Professional Documents
Culture Documents
Updated: 2022-05-02
Contact Information
support@cbaliveassist.com
Related Documentation
Make and receive voice and video calls directly from a Web browser to telephones and
other browsers, without employing web plugins.
Fusion Client SDK includes components which allow the enterprise to deploy the applications
which they develop:
The Fusion Web Gateway, which normalizes the signaling between SIP-based devices and
applications, so that the two can communicate together seamlessly.
The Fusion Media Broker, which converts between browser-originated RTP streams and
RTP streams compatible with SIP entities.
The Fusion Client SDK network components are built on CBA’s Fusion Application Server, a
high-performance software platform that delivers innovative voice, video, and data services.
Fusion Application Server is a Java-based execution platform that meets the strict standards
and requirements of service providers and the enterprise market. See the FAS Architecture
Guide for further details.
A REST API
<cli directory>/cli.sh
where <cli directory> is the directory where the CLI is installed; this may be a cli directory under
the directory where FCSDK was installed, or under the installation directory of another CBA
product, depending on what products you have installed.
gateway >
Note: You will be prompted for a user name and password for access to the administrative
interface; these are the same credentials you set during installation and which you use to access
the other administration interfaces. See the User Authentication section for details of how to
change these from the default.
Command Description
?,
View all commands in the CLI
help
Create a new item and enter update mode to set the initial values of
add [item] its properties. To quit update mode you must either save or cancel
your changes.
Enter update mode to change the properties in the existing item with
update [item] [id]
the specified id. To quit update mode you must either save or
[parameter]
cancel your changes.
display [item] [id] View (without editing) the properties of the item with the specified id.
set [property]
During add or update, sets the property to a new value
[value]
verbose‑display
View detailed information about an item with the specified id.
[item] [id]
item is the type of entity you want to add, update, delete, display, or list. id is the property (unique
among all instances of the item) which defines the specific instance you want to update, display,
or delete. Each instance of an item has properties which may be set to a value.
The CLI features command line completion (tab completion). This means that you can type the
first few letters of a command or parameter, followed by the tab key, and the CLI will
automatically complete the rest of the word based on the available possibilities. For example, if
you type upd at the prompt and press the tab key, the CLI will automatically complete the word
update.
See the Fusion Client CLI Reference section for more details.
You can provide a custom front-end which uses the REST API to configure the Web Gateway.
For details, see the Fusion Client SDK REST API reference section.
https://<fas address>:8443/web_plugin_framework/webcontroller/admin
where <fas address> is the address of the Fusion Application Server which is hosting the
administration interface.
Note: In order to access the administration interface, you must enter a user name and password;
these were set during installation. See the User Authentication section for details of how to
If the wrong administrative credentials are submitted six consecutive times, then the
administrative account will be locked for security reasons. To re-enable the administrative
account see the Resetting Administrator Credentials section.
Audit Logging
Fusion Client SDK maintains an audit log of significant events, including the following:
In an HA environment, where there are multiple nodes, each node keeps its own log, and a full
set of entries is maintained across the cluster.
Entries are kept for 1 year, and include their category and any specific information:
LOCAL Authentication
3. Enter the information in the Local section (all fields are mandatory):
Field Description
Retype new
password
4. Click the Save and Logout button at the bottom of the page.
Saving the credentials immediately logs you out, and you will have to log in again with the new
credentials.
If you have forgotten the administrator user name or password, you can reset them to the
defaults by setting a system property:
appserver.admin.password.reset=true
3. Open a new web browser and navigate to the Web Admin UI (https://<fas
address>:8443/web_plugin_framework/webcontroller/admin)
4. Click Login.
Login is now re-enabled on the web administration interface. The login credentials have been
reset to their default values. Note:
The default login credentials should be changed after the first login. See the LOCAL
Authentication section.
In the case of an HA cluster, both master and slave nodes need to have their passwords
reset. The simplest way to do this is to:
1. Open a web browser and navigate to the Fusion Application Server Management
Console:
https://<fas address>:9990
2. In the left hand menu, under Server, select Server Groups. The Server Groups page
displays:
4. To add the new system property, select the System Properties tab below, and click Add.
The Create System Property dialog displays:
6. In the Value field, enter an appropriate Java -style regular expression, such as:
8. Click Save
You should see the new system property in the System Properties list for the main-server-group
on the Server Groups page.
LDAP Authentication
To enable and configure LDAP authentication, click the User Credentials tab to go to the User
Credentials page:
Field Description
Trust JDK This checkbox indicates if, in addition to the regular LDAP trust store, the
Certificates Java (JDK) default certificate trust store should be used for LDAP server
certificate validation.
The name of the user on the LDAP server who will perform searches, e.g.
ldapuser. This user will log in to the LDAP server and will perform the
Search User
searches for the user and role (and therefore must have permissions on
the LDAP server to do these things).
Search User
The password for the Search User
Password
The search filter which is used in the authentication query. The user name
input by the user logging in replaces any occurrences of {0} in the
expression.
For example:
(uid={0})
Base Filter
This extra parameter will be attached to the existing Base Context DN:
(UID={0}),OU=USERS,DC=EXAMPLE,DC=COM
If the user logging in enters the name admin, the resulting search will find
a user whose UID is admin among the users in the context OU=USERS,
DC=EXAMPLE, DC=COM.
The fixed DN of the context to search for the user role, such as:
Role
Context DN OU=USERS,DC=LDAP,DC=EXAMPLE,DC=COM
Role Filter The search filter which is used in the user role query. The user name input
by the user logging in replaces any occurrences of {0}, and the
authenticated user DN replaces any {1}, in the expression.
The attribute of the user role object that contains the name of the role. For
example:
Role employeeType
Attribute ID
What use is made of the value of the Role Attribute ID depends on the
following settings.
This checkbox indicates whether the value of the attribute named by Role
Attribute ID contains the DN of a role object.
If unchecked, the role name is taken from the Role To Map field.
The attribute of the role object that contains the name of the role. If Role
Role Name
Attribute is DN is checked, this property is used to find the role object's
Attribute ID
name; otherwise, it is ignored.
The attribute of the user role object which contains the name of the user's
role (as defined in LDAP) that authorizes the user to access administrative
capabilities. An example is:
Role to Map
wpf
If left blank, the default user role that FCSDK looks for is WEBADMIN.
If a user can log in to the FAS console using their LDAP credentials, and can see the
administration pages, but cannot see the administration pages after logging in to Fusion Client
SDK, then check the role-related configuration.
If a user is set up in Active Directory with the option User must change password at next
logon, but their first action as an AD user is to attempt to use LDAP authentication, their login
Workaround:
Before attempting to use their credentials for LDAP authentication, log the user in using their
Active Directory credentials on a system that will prompt them to change the password, or
Do not select the option User must change password at next logon when setting up the
user.
5. On installing FCSDK, a trust store called ldap is created, with the password changeit (this
password will be needed when adding certificates or otherwise changing the trust store).
6. Click the row for ldap under Trust Certificate Group - there should be no certificates listed in
the lower table.
7. Click the Import button to add the certificate to the to the newly added Trust Certificate
Group.
Click Import.
Note: The Trust Certificate Group must contain the entire certificate chain for the LDAP server
(the main Java truststore is not referenced). In cases where this involves multiple certificates,
In the case of a Windows environment, the certificate(s) needed to access the LDAP server may
be available within the MMC (Microsoft Management Console). For example, if the LDAP server
is using a root certificate that is pushed out to users of the same domain, then a user logged into
that domain sees this certificate in the MMC.
1. Open the MMC in Windows by choosing Search programs and files from the Start menu,
and type mmc followed by Enter
2. Within the MMC, select Add/Remove Snap-in from the File menu. Select the Certificates
snap-in on the left, then click Add.
3. When prompted, confirm that the snap-in will manage certificates for the user account.
6. When prompted by the wizard, select DER as the format, then save the file to a suitable
location.
Note: OpenSSL is typically available at the command line of a Linux system; binaries for
Windows are also available at https://www.openssl.org/community/binaries.html
The Web Gateway communicates with the client application using the TCP-based WebSockets
protocol, providing a standardized way for the server to send content to the client without being
solicited, and allowing for messages to be passed back and forth while keeping the connection
open.
If your client application passes messages to the Web Gateway over a secure transit network
e.g. VPN or MPLS, unencrypted WebSockets (ws) connections may drop packets and terminate.
To ensure that your connection remains open, you must use secure WebSockets (wss).
Start video sessions directly to SIP-based video endpoints and other clients.
Only allows clients to create sessions that the Web Application has authorized.
Uses HTTP for control channels, enabling security through industry standard and existing
mechanisms, such as a firewall or HTTP reverse proxy.
Creates and manages application collaboration sessions, sharing data and sending
messages to client applications.
If you installed the Web Gateway on a Linux-based operating system, such as CentOS, you may
need to configure the ulimit settings on the server to enable it to handle the number of clients in
The Media Broker needs file handles other than those for client connections, so you need to
over-provision; for example, if your installation would include 5000 connections, you should set
the maximum number of open files to 7000.
ulimit -n
1. Open /etc/security/limits.conf
* - nofile 4096
* - nofile 7000
To confirm that the setting has changed, log out and log back in again, and run the ulimit - n
command again.
The Web Application authenticates users on the client application’s behalf. Once it has
authenticated the user, the Web Application sends a message to the Web Gateway, asking it to
create a session with the specific capabilities which the user should have. The Web Application
ID is a unique text string which is included in this message, identifies the Web Application to the
Web Gateway, and confirms that the Web Application is allowed to create sessions.
The Fusion Client SDK Web Administration interface enables you to define the list of Web
Application IDs that the Web Gateway accepts:
1. Log in to the Fusion Client SDK Web Administration interface and click the Gateway tab,
then the General Administration tab, to display the General Administration page:
2. Scroll down to display the Web Application IDs section, and click the Add button under Web
Application IDs to display the Add Record dialog:
3. Enter the Web Application ID in the Key field. This should be a unique text string with a
minimum of 16 characters, such as FUSIONCSDK-A8C1D.
4. Click Submit. The Web Application ID you entered appears in the list of Web Application
IDs.
An FCSDK application communicates with the Web Gateway on a WebSocket, using WebRTC
to send signaling and media (voice and video) traffic. The Gateway can then transform the
signaling to send the same voice and video to a SIP server, which sends it to a SIP endpoint
By default, the Web Gateway uses an internal SIP registrar for client applications. To the Web
Gateway, an FCSDK application needs a session token, which is normally created by a Web
Application on the server, and returned to the client application. The Web Application creates a
session by sending a JSON string containing its Web Application ID, and some configuration
parameters for its requested facilities.
Note: To use the internal registrar, the JSON must use include the Gateway Controlled Domain:
“webAppId”:”FUSIONCSDK-A8C1D”,
“voice”:
“username”:”jbloggs”,
“domain”:”gateway.controlled.domain.com”
See the Creating a Session Token section in the FCSDK Developer Guide for more details on
building the JSON string and what go es in it.
The Gateway Controlled Domain is set during installation, and is a property of the Fusion
Application Server which FCSDK runs on. See the FAS Administration Guide for details on
how to find the Gateway Controlled Domain if you have forgotten it.
The fusion-web sample application keeps its configuration in the csdksample-db.xml file. In order
to use the sample application, you will need to change the file so that the sipDomain for your
users matches the Gateway Controlled Domain of the Web Gateway:
<user>
<password>123</password>
<inboundCallingEnabled>true</inboundCallingEnabled>
<outboundDestinationPattern>all</outboundDestinationPattern>
<sipUser>1001</sipUser>
<sipDomain>gateway.controlled.domain.com</sipDomain>
<authUser>1001</authUser>
<authRealm>auth.realm.com</authRealm>
<authPass>123456</authPass>
</user>
Internal Registrar
The internal SIP Registrar works with its default values after installation, but the administrator
can modify a number of configuration items:
1. Log in to the Fusion Client SDK Web Administration interface and select the Gateway tab
followed by the Registrar Configuration tab.
2. Ensure the Using external registrar checkbox is unchecked. The Internal Registrar
Settings are displayed:
If the Registrar receives a REGISTER without a q param in the Contact header address, it will
use this value as the default q for the contact to be registered. If an Address of Record has more
than 1 registered contact, this value is used by the Registrar to prioritize proxying during contact
resolution; a contact with a higher q value is targeted before one with a lower q value. The value
set should be a float value from range 0.1 to 1.0, such as 0.5. The default setting is 1.0.
If the Registrar fails to proxy to a resolved contact during the Contact Resolution phase, it will
check to see if the response it receives matches one of these configurable response codes. If a
match is found, the Registrar will attempt to proxy to the next q prioritized registered contact (if
there is one).
The default post-install setting is to have no response codes, so no further proxy attempts to
lower q ordered contacts takes place. The input format is a space-delimited list of SIP response
status codes, such as 404 408 410 480 500 503 604
If the Registrar receives a REGISTER without an Expires header or an expires parameter in the
Contact header, the Registrar will use this value as the default expires value. The value is in
seconds and must be > 0. The default setting is 21600.
Minimum expires
Indicates if the Registrar is accepting registrations that did not originate from the Web Gateway.
The default value is checked; this is useful for testing in a development or trial environment. In a
production environment, you should uncheck this box; registrations are then only accepted from
the Web Gateway.
Registrations are always accepted from the Web Gateway regardless of this setting.
External Registrar
Alternatively, you can configure the Web Gateway to use an external SIP registrar. You need to
define where to send the REGISTER message, and (because REGISTER is a SIP message)
how to deal with SIP messages:
1. Log in to the Fusion Client SDK Web Administration interface, and select the Gateway and
Registrar Configuration tabs.
2. Check the Using external registrar checkbox. The External Registrar Settings are
displayed:
3. Enter the Registrar’s SIP address, including the initial sip:, for example
sip:external.registrar.com
1. Select the Gateway tab followed by the General Administration tab to display the General
Administration page.
2. In the Outbound SIP Servers section, click the Add button. The Add Record dialog is
displayed:
3. Enter the URI of the SIP server which will route calls and registrations into the SIP network
in the format sip:<hostname>, and click the Submit button.
4. Make any changes you need to settings which affect all outbound SIP servers (see below).
Check this to have the Gateway update the host part of the Request URI of all outbound
requests to match the host part of the outbound SIP server address. If this is unchecked, then it
sends requests to the outbound sip server without change.
The Gateway maintains a view of whether it is connected to each of the outbound servers by:
If a server does not respond to the OPTIONS or initial INVITE within a timeout period, it is
considered DOWN. You can control this behavior with the following settings:
Server Timeout
Ping Interval
The interval between successive OPTIONS messages sent to an outbound SIP server when that
server is considered UP.
The interval between successive OPTIONS messages sent to an outbound SIP server when that
server is considered DOWN.
You can see the state of the Outbound SIP Server connections in the performance log screen,
which you can find at the Performance Log tab.
When routing a new initial outbound request, the Gateway builds an ordered list of outbound SIP
servers as follows:
The Web Gateway routes the request to the first in the list. If no response is received within the
configured Server Timeout period, then it routes the request to the next server in the list, and so
on until it receives a response. If it goes through the whole list without any of the servers
responding, the call will fail.
How often, in seconds, the Web Gateway will send a REGISTER message to the SIP network
Controls the value of the Min-SE header which the Web Gateway places in INVITE messages
sent to the SIP network.
Controls the value of the Session-Expires header which the Web Gateway places in INVITE
messages sent to the SIP network. The above values together control the session refresh
To ensure that calls are handled correctly, you can define a list of codecs that you do not want to
pass to the Media Broker. When the Media Broker receives any of the codecs on this list, it
removes them from the SDP that it produces.
1. Log in to the Fusion Client SDK Web Administration interface and select the Gateway tab
and the Media Configuration tab.
2. Click the Add button under Banned Codecs to display the Add Record dialog:
4. Click the Submit button. The codec you entered should now be displayed in the Banned
Codecs list.
5. Repeat the above steps for each codec you want to ban, and click the Save button at the
bottom of the page.
Prioritizing Codecs
You can prioritize audio and video codecs in the Audio Codec Prioritization Configuration and the
Video Codec Prioritization Configuration sections of the Media Configuration page:
Depending on your network’s capabilities, and the priority your organization gives to bandwidth
and quality, you may prefer to transcode to certain codecs rather than others. Fusion Client
SDK allows you to prioritize the media codecs to ensure that the preferred codec is given highest
priority.
The prioritized codec lists include the name of the codecs as they appear in the SDP. Any
codecs in the prioritized list will be removed from SDP, then re-inserted at the end of the process
in the order specified, and with a higher priority than any other codecs present in the SDP. It is
therefore possible to specify the relative priority of all codecs in any call. Using this feature may
force a call to be transcoded.
Adding a codec
Deleting a codec
Drag and drop the codec’s label in the list to its new position
By configuring the video resolution settings, you determine what values the Media Broker uses
for the imageattr attribute in the SDP, so that it only permits certain resolutions. The Media
The Max. Resolution Width and Max. Resolution Height define the maximum value for
each axis. If either of the values for a given width and height pair exceeds the maximum
value, then that pair is discarded. Therefore, if the Max. Resolution Width and Max.
Resolution Height are 600 and 400, then for the given inbound imageattr, the outbound
imageattr value would be :
The Default Resolution Width and Default Resolution Height define the values to use if
the inbound SDP contains no imageattr value, or if all the values in the inbound SDP are
rejected because they are larger than the maximum width or height. If the Max. Resolution
Width and Max. Resolution Height are 600 and 400, and the Default Resolution Width
and Default Resolution Height are 320 and 240, then for the given inbound imageattr, the
outbound imageattr value would be :
Note: Not all endpoints implement RFC 6236, and such endpoints may ignore imageattr values.
The video settings (Frames per Second and Scaling Mode) affect the behavior of Media Broker
when it is transcoding. They are in the Video Settings section of the Media Configuration page.
The Frames per Second determines the frame rate that the Media Broker will use when
encoding, and affects the streams going out from Media Broker to the two endpoints in a
call.
NONE
No scaling. Media Broker ignores the imageattr values, and send the resolution it received. This
may mean the aspect ratio of the image received by the endpoint is not what it was expecting,
and may result in the endpoint stretching or squashing the image to fit in the available window.
STRETCH
Media Broker stretches or squashes the inbound image to fill the outbound resolution. If the
aspect ratios differ, then the outbound image will appear stretched on one of the two axes. The
benefit of this option is that the image will fill all of the target window.
ADD_BORDERS
Media Broker maintains the aspect ratio of the inbound image. If the size of the outbound image
differs from the inbound one, then Media Broker adds black borders to the edges of the
outbound image to maintain the aspect ratio. The benefit of this option is that the image is never
distorted.
Note: The maximum resolution is the one with the largest width. If two or more resolutions share
the largest width, then the maximum resolution is the one of them which has the largest height.
If checked, the Media Brokers dynamically adjust the video bitrate to maximize the video quality,
depending on network conditions.
The Media Broker can estimate the maximum bitrate for the network conditions for both send
and receive video streams, even if it does not receive REMB and TMMBR messages from
browser and sip endpoints; this is the starting value for this estimation. If the initial rate is well-
chosen, it may find the best quality bitrate more quickly; if it is badly chosen, there may be
unnecessarily poor initial video (if the value is set too low), or dropped packets or frozen video (if
the value is set too high).
Media Broker will receive and act on max bitrate messages from:
These max bitrate messages never go below this value (that is, it sets the minimum quality). The
Media Broker uses this value when setting media broker video encoder bitrates, and in outbound
REMB and TMMBR RTCP messages.
The max bitrate messages never go above this value (that is, it determines the maximum
bandwidth). The Media Broker uses this value when setting media broker video encoder bitrates,
The Media Broker uses the Fixed Video Bitrate and Fixed Audio Bitrate settings to
negotiate a fixed bitrate for audio and video with browser and SIP endpoints. Using fixed
bitrate on poor lines may result in video and audio issues, such as video freezing and
stuttering audio).
WebRTC Configuration
When you create a session on the gateway from your application, you provide a timeout value
(see the FCSDK Developer Guide for more information). This timeout determines the number of
minutes that:
The session will stay alive once the WebSocket connection to the client is torn down
There is a keep-alive PING mechanism to both keep the WebSocket connection open and test
that the client is still connected. The Web Gateway will periodically send PING requests and
expect a PONG response. If it receives no PONG response to a (configurable) number of
consecutive PING requests, then it destroys the WebSocket connection and after the above
timeout the call is ended.
The Gateway also performs regular checks, to determine if media has stopped flowing during a
call; if it detects such a situation, it will end the call. The period between each check is
configurable.
It will also end the call if the number of messages queued for sending from the Gateway to the
client becomes too large; again, this value is configurable.
Field Description
RTP media streams may also need normalizing to integrate with SIP environments. If the client
applications use a different video standard (VP8) than most enterprise video systems (which
The Media Broker provides transcoding between VP8 and H.264; employees and customers can
share secure video calls on a wide variety of devices and join video conferences from almost any
endpoint.
Note: A Fusion Client SDK network can contain several Media Brokers. See the FCSDK
Installation Guide for instructions on how to install Media Brokers.
2. The IP address for the control interface is defined by the broker.rest.addr setting, which is
left blank by default. Enter the IP address you want to set for the control interface here.
3. The port allocated to the control interface is set to 8092 by default. If you want to change
this, update the value for broker.rest.http.port for non-secure communication, and
broker.rest.https.port for secure communication. See the Enabling secure communications
between Media Broker and the Web Gateway section.
2. To add a Media Broker, click the Add Record button; to edit the settings of an existing
Media Broker, click the Edit button (! ) next to the record of the Media Broker you want to
edit.
3. In either case, you will see a page for a single Media Broker with the General Configuration
section at the top:
Control Address
This is the hostname or IPv4 address for the control interface of the Media Broker, for example
192.168.1.2. The Web Gateway uses it to connect to the Media Broker control port.
Note: If you have configured a specific control interface for the Media Broker (see the Setting up
the Interface with the Web Gateway section), this should match that IP address.
Control Port
Note: If you have configured a specific control interface for the Media Broker (see the Setting up
the Interface with the Web Gateway section), this should match that port number.
Control Type
Determines if all communication between the Web Gateway and the Media Broker will be secure
or not. Not Secure is selected by default.
Idle Timeout
The maximum period of inactivity (in seconds) on a route before the route is considered invalid
and torn down. The default setting is 10.
The maximum RTP packet size that the Media Broker accepts. The Media Broker will drop any
packet that exceeds this size. The default setting is 1500.
The maximum number of packets that can be buffered before each call. If users are experiencing
video issues at the beginning of calls, this value should be increased. The default setting is 500.
The maximum RTP throughput rate (in packets per second) for the Media Broker. The Media
Broker will terminate a call where the input rate exceeds this value. The default setting is 1000.
Limit to the number of audio only calls which the Media Broker can process. See the Call Limit
Based Call Admission Control section.
Limit to the number of video calls (all video calls have an audio channel) which the Media Broker
can process. See the Call Limit Based Call Admission Control section.
Call Admission Control (CAC) is designed to protect Media Brokers against overloading when
the Gateway selects a Media Broker to handle a new call.
When CAC is enabled, the Load Balancer will only select a Media Broker which the CAC rules
consider can handle another call; this introduces the risk that all Media Brokers are unavailable,
so that the Gateway rejects a new call.
There are two types of CAC. One is based on CPU load, which you can configure from the
General Administration page (see the CPU Load Based Call Admission Control section). The
other is based on call limits for an individual call type on an individual Media Broker, which you
can configure in the Media Broker Configuration page when editing or adding a Media Broker
record (see the Call Limit Based Call Admission Control section).
Note: CAC is not enabled by default. To enable it, you must set the relevant properties.
The Media Broker divides calls into audio only and audio/video calls, on the basis of the SDP
negotiated when the call starts. CAC based on call limits works by setting the maximum allowed
number of calls for a given type, and then working out the allowed combinations based on these
maximum values. For example, setting the Maximum Concurrent Audio/Video Calls to 10 and
the Maximum Concurrent Audio Only Calls to 100, would allow an extra 5 audio and video
calls or an extra 50 audio only calls, if there were already 50 audio only calls (see the General
Media Broker Configuration section for details of setting these values). Note:
Setting either of these values to 0 disables the feature for that call type.
For load-balancing purposes, calls will be treated as audio only if the SDP which sets up the
call does not contain a video m-line.
When the Gateway assigns a call to a particular Media Broker, the Media Broker will reject the
call if its current load factor is at, or above, this value; this will cause the Gateway to choose
another Media Broker if one is available, or reject the call if one is not. The value is a percentage
of the CPU load limit, and can take values from 0 to 100.
The Gateway uses SDP Control requests to set up a call with the Media Broker. If the request
does not complete within the SDP Control Request Timeout period when allocating a Media
Broker to a new call, the Gateway tries another Media Broker. The value is specified in
milliseconds with a typical value of about 10.
1. Copy the image you want to use as your hold image to the same machine as the Media
Broker.
1. Copy the video file (AVI format only) to the same machine as the Media Broker.
hold.avi.enabled=true
hold.avi.path
and set the value to point to the AVI file, relative to the rtp-proxy-instances/mb-<n> directory.
Using a video file for the hold image results in an approximately 25% reduction in capacity.
To configure audio hold treatment, edit the audio.hold.url property, setting the wave, volume, and
freq elements of the noise URI:
noise:wave=white-noise;volume=0.5;freq=440
Possible values for each of the elements are given in the proxy.properties file.
You can configure RTP settings from the Fusion Client SDK Web Administration interface:
1. Log in to the Fusion Client SDK Web Administration interface and select the Gateway tab,
then the Media Configuration tab.
When checked, the Media Broker drops SDP packets from ports other than those negotiated in
the SDP. This can avoid issues with SIP endpoints that continue to stream media after a call has
been transferred or held. It only affects SIP-side media. It is unchecked by default.
When video is lost, this setting determines the mechanism used for picture loss recovery to SIP
endpoints. The default setting is PLI.
Note: This setting only determines the type of message that Media Broker sends when it detects
picture loss on a video stream from a SIP endpoint. SIP endpoints can use any option for
recovery, regardless of this setting.
When HTTPS is set up, the Media Broker will be authenticated by the Fusion Application
Server. Hostname verification is done via the Subject Alternative Name (SAN) entries in the
server certificate, so we recommend you include both an IP address and FQDN.
1. To create the server certificate and keystore, run the following command in the Media Broker
install directory:
keytool -genkeypair -alias control -keyalg RSA -keystore <keystore file> -keysize 2048 -
ext san=ip:<ipaddress>,dns:<fqdn> -dname “CN=<common name>“
Where:
<ipaddress> and <fqdn> are the IP address and fully qualified domain name of the Media
Broker server. If an FQDN has not been configured, use only the IP address
2. When prompted for a password for the keystore and certificate, we recommend that you use
the same value for both.
3. To export the public certificate for installation in the Fusion Application Server truststore,
run the following command:
keytool -export -alias control -file <pem file> -keystore <keystore file> -rfc
Where <pem file> is the name of the PEM file to store the certificate in e.g. mediabroker.pem.
Note: Ensure you complete all the steps described in FAS Administration Guide under the
heading Configuring Load Balancers with trust certificates.
Set the broker.rest.https.port to the port for HTTPS communication (e.g. 8093).
5. Import the PEM file into the Fusion Application Server default trust store (called default-
trust) - see FAS Administration Guide.
6. Restart the Media Broker (the Starting and Stopping Media Broker section).
7. Reconfigure the Media Broker by setting the Control Port to match that set above, and by
setting Control Type to Secure. See the General Media Broker Configuration section.
This command stops the Media Broker immediately. You may prefer to shut down the Media
Broker gracefully using the following command:
This prevents new calls, while allowing existing calls to continue. The Media Broker will shut
down as soon as all existing calls have completed.
To help you identify any issues you may experience, Fusion Client SDK provides a script which
captures call logs and statistics. The logcapture.sh script is in the Media Broker installation
directory, and can capture the following information:
vmstat output
Java memory
Thread dumps
The logging script runs until you explicitly stop it, allowing you to reproduce any problems while it
is running. When you stop the logging script, it captures the information you require in a series of
log files.
Option Description
‑n,
Do not clean the output directory at the end of the run.
‑‑do‑not‑clean
‑p,
Capture network traffic in a pcap file.
‑‑capture‑pcap
logcapture.sh -a -f example.tar
(Use other options instead of -a if you only want some of the logs.) The console will display the
following message:
*****************************************************
*****************************************************
Note: The final three characters of the directory name (LGR in the above example) change each
time the script is run, as this is a temporary directory.
3. Stop logging by pressing Ctrl+C. The output files will be collected in example.tar, which has
a structure similar to:
./vmstat.out
./tcpdump.pcap
./MB/
./MB/x264_2pass.log
./MB/thread.dump
./MB/heap.bin
./MB/routetable.log
./MB/rest.log
./MB/proxy.log
./MB/log4j.properties
./MB/proxy.properties
./MB/console.log
./MB/stun.log
./MB/master.console.log
Application Event Distribution (AED) allows applications to create and subscribe to topics,
and to post messages and data to those topics, which are copied to all subscribers to the topic.
How and when topics are deleted is configurable:
1. Log in to the Fusion Client SDK Web Administration interface and select the Gateway tab,
and then the General Configuration tab.
The Safari and Internet Explorer browsers require plugins to operate with FCSDK. You can make
these plugins available on the Web Gateway, or in another location which users can access.
1. Log in to the Fusion Client SDK Web Administration interface and select the Gateway tab,
and then the General Configuration tab.
Setting Description
The lowest version of the plug-in that will operate with the current
Minimum version of FCSDK, without being upgraded.
Acceptable
**Note:** If a user has an installed an earlier version of the plug-in, they
Version
may not have the full range of functionality available to them.
For information about the current versions of browser plugins, see the FCSDK Plugins Release
Notes.
Traffic Segregation
Media Broker enables you to configure how the different types of traffic which it handles are
allocated to local network interface cards (NICs) on the Media Broker server, in a flexible way.
The following diagram shows the Media Broker in an example installation, where the Reverse
Proxy and Media Broker are installed in a DMZ which separates the external network/internet
from the internal network.
Note: The above installation is an example only. We expect that in real-world installations, with
devices based in the internal network, the Media Broker will be installed within the internal
network.
Device 2 is a client application on a device or browser based within the internal network.
Device 3 is a client application on a device or browser based within the internal network,
which connects to the Web Gateway via a HTTP Proxy.
The thin, solid lines indicate the Websockets connections between the devices and the Web
Gateway.
The dashed arrows indicate RTP streams from the devices during a call. The points of each
arrow reflect the NIC addresses and ports which the Media Broker exposes to different RTP
traffic types.
The thick solid line indicates the control interface for the Web Gateway.
The SIP Network settings specify a number of address and port-range records which define the
addresses and port ranges of the NICs on the Media Broker that will be available for RTP on the
internal SIP network .
Each record contains an address pattern, a lower port number, and an upper port number. The
address pattern is in the form of a Classless Inter‑Domain Routing (CIDR) expression, which
can be a wildcard.
Note: CIDRs are used to facilitate the configuration of networks using a cluster of multiple Media
Brokers.
All addresses on the Media Broker are matched against the CIDR address pattern to arrive at a
set of Media Broker addresses for RTP and RTCP traffic on the internal SIP network. Then each
port in the given range (inclusive), on each resolved local address, is opened. The Media Broker
allocates ports at call time by randomly selecting a consecutive pair of ports (one for data, one
for control) from all the opened ports which are not currently in use. One selection is made for
audio and, if required, another selection is made for video.
The SIP network port allocation results in the use of two ports for audio-only traffic, and four for
audio and video traffic.
External Traffic
WebRTC Clients
The settings specify a list of different client device source address patterns. Each pattern
should match the address of a node traversed immediately before the Web Gateway; this is
represented by the last X-Forward-For header entry in the Web Gateway WebSocket
HttpServletRequest, so the Gateway will accept any HTTP request whose last X-Forward-For
header matches one of the patterns.
When a client application is involved in a call, the Gateway will match the source address of the
client against the list of CIDR source address patterns. If more than one pattern matches the
source address (which can happen if one pattern covers a subset of the addresses covered by
another pattern), then it will choose the most specific pattern. If there are no matches, it will
reject the call.
The administrator can configure each client application source address pattern with a number of
address and port records. Each record contains a public address, a public port, a local
address and a local port. These records inform the Gateway which local ports are available on
the Media Brokers, and which corresponding public addresses and ports it should instruct the
client to use for SRTP/RTP traffic.
At call time, the Gateway selects among these on a load-balanced basis per media stream, per
call - the SDP passed by the Media Broker to the client application will contain the public address
and port for the selected media stream, and the Media Broker will listen on the associated local
address and port.
Unlike SIP network traffic, WebRTC Client traffic is multiplexed. An allocated port can handle
traffic for the control and data of both audio and video. Selecting an address and port record for
a given media stream provides for the control and data for that stream. Because selections are
made for each media stream, the number of ports used for a call depends on the configured
records and whether the call involves video.
For audio only calls, only one selection is made and only one port is needed. For calls which
contain both audio and video, one selection is made for audio and another for video. If there is
only one address and port record configured for the chosen source address pattern, then the
same port will be selected for both audio and video (resulting in one port for all traffic). If there is
more than one record, then because of the load-balanced nature of record selection, the
Gateway may select different ports for audio and video (resulting in two ports being used).
To configure the SIP Network settings, which define how the Media Broker communicates with
the internal SIP network:
1. Go to the SIP Network section of the Media Broker Configuration page, and click Add:
A block of addresses on the Media Broker for RTP and RTCP traffic on the internal SIP network.
This setting is a range of IP addresses signified by a CIDR notation: for example 192.0.2.0/24.
In the above example, the Media Broker sends and receives RTP and RTCP on any of its NICs
having an address like 192.0.2.x. You can set the Local Address CIDR to all to allow all the
available IPs on the Media Broker to send and receive RTP and RTCP.
The lower limit of the range of ports used for RTP and RTCP.
The upper limit of the range of ports used for RTP and RTCP.
The range you entered now displays in the SIP Network list. Repeat the process to add any
other ranges. Alternatively, to delete a range you have created, select the range by checking the
checkbox next to it, and click Delete.
The operating system provided in the Media Broker .ova package has a default maximum of
open files for a process of 1024.
If the port range required is larger than this, then you will need to update the number of file
handles available to the Media Broker process to account for the whole port range. The Media
Broker also requires other file handles in addition to those for the ports, so you need to over-
provision. For example, if the port range consists of 5000 ports you should set the maximum
number of open files to 7000.
1. To see the current maximum number of open files, log on to the Media Broker server and
run the following command:
ulimit -n
2. To change the number of open files, open /etc/security/limits.conf and navigate to the
following line:
* - nofile 4096
3. Change 4096 to the setting you require, in the above example that would be 7000:
* - nofile 7000
4. To confirm that the setting has changed, log out and log back in again before running the
above command to check the maximum number of open files.
To configure the WebRTC Client settings, which define the addresses that clients use to
communicate with the Media Broker:
Enter the Source Address CIDR, which defines a block of IP addresses of client endpoints; for
example, 198.51.100.0/24.
Each Source Address CIDR has an associated block of addresses. Clients whose IP addresses
are in the block defined by the Source Address CIDR communicate with the Media Broker using
one of the addresses in the block. In the above example, a block of addresses will be associated
with clients having IP addresses which match 198.51.100.x.
You can set the Source Address CIDR to match all IP addresses by setting the value to all.
3. Click the Submit button. The Source Address CIDR you entered will appear in the
WebRTC Client list.
4. Click the + next to the Source Address CIDR to expand the entry and show the public and
local addresses and ports:
The RTP IP address exposed on a firewall. It is used by the Media Broker when generating SDP
to inform clients which address to send RTP traffic to. For example, 84.1.6.1.
If a firewall is not being used (for instance, in a testing installation) this can be the same as the
Local Address, though unlike the Local Address, it must not be all.
Public Port
The RTP port exposed on the Public Address. It is used by the Media Broker when generating
SDP to inform clients which port to use for RTP traffic. For example, 16000.
Local Address
You can set the Local Address to all to expose all the available IPs on the Media Broker host.
Do not use all if you are configuring traffic segregation.
Local Port
This is the RTP port on the Media Broker which the firewall should be set up to map from the
Public Port. For example, 16000.
7. Click the Submit button. The public and local addresses will display in a line in the RTP
Public and Local Port table.
Repeat steps 5, 6, and 7 as many times as you need to enter all the Media Broker’s public
address and port combinations. There should be one entry for each rtp-proxy process which the
Media Broker starts (5 by default).
Note: You can edit existing entries in the RTP Public and Local Port table by clicking on them
and editing in place.
Incoming RTP from a client will be assigned to the Source Address CIDR that the client’s IP
address matches most closely; one of the associated block of addresses will be chosen on a
round-robin basis.
8. Repeat as many times as necessary, then click the Save button at the bottom of the page.
Note: You can also configure the Media Broker using the CLI. See the Fusion Client CLI
Reference section.
An Example Configuration
The following diagram shows a more detailed view of the addresses and ports on the Media
Broker and how they relate to ports open in a firewall:
PA 1 and PA 2 are the public addresses, which match the Public Address settings
associated with Source Address CIDRs configured in the WebRTC Client settings to
match the address of the firewall or NAT.
PP 11, PP 21, and PP 22 are the ports which are exposed to external SRTP/RTP traffic.
These are the Public Port settings associated with Source Address CIDRs configured
in the WebRTC Client settings.
LA 1 and LA 2 are the addresses of NICs on the Media Broker, and ports on those
NICs, which accept SRTP/RTP traffic from external WebRTC clients (browsers or
mobile applications). These addresses are the Local Address and Local Port settings
of a Source Address CIDR configured in the WebRTC Client settings to match the
address of the firewall or NAT.
LA 3 is the address of a NIC on the Media Broker, and ports on that NIC. In this case,
the SRTP/RTP traffic does not go via a firewall, so the Public Address and Public Port
settings of the Source Address CIDR match the Local Address and Local Port
settings. The Source Address CIDR matches the endpoints (which would usually be
on the internal network).
LA 6 is a NIC dedicated to the control interface for Media Broker to Web Gateway
communication. It is the Control Address and Control Port settings in the General
Configuration (see the General Media Broker Configuration section), and the address
appears as the Media Broker address on the Media Brokers page.
LA4
17000 17099
eg. 192.0.2.0/24
LA5
17000 17099
eg. 192.51.10.0/24
It is often convenient to have the Public Port the same as the Local Port in each record.
The above is not mandatory; the Local Port may be different to the Public Port in the same
record.
The Local Port may be the same as the Local Port of a different record, as long as the
Local Addresses are different.
The Public Port may be the same as the Public Port of a different record, as long as the
Public Addresses are different.
Connection Monitoring
In a production environment, you typically configure a Media Broker with multiple network
interfaces, and bind the management REST interface to a different network from at least one of
the media-carrying interfaces (internal or external). If one of the network interfaces fails, it is
possible for the Media Broker to be able to process calls (because the management REST
interface is working), but be unable to send or receive media for those calls.
To ensure that the Media Broker only accepts calls over the management interface when it is
fully connected to the internal and external networks, you can configure connection monitoring.
How it works
You can configure each Media Broker with one or more groups of addresses. A Media Broker
considers itself connected, and therefore able to service calls, if it can reach at least one of the
addresses in each group (thus the logical operations are ORs within each group and ANDs
between each group). The Media Broker will attempt to establish the reachability of an address
by:
If there are no groups configured, then the Media Broker is considered to be connected.
Example
Management – The REST interface used by the Web Gateway is bound to this addresses
In this case there is no need to monitor connectivity on the management interface, as the
gateway will only use the Media Broker if it can reach it over this interface. Therefore it is
sensible to monitor the external and internal interfaces.
3. Enter a name in the Group Name field (this simply serves to identify the group).
4. Enter one of the Media Broker’s IP addresses in the Monitored Address field.
5. To add another address, click the New Address button and add the address in the new
Monitored Address field which appears:
6. When you have created all the groups you need, click the Save button.
As well as its basic settings, the Media Broker page displays status information about each
Media Broker:
The Load column indicates the current load of the media broker, and is an indication of the load
on each machine e.g. the CPU load.
The column contains a textual representation of the load, and can contain one of the following
values (sorted in severity):
Min
Low
Med
High
Max
Connectivity
The column contains a visual representation of the connectivity status, and can contain one of
the following images (hover over the image to reveal the textual representation of the status):
A green tick ( ) indicates that all gateways are connected to the media broker
A yellow warning triangle ( ) indicates that one or more gateways cannot connect
Note: Initially the page can take a short period of time before it displays a true reflection of the
connectivity status while it polls all machines involved
Statistics
To reveal detailed statistics for a particular media broker, click on the graph button ( )) in the
column to the right of the Connectivity column.
The Load value is the actual load reported by the media broker; the Load Group is the band
that the load value fits into, with 0 being the lowest - this value is used when selecting a media
broker for the call.
The Connectivity section lists all the Gateway nodes individually, and their connection status to
this particular media broker. (The Connectivity column in the Media Brokers page indicates its
connectivity with all the Gateway nodes collectively.)
Call Log
1. On the Gateway tab, select the General Administration tab, and scroll down to the Call
Log Configuration section:
3. Set the Log Expiry to a value greater than 0 and less than 35000 (the expiry time is in
minutes, so 35000 represents over 20 days).
Note: The call detail statistics could potentially cause problems if the logs are allowed to get too
large. We recommend that you keep to a limit of 4,000 log entries, and go no higher than 10,000
entries. We enforce a maximum of 20,000 log entries, and every minute we remove all except
the most recent 20,000 entries. See the Overriding the Maximum Call Log Size section.
To display the call logs, on the Gateway tab, select Call Log :
Inbound
Outbound
Click on the graph button ( ) in the end column to display detailed statistics for that call (see
the Call Statistics section).
Warning: Overriding the default setting for the maximum call log size can have serious
consequences - only change this setting after checking with the CaféX support team.
Call Statistics
Click on the graph button ( ) in the end column of a particular Call Log entry, to display detailed
statistics for that call:
The Call Statistics section shows the packets received and sent at the top, and below that it
displays detailed information relating to the call quality.
Client Call Quality: Shows statistics of the packets between the Media Broker and the
FCSDK endpoint
Inbound: Shows statistics of packets from the Media Broker to the FCSDK endpoint
Outbound: Shows statistics of packets from the FCSDK endpoint to the Media Broker
SIP Call Quality: Shows statistics of the packets between the Media Broker and the SIP
endpoint
Inbound: Shows statistics of packets from the Media Broker to the SIP endpoint
Outbound: Shows the statistics of packets from the SIP endpoint to the Media Broker
The FCSDK also puts in place a call details logger, which logs a subset of the Call Log
information, including information about the WebRTC endpoints involved in the call.
This log is enabled at install time and rotates daily. By default, the period for which old logs are
stored is set to 7 days. The log file can be found with the FAS server logs (see the FAS
Administration Guide for this location). You can also reference this guide for information on
disabling a logging category (the name of this logger’s category is call.details).
Performance Log
The Media Broker publishes performance related statistics on the Performance Log page.
If there is more than one media broker, statistics are displayed separately for each. Information
includes:
How many calls are deemed audio only or audio/video by the Call Admission Control (CAC)
feature.
A graph showing the following data by default (extra data can be added via the check-boxes
beneath the graph):
CPU load
Call Load
Media Brokers
Note: In the Web Administration Interface, settings which may take one of two values are
generally displayed and set using a checkbox. In this reference section, input to these settings is
indicated by true (checked) or false (unchecked).
The following sections give information about the individual pages and sections of the
configuration Web UI.
General Administration
The General Administration page contains the main Gateway Administration settings.
The SIP URIs of one or more servers which the Gateway can send SIP to.
If a call is made to a SIP URI where the host part of that URI is not one of the
controlled domains for FCSDK, then the call is routed to one of these
Description
outbound SIP servers.
Default None
If this is set to true, the Gateway updates the host part of the Request URI of
all outbound requests to match the host part of the outbound SIP server
address. If this is set to false, the Gateway sends requests on to the
Description outbound sip server without change.
Mandatory Yes
Default false
Server Timeout
The time, in milliseconds, which the Gateway allows for a server to respond
to a request before it considers it to be down and tries another server.
Description
See the [Outbound SIP Servers](#outbound-sip-servers) section
Mandatory Yes
Default 3000
Ping Interval
Default 30000
Mandatory Yes
Default 5000
Registration expiry
Sets how often the Web Gateway sends REGISTER messages to the SIP
Registrar. The value appears in the REGISTERExpires header.
Description
See Section 10.2 of RFC 3261 for more details. This value is used for voice
and video in registrations sent to the internal or external Registrar.
Mandatory Yes
Default 1800
Mandatory Yes
Mandatory Yes
Values **Note:** This value should be greater than the Min SIP session expiry, and
less than half the Registration expiry
Default
List of keys for Web Applications to use to allow the service to verify them.
Description Used by the Web Gateway to validate calls from the associated Web
Application.
Mandatory Yes
Default None
WebRTC Configuration
Mandatory Yes
Default
Mandatory Yes
Default
Mandatory Yes
Default
Mandatory Yes
Default
Mandatory Yes
Default
AED Configuration
Mandatory No
Log Level
Mandatory Yes
ON
Values
OFF
Default OFF
Log Expiry
Default 60
Log Enabled
Mandatory Yes
Default true
Log Expiry
Mandatory Yes
Default 60
Sample Period
Mandatory Yes
Default 60
Mandatory No
Mandatory No
Resource Management
Mandatory Yes
Default
There are two sections IE (for the IE plugin) and Safari (for the Safari plugin); both have the
same fields with the same meanings.
Mandatory Yes
Default
Mandatory Yes
Default
Version
Mandatory Yes
Default
Mandatory Yes
Default
Media Configuration
Banned Codecs
A list containing codecs not to be allowed to pass through the Media Broker.
Description Used by the Media Broker to produce SDP; the Media Broker removes
codecs on the banned list from the SDP during processing.
Mandatory No
Default None
Mandatory No
Default None
Mandatory No
Default None
Mandatory Yes
Default 288
Mandatory Yes
Default 352
Mandatory Yes
Default 288
The maximum width, in pixels, of the video stream passed through the Media
Description
Broker
Mandatory Yes
Default 352
Video Settings
Mandatory Yes
Default 30
Mandatory Yes
NONE, STRETCH, or
Values
ADD_BORDERS
Default STRETCH
Bitrate Configuration
If this is not checked, the fixed bitrate settings (see Fixed Video and Audio
Bitrate below) should be set.
Mandatory Yes
Default true
Media Broker can estimate the maximum bitrate for the network condifions
for both send and receive video streams, even if it does not receive REMB
Description and TMMBR messages from browser and sip endpoints; this is the starting
value for this estimation. If the initial rate is well-chosen, it may find the best
quality bitrate more quickly; if it is badly chosen, there may be unnecessarily
poor initial video (if the value is set too low), or dropped packets or frozen
video (if the value is set too high).
Default 512
The media broker will receive and act on max bitrate messages from a)
browser endpoints (RTCP REMB), b) SIP endpoints (RTCP TMMBR), c) the
sender bitrate estimating algorithm and d) the receiver bitrate estimating
Description algorithm.
The Minimum Adaptive Bitrate ensures that these max bitrate messages
never go below this value (that is, it sets the minimum quality). It is used
when setting media broker video encoder bitrates, and in outbound REMB
and TMMBR RTCP messages.
Mandatory Yes
Default 128
The media broker will receive and act on max bitrate messages from a)
browser endpoints (RTCP REMB), b) SIP endpoints (RTCP TMMBR), c) the
sender bitrate estimating algorithm and d) the receiver bitrate estimating
algorithm.
The Maximum Adaptive Bitrate ensures that these max bitrate messages
never go above this value (that is, it determines the maximum bandwidth). It
is used when setting media broker video encoder bitrates, and in outbound
REMB and TMMBR RTCP messages.
Default 1024
Description This is used to negotiate (in SDP) a fixed video bitrate with browser and sip
endpoints. Using a fixed video bitrate on poor lines may result in video
issues, such as video freezing.
Mandatory Yes
Description This is used to negotiate (in SDP) a fixed audio bitrate with browser and sip
endpoints. Using a fixed audio bitrate on poor lines may result in audio
issues, such as stuttering audio.
Mandatory Yes
RTP Settings
Whether to drop packets which are being sent from ports other than those
negotiated in SDP.
Description
See the [Configuring RTP Settings](#configuring-rtp-settings) section.
Mandatory Yes
Default false
Mandatory Yes
Default PLI
Registrar Configuration
Mandatory Yes
Default false
This is the server in the SIP network with which Fusion Client SDK registers
Description
to receive inbound calls. The Gateway sends REGISTER messages through
the Outbound SIP Server.
Mandatory No
Default None
Default q-value
Mandatory Yes
Default 1.0
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 100
If a match is found, the Registrar will attempt to proxy to the next q prioritized
registered contact (if there is one).
Mandatory No
Space delimited list of SIP response codes. e.g. 404 408 410 480 500 503
Values
604
Default Empty
Mandatory Yes
Default 21600
Minimum expires
This is the minimum expires value the Registrar will accept in the REGISTER
requests it receives. If the value is less than this, the Registrar will send a
Description
423 Interval Too Brief response with the Min-Expires header set to this value.
Mandatory Yes
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 101
Values Value in seconds greater than 0
Default 5
Indicates if the Registrar is accepting registrations that did not originate from
the Web Gateway.
Registrations are always accepted from the Web Gateway regardless of this
setting.
Mandatory Yes
General Configuration
Control Address
Hostname or IPv4 address for the control interface of Media Broker. Used by
the Web Gateway to connect to the Media Broker control port.
Description
For example, 192.168.1.2.
Mandatory Yes
Default None
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 102
Control Port
Description To change the port used you must also change the configuration file on the
Media Broker itself.
Mandatory Yes
Default 8092
Control Type
Mandatory Yes
Idle Timeout
The maximum duration of inactivity (no RTP on either leg) on a call before it
is torn down
Description
For example, 10.
Mandatory Yes
Default 10
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 103
Packet Size Limit
The maximum RTP packet size that the Media Broker will accept.
Description
The Media Broker will drop any packet that exceeds this size.
Mandatory Yes
Default 1500
The maximum number of packets that can be buffered before each call.
Description If you are experiencing video issues at the beginning of calls, increase this
value.
Mandatory Yes
Default 500
The maximum RTP throughput rate that the Media Broker will allow.
The Media Broker will terminate a call where the input rate exceeds this
Description value.
Mandatory Yes
Default 1000
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 104
The maximum number of concurrent audio only calls which the media broker
will accept.
Description
See the [Call Limit Based Call Admission Control](#call-limit-based-call-
admission-control) section.
Mandatory Yes
Mandatory Yes
SIP Network
You can define more than one SIP Network range for each Media Broker. All the ports in each
range will be available for RTP on the SIP network.:
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 105
interface card (NIC) on the Media
Broker server.
Mandatory Yes
Default all
Mandatory Yes
Default 17000
Mandatory Yes
Default 17099
Note: At runtime, RTP and RTCP ports are assigned in pairs from the pool, so the Start Port
Range value should be an even number, and the Finish Port Range value should be an odd
number.
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 106
WebRTC Client
This defines what IP addresses and ports on the Media Broker are used for RTP from a browser
whose IP address matches a range of IP addresses (signified in Classless Inter-Domain Routing
(CIDR) notation). You can define multiple browser address ranges, and multiple addresses on
the Media Broker for each range of browser addresses. Note:
A range of addresses configured for all browsers has been added by default.
If there is a firewall or reverse proxy between the browser endpoints and the Web Gateway,
configure its IP address as the Source Address CIDR.
Mandatory Yes
Default None
Public Address
Used by browsers for RTP traffic. Used by the Media Broker to generate
SDP.
You can configure IPv6 addresses, but they require extra components and
are not supported for production use. See FCSDK Developer Guide >
Creating an iOS application > Testing IPv6.
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 107
Mandatory Yes
Default None
Public Port
Description Used by browsers for RTP traffic. Used by the Media Broker to generate
SDP.
Mandatory Yes
Default None
Local Address
Mandatory Yes
Values An IP address, or all, which exposes all NICs on the media broker.
Default None
Local Port
Description Mapped by firewall from the Public Port. Note: SRTP is used by default on
the Local Port.
Mandatory Yes
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 108
Values A port number
Default None
Monitored Connections
Optionally configure one or more groups of monitored connections. See the Connection
Monitoring section for more details on this feature.
Group Name
Mandatory Yes
Default None
Monitored Addresses
Default None
User Credentials
This section allows you to change the administrative user’s credentials. Note that if there are
other administrative sessions open, through the web administrative interface or the CLI, then
those users will need to log out and log back in again with the updated credentials in order to
continue administering the system.
Old password
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 109
If this is incorrectly submitted six consecutive times, then the administrative
account will be locked for security reasons.
Mandatory Yes
Default None
UI username
Mandatory Yes
New password
Mandatory Yes
Default None
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 110
New password field to protect against
typing mistakes.
Mandatory Yes
Default None
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 111
Fusion Client CLI Reference
This section describes the settings configurable by the administration CLI.
Authentication
The Fusion Client SDK CLI is authenticated using the same credentials as the web
administration interface. The CLI will prompt for these details when starting up, and they will be
used for the remainder of your session whenever performing an action that requires
authentication.
Once in the CLI (the command line prompt will read gateway), type commands at the prompt to
add, display, update, and save records in the configuration. Navigate to the value you need to
change by successive updates, to successively drill down into the parts of the configuration, and
successive saves to return to the topmost level. For example, to change the frames-per-second
value in the video-configuration:
Update video-configuration
fps : 30
scaling-mode : STRETCH
fps : 20
scaling-mode : STRETCH
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 112
gateway / edit gateway-configuration / edit video-configuration > save
gateway >
gateway-configuration
gateway-configuration includes the top-level configuration for the Web Gateway and can only
be updated or displayed:
update gateway-configuration
display gateway-configuration
sip-configuration
outbound-sip-servers
The SIP URIs of one or more servers which the Gateway can send SIP to.
If a call is made to a SIP URI where the host part of that URI is not one of the
controlled domains for FCSDK, then the call is routed to one of these
Description
outbound SIP servers.
Mandatory Yes
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 113
Default None
rewrite-outbound-sip-uris
If this is set to true, the Gateway updates the host part of the Request URI of
all outbound requests to match the host part of the outbound SIP server
address. If this is set to false, the Gateway sends requests on to the
Description outbound sip server without change.
Mandatory Yes
Default false
server-timeout
The time, in milliseconds, which the Gateway allows for a server to respond
to a request before it considers the server to be down and tries another
Description server.
Mandatory Yes
Default 3000
ping-interval
Mandatory Yes
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 114
Values A period of time in milliseconds between 0 and 1800000
Default 30000
dead-link-ping-interval
Mandatory Yes
Default 5000
registrar-sip-uri
This is the server in the SIP network with which Fusion Client SDK registers
to receive inbound calls. The Gateway sends REGISTER messages through
Description
the outbound-sip-uri.
Mandatory Yes
Default None
registration-expires
Sets how often the Web Gateway sends REGISTER messages to the SIP
Registrar. The value appears in the REGISTER Expires header.
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 115
See Section 10.2 of RFC 3261 for more details. This value is used for voice
and video in registrations sent to the internal or external Registrar.
Mandatory Yes
Default 1800
min-sip-session-expires
Mandatory Yes
Default 400
sip-session-expires
Mandatory Yes
Default
media-settings
This section describes the configuration settings for the transcoding performed by the Media
Broker.
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 116
banned-codecs
A list containing codecs not to be allowed to pass through the Media Broker.
Description Used by the Media Broker to produce SDP; the Media Broker removes
codecs on the banned list from the SDP during processing.
Mandatory No
Default None
audio-codec-prioritisation
Mandatory No
Default None
video-codec-prioritisation
Mandatory No
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 117
The codec name cannot be empty and
must conform to RFC3551
(<http://www.ietf.org/rfc/rfc3551.txt>).
Default None
default-resolution
pixel-height
Mandatory Yes
Default 288
pixel-width
Mandatory Yes
Default 352
max-resolution
pixel-height
Description The maximum height allowable, in pixels, of the video stream passed through
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 118
the Media Broker
Mandatory Yes
Default 288
pixel-width
The maximum width, in pixels, of the video stream passed through the Media
Description
Broker
Mandatory Yes
Default 352
bitrate-configuration
adaptive-bitrate-enabled
If this is not set to true, you should set the fixed bitrate settings (see fixed-
bitrate-audio and fixed-bitrate-video below).
Mandatory Yes
Default true
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 119
adaptive-bitrate-initial
Media broker is able to estimate the maximum bitrate that network condifions
can support for both send and receive video streams in the absence of
REMB and TMMBR messages from browser and sip endpoints. The
Description adaptive-bitrate-initial value is used to initialize these algorithms to an
expected bitrate from which to start from. A well chosen initial rate may result
in the algorithm finding the best quality bitrate more quickly. A poorly chosen
initial rate may result in unnecessarily poor initial video (if the value is set too
low), or dropped packets or frozen video (if the value is set too high).
Mandatory Yes
Default 512
adaptive-bitrate-floor
The media broker will receive and act on max bitrate messages from 1)
browser endpoints (RTCP REMB), 2) SIP endpoints (RTCP TMMBR), 3) the
sender bitrate estimating algorithm and 4) the receiver bitrate estimating
algorithm.
Description
Mandatory Yes
Default 128
adaptive-bitrate-ceiling
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 120
This value is only considered if adaptive-bitrate-enabled is true.
The media broker will receive and act on max bitrate messages from 1)
browser endpoints (RTCP REMB), 2) SIP endpoints (RTCP TMMBR), 3) the
sender bitrate estimating algorithm and 4) the receiver bitrate estimating
algorithm.
Description
The adaptive-bitrate-ceiling ensures that these max bitrate messages
never go above a defined value (that is, it determines the maximum
bandwidth). In these cases this value will be used when setting media broker
video encoder bitrates and is used in outbound REMB and TMMBR RTCP
messages.
Mandatory Yes
Default 1024
fixed-bitrate-audio
This is used to negotiate (in SDP) a fixed video bitrate with browser and sip
Description
endpoints. Using a fixed video bitrate on poor lines may result in video
issues, such as video freezing.
Mandatory Yes
fixed-bitrate-video
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 121
This is used to negotiate (in SDP) a fixed audio bitrate with browser and sip
endpoints. Using a fixed audio bitrate on poor lines may result in audio
issues, such as stuttering audio.
Mandatory Yes
rtp
restrict-to-sdp-ports
Whether to drop packets which are being sent from ports other than those
negotiated in SDP.
Description
See the [Configuring RTP Settings](#configuring-rtp-settings) section.
Mandatory Yes
Default false
picture-loss-mechanism
Mandatory Yes
Default PLI
media-brokers
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 122
This describes the values available when editing the configuration of a Media Broker. Use:
update media-brokers <mb-id> to edit the settings of a particular media broker, where
<mb_id> is the ID of an existing media broker
media-broker-id
Default None
control-connection
control-hostaddress
Hostname or IPv4 address for control interface of Media Broker. Used by the
Web Gateway to connect to the Media Broker control port.
Description
For example, 192.168.1.2.
Mandatory Yes
Default None
control-port
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 123
Port for Web Gateway-to-Proxy communication (over REST API). Changing
the port here doesn't change the port that the Media Broker will bind to, just
the connection the Web Gateway will use for that proxy.
Description To change the port used you must also change the configuration file on the
Media Broker itself.
Mandatory Yes
Default 8092
control-secure
Mandatory Yes
Default false
sip-network-rtp
You can define more than one SIP Network range for each Media Broker. Each local-address-
cidr can have a number of public ports (which define the range) associated with it. All the ports
in each range will be available for RTP on the SIP network. Use:
list sip-network-rtp to show all the SIP network range definitions in the media broker.
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 124
Note: At least one range is required.
local-address-cidr
Mandatory Yes
Default all
local-port-range-start
Mandatory Yes
Default 17000
local-port-range-finish
Mandatory Yes
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 125
Values A port number
Default 17099
Note: At runtime, RTP and RTCP ports are assigned in pairs from the pool, so the local-port-
range-start value should be an even number, and the local-port-range-finish value should be
an odd number.
webrtc-client-rtp
This defines what IP addresses and ports on the Media Broker are used for RTP from a browser
whose IP address matches a range of IP addresses (signified in Classless Inter-Domain Routing
(CIDR) notation). You can define multiple browser address ranges, and multiple addresses on
the Media Broker for each range of browser addresses. Use:
list webrtc-client-rtp to show all the WebRTC clients in the media broker
Note:
A range of addresses configured for all browsers has been added by default.
If there is a firewall or reverse proxy between the browser endpoints and the Web Gateway,
configure its IP address as the source-pattern-cidr.
source-pattern-cidr
Mandatory Yes
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 126
Default None
public-local-ports
Each source-pattern-cidr can have a number of public ports associated with it, which define
which public and local ports that block of browser endpoints will communicate on. Use:
list public-local-ports to show all the public ports in the WebRTC client
public-address
Used by browsers for RTP traffic. Used by the Media Broker to generate
SDP.
You can configure IPv6 addresses, but they require extra components and
Description
are not supported for production use. See FCSDK Developer Guide,
Creating an iOS application chapter, Testing IPv6 section.
Mandatory Yes
Default None
public-port
Description Used by browsers for RTP traffic. Used by the Media Broker to generate
SDP.
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 127
Mandatory Yes
Default None
local-address
Mandatory Yes
Values An IP address, or all, which exposes all NICs on the media broker.
Default None
local-port
Description Mapped by firewall from the public-port. Note: SRTP is used by default on
the local-port.
Mandatory Yes
Default None
proxy-limits
idle-route-timeout
The maximum duration of inactivity on a route that will be tolerated before the
route is considered invalid. This will cause the gateway to tear down the call.
Description
For example, 10.
Mandatory Yes
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 128
Values A time period in seconds
Default 10
packet-size-limit
Mandatory Yes
Default 1500
throughput-rate-limit
The maximum RTP throughput rate that the proxy will perform.
The Media Broker will terminate a call where the input rate exceeds this
Description value.
Mandatory Yes
Default 1000
cac-audio-only-limit
The maximum number of concurrent audio-only calls which the media broker
Description will accept.
See the Call Limit Based Call Admission Control section.
Mandatory Yes
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 129
Default 0, meaning that the limit is disabled
cac-audio-video-limit
Mandatory Yes
buffer-settings
max-buffer-size
The maximum number of packets that can be buffered before each call.
Description If you are experiencing video issues at the beginning of calls, increase this
value.
Mandatory Yes
Default 500
network-connectivity-groups
Optionally configure one or more groups of monitored connections. See the Connection
Monitoring section for more details on this feature.
name
Mandatory Yes
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 130
Values A string value to act as a label
Default None
monitored-connections
Default None
application-key
A list of keys which identify the Web Application to the Web Gateway. Use:
key-id
Used by the Web Gateway to validate calls from the associated Web
Description
Application.
Mandatory Yes
Default None
aed-configuration
default-timeout
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 131
Mandatory No
video-configuration
fps
Mandatory Yes
Default 30
scaling-mode
Mandatory Yes
NONE, STRETCH, or
Values
ADD_BORDERS
Default STRETCH
internal-registrar-configuration
using-external-registrar
Mandatory Yes
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 132
Values true to use an external Registrar; false otherwise
Default false
default-q-value
Mandatory Yes
Default 1.0
response-codes
Mandatory No
Space delimited list of SIP response codes. e.g. 404 408 410 480 500 503
Values
604
Default Empty
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 133
default-expires
Mandatory Yes
Default 21600
minimum-expires
This is the minimum expires value the Registrar will accept in the REGISTER
requests it receives. If the value is less than this, the Registrar will send a
Description
423 Interval Too Brief response with the Min-Expires header set to this value.
Mandatory Yes
Default 5
accepting-external-registrations
Indicates if the Registrar is accepting registrations that did not originate from
the Web Gateway.
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 134
Registrations are always accepted from the Web Gateway regardless of this
setting.
Mandatory Yes
Values true if the internal Registrar accepts external registrations; false otherwise.
authentication-config
authentication-config contains the authentication type and the LDAP server configuration for
LDAP authentication. See the User Authentication section.
Note: You can use the CLI to change the authentication method and the LDAP authentication
parameters, but you cannot change the LOCAL authentication credentials from the CLI.
authentication-types
Use:
authentication-type
Mandatory Yes
Default
ldap-authentication
ldap-server
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 135
The IP address or host name of the
Description
LDAP server
Mandatory Yes
Default
ldap-secure
Mandatory No
Default false
ldap-trust_jdk
Mandatory No
Default false
ldap-search-user
Mandatory Yes
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 136
Values A full Distinguished Name
Default
ldap-search-user-password
Mandatory Yes
Values String
Default
ldap-base-context-dn
Mandatory Yes
Default
ldap-base-filter
Mandatory Yes
Default
ldap-role-context-dn
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 137
The DN of the context to search for
Description
user role by LDAP.
Mandatory Yes
Default
ldap-role-filter
Mandatory Yes
Default
ldap-role-attribute-id
Mandatory Yes
Default
ldap-role-attribute-is-dn
Mandatory No
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 138
Values true or false
Default false
ldap-role-name-attribute-id
Mandatory No
Default
ldap-role-to-map
Mandatory No
Default WEBADMIN
proxy-statistics
where <mb-id> is the ID of an existing Media Broker (see the media-broker-id section). You can
only display the statistics.
media-broker-id
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 139
The media broker ID as set in the
Description
media broker configuration
load
load-group
startup-time
total-bytes
Values
total-packets
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 140
Number of packets processed by the
Description
media broker
Values
packets-routed
Values
packets-failed
Values
failed-connections
network-connectivity-status
true if the media broker is connected, false if it is not. See the Connection
Values Monitoring section for details on when a media broker is considered
connected.
call-load
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 141
Percentage of its complete load which
Description
the media broker is handling
audio-only-calls
Values
audio-video-calls
Values
status
AWAITING_CONFIGURATION
STARTING
Values
RUNNING
STOPPING
DOWN
call-log
Use:
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 142
where <call-id> is the ID of the call to display. You can only display the call log.
call-id
from
to
direction
One of:
INBOUND
Values
OUTBOUND
start
end
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 143
Description The end time of the call
call-details
call-details contains everything in the call-log, plus some extra information which may be
useful. Use:
where <call-id> is the ID of the call to display. You can only display call details.
call-id
from
to
direction
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 144
INBOUND
OUTBOUND
start
end
media-broker
The media broker control address, port, and security in the form:
<address>:<port>(SECURE)
Values
or
<address:<port>(NOT SECURE)
termination-reason
SIP_HANGUP
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 145
SIP_BUSY
SIP_NO_MATCH
SIP_NOT_FOUND
SIP_REFUSED
SIP_TIMEOUT
SIP_ERROR
SIP_FAILED
BROWSER_HANGUP
BROWSER_UNAVAILABLE
BROWSER_BUSY
NO_MEDIA_BROKER
raw-statistics
Values
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 146
Fusion Client SDK REST API reference
This section outlines the REST API interfaces available in the Fusion Client SDK.
The REST service provides an interface for administering the Web Gateway and Media Brokers.
The REST service accepts the complete configuration (including configuration for the Web
Gateway itself and for each of the Media Brokers it manages) in an XML format. The service
handles the translation between XML and the format required by Web Gateway.
Method
HTTPS GET
URL
https://<fas address>:8443/admin/gateway/1.0/configuration
<configuration xmlns=“[http://schemas.example.com/Web]
(http://schemas.example.com/Web) Gateway/201109”>
<SIP>
<outboundSipServerAddress>sip:192.168.11.55</outboundSipServerAddress>
<registrarSipUri>sip:192.168.18.15</registrarSipUri>
<registrationExpiry>1750</registrationExpiry>
</SIP>
<media>
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 147
<rtpTransportType>UDP</rtpTransportType>
</media>
<application>
<applicationKeys>
<id>FUSIONCSDK-A8C1D</id>
</applicationKeys>
</application>
<proxy>
<controlConnection>
<controlHostAddress>192.168.30.83</controlHostAddress>
<controlPort>8092</controlPort>
</controlConnection>
<internalRTP>
<internalPortRangeStart>16377</internalPortRangeStart>
<internalPortRangeFinish>16377</internalPortRangeFinish>
</internalRTP>
<externalRTP>
<externalRtpPort>16377</externalRtpPort>
<externalProxyRtpPort>16377</externalProxyRtpPort>
<externalProxyRtpIpAddress>192.168.30.83</externalProxyRtpIpAddress>
</externalRTP>
</proxy>
<proxy>
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 148
<controlConnection>
<controlHostAddress>192.168.30.79</controlHostAddress>
<controlPort>8092</controlPort>
</controlConnection>
<internalRTP>
<internalPortRangeStart>16377</internalPortRangeStart>
<internalPortRangeFinish>16377</internalPortRangeFinish>
</internalRTP>
<externalRTP>
<externalRtpPort>16377</externalRtpPort>
<externalProxyRtpPort>16377</externalProxyRtpPort>
<externalProxyRtpIpAddress>192.168.30.79</externalProxyRtpIpAddress>
</externalRTP>
</proxy>
</configuration>
HTTPS PUT
URL
https://<fas address>:8443/admin/gateway/1.0/configuration
Submitted XML
The format of the XML for a configuration PUT request is the same as the response from a
configuration GET request (see the View Web Gateway Configuration section).
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 149
Note: Ensure you specify the correct content-type header, which is:
Content-Type: application/xml
Failure to do so will result in a HTTP/1.1 500 Internal Server error response. The payload of the
HTTP response contains the message Cannot consume content type.
The Session Token REST API allows a server side application to control the access that client
side applications have to the Web Gateway:
3. The server side application calls the Session Token REST service.
5. The server side application returns the session token to the client side application.
6. The client application uses the session token to access the service.
Server side applications developed with Fusion Client SDK can control access to the Web
Gateway, allowing you to produce both client applications that can be used without any user
login, and ones which authenticate users before creating Session Tokens for them. You can
extend existing applications to include Fusion Client SDK features with only a small amount of
effort . For more information, see the FCSDK Developer Guide.
HTTP/HTTPS POST
URL
http://<fas address>:8080/gateway/sessions/session
or
https://<fas address>:8443/gateway/sessions/session
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 150
Submitted JSON
“timeout”:1,
“webAppId”:”FUSIONCSDK-A8C1D”,
“allowedOrigins”:[“example.com”],
“urlSchemeDetails”:
“secure”:true,
“host”:”wg.example.com”,
“port”:”8443”
},
“voice”:
“username”:”jbloggs”,
“displayName”:”Joseph”,
“domain”:”example.com”,
“inboundCallingEnabled”:true,
“allowedOutboundDestination”:”sip:user@example.com“,
“auth”:
“username”:”1234”,
“password”:”123456”,
“realm”:”example.com”
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 151
}
},
“aed”:
“accessibleSessionIdRegex”:”.*“,
“maxMessageAndUploadSize”:”5000”,
“dataAllowance”:”5000”
},
“uuiData”:”0123456789ABCDEF”
timeout
The timeout period for the Session, defined in minutes. If omitted, this will be set to 1 by default.
webappid
The WebApp Key ID that has been defined, which is the unique ID that the web app passes to
the Gateway to identify itself. The ID must be a minimum of 16 characters in length.
allowedOrigins
This represents the origins from which cross realm JavaScript calls are permitted. If null or
empty, there will be no restriction. This is a comma separated list.
urlSchemeDetails
The connection details the Fusion Client SDK client library will be configured to use to the Web
Gateway. If these details are not provided, the default setting for each option will be used:
secure
Specifies whether to use secure WebSockets (wss) or non-secure (ws). The default value is
false, for non-secure.
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 152
host
Specifies the hostname or IP address for the WebSocket to connect to. If not provided, the client
will use the <web_gateway_address> that the Web Application used to issue the HTTP POST
request.
port
Specifies the port that the WebSocket will connect to. The default is set to 8443 if secure is true
or 8080 if secure is false.
voice
The details regarding voice and video calling. If omitted, voice and video calling will be disabled.
username
displayName
The SIP display name, as it would appear in SIP messages. If this is omitted, no display name
will be set for the user.
domain
inboundCallingEnabled
Set inbound calling parameters to enable inbound calling. If this is omitted, inbound calling will
be enabled by default.
Note: If inboundCallingEnabled is set to true, a SIP REGISTER request will be sent to the SIP
network; therefore, a corresponding user must exist on the SIP network. This user’s credentials
should be entered in the auth: section of the POST request to the Web Gateway.
allowedOutboundDestination
This can be a single destination, for example sip:bob@example.com or can be the string all to
allow unrestricted calling.
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 153
auth
The authentication credentials for voice and video calling. This section can be omitted if the
gateway is a trusted entity in the SIP infrastructure; however, if it is omitted and the SIP is
challenged, the registration will fail.
username
The user name you would register with. This is a mandatory setting for voice calling.
password
The password used for registrations. This is a mandatory setting for voice calling.
realm
Note: The username used in the From header can be the same as the username used for
authentication. The domain specified in the From header can be the same as the realm used for
authentication.
aed
The details related to AED. If this section is omitted, AED functionality will be disabled.
accessibleSessionIdRegex
maxMessageAndUploadSize
Limits the size of message (in bytes) a user can send and the size (in bytes) of an individual data
upload.
dataAllowance
The total data (in bytes) a user can have stored at any time.
uuiData
If provided, this string will be used to populate SIP INVITE and BYE messages sent by the user
with a User-to-User header. As an example, suppose the value of this parameter is ABCD. The
FCSDK will add the header
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 154
User-to-User: ABCD;encoding=hex
Returned JSON
A valid request will cause a JSON object containing the sessionid to be returned. If the submitted
JSON contains properties with names that are unknown to the Gateway, a list of those unknown
properties is placed in unknownProperties. This property will be omitted if there are no unknown
properties:
“unknownProperties” : [“<propname1>“,”<propname2>“,…]
Method
HTTPS/HTTP DELETE
URL
http://<fas address>:8080/gateway/sessions/session/<session_id>
or
https://<fas address>:8443/gateway/sessions/session/<session_id>
Result
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 155
Such information is particularly useful when setting up a reverse proxy.
Public URLs
URLs invoked by clients and browsers, which typically need to be public. A reverse proxy should
be configured to forward these requests to the gateway.
Service URLs
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 156
REST service URLs exposed by the product. Typically, a reverse proxy should be configured to
block access to these URLs from external clients.
Administration URLs
URLs of administrative interfaces for the product. Typically, these should not be public, and a
reverse proxy should be configured to block access to them from external clients.
Administration UI </web_plugin_framework/*
AS Administration UI /console/*
Ports
The following ports (in addition to those needed by the Fusion Application Server - see the
FAS Administration Guide) are used by the FCSDK:
Media
8092 Broker
Control
Media
Broker
16000
public and
local port
Media
17000- Broker SIP
17099 network
ports
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 157
Media
16000- Broker
16004 WebRTC
ports
Also
SIP ports
documented
5060, (unsecure
in FAS
5061 and
Administration
secure)
Guide
SIP
5062,
WebSocket
5082
ports
© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 158