Networking Topology

In the Live Platform setup, endpoints are deployed in the enterprise behind a firewall or NAT and connect to Live Platform over an HTTPS public internet connection. This connection is established through a keep-alive mechanism. The Endpoints send Keep-alive requests to the Imperva Incapsula WAF. The WAF aggregates the requests and then sends them to the Azure Aggregator App Service. The Aggregator then forwards the requests to the Device Manager to the relevant instance based on the Service Device URL. When the WAF is not used, endpoints can alteratively send Keep-alive requests to AudioCodes Redirect server.

The Device Manager FQDN (see Configuring Device Manager FQDN) is used to specify the Live Platform Management System .

Microsoft Teams phones do not have REST server capabilities, therefore they cannot receive REST commands such as Device Reset and configuration and firmware files update requests. Instead when the Device Manager performs such actions on the Teams phones (PUT and POST only), the commands are embedded in the HTML response in the Keep-alive messages that are sent from the Teams phones at one minute intervals. See example HTML Keep-alive response below.

{
   "requests":[
     {
      "method":"PUT",
      "path":"\/rest\/v1\/command\/ResetGracefulHandler",
      "body":{
         "sessionId":"f0144216",
         "emsUserName":"elic@audiocodesipprnd.onmicrosoft.com",
         "emsUserPassword":"81c11125567a212da873582b82e3efb6",
         "schedulePeriod":""
      }

AudioCodes Redirect server is used for Day One provisioning of endpoints. Once endpoints are successfully added to the Redirect Server, connected to the network and boot up, they receive the relevant firmware which matches the device model and version according to the latest versions loaded to the Device Manager(see Uploading Latest Firmware to Device Manager). The Redirect Server redirects devices according to the unique Service Device URL created for the Device Manager service. For example, https://sandbox1.finebak.com/ltcfordevice/c/9d7de99d-806d-4579-a8c2-d129326b02ba/.

The Azure Blob is used to store devices firmware files and cfg configuration files. The files in Azure Blob are displayed in the Device Manager Generated Configuration Azure Files page (see Generated Configuration Azure Files). Azure Blob and Device Manager are synchronized. The endpoints retrieve their files from the Azure Blob. ShareFile can also be used to store device firmware and configuration files. Synchronization is performed between the Azure Blob storage and ShareFile through the Device Manager.

The initial connection with Android Teams devices is established using AudioCodes default Root CA. Its highly recommended to replace this certificate with custom certificates.
For management of Polycom Trio devices, Polycom VVX devices and Spectralink 8440 devices, Live Platform must directly establish connection with these devices. Polycom devices do not send keep alive messages and instead send status messages.
When the Device Manager is deployed in a cloud environment, it's strongly recommended to implement VPN communication between the Device Manager and endpoints

The following summarizes the provisioning process:

1. Microsoft Teams phones send Keep-alive requests to the Application Gateway/Imperva Incapsula WAF.
2. The WAF aggregates the Keep-alive messages and then sends them to the Azure Aggregator App Service.
3. The WAF sends the provisioning REST requests to Live Platform including the tenant Id of the customer tenant.
4. The Aggregator service sends the Keep-alive requests to the Live Platform.
5. Live Platform connects to AudioCodes Redirect server to map the list of endpoint MAC addresses to their Provisioning URL.
6. Device Manager synchronizes the latest firmware files and configuration files with the Azure Blob Storage and ShareFile account.
7. The phones retrieve the device firmware and configuration from the Azure Blob Storage account.
8. In Day Two the Endpoints send requests to the Device Manager.

For Firewall rules (see Configure Firewall).