BroadWorks XSP enables you to remotely reconfigure the Ribbon SBC Edge nodes using a SIP NOTIFY message. This specific aspect of device management of BroadWorks XSP is known as BroadWorks Device Management (DM). The Broadsoft Provisioning feature within the SBC Edge enables interoperability with the BroadWorks DM infrastructure for centralized management of boot-loader, software and configuration updates for every SBC managed by BroadWorks.
The Ribbon SBC Edge is able to automatically download configuration files through the SIP Notify message received from BroadWorks XSP. The files will be downloaded and updated on the SBC according to the options configured in the WebUI's AutoConfiguration setup.
This Best Practice defines the steps necessary to use Ribbon SBC Edge Auto Configuration with BroadWorks.
Broadworks Device Management Configuration involves two steps:
- BroadSoft Administrator Configuration
- BroadWorks Provisioning
Administrator configuration creates a device profile type and is performed by a Broadworks administrator. It should be completed before proceeding to BroadWorks Provisioning.
This is performed by the BroadWorks Administrator on request, with inputs provided by Ribbon. It creates the device profile type which can used later for provisioning.
Following information is provided to BroadWorks:
File Name | File Type | Authentication Mode | Authentication Type | Description |
---|
SBC1000_config.xml
| Device-specific
| User Name and Password | Digest | Configuration file for SBC1000 |
sbc1000-release.img
| static
| User Name and Password | Digest | Software Application for SBC1000 |
sbc1000-boot.tar.gz
| static
| User Name and Password | Digest | Boot Image for SBC1000 |
SBC2000_config.xml
| Device-specific
| User Name and Password | Digest | Configuration file for SBC2000 |
sbc2000-release.img
| static
| User Name and Password | Digest | Software Application for SBC2000 |
sbc2000-boot.tar.gz
| static
| User Name and Password | Digest | Boot Image for SBC2000 |
config_import.txt
| System-specific
| User Name and Password | Digest | Indicates whether the configuration should be imported fully or partially. It is used by both SBC 1000 and SBC 2000. This file contains only one of the following two words. config_type : <type> passphrase : <passphrase> where type can be either full or partial and passphrase should be the same passphrase that used during configuration backup operation. full - configuration is imported fully. partial - configuration is imported partially i.e all configuration except the networking-configuration are imported. Networking configuration is expected to be done at customer premises.
Example: config_type: partial passphrase: admin |
version.txt
| System-specific
| User Name and Password | Digest | Contains the software release name and the firmware release name pertaining to the software and firmware in the XSP directory, SBC checks this file before downloading and updating the software. SW=5.0.0 Boot Image=3.1.60 BUILD_NUMBER=3xx BUILD_VERSION=5.0.0 |
With the above information the Admin performs the following steps for creating the device profiles.
Create Device management tag set example : SBC1000_dm-Tags, SBC2000_dm-Tags. All the tags that will be defined by Ribbon will be under this.
Device Management Tag Sets
Device profile represent the devices itself. Device profile will be named -SBC2000_dm.
Following options will be set:
Option | Value selected |
---|
Device Access File Format | SBC2000_config.xml |
Repository File Format | SBC2000_config-%BWTIMESTAMP%.xml |
File Category | Dynamic Per-Type |
File Customization | Administrator and User |
Enable Caching | NO |
File Authentication | User Name and Password |
MAC Address in | Not Applicable for system configuration file |
HTTP Authentication | Digest |
Allowed Access Protocols | HTTPS |
System Level Configuration
Following options will be set:
Option | Value selected | Notes |
---|
Device Access File Format | SBC2000_ %BWMACADDRESS%.xml
| |
Repository File Format | %BWFQDEVICEID%.xml | This is an ID uniquely identifying a device (Fully Qualified Device ID). |
File Category | Dynamic Per-Device | |
File Customization | Administrator and User | |
Enable Caching | NO | |
File Authentication | User Name and Password | |
MAC Address in | HTTP Request URI | |
HTTP Authentication | Digest | |
Allowed Access Protocols | HTTPS | |
Device Specific Configuration
Options for static files - boot image and firmware image will be set.
Option | Value selected |
---|
Device Access File Format | sbc2000-release .xml
|
Repository File Format | sbc2000-release .xml
|
File Category | Static |
File Customization | Administrator and User |
Enable Caching | NO |
File Authentication | User Name and Password |
MAC Address in | Not Applicable |
HTTP Authentication | Digest |
Allowed Access Protocols | HTTPS |
After the device type is configured, BroadWorks will provide Ribbon with the following information:
- BroadWorks Device Type: (example) - SBC1000_dm (for SBC1000) and SBC2000_dm (for SBC2000)
- File Location URL: (example) https://xsp1.iop1.broadworks.net/dms/Ribbon%20SBC-1000_2000_DM/
The above information will be used for Broadworks Provisioning and SBC configuration (File URL).
BroadWorks Provisioning involves the following steps:
- Creating Device Access User
- Creating Device Profile Instance
- Adding Tags
- Uploading Template Configuration Files
- Uploading Static Files
- Assigning Device Profile Instance to User
BroadWorks Provisioning requires an authenticated user. The SIP NOTIFY message will be sent to this user.
From System or Group > Profile, click Users.
Click Add to add an Auto Configuration User.
- Configure the following:
- User ID
- Last Name
- First Name
- Initial Password
Click OK to create the new user.
- Edit New User and configure the Authentication Service and Password.
Click OK.
- Access User Profile> Assign Services.
- From Available Services, select Authentication, and then click Add to move Authentication to User Services.
- Click Apply to save the selection.
Click OK to return to the User Profile.
- Access Utilities> Authentication.
- Enter the new authentication password.
- Re-enter the new authentication password.
- Click Apply.
Click OK to return to Utilities.
Device profile instance defines the template for the device type. Multiple device profile types can be created for a device type. This configuration specifies the profile instance name and sets the username and password for using this profile.
- Login as admin and select Resources > Identify Device Profiles.
- Click Add to create a new profile instance. In the example below, device profile named SBC2000-TCA-profile is newly created with user name autoconfig-admin.
- Assign a name to new Identity/Device Profile.
- From the Identity/Device Profile Type drop down box, select Ribbon SBC-1000_2000_DM.
- In the Host Name/IP Address field, enter the Host Name or IP Address of your SBC.
- From the Transport drop down list, select UDP.
- In the MAC Address field, enter the MAC Address of your SBC.
- Click Use Custom Credentials.
- Enter the Device Access User Name and Password.
Click OK to create new Identity/Device Profile.
Create Device Profile Instance
The following steps are for creating a custom template for your deployments
- Back-up SBC using Passphrase, passphrase is required parameter that needs to added to config_import.txt
- Unzip SBC_Config_SBCName_ReleaseNumber_BuildNumber_Date
- Template is created from the extracted symphonyconfig.xml file
- Edit symphonyconfig.xml and replace xml parameters with BroadWorks Tags
- Example from <DomainName>ribboncommunications.com</DomainName> to <DomainName>%DOMAIN_NAME%</DomainName>
- Example from <PrimaryDNSServer>8.8.8.8</PrimaryDNSServer> to <PrimaryDNSServer>%DNSSERVER-A%</PrimaryDNSServer
The tags are identified by a keyword starting and ending with "%" character (for example, "%BWMACADDRESS%). A tag name is case sensitive. There are predefined set of tags defined by Broadworks Device Management; the first two characters of the tags start with "BW". Tags are replaced with the actual parameter values in the configuration files. Some configuration settings can be generic (i.e., domain name, Time Zone, DNS server) and are applicable to many devices. Some configuration settings are specific to each node (i.e., Device Name, IP address). System tags are created for system-wide use; device-specific tags are created for individual nodes.
System Tags example
Tag | Parameter Value |
---|
%DOMAIN_NAME% | ribboncommunications.net |
%TIME_ZONE% | Pacific |
%PRIMARY_DNS% | 134.56.113.11 |
%SECONDARY_DNS% | 134.56.112.12 |
| |
Device Specific Tags example
Tag | Parameter Value |
---|
%DEVICE_NAME% | nebulous |
%ETH1_PRIMARY_IP% | 134.56.216.214 |
%FILE_DS_TCA_HIGH% | 10000 |
%FILE_DS_TCA_LOW% | 5000 |
%CPU_TCA_HIGH% | 90 |
%CPU_TCA_LOW% | 70 |
To add these tags:
- Select Utilities > Device Configuration.
Select the device profile type created and click Edit.
The Configure Device Profile Modify Page is displayed. From this Page, select Custom Tags. On the custom Tags page, click Add to provision each device tag.
Values should be assigned to all the Tags defined.
Template files contains tags, these tags are replaced with actual values specified in the above step and a configuration file will be generated.
System Template Files. These configuration template files are specific to a profile and the configuration file generated can be used by all the users registered for this profile. Only one configuration file will be generated for each profile type. For example, when the system template file tags are replaced for SBC2000-TCA-profile, SBC2000_config.xml
file is generated. This file can be used by all SBC2000 nodes registered for this profile type.
Device Template Files. This configuration template is specific to a node and the configuration file generated can only be used by that node. A new device profile configuration will be generated for each device.
- Select Edit to add a System or Device Template file.
Uplodad Template Configuration Files
Both the system template and device template files should be added.
System and Device Template Files
Rebuild options generates the configuration file replacing the tag values.
Template and Configuration File Formats
Template File Format | Configuration File |
---|
<Token name="SBA">
<IE classname="SBA_CONFIGURATION">
<SystemRelease>0.0.0v0</SystemRelease>
<Enabled>1</Enabled>
<EthernetPort>1</EthernetPort>
<DHCPEnabled>0</DHCPEnabled>
<ipv4Address>%SBA_ADDRESS%</ipv4Address>
<ipv4Netmask>%SBA_NETMASK%</ipv4Netmask>
<ipv4Gateway>%SBC_GATEWAY%</ipv4Gateway>
<RemoteDesktopEnabled>0</RemoteDesktopEnabled>
<DNSServer1>%DNSSERVER-A%</DNSServer1>
<DNSServer2>%DNSSERVER-B%</DNSServer2>
<AclEnable>1</AclEna ble>
</IE>
</Token>
| <Token name="SBA">
<IE classname="SBA_CONFIGURATION">
<SystemRelease>0.0.0v0</SystemRelease>
<Enabled>1</Enabled>
<EthernetPort>1</EthernetPort>
<DHCPEnabled>0</DHCPEnabled>
<ipv4Address>10.1.5.11</ipv4Address>
<ipv4Netmask>255.255.255.0</ipv4Netmask>
<ipv4Gateway>10.1.5.100< / ipv4Gateway >
<RemoteDesktopEnabled>0</RemoteDesktopEnabled >
<DNSServer1></DNSServer1>
<DNSServer2></DNSServer2>
<AclEnable>1</AclEnable>
</IE>
</Token>
|
Static Files are added similarly.
Add users to the profile instance.
- Browse to Profile > Address page for the selected user and select the profile Instance.
Add Uses to Profile Instance
Before downloading files from BroadWorks XSP configure the following:
- SBC Initial Set-up (if this is a new installation). See Ribbon SBC 2000 - Initial Setup or Ribbon SBC 1000 - Initial Setup
- Authenticated User in the Contact Registrant Table
- Password for Authenticated User in the Remote Authorization Table
- SIP Server Table for the BroadWorks server
- Signaling Group for BroadWorks server
- Modify SIP Profile
- Install Certificates for XSP security
- Access SIP > Contact Registrant Table.
Create a new Contact Registrant Table (i.e., Broadsoft CRT). For details, refer to Creating and Modifying Entries in Contact Registrant Tables.
Click OK.
- Access SIP > Contact Registrant Table and select the table you created (i.e., Broadsoft CRT).
- From Type of Address Record, select Remote.
- Configure the Address of Record URI (this the Address of Record URI of the Authenticated User).
- Add a SIP Contact for the Authenticated User (Username: 2404984566, TTL Type: Use Global TTL, Priority: 0). For details, refer to Creating and Modifying Entries in Contact Registrant Tables.
- Configure Contact URI Username for the Authenticated User (i.e, 2404984566).
Click OK.
Click OK to save changes.
View the Authenticated User Contact Registrant Table with the new entry.
- Access SIP> Remote Authorization Tables.
- Create a Remote Authorization Table (i.e, Broadsoft Remote Authorization). Refer to Creating and Modifying Entries to Remote Authorization Tables.
Click OK.
- Access SIP> Remote Authorization Tables and select the table you created (i.e., Broadsoft Remote Authorization Table).
- Create a new Create Remote Authorization Entry.
- In Realm, enter the Broadsoft server FQDN (i.e., as.iop1.broadworks.net).
- In Authentication ID, enter the Authenticated User (i.e., autoconfig-admin)
- In Enter Password and Confirm Password of the Authenticated User, match the Broadworks XSP Password.
- From the From URI User Match drop down box, select Regex.
- In Match Regex, enter the Regex for the Authenticated User's number set on Broadworks XSP (i.e., ^(2404984566)$ )
Click OK to save changes
View the new Authenticated User Remote Authorization entry.
- Access SIP > SIP Server Tables.
- Create a SIP Server Table (i.e, Broadsoft Server). For details, refer to Creating and Modifying Entries in SIP Server Tables.
Click Ok.
- Access the SIP Server Table you created (i.e., Broadsoft server).
- From the Create SIP Server drop down menu, select DNS-SRV.
- In the Host field, enter the Broadsoft server FQDN.
- From the Remote Authorization Table drop down list, select Broadsoft Remote Authentication.
- From the Contact Registration Table drop down list, select Broadsoft CRT.
Click OK.
View the new Broadsoft server entry.
When a SIP device sends a REGISTER request, the TO and FROM headers must match the provisioned AoR. The next steps will modify the FROM header to equal the TO header.
- Access SIP > SIP Profiles> Default SIP Profile. For details, refer to Managing SIP Profiles.
- From the FQDN in From Header drop down list, select Server FQDN (for FQDN in From Header).
Click OK.
Two XSP Certificates are supplied by Broadsoft. Install the Certificates as follows:
- Access Security> SBC Certificates> Trusted CA Certificates. For details, refer to Managing Trusted CA Certificates.
- Click Upload to open the Import Trusted CA Certificate window.
- For Mode, select File Upload.
- Browse to the XSP Certificate File location and select the XSP Certificate.
- Click OK to import the certificate.
Repeat step 4 to import the second XSP Certificate.
The step enables you to configure the SBC to download configuration files from the Broadsoft server automatically when a SIP NOTIFY message is received. The files are downloaded according to the configuration options in the WebUI's AutoConfiguration setup as follows:
- In the WebUI, click the Tasks tab.
- In the left navigation pane, click BroadSoft Provisioning > Auto Configuration.
- Configure the fields, as required. For field definitions, see Managing Auto Configuration.
Click Apply. Updates are performed in the following order: Boot Image, Firmware, and Configuration Update. The system reboots following configuration.
- Browse XSP> System or Group> Resources> Identity/Device Profiles.
- Click Search and edit SBC2000-TCA-profile.
- Click on the Files tab.
Click Reset the Phones to start the Download from the XSP server.