Add PBR Config Records#

Overview#

Phone-based registration (PBR) supports a number of configuration parameters that define how the service operates in a specific provider or customer environment.

You will need to create PBR configuration (PBR config) records, as follows:

  • Create a single PBR config record, globally, at Provider level.

    The global PBR config record at the Provider level allows the PBR web service to make the initial connection to the VOSS Automate API.

  • Create a PBR config record for each customer that will use the phone-based registration add-on.

    The PBR config record at the Customer level defines the specific connection parameters for a specific customer, and eventually will allow per customer VOSS Automate user to be used.

    PBR-config-list.png

Related Topics

Provisioning PBR device records with site-wide PINs#

Site-wide PINS are useful when PINs are required for either security or to address use-cases where DNs are not unique.

However, the operational overhead of provisioning a device record per unique device is not acceptable. In this case, create a single PBR device record at each site:

../../_images/PBR-SiteWidePIN.png

Note

  • When using site-wide PINS the device name and pattern must be hardcoded to use SITE. This is case sensitive.

  • When using site-wide PINS the administrator must specify the route partition for the site.

Add PBR Config Records#

This procedure configures the PBR registration. Instructions are provided for the PBR config record at the Provider level (global) and per customer.

@startuml
'PBR Config Flowchart
!include style.iuml
start
:Default config at provider hierarchy;
note right
  The **config at the provider level** enables
  the PBR web service to make
  the initial connection to VOSS Automate API.
end note
:PBR Config at customer hierarchy;
note right
  The **config at customer level** defines
  the specific connection parameters
  for that customer.
end note
:BAT Prefix Required;
note right
  Recommended so as not to replace a phone
  that is in active use.
end note
:Consider - PBR Device Record Required;
:Consider - Pin Required;
note right
 If a single PIN per site is required or not
end note
:Complete the portal, hierarchy and IP options;
note right
 * **Auto Provision PBR** device record should not be selected.
 * **Default PIN** should not be selected.
 * **BAT DeviceName Format** should be left to default.
end note
stop
@enduml

Important

Do not select the following options. These features are experimental and should not be enabled:

  • Auto Provision PBR device record

  • Use default PIN

  1. In Automate, go to (default menus) Services > Phone Based Registration > PBR Config, then choose the hierarchy:

    • To set up the global PBR record, choose Provider hierarchy.

    • To set up the per customer PBR record, choose the relevant customer hierarchy.

  2. Fill out a name for the PBR config record.

  3. Select the BAT Prefix Required checkbox.

    Note

    • It is recommended that PBR configuration should only allow the replacement of phones with fake MACs with device name prefix starting with BAT. This ensures that it is never possible for a user to replace a phone that is in active use.

    • Leave BAT DeviceName Format as default.

  4. Choose options based whether the use of PBR device records is required in this environment?

    1. The PBR device record allows an administrator to explicitly specify that a device is eligible for phone-based registration.

      Select the PBR Device Record Required checkbox, if required.

    2. The PBR device record allows an administrator to specify that a PIN that should be used when performing phone-based registration for a specific phone or for all phones at a site.

      Select the Pin Required checkbox, if required.

    3. The PBR device record can be used to guarantee that the correct device is replaced in environments where directory numbers are not unique within a CUCM cluster, for example, multiple directory numbers are configured with the same DN, but located in different partitions.

      In this case, clear the UseSiteWidePIN checkbox.

      Note

      By default, Automate requires a PBR device record per device, but in some cases, it may be sufficient to use a single pin per site. In this case, you can enable (select) the UseSiteWidePIN checkbox. This provides limited security to ensure that a PIN is still required to register a phone, but reduces the operational burden by eliminating the need to provision a PBR device record for each phone. See Provisioning PBR device records with site-wide PINs

  5. At Phone Registration Portal Port and Phone Registration Portal Address, specify the port and the IP address or hostname:

    • For HTTPS-based connectivity, the port should be 443 and the address is the IP address or hostname of an Automate proxy node in a cluster.

    • For HTTP-based connectivity, the port can be 80, and the address is the IP address or hostname of the primary Automate unified node in a cluster.

    Note

    The phone registration portal address and the port you specify must be accessible from the phone network.

  6. At Phone Registration Portal API User and Phone Registration Portal API Password, fill out the email address for the API user previously created, and fill out the password.

    See Create Restricted API Role and Admin User

    Note

    The portal API user credentials (username and password), is required for both the Provider-level PBR config record and for the PBR config record for any customers.

  7. At Phone Registration Service Hierarchy, specify the hierarchy:

    • If the PBR config record is defined at Provider level, specify the hierarchy as in the following example: sys.hcs.CC-P.

    • If the PBR config record is defined at the Customer level, specify the hierarchy as in the following example: sys.hcs.CC-P.FlexCorp

  8. At CUCM IP, specify the IP address of CUCM that is accessible to Automate using HTTPS SOAP requests.

  9. Save the PBR config record you configured, then run the following CLI command on the primary node to restart the services:

    cluster run all app start phone-based-registration