Jump to content

Extensions to Auto Provisioning ?


bencrosby

Recommended Posts

Hi,

 

I would very much like to be able to extent the PnP capabilities of the PBX. In all cases, I am using a mix of Snom 760, D765, D725 and D715. I do understand that some of this is device specific.

 

I have three scenarios in particular:

 

1) Automatic installation of certificates to devices:

 

Connected to a trusted network, and having been provisioned with extension credentials, It would be great to be able to automatically deploy device certificates, loading them into both the phone and the PBX.

 

2) Wi-Fi and 802.1x credentials - similar to above, I want to move some phones to Wi-Fi. Once the phone has been provisioned over ethernet, it would be cool to be able to load a Wifi-settings.xml or similar file to the phone.

 

3) Really looking for a great way to cancel the "missed calls" LED across all extensions, and to change the line monitoring LED on a couple. It looks like snom has the options in config, so for me, it would be loading an LED-settings.xml.

 

I can quietly go off and do most of this. The issue is that I need to be able to insert a line into one of the PBX PnP files to call another file from the PBX. Then I need to add that file to an appropriate place on the PBX so that the phones can request it as part of PnP provisioning.

 

Are there any thoughts on how this might be done ?

 

Thanks

Ben

Link to comment
Share on other sites

  • 2 weeks later...

Couple of topics, couple of answers.

 

1) We had the certificates topic on the table since Google changed the policy for their SHA2 signatures. What the PBX could do is to act as a certificate intermediate and provision certificates instead of passwords. Many phones are today able to do this. I think we had done that for Polycom phones at a point where they would not allow TLS without a valid certificate, maybe we should resume that in 2016 as the whole industry has moved forward.

 

I think one core problem is that people need to trust the Vodia Root CA. That would make it really easy to build up that whole tree of certificates. If people want to use other trusted Root CA that would of course also work, but I would say most of the services running the Vodia PBX don't want to spend the money to purchase a certificate every year.

 

2) Well, that could work only with "piggy back" information inserted into the provisioning files. We could think about adding parameters back into the provisioning as we used to have a couple of major versions ago.

 

3) The real problem here is that Missed Calls is essentially like Message Waiting; however while we have a standard for the MW, we don't have it for MC although they could really use the same mechanisms. As far as I can tell this would work only with a proprietary extension today.

Link to comment
Share on other sites

  • 2 weeks later...

I have had some more time to think about this.

 

1) I agree, this sounds like a workable solution.

 

In essence the phones need to trust the PBX. This would work fine as a private CA. If every PBX CA is a sub-CA of the Vodia Root CA, that's in theory fine, but I'm not sure it is necessary. Completely agree that people don't want to purchase certs every year, especially not for each phone.

 

I do think there is some potential magic with a new phone and various auto discovery services - both polycom and snom to my knowledge allow an internet based lookup to find their provisioning server. It would be cool to be able to provision certs and then bring up SSL based signalling, allowing a new phone to be internet provisioned for remote offices.

 

2) In my specific scenario, I have had to modify each phone_xml file to add these:

  <ethernet_detect perm="RO">off</ethernet_detect>
  <wifi_auth_mode perm="RO">WPA2PSK</wifi_auth_mode>
  <wifi_essid perm="RO">WifiNetName</wifi_essid>
  <wifi_wpapsk perm="RO">1234567890123456</wifi_wpapsk>
  <logon_wizard perm="RW">off</logon_wizard>
  <wifi_wpa_encryptype perm="RO">AES</wifi_wpa_encryptype> 

I would rather have this contained in a single file that is pushed to the phones, like wifi.xml and then link to the main files somehow with:

<setting-files>
  <file url="{https-url}/snom_wifi.xml" />
</setting-files>

This means WiFi credentials are stored only in a single location in the configuration.

 

3) Okay, I see your point. I wonder if it is possible to configure a key event that clears MW across all extensions. I also think I will explore the message button and missed call notifier LED as seperate items. It may be possible to leave the message key and LED for an individual extension and just do a global clear missed calls.

 

Thanks !

Link to comment
Share on other sites

  • 5 weeks later...

Not sure if this has been resolved yet but if you change the pnp file in Template eg. snom_7XX_phone.xml

 

add this line to stop the MWi on missed calls

 

<led_call_indicator_usage perm="">
PhoneHasCallInStateRinging CurrentIdentityHasVoiceMessages
</led_call_indicator_usage>
I am sure you will be able to add the WIFI settings in a similar way - format will be on the Snom wiki.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...