Telium Support Group

Telium wrote HAAst from top to bottom in C++, and we agree with your Linux admins that the open source packages are not well suited to application level HA. The open source packages are great if you want to create a HA print server, file server, etc. However, they have no understanding of, or visibility into, the PBX, the environment, trunks, etc. The open source packages work at the OS level, not the application level and as such don’t create an HA PBX which can survive real world failures. For example, a route becoming unavailable at the ITSP, the PBX running out of file handles, a data center router going down, etc. would all trigger a failover with HAAst, but open source packages would likely leave you with a non-functional PBX.

Aside from HAAst, every other HA solution for PBX’s is based on essentially the same open source packages. HAAst does not use open source packages for any detection, heartbeat, failover control, etc. But, you are welcome to use open sources packages with HAAst if you like. (There are some things open source does well and we don’t want to reinvent the wheel). Although the HAAst product tabs do a good job explaining the differences between HAAst and the open source / commercial products but here are a few highlights:

Heartbeat & Health: The open source heartbeat/health package does not take into account the health of Asterisk, status of trunk & route availability, available file handles, available memory, etc. latency between devices, calls successfully bridging, etc. Open source packages do dead/alive detection of the box/process (and are not Asterisk operations aware). HAAst has its own proprietary heartbeat and health detection, written exclusively to monitor and detect Asterisk PBX’s and their environments. By default HAAst detects 18 different factors which degrade node health (including talking directly to Asterisk through the AMI to assess health), and can also use an unlimited number of customizable sensors.

Synchronization: Open source packages like DRBD (or other shared disk solutions like NFS/Samba/iSCSI/Corosync/Rsync/etc.) put your data at risk since file corruption by one failing peer immediately corrupts files of the other peer. With those open source solutions a failing process on one peer may destroy your entire cluster. As well, network loss during data sharing may leave your files corrupt and SQL databases in invalid states (the database might not start with corrupt tables, and Asterisk might not start with corrupt config files). HAAst synchronizes data between peers, but only if the peers are healthy. HAAst synchronizes databases (MySQL/PostgreSQL/SQLite) at the SQL transaction level, so you are never left with corrupt tables (and a PBX that won’t start). And to top it off, HAAst can maintain snapshots of healthy critical files, stepping backwards through previous snapshots to find a system state that allows the PBX to start after failure.

Security: HAAst has an encrypted link between peers so there is no risk of Man In The Middle attack, and no risk of hackers gaining control of the PBX. Open source products have well published and unencrypted protocols that are easy to tap into, and a novice/script kiddie can bring down the cluster using this information.

Other: There are lots of other functional differences as well – have a look at the features tab of the HAAst web pages for an overview of what HAAst does, and then look at the comparison tab to see what generic tools can’t do.

Performance: The bottom line is: how do these HA solutions perform in real life. There’s a reason that emergency service gateways, hospitals, airline call centers, etc. choose HAAst. From complete detection, to avoiding false positive failovers, to speed of failover, to moving resources, etc. nothing comes close to HAAst.

All of the open source packages are wonderful products in their own right, each with a specific purpose. If you spend enough time adding your own code on top of these then you can start to add application level HA functionality – but its up to you to code it. After 10 years of continuous development we have created a very sophisticated product which can detect and recover gracefully from an enormous number of failure scenarios, building our own heartbeat/synchronization/health detection/etc tailored to telephony environments.

So unlike some other HA ‘solutions’, HAAst is not a collection of open source packages relabeled as an application level HA product. Check out the HAAst web page tabs to see why HAAst is the only solution for hospitals, police/fire/911 call centers, mission critical call centers,etc. So your Linux admins are right – open source packages are NOT suitable for application level HA (as would be the case with a PBX), and that’s why HAAst is the choice of large call centers/fire departments/emergency service gateways/etc.

Look in the /docs folder of the package you downloaded. In there you will find a PDF document called Detailed_Installation_Guide.pdf which will take you through all of the steps involved in installation (getting the program installed), and key steps of configuration (making the program work the way you want).

Although this topic is a year old, it continues to get a lot of traffic. So, I would like to reiterate a key point mentioned above (in case you missed it):

You should not block IP’s at the PBX. (Unless this is test/home system). Commercial environments should block attackers at the firewall. SecAst has the ability to add IP’s to ACL’s/lists on your router / firewall. You really should use this feature!

HAAst includes approximately 18 “internal sensors” which are used to determine if the PBX and it’s environment are within normal parameters, and allow the PBX to properly offer telephony services. These sensors are used to assess whether or not the node can keep operating or must demote and let the peer take over. This is a binary decision (yes/no) determined by HAAst. This assessment and determination are made behind the scenes, and have nothing to do with the sensors graph in the GUI.

Aside from the internal sensors, HAAst also has the ability to monitor optional “external sensors”. These sensor are defined by you (the administrator) and can sense just about anything. For example, clients have used external sensors to measure:

1. Performance of a network path: Counting pings lost from source IP to destination IP. This can be used to measure route quality, or even something as simple as sense an unplugged network cable.
2. Calls in progress: Some large call centers never have less than X calls per second coming in from their carrier. If this drops to 0 it might mean an upstream carrier issue, 800 number failure, etc.
3. Data center environmental temperature: If the data center room temperature exceeds X degrees HAAst can initiate a fail over.
4. Custom: Anything from a contact closure (big red fail over button), to a local CRM systems being down, to power supply voltages out of range, etc.

Each of the above sensors turns an input value (number/string/etc) into a numeric value, which adds to the health score. That health score is what you see on the GUI’s sensors graph as show below. If the score reaches a danger threshold set by you (the administrator), HAAst can automatically run scripts or take some other action. And if that score reaches the fail over threshold, then HAAst will transfer control to the peer.

You can define as many or as few sensors as your like, and weight their scores as you like, to create a health scoring system meaningful to your environment. Similarly, you can set the critical and fail over thresholds to suit your needs.

Telium would be pleased to assist you in designing and setting up sensors. As well, we would be happy to create custom sensors to gather input from any device/service you wish (as a professional services project). We have interfaced with serial devices, thermostats, 1-wire networks, Bluetooth devices, and more.

Please remember that external sensors are completely optional and need to be tailored to your unique environment. Many clients run without any additional (external) sensors.

• This reply was modified 5 years, 7 months ago by WebMaster.

HAAst uses “activation”, exactly as Microsoft Windows does. If you change your network card in Windows then Windows will operate in non-activated mode. You have to reactivate your Windows installation with Microsoft by phone or online in order to reactivate your license. Like Windows, HAAst detects the change and switches back to the Free Edition. Once you reactivate it returns to the commercial edition.

We face the same problem as Microsoft or any other software vendor: piracy. So unfortunately activation is necessary. But, we are looking at an online licensing system so that you can move your license around (so long as your PBX has an internet connection). Many emergency call centers will not allow a dependence on the internet to permit their systems to operate, so for them we will always offer an activation license file.

Please ensure you only activate HAAst once your hardware platform is finalized (this includes virtualized hardware). Most customers won’t need to reactivate an installation unless something fails (which might happen every few years, and we’re happy to reactive for you). If you need to reactivate every few months then you are doing something wrong!

The unlimited edition of HAAst does not impose any limit on number of simultaneous calls. From a practical standpoint HAAst is limited only by the capacity of your hardware, and the design of Asterisk.

We have HAast “PBX” deployments with over 14500 phone sets, 3500+ simultaneous calls, 800 call setups per minute, etc. HAAst operates perfectly in those environments. We also have HAast “gateway” deployments (i.e. HAast is bridging calls and offering services, but is part of a larger telephony service) with tens of thousands of simultaneous calls.

Properly sizing your host to support a desired call volume is outside the scope/role of HAast. But you need to consider many factors like transcoding (CPU heavy), recording (I/O heavy), bridging/conferencing, etc. As well, placing Asterisk inside a container or virtual machine imposes other limits on CPU and IO availability. If Telium is provide a turnkey HA solution we assume responsibility for scaling the solution to meet your needs; however, in general Telium does not providing hardware scaling assistance.

For companies requiring HA for call volumes beyond what a single host/VM/container can support, we recommend running multiple clusters to achieve HA. To keep the clusters in sync we recommend adding our PBXsync product.

If you are at the point of sizing hardware for purchase, we recommend adding 5% to CPU capacity, and 500MB to memory capacity for HAast, above what is demanded by Asterisk. (Which in the overall scale of these systems is negligible).

As an additional note, you may wish to have a look at our LoDi product. It can act as an outbound proxy / LCR / and more. LoDi includes an HA option so it might be an easy way to achieve what you are looking for.

That message means that the source IP is known to be used by hackers and that the connection attempts are most likely hack attempts. However, the user is using valid credentials!

So if this blocking is correct then change the account name and secret for the account in question.

If you don’t want SecAst to block this IP address you can raise the threshold for hacker detection.