Administrator Manual
Objective:
Allow the administrator to set up the initial configuration of Smart Assistant in an Elastix
server.
Description:
Smart Assistant is an application developed for smartphones that allows a user to
efficiently assign calls over an Elastix unified communications server.
The application allows to create several scenarios where the user can decide how to
re-route an ingoing call. Smart Assistant intelligently determines our location trough the
technologies that reside on the phone and proceeds to successfully apply a condition
previously configured.
Installation
Go to your Addons module on your Elastix servers web interface.
Search for the module Smart Assistant, and click on install.
Its important to mention that users must install as well the Smartphone app of Smart
Assistant on their devices. This app is available in Google Play web store.
When these two steps have been completed, you can go to the Smart Assistant menu
on the Elastix web administration interface.
The administrator, according with its companys politics, can enable, or not, the
creation of Targets by the user. This functionality is available in the Premium version of
the mobile application.
Lets click on save and the module will register the new user to the database of the
server.
As we can see in the image above, when creating the destination called CONFROOM
(SMART-CONFROOM), it will be shown in the user mobile app and be available in the
destinations list.
Please consider that in the free version, the destinations created are shared among all
the users. This means that if you create a Home destination, it will be shown in all the
organizations devices, and can be selected within the options by all the users created.
Specific Targets
The configuration for the Standard version of Smart Assistant is very similar to the free
version. With the difference that the prefix that have to be used when adding a
destination have to be the users extension in the Elastix server and not the word
Smart. For example: 230-CellPhone.
This configuration assures that only the user whose extension is 230 will have this
destination in the mobile Smart Assistant app.
The administrator can create as many targets as necessary; these targets will be
shown on a list.
To allow the user the selection of a specific destination from the application, he/she
must purchase a Standard license.
Adding a license
A user can purchase a Standard or Premium license at:
http://store.palosanto.com/index.php/elastix-addons/elastix-smartassistant.html
Each license has additional features that allow to extend the functionality of the
application.
Once the user has purchased a license, he/she will receive a file with a ".lic" extension
and the following format:
lic- user_device_id_number.lic
The user must send this file to the administrator, so he can include the license in the
device configuration in Elastix.
The administrator must go to PBX SmartAssistant
Then click on the desired device to enter the license.
Once in the configuration interface, the administrator can add the license file by clicking
on "Select File", then browse to find it, uploaded and click on "Save."
The user will have all the available functionalities in the application automatically.
When installing the addon from the Elastixs market place, a web application is created
in apache.
Its configuration file is located in:
/etc/httpd/conf.d/smartassistant.conf
If we want to change the communication port we must do so the two instances where it
is set.
In the following example we change the listening port to 39000
Save the changes and leave the file, then restart apache for the changes to take effect.
To change this you must execute the following command in the Elastix server.
/opt/smartassistant/smart-set-secret.php new_key
Note: the new key must be a 16 digits, alphanumeric string.
As the encryption method is unique for the entire server, you must set up all the
devices that are connected to it.
In the next example, we change the encryption key to jk49UU23qw23rY5C
Note: This change will affect all the Smart Assistant applications associated with
server, this cannot be changed individually for each user.
Port Knocking
SmartAssistant is able to work with Port-Knocking. Starting Elastix version 2.4, this
functionality comes already included by default.
For versions prior to Elastix 2.4, you can install the Port-Knocking (knockd) service by
following the procedure described in the "Security on CentOS servers with Elastix"
guide. A detail of this installation can be reviewed in Appendix A.
The following file shows an example of the settings available
/opt/smartassistant/knockd_sample.conf
In this example we are enabling the opening of port 54321, once the user knocks
(probes) the following sequence of ports: 30000-30500-31000 (sequence = 30000,
30500, 31000), also we are giving the order to close the port after 10 minutes (600
seconds).
cmd_timeout = 600
The port opening is exclusively for the IP address that is knocking (probing), not for
every IP address.
Port-Knocking configuration in the application side is performed as follows:
1.
2.
Fail2Ban
We can find a sample configuration for fail2ban, in the directory /opt/smartassistant/
Support / Questions
For support or further inquiries, please write to:
smartassistant@elastix.com
@_SmartAssistant
Annex A
Port-knocking: Knock before entering
Installation and configuration
Taken from:
=
=
=
=
7000,8000,9000
5
syn
iptables -A INPUT -s %IP% -p tcp --dport 22 -
[closeSSH]
sequence
seq_timeout
tcpflags
command
j ACCEPT
=
=
=
=
9000,8000,7000
5
syn
iptables -D INPUT -s %IP% -p tcp --dport 22 -
[openHttps]
sequence
seq_timeout
tcpflags
command
-j ACCEPT
=
=
=
=
7001,8001,9001
5
syn
iptables -I INPUT -s %IP% -p TCP --dport 443
[closeHtttps]
sequence
seq_timeout
tcpflags
command
-j ACCEPT
=
=
=
=
9001,8001,7001
5
syn
iptables -D INPUT -s %IP% -p TCP --dport 443
Now we go to /etc/rc.d/init.d and create the "knock" file containing the following lines to
handle the daemon as a service:
#!/bin/bash
#
# chkconfig: 345 92 08
# description: Demonio de Knockd
#
http://www.zeroflux.org/projects/knock
# process name: knockd
#
#
# Author: Rodrigo Martin
#
# Source function library.
. /etc/init.d/functions
# Check that the config file exists
#[ -f /etc/knockd.conf] || exit 0
KNOCKD="/usr/sbin/knockd -d"
RETVAL=0
getpid() {
pid=` ps -eo pid,comm | grep knockd | awk '{ print $1 }'`
#echo $pid
}
start() {
echo -n $"Starting knockd: "
getpid
if [ -z "$pid" ]; then
$KNOCKD start > /dev/null
RETVAL=$?
fi
if [ $RETVAL -eq 0 ]; then
touch /var/lock/subsys/knockd
echo_success
else
echo_failure
fi
echo
return $RETVAL
}
stop() {
kill "$pid"
rm -f /var/lock/subsys/knockd
echo_success
else
echo_failure
fi
else
echo_failure
fi
echo
return $RETVAL