SBC in a Cloud Based UC/VoIP Service.
One of the interesting use cases for Sangoma SBC is to provide VoIP Edge connectivity between Softswitches or IPPBX's and VoIP End Points of IP Telephony Service providers (ITSP's)
Here we are going to show you how to deploy Sangoma SBC VM as an EC2 (Elastic Compute Cloud) Instance inside a VPC (Virtual Private Cloud).
There are several VPC scenarios offered in AWS (See: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenarios.html).
In our example we are using a VPC with Public and Private Subnets, as this scenario perfectly fits the need to have VoIP resources in a private subnet, not accesibe from the exterior, and the SBC located in the Public Subnet enabling remote endpoints and Service providers to reach VoIP resoruces in a controlled and secured fasion. (For more details about this VPC scenario see: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html)
For our exercise we will be using a VPC similar to this one:
Our VPC Will have the following attributes:
- VPC: 10.0.0.0/16
- Private subnet: 10.0.1.0/24
- Public subnet: 10.0.0.0/24
Our SBC will have:
- Internal interface in the Private subnet at: 10.0.1.133
- External Interface in the Public subnet at: 10.0.0.133
- CPU: 2 Core
- Memory: 4 Gig
- Hard Drive: 30 Gig
- (For testing purposes you can start with a Free Tier Elegible Instance such as t2.micro - 1.5 Gig, 1 Core)
- Login to your AWS Console and go to your EC2 dashboard:
- At this point we will initiate the process to Create an EC2 Instance using Sangoma's SBC AMI. Press "Launch Instance" button.
- Search "sangoma" in the Community AMI and you will find our Sangoma SBC AWS AMI. Then choose the latest version Sangoma SBC 2.3.27-126-GA just press "Select "
(Note: AWS has segmented the community AMIs region wise, this AMI is available in Asia Pacific (Sydney) ap-southeast-2 region)
NOTE: The instance number or name might be different as we update periodically to the latest software version.
- Select the type of instance according to your own needs:
- Press next: Configure Instance Details
- Now you will be able to execute the steps to configure the specific characteristics for the VM Instance you will be using in your production environment
- In the Instance Details Screen
- select the VPC 10.0.0.0/16
- select the Public Subnet as this one will be the primary LAN interface (10.0.0.0/24).
In the Network Interface Section assign specific IP address to eth0, as well as eth1. Please note eth1 is being associated to the private subnet.
- At this point you are able to identfy the SBC will have 2 Network Interfaces, one of them (10.0.0.133) is landed in the Public Subnet and the other (10.0..1.133) is landed in the private subnet.
The private subnet could be for example hosting a FreePBX VM, fully protected behind the SBC.
- Click on Next: Add Storage.
- In our example we will select a 30Gig drive of General Purpose SSD.
- Now Click Next: add Tags
- You can add any Tag. On this example we will just complete the Name Tag
- Click on Next: Configure Security Group
- This is a set of rules controlled by AWS infrastructure. It is not associated to any internal Firewall features. In our case, we are configuring the Security rules to allow:
- SSH, HTTP and HTTPS access only from VPC addresses (Private and Public Subnets)
- Ports UDP and TCP 5060 to 5061 from anywhere
- Now we will proceed to review the Instance scrolling down thru all the sections in the page:
- Now, after pressing Launch button, a popup window will ask you if you want to associate an encrypted key to access the new instance.
- In our case we have decided not to assign an access key.
- Click Launch Instance
- Now, Click on View Instance
- You will notice the new Instance starting, wait until it is fully initialized and show all initial testing passed
- Once the Instance is UP and Running, access the GUI using the browser of your preference.
- In out case we will be accessing http://10.0.0.133, which is the Primary IP address (public) assigned to eth0 during the Instance creation task. It is important to understand:
- You will not be able to access the Private IP (10.0.1.133 on eth1) as it is not automatically assigned via DHCP.
- In order to access the public IP address you will need at least to have VPN access to the Public Subnet inside your VPC.
(Alternatively you can configure a default VPC to gain access directly )
- The User/Password by default assigned to the AMI is: root/sangoma
- After Logged in, you will notice "Vega Session Controller Configuration is not completed"
- License Is Not Installed
- And of possibly, Configuration has not been generated yet
- In order to install the license you will need to contact our sales department (email@example.com) or go to store on http://portal.sangoma.com and look for Software SBC in order to purchase it.
- Also, the license is associated to your instance MAC address for eth0 . In order to obtain the MAC Addresses, first from the Help Menu select and click on "About" and then "System Information"
- (Note: do not change add / remove the eth0 network interface after installing the license)
- Scroll down the page:
- Write down the MAC Addresses for eth0 as you will need them during the License file generation procedure.
The rest of the configuration can continue as per your installation use case scenario. The SBC configuration guides are https://wiki.sangoma.com/display/SBC/Configuration+Guides
- Now, we will complete the configuration of LAN Interfaces.
- Go to Configuration --> IP Settings --> Signaling Interface
- Change eth0 from DHCP to Static. DO NOT CHANGE THE PREASSIGNED IP ADDRESS
- Modify the Host Name if you want
- Make sure you have the default gateway correctly assigned. In AWS for Public subnet 10.0.0.0/24 it is usually 10.0.0.1
- Make sure you have the DNS server correctly assigned. In AWS for Public subnet 10.0.0.0/24 it is usually 10.0.0.2
- Add a secondary DNS Server if desired
- Now assign to eth1 the static IP address we defined during the Instance Launch process (10.0.1.133)
- We are ready with Signaling Interfaces and it should look like this:
- In order to be able to generate a configuration and start the SBC you will need at least to create one SIP Profile.
- One last point is to Disable Source Destination Check in the Instance . This must be done in your AWS Console:
As you can see, Now you can easely deploy Sangoma SBC in a cloud environment (AWS in this case). Soon you will also lear how to do it in other Cloud Providers.