Configure SBC Edge Auto Configuration for BroadWorks

BroadWorks XSP enables you to remotely reconfigure the Ribbon SBC Edge nodes using a SIP NOTIFY message.  This specific aspect of device management of BroadWorks XSP is known as BroadWorks Device Management (DM). The Broadsoft Provisioning feature within the SBC Edge enables interoperability with the BroadWorks DM infrastructure for centralized management of boot-loader, software and configuration updates for every SBC managed by BroadWorks.

The Ribbon SBC Edge is able to automatically download configuration files through the SIP Notify message received from BroadWorks XSP.  The files will be downloaded and updated on the SBC according to the options configured in the WebUI's AutoConfiguration setup.

This Best Practice defines the steps necessary to use Ribbon SBC Edge Auto Configuration with BroadWorks.

Step 1: Broadworks Device Management Configuration

Broadworks Device Management Configuration involves two steps:

1. BroadSoft Administrator Configuration
2. BroadWorks Provisioning

Administrator configuration creates a device profile type and is performed by a Broadworks administrator. It should be completed before proceeding to BroadWorks Provisioning.

BroadSoft Administrator Configuration

This is performed by the BroadWorks Administrator on request, with inputs provided by Ribbon. It creates the device profile type which can used later for provisioning.

Following information is provided to BroadWorks:

With the above information the Admin performs the following steps for creating the device profiles.

Create Management Tag Set

Create Device management tag set example : SBC1000_dm-Tags, SBC2000_dm-Tags.  All the tags that will be defined by Ribbon will be under this.

Device Management Tag Sets

Create Device Profile Type

Device profile represent the devices itself.  Device profile will be named -SBC2000_dm.

Device Profile Type

Set System Level Configuration File Type

Following options will be set:

System Level Configuration

 

Set Device Specific Configuration File

Following options will be set:

Device Specific Configuration

 

Static Files Options

Options for static files - boot image and firmware image will be set.

Device Access File Format

sbc2000-release.xml

Repository File Format

sbc2000-release.xml

File Category

Static

File Customization

Administrator and User

Enable Caching

NO

File Authentication

User Name and Password

MAC Address in

Not Applicable

HTTP Authentication

Digest

Allowed Access Protocols

HTTPS

After the device type is configured,  BroadWorks will provide Ribbon with the following information:

• BroadWorks Device Type:  (example) - SBC1000_dm (for SBC1000) and SBC2000_dm (for SBC2000)
• File Location URL: (example) https://xsp1.iop1.broadworks.net/dms/Ribbon%20SBC-1000_2000_DM/

The above information will be used for Broadworks Provisioning and SBC configuration (File URL).

BroadWorks Provisioning

BroadWorks Provisioning involves the following steps:

• Creating Device Access User
• Creating Device Profile Instance
• Adding Tags
• Uploading Template Configuration Files
• Uploading Static Files
• Assigning Device Profile Instance to User

Creating Device Access User

BroadWorks Provisioning requires an authenticated user. The SIP NOTIFY message will be sent to this user.

1. From System or Group > Profile, click Users.

2. Click Add to add an Auto Configuration User.

   Add User

   
3. Configure the following:
   1. User ID
   2. Last Name
   3. First Name
   4. Initial Password
      
      

4. Click OK to create the new user.

   Create New User Data

    
5. Edit New User and configure the Authentication Service and Password.
   
   

6. Click OK.

   Manage User

   
7. Access User Profile> Assign Services.
   
   
8. From Available Services, select Authentication, and then click Add to move Authentication to User Services.
   
   
9. Click Apply to save the selection.
   
   

10. Click OK to return to the User Profile.

    Assign Services

     
11. Access Utilities> Authentication.
    
    
12. Enter the new authentication password.
    
    
13. Re-enter the new authentication password.
    
    
14. Click Apply.
    
    

15. Click OK to return to Utilities.

    Authentication

    

Creating Device Profile Instance

Device profile instance defines the template for the device type. Multiple device profile types can be created for a device type. This configuration specifies the profile instance name and sets the username and password for using this profile.

1. Login as admin and select Resources > Identify Device Profiles.
   
   
2. Click Add to create a new profile instance. In the example below, device profile named SBC2000-TCA-profile is newly created with user name autoconfig-admin.
   
   
3. Assign a name to new Identity/Device Profile.
   
   
4. From the Identity/Device Profile Type drop down box, select Ribbon SBC-1000_2000_DM.
   
   
5. In the Host Name/IP Address field, enter the Host Name or IP Address of your SBC.
   
   
6. From the Transport drop down list, select UDP.
   
   
7. In the MAC Address field, enter the MAC Address of your SBC.
   
   
8. Click Use Custom Credentials.
   
   
9. Enter the Device Access User Name and Password.
   
   

10. Click OK to create new Identity/Device Profile.

    Create Device Profile Instance

    

Creating Custom SBC Configuration Template with Tags

The following steps are for creating a custom template for your deployments

1. Back-up SBC using Passphrase, passphrase is required parameter that needs to added to config_import.txt
2. Unzip SBC_Config_SBCName_ReleaseNumber_BuildNumber_Date
3. Template is created from the extracted symphonyconfig.xml file
4. Edit symphonyconfig.xml and replace xml parameters with BroadWorks Tags
5. Example from <DomainName>ribboncommunications.com</DomainName> to <DomainName>%DOMAIN_NAME%</DomainName>
6. Example from <PrimaryDNSServer>8.8.8.8</PrimaryDNSServer> to <PrimaryDNSServer>%DNSSERVER-A%</PrimaryDNSServer

Adding Tags

The tags are identified by a keyword starting and ending with "%" character (for example, "%BWMACADDRESS%).  A tag name is case sensitive.  There are predefined set of tags defined by Broadworks Device Management; the first two characters of the tags start with "BW". Tags are replaced with the actual parameter values in the configuration files. Some configuration settings can be generic (i.e., domain name, Time Zone, DNS server) and are applicable to many devices. Some configuration settings are specific to each node (i.e., Device Name, IP address). System tags are created for system-wide use; device-specific tags are created for individual nodes.

System Tags example

Device Specific Tags example

To add these tags:

1. Select Utilities > Device Configuration. 

2. Select the device profile type created and click Edit.

   Add Tags

   

   
   

3. The Configure Device Profile Modify Page is displayed. From this Page, select Custom Tags. On the custom Tags page, click Add to provision each device tag.

   Values should be assigned to all the Tags defined.

Upload Template configuration Files

Template files contains tags, these tags are replaced with actual values specified in the above step and a configuration file will be generated.

System Template Files. These configuration template files are specific to a profile and the configuration file generated can be used by all the users registered for this profile.  Only one configuration file will be generated for each profile type.  For example, when the system template file tags are replaced for SBC2000-TCA-profile, SBC2000_config.xml file is generated.  This file can be used by all SBC2000 nodes registered for this profile type.

Device Template Files. This configuration template is specific to a node and the configuration file generated can only be used by that node.  A new device profile configuration will be generated for each device. 

1. Select Edit to add a System or Device Template file.

Uplodad Template Configuration Files

Both the system template and device template files should be added.

System and Device Template Files

Rebuild options generates the configuration file replacing the tag values.

Static Files are added similarly.

Assigning Identity/Device Profile Instance to User

Add users to the profile instance.  

1. Browse to Profile > Address page for the selected user and select the profile Instance.

Add Uses to Profile Instance

Step 2: Ribbon SBC Edge Configuration

Before downloading files from BroadWorks XSP configure the following:

• SBC Initial Set-up (if this is a new installation). See Ribbon SBC 2000 - Initial Setup or Ribbon SBC 1000 - Initial Setup
• Authenticated User in the Contact Registrant Table
• Password for Authenticated User in the Remote Authorization Table
• SIP Server Table for the BroadWorks server
• Signaling Group for BroadWorks server
• Modify SIP Profile
• Install Certificates for XSP security

Create Contact Registrant Table for Authenticated User

1. Access SIP > Contact Registrant Table.
   
   

2. Create a new Contact Registrant Table (i.e., Broadsoft CRT). For details, refer to Creating and Modifying Entries in Contact Registrant Tables.
                     

3. Click OK.
     

4. Access SIP > Contact Registrant Table and select the table you created (i.e., Broadsoft CRT).
   
   
5. From Type of Address Record, select Remote.
   
   
6. Configure the Address of Record URI (this the Address of Record URI of the Authenticated User).
   
   
7. Add a SIP Contact for the Authenticated User (Username: 2404984566, TTL Type: Use Global TTL, Priority: 0). For details, refer to Creating and Modifying Entries in Contact Registrant Tables.
   
   
8. Configure Contact URI Username for the Authenticated User (i.e, 2404984566).
   
   

9. Click OK.
       

10. Click OK to save changes.
      

11. View the Authenticated User Contact Registrant Table with the new entry.

Create Remote Authorization Table for Authenticated User

1. Access SIP> Remote Authorization Tables.
   
   
2. Create a Remote Authorization Table (i.e, Broadsoft Remote Authorization). Refer to Creating and Modifying Entries to Remote Authorization Tables.
   
   

3. Click OK.
       

4. Access SIP> Remote Authorization Tables and select the table you created (i.e., Broadsoft Remote Authorization Table).
   
   
5. Create a new Create Remote Authorization Entry.
   
   
6. In Realm, enter the Broadsoft server FQDN (i.e., as.iop1.broadworks.net).
   
   
7. In Authentication ID, enter the Authenticated User (i.e., autoconfig-admin)
   
   
8. In Enter Password and Confirm Password of the Authenticated User, match the Broadworks XSP Password.
   
   
9. From the From URI User Match drop down box, select Regex.
   
   
10. In Match Regex, enter the Regex for the Authenticated User's number set on Broadworks XSP (i.e., ^(2404984566)$ )
    
    

11. Click OK to save changes
      

12. View the new Authenticated User Remote Authorization entry.

Create SIP Server Table for Broadsoft

1. Access SIP > SIP Server Tables.
   
   
2. Create a SIP Server Table (i.e, Broadsoft Server). For details, refer to Creating and Modifying Entries in SIP Server Tables.
   
   

3. Click Ok.
       

4. Access the SIP Server Table you created (i.e., Broadsoft server).
   
   
5. From the Create SIP Server drop down menu, select DNS-SRV.
   
   
6. In the Host field, enter the Broadsoft server FQDN.
   
   
7. From the Remote Authorization Table drop down list, select Broadsoft Remote Authentication.
   
   
8. From the Contact Registration Table drop down list, select Broadsoft CRT.
   
   

9. Click OK.
     

10. View the new Broadsoft server entry.

Modify Default SIP Profile

When a SIP device sends a REGISTER request, the TO and FROM headers must match the provisioned AoR. The next steps will modify the FROM header to equal the TO header.

1. Access SIP > SIP Profiles> Default SIP Profile. For details, refer to Managing SIP Profiles.
   
   
2. From the FQDN in From Header drop down list, select Server FQDN (for FQDN in From Header).
   
   

3. Click OK.

Install Certificates for XSP security

Two XSP Certificates are supplied by Broadsoft. Install the Certificates as follows:

1. Access Security> SBC Certificates> Trusted CA Certificates. For details, refer to Managing Trusted CA Certificates.
   
   
2. Click Upload to open the Import Trusted CA Certificate window.
   
   
3. For Mode, select File Upload.
   
   
4. Browse to the XSP Certificate File location and select the XSP Certificate.
   
   
5. Click OK to import the certificate.
   
   

6. Repeat step 4 to import the second XSP Certificate.

Setup Autoconfiguration Task

The step enables you to configure the SBC to download configuration files from the Broadsoft server automatically when a SIP NOTIFY message is received. The files are downloaded according to the configuration options in the WebUI's AutoConfiguration setup as follows:

1. In the WebUI, click the Tasks tab.
   
   
2. In the left navigation pane, click BroadSoft Provisioning > Auto Configuration.
   
   
3. Configure the fields, as required. For field definitions, see Managing Auto Configuration.
   
   

4. Click Apply. Updates are performed in the following order: Boot Image, Firmware, and Configuration Update. The system reboots following configuration.

Start XSP Download

1. Browse XSP> System or Group> Resources> Identity/Device Profiles.
   
   
2. Click Search and edit SBC2000-TCA-profile.
   
   
3. Click on the Files tab.
   
   

4. Click Reset the Phones to start the Download from the XSP server.

   Start XSP Download