Forum Replies Created
-
AuthorPosts
-
in reply to: Support hours #6630
Support hours available to you depend on the edition of HAAst you are using, whether you have an active maintenance agreement, and whether you have a 24/7 support contract:
- All users: Telium offers self-serve forums for users of non-commercial and commercial editions of its products. These forums are monitored by Telium support and questions are answered on a best effort basis.
- Maintenance Agreements: Telium offers e-mail support during business hours for users with an active maintenance agreement. Telium business hours are 9am-5pm Eastern time, Monday to Friday (except holidays). Typical response times are under an hour, and typical problem resolution is less than 30 minutes. Telium may also respond up to 11pm Eastern time on weekdays, and anytime on weekends – depending on whether an on-call support rep was already activated for a 24/7 Support Contract (and answers outstanding questions before wrapping up).
- 24/7 Support Contract: Telium offers 24/7 support for users who have a 24/7 support agreement in place. Support is offered by phone / skype / teamviewer / email / chat / etc, and includes rapid callback from the account manager / support lead / on-call technician (depending on time of day). Typical response times are under 20 minutes, and typical problem resolution is less than 30 minutes. Note that remote desktop connections are only for simple viewing/assistance, not complex work or complete installations.
So if it’s 2am Pacific time and you don’t have a 24/7 support contract in place then your only course for immediate support is the online forums.
Please note: If you are doing an installation and would like to book assistance from Telium professional services outside of normal business hours, we would be happy to work with you anytime from 8am to 2am Eastern time to perform your installation.
in reply to: License file rejected due to hardware change on AWS #6677On Dec 15 2016 Amazon made a change in how they present their hardware to licensing applications. Our license library vendor is aware of the change and has already provided us with an update.
If you encounter this problem on AWS please contact support for an updated product and license.
(Your product must be covered by a maintenance agreement for any product updates / new licenses. If you do not have a maintenance agreement in place please contact AWS support and ask them to return your image to the previous platform/version).
in reply to: Saving license file from Windows to Linux #6676The license file contains a ‘signature’ to verify the license has not been changed. You are inadvertently changing the license file; there are subtle differences between Linux text files and Windows text files. (In particular, Windows uses CRLF while Linux uses CR only.) You don’t need to know the details, but even opening the file in Notepad and then saving it again is changing the file!
This time go to your mail client and save the attachment directly from the message (without opening in Notepad) to the PBX. Your license should then work fine.
in reply to: firewalld support #6646Yes. Many people don’t realize ‘firewalld’ is not really a firewall, so much as it is a group of functions which apply iptables rules to the local system. (It offers nothing beyond iptables rules). You can tell SecAst to continue to work with iptables directly, or, you can tell SecAst to treat firewalld as an external firewall and use the firewalld event handler provided by Telium.
However, we generally recommend that you block traffic at a real firewall, and not at the PBX. Support for local iptables is offered primarily for SOHO users or people experimenting with Asterisk. By the time a PBX is ready for production you should let SecAst block IP’s at the firewall.
We include sample event handlers, for example the Mikrotik firewall interface. If you use this event handler as a sample you should be able to interface with almost any firewall. If you need help getting your own firewall event handler working just contact support. Once your firewall event handler is complete please consider donating it to the collection of scripts included with SecAst.
in reply to: Can’t start Asterisk exit code 158 #6675Exit code 158 means that HAAst is unable to find the service/executable file needed to control Asterisk. Since you installed Asterisk from source, I assume you are not using any configuration generator (eg: Elastix) as well. If that’s the case then the ‘distribution’ setting in the [asterisk] stanza of the haast.conf file should be set to 2 (Digium Asterisk). Confirm that setting – then proceed to the steps below if the error remains.
Next ensure that you installed an Asterisk service file appropriate for your Linux distribution. Most recent Linux distributions have switched to systemd, which requires you use an asterisk.service file. If you are using an older Linux distribution then you require a SysV / initd style service file.
While Asterisk includes a sample SysV style service file for Asterisk, it might not include a systemd style service file just yet (as of Dec 2016). You can find one by searching the Digium support forums, but here’s an example you can use:
[Unit]
Description=Asterisk PBX and telephony daemon
Documentation=man:asterisk(8)
Wants=network.target
After=network.target
[Service]
Type=simple
User=asterisk
Group=asterisk
ExecStart=/usr/bin/asterisk -f -C /etc/asterisk/asterisk.conf
ExecStop=/usr/bin/asterisk -rx ‘core stop now’
ExecReload=/usr/bin/asterisk -rx ‘core reload’
[Install]
WantedBy=multi-user.target
Save the above as ‘asterisk.service’ and place it in /etc/systemd/system/ and set file permissions to 755. Don’t add restart directives (like you might find on the internet) since HAAst should be responsible for restarting Asterisk when necessary. You will also have to tell Linux about the new service file with the ‘systemctl daemon-reload’ command (or similar depending on your Linux distro).
If you want to use the SysV / initd style service file that’s ok too, but you’ll need to tell HAAst which style of service file you are using. To do so contact Telium support and we will provide you with details specific to your Linux distribution. (But in general if your Linux distro uses systemd, stick with systemd service files).
in reply to: SecAst not detecting attacks on FreePBX system #6674You have discovered a problem in FreePBX! When creating the SecAst AMI user account and selecting ‘all’ for permissions in the FreePBX GUI, FreePBX does not actually add the ‘all’ permission. Instead FreePBX adds individual permissions and omits the ‘security’ permission.
Until this is fixed in FreePBX please do NOT create your AMI user account through the FreePBX GUI. Instead modify the manager_custom.conf file to manually insert the credentials. For example, your manager_custom.conf might look like this:
[teliumuser]
secret = teliumpassword!
deny=0.0.0.0/0.0.0.0
permit=172.31.0.0/255.255.0.0
permit=127.0.0.1/255.255.255.0
read = all
write = all
Where the username (in [] brackets) and the password (secret) match the values you set in the secast.conf file. If you need further assistance with this workaround please contact support.
The problem is that you have a space character after the backslash on line 5 (based on analyzing the config file sent). If you add any character after a backslash it means ‘escape’ as opposed to ‘continuation’. So SecAst stops reading your excludes at line 5.
The solution is to ensure you have no characters following the backslash character.
in reply to: CentOS 5 support #6631CentOS 5 was released in April 2007, so approximately 10 years ago (as of the time of this posting). Unfortunately several libraries/options our product depends upon are not supported on an OS that old. CentOS 5 is also no longer supported by the release organization after Q1 2014.
So you’ll have to upgrade your Linux. But CentOS 7 is worth the effort to upgrade!
in reply to: Backup PBX in cloud/AWS #6672Yes. No problem!
Many call centers are keeping their primary PBX’s on site (for performance and other reasons), and using the cloud for their backup PBX’s. HAAst will run on Amazon Web Services (AWS) + Amazon Elastic Cloud 2 (EC2), Microsoft Azure, and more, to create your primary PBX, backup PBX, or both. You can even place the HAAst operational database in Amazon Relational Data Services (RDS) or equivalent with both peers writing performance and operating data to the shared database. (The HAAst web GUI allows you to view combined and individual PBX reports in many areas). We do not recommend placing Asterisk configuration databases in RDS or equivalent – but this should not be a problem as they are fairly static and small.
Unlike other open source and closed source commercial HA products, HAAst does not use any LAN based protocols (NFS/DRBD/hearbeat/etc). HAAst is designed around only WAN based protocols, primarily it’s own PeerLink protocol. HAAst can accommodate large swings in network latency as would be seen in links between in-house servers and the cloud. HAAst (Commercial Unlimited edition) even learns these variations and adapts to the changes, so you never have a false positive fail-over of the cluster. This approach allows customers to even place their PBX instances in different Amazon Recovery Zone’s, and in different Regions.
With AWS, or any cloud provider, you will want to use their static network hardware option; Amazon calls it Elastic Network Interfaces (ENI). As of August 2016 Azure (ARM and ASM) support static network hardware (MAC address).
in reply to: Need higher GeoIP accuracy #6671Yes – we are able to offer a significantly more accurate GeoIP database; but this is not standard within SecAst. As of March 2016 this option costs $1000 USD, and we would provide you with a much larger GeoIP database and a code which causes SecAst to use this new database instead. This database is certified down to a higher level of accuracy within the city level.
Please contact Telium support if you would like to purchase this option. This option is not listed for sale on our website as this is not commonly purchased. We are also available to help you design alternative security measures using SecAst in case this is not the right approach for you.
in reply to: Call continuity / survival on failover #6670Telium’s call continuity feature (available in HAAst OEM edition) maintains all SIP/RTP traffic data in the event of a failover. When HAAst transitions from one cluster node to another, HAAst reconstructs the calls in/out of Asterisk exposing identical IP/port numbers to the outside world. The allows calls to resume without any user agents realizing a cluster failover has taken place. HAAst can also initiate events with Asterisk to resume call recordings, log data, etc. ensuring business requirements can be satisfied as well.
If you cannot use Telium’s call continuity capability you can still create a simplistic workaround. First of all it’s important to understand the limitations of the SIP protocol (regardless of HA product), and then design around those limitations. The SIP protocol does not allow for the midpoints (e.g. PBX) or endpoints (e.g. phone) to be seized without the midpoints/endpoints participating in SIP negotiation. This means that failure of a midpoint or endpoint results in failure of the call(s) since SIP communications cease. A future version of SIP may support seizing channels, but the IETF has not indicated any such upcoming functionality.
We know of at least one product on the market that claims a proprietary / ‘patented’ way to keep SIP calls up, but all they do is introduce a SIP proxy in front of the PBX which tries to re-establish the missing leg of a dropped call. These products don’t have much commercial success because they introduce a new single point of failure in front of the cluster (so if the proxy dies the entire cluster dies). In the case of power outage or network outage these proxy solutions do nothing and all calls drop. Telium has worked with vendors to design solutions for emergency call centers, hospitals, large commercial call centers, etc. and they all frown on placing a single point of failure in front of the cluster. An on-PBX solution (as offered by Telium) is the preferred solution.
Even large proprietary PBX vendors don’t support salvaging SIP calls in case of a complete PBX failure. They may offer “HA” options which transition calls in progress within or between PBX’s so long as the core of the PBX is still functional (so for example the PBX could withstand a media processor failure). However, they cannot salvage SIP calls in the event of a complete and immediate disconnect of the PBX (e.g. power failure, data center network failure, etc).
If you really want to try to salvage calls in progress (sometimes called ‘call continuity’ or ‘call survival’) with a do-it-yourself solution the best way to do so is at the ITSP/trunk provider. You can request that your carrier redirect any calls in progress which terminate without a SIP BYE command be redirected to a backup number/trunk. If your ITSP/Carrier will not do so, you can create your own SIP proxy but it should be collocated at your ITSP/carrier’s POP. Placing such a proxy on your premises is worthless (your cluster will appear to perform well in simplistic tests, but fail in real world outage scenarios), and is no different than the solutions mentioned above. You can try to use direct media with user agents (phones) that don’t drop a call if the SIP connection is unresponsive (eg; to registration) but this depends heavily on details of your implementation.
We would like to emphasize that Telium discourages adding a black box device or proxy in front of a cluster. However, if you still want to go down the DIY path you can create an open source version of the above (not recommended) product as described here: https://telium.io/topic/patented-call-survival-add-on/ or you could design a solution which attempts to keep RTP up without SIP (we have a few posts on that topic).
in reply to: Problem starting Asterisk on SystemD+Initd system #6669UPDATE: Based on feedback this change helped some users, but hurt others. So we’ve created a SUPPORTCODE which you can add to your haast.conf file which will force HAAst to use initd, even if your Linux distribution uses systemd.
Just send an email to support requesting the code, and then HAAst will operate as it did before. Note that you must be running HAAst version 2.3.2.2 or later for the SUPPORTCODE to work.
in reply to: Do you support Debian Linux? #6668As of Dec 11th 2016 we now officially support Debian 8 LTS. Look for the Debian option on the download page.
Please note that we will create custom builds of our products for any major distribution / architecture for users of the commercial editions. Custom builds are created at no charge (for major platforms) and for-fee (for rare/unusual platforms).
Yes! HAAst would start without any problem.
A lot of people don’t realize that all other PBX HA solutions in the marketplace are based on DRBD, an open source product which creates a mirrored logical disk between peers. As a result, any corruption to files on one system are immediately mirrored to the other system! This is why critical call centers like 911/PSAP’s, hospitals, etc. will not allow DRBD based PBX solutions – each peer must be fully independent of the other.
HAAst is the only product which does not mirror the hard disk. HAAst synchronizes individual files/directories/databases that you specify, and, it only synchronizes if the peer is healthy! So a failing peer will never corrupt files on the other peer.
You’ll find that many configuration generators now offer an ‘HA’ module, and they are all based on DRBD. Some organizations like Elastix are very honest about this – and show you how to install the open source product for free. Some organizations are less forthcoming, and actually charge you $3000 for a free open source product (DRBD).
Vendors of other PBX HA solutions are not telling you the whole picture. Many HAAst clients start with HA modules built into configuration generators, and switch to HAAst after their ‘cluster’ couldn’t withstand any failure other than the most simplistic scenario of unplugging one box.
There are lots of other differences too. DRBD solutions don’t allow for configuration differences between peers. HAAst allows peers to have different trunks, users, dialplans, etc. (yet still share a common base that is synchronized), all things you can’t do if you simply mirror a disk.
Telium is a big supporter of free and open source software, and DRBD is a wonderful product. But adding DRBD to a PBX and calling it ‘HA’ is naive; just like adding RAID to a PBX and declaring it ‘HA’ is naive.
in reply to: How hard is it to install? #6666If you’ve never used Linux before, then installing any third party product onto Linux can be a challenge. Creating a Linux system from a CD/ISO is easy: click next>next>finish. So unfortunately that might artificially raise your confidence. Linux is not the most friendly system (compared to Windows).
Although our products target large commercial installations, we realize that a some of these organizations experiment with Asterisk using one of the free configuration generators (like Issabel(TM), FreePBX(TM), Elastix(TM), PIAF(TM), etc). For the convenience of these users we can create a virtual machine with Linux & FreePBX & Asterisk & HAAst & SecAst preinstalled. This should help Windows admins get up and running quickly.
If you want to install our products on an existing Linux PBX, then we’re here to help. We include support with all product sales – but I suspect you will exhaust the included support incidents quickly. I would recommend you purchase support assistance along with your software purchase. For a straight forward setup Telium can perform the entire installation and configuration with/for you in 4 hours, assuming this is a very simple cluster design. (But not setup your users/devices/dialplan etc in Asterisk).
We have also helped customers create prebuilt software images to their specifications. (This is useful if you plan to deploy PBX’s to numerous sites.) We can create bare metal images in Ghost, dd, and G4L formats to suit your needs, which you can use to deploy new systems at your convenience.
-
AuthorPosts