Security Rules

Happy New Year!

Many people are coming back from leave this week after a couple of weeks of holiday time, and in fact, they may still be in holiday mode! This can be a time of slightly later starts, slightly earlier finishes and casual attire. They may also be lining up for new security access cards and resetting forgotten passwords. It’s a timely reminder that security should never be taken for granted and that one of the many things that may contribute to a Happy New Year is to review your security policies right now.

Last year we experienced a few fraudulent incidents among our services. All of them could have been avoided by following a very simple set of rules which we would like to share with you.

  • Never send passwords over email, even if your email is encrypted the recipient may have an unencrypted email system and the password can be intercepted. Use SMS instead.
  • Never send both a username and password over the same communication channel, even by SMS. Just send the password, which will make it much harder to find out what it is for, even if intercepted.
  • Turn on two-factor authentication for your SASBOSS login. You can do it through the ‘my profile’ menu. Even if your password is compromised it won’t be exploited as you need a password and a mobile phone to login to SASBOSS.
  • Clean up your SASBOSS login list. Make sure that there are no obsolete or duplicate accounts, the contact details are relevant, and that the roles are still reflecting the login roles.
  • Make sure your logins belong to the correct Contact Groups in SASBOSS. This will ensure you get relevant notifications on time.
  • Turn on SASBOSS Call Charge Monitoring policy to Suspend if exceeded. Turn on our fraud protection. You can limit your financial risk per customer in case if the endpoint is compromised. To find out more refer to chapter 10.8 of the SASBOSS Guide.
  • Never expose a SIP phone web interface to the Internet. Make sure your firewalls are configured properly to block access to the phone web interface and there is no port forwarding set for a SIP phone web interface in case your phone is on the private network. There are security scanners that constantly scan the internet for exposed SIP phones which are exploited as soon as they are found.
  • Consider blocking international calls for phones located in public places. Usually, there is no need to make international calls from publicly available phones such as a hotel reception phone. Make sure the international calls are blocked for those phones so that they cannot be used for fraudulent activity.
  • Use SASBOSS generated passwords. SASBOSS can generate very strong passwords for users to login with. Although you can override them, it is a good idea to keep the complex passwords generated by SASBOSS.
  • Make sure your laptop requires a password to unlock the screen. Never leave your device unattended and unlocked. Setup a timeout to lock the screen, enforce a password or pin to unlock the device. It only takes a minute to create an additional super-admin user in SASBOSS if someone gets access to your pre-opened SASBOSS session.

 

Be safe in the New Year!

Stan Chizhevskiy, Technical Director

Free Mobile SoftPhone Add-on Available for Executive Users

Based on your feedback and requests, we’ve added mobile functionality (softphone client) to the executive licence at no charge. Please note that that functionality only includes calling and doesn’t include the full feature set of collaboration tools such as My Room and Chat.

Benefits:

1) Provides customer mobility without investing in collaboration
2) Improves customer’s ability to have a single number reach
3) Partners are able to lead with mobile solutions without the need to use collaboration licenses.

Get in touch with your Partner Success Manager today

To enable the product partners will need to login into SASBOSSTM and click on the ‘create all products’ in the service packs menu. This will add a Free Mobile SoftPhone licence to your inventory and then it can be provisioned. Note that for customers to have this functionality, the free mobile softphone needs to be provisioned as an add-on license. This can be used on its own or in conjunction with the free softphone for desktop clients.

Move your customer’s services with no diversion costs during the porting process

The Unified Porting Redirection (UPR) Service is designed to enable the migration of services to Access4’s environment prior to the porting process being completed and removes the complication with legacy porting workarounds. The service provides a single point for redirection of existing Geo Numbers within Australia.

The process effectively strips out the diversion process and delivers the call as if the number was hosted on the Access4 platform. The service doesn’t require any customised settings in SASBOSS nor any temporary numbers or licences.

How it Works

For every call, Access4 receives to the numbers in the Unified Redirection Number matrix, the diversion header which has ‘original called’ number (the number that has redirected the call) is examined against the provisioned numbers in our platform and delivered to the corresponding service.

This process effectively strips out the diversion process and delivers the call as if the number was hosted on the Access4 platform.

Process

1) Initiate port to Access4 as per the standard process.

2) Wait for PNV request to be confirmed and verified, at this point numbers will be added to the DID inventory and be available for allocation.

3) Configure SASBOSS services with correct number allocation.

4) Configure diversion of client numbers as follows:

a) Preference is to arrange Exchange Based Diversion (EBD).

b) Alternatively, if EBD is unavailable, numbers can be diverted from a managed end or PBX as long as the ‘original called’ number is preserved in the redirection signalling.

c) All numbers can be diverted on a ‘many to one’ basis to one of the following region based numbers in the attached matrix.

5. Once the service and diversions are in place, it is the partner’s responsibility to test the redirection is working correctly.

6. In the event calls aren’t terminating to the correct service, please check the SASBOSS service configuration and ensure the ‘original called’ number is present in the signalling prior to lodging a ticket with Access4’s TAC.

7. Once porting is completed and the diversion ceases, no changes need to be made to the SASBOSS services.

Benefits of the UPR service

  • No call costs for diversions during porting
  • Customers can move without waiting for porting to take place
  • Porting happens seamlessly in the background without any partner intervention
  • Prior to implementation, the customers own numbers are assigned to services removing the need to assign/remove dummy numbers during migration
  • Customer will dial out using their advertised numbers
  • The customer can redirect all their numbers to one centralised number allowing for exchange-based diversions. This means that customers can ‘turn off’ the services with the previous carrier.
  • Helpful for customers who have 1 or 1000 numbers.

Managing the Porting Process

In this blog, we’ll describe porting, a key process between carriers when moving one number from one telephony provider to another. It’s a common situation where the customer is with a particular carrier and wants to move services to another provider, in this case, Access4. The process refers to transferring Direct In Dial (DiD) geographical numbers, inbound numbers and international toll-free numbers.

The key to successful porting is following the established process and ensuring accurate information is provided to avoid delays. We advise all our partners to put enough time into reviewing their submission to be sure they can deliver all the required details.

1) Collecting all documents required to support a porting request

Supplying a copy of your client’s latest invoice (not older than 3 months) speeds up the process and allows us and the carrier to work through anomalies without reverting back to you or the client for further information; while we understand that this might be considered as a confidentiality challenge, it allows all parties included to confirm ownership of the number and the complexity of service to avoid any future miscategorization, during the porting process.
Partners are required to have written authority from their customer, authorising them to port on their behalf. By regulation, the losing carrier can challenge the authority, so it’s necessary to have these details stored in the event proof of authority is required.

2) Identifying your numbers category

Before you log a Porting request, you will need to identify which category the number/s belong to. There are three types of porting categories:

Category A – A simple PSTN analogue phone on the copper or NBN or SIP number. It can’t have complex services listed for Category C.
Category C – Any PSTN single number that has complex services attached or multiple 10/100/1000 number blocks – if you notice that you are not in the Category A it’s possible that you are Category C. See the table for a full description.
1300/1800 numbers.

What if you are not sure about which category? It’s best to discuss this in advance, so we are happy to help you to define the number category. Once that is done, you can proceed with the next step.

3) Upload a copy of the retail invoice to SASBOSS as part of the porting request.

The timeline after your porting request (step by step guide):

1. Your request received – Access4 receives and submits numbers to gaining carrier on a Porting Authority Form (PAF) with the retail invoice as proof of ownership. Timeline: submitted with 4 business hours.

2. Pending acceptance – The gaining carrier submits porting number validation (PNV) request to the losing carrier and awaits a PNV response. Timeline for Category A: 7 Business Days / Timeline for Category C/1300: 9 business days.

3. Submitted to carrier – Gaining and losing carriers have verified the request through an SNA/CNA and are awaiting port time and date. Numbers are imported into SASBOSS.

4. Verified – Port verified by a losing carrier. At this point, the numbers are automatically inserted into the DiD Inventory and are available for activation and outbound CLID over stamping. Timeline for step 3) and 4): Category A: 7 business days / Category C/1300: 15 business days.

5. Booked – Partner & End Customer have agreed on porting time and date. Timeline for Category A: Between 2-30 business day’s notice required. Timeline for Category C: Between 12-60 business day’s notice required. Porting will be between the 08:00 and 16:00 hours.

6. Completed – The Port has been completed and carrier sends a confirmation to Access4. SASBOSS is updated and the partner is informed via a ticket update. Timeline: Within one hour of commencement.

Note: the client may experience a short outage as the carriers update their routes.

Challenges and most common questions

The biggest challenge faced during porting is the accuracy of the information provided during submission. This includes associated numbers (missing numbers part of a group) and wrongly associated numbers (numbers that need to be disassociated because they don’t belong to the group or customer). If this occurs delays are inevitable and the process effectively starts again.
By selecting the ‘ASAP’ option in the porting machine the process is sped up as we’ll get the opportunity to request the first available date. Both carriers will have to agree that there is a vacant spot in their porting schedule. If the spot is available, the request gets accepted and automatically updated in the system, and visible in the SASBOSS.
Rescheduling charges

Partners can request to move the date but must do so with at least 48 hours notice prior to the scheduled port booking. No charges apply for the first reschedule, but an $80 fee applies for subsequent moves. Some carriers won’t allow more than 2 changes to the porting date, so we request partners manage customer expectations and lock dates in.

Rejection and cancellation charges

Rejection charges apply in the event the port can’t proceed due to misinformation submitted that can’t be resolved with 2 requests from the carrier. Please refer to your price-book for failed/withdrawn porting costs. In the event a partner cancels the port after the batch has been verified, the withdrawn fee applies.

BroadSoft UC-One integration into Apple call kit a game changer for mobile Unified Communications

Employees are looking for greater flexibility and work-life balance whilst businesses need to continue to be more competitive and increase productivity. Unified Communications as a Service (UCaaS) helps achieve this balance and provides businesses with the ability to meet the needs of a changing workplace. UCaaS solutions such as BroadSoft’s UC-One from Access4 provide the ability for users to have ubiquitous connectivity to anyone, anywhere, at any time from any device.

The advantage of being able to communicate whilst mobile by using chat, voice, video and conferencing mean that employees are not tied to a desk. By using a mobile application such as UC-One Communicator, the user is able to be reached via their fixed business phone and the user can then act further on the call, such as transfer to another user or start a conference call. This, then overcomes the issues faced when a traditional call comes in to or is transferred to a mobile and nothing further can be done with the call, as it literally reaches a dead end. The challenge with previous mobile UC applications for a long time was that they were considered Over The Top (OTT) applications. This meant that they used the data connectivity in the phone to make calls as a SIP or Data call and if a mobile (GSM) call came in, it would take precedence and disconnect the data (SIP) call or at the very least put it on hold.

Additionally, as the mobile UC is an app, to accept an incoming call, the user would need to unlock the phone to be able to take the call. Depending on the time before a call would go to voicemail, often this makes the mobile UC application impractical for taking calls in real life.

The latest version of UC-One Communicator addresses this by integrating with the Apple iOS call kit framework. This means that data (SIP) calls to the UC application come into the native dialer and can be answered from the lock screen like a normal mobile call. If the user is on a data call (due to the integration) an incoming call from the mobile network does not end the call or put it on hold, the user has the option to activate call waiting as normal.

This ability to make the mobile UC experience seamless opens the way for businesses to really adopt mobile unified communications as a real solution for business, not a technical gimmick. Users can take calls on their mobile device using their office landline number as if they were in the office. More importantly, once on a call they can conference in others, transfer the call, or “pull” the call to another device like their desk phone or PC UC-One application. Think about how many people you see in the office whilst on a call on their mobile phones, with a desk phone or headset in reach but as the caller dialled the mobile number the call stays trapped on the mobile.

The integration into the call kit framework, also allows the user to make calls from their mobile contacts using the native iPhone dialler by simply holding the call button and the option to make a call using UC-One Communicator presents itself. The call is then made over data as a SIP call and the caller sees the businesses fixed line, not a mobile number. Now every iPhone in the business has a work persona and a personal persona. Employees can bring their own device into the business, the business can simply provide a collaboration licence and the business only ever needs to publish a fixed business number for their staff.

Understanding call quality for Internet voice applications

It’s been a long time since Voice over Internet protocol (VoIP) became an alternative to traditional telephony. Initially used by enterprises to by-pass expensive national and international call routes VoIP became the mainstream when consumers started to use it, and subsequently small to mid-sized business in the form of telephony solutions such as Cloud PBX. For many people, quality is still a common question when considering voice over IP services. The technology itself was designed with quality of service in mind however, a lot early adopters of VoIP technology failed to configure their services well enough.

This poor experience is well described by Gartner’s Hype Cycle in the trough of disillusionment where early adopters view the service as sub-standard.

Nowadays IP telephony and Cloud PBX can deliver much better quality than traditional telephony. Faster and larger links, technology improvements, new high definition wideband codecs [such as G.722] and better network designs almost eliminate quality problems in VoIP solutions. This allows telephony to move into the cloud along with the other services making it an attractive and scalable business phone system option for businesses of all sizes.

Delivering voice over the Internet in some situations may still cause voice quality issues especially if transported over slow and congested ADSL links with oversubscribed DSLAMs. Being able to monitor the quality of every call to ensure call quality provides transparency and peace of mind for customers, it also allows quick identification of potential issues in a network that can affect call quality.

Access4’s approach is to monitor voice quality across its Unified Communications platform for Cloud PBX and Hosted Contact Centre users. For Access4 partners access to the same quality data is available for their customers. This real-time information helps in making sure any potential problems are proactively identified.

The voice call quality dashboard in SASBOSS™ simplifies monitoring and also facilitates a faster troubleshooting process where partners need to escalate to Access4 technical support. The tool provides access to specific call data and unique call identifiers to make the triage process considerably easier for the partner and improve the customer’s experience. Access4’s Unified Communications solutions now interrogate phones and softphones connected to the BroadSoft® platform to provide feedback on call quality at the end of each call.

Cloud PBX Quality

As with many things, call quality can be subjective and has historically been measured by people giving their opinion of call quality on a scale from 1 to 5. This became known as the Mean Opinion Score (MOS).

MOS became an industry standard for measuring phone call voice quality. In VoIP networks, MOS is calculated based on different parameters such as packet loss, round trip delay, jitter, the codec used, signal and noise levels, etc. In reality, MOS’ never reach scores of five (5) however values between four (4) and five (5) indicate very good quality. Despite MOS being a calculated value, it is still an opinion score which means its absolute value cannot be used alone without a trending view to understanding changes over time and identifying minimum and maximum values. For example, three phones from three different vendors, connected to the same network next to each other could report slightly different quality values. If all the phones consistently report scores of 4.1 but today one phone reports a score of 3, the customer will be experiencing the poorer quality and perhaps something is wrong with their network or connection.

Calculated MOS is reported by the phone via RTCP-XR SIP Publish messages back to Access4’s centralised collector that consolidates all the reports into a database for further processing. Phones report two (2) MOS’ – one for listening quality (MOS-LQ) and one for conversational quality (MOS-CQ). Listening quality reflects the quality for a person who listens on the phone and conversational quality reflects an overall quality. Splitting LQ and SQ helps to determine the reason for the bad quality. If LQ quality is low while CQ is higher that means the network is not handling voice towards the phone while upstream is fine. If LQ is fine but CQ is affected you may question network performance in the other direction, from the phone to the cloud platform. In an ideal network environment, CQ and LQ should be identical.

SASBOSS™ call quality feature aggregates all the reports for individual calls and visually graphs the average call quality for a requested period for all your customers, individual enterprises or even at a single service level. Extended call quality Call Detail Records (CDRs) can be pulled for individual services for detailed analysis. MOS is only reported for the calls longer than 10 seconds; however detailed CDRs are available even for the calls that did not get an RTCP-XR report back from the phone.

How to use the SASBOSS™ quality monitoring feature:

There are a number of different ways to access voice quality graphs in SASBOSS™; through the call quality dashboard available under the ‘Dashboard’ main menu, through enterprise “actions” menu by selecting “view call quality” to view quality metrics for that enterprise; or through service “actions” menu to view voice quality of a particular service.

Call quality graphs will aggregate RTCP-XR reports for a specified timeframe and show the number of calls used to render the graph.

Each point can be hovered over to obtain additional information such as exact values calculated for the specific point or zoomed in by clicking on it. Once clicked, the graph will automatically select a narrower timeframe and graph individual calls.

More detailed information is available by clicking on the data points for individual calls.

This data record allows quick identification of the customer, group and service the call belongs to as well as many other factors that can affect the quality of experience:

  • Phone vendor and model – some devices provide better quality
  • Firmware version – we recommend to keep the phones on the latest Access4 supported version;
  • Device IP address (and NAT IP if the device is behind NAT) – it is important to understand if there is a firewall between the phone and SBC as firewalls need to be configured to support VoIP properly;
  • SBC IP address – the actual IP address where their RTP stream carrying the voice was sent to or received from, this information may help network engineers to investigate network issues related to voice quality;
  • MOS LQ and CQ.

If a partner has a call issue that requires escalation to Access4, they can easily do so by clicking email support in the ‘Call Grid Data Record’. SASBOSS™ will populate all the important data removing the data entry error including the unique reference to the call. This allows Access4 engineers to go directly to the call speeding up the resolution process for customers.

Stan Chizhevskiy, Technical Director

Drop into a hosted collaboration session without any software

With Access4 organisations can collaborate internally with UC-One Communicator users and to anyone with a chrome browser and an internet link. The link that you have been sent provides you guest access to Access4’s cloud collaboration from BroadSoft.

To access this meeting all you need to do is click on the link or copy and paste it into your Chrome Browser, then enter your name. There is no need for passwords, complicated codes, or for you to subscribe to a service to join a conference.

Note that this application is only supported on Chrome.

Once you have signed in, you have a choice of an audio conference, a video conference, or additional dial-in details are provided for you to dial in over your normal phone.

Access4’s guest access to its Unified Communications and Collaboration will allow you to send and receive chat messages, engage through voice and video and view the presenter’s workspace.

Design + code by Jalapeno Creative.

Scroll to top