Network

<< Click to Display Table of Contents >>

Navigation:  Options > System settings >

Network

 

The Network tab is part of the System settings page, and contains settings for controlling the network interfaces, and integrations with external systems.

Quick links: AD / LDAP , CSTA , V-Tap

 

Configure: The network settings can be configured using the web interface, or manually (on the command line). If the network settings are configured using the web interface, it will write to the files: /etc/network/interfaces , /etc/resolv.conf , /etc/hostname . Otherwise it will leave these files untouched, and the existing configuration will remain.

DHCP: When enabled, the Apresa server will try to acquire an IP address automatically using DHCP.

IP Address, IP Subnet Mask, IP Gateway Address: These settings usually do not need to be filled in when using DHCP. When not using DHCP, they must be filled in manually.

DNS Server Address: IP address of the Domain Name Server

IP Name: The IP name that the Apresa server must have

NTP server address: Apresa can synchronize its clock with an NTP time server. After applying the settings, press the Test button to check the current status. You can fill in up to 4 addresses (advanced). To use the standard pool from the internet, use:

0.pool.ntp.org

1.pool.ntp.org

2.pool.ntp.org

3.pool.ntp.org

If you are using a local NTP server, the standard NTP server provided by Windows client platforms (Windows XP, Windows 10) have known problems that prevent the NTP client on Linux from synchronizing with it. To solve this, it can help to install a standard conforming NTP server on it (see this one for example), or switch to using another NTP server.

If an NTP server is advertised using DHCP, it is used instead of the value in this setting.

Browser protocol: The default browser protocol is HTTP, and it is unencrypted. HTTPS, on the other hand, is encrypted. Before enabling HTTPS, a certificate must be created or uploaded on the certificates page.

Certificate: This list contains all available certificates that may be used for the HTTPS protocol. One of them may be selected here.

Web server port (HTTPS): By default, HTTPS is server on port 443. This port number can be changed here.

Configure second ethernet port: It is usually not needed to configure the second port, even when using the second ethernet port for mirroring. When needed, it is possible to assign a static IP address, or a dynamic one using DHCP. This might be needed when using the Apresa network service (VoIP tab) to receive information from the Apresa Lync Plugin on a Lync Server.

Azure: This is for importing users from a security group and single sign-on using Azure AD. The Application ID (also called Client ID) refers to the App registration in Azure AD and has the format 00000000-0000-0000-0000-000000000000. The Tenant ID has the same format, and refers the company that the users are part of. It is also called the Directory ID in Azure. The password refers to the client secret. Select the AD fields to use for populating the list of telephones when importing users.

You can refer to an Azure app where defining an external logon service.

SCIM: Enable support for user provisioning through the SCIM protocol. This can be used as an alternative to Azure AD that avoids having to give the recorder full read access to Azure AD. Once enabled, further configuration can be done in a user group.

AD server address (LDAP): The IP address or IP name of the Active Directory or LDAP server, on which to check username and password during log on, for the users for which this is enabled. Multiple servers can be added.

It is possible to connect to the LDAP server via a secured connection. For this the AD server address should be prefixed with ldaps://. For the secured connection to be made, the LDAP server will present its certificate. If the certificate is not issued by a trusted certificate authority, it is necessary that it is uploaded and added to the trusted certificates of the Apresa. This can be done via the certificates page. Furthermore, it is required that the certificate is correctly issued for the LDAP server. This means that the server address must match the common name of the certificate or one of the subject alternative names before the certificate will be accepted by the Apresa.

AD user domain: The Active Directory (Windows) domain name to use, when performing a login. Users are logged in using DOMAIN\username. The domain name prefix is not used if the username is in UPN format.

LDAP Domain: The LDAP search base to look for groups. It can be specified in LDAP format, for example: ou=groups,dc=company,dc=com. Or as a domain name: company.com (which would be converted to dc=company,dc=com). In the Group settings, if you link a group to AD, you can specify an LDAP group which resides below the LDAP base specified here.

LDAP User: The LDAP user account to be used when searching the Active Directory for user groups, and importing the user details. The username can be in UPN format, or otherwise the "AD user domain" will be used as prefix.

LDAP Password: The password of the LDAP User.

UPN as Username (LDAP): If this setting is enabled, when importing users from AD, the Universal Principal Name (UPN) is used as username. UPN uses email address format (user@domain).

LDAP telephones: Specify which fields in Active Directory to use when importing user phones. More than one field can be specified.

LDAP Synchronisation Interval: The user groups that are configured to be imported from AD, will be synchronized periodically according the specified interval. If the synchronization interval is set to zero or empty, the synchronization is not performed.

Access URL of Apresa: Fill in the web address that users can use in their browser to access Apresa. For external logon integration, the address needs to start with https://.

Logon using external party: Enable this option to allow users to log on using an ADFS server, or another type of SAML Identity Provider. This will apply to users for which the logon method of their user account is set to use SAML (ADFS).

Logon procedure: This setting determines what happens when only one ADFS is defined in the system.

- Ask for username: Depending on the username, and the logon method of this user, the user will be redirected to ADFS, or prompted for the password for local (or LDAP) logon.

- Show login button: The user will be redirected to the configured ADFS after clicking the button. This can be used for additional clarity about where they are logging in, and reduces the chance of redirect loops in case of a failure.

- Redirect immediately: The user will be redirected immediately to the configured ADFS for log on.

In the case the user is not asked for a username, a local logon is still possible by appending ?nosso to the URL (nosso= No single sign-on), for example: https://1.2.3.4/?nosso . When there are multiple ADFS servers configured, the user is always asked first for a username, to determine to which ADFS to redirect.

If you are using a customized logon page that is not updated for this new feature, the logon page might to not show properly.

Certificate of Apresa: Select the certificate that will be used by Apresa to sign SAML messages sent to ADFS. Also import this certificate into ADFS to let it trust messages from Apresa. A certificate can be generated on the Certificates page.

One or more external logon services (ADFS servers) can be configured. For each external logon service, the following options apply:

- Name: The name can be freely chosen, and has no effect on the sign-on procedure.

- Technology: This can ADFS (SAML), or Azure AD (OAuth)

For ADFS (SAML), the following settings apply:

- Entity ID: of the ADFS server. Usual format: http://somedomain.com/adfs/services/trust

- Certificate: of the ADFS server. It will be used to verify the identity of the ADFS server when connecting to it. A certificate can be imported on the Certificates page.

- Sign-on URL: Usual format: https://somedomain.com/adfs/ls/

- External sign-off: Enable this option if you want to perform an ADFS sign-off when the user logs out.

- Sign-off URL: Usual format: https://somedomain.com/adfs/ls/

For Azure AD (OAuth), the following settings apply:

- External sign-off: Enable this option to close the session at Azure AD when logging out

- Azure app: Select one of the available Azure apps. See the Azure app setting.

 

Samwin User group: Enables group synchronization with a remote Samwin installation. In addition it is needed, to specify the Samwin group on the User group page.

Server address: IP address and optionally the port of where the Samwin database can be reached.

Database: The database name on the Samwin server.

Username/Password: The database login credentials for the Samwin server.

Synchronization Interval: The groups that are configured to be imported from Samwin will be synchronized periodically according to the specified interval.

 

CSTA Type: Select the PBX type to which to connect, using CSTA.

Active: When enabled, CSTA is used to setup a conference call to the recorder, which makes port-mirroring unnecessary. The VoIP service needs to be configured to answer this call, except for Avaya DMCC. Port-mirroring is then not needed. When active is disabled, CSTA is used to improve the call meta data (telephone numbers and direction).

CSTA Passive Mode: There are the following modes:

- Telephone Based: This applies to certain Unify phones that can initiate a SIP call to the recorder.

- Mirror (Internal): In this setup, VoIP data is recorded on the inside using port-mirroring. The telephone numbers are corrected or improved by CSTA. It requires knowledge of the IP address of the monitored phones.

- Mirror (External): In this setup, VoIP data is recorded on a SIP trunk using port-mirroring. The local telephone number is corrected or improved by CSTA.

- MICC / TAS: Special setup applicable to MX-ONE and mirrored data of the Mitel Contact Center. CSTA is used to correct both local and remote ID.

CSTA Username/Password: Login credentials to be used for the CSTA connection.

CSTA server name: The CSTA server IP name or address. The main IP address of the PBX might be different from the IP address of the CSTA server.

CSTA server port: The port number for CSTA at the CSTA server.

CSTA Switch Name: This setting is needed for connecting to the Avaya PBX.

CSTA Apresa Telephones: This is the phone number at which this recorder is reachable. For Avaya DMCC, this can be a range of phone numbers. (This is only applicable to active recording.)

CSTA Apresa Telephones Password: The password to use when logging in the recorder phones specified above.

Apresa Local IP: The IP address of Apresa to use when using Avaya DMCC. When left blank, the first IP address of Apresa will be used.

CSTA Media Server: Specify, in case of OpenScape Voice and active recording, if a Media-Server/ONS number must be used.

CSTA Conference Number: If a Media Server is used, specify the ONS number here (just for OpenScape Voice).

CSTA Silent Monitoring: Enable this feature if you want Silent Active recording. This option is especially for the OpenScape HiPath 4000.

CSTA RCG Number: If you enabled the above option, you have to specify the Route Control Group to be used. This number must also be configured in the PBX. OpenScape HiPath 4000 only.

CSTA Do not record: All numbers in this list will never be recorded. You can specify the numbers separated with commas, like: 100,200,300, as a range, like: 100-120 or you can use a wildcard, like 58*.

CSTA Clear Conference after: Specify the number of seconds before ending a conference call that was made by CSTA in active mode with OpenScape 4000. If left empty or set to zero, then the conference call is not stopped artificially. If this setting is enabled, the CSTA conference call is made only if the corresponding setting on the “Recording settings” page (“Record incoming calls”, “Record outgoing calls”, “Record local calls”) is enabled. This setting is intended to be used when the CSTA conference call is used only for making an announcement, and not for recording. In that case, specify a duration that is larger than that of the announcement. When the announcement has played, the conference call serves no purpose anymore and can be cleared.

CSTA Recording on demand: If this option is enabled, if a call is to be recorded on-demand, and recording is not yet triggered, then no recorder phone are used, and silent monitoring is not yet initiated. This option is only applicable to Unify OpenScape 4000 active silent monitoring.

CSTA Devices Multi-Controllable: Specifies whether multiple sessions can control the device. Only for Avaya DMCC. Default is false.

CSTA Record trigger text: The UserData field (UUI field) can be used to control recording. With the option “Record only these calls”, only calls with this trigger text are recorded. With the option “Keep these calls with store on demand”, the trigger text will cause the recording to be kept if store on demand is enabled. This setting only applies to Avaya DMCC.

CSTA Stereo recording: This option only applies to Avaya DMCC. If enabled, stereo recordings are made, with a separate channel for the local phone that is to be recorded, and a separate channel for the other side of the call. This option only works if the audio file encoding is set to a stereo format in the Recording settings. Recording in stereo requires double the amount of recorder telephone numbers (see CSTA Apresa Telephones), because two separate recorder connections will be made for each recorded call. This also affects the number of licenses needed from Avaya.

CSTA Apply SIP filter on outgoing calls: If enabled, the SIP filter rules will be applied to the dialed phone number as detected by CSTA for outgoing calls. Sometimes the phone number detected using CSTA contains an additional dialing prefix (for example a zero), compared to the telephone number detected on the SIP trunk. This could be matched on in the SIP filter. This setting applies only to Mitel 400.

CSTA Local ID: This setting determines if the Agent ID (when detected) will be stored as Local ID in the call database.

CSTA Connected Column: There are three options here: “None” (the connected column is empty), “Agent ID” (the column is always used for the agent ID) or “Dialed number”, this is the number the external party originally dialed. The default is “Agent ID”.

CSTA Status: This shows the current CSTA status.

Note: Also set the CSTA Telephone numbers to be monitored in the Recording settings.

 

V-Tap: Enable this option to let Apresa accept data from V-Tap devices.

V-Tap Tunnel port number: The TCP port at which the Apresa server will listen for connections from V-Tap devices (by default 2016). If Apresa is connected to the Internet using a router, it might be needed to configure port-forwarding for this port at the router. The same port number must be specified at the V-Tap device.

V-Tap over TLS: Enable this option to let Apresa accept data from V-Tap devices that is send over TLS to secure the connection.

V-Tap over TLS port: The TCP port at which the Apresa server will listen for connections from V-Tap devices that send their data over TLS (by default 2017). If Apresa is connected to the Internet using a router, it might be needed to configure port-forwarding for this port at the router. The same port number must be specified at the V-Tap device.

V-Tap over TLS Certificate: Before enabling TLS connections for V-Taps, a server certificate is required. Such a certificate can be created or uploaded on the certificates page. Once a certificate has been created, it can be selected here

V-Tap Data separation: Enable this option when V-Taps are installed in possibly more than one network. When data separation is enabled, data from each V-Tap is processed separately and independently. This is the default option. This is essential for data integrity when V-Taps are installed in multiple networks, and data is sent to one central Apresa server. If data separation is disabled, data of all the V-Taps are processed with the assumption that they occurred in the same network. This can be needed if V-Taps are used to stream live mirrored network data from various points in the same network and data of a single call might come from multiple sources and needs to be combined to form a complete recording.

Accept only known V-Taps: When this option is enabled, only V-Taps with a MAC address configured in the table below will be accepted. Any other V-Tap with an unknown MAC address will be disconnected.

Accept only encrypted V-Tap connections: When this option is enabled, only V-Taps that encrypt the connection will be accepted. Any V-Taps that tries to send data unencrypted will be disconnected.

Store V-Tap recordings in received format: This option applies to V-Tap Analog, BRI, and PRI, but not to V-Tap VoIP. If enabled, the recordings will be stored in Apresa unmodified, as they were created on the V-Tap. If this option is disabled, the recordings will be stored in Apresa as configured in the Recording settings. For V-Tap VoIP, recordings are made in Apresa based on the recording settings.

Generate an alarm if V-Tap disconnects cleanly: If this option is on, a connected V-Tap disconnecting will always generate an alarm. If this option is off, a V-Tap disconnecting via a regular disconnect request will not generate an alarm. All other disconnects that result from an error will still generate alarms.

V-Tap extended alarms: V-Taps can send extended error information about themselves to the Apresa. If this option is on, alarms are generated based on this information. If this option is off, this information is not used. Disconnects will generate alarms regardless of this setting.

V-Tap Encryption password:

 Default: This encryption password is used for decrypting the data received from the V-Tap, when no device-specific encryption password is specified in the table below. The same encryption password must be specified at the V-Tap device.

 Multiple V-Taps that are connected to the same Apresa, can each have a separate password. V-Tap devices are identified by their MAC address. The MAC address must be entered as 12 characters (without colons). V-Taps can also be assigned to a tenant. Any call received via such a V-Tap will be assigned to this tenant. This will take precedence over any other tenant assignment configurations. Optionally a V-Tap can be given a name as well. This name is used to refer to the V-Tap on the status page and in alarm messages instead of its MAC address.

Always generate an alarm when a V-Tap in the table is not connected: Turning this option on will always generate a system alarm when a V-Tap configured in the table above is disconnected. Otherwise an alarm is only generated when a V-Tap disconnects after a first connect after a restart of the recording service.

 

MiCC Agents: Integration with MiCC database to read CSTA agent information. This option works in combination with Mitel Mx-One CSTA active mode. The CSTA monitor list is filled in automatically, and for detected calls the connected field is populated with the agent username.

Server address: IP name or address of the MiCC database server, optionally followed by a colon and a port (1.2.3.4:555)

Database: The name of the database containing the agent information, containing the tables cc_user and agt_logon_act.

Username/Password: The MS SQL database login credentials (with SELECT access to the relevant tables containing the agent information)

Synchronization Interval: The information is refreshed periodically according to the specified interval.

 

ShoreTel Database: Integration with ShoreTel call info database, to get active call information. This needs to be combined with port-mirroring of either the SIP trunk, or of the internal side (RTP audio streams from the phones). On the ShoreTel Director server, the ShoreTel Trunk Test (TrkHlpSvc) service needs to be enabled. Consider disabling the option MGCP in Apresa to disable interpretation of port-mirrored call signaling and only use database information.

Type: Select if you will be port-mirroring either internal or external traffic.

Server address: IP address of the ShoreTel server containing the MySQL database with telephony info.

Server Port: The port number at which the MySQL server can be reached.

Username/Password: The MySQL database login credentials (that is allowed access to the relevant database tables containing the call information)

Database: (1) The name of the database containing the heapportstatus and heaptrunkstatus tables.

Database: (2) The name of the database containing the ports table. This is optional, but is needed to detect the IP addresses of remote soft phones.

 

Salesforce: Integration with Salesforce.

Authentication domain: Normally this should be "login.salesforce.com" (or "test.salesforce.com" in case of sandbox environment).

Username/Password: Credentials of the Salesforce account to be used by Apresa

Add call records: If enabled, a (completed) task of type call will be created in Salesforce on a matching Contact or Lead. Currently the following custom fields of a task are required to exist:

Call_Recording_Link: This will contain a link back to this server to playback the recording

Completed_Date: This will be set to the date and time of the end of the call

Apresa URL: This is the URL that will be used when generating the link to the call recording. For example: https://recorder.company.com or http://192.168.1.2 .

Call type: The call type of the generated call record in Salesforce.

 

Client connector: When many instances of Apresa Client (PC software) connect to this server, this option can help to reduce load on the server.

 

Toshiba SMDR: Turns on support for Toshiba SMDR. These records can be used to improve local phone numbers.

Toshiba SMDR Port: The port on which Apresa should receive the Toshiba SMDR data. The default port is 1109.

Toshiba IP Addresses: IP address from which Toshiba SMDR data is expected to be received from. This is an optional setting. The IP Addresses are only used for health monitoring and to generate alarms when a connection from one of these addresses closes.

 

Transcription: Select a transcription provider (VoiceCrunch) to use for converting audio into searchable text.

For a good result, the audio storage codec should be set to G.711 Stereo (Recording settings, Audio file encoding).

The Debian package for PHP curl (php-curl), and the package containing trusted CA certificates (ca-certificates) need to be installed.

Server address: Input the URL of the transcription service (including https://). Recordings will be sent to this address for transcription, based on the defined transcription tasks.

API token: Input the VoiceCrunch API token

store data as: Select in which field (column) new transcriptions must be stored

Transcription tasks: Click this link to go to the page where you can define which calls should be transcribed.

 

The following setting enables a special custom feature that is not intended for general use.

Import Tenants from Mitel Telepo: Import tenants with their users and telephone numbers from the Mitel system. This import happens once every 24 hours.

 Mitel IP Name or IP Address: Name or IP address of the management node. Once the Mitel IP Name or IP Address field has been set, an Import button will appear. Clicking on it, will immediately start a background task to import the tenants.

 Mitel Token: Token for a ticket used to authenticate an external application

 Mitel Secret: Secret for the same ticket as the token used to authenticate an external application

 Mitel Higher level group: Any tenants imported from the Mitel Telepo will have this group as their higher level group