In this slide, we presented to MaGIC Malaysia for entrepreneurs wanting to get an Asterisk business on cloud going. Here, we provide the most basic, lowest level method of having a HA on Microsoft Azure with FreePBX,
Components used with Azure's Ubuntu 14.04 image
1) Asterisk 11
2) FreePBX 2.11
3) DRBD
4) Heartbeat - but without actually relying on Virtual IP since we use Azure Cloud to do the HA by exposing TCP5060
5) Use Azure's HA method to achieve HA by ensuring that whichever server that "listens" to port TCP5060 will have all the HA DNS name of Asterisk traffic redirected there.
2. Readme
• Microsoft MVP in Enterprise Security
• Over 10 years of experience with Open
Source, Microsoft Technology and
Security related speaking engagements
• Very focused with over 8 years
experience with Asterisk and Nagios
• Built one of the first VaaS in Malaysia
using cloud tech
• Built various products and solutions on
private labels and OSS
3. Introduction To Asterisk
• Enterprise PBX functionalities
• Integration with computers
• Relatively large scalability
• Connects to lots and lots of other communication devices
• Human interaction (interactive)
• Customizable for most needs
4. Introduction To Asterisk
• Become a call center
• Enable IP features (e.g. SIP to cost saving gateways)
• Bridge using IP between remote offices (free calls)
• Voicemail/VMtoEmail services
• Integrate to CRM/Database/Software
5. Introduction To Asterisk
• Multiparty voice and video conferencing
• Bridge to Skype/Gtalk
• Enable a digital receptionist / directory
• Have a remote office / DR office setup
• Call accounting/auditing/management
• Text to speech
• Connect anywhere, anytime
• Call recording, and many more..
6. Introduction to Asterisk
Google Talk
H.323
IAX™ (Inter-Asterisk eXchange)
Jingle/XMPP
MGCP (Media Gateway Control Protocol
SCCP (Cisco® Skinny®)
SIP (Session Initiation Protocol)
Skype
UNIStim
Caller ID on Call Waiting
Calling Cards
Conference Bridging
Database Store / Retrieve
Database Integration
Dial by Name
Direct Inward System Access
Distinctive Ring
Distributed Universal Number Discovery
Do Not Disturb
E911
ENUM
AGI (Asterisk Gateway Interface)
RESTFUL API
Graphical Call Manager
Outbound Call Spooling
Predictive Dialer
TCP/IP Management Interface
TDMoE (Time Division Multiplex
over Ethernet)
Allows direct connection of Asterisk
PBX
Zero latency
Uses commodity Ethernet
hardware
Voice-over IP
Allows for integration of physically
separate installations
Uses commonly deployed data
connections
Allows a unified dialplan across
multiple offices
AT&T 4ESS
EuroISDN PRI and BRI
Lucent 5ESS
National ISDN 1
National ISDN 2
NFAS
Nortel DMS100
Q.SIG
8. Asterisk on cloud – Voice as a Service
• Features
• Easy deployment
• Scalability
• Secure by implementation
• No voice distortion / quality issues
• Can be deployed across multi geo locations
• Plug and play for customers/users
• Number follows you anywhere you go
• Enablers
• Current telcos providing VoIP PSTN in and out
• Many hundreds of international bulk voice providers to choose from
• Multi route for resilience
• Location independent
• Low cost of ownership
• Extremely high broadband penetration rate
• Negligible latency
9. Asterisk on Azure – Why Azure?
• Designed for Noobs (like me)
• Not a MVP for Azure
• Customer satisfaction
• No complaints
• Supported with multiple Open Source OS flavors
• We personally prefer Debian and Ubuntu
• Has its own HA/LB method (explained later)
• Extremely Fast, Extremely Scalable
• Geographically suitable for Malaysia
• Singapore, Hong Kong
10. Asterisk on Azure – Why Azure?
• Assume from here on, we are on the farther POP, Hong Kong
• We deliberately did that for worst-case-scenarios
• Latency is negligible (using SIP with uLaw, no compression, no
encapsulation, no encryption)
• Singapore was around 40ms-60ms
• Hong Kong was around 70ms-80ms
• ITU-T recommendation latency is 150ms for voice traffic (and 250ms
roundtrip)
• Low packet loss rate
• Approximately 0.1%
11. Asterisk on Azure – Why Azure?
• Easy management UX
• Adding ports was slow, otherwise, everything else is fast
• Build mobile solutions out from Azure
• Connect to an AD ready Azure
• For Authentication, Authorization on Asterisk
• Unification of credentials, integration
• Shared resources like disks can be helpful to share commonly used
resources such as static configurations, etc..
• Easy Backup / Restore operations
12. Our Demo Azure Asterisk HA
• Distributed computing within Azure
• Two SIP servers
• One DB server (could also be 2 if we had more time)
• Can also add proxies – But we didn’t have time
• Can also add firewalls – But we didn’t have time
• We use pfSense firewall in XML cluster mode for hacker bashing
• Comes with firewalls, IPS/IDS and lots of other networking goodies
• Uses Azure Cloud HA for targeting
• Typically we use another method (explained later)
• Uses common and easy HA methods on Linux
13. Our Demo Azure
Public Network
Asterisk Master Asterisk Slave Asterisk HA
Asterisk Configurator DB
Azure Cloud HA
Telco A
Telco B
14. Alternative Design
Azure Asterisk HA
Public Network
pfSense 1
Proxy Kamailio Proxy Kamailio
Asterisk Master Asterisk Slave
DB Slave
Azure Cloud HA
Telco A
Telco B
DB Master
pfSense 1
Virtual DMZ
15. Our Demo Azure
Asterisk HA
Logical Illustration
SIP USER
PUBLIC LAYER
AZURE CLOUD LAYER TCP PROBE
WHICH ACTIVE SERVER
RUNNING TCP 5060
WHICH ACTIVE SERVER
RUNNING TCP 5060
ACTIIVE SERVER CONNECTS TO CONFIG DB
16. Components in Demo Azure Asterisk
• Asterisk 1.8 or higher
• FreePBX 2.11 or higher
• MySQL 5
• PHP
• Heartbeat
• DRBD
• Tiny script to monitor safe_asterisk
• Azure depends on port TCP5060
• Asterisk opens port TCP5060
• So, its really good to monitor Asterisk
18. Steps to build Asterisk HA on Azure
Checklist
• Setup 3 Virtual Machines (VM) in
Azure.
• Assigning the VMs with the same
cloud service.
• Creating the necessary End points.
• Attaching an Empty Disk on each
VM.
• Installation of Astiostech’s Asterisk
Business Telephony
• Installation of Astiostech’s High
Availability Package.
19. Steps to build Asterisk HA on Azure
• Setup 3 Azure
Ubuntu VM
20. Steps to build Asterisk HA on Azure
• Use the same Cloud
Service on the Second
and third VM
21. Steps to build Asterisk HA on Azure
• Create end points and check
“CREATE A LOAD-BALANCED
SET” to failover the necessary
ports else leave it to run
normally.
22. 10 Steps to build Asterisk HA on Azure
• Create an empty disk on
two of the Asterisk VMs
and attach it once done.
23. Steps to build Asterisk HA on Azure
• Installation of
Astiostech’s
Asterisk Business
Telephony package.
• MySQL database
will be installed
into the dedicated
MySQL database
server.
ASTIOSTECH BTEL PBX
FOP2 FreePBX MonAST
APACHE * ASTERISK MYSQL
LINUX OS
26. Steps to build Asterisk HA on Azure
There are 2 major components
in our HA package
1. Heartbeat
• Heartbeat is a daemon that
provides cluster infrastructure
(communication and
membership) services to its
clients.
2. DRBD
27. Steps to build Asterisk HA on Azure
DRBD refers to block devices designed as a building block to
form high availability (HA) clusters. This is done by mirroring a
whole block device via an assigned network.
DRBD can be understood as network based raid-1.
28. Demo Overview
SLAVE
heartbeat
Replication
TM
MASTER
(ACTIVE)
astiosmaster.cloudapp.net
Ext: 1000 Ext: 1001 Anthony s Cell Phone
29. Demo calling from Master server
• Ext.1000 Calling
Ext.1001
• Outbound Calls –
Ext.1000 calling an
external number.
• Inbound Calls - An
external caller
calling in to the
Extension 1001.
SLAVE
heartbeat
Replication
TM
MASTER
(ACTIVE)
astiosmaster.cloudapp.net
Ext: 1000 Ext: 1001 Anthony s Cell Phone
31. Demo calling from Slave server
• Asterisk PBX Fails
over to the SLAVE
server.
• PBX Phone function
will just work like
normal.
SLAVE
(ACTIVE)
heartbeat
Replication
TM
MASTER
astiosmaster.cloudapp.net
Ext: 1000 Ext: 1001 Anthony s Cell Phone
34. Field tips and tricks
• Enable Asterisk’s TCP 5060 Ports for Azure Cloud monitoring.
• Since Azure monitors HTTP or TCP ports only
• Enable a daemon service [demo] to monitor Asterisk
• In case Asterisk goes down, initiate failover/failback
• All other ports should then be “instructed” by the TCP 5060 via Azure,
• You might want to enable individual ports for SSH
• But you cannot use the same public facing port twice