  to the following in pjsip.conf:

  [transport-tls]
  type = transport
  protocol = tls
  bind = 0.0.0.0
  external_media_address = myasterisk.dyn.example.com
  external_signaling_address = myasterisk.dyn.example.com
  local_net = 192.168.0.0/255.255.0.0
  cert_file = /etc/asterisk/asterisk.cert
  priv_key_file = /etc/asterisk/asterisk.key
  ca_list_path = /etc/ssl/certs/
  method = tlsv1_2
  
  [voipms]
  type = registration
  transport = transport-tls
  outbound_auth = voipms
  client_uri = sip:555123_myasterisk@vancouver2.voip.ms
  server_uri = sip:vancouver2.voip.ms
  
  [voipms]
  type = auth
  password = password789
  username = 555123_myasterisk
  
  [voipms]
  type = aor
  contact = sip:555123_myasterisk@vancouver2.voip.ms
  
  [voipms]
  type = identify
  endpoint = voipms
  match = vancouver2.voip.ms
  
  [voipms]
  type = endpoint
  context = from-voipms
  disallow = all
  allow = ulaw
  allow = g729
  from_user = 555123_myasterisk
  trust_id_inbound = yes
  media_encryption = sdes
  auth = voipms
  outbound_auth = voipms
  aors = voipms
  rtp_symmetric = yes
  rewrite_contact = yes
  send_rpid = yes
  timers = no
  

  The TLS method line is needed since the default in Debian OpenSSL is too strict. The timers line is to prevent outbound calls from getting dropped after 15 minutes.

  Finally, I changed the Dial() lines in these extensions.conf blurbs from:

  [from-voipms]
  exten => 5551231000,1,Goto(2000,1)
  exten => 2000,1,Dial(SIP/2000&SIP/2001,20)
  exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
  exten => 2000,n,Hangup
  exten => in2000-BUSY,1,VoiceMail(10@internal,su)
  exten => in2000-BUSY,n,Hangup
  exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
  exten => in2000-CONGESTION,n,Hangup
  exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
  exten => in2000-CHANUNAVAIL,n,Hangup
  exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
  exten => in2000-NOANSWER,n,Hangup
  exten => _in2000-.,1,Hangup(16)
  
  [pstn-voipms]
  exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _1NXXNXXXXXX,n,Dial(SIP/voipms/${EXTEN})
  exten => _1NXXNXXXXXX,n,Hangup()
  exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _NXXNXXXXXX,n,Dial(SIP/voipms/1${EXTEN})
  exten => _NXXNXXXXXX,n,Hangup()
  exten => _011X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _011X.,n,Authenticate(1234)
  exten => _011X.,n,Dial(SIP/voipms/${EXTEN})
  exten => _011X.,n,Hangup()
  exten => _00X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _00X.,n,Authenticate(1234)
  exten => _00X.,n,Dial(SIP/voipms/${EXTEN})
  exten => _00X.,n,Hangup()
  

  to:

  [from-voipms]
  exten => 5551231000,1,Goto(2000,1)
  exten => 2000,1,Dial(PJSIP/2000&PJSIP/2001,20)
  exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
  exten => 2000,n,Hangup
  exten => in2000-BUSY,1,VoiceMail(10@internal,su)
  exten => in2000-BUSY,n,Hangup
  exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
  exten => in2000-CONGESTION,n,Hangup
  exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
  exten => in2000-CHANUNAVAIL,n,Hangup
  exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
  exten => in2000-NOANSWER,n,Hangup
  exten => _in2000-.,1,Hangup(16)
  
  [pstn-voipms]
  exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _1NXXNXXXXXX,n,Dial(PJSIP/${EXTEN}@voipms)
  exten => _1NXXNXXXXXX,n,Hangup()
  exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _NXXNXXXXXX,n,Dial(PJSIP/1${EXTEN}@voipms)
  exten => _NXXNXXXXXX,n,Hangup()
  exten => _011X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _011X.,n,Authenticate(1234)
  exten => _011X.,n,Dial(PJSIP/${EXTEN}@voipms)
  exten => _011X.,n,Hangup()
  exten => _00X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _00X.,n,Authenticate(1234)
  exten => _00X.,n,Dial(PJSIP/${EXTEN}@voipms)
  exten => _00X.,n,Hangup()
  

  Note that it's not just replacing SIP/ with PJSIP/, but it was also necessary to use a format supported by pjsip for the channel since SIP/trunkname/extension isn't supported by pjsip.

• Enable Security DDoS workshop at TADSummit, toll fraud via MS Teams Direct Routing and WebRTC news
  This month brings us yet another crammed newsletter all about real-time communications security. So without further ado, welcome to the RTCSec newsletter for September 2022! In this edition, we cover: An upcoming open position at Enable Security and what we’re brewing for 2023 Our talk at TADSummit 2022 and the DDoS workshop Commentary about OpenSIPS Summit and Kamailio World Details about how MS Teams Direct Routing may lead to toll fraud Abuse of the exec modules in Kamailio and OpenSIPS WebRTC related news, about CVE-2022-2294, coturn, Scanbox malware and Cloudflare And much much more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.
• François Marier Setting up a JMP SIP account on Asterisk

  JMP offers VoIP calling via XMPP, but it's also possibly to use the VoIP using SIP.

  The underlying VoIP calling functionality in JMP is provided by Bandwidth, but their old Asterisk instructions didn't quite work for me. Here's how I set it up in my Asterisk server.

  Get your SIP credentials

  After signing up for JMP and setting it up in your favourite XMPP client, send the following message to the cheogram.com gateway contact:

  reset sip account
  

  In response, you will receive a message containing:

  • a numerical username
  • a password (e.g. three lowercase words separated by spaces)

  Add SIP account to your Asterisk config

  First of all, I added the following to my /etc/asterisk/pjsip.conf:

  [transport-udp]
  type = transport
  protocol = udp
  bind = 0.0.0.0
  external_media_address = myasterisk.dyn.example.com
  external_signaling_address = myasterisk.dyn.example.com
  local_net = 192.168.0.0/255.255.0.0
  
  [jmp]
  type = registration
  contact_user = 5554561000
  transport = transport-udp
  outbound_auth = jmp
  client_uri = sip:5554561000@jmp.cbcbc7.auth.bandwidth.com:5008
  server_uri = sip:jmp.cbcbc7.auth.bandwidth.com:5008
  
  [jmp]
  type = auth
  password = three secret words
  username = 5554561000
  
  [jmp]
  type = aor
  contact = sip:5554561000@jmp.cbcbc7.auth.bandwidth.com:5008
  
  [jmp]
  type = identify
  endpoint = jmp
  match = jmp.cbcbc7.auth.bandwidth.com
  
  [jmp]
  type = endpoint
  context = from-jmp
  dtmf_mode = rfc4733
  disallow = all
  allow = ulaw
  allow = g729
  auth = jmp
  outbound_auth = jmp
  aors = jmp
  rtp_symmetric = yes
  rewrite_contact = yes
  send_rpid = yes
  timers = no
  

  and for reference, here's the blurb for my Snom 300 SIP phone:

  [2000]
  type = aor
  max_contacts = 1
  
  [2000]
  type = auth
  username = 2000
  password = password123
  
  [2000]
  type = endpoint
  context = full
  dtmf_mode = rfc4733
  disallow = all
  allow = g722
  allow = ulaw
  mailboxes = 10@internal
  auth = 2000
  outbound_auth = 2000
  aors = 2000
  

  I checked that the registration was successful by running asterisk -r and then typing:

  pjsip set logger on
  

  before reloading the configuration using:

  reload
  

  Create Asterisk extensions to send and receive calls

  Once I got registration to work, I hooked this up with my other extensions so that I could send and receive calls using my JMP number.

  In /etc/asterisk/extensions.conf, I added the following:

  [from-jmp]
  include => home
  exten => s,1,Goto(2000,1)
  

  where home is the context which includes my local SIP devices and 2000 is the extension I want to ring.

  Then I added the following to enable calls to any destination within the North American Numbering Plan:

  [pstn-jmp]
  exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <username>)
  exten => _1NXXNXXXXXX,n,Dial(PJSIP/${EXTEN}@jmp)
  exten => _1NXXNXXXXXX,n,Hangup()
  exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <username>)
  exten => _NXXNXXXXXX,n,Dial(PJSIP/1${EXTEN}@jmp)
  exten => _NXXNXXXXXX,n,Hangup()
  

  Here username is my bwsip numerical username. When calls are placed, this gets automatically swapped in by my real JMP phone number, but Bandwidth appears to require its users to use their username in there caller ID string.

  For reference, here's the rest of my dialplan in /etc/asterisk/extensions.conf:

  [general]
  static=yes
  writeprotect=no
  clearglobalvars=no
  
  [public]
  exten => _X.,1,Hangup(3)
  
  [sipdefault]
  exten => _X.,1,Hangup(3)
  
  [default]
  exten => _X.,1,Hangup(3)
  
  [internal]
  include => home
  
  [full]
  include => internal
  include => pstn-jmp
  exten => 707,1,VoiceMailMain(10@internal)
  
  [home]
  exten => 2000,1,Dial(PJSIP/2000,20)
  exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
  exten => 2000,n,Hangup
  exten => in2000-BUSY,1,VoiceMail(10@internal,su)
  exten => in2000-BUSY,n,Hangup
  exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
  exten => in2000-CONGESTION,n,Hangup
  exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
  exten => in2000-CHANUNAVAIL,n,Hangup
  exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
  exten => in2000-NOANSWER,n,Hangup
  exten => _in2000-.,1,Hangup(16)
  

  Firewall

  Finally, I opened a few ports in my firewall by putting the following in /etc/network/iptables.up.rules:

  # SIP and RTP on UDP (jmp.cbcbc7.auth.bandwidth.com)
  -A INPUT -s 67.231.2.13/32 -p udp --dport 5008 -j ACCEPT
  -A INPUT -s 216.82.238.135/32 -p udp --dport 5008 -j ACCEPT
  -A INPUT -s 67.231.2.13/32 -p udp --sport 5004:5005 --dport 10001:20000 -j ACCEPT
  -A INPUT -s 216.82.238.135/32 -p udp --sport 5004:5005 --dport 10001:20000 -j ACCEPT
  

September 27, 2022

• Digium Sangoma Announces Shipment of Its One Millionth Desk Phone

  

  Wow, we just shipped our one millionth phone! Over 10 years ago, Sangoma (and Digium) decided that having a seamless end-to-end Unified Communication system was important. And at that time, end to end system meant just the phone and the UC systems. So, we decided to release our own phones.

  These days, a UC system includes Sangoma’s UCaaS service (or on-premises version), the desk phone, mobile and desktop client software, Sangoma’s collaboration-as-a-service client (TeamHub), and Sangoma’s video meetings service (Sangoma Meet).

  The UC industry has come quite a long way in 10 years, but the phone is still part of the system, especially for brick-and-mortar businesses. And we are proud to serve all of these customers.

  As I said in the press release about this news, “Many of our customers use both desk phones as well as our mobile and desktop clients to communicate. And since we manufacture our own desk phones and develop our own cloud communications software, we are able to provide deep integration between our phones and our cloud communications services, in a way that other phone manufacturers or UCaaS companies simply cannot do. This kind of integration has contributed to the successful growth of this important product line at Sangoma, differentiating us from our competitors and leading to this one-million-unit milestone.“

  So, thank you to all the users of these phones, the distributors who fulfilled these phones, and the resellers who put our solutions into the end-user businesses. Let’s count the next million.

  The post Sangoma Announces Shipment of Its One Millionth Desk Phone appeared first on Sangoma Technologies.

September 25, 2022

• François Marier Using a Let's Encrypt TLS certificate with Asterisk 16.2

  In order to fix the following error after setting up SIP TLS in Asterisk 16.2:

  asterisk[8691]: ERROR[8691]: tcptls.c:966 in __ssl_setup: TLS/SSL error loading cert file. <asterisk.pem>
  

  I created a Let's Encrypt certificate using certbot:

  apt install certbot
  certbot certonly --standalone -d hostname.example.com
  

  To enable the asterisk user to load the certificate successfuly (it doesn't have permission to access the certificates under /etc/letsencrypt/), I copied it to the right directory:

  cp /etc/letsencrypt/live/hostname.example.com/privkey.pem /etc/asterisk/asterisk.key
  cp /etc/letsencrypt/live/hostname.example.com/fullchain.pem /etc/asterisk/asterisk.cert
  chown asterisk:asterisk /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  chmod go-rwx /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  

  Then I set the following variables in /etc/asterisk/sip.conf:

  tlscertfile=/etc/asterisk/asterisk.cert
  tlsprivatekey=/etc/asterisk/asterisk.key
  

  Automatic renewal

  The machine on which I run asterisk has a tricky Apache setup:

  • a webserver is running on port 80
  • port 80 is restricted to the local network

  This meant that the certbot domain ownership checks would get blocked by the firewall, and I couldn't open that port without exposing the private webserver to the Internet.

  So I ended up disabling the built-in certbot renewal mechanism:

  systemctl disable certbot.timer certbot.service
  systemctl stop certbot.timer certbot.service
  

  and then writing my own script in /etc/cron.daily/certbot-francois:

  #!/bin/bash
  TEMPFILE=`mktemp`
  
  # Stop Apache and backup firewall.
  /bin/systemctl stop apache2.service
  /usr/sbin/iptables-save > $TEMPFILE
  
  # Open up port 80 to the whole world.
  /usr/sbin/iptables -D INPUT -j LOGDROP
  /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  /usr/sbin/iptables -A INPUT -j LOGDROP
  
  # Renew all certs.
  /usr/bin/certbot renew --quiet
  
  # Restore firewall and restart Apache.
  /usr/sbin/iptables -D INPUT -p tcp --dport 80 -j ACCEPT
  /usr/sbin/iptables-restore < $TEMPFILE
  /bin/systemctl start apache2.service
  
  # Copy certificate into asterisk.
  cp /etc/letsencrypt/live/hostname.example.com/privkey.pem /etc/asterisk/asterisk.key
  cp /etc/letsencrypt/live/hostname.example.com/fullchain.pem /etc/asterisk/asterisk.cert
  chown asterisk:asterisk /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  chmod go-rwx /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  
  # Commit changes to etckeeper and restart asterisk.
  pushd /etc/ > /dev/null
  /usr/bin/git add letsencrypt asterisk
  DIFFSTAT="$(/usr/bin/git diff --cached --stat)"
  if [ -n "$DIFFSTAT" ] ; then
      /usr/bin/git commit --quiet -m "Renewed letsencrypt certs." letsencrypt asterisk
      echo "$DIFFSTAT"
      /bin/systemctl restart asterisk.service
  fi
  popd > /dev/null
  

September 23, 2022

• François Marier Encrypted connection between SIP phones using Asterisk

  Here is the setup I put together to have two SIP phones connect together over an encrypted channel. Since the two phones do not support encryption, I used Asterisk to provide the encrypted channel over the Internet.

  Installing Asterisk

  First of all, each VoIP phone is in a different physical location and so I installed an Asterisk server in each house.

  One of the server is a Debian stretch machine and the other runs Ubuntu bionic 18.04. Regardless, I used a fairly standard configuration and simply installed the asterisk package on both machines:

  apt install asterisk
  

  SIP phones

  The two phones, both Snom 300, connect to their local asterisk server on its local IP address and use the same details as I have put in /etc/asterisk/sip.conf:

  [1000]
  type=friend
  qualify=yes
  secret=password1
  encryption=no
  context=internal
  host=dynamic
  nat=no
  canreinvite=yes
  mailbox=1000@internal
  vmexten=707
  dtmfmode=rfc2833
  call-limit=2
  disallow=all
  allow=g722
  allow=ulaw
  

  Dialplan and voicemail

  The extension number above (1000) maps to the following configuration blurb in /etc/asterisk/extensions.conf:

  [home]
  exten => 1000,1,Dial(SIP/1000,20)
  exten => 1000,n,Goto(in1000-${DIALSTATUS},1)
  exten => 1000,n,Hangup
  exten => in1000-BUSY,1,VoiceMail(1000@mailboxes,su)
  exten => in1000-BUSY,n,Hangup
  exten => in1000-CONGESTION,1,VoiceMail(1000@mailboxes,su)
  exten => in1000-CONGESTION,n,Hangup
  exten => in1000-CHANUNAVAIL,1,VoiceMail(1000@mailboxes,su)
  exten => in1000-CHANUNAVAIL,n,Hangup
  exten => in1000-NOANSWER,1,VoiceMail(1000@mailboxes,su)
  exten => in1000-NOANSWER,n,Hangup
  exten => _in1000-.,1,Hangup(16)
  

  the internal context maps to the following blurb in /etc/asterisk/extensions.conf:

  [internal]
  include => home
  include => iax2users
  exten => 707,1,VoiceMailMain(1000@mailboxes)
  

  and 1000@mailboxes maps to the following entry in /etc/asterisk/voicemail.conf:

  [mailboxes]
  1000 => 1234,home,person@email.com
  

  (with 1234 being the voicemail PIN).

  Encrypted IAX links

  In order to create a virtual link between the two servers using the IAX protocol, I created user credentials on each server in /etc/asterisk/iax.conf:

  [iaxuser]
  type=user
  auth=md5
  secret=password2
  context=iax2users
  allow=g722
  allow=speex
  encryption=aes128
  trunk=no
  

  then I created an entry for the other server in the same file:

  [server2]
  type=peer
  host=server2.dyn.fmarier.org
  auth=md5
  secret=password2
  username=iaxuser
  allow=g722
  allow=speex
  encryption=yes
  forceencrypt=yes
  trunk=no
  qualify=yes
  

  The second machine contains the same configuration with the exception of the server name (server1 instead of server2) and hostname (server1.dyn.fmarier.org instead of server2.dyn.fmarier.org).

  Speed dial for the other phone

  Finally, to allow each phone to ring one another by dialing 2000, I put the following in /etc/asterisk/extensions.conf:

  [iax2users]
  include => home
  exten => 2000,1,Set(CALLERID(all)=Francois Marier <2000>)
  exten => 2000,2,Dial(IAX2/server1/1000)
  

  and of course a similar blurb on the other machine:

  [iax2users]
  include => home
  exten => 2000,1,Set(CALLERID(all)=Other Person <2000>)
  exten => 2000,2,Dial(IAX2/server2/1000)
  

  Firewall rules

  Since we are using the IAX protocol instead of SIP, there is only one port to open in /etc/network/iptables.up.rules for the remote server:

  # IAX2 protocol
  -A INPUT -s x.x.x.x/y -p udp --dport 4569 -j ACCEPT
  

  where x.x.x.x/y is the IP range allocated to the ISP that the other machine is behind.

  If you want to restrict traffic on the local network as well, then these ports need to be open for the SIP phone to be able to connect to its local server:

  # VoIP phones (internal)
  -A INPUT -s 192.168.1.3/32 -p udp --dport 5060 -j ACCEPT
  -A INPUT -s 192.168.1.3/32 -p udp --dport 10000:20000 -j ACCEPT
  

  where 192.168.1.3 is the static IP address allocated to the SIP phone.

• François Marier Connecting a VoIP phone directly to an Asterisk server

  On my Asterisk server, I happen to have two on-board ethernet boards. Since I only used one of these, I decided to move my VoIP phone from the local network switch to being connected directly to the Asterisk server.

  The main advantage is that this phone, running proprietary software of unknown quality, is no longer available on my general home network. Most importantly though, it no longer has access to the Internet, without my having to firewall it manually.

  Here's how I configured everything.

  Private network configuration

  On the server, I started by giving the second network interface a static IP address in /etc/network/interfaces:

  auto eth1
  iface eth1 inet static
      address 192.168.2.2
      netmask 255.255.255.0
  

  On the VoIP phone itself, I set the static IP address to 192.168.2.3 and the DNS server to 192.168.2.2. I then updated the SIP registrar IP address to 192.168.2.2.

  The DNS server actually refers to an unbound daemon running on the Asterisk server. The only configuration change I had to make was to listen on the second interface and allow the VoIP phone in:

  server:
      interface: 127.0.0.1
      interface: 192.168.2.2
      access-control: 0.0.0.0/0 refuse
      access-control: 127.0.0.1/32 allow
      access-control: 192.168.2.3/32 allow
  

  Finally, I opened the right ports on the server's firewall in /etc/network/iptables.up.rules:

  -A INPUT -s 192.168.2.3/32 -p udp --dport 5060 -j ACCEPT
  -A INPUT -s 192.168.2.3/32 -p tcp --dport 5060 -j ACCEPT
  -A INPUT -s 192.168.2.3/32 -p udp --dport 10000:20000 -j ACCEPT
  

  Network time synchronization

  In order for the phone to update its clock automatically using NTP, I installed chrony on the Asterisk server:

  apt install chrony
  

  then I configured it to listen on the private network interface and allow access from the VoIP phone by adding the following to /etc/chrony/conf.d/asterisk-local.conf:

  bindaddress 192.168.2.2
  allow 192.168.2.3
  

  Finally, I opened the right firewall port by adding a new rule to /etc/network/iptables.up.rules:

  -A INPUT -s 192.168.2.3 -p udp --dport 123 -j ACCEPT
  

  Accessing the admin page

  Now that the VoIP phone is no longer available on the local network, it's not possible to access its admin page. That's a good thing from a security point of view, but it's somewhat inconvenient.

  Therefore I put the following in my ~/.ssh/config to make the admin page available on http://localhost:8081 after I connect to the Asterisk server via ssh:

  Host asterisk
      LocalForward localhost:8081 192.168.2.3:80
  

  Allowing calls between local SIP devices

  Because this local device is not connected to the local network (192.168.1.0/24), it's unable to negotiate a direct media connection to any other local (i.e. one connected to the same Asterisk server) SIP device. What this means is that while calls might get connected successfully, by default, there will not be any audio in a call.

  In order for the two local SIP devices to be able to hear one another, we must enforce that all media be routed via Asterisk instead of going directly from one device to the other. This can be done using the directmedia directive (formerly canreinvite) in sip.conf:

  [1234]
  directmedia=no
  

  where 1234 is the extension of the phone.

September 15, 2022

• Digium Sangoma’s New Logo

  Sangoma is constantly evolving. And with it, our logo is evolving along with us.

  

  When we purchased Digium in 2018, we made a change to our logo and at that time, incorporated part of the Digium logo. But since that time, we’ve purchased VoIP Innovations, Star2Star, and now NetFortris. We are a different company since 2018, and we figured it was time for our logo come along. While our logo has changed, we still have the same pride and commitment to Asterisk (and FreePBX). Nothing has changed in that regard.

  What has changed is we’ve now grown into being a world-class Communications as a Service provider with over 70% recurring revenue. And through our partners we serve businesses ranging from SMBs to multi-location regional and national retail chains. It’s been truly awesome to have been part of this growth.

  And while we are probably most associated today with UCaaS and it’s nice to get accolades from Gartner and Frost and Sullivan about UCaaS, we also offer cloud services that complement UCaaS – Contact Center, Video Meetings, Collaboration, MSP services, CPaaS / Applications, Desktop as a Service, Access Control and Fax for example. We offer a wide range of Communications-as-a-Services, one we think is the broadest in the industry.

  And so we wanted to incorporate some kind of cloud element into our logo – to always have that in the background when people come to our website, when we’re presenting, etc. Because that’s who we are and who we will continue to be. We are also a strong company in many ways – fiscally, determined, intrepid – and that steel blue color is meant to evoke that.

  Welcome to the new logo.

  The post Sangoma’s New Logo appeared first on Sangoma Technologies.

August 31, 2022

• Enable Security SIP ALG exploit hits Realtek SDK, our Attack Platform and holidays
  In the summer time, the weather is hot … August is usually a slow month in our part of the world and a good time to take a holiday and relax a bit. We tried that for ourselves and found out that the rumors are true, holidays are not overrated. But, we didn’t stop for too long because, actually, we have news! In this edition, we cover: Our news about the Enable Security Attack Platform and Gasoline v2 Buffer overflow in Realtek’s SIP ALG affecting many many routers (CVE-2022-27255) More router exploitation leading to SIP credentials leakage (Arris / CVE-2022-31793) TLS ALPN identifier for SIP SELinux policies and Kamailio/OpenSIPS And more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

August 30, 2022

• Digium UCaaS & the Concept of “One-stop-shopping” for Other Required Communications Services

  Over the summer, I’ve written a few blogs about the Frost and Sullivan whitepaper called “Modern Cloud Communications Empower the Hybrid Workforce�. This will be my final blog about it. One other part of that whitepaper talked about Unified Communications and then about other communication services beyond just UC.

  Organizations adopting unified communications-as-a-service (UCaaS) show strong preference for one-stop shopping. They choose to purchase an array of correlated services from their cloud private branch exchange (PBX) provider:

  • 91% integrated meetings and messaging
  • 88% cybersecurity solutions
  • 88% device as a service
  • 85% SIP trunking
  • 84% MPLS
  • 82% SD-WAN
  • 78% integrated contact center
  • 42% calling plans

  This is really interesting since this has been Sangoma’s strategy for a long time!

  

  We have everything Frost and Sullivan writes about in our chart above. The three to the right on the chart (managed SD-WAN, managed network connectivity, and managed security) were obtained via our acquisition of NetFortris in March of this year.

  And that’s how I’ll end this blog series. Frost and Sullivan validating our strategy.

  To download the full Frost and Sullivan whitepaper to learn more about this, please go here.

  The post UCaaS & the Concept of “One-stop-shopping� for Other Required Communications Services appeared first on Sangoma Technologies.

August 29, 2022

• Digium Maximize Profitability and Boost Collaboration with Communications-as-a-Service (CaaS)

  Grow Business Benefits with a Full Suite of Customizable CaaS Solutions from Sangoma

  Communication is the lifeblood of every business, and thanks to recent technological innovations, global disruptions, and shifting market demands, virtual environments are essential for effective communication in the modern workplace. More companies are turning to the cloud to improve remote and hybrid collaboration, introduce new customer service channels, and lower IT costs. To explore what CaaS offers, download our new, free eBook today!

  Why CaaS?

  The key to achieving a seamless experience in the cloud is integration. Navigating between multiple applications, platforms, and cloud providers is cumbersome and creates silos that hinder communication and add complexity. Disparate systems also introduce security risks and associated costs to protect every application and device. Without integration, simply doing business is a recipe for profit loss.

  Gain a Competitive Advantage with a Complete CaaS Portfolio

  Communications-as-a-Service (CaaS), also called Unified Communications-as-a-Service (UCaaS), brings together voice, video, presence and chat, conferencing, virtual desktop, and other applications to create a simplified, interconnected environment where every communication tool works together effectively.

  With CaaS, companies can create and customize a secure, seamless digital workspace that improves collaboration and maximizes profitability with no hidden costs – all from a single cloud provider.

  CaaS Deployments for Any Business

  Whether an organization needs a single solution or a full suite, Sangoma’s end-to-end CaaS portfolio can address business communication needs and provide the right hardware and accessories to maximize performance and productivity. Customizable and comprehensive, Sangoma’s platforms offer flexible deployment options, secure integrations, and unified applications accessible from any device.

  With Sangoma’s one bill, one vendor approach, organizations no longer need to devote time and energy to navigating multiple cloud vendors with their own policies, procedures, and workflows. When businesses partner with Sangoma, they enjoy a reliable, consistent partnership with expert support when and where they need it.

  Collaboration Solutions

  Effective communication tools help companies collaborate effectively, which improves employee morale, productivity, and long-term profitability. Thankfully, Sangoma’s CaaS solutions are geared specifically toward enhancing collaboration amongst on-site and off-site teams, regardless of how they operate.

  Business Phones, Hardware, and Communities

  In addition to its many software and as-a-Service products, Sangoma stands apart from other providers by offering an array of hardware, phones, and other devices to support business goals. What’s more, Sangoma maintains an open-source community to help small businesses, enterprises, government agencies, and other organizations create and deploy communications apps.

  Businesses are constantly evolving, and with these additional services, Sangoma can act as a trustworthy, end-to-end partner as companies’ technology needs grow and change.

  Read More: Download our brand-new, free eBook to explore all that CaaS can do for your business

  The post Maximize Profitability and Boost Collaboration with Communications-as-a-Service (CaaS) appeared first on Sangoma Technologies.

August 16, 2022

• Digium Considerations for a Unified Communications Prem to Cloud Migration

  Some companies are considering the transition from an on-premise unified communication system to a UCaaS system. There could be various reasons, ranging from the age of the prem system, to not wanting to manage the on-site system anymore (manually update the system, etc.), to it being part of your company’s strategy to move as much support systems to the cloud, to you are growing and you want your system to scale better and support remote offices.

  No matter what, there are considerations.

  One consideration is are the features the same? Some UC features are “easier” in an on-prem system, and some features are older and maybe not available on a newer UCaaS system (fax, analog phones anyone?, hot desking/hoteling for example) so if you have some favorite features or key older technology to support, make sure you ask.

  Or maybe you’ve built some of your business processes to work with the on-prem system very tightly. Make sure you ask about that and don’t assume it will work.

  Also, maybe you already paid for your phones, so does the UCaaS system support the phones you have already invested in?

  And you should create a plan once you’e decided to do it. Make sure there is a transition period where the prem system and the cloud system are both there, and start the data migration (voice mails, etc.) first. Then there are the applications that interface to the phone system that need to be migrated over as well. And make sure your network can support this.

  If you are considering a migration, Sangoma is here to help you. Give us a call. We offer both on-premise and cloud Unified Communication systems, and have literally helped migrate hundreds if not thousands of businesses from prem to cloud.

  The post Considerations for a Unified Communications Prem to Cloud Migration appeared first on Sangoma Technologies.

August 09, 2022

• Digium What is UCaaS?

  Introduction

  Unified Communications as a Service (UCaaS) is a cloud-based solution that integrates communication features, applications, and services into one cohesive platform. By moving to a UCaaS platform, businesses can utilize the cloud’s mobility and scalability while reducing costs and increasing productivity. This article will go over what Unified Communications as a Service really means (and why it matters).

  What is UCaaS

  UCaaS is a term that refers to unified communications as a service. It’s an umbrella term for different communications services, including video conferencing and collaboration tools such as SangomaMeet and TeamHub.

  Businesses can utilize the cloud’s mobility and scalability by moving away from legacy components such as on-premise PBX systems. Additionally, most UCaaS systems enable your business phone number to be used by your smartphone and your laptop, enabling employees to work remotely very effectively.  By moving to a UCaaS platform, companies can save on upfront costs by deploying a pay-as-you-go approach to their business communications. The monthly cost of a UCaaS platform is usually lower than the monthly maintenance and service costs associated with on-premise systems, and there is no capital expenditure required for hardware or software purchases.

  Furthermore, with UCaaS, you don’t need to worry about purchasing new hardware or software every time you want to add new features; instead, you simply upgrade your subscription plan to gain access to new capabilities!

   

  Features of a UCaaS Platform

  A UCaaS platform has several features that make it stand out from other types of business phone systems. Let’s look at a few of the most important ones:
  

  • • Presence: This feature allows you to see which users are currently logged into the system and where they’re located in relation to your office, so you can call them when needed. It also displays indicators, such as, Do Not Disturb, Active, and Out of the Office.  
    • Mobility: The mobility feature allows you to stay connected regardless of your location. Through your office extension, you can make and receive calls, chat, and more with a softphone application on any device with an internet connection—a smartphone or tablet, for example—no matter where they are located as long as they have an internet connection. So you can work from home or from a remote location and still be able to use your office phone number!
    • Collaboration: Collaboration tools are designed specifically for sharing information among team members within one organization; these include chat rooms where people can type messages back-and-forth using text whenever needed instead of calling each other individually over the phone.
    • Unified Messaging: With unified messaging, users can manage many types of messages from a single application and switch communication modes on demand.
    • Video Conferencing: Stay connected with multiple users with conferencing. Conferencing allows a group of users to meet and speak via voice and/or video from multiple locations. This option is also available to outside organizations, partners, or clients. 

  UCaaS Benefits

  UCaaS offers a competitive advantage to businesses by reducing the number of independent tools, platforms, and solutions. It can streamline communications for organizations, regardless of size or industry. Because UCaaS integrates and optimizes all interactions, team collaboration and productivity are significantly improved, and the engagement of sales prospects, vendors, and customers. UCaaS facilitates: 

  • Increased collaboration between teams and departments
  • Improved security through centralized management of various communications devices and apps
  • Reduced costs due to the consolidation of messaging platforms into one centralized service
  • Reduced IT overhead since the cloud subscription enables security and other updates to be done by the cloud service, not by you.

  Why it Matters

  Businesses rely on communication tools to stay productive and competitive, and when it comes to motivating employees and increasing productivity, integrating communication tools empowers workers to handle multiple tasks quickly and efficiently. By integrating communications into one platform, companies can improve team collaboration and productivity while reducing costs. Brighten your future and improve your business communications with Sangoma’s UCaaS solutions and full-suite communication suite: (list products here?) 

  

   

  The post What is UCaaS? appeared first on Sangoma Technologies.

July 29, 2022

• Enable Security WebRTC 0day, FreePBX not Asterisk attacks and talks at MCH2022
  It is the end of the week as well as July and the RTCSec newsletter is in your inbox eagerly waiting to give you all the educational entertainment you need throughout the weekend! In this edition, we cover: Our TADSummit talk and SIPVicious PRO details FreePBX exploitation and confusing reports Remote coverage of the talks at the Dutch hacker camp CVE-2022-2294 - the vulnerability in the WebRTC project Vulnerabilities in Matrix, BigBlueButton, JunOS and more Tweet of the month on VoIP phone hardware hacking RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

July 28, 2022

• Digium How to Deploy or Migrate to UCaaS the Smart Way

  Let’s face it: launching a UCaaS (Unified Communications as a Service) system from scratch can seem pretty daunting. This type of cloud phone system incorporates many different types of communication / collaboration services to help your business succeed. Whether you’re talking about voice, video, messaging, meetings, presence or team-based collaboration, they’re all traditionally available as options.

  And while the hallmark of a UCaaS environment is its ability to bring together all of these elements, there are many (frequently overwhelming) considerations you have to make on the back end to determine if and how it can work for you. Then, there are past investments. Over the years, many businesses like yours have spent significant time and money toward implementing many traditional communication and collaboration options that are now outdated for the modern landscape.

  Previous choices, however, should not complicate matters when considering when, how and why to make that jump to an all-encompassing UCaaS infrastructure.

  Choose the UCaaS for YOUR Needs

  In most cases, your provider may be able to handle the dirty work for you. The key is to select the specific features and elements that your organization needs, and see what sorts of deployment options are available from the host.

  So … whether you’re starting out from scratch or migrating to a full-on – or even hybrid – UCaaS environment, most of this rollout involves the streamlining and automation of a la carte options.

  Consider Scalability …

  Communications and collaboration options abound, but are not all necessary in every business case. From a UCaaS perspective, it can be scaled as necessary, with features added or taken away in an a la carte fashion as your organization’s needs change. In other words, UCaaS allows you to establish custom communications infrastructure exactly as you need while also supporting future growth initiatives.

  For that reason, you should carefully evaluate the options and capabilities made available to you by the various providers, weighing them against your own unique needs.

  … While Embracing Flexibility

  One of UCaaS’ best traits is how optimal it is for remote and telework environments. This cloud-based system can be deployed across many different types of communication channels and devices. The flexibility it extends to YOUR deployment, however, should run so much deeper.

  In particular, focus on factors such as extending customer communications channels and streamlining CRM services with these options.

  Assessing Reliability

  With flexibility comes the need for reliability, a factor that can largely be out of many organizations’ control. Sadly, the stability of a UCaaS is largely tied to the state of your – and your remote workers’ – internet connection, as well as the relative strength of the service provider and UCaaS architecture that it provides.

  In most cases, the smart move is to choose a deployment that guarantees virtually unlimited uptime and availability, as well as geo-redundancy for better backup integrity. Many vendors claim accessibility to these. Reading customer and peer reviews, however, can often tell a different story.

  Focus on Real Time

  UCaaS users tend to be the most productive when they can communicate and collaborate consistently in real time, as if seated in the same room as one another.

  Weigh Cost Versus Benefit

  Like most extensive software deployments, the price tag will almost always play a factor. Choose a UCaaS system that gives you the most proverbial “bang for your buck,” weighing the critical features that you need against the feasible cost of their implementation.

  While it’s often good to take a chance, gaining access to the most sought-after features and elements for the lowest-available cost is almost always prudent.

  Have you considered the numerous features, capabilities and benefits that come as part of a comprehensive Sangoma UCaaS deployment? Visit www.Sangoma.com or call (877) 344-4861 for more information.

  The post How to Deploy or Migrate to UCaaS the Smart Way appeared first on Sangoma Technologies.

• Jitsi Enhanced noise suppression in Jitsi Meet

  For a while now Jitsi Meet has been using the RNNoise library to calculate voice audio detection scores for audio input tracks and leveraging those to implement functionality such as “talk while muted” and “noisy mic detection”. However, RNnoise also has the capability to denoise audio.

  In this article we’ll briefly go through the steps taken to implement noise suppression using RNnoise in Jitsi Meet.

  What’s RNNoise anyway?

  RNNoise, as the authors describe it, “​​combines classic signal processing with deep learning, but it’s small and fast”, this makes it perfect for real time audio and does a good job at denoising.

  It’s written in C which allows us to (relatively) easily use it on the Web by compiling it as a WASM module, that combined with a couple of optimizations gets us noise suppression functionality with very little added latency.

  Working with Audio Worklets

  Previously Jitsi Meet processed audio using ScriptProcessorNode which handles audio samples on the main UI thread. Because the audio track wasn’t altered and we simply extracted some information from a copy of the track, performance issues weren’t apparent. With noise suppression the track gets modified, so latency is noticeable, not to mention that any interference on the main UI thread will impact the audio quality, so we switched to audio worklets.

  Audio worklets run in a separate thread from the main UI thread, so samples can be processed without interference. We won’t go into the specifics of implementing one as there are plenty of awesome resources on the web such as: this and this. Our worklet implementation can be found here.

  Webpack integration

  Even though using an audio worklet looks fairly straightforward there were a couple of bumps along the road.

  First off, and probably the most frustrating part was making them work with webpack’s dev server.

  Long story short, the dev server has some neat features such as hot module replacement and live reloading, these rely on some bootstrap code added to the output JavaScript bundle. The issue here is that audio worklet code runs under the AudioWorkletGlobalScope’s context which doesn’t know anything about constructs like window, this or self, however the aforementioned boilerplate code makes ample use of them and there doesn’t seem to be a way to tell it that the context in which it’s running is a worklet.

  We tried several approaches but the solution that worked for us was to ignore the dev server bootstrap code altogether for the worklet’s entry point, which can be configured in webpack config as follows:

  module: { rules: [ ...config.module.rules,
              { test: resolve(__dirname, 'node_modules/webpack-dev-server/client'),
                loader: 'null-loader' } ] }

  That took care of the dev server, however production webpack bundling also introduced boilerplate which made use of the “forbidden” worklet objects, but in this case it’s easily configurable by specifying the following output options:

  output: { ...config.output, globalObject: 'AudioWorkletGlobalScope' }

  At this point we had a working worklet (pun intended) that didn’t break our development environment.

  WASM in audio worklets.

  Next came adding in the RNnoise WASM module. Jitisi uses RNnoise compiled with emscripten (more details in the project: https://github.com/jitsi/rnnoise-wasm). With the default settings the WASM module will load and compile asynchronously, however because the worklet loads without waiting for the resolution of promises we need to make everything synchronous, so we inline the WASM file by passing in  -s SINGLE_FILE=1 to emscripten and we also tell it to synchronously compile it with -s WASM_ASYNC_COMPILATION=0. With that in place everything will be loaded and ready to go when audio samples start coming in.

  Efficient audio processing.

  Audio processing in worklets happens on the process() callback method in the AudioWorkletProcessor implementation at a fixed rate of 128 samples (this can’t be configured as with ScriptProcessorNodes), however RNnoise expects 480 samples for each call to it’s denoise method rnnoise_process_frame.

  To make this work we implemented a circular buffer that minimizes copy operations for optimal performance. It works by having both the buffered samples and the ones that have already been denoised on the same Float32Array with a roll over policy. The full implementation can be found here.

  To summarize, we keep track of how many audio samples we have buffered, once we have enough of them (480 to be precise) we send a view of that data to RNnoise where it gets denoised in-place (i.e. no additional copies are required). At this point the circular buffer has a denoised part and possibly some residue samples that didn’t fit in the initial 480, which will get processed in the next iteration. The process repeats until we reach the end of the circular buffer at which point we simply start from the beginning and overwrite “stale” samples; we consider them stale because at this point they have already been denoised and sent.

  The worklet code gets compiled as a separate .js bundle and lazy loaded as needed.

  Use it in JaaS / using the iframe API
  

  If you are a JaaS customer (or are using Jitsi Meet through the iframe API) we have added an API command to turn this on programmatically too! Check it out.

  Check it out!

  In Jitsi Meet this feature can be activated by simply clicking on the Noise Suppression button.

  

  Since in this case a sound file is probably worth more than 1000 words, here is an audio sample  demonstrating the denoising:

  Original audio:

  
  

  Denoised audio:

  ---

    Your personal meetings team.

  Author: Andrei Gavrilescu

  The post Enhanced noise suppression in Jitsi Meet appeared first on Jitsi.

July 21, 2022

• Digium 10 Things Organizations Should Look for in Cloud-based Mobile Access Control

  In an earlier blog, we wrote about how cloud-based Mobile Access Control is disrupting the market at break-neck speed. Nowadays, savvy small and medium-sized businesses (SMBs) have discovered that cloud-based systems can deliver benefits for workplace security just as they do for business phone systems and communication tools. In fact, data shows that nearly 40% of end users have already deployed wireless door locks as part of their access control solution.

  There’s no doubt that users today demand seamless digital experiences, and cloud-native mobile access controls certainly help organizations satisfy these needs. Gaining quick access to doors, elevators, and turnstiles with a simple tap or swipe can make a big difference to users. And since most employees already have a smartphone on them at all times, it makes perfect sense. What’s more, administrators can more easily manage frequent activities such as adding or revoking privileges for new and departing employees or providing guest access. It’s a win-win!

  Like any technology, however, not all solutions are made equal. To ensure organizations get the most bang for the buck, we’ve put together the top ten things they should look for when considering different solutions. Let’s explore below:

  Innovative, All-in-One Solutions

  You’re likely already familiar with access control systems. But while legacy systems are cumbersome, requiring lag time to collect and distribute access components, cloud-based systems are quick and efficient, particularly when dealing with multiple job sites. Cloud-native controls are all-inclusive, including wireless door locks, sensors, software and controllers, which lets organizations implement a complete smart office system in one fell swoop.

  Easy Onboarding & Control

  Frequent tasks like onboarding employees or removing access can be tedious and time-consuming for a system administrator. But, on the other hand, cloud-native access control lets organizations automate processes for greater speed and efficiency. Administrators can also save time and effort with a system that can be controlled from the palm of their hand – from adjusting configurations to reviewing events. If the unlikely scenario occurs where an employee shows up without their phone, administrators can even remotely unlock the doors.

  User-friendly Mobile Apps

  With today’s access control systems, there is no need to purchase technology like key fobs. Instead, employees access their office through a designated mobile app, which works well considering that 93% of the U.S. population currently uses smartphones. Most people these days are already accustomed to conducting business with their personal devices: such as paying bills, sending money or verifying their identity – making it an easy learning curve. Within an app, employees can view the status of each door and swipe a small button to open it. The system then automatically resets the door status and logs the activity through the cloud.

  Flexible Access

  Administrators should be able to effortlessly add users, assign different permissions and access levels, or move access privileges to a different job site. Following installation, they should also enjoy significant flexibility in terms of how their employees enter their job site, as the system can work seamlessly – whether a business chooses to deploy a mobile app or distribute more traditional access control technology like cards or fobs.

  Cost-effective

  Adopting a completely wireless access control system, also referred to as Access Control as a Service (ACaaS), is typically an affordable option for businesses concerned with security. Cost-savings come from the system being quite simple to install and configure – never exceeding four hours! Oftentimes, ACaaS can leverage a business’s existing infrastructure, like using already-installed locks, which eliminates the need for extra wiring and their associated costs.

  Complete Workplace Security

  There is no need to fret about cybersecurity when implementing cloud-native access control. Seek out ACaaS technologies that use encrypted cloud-based technology to authenticate employee devices and activity. The system’s integrity is further enhanced by existing smartphone safety technology like facial and fingerprint recognition. Modern access control solutions are “contactless,” which also contributes to overall workplace safety. These systems reduce the need to touch key cards, fobs and door readers – reducing the spread of contagious contaminants.

  Integrated or Standalone Installation

  You’ve probably already realized that ACaaS is flexible enough to work well for any operation, even with pre-existing security setups. Whether you or your customer wants a fully wireless ACaaS solution or would prefer to seamlessly build upon previously installed infrastructure, it’s all possible with modern access control.

  Remote Management

  Administering modern access control technology should be done independent of location and from any connected device. Talk about the perfect option for the hybrid workforce! Whether in-office, at home or on the road, admins should have complete visibility into their system and total control over who’s accessing the office – all from their mobile phone.

  User Directory Integration

  Having an access control system that integrates with a user directory is a must. It allows for the intuitive configuration of user permissions, the establishment of groups and enables automatic provisioning via emails sent to users’ mobile devices.

  Smart & Secure! Smart Office Solutions from Sangoma

  Sangoma SmartOffice brings the best of advanced access control to users’ smartphones. Nearly every business has security considerations; yet many lack advanced access control. Employees may have a key or fob to get into the building, but this falls far short from the efficiency, security and affordability of Sangoma SmartOffice.

  Managed entirely through the convenience of the smartphone, SmartOffice operates over Wi-Fi or cellular connections to physically open locks. And since it is integrated with the Sangoma unified communications (UC) system, administrators can access user directory information to easily manage users, groups, and permissions for office access and the PBX from any location.

  Sangoma Cloud service powers SmartOffice, ensuring that every user and every action is properly authenticated within the system. Seeing as the solution also uses employee smartphones, SmartOffice integrates common mobile security features like password protection. These security protections work together seamlessly to guarantee only certified persons have access to the premises.

  Finally, as businesses grow, so too will SmartOffice. There is no limit to the number of wireless doors or mobile users that can be included. No matter how a company develops over time, SmartOffice can remain the foundation of its operational security.

  Want to explore improving your company’s security with SmartOffice? Contact us today!

  The post 10 Things Organizations Should Look for in Cloud-based Mobile Access Control appeared first on Sangoma Technologies.

July 19, 2022

• Digium Why Collaboration Tools Are Important

  In my last blog, I discussed “digital channels”, one of which are collaboration tools. Let’s take a closer look the importance of collaboration tools. Just take a look at this graphic.

  We’ve all been using collaboration and messaging tools as we’ve been working remotely. Or maybe we’ve been using them anyway since we work in a distributed workforce. For sure, I can say productivity is enhanced by messaging someone, and sharing documents.

  Frost and Sullivan feels the same way. As the whitepaper says: “Communications provide the connective tissue among diversified workforces—across departments, project teams, job roles, work locations and worker generations. Enabling a collaborative work environment can considerably strengthen employee bonds, enhance morale, improve the customer journey and drive workflow efficiencies.

  And this is why Sangoma has invested quite a bit in our own collaboration platform, TeamHub, which is part of our UC platforms. While an essential part of UC is certainly the smartphone and laptop business phone number mobility aspect, it is becoming increasingly apparent that collaboration and video meetings also now need to be part of the essential to UC offering. And if you are getting these from different vendors, you don’t truly have an integrated UC platform.

  To download the full Frost and Sullivan whitepaper to learn more about this, please go here.

  The post Why Collaboration Tools Are Important appeared first on Sangoma Technologies.

July 14, 2022

• Digium Envision it. Enable it. Control it. Wholesale SIP Trunking Lets Businesses Work Their Way

  There’s no doubt video conferencing and remote working have garnered a lot of attention over the last few years. Despite this, SIP-based voice services are still critical for businesses that are responsible for high volumes of call traffic. And because the SIP protocol enables internet-based telephony services to integrate with data networks and cloud-based services, businesses can build a more robust unified communications system.

  Wholesale SIP trunks are scalable and configurable on-demand connections for MSPs and ITSPs that wish to provide or sell hassle-free, high-value services to employees and customers. What’s more, those who manage communications for call centers and enterprise businesses can work directly with a SIP Trunk Provider or an MSP/ITSP to keep their organizations running seamlessly as they change or grow.

  Here are just a few of the benefits of Wholesale SIP Trunking and what you should look for when selecting a vendor:

  Flexibility is Key! Easily Curate Your Offerings

  If you’re responsible for procuring carrier services, wholesale SIP trunking provides freedom of choice so you can curate your offering, unlike retail SIP trunking with bundled offerings. SIP-related services can be selected à la carte and packaged together to deliver SIP services across geographically dispersed locations.

  Look for solutions with a single point of entry with wide coverage. We can’t stress this enough! Plus, avoid providers that require large minimum spending, carrier negotiations, or contracts to maintain. Flexibility enables you to deliver or achieve a high-performance unified communications network that creates value for businesses.

  Whether you’re an enterprise customer, ITSP or MSP, seek out a complete set of SIP trunking features to meet your requirements.

  Instantly Take Control of Day-to-Day Functions

  At the end of the day, flexibility and ease of use are worth their weight in gold. When selecting a vendor for wholesale SIP trunking services, ensure their solutions allow you to instantly take control of provisioning SIP trunks; adding, deleting or modifying services; porting local numbers; and managing billing and account changes.
  What’s more, look for vendors offering back-office access via a self-service portal or API so you can easily respond to shifting business requirements, adapt to new market conditions, and capitalize on new opportunities.

  Seek Out Turnkey Solutions

  Large enterprises use wholesale SIP trunking for their own purposes unlike ITSPs and MSPs that need to create offerings to sell to retail customers. MSPs should choose a solution they can trust to be ready on time and function with minimal disruption and risk. Having completed hundreds of deployments, Sangoma turnkey solutions and processes have proven to be reliable.

  Turnkey solutions will include all the service offerings the provider chooses, as well as hosted billing, wrapped together – fully integrated, complete, and ready to operate.

  The key benefits of turnkey solutions are:

  • Services that are easy to choose, configure and maintain
  • Reduced costs
  • A utility model lets you pay for what you use
  • Business continuity and resiliency
  • Fraud preventions
  • Texting
  • 911 Emergency services
  • Gets you up and going fast
  • Consolidated infrastructure
  • Hosted billing to handle number porting, billing, tax calculations, reporting and compliance (for service providers)
  • Self-serve portal (branded for the MSP)

  Achieve Your Vision

  Our wholesale SIP trunking team is focused on client satisfaction and helping you achieve your business goals. We respond quickly, give you professional advice, and ensure that every interaction with us is a great experience.

  Are you in an urgent situation? We can help you get up and running in under a day. Here’s a case study of a one-day turnup.

  If you have questions or need additional information, we have an extensive base of resources that are accessible to you, including subjects such as the Modern Approach to SIP trunking or why we’re The Leading Wholesale SIP Trunking Provider.

  Get in touch with a specialist or request a free demo!

  
  https://carrierservices.sangoma.com/request-a-quote/

  Useful information specific to enterprise customers or service providers:

  
  Break the Boundaries of Typical SIP Trunking Service Providers
  7 Reasons Why Your Enterprise Needs Wholesale SIP Trunking
  9 Reasons Why You Need to Sell Wholesale SIP Trunking

  The post Envision it. Enable it. Control it. Wholesale SIP Trunking Lets Businesses Work Their Way appeared first on Sangoma Technologies.

July 06, 2022

• Enable Security SIPVicious PRO experimental now supports STIR/SHAKEN and 5 new tools
  We just made two builds available to our SIPVicious PRO members. One is called the stable build, while the other is the experimental build. The v6.0.0-beta.5 stable build includes a large number of fixes, much better (or sane) defaults and full coverage of SRTP throughout the toolset. The experimental version is where the excitement is. Our members now have access to 5 new tools that we find useful in our work:

July 05, 2022

• Digium Your UC / UCaaS Platform Needs “Digital Channels”

  Frost and Sullivan has written a white paper called “Modern Cloud Communications Empower the Hybrid Workforce”. It’s an interesting paper all around. To download the full paper, please go here. In the meantime, I picked 4 interesting parts of the paper to write a little bit about and I’ll do that in the next four blogs I write.

  So, let’s get to the first topic. One concept Frost and Sullivan writes about is the impact of the pandemic on IT and what IT must do in terms of supporting employees going forward. Obviously (or maybe not so obviously depending on your point of view), a hybrid work remote / work at the office is here to stay.

  How do you function as the best “team” in this kind of environment? By now, we’ve all gotten used to video meetings and collaboration messaging tools. And continuing those are important for sure. But Frost and Sullivan argues that there needs to be “more”, and integrating digital channels to deal with not only remote employees, but customers (who now have also been exposed to messaging tools) wanting to connect with you digitally is critical for success.

  The paper goes into this in much more detail, but the takeaway I have from reading this is collaboration tools, and other types of “digital channels” that work both with employees and reach out to customers will be critical. Like I said above, to download the full paper, please go here.

  The post Your UC / UCaaS Platform Needs “Digital Channels” appeared first on Sangoma Technologies.