Posts tagged: cloud computing

View from the Trenches: A Fresh Look at VoIP Project Development in the Cloud

The world of cloud-based computing has profoundly changed over the past year. And today we want to take a fresh look at the cloud landscape for those of you that spend considerable time experimenting or tweaking software applications either for customers or for your own organization.

First, a brief paragraph of history. We began our cloud experiments almost seven years ago when Amazon S3 was still in its infancy. At the time, Amazon S3 was a real bargain even with all its development quirks. The adventure continued when we moved some production level systems to Amazon’s EC2 cloud in early 2013. What we quickly learned was just how expensive cloud computing could be once you reached the end of your “free year” with Amazon. As the cloud options continued to bloom, RentPBX began providing technical and financial assistance to our projects while also offering inexpensive, production-quality VoIP services in the cloud at truly bargain basement prices: $15 a month. That barely covers the electric bill for many folks hosting their own local servers. And RentPBX servers are unique. They don’t commingle other processor-intensive applications on their servers. All of their servers are pure VoIP which makes for an incredibly reliable cloud-based platform. Our special pricing still is available for those using PBX in a Flash and Incredible PBX. Just sign up with the coupon code: NOGOTCHAS. So that’s a little background.

But there are many of us that develop systems and experiment with new offerings as part of our daily routine. We build systems. We tweak systems. We blow up systems. And we start over, sometimes dozens (hopefully not hundreds) of times. To give you an example, our typical Incredible PBX build to support a new platform goes through twenty to thirty iterations before all of the kinks are worked out of the code. And that’s before the software development teams for CentOS, Ubuntu, Asterisk, Apache, SendMail, MySQL, and the Raspberry Pi “improve” anything. A production-quality cloud service really isn’t flexible enough to support this type of activity, and an affordable local server lacks the horsepower to keep setup times reasonable. On occasion, we use a high performance iMac coupled with VirtualBox for development, but that introduces some quirks that typically aren’t found on real world servers.

The good news is that there are two relatively new cloud offerings that fit very well with the requirements needed for rapid application development. We use both of them in slightly different ways so let us share our experience in hopes that it will save many of you some time experimenting.

We can’t say enough good things about Digital Ocean. Despite a few growing pains from time to time, Digital Ocean provides a vast assortment of cloud-based servers scattered all around the world. There are servers in New York, San Francisco, Amsterdam, London, Frankfurt, and even Singapore. You can size your development platform to meet almost any requirement with prices starting at about 5¢ for a 7-hour day of development. That buys you a speedy 512MB/single-CPU platform with 20 gigs of storage and a terabyte of monthly bandwidth. Add a (free) 1GB cache to your build, and it’s the performance equivalent of our $3,000 standalone Dell servers. You can scale up from there to a platform with 64GB of RAM, 20 CPUs, 640GB SSD drive, and 9 terabytes of monthly data transfer for less than $1 an hour. The difference with this platform is you can create a CentOS, Ubuntu, Fedora, FreeBSD, or Debian server of any recent vintage in about one minute. There’s also a vast array of preconfigured applications for the specialists of the world:

Using our referral code, you get $10 of free service while we get a little spiff down the road to keep the Nerd Vittles lights on. Tear down of servers is almost instantaneous, and you simply pay for the time you used. Using the small platform for 90 minutes will set you back a whole penny. Some of our PBX in a Flash users are actually running production-level servers on this platform (which we don’t recommend), and the monthly cost is capped at $5. One of the best kept secrets at Digital Ocean is that you can take snapshots of your builds and store them at little to no cost. We have a dozen of them and have never paid a penny in storage fees. You also have the option of off-site backups for production platforms.

The new kid on the block is CloudAtCost.com. If you’re not into bleeding edge, this probably isn’t the offering for you. But it is dirt cheap. While you can pay by the month, CloudAtCost also has a revolutionary marketing strategy. You can pay for your virtual machine once (almost always at a substantial discount off the listed prices), and you get to use “your server” forever at no additional cost… at least as long as CloudAtCost stays in business. If this sounds like a pyramid scheme, you probably wouldn’t be the first to suggest that. Suffice it to say, their business has grown geometrically over the past year. And they recently announced CloudPRO which lets you pool resources from servers you previously have bought, and use them in much the same way as Digital Ocean but with no additional charges. So here’s today’s pricing:

To put things in perspective, the virtual machine equivalent of Digital Ocean’s smallest setup costs $17.50, ONE TIME! The Big Dog 3 platform with a one-time fee of $560 migrated to CloudPRO would provide you with the capability to create 8 smaller systems (1 CPU, 1GB RAM, and 10GB storage) as desired with no bandwidth limitations forever.1 Download and upload performance is fairly impressive using speedtest-cli:

So what’s the catch. Well, there are some. First, as you might imagine, these folks are much like the fella laying track in front of the steaming locomotive. Will that ever end? You’d better hope not because, when it does, the entire house of cards may come down. While Digital Ocean typically builds virtual machines in under a minute, CloudAtCost turnaround times are close to a day. Once your server is actually working, we’ve had a pretty good experience with the performance quality although there can be rough spots that usually are resolved within a day. The promise, of course, is to get build times down to a minute or two. But, frankly, we’re not holding our breath. As for platform support, there are plenty of options just like with Digital Ocean:

What is this platform good for? In our case, it’s almost perfect for off-site backups. You can judge the web performance for yourself by visiting the backup site for Nerd Vittles, or the PIAF Forum, or Incredible PBX, or PBX in a Flash. Would we use CloudAtCost for production? Not a chance. But for backups and demo servers, it’s AWESOME and CHEAP! If you’re a Nerd Vittles early bird, you can use our coupon code for an additional 20% off: Zu2eXYDYtU.

DEMO SERVER. We’ve actually set up an Incredible PBX server with Google Voice and an IVR of sample applications so you can judge the CloudAtCost performance for yourself. You can even try hacking the IP address if that’s your thing. We always love to test our firewall: nmap -sT -O 162.252.242.229. To try out Allison’s IVR, enter your 10-digit callback number below and then click the Click Here button once. Count to 10 and your phone should be ringing. After you answer the call and press 1, you’ll be connected to the IVR Demo in Canada. Don’t be shy.



Nerd Vittles IVR Demo Options
1 – Call by Name (say “Delta Airlines” or “American Airlines” to try it out)
2 – MeetMe Conference (password is 1234)
3 – Wolfram Alpha (say “What planes are overhead?”)
4 – Lenny (The Telemarketer’s Worst Nightmare)
5 – Today’s News Headlines
6 – Weather Forecast (say the city and state, province, or country)
7 – Today in History
8 – Speak to a Real Person (or maybe just Lenny if we’re out)

Originally published: Cinco de Mayo, 2015



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for Incredible PBX users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For Incredible PBX users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. forever: as long as CloudAtCost.com stays in business []

The Next Plateau: VoIP Communications with Asterisk in Amazon’s EC2 Cloud


We’ve spent considerable effort exploring and enhancing the VoIP cloud offerings for our followers, and today we’re delighted to introduce another terrific service: Amazon’s Elastic Compute Cloud (EC2). This is one of several Amazon Web Service (AWS) offerings that provides resizable compute capacity in the cloud and is designed to make web-scale computing easier for developers. That’s the Amazon pitch for their service. Ours is a bit different. For anyone with mission-critical operations or that has ever given a moment’s thought to business continuity planning (THINK: hurricanes, tornados, earthquakes, blizzards, fires, floods, bombs), you need an EC2 backup plan for VoIP communications. It really doesn’t matter whether your organization uses a proprietary phone system, or Asterisk®, or good ol’ black telephones, the point is simply this. When your lights go out and you still need a communications system for your employees and your customers, what’s your plan? Staying home in bed isn’t a choice for most folks. So our focus is not to persuade anybody to move their primary communications platform to Amazon EC2 although it’s certainly worth considering. For today, let’s tackle emergency planning and Disaster Recovery 101 for that dreadful day when you really don’t have a choice. And D-Day is a really bad day to start thinking about communications alternatives. You’ll have plenty of other things to do.

We’re going to make this fun today and provide all the tools you’ll need to set up shop in Amazon’s EC2 Cloud. The good news is that EC2 is almost free for your first year so getting started isn’t going to be a financial burden. Once you have everything built, you can turn it off and hope you never have to use it. On the other hand, it’s dirt cheap for an entire year so enjoy yourself and learn why VoIP communications can revolutionize your business at a fraction of the cost of a proprietary communications system. For our Asterisk aficionados that have already discovered the beauty of free VoIP communications, we’ve got some additional goodies today, Incredible Backup and Incredible Restore, that will let you quickly move your communications platform back and forth between EC2 and a local server or virtual machine effortlessly.

For those just getting started, the real beauty of VoIP communications is that, once your server platform is operational, you can bring up communications services for your employees without any hardware investment. A notebook computer and a free SIP softphone will let you make and receive calls through your EC2 communications system. By adding trunks from Google Voice or any SIP service provider, you complete the communications circle to connect to any phone in the world. We do this for a living so, if your business needs some hand-holding to get started, drop us a note. We like to travel.

The Choice is Yours: PIAF-Purple with Asterisk 1.8 or PIAF-Green with Asterisk 11

Getting Started. For your communications platform, we’ve built two new versions of PBX in a Flash™ for Amazon EC2: PIAF-Purple and PIAF-Green. You can’t beat the price. Both are free! These two builds are based upon the two long-term support (LTS) releases of Asterisk: 1.8 and 11. In our testing, both are rock solid and production-ready. If tried and true is your cup of tea, then PIAF-Purple with Asterisk 1.8 and FreePBX 2.10 is your baby. If you want to get a jump on the future, then PIAF-Green with Asterisk 11 and FreePBX 2.11 is worth a careful look. But, to use either one, you first need to get set up with an Amazon EC2 account. So head over to Amazon and click on Sign Up Now. A word to the wise here. You don’t want the bad guys breaking into your account unless you have an unlimited budget. There are lots of non-free Amazon EC2 services that could max out your credit card quickly. So, in addition to signing up for your Amazon account, also activate Multi-Factor Authentication. It’s your bank account!

Once your account is activated, sign in to the Amazon Management Console. After entering both your passwords, the AWS Management Console will appear. Click on EC2 to bring up the EC2 Dashboard (shown above). This is home base in EC2. The Launch Instance button is used to start a new virtual machine. We’ll walk you through that process in a minute. In the left margin are the functions you’ll be using most often. Instances displays your existing virtual machines, both running and stopped. Volumes are the virtual hard disks associated with your virtual machines or instances in Amazon-speak. A volume gets created as part of the VM launching process. When you delete instances, it’s important to also delete the associated volume, or you get billed for it separately. Elastic IPs lets you assign an IP address to an Instance using Amazon’s DHCP servers. You access your virtual machines using SSH and, without an IP address, you can’t gain access. For SSH security, EC2 uses Key Pairs. As part of launching a new virtual machine, we’ll walk you through creating one. Amazon EC2 also has its own firewalls called Security Groups. Basically, all services are blocked until you open them up. We’ll also walk you through that process as well. Once you’ve created your Key Pair and Security Group, you can use them with multiple instances. Now you’re an expert so let’s Launch a New Instance.

Creating a New Virtual Machine. Click on the blue Launch Instance button in the EC2 Dashboard to begin. Choose Classic Wizard. You build a new instance by starting with one that someone else has already built. Be careful here. There are literally thousands to choose from and, unless you know the creator, use Name Brand, trusted instances only. Anybody can hide anything in an instance that they’ve made publicly available. Think of your worst Trojan Horse horror story, and there’s probably a public Amazon instance to match it. For our purposes, the magic number you need to know is 399149154715. That’s our Amazon EC2 account number, and it means any instances prefixed with that number or our mugshot were created by us. So click on the Cloud Market and search for PIAF. In about a minute, both PIAF2 AMIs will appear. Pick your favorite but be sure the file name displays our smiling face. Then click Select. For the Instance Type, make sure T1 Micro is chosen. That’s the only free option during your first year. Leave the Availability Zone at No Preference and Number of Instances set to 1. Click Continue. In Advanced Instance Options, accept all of the defaults and click Continue. For Storage Device Configuration, accept the defaults by clicking Continue. Next, you’ll be prompted to add Tags to your Instance. This is a short-hand description to help you distinguish one instance from another. For the Name Value, enter something like PIAF-Purple-64 or PIAF-Green-64 and click Continue. Next, you’ll be prompted to create a Key Pair to use with the instance. If you don’t already have one, click Create New Key Pair and Continue. Once the key pair is created, the .pem file will be downloaded to your desktop computer. Change the permissions on the .pem file to what SSH requires: chmod 700 mykey.pem. You’ll need this key file to log into your instance with SSH so move it to a safe place. Next, you’ll create or use an existing Security Group. This sets up the firewall rules to use with your instance. For PBX in a Flash, you’ll need at least the following Inbound Rules in your Security Group: TCP 22 (SSH), TCP 80 (Web), TCP 1723 (for PPTP VPN only), and TCP 9001 (for WebMin access). For VoIP services, you’ll need UDP 5060 (SIP), UDP 10000-20000 (RTP), UDP 4569 (IAX), and UDP 69 (TFTP, if desired). EC2 lets you lock down Security Group entries to individual IP addresses. We strongly recommend this for SSH, Web, SIP, IAX, and TFTP services. If you need access from multiple IP addresses, just add additional Security Group rules for each address and service. Finally, you’ll be shown a summary of all your selections. If everything looks OK, click Launch to start the instance. While it’s starting up, click Elastic IPs from the left column of the EC2 Dashboard. Choose Allocate New Address and then Associate Address to connect it with the instance that just launched. Write down the IP address. You’ll need it for SSH access. Finally, click Instances and wait for your virtual machine to come on line with a green check mark.

Your First Login. Now you can log into your EC2 instance via SSH using your key file and the IP address associated with the instance: ssh -i mykey.pem -v ec2-user@54.235.12.34. If you’re using a Windows machine with Putty, use PuttyGen.exe to convert your .pem key into something Putty can understand before attempting to log in. Once you’re logged in, you need to immediately change all the default passwords:

  • sudo passwd (to change your ec2-user password)
  • sudo passwd root (to change your root password)
  • su root (to switch to the root account with your new password)
  • passwd-master (to change your FreePBX and web passwords)
  • cd /root (to switch to the /root directory)

Keep in mind that PBX in a Flash is a little different than a standard Linux install. It has been designed for use as the root user only. So, whenever you log into a PIAF instance in EC2, always execute the following command: su root && cd /root. Most Linux and PBX in a Flash utilities will not work properly if you attempt to execute them as the ec2-user! For web access and management of your server, point your browser to the IP address of your EC2 instance. If you’re new to PBX in a Flash, stop here and read the PBX in a Flash 2.0.6.3 Quick Start Guide. It’ll tell you everything you need to know to get started with PBX in a Flash.

Installing Incredible PBX. We’ve got a few more surprises for you today. First, there are new, GPL2-licensed releases of Incredible PBX: version 10 for FreePBX 2.10 and version 11 for FreePBX 2.11. If you’re new to all of this, Incredible PBX provides some additional layers of security for your server while also giving you dozens of turnkey Asterisk applications including text-to-speech, speech-to-text, SMS messaging, news, weather, stocks, and tide reports, and much more. You can read the Incredible PBX tutorial here. To install Incredible PBX while logged into your EC2 instance as root, issue the following commands and plug in your passwd-master password when prompted. If you’re using the PIAF-Green AMI, replace incrediblepbx10 with incrediblepbx11 below.

cd /root
wget http://incrediblepbx.com/incrediblepbx10.gz
gunzip incrediblepbx10.gz
chmod +x incrediblepbx10
./incrediblepbx10

Installing Incredible Fax. Yes, there’s more. Incredible Fax also works just fine on the EC2 platform. If you want the added convenience of having your Incredible PBX double as a free fax machine, run install-incredfax2 after the Incredible PBX 10 install completes. For Incredible PBX 11, run /root/incrediblefax11.sh. Plug in your email address for delivery of incoming faxes and enter your home area code when prompted. For every other prompt, just press the Enter key. If you’d like to also add the optional OCR utility, just choose it when prompted. For complete documentation, see this Nerd Vittles article. Don’t forget that a REBOOT OF YOUR SERVER is required when the install is finished, or faxing won’t work! Then log in to AvantFax through the PBX in a Flash GUI using maint:password. Be sure to change your password!

Also be sure to set up a second, dedicated Google Voice number if you want support for inbound faxing. Once the Google Voice credentials are configured in FreePBX for the additional Google Voice line, simply add an Inbound Route for this DID to point to the fax destination. Just plug in your 10-digit Google Voice number and other entries shown in the form below. Save your setup and reload FreePBX. Done!

Introducing Incredible Backup and Restore. Last, but not least, we have new GPL2-licensed backup and restore utilities to simplify the task of moving PBX in a Flash setups between Amazon EC2 and other standalone or virtual machine platforms. To complement these new utilities, we’ve also released a new 64-bit PIAF-Purple Virtual Machine image for VirtualBox. PIAF-Purple-64.ova is a free download from SourceForge and will run under VirtualBox on any Windows, Mac, Linux, or Solaris desktop computer. Our VirtualBox tutorial is available here. You also have the option of downloading the current 64-bit PIAF-20631 ISO from SourceForge and building your own server or virtual machine. All three platforms (Amazon EC2 AMI, VirtualBox OVA, or PIAF 64-bit ISO) are 100% compatible with Incredible PBX, Incredible Fax, and the new Incredible Backup. Once you have matching platforms, you can backup your PIAF or Incredible PBX setup on one platform and then restore it to a different platform by simply copying the backup image to the new platform and running Incredible Restore. The entire procedure takes only a couple of minutes.

To install the backup and restore utilities on either of the platforms, simply issue the following commands:

cd /usr/local/sbin
wget http://incrediblepbx.com/incrediblebackup10.tar.gz
tar zxvf incrediblebackup10.tar.gz
rm incrediblebackup10.tar.gz

Because Incredible Backup shuts down Asterisk, MySQL, and Apache, do NOT run this when folks are using your PBX! To make a backup, log into your server as root and type: incrediblebackup.

The restore procedure essentially erases ALL of your existing FreePBX, Asterisk, TFTP, and web data. To restore a backup, copy the backup file to be restored to /tmp on the new server. Make sure the new server has Asterisk, FreePBX, and Incredible PBX versions that match what’s shown in the backup filename. There is NO error checking presently. To restore, log into your server as root, write down the filename of the backup file, and type: incrediblerestore /tmp/filename.tar.gz. If this is a new server and you’re still using your old one as well, then remove the DUNDI secret and secretexpiry entries from the Asterisk DB and restart Asterisk once the restore is completed:

asterisk -rx "database del dundi secret"
asterisk -rx "database del dundi secretexpiry"
amportal restart

For additional usage instructions and tips, see this thread on the PIAF Forum. Enjoy!

Originally published: Monday, February 11, 2013  Updated: Thursday, February 14, 2013


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forum. It’s the best Asterisk tech support site in the business, and it’s all free! Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you.


Need help with Asterisk? Visit the PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Travelin’ Man 3: Securing a PBX in a Flash or VoIP in the Cloud Server

UPDATE: Be sure to read about the latest enhancement to Travelin' Man 3 here.

We're big fans of playing with our own VoIP hardware. It has the advantage of allowing the installation of everything behind a secure, hardware-based firewall thereby eliminating almost all of the security issues associated with VoIP telephony. With PBX in a Flash™ and its Zero Internet Footprint™, you can run a secure VoIP server in your home or office with no port exposure to the Internet. This setup, of course, assumes that you have the necessary bandwidth to support Internet telephony and that you possess the necessary skill set to maintain your own Linux® server running Asterisk®, FreePBX®, Apache®, SendMail®, PHP®, and on and on. Not everyone does. And, of course, there are thousands of organizations in which employees and their phones are not colocated with the home office VoIP communications server. And, believe it or not, there are folks that run their VoIP server on the public Internet without any firewall protection. For all of you, today's your lucky day.

Lest you think that we've bitten off more than we can chew, we want to acknowledge the dozens of thought-provoking comments on the PIAF Forums that ultimately led to today's new release. That is the hidden beauty of open source development. So, thank you dad311, atsak, tbrummell, Hyksos, markieb, Ramblin, darmock, lowno, blanchae, bmore, vcallaway, jroper, mag, briankelly63, mbellot, phonebuff, The Deacon, Astrosmurfer, frontline, ou812, LostTrunk, lgaetz, kh40s, rossiv, and all of our other gurus that make the PIAF Forums a great place to learn something new every day.

Thanks to our good friends at RentPBX, who provide terrific technical and financial support to both Nerd Vittles and the PBX in a Flash project, you don't have to roll your own. And your phones can be anywhere because your communications server sits on the public Internet. If cost is a factor or for those outside the United States that need a U.S. presence to take advantage of services such as Google Voice, the $15 a month price point using the PIAF2012 coupon code makes RentPBX more than competitive with what it would cost you in electricity, Internet bandwidth, and hardware resources to do it yourself... minus the headaches. You get a stable PBX in a Flash or Incredible PBX platform from the git-go. In addition, issues of jitter and latency all but disappear from the VoIP equation because you can choose the site of your hosted PBX from a worldwide list of Internet POPs including five regions in the U.S. as well as Canada and Europe. Many sit within a few milliseconds of the Internet backbone.

What you don't have with a hosted PBX solution is a hardware-based firewall sitting between your server and the Big, Bad Internet. With PBX in a Flash, the risk is lessened because the IPtables Linux Firewall is baked into the fabric of PBX in a Flash. For a comprehensive overview of how IPtables works, read this article. It explains IPtables better than any book you could buy.

Today we're pleased to introduce Travelin' Man 3™, a completely new security methodology based upon FQDN Whitelists and DDNS. In a nutshell, you get set-it-and-forget-it convenience and rock-solid VoIP security for your Cloud-based PBX or any PBX in a Flash server that's lacking a hardware-based firewall and you get both transparent connectivity and security for your mobile or remote workforce. We'll quickly cover the mechanics of this new IPtables methodology that allows you to secure your hosted PBX without compromising flexibility. The nitty gritty details of IPtables and firewalls we'll leave for you to explore at your leisure.

And, speaking of leisure, we always get the question: "Have you tested it?" For frequent readers of Nerd Vittles, you already know the answer. We eat our own dog food! In the case of Travelin' Man 3, we gave it a healthy workout just last week from the deck of the Carnival Fantasy as we passed by Cape Canaveral and in Key West with 4G service, and finally in several ports with WiFi access in the Bahamas. The beauty of the new design is you'll know instantly if it's not working because you'll never get your VoIP SIP phone to connect back to your VoIP server. We had zero problems using nothing more than an Android phone for both DynDNS updates and Bria SIP phone service. Being a pioneer isn't always easy, but... Somebody's gotta do it™. 😉

Unlike previous iterations of Travelin' Man, version 3 lets you configure remote phone access from the server and keep one or hundreds of phones in sync even with changing IP addresses using dynamic DNS update software at the sites of the remote phones. Whether the site is a remote office or a floating hotel room, any PC or Mac whether it's a desktop or netbook can automatically manage the dynamic DNS updates while keeping all of the local phones securely connected to the VoIP Cloud. And any jail-broken iPhone can manage the updates as well. With Android phones, it's even better. You have your pick of several great apps: DynDNS Client, Dynamic DNS Client, or Dynamic DNS Updater. We've found the DynDNS Client to be nearly perfect. As we'll explain in a minute, this version of Travelin' Man is not compatible with prior versions so you'll need to choose either the manual methodology of previous iterations or version 3 which does it automagically.

A New Approach to WhiteLists. Our new approach to IPtables is to lock down your server using a WhiteList of safe IP addresses and fully-qualified domain names (FQDNs) that should be given access to your hosted VoIP server. Then we'll periodically check to see if the IP addresses associated with the FQDNs have changed and make the necessary adjustments automatically. If any intruder attempts to access any port on your PBX, their packets are simply discarded by IPtables so the bad guys never know your server exists.

We've experimented with BlackLists for VoIP security, and the bottom line is they just don't work because of inherent problems with reliability and completeness. You spend your entire day updating lists of the bad guys only to discover that they've morphed to thousands of new IP addresses. Think Whack-A-Mole. IP addresses can easily be changed, and zombies have made attacks from third-party PCs a daily occurrence. Earlier this month, Nerd Vittles was hit with a denial of service attack from 30,000+ zombie PCs. This was in spite of the fact that we already block well over 100,000 IP addresses with the world's finest blacklists. Now it's 130,000. :roll: Of course, none of the owners of these PCs had any idea how their computers were being used. I'm reminded of a famous judge's secretary who received a knock at her door one Sunday morning from the FBI. They informed her that she was using her computer to host porno movie downloads. I won't offend your tender sensibilities by repeating what she actually told those "young men."

There's also the problem of dynamic IP addresses which means an address that was used by a bad guy yesterday may be handed out by the same ISP to your grandma tomorrow. And it didn't take the bad guys long to poison blacklists with IP addresses that you actually need for services such as DNS or network time services. If you've ever had an IP address that ended up on one of the major blacklists, you know what a hassle it is to get your IP address unBlacklisted. The Soup Nazi has nothing on these folks.

Bottom Line: Public web sites are pretty much forced to use BlackLists because they want their sites to be generally accessible. With a VoIP server, we have the luxury of choice, and WhiteLists are much more effective for server security.

Overview. Our recommended design works like this. Block everything. Then permit packets from known hosts and non-routable IP addresses only, and limit known hosts to only the services they actually need. For example, a VoIP provider such as Vitelity that is providing a DID for your inbound calls doesn't need web access to your server. They need SIP and RTP access. Nothing more. The same goes for a remote user: SIP and RTP access so their SIP phone works. Nothing more. You, as Administrator, need complete access to the server but only from a specific, defined IP address. We, of course, don't want IPtables to have to inspect and filter every single packet flowing into and out of your server because that would bog things down. And we don't want users on your private LAN and remote users with dynamic IP addresses to have to wrestle with updating their phones just to stay connected. So, we've opened up all non-routable IP addresses and, once we've verified that a remote site is authorized access, then subsequent packets flowing into and out of the server for that IP address will be passed along without additional packet inspection. And once we set up the FQDN for a remote user, local dynamic DNS update clients can be used to automate the process of keeping IP addresses current. Then, every few minutes, we'll let your server check whether there's been a change in any users' dynamic IP addresses. If so, we'll simply refresh the IP addresses of all FQDNs using an IPtables restart to bring the phones back to life. To end users, The Phones Just Work™.

Finally, a word about security for VoIP in the Cloud servers. If you run a virtual machine from any hosting provider with wide open access to SIP, IAX, and web services, it's just a matter of time before your server is going to be compromised, period! If you foolishly use credit card auto-replenishment for one or more of your hosting providers then you might as well mail a blank check to the bad guys and wait for them to cash it. Today's tools will take you less than a minute to permanently lock down your server. So... JUST DO IT™.

To give you some idea of how far the Android platform has come, here are a couple screenshots of our Samsung 4G Skyrocket smartphone running three simultaneous VoIP apps all day, every day: Bria SIP extension to our PIAF2 server in Charleston, CSipSimple extension to our RentPBX VM in California, and GrooveIP session with Google Voice. Try that on your 3G iPhone 4S. 😉

We're officially releasing this for RentPBX users running PBX in a Flash or Incredible PBX 3™. These folks have been our pioneers for a very long time, and we like to take care of them first. Properly installed, Travelin' Man 3 should work fine on any PIAF™ or Incredible PBX system. We'll make a backup of /etc/sysconfig/iptables before replacing your IPtables setup with the PIAF default setup. It assumes ALL of your traffic is flowing on eth0. If that's not the case, don't use it without major modifications! We would hasten to add that Travelin' Man 3 is licensed as GPL2 open source software. So it's available NOW to everyone to use or to embellish as they see fit. We hope every provider of VoIP services offering virtual machines in the cloud as well as those without a hardware-based firewall to protect your Asterisk server will take advantage of the opportunity to customize and deploy this code for their particular IPtables environment. To paraphrase Bill Clinton: "It's your phone bill, stupid!"

Deploying Travelin' Man 3. Here's how to deploy Travelin' Man 3 on your server. In Step #1, we run secure-iptables. This locks down virtually all IP ports and services in the original IPtables configuration for PBX in a Flash to either the IP address or the FQDN of the administrator. Be advised that this setup uses the default ports for all PIAF services, e.g. SSH, WebMin, HTTP, etc. If you use custom ports, you'll need to modify the script accordingly. If the administrator is on the move or has a dynamic IP address on his or her desktop or notebook PC/Mac that will be used to administer the cloud server, then use an FQDN, not a static IP address, when you run secure-iptables.

Step #2 is automatic and is part of secure-iptables. It opens SIP and IAX port access for "trusted providers" such as Google, Vitelity, etc. This is covered in detail below. We also open accessibility from non-routable IP addresses. You obviously can close or limit private LAN access, if desired. We included it for the benefit of those running and administering PBX in a Flash on private LANs where internal security is not a concern.

In Step #3, we'll let you set up additional access for other providers, users, and phones. You get your choice of up to 9 separate services in addition to the whole enchilada, and each account gets a name and a file to keep track of the latest IP address entry: somename.iptables. These are stored in /root. Don't delete them! New accounts can be added using either a static IP address (add-ip) or an FQDN (add-fqdn). These accounts also can be deleted whenever necessary (del-acct). You can rerun secure-iptables whenever you like, but it automatically deletes all custom user accounts. Here's the list of services from which to choose. Mix and match as desired to meet your own requirements.

0 - All Services
1 - SIP (UDP)
2 - SIP (TCP)
3 - IAX
4 - Web
5 - WebMin
6 - FTP
7 - TFTP
8 - SSH
9 - FOP

Just a word of caution. IPtables stores its setup in /etc/sysconfig/iptables, but it actually runs from an image in memory on your Linux server. As part of the load process, IPtables converts all FQDNs stored on disk to static IP addresses. This speeds up firewall processing enormously. While it's possible to add IPtables rules in memory without writing them to disk (as in the original Travelin' Man design), don't do it with Travelin' Man 3! You will lose these settings whenever IPtables is restarted by running any of the above scripts or whenever a refresh of FQDN IP addresses becomes necessary. Whatever you do, never ever run the command: service iptables save. This command is used to write the IPtables entries in memory to disk. In doing so it writes only static IP addresses to disk. This will erase (a.k.a. ruin) your Travelin' Man 3 FQDN setup and force you to start over with Step #1. Otherwise, none of your FQDN's would ever get refreshed because they've all disappeared and become static IP addresses.

IPtables also has a major shortcoming IMHO. We support FQDNs in IPtables to make it more flexible. However, a failed FQDN during an IPtables restart will cause IPtables not to load at all. We have worked around this by adding our own restart command which you should always use: iptables-restart. You've been warned.

Locking Down Your Server. While there's still time, let's spend a minute and lock down your server to the public IP address of the PC that you use to administer the system. If you don't know the public IP address of the desktop machine you use to manage your server, then click on this link using a browser on that machine, and our web site will tell you the IP address.

Now log into your virtual machine as root using SSH and issue the following commands:

cd /root
wget http://incrediblepbx.com/travelinman3.tar.gz
tar zxvf travelinman3.tar.gz
yum -y install bind-utils
./secure-iptables

When prompted for the FQDN or IP address of your Administrator PC, use the FQDN if you have one. Otherwise, type in the IP address and press the Enter key. Agree to the terms of service and license agreement by pressing Enter. When the IPtables file displays, verify that you have typed your FQDN or IP address correctly, or you will lock yourself out of your own server. Press Ctrl-X to exit the editor, and then press Enter to update IPtables and save your new configuration.

NOTE: If you are running PBX in a Flash in a cloud environment, be sure to add an entry to Travelin' Man 3 with the IP address of your cloud server. ifconfig will tell you what the IP address is. To add the entry, issue the command: /root/add-ip cloud 12.34.56.78 using your actual cloud IP address.

WARNING: If you use an FQDN for your Administrator PC and it points to a dynamic IP address, be sure to also add this same FQDN using add-fqdn. Otherwise, IP address changes will not be detected, and you may lock yourself out of your own server.

Nobody can access your server except someone seated at your PC or on your private LAN with your login credentials. You can repeat this process as often as you like because each time the script is run, it automatically restores your original IPtables configuration. Now let's grant access to your SIP providers and those using remote SIP or IAX phones.

Using DynDNS to Manage FQDNs. The key ingredient with Travelin' Man 3 is automatic management of dynamic IP addresses. When a user or even the administrator moves to a different location or IP address, we don't want to have to manually adjust anything. So what you'll first need is a DynDNS account. For $20 a year, you can set up 30 FQDNs and keep the IP addresses for these hostnames current 24-7. For $30 a year, you can manage 75 hostnames using your own domain and execute up to 600,000 queries a month. That's more than ample for almost any small business but, if you need more horsepower, DynDNS.com can handle it. What we recommend is setting up a separate FQDN for each phone on your system that uses a dynamic IP address. This can include the administrator account if desired because it works in exactly the same way. When the administrator extension drops off the radar, a refresh of IPtables will bring all FQDNs back to life including the administrator's account. Sounds simple? It is.

Preparation. Before we make further modifications to IPtables in Step #3, let's make a list of all the folks that will need access to your VoIP Server in the Cloud. For each entry, write down the name of the person, server, or phone as well as the type of entity which needs server access. Then provide either the static IP address or FQDN for each entry. If one or more of your IP addresses are dynamic (meaning the ISP changes them from time to time), we'll cover managing dynamic IP addresses in a minute. For now, just make up a fully-qualified domain name (FQDN) for each dynamic IP address using one of the available DynDNS domains. For static IP addresses, use the FQDN or the IP address. HINT: FQDNs make it easy to remember which entry goes with which provider.

Make a list of your providers NOT in this list: Vitelity (outbound1.vitelity.net and inbound1.vitelity.net), Google Voice (talk.google.com), VoIP.ms (city.voip.ms), DIDforsale (209.216.2.211), CallCentric (callcentric.com), and also VoIPStreet.com (chi-out.voipstreet.com plus chi-in.voipstreet.com), Les.net (did.voip.les.net), Future-Nine, AxVoice (magnum.axvoice.com), SIP2SIP (proxy.sipthor.net), VoIPMyWay (sip.voipwelcome.com), Obivoice/Vestalink (sms.intelafone.com), Teliax, and IPkall. The providers listed above are already enabled in the secure-iptables setup script. We call them Trusted Providers only because we trust them and have personally used all of them. We consider them reliable folks with whom to do business. It doesn't mean others aren't. It simply means these are ones we have tested with good results over the years. The only providers you'll need to add are ones we haven't provided. Also be sure to check whether the FQDNs of the providers above cover the server for your account. If not, you'll need to manually add those FQDNs as well. Keep in mind that trusted providers will have full SIP and IAX access to your server so stick with tried-and-true providers for your own safety. The PBX in a Flash Forum and DSL Reports are good sources of information on The Good, The Bad, and The Ugly.

Finally, list with a name each phone that will be connected to an extension on your server. If you have 10 traveling salesmen, then you might want to name them all by last name and also provide FQDNs with their last names, e.g. smith.dyndns.org and jones.dyndns.org. No spaces or punctuation in names or FQDNs! We strongly recommend using FQDNs wherever you can because it means zero work for you when a provider changes an IP address. Here's the table we use:

Name
Type: Person, Provider, Server, Phone
IP Address Type: Static or Dynamic
FQDN or IP Address
Services Desired: SIP, IAX, Web, FTP, SSH, etc.

Step #3: Adding Authorized Users. Now take your list and add each account to your server while logged in as root and positioned in the /root directory. For static IP addresses, use add-ip. For dynamic IP addresses and FQDNs, run add-fqdn and plug in the FQDN for each account. When one of your accounts needs to be removed, just run del-acct from the /root folder on your server and plug in the name of the account to delete. If a user changes from a static IP address to a dynamic IP address or vice versa, just delete the user and then add them again with the new IP address or FQDN. All of the accounts are stored in /root and have names like this: name.iptables.

Step #4: Setting Up DynDNS Client Updates. There are actually two pieces in the Dynamic DNS update puzzle. At the end-user side, you need to deploy a DynDNS update client on the same subnet as the phone of your user. See the links above to download the update software you prefer. In the case of cellphones with SIP phone capability, this could be as simple as installing the DynDNS update client directly on the phone itself. Plug in your DynDNS credentials as well as the FQDN associated with the particular phone, and the rest is automatic.

Step #5: Setting Up IPtables Auto-Refresh. Finally, we need a way for your server to discover when a refresh of FQDNs becomes necessary because someone's IP address has changed. The simplest way to do this is to automatically run a simple script (ipchecker) that polls the DNS authoritative server to determine whether the dynamic IP address associated with an FQDN has changed. If so, we'll update the account.iptables file to reflect the new IP address and then restart IPtables. This will refresh all IP addresses associated with FQDNs. If all or most of your users spend time sleeping each day, you may wish to run the script only during certain (waking) hours of the day so your server has less of a load. The other consideration is how often to check. The guideline here is how long can any user live without their SIP phone being connected to your server. 10 minutes may be reasonable for some. 60 minutes may suffice for others. For us, it's 3 minutes. It's your choice. The way Travelin' Man 3 works is, whenever at least one account has an IP address change, it will trigger a restart of IPtables to do an IP address refresh for all of the FQDNs.

The top of the ipchecker script in /root looks like this:

#!/bin/bash

# Insert the account filenames to be checked below
# Remember to increment the account[#] for new entries

account[0]=larry.iptables
account[1]=curly.iptables
account[2]=moe.iptables

# ipchecker (c) Copyright 2012, Ward Mundy & Associates LLC.

You'll need to edit the script (nano -w /root/ipchecker) and modify the section in bold to reflect the actual FQDN account names you've created on your server that are associated with dynamic IP addresses only. You don't want to monitor accounts with static IP addresses or FQDNs that never get updated. When those extensions are off-line, it's not because their IP address changed, and restarting IPtables won't really help to improve the situation. Be sure to increment the account[n] array for each new account that you want to monitor and use the exact format shown in the example above. Before you enter an account in the script, display the contents of the file using cat /root/accountname.iptables. Make certain that the file includes BOTH an FQDN, then a space, and then an IP address. If not, delete the account (del-acct) and add it again using add-fqdn.

Once you've entered all of your accounts with dynamic IP addresses, save the script: Ctl-X, Y, then Enter. Run the script manually now to be sure it works as you intended: /root/ipchecker. Be advised that typos that list accounts that don't exist will cause problems. Error checking consumes processing cycles by requiring additional queries so we've left it out. That means it's solely up to you to check your account names for accuracy. And, remember, only include accounts that have dynamic IP addresses with FQDNs.

Step #6: Automating FQDN Refreshes with Cron. Finally, you'll need to add an entry to the bottom of /etc/crontab using nano. If you wanted the script to run 24 hours a day at 10 minute intervals, here's the command:

*/10 * * * * root /root/ipchecker > /dev/null

If you wanted the script to only run between the hours of 8 a.m. and 9 p.m. (server time zone) at 10 minute intervals, then you'd use something like this:

*/10 8-21 * * * root /root/ipchecker > /dev/null

On our RentPBX complimentary account which we use while traveling, we actually set the interval to 3 minutes. Since the DNS lookups use dig, changes on Android phones using the DynDNS client are almost instantaneous even with automatic switching between WiFi and cellular service. Finally, be sure to type date on your server and verify which time zone your cloud server thinks it's in! Adjust the times in /etc/crontab accordingly.

Be sure to check back here periodically for updates and follow the latest happenings about Travelin' Man 3 in this thread on the PIAF Forums. Enjoy!

Originally published: Thursday, March 29, 2012   Updated: April 19, 2014

UNLESS YOU DISCONTINUE USING FQDN'S WITH IPTABLES, IT IS ABSOLUTELY ESSENTIAL THAT YOU MONITOR YOUR SERVER DAILY IF YOU ARE RELYING EXCLUSIVELY UPON IPTABLES AS YOUR FIREWALL PROTECTION MECHANISM AND YOU ARE USING FQDN'S AS PART OF YOUR CENTOS SECURITY METHODOLOGY!




Need help with Asterisk? Visit the NEW PBX in a Flash Forum.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

Coming to a Cloud Near You: Incredible PBX in the Cloud

Cloud Computing is all the rage today. And we’ve scoured the Earth looking for the best deal over or under the rainbow to host Incredible PBX in the Cloud. Here it is! For $14.99 a month with RentPBX.com, say goodbye to dedicated hardware, expensive Internet service, and a hefty electricity bill each month just to host your own Asterisk®-based VoIP server. After signing up for a free Google Voice account, just run the Incredible PBX installer on your custom configured PBX in a Flash virtual machine at RentPBX, and you’re ready to go with a free local phone number in your choice of U.S. area codes plus free long distance calling in the U.S. and Canada. Now plug in a SIP phone or softphone of your choice and start making calls. We insisted that all of the cloud savings be passed on directly to you. There’s no middleman and no commission. In fact, we don’t make a nickel, just the satisfaction of knowing you’ll be using our baby. Now that’s incredible! For those outside the U.S., it’s an ideal way to take advantage of free Google Voice calling. Here’s the $14.99 coupon code: PIAF2011.

News Flash: Be sure to read our latest article introducing Travelin’ Man 3, a completely new security methodology based upon FQDN Whitelists and DDNS. In a nutshell, you get set-it-and-forget-it convenience and rock-solid VoIP security for your Cloud-based PBX or any PBX in a Flash server that’s lacking a hardware-based firewall and you get both transparent connectivity and security for your mobile or remote workforce.

Of course, price is only part of the story. RentPBX also assures you the lowest possible latency for your VoIP calls. The RentPBX cloud gives you a choice of server locations including New Jersey, Baltimore, Atlanta, Tampa, Chicago, Dallas, Los Angeles, and Seattle. So you can set up your Incredible PBX within milliseconds of your favorite VoIP provider. For example, the Tampa cloud is less than a millisecond away from VoIP.ms. Under 10 millisecond connectivity is available to numerous hosts from almost all RentPBX cloud locations. You’ll also get the best support in the industry. And RentPBX also happens to be one of the very finest contributors on the PIAF Forum! There are no long-term contracts so check out this incredible offer before it’s gone. RentPBX does most of the heavy lifting for you by setting up your PBX in a Flash virtual machine with Asterisk 1.8 so it’s ready to go. Your part takes less than 10 minutes, and you’ll be making your first call. In the VoIP World, it doesn’t get any easier than that.

The Incredible PBX Inventory. For those that have never heard of The Incredible PBX, here’s a feature list of components you get in addition to the base install of PBX in a Flash the latest CentOS 5.x, Asterisk 1.8, FreePBX 2.8, and Apache, SendMail, MySQL, PHP, phpMyAdmin, IPtables Linux firewall, Fail2Ban, and WebMin. Cepstral TTS, Fax, Hamachi VPN, and Mondo Backups are just one command away and may be installed using some of the PBX in a Flash-provided scripts.

Installing Incredible PBX in the Cloud. To get everything working today, there are only three quick steps:

1. Set Up Your Google Voice Account
2. Create Your New Account on RentPBX.com
3. Run the Incredible PBX in the Cloud Installer

Then you’ll be ready to configure a softphone or SIP phone and start making free calls.

Google Voice Setup. You’ll need a dedicated Google Voice account to support The Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So why take the chance. Keep this account a secret!

We’ve also attempted setting this up using an existing Gmail account, and what we found was that inbound calls never ring through to Asterisk unless you sign out of Google Chat inside Gmail and leave it that way. The reason is because Google always delivers inbound calls exclusively to your Gmail Chat client if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with The Incredible PBX. Google Voice no longer is by invitation only so, if you’re in the U.S. or have a friend that is, head over to the Google Voice site and register. If you’re living on another continent, see MisterQ’s posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it’s over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

RentPBX Setup. Once you have your Google Voice credentials, you’re ready to get your virtual machine at RentPBX set up. First, you’ll need an account. So visit RentPBX.com and sign up for an account using the coupon code above to get your discount. Pick a cloud server to host your new system, choose the PIAF-Purple 1.7.5.6 install option, set up a username and very secure password, and you’re done. Once your account is established and you receive your credentials, here’s the 5-minute procedure to install the special RentPBX-edition of Incredible PBX to begin making free calls in the U.S. and Canada through Google Voice.

Log into your RentPBX account using SSH and the port assigned to your account. For Windows users, download Putty from here. The SSH command will look something like this:

ssh -p 21422 root@209.249.149.108

Running The Incredible PBX in the Cloud Installer. While logged into your virtual machine as root, issue the following commands to set up Incredible PBX in the Cloud:

cd /root
wget http://incrediblepbx.com/incrediblepbx18-rentpbx.x
chmod +x incredible*
./incrediblepbx18-rentpbx.x

When the install begins, accept the license agreement and you’ll be prompted for the following:

Google Voice Account Name
Google Voice Password
Google Voice 10-digit Phone Number
Gmail Notification Address
FreePBX maint Password

The Google Voice Account Name is the Gmail address for your new dedicated account, e.g. joeschmo@gmail.com. Don’t forget @gmail.com! The Google Voice Password is the password for this dedicated account. The Google Voice Phone Number is the 10-digit DID for this dedicated account. We need this if we ever need to go back to the return call methodology for outbound calling. For now, it’s not necessary. But who knows what the future holds. :roll: The Gmail Notification Address is the email address where you wish to receive alerts when incoming and outgoing Google Voice calls are placed using The Incredible PBX. And your FreePBX maint Password is the very secure password you want to use to access FreePBX using a web browser. We need this password to properly configure the CallerID Superfecta for you. By the way, none of this confidential information ever leaves your machine… just in case you were wondering.

Now have another 5-minute cup of coffee, and consider a modest donation to Nerd Vittles… for all of our hard work. 😉 You’ll find a link at the top of the page. When the installer finishes, READ THE SCREEN just for grins.

Remember that Incredible PBX in the Cloud is sitting directly on the Internet! So choose very strong passwords for everything including your extensions and trunks. Incredible PBX automatically randomizes extension passwords and locks access to the extensions down to the subnet of your cloud server. You’ll have to adjust this IP address to make connections from any external phone.

Here’s a short 4-minute video demonstration of the Incredible PBX installer process. Yes, even a monkey could do it…

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Securing Your RentPBX Server. The WhiteList application is not yet supported in the cloud. So you’ll need to secure your system to avoid endless hack attempts on your SIP resources. Here’s how. First, write down the IP addresses of your RentPBX server and your home network. Second, print out your existing IPtables configuration. The file to print is /etc/sysconfig/iptables. Third, make a backup copy of the file. While logged into your server with SSH, the easiest way is like this:

cd /etc/sysconfig
cp iptables iptables.bak

Now we need to edit the iptables file itself: nano -w iptables. Then search for the line that contains 5060: Ctrl-W, 5060, Enter. At the beginning of this line, add # to comment out the line. With the cursor still on this line, press Ctrl-K then Ctrl-U twice. This will duplicate the line. Move to the second commented line and remove #. Use the right cursor to move across the line to –dport. Then insert the following using the IP address of your RentPBX server, e.g.

-s 229.149.129.248

Be sure there’s at least one space before and after the new text. Now duplicate that line with Ctrl-K and Ctrl-U twice. Change the IP address on the second line to the public IP address of your home or office network. Repeat this process for every IP address where you intend to use a SIP phone connected to your RentPBX server. Make additional entries for your SIP providers as well. If you want to sleep better, you can make similar changes to the SSH port entry to restrict it to your home/office IP address. It’s the line immediately above the 5060 entry. Ditto for port 80 which is web access. Be very careful here. A typo will lock you out of your own server! When you’re finished, save the changes: Ctrl-X, Y, Enter. Then restart IPtables: service iptables restart.

As always, we strongly recommend that you not put all of your VoIP eggs in one basket. Google Voice does go down from time to time. Vitelity is a perfect complement because the costs are low and you only pay for the service you use. A discount sign up link is below. And Vitelity has contributed generously to both the Nerd Vittles and PBX in a Flash projects. So please support them.

Logging in to FreePBX. Using a web browser, you access the FreePBX GUI by pointing your browser to the IP address of Incredible PBX in the Cloud. Click on the Admin tab and choose FreePBX. When prompted for a username, it’s maint. When prompted for the password, it’s whatever you set up as your maint password when you installed Incredible PBX in the Cloud. If you forget it, you can always reset it by logging into your server as root and running passwd-master.

Extension Security Setup. For each remote phone you wish to set up, there are two preliminary steps before you can connect to your virtual machine from the remote phone. First, you must authorize the remote IP address of your phone in IPtables as we outlined above. Second, you must authorize the same remote IP address in FreePBX for the extension to which you will connect. Once you access the FreePBX GUI with your browser, choose Setup, Extensions, and click on the extension number you plan to use with the phone. Make a note of the secret which is the password for this extension. Also write down the Voicemail Password which you’ll need to retrieve your voicemail. Finally, move down to the permit field and change the entry to the public IP address of your remote phone followed by /255.255.255.255. Submit your changes and reload FreePBX when promoted. A typical entry would look like this:

permit: 123.456.123.456/255.255.255.255

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you’ll want a real SIP telephone such as the $50 Nortel color videophone we’ve recommended previously. You’ll also find lots of additional recommendations on Nerd Vittles and in the PBX in a Flash Forum. If you’re like us, we want to make damn sure this stuff works before you shell out any more money. So, for today, let’s download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using your actual password for extension 701 (or whatever extension you plan to use) and the actual IP address of your Incredible PBX in the Cloud server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

PBX on a Flash

Astricon 2011. Astricon 2011 will be in the Denver area beginning Tuesday, October 25, through Thursday, October 27. We hope to see many of you there. Be sure to mention you’d like a free PIAF thumb drive. We hope to have a bunch of them to pass out to our loyal supporters. Nerd Vittles readers also can save 15% on your registration by using this coupon code. Register by July 10 to save an additional $170.

Originally published: Monday, June 27, 2011




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Incredible PBX 1.8: New OpenVZ and Cloud Editions

Another exciting week in the Asterisk® community with the introduction of Asterisk 1.8.2 last Friday. It's now the official PIAF-Purple payload so you can simply download the current ISO to take it for a spin. Most of the pesky bugs in Asterisk 1.8.0 and 1.8.1 now have been addressed. Let us know if you find some new ones.

While the Asterisk Dev Team has been hard at work on Asterisk 1.8.2, we've turned our attention to the cloud and VoIP virtualization. We have three new products to introduce today. The first lets you install PIAF-Purple with Asterisk 1.8.2 using a new OpenVZ template. The second lets you run Incredible PBX 1.8 as a virtual machine using the new PIAF-Purple 1.8.2 OpenVZ template. Finally, we'll show you how to run Incredible PBX 1.8 in the cloud with hosted VoIP service from RentPBX.com for $15 a month with a free local phone number and free Google Voice calling in the U.S. and Canada. So let's get started.

Using the OpenVZ PIAF-Purple Template. If you haven't heard of OpenVZ templates before, you've missed one of the real technological breakthroughs of the last decade. Rather than wading through the usual 30-minute ISO installation drill, with an OpenVZ template, all of the work is done for you. And it's quick. You can build a dozen PIAF-Purple systems using an OpenVZ template in about 15 minutes with a per system cost of less than $50. See Comment #2 below for an extra special Dell half-price server deal this week. And it's incredibly easy to then tie all of these systems together using either SIP or IAX trunks. Just follow our previous tutorial. For resellers and developers that want to try various Asterisk configurations before implementation and for trainers and others that want to host dedicated Asterisk systems for customers, the OpenVZ platform is a perfect fit. Read our original two-part article to get up to speed on Proxmox, virtualization, and IPtables with OpenVZ. Then continue on here.

Thanks to Darrell Dillman (aka dad311 on the PIAF Forums), there already is a 64-bit OpenVZ template of PIAF-Purple with Asterisk 1.8.2. Just download the template to your Desktop and then, using the Proxmox console, choose Appliance Templates, Upload File to upload the OpenVZ template into your Proxmox server platform. Once installed, you can build Asterisk 1.8.2 virtual machines to your heart's content... in less than a minute apiece. Just choose Virtual Machine, Create to create a new virtual machine using the OpenVZ template you just uploaded. In the Configuration section, choose OpenVZ for the Type and pick your new OpenVZ template from the pulldown list. Fill in a Host Name, Disk Space maximum (in GB), and (root) Password. The other defaults should be fine. In the Network section of the form, change to the Bridged Ethernet (veth) option which means the VM will obtain its IP address from your DHCP server. Make sure your DNS settings are correct for your LAN. Here's how a typical OpenVZ creation form will look:

Once the image is created, start up the virtual machine, wait about 70 seconds for the system to load, and then click on Open VNC Console. Asterisk will be loaded and running. You can verify this on the status display. You can safely ignore the status messages pertaining to IPtables assuming iptables -nL shows that IPtables is functioning properly. With the exception of text-to-speech (TTS), you now have a PIAF-Purple base platform running Asterisk 1.8.2 and FreePBX 2.8. Be sure you always run it behind a hardware-based firewall with no port exposure to the Internet.

Before you do anything else, run passwd-master to secure the passwords for FreePBX GUI access to your system. Don't forget!

If you're planning to install Incredible PBX below or if you don't need text-to-speech on your system, you can skip this next step which gets 64-bit TTS installed. Otherwise, here are the commands to get it working:

cd /root
./install-flite

Note to Our Pioneers. To those that tested the new OpenVZ template this past week, THANK YOU! Be advised that we now have incorporated several of the recommended tweaks which were documented in the PIAF Forums. The install procedure outlined above explains the new behavior of the slightly improved OpenVZ template which now is available for download. We recommend you switch.

Asterisk CLI Change. Finally, just a heads up that (once again) the Asterisk Dev Team appears to have changed the default behavior of the Asterisk CLI. With Asterisk 1.8.2, if you make outbound calls after loading the CLI, you will notice that call progress no longer appears in the CLI. To restore the standard behavior (since Moses), issue the following command: core set verbose 3. :roll:

 


Installing Incredible PBX on OpenVZ Systems. We won't repeat the entire Incredible PBX article here. If you want the background on the product, read the latest article. To get everything working with an OpenVZ system, there are only three steps:

1. Set Up Your Google Voice Account
2. Run the Incredible PBX VM Installer
3. Configure a Softphone

Configuring Google Voice. You'll need a dedicated Google Voice account to support The Incredible PBX. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now. So why take the chance. Keep this account a secret!

We've tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively with The Incredible PBX. Google Voice no longer is by invitation only so, if you're in the U.S. or have a friend that is, head over to the Google Voice site and register. If you're living on another continent, see MisterQ's posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work... in either direction. Google used to permit outbound Gtalk calls using a fake CallerID, but that obviously led to abuse so it's over! You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don't skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you'd like in Settings, Voice Setting, Phones. But...

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That's the destination we need for The Incredible PBX to work its magic! Otherwise, all inbound and outbound calls will fail. If you don't see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you're still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call Screening - OFF
  • Call Presentation - OFF
  • Caller ID (In) - Display Caller's Number
  • Caller ID (Out) - Don't Change Anything
  • Do Not Disturb - OFF

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued on your PBX.

Running The Incredible PBX Installer. Log into your server as root and issue the following commands to set up The Incredible PBX:

cd /root
rm incrediblepbx18-vm.x
wget http://incrediblepbx.com/incrediblepbx18-vm.x
chmod +x incredible*
./incrediblepbx18-vm.x
passwd-master

When The Incredible PBX install begins, you'll be prompted for the following:

Google Voice Account Name
Google Voice Password
Google Voice 10-digit Phone Number
Gmail Notification Address
FreePBX maint Password

The Google Voice Account Name is the Gmail address for your new dedicated account, e.g. joeschmo@gmail.com. Don't forget @gmail.com! The Google Voice Password is the password for this dedicated account. The Google Voice Phone Number is the 10-digit DID for this dedicated account. We need this if we ever need to go back to the return call methodology for outbound calling. For now, it's not necessary. But who knows what the future holds. :roll: The Gmail Notification Address is the email address where you wish to receive alerts when incoming and outgoing Google Voice calls are placed using The Incredible PBX. And your FreePBX maint Password is the password you'll use to access FreePBX. You'll actually set it by running passwd-master after The Incredible PBX completes. We need this password to properly configure the CallerID Superfecta for you. By the way, none of this confidential information ever leaves your machine... just in case you were wondering.

Now have another 5-minute cup of coffee, and consider a modest donation to Nerd Vittles... for all of our hard work. 😉 You'll find a link at the top of the page. While you're waiting (and so you don't forget), go ahead and configure your hardware-based firewall to support Google Voice. See the next section for what's required. Without completing this firewall configuration step, no calls will work! When the installer finishes, READ THE SCREEN just for grins.

Here's a short video demonstration of the original Incredible PBX installer process. It still works just about the same way except there's no longer a second step to get things working.

One final word of caution is in order regardless of your choice of providers: Do NOT use special characters in any provider passwords, or nothing will work!

Before you do anything else, run passwd-master again to resecure the passwords for FreePBX GUI access to your system. Don't forget!

Firewall Configuration. We hope you've taken our advice and installed a hardware-based firewall in front of The Incredible PBX. It's your phone bill. You'll need to make one adjustment on the firewall. Map UDP 5222 traffic to the internal IP address of The Incredible PBX. This is the port that Google Voice uses for phone calls and Google chat. You can decipher the IP address of your server by logging into the server as root and typing status.

Extension Password Discovery. If you're too lazy to look up your extension 701 password using the FreePBX GUI, you can log into your server as root and issue the following command to obtain the password for extension 701 which we'll need to configure your softphone or color videophone in the next step:

mysql -uroot -ppassw0rd -e"select id,data from asterisk.sip where id='701' and keyword='secret'"

The result will look something like the following where 701 is the extension and 18016 is the randomly-generated extension password exclusively for your Incredible PBX:

+-----+-------+
id         data
+-----+-------+
701      18016
+-----+-------+

Configuring a SIP Phone. There are hundreds of terrific SIP telephones and softphones for Asterisk-based systems. Once you get things humming along, you'll want a real SIP telephone such as the $50 Nortel color videophone we've recommended above. You'll also find lots of additional recommendations on Nerd Vittles and in the PBX in a Flash Forum. If you're like us, we want to make damn sure this stuff works before you shell out any money. So, for today, let's download a terrific (free) softphone to get you started. We recommend X-Lite because there are versions for Windows, Mac, and Linux. So download your favorite from this link. Install and run X-Lite on your Desktop. At the top of the phone, click on the Down Arrow and choose SIP Account Settings, Add. Enter the following information using your actual password for extension 701 and the actual IP address of your Incredible PBX server instead of 192.168.0.251. Click OK when finished. Your softphone should now show: Available.

Incredible PBX Test Flight. The proof is in the pudding as they say. So let's try two simple tests. First, let's place an outbound call. Using the softphone, dial your 10-digit cellphone number. Google Voice should transparently connect you. Answer the call and make sure you can send and receive voice on both phones. Second, from another phone, call the Google Voice number that you've dedicated to The Incredible PBX. Your softphone should begin ringing shortly. If not, make certain you are not logged into Google Chat on a Gmail account with these same credentials. If everything is working, congratulations!

Here's a brief video demonstration showing how to set up a softphone to use with your Incredible PBX, and it also walks you through several of the dozens of Asterisk applications included in your system.

Solving One-Way Audio Problems. If you experience one-way audio on some of your phone calls, you may need to adjust the settings in /etc/asterisk/sip_custom.conf. Just uncomment the first two lines by removing the semicolons. Then replace 173.15.238.123 with your public IP address, and replace 192.168.0.0 with the subnet address of your private network. There are similar settings in gtalk.conf that can be activated although we've never had to use them. In fact, we've never had to use any of these settings. After making these changes, save the file(s) and restart Asterisk: amportal restart.

 


 

Running Incredible PBX in the Cloud. We've saved the best for last today. For many folks, you may want to experiment with VoIP technology without making a hardware investment and without having to master the intricacies of managing your own server and network. That's what Cloud Computing is all about. And we've searched far and wide to find you the perfect platform. As with many of you, one of our top priorities is always cost. While many providers were willing to provide Nerd Vittles with a few sheckles for pitching their product, only one stepped forward with a price point that we think is irresistible. And, for the record, we waived any compensation other than a few test accounts to get things working properly, so that all of the savings could be passed on to you! So here's the deal. $15 a month gets you your own PIAF-Purple server in the cloud at RentPBX.com. Just use this coupon code: BACK10, pick an east coast or west coast server to host your new system, choose the PIAF-Purple 1.7.5.5.4 install option, set up a username and very secure password, and you're off to the races. Once your account is established, here's the 5-minute procedure to install the special RentPBX-edition of Incredible PBX to begin making free calls in the U.S. and Canada through Google Voice.

Begin by Configuring Google Voice as outlined above. Then log into your RentPBX account using SSH and the port assigned to your account. For Windows users, download Putty from here. The SSH command will look something like this:

ssh -p 21422 root@209.249.149.108

Issue the following commands to download and run The Incredible PBX installer for RentPBX:

cd /root
wget http://incrediblepbx.com/incrediblepbx18-rentpbx.x
chmod +x incrediblepbx18-rentpbx.x
./incrediblepbx18-rentpbx.x
passwd-master

Now just follow along in the Incredible PBX virtual machine tutorial which we've included above. Remember that your new Incredible PBX is sitting directly on the Internet! So don't forget to run passwd-master when you finish the install, or your system is vulnerable. Ours was attacked within minutes!

Securing Your RentPBX Server. With the exception of our WhiteList application, everything is working on your RentPBX server. While we continue to work on the WhiteList component (reread this section of the article in a week or so to get the latest updates), you need to secure your system to avoid endless hack attempts on your SIP resources. Here's how. First, write down the IP addresses of your RentPBX server and your home network. Second, print out your existing IPtables configuration. The file to print is /etc/sysconfig/iptables. Third, make a backup copy of the file. While logged into your server with SSH, the easiest way is like this:

cd /etc/sysconfig
cp iptables iptables.bak

Now we need to edit the iptables file itself: nano -w iptables. Then search for the line that contains 5060: Ctrl-W, 5060, Enter. At the beginning of this line, add # to comment out the line. With the cursor still on this line, press Ctrl-K then Ctrl-U twice. This will duplicate the line. Move to the second commented line and remove #. Use the right cursor to move across the line to --dport. Then insert the following using the IP address of your RentPBX server, e.g.

-s 229.149.129.248

Be sure there's at least one space before and after the new text. Now duplicate that line with Ctrl-K and Ctrl-U twice. Change the IP address on the second line to the public IP address of your home or office network. Repeat this process for every IP address where you intend to use a SIP phone connected to your RentPBX server. Make additional entries for your SIP providers as well. If you want to sleep better, you can make similar changes to the SSH port entry to restrict it to your home/office IP address. It's the line immediately above the 5060 entry. Ditto for port 80 which is web access. Be very careful here. A typo will lock you out of your own server! When you're finished, save the changes: Ctrl-X, Y, Enter. Then restart IPtables: service iptables restart.

As always, we strongly recommend that you not put all of your VoIP eggs in one basket. Google Voice does go down from time to time. Vitelity is a perfect complement because the costs are low and you only pay for the service you use. A discount sign up link is below. And Vitelity has contributed generously to both the Nerd Vittles and PBX in a Flash projects. So please support them. Enjoy!

Originally published: Monday, January 17, 2011




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

Introducing PogoPlug: Cloud Computing for $100 per Terabyte

Introducing PogoPlug

Ever wished you could build and manage your own Cloud Computing Center with minimal cost and no recurring charges… ever? Well, today’s your lucky day.

It takes a lot to get us excited about a new product offering. But this one is a real winner! For under $130, Cloud Engines provides you your very own PogoPlug 2.0 device that connects to your router and shares up to four USB drives over the Internet. At today’s prices and ignoring sales tax, that means you can put eight terabytes of Cloud Storage on line for a one-time cost of about $100/terabyte. To give you a point of reference, Google will rent you the same space for $256/terabyte… per year. And Google is one of the least expensive Cloud Computing resources out there. Here’s the math for naysayers:

4 – WalMart1 2TB WD MyBook Drives @ $169 each = $676
1 – PogoPlug 2.0 Device @ $129 each = $129
ONE-TIME, NON-RECURRING COST: $805/8TB or $100/TB

For those that don’t need 8 terabytes, the 2 terabyte setup including the drive and PogoPlug device is still just over half the one-year rental rate of equivalent storage from Google. And, just to be clear, this isn’t merely a storage device (like Amazon S3) requiring downloads before the files can actually be used. PogoPlug’s software makes these USB drives an integral part of your Desktop just like any other attached storage devices. Think WebDAV! So it makes a perfect home for your music, movie, and photo collections. There also are loads of Open Source applications for PogoPlug for those that like to tinker. And you can use PogoPlug to keep synchronized backups of your important files.

Other Options. Be aware that for about $50 less, you can purchase the Seagate FreeAgent DockStar Network Adapter which includes a single year of PogoPlug Internet support. After that, it’s $30 annually. Translation: By the end of the second year, you’re better off with the PogoPlug. So the choice is a No-Brainer in our book. But, the fact that Seagate is also standing behind the PogoPlug design should make everyone sleep more soundly.

Deployment. After a one-minute, one-time setup over the Internet, you can securely access all of your USB drive resources via PogoPlug using either a web browser or one of several free desktop applications that are available for Windows, Mac OS X, Linux as well as Android phones, iPhones, and (earlier today) Blackberrys. And you get free support and a terrific forum. The device works flawlessly behind either a DSL or cable modem AND a NAT-based router so there are no firewall issues to address. Just enter the serial number on the bottom of your device when you access the PogoPlug web site, and configuration is automatic.

Uploading Files. One of PogoPlug’s slickest features is its automatic cataloging of files which are uploaded. Once uploaded, you can view your Music, Movies, and Pictures by simply clicking on one of the buttons. Photos are cataloged into directories by the month in which the photos were taken. Music is indexed by artist, album, and genre. In addition, music by artist, album and genre as well as photo albums can be shared by entering email addresses for those that can access the materials, by enabling public viewing (assuming you have legal rights to do so), or by sharing items using your Twitter, Facebook, and MySpace credentials. We’ve shared a photo album just to give you an idea of how this works. The security and logistical nuts and bolts all are managed by Cloud Engines’ servers. You can review and modify the materials you’re sharing by clicking on the Files I Share link in your browser. Finally you can automatically alert those with share privileges when folder content is updated. Very slick!

Give PogoPlug a try. By clicking on one of our links, you also help support the Nerd Vittles project. We think you’ll be as thrilled as we are with this terrific new creation. Enjoy!




Need help with Asterisk®? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! After the free hour of outbound calling, Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. The in-store pricing at WalMart is actually cheaper than on line for these particular drives. []

Ringbinder theme by Themocracy