Planet SIP

September 30, 2022

François Marier Upgrading from chan_sip to res_pjsip in Asterisk 18

After upgrading to Ubuntu Jammy and Asterisk 18.10, I saw the following messages in my logs:

WARNING[360166]: loader.c:2487 in load_modules: Module 'chan_sip' has been loaded but was deprecated in Asterisk version 17 and will be removed in Asterisk version 21.
WARNING[360174]: chan_sip.c:35468 in deprecation_notice: chan_sip has no official maintainer and is deprecated.  Migration to
WARNING[360174]: chan_sip.c:35469 in deprecation_notice: chan_pjsip is recommended.  See guides at the Asterisk Wiki:
WARNING[360174]: chan_sip.c:35470 in deprecation_notice: https://wiki.asterisk.org/wiki/display/AST/Migrating+from+chan_sip+to+res_pjsip
WARNING[360174]: chan_sip.c:35471 in deprecation_notice: https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip

and so I decided it was time to stop postponing the overdue migration of my working setup from chan_sip to res_pjsip.

It turns out that it was not as painful as I expected, though the conversion script bundled with Asterisk didn't work for me out of the box.

Debugging

Before you start, one very important thing to note is that the SIP debug information you used to see when running this in the asterisk console (asterisk -r):

sip set debug on

now lives behind this command:

pjsip set logger on

SIP phones

The first thing I migrated was the config for my two SIP phones (Snom 300 and Snom D715).

The original config for them in sip.conf was:

[2000]
; Snom 300
type=friend
qualify=yes
secret=password123
encryption=no
context=full
host=dynamic
nat=no
directmedia=no
mailbox=10@internal
vmexten=707
dtmfmode=rfc2833
call-limit=2
disallow=all
allow=g722
allow=ulaw

[2001]
; Snom D715
type=friend
qualify=yes
secret=password456
encryption=no
context=full
host=dynamic
nat=no
directmedia=yes
mailbox=10@internal
vmexten=707
dtmfmode=rfc2833
call-limit=2
disallow=all
allow=g722
allow=ulaw

and that became the following in pjsip.conf:

[2000]
type = aor
max_contacts = 1

[2000]
type = auth
username = 2000
password = password123

[2000]
type = endpoint
context = full
dtmf_mode = rfc4733
disallow = all
allow = g722
allow = ulaw
direct_media = no
mailboxes = 10@internal
auth = 2000
outbound_auth = 2000
aors = 2000

[2001]
type = aor
max_contacts = 1

[2001]
type = auth
username = 2001
password = password456

[2001]
type = endpoint
context = full
dtmf_mode = rfc4733
disallow = all
allow = g722
allow = ulaw
direct_media = yes
mailboxes = 10@internal
auth = 2001
outbound_auth = 2001
aors = 2001

The different direct_media line between the two phones has to do with how they each connect to my Asterisk server and whether or not they have access to the Internet.

Internal calls

For some reason, my internal calls (from one SIP phone to the other) didn't work when using "aliases". I fixed it by changing this blurb in extensions.conf from:

[speeddial]
exten => 1000,1,Dial(SIP/2000,20)
exten => 1001,1,Dial(SIP/2001,20)

to:

[speeddial]
exten => 1000,1,Dial(${PJSIP_DIAL_CONTACTS(2000)},20)
exten => 1001,1,Dial(${PJSIP_DIAL_CONTACTS(2001)},20)

I have not yet dug into what this changes or why it's necessary and so feel free to leave a comment if you know more here.

PSTN trunk

Once I had the internal phones working, I moved to making and receiving phone calls over the PSTN, for which I use VoIP.ms with encryption.

I had to change the following in my sip.conf:

[general]
register => tls://555123_myasterisk:password789@vancouver2.voip.ms
externhost=myasterisk.dyn.example.com
localnet=192.168.0.0/255.255.0.0
tcpenable=yes
tlsenable=yes
tlscertfile=/etc/asterisk/asterisk.cert
tlsprivatekey=/etc/asterisk/asterisk.key
tlscapath=/etc/ssl/certs/

[voipms]
type=peer
host=vancouver2.voip.ms
secret=password789
defaultuser=555123_myasterisk
context=from-voipms
disallow=all
allow=ulaw
allow=g729
insecure=port,invite
canreinvite=no
trustrpid=yes
sendrpid=yes
transport=tls
encryption=yes

to the following in pjsip.conf:

[transport-tls]
type = transport
protocol = tls
bind = 0.0.0.0
external_media_address = myasterisk.dyn.example.com
external_signaling_address = myasterisk.dyn.example.com
local_net = 192.168.0.0/255.255.0.0
cert_file = /etc/asterisk/asterisk.cert
priv_key_file = /etc/asterisk/asterisk.key
ca_list_path = /etc/ssl/certs/
method = tlsv1_2

[voipms]
type = registration
transport = transport-tls
outbound_auth = voipms
client_uri = sip:555123_myasterisk@vancouver2.voip.ms
server_uri = sip:vancouver2.voip.ms

[voipms]
type = auth
password = password789
username = 555123_myasterisk

[voipms]
type = aor
contact = sip:555123_myasterisk@vancouver2.voip.ms

[voipms]
type = identify
endpoint = voipms
match = vancouver2.voip.ms

[voipms]
type = endpoint
context = from-voipms
disallow = all
allow = ulaw
allow = g729
from_user = 555123_myasterisk
trust_id_inbound = yes
media_encryption = sdes
auth = voipms
outbound_auth = voipms
aors = voipms
rtp_symmetric = yes
rewrite_contact = yes
send_rpid = yes
timers = no

The TLS method line is needed since the default in Debian OpenSSL is too strict. The timers line is to prevent outbound calls from getting dropped after 15 minutes.

Finally, I changed the Dial() lines in these extensions.conf blurbs from:

[from-voipms]
exten => 5551231000,1,Goto(2000,1)
exten => 2000,1,Dial(SIP/2000&SIP/2001,20)
exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
exten => 2000,n,Hangup
exten => in2000-BUSY,1,VoiceMail(10@internal,su)
exten => in2000-BUSY,n,Hangup
exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
exten => in2000-CONGESTION,n,Hangup
exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
exten => in2000-CHANUNAVAIL,n,Hangup
exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
exten => in2000-NOANSWER,n,Hangup
exten => _in2000-.,1,Hangup(16)

[pstn-voipms]
exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _1NXXNXXXXXX,n,Dial(SIP/voipms/${EXTEN})
exten => _1NXXNXXXXXX,n,Hangup()
exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _NXXNXXXXXX,n,Dial(SIP/voipms/1${EXTEN})
exten => _NXXNXXXXXX,n,Hangup()
exten => _011X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _011X.,n,Authenticate(1234)
exten => _011X.,n,Dial(SIP/voipms/${EXTEN})
exten => _011X.,n,Hangup()
exten => _00X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _00X.,n,Authenticate(1234)
exten => _00X.,n,Dial(SIP/voipms/${EXTEN})
exten => _00X.,n,Hangup()

to:

[from-voipms]
exten => 5551231000,1,Goto(2000,1)
exten => 2000,1,Dial(PJSIP/2000&PJSIP/2001,20)
exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
exten => 2000,n,Hangup
exten => in2000-BUSY,1,VoiceMail(10@internal,su)
exten => in2000-BUSY,n,Hangup
exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
exten => in2000-CONGESTION,n,Hangup
exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
exten => in2000-CHANUNAVAIL,n,Hangup
exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
exten => in2000-NOANSWER,n,Hangup
exten => _in2000-.,1,Hangup(16)

[pstn-voipms]
exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _1NXXNXXXXXX,n,Dial(PJSIP/${EXTEN}@voipms)
exten => _1NXXNXXXXXX,n,Hangup()
exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _NXXNXXXXXX,n,Dial(PJSIP/1${EXTEN}@voipms)
exten => _NXXNXXXXXX,n,Hangup()
exten => _011X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _011X.,n,Authenticate(1234)
exten => _011X.,n,Dial(PJSIP/${EXTEN}@voipms)
exten => _011X.,n,Hangup()
exten => _00X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _00X.,n,Authenticate(1234)
exten => _00X.,n,Dial(PJSIP/${EXTEN}@voipms)
exten => _00X.,n,Hangup()

Note that it's not just replacing SIP/ with PJSIP/, but it was also necessary to use a format supported by pjsip for the channel since SIP/trunkname/extension isn't supported by pjsip.

François Marier Setting up a JMP SIP account on Asterisk

JMP offers VoIP calling via XMPP, but it's also possibly to use the VoIP using SIP.

The underlying VoIP calling functionality in JMP is provided by Bandwidth, but their old Asterisk instructions didn't quite work for me. Here's how I set it up in my Asterisk server.

Get your SIP credentials

After signing up for JMP and setting it up in your favourite XMPP client, send the following message to the cheogram.com gateway contact:

reset sip account

In response, you will receive a message containing:

a numerical username
a password (e.g. three lowercase words separated by spaces)

Add SIP account to your Asterisk config

First of all, I added the following to my /etc/asterisk/pjsip.conf:

[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0
external_media_address = myasterisk.dyn.example.com
external_signaling_address = myasterisk.dyn.example.com
local_net = 192.168.0.0/255.255.0.0

[jmp]
type = registration
contact_user = 5554561000
transport = transport-udp
outbound_auth = jmp
client_uri = sip:5554561000@jmp.cbcbc7.auth.bandwidth.com:5008
server_uri = sip:jmp.cbcbc7.auth.bandwidth.com:5008

[jmp]
type = auth
password = three secret words
username = 5554561000

[jmp]
type = aor
contact = sip:5554561000@jmp.cbcbc7.auth.bandwidth.com:5008

[jmp]
type = identify
endpoint = jmp
match = jmp.cbcbc7.auth.bandwidth.com

[jmp]
type = endpoint
context = from-jmp
dtmf_mode = rfc4733
disallow = all
allow = ulaw
allow = g729
auth = jmp
outbound_auth = jmp
aors = jmp
rtp_symmetric = yes
rewrite_contact = yes
send_rpid = yes
timers = no

and for reference, here's the blurb for my Snom 300 SIP phone:

[2000]
type = aor
max_contacts = 1

[2000]
type = auth
username = 2000
password = password123

[2000]
type = endpoint
context = full
dtmf_mode = rfc4733
disallow = all
allow = g722
allow = ulaw
mailboxes = 10@internal
auth = 2000
outbound_auth = 2000
aors = 2000

I checked that the registration was successful by running asterisk -r and then typing:

pjsip set logger on

before reloading the configuration using:

reload

Create Asterisk extensions to send and receive calls

Once I got registration to work, I hooked this up with my other extensions so that I could send and receive calls using my JMP number.

In /etc/asterisk/extensions.conf, I added the following:

[from-jmp]
include => home
exten => s,1,Goto(2000,1)

where home is the context which includes my local SIP devices and 2000 is the extension I want to ring.

Then I added the following to enable calls to any destination within the North American Numbering Plan:

[pstn-jmp]
exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <username>)
exten => _1NXXNXXXXXX,n,Dial(PJSIP/${EXTEN}@jmp)
exten => _1NXXNXXXXXX,n,Hangup()
exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <username>)
exten => _NXXNXXXXXX,n,Dial(PJSIP/1${EXTEN}@jmp)
exten => _NXXNXXXXXX,n,Hangup()

Here username is my bwsip numerical username. When calls are placed, this gets automatically swapped in by my real JMP phone number, but Bandwidth appears to require its users to use their username in there caller ID string.

For reference, here's the rest of my dialplan in /etc/asterisk/extensions.conf:

[general]
static=yes
writeprotect=no
clearglobalvars=no

[public]
exten => _X.,1,Hangup(3)

[sipdefault]
exten => _X.,1,Hangup(3)

[default]
exten => _X.,1,Hangup(3)

[internal]
include => home

[full]
include => internal
include => pstn-jmp
exten => 707,1,VoiceMailMain(10@internal)

[home]
exten => 2000,1,Dial(PJSIP/2000,20)
exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
exten => 2000,n,Hangup
exten => in2000-BUSY,1,VoiceMail(10@internal,su)
exten => in2000-BUSY,n,Hangup
exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
exten => in2000-CONGESTION,n,Hangup
exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
exten => in2000-CHANUNAVAIL,n,Hangup
exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
exten => in2000-NOANSWER,n,Hangup
exten => _in2000-.,1,Hangup(16)

Firewall

Finally, I opened a few ports in my firewall by putting the following in /etc/network/iptables.up.rules:

# SIP and RTP on UDP (jmp.cbcbc7.auth.bandwidth.com)
-A INPUT -s 67.231.2.13/32 -p udp --dport 5008 -j ACCEPT
-A INPUT -s 216.82.238.135/32 -p udp --dport 5008 -j ACCEPT
-A INPUT -s 67.231.2.13/32 -p udp --sport 5004:5005 --dport 10001:20000 -j ACCEPT
-A INPUT -s 216.82.238.135/32 -p udp --sport 5004:5005 --dport 10001:20000 -j ACCEPT

September 25, 2022

François Marier Using a Let's Encrypt TLS certificate with Asterisk 16.2

In order to fix the following error after setting up SIP TLS in Asterisk 16.2:

asterisk[8691]: ERROR[8691]: tcptls.c:966 in __ssl_setup: TLS/SSL error loading cert file. <asterisk.pem>

I created a Let's Encrypt certificate using certbot:

apt install certbot
certbot certonly --standalone -d hostname.example.com

To enable the asterisk user to load the certificate successfuly (it doesn't have permission to access the certificates under /etc/letsencrypt/), I copied it to the right directory:

cp /etc/letsencrypt/live/hostname.example.com/privkey.pem /etc/asterisk/asterisk.key
cp /etc/letsencrypt/live/hostname.example.com/fullchain.pem /etc/asterisk/asterisk.cert
chown asterisk:asterisk /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
chmod go-rwx /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key

Then I set the following variables in /etc/asterisk/sip.conf:

tlscertfile=/etc/asterisk/asterisk.cert
tlsprivatekey=/etc/asterisk/asterisk.key

Automatic renewal

The machine on which I run asterisk has a tricky Apache setup:

a webserver is running on port 80
port 80 is restricted to the local network

This meant that the certbot domain ownership checks would get blocked by the firewall, and I couldn't open that port without exposing the private webserver to the Internet.

So I ended up disabling the built-in certbot renewal mechanism:

systemctl disable certbot.timer certbot.service
systemctl stop certbot.timer certbot.service

and then writing my own script in /etc/cron.daily/certbot-francois:

#!/bin/bash
TEMPFILE=`mktemp`

# Stop Apache and backup firewall.
/bin/systemctl stop apache2.service
/usr/sbin/iptables-save > $TEMPFILE

# Open up port 80 to the whole world.
/usr/sbin/iptables -D INPUT -j LOGDROP
/usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/usr/sbin/iptables -A INPUT -j LOGDROP

# Renew all certs.
/usr/bin/certbot renew --quiet

# Restore firewall and restart Apache.
/usr/sbin/iptables -D INPUT -p tcp --dport 80 -j ACCEPT
/usr/sbin/iptables-restore < $TEMPFILE
/bin/systemctl start apache2.service

# Copy certificate into asterisk.
cp /etc/letsencrypt/live/hostname.example.com/privkey.pem /etc/asterisk/asterisk.key
cp /etc/letsencrypt/live/hostname.example.com/fullchain.pem /etc/asterisk/asterisk.cert
chown asterisk:asterisk /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
chmod go-rwx /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key

# Commit changes to etckeeper and restart asterisk.
pushd /etc/ > /dev/null
/usr/bin/git add letsencrypt asterisk
DIFFSTAT="$(/usr/bin/git diff --cached --stat)"
if [ -n "$DIFFSTAT" ] ; then
    /usr/bin/git commit --quiet -m "Renewed letsencrypt certs." letsencrypt asterisk
    echo "$DIFFSTAT"
    /bin/systemctl restart asterisk.service
fi
popd > /dev/null

September 23, 2022

François Marier Encrypted connection between SIP phones using Asterisk
Here is the setup I put together to have two SIP phones connect together over an encrypted channel. Since the two phones do not support encryption, I used Asterisk to provide the encrypted channel over the Internet.

Installing Asterisk

First of all, each VoIP phone is in a different physical location and so I installed an Asterisk server in each house.

One of the server is a Debian stretch machine and the other runs Ubuntu bionic 18.04. Regardless, I used a fairly standard configuration and simply installed the asterisk package on both machines:
```
apt install asterisk
```
SIP phones

The two phones, both Snom 300, connect to their local asterisk server on its local IP address and use the same details as I have put in /etc/asterisk/sip.conf:
```
[1000]
type=friend
qualify=yes
secret=password1
encryption=no
context=internal
host=dynamic
nat=no
canreinvite=yes
mailbox=1000@internal
vmexten=707
dtmfmode=rfc2833
call-limit=2
disallow=all
allow=g722
allow=ulaw
```
Dialplan and voicemail

The extension number above (1000) maps to the following configuration blurb in /etc/asterisk/extensions.conf:
```
[home]
exten => 1000,1,Dial(SIP/1000,20)
exten => 1000,n,Goto(in1000-${DIALSTATUS},1)
exten => 1000,n,Hangup
exten => in1000-BUSY,1,VoiceMail(1000@mailboxes,su)
exten => in1000-BUSY,n,Hangup
exten => in1000-CONGESTION,1,VoiceMail(1000@mailboxes,su)
exten => in1000-CONGESTION,n,Hangup
exten => in1000-CHANUNAVAIL,1,VoiceMail(1000@mailboxes,su)
exten => in1000-CHANUNAVAIL,n,Hangup
exten => in1000-NOANSWER,1,VoiceMail(1000@mailboxes,su)
exten => in1000-NOANSWER,n,Hangup
exten => _in1000-.,1,Hangup(16)
```
the internal context maps to the following blurb in /etc/asterisk/extensions.conf:
```
[internal]
include => home
include => iax2users
exten => 707,1,VoiceMailMain(1000@mailboxes)
```
and 1000@mailboxes maps to the following entry in /etc/asterisk/voicemail.conf:
```
[mailboxes]
1000 => 1234,home,person@email.com
```
(with 1234 being the voicemail PIN).

Encrypted IAX links

In order to create a virtual link between the two servers using the IAX protocol, I created user credentials on each server in /etc/asterisk/iax.conf:
```
[iaxuser]
type=user
auth=md5
secret=password2
context=iax2users
allow=g722
allow=speex
encryption=aes128
trunk=no
```
then I created an entry for the other server in the same file:
```
[server2]
type=peer
host=server2.dyn.fmarier.org
auth=md5
secret=password2
username=iaxuser
allow=g722
allow=speex
encryption=yes
forceencrypt=yes
trunk=no
qualify=yes
```
The second machine contains the same configuration with the exception of the server name (server1 instead of server2) and hostname (server1.dyn.fmarier.org instead of server2.dyn.fmarier.org).

Speed dial for the other phone

Finally, to allow each phone to ring one another by dialing 2000, I put the following in /etc/asterisk/extensions.conf:
```
[iax2users]
include => home
exten => 2000,1,Set(CALLERID(all)=Francois Marier <2000>)
exten => 2000,2,Dial(IAX2/server1/1000)
```
and of course a similar blurb on the other machine:
```
[iax2users]
include => home
exten => 2000,1,Set(CALLERID(all)=Other Person <2000>)
exten => 2000,2,Dial(IAX2/server2/1000)
```
Firewall rules

Since we are using the IAX protocol instead of SIP, there is only one port to open in /etc/network/iptables.up.rules for the remote server:
```
# IAX2 protocol
-A INPUT -s x.x.x.x/y -p udp --dport 4569 -j ACCEPT
```
where x.x.x.x/y is the IP range allocated to the ISP that the other machine is behind.

If you want to restrict traffic on the local network as well, then these ports need to be open for the SIP phone to be able to connect to its local server:
```
# VoIP phones (internal)
-A INPUT -s 192.168.1.3/32 -p udp --dport 5060 -j ACCEPT
-A INPUT -s 192.168.1.3/32 -p udp --dport 10000:20000 -j ACCEPT
```
where 192.168.1.3 is the static IP address allocated to the SIP phone.
François Marier Connecting a VoIP phone directly to an Asterisk server
On my Asterisk server, I happen to have two on-board ethernet boards. Since I only used one of these, I decided to move my VoIP phone from the local network switch to being connected directly to the Asterisk server.

The main advantage is that this phone, running proprietary software of unknown quality, is no longer available on my general home network. Most importantly though, it no longer has access to the Internet, without my having to firewall it manually.

Here's how I configured everything.

Private network configuration

On the server, I started by giving the second network interface a static IP address in /etc/network/interfaces:
```
auto eth1
iface eth1 inet static
    address 192.168.2.2
    netmask 255.255.255.0
```
On the VoIP phone itself, I set the static IP address to 192.168.2.3 and the DNS server to 192.168.2.2. I then updated the SIP registrar IP address to 192.168.2.2.

The DNS server actually refers to an unbound daemon running on the Asterisk server. The only configuration change I had to make was to listen on the second interface and allow the VoIP phone in:
```
server:
    interface: 127.0.0.1
    interface: 192.168.2.2
    access-control: 0.0.0.0/0 refuse
    access-control: 127.0.0.1/32 allow
    access-control: 192.168.2.3/32 allow
```
Finally, I opened the right ports on the server's firewall in /etc/network/iptables.up.rules:
```
-A INPUT -s 192.168.2.3/32 -p udp --dport 5060 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p tcp --dport 5060 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p udp --dport 10000:20000 -j ACCEPT
```
Network time synchronization

In order for the phone to update its clock automatically using NTP, I installed chrony on the Asterisk server:
```
apt install chrony
```
then I configured it to listen on the private network interface and allow access from the VoIP phone by adding the following to /etc/chrony/conf.d/asterisk-local.conf:
```
bindaddress 192.168.2.2
allow 192.168.2.3
```
Finally, I opened the right firewall port by adding a new rule to /etc/network/iptables.up.rules:
```
-A INPUT -s 192.168.2.3 -p udp --dport 123 -j ACCEPT
```
Accessing the admin page

Now that the VoIP phone is no longer available on the local network, it's not possible to access its admin page. That's a good thing from a security point of view, but it's somewhat inconvenient.

Therefore I put the following in my ~/.ssh/config to make the admin page available on http://localhost:8081 after I connect to the Asterisk server via ssh:
```
Host asterisk
    LocalForward localhost:8081 192.168.2.3:80
```
Allowing calls between local SIP devices

Because this local device is not connected to the local network (192.168.1.0/24), it's unable to negotiate a direct media connection to any other local (i.e. one connected to the same Asterisk server) SIP device. What this means is that while calls might get connected successfully, by default, there will not be any audio in a call.

In order for the two local SIP devices to be able to hear one another, we must enforce that all media be routed via Asterisk instead of going directly from one device to the other. This can be done using the directmedia directive (formerly canreinvite) in sip.conf:
```
[1234]
directmedia=no
```
where 1234 is the extension of the phone.

September 22, 2022

ng-voice ng-voice and Casa Systems partner to deliver truly cloud-native network infrastructure solutions to service providers and enterprises | September 2022

22 September 2022 – ng-voice, leading provider of fully containerized and cloud-native solutions for the telecom market, announced today a partnership with Casa Systems, a leader in physical and cloud-native infrastructure technology solutions. The partnership will deliver fully cloud-native solutions to mobile network operators (MNOs), mobile virtual network operators (MVNOs), and enterprise customers worldwide.

ng-voice’s fully containerized, Kubernetes-based IMS core combined with Casa’s 4G/5G multi-access core solution will simplify deployment and management of public and private networks reducing time-to-market and resource requirements.

ng-voice developed the industry’s first truly cloud-native IMS – the critical component to deploy VoLTE and VoNR. Its key benefits include being infrastructure-agnostic, with highly automated deployment and operation processes, flexibility and reliability to scale (up and down), standard compliance to 3GPP, and a minimal resource footprint.

“At Casa Systems, we build disruptive, innovative solutions that deliver new levels of performance, flexibility, and scalability required for next-generation networks,’ said Gibson Ang, Vice President of Technology and Product Management, Casa Systems. “We’re excited to partner with ng-voice, a leader in IMS core technology, to expand our portfolio of end-to-end cloud-native network solutions and introduce new revenue-generating opportunities to our customers.”

Our partnership with Casa Systems

“Our partnership with Casa Systems provides a unique pre-integrated and certified alternative for service providers and enterprises seeking true cloud-native, microservices-based solutions,” said David Bachmann, CEO, ng-voice. “Our joint end-to-end fully containerized and cloud-native network solution can equal a smaller resource footprint, reduced cost, and greater value for our customers, unlocking true future-proof competitive advantages. We’re delighted to partner with a company that has the same mission to provide a disruptive solution to the market.”

To know more about ng-voice’s partnerships, please get in touch on sales@ng-voice.com.

Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Barbara Silva

Marketing Lead

Publisher Bio

After 10 years of working for Telefonica as a Business Development and Marketing Manager, along with developing serval projects in Latin America. Barbara’s plans to connect and share her own experience in Branding and growth strategies with the readers. She enjoys talking about any topics, from Netflix series to Politics, making her a versatile and fun person to talk to.

September 20, 2022

ng-voice The potential of 5G SA – how is it set to impact the industry?
The arrival of 5G has been an exciting development in the telecoms space, with operators across the globe already rolling out the technology to enhance their services and offerings. But now even greater excitement is building as operators set their sights on true 5G – 5G Standalone (or 5G SA). So, what exactly is 5G SA and what opportunities does it unlock?

5G SA uses the 5G NR (5G New Radio) access network on a 5G network core, unlike non-standalone 5G, which uses a 5G NR access network overlaid on an existing 4G LTE network core.

The widespread use of 5G SA has myriad benefits, including:
The complete reliance on a 5G core unlocks the benefits of true 5G, namely improved bandwidth and speed of connection for end-users
Increased ability to scale and enhanced spectral efficiencies
Ultra-low latency, contributing to an overall more seamless experience for end-users
Critically, 5G SA will act as a key driver in the monetization of 5G, allowing telcos to recoup their investment into the new network by enabling new use cases for the entire sector, including:
Private networks – private, 5G SA networks benefit from resilience, security, and autonomy.
IoT – 5G SA is ideal for meeting Critical IoT requirements, providing flexible edge computing, reliability, and supporting Network Data Analytics.
Network slicing – enabling new revenue opportunities through vertical applications such as smart manufacturing.
With the Ericsson Mobility report highlighting that the 5G SA rollout will double by the end of 2022 and that within 5 years, 5G SA-compatible devices will account for nearly half of all mobile subscriptions, it’s crucial that we understand what its impact is going to be on the industry.

The current global rollout
Across the globe, we’re beginning to see operators rolling out 5G SA to deliver a fully 5G experience to end users. In 2021, Vodafone Germany launched a 5G SA network, with 1000 antennas in 170 cities and municipalities, and plans to deploy a fully-SA network by 2023. Late last year, Telia launched its 5G SA core in Finland, with the service being initially available to selected users in around 20 areas across Finland.

Many other EMEA operators have plans to launch 5G SA networks this year, including Telenor Denmark, Orange, Vodafone Spain and Vodafone UK, with the latter launching a commercial pilot trial of 5G SA last year.

However, despite this development and proliferation of 5G SA, there is still a vast number of operators who are without plans to roll out the technology and are lagging behind. This could be for a variety of reasons, however, the fundamental challenge operators face is integration.

Integration of 5G SA is challenging, and it requires new infrastructure and architecture, rethinking operations, embracing cloud-nativity principles, and a software-centric approach. This entirely new way of thinking and operating could be holding telcos back from investing in 5G SA, however, the benefits it will bring and the use cases it unlocks are set to outweigh the challenges of implementation.

To unlock the true benefits of 5G SA, being cloud-native is key. Moving to a fully cloud-native infrastructure can add additional benefits to the already enhanced service, including flexibility and fast deployment, with lower costs.

5G SA and VoNR
When talking about the rollout of 5G SA, we cannot do so without thinking about voice services. The rollout of 5G SA will give rise to VoNR, seeing less reliance on VoLTE as more and more devices become 5G SA-compatible.

VoNR has many benefits for end-users, including enhanced voice quality and preventing fallback onto 4G networks, which improves the overall quality of call experience.
VoNR will form a key part of operators’ 5G SA journey, but it’s crucial that operators consider the quality and capabilities of their current IMS core solutions, to provide a service that fulfills customer needs and expectations.

At ng-voice, we offer a VoLTE/ VoNR solution that is truly cloud-native and fully containerized. Our cloud-native IMS is the first 100% containerized and Kubernetes-based fully-fledged IMS solution in the market. With the smallest container sizes, a high level of automation, and minimal use of resources, our IMS is scalable, flexible, cost-efficient, and easy to deploy and manage.

To find out more about why our solution is right for you, contact our team at: sales@ng-voice.com or learn more here.
Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Varun Jain

Customer Solution Architect

Publisher Bio

Varun Jain is a Customer Solutions Architect for the Sales Team, he has over 16 years of experience in telecom industry, working for companies like Ericsson India Global services PVT LTD and NOKIA.

September 15, 2022

Digium Sangoma’s New Logo
Sangoma is constantly evolving. And with it, our logo is evolving along with us.

When we purchased Digium in 2018, we made a change to our logo and at that time, incorporated part of the Digium logo. But since that time, we’ve purchased VoIP Innovations, Star2Star, and now NetFortris. We are a different company since 2018, and we figured it was time for our logo come along. While our logo has changed, we still have the same pride and commitment to Asterisk (and FreePBX). Nothing has changed in that regard.

What has changed is we’ve now grown into being a world-class Communications as a Service provider with over 70% recurring revenue. And through our partners we serve businesses ranging from SMBs to multi-location regional and national retail chains. It’s been truly awesome to have been part of this growth.

And while we are probably most associated today with UCaaS and it’s nice to get accolades from Gartner and Frost and Sullivan about UCaaS, we also offer cloud services that complement UCaaS – Contact Center, Video Meetings, Collaboration, MSP services, CPaaS / Applications, Desktop as a Service, Access Control and Fax for example. We offer a wide range of Communications-as-a-Services, one we think is the broadest in the industry.

And so we wanted to incorporate some kind of cloud element into our logo – to always have that in the background when people come to our website, when we’re presenting, etc. Because that’s who we are and who we will continue to be. We are also a strong company in many ways – fiscally, determined, intrepid – and that steel blue color is meant to evoke that.

Welcome to the new logo.

The post Sangoma’s New Logo appeared first on Sangoma Technologies.
ng-voice Employee Spotlight | Vividha Singh, VP of Quality Assurance and Security

We at ng-voice are excited to bring to you our first blog for Employee Spotlight. In this series we interview our top talents, sharing with you their experience and insights working at ng-voice.

For our first #EmployeeSpotlight blog post, we had the opportunity to speak to our VP of Quality Assurance and Security, Vividha Singh, who showed us her amazing journey in the telecom industry and how she went from being a technical member of the team to Vice-President at ng-voice. Vividha also touched upon her role, achievements, and how she built a talented team on two different continents.

Vividha Singh at ng-voice | Employee Spotlight

Tell us a bit about yourself, your career before you joined ng-voice, and what is your role at ng-voice now

I am Vividha Singh and I’m responsible for ng-voice’s testing infrastructure, guaranteeing the stability and reliability of our core components. I have been working in the telecom industry for most of my career. I studied Electronics and Telecommunication for my bachelor’s and telecommunications has always been part of my journey. For about 6-7 years I worked as a technical leader in my previous company before joining ng-voice. One of my current roles is to build test solutions such as test set-ups as well as execute them.

Why did you join ng-voice?

After moving to Germany, I came to know about ng-voice, a start-up with a lot of exciting work and I saw this as an opportunity to build myself in terms of my leadership qualities and get to see end-to-end product development which you can’t find in larger organizations.

What’s the unique part of working here?

At ng-voice, you are not limited to one part of the product and you can see how it developed from scratch, delivered to the client, how it’s in use, and see it in the real world. The visibility of your contribution is really exciting to see and that’s what is unique about working at ng-voice.

What have been your most significant accomplishments at ng-voice?

When I joined ng-voice, I was the second member of the testing team. I was fortunate to be given the opportunity to work on building a team and hire talented people to get the quality of the product to the next level. I got the chance to build and manage teams in two different geographic locations, a team in Germany and a team in India which I consider to be my biggest achievement.

What advice do you give prospective candidates and people starting their career at ng-voice?

If you are passionate about learning and working with the latest technology, software, and latest open source technologies then ng-voice is the right place for you. It is also important that you are self-motivated to learn about innovation, and cloud-nativity as we always aim to pioneer new technological areas and this is always exciting to me.

Any final words?

The journey has been very exciting to me as I’ve seen a lot of growth not only from my personal experience but also from how the company has grown. It’s very heartwarming to see how you and the company have evolved together.

Vividha’s journey at ng-voice has been an extraordinary one, a journey of challenges, growth and personal achievements. With ng-voice, you can start writing your path by joining our talented team. Take a look at our careers page and find a role that is suitable for you.

Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Khaled Amirian

Employer Branding & Internal Marketing Specialist

Publisher Bio

During his academic and professional career, his curiosity to learn different business functions such as HR and marketing allowed him to gain valuable insights. Khaled aims to provide unique perspectives on topics in digital marketing and HRM. His interests in the digital world helped him become a key community member among Esports player.

August 31, 2022

Enable Security SIP ALG exploit hits Realtek SDK, our Attack Platform and holidays
In the summer time, the weather is hot … August is usually a slow month in our part of the world and a good time to take a holiday and relax a bit. We tried that for ourselves and found out that the rumors are true, holidays are not overrated. But, we didn’t stop for too long because, actually, we have news! In this edition, we cover: Our news about the Enable Security Attack Platform and Gasoline v2 Buffer overflow in Realtek’s SIP ALG affecting many many routers (CVE-2022-27255) More router exploitation leading to SIP credentials leakage (Arris / CVE-2022-31793) TLS ALPN identifier for SIP SELinux policies and Kamailio/OpenSIPS And more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

August 30, 2022

Digium UCaaS & the Concept of “One-stop-shopping” for Other Required Communications Services
Over the summer, Iâ€™ve written a few blogs about the Frost and Sullivan whitepaper called â€œModern Cloud Communications Empower the Hybrid Workforceâ€�. This will be my final blog about it. One other part of that whitepaper talked about Unified Communications and then about other communication services beyond just UC.

Organizations adopting unified communications-as-a-service (UCaaS) show strong preference for one-stop shopping. They choose to purchase an array of correlated services from their cloud private branch exchange (PBX) provider:
- 91% integrated meetings and messaging
- 88% cybersecurity solutions
- 88% device as a service
- 85% SIP trunking
- 84% MPLS
- 82% SD-WAN
- 78% integrated contact center
- 42% calling plans
This is really interesting since this has been Sangomaâ€™s strategy for a long time!

We have everything Frost and Sullivan writes about in our chart above. The three to the right on the chart (managed SD-WAN, managed network connectivity, and managed security) were obtained via our acquisition of NetFortris in March of this year.

And thatâ€™s how Iâ€™ll end this blog series. Frost and Sullivan validating our strategy.

To download the full Frost and Sullivan whitepaper to learn more about this, please go here.

The post UCaaS & the Concept of â€œOne-stop-shoppingâ€� for Other Required Communications Services appeared first on Sangoma Technologies.

August 29, 2022

Digium Maximize Profitability and Boost Collaboration with Communications-as-a-Service (CaaS)
Grow Business Benefits with a Full Suite of Customizable CaaS Solutions from Sangoma

Communication is the lifeblood of every business, and thanks to recent technological innovations, global disruptions, and shifting market demands, virtual environments are essential for effective communication in the modern workplace. More companies are turning to the cloud to improve remote and hybrid collaboration, introduce new customer service channels, and lower IT costs. To explore what CaaS offers, download our new, free eBook today!

Why CaaS?

The key to achieving a seamless experience in the cloud is integration. Navigating between multiple applications, platforms, and cloud providers is cumbersome and creates silos that hinder communication and add complexity. Disparate systems also introduce security risks and associated costs to protect every application and device. Without integration, simply doing business is a recipe for profit loss.

Gain a Competitive Advantage with a Complete CaaS Portfolio

Communications-as-a-Service (CaaS), also called Unified Communications-as-a-Service (UCaaS), brings together voice, video, presence and chat, conferencing, virtual desktop, and other applications to create a simplified, interconnected environment where every communication tool works together effectively.

With CaaS, companies can create and customize a secure, seamless digital workspace that improves collaboration and maximizes profitability with no hidden costs – all from a single cloud provider.

CaaS Deployments for Any Business

Whether an organization needs a single solution or a full suite, Sangoma’s end-to-end CaaS portfolio can address business communication needs and provide the right hardware and accessories to maximize performance and productivity. Customizable and comprehensive, Sangoma’s platforms offer flexible deployment options, secure integrations, and unified applications accessible from any device.

With Sangoma’s one bill, one vendor approach, organizations no longer need to devote time and energy to navigating multiple cloud vendors with their own policies, procedures, and workflows. When businesses partner with Sangoma, they enjoy a reliable, consistent partnership with expert support when and where they need it.

Collaboration Solutions

Effective communication tools help companies collaborate effectively, which improves employee morale, productivity, and long-term profitability. Thankfully, Sangoma’s CaaS solutions are geared specifically toward enhancing collaboration amongst on-site and off-site teams, regardless of how they operate.

Business Phones, Hardware, and Communities

In addition to its many software and as-a-Service products, Sangoma stands apart from other providers by offering an array of hardware, phones, and other devices to support business goals. What’s more, Sangoma maintains an open-source community to help small businesses, enterprises, government agencies, and other organizations create and deploy communications apps.

Businesses are constantly evolving, and with these additional services, Sangoma can act as a trustworthy, end-to-end partner as companies’ technology needs grow and change.

Read More: Download our brand-new, free eBook to explore all that CaaS can do for your business

The post Maximize Profitability and Boost Collaboration with Communications-as-a-Service (CaaS) appeared first on Sangoma Technologies.

August 25, 2022

ng-voice My 1st month as a DevOps Engineer at ng-voice: Sara

Who am I?

My name is Sara Fattouh, and I am going to tell you my story of joining the ng-voice cloud-native team as a DevOps Engineer. I am an informatics engineer, I moved from Budapest, but I am originally from Syria.

Â

After my graduation, I worked as an assistant teacher at the University of Aleppo, where I was responsible for preparing and teaching functional materials in software engineering. I worked in Syria for 2 years as a software engineer, then I was awarded a scholarship to pursue my studies in Budapest, Hungary. While I was a master’s student, I joined Nokia as a trainee, after that, I was offered a full-time position as a software engineer.

Why did I join ng-voice?

DevOps engineers have a diverse and unique soft skill set as well as technical skills which are closely linked to the knowledge of the DevOps toolset: coding, and scripting.

Â

I joined ng-voice to embrace and adapt quickly to new responsibilities and I am eager to develop these skills to contribute to the mission of ng-voice: build a fully cloud-native IMS for the market.

Getting settled in a new city

When I arrived I had a lot of tasks to complete during my first few days, but with the team’s assistance, I was able to obtain a bank account and â€˜Anmeldungâ€™ very fast, I started receiving the mail in bulk. It’s Germany, no wonder

Â

I also joined a badminton group to keep the same habit I started in Budapest, playing badminton weekly and making new friends from different backgrounds.Â It’s not a secret that in large German cities, finding an apartment is hard for everyone, not only for foreigners. The housing market in Hamburg is quite competitive, but knowing where to look will make your search easier.Â There are a lot of real estate websites where new advertisements are published very frequently. I hope that these websites can help me find a suitable apartment to rent shortly.

My experience as a DevOps Engineer at ng-voice so far

I had a great time traveling to Germany and joining ng-voice as the staff was accommodating, especially during the visa application process. I traveled from Budapest, spent a 10 days vacation in Berlin, and finally made it to Hamburg.Â

Â

On my first day, everyone was very welcoming and I liked every piece of my starter kit which was waiting for me on my desk. A nice onboarding specialist guided me through and helped me with the first steps to settling in the new city. What impressed me from the first day is the high organization, the accuracy, and good documentation of the tasks, not to forget the transparency among the employees. I’ve had a nice experience working at ng-voice in Hamburg overall. Everyone is easy to approach, friendly, and highly responsive. What I like the most about my teammates is how cooperative and eager to help they are.

Â

As a new joiner to ng-voice, I am proud, happy, and eager for more!

Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Sara Fattouh

DevOps Engineer

Publisher Bio

Sara Fattouh is an informatics engineer who joined the ng-voice cloud-native team as a DevOps engineer. She was previously an assistant teacher at the University of Aleppo, and worked for Nokia as a trainee before joining the company full-time.

August 16, 2022

Digium Considerations for a Unified Communications Prem to Cloud Migration
Some companies are considering the transition from an on-premise unified communication system to a UCaaS system. There could be various reasons, ranging from the age of the prem system, to not wanting to manage the on-site system anymore (manually update the system, etc.), to it being part of your company’s strategy to move as much support systems to the cloud, to you are growing and you want your system to scale better and support remote offices.

No matter what, there are considerations.

One consideration is are the features the same? Some UC features are “easier” in an on-prem system, and some features are older and maybe not available on a newer UCaaS system (fax, analog phones anyone?, hot desking/hoteling for example) so if you have some favorite features or key older technology to support, make sure you ask.

Or maybe you’ve built some of your business processes to work with the on-prem system very tightly. Make sure you ask about that and don’t assume it will work.

Also, maybe you already paid for your phones, so does the UCaaS system support the phones you have already invested in?

And you should create a plan once you’e decided to do it. Make sure there is a transition period where the prem system and the cloud system are both there, and start the data migration (voice mails, etc.) first. Then there are the applications that interface to the phone system that need to be migrated over as well. And make sure your network can support this.

If you are considering a migration, Sangoma is here to help you. Give us a call. We offer both on-premise and cloud Unified Communication systems, and have literally helped migrate hundreds if not thousands of businesses from prem to cloud.

The post Considerations for a Unified Communications Prem to Cloud Migration appeared first on Sangoma Technologies.
ng-voice I deployed ng-voice’s cloud-native IMS over a 10 minute coffee break
As telcos look for new ways to compete in the market and release new products and services to their subscribers, agility, efficiency and speed is vital. In this blog, we’ll explore the process of deploying our cloud-native IMS solution and the critical role that automation plays in the process.

Picture this:
It was around 1 am…the time when most people are asleep. For me, however, this time means low network traffic and the perfect time to perform upgrades on network functions providing critical services.
I watched my laptop screen closely, hoping to avoid finding any issues during the upgrade process of a Call Session Control Function (a network function in the IMS). There was no room for error, as one mistake could impact millions of subscribers. I wanted simpler, better, faster….
The above was a common experience in my past working career. However, you will be glad to know that there is a positive outcome.
A few months ago, I surprised myself by deploying ng-voice’s IMS over a coffee break. I ran a few commands using Helm, got my coffee, and before I knew it, in less than 10 minutes, the entire IMS solution was deployed in ng-voice’s lab. The summary of this breakthrough is one keyword: cloud-nativity.

Understanding cloud-native principles
Cloud-nativity is more than just deploying software in the cloud. It is a broad term that incorporates many capabilities. At ng-voice, there are several key cloud-native principles that we adhere to:
Infrastructure-agnostic: The IMS core can be deployed on any cloud or bare metal thanks to Kubernetes-based container architecture
Balances load: The solution provides load balancing and service-discovery
Self-healing: Active monitoring to identify and replace failed components to maintain availability
CI/CD: Automation throughout the integration, delivery and deployment pipelines
Automatic scaling: Recognizes load continuously and adapts necessary capacity accordingly
So, how do these principles work together to enable our IMS solution to be so easily deployed?
ng-voice’s software is based on a greenfield microservices design, meaning that the system is developed from scratch without the restrictions of legacy infrastructure. This allows us to provide a truly personalized solution, avoid the constraints of monolithic software and ensure we can leverage small-sized containers to maximize efficiency and scalability.

We also prioritize using a DevOps approach from the start, which encourages faster, more streamlined development and deployment. A crucial part of our DevOps approach is ensuring efficient software lifecycle management through the CI/CD pipeline, bringing developers and IT operations teams together to deploy software more efficiently. The diagram below outlines how our CI/CD pipeline works:

Although it’s possible to manually execute each of the above steps of the CI/CD pipeline, the true value of CI/CD pipelines is realized through automation. With automation as the backbone, the threat of human error is minimized, and a constant process for the testing and release of software can be maintained.
Benefits to MNOs, MVNOs, and Private Networks
Automation brings several benefits to the telecoms industry by deploying cloud-native solutions:
Cost-effectiveness: Automation reduces the time to manage and deploy applications thereby maximizing efforts. This is of particular benefit to MVNOs, as they typically have smaller economies of scale, so maximizing their return on investment is critical
Increased efficiency: Through end-to-end automated pipelines, features and software updates are ready for delivery faster and deployed faster. Pre-defined scripts and pipelines ensure that quality is reached in an optimal timeline
Scalability: By introducing an automated, cloud-native solution, network operators of all sizes can deploy new services and products quickly and simply, to meet changing subscriber demands and compete in the market. Furthermore, ng-voice’s IMS can be automatically scaled based on traffic demands
While the benefits are clear, how do they translate in a real-life setting? Here we bring two different deployment use cases.
Use case 1: Google Cloud
The deployment of our IMS solution in the Google Kubernetes Engine (GKE) is a clear example of just how much difference automation can make. GKE provides a managed environment for deploying, managing, and scaling containerized applications using Google infrastructure. The GKE environment consists of multiple applications, grouped together to form a cluster, managed by Kubernetes. If one application goes down and another needs to start, Kubernetes will interact with the cluster to ensure this can effectively take place.
Deploying ng-voice’s IMS core in the GKE is extremely simple. We recently timed one of our Cloud Engineers and it took under ten minutes to carry out the following steps:
Install Kubernetes cluster of 3 nodes
Add docker repository credential to the default namespace
Deploy all of the network functions using Helm file in one command
Glance back at your laptop and you’ll see that all the components are up and running, ready to connect to your core network
Sit back and enjoy your calls!

Use case 2: Bare metal
But deployment in the GKE isn’t the only environment that showcases the benefits of our solution. These can also be seen in a bare metal environment too.
The deployment kicks off with the host provisioning stage, of which the timeline depends on the customer
From here, host preparation takes up to fifteen minutes
In another fifteen minutes, the Kubernetes cluster is created
The final step, which is installing the network functions, can be in five to ten minutes per network function
The IMS core is up and running in a bare metal environment
To find out more about why our fully automated, cloud-native voice solution is right for you, contact our team at: sales@ng-voice.com or learn more here.
Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Elijah Indarjit

Customer Solution Architect

Publisher Bio

Elijah has vast experience in the industry working for companies such as Vodacom South Africa and Vodafone Turkey.
In his previous roles, Elijah deployed VoLTE interconnected networks and developed a Core network strategy and evolution, resulting in better service quality for customers.
Elijah brings his skills in IMS, Packet Core, Voice Core, and QoS to ng-voice to design solutions and evolve our portfolio based on customer needs.

August 09, 2022

Digium What is UCaaS?
Introduction

Unified Communications as a Service (UCaaS) is a cloud-based solution that integrates communication features, applications, and services into one cohesive platform. By moving to a UCaaS platform, businesses can utilize the cloud’s mobility and scalability while reducing costs and increasing productivity. This article will go over what Unified Communications as a Service really means (and why it matters).

What is UCaaS

UCaaS is a term that refers to unified communications as a service. It’s an umbrella term for different communications services, including video conferencing and collaboration tools such as SangomaMeet and TeamHub.

Businesses can utilize the cloud’s mobility and scalability by moving away from legacy components such as on-premise PBX systems. Additionally, most UCaaS systems enable your business phone number to be used by your smartphone and your laptop, enabling employees to work remotely very effectively. By moving to a UCaaS platform, companies can save on upfront costs by deploying a pay-as-you-go approach to their business communications. The monthly cost of a UCaaS platform is usually lower than the monthly maintenance and service costs associated with on-premise systems, and there is no capital expenditure required for hardware or software purchases.

Furthermore, with UCaaS, you don’t need to worry about purchasing new hardware or software every time you want to add new features; instead, you simply upgrade your subscription plan to gain access to new capabilities!

Features of a UCaaS Platform

A UCaaS platform has several features that make it stand out from other types of business phone systems. Let’s look at a few of the most important ones:
- - Presence: This feature allows you to see which users are currently logged into the system and where they’re located in relation to your office, so you can call them when needed. It also displays indicators, such as, Do Not Disturb, Active, and Out of the Office.
  - Mobility: The mobility feature allows you to stay connected regardless of your location. Through your office extension, you can make and receive calls, chat, and more with a softphone application on any device with an internet connection—a smartphone or tablet, for example—no matter where they are located as long as they have an internet connection. So you can work from home or from a remote location and still be able to use your office phone number!
  - Collaboration: Collaboration tools are designed specifically for sharing information among team members within one organization; these include chat rooms where people can type messages back-and-forth using text whenever needed instead of calling each other individually over the phone.
  - Unified Messaging: With unified messaging, users can manage many types of messages from a single application and switch communication modes on demand.
  - Video Conferencing: Stay connected with multiple users with conferencing. Conferencing allows a group of users to meet and speak via voice and/or video from multiple locations. This option is also available to outside organizations, partners, or clients.
UCaaS Benefits

UCaaS offers a competitive advantage to businesses by reducing the number of independent tools, platforms, and solutions. It can streamline communications for organizations, regardless of size or industry. Because UCaaS integrates and optimizes all interactions, team collaboration and productivity are significantly improved, and the engagement of sales prospects, vendors, and customers. UCaaS facilitates:
- Increased collaboration between teams and departments
- Improved security through centralized management of various communications devices and apps
- Reduced costs due to the consolidation of messaging platforms into one centralized service
- Reduced IT overhead since the cloud subscription enables security and other updates to be done by the cloud service, not by you.
Why it Matters

Businesses rely on communication tools to stay productive and competitive, and when it comes to motivating employees and increasing productivity, integrating communication tools empowers workers to handle multiple tasks quickly and efficiently. By integrating communications into one platform, companies can improve team collaboration and productivity while reducing costs. Brighten your future and improve your business communications with Sangoma’s UCaaS solutions and full-suite communication suite: (list products here?)

The post What is UCaaS? appeared first on Sangoma Technologies.

July 29, 2022

Enable Security WebRTC 0day, FreePBX not Asterisk attacks and talks at MCH2022
It is the end of the week as well as July and the RTCSec newsletter is in your inbox eagerly waiting to give you all the educational entertainment you need throughout the weekend! In this edition, we cover: Our TADSummit talk and SIPVicious PRO details FreePBX exploitation and confusing reports Remote coverage of the talks at the Dutch hacker camp CVE-2022-2294 - the vulnerability in the WebRTC project Vulnerabilities in Matrix, BigBlueButton, JunOS and more Tweet of the month on VoIP phone hardware hacking RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

July 28, 2022

Digium How to Deploy or Migrate to UCaaS the Smart Way
Let’s face it: launching a UCaaS (Unified Communications as a Service) system from scratch can seem pretty daunting. This type of cloud phone system incorporates many different types of communication / collaboration services to help your business succeed. Whether you’re talking about voice, video, messaging, meetings, presence or team-based collaboration, they’re all traditionally available as options.

And while the hallmark of a UCaaS environment is its ability to bring together all of these elements, there are many (frequently overwhelming) considerations you have to make on the back end to determine if and how it can work for you. Then, there are past investments. Over the years, many businesses like yours have spent significant time and money toward implementing many traditional communication and collaboration options that are now outdated for the modern landscape.

Previous choices, however, should not complicate matters when considering when, how and why to make that jump to an all-encompassing UCaaS infrastructure.

Choose the UCaaS for YOUR Needs

In most cases, your provider may be able to handle the dirty work for you. The key is to select the specific features and elements that your organization needs, and see what sorts of deployment options are available from the host.

So … whether you’re starting out from scratch or migrating to a full-on – or even hybrid – UCaaS environment, most of this rollout involves the streamlining and automation of a la carte options.

Consider Scalability …

Communications and collaboration options abound, but are not all necessary in every business case. From a UCaaS perspective, it can be scaled as necessary, with features added or taken away in an a la carte fashion as your organization’s needs change. In other words, UCaaS allows you to establish custom communications infrastructure exactly as you need while also supporting future growth initiatives.

For that reason, you should carefully evaluate the options and capabilities made available to you by the various providers, weighing them against your own unique needs.

… While Embracing Flexibility

One of UCaaS’ best traits is how optimal it is for remote and telework environments. This cloud-based system can be deployed across many different types of communication channels and devices. The flexibility it extends to YOUR deployment, however, should run so much deeper.

In particular, focus on factors such as extending customer communications channels and streamlining CRM services with these options.

Assessing Reliability

With flexibility comes the need for reliability, a factor that can largely be out of many organizations’ control. Sadly, the stability of a UCaaS is largely tied to the state of your – and your remote workers’ – internet connection, as well as the relative strength of the service provider and UCaaS architecture that it provides.

In most cases, the smart move is to choose a deployment that guarantees virtually unlimited uptime and availability, as well as geo-redundancy for better backup integrity. Many vendors claim accessibility to these. Reading customer and peer reviews, however, can often tell a different story.

Focus on Real Time

UCaaS users tend to be the most productive when they can communicate and collaborate consistently in real time, as if seated in the same room as one another.

Weigh Cost Versus Benefit

Like most extensive software deployments, the price tag will almost always play a factor. Choose a UCaaS system that gives you the most proverbial “bang for your buck,” weighing the critical features that you need against the feasible cost of their implementation.

While it’s often good to take a chance, gaining access to the most sought-after features and elements for the lowest-available cost is almost always prudent.

Have you considered the numerous features, capabilities and benefits that come as part of a comprehensive Sangoma UCaaS deployment? Visit www.Sangoma.com or call (877) 344-4861 for more information.

The post How to Deploy or Migrate to UCaaS the Smart Way appeared first on Sangoma Technologies.
Jitsi Enhanced noise suppression in Jitsi Meet
For a while now Jitsi Meet has been using the RNNoise library to calculate voice audio detection scores for audio input tracks and leveraging those to implement functionality such as “talk while muted” and “noisy mic detection”. However, RNnoise also has the capability to denoise audio.

In this article we’ll briefly go through the steps taken to implement noise suppression using RNnoise in Jitsi Meet.

What’s RNNoise anyway?

RNNoise, as the authors describe it, “combines classic signal processing with deep learning, but it’s small and fast”, this makes it perfect for real time audio and does a good job at denoising.

It’s written in C which allows us to (relatively) easily use it on the Web by compiling it as a WASM module, that combined with a couple of optimizations gets us noise suppression functionality with very little added latency.

Working with Audio Worklets

Previously Jitsi Meet processed audio using ScriptProcessorNode which handles audio samples on the main UI thread. Because the audio track wasn’t altered and we simply extracted some information from a copy of the track, performance issues weren’t apparent. With noise suppression the track gets modified, so latency is noticeable, not to mention that any interference on the main UI thread will impact the audio quality, so we switched to audio worklets.

Audio worklets run in a separate thread from the main UI thread, so samples can be processed without interference. We won’t go into the specifics of implementing one as there are plenty of awesome resources on the web such as: this and this. Our worklet implementation can be found here.

Webpack integration

Even though using an audio worklet looks fairly straightforward there were a couple of bumps along the road.

First off, and probably the most frustrating part was making them work with webpack’s dev server.

Long story short, the dev server has some neat features such as hot module replacement and live reloading, these rely on some bootstrap code added to the output JavaScript bundle. The issue here is that audio worklet code runs under the AudioWorkletGlobalScope’s context which doesn’t know anything about constructs like window, this or self, however the aforementioned boilerplate code makes ample use of them and there doesn’t seem to be a way to tell it that the context in which it’s running is a worklet.

We tried several approaches but the solution that worked for us was to ignore the dev server bootstrap code altogether for the worklet’s entry point, which can be configured in webpack config as follows:
```
module: { rules: [ ...config.module.rules,
            { test: resolve(__dirname, 'node_modules/webpack-dev-server/client'),
              loader: 'null-loader' } ] }
```
That took care of the dev server, however production webpack bundling also introduced boilerplate which made use of the “forbidden” worklet objects, but in this case it’s easily configurable by specifying the following output options:
```
output: { ...config.output, globalObject: 'AudioWorkletGlobalScope' }
```
At this point we had a working worklet (pun intended) that didn’t break our development environment.

WASM in audio worklets.

Next came adding in the RNnoise WASM module. Jitisi uses RNnoise compiled with emscripten (more details in the project: https://github.com/jitsi/rnnoise-wasm). With the default settings the WASM module will load and compile asynchronously, however because the worklet loads without waiting for the resolution of promises we need to make everything synchronous, so we inline the WASM file by passing in -s SINGLE_FILE=1 to emscripten and we also tell it to synchronously compile it with -s WASM_ASYNC_COMPILATION=0. With that in place everything will be loaded and ready to go when audio samples start coming in.

Efficient audio processing.

Audio processing in worklets happens on the process() callback method in the AudioWorkletProcessor implementation at a fixed rate of 128 samples (this can’t be configured as with ScriptProcessorNodes), however RNnoise expects 480 samples for each call to it’s denoise method rnnoise_process_frame.

To make this work we implemented a circular buffer that minimizes copy operations for optimal performance. It works by having both the buffered samples and the ones that have already been denoised on the same Float32Array with a roll over policy. The full implementation can be found here.

To summarize, we keep track of how many audio samples we have buffered, once we have enough of them (480 to be precise) we send a view of that data to RNnoise where it gets denoised in-place (i.e. no additional copies are required). At this point the circular buffer has a denoised part and possibly some residue samples that didn’t fit in the initial 480, which will get processed in the next iteration. The process repeats until we reach the end of the circular buffer at which point we simply start from the beginning and overwrite “stale” samples; we consider them stale because at this point they have already been denoised and sent.

The worklet code gets compiled as a separate .js bundle and lazy loaded as needed.

Use it in JaaS / using the iframe API

If you are a JaaS customer (or are using Jitsi Meet through the iframe API) we have added an API command to turn this on programmatically too! Check it out.

Check it out!

In Jitsi Meet this feature can be activated by simply clicking on the Noise Suppression button.

Since in this case a sound file is probably worth more than 1000 words, here is an audio sample demonstrating the denoising:

Original audio:

Denoised audio:

Your personal meetings team.

Author: Andrei Gavrilescu

The post Enhanced noise suppression in Jitsi Meet appeared first on Jitsi.

July 26, 2022

ng-voice Mert tells us about his experience joining ng-voice’s team

Hello! My name is Mert and I am going to tell you about my experience joining ng-voice. I am 27 years old, and I come from Istanbul, Turkey. At the beginning of my career, I worked as a Software Engineer for two years and have been working as a DevOps Engineer for over a year. I recently started my new role and joined the ng-voice team as a DevOps Engineer in the Hamburg office.

My experience arriving to ng-voice’s Hamburg office

Overall, my experience arriving in Germany and to ng-voice went really smoothly as I got a lot of help from the team, especially with my Visa process. When everything was set up, I just took a week’s vacation to move to Hamburg and start knowing this new city so I could start at ng-voice on May 15th.

On my first day, my nice starter kit was waiting for me at my desk and everyone was very welcoming. I had the fortune of starting the very same day as our new Onboarding specialist, so it was very nice to have her help during my first weeks.

I met my teammates and then started my technical onboarding, it was really nice as everything from my team and others was documented, so I was able to finish it in 2 weeks and got hands on my first task which I completed by June.

Getting settled in a new city

I needed to get a lot of things done on my first days and with the help of the team, and because I did a lot of previous research (Personal blogs and videos), I managed to get my SIM Card, bank account, and my Anmeldung in just 3 days.

As I did a lot of research before coming to Germany, I knew I had to start looking for an apartment before I got to Hamburg, so I did. From Istanbul, I searched, created my cover letter (Bewerbungsunterlagen), refreshed and refreshed the best websites for apartment search, applied for apartments, and finally, I had an apartment by the time I got to Germany.

My experience at ng-voice so far

Overall, my experience at ng-voice in Hamburg has been great. I like living by the water (it’s just like the canals in Istanbul), I arrived with the great summer weather and found a great place to live. The people at ng-voice are really open-minded, I love working with my team and I am excited to learn and exchange experiences with them.

For the near future, I’m eager to start my A1 German course in august as part of the benefits ng-voice gives to us as employees in Germany. This will help me adapt to the city and practice my German, as I continue focusing on my development as a DevOps Engineer at ng-voice.

Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Mert Dogan

DevOps Engineer

Publisher Bio

Mert Dogan is a DevOps Engineer for the Cloud Native Team at ng-voice. He has over 3 years of experience as a Software and DevOps Engineer, working for companies like SAP and Trendyol Group (Alibaba) in Turkey.

July 21, 2022

Digium 10 Things Organizations Should Look for in Cloud-based Mobile Access Control
In an earlier blog, we wrote about how cloud-based Mobile Access Control is disrupting the market at break-neck speed. Nowadays, savvy small and medium-sized businesses (SMBs) have discovered that cloud-based systems can deliver benefits for workplace security just as they do for business phone systems and communication tools. In fact, data shows that nearly 40% of end users have already deployed wireless door locks as part of their access control solution.

There’s no doubt that users today demand seamless digital experiences, and cloud-native mobile access controls certainly help organizations satisfy these needs. Gaining quick access to doors, elevators, and turnstiles with a simple tap or swipe can make a big difference to users. And since most employees already have a smartphone on them at all times, it makes perfect sense. What’s more, administrators can more easily manage frequent activities such as adding or revoking privileges for new and departing employees or providing guest access. It’s a win-win!

Like any technology, however, not all solutions are made equal. To ensure organizations get the most bang for the buck, we’ve put together the top ten things they should look for when considering different solutions. Let’s explore below:

Innovative, All-in-One Solutions

You’re likely already familiar with access control systems. But while legacy systems are cumbersome, requiring lag time to collect and distribute access components, cloud-based systems are quick and efficient, particularly when dealing with multiple job sites. Cloud-native controls are all-inclusive, including wireless door locks, sensors, software and controllers, which lets organizations implement a complete smart office system in one fell swoop.

Easy Onboarding & Control

Frequent tasks like onboarding employees or removing access can be tedious and time-consuming for a system administrator. But, on the other hand, cloud-native access control lets organizations automate processes for greater speed and efficiency. Administrators can also save time and effort with a system that can be controlled from the palm of their hand – from adjusting configurations to reviewing events. If the unlikely scenario occurs where an employee shows up without their phone, administrators can even remotely unlock the doors.

User-friendly Mobile Apps

With today’s access control systems, there is no need to purchase technology like key fobs. Instead, employees access their office through a designated mobile app, which works well considering that 93% of the U.S. population currently uses smartphones. Most people these days are already accustomed to conducting business with their personal devices: such as paying bills, sending money or verifying their identity – making it an easy learning curve. Within an app, employees can view the status of each door and swipe a small button to open it. The system then automatically resets the door status and logs the activity through the cloud.

Flexible Access

Administrators should be able to effortlessly add users, assign different permissions and access levels, or move access privileges to a different job site. Following installation, they should also enjoy significant flexibility in terms of how their employees enter their job site, as the system can work seamlessly – whether a business chooses to deploy a mobile app or distribute more traditional access control technology like cards or fobs.

Cost-effective

Adopting a completely wireless access control system, also referred to as Access Control as a Service (ACaaS), is typically an affordable option for businesses concerned with security. Cost-savings come from the system being quite simple to install and configure – never exceeding four hours! Oftentimes, ACaaS can leverage a business’s existing infrastructure, like using already-installed locks, which eliminates the need for extra wiring and their associated costs.

Complete Workplace Security

There is no need to fret about cybersecurity when implementing cloud-native access control. Seek out ACaaS technologies that use encrypted cloud-based technology to authenticate employee devices and activity. The system’s integrity is further enhanced by existing smartphone safety technology like facial and fingerprint recognition. Modern access control solutions are “contactless,” which also contributes to overall workplace safety. These systems reduce the need to touch key cards, fobs and door readers – reducing the spread of contagious contaminants.

Integrated or Standalone Installation

You’ve probably already realized that ACaaS is flexible enough to work well for any operation, even with pre-existing security setups. Whether you or your customer wants a fully wireless ACaaS solution or would prefer to seamlessly build upon previously installed infrastructure, it’s all possible with modern access control.

Remote Management

Administering modern access control technology should be done independent of location and from any connected device. Talk about the perfect option for the hybrid workforce! Whether in-office, at home or on the road, admins should have complete visibility into their system and total control over who’s accessing the office – all from their mobile phone.

User Directory Integration

Having an access control system that integrates with a user directory is a must. It allows for the intuitive configuration of user permissions, the establishment of groups and enables automatic provisioning via emails sent to users’ mobile devices.

Smart & Secure! Smart Office Solutions from Sangoma

Sangoma SmartOffice brings the best of advanced access control to users’ smartphones. Nearly every business has security considerations; yet many lack advanced access control. Employees may have a key or fob to get into the building, but this falls far short from the efficiency, security and affordability of Sangoma SmartOffice.

Managed entirely through the convenience of the smartphone, SmartOffice operates over Wi-Fi or cellular connections to physically open locks. And since it is integrated with the Sangoma unified communications (UC) system, administrators can access user directory information to easily manage users, groups, and permissions for office access and the PBX from any location.

Sangoma Cloud service powers SmartOffice, ensuring that every user and every action is properly authenticated within the system. Seeing as the solution also uses employee smartphones, SmartOffice integrates common mobile security features like password protection. These security protections work together seamlessly to guarantee only certified persons have access to the premises.

Finally, as businesses grow, so too will SmartOffice. There is no limit to the number of wireless doors or mobile users that can be included. No matter how a company develops over time, SmartOffice can remain the foundation of its operational security.

Want to explore improving your company’s security with SmartOffice? Contact us today!

The post 10 Things Organizations Should Look for in Cloud-based Mobile Access Control appeared first on Sangoma Technologies.

July 19, 2022

Digium Why Collaboration Tools Are Important
In my last blog, I discussed “digital channels”, one of which are collaboration tools. Let’s take a closer look the importance of collaboration tools. Just take a look at this graphic.

We’ve all been using collaboration and messaging tools as we’ve been working remotely. Or maybe we’ve been using them anyway since we work in a distributed workforce. For sure, I can say productivity is enhanced by messaging someone, and sharing documents.

Frost and Sullivan feels the same way. As the whitepaper says: “Communications provide the connective tissue among diversified workforces—across departments, project teams, job roles, work locations and worker generations. Enabling a collaborative work environment can considerably strengthen employee bonds, enhance morale, improve the customer journey and drive workflow efficiencies.

And this is why Sangoma has invested quite a bit in our own collaboration platform, TeamHub, which is part of our UC platforms. While an essential part of UC is certainly the smartphone and laptop business phone number mobility aspect, it is becoming increasingly apparent that collaboration and video meetings also now need to be part of the essential to UC offering. And if you are getting these from different vendors, you don’t truly have an integrated UC platform.

To download the full Frost and Sullivan whitepaper to learn more about this, please go here.

The post Why Collaboration Tools Are Important appeared first on Sangoma Technologies.

July 14, 2022

Digium Envision it. Enable it. Control it. Wholesale SIP Trunking Lets Businesses Work Their Way
There’s no doubt video conferencing and remote working have garnered a lot of attention over the last few years. Despite this, SIP-based voice services are still critical for businesses that are responsible for high volumes of call traffic. And because the SIP protocol enables internet-based telephony services to integrate with data networks and cloud-based services, businesses can build a more robust unified communications system.

Wholesale SIP trunks are scalable and configurable on-demand connections for MSPs and ITSPs that wish to provide or sell hassle-free, high-value services to employees and customers. What’s more, those who manage communications for call centers and enterprise businesses can work directly with a SIP Trunk Provider or an MSP/ITSP to keep their organizations running seamlessly as they change or grow.

Here are just a few of the benefits of Wholesale SIP Trunking and what you should look for when selecting a vendor:

Flexibility is Key! Easily Curate Your Offerings

If you’re responsible for procuring carrier services, wholesale SIP trunking provides freedom of choice so you can curate your offering, unlike retail SIP trunking with bundled offerings. SIP-related services can be selected à la carte and packaged together to deliver SIP services across geographically dispersed locations.

Look for solutions with a single point of entry with wide coverage. We can’t stress this enough! Plus, avoid providers that require large minimum spending, carrier negotiations, or contracts to maintain. Flexibility enables you to deliver or achieve a high-performance unified communications network that creates value for businesses.

Whether you’re an enterprise customer, ITSP or MSP, seek out a complete set of SIP trunking features to meet your requirements.

Instantly Take Control of Day-to-Day Functions

At the end of the day, flexibility and ease of use are worth their weight in gold. When selecting a vendor for wholesale SIP trunking services, ensure their solutions allow you to instantly take control of provisioning SIP trunks; adding, deleting or modifying services; porting local numbers; and managing billing and account changes.
What’s more, look for vendors offering back-office access via a self-service portal or API so you can easily respond to shifting business requirements, adapt to new market conditions, and capitalize on new opportunities.

Seek Out Turnkey Solutions

Large enterprises use wholesale SIP trunking for their own purposes unlike ITSPs and MSPs that need to create offerings to sell to retail customers. MSPs should choose a solution they can trust to be ready on time and function with minimal disruption and risk. Having completed hundreds of deployments, Sangoma turnkey solutions and processes have proven to be reliable.

Turnkey solutions will include all the service offerings the provider chooses, as well as hosted billing, wrapped together – fully integrated, complete, and ready to operate.

The key benefits of turnkey solutions are:
- Services that are easy to choose, configure and maintain
- Reduced costs
- A utility model lets you pay for what you use
- Business continuity and resiliency
- Fraud preventions
- Texting
- 911 Emergency services
- Gets you up and going fast
- Consolidated infrastructure
- Hosted billing to handle number porting, billing, tax calculations, reporting and compliance (for service providers)
- Self-serve portal (branded for the MSP)
Achieve Your Vision

Our wholesale SIP trunking team is focused on client satisfaction and helping you achieve your business goals. We respond quickly, give you professional advice, and ensure that every interaction with us is a great experience.

Are you in an urgent situation? We can help you get up and running in under a day. Here’s a case study of a one-day turnup.

If you have questions or need additional information, we have an extensive base of resources that are accessible to you, including subjects such as the Modern Approach to SIP trunking or why we’re The Leading Wholesale SIP Trunking Provider.

Get in touch with a specialist or request a free demo!

https://carrierservices.sangoma.com/request-a-quote/

Useful information specific to enterprise customers or service providers:

Break the Boundaries of Typical SIP Trunking Service Providers
7 Reasons Why Your Enterprise Needs Wholesale SIP Trunking
9 Reasons Why You Need to Sell Wholesale SIP Trunking

The post Envision it. Enable it. Control it. Wholesale SIP Trunking Lets Businesses Work Their Way appeared first on Sangoma Technologies.

July 11, 2022

WebRTC Hacks Calculating True End-to-End RTT (Balázs Kreith)
Balázs Kreith of the open-source WebRTC monitoring project, ObserveRTC shows how to calculate WebRTC latency - aka Round Trip Time (RTT) - in p2p scenarios and end-to-end across one or more with SFUs. WebRTC's getStats provides relatively easy access to RTT values, bu using those values in a real-world environment for accurate results is more difficult. He provides a step-by-step guide using some simple Docke examples that compute end-to-end RTT with a single SFU and in cascaded SFU environments.

The post Calculating True End-to-End RTT (Balázs Kreith) appeared first on webrtcHacks.

July 06, 2022

Enable Security SIPVicious PRO experimental now supports STIR/SHAKEN and 5 new tools
We just made two builds available to our SIPVicious PRO members. One is called the stable build, while the other is the experimental build. The v6.0.0-beta.5 stable build includes a large number of fixes, much better (or sane) defaults and full coverage of SRTP throughout the toolset. The experimental version is where the excitement is. Our members now have access to 5 new tools that we find useful in our work:

July 05, 2022

Digium Your UC / UCaaS Platform Needs “Digital Channels”
Frost and Sullivan has written a white paper called “Modern Cloud Communications Empower the Hybrid Workforce”. It’s an interesting paper all around. To download the full paper, please go here. In the meantime, I picked 4 interesting parts of the paper to write a little bit about and I’ll do that in the next four blogs I write.

So, let’s get to the first topic. One concept Frost and Sullivan writes about is the impact of the pandemic on IT and what IT must do in terms of supporting employees going forward. Obviously (or maybe not so obviously depending on your point of view), a hybrid work remote / work at the office is here to stay.

How do you function as the best “team” in this kind of environment? By now, we’ve all gotten used to video meetings and collaboration messaging tools. And continuing those are important for sure. But Frost and Sullivan argues that there needs to be “more”, and integrating digital channels to deal with not only remote employees, but customers (who now have also been exposed to messaging tools) wanting to connect with you digitally is critical for success.

The paper goes into this in much more detail, but the takeaway I have from reading this is collaboration tools, and other types of “digital channels” that work both with employees and reach out to customers will be critical. Like I said above, to download the full paper, please go here.

The post Your UC / UCaaS Platform Needs “Digital Channels” appeared first on Sangoma Technologies.

June 30, 2022

Enable Security SIPVicious PRO out with 2 releases, ransomware and participation in the survey
The sun is shining (at least on this part of the hemisphere), new exploits and builds are published and everything is good. Welcome to the June edition of RTCSec! In this edition, we cover: Our news: presenting at TADSummit in November and releasing two new SIPVicious PRO versions The Open-Source Telecom Software Survey which needs filling up Ransomware attacks using Mitel’s VoIP appliances as an entry-point Carrier related issues, including Syniverse compromise and call forwarding trick Vulnerabilities that were fixed in Sofia-SIP (FreeSWITCH), pjsip, Mitel phones and VitalPBX and much much more RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

June 29, 2022

ng-voice What pride month means to us at ng-voice

Happy Pride Month to all the amazing people in the community & supportive allies!

Â

With this celebratory time coming to an end we would like to share what we have been up to this Pride Month and how we are building up on our initiatives in support of the LGBTQ+ community in our company!

Â

We at ng-voice believe that Pride Month should not be a 1-month window to praise ourselves for being accepting of others, to then forget about this essential part of a more inclusive work environment for the next 11 months. Instead, we believe that this is a reminder and an opportunity to evaluate our DEI (Diversity, Equity, and Inclusion) initiatives and make them stronger. Since last year’s Pride Month, we have tripled in size and with this rapid growth, our need for internal reflection has increased with every new team member we welcomed.Â

Â

Our team is diverse in every possible way – not just our areas of expertise are vastly different, but also our cultural and ethnic backgrounds as well as Gender identity & Sexual orientation, and we celebrate that. But cherishing diversity requires constantly looking at our internal processes and actively committing to intentional changes we would like to make.Â

Â

With that in mind, we took a very pragmatic approach and selected a group of actions that could be easily implemented, and that have a significant impact on strengthening our culture and creating an inclusive environment for the LGBTQ+ community. And by sharing our experience at ng-voice, we hope to incentivize other SMBs (Small and Medium Businesses) like us to take action and continuously find new ways to foster inclusion in their companies.

Here are some cool new initiatives we implemented during this Pride Month

Firstly, we aimed to create a safe space for our LGBTQ+ team members and allies to share news, fun content, and experiences as well as support one another – so we did – we call it â€œThe Rainbow Roomâ€�. With this internal communication channel, we began our second mission: to raise more regular awareness and maintain visibility for the LGBTQ+ community and assure that LGBTQ+ content does not disappear once Pride Month is over. For starters, we will be sharing a queer good news article of the month and start the bi-weekly Rainbow-Media Round for Movie, TV Show or Book recommendations (of course with queer vibes only). Â

Â

We also reviewed our internal HR & Recruiting Processes where the candidate details we collect and personnel files were updated, especially to include non-binary individuals. We are updating our recruiting and internal communication platforms, including the option to add pronouns.

Â

To assure that in our cross-national & cross-functional spaces matters of Diversity become more prevalent and visible, we will make sure to allocate a permanent slot in our Townhall meeting, which happens about once a month, to raise awareness and give visibility to DEI topics.Â

Â

And we are also looking forward to being part of external Pride events with the team in the cities where we are present (which in our case happen in late July or early August)!

Â

The best part of being a member of the ng-voice team is that diversity & inclusion are not buzzwords. We hire diverse people from all around the globe. We never shy away from teaching one another new things & expanding our horizons. We are curious and listen to those that have new and different perspectives to share.

Â

This month I am incredibly proud to be a part of a team that makes everyone feel welcome and is committed to not just growing in numbers, but also growing into a more diverse and accepting company.Â

Â

To know more about our company culture and career opportunities, please visit our careers page.Â

Lara Brzezinski

Onboarding specialist

Publisher Bio

Lara Brzezinski is part of the ng-voice team as an Onboarding Specialist who is passionate about People, Leadership, Training & Development and Project Management.

She holds a BBA from Hult International Business School in London – Management Major and has worked in the Management Consulting & FinTech Industry.

June 27, 2022

ng-voice ng-voice’s fully cloud-native IMS recognized as the Best VoLTE Solution at the CCGA 2022

ng-voice’s IMS recognized as the Best VoLTE Solution

ng-voice is proud to announce that it has been awarded the Best VoLTE Solution Recognition Award within the 6th annual CC-Global Awards (CCGA) which took place on 23rd of June in Berlin, bringing together global operators and partners to celebrate innovative achievements in the industry.

The CC-Global Awards (CCGA) recognizes innovations and achievements among telecom wholesale operators and ecosystem partners around the globe. The awards competitors were judged by a panel of telecom analysts and experts from the industry.

Our Head of Marketing Barbara Silva and Employer Branding specialist Khaled Amirian holding the Best VoLTE Solution Award in the name of ng-voice at the CC Global Awards 2022.

ng-voice’s VP of Sales and Partnerships, Qawa Darabi, mentions that “we are honored to be recognized by the Carrier Community Awards for the Best VoLTE Solution, as we are dedicated to continuously delivering the most innovative, containerized and cloud-native IMS solution in the market to our customers and partners.”

We would like to thank the judging panel for this recognition, and our customers, partners, and amazing team for the support. We would also like to congratulate our fellow winners for their achievements.

If you want to learn more about the Best VoLTE Solution, get in touch at sales@ng-voice.com and download more information about our IMS Solution here:

Please fill in your contact information and download an overview of our company and solutions:

First & Last Name

Email Address

Company

Phone Number

By submitting this form, you agree to receive future emails from ng-voice.

Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Kathrin Hißner

Content/Digital Marketing Specialist

Publisher Bio

With her marketing and design background, as well as her experience in brand and communications management, Kathrin brings her unique skills to ng-voice. As a digital marketer, Kathrin supports our growth strategy by increasing the visibility of our brand to potential customers.

She enjoys working on information visualization and infographic design.

June 21, 2022

Digium The Benefits of a Managed Security / Unified Threat Management Service
Before discussing the benefits of a managed security service for your business, let’s discuss what threats we are talking about. As an IT manager for your business, you are likely worried about attacks on your corporate network in the form of viruses, spam, phishing attempts, malicious content, unapproved website access where “bad” files can be accessed, etc.

So how to do something about this and manage this better? Maybe you can tackle different parts of this by adding virus checkers or spam filtering or defending against network attacks, for example. But that tactic, while addressing specific areas, that tactic would leave some vulnerabilities, and you’d have to manage each area yourself anyway. It might become complicated, and you wouldn’t have everything covered. You’d cover what you thought was necessary or what you had the budget to cover.

So how can you best tackle addressing all kinds of threats to your network economically? That’s how Unified Threat Management came to be – a single device to be put in place that inspects the incoming data – looks at packet headers, looks for known virus/malware, etc., and identifies these threats to an administrator.

And that’s great. But what if you are a larger company with many locations. It starts to get even more complicated. The next step would be to get help – have a managed service help you do this, or maybe even manage this for you. While a unified threat management device might be put at your location, or if you have multiple locations placed at each location, you could have someone manage this for you. Or you could decide you don’t want any devices on-prem, and all of this can also be done via the cloud.

Either way, someone could help you manage this. An expert team of people would work with you to set up profiles, help you figure out whether an all-cloud solution could work for you, and potentially fully manage your threat management system or co-manage it with your team. And Sangoma, through our acquisition of NetFortris, provides managed security to companies of all sizes.

The post The Benefits of a Managed Security / Unified Threat Management Service appeared first on Sangoma.
WebRTC Hacks The Ultimate Guide to Jitsi Meet and JaaS
A full review and guide to all of the Jitsi Meet-related projects, services, and development options including self-install, using meet.jit.si, 8x8.vc, Jitsi as a Service (JaaS), the External iFrame API, lib-jitsi-meet, and the Jitsi React libraries among others.

The post The Ultimate Guide to Jitsi Meet and JaaS appeared first on webrtcHacks.
ng-voice Mariela shares her 1st month experience at ng-voice

I am Mariela Rivero, originally from Bolivia and I’ve been living in Hamburg for about 4 years. I’m writing this article to share how the experience of my first month working at ng-voice GmbH has been like.

Who am I?

I’m a psychologist with training in ACT therapy, a basis in tech recruitment, and a passion for languages and technologies. I got my bachelor’s degree in Psychology in Bolivia and finished vocational training in Office Management here in Hamburg. I consider myself to be a very empathetic, organized, and adaptable person. I also thrive in situations where a „problem-solving“ mentality is required.

Why did I join ng-voice?

I stumbled upon ng-voice while looking for job opportunities in the IT field. Ng-voice immediately caught my attention for two reasons: it seemed a very innovative telecom company: the implementation of a cloud-native IMS was a totally new concept to me. Not only that – but also its values aligned perfectly with mine; an inclusive, multicultural startup with a hybrid work model and a happy work environment.

My experience at ng-voice so far

Right from my very first day, my colleagues received me with such enthusiasm; it really made me feel appreciated and comfortable. We had a welcome lunch to get to know each other and my onboarding buddy gave me a tour of the office. During my first onboarding week, I have been given a rounded and comprehensive picture of the history, team structure of the company and the IMS solution we offer.

After meeting all of my colleagues, I got to confirm my previous perception about ng-voice; its organizational values of ownership, trust, and teamwork, provide an ambiance of content on a daily basis. Because I’m managing every administrative process in both Hamburg and Berlin (something that I find awesome, thus I get to be around people all the time), you’ll certainly always see me around the office. To sum up, my first month has been an incredible experience and I’m looking forward to many more to come.

Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Mariela Rivero

Office Manager

Publisher Bio

Mariela Rivero is the office manager of ng-voice, she’s a psychologist with training in ACT therapy, a basis in tech recruitment, and a passion for languages and technologies.

Her empathy, organization, and adaptability make her thrive. You will always see her around in our Hamburg or Berlin’s offices.

June 17, 2022

Jitsi A stepping stone towards end-to-end encryption on mobile
It has been a while since our first release of end-to-end encryption for the web app and ever since we have tried to enhance and improve it. One of these enhancements was the introduction of The Double Ratchet Algorithm through libolm and automatic key negotiation.

Each participant has a randomly generated key which is used to encrypt the media. The key is distributed with other participants (so they can decrypt the media) via an E2EE channel which is established with Olm (using XMPP MUC private messages). You can read more about it in our whitepaper.

Even though the actual encryption/decryption API is different on web and mobile (“Insertable Streams” vs native Encryptors/Decryptors), the key exchange mechanism seemed like something that could be kept consistent between the two (even three, considering Android and iOS different) platforms. This took us to the next challenge: how can we reuse the JS web implementation of the double ratchet algorithm without any major changes, while also keeping in mind the performance implications it might have on the mobile apps.

Since our mobile apps are based on React Native the obvious solution was to wrap libolm so we could use the same code as on the web, but not all wrappers are created equal.

The “classical” approach – using Native Modules

Source: talk by Lorenzo S.

There are three major drawbacks while using this approach:
1. Performance – the communication through the bridge can be quite slow and it also requires some very specific data as parameters that would be converted to JSON (serializable, WritableArrays, etc).
2. Lots of glue code is required, both on Android and iOS. Also, every future change will have to be implemented both in Java and ObjC.
3. Since there are two different threads that run the native and the JS code, the bridge methods are asynchronous, this means that offering synchronous APIs is not possible (without using sync methods, but that is discouraged as it kills performance).
The first issue might not have had such a major impact on this specific use case, since the key exchange happens not too frequently. The fact that every change has to be implemented twice is very likely to be a problem in the future, while the last issue, the asynchronicity of the bridge methods is definitely a showstopper since it would break the consistency of the web and mobile interfaces.

JavaScript Interface – JSI

JavaScript Interface (JSI) is a new layer between the JavaScript engine and the C++ layer that provides means of communication between the JS code and the native C++ code in React Native. Since it doesn’t require serialization is a lot faster than the traditional bridge approach, in addition to allowing us to provide a performant sync API.

Source: talk by Lorenzo S.

As we’ll show in the what follows, it also solves the other two problems the classical approach poses, the implementation has to be done/modified only once (most of the time, since some glue code is still required) and, most importantly, the native methods called thought JSI can be synchronous.

Android

The first challenge was to find the proper way of initializing the C++ libraries and exposing the so-called “host functions” (these are C++ functions callable from the JS code).

For this we took advantage of the mechanism for native modules and the way they are initialized by the RN framework, thus creating OlmModule.java and OlmPackage.java. OlmPackage is just a simple ReactPackage that has as native modules OlmModule.

OlmModule.java

Within the lifecycle of this ReactContextBaseJavaModule, the actual magic happens: loading the C++ libraries and exposing the necessary behavior to the JS side.

The C++ library is loaded inside a static initializer.

Exposing the host functions to the JS is done in the initialize method of the OlmModule, through the JNI native function nativeInstall. This method is implemented in cpp-adapter.cpp, where, besides some JNI-specific code, the jsiadapter::install is called, where the host functions will actually be exposed. It is here where the Android-specific glue code ends, the jsiadapter being platform agnostic, used, as we’ll show, by the iOS as well.

iOS

We also used the iOS native bridge mechanism for initialization, but here the implementation is even easier: Olm.h and Olm.mm contain the module, where, in the setBridge method, jsiadapter::install is called, exposing the host functions.

Exposing the host functions

As stated above, both Android and iOS specific code ends up calling the platform agnostic jsiadapter::install method. It is here where the C++ methods are exposed, i.e. JS objects are set on jsiRuntime.global with methods that call directly into the C++ code.
```
 Object module = Object(jsiRuntime);
 //…add methods to module
 jsiRuntime.global().setProperty(jsiRuntime, "_olm", move(module));
```
This object will be accessible on the JS side via a global variable. For our use case only one object is enough, but it is here where as many objects as necessary can be exposed, without having to change any of the platform specific code.

Adding methods to the exposed object
```
  auto createOlmAccount = Function::createFromHostFunction(
      jsiRuntime, PropNameID::forAscii(jsiRuntime, "createOlmAccount"), 0,
      [](Runtime &runtime, const Value &thisValue, const Value *arguments,
         size_t count) -> Value {
        auto acountHostObject = AccountHostObject(&runtime);
        auto accountJsiObject = acountHostObject.asJsiObject();

        return move(accountJsiObject);
      });

  module.setProperty(jsiRuntime, "createOlmAccount", move(createOlmAccount));

  auto createOlmSession = Function::createFromHostFunction(
      jsiRuntime, PropNameID::forAscii(jsiRuntime, "createOlmSession"), 0,
      [](Runtime &runtime, const Value &thisValue, const Value *arguments,
         size_t count) -> Value {
        auto sessionHostObject = SessionHostObject(&runtime);
        auto sessionJsiObject = sessionHostObject.asJsiObject();

        return move(sessionJsiObject);
      });

  module.setProperty(jsiRuntime, "createOlmSession", move(createOlmSession));
```
Two methods are exposed: createOlmAccount and createOlmSession, both of them returning HostObjects.

HostObject

It’s a C++ object that can be registered with the JS runtime, i.e. exposed methods can be called from the JS code, but it can also be passed back and forth between the JS and C++ while still remaining a fully operational C++ object.

For our use case, the AccountHostObject and SessionHostObject are wrappers over the native olm specific objects OlmAccount and OlmSession and they contain methods that can be called for the JS code (identity_keys, generate_one_time_keys, one_time_keys etc. for AccountHostObject, create_outbound, create_inbound, encrypt, decrypt etc. for SessionHostObject).

The way this methods are exposed from C++ to JS is again through host functions, in the HostObject::get method:
```
Value SessionHostObject::get(Runtime &rt, const PropNameID &sym) {
 if (methodName == "create_outbound") {
    return Function::createFromHostFunction(
        *runtime, PropNameID::forAscii(*runtime, "create_outbound"), 0,
        [](Runtime &runtime, const Value &thisValue, const Value *arguments,
           size_t count) -> Value {
          auto sessionJsiObject = thisValue.asObject(runtime);
          auto sessionHostObject =
              sessionJsiObject.getHostObject<SessionHostObject>(runtime).get();
          auto accountJsiObject = arguments[0].asObject(runtime);
          auto accountHostObject =
              accountJsiObject.getHostObject<AccountHostObject>(runtime).get();
          auto identityKey = arguments[1].asString(runtime).utf8(runtime);
          auto oneTimeKey = arguments[2].asString(runtime).utf8(runtime);

          sessionHostObject->createOutbound(accountHostObject->getOlmAccount(),
                                            identityKey, oneTimeKey);
          return Value(true);
        });
  }
}
```
Example:
```
const olmAccount = global._olm.createOlmAccount();
const olmSession = global._olm.createOlmSession();
olmSession.create_outbound(olmAccount, “someIdentityKey”, “someOneTimeKey”);
```
As shown, global._olm.createOlmAccount() and global._olm.createOlmSession() will return a HostObject. When calling any method on it (create_outbound in the example) the HostObject::get method will be called with the proper parameters, i.e. the Runtime and the method name, so we use this method name to expose the desired behavior.

Note that the calling HostObject can be fully reconstructed on the C++ side,
```
  auto sessionJsiObject = thisValue.asObject(runtime);
  auto sessionHostObject =
    sessionJsiObject.getHostObject<SessionHostObject>(runtime).get();
```
Parameters can also be passed from JS to C++, including other HostObjects:
```
  auto accountJsiObject = arguments[0].asObject(runtime);
  auto accountHostObject =
    accountJsiObject.getHostObject<AccountHostObject>(runtime).get();
  auto identityKey = arguments[1].asString(runtime).utf8(runtime);
  auto oneTimeKey = arguments[2].asString(runtime).utf8(runtime);
```
Fully consistent interface

As mentioned from the very beginning, keeping the web and mobile interfaces consistent was the main goal, so, after implementing all the necessary JSI functionality, it was all wrapped into some nice TypeScript classes: Account and Session.

Their usages are shown in the example integration that comes with the SDK:
```
  const olmAccount = new Olm.Account();
  olmAccount.create();
  const identityKeys = olmAccount.identity_keys();

  const olmSession = new Olm.Session();
  olmSession.create();
  olmSession.create_outbound(olmAccount, idKey, otKey);
```
This is the exact same API that the olm JS package exposes. Mission accomplished!

Next steps

Implementing this RN library that exposes the libolm functionality is just a piece of the bigger mobile E2EE puzzle. It will be integrated in the Jitsi Meet app and used for the implementation of the E2EE communication channel between each participant, i.e. for exchanging the keys.

Key generation

Since the WebCrypto API is not available in RN, we have to expose a subset of the methods for key generation (importing, deriving, generating random bytes) and again we plan to do it through JSI.

Turn out the olm library contains these methods, so it is possible we’ll expose them in the react-native-olm library.

Performing the actual media encryption/decryption

WebRTC provides a simple API that allows us to obtain the same result that we do on the web with “insertable streams”: FrameEncryptorInterface and FrameDecryptorInterface, in the C++ layer.

The encryptor is to be set on an RTPSender, while the decryptor on the RTPReceiver and they will basically act just as a proxy for each frame that is sent/received, making it possible to add logic for constructing/deconstructing the SFrame out of each frame that is sent/received.

The fact that this code will run on the native side is of major importance, since the performance issues caused by the communication between the JS and native would be major in this case, since those operations would have to be done many times a second, for each frame, probably making the audio and video streams incoherent.

The only operations that will be done from the JS side is the enabling of the E2EE, as well as the key exchange steps. We will have to expose the methods for setting the keys for the AES-GCM from the JS to the native FrameEncryptors and FrameDecryptors, most likely using the JSI path.

Oh hey there vodozemac!

While we were busy working on this the good folks over at Matrix have created* vodozemac, a new libolm implementation in Rust and it highly recommends migrating to this SDK going forward. At the moment it only provides bindings for JS and Python, while the C++ is still in progress. We’ll keep a close eye here and update to vodozemac after we have all the pieces in place.

Get it!

You can start tinkering with it today, here is the GitHub repo.

Your personal meetings team.

Author: Titus Moldovan

The post A stepping stone towards end-to-end encryption on mobile appeared first on Jitsi.

June 15, 2022

WebRTC Hacks Meet vs. Duo – 2 faces of Google’s WebRTC
A very detailed look at the WebRTC implementations of Google Meet and Google Duo and how they compare using webrtc-internals and some reverse engineering.

The post Meet vs. Duo – 2 faces of Google’s WebRTC appeared first on webrtcHacks.

June 13, 2022

Jitsi Bridge cascading with geo-location is back
Back in 2018 we first released cascaded bridges based on geo-location on meet.jit.si. Then in 2020 as we struggled to scale the service to handle the increased traffic that came with the pandemic we had to disable it because of the load on the infrastructure. And now it’s finally back stronger and better!

In this post we’ll go over how and why we use cascaded bridges with geo-location, how the new system is architectured, and the experiment we ran to evaluate the new system.

Why use cascaded bridges?

We want to use geolocation for the usual reason – connect users to a nearby server to optimize the connection quality. But with multiple users in a conference the problem becomes more complex. When we have users in different geographic locations, using a single media server is not sufficient. Suppose there are some participants in the US and some in Australia. If you place the server in Australia, the US participants will have a high latency to the server and an even higher latency between each other – their media is routed from the US to AU and back to the US! Conversely if you place the server in the US the Australian participants have the same issues.

We can solve this by using multiple servers and having participants connect to a nearby server. The servers forward the media to each other. This way the “next hop” latency is lower, and so is the end-to-end latency for nearby endpoints.

Architecture

There are many new things in our backend architecture!

1. JVB pools

We used to have shards consisting of a “signaling node” and a group of JVB (jitsi-videobridge, our media server) instances. In order to make bridges in different regions available for selection, we just interconnected all bridges in all shards. And this is exactly what broke when we had to scale to 50+ shards and 2000+ JVBs.

In the new architecture JVBs are no longer associated with a specific shard. A “shard” now consists of just a signaling node (running jicofo, prosody and nginx). We have a few of these per region, depending on the amount of traffic we expect. Independently, we have pools of JVBs, one pool in each region, which automatically scale up and down to match the current requirements.

In addition we have “remote” pools. These are pools of JVBs which make themselves available to shards in remote regions (but not in their local region). For example, we have a remote pool in us-east which connects to signaling nodes in all other regions. This separation of “local” vs “remote” pools is what allows us to scale the infrastructure without the number of cross-connections growing too much

As an example, in the us-east region (Ashburn) we have 6 signaling nodes (“shards”) and a pool of JVBs available to them. This is the us-east “local” pool. We also have multiple “remote” JVB pools connected to the shards — one from each of the other regions (us-west, eu-central, eu-west, ap-south, ap-northeast, ap-southeast). Finally, we have a us-east “remote” JVB pool connected to shards in all other regions.

2. Colibri2 and secure octo

In late 2021 we completely replaced the COLIBRI protocol used for communication between jicofo and JVBs. This allowed us to address technical debt, optimize traffic in large conferences, and use the new secure-octo protocol.

In contrast to the old octo protocol, secure-octo connects individual pairs of JVBs. They run ICE/DTLS to establish a connection, and then use standard SRTP to exchange audio/video. This means that a secure VPN between JVBs is no longer required! Also, we can filter out streams which are not needed by the receiving JVB.

3. Region-group selection

In the experiments we ran in 2018 we found that introducing geo-located JVBs had a small but measurable negative effect on round-trip-time between endpoints in certain cases. Notably endpoints in Europe had, on average, a higher RTT when cascading was enabled. We suspected that this was because we use two datacenters in Europe (in Frankfurt and London) and many endpoints have a similar latency to both. In such cases, introducing the extra JVB-to-JVB connection has almost no impact on the next-hop RTT, but increases the end-to-end RTT between endpoints.

To solve this problem we introduced “region groups”, that is we grouped the Frankfurt and London regions, as well as the Ashburn (us-east) and Phoenix (us-west) regions. With region groups, we relax the selection criteria to avoid using multiple JVBs in the same region group.

As an example, when a participant in London joins a conference, we will select a JVB in London for them. Then, if a participant in Berlin (closer to Frankfurt than London) joins we will use that same JVB in London instead of selecting a new one in Frankfurt.

Experiment and results

The new meet-jit-si infrastructure allowed us to easily perform an experiment comparing the case of no bridge cascading (control), cascading with no region groups defined (noRG) and cascading with region groups (grouping us-east and us-west, as well as eu-central and eu-west). We had 3 experimental “releases” live for a period of about two weeks, with conferences randomly distributed between them and the main release. We measured two things: end-to-end round trip time between endpoints and round-trip-time between an endpoint and the JVB it’s connected to (next-hop RTT).

By and large the results show that cascading works as designed and the introduction of region groups had the desired effect.

With cascading we see significantly lower end-to-end RTT in most cases. When the two endpoint are in the same region:

When the two endpoints are in different regions we see a slight increase when region groups are used, but the overall effect of cascading is positive.

The next-hop RTT is also significantly reduced with cascading. Overall we see a 29% decrease (from 223 to 158 milliseconds) when the endpoint and server are (were) on different continents.

You can see the full results here.

The post Bridge cascading with geo-location is back appeared first on Jitsi.
ng-voice ng-voice at the MVNOs World Congress

ng-voice is proud to have exhibited at this year’s MVNO World Congress in Berlin, Germany on the 8th and 9th of June. The MVNOs World Congress is a great opportunity for the MVNO community to find out about the new trends in the market, meet the key players in the business, and transform virtual operator capabilities in the digital era through expert insights.

Almost 2 years after the 2020 virtual edition, we at ng-voice were excited to return to this global event this time with a face-to-face format, and be able to meet everyone once again

Informa provided an amazing environment for our industry to reconnect. The event took place in Berlin, which is itself an amazing location. In recent years, the city has become the fastest-growing start-up hub in Germany and is particularly attractive to new businesses in the creative and tech industries seeking to open new markets. And since Berlin is also one of ng-voice’s locations, we were feeling even more at home.

ng-voice brought to the MVNOs World Congress our fully containerized and cloud-native IMS core – the first and most containerized IMS core in the market. We exhibited at the MVNOs World Congress at booth 24. As part of our team of delegates, we had our CTO and Founder Carsten Bock, our VP of sales Qawa Darabi and Barbara Silva our Head of Marketing.

The event also had a very interesting conference agenda with keynote speakers from the most relevant players tapping into a variety of topics like the trends, challenges, and opportunities for MVNOs.

According to Barbara Silva, our Head of Marketing, “this is a very important event for the MVNO segment. It is a unique opportunity to meet with potential customers and partners, reunite with established players and meet newcomers from around the globe. It is very exciting for us to have our brand present and showcase the benefits of a fully cloud-native VoLTE/ VoNR solution to this audience”.

To know more about the MVNOs World Congress in Berlin 2022, visit the webpage. And get in touch with our team at sales@ng-voice.com to know more about our fully containerized and cloud-native solutions.

Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Roi Gomez

WS-Marketing

Publisher Bio

After finishing his Masters Degree in Marketing and Political Comunication, Roi joined ng-voice to assist the marketing team by further generating brand awareness through marketing initiatives.

June 07, 2022

Digium Is telephone Hot Desking really needed anymore?
Before we get to that question, and why I even asked it in the first place, we need to define what hot desking is. Hot desking is going to the office and sitting where you want. Maybe your company doesnâ€™t have assigned offices or cubes, and you go in. And remember, people, if we’re going to live in this hybrid work from home / go into the office 2 or 3 times a week, companies will start doing this. Count on it. And if you don’t like it, go in every day to claim your space. The company can take a smaller footprint at the physical location since everyone isn’t there every day. So you sit wherever. But you need your office phone number, so when you get calls on the phone at the physical location you sit at, they are phone calls for you.

In terms of communications, which I write about, this means taking your phone number to wherever you go sit. And if there is a physical phone at the place you sit, that means you need to log in somehow and tell the phone system that you are at that place and that the physical phone at that place should be using my company phone extension.

Putting this feature into a Unified Communication system is not the simplest thing. We have multiple Unified Communication systems, and some support hot desking, and some do not. If an RFP comes in with hot desking requirements, we can respond positively with one of our systems.

But is hot desking of a physical phone an obsolete concept with Unified Communications? Does it even need to be in RFPs anymore? Because with UC, you can make and take phone calls with your work extension from your computer, or your smartphone, via a UC client. I can do that no matter where I sit in the office, from any hotel room, from my patio at my house, or from the Giants game (which I have done). So there is built-in hot desking with modern Unified Communications systems. But if you still need it for physical phones, we can do that too.

The post Is telephone Hot Desking really needed anymore? appeared first on Sangoma.

June 01, 2022

WebRTC Hacks Fix Bad Lighting with JavaScript Webcam Exposure Controls (Sebastian Schmid)
Step-by-step guide on how to fix bad webcam lighting in your WebRTC app with standard JavaScript API's for camera exposure or natively with uvc drivers.

The post Fix Bad Lighting with JavaScript Webcam Exposure Controls (Sebastian Schmid) appeared first on webrtcHacks.

May 31, 2022

Enable Security OpenSIPS security audit report is out, Zoom and Wire RCEs and DTLS
It is the end of May and we have, at the last minute, put together this month’s newsletter! Originally, we had doubts that we had much content for this month. Clearly we were underestimating the amount of last minute news in the RTC security world. In this edition, we cover: OpenSIPS security audit report publication Pentesting in Q4? and more Enable Security news Zoom vulnerability chain lead to an RCE XSS in Wire client leads to RCE Pion DTLS vulnerabilities fixed and some details Vulnerabilities in BIG-IP, Grandstream and Mitel Tweets of the month RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

May 24, 2022

Digium The Benefits of a Managed SD-WAN Service
Before we talk about the benefits of a managed SD-WAN service, letâ€™s talk about what SD-WAN is. In my last blog, we discussed a Managed Internet Service, whereby a company like Sangoma could manage the internet connections to all of the buildings in an enterprise. And these internet connections could take various forms such as cable, DSL, fiber, wireless, etc.

SD-WAN leverages these different transport mechanisms so that enterprises can connect securely to the cloud applications that the enterprise is running. Sure, a VPN could do that but a VPN manages the connection, and would not transfer the IP address to another of the transport mechanisms in case of a failure. As such, SD-WAN benefits over VPN, or MPLS, or some other dedicated connections mechanism is utilization of different types of transport mechanisms, centralized management for the enterprise, higher bandwidth given aggregations of links, and typically reduction in cost of your networks.

Enterprises may choose to run their own SD-WAN services, or may choose to go to a managed services provider to offer managed SD-WAN to the enterprise. Why would an enterprise do that? What are the advantages to such an arrangement?

Well, first, there is an expert team of people to fully manage your SD-WAN, or co-manage it with your team. And Sangoma, through our acquisition of NetFortris, provides Managed SD-WAN Services to companies of all sizes. We are not just a reseller of an SD-WAN solution as we have our own international SD-WAN backbone with 40+ PoPs and growing. And our cloud UC platform is also on that network, for a seamless experience. We also host and manage all headend and cloud orchestration components for your deployment.

The post The Benefits of a Managed SD-WAN Service appeared first on Sangoma.

May 19, 2022

ng-voice The arrival of VoNR and what it means for service providers
With the widespread roll-out of 5G well underway, there is a need for service providers to rethink voice services to capitalize on opportunities created by the new technology. If service providers are to truly deliver on their 5G standalone promise, Voice over New Radio (VoNR) must be a part of their 5G strategy.
In this blog, we’ll explore what the arrival of VoNR means for service providers and why cloud-nativity is key to delivering on the 5G voice promise.

Why the need for VoNR?
VoNR (also referred to as Voice over 5G or Vo5G), is the capability in 5G mobile networks that facilitates voice calls. Until recently, mobile operators have been deploying 5G non-standalone (NSA) networks–5G networks reliant on a 4G core. While this evolution in the next generation of mobile technology has been a great step towards “real” 5G, customers on 5G today are still experiencing VoLTE calls–and indeed 2G and 3G calls in some instances. As customers continue to expect more from their 5G experience, it’s critical that mobile operators match expectations with reality.
VoNR services work by using an IP Multimedia Subsystem (IMS), using a 5G radio and core network architecture to provide voice services for cloud-native 5G standalone networks.

The impact of VoNR for telcos
The 5G network opens up new opportunities for voice services and the way in which they are delivered.
VoNR presents telcos with the ability to leverage the low latency benefits of 5G technology to deliver seamless voice services for mobile users.
The key benefits of VoNR include:
The removal of disruption during calls, as voice calls using the 5G network are not required to detour via the 4G/LTE network.
The ability to maintain a high-speed data connection even whilst on calls. This makes it possible to download files in the background at a stable high speed, for example. Battery saving for smartphones, as additional energy isn’t required to switch to 4G network technology.
The higher quality of service VoNR can offer will support revenue growth for telcos, by creating an overall higher quality of experience and encouraging uptake over other voice services. For example, users may opt to use VoNR, rather than VoIP services, such as WhatsApp or Facebook Messenger. In addition, a better experience will contribute to lower churn rates for operators.
Fundamentally, VoNR will allow telcos to offer an overall higher quality of service, through more stable call connections, lower latency and reduced battery usage for mobile devices.

Cloud-native and VoNR
To unlock the true benefits of VoNR, being cloud-native is key. It can deliver additional benefits to the already enhanced service, including flexibility and fast deployment, with lower costs.
Service providers need to be able to deliver voice services in a way that meets subscriber demands and needs, while reducing costs and improving their margins. A truly cloud-native approach to VoNR will help them to do exactly that.
At ng-voice, we offer a VoNR solution that is truly cloud-native and fully containerized. Our cloud-native IMS core is the first 100% containerized and Kubernetes-based fully-fledged IMS solution on the market. With the smallest container sizes, a high level of automation, and minimal use of resources, our IMS core is scalable, flexible, cost-efficient, and easy to deploy and manage.
To find out more about why our cloud-native VoNR solution is right for you, contact our team at: sales@ng-voice.com or learn more here.
Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Varun Jain

Customer Solution Architect

Publisher Bio

Varun Jain is a Customer Solutions Architect for the Sales Team, he has over 16 years of experience in telecom industry, working for companies like Ericsson India Global services PVT LTD and NOKIA.

May 12, 2022

Digium RAY BAUM’s Act & 911 Dynamic Location Routing
On January 6th 2021, the deadline for RAY BAUMs act compliance for fixed Interconnected VoIP, Multi-line Telephone systems, and Telephone Relay Services had hit. Requiring “dispatchable location” to be shared when making a 911 call from fixed services, or services with a physical address associated with it (e.g. wired phones).

Now, a year later, on January 6th 2022, we reached the deadline for RAY BAUM’s for non-fixed services. Non-fixed just refers to service that is not tied to a physical location (also known as “nomadic” or “mobile” devices) that can be readily moved by the user to multiple locations and/or be used while in motion. This would include things like softphones on laptops/mobile phones.

What is a “dispatchable location”?

The goal of the act is to provide specific location information for the emergency services personnel to allow them to quickly locate the caller. There are ultimately 2 components to a dispatchable location:
1. Civic Address or coordinate-based location information that can be used to determine the civic address
2. In-building location such as Suite, Apartment, Room #, or Floor
Practically, the information sent should be the most specific information that you can give as to the caller’s whereabouts. In a building with marked rooms, that would mean a room number, but if a large building has unmarked rooms, the floor should be sent at the very least.

How can I be compliant?

While the deadline for fixed devices has already past a year ago, we’ll discuss those as well. There are a few different options in terms of compliance for fixed devices. Since fixed devices won’t change their location, it’s much easier to handle compliance on them (hence, the faster deadline for them).

Using traditional E-911 service, a fixed device can have a specific ANI assigned to it that has that phone’s specific location registered to it. For example, one device would have 412-555-1111 registered as 123 Sesame Street Suite 101 and another device would use 412-555-2222 registered to 123 Sesame Street Suite 202. This is the simplest way of handling compliance under the limitations of traditional E-911 service.

However, traditional E-911 service will not work for non-fixed devices since it’s not typically possible to update registered addresses in real time. For non-fixed devices, you will need to utilize a Dynamic Location Service. Fixed devices can certainly benefit from a Dynamic Location service as well, as it would allow you to manage a single 911 phone number instead of assigning a different number to each possible fixed line.

What is Dynamic Location Routing?

Dynamic Location Routing utilizes technology like PIDF-LO (Presence Information Data Format – Location Object) to allow for location data to be created and sent at the time a call is made. This means instead of assigning a location to a phone number before the call is made, the device or PBX can send its location at the time of the call either based off input from the user/administrator or using GPS location information.

For non-fixed devices, this could be used to send the devices GPS coordinates at the time the call is made, or it allows the user to keep updated address information as they move the device around (e.g. between work and home). This could even theoretically be used to update the devices’ location within a building.

Dynamic Location Routing isn’t just useful for non-fixed devices; a PBX can use dynamic location routing to fill in the in-building location of the specific device making the call. In a multi-line telephone system utilizing traditional E-911 service, you need to manage different numbers for each different location (room/suite/floor/etc.) that you have. However, with dynamic location routing, a PBX could instead use the same number for any device making a 911 call and simply append the sublocation data based off the extension making the call.

Looking back to our previous example, instead of needing 412-555-1111, 412-555-2222, and 412-555-3333 for suites 101, 202, and 303 respectively, the administrator can simply use 412-555-1111 and have the PBX use PIDF-LO to send the Suite # based off the phone that is making the call.

Currently, there are not many PBXs that inherently support PIDF-LO, but the teams at Sangoma are working on implementing the feature in most Sangoma PBXs. This is likely to become a staple feature of VoIP devices moving forward and will allow for better management and compliance for your multi-line telephone systems.

Have more questions?

VI Communication Services currently offers dynamic location routing with our E-911 service. If you currently have our E-911 service, documentation for the feature can be found in our knowledge base. If you don’t use our E-911 service or have additional questions about it, please contact us.

The post RAY BAUM’s Act & 911 Dynamic Location Routing appeared first on Sangoma.

May 10, 2022

Digium The Benefits of a Managed Internet Service
We all need the Internet. Many of us can’t do our jobs without that access. And for long-time readers of this blog who have read many things from me about UC and UCaaS, those systems can not operate without access to the Internet.

And for larger companies, with either a few or even a slew of different offices, there is a hodge-podge of Internet access. Someone at the site figures out how to buy it, and they buy it. It may not be the best price, but maybe it was easy to do. And the bills are paid somehow. And the access works, or it doesn’t. And whoever bought it has to deal with the ‘issues’ of slow Internet or the Internet being down. And at this point, it’s impacting business. And that is not good. So, what to do?

Many companies now turn to Managed Internet Providers to obtain the Internet that best suits each location and proactively manage the uptime to ensure your business has connectivity.

What types of access are out there? Fiber, Cable, T1, 4G, and Ethernet over copper are some of them. And each of them may make the most sense for different physical locations. Maybe you don’t need fiber at each location. You don’t need one size fits all for your entire company, and you need what’s suitable for your company.

If this sounds interesting, let’s go through some of the benefits of using a Managed Internet Provider. As indicated above, the provider obtains the best type of access for each site, gets the best price, and does QoS configuration. So the provider would set up your network for your whole company.

The provider would also perform up/down circuit monitoring and alerting and be there for support so that the provider would manage and maintain it. The provider could also provide network backup, so you wouldn’t have to worry about that either.

And the company would get one single unified bill from the Managed Internet Provider, so you wouldn’t have to sort through all kinds of invoices that you don’t understand.

Through our acquisition of NetFortris, Sangoma provides Managed Internet Services to companies of all sizes. In short, we build a customized solution to provide the best connectivity, security, and reliability options for your organization.

The post The Benefits of a Managed Internet Service appeared first on Sangoma.
Jitsi Introducing Car Mode!
Virtual / hybrid meetings are part of our everyday life now. Some meet in their home office, kitchen, slouching in the couch, while taking a walk, or even while driving! We won’t encourage you to have meetings while driving since any distraction can be fatal, but we know many are doing it and decided to implement a distraction free mode for those who choose to have a meeting while in the car.

On the latest Jitsi Meet beta version (22.2.0) you will notice a new button in the drawer: Car Mode. This will open the car mode screen, a brand new in-meeting experience which has the basic meeting controls like ending the meeting, selecting sound device and microphone muting, but with enhanced sizes so you can easily use them without much distraction.

Car mode also saves you bandwidth as it disables all incoming/outgoing video streams, for a distraction free meeting experience. Another useful feature in car mode is push-to-talk: simply long-press the un-mute button to keep the microphone active and release it to automatically mute again. Push to talk is especially useful for passengers in the car, or when joining a conference while having a stroll. That’s right, you don’t need to be in a car to use this feature!

CarPlay

Those of you with Apple CarPlay enabled vehicles may have noticed the car did not show up in the sound devices selection and this created some confusion. This has been fixed and you’ll now see an entry in the audio device selection drawer:

More to come

This first iteration of the feature only opens the car mode when selected from the toolbar button. We are planning to add automatic detection for the user being in a car and automatically offering to switch to this mode in that case.

Android users: worry not, better Android Auto integration will come!

Your personal meetings team.

Author: Horatiu Muresan

The post Introducing Car Mode! appeared first on Jitsi.

May 04, 2022

ng-voice ng-voice is shortlisted for the Cloud Innovative Award at the Carrier Community Global Awards 2022

ng-voice is proud to announce that has been shortlisted for The Cloud Innovative category within the 6th annual CC-Global Awards (CCGA), a prestigious event that brings together both regional and global operators to celebrate innovative achievements and the best players in the industry.

Our fully containerized and cloud-native IMS core has been shortlisted for The Cloud Innovative category, which recognizes the best cloud technologies implemented and utilized to deliver agile, automated, and scalable solutions and services.

For ng-voice, being shortlisted with such valuable players in the telco industry means that we are on the right track to building the future of mobile networks. ng-voice’s Global Sales VP, Qawa Darabi, mentions that “it is a pleasure being recognized in the CC-Global Awards, as we have been working hard to deliver the most innovative, fully containerized and cloud-native IMS in the market to our customers and partners.”

The award ceremony will happen on 23rd June in Berlin within the Europe 2022 CCGM, CC-Mobile Messaging Summit 2022, and CC-Enterprise Summit 2022.

Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Kathrin Hißner

Content/Digital Marketing Specialist

Publisher Bio

With her marketing and design background, as well as her experience in brand and communications management, Kathrin brings her unique skills to ng-voice. As a digital marketer, Kathrin supports our growth strategy by increasing the visibility of our brand to potential customers.

She enjoys working on information visualization and infographic design.
Enable Security We're hiring a pentester / security researcher
Do you know anyone who would like to join the team at Enable Security as a pentester / security researcher? We have a remote open position for the right person. We are mainly looking for someone full-time but persons interested in joining us part-time should also apply. More details can be found at the actual hiring page.
Enable Security We're hiring a pentester / security researcher
Do you know anyone who would like to join the team at Enable Security as a pentester / security researcher? We have a remote open position for the right person. We are mainly looking for someone full-time but persons interested in joining us part-time should also apply. More details can be found at the actual hiring page.

May 03, 2022

Digium What is MSP and UCaaS all about?
As many of you know by now, Sangoma has purchased NetFortris, and now we have added some new “Managed Services” offerings. What are managed services? It’s no surprise that IT is getting more and more complex. As an IT manager, you have cybersecurity concerns; there are many ways to get connectivity. Your company wants to run all kinds of cloud applications, and now it’s even hard to get the required hardware you need.

As an SMB or even medium-sized business, it’s hard to keep up. Add onto that you may have outdated/old systems that you constantly have to keep adding “patches” on. And add onto that the ability (or inability) to get enough IT staff. It’s just too much, and as an IT manager, you cannot support the business. As such, another model was born. This model is outsourced IT, offering managed services in an MRR or ARR pricing model.

And there are all kinds of managed services being offered. You might already have UCaaS, which is a managed service. And you get the benefits of not having to worry about upgrades and the service provider taking care of everything for you. So why not add more? As I said, there are all kinds – from device management and tracking to IoT analysis, security, storage, and disaster recovery.

And so we get back to the NetFortris acquisition. With this, Sangoma adds the following managed services, in addition to the ones we already have:

Managed Internet includes mixing and matching connectivity types by location and provides network monitoring, analytics, up/down circuit monitoring, and wireless backup.

Managed SD-WAN includes:
- Being able to handle multiple internet connections from multiple providers so that if one connection fails, the customer does not lose connectivity, resulting in uninterrupted uptime
- The ‘aggregation’ of bandwidth from those two different internet providers makes the customer kind of ‘see’ those as one pipe
- Traffic shaping whereby certain types of traffic can be given priority or forced down in priority
Managed Security, or unified threat management, for all traffic into the business network. This service helps protect customers against attacks and losses from spam, viruses, ransomware, botnets, etc.

In the following few blogs, I will go into more detail on each new managed service.

The post What is MSP and UCaaS all about? appeared first on Sangoma.
Jitsi Jitsi as a Service: a two-way street, by Tsahi Levent-Levi
Tsahi Levent-Levi, also known as BlogGeek.me, has established himself as, arguably the most prominent WebRTC analyst. He has been commenting on the industry for the past decade, while also training WebRTC professionals, co-running the testRTC business and that’s without even getting into his prior real-time comms experience with Amdocs and Radvision. We asked Tsahi if he could share his thoughts on RTC CPaaS and specifically how Jitsi as a Service fits into the space. The following is what he wrote. Enjoy!

In the past two years I’ve seen many service providers and enterprises run their own video meetings based on Jitsi. It is one of the easiest ways to get video meetings implemented today – with all the bells and whistles.

After 8×8’s acquisition of Jitsi, the Jitsi team has been hard at work on 4 different tracks:
1. Continuing to develop Jitsi as an open source community project
2. Integrating Jitsi into the 8×8 meetings app
3. Growing and improving their meet.jit.si Jitsi Meet service
4. Introducing JaaS – Jitsi as a Service – a managed CPaaS offering of Jitsi
The introduction of JaaS is a very interesting angle to Jitsi, especially when coupled in with the open source project itself.

Today’s Video API solutions

Look at today’s video API solutions – the CPaaS vendors who happen to offer video APIs so you can develop your own communication applications. What you’ll find is great platforms for developing your services, with the small caveat of being vendor-locked. The APIs of these vendors are specific to them. Any decision to switch from one vendor to another would necessitate a rewrite of the code communication aspects of the application. And they offer no open source alternative of their own – one where you can just install, host and maintain your environment on your infrastructure of their technology.

That’s not something bad or new. It is how money is made in many of the cloud API vendors across all sectors of the software industry.

Lowcode/nocode and video APIs

In recent years, we have seen a shift and focus in lowcode solutions with video APIs.

Video APIs were mostly about publish and subscribe. You could publish your microphone, webcam and/or screen, and subscribe to other publisher’s content. While this approach is quite flexible, it is also daunting and prone to performance issues. As they say, with great power comes great responsibility, only that the responsibility here was shifted towards the developers using the APIs.

Now, it is understood that this approach can’t scale and a different approach is needed. One such approach is to reduce the complexity by offering a higher level abstraction that handle the complexities on their own. These can come in the form of a reference application, new API set or a UI widget that can be embedded into applications.

Jitsi was similar in a way. It always offered a video bridge (the open source media server), but also the Jitsi Meet experience – a complete implementation of video meetings provided in open source and as a hosted end-user service.

JaaS – the WordPress of video

Enter JaaS – Jitsi as a Service

Jitsi officially announced JaaS in January 2021. It added another layer to the Jitsi story – one of CPaaS and Video APIs.

With the Jitsi ecosystem, you now had 3 different ways to make use of Jitsi:
1. Take the Jitsi open source project and build your own application
2. Use Jitsi Meet’s set of open source projects, install and host it on your own, making whatever changes you see fit to it
3. Brand and modify the Jitsi Meet experience while having the Jitsi team host and manage the video infrastructure for you
This reminds me of the way WordPress works – you could take the WordPress framework, install, host and maintain it on your own – or you can use Automattic’s or other vendors managed hosting service for WordPress, removing a lot of that headaches and focusing on what’s important to you – the actual site content.

With Jitsi, you can decide to run and host everything on your own or use JaaS, having the Jitsi team manage and host it for you, removing a lot of the infrastructure headaches.

What I love most about this is the dogfooding part. This isn’t only about taking an open source project and making Video APIs out of it. Jitsi Meet is a managed service that has seen its own growing pains as it needed to scale in recent years. A lot of the work done in the Jitsi codebase and the DevOps scripting around it comes directly from end users who communicate and complain directly to the Jitsi team.

Jitsi a la carte

As if this weren’t enough, in November 2021, Jitsi announced a kind of an a la carte hosting offering. As that announcement states:

We are currently working on a service that would let Jitsi users easily connect their self-hosted Jitsi deployments to 8×8’s PSTN, LiveStreaming, Recording and transcriptions clouds.

This means that developers can now run their own Jitsi deployment, but then connect it to managed “features” of JaaS on a case by case basis. Want to have PSTN? Push a meeting to a live stream on YouTube? Record a session? Transcribe it? All of these things add complexity to a deployment and can now be abstracted out and “outsourced” to JaaS while maintaining your own hosted Jitsi cluster.

In a way, Jitsi unbundled their JaaS offering, making it simpler to adopt.

Towards a two-way street

From Jitsi, to JaaS through the new a la carte offering, a flexible solution has emerged for developers needing video meeting solutions. One that can be consumed in many different ways.

This reduces the vendor lock-in challenge that many video API vendors have, simply because you are never bound to the JaaS offering in any way other than them offering the best possible service. Not happy? Take your code and host it on your own. No rewriting or vendor migration necessary.

I think this gives developers a very compelling solution that is a kind of a two-way street:

1. From self hosted to managed

Developers can start by self hosting their own Jitsi Meet service.

This keeps control in the early days as they get acquainted with the platform and its nuances. At some point as they grow, it makes sense to think about a more global and scalable deployment. And one easy way to get there is to simply switch from the self hosted path towards the managed one by using JaaS.

2. From managed to self hosted

Developers can also start from the managed JaaS solution.

The beauty of it here is that if they are unhappy, or decide they want to do things differently, they can simply install their own Jitsi servers and start maintaining their own infrastructure – without changing the actual application code as they do that.

With Jitsi and JaaS you can move from a self hosted to a managed service or vice versa.

Check out the Jitsi offering

Here’s the thing. If you’re looking for a video meeting service to make your own, and only care about a bit of customization to the video experience itself, then Jitsi is a great solution.

It enables you to go the route of a self hosted open source solution or to go with a fully managed video infrastructure and video APIs approach. All that wrapped with one of the most popular WebRTC media servers on the market.

By Tsahi Levent-Levi

May 5, 2022

Interested in Jitsi as a Service? Try it out!

The post Jitsi as a Service: a two-way street, by Tsahi Levent-Levi appeared first on Jitsi.

May 02, 2022

ng-voice My first month at ng-voice: Axel shares his journey joining the Deployment Team at ng-voice

I am Axel and I am a telecommunications engineer originally from Mexico. I started my journey at ng-voice as a Deployment Engineer in the Hamburg office and I want to share my experience of the past months in Hamburg.

Who am I?

I studied Electronics and Communications Engineering in Mexico City, where I spent most of my life. I started working at Huawei as a Support/Delivery Engineer, and later on had the opportunity to join Nokia México, where I had the chance to work closely with customers on their premises in Latin America and the Caribbean. Then, I moved to Metaswitch México as a Professional Services Engineer, working primarily on the STIR/SHAKEN regulation in the US and Canada. These experiences made me realize that I wanted to look for an opportunity abroad.

Why did I join ng-voice?

I wanted to have a professional career in Germany, so when I came across ng-voice on LinkedIn it appeared to me like an amazing opportunity, especially because I already knew Hamburg, which is an amazing city, and longed to live here. I knew that ng-voice cloud-native IMS was really innovative and top in the industry and I wanted to be a part of it, delivering the best-in-class VoLTE / VonR solution to customers.

My experience at ng-voice so far

I arrived with my family (my wife and 3-year-old kid) in Hamburg on February the 25th and started at ng-voice on the 1st of march. On my first day in the Hamburg Office, I met my teammates and had a welcome lunch to introduce myself and get to know each other a little, they all were very kind and made me feel comfortable. After two years of lockdown measures and adapting to working from home in Mexico, this was a big but pleasant change. Besides, the hybrid work model that ng-voice offers makes it easy to choose whether to stay at home or to go to the office, depending on my schedule.

Moving from Mexico to Germany implied a bunch of paperwork which I was afraid to do, but the ng-voice team made it really easy for us. I got assistance for getting my Blue Card, housing, as well as for the local registration and kindergarten for my kid, allowing my first weeks to go smoother.

In these first couple of months, I started learning and working on projects along with my talented colleagues, who have plenty of experience and knowledge. I am already looking forward to what we will achieve by putting all of our different backgrounds together.

Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Axel Arroyo

Deployment Engineer

Publisher Bio

Axel is a member of our deployment team. He had the opportunity to work for major companies in the telco industry, such as Huawei, Nokia, and Metaswitch in Mexico. Axel brings his skills and expertise to understand our customers’ needs to guarantee a smooth delivery of solutions.

April 29, 2022

Olle E. Johansson 35 years of Open Networking
Edvina was founded in 1987 and we’ve come a long way since. Today we’re a consulting company working in many areas, with realtime communication and network security as a common theme. Here’s a few examples of projects we’ve been working with during the last five years: Building a realtime platform for live radio broadcast Training […]

April 27, 2022

Enable Security We're hiring, new SIPVicious PRO tools, advisories and blog post galore
Welcome to the April edition of the RTCSec Newsletter. We have a lot this month, and this must be the most packed newsletter so far. In this edition, we cover: We’re hiring! Our blog post explaining how OpenSSL’s CVE-2022-0778 is a problem in WebRTC environments Latest SIPVicious PRO news Various blog and news posts: 3CX pre-auth RCE explanation Open SIP relay abuse ITW How LAPSUS$ probably abused VoIP OpenSIPS’ new TCP module versus DoS attacks Cisco Expressway and Telepresence VCS vulnerabilities A new tool to exploit STUN and TURN servers called stunner, from Firefart Advisories and vulnerabilities fixed (or not) in: FreePBX pjsip Asterisk PBX JunOS WebRTC Cisco Expressway and Telepresence VCS We bring back the Tweet of the month!

April 26, 2022

Digium How is UCaaS Priced?
Every once in a while I’ll get asked by an end-user customer about how “UCaaS is priced”. I get this question since the end-user sees all kinds of pricing, from under $20/seat to quite a bit over that. It’s really important to understand pricing and what you get with that price, before you pick a vendor.

So, let’s start with that – $20/seat. That means $20 per user per month. And a lot of this kind of pricing comes with 3-year contracts, and over 100 seats. So, when you see pricing under $20 per user per month, you need to understand for how many seats and for the length of time of the contract. And you also need to consider what I’m writing about below. What actually is included in the monthly per user charge?

The second thing to ask is about the desk phones. Are the phones included in the per user pricing or not? They might be part of the per user per month charge, or you might be able to buy the phones outright at a one-time charge, or you might also be able to pay for them per month. And maybe you also want the mobile and/or desktop client. Is that also part of the monthly per user charge as well. Or is that an add-on charge to use the mobile and / or desktop client?

Speaking of voice, are you having to pay for the phone numbers (DIDs)? You need to ask about this as well. Or if you have them already, is there is cost to “port” them to your new UCaaS system?

So, let’s talk about the client. Is it just voice? What about the video part? If video is involved, the UCaaS vendor may be using a 3rd party like Zoom – that likely means yet more additional fees. (Note: Sangoma has its own video meeting service, called Sangoma Meet).

And the client also probably has a collaboration part. The client referenced above may or may not also include collaboration features (ability to instant message and share files and have workstream channels).

I also frequently get asked about maintenance costs. When you buy equipment outright, such as buying a PBX or UC system for your premise, typically you will also have a yearly maintenance charge so you can get software updates, etc. In a cloud system, there should not be a separate maintenance charge. It should be included in the monthly price per user.

There might also be an option for alternative networking. For instance, if your internet connection goes down, do you want the system to be able to switch into a wireless backup? With 4G and 5G, this is possible as well. How much does this cost?

Sangoma offers UCaaS offerings with easy to understand pricing, and a range of feature options as well.

The post How is UCaaS Priced? appeared first on Sangoma.

April 15, 2022

Kamailio Development For v5.6.0 Is Frozen
Here is the formal announcement that the development for the next major version 5.6.0 is now frozen. The focus has to be on testing the master branch.

Also, the master branch should not get commits with new features till the branch 5.6 is created, expected to happen in 2-4 weeks, a matter of how testing goes on. Meanwhile, the commits with new features in the C code can be pushed to personal branches, new pull requests can still be done, but they will be merged after branching 5.6.

Can still be done commits with documentation improvements, enhancements to related tools (e.g., kamctl, kamcmd), merging exiting pull requests at this moment, exporting missing KEMI functions and completing the functionality of the new modules added for 5.6.

Once the branch 5.6 is created, new features can be pushed again to master branch as usual. From that moment, the v5.6.0 should be out very soon, time used for further testing but also preparing the release of packages.

If someone is not sure if a commit brings a new feature, just make a pull request and it can be discussed there on github portal or via sr-dev mailing list.

A summary of what is new in upcoming 5.6 is going to be built at:
- https://www.kamailio.org/wiki/features/new-in-5.6.x
Upgrade guidelines will be collected at:
- https://www.kamailio.org/wiki/install/upgrade/5.5.x-to-5.6.0
Everyone is more than welcome to contribute to the above wiki pages, especially to the upgrade guidelines, to help everyone else during the migration process from v5.5.x to 5.6.x.

Thanks for flying Kamailio!
The post Development For v5.6.0 Is Frozen first appeared on The Kamailio SIP Server Project.

April 13, 2022

TADHack Conner Luzier – seeking full-time or project work in programmable comms / WebRTC
Conner Luzier is a TADHack regular. Check out his hacks from TADHack-mini Orlando in 2018, 2019, and 2020. He’s also presented at Enterprise Connect several times, how many soon to be graduates have such industry exposure!

He’s looking for work, ideally full-time, but is happy for project work to build his references in the industry. Conner has shown his abilities and get-up and go time and again at TADHack. So please get in contact with Conner, thank you.

https://github.com/cluzier

https://cluzier.github.io

From TADHack-mini Orlando 2020. TeleQuest (Garrett Curtis, Conner Luzier, Jenn Gibson, Eric Good) â€“ won Apidaze and Intelepeer prizes. TeleQuest is a phone-based adventure game, perfect to keep your social distance while connecting with others.

From TADHack-mini Orlando 2019. SaveMe by Giancarlos Toro, Conner Luzier, Thiago Pereira, Vikki Horn won prizes from Flowroute, Telesign, and VoIP Innovations. It is a secure video reporting app using WebRTC and SMS.

From TADHack-mini Orlando 2018. Polls IO by Conner, Paul, Giancarlos used VoIP Innovations to create a service that allows local government to be be more involved with their constituents and allows their constituents to be more involved with the local government by allow easy opinion polling on new projects, bills, etc. This will also allow the local governments to be able to easily send out updates on new legislature and its progress. This polling service can be generalized to be used for businesses and events. They won the VoIP Innovations prize and t-shirts from Code for Orlando. See their pitch video here, and their slides here, and a video of their demo at Enterprise Connect here.

Conner Luzier's Resume from Alan Quayle

Here’s Conner at Enterprise Connect in 2019, third from the right.

The post Conner Luzier – seeking full-time or project work in programmable comms / WebRTC appeared first on Blog @ TADHack - Telecom Application Developer Hackathon.

April 12, 2022

WebRTC Hacks The WebRTC Bitcode Soap Opera (Saúl Ibarra Corretgé)
Saúl Ibarra Corretgé of Jitsi walks through his epic struggle getting Apple iOS bitcode building with WebRTC for his Apple Watch app.

The post The WebRTC Bitcode Soap Opera (Saúl Ibarra Corretgé) appeared first on webrtcHacks.

April 08, 2022

Enable Security Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms
Executive summary (TL;DR) Exploiting CVE-2022-0778 in a WebRTC context requires that you get a few things right first. But once that is sorted, DoS (in RTC) is the new RCE! How I got social engineered into looking at CVE-2022-0778 A few days ago, Philipp Hancke, self-proclaimed purveyor of the dark side of WebRTC, messaged me privately with a very simple question: “are you offering a DTLS scanner by chance?” He explained how in the context of WebRTC it would be a bit difficult since you need to get signaling right, ICE (that dance with STUN and other funny things) and finally, you get to do your DTLS scans.
TADHack TADHack Global 2022 Launch, Save the Date, 15-16 Oct
TADHack is the largest global hackathon focused on programmable communications since 2014. This year we are partnering with Network X (Broadband World Forum, 5G World, and Telco Cloud) as the pre-event hackathon. This is similar to what we do before Enterprise Connect with TADHack-mini Orlando in March.

Thank you to STROLID, Symbl.ai, Telnyx, Jambonz, and Subspace for making TADHack possible.

At TADHack Global 2021 Symbl.ai achieved an amazing result, 21 hacks, and Telnyx was even more impressive with 30 hacks; all created over one weekend by developers from around the world.

The locations we anticipate running are: Chicago, Tampa, Colombia, South Africa, Berlin, UK, Sri Lanka, Amsterdam, France, and remote (anywhere in the world). We are adding new locations, e.g. TADHack France (run by Le Voice Lab), and Amsterdam as we are the pre-event hackathon to Network X (Broadband World Forum, 5G World, and Telco Cloud).

We had great success with TADHack Teens in Sri Lanka in 2021 thanks to hSenid Mobile and Ideamart, and plan to expand this initiative to South Africa and the US. Weâ€™re training the next generation of programmable communications engineers and entrepreneurs, as well as excellent summer interns!

We have two additional initiatives for 2022:
- Accessibility prize with judges Chris Lewis of Lewis Insight and Manisha Amin, CEO of The Centre for Inclusive Design. Weâ€™ll be providing resources to help the accessibility hacks.
- TADHack Founders Academy to help hacks build product/market fit, seed financing, and preparing for series A using the experience of everyone involved in TADHack. More coming on that soon.
The TADHack website is still in development, and definitely needs some accessibility improvements Save the date 15-16 Oct 2022, for the largest and longest running global hackathon focused on programmable communications. Thank you.

The post TADHack Global 2022 Launch, Save the Date, 15-16 Oct appeared first on Blog @ TADHack - Telecom Application Developer Hackathon.

April 06, 2022

TADHack Accessibility Resources for TADHack Global 2022
Over the years we’ve had many accessibility hacks. Last year we had an excellent hack Colloquia11y by team Similarly Geeky, comprising Lily Madar and Steven Goodwin. Its an accessible conferencing solution (using Text To Speech and Speech To Text).

For TADHack 2022 we’ve created an Accessibility Prize that will be judged by Chris Lewis of Lewis Insight and Manisha Amin, CEO of The Centre for Inclusive Design. Chris and Manisha are also providing some resources to help hackers better understand Accessibility, and how to pitch to a blind person.

Interview with Chris Lewis, Accessibility Challenges, Straight from the Guide Dog Owner’s Mouth

I’ve known Chris for several decades He’s been a telecom analyst for 38 years, legally blind for 25 years, and started a focus on accessibility about 7/8 years ago.

Chris shares his real world experience of using the web as a blind person, getting to a video on a page can take 20-100 clicks. Its like accessing a web page through an IVR (Interactive Voice Response), serial access to what a sighted person accesses in parallel. He demos the challenges he faces using the latest TADHack.com website. I’ve got some work to do there!

Chris also shares the challenges in using his fancy coffee machine. It has several error lights, e.g. no water, no beans, grounds tray full, drip tray full. But no way to know which one is lit. So he checks all 4 possible problems each time one of them has an error. Chris provides many wonderful insights into the everyday challenges he faces.

Chris highlights the importance Alexa and Siri play in helping accessibility, for example he needed to know how to spell ‘curfew’. Another challenge is between Zoom, Teams, and many of the other conferencing platforms have different shortcuts, and one of the reasons he’s not yet used Android’s Accessibility tool TalkBack reader is its like learning yet another language, as he already uses iOS and Microsoft’s accessibility tools.

This 18 min interview is a mine of insights on accessibility challenges and ways of thinking about accessibility. More than I cover in the written section of this weblog, so check out the video. For me, the take away on designing for the edge cases, means the center is free is powerful. And when giving your pitch, focus on the story, and avoid saying, ‘as you can see on the slide’

Thank you Chris.

Resources from Manisha Amin, CEO of The Centre for Inclusive Design.

Coming soon.

The post Accessibility Resources for TADHack Global 2022 appeared first on Blog @ TADHack - Telecom Application Developer Hackathon.

March 30, 2022

ng-voice How we use automated integration testing to test our IMS solution at ng-voice
In this blog post, we are going to discuss what automated integration testing is and how we exercise it at ng-voice. This blog will provide a brief overview of the usage of automated integration testing in an IMS, possible challenges faced, and the benefits of using this method. The testing process can be time-consuming and resource-intensive, so we’ll explain how automated integration tests are used at ng-voice to effectively reduce the required time and resources while retaining the reliability and quality standards of our fully containerized and cloud-native IMS.

Integration testing is an important aspect of testing a software product – our IMS solution in this case. Using software to perform such integration tests in an automated manner is called automated integration testing. It ensures that multiple independent components – possibly even developed by separate teams – each function as expected when combined with others to form a complete system. The primary objective of such a test is to verify the correctness of a component’s external interfaces. Specifically, in the context of IMS, a large number of Call Flows must be covered with close attention to intricate technical details.

The standard use of automated integration testing in an IMS (IP Multimedia Subsystem)

When it comes to testing an IMS (IP Multimedia Subsystem), using genuine handsets (UE, short for User Equipment) is the obvious choice. The goal of such tests is to ensure compatibility between the IMS and:

Handsets from different vendors employed by the end-user

The deployed EPC (Evolved Packet Core)

Other IMS from different vendors for roaming

However, this approach to IMS testing comes with a couple of drawbacks, such as:

Tests using genuine handsets are performed manually, which is time-consuming and can be error-prone depending on the tester, leading to longer release cycles and a more fragile product, respectively.

An EPC, an eNodeB (Evolved Node B), and – in case of roaming – an external IMS are required.

All IMS components must be available in the shape of either a real component or an emulator.

Localizing issues can be challenging due to multiple components being involved.

Specification compliance between components within the IMS is not tested explicitly. Therefore, otherwise failing scenarios might succeed due to the same incorrect assumptions present in multiple components or the latter being tolerant to messages not conforming to the specification.

Even though the first two drawbacks can be remediated by using a handset simulator, the latter three still persist. To solve these challenges, ng-voice developed a platform for automatically testing one or multiple IMS components in isolation without using auxiliary components or emulators.

ng-voice’s platform for automated integration testing of IMS components

The concept behind this testing platform is to launch the component(s) to be tested and simulate all their immediate dependencies via entities we call User-Agent Mocks (see the diagram below). The purpose of a User-Agent Mock is similar to that of an emulator; both imitate the behavior of a real component for the purpose of testing. The major difference is that User-Agent Mocks can be configured to send arbitrary messages to the System Under Test (SUT), as well as validate incoming ones. Furthermore, all User-Agent Mocks are controlled by the testing platform itself, causing a test scenario to fail as soon as a message fails validation at any of them.

What are the benefits of an automated integration testing platform seen at ng-voice?

Testing one or multiple components in isolation before integrating them into a complete system yields the following benefits:

All communication between components can be checked for specification compliance to ensure seamless integration with different IMS, EPC, and handset vendors.

Errors can be detected and fixed early during the development of a particular component – without requiring its dependencies for testing – leading to a faster release cycle and a more stable product.

As an industry disruptor, we’re always looking at how to improve our solution and development processes to give our clients the best possible experience. Using automated integration tests aids us in these efforts by saving time and resources in the testing process, as well as helping us retain the excellent reliability and quality standards of our fully containerized and cloud-native IMS. To know more about our solution, get in touch with us and schedule a meeting.
Share this article via:

Share on facebook
Facebook

Share on linkedin
LinkedIn

Share on twitter
Twitter

Matthias Bräuer

Software Engineer

Publisher Bio

Brings his expertise in test automation, Python, SIP, and Diameter to ng-voice. As a software engineer at ng-voice, Matthias uses his skill sets to design and develop a test automation framework to ensure specification-conformity and correct functional behaviour of our IMS components.

Benedikt Vollmerhaus

Software Engineer

Publisher Bio

Benedikt joined ng-voice as a Python Software Engineer with over five years of experience developing full-stack Java applications and Python-based development tools. He now uses his development expertise as part of our QA team to improve our test automation tools and help us ensure the high reliability of our IMS solution. He is passionate about Linux and open-source projects.

Planet SIP

September 30, 2022

Debugging

SIP phones

Internal calls

PSTN trunk

Get your SIP credentials

Add SIP account to your Asterisk config

Create Asterisk extensions to send and receive calls

Firewall

September 25, 2022

Automatic renewal

September 23, 2022

Installing Asterisk

SIP phones

Dialplan and voicemail

Encrypted IAX links

Speed dial for the other phone

Firewall rules

Private network configuration

Network time synchronization

Accessing the admin page

Allowing calls between local SIP devices

September 22, 2022

Our partnership with Casa Systems

Barbara Silva

September 20, 2022

The current global rollout

5G SA and VoNR

Varun Jain

September 15, 2022

Vividha Singh at ng-voice | Employee Spotlight

Khaled Amirian

August 31, 2022

August 30, 2022

August 29, 2022

Grow Business Benefits with a Full Suite of Customizable CaaS Solutions from Sangoma

Why CaaS?

Gain a Competitive Advantage with a Complete CaaS Portfolio

CaaS Deployments for Any Business

Collaboration Solutions

Business Phones, Hardware, and Communities

August 25, 2022

Who am I?

Why did I join ng-voice?

Getting settled in a new city

My experience as a DevOps Engineer at ng-voice so far

Sara Fattouh

August 16, 2022

Picture this:

Understanding cloud-native principles

Benefits to MNOs, MVNOs, and Private Networks

Use case 1: Google Cloud

Use case 2: Bare metal

Elijah Indarjit

August 09, 2022

Introduction

What is UCaaS

Features of a UCaaS Platform

UCaaS Benefits

Why it Matters

July 29, 2022

July 28, 2022

Choose the UCaaS for YOUR Needs

Consider Scalability …

… While Embracing Flexibility

Assessing Reliability

Focus on Real Time

Weigh Cost Versus Benefit

July 26, 2022

My experience arriving to ng-voice’s Hamburg office

Getting settled in a new city

My experience at ng-voice so far

Mert Dogan

July 21, 2022

Innovative, All-in-One Solutions

Easy Onboarding & Control

User-friendly Mobile Apps

Flexible Access

Cost-effective