RSS Atom

Free Real-Time Communications (RTC) Planet

May 31, 2023

• Enable Security May 2023: RTC conferences, advisories for Cisco, Mitel, sofia-sip
  Welcome to the May edition of the monthly VoIP and WebRTC security newsletter! In this edition, we cover: Kamailio World in Berlin and CommCon in the UK Open Source Telecom Software Survey 2023 Asterisk PBX and ASAN compilation SIP-based vulnerabilities in Shannon Baseband vulnerabilities many more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.
• Digium Leaving DIY Behind

  With a lot involved in deploying SD-WAN, leveraging a managed service provider (MSP) can help businesses keep their IT staff forward-thinking. There are many to choose from, and knowing the criteria to get the best fit is essential.

  Choosing an MSP Tailored to Business Size

  In searching for an MSP to align with, the size and focus are important so that businesses receive service based on their needs and style. For instance, if an SMB pairs up with an MSP designed for enterprise networking, MSP may not provide the personalized touch the business requires. They are simply too large. On the other hand, selecting a start-up MSP may not be mature with respect to its service offerings. However, they might be able to deliver SD-WAN, which may not meet overarching needs.

  Missing Complementary Services

  Once a business chooses an MSP for SD-WAN, they’ll want them to provide more than just services. For instance, businesses may want to add:

  • Voice services for collaboration for all their locations
  • Security services

  Businesses should want to partner with an MSP that can consolidate these services more holistically. They will want a partner that can help with their overall technology roadmap. For instance, integrating the network security of SD-WAN with endpoint security.

  Security at the MSP Level

  This relates to how the MSP is protecting themselves which effectively protects the customer. If their network is not reliable and secure, that will mean downtime and security issues for their customers. An easy way to investigate this is to know what type of certifications they have. A typical one to look for is SOCII (service operation center), where they have their processes not only well established but are independently tested by third-party auditors. These auditors will verify the following:

  • Network Security
  • Data Security
  • Process Security

  MSP WAN Diversity

  As they look for an MSP, businesses may find that many lack WAN service diversity and are not carrier agnostic. Businesses will want to ask questions such as:

  • Do they offer just one type of circuit?
  • Do they partner with just one carrier and offer just one service?
  • Do they have the relationships and product breadth to cover many different transport types over many different regions?

  That’s the benefit of picking an MSP that has those relationships to bring in a complete solution set and deliver it over one single bill instead of receiving bills from all the individual locations.

  The Sangoma Difference

  Let’s take a look at how Sangoma’s Managed SD-WAN service delivers this solution-set to customers and look at some key strengths.

  Dedicated Implementation Team
  When an SD-WAN solution is deployed, our dedicated implementation team begins to establish a relationship with the customer; they bring the customer through the entire implementation lifecycle, including post-implementation, monitoring, and support. This dedicated project management style approach is a crucial differentiator of Sangoma’s.

  Owned & Operated Robust Core Network Backbone
  Sangoma has pioneered the SD-WAN landscape with its own privately owned and operated PCI-Certified and HIPAA-compliant backbone. We have a diverse set of WAN transport options that brings all those transport options into a single network backbone that enables our clients to have the carrier and transport diversity that enables them to be successful.

  Managed, Maintained & Monitoring 24/7/365
  A major strength of Sangoma’s SD-WAN service is that customers can completely offload their IT resources from the burden of managing, monitoring, and maintaining the SD-WAN service. Sangoma’s dedicated network operations center (NOC) does all this for them remotely. If any issues arise, the NOC team is automatically notified and resolves the issue, even before it has any chance of reaching the customer’s network. Since Sangoma has a homegrown SD-WAN solution, customers have true experts on their side, assuring total satisfaction.

  Simplified Billing
  There is a lot of value in having customized invoices that simplify a customer’s back office approach to processing bills and allow the back office staff to be more strategic in their efforts.

  Sangoma’s Managed SD-WAN solution ensures customers securely connect any user, any device, anywhere, anytime, over any transport. It provides connectivity uptime for users in the most secure way.

  Summarizing SD-WAN Objectives

  In summarizing the need for SD-WAN, there are 3 main objectives:

  Uptime & Application Availability
  Users need to be able to reach their application whenever needed, so network uptime is vital. Included in uptime is also a security component. For instance, if there is a security attack that takes down the network, the user applications become unavailable. So, ensuring security incidents don’t occur is also key.

  Visibility & Management of WAN Workloads
  With the resiliency of an SD-WAN network, a failure could occur without users ever noticing and without impact. Still, visibility and management of those individual components are important to ensure the trouble has been identified and remediated in order to get back to primary services.

  Simplifying the Complexity of Telco Billing
  Consolidating all the individual bills from each carrier in their respective regions offers a nice white-glove approach and saves customers time and resources.

  So, is DIY the right approach to SD-WAN?

  SD-WAN technology is advantageous to incorporate into business networks. Still, it can worsen the complexities of network management for organizations that lack the IT resources to deploy and maintain an SD-WAN solution. They may look to MSPs to deliver managed SD-WAN to replace their traditional WAN architecture. MSPs can provide simplified SD-WAN operations by leveraging a multi-vendor strategy enabling them to augment their offering to provide agility and a differentiated service tailored to business requirements.

  Get in touch with one of our Managed SD-WAN specialists.

  The post Leaving DIY Behind appeared first on Sangoma Technologies.

May 24, 2023

• Digium Build Your Own Communications Platform with APIdaze (CPaaS)

  No commercial off-the-shelf software meeting your needs? Tired of wasting time juggling multiple, disparate communications tools to get the job done?

  Tie together Voice, Video, and SMS, for example, and integrate customized solutions into your existing user interface or business processes with our pre-built APIs in our communications platform/SDK environment.

  APIdaze is our CPaaS platform for programmable telephony that clients have used to develop custom IVRs, create webhooks for WebRTC, and even develop AI Bot responders. Build your own call center, integrate SMS in your softphone client, automate call tracking applications, and more; the applications are nearly endless.

  APIdaze enables you to create the perfect communication solution platform, or augment your existing one, without the time and money building it all by yourself.

  Check out this customer testimonial for more details.

  APIdaze can integrate with your existing platform to enhance your development efforts. APIdaze is highly customizable and uses our pre-built communications API’s to enable your developers to add real-time voice, video, and messaging elements into VoIP, web, and mobile applications.

  Download our paper on the CPaaS Revolution to learn more about how APIdaze can streamline your communication platform development efforts.

  About Sangoma Wholesale Carrier Services

  Sangoma Wholesale Carrier Services, formerly known as VI, provides value-added resellers access to industry-best Sip Trunking products and carrier services, over our own nation-wide network at discounted rates to service aggregators. We offer wholesale Trunking as a Service (TaaS), provide telecom compliance and regulatory solutions, SPAM/Fraud protections, and reseller-focused features such as Hosted Billing. Sangoma Wholesale Carrier Services continues a legacy of innovations in product development, the expansion of our core networks and to advance technological capabilities, such as CPaaS, to help value-added resellers thrive as communications service providers.

  The post Build Your Own Communications Platform with APIdaze (CPaaS) appeared first on Sangoma Technologies.

May 23, 2023

• Digium Cybersecurity Importance to SMBs

  Cybersecurity is essential for SMBs. This Business Tech Weekly article explains why in more detail, but some of the obvious ones include a relative lack of resources, inadequate training, and the desire to spend only what the business considers to be “needed.”

  But this is proving risky. According to the IBM Security, Cost of Data Breach 2022 Report, data breaches cost businesses a lot of money. “Reaching an all-time high, the cost of a data breach averaged $4.35M in 2022, and 83% of organizations studied have experienced more than one data breach.”

  As such, today, many companies are making this their number one IT priority – to ensure they do not contribute to the next report!

  But what to do about it? While the Business Tech Weekly article explains a few essential areas to cover (like training employees about phishing emails, instituting solid passwords, etc.), that still won’t cover everything.

  The IT department may have a big load they can’t handle. One good way to address that is to go to a Managed Service Provider who can offer these services. One you already go to for your UCaaS or Access—someone like Sangoma.

  The post Cybersecurity Importance to SMBs appeared first on Sangoma Technologies.

May 17, 2023

• Digium The Pitfalls To Avoid In DIY SD-WAN

  In our last blog we started a conversation around the advantages of Managed SD-WAN vs DIY. In this post we are continuing that discussion by outlining some of the pitfalls to avoid when attempting a DIY SD-WAN.

  Overloading internal IT & Project Management Resources

  Depending on the size of the business, monopolizing IT staff resources for SD-WAN deployment may not be the best use of their time when they could be focusing on more strategic efforts. Enterprise businesses may be fine as they may have an entire floor dedicated to IT/ project management resources, but for an SMB, the IT resources are much thinner. So, keeping IT resources as strategic as possible is most important here.

  Inaccurate Budget & Timeline

  As already discussed, there are a lot of things that need to be discovered when it comes to the implementation and post-implementation of an SD-WAN solution. When it comes to budget, there is a need to expand the focus not just on dollars but take a look at the human capital and timeline to be able to complete a deployment.

  For small to medium-sized businesses, it’s beneficial to align with an experienced MSP who can deploy a dedicated team of certified and specialized network engineers that not only can set realistic expectations but can help them remain mindful of all the steps for an on-time delivery.

  Overlooking/Underestimating the Complexity of Networks

  The first question an executive team should ask themselves is, “Should we continue to manage our networks within?” It’s a meaningful and impactful question, especially if the business is starting to embrace hosted solutions, SaaS, or public cloud services, where the network’s complexity will change drastically.

  Thinking that SD-WAN & A Network Cure-all

  A major benefit of SD-WAN is that it can automatically detect link failures and seamlessly failover to a backup connection. So, if there is a failure in the primary link, a business will not notice any service disruption because it will continue to function over the failover connections. What this means is that the actual problem is never detected and resolved. For example, if the primary connection is a broadcast connection and the failover is over LTE, if the primary link fails, everything routes over to LTE and will continue to do so until the primary link failure is resolved. In this scenario, the business would be paying for increased charges since the connection remains on LTE. So SMBs may not have the capacity to maintain SD-WAN services efficiently.

  Key Executive Considerations

  • What are some of the key business outcomes expected from SD-WAN?
  • Does the business have in-house expertise that can select & purchase, project manage, install, and manage an SD-WAN solution?
  • Is managing SD-WAN in-house adding value to the business, or are there other ways?

  Can the business supply helpdesk staff with 24/7/365 monitoring & support?
  Many businesses run from 9-5 but want their networks to run smoothly around the clock without straining their staff.

  Can the public cloud be leveraged?
  Which deployment model will best support the use of SaaS and public cloud services? It’s essential to understand the different workloads and how that traffic will traverse the network for an end-user experience.

  Timeline for implementation & can we meet the desired dates?
  The best thing to do here is to define the desired completion dates, then work backward and develop milestones that need to be completed then be able to understand if those milestones can be completed by those desired dates.

  Business Outcomes

  There are 6 key outcomes for a business deploying SD-WAN:

  Hard Cost Savings
  SD-WAN vendors on the market typically promote the hard cost savings of their industry solution. SD-WAN saves substantial circuit costs for businesses relying on legacy circuits for their locations.

  When it comes to growth enablement, how can companies rapidly deploy for new locations or new applications? Ideally, they want to reduce provisioning time and turn up services for their end users in days, not weeks or months.

  Reduction of Risk & Meeting Compliance
  How can a company have advanced service features to identify and respond to security threats that may become prevalent in its environment?

  Business Continuity
  How can companies have continuity and be able to failover to secondary and tertiary connections services in the event that their primary provider suffers an outage?

  Efficiency & Productivity
  This relates to the end-user experience, and they want to know that when they turn on their applications-that, they will work. It’s about understanding how a network can be designed to prioritize and shape bandwidth to support those business-critical applications.

  Simplified Billing
  This is an impactful value but not necessarily known upfront. There is value here in handling multiple carriers and being able to consolidate billing. For example, for nationwide businesses and all their locations, what is realized is that their back office becomes inundated. The workload sometimes becomes out of control with individual bills from many different carriers, which may require an increase in the accounting departments to handle this. So, you can consolidate the circuits, hardware, and licenses into a simple bill with SD-WAN or a managed SD-WAN solution.

  So, while there are front-end needs for SD-WAN, things like simplified billing is a nice white-glove approach to SD-WAN to look out for.

  Stay tuned for our next and final blog post on DIY vs a Managed approach for SD-WAN.

  Get in touch with one of our Managed SD-WAN specialists.

  The post The Pitfalls To Avoid In DIY SD-WAN appeared first on Sangoma Technologies.

May 11, 2023

• Digium What is an Omnichannel Contact Center & Why Should You Care?

  In today’s fast-paced business environment, customer expectations are higher than ever before. Customers demand seamless experiences across all channels, including voice, email, chat, social media, etc. To meet these expectations, contact centers must be able to provide an omnichannel experience.

  What is an omnichannel contact center?

  An omnichannel contact center is a customer service strategy that integrates all communication channels and allows customers to switch between channels while maintaining the context of their interactions. This approach enables businesses to provide a consistent and personalized experience across all channels, increasing customer satisfaction and loyalty.
  Omnichannel means you can reach out and touch your audience wherever they are, which means you have more opportunities to get them interested in what you’ve got going on. You can do this by using channels like email, phone calls, text messaging, and even social media platforms.
  An omnichannel contact center is the next step in customer service for companies that want to provide a better customer experience but maintain efficiency and effectiveness.
  Here are some reasons why an omnichannel contact center is necessary:

  Customers expect it: As mentioned earlier, customers expect a seamless experience across all channels. They want to be able to contact a business through their preferred channel and have their inquiries resolved quickly and efficiently.

  Improved customer retention: Customers are more likely to stay loyal to a business that provides a seamless and personalized experience across all channels. An omnichannel contact center can help businesses retain customers by providing a consistent and efficient customer experience. Switching communication channels can improve hold/wait times, fostering a better customer experience.

  Better Reporting and insights: An omnichannel contact center can give businesses better insights into customer behavior and preferences. By tracking customer interactions across all channels, businesses can better understand their customer’s needs and preferences.

  In conclusion…

  Ultimately, an omnichannel contact center is all about providing a better customer experience. It’s not just about technology or how you deliver your services; it’s about understanding what customers want and how they want to interact with your brand. By combining all of these things into one seamless process, organizations can create a contact center that meets their customers where they are and, thus, create loyal customers who will continue to do business with them in the future.

  For additional information on Sangoma CX and omnichannel, click here.

  The post What is an Omnichannel Contact Center & Why Should You Care? appeared first on Sangoma Technologies.

May 10, 2023

• Digium The Growing Benefits of 5G Wireless Internet for Businesses

  In today’s digital age, businesses rely heavily on fast and reliable internet connectivity to stay competitive and succeed. With the advent of 5G wireless internet, businesses can experience a new level of internet connectivity which is faster, more reliable, and more secure than ever before. Here are some of the growing benefits of 5G wireless internet for businesses:

  1. Lightning-Fast Internet Speeds

  One of the most significant benefits of 5G wireless internet is its lightning-fast internet speeds. With download speeds up to 100 times faster than 4G, businesses can enjoy seamless connectivity and faster data transfer rates. This means businesses can upload and download large files in seconds, host virtual meetings without lag, and stream high-quality video content without buffering.

  2. Seamless Connectivity

  Another benefit of 5G wireless internet is its seamless connectivity. Unlike traditional wired internet connections limited to certain areas, 5G wireless internet is accessible almost anywhere. This means businesses can stay connected on the go or in remote locations.

  3. Increased Productivity

  With faster internet speeds and seamless connectivity, businesses can experience increased productivity. Employees can complete tasks faster, communicate with each other seamlessly, and collaborate on projects more effectively. This can lead to increased efficiency and better performance.

  4. Better Security

  5G wireless internet is designed to be more secure than previous generations of wireless technology. With its enhanced security features, businesses can protect their data and communications from cyber threats more effectively. This can help businesses avoid costly data breaches and protect their sensitive information.

  5. Future-Proof Technology

  5G wireless internet is a future-proof technology supporting the latest applications and devices. As businesses embrace new technologies, such as the Internet of Things (IoT) and artificial intelligence (AI), they will require faster and more reliable internet connectivity. 5G wireless internet is designed to meet these demands, making it a valuable investment for businesses looking to stay ahead of the curve.

  Sangoma has launched its 5G wireless Broadband internet service as part of its Managed Internet connectivity product suite. Our new wireless service leverages our relationships with the major US wireless carriers to deliver customers the best 5G plan based on their geographical location and from the provider of their choice! It consists of:

  • Download speeds up to 650 Mbps+
  • Data options from 50GB -> unlimited data
  • Static public IP address included!

  Since it’s part of Sangoma’s Managed Internet services, customers benefit from 24/7/365 maintenance and monitoring from our in-house NOC.

  If you want to take your business to the next level, consider upgrading to our 5G wireless internet today!

  Contact Sales

  Contact Sales

  The post The Growing Benefits of 5G Wireless Internet for Businesses appeared first on Sangoma Technologies.

May 09, 2023

• Digium Reminder: Sangoma is Recognized in the Gartner UCaaS Magic Quadrant

  About 6 months ago, it was announced that Sangoma was positioned by Gartner, Inc. in the 2022 Gartner® Magic Quadrant for Unified Communications as a Service. Sangoma is one of only twelve other companies placed in 2022 and one of just six companies to appear consecutively for the last eight years.

  So why am I writing about it again, now? This is on my mind since at last week’s Channel Partners conference, I was asked about this multiple times. Sangoma’s brand is getting out there more, to people who may not know us that well. This becomes part of the 60 second Sangoma story

  Read More About Sangoma's Magic Quadrant Award

  Read the Full Report

  The post Reminder: Sangoma is Recognized in the Gartner UCaaS Magic Quadrant appeared first on Sangoma Technologies.

May 03, 2023

• Digium Why Managed SD-WAN is Better than a DIY Approach in a Digital Transforming World

  Why do businesses look for SD-WAN solutions? What kind of challenges are they experiencing? Why do businesses want to change how their business locations and end users connect?

  This is the first of 3 posts where we discuss the needs for SD-WAN within business networks, the different ways to implement and lastly the benefits of partnering with an MSP for a Managed approach to SD-WAN.

  Short and simple, the traffic across networks continues to increase, and so too are business networks. In fact, global network traffic size is expected to expand at a compound annual growth rate (CAGR) of 9.7% from 2021 to 2028 and even higher for small-to-medium sized businesses of 10.3% during the respective period. Businesses purchase various software and applications and then realize that their network is limiting them from achieving their goals. It’s become very labor-intensive for them to log into many devices to manage their network.

  Current Trends & Challenges

  Today’s business environments are seeing a lot of challenges in the following ways:

  • Mobile devices on the corporate network, BYOD, and guest access are straining corporate LAN and WAN
  • IT staff struggling with how to manage security during growth
  • Poor end-user and application experience
  • High-cost interest services from multiple carriers

  As trends continue and companies undergo digital transformation, they are embracing more software-as-a-service (SaaS) and public cloud applications. In a prior time, they relied on applications and services running on servers in their office locations. Now they are moving to a business model where they rely on that being provided as a service, where those applications run on hardware located elsewhere. So businesses need to understand how to manage their networks in this new way, how to secure them, and be able to provide a reliable end-user experience so that end-users can achieve what’s needed. They also need to figure out how to connect all their locations, decide what type of internet services are needed at each, and what type of carriers they need to embrace in order to achieve a holistic environment. This all focuses on a company’s network, how it’s set up, and how it’s managed.

  This identifies software-defined wide area networking (SD-WAN) as a need within business networks. SD-WAN is a virtual WAN architecture that allows businesses to leverage any combination of transport services, such as broadband, MPLS, LTE, to securely connect users to applications. SD-WAN uses a centralized control function to steer traffic securely and intelligently across the WAN and directly to trusted SaaS providers. This increases application performance and delivers a high-quality user experience, which increases business productivity and agility and reduces IT costs. This is why we are seeing businesses of all sizes adopting SD-WAN at an exponential rate. For instance, an in-depth analysis of industry insights shows that the market is expected to have an estimated Compound Annual Growth Rate (CAGR) of 31.2% between 2022 and 2030. Significant contributors to this growth are small to medium businesses (SMBs). Prior to SD-WAN availability, SMBs were limited to offering goods and services globally and having a distributed workforce across multiple locations because it needed to be more of an operating cost to bear. With SD-WAN and a highly competitive landscape, SMBs can leverage SD-WAN to reduce operating expenses while leveraging multiple links to low-cost local internet lines.

  Selections: Things to Consider

  Deploying an SD-WAN solution can be very complex and includes a combination of three key elements when selecting the right components:

  • Hardware Vendor – There is a hardware component to SD-WAN that connects the business’ local network to the internet. It’s essential to select the right solution provider based on business needs. For instance, is the hardware standalone, or can it be integrated into business activities, such as security? New vendors are popping up in the market, and being able to identify their ability to withstand and stay within the market to provide long-term support is something to consider.
  • Carrier Selections – This depends on where the business locations operate. Are all locations in one geographical area or spread out and across territories? So, they’ll need to identify if they need local, regional, or national coverage and then figure out which carriers they trust.
  • Connection Types – What kind of access is required at each location? Choices exist from direct internet access, broadband, LTE, and the combination of those for primary and failover connections.

  Finding the right partner to work with will help businesses achieve their goals here.

  Implementation: Things to Consider

  After having selected the right components, there’s a list of things to consider on the implementation front.

  • Hardware, Licensing & Maintenance Contracts – SD-WAN hardware selected for each site which includes licensing and maintenance contracts the business will need to own.
  • Circuit Procurement with Independent Lead Time – Whether all the circuits are available from a single carrier or come from multiple carriers. Are they different technology types? What type of bandwidth will be needed for each location? And knowing when each will become available by the vendor to know how to roll out the solution.

    It’s important to note that the contracts for the hardware licenses and the circuits may not align, so it’s important to keep that in mind for renewal purposes.

  • Hardware Configuration & Shipping for Deployments at Each Site – Depending on the size of the business and the number of locations, it can take months or over a year, or even more, to roll out the solution. So, it’s imperative to consider this timeline, along with hardware licensing and circuit contract dates.
  • Installation, Delivery & Activation – The actual deployments in the field of the SD-WAN devices, the scheduling and the turning up of the circuits, and the activation and testing.

  So, there are many things to look at during the implementation cycle.

  Post Implementation

  Once everything is all set up from an implementation standpoint, there are things to consider regarding maintenance. Businesses need to document everything and keep the information current in the event their support teams need to reach out to hardware manufacturers or carriers for help. Or if changes are required during the lifecycle of the service. This includes:

  • Circuit diagrams
  • Network diagrams
  • Hardware and license inventory for asset management
  • Configuration files for deployed hardware
  • IP address schema for each site
  • Contact numbers and internal helpdesk, carrier, and vendor helpdesks
  • All the due diligence in maintaining each site’s network and IP address schema
  • All the different contacts from carriers and hardware manufacturers that need to be kept all together in case support teams need to reach out to individuals

  Stay tuned for the next post where we continue this discussion and get into the pitfalls to avoid in DIY SD-WAN.

  Or get in touch with one of our Managed SD-WAN specialists.

  The post Why Managed SD-WAN is Better than a DIY Approach in a Digital Transforming World appeared first on Sangoma Technologies.

April 28, 2023

• Enable Security April 2023: 3CX incident updates, WebRTC security and H264
  April brings with it conference announcements, updates to the 3CX incident and a very interesting paper about the most popular video codec. In this edition, we cover: New fuzzing of RTP codecs with SIPVicious PRO Details about our WebRTC security presentation for CommCon News about the 3CX compromise and much much more! RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.

April 25, 2023

• Digium Application Aware Network

  More and more businesses are turning to the cloud to run parts of their business – from their phone system to their back office type systems to everything in between. And many of these services are managed services, offloading and optimizing IT resources.

  Many of these services run in different public networks, a hodge-podge of whatever the particular service uses, and run on any device. This puts stress on the networks as bottlenecks could occur. I’m sure we’ve all experienced this in our work-from-home experiences using video meetings – sometimes, the video is a bit “wonky” for brief periods. This can happen in business connections as well. As such, the networks businesses use to deliver workloads to their employees need to be responsive, or adaptive, to the applications running on them.

  This is one of the benefits of using SD-WAN. An SD-WAN solution has intelligence that can define traffic routes and priority based on the application need and, as such, can inherently find the best route for the traffic. There’s a lot more to it than a single sentence, though, as SD-WAN is complex.

  In fact, according to a 2021 Frost and Sullivan SD-WAN survey of North American-based network services decision-makers, 64% said they prefer a fully managed SD-WAN service, and 16% said they like a co-managed approach precisely because of the complexity of setting it up and running it. See what Sangoma has to offer with managed SD-WAN.

  The post Application Aware Network appeared first on Sangoma Technologies.

April 11, 2023

• Digium 6 Benefits Of A Quality Contact Center

  If you are in the customer service business, and your business is growing, it is probably time to add an agent-based contact center to supplement calls queues, etc. that may be part of your basic UC / phone system. While some call center type features are making their way into the base phone system, these are more departmental type of call center features. Which are great if you have a small business, but as that business grows, it may be time to upgrade to an agent-based contact center. Why?

  1. Improved Customer Service: A contact center can help your business provide better customer service by allowing customers to reach your company easily through multiple channels such as phone, email, and chat.
  2. Increased Efficiency: With a contact center, you can streamline your customer service operations by managing all customer interactions in one place. This helps to reduce response times, minimize errors, and increase productivity.
  3. Scalability: A contact center can easily scale up or down to meet the changing needs of your business. This is particularly useful for seasonal businesses or those experiencing sudden growth.
  4. High-Value Reporting: Make better, informed business decisions with high-value reporting such as response times, average talk time and call volume.
  5. Data Collection and Analysis: Contact centers can help you collect and analyze customer data to gain insights into customer behavior, preferences, and needs. This can be used to improve your products and services, as well as your customer service.
  6. Compliance: Contact centers can help you stay compliant with industry regulations and standards, particularly in industries such as healthcare, finance, and telecommunications.

  As your business grows, it may be time to augment your UC solution with an agent-based contact center. To find out more about Sangoma’s Contact Center solution, please go here.

  The post 6 Benefits Of A Quality Contact Center appeared first on Sangoma Technologies.

April 05, 2023

• Digium The Top 5 Trends in SD-WAN

  There have been some important developments in SD-WAN technology over the last year. We need to continually assess changes in key technologies so we can make informed decisions and move our businesses forward. Let’s take a look at some of these developments so you can determine whether they might be important to your organization.

  SD-WAN, or software defined wide area networking, is now well over a decade old as a technology. The term SD-WAN was coined in 2014 by Cisco well after the technology’s introduction, so SD-WAN is now considered a mature service.

  What is SD-WAN?

  Here’s a quick overview for those unfamiliar with SD-WAN. Traditional site-to-site connectivity models relied upon closed private networks in the past. Typically, we saw MPLS or private lines connecting sites back to a centralized data center. Those data centers had the applications and security stack for the organization. Also, internet access was concentrated at that data center behind that security stack. This provided ease of management and concentration of security tools creating a strong security posture. These networks were expensive, but they guaranteed quality of service and security as well as reliability.

  Over the last decade, that model has changed though.

  • More applications were pushed to the cloud
  • Real-time applications, such as video and web conferencing required minimal latency and more bandwidth
  • Redundancy requirements forced public internet connections as failover at all sites, so security was pushed out to the branches and management became much more complex

  As a result, the datacenter became less important as a central computing hub, and distributed security made the centralized security platform less important as well. This gave rise to SD-WAN.

  How does SD-WAN work?
  SD-WAN allows users at each enabled location to access cloud applications directly over the public Internet, bypassing the need to route through a data center hub and enhancing performance. So, SD-WAN reduces costs and management effort while improving performance without sacrificing security.

  Here’s a brief outline of how SD-WAN works and is used:

  • SD-WAN is best used with redundant public internet connections, typically eliminating expensive private connections and allowing the organization to purchase whatever internet is available at that site
  • SD-WAN enhances quality of service over the public internet by determining the best route for individual sessions or packets
  • SD-WAN is frequently purchased with next generation firewalls and increasingly other cloud-based security services
  • Management is accomplished through a single portal ensuring consistency across all locations

  SD-WAN is Mature & Reliable
  SD-WAN is offered by the most reputable names in the networking industry and has completely replaced MPLS or private line for new network deployments. Most mature technologies enter into a state referred to as the plateau of productivity according to Gartner Hype Cycle, where SD-WAN is well entrenched in at this point. Typically seen in this phase of the technology lifecycle is a stagnation on product development. The industry focuses more on consolidation and adoption, rather than new capabilities. This is because the easy stuff has already been invented and so new capabilities come slower. However, the development within SD-WAN doesn’t seem to be slowing down. SD-WAN remains a dynamic and evolving technology as capabilities are pushed into the cloud rather than residing on a heavy appliance on site. To add, with the computing scale of the cloud, additional services are easy to add, and the industry continues to move forward.

  What’s new with SD-WAN?

  When evaluating an SD-WAN strategy there are some new trends to consider.

  Secure Remote Access
  One of the biggest developments in SD WAN is the coupling of secure remote access. The work-from-home strategy changed the focus of all IT professionals from secure location to securing the individual or the data itself. Some forward looking SD-WAN providers have already incorporated secure remote access before the pandemic, aligning their strategy with Gartner’s Secure Access Service edge (SASE). Other SD-WAN providers have since paired secure remote access capabilities with their SD-WAN platforms.

  In fact, small office locations for some customers are eliminating SD-WAN architecture and just using the secure remote access of their SD-WAN provider. What you lose here is application prioritization and seamless failover. That may be acceptable for a few users who might work from home if necessary, in an SD-WAN for home deployment. For a location with five or fewer people broadband connectivity is probably adequate for applications and redundancy is not absolutely critical, where you might have a wireless redundant option rather than a fixed circuit option for redundancy. What you gain is a lower cost structure.

  Co-Managed SD-WAN
  Early on, enterprises with considerable staff of network architects purchased SD-WAN devices and deployed and managed those devices themselves. This provided ultimate control similar to what they had in their prior WAN environment. Over time, however, organizations have realized that SD-WAN doesn’t require much care and oversight. The talents of the network architect are better used in strategy, policy and design rather than maintaining the appliances.

  One of the key benefits of managed SD-WAN is a co-managed environment between the managed services provider and clients’ IT teams. Co-management is now the most popular strategy where SD-WAN service providers maintain the device and its high-level configurations and the customers manage the application policy within the SD-WAN platform. This gives clients a sense of control that they need to run their network while delegating the non-value-added work to a vendor. Some clients are completely outsourcing the management of the WAN, and this option is frequently paired with a network carrier, creating a true network-as-a-service environment.

  Wireless Only SD-WAN
  While this option has existed for years now since wireless was integrated into SD-WAN, with the increased mobility of the workforce and supply chain issues affecting the delivery of wired services, wireless SD-WAN has caught on. Typically, with just a single wireless service SD-WAN prioritizes the application, so limited bandwidth is optimally utilized and eliminates non-business activity on the network, saving the aggregate bandwidth costs. Certainly, 5G makes this a very interesting exit strategy, but at least in the United States, it’s only really applicable for certain low utilization use cases because of the cost.

  SD Branch
  Software Defined branch office technology is an extension of the SD-WAN concept. The monitoring and management of branch LANs, access points, print resources and other branch peripherals reduces the need for on-site support and improves the service to the branch. The SD-WAN architecture is core to SD branch delivery.

  Security Tools
  Look for SD-WAN providers to continue to expand horizontally into other SASE categories, such as secure web gateway, data loss prevention, remote browser, etc. The industry is very fluid right now and SD-WAN is at the center of most security strategies. Going forward demand continues towards becoming the core interoffice connectivity technology. We’ll see automation and AI begin to make its way into the industry allowing the platforms to make adjustments in real time.

  So, SD-WAN is mature, but not idle. There is a lot of growth in the industry and it’s important for users to have a well thought out strategy before making an SD-WAN decision. If you’d like to know more how SD-WAN can help your business and how Sangoma’s Managed SD-WAN services work, click here.

  The post The Top 5 Trends in SD-WAN appeared first on Sangoma Technologies.

March 31, 2023

• Enable Security March 2023: Trojan 3CX Client, CRA talk, OpenSIPS audit report and much more
  Welcome to the end of March, and this month’s edition of the RTCSec Newsletter. A lot has accumulated in March on the VoIP and IP Communication security front. In fact, this one is packed! In this edition, we cover: Our news, involving CI/CD automation of VoIP security testing with SIPVicious PRO More news from us, including the OpenSIPS security audit report and a chat about the Cyber Resilience Act 3CX Phone Client turned into a trojan Critical vulnerabilities affecting Samsung and Pixel phones via VoLTE and 5G Silent fix in Kamailio gets a CVE, vulnerable door phones and various other security reports RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

March 28, 2023

• Digium Overall Managed Access Benefit Review

  Today, I’ll touch on the benefits of using a Managed Internet Access service according to the Eastern Management Group. Managed Internet Access is a service where a provider (such as Sangoma) obtains and proactively manages the uptime of internet facilities of each customer location.

  Major benefits include:
  

  • The provider (not you as the end-customers or partner) obtains the best type of access for each site, gets the best price, and does QoS configuration. So the provider would set up your network for you, the end-user company.
  • The provider manages, maintains, and monitors the services 24/7 to ensure everything’s running smoothly.
  • The customer receives one single unified bill from the managed service provider.
  • Using outsourced expertise avoids the costs of developing management and reporting capabilities.

  If you want to read the full report now, please go here.

  The post Overall Managed Access Benefit Review appeared first on Sangoma Technologies.

March 21, 2023

• Digium Protecting Your Mission Critical Services When Your Internet Provider Has An Outage

  Late summer of 2022, there was a major multi-day internet outage that happened in Canada that affected many businesses, small and large. Let’s discuss what happened and some of the steps you can take to protect your business if something similar happens to you.

  In July of 2022, Canada’s Rogers Communications suffered a major internet outage. For those of you who haven’t heard of Rogers, it is a very large internet and wireless service provider, on the scale of ~ 20 billion US dollars and 26,000 employees. Rogers suffered an outage due to a packet storm on their network. It was caused by a software upgrade that accidentally removed all the traffic filters to the internet from their network. Without the filters, the Rogers network equipment became quickly overwhelmed and stopped functioning. Rogers serves about 30% of Canada’s internet capacity, so this was a big event and affected many people and businesses. It took about 2-3 days to fully restore services to all customers.

  So, as a business delivering services to your customers, what would you have done in this case, if your internet service provider was down for multiple days? Businesses who had invested in SD-WAN and redundant ISPs were generally okay. However, those without redundancy, or without an SD-WAN platform to prioritize internet service, they unfortunately suffered catastrophic downtime. Some of them even had to rely on manual processes to keep their business running. They would never have thought service from a large and reliable vendor like Rogers would come to a halt like this, so the investment didn’t seem needed. Businesses with backup internet access generally made it through, and the ones that had SD-WAN did not experience any degradation in service, at all. This is because SD-WAN prioritizes real-time traffic, by application. Even if your redundant internet connection is based on inexpensive broadband, SD-WAN will automatically prioritize your most important applications, so that things like voice and point-of-sale (POS) have the capacity they need, while other less critical applications are limited to what’s left over. This is a significant benefit of SD-WAN and something to consider if real-time traffic is important to your business, because without it, your typical failover setup means a loss in all active communications which would need to be re-established once the backup connection becomes active.

  SD-WAN has a couple of other key features as it relates to protection. For instance if your SD-WAN provider is a gateway or private middle mile service, your inbound traffic is also protected because inbound packets will be routed over the best available circuit. Also, if you’re using an SD-WAN provider with gateways or private middle miles, you’ll have built in DDoS protection. So SD-WAN provides a number of protections aside from just managing network resiliency.

  Here’s the interesting takeaway. Even if you had a resilient design, and you had sufficient internet, and you had SD-WAN in place, your vendors and business partners may not. With the Rogers outage, a major credit card transaction system was taken offline, leaving their point of sale customers without the ability to accept credit cards. Another example was cell phone service being disrupted as well. We can imagine that many businesses with critical vendors and applications experienced an impact even if they themselves continue to have strong internet service. It might be far-fetched to try and identify whether or not your key business partners have network redundancy and utilize SD-WAN, but identifying the key providers and confirming with them may actually be a new priority element in your business continuity plan.

  Beyond internet access, what other key services might be exposed to vendor interruption. Is voice critical to your business? Are you using Microsoft Teams for voice or collaboration? For example, what would happen if Microsoft had an issue or you had to quarantine Office 365 because of a cyber event?

  If you’re curious how to protect your environments and learn more about our maintenance-free SD-WAN service, get in touch with one of our Managed SD-WAN specialists.

  The post Protecting Your Mission Critical Services When Your Internet Provider Has An Outage appeared first on Sangoma Technologies.

March 17, 2023

• Enable Security OpenSIPS Security Audit Report is fully disclosed and out there
  It’s almost a year since the OpenSIPS project published a minimized version of our security audit report from 2022. Now, the full version has been published, with all the information intact on how to reproduce the vulnerabilities and extra details in an 80+ page report. The OpenSIPS security audit report can be found here. What is the OpenSIPS security audit? OpenSIPS is a SIP server that often has a critical security function within an IP communications system.

March 16, 2023

• Digium What You Need To Know About The Growing Complexities of Communications Taxes

  It’s definitely a great time to be a Managed Service Provider (MSP), Communication Service Provider (CSP), and Voice Service Provider (VSP), delivering managed communication services. Whether they be a seasoned provider or just starting out, the work-from-home movement has created a massive change in IT infrastructure, which means managed service providers have become very popular and are enticed to deliver more. For instance, the MSP market was valued at $242.9 billion in 2021 and is projected to reach 354.8 billion by 2026, registering a CAGR of 7.9%! This tremendous growth is pushing MSPs to continue to broaden and diversify their offerings. Still, there is a big surprise waiting for inexperienced or ill-informed providers: the increased set of communications tax complexity, obligations, and risk.

  Why are communications taxes more important than ever?

  MSPs, CSPs, and VSPs certainly understand that they are required to charge for and remit communications taxes. If you are reselling, charging, and invoicing for telecom services, such as data, voice, video, and messaging, then you’re in that camp. But what’s been happening, which has become more challenging, is that communications services have become the de facto method for delivering services from the cloud, but not only that, they’re being offered via programmable interfaces, or APIs. So now communication services are being embedded into SaaS platforms, essentially reselling data services. So the lines have become blurred, and knowing whether you need to pay communication taxes is a bit unknown. You need to ask yourself, “Is my business selling services that incorporate voice, video, or data?” If the answer is yes, then you’ll need to make sure you’re up to speed on tax compliance; otherwise, you’ll have some penalties to pay, aside from learning how to pay those taxes going forward.

  So, what are the complexities of communications taxes? And how do MSPs, CSPs, and VSPs know what taxes apply to their services and customers?

  Let’s start with general sales taxes, which apply at the federal, state, county, and city levels. Communication taxes fall under this umbrella too. From there, though, they can be very different, not just in terms of the rate and how it’s applied, but with communications taxes, there are instances of tax on tax in tearing of taxes. In many instances, the jurisdiction for communications taxes will be completely different from what you may have from a sales tax perspective. For instance, there are a lot of communication taxes that are based on school district zones, so even just establishing the jurisdiction that applies can be different. We now have a stacking of communication tax complexity over the existing complexity of sales tax. So, registering with the local jurisdiction, and collecting the tax, is one thing, but then it cascades since communications taxes have different compliance obligations. There are different registration obligations, different filing obligations, and also things like exemption management, where the forms that are needed to be filled out to be exempt from communications taxes are different from what is needed to be collected from a sales and use perspective.

  How many tax returns do you need to file as a service provider?

  This depends on two criteria: jurisdiction and types of services sold. These combined could mean filing 1,000s of compliance tax returns, especially if the provider is selling services nationwide. Voice itself is taxed heavily, as many different types of taxes are applied. Communication taxes are applied at the federal, state, and jurisdictional levels. E-911 is also similarly taxed.

  Recent Developments

  We talked a bit about the blurred lines around knowing if a business is required to pay communication taxes. On top of that, with the plethora of service providers out there, it would be unsustainably time-consuming for the government to find every business out there with communication services, find out if they are simply consuming or reselling them and dig from there. Businesses could easily fly under the radar from paying their taxes.

  The recent robocall mitigation regulations, including the STIR/SHAKEN mandate, has forced VSPs, CSPs, and MSPs to register their telecommunications business by applying for a Federal Registration Number (FRN). Now that their telecommunications business is registered with the FCC, comprehensive compliance is much more important for that business. This includes the rating, collection, and remittance of taxes, fees, and surcharges that are levied by the government in the various states, counties, and cities that they sell in, as well as at the federal level.

  Things to Consider as a Provider

  • Are there communications taxes on video conferencing and softclient calls? In general, concerning communications taxes, voice is the most comprehensively taxed. When it comes to soft clients, such as Slack, Skype, Zoom, and other collaboration tools, even peer-to-peer VoIP communication is taxed. It’s not as heavily taxed as services going through the PSTN, but VOIP to VOIP services are taxed at a lower rate.
  • How do communication taxes work when bundling products and services? This is something that is becoming prevalent as MSPs are bundling more and more services together within their offerings. This is especially true for MSP customers of Sangoma’s Wholesale Carrier Services, who pick and choose carrier service features to bundle and resell; more on that below. An MSP can bundle voice, SMS, fax, and soft clients and more, so figuring out the tax compliance for these individually sourced features is essential, as they are all taxed at different rates and dependent on the region.

  With all that there is to consider and the challenges there are to become well informed of tax compliance, it may be a good idea to pair up with experts in the field for consultation or, better yet, with a vendor having a tax engine, who can automate rating and calculations of services, based on local and service feature.

  How Sangoma’s Telecom Tax Module Can Help Providers

  As part of our wholesale carrier services hosted billing service, we have a built-in tax module that automates the calculation and collection of taxes and regulatory fees for our customers who resell our wholesale carrier services. For readers unfamiliar with our wholesale carrier services, read this blog post. What differentiates us is that we offer a complete set of wholesale VoIP services, from termination/origination, DIDs, SMS, E911, Fax, fraud detection/protection, and telecom compliance toolkits, wrapped around an intuitive portal, which includes our hosted billing platform and tax module.

  Our tax module is the “single pane of glass,” where our customers save a ton of time in tax rating and calculation for all their customers who may be dispersed nationwide using various services we resell. It consolidates taxes on all levels of government and service types. Also, as our customers expand across regions, the tax modules save them time from figuring out new tax compliance information for those areas as well.

  Tax compliance becomes more complex as products become more innovative and are offered in a less traditional fashion. For instance, voice services integrated within APIs were never something tax compliance was designed for. The natural progression is that innovation outpaces tax law but, with time, always catches up. A great example of this is with streaming services, such as Netflix or Amazon Prime, for example. When they came out on the market, communications tax compliance only applied to traditional TV services. So no taxes were applicable for a while, but communication taxes started working their way into these new innovation streaming services as time progressed.

  As an MSP, CSP, or VSP, it’s essential to understand the gray areas of communications tax compliance and be informed to avoid risks and possible penalties.

  Learn more about Sangoma’s Tax module, built into our hosted billing platform, and have your tax rating and calculations automated for you.

  The post What You Need To Know About The Growing Complexities of Communications Taxes appeared first on Sangoma Technologies.

March 14, 2023

• Digium Softclients are a Critical Component of a Unified Communications Solution

  When the day came that we all “had” to work from home, everyone learned how important a phone system client became (whether it was a mobile one, or a desktop one), because that was how we continued to talk to people and keep the business running– because our business phone number could be called, or we could call out on the business phone number – from these clients. And then the clients that integrated chat and video took center stage. Today, this is all part of a typical Unified Communication solution, including those from Sangoma.

  However, as we start to return to the office, will the importance of these clients diminish? I’ve definitely started to see articles about how especially the mobile client experience may not be the best.

  It seems unlikely that client importance will diminish. First, some form of hybrid work seems to be here to stay, as discussed in this article from Forbes. Employees will always be working remotely in some fashion, whether it is from home or from another location. Employees like it, and while there is some debate about it, it seems organization output is not impacted, though organization culture might be impacted. So, while everyone now needs to come back from the cool place they moved, they likely don’t have to go into the office every day.

  And second, just like always, technology will “solve” any problems. We saw it 20 years ago when VoIP first came on the scene. There were issues and they were overcome. And we’ll see it here as well. 5G is one technology that will certainly play a role in improving the mobile client experience.

  Getting back to the clients. So yes, they will remain even more important. And we’ll need to keep innovating them forward since they’ll remain an ever-critical part of a business communication system.

  The post Softclients are a Critical Component of a Unified Communications Solution appeared first on Sangoma Technologies.

March 09, 2023

• Digium Exploring SD-WAN – The Advanced Evolution of Business Networks

  In today’s world, it’s imperative to have access to information from any device, anytime and anywhere. However, this has led to the growth and complexity of the networks that connect everything, making them increasingly challenging to manage.

  LANs vs WANs: A Basic Overview

  The two main types of networks are Local Area Networks (LANs) and Wide Area Networks (WANs). LANs connect devices within a local office, while WANs connect offices across different locations globally. Without WANs, businesses would be restricted to communicating within their local offices, preventing them from accessing the broader online world, the internet.

  The Emergence of SD-WAN: Next-Gen Networking

  SD-WAN, the latest evolution of WAN technology, has recently emerged as a game-changing innovation. SD stands for “software-defined,” and while the concept is not new, it has become a focal point, particularly in infrastructure and networking. SD-WAN essentially leverages software to make IT smarter, faster, and more cost-effective. It is a revolutionary way to construct and manage long-distance networks, providing better bandwidth optimization and ensuring the delivery of real-time applications with improved user experiences.

  Why, How, and What Makes SD-WAN Better?

  Traditional WANs typically have a large number of routers that communicate with each other over extended distances. Within each router is a data plane and a control plane, with the data plane holding the information transmitted or received, and the control plane determining the route the data should take. However, someone needs to program the control plane with rules on how to handle network traffic on the data plane. This is typically done by entering a series of commands into each router’s command line interface, or CLI, by a network administrator. This can be a very manual, time consuming and error prone process. For example, let’s say there is a large business with 100 locations that needs to deploy a new application across all these locations. Let’s assume that each location has one router which needs 20 new commands to implement the correct configurations for the new application. With 100 locations, that’s 2000 (20 x 100) commands and if each command took 40 seconds of time that’s roughly 22 hours of work just to deploy a single application for the business. Also, the CLI can be error prone. Imagine a mistake was made on one of those commands and having to hunt down that error or troubleshoot the application. Staff and IT resources would be impacted and could potentially paralyze the business! To overcome this tedious process, network admins will try to automate this process using programming tools and scripts, however, these tools and procedures add more layers of complexity as well as even more CLI commands with more variables that could compound existing problems.

  With SD-WAN, this process is simplified, as the control plane is centralized, where changes can be grouped and managed simultaneously across the entire WAN, from a centralized management portal. Businesses can use specific rules to automate the process and distribute configurations instantly, eliminating the complexity and errors inherent in the old manual method.

  The Benefits of SD-WAN

  One of the most significant benefits of SD-WAN is the ability to leverage broadband internet connections, reducing the need for expensive private MPLS networks, lowering costs and increasing performance. Moreover, the software-defined capabilities of SD-WAN enable network admins to change characteristics of their entire network from a central management portal, such as:

  • Moving business critical applications to a private MPLS network between locations
  • Block, or lower the priority of social media applications to improve worker productivity

  Once these rules or policies are set, they can be automatically distributed and implemented across the organization in seconds.

  So, with SD-WAN, configuring new or existing networking infrastructure is much easier than the old way of fragile command lines and manual updates.

  What does this all mean about SD-WAN?

  Here are three key takeaways for businesses regarding SD-WAN:

  Agility: SD-WAN enhances agility by simplifying network policy configuration and management.
  Performance: SD-WAN provides higher performance by leveraging multiple paths intelligently, including broadband connections.
  Cost: SD-WAN lowers IT operational costs by simplifying WAN infrastructure and providing a more efficient network.

  Managed SD-WAN: Taking It to the Next Level

  Setting up and managing a WAN has never been easier, provided that it’s software-defined. But taking it a step further, businesses can take advantage of a Managed SD-WAN, where a vendor handles the entire network for them, including deployment, maintenance, updates and technical support. To learn more about this zero-touch network infrastructure get in touch with one of our Managed SD-WAN specialists for more info.

  The post Exploring SD-WAN – The Advanced Evolution of Business Networks appeared first on Sangoma Technologies.

March 07, 2023

• Enable Security SIPVicious PRO incremental update - and Gitlab CI/CD examples
  We just pushed out a new SIPVicious PRO update to our subscribing members! This version does not include any new major features. Instead, it fixes various bugs and brings missing but necessary features to various SIPVicious PRO tools. We have the following highlights in this update: Documentation now includes realistic Gitlab CI/CD examples The RTP fuzzer in the experimental version now supports SRTP Support for new SIP DoS flood request methods The RTP inject tool can now specify the RTP’s SSRC and payload ID The SIP password cracking tool now supports closing the connection upon each attempt The SIP ping utility supports INVITE For the boring details, including a list of bug fixes, do read the release notes for v6.

March 02, 2023

• Tox Redesign of Tox’s Cryptographic Handshake

  In 2017, Jason A. Donenfeld (known for WireGuard®) reported an issue in Tox’s handshake [1]. This issue is called “Key Compromise Impersonation” (KCI). I will try to explain the issue as simple as possible:

  In Tox you don’t register an account (e.g. with username and password), but instead your identity is solely based on (asymmetric) cryptographic information, a so-called asymmetric key pair. Such a key pair consists of a public part (public key) and a private part (private key). The public part, as the naming suggests, is public and contained in your ToxID which you share with your contacts to be able to communicate with them via Tox. The private part, again as the name suggests, needs to stay private! If someone gets in possession of your private key, they stole your Tox identity. This could, for example, be the case if someone got physical access to your computer or successfully installed malware on your system, e.g. a so-called trojan horse, to be able to extract data from it. If this happens, you will most likely have multiple problems and your Tox identity may be just one of them. The password you enter when you create your Tox profile, e.g. when you first start qTox client, is used to encrypt your profile and also your private key on your disk. If you start qTox, you need to enter your password to decrypt your private key, to be able to communicate via Tox. Your private key is then stored unencrypted in memory (i.e. RAM) while qTox is running. This means an attacker either needs to get access to your password (steal or crack it) or to read your Tox private key from memory while your Tox chat client is running.

  If someone successfully stole your Tox identity (i.e. this private key), they are you – at least in the context of Tox. So they can successfully impersonate you in Tox. Now in this case the KCI vulnerability leads to “interesting” behavior. It is clear that someone who stole your identity is able to impersonate you. But because of the KCI vulnerability, they may also be able to impersonate others to you. This means, to exploit this vulnerability in practice, someone not only needs to successfully steal your private key, but additionally:

  • Know the ToxIDs of your Tox friends to be able to impersonate them to you.
  • Control the network connection between you and your friend. This could be the case e.g. if they are in the same (public) WiFi as you, or via the Internet – which is way harder and is most likely only possible for state actors (e.g. the NSA).
  • Implement their own version of toxcore because it’s not possible to exploit this issue with the current implementation. There is no public exploit available which can just be used.

  In summary, KCI is exploitable, but with a huge effort.

  Anyway, this is a real vulnerability and it should be fixed. The current Tox handshake implementation is not state-of-the-art in cryptography and it also breaks the “do not roll your own crypto” principle. As a solution, there is a framework called Noise Protocol Framework (Noise, [2]) which can be used to create a new handshake for Tox. More precisely, the application of Noise will only change a part of Tox handshake — the so-called Authenticated Key Exchange (AKE). Noise-based protocols are already in use in e.g. WhatsApp, which uses it for encrypted client-to-server communication, and WireGuard®, which uses it for establishing Virtual Private Network (VPN) connections. Noise protocols can be used to implement End-to-End Encryption (E2EE) with (perfect) forward secrecy (which is also the case with the current Tox implementation), but further adds KCI-resilience to Tox.

  Tobi (goldroom on GitHub) wrote his master’s thesis (“Adopting the Noise Key Exchange in Tox“) on the KCI issue in Tox, designed a new Handshake for Tox based on NoiseIK and implemented a proof-of-concept (PoC) for this new NoiseIK-based handshake by using Noise-C [3]. This PoC has a few drawbacks, which is why it should not be used in practice (see Appendix). If you want to know more about his master’s thesis, see the update in the initial KCI GitHub issue [4].

  He applied for funding at NLnet foundation and their NGI Assure fund to continue his work on Tox and to be able to implement a production-ready Noise-based handshake for toxcore. Fortunately, this application was successful [5]. NGI Assure is made possible with financial support from the European Commission’s Next Generation Internet programme (https://ngi.eu/).

  The objective of this project is to implement a new KCI-resistant handshake based on NoiseIK in c-toxcore, which is backwards compatible to the current KCI-vulnerable handshake to enable interoperability and smooth transition. The main part of this project is to implement NoiseIK directly in c-toxcore to remove Noise-C as a dependency (as the only other dependency for c-toxcore is NaCl/libsodium) which was used in the PoC and therefore improve maintainability of c-toxcore (see Appendix).

  The tasks in this project are:

  • Implementation of a Noise-based AKE for the use in Tox’s handshake in c-toxcore
    • This task is to implement and test an AKE for the Tox handshake based on a Noise protocol (most likely Noise_IK_25519_ChaChaPoly_SHA512, but it may change due to new insights in c-toxcore).
  • Implementation of a symmetric transport phase encryption based on a Noise-based AKE/handshake
    • This task includes the implementation of a symmetric transport phase encryption based on the secret key(s) generated during the Noise-based AKE during the Tox handshake and evaluation of Noise’s rekey feature.
    • Subtasks:
      • Decision of which symmetric cipher to use for the Tox transport phase encryption (e.g. ChaCha20-Poly1305 or XSalsa20-Poly1305)
      • Evaluation of Noise’s rekey feature to allow for session rekeying to reduce the volume of data encrypted under a single cipher key (cf. section 11.3 of Noise specification, revision 34). This may not be applicable to be implemented in c-toxcore (e.g. changing keys may be expensive). Also, it may not be necessary for ChaCha20 / XSalsa20. Further, it’s dependent on how the transport phase encryption will be implemented.
  • Support for the Noise-based AKE and the KCI-vulnerable AKE for backwards compatibility
    • This task includes the implementation of a mechanism to fall back to the KCI-vulnerable handshake if one of both peers uses a legacy c-toxcore version to provide backwards compatibility for the handshake transition phase (e.g. via cookie phase (request and response) of Tox’s handshake).
  • Error handling and testing, Documentation, Blog posts

  The plan is to implement this new handshake until July 2023. Since it’s not a trivial task, there are still some obstacles:

  1. In Noise it is necessary to differentiate between the initiator and responder of a handshake. Due to the architecture of Tox it is possible that both peers initiate and respond to a handshake at the same time.
  2. Tox is P2P and UDP-based. Therefore packets can be received out-of-order or be lost altogether. In the Noise specification this is only considered for transport messages (cf. [6]).

     • “Note that lossy and out-of-order message delivery introduces many other concerns (including out-of-order handshake messages and denial of service risks) which are outside the scope of this document.” (cf. [6])

  Both points are not ideal for a handshake based on NoiseIK (i.e. it would be way easier to implement it in a client-server model using TCP), but it should be possible to work this out.

  Tobi is available in #toktok (libera.chat) as tobi/@tobi_fh:matrix.org and ready for any input, questions, remarks, discussions or complaints.

  ---

  Appendix

  The PoC shouldn’t be used in practice/in production because it should be improved in the following aspects (for details see chapter five of Tobi’s thesis [4]):

  • The PoC was implemented by using the Noise-C library [3]. Instead of using the library, NoiseIK or more specifically the Noise_IK_25519_ChaChaPoly_SHA512 protocol will be implemented directly in c-toxcore. This will remove Noise-C as a dependency for toxcore (i.e. the only other dependency is NaCl/libsodium) and therefore improve maintainability. Additionally this will reduce the number of possibly vulnerable source lines of code.
    • Notes on maintainability: Noise-C has a lot of code/functionality which is not necessary for c-toxcore. Also Noise-C is currently (?) not actively maintained. If NoiseIK is implemented directly in c-toxcore it is only necessary to maintain the c-toxcore codebase and it is not necessary to care about Noise-C.
  • The PoC implementation uses the ChaCha20-Poly1305 AEAD cipher during the AKE/handshake and XSalsa20-Poly1305 during the transport phase. In this project it should be evaluated if it’s possible to also use ChaCha20 during the transport phase to only use one cipher instead of two different ones (XSalsa20 is not supported by the Noise framework). For details see chapter four of Tobi’s thesis.
  • Further testing of NoiseIK handshake behavior and improved error handling.
  • The PoC implementation is not backwards compatible with the current KCI-vulnerable Tox handshake. In this project a mechanism should be added to enable interoperability with clients based on an old c-toxcore version.

  ---

  References:

  • [1] Tox Handshake Vulnerable to KCI #426: https://github.com/TokTok/c-toxcore/issues/426
  • [2] Noise Protocol Framework: https://noiseprotocol.org/
  • [3] Noise-C Library: https://github.com/rweather/noise-c
    • https://rweather.github.io/noise-c/index.html
  • [4] More information on Tobi/goldroom’s master’s thesis: https://github.com/TokTok/c-toxcore/issues/426#issuecomment-759511593
  • [5] “Adopting the Noise Key Exchange in Tox” project description/information: https://nlnet.nl/project/Noise-Tox/
  • [6] Noise specification, 11.4. Out-of-order transport messages: https://noiseprotocol.org/noise.html#out-of-order-transport-messages

  ---

  “WireGuard” is a registered trademark of Jason A. Donenfeld.

February 28, 2023

• Digium The Importance of Channel Partnerships

  Channel partnerships are the way Sangoma does business. We understand the value the channel partnerships bring to Sangoma, and ultimately to the end-user customers who need business communication solutions. As such, we work hard to ensure our channel programs bring value to our channel partners, that what we offer our channel partners is unique, and ultimately that it is worthwhile for the channel partner to invest their time with Sangoma solutions.

  If you want to learn more, we will likely be at your favorite Telecom Services Distributor / Technology Services Distributor event as they roll their events out across the country.

  We will also be at the channel event of the year, Channel Partners in Las Vegas in early May. We’ll be at booth 1819.

  We’d love to meet you and show you why Sangoma would be a great option to help you service your customers with the best business communication solutions.

  The post The Importance of Channel Partnerships appeared first on Sangoma Technologies.

• Digium The Importance of Channel Partnerships

  Channel partnerships are the way Sangoma does business. We understand the value the channel partnerships bring to Sangoma and, ultimately, to the end-user customers who need business communication solutions. As such, we work hard to ensure our channel programs bring value to our channel partners, that what we offer our channel partners is unique, and ultimately that it is worthwhile for the channel partner to invest their time with Sangoma solutions.

  If you want to learn more, a few ways are coming up where you can meet us and hear more from us:

  1. We will start some national roadshows, with our first one on March 9 in the Dallas area, up in Plano. If you are in the area, we’d love to have you attend for lunch and drinks afterward. Reserve your spot now.
  2. We will be hosting a general webinar to hear about what Sangoma offers and how we have changed over the past few years, on March 2. Click here to register.
  3. We will likely be at your favorite Telecom Services Distributor / Technology Services Distributor event as they roll their events out across the country.
  4. We will be at the channel event of the year, Channel Partners, in Las Vegas in early May. We’ll be at booth 1819.

  We’d love to meet you and show you why Sangoma would be a great option to help you service your customers with the best business communication solutions.

  The post The Importance of Channel Partnerships appeared first on Sangoma Technologies.

• Enable Security WebRTC attacks, FOSDEM'23 and security fixes
  Welcome to the February 2023 edition of RTCSec newsletter. If you are reading this on your email client, you might notice slight formatting changes - the red color of the Communication Breakdown blog and the mascot on the side. Hope that this makes it more distinguishable. Do let me know if you have feedback, by replying to this email. In this edition, we cover: A chat with Arin Sime of WebRTC.

February 15, 2023

• Digium Sangoma Wholesale: Compliance-as-a-Service

  In the mid-2000’s, VoIP Innovations pioneered SIP trunking services for an emerging number of non-facilities-based, value-added resellers and managed service providers. Back then, VoIP for business-use was less common. Today, there are over 40,000 VAR’s/MSP’s and VoIP has replaced POTS lines in the large majority of businesses nationwide.

  As enterprises have all but done away with in-house telecommunications departments, these VAR’s/MSP’s have more heavily relied upon rebilling the tailored services provided by VoIP Innovations. Now known as Sangoma Wholesale Carrier Services, the legacy of innovations continues with Compliant Service Solutions for this continually growing market segment.

  Not only are clients’ technical expectations on VAR’s and MSP’s heightened, so too are the FCC’s expectations and requirements on these non-facilities-based voice service providers.

  For example, In December 2021, the FCC pushed out the Small Provider Order Fourth Report and Order pertaining to STIR SHAKEN. This order is specifically for non-facilities-based, small voice service providers to be in compliance by the revised deadline of June 30, 2022.

  Our many Compliance-as-a-Service solutions provide the tools you need to take care of your SHAKEN requirements yourself. Other compliance-related solutions include SMS Campaign Registry, e911 Dynamic Location Routing, Hosed Billing with comprehensive tax calculations, and HIPAA compliant fax solution services. We have found that the more seamlessly our products work for our VAR’s and MSP’s, the more easily they can customize their services to more profitably meet the needs of their end-users.

  As our reseller partners’ demands are ever evolving, we continue to innovate our products mix to keep up with the FCC’s more demanding requirements.

  Check out another recent blog post Brian Smiley, our VP of Wholesale, created to learn more about reselling the most trusted, best-in-industry, carrier communications services for your clients.

  If you are attending ITEXPO Feb 14-17, please come to booth 617 to meet Brian and/or consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.

  Or visit our website at carrierservices.sangoma.com. Stay tuned for more exciting, innovative offerings coming soon!

  The post Sangoma Wholesale: Compliance-as-a-Service appeared first on Sangoma Technologies.

February 14, 2023

• Digium Overall Managed SD-WAN Benefit Review

  In a December blog, I wrote at a high level about a paper from the Eastern Management Group regarding the benefits of utilizing different types of cloud services, which basically boil down to the following organizational benefits:

  • Reduced IT Effort
  • Deployment Velocity
  • Scalability
  • Business Agility

  Today, according to that paper, I will highlight just a few of the benefits of using Managed SD-WAN services. Software Defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services – including MPLS, LTE, and broadband internet services – to connect users to applications securely. It creates a network managed through cloud software rather than disparate hardware systems. A significant benefit of using SD-WAN is:

  • Removes the need for companies to choose between high-cost private networks or low-cost Internet connections when building corporate networks. Instead, it allows businesses to leverage affordable, widely available broadband connections to boost bandwidth and reduce redundancy. It also prioritizes mission-critical applications such as voice and video while streamlining administration and centralizing management.

  Managed SD-WAN utilizes a third party to oversee the implementation, continued monitoring, and updates of the SD-WAN service. Major benefits include:

  • Proactive monitoring – identifies issues in real time and allows the organization to take corrective action before users notice or complain
  • A managed service provider can deploy additional security solutions and keep your company up to date with the latest developments

  If you are looking for more information on Sangoma’s Managed SD-WAN offering, please go here. If you want to read the full report now, please go here.

  The post Overall Managed SD-WAN Benefit Review appeared first on Sangoma Technologies.

February 08, 2023

• Digium Sangoma Wholesale: Power of the Portal

  More than 15 years in the making, the VI Communication Services portal leads all other SIP trunk providers’ portals in the industry for features and capabilities. As VI Communications is now Sangoma Wholesale Carrier Services, our legacy of innovations continues both in network expansion and portal enhancements.

  The BackOffice Portal is our customer portal for ordering and managing DIDs. And, the end-user portal is our brandable, extensible portal for our customers to pass on some of the powerful capabilities, such as number porting, to their end-users.

  Our award-winning portal simply does more than anyone else’s. And, our industry-leading service further separates us from the competition. At Sangoma Wholesale Carrier Services, customers can always talk to a live person 24/7.

  Often emulated for its ease-of-use, our portals are unrivaled for their comprehensive capabilities.

  What else would you expect from the company known for leading the industry in innovations?

  A true multi-tenancy portal for resellers to organize multiple customer profiles, provisioning, and managing telephone numbers. Our integrated billing platform will exceed expectations for what is possible. Easily process taxes and even other carrier’s call detail records (CDR’s).

  We are so much more than just Trunking as a Service with a great portal. We are your one-stop source for the compliance solutions that you need which are integrated into our nation-wide carrier network.

  Learn about our Hosted Billing and integrated Tax Solutions. Manage SPAM and fraud before it affects your customers. Stay ahead of all the new STIR SHAKEN requirements for VoIP resellers. Keep on top of the changes with Campaign Registry for SMS. And, your customers can remain connected even in emergencies with our e911 Dynamic Location Routing solutions.

  Check out another recent blog post that Brian Smiley, our VP of Wholesale, created to learn more about reselling the most trusted, best-in-industry, carrier communications services for your clients.

  If you are attending ITEXPO Feb 14-17, please come to booth 617 to meet Brian and/or consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.

  The post Sangoma Wholesale: Power of the Portal appeared first on Sangoma Technologies.

February 02, 2023

• Digium Sangoma Wholesale: Empowering Value-Added Resellers

  VI Communications has been the carrier services division of Sangoma since being acquired in 2019. Otherwise known as Sangoma Wholesale Carrier Services, this division is integrated yet operates as an autonomous business unit.

  There is one primary reason for this autonomy. We primarily service and support the important “middleman” or value-added resellers.

  Nationwide, approximately 40,000 managed service providers typically support multiple end-customer businesses’ IT and communication service needs. We have provided wholesale services to these value-added resellers for over 15 years.

  As the wholesale arm of Sangoma, it could be perceived as competing for the same end customer. Our distribution model is designed to be trusted and complement our customers’ unique offerings and expertise.

  Our wholesale division exists to provide value-added resellers access to the best industry products and services possible at a discounted rate to service aggregators. And we follow stringent CPNI (customer proprietary network information) rules to ensure privacy and the protection our customers expect.

  Our reliably engineered network is the foundation for our product and carrier services offerings. Our award-winning BackOffice and End-Client portals with industry-leading, FCC-compliant features are offered in an a la carte manner where you only pay for what your customers use.

  Sangoma Wholesale Carrier Services continues a legacy of innovations in product development, the expansion of our core networks and technological capabilities, and value-added resellers thrive as communications service providers.

  We are so much more than just Trunking as a Service. We are your one-stop source for the compliance solutions you need, which are integrated into our nationwide carrier network.

  Learn about our Hosted Billing and integrated Tax Solutions. Manage SPAM and fraud before it affects your customers. Stay ahead of all of the new STIR SHAKEN requirements for VoIP resellers. Keep on top of the changes with the Campaign Registry for SMS. And your customers can remain connected even in emergencies with our e911 Dynamic Location Routing solutions.

  Check out another recent blog post Brian Smiley, our VP of Wholesale, created to learn more about reselling your clients’ most trusted, best-in-industry carrier communications services.

  If you are attending ITEXPO Feb 14-17, please come to booth 617 to meet Brian and/or consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.

  Or visit our website at carrierservices.sangoma.com. Stay tuned for more exciting, innovative offerings coming soon.

  The post Sangoma Wholesale: Empowering Value-Added Resellers appeared first on Sangoma Technologies.

January 31, 2023

• Digium Sangoma as a Frost and Sullivan FROST RADAR™ North American UCaaS Market Leader

  A couple of months ago, I wrote about being selected, again, for the 9th year in a row, to the Gartner UCaaS Magic Quadrant. It never gets old, just like football teams that consistently get to the playoffs! I’m pleased to announce that we’ve also been designed a Leader in the Frost and Sullivant FROST RADAR North American UCaaS Market for this year.

  It’s very nice to honored like this by key analyst companies. It makes all the hard work, by the entire company, mean something. The recognition is nice.

  We know we can’t just sit still and not innovate if we want to keep getting this recognition. The market is continually changing, and the competition changes as well. I mean who would have thought 9 years ago that video meetings and collaboration would be key features in a UCaaS platform now? But they are. Business phone systems are just different now, in a way that benefits the customers.

  Change is still coming though. If you read the report (and the report can be found here on our website), you‘ll see it mentions that “Integrated platforms delivering UCaaS, CCaaS and CPaaS are at the foundation of next-generation business communications solutions”.

  Sangoma certainly agrees with that statement and we have been driving this on our roadmaps for a while. We have or own CCaaS and CPaaS platforms, that are integrated with our UCaaS. And we are using our CPaaS to create apps that augment our UCaaS solution, whether that be with integrations to other software systems, or productivity improvement apps that supplement UCaaS.

  As Elka Popova, VP of Connected Work Research, ICT of Frost and Sullivan says “Sangoma continues to strategically augment and diversify its extensive UCaaS portfolio and partner network, more recently via the acquisition of Star2Star and NetFortris. Sangoma consistently prevails within the industry as a one-stop shop for complete communications solutions, including UCaaS, CPaaS, SD WAN and communications devices.”

  We certainly intend to continue to offer the best one-stop shop cloud communications solutions, intend to continue to innovate, and thus continue to be recognized as leaders!

  The post Sangoma as a Frost and Sullivan FROST RADAR™ North American UCaaS Market Leader appeared first on Sangoma Technologies.

• Enable Security Kamailio's exec module, SIPVicious still ringing phones and many vulnerabilities
  This new year starts off with a number of RTC security related news and we have some original content to share with you too! In this edition, we cover: Our news: The dangers of using the Kamailio exec module and our pentesting schedule Our news: Updates to the awesome RTC hacking list The Threema weaknesses paper from ETH Zurich Presentations of interest from Blackhat and Nullcon Berlin Receiving calls on your deskphone from SIPVicious - still happening!

January 26, 2023

• Enable Security Kamailio's exec module considered harmful
  Executive summary (TL;DR) The combination of pseudo-variables and Kamailio’s exec can be risky and may result in code injection. By using special SIP headers and environment variables, it becomes effortless to exploit a vulnerable configuration. We have created a Docker environment to assist readers in reproducing this vulnerability and testing solutions. Protection is tricky and the official documentation may have previously misled developers - we aim to fix that by updating the module’s official documentation.

January 17, 2023

• Digium Going to ITEXPO and AstriCon

  It’s been a while. For both an in-person AstriCon and an ITEXPO during its “rightful” time in mid-February in southeast Florida. And they are both converging and happening in a few weeks in Fort Lauderdale.

  The last time we had an in-person AstriCon was in 2019. This will be the first one since Covid. We decided to co-locate it with ITEXPO since, at the last AstriCon, we did not have members of the ecosystem (such as phone vendors that support Asterisk and FreePBX). The ecosystem exists in force at ITEXPO, so it made sense to run AstriCon as a co-located event. To register, please go to this link: https://www.itexpo.com/east/astricon.aspx

  And Sangoma will also have a booth at ITEXPO. Since the last time we did a show, we changed our logo, so you will surely notice that. Sangoma has the widest range of business-focused communication services, and we won’t be able to demonstrate all of them. But we will showcase our UCaaS platforms, phones, MSP Services, Open-Source products (Asterisk and FreePBX), and wholesale carrier services (i.e., VoIP Innovations) offerings.

  We’re looking forward to catching up with you, so please stop by our booth (617)!

  The post Going to ITEXPO and AstriCon appeared first on Sangoma Technologies.

January 12, 2023

• Digium VI Communications is Sangoma Wholesale Carrier Services

  VI Communications is Sangoma Wholesale Carrier Services. Known initially as VoIP Innovations, Sangoma Wholesale was built on over 15 years of Trunking as a Service expertise. Sangoma Wholesale continues the legacy of innovations within its award-winning user and end-client portals.

  Sangoma Wholesale Carrier Services’ innovative solutions are industry-leading and delivered on its own reliably engineered network.

  Ideal for VoIP resellers and communication service providers, wholesale customers can buy unbundled services on an a la carte basis. A full-featured, extensible SIP Trunking platform puts number ordering, management, and provisioning all in your administration or directly into the hands of your end-users. This multi-tenant environment allows for customizable parent-child account relationships. And our integrated Hosted Billing options are popular, complementary add-on services for their ease of use.

  Sangoma Wholesale is much more than a one-stop shop for your carrier services like VoIP, SMS, fax, and video collaboration solutions. Check out our array of Compliance Solutions. Whether it is STIR SHAKEN, Tax Calculation, SMS Campaign Registration, Kari’s Law for e911 Dynamic Location Routing, or Fax solutions that meet all the requirements for HIPAA – we have what you need for resale.

  And likewise, as consumers demand heightened detection and protection from SPAM and Fraudulent calling, we have services you can trust.

  If you are attending ITEXPO Feb 14-17, please come to booth 617 to consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.

  Remember, VI Communications is Sangoma Wholesale Carrier Services.
  Visit us at booth 617 at ITEXPO or learn more at https://carrierservices.sangoma.com/.

  The post VI Communications is Sangoma Wholesale Carrier Services appeared first on Sangoma Technologies.

January 03, 2023

• Digium UCaaS Futures Musings Podcast

  In December, I did a podcast with Isha Mukherjee, our Asia-Pac marketing wiz. We talked about a bunch of things, ranging from our new logo, to what happened to UC in 2022, to my thoughts on UC in 2023.

  If you want listen to whole podcast, just go here.

  For this blog, though, I just want to focus on my thoughts for UC in 2023. I encapsulated my thoughts into the term “Smart Business”. This could mean multiple things, such as making your business smarter through using UC. And I certainly see that. In the Frost and Sullivan blog from a few weeks ago, I talked about the integration of contact center, unified communications, and CPaaS. And I certainly see that moving quite far along in 2023, even bringing in some aspects of AI that’s already in the contact center towards UC. And utilizing CPaaS apps to augment the UC system, so that the UC system is “smart” for your business. In other words, it does what you need it to do.

  And that brings us to another meaning of Smart Business, which is doing business in a smart way. I think we’ll see more one-stop shopping with cloud communications in general. If there is a global slowdown, then businesses unfortunately may not be able to keep the same number of employees. There would likely be retrenchment. And this means you need to do business smarter in order to keep the same level of service, and to even grow. One way to do that, is to get your cloud communications from one provider. One bill, one place to talk to, many less headaches. Focus your people on growing the business, not the back-end that runs the business. UCaaS, Contact Center, Augmentation Apps, Collaboration, Video Meetings, and MSP services – all from one vendor, servicing you well. That is Sangoma.

  The post UCaaS Futures Musings Podcast appeared first on Sangoma Technologies.

December 22, 2022

• Enable Security Highlights from the past year and various security fixes
  Welcome to the last RTCSec newsletter of 2022! In this edition, we cover: Looking back at the past year and best wishes for the New Year Jitsi gets verification for E2EE OSS-Fuzz now testing PJSIP Vulnerabilities fixed in Drachtio, BigBlueButton, Cisco IP Phones and more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security. We cover both defensive and offensive security as they relate to Real-time Communications.

December 20, 2022

• Digium Overall SaaS Benefit Review

  Sangoma recently partnered with Eastern Management Group regarding a report reviewing the end-customer benefits of Sangoma’s various Communications as a Service offerings. The full report can be found here, and it covers all of Sangoma’s Communications as a Service offerings:

  • Unified Communications as a Service – UCaaS
  • Video Meetings as a Service – MaaS
  • Collaboration as a Service CollaaS
  • Contact Center as a Service – CCaaS
  • Trunking as a Service – TaaS
  • Communication Platforms as a Service – CPaaS
  • Network Connectivity – Network Access as a Service
  • SD-WAN Managed Services
  • Security as a Service – Managed Security
  • Fax as a Service – FaaS
  • Access Control as a Service – ACaaS
  • Desktop as a Service – DaaS

  While each one of these has specific customer benefits, at a high level the value to the end-user of using any managed communications service comes down to the following:

  • Reduced IT Effort
  • Deployment Velocity
  • Scalability
  • Business Agility

  In the next couple of weeks, I will go a more in-depth into some of the Sangoma cloud services, and explore more specific end-user customer benefits of the cloud service discussed that week. If you want to read the full report now, please go here. Otherwise, stay tuned here and I’ll provide a few quick updates for you.

  The post Overall SaaS Benefit Review appeared first on Sangoma Technologies.

December 16, 2022

• Jitsi Self-hosting a fully-featured Jitsi Meet instance just got as easy as pie

  Hey there Fellow Jitsters!

  Have you ever considered adding telephony to your Jitsi Meet self-hosted instance?

  Up until now you only had the option to run Jigasi and deal with telephony yourself. Many of our users do this every day, but when we asked we learned that there was interest in offloading that part. Could someone else host it?

  

  Today we’re launching a new way to quickly connect to the public telephone network and offer dial-in capabilities to your users without the need for hosting and managing the entire telephony infrastructure: JaaS components. You can give it a try today!

  Are you running Jitsi Meet on a Debian instance or are you using Docker? Either way, you can opt-in for this feature and it will be automatically set up. A new JaaS account will be created for you and you’re good to… call.

  If you’re running Jitsi Meet on Debian all you need to do is to answer ‘Yes’ to this question and you will have dial-in capability on your Jitsi instance.

  

  Note: A Let’s Encrypt certificate is required and the email address used to generate the certificate will be used also for creating your new JaaS account.

  If you’re running Jitsi Meet on Docker you’ll need to set the following variables on your .env file:

  • PUBLIC_URL: the domain were Jitsi Meet runs
  • ENABLE_JAAS_COMPONENTS=1
  • A Let’s Encrypt certificate is required so do enable it too

  

  Now you can restart your setup with `docker-compose up –force-recreate`

   

  An email will be sent to you, asking you to set up a password for the JaaS admin account:

  

  From the JaaS admin console you can manage your account, see the overall activity and upgrade to another plan if needed.

  

  You’re all set up now! Let’s make a phone call! Join a call on your Jitsi Meet instance and notice how the dial-in option becomes available when trying to invite participants. You can now dial-in to one of the phone numbers provided in the list and you’ll be connected to the meeting.

  

  Get started today, a free trial is available! Please check the JaaS components website for details on pricing.

  Jigasi is the first Jitsi component offered as a service, with more to come. Stay tuned!

   

  Your personal meetings team.

  ---

  Author: Oana Emilia Ianc

   

  The post Self-hosting a fully-featured Jitsi Meet instance just got as easy as pie appeared first on Jitsi.

December 12, 2022

• Digium Sangoma is Recognized in the Gartner UCaaS Magic Quadrant

  Last week you may have noticed that Gartner, Inc. positioned Sangoma in the 2022 Gartner® Magic Quadrant for Unified Communications as a Service. Sangoma is one of only twelve other companies placed in 2022 and one of six to appear consecutively for the last eight years.

  

  “We are thrilled to be recognized again in this year’s Gartner UCaaS Magic Quadrant,” said Sangoma Chief Marketing and Product Officer Jim Machi. “It’s gratifying to be independently recognized for vision and execution. Sangoma has grown its position in the top tier of cloud communications companies. Sangoma offers the widest set of cloud communication services in the industry, all engineered in-house, to offer partners and customers a single-source, business-oriented cloud-native communications portfolio. UCaaS is the centerpiece of this strategy, but this complete vision goes beyond that to include CCaaS, Video Meetings as a Service, Collaboration, CPaaS, etc., so this recognition is exciting for Sangoma, our partners, and our customers.”

  To read the full report, fill out the form on this page.

  The post Sangoma is Recognized in the Gartner UCaaS Magic Quadrant appeared first on Sangoma Technologies.

December 06, 2022

• Jitsi Trust, but verify: introducing user verification

  It’s been a while since we introduced End-to-End Encryption (E2EE) over two years ago. Back then we started with a simple model consisting of a passphrase everyone needed to type and later migrated to a model with randomly generated keys per participant. Each have different characteristic and we ultimately chose to stick with the latter. Today we are introducing a missing piece in the E2EE puzzle: user verification.

  User verification was not previously possible in Jitsi Meet. Just like our core E2EE we are basing our implementation on the Matrix protocol. Matrix’s libolm / vodozemac provide a Short Authentication String (SAS) mechanism implementation which developers can use. They even have great documentation on how it works, thanks Matrix!

  So, how does it work?

  First, you’d gather in a meeting and turn E2EE on.

  

  Now you’ll see a new option for each participant in their tile menu that allows you to verify them:

  

  After choosing to verify a user a dialog will open with a list of emojis:

  .

  Wait what? Emoji? These emojis conform the SAS. They have been carefully chosen to avoid ambiguity and make the process more user friendly than comparing random numbers. You can find more information in the Matrix spec.  You must verbally compare them with the other participant and if they match, mark it as verified.

  Once a user is verified this will be reflected in the user information tooltip:

  

  At this point you can be sure that not only your data is encrypted end-to-end, but also that there is no man-in-the-middle (MITM) attach happening.

  Availability

  User verification is currently available in Jitsi Meet master and deployed in beta. It will be part of the next stable release, but expect more improvements specially in the UX front.

  Thanks

  We’d like to thank Robertas Maleckas (ETH Zurich), Prof. Kenny Paterson (ETH Zurich) and Prof. Martin Albrecht (Royal Holloway, University of London) for their work researching Jitsi Meet’s E2EE and encouragement, and Matrix for their tools, which make implementing E2EE a much better experience.

   

  ---

  Please note that we still consider our E2EE experimental and are still working on improvements. Please make sure you check out our post on how end-to-end encryption in general does NOT offer a meaningful level of trust and protection when it comes to modern meetings services.

  Your personal meetings team.

  The post Trust, but verify: introducing user verification appeared first on Jitsi.

December 01, 2022

• Jitsi Introducing whiteboards in Jitsi Meet

  Trying to explain something to someone and they just don’t get it? If an image is worth a thousand words how about a diagram? Today we’re excited to announce the availability of whiteboards in Jitsi Meet – the missing piece for all those seeking an educational meeting solution and not only!

  

  We decided to stand in the shoulders of giants on this one. The core implementation comes from Excalidraw, an excellent whiteboarding piece of software, which is Open Source, of course. We made some tweaks and adjustments to have it fit in with our vision. We seek to provide an easy to use feature that enables participants to share ideas and brainstorm without having to seek a third party solution. From now on, meeting moderators can open a whiteboard and have everyone in the call sketch away.

  

  The interface supports a number of tools and settings that keep the collaboration interesting and effective. During a meeting, changes that a participant makes locally via the whiteboard are sent to a server to then distribute those updates only to devices of other participants in the meeting. The whiteboard content can be exported as a png or svg at any time during the meeting, so all that hard work doesn’t go to waste.

  

  If you’re using meet.jit.si, you can go ahead and play with the whiteboard in your meetings right away! For those self-hosting, it can be enabled from the config file, and you’ll need to deploy this simple backend.

  As you might already know, we’re firm believers in the power of Open Source, we seek to collaborate with other communities to build solutions everyone can use and we’re excited to bring more to this feature in the future!

  Your personal meetings team.

  ---

  Author: Mihaela Dumitru

  The post Introducing whiteboards in Jitsi Meet appeared first on Jitsi.

November 30, 2022

• Enable Security DDoS simulation tutorial, WebRTC IP leak and vulnerable RTC libraries
  It is the end of November and with it, we bring some of our own publications and coverage of various advisories, papers and news items in the VoIP and WebRTC security world. In this edition, we cover: How to simulate DDoS attacks on your own Details about the new WebRTC IP leak issue Coverage of interesting talks at Blackhat and TADSummit Advisories concerning Sofia-SIP, Drachtio, PJSIP and more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

November 29, 2022

• Enable Security How to perform a DDoS attack simulation
  TL;DR A DDoS simulation is a practical exercise that various organisations are capable of doing. Understand the reasons why you would want to do this, then combine custom with off-the-shelf attack tools. Follow the best practices, apply solutions and mitigation; and you can finally answer: what if we got attacked? Introduction In this post, we give an overview of how you too can perform your own distributed denial of service (DDoS) simulation exercises.

November 22, 2022

• Digium Multi-Location UCaaS and Multi-Location Connectivity Services

  Sangoma is very proud and honored to be able to service multi-location businesses with our UCaaS system and MSP services. A common dialing plan among the different physical businesses, physical phones that are tightly tied to the UC system, mobile and desktop clients to augment the desk phone, and having a CPaaS system that can enable multi-location business unique requirements to be added to our UCaaS solution has enabled Sangoma to service these businesses well with our UCaaS solutions.

  Beyond UCaaS, though, Sangoma, through its acquisition of NetFortris, now offers connectivity and security services that can be tailored to bring the best connectivity solution to the needs of the overall multi-location business and each of the specific physical buildings. It is hard to manage what is the best connectivity solution, which provider to get it all from, all the different bills, etc. That’s understandable, for sure. The IT department needs to be expert at everything, and that’s downright impossible.

  Someone like Sangoma can determine the best price, the best type of connectivity solution, and the best provider for each location and manage the network for you. You likely do not need the same bandwidth for each building, and the network provider may most likely offer a different economical service all around. Let someone else figure that all out for you and take care of all that for you.

  As your UCaaS provider, it makes sense to get all this from us. We understand the networks, and we’re monitoring the UCaaS anyway, so why not have us manage and monitor your internet connectivity as well?

  And we can also offer you SD-WAN services with this connectivity so that you can get the most efficient routing, a more stable internet (because of the use of multiple connections), and cost savings. And, of course, monitoring by Sangoma. Learn more about our MSP services here.

  The post Multi-Location UCaaS and Multi-Location Connectivity Services appeared first on Sangoma Technologies.

November 21, 2022

• Digium As a Voice Service Provider, How Has the FCC’s Updated Deadline on STIR/SHAKEN Compliance Affected Your Business?

  A few months ago, the FCC released a public notice reminding non-facilities-based “small voice service providers”, that they must implement the STIR/SHAKEN caller ID authentication framework in their Internet Protocol networks no later than June 30, 2022.

  Is this a surprise to you? Well perhaps, considering a 2 year extension was granted to small VPS (those with 100,000 or fewer voice access lines) from the original deadline of June 30th, 2021. So why the sudden change in deadline? What happened was an overwhelming amount of robocalls were observed to be originating from these small VSP from the time that deadline was announced, so much so, the FCC decided to cut the extension by 1 year, significantly moving up the deadline.

  In summary, as a small voice service provider you are no longer subject to a two year extension and must update your certifications and associated filings in the Robocal Mitigation Database (RMD) and implement the authentication framework by June 30, 2022 (which of course has passed at this point in time) or be subject to ”appropriate enforcement action” by the FCC.

  We know that it’s a lot of work, time, and money spent to become compliant. To implement STIR/SHAKEN into your voice network, you’ll likely need to provision a cost-prohibitive session border controller (SBC) or a SIP proxy, which can significantly alter the way you route traffic to your partners. This can create unexpected consequences for you, such as billing, for instance, not to mention the network maintenance and monitoring that’s required for these new points of failure.

  The deadline for compliance has already passed for non-facilities-based providers. Don’t risk waiting for the FCC to contact you and be put under extreme pressure. We have a Zero-maintenance call signing solution for you!

  VI Communication Services’ Call Signing Services help you become compliant, simply by sending your phone calls to our voice network. On our side, we will provision a dedicated server to host your unique certificate and sign calls on your behalf, using the attestation rules that you yourself configured. That’s all! No additional hardware or network maintenance required. We take care of everything for you so that you can focus on running your business. View our product slick.

  Learn more about our Call Signing Service today. We are sure it will save your business the unwanted hassle of STIR/SHAKEN compliance!

  The post As a Voice Service Provider, How Has the FCC’s Updated Deadline on STIR/SHAKEN Compliance Affected Your Business? appeared first on Sangoma Technologies.

November 10, 2022

• Digium What are Managed IT Services?

  A managed IT service is an information technology (IT) task provided by a third-party service provider and delivered to a business customer.

  “Managed services” refers to outsourcing information technology (IT) processes and functions to improve operations and reduce expenses. It’s a way to augment your company IT staff with access to specialized expertise and not worry about the cost and complexities of hiring and staffing for 24/7/365 critical business functions.
  Managed services are ideal for companies that:

  • Rely on IT infrastructure to support their daily business operations
  • Have training or specialty gaps in their IT staff or have teams that have become bogged down in routine maintenance and cannot focus on value-generating objectives
  • Need IT budget predictability and scalability

  What are Managed IT Solutions?

   
  Businesses outsource a plethora of IT-related services to managed IT solutions providers, including:

  • Cloud Communications – This encompasses multiple communications technologies from business phone systems, VoIP calling, email, chat, video conferencing and collaboration, unified communications-as-a-service (UCaaS), virtual call centers, SIP trunking, and more.
  • Networking – A service provider typically develops, controls, and manages communication networks. Services typically offered include:
    • Internet access
    • SD-WAN for network optimization and traffic prioritization
    • Network switches
    • Wireless local area networks (LANs)
    • Wide area networks (WANs)
    • Virtual private networks (VPNs)
    • Wi-Fi and other forms of connectivity
  • Security – Cybersecurity is a specialized field with a range of services encompassing a comprehensive solution that secures an organization’s network and devices on (or off) that network. Services typically include:
    • Next-generation firewalls (NGFW)
    • Backup and disaster recovery
    • Endpoint detection and response (EDR)
    • Managed detection and response (MDR)
    • Remote monitoring and management (RMM)
    • Multi-factor authentication (MFA)
    • Unified threat management (UTM)
    • Patch management
    • Email security
    • DNS protection
    • Security awareness training

  What is a Managed IT Service Provider?

   
  In a managed service arrangement, the managed service provider (MSP) is responsible for the functionality of IT services and equipment for the client, who typically pays on a monthly retainer basis.

  Companies that offer managed services are called managed service providers (MSPs). MSPs are third-party companies that remotely manage IT infrastructure and systems. Small and medium businesses (SMBs), nonprofits, government agencies, and enterprises across various industry verticals leverage MSPs to deploy and manage technology solutions.

  Typically, an MSP delivers applications and management services through the Internet under a contractual service-level agreement (SLA). The SLA details qualitative and quantitative performance metrics that govern the MSP and customer engagement.

  Key Benefits of Managed IT Service Providers for Businesses

  • Reduced technology costs
  • Domain expertise
  • Specialized talent
  • Scalability
  • Emerging tech know-how
  • Future-proof environments

  MSPs handle complex or repetitive tasks required to maintain a client’s IT infrastructure and typically are engaged in managing the following activities:

  • Sourcing and managing IT infrastructure
  • Delivering managed communications and collaboration services
  • Offering technical and software training and support
  • Sourcing and managing security solutions
  • Managing client user accounts in applications and portals
  • Handling contract management for underlying technology vendors
  • Assisting with compliance and risk management
  • Managing third-party contractors
  • More

  Why Outsource to a Managed IT Service Provider?

   
  Businesses of all sizes typically offload the management of select IT services for these key reasons:

  • Issue-Resolution Ownership – MSPs working with you in an ongoing capacity are incented to focus on preventing problems and quickly address issues to continue to win your business each month.
  • Solution Stability – MSPs provide 24/7/365 monitoring and proactive maintenance, which means they can respond to issues quickly and head off system failure and downtime in advance.
  • Predictable Costs – Expenses fit neatly into monthly payments, eliminating the need for significant capital outlays to deploy services. Likewise, you never get an unforeseen bill for something that breaks.
  • Infrastructure Modernization – MSPs go beyond just fixing your existing systems. They provide recommendations and create migration plans for upgrades to new and modernized versions of your underlying network infrastructure components while keeping them up to date and in alignment with your technical and business objectives.

  Ready for Worry-Free Managed IT for Your Business?

   
  Sangoma makes it painless to access a complete suite of managed networking, security, and business communications solutions customizable to your organization’s unique needs.

  The post What are Managed IT Services? appeared first on Sangoma Technologies.

• Jitsi Low-latency conference streaming to very large audiences

  Jitsi today supports life-streaming conferences to large audiences through our Jibri tool – this tool renders all the media from the conference, and forwards it to a streaming service such as YouTube.

  This approach works, but it has limitations.  In addition to being computationally expensive, it also introduces substantial latency to the media.  This can be a problem when interaction is needed between the participants in the conference and the audience, for example for a text-based question-and-answer session.

  This article will describe a new approach to live-streaming media, which uses Jitsi’s builtin functionality, without transcoding, to reach potentially very large audiences with latency comparable to that of a live conference.

  Overview

  The basic approach to media distribution for this solution is straightforward – simply forward media to all the audience members in the same way that they are forwarded today to conference participants – i.e. as individual RTP streams over WebRTC.  This can re-use Jitsi’s existing well-tested technology to distribute the media and have it arrive at receivers and be played out to viewers.

  The challenge, of course, is to scale Jitsi’s back-end services so they can support sending media to very large numbers of viewers, potentially in the hundreds of thousands or more.  The rest of this article will discuss some of the architectural enhancements we need to make to Jitsi to support this.

  The first insight that will make this possible is to realize that in a streaming scenario, while the conference’s active participants need to know that they are being watched by an audience, they don’t need to know all the audience members’ identities or presence in real-time; nor do the audience members need to know about each other.  Thus, the system can be modified such that presence information about individual audience members is not sent to other conference participants, or to unnecessary parts of the backend; this reduces the amount of signaling traffic substantially.

  The second substantial change that we are making to the backend is to be able to have more sophisticated topologies for the Jitsi Videobridges to relay media among them.  Currently, when more than one Jitsi Videobridge is used in a conference (in Jitsi’s Octo/Relay technology), the bridges are connected to each other in a full mesh.  This topology minimizes the latency for media, but would not scale to very large conferences, where e.g. hundreds of thousands of participants might need several hundred bridges.  If every bridge in such a conference were connected to every other one, the bridges could be overloaded just sending media out.

  Instead, we are developing technology that can arrange bridges into more elaborate topologies.  In particular, our plan for very large conferences is to still have the conference’s active participants be connected to bridges which are arranged in a mesh; but the audience members would then be connected to bridges whose interconnection forms a tree extending from various nodes of the core mesh, so that the core media servers would only need to send media out to a limited number of connections to the audience’s bridges, which would then be forwarded out to the audience, possibly relaying through multiple bridges on the way.

  

  Finally, changes need to be made for the signaling servers used by the Jitsi back-end.  While information about audience members only needs to be propagated to selected back-end infrastructure servers, information about a conference’s active participants needs to be forwarded to the entire audience.  The existing XMPP servers that the Jitsi back-end uses aren’t designed for this level of load.  Thus, we are developing solutions such that this participant information can be mirrored from one XMPP server to another, allowing each server to handle only a manageable number of client connections while still getting the information to the entire audience quickly.

  Stay tuned!

  Your personal meetings team.

  ---

  Author: Jonathan Lennox

  The post Low-latency conference streaming to very large audiences appeared first on Jitsi.

November 08, 2022

• Digium UCaaS as PBX Replacement: Part 2

  In my last blog, I wrote about a customer just wanting basic PBX features from “25 years ago” and whether it was possible to buy a business phone system today that would be able to effectively replace one of these older systems.

  The answer is “of course you can get a phone system” that handles the PBX feature requirements from 25 years ago. And it will do exactly what you want it to do, and are used to doing, in terms of calling and call routing and audio conferencing and voice mail, etc. And it can still be on-premises if you wish, but it can also run in the cloud. And you can use a handset just like your current system has. If this is what you want, we have it.

  But it will also come with other features, or the ability to add these features, because that is what many customers want today:

  • Chat
  • Presence
  • Video calling
  • Mobility (Calling to and from your smartphone and laptop)
  • Integrations to CRM systems
  • Ability to customize via adding applications (such as notification apps)

  So don’t be confused and don’t be afraid to upgrade because of the marketing buzzwords used today. You’ll have all your old features, but you’ll be able to use these new features as well. For instance, the mobility feature allows your business phone number to follow you around on your laptop and Smartphone – it will make you “look bigger” to your customers since you’ll be reachable more easily.

  Upgrade so you don’t put your business at risk because of a potentially failing old system. Come talk to us and we’ll be happy to help. PBXs are there today, just in different clothing.

  The post UCaaS as PBX Replacement: Part 2 appeared first on Sangoma Technologies.

November 03, 2022

• Digium Business Voice+ Named Cloud Computing Product of the Year by Cloud Computing Magazine

  We proudly announce that Business Voice+ was named the Cloud Computing Product of the Year Award, presented by Cloud Computing Magazine.

  Business Voice+ is Sangoma’s pure cloud deployment platform. Designed for businesses who want peerless call quality, communications flexibility, and exceptional system support, Business Voice is the perfect, zero-hardware option. With Business Voice, your business can leverage the power of a complete, end-to-end system from an intuitive, browser-based interface.

  The Cloud Computing Product of the Year Award honors vendors with the most innovative, practical, and beneficial cloud products and services deployed within the past year.

  Learn more about Business Voice+!

  The post Business Voice+ Named Cloud Computing Product of the Year by Cloud Computing Magazine appeared first on Sangoma Technologies.

October 31, 2022

• Digium UCaaS and the Education Industry: Equip Your School with Cutting-Edge Communications

  With Sangoma’s Education Solutions, School is Never Out for the Summer

  Education requires total commitment, and for good reason. After all, it involves nothing less than preparing young people for lifelong personal and professional success. Considering the stakes, school systems should prioritize high-quality and worry-free communications, but all too often they face challenges implementing and supporting the latest in telephony. Let’s explore why.

  Barriers to High-Quality School Communication

  School administrators are often confronted with funding shortfalls and end up scrapping IT investments. If that isn’t bad enough, many schools don’t have a permanent IT professional on staff, which means critical communications infrastructure goes unmaintained and improvements fall to the wayside.

  On top of this, user-friendliness inhibits the successful implementation of next-generation communications systems. Educators need systems they can easily pick up and run with, especially given the fact that “13.8 percent of U.S. teachers are either leaving their school or the profession altogether.” With this in mind, it’s clear that successful systems can’t require a steep learning curve. Educators need a solution that lets them focus on what matters most: teaching! 

  Thankfully, there is a solution that overcomes these not-so-insignificant barriers: Unified Communications as a Service (UCaaS). 

  What is UCaaS?

  Educators require an easy way to interact with parents, administrators, students, and coworkers. Many schools have answered that call by discarding existing telephony for cutting-edge voice over internet protocol (VoIP) solutions that pair high-quality voice with unified communication (UC) tools to create UCaaS systems. Uniting technologies like voice, video conferencing, instant messaging, email, SMS, and fax into a single platform, UCaaS is an affordable and customizable system that adapts to the needs of any school network. It can also have hugely positive implications for an organization’s overall effectiveness and culture, with recent survey data showing UCaaS translating to better productivity for 72% of respondents, higher collaboration for 91%, and faster problem solving for 88%.

  Ditch “Old-School” Methods

  “Parent notes” are a critical tool for keeping parents informed, but how often are they left in backpacks, found on the floor of the bus, or worse – eaten by the dog? With UCaaS in an educator’s corner, teachers can ditch these types of archaic communication methods in favor of crystal-clear voice or high-resolution video. Whether it be a one-on-one call with a co-worker or student, or a group video conference with parents, the flexibility maximizes the effectiveness of a school’s messaging by supporting whichever channel works best for the stakeholders involved. And this is just one example; the possibilities are practically endless when technology is on your side. 

  User-Friendly, Affordable Communications are as

  Easy as 1, 2, 3

  As a seasoned IT vendor successfully equipping schools with the best communication solutions for years, Sangoma has discovered an ideal way forward. By striking a much-needed balance through “must have” features while also remaining affordable, we ensure that schools will never be “out for the summer” or any other season when they work with us. 

  “It looks like we are saving about $400 a month so far,” said Sadie O’Brien, IT director for the Shiocton School District, after deciding to transition to [Sangoma] Switchvox.

  By eliminating up-front costs, Sangoma UC expertly walks the fine line between offering advanced communication features without straining an institution’s IT funding. Additional savings are gained from low annual fees, and the solution operates through an all-inclusive pricing model. This fixed, consistent, subscription-style billing structure fits comfortably within school system budgets. 

  What’s in it for You?

  Sangoma UC doesn’t just solve problems created by sparse technology budgets, it also addresses the administrative challenges faced by these institutions. The system can be administered via a single computer connected to the network – with no coding required. Everything is geared toward lowering the learning curve and easing the burden for education professionals right from the get-go. Let’s take a closer look at how it can impact some of the primary stakeholders within a given school district: 

  IT Professionals: IT support staff gain major advantages with Sangoma UC in that it requires no special software, hardware, or license keys – meaning there’s nothing to download or install. The entire system can be managed through a single pane of glass with customizable views and widgets. With a subscription-based model, dealing with lengthy updates or cumbersome maintenance becomes a thing of the past, instead transitioning to the vendor’s responsibility. 

  Teachers: The typical teacher is overworked and overwhelmed, meaning that any technology they use must always help, never hinder. Sangoma UC is simple and intuitive enough that teachers can simply pick it up and immediately start taking advantage of its mobility features, dedicated conference rooms, and more. 

  Administrators: Administrators within school districts have a lot on their plates – from tracking absences, to managing calls from parents and staff, to sending out alerts and emergency messages. Sangoma streamlines these workflows considerably with a full suite of easy-to-learn features, such as IVR, auto attendant, receptionist console, mobile and desktop apps, and RAY BAUM compliance.

  Move Education into the Future with Sangoma

  As a 100% web-based system, Sangoma UC centralizes communications and ensures access to all messages, applications, and tools, regardless of where users are or what device they’re using. 

  Having equipped more than 1,000 schools, we’re well aware of the communication challenges faced by school districts. This includes chronic problems with funding, adequate IT support, and the pressing need for high-quality anytime/anywhere connections between students, teachers, and parents. However, through our UCaaS system, schools can equip themselves with cutting-edge communications that provide comprehensive benefits for less time and effort. 

  Want to learn more about Sangoma and how it can transform your district? Download our free eBook today!

  The post UCaaS and the Education Industry: Equip Your School with Cutting-Edge Communications appeared first on Sangoma Technologies.

• Enable Security Celebrations, presentations and new VoIP security tools
  Welcome to a jam-packed edition of RTCSec newsletter for October. What have we this month? In this edition, we cover: This very newsletter is one year old! We’re looking for freelance pentesters to join us This time, 12 years ago in VoIP security incidents (Sality botnet scanning) Upcoming and past presentations of interest at TADSummit, CTI-Summit, Blackhat & ClueCon WebRTC security news: the “most secure VoIP” award and censorship busting New VoIP security tools and workshop by Jose Luis Verdeguer (Pepelux) And various security advisories, and other reports of concern RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

October 26, 2022

• Enable Security RTCSec newsletter is one year old!
  Roughly a year ago, we sent out the first RTCSec newsletter and have been doing so every month. Each time, we have covered more and more of our favourite topics, VoIP and WebRTC security. And now, it has become our primary way of keep up to date with what is happening, and our most regular publication too. If you are not yet subscribed, do so at https://rtcsec.com/subscribe. The next one is out in a few days!

October 25, 2022

• Digium UCaaS as PBX Replacement: Part 1

  Yes, there are still business systems called “PBX’s” out there. These are on-premises business phone systems that basically just did calling in and out of a building, offered voice mail, could perform an audio conference call, could forward a call, and had a some ‘advanced” calling features like ring groups, or sending group messages (i.e. recording a message, and then sending it to a group of people – like an email but you recorded the email), or call screening. The phone system that ran the business if you will.

  And they ruled the roost at one time. You learned many of the intricacies of these systems to be the most effective communicator out there, augmenting your email with these phone systems features.

  These systems are out there still. Not all have been upgraded yet. But they are old, and many of these systems are even out of maintenanace. Still chugging along…until they are not….
  As VoIP marched on and the internet networks became faster, other communication modes such as chat and video entered the fray, and the need to have the systems on-premises dissipated. Today’s UCaaS systems were born.

  And with it it came newfangled terminology. No more analog and digital. Seats, bandwidth, Unified Communications, trunking, hosted, cloud, multi-tenant, single-tenant, collaboration, single sign-on, UCaaS, mobility, and CPaaS are now typical words used.

  But this doesn’t mean the requirements of the PBXs of 25 years ago are different. The need to have a phone system that “runs the business” is still there. And I’ve had some prospects / customers kind of wondering what is going on – “can’t we just get a phone system?”. And these prospects have not upgraded since it’s kind of confusing to them. They want to, because they know the “chugging along” at some point will simply stop, but they don’t want to make a mistake, or buy something they won’t be able to work well.

  The answer is “of course you can get a phone system”. I’ll talk about this more in my next blog.

  The post UCaaS as PBX Replacement: Part 1 appeared first on Sangoma Technologies.

October 11, 2022

• Digium Let’s Revisit Hot Desking

  Back in June, I wrote a blog about hot desking. And I wrote at the time “But is hot desking of a physical phone an obsolete concept with Unified Communications? Does it even need to be in RFPs anymore? Because with UC, you can make and take phone calls with your work extension from your computer, or from your smartphone, via a UC client. I can do that no matter where I sit in the office.”

  Now, 4 months later, I got an email from a reader asking if I wanted to take that back because with the return to the office, many companies are going to hybrid models. Hybrid, to many, in addition to working both in the office and at home, means there are fewer offices. Because companies have downsized the physical space to save money.

  And now when you show up to the actual office, instead of going to a specific office or cubicle, you might just have to go find a place to sit. And so the phone at the “place to sit” is not hard wired with your extension. What I wrote is still valid and maybe even more-so if this is what hybrid means.

  What I will acknowledge, though, is that maybe there are some specific jobs where the company wants you on a deskphone, instead of on your smartphone, or the UC app. Security issues, for instance might come into play. So yes, I can see this being a part of RFPs with a hybrid environment if the use demands a physical phone while at the office.

  But if the UC client is used when working from home, what’s the difference if you are at home or in the office? Mobility is mobility. That’s all I’ll say.

  The post Let’s Revisit Hot Desking appeared first on Sangoma Technologies.

September 30, 2022

• François Marier Upgrading from chan_sip to res_pjsip in Asterisk 18

  After upgrading to Ubuntu Jammy and Asterisk 18.10, I saw the following messages in my logs:

  WARNING[360166]: loader.c:2487 in load_modules: Module 'chan_sip' has been loaded but was deprecated in Asterisk version 17 and will be removed in Asterisk version 21.
  WARNING[360174]: chan_sip.c:35468 in deprecation_notice: chan_sip has no official maintainer and is deprecated.  Migration to
  WARNING[360174]: chan_sip.c:35469 in deprecation_notice: chan_pjsip is recommended.  See guides at the Asterisk Wiki:
  WARNING[360174]: chan_sip.c:35470 in deprecation_notice: https://wiki.asterisk.org/wiki/display/AST/Migrating+from+chan_sip+to+res_pjsip
  WARNING[360174]: chan_sip.c:35471 in deprecation_notice: https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip
  

  and so I decided it was time to stop postponing the overdue migration of my working setup from chan_sip to res_pjsip.

  It turns out that it was not as painful as I expected, though the conversion script bundled with Asterisk didn't work for me out of the box.

  Debugging

  Before you start, one very important thing to note is that the SIP debug information you used to see when running this in the asterisk console (asterisk -r):

  sip set debug on
  

  now lives behind this command:

  pjsip set logger on
  

  SIP phones

  The first thing I migrated was the config for my two SIP phones (Snom 300 and Snom D715).

  The original config for them in sip.conf was:

  [2000]
  ; Snom 300
  type=friend
  qualify=yes
  secret=password123
  encryption=no
  context=full
  host=dynamic
  nat=no
  directmedia=no
  mailbox=10@internal
  vmexten=707
  dtmfmode=rfc2833
  call-limit=2
  disallow=all
  allow=g722
  allow=ulaw
  
  [2001]
  ; Snom D715
  type=friend
  qualify=yes
  secret=password456
  encryption=no
  context=full
  host=dynamic
  nat=no
  directmedia=yes
  mailbox=10@internal
  vmexten=707
  dtmfmode=rfc2833
  call-limit=2
  disallow=all
  allow=g722
  allow=ulaw
  

  and that became the following in pjsip.conf:

  [transport-udp]
  type = transport
  protocol = udp
  bind = 0.0.0.0
  external_media_address = myasterisk.dyn.example.com
  external_signaling_address = myasterisk.dyn.example.com
  local_net = 192.168.0.0/255.255.0.0
  
  [2000]
  type = aor
  max_contacts = 1
  
  [2000]
  type = auth
  username = 2000
  password = password123
  
  [2000]
  type = endpoint
  context = full
  dtmf_mode = rfc4733
  disallow = all
  allow = g722
  allow = ulaw
  direct_media = no
  mailboxes = 10@internal
  auth = 2000
  outbound_auth = 2000
  aors = 2000
  
  [2001]
  type = aor
  max_contacts = 1
  
  [2001]
  type = auth
  username = 2001
  password = password456
  
  [2001]
  type = endpoint
  context = full
  dtmf_mode = rfc4733
  disallow = all
  allow = g722
  allow = ulaw
  direct_media = yes
  mailboxes = 10@internal
  auth = 2001
  outbound_auth = 2001
  aors = 2001
  

  The different direct_media line between the two phones has to do with how they each connect to my Asterisk server and whether or not they have access to the Internet.

  Internal calls

  For some reason, my internal calls (from one SIP phone to the other) didn't work when using "aliases". I fixed it by changing this blurb in extensions.conf from:

  [speeddial]
  exten => 1000,1,Dial(SIP/2000,20)
  exten => 1001,1,Dial(SIP/2001,20)
  

  to:

  [speeddial]
  exten => 1000,1,Dial(${PJSIP_DIAL_CONTACTS(2000)},20)
  exten => 1001,1,Dial(${PJSIP_DIAL_CONTACTS(2001)},20)
  

  I have not yet dug into what this changes or why it's necessary and so feel free to leave a comment if you know more here.

  PSTN trunk

  Once I had the internal phones working, I moved to making and receiving phone calls over the PSTN, for which I use VoIP.ms with encryption.

  I had to change the following in my sip.conf:

  [general]
  register => tls://555123_myasterisk:password789@vancouver2.voip.ms
  externhost=myasterisk.dyn.example.com
  localnet=192.168.0.0/255.255.0.0
  tcpenable=yes
  tlsenable=yes
  tlscertfile=/etc/asterisk/asterisk.cert
  tlsprivatekey=/etc/asterisk/asterisk.key
  tlscapath=/etc/ssl/certs/
  
  [voipms]
  type=peer
  host=vancouver2.voip.ms
  secret=password789
  defaultuser=555123_myasterisk
  context=from-voipms
  disallow=all
  allow=ulaw
  allow=g729
  insecure=port,invite
  canreinvite=no
  trustrpid=yes
  sendrpid=yes
  transport=tls
  encryption=yes
  

  to the following in pjsip.conf:

  [transport-tls]
  type = transport
  protocol = tls
  bind = 0.0.0.0
  external_media_address = myasterisk.dyn.example.com
  external_signaling_address = myasterisk.dyn.example.com
  local_net = 192.168.0.0/255.255.0.0
  cert_file = /etc/asterisk/asterisk.cert
  priv_key_file = /etc/asterisk/asterisk.key
  ca_list_path = /etc/ssl/certs/
  method = tlsv1_2
  
  [voipms]
  type = registration
  transport = transport-tls
  outbound_auth = voipms
  client_uri = sip:555123_myasterisk@vancouver2.voip.ms
  server_uri = sip:vancouver2.voip.ms
  
  [voipms]
  type = auth
  password = password789
  username = 555123_myasterisk
  
  [voipms]
  type = aor
  contact = sip:555123_myasterisk@vancouver2.voip.ms
  
  [voipms]
  type = identify
  endpoint = voipms
  match = vancouver2.voip.ms
  
  [voipms]
  type = endpoint
  context = from-voipms
  disallow = all
  allow = ulaw
  allow = g729
  from_user = 555123_myasterisk
  trust_id_inbound = yes
  media_encryption = sdes
  auth = voipms
  outbound_auth = voipms
  aors = voipms
  rtp_symmetric = yes
  rewrite_contact = yes
  send_rpid = yes
  timers = no
  

  The TLS method line is needed since the default in Debian OpenSSL is too strict. The timers line is to prevent outbound calls from getting dropped after 15 minutes.

  Finally, I changed the Dial() lines in these extensions.conf blurbs from:

  [from-voipms]
  exten => 5551231000,1,Goto(2000,1)
  exten => 2000,1,Dial(SIP/2000&SIP/2001,20)
  exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
  exten => 2000,n,Hangup
  exten => in2000-BUSY,1,VoiceMail(10@internal,su)
  exten => in2000-BUSY,n,Hangup
  exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
  exten => in2000-CONGESTION,n,Hangup
  exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
  exten => in2000-CHANUNAVAIL,n,Hangup
  exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
  exten => in2000-NOANSWER,n,Hangup
  exten => _in2000-.,1,Hangup(16)
  
  [pstn-voipms]
  exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _1NXXNXXXXXX,n,Dial(SIP/voipms/${EXTEN})
  exten => _1NXXNXXXXXX,n,Hangup()
  exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _NXXNXXXXXX,n,Dial(SIP/voipms/1${EXTEN})
  exten => _NXXNXXXXXX,n,Hangup()
  exten => _011X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _011X.,n,Authenticate(1234)
  exten => _011X.,n,Dial(SIP/voipms/${EXTEN})
  exten => _011X.,n,Hangup()
  exten => _00X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _00X.,n,Authenticate(1234)
  exten => _00X.,n,Dial(SIP/voipms/${EXTEN})
  exten => _00X.,n,Hangup()
  

  to:

  [from-voipms]
  exten => 5551231000,1,Goto(2000,1)
  exten => 2000,1,Dial(PJSIP/2000&PJSIP/2001,20)
  exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
  exten => 2000,n,Hangup
  exten => in2000-BUSY,1,VoiceMail(10@internal,su)
  exten => in2000-BUSY,n,Hangup
  exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
  exten => in2000-CONGESTION,n,Hangup
  exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
  exten => in2000-CHANUNAVAIL,n,Hangup
  exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
  exten => in2000-NOANSWER,n,Hangup
  exten => _in2000-.,1,Hangup(16)
  
  [pstn-voipms]
  exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _1NXXNXXXXXX,n,Dial(PJSIP/${EXTEN}@voipms)
  exten => _1NXXNXXXXXX,n,Hangup()
  exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _NXXNXXXXXX,n,Dial(PJSIP/1${EXTEN}@voipms)
  exten => _NXXNXXXXXX,n,Hangup()
  exten => _011X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _011X.,n,Authenticate(1234)
  exten => _011X.,n,Dial(PJSIP/${EXTEN}@voipms)
  exten => _011X.,n,Hangup()
  exten => _00X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
  exten => _00X.,n,Authenticate(1234)
  exten => _00X.,n,Dial(PJSIP/${EXTEN}@voipms)
  exten => _00X.,n,Hangup()
  

  Note that it's not just replacing SIP/ with PJSIP/, but it was also necessary to use a format supported by pjsip for the channel since SIP/trunkname/extension isn't supported by pjsip.

• Enable Security DDoS workshop at TADSummit, toll fraud via MS Teams Direct Routing and WebRTC news
  This month brings us yet another crammed newsletter all about real-time communications security. So without further ado, welcome to the RTCSec newsletter for September 2022! In this edition, we cover: An upcoming open position at Enable Security and what we’re brewing for 2023 Our talk at TADSummit 2022 and the DDoS workshop Commentary about OpenSIPS Summit and Kamailio World Details about how MS Teams Direct Routing may lead to toll fraud Abuse of the exec modules in Kamailio and OpenSIPS WebRTC related news, about CVE-2022-2294, coturn, Scanbox malware and Cloudflare And much much more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.
• François Marier Setting up a JMP SIP account on Asterisk

  JMP offers VoIP calling via XMPP, but it's also possibly to use the VoIP using SIP.

  The underlying VoIP calling functionality in JMP is provided by Bandwidth, but their old Asterisk instructions didn't quite work for me. Here's how I set it up in my Asterisk server.

  Get your SIP credentials

  After signing up for JMP and setting it up in your favourite XMPP client, send the following message to the cheogram.com gateway contact:

  reset sip account
  

  In response, you will receive a message containing:

  • a numerical username
  • a password (e.g. three lowercase words separated by spaces)

  Add SIP account to your Asterisk config

  First of all, I added the following to my /etc/asterisk/pjsip.conf:

  [transport-udp]
  type = transport
  protocol = udp
  bind = 0.0.0.0
  external_media_address = myasterisk.dyn.example.com
  external_signaling_address = myasterisk.dyn.example.com
  local_net = 192.168.0.0/255.255.0.0
  
  [jmp]
  type = registration
  contact_user = 5554561000
  transport = transport-udp
  outbound_auth = jmp
  client_uri = sip:5554561000@jmp.cbcbc7.auth.bandwidth.com:5008
  server_uri = sip:jmp.cbcbc7.auth.bandwidth.com:5008
  
  [jmp]
  type = auth
  password = three secret words
  username = 5554561000
  
  [jmp]
  type = aor
  contact = sip:5554561000@jmp.cbcbc7.auth.bandwidth.com:5008
  
  [jmp]
  type = identify
  endpoint = jmp
  match = jmp.cbcbc7.auth.bandwidth.com
  
  [jmp]
  type = endpoint
  context = from-jmp
  dtmf_mode = rfc4733
  disallow = all
  allow = ulaw
  allow = g729
  auth = jmp
  outbound_auth = jmp
  aors = jmp
  rtp_symmetric = yes
  rewrite_contact = yes
  send_rpid = yes
  timers = no
  

  and for reference, here's the blurb for my Snom 300 SIP phone:

  [2000]
  type = aor
  max_contacts = 1
  
  [2000]
  type = auth
  username = 2000
  password = password123
  
  [2000]
  type = endpoint
  context = full
  dtmf_mode = rfc4733
  disallow = all
  allow = g722
  allow = ulaw
  mailboxes = 10@internal
  auth = 2000
  outbound_auth = 2000
  aors = 2000
  

  I checked that the registration was successful by running asterisk -r and then typing:

  pjsip set logger on
  

  before reloading the configuration using:

  reload
  

  Create Asterisk extensions to send and receive calls

  Once I got registration to work, I hooked this up with my other extensions so that I could send and receive calls using my JMP number.

  In /etc/asterisk/extensions.conf, I added the following:

  [from-jmp]
  include => home
  exten => s,1,Goto(2000,1)
  

  where home is the context which includes my local SIP devices and 2000 is the extension I want to ring.

  Then I added the following to enable calls to any destination within the North American Numbering Plan:

  [pstn-jmp]
  exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <username>)
  exten => _1NXXNXXXXXX,n,Dial(PJSIP/${EXTEN}@jmp)
  exten => _1NXXNXXXXXX,n,Hangup()
  exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <username>)
  exten => _NXXNXXXXXX,n,Dial(PJSIP/1${EXTEN}@jmp)
  exten => _NXXNXXXXXX,n,Hangup()
  

  Here username is my bwsip numerical username. When calls are placed, this gets automatically swapped in by my real JMP phone number, but Bandwidth appears to require its users to use their username in there caller ID string.

  For reference, here's the rest of my dialplan in /etc/asterisk/extensions.conf:

  [general]
  static=yes
  writeprotect=no
  clearglobalvars=no
  
  [public]
  exten => _X.,1,Hangup(3)
  
  [sipdefault]
  exten => _X.,1,Hangup(3)
  
  [default]
  exten => _X.,1,Hangup(3)
  
  [internal]
  include => home
  
  [full]
  include => internal
  include => pstn-jmp
  exten => 707,1,VoiceMailMain(10@internal)
  
  [home]
  exten => 2000,1,Dial(PJSIP/2000,20)
  exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
  exten => 2000,n,Hangup
  exten => in2000-BUSY,1,VoiceMail(10@internal,su)
  exten => in2000-BUSY,n,Hangup
  exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
  exten => in2000-CONGESTION,n,Hangup
  exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
  exten => in2000-CHANUNAVAIL,n,Hangup
  exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
  exten => in2000-NOANSWER,n,Hangup
  exten => _in2000-.,1,Hangup(16)
  

  Firewall

  Finally, I opened a few ports in my firewall by putting the following in /etc/network/iptables.up.rules:

  # SIP and RTP on UDP (jmp.cbcbc7.auth.bandwidth.com)
  -A INPUT -s 67.231.2.13/32 -p udp --dport 5008 -j ACCEPT
  -A INPUT -s 216.82.238.135/32 -p udp --dport 5008 -j ACCEPT
  -A INPUT -s 67.231.2.13/32 -p udp --sport 5004:5005 --dport 10001:20000 -j ACCEPT
  -A INPUT -s 216.82.238.135/32 -p udp --sport 5004:5005 --dport 10001:20000 -j ACCEPT
  

September 27, 2022

• Digium Sangoma Announces Shipment of Its One Millionth Desk Phone

  

  Wow, we just shipped our one millionth phone! Over 10 years ago, Sangoma (and Digium) decided that having a seamless end-to-end Unified Communication system was important. And at that time, end to end system meant just the phone and the UC systems. So, we decided to release our own phones.

  These days, a UC system includes Sangoma’s UCaaS service (or on-premises version), the desk phone, mobile and desktop client software, Sangoma’s collaboration-as-a-service client (TeamHub), and Sangoma’s video meetings service (Sangoma Meet).

  The UC industry has come quite a long way in 10 years, but the phone is still part of the system, especially for brick-and-mortar businesses. And we are proud to serve all of these customers.

  As I said in the press release about this news, “Many of our customers use both desk phones as well as our mobile and desktop clients to communicate. And since we manufacture our own desk phones and develop our own cloud communications software, we are able to provide deep integration between our phones and our cloud communications services, in a way that other phone manufacturers or UCaaS companies simply cannot do. This kind of integration has contributed to the successful growth of this important product line at Sangoma, differentiating us from our competitors and leading to this one-million-unit milestone.“

  So, thank you to all the users of these phones, the distributors who fulfilled these phones, and the resellers who put our solutions into the end-user businesses. Let’s count the next million.

  The post Sangoma Announces Shipment of Its One Millionth Desk Phone appeared first on Sangoma Technologies.

September 25, 2022

• François Marier Using a Let's Encrypt TLS certificate with Asterisk 16.2

  In order to fix the following error after setting up SIP TLS in Asterisk 16.2:

  asterisk[8691]: ERROR[8691]: tcptls.c:966 in __ssl_setup: TLS/SSL error loading cert file. <asterisk.pem>
  

  I created a Let's Encrypt certificate using certbot:

  apt install certbot
  certbot certonly --standalone -d hostname.example.com
  

  To enable the asterisk user to load the certificate successfuly (it doesn't have permission to access the certificates under /etc/letsencrypt/), I copied it to the right directory:

  cp /etc/letsencrypt/live/hostname.example.com/privkey.pem /etc/asterisk/asterisk.key
  cp /etc/letsencrypt/live/hostname.example.com/fullchain.pem /etc/asterisk/asterisk.cert
  chown asterisk:asterisk /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  chmod go-rwx /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  

  Then I set the following variables in /etc/asterisk/sip.conf:

  tlscertfile=/etc/asterisk/asterisk.cert
  tlsprivatekey=/etc/asterisk/asterisk.key
  

  Automatic renewal

  The machine on which I run asterisk has a tricky Apache setup:

  • a webserver is running on port 80
  • port 80 is restricted to the local network

  This meant that the certbot domain ownership checks would get blocked by the firewall, and I couldn't open that port without exposing the private webserver to the Internet.

  So I ended up disabling the built-in certbot renewal mechanism:

  systemctl disable certbot.timer certbot.service
  systemctl stop certbot.timer certbot.service
  

  and then writing my own script in /etc/cron.daily/certbot-francois:

  #!/bin/bash
  TEMPFILE=`mktemp`
  
  # Stop Apache and backup firewall.
  /bin/systemctl stop apache2.service
  /usr/sbin/iptables-save > $TEMPFILE
  
  # Open up port 80 to the whole world.
  /usr/sbin/iptables -D INPUT -j LOGDROP
  /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  /usr/sbin/iptables -A INPUT -j LOGDROP
  
  # Renew all certs.
  /usr/bin/certbot renew --quiet
  
  # Restore firewall and restart Apache.
  /usr/sbin/iptables -D INPUT -p tcp --dport 80 -j ACCEPT
  /usr/sbin/iptables-restore < $TEMPFILE
  /bin/systemctl start apache2.service
  
  # Copy certificate into asterisk.
  cp /etc/letsencrypt/live/hostname.example.com/privkey.pem /etc/asterisk/asterisk.key
  cp /etc/letsencrypt/live/hostname.example.com/fullchain.pem /etc/asterisk/asterisk.cert
  chown asterisk:asterisk /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  chmod go-rwx /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  
  # Commit changes to etckeeper and restart asterisk.
  pushd /etc/ > /dev/null
  /usr/bin/git add letsencrypt asterisk
  DIFFSTAT="$(/usr/bin/git diff --cached --stat)"
  if [ -n "$DIFFSTAT" ] ; then
      /usr/bin/git commit --quiet -m "Renewed letsencrypt certs." letsencrypt asterisk
      echo "$DIFFSTAT"
      /bin/systemctl restart asterisk.service
  fi
  popd > /dev/null
  

September 23, 2022

• François Marier Encrypted connection between SIP phones using Asterisk

  Here is the setup I put together to have two SIP phones connect together over an encrypted channel. Since the two phones do not support encryption, I used Asterisk to provide the encrypted channel over the Internet.

  Installing Asterisk

  First of all, each VoIP phone is in a different physical location and so I installed an Asterisk server in each house.

  One of the server is a Debian stretch machine and the other runs Ubuntu bionic 18.04. Regardless, I used a fairly standard configuration and simply installed the asterisk package on both machines:

  apt install asterisk
  

  SIP phones

  The two phones, both Snom 300, connect to their local asterisk server on its local IP address and use the same details as I have put in /etc/asterisk/sip.conf:

  [1000]
  type=friend
  qualify=yes
  secret=password1
  encryption=no
  context=internal
  host=dynamic
  nat=no
  canreinvite=yes
  mailbox=1000@internal
  vmexten=707
  dtmfmode=rfc2833
  call-limit=2
  disallow=all
  allow=g722
  allow=ulaw
  

  Dialplan and voicemail

  The extension number above (1000) maps to the following configuration blurb in /etc/asterisk/extensions.conf:

  [home]
  exten => 1000,1,Dial(SIP/1000,20)
  exten => 1000,n,Goto(in1000-${DIALSTATUS},1)
  exten => 1000,n,Hangup
  exten => in1000-BUSY,1,VoiceMail(1000@mailboxes,su)
  exten => in1000-BUSY,n,Hangup
  exten => in1000-CONGESTION,1,VoiceMail(1000@mailboxes,su)
  exten => in1000-CONGESTION,n,Hangup
  exten => in1000-CHANUNAVAIL,1,VoiceMail(1000@mailboxes,su)
  exten => in1000-CHANUNAVAIL,n,Hangup
  exten => in1000-NOANSWER,1,VoiceMail(1000@mailboxes,su)
  exten => in1000-NOANSWER,n,Hangup
  exten => _in1000-.,1,Hangup(16)
  

  the internal context maps to the following blurb in /etc/asterisk/extensions.conf:

  [internal]
  include => home
  include => iax2users
  exten => 707,1,VoiceMailMain(1000@mailboxes)
  

  and 1000@mailboxes maps to the following entry in /etc/asterisk/voicemail.conf:

  [mailboxes]
  1000 => 1234,home,person@email.com
  

  (with 1234 being the voicemail PIN).

  Encrypted IAX links

  In order to create a virtual link between the two servers using the IAX protocol, I created user credentials on each server in /etc/asterisk/iax.conf:

  [iaxuser]
  type=user
  auth=md5
  secret=password2
  context=iax2users
  allow=g722
  allow=speex
  encryption=aes128
  trunk=no
  

  then I created an entry for the other server in the same file:

  [server2]
  type=peer
  host=server2.dyn.fmarier.org
  auth=md5
  secret=password2
  username=iaxuser
  allow=g722
  allow=speex
  encryption=yes
  forceencrypt=yes
  trunk=no
  qualify=yes
  

  The second machine contains the same configuration with the exception of the server name (server1 instead of server2) and hostname (server1.dyn.fmarier.org instead of server2.dyn.fmarier.org).

  Speed dial for the other phone

  Finally, to allow each phone to ring one another by dialing 2000, I put the following in /etc/asterisk/extensions.conf:

  [iax2users]
  include => home
  exten => 2000,1,Set(CALLERID(all)=Francois Marier <2000>)
  exten => 2000,2,Dial(IAX2/server1/1000)
  

  and of course a similar blurb on the other machine:

  [iax2users]
  include => home
  exten => 2000,1,Set(CALLERID(all)=Other Person <2000>)
  exten => 2000,2,Dial(IAX2/server2/1000)
  

  Firewall rules

  Since we are using the IAX protocol instead of SIP, there is only one port to open in /etc/network/iptables.up.rules for the remote server:

  # IAX2 protocol
  -A INPUT -s x.x.x.x/y -p udp --dport 4569 -j ACCEPT
  

  where x.x.x.x/y is the IP range allocated to the ISP that the other machine is behind.

  If you want to restrict traffic on the local network as well, then these ports need to be open for the SIP phone to be able to connect to its local server:

  # VoIP phones (internal)
  -A INPUT -s 192.168.1.3/32 -p udp --dport 5060 -j ACCEPT
  -A INPUT -s 192.168.1.3/32 -p udp --dport 10000:20000 -j ACCEPT
  

  where 192.168.1.3 is the static IP address allocated to the SIP phone.