08 Jan AudioCodes OVOC Device Management
The latest version of the One Voice Operations Centre includes support for native Microsoft Teams phones. This is good news as to date the management story for Audiocodes phones has been limited to the Microsoft Teams Admin Centre (MTAC) which is mostly just management of the Teams App that runs on the phone hardware with ancillary support for some device related settings. Management is always an important part of the device story so that admins can carry out operational related tasks such as patching, modifying device related settings, as well as allowing for bulk or per device changes. OVOC includes device management within the product and incidentally can also be used to manage SIP, 3PIP (Skype for Business), as well as their new Room Experience (RX) devices and even 3rd party vendors such as Jabra and Polycom.
In this post I’m going to focus on some of the challenges, tools, and requisites for managing AudioCodes Teams devices.
Overall Teams device management is still a fairly nascent area at present, and I’ve experienced past difficulties when using the MTAC to manage AudioCodes devices with devices not showing at all, or showing as offline meaning they could neither be managed or patched from the MTAC. In addition AudioCodes Teams phones don’t include an admin web UI either (Note: The admin web UI is available when in 3PIP mode).
The admin web UI usually allows an administrator to browse to a phones IP address and modify device related settings manually such as specifying the device management server, or network related settings or to update firmware and so on. Unfortunately the only way to manage any native Audiocodes Teams phone settings is from the phone itself, or via Command Line Interface via SSH to the phone. Although inconvenient this is fine for a few devices but certainly wouldn’t work well at scale when dealing with hundreds of devices.
Manual Update – CLI
Manual updates via Command Prompt are very straight forward. In my example i’m using a C450HD but the same command should work on any native Teams phone EG C470HD or C448HD.
Open a command prompt and ensure the update is in the same directory path where the command prompt is running. This command copies the firmware to the phone using the Secure Copy Protocol (SCP)
Once copied to the phone the update can be run with the following command substituting the IP address below for the IP address of your phone of course. The phone should then automatically reboot and the new firmware will be burnt to the flash memory.
See chapter 6 (page 65) Updating Firmware Manually
Manual Update – GUI
If like me you’re not a fan of the command line Audiocodes do have a stand alone GUI tool that can help simplify bulk firmware updates. Its also a great debugging tool and has many more really useful features such as Screen recording, Screen Capture, downloading Call Logs, switching between Teams/Skype modes, Factory Reset, Syslog and more.
Under the hood this tool is still using SSH to connect to the phone. But if the MTAC or OVOC isn’t available and you only have a handful of phones bulk updates can be accomplished easily by updating a text file with your phone IP addresses, browsing to your firmware and then hit submit. All phones in your list will be updated sequentially.
OVOC Version 7.8.2241 is the current and latest version of OVOC required for native Teams support. Device Manager Pro is the specific component within OVOC that’s used for managing phones. Your OVOC instance will need to include enough Endpoint licenses for the devices you intend to manage.
It is possible to load configuration files, firmware , customized configurations on a per phone model, tenant and device and even provide a zero touch configuration so that phones are automatically configured and provisioned as soon as they’re added to the network.
Note: At present the following features are supported on native Teams Phones:
Upgrading OVOC is quite straight forward. In my case I was running version 7.8.2000 so had to upgrade OVOC first before I could see the new Teams configuration settings.
Firstly ensure you have a working backup before you proceed with an upgrade. I’ve had a few experiences in the past where my OVOC server has been bricked by an update. In my case my OVOC server is running in Azure so I’m using Azure Backup to backup the server on a weekly basis.
You’ll need a copy of the OVOC ISO before you can proceed with the upgrade as this ISO must be copied to your OVOC server and then mounted so the upgrade can start. Note: I’m assuming you have working knowledge of OVOC if you need to complete the steps below!
Once the ISO is copied to the /home/acems directory you can start the upgrade by following the short steps Upgrading the OVOC server using an ISO file on page 139 here.
When the upgrade has finished check that the services on the OVOC server are started.
There’s a few ways Audiocodes Native Teams phones can connect to OVOC.
- Directly over your network (LAN/WAN/MAN)
- Via a Device Management Agent
- A new API that allows devices to send keep alive messages to OVOC every minute
1) Direct connectivity is straight forward but assumes layer 3 connectivity is in place between your phones and the OVOC server. This can be over a WAN LAN or even via a VPN.
2) This requires the installation of management agents which essentially proxy requests from your phones to the OVOC server. This option is generally used when your phones are behind a NAT and your phones don’t have direct network connectivity to the OVOC server. Installation of the Device Agent is covered here and I won’t be covering this option in this blog post.
3) This a new option included in the latest OVOC 7.8 release notes (See page 24 Section 4.4) here. This option could prove to be quite useful as if your OVOC server is off-net, EG in a public Cloud like Azure (As is the case with my OVOC server) then this could mean management agents are no longer necessary to deal with NAT. With the move to the cloud many customers will be managing their phones via the Cloud while the phones will be behind NAT routers. Both Yealink and Poly are able to handle this quite easily via YMCS and PDMS respectively so it would be good to see an equivalent solution from Audiocodes that doesn’t require additional components to provide connectivity to OVOC.
I elected to go with the Direct Connectivity option and have a Site to Site VPN configured from my on-premises firewall to Azure. Management Agents typically require a few more configuration steps and I wanted to keep my configuration as simple as possible so VPN it is!
From my C450HD you can see the echo responses below from the OVOCs internal IP address.
The following steps assume you now have an updated, working and licensed OVOC server.
Step 1) Log into Device Manager Pro
From the Dashboard select Device Manager. Unfortunately OVOC doesn’t support SSO and because Device Manager Pro is effectively a bolted on application to OVOC you’ll need to enter your credentials again to login. You can also use the default acladmin account to login here.
Step 2) Setup wizard
The phones need to have DHCP options configured before they can contact OVOC to get their configuration. DHCP is mandatory here as unlike 3PIP phones it isn’t possible to configure the OVOC server IP address manually on a native Teams phone. The OVOC server must be provided via DHCP.
Select the setup wizard.
As there’s no Teams option here select Skype for Business.
I opted to use Zero Touch as this option allows you to be granular with your DHCP options and target a specific tenant within OVOC as OVOC supports multi-tenancy.
On the next page choose your tenant. For the purposes of expediency i left the Tenant Configuration unconfigured. There’s a lot of options that can be configured here. All the supported parameters for native Teams phones can be found here.
Under Choose Template choose the template for your phone. In my case I’m using the C450HD so choose the Audiocodes_C450HD_TEAMS template.
Finally the DHCP Configuration will show you the URL you need to configure in your DHCP for your phones so they can contact OVOC. You’ll need to make note of the URL so it can be pasted into your DHCP server. Note: As mentioned earlier i could see no way to configure a URL directly on my C450HD, so you must use DHCP to push the option 160 to your phone.
Step 3) Configure your DHCP
I configured the following string value below per the output from the OVOC wizard.
Step 4) Check your phone has received option 160
As AudioCodes Teams phones are limited to CLI admin access only you need to SSH into your phone and run the following command param_tool pmp provision which will show the DHCP provisioning URL.
Now go back to the Device Manager Portal (OVOC) and you should see a registered phone!
Its great to see OVOC finally supporting Teams phones but there’s still much work to be done to improve the overall solution. The UI isn’t the most intuitive and there’s a lot of menu options that seem to be a legacy from the original IP Phone Manager product. I also found some of the menu buttons don’t work such as Telnet or Send Message.
Likewise because Audiocodes native Teams phones have no admin web UI the Open Web Admin obviously doesn’t work either. Admin web UI’s are very useful if for whatever reason an administrator needs to manage settings directly on a phone either for troubleshooting or ease of administration. Seems odd this is included in 3PIP mode but has been omitted for Teams mode.
Some of the other features I missed were being able to export diagnostic logs, screen capture, screen recording, exporting the phone config, factory reset, network detection and more. Some of these can be accomplished using the Teams Phone GUI V1.0.10 tool but it would be a great to see these features baked into OVOC.
While its very straight forward to install OVOC into any cloud of your choice it would be good to see a pure SaaS equivalent provided by AudioCodes that can compete with the likes of Yealink YMCS, Poly PDMS-E and LENs or even Crestron XiO who all have their own SaaS/Cloud solutions for device management. SaaS naturally saves the additional overhead of standing up and maintaining infrastructure while providing a faster time to market with a per user per month model that’s usually not as Capex intensive as building your own infra.
Id also like to see some form of API hook to the Microsoft Teams Admin Centre as this would provide one pane of glass for management and would save administrators from having to use OVOC just for device management while still having to rely on Teams Powershell or MTAC for any Teams Phone App related settings. This would help to streamline the admin experience rather than the current bifurcated approach that still requires some settings to managed via Teams and device specific settings to be managed from your phone manager.
Lastly it would be good to see AudioCodes leverage HTTPs for auto provisioning of phones. Not only because its firewall friendly protocol but it also helps simplify the phone management solution topology -by not requiring the use of management agents to handle NAT connectivity- and would also help facilitate Cloud adoption. Phone management is absolutely a service that can and should be delivered from the Public Cloud. Having to deploy VPNs or management agents is an undesirable maintenance and cost overhead and even more so when other phones vendors are able to provision phones to their Cloud using HTTPs already.