WO2015121389A1 - Method and hardware device for remotely connecting to and controlling a private branch exchange - Google Patents
Method and hardware device for remotely connecting to and controlling a private branch exchange Download PDFInfo
- Publication number
- WO2015121389A1 WO2015121389A1 PCT/EP2015/053033 EP2015053033W WO2015121389A1 WO 2015121389 A1 WO2015121389 A1 WO 2015121389A1 EP 2015053033 W EP2015053033 W EP 2015053033W WO 2015121389 A1 WO2015121389 A1 WO 2015121389A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- hardware device
- pbx
- server
- connection
- network
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1053—IP private branch exchange [PBX] functionality entities or arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/22—Arrangements for supervision, monitoring or testing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/22—Arrangements for supervision, monitoring or testing
- H04M3/24—Arrangements for supervision, monitoring or testing with provision for checking the normal operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/42314—Systems providing special services or facilities to subscribers in private branch exchanges
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/42314—Systems providing special services or facilities to subscribers in private branch exchanges
- H04M3/4234—Remote access to features of PBX or home telephone systems-teleworking in a PBX
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2203/00—Aspects of automatic or semi-automatic exchanges
- H04M2203/05—Aspects of automatic or semi-automatic exchanges related to OAM&P
- H04M2203/053—Aspects of automatic or semi-automatic exchanges related to OAM&P remote terminal provisioning, e.g. of applets
Definitions
- the present application relates generally to telecommunications equipment and more specifically to Private Branch Exchanges (PBX's) installed on a local area network (LAN).
- PBX's Private Branch Exchanges
- LAN local area network
- PBX's and other telecommunications equipment are regularly installed on a customers' local area network.
- PBX's which connect to a local area network are generally referred to as IP- PBX's.
- Local area networks in turn are typically connected to the Internet.
- barriers for example firewalls
- support for a PBX is performed by means of site visit by a support engineer. This is both costly and time consuming.
- PBX equipment on a company's internal network can be limited by the presence of firewalls, gateways or other barriers designed to provide protection of valuable data on the company's network by unauthorised users, thus the equipment to be remotely accessed is rarely directly accessible by a public IP address.
- the PBX equipment itself may be designed by different companies and not easily programmed to allow set up of remote support from a single server location.
- a site visit would generally be required to facilitate remote support if it is possible.
- Gateways can provide centralised access to the internet based on Network Address translation (NAT) which allows specific IP equipment on a premises share access to the internet. There isn't a general mechanism for inbound traffic. Gateways can be configured to map ports to specific equipment or proxies installed to handle specific applications. Because of such security barriers it generally requires trained IT personnel to support and approve the initial setup of remote access to equipment.
- HTTP Hyper Text Transfer Protocol
- FTP File Transfers using File Transfer Protocol
- Gateways can provide centralised access to the internet based on Network Address translation (NAT) which allows specific IP equipment on a premises share access to the internet.
- NAT Network Address translation
- Gateways can be configured to map ports to specific equipment or proxies installed to handle specific applications. Because of such security barriers it generally requires trained IT personnel to support and approve the initial setup of remote access to equipment.
- US7734909B1 describes an approach to address some of the difficulties associated with accessing a PBX through a firewall.
- it describes disguising servicing commands within instant messages or as VoIP packets so that they are allowed through a firewall to a device described as a data collection agent. Once a servicing command is received at the data collection agent, the data collection agent will execute the servicing command on the equipment to be serviced.
- this approach solves a number of the problems, it also creates some.
- the data collection agent must be configured to operate with the particular equipment so that it can send servicing commands.
- the system requires that direct access be given since the method is established by a direct VoIP or instant message path between a user and the data collection agent.
- the present application addresses this by providing a hardware device that can be placed on a company's local area network that can connect a PBX to the outside world through a firewall or other barrier.
- the advantage of such a device is that PBX equipment may be remotely accessed without interfering with the firewall or other barriers locally present on the network where the PBX is located.
- the hardware device may be shipped directly to a customer's site using post or courier.
- the hardware device is designed to be simple and easily installed by anybody requiring just a network and power supply connection. Once installed on the local area network, a remote connection to the PBX may be established through a secure tunnel established between the hardware device and a support centre server.
- an engineer located at the support centre may provide support by accessing the PBX as if they were connected to the same local network as the PBX thus saving the cost of a call out by a technician to the site.
- the hardware device may also be used to perform functions on the PBX directly.
- a method for providing remote support to a PBX connected on a local network at a site comprising the connecting of a hardware device to the local network, the hardware device then performing the steps of: making a connection with a predefined server outside of the local network; establishing a secure connection with the server; and providing a connection through the server by which a user on a separate computing device may connect through the established secure connection with the PBX.
- step of making a connection comprises the steps of the hardware device making an outbound connection to the server and transmitting identification data.
- statement 6 or statement 7 further comprising the hardware device checking whether the secure tunnel to the server has collapsed and upon finding that the secure tunnel has collapsed automatically re-initiating the connection.
- step of establishing a secure connection comprises the authenticating the identification data and requesting a secure tunnel connection over the same outbound connection socket back to the hardware device so as to establish the secure tunnel.
- step of authentication comprises comparing the MAC address with predefined MAC addresses stored at the server.
- step of authentication comprises confirming the valid decryption of the identification data.
- statement 15 or statement 16 further comprising the step of the hardware device performing a test to confirm the presence of the PBX at the local network address.
- a method according to any preceding statement further comprising providing at the server a network address through which a computer may connect to and access the PBX through the secure connection.
- mapping information is maintained on the server and locally on the hardware device of each site, wherein the mapping
- a method according to any preceding statement further comprising the step of the hardware device downloading an update of PBX firmware to memory on the hardware device and subsequently uploading the PBX firmware onto the PBX.
- a method according to any preceding statement further comprising the step of the downloading data from the PBX.
- a method according to statement 23, comprising analysing the data to detect a problem and sending a notification where a problem is detected.
- command issued may be one which prevents any outgoing calls from the PBX.
- abnormal activity may comprise detecting from the data calls made to at least one of predetermined countries or numbers.
- the hardware device includes a RF circuit for establishing a connection to a mobile network and wherein a connection to the server through the mobile network is established where a connection through the local network fails.
- mapping information is maintained at the server allowing a computer to access a PBX as if it was on the same network, wherein the server translates the local address into a destination address and forwards the IP traffic from the computer to the intended PBX to be accessed.
- a method according to any preceding statement further comprising the provision of a web interface on the hardware device through which a user may program the address of the PBX or other information.
- a method according to statement 43, wherein a user on the local network may access the web interface using the IP address of the hardware device on the network.
- the recording of the time may include an identification of one or more of: a) the user on the separate computing device, b) the separate computing device, c) the hardware device, d) the customer associated with the PBX.
- a method according to statement 50 wherein the information is aggregated for multiple customers to provide a network measurement for the telecommunications network or a part thereof.
- a method further comprising the server performing a health check of the telecommunications network to which a plurality of hardware devices are attached providing connections between the server and a plurality of PBX's, the method comprising the server performing a network test, e.g. sending a ping or http request, to the a plurality of PBX's to determine a measure of the state of the telecommunications network.
- a network test e.g. sending a ping or http request
- a hardware device for facilitating remote support to a PBX comprising an Ethernet network interface for connecting to a local network on which a PBX may be connected, the hardware device being configured to attempt to make a connection through the local network to a predefined server outside of the local network and upon making a connection to establish a secure connection with the server and to act as a conduit for data between the server and the PBX.
- the hardware device further comprises a RF circuit for establishing a connection to a mobile network in the event that the hardware device cannot make a connection to the server through the network interface.
- the hardware device of any one of statements 55 to 57 further comprising an indicator for indicating when a connection has been established to a local network and for further indicating when a secure connection has been established with the server.
- LED light emitting diode
- command may be one to reset the PBX or to prevent any outgoing calls from the PBX.
- Figure 1 is a block diagram showing a system according to an embodiment of the present application illustrating a single case use
- Figure 2 is a block diagram illustrating the system in a multi case environment
- Figure 3 illustrates an exemplary representation of a hardware device for use in the systems of figures 1 and 2;
- Figure 4 is a block diagram of the circuitry of the hardware device of figure 3
- Figure 5 is a flow chart of an exemplary process for establishing a secure tunnel between a hardware device and a server in figures 1 and 2;
- Figure 6 is a flow chart of the link management at the remote control server and the Hardware device end of link;
- Figure 7 is a table showing an example of the remote control server mapping;
- Figure 8 is a table showing an example of the hardware device mapping.
- a simple situation is one in which a customer 102 has a local area network 108 to which a plurality of different devices 110, 112 may be connected.
- One of these devices may be a PBX 110.
- a supplier may be responsible for this PBX, albeit that the PBX 110 is installed on the customer's local area network (LAN) 108 rather than the suppliers local area network.
- the supplier may not have supplied the PBX to the customer but merely maintains it for them and provides support.
- the customer's LAN 108 is secured by a firewall 114 which prevents the supplier obtaining direct access to the customer's equipment unless provision is made on the firewall for example by the network administrator opening a port connection on the firewall to the PBX.
- the supplier has provided the customer with a hardware device 300.
- the hardware device 300 has an Ethernet interface allowing it to be connected to the customer's LAN using a conventional Ethernet (patch) cable.
- the hardware device may also have a Wi-Fi adaptor allowing it to connect wirelessly to a local network.
- the hardware device is configured to employ standard networking protocols, for example Dynamic Host Configuration Protocol (DHCP), to obtain a local IP address on the network and the IP address of the Internet gateway on the LAN.
- DHCP Dynamic Host Configuration Protocol
- the hardware device attempts to make a connection to a server 106 on the Internet 104, which is associated with the supplier.
- the server may be identified by means of an IP address or URL.
- the server in turn may be protected by a firewall 116 from the Internet.
- the server and hardware device establish a secure tunnel.
- This secure tunnel may be used to allow a remote engineer 118 connect from a remote computer through the tunnel established by the server and the hardware device to the PBX 110 on the LAN, thus bypassing the firewall 114.
- the arrangement is not limited to providing support for a single PBX.
- the system may be used to allow multiple engineers on different computers 118 connected to the remote server 106 access to multiple PBX devices 110 using multiple hardware devices 300 on different LANs, which in turn are at different sites (1-n) where each site may correspond to a separate customer.
- the support site where the support engineers are may be a single site with a single network 42 to which the remote server and support computers are connected. Similarly there may be engineers at a different site on a different LAN 44 which is connected through a gateway 40 to the network 42.
- the hardware device 300 is intended to be as simple as possible for a user to install. More particularly, the hardware device is intended to be shipped from the supplier and installed by any person on the customer's site without specialist knowledge. The hardware device accordingly has a minimum of connections and no displays, keyboards or similar features which would be common on a computing device.
- the hardware device has an Ethernet connector 304 and a power supply connection 302 along with an associated power supply (not shown).
- POE Power Over Ethernet
- the separate power supply may be omitted and power obtained directly from the Ethernet connection.
- the only other visible features are a number of indicators, typically LED's 306,308, 310. These are intended to be straightforward and easy for a user to understand. Thus in the exemplary device shown, there are three LED's. A red LED 308 is located beside a green LED 306 on the top of the device and an orange LED 310 is integrated with or beside the Ethernet port.
- the red LED is used to indicate power and will come on if there is power present.
- the orange LED is used to indicate if a network connection is present.
- the green LED serves two purposes; firstly it flashes where the hardware device is attempting to connect to the remote server and then goes solid green when a secure tunnel has been established with the remote server. It will be appreciated that this simple arrangement for the hardware device allows for practically fool proof installation whilst at the same time allowing a remote engineer by means of simple questions over the telephone to a user to ascertain the state of connection of the hardware device.
- the hardware device may come with a separate wall- bracket allowing it to be mounted out of the way for example in a communications cabinet.
- a clip 312 may be provided through which a cable tie or similar faster may be looped to restrain the power lead and to prevent the voltage supply from accidentally being removed.
- the memory suitably comprises non-volatile memory which may be used to store program code and
- the hardware device may also comprise a RF circuit 406 for communicating with one or more mobile networks. Where such an RF circuit is provided, the antennae for the RF circuit may be internal to or mounted externally on the hardware device. Where such an RF circuit is included the device may include a connection for one or two SIM cards to allow access to the mobile network. Having two SIM cards allows for redundancy in the case of the failure or unavailability of a particular mobile network (for example in an area of poor reception). It will be appreciated that mobile reception can never be guaranteed but providing multi-SIMS allows for access to more than one mobile network which reduces the risk.
- the purpose of the RF circuit is primarily as a back-up in case the hardware device is unable to establish an Internet connection through the local area network or where the connection fails.
- the method of use 500 of the hardware device with the remote server will now be described in greater detail with reference to Figure 5.
- the process begins with the connection 502 of the hardware device to the client network.
- connection 502 of the hardware device to the client network.
- the hardware device obtains a local IP address on the network.
- the hardware device then automatically initiates 504 a connection to the remote (control) server.
- the hardware device will establish this connection using a pre-defined domain name or public IP address.
- this step of initiating includes sending encrypted data to the server.
- the data is encrypted using a public key of the server which may be obtained as part of the initial communication or be pre-stored on the hardware device.
- the encrypted data may contain a customer ID or PBX device ID details or both.
- the data is to identify the site to the control server. Other methods may be employed for example using the MAC address of the hardware device as the identifier. Regardless of the data selected, it is used by the server to ensure that the connection request is coming from a valid hardware device.
- a permanent secure tunnel connection is established 506 from the remote control server to the Hardware device. It will be appreciated that the connection will be made through a port on the router/gateway of the customer's LAN.
- the secure tunnel for example an SSH tunnel, will suitably be over the same port as the initial incoming request from the hardware device.
- the port used may be port 443 which is the port conventionally used for secure http connections.
- This secure tunnel is permanently established and duration of the link may be controlled 508 by the transfer of keep-alive control signals.
- the remote control server can dynamically establish 510 an IP link within this secure tunnel to the hardware device when transfer of data to/from the PBX is requested.
- the administrator of the local IP network programs the Hardware device (via a web configuration interface) with the name and IP address of the PBX that may be accessed by the remote control server. This gives the LAN administrator the full control of how the remote control server can access the local LAN.
- the web configuration interface may also allow the LAN administrator the ability to identify the type of PBX present on the network.
- the web configuration interface may allow the LAN administrator to select the manufacturer and model of the PBX. This for example may be by means of conventional drop-down boxes in a web page provided by the web configuration interface.
- the web configuration interface may also be accessed by a remote user through the server and secure tunnel. Access to the web interface may be controlled by additional security including the requirement to provide a username and password.
- the remote control server may validate IP addresses of PBX devices to be accessed that are stored on the hardware device or identifies and
- the PBX information (primarily IP address but may include make and model of PBX) is pre-programmed prior to dispatch to the customer.
- the hardware device may be configured to interrogate the PBX (using the programmed IP address) to identify the manufacturer or model of the PBX or both. Knowing the make and model of the PBX allows the hardware device to interact with the PBX correctly since the way in which data is retrieved from and loaded onto a PBX can vary based on manufacturer and possibly model.
- the method commences with the hardware device issuing an IP connection request (e.g. ping or http request) to the IP address of the PBX.
- IP connection request e.g. ping or http request
- the PBX will have the media access control (MAC) address of the PBX.
- the hardware device suitably has a table or database of MAC address ranges, with each range associated with a particular manufacturer and model. This database or table may be looked up using the retrieved MAC address to identify the manufacturer and model. The table or database may be updated from the remote server or indeed hosted on the remote server and interrogated by the hardware device.
- identification meaning at least one of the manufacturer and model of the PBX allows the hardware device to interact correctly with the PBX.
- the retrieving of call statistics from the PBX is described below. Whilst this feature may be provided generally on PBX's, the method and information required to retrieve the call statistic files will vary from manufacturer to manufacturer or indeed from model to model. Thus by performing the interrogation or by information entered through the web configuration interface or otherwise, the hardware device may identify the manufacturer or model of the PBX or both and interact with the PBX using the correct method permitted for the manufacturer or model or both.
- a certain manufacturer might make its call statistics retrievable as a particular file using a http request.
- the hardware device having identified a PBX as coming from a particular manufacturer would know (from a table or other source) that the appropriate method to use was a http request and more particularly the form of the http request, e.g. http:// ⁇ ip address>/call_statistics.csv. It also allows the PBX to determine the file format of the call statistics file (if the information is provided in a file) e.g. whether it is a comma separated format (csv) or other generic format or indeed a proprietary format of the manufacturer. Equally, having identified the PBX, the structure of the call statistics data may be determined to allow the hardware device to perform an analysis, e.g. what format date and time data might be in, the order of the data items, etc.
- the hardware device may parse the call statistics file to produce a call statistics search report. For example, duration of outgoing calls on a particular date.
- the hardware device may function with a wide variety of different PBX
- This generic information may be uploaded to the remote server. Additionally, the information may be made available through a web interface, either at the remote server an associated server or on the hardware device, to a network administrator locally or to a remote engineer.
- a standard interface showing call statistics may be presented to a user irrespective of the PBX present. It will be appreciated that the interface presented to the user on the hardware device is not that of the PBX and thus a network administrator may be given access to particular sets of data or indeed functionality of the PBX through the web interface without actually requiring any direct access to the PBX or indeed knowledge of how to navigate the PBX interfaces. It also allows for customisation of the access provided to a local network administrator or indeed other users.
- the remote server can be used to grant access to a PBX on a customer's site from a support engineer which may be operating from a remote support centre PC connected to the remote control server via internal private network or via secure web access can request connection to a client site.
- SSH secure shell
- the method of granting access suitably begins with an engineer on a support centre computer (PC) making a request 514 to access the remote control server. Access from support computers may be limited by an authentication procedure 516 or other security procedures including for example requiring the entry of usernames and passwords.
- the remote control server authenticates support PC and access credentials
- the engineer is granted access 518 to a database containing details of the various customer sites that are connected by secure tunnels to the remote server.
- the database contains a list of client sites and devices on each site. Access to this database may be through a particular application or for example by means of a suitable web page interface. Such access may be limited to users with appropriate privileges for accessing a particular client site. Thus different support engineers may be granted access to different customer sites.
- Upon request from support centre PC to remote control server to connect to a particular client site a dynamic IP link is established 520 by the remote control server within the already established secure tunnel to the hardware device of that specific client.
- the remote control server maps a unique destination IP address to each local IP address of the predetermined PBX equipment on the local IP network as illustrated in Figure 7. More particularly, the remote control server sets up dynamic IP link within the SSH tunnel between selected hardware device and support PC if not already established using either source or destination based routing. Once the dynamic IP link is established, the hardware device forwards data to/from PBX as requested by support PC. When the support engineer is finished, they can request the server to clear 524 the dynamic IP link between the hardware device and the support PC, which in turn clears down the dynamic IP link. It will be appreciated that permanent secure tunnel is left in place.
- the remote server will continue to monitor 602 the connection.
- the remote control server is suitably configured to only permit IP traffic to flow from authorized remote support centre PCs to the hardware device.
- the hardware device will forward IP traffic to the local IP address of the PBX. Unsolicited traffic from the hardware device is ignored 606 by the remote control server. Unsolicited traffic from the local IP network to the hardware device is ignored.
- the support centre PC On completion of data transfer between support centre PC and client PBX being managed the support centre PC will close down the IP link within the secure tunnel to the hardware device thereby closing off communication to the client PBX being managed.
- the remote control server can also close down the link automatically after pre-programmed conditions are met (e.g.; a specified time period, traffic inactivity). Equally, the remote server can monitor 604 the SSH tunnel to ensure that activity is with predefined limits. Equally, all activity can be logged 604 to record an accurate picture of the actions and time spent between support computers and customer sites.
- pre-programmed conditions e.g.; a specified time period, traffic inactivity
- the hardware device may include a monitoring function 608.
- This monitoring function may monitor 610 the secure connection to ensure that traffic is within expected limits. Where activity is detected outside these limits, the hardware device may clear down the secure tunnel and attempt a reconnection 612.
- An exemplary limit may be the number of failed packets in a given period.
- the IP-enabled PBX devices 110 that can be controlled may be determined by programming the IP addresses of these IP-enabled PBX devices 110 into the hardware device 300.
- the IP address of the IP-enabled PBX devices 110 on the customer network 108 can be
- Remote support centre PC 118 or indeed a plurality of PCs may be connected to the remote control server 106 via internal private network 42 or via secure web access may request connection to a client site if they have appropriate access privileges.
- the remote control server 106 stores a list of all connected Hardware devices 300 and allows support centre PC 118 access to client sites and I P-enabled PBX devices 110 on each site that level of access control permits.
- a dynamic IP link is established within the already established secure tunnel by the remote control server 106 to the hardware device 300 of that specific client.
- I n order to overcome the fact that many client site networks have overlapping private IP subnets (e.g.
- the remote control server maps a unique destination IP address to each of the local private IP addresses of the I P-enabled PBX devices on the client site network as shown in Figure 7.
- the mapping associated with a particular site is shared with the hardware device on site. Then the remote control server will only permit I P traffic to flow from authorized remote support centre PCs to the hardware device.
- the hardware device as shown in Figure 8, will then use the shared mapping information to translate the destination I P address to the local IP address of the I P-enabled PBX equipment and forwards the I P traffic to the appropriate IP-enabled PBX device 110.
- the mapping also specifies the IP addresses of the support centre PCs that are authorized to access the client site network.
- IP traffic to and from un-authorized support centre PCs is ignored. This is accomplished by the remote control server 106 assigning virtual I P addresses to the hardware device 300 and for each IP-enabled PBX device 110 to be managed on the site and the Hardware device forwards on the appropriate data for each IP-enabled PBX device 110 through the use of I P tables to implement NAT.
- the engineer at the support centre can interact with I P-enabled PBX device 110 as if the support centre PC 118 was connected on the same IP network as the IP-enabled device 110.
- Un-authorized access to the IP link is prevented by the use of firewall software both in the Hardware device 300 and at the remote control server 106. Unsolicited IP traffic from the hardware device 300 is ignored by the remote control server 106. Unsolicited I P traffic sent by the IP-enabled PBX devices 110 to the hardware device 300 is ignored. Unsolicited IP traffic from any device 112i_n on the local I P network 108 to the hardware device 300 is ignored.
- the support centre PC 118 On completion of data transfer between support centre PC 118 and client IP-enabled PBX devices 110 being managed the support centre PC 118 will issue a request to remote control server 106 to close down the IP link within the secure tunnel to the hardware device 110, thereby closing off communication to the client IP-enabled PBX device being managed.
- Source or destination address mapping can be used in setting up the dynamic IP links.
- the remote control server can also close down the IP link within the secure tunnel automatically after pre-programmed conditions are met (e.g. time period, traffic inactivity).
- the hardware device 300 has stored in programme memory a plurality of domain names or public IP addresses. In the event of a failure to connect to the remote control server (6) after a predetermined number of attempts the hardware device (la) will cycle through the plurality of domain names and IP addresses until a successful connection is attained.
- the remote control server 106 can establish secure IP links between a plurality of associated hardware devices 300 via the remote control server 106 thereby providing a restricted access virtual private network between the networks on which the associate hardware devices are connected.
- the primary purpose of the hardware device is to establish a secure tunnel to permit remote access to a PBX, it is not so limited.
- the hardware device may be used to supervise, monitor and update the PBX. For example, a particular problem with PBX's is updating their firmware. The conventional wisdom being that the firmware will be uploaded locally by a technician. As a result, PBX's are not particularly fault resistant and having a PBX retrieve a firmware update across the internet may be at best unreliable.
- the hardware device may be configured to have excess storage capacity, which may be used to download a firmware update. Once the firmware update has been successfully downloaded, the hardware device may cause the PBX to download the update locally from the hardware device.
- software files may be uploaded from the PBX's to the server through the hardware device.
- This option may for example be employed to allow the software to be passed onto a PBX manufacturer so that the manufacturer can debug the software or identify a solution to a particular issue identified.
- the hardware device may also be used to interrogate the PBX for data, for example call statistics or call records.
- One use of this may be to prevent misuse of the PBX. It will be understood by those skilled in the art that there are a variety of different methods by which an unsuspecting customer may be defrauded through misuse by either staff or third parties of a PBX. One particular example is hijacking by unauthorised third parties. Frequently, a customer only realises there is an issue when a bill is received a month or more after the event.
- the hardware device may be used to identify the problems/potential abuses at an early stage from call statistics or call records. For example, the hardware device may build up a record of the usage pattern. The hardware device may then trigger a warning when the usage pattern differs significantly from the record indicating abnormal activity. It may also monitor for calls during periods when no calls would be expected and trigger a warning if a threshold is exceeded. Similarly, the hardware device could periodically download a blacklist of numbers from the server suspected to be used for fraudulent purposes and monitor call records for their usage.
- the warning may be a notification message sent to a user or to the server. For example, the notification may be an email or SMS message.
- the hardware device may also act by issuing a command to the PBX to halt the problem where a problem is detected.
- a command may be one to reset the PBX or to prevent any outgoing calls from the PBX.
- An advantage of the present application is that maintenance of PBX's is effectively centralised through the remote server.
- the centralisation of maintenance of PBX's through the remote server allows more accurate tracking of engineering time spent on support. I n the past, time spent would have been loosely recorded since a significant amount of time spent in maintaining PBX's would have been with respect to travelling to and from the customer site. I n contrast, where a hardware device is em ployed of the type described above, the time spent by a support engineer (i.e. connection time) may be directly tracked at the server. As a result, more accurate statistics can be developed allowing for more complex billing techniques or more accurate cost recovery.
- the server monitors, using the logging information previously described, the time spent by an engineer connected remotely through a hardware device to a PBX.
- the recording of the time may include identifying the engineer, the customer and the PBX.
- the time may be recorded as a start time and a finish time.
- This information may be stored in a database associated with the server.
- the database may be on the same server or the information may be provided from the server to a database server which stores the information in a database.
- the hardware device may be used to collect more advanced information from the PBX over time.
- the hardware device may periodically poll the PBX (or retrieve from logs), the number of I P trunks used. This information may be provided to the server. By recording this information over time, a network operator ca n develop a more detailed picture of their network.
- telecommunications are moving generally to VOIP based communication.
- a disadvantage of this is that the telecommunications operator loses oversight of the call quality where previously this might have been measured within the operator's equipment.
- collecting more advanced information may be employed to account for this.
- the hardware device may be employed to gather VOI P statistics from the PBX connected to it and provide this information to the server.
- VOI P statistics include the number of I P trunks used/programmed per PBX, VOIP provider server details, and advanced VOIP settings. Advanced VOI P settings include VOIP OoS settings, preferred Codec options, and silence suppression. Bandwidth capacity of the IP trunk lines can be calculated, and a notification can be sent when a defined Bandwidth capacity threshold has been exceeded.
- These VOI P statistics ca n be retrieved from the PBX as configuration files or as reading data from the PBX web-page. Downloading PBX VOIP statistics or configuration files will depend on the PBX manufacturer and model. The PBX manufacturer and model is known in the server, and thus software is downloaded to the hardware device to retrieve the VOI P statistics, or the VOI P statistics is retrieved directly from the server.
- the VOI P statistics may be collected over time allowing an accurate picture for VOIP quality to be presented for a customer. Additionally, the information may be aggregated with VOI P statistics for other customers on the server or passed to another server for analysis. This aggregated information may then be analysed to identify problems or to facilitate network planning ⁇ expansion. The aggregated information may be linked with customer information so that the aggregation of statistics may be based on particular geographic areas, which may be by means of street, post code, town etc. Equally, the statistics may be linked to a particular exchange to produce statistics for individual exchanges.
- call statistics data may be mined for patterns that indicate issues with call quality. For example, a call that is dropped and re-established repeatedly over a short period of time between two parties, indicates a poor quality experience. Correlating this data with internet connectivity statistics can help conclude whether call quality issues are due to network service provider or other influences.
- Traditional PBX configuration file information can also be retrieved by the hardware device and the server.
- This information includes, caller-id details, programming state of PBX telephone extensions, restriction of outgoing calls per extension, class of service extensions (international and national), menu configuration of DECT terminals, changing of advanced ADSL settings, configuration of detailed WAN settings, management of PBX WiFi network, activate/deactivate the diversions of a line, PBX re-start/reset options and internal/external voice-mail settings.
- This information can be directly accessed by the remote server via the secure tunnel between the hardware device and the remote server.
- the server may be configured to interrogate the PBX itself via the hardware device using the programmed IP address in the Hardware device (rather than the hardware device doing the interrogation) to identify the manufacturer or model of the PBX or both. Knowing the make and model of the PBX allows the server to interact with the PBX correctly since the way in which data is retrieved from and loaded onto a PBX will vary based on manufacturer and model.
- the arrangement of the server and hardware devices may also be used to provide a state of health for an operator's network.
- This state of health may be obtained by the server having a state of health module periodically (or on demand) sending ping messages to the PBX's through the hardware devices.
- the resulting measures for loss or round times may be aggregated to present average times for localities or otherwise to provide a measure of health of the system.
- routers/gateways may typically be configured for security reasons to ignore such ping requests.
- a health of the network measurement may be performed and monitored over time. It will be appreciated that having such measurements may be used to more accurately identify problems with the network and to proactively identify failures or to potentially pre-empt failures.
- different states of health may be determined by the present system. Since, the system allows for the hardware device and PBX or other devices to be tested (using a ping or http), having results for comparison allows for example to clarify whether a PBX processor was running slow or whether it was the network or indeed the LAN.
- connections may be any type of connection suitable to transfer signals from or to the respective nodes, units or devices, for example via intermediate devices. Accordingly, unless implied or stated otherwise the connections may for example be direct connections or indirect connections.
- any two components herein combined to achieve a particular functionality can be seen as “associated with” each other such that the desired functionality is achieved, irrespective of architectures or intermedial components.
- any two components so associated can also be viewed as being “operably connected,” or “operably coupled,” to each other to achieve the desired functionality.
- any reference signs placed between parentheses shall not be construed as limiting the claim.
- the word 'comprising' does not exclude the presence of other elements or steps then those listed in a claim.
- the terms "a” or "an,” as used herein, are defined as one or more than one. Also, the use of introductory phrases such as “at least one” and “one or more” in the claims should not be construed to imply that the
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1614376.0A GB2537785B (en) | 2014-02-12 | 2015-02-12 | Method and hardware device for remotely connecting to and controlling a private branch exchange |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1402482.2A GB2523123B (en) | 2014-02-12 | 2014-02-12 | Method and hardware device for remotely connecting to and controlling a private branch exchange |
GB1402482.2 | 2014-02-12 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015121389A1 true WO2015121389A1 (en) | 2015-08-20 |
Family
ID=50390903
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2015/053033 WO2015121389A1 (en) | 2014-02-12 | 2015-02-12 | Method and hardware device for remotely connecting to and controlling a private branch exchange |
Country Status (2)
Country | Link |
---|---|
GB (2) | GB2523123B (en) |
WO (1) | WO2015121389A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108107811A (en) * | 2018-02-07 | 2018-06-01 | 上海星群运维电力技术有限公司 | Photovoltaic plant operation management system |
CN112671907A (en) * | 2020-12-24 | 2021-04-16 | 深圳市潮流网络技术有限公司 | Terminal device debugging method and device, terminal device and storage medium |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2572376A (en) * | 2018-03-28 | 2019-10-02 | Airbus Operations Ltd | Cap with sealant flow path |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050114665A1 (en) * | 2003-11-26 | 2005-05-26 | Shim Choon B. | System and method for remote management of communications networks |
US20050177637A1 (en) * | 2002-03-28 | 2005-08-11 | Heron Andrew P. | Secure remote control |
US20070061460A1 (en) * | 2005-03-24 | 2007-03-15 | Jumpnode Systems,Llc | Remote access |
US20110026531A1 (en) * | 2007-10-24 | 2011-02-03 | Lantronix, Inc. | Method to tunnel udp-based device discovery |
US8645520B2 (en) * | 2004-06-30 | 2014-02-04 | Kaseya International Limited | Remote computer management using network communications protocol that enables communication through a firewall and/or gateway |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1187438A1 (en) * | 2000-07-31 | 2002-03-13 | Avaya Technology Corp. | Apparatus for secure remote access |
US7734909B1 (en) * | 2003-09-29 | 2010-06-08 | Avaya Inc. | Using voice over IP or instant messaging to connect to customer products |
US8838965B2 (en) * | 2007-08-23 | 2014-09-16 | Barracuda Networks, Inc. | Secure remote support automation process |
JP2011035531A (en) * | 2009-07-30 | 2011-02-17 | Nec Networks & System Integration Corp | Remote control system, setting information transmitter, setting information receiver, remote control method, and program |
-
2014
- 2014-02-12 GB GB1402482.2A patent/GB2523123B/en active Active
-
2015
- 2015-02-12 GB GB1614376.0A patent/GB2537785B/en active Active
- 2015-02-12 WO PCT/EP2015/053033 patent/WO2015121389A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050177637A1 (en) * | 2002-03-28 | 2005-08-11 | Heron Andrew P. | Secure remote control |
US20050114665A1 (en) * | 2003-11-26 | 2005-05-26 | Shim Choon B. | System and method for remote management of communications networks |
US8645520B2 (en) * | 2004-06-30 | 2014-02-04 | Kaseya International Limited | Remote computer management using network communications protocol that enables communication through a firewall and/or gateway |
US20070061460A1 (en) * | 2005-03-24 | 2007-03-15 | Jumpnode Systems,Llc | Remote access |
US20110026531A1 (en) * | 2007-10-24 | 2011-02-03 | Lantronix, Inc. | Method to tunnel udp-based device discovery |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108107811A (en) * | 2018-02-07 | 2018-06-01 | 上海星群运维电力技术有限公司 | Photovoltaic plant operation management system |
CN112671907A (en) * | 2020-12-24 | 2021-04-16 | 深圳市潮流网络技术有限公司 | Terminal device debugging method and device, terminal device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
GB201402482D0 (en) | 2014-03-26 |
GB2523123A (en) | 2015-08-19 |
GB2537785A (en) | 2016-10-26 |
GB201614376D0 (en) | 2016-10-05 |
GB2537785B (en) | 2021-06-23 |
GB2523123B (en) | 2016-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10033762B2 (en) | Threat engagement and deception escalation | |
ES2874557T3 (en) | Systems and methods for automatic device detection, device management and remote assistance | |
KR101788495B1 (en) | Security gateway for a regional/home network | |
US20170244730A1 (en) | System and method for providing an in-line sniffer mode network based identity centric firewall | |
CN104219218B (en) | A kind of method and device of active safety defence | |
US20170149825A1 (en) | Modification of a Server to Mimic a Deception Mechanism | |
EP3764605A1 (en) | Gateway device for machine-to-machine communication with dual cellular interfaces | |
US20150058480A1 (en) | Measuring Instrument Access Apparatus, Field Device, and Method for Controlling the Access to a Measuring Instrument | |
CN110048908B (en) | Network test platform, network test method and device | |
KR102133001B1 (en) | Network management device, network management system and network management method | |
CN108848145B (en) | Method and system for accessing near-end network management of equipment through WEB agent and far-end network management | |
CN104113443A (en) | Network equipment detection method, device and cloud detection system | |
US20140223511A1 (en) | Authentication switch and network system | |
US20160182480A1 (en) | Systems and methods of geo-location based community of interest | |
WO2015121389A1 (en) | Method and hardware device for remotely connecting to and controlling a private branch exchange | |
US11153350B2 (en) | Determining on-net/off-net status of a client device | |
US10979297B1 (en) | Network inventory reporting device | |
CN111357244B (en) | Method for providing data packets from a CAN bus, control device and system having a CAN bus | |
KR101564558B1 (en) | Methods for inducing instalation of agent without inducing program of installation of agent | |
CN114629683B (en) | Access method, device, equipment and storage medium of management server | |
CN105684352B (en) | Belong to the device of private network, the device and method of managing device and medium | |
US20220417268A1 (en) | Transmission device for transmitting data | |
JP2019054422A (en) | Monitoring device, user terminal, communication system, communication method, and program | |
Veichtlbauer et al. | Generic middleware for userfriendly control systems in home and building automation | |
ES2656399T3 (en) | Enhanced Network Management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15704782 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 201614376 Country of ref document: GB Kind code of ref document: A Free format text: PCT FILING DATE = 20150212 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1614376 Country of ref document: GB Ref document number: 1614376.0 Country of ref document: GB |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15704782 Country of ref document: EP Kind code of ref document: A1 |