Configure WebRTC Settings
Complete the following procedures to enable MBG to support the WebRTC application.
Prior to selecting options on this form, ensure that the WebRTC option is enabled and the correct Operating Mode is selected. WebRTC provides existing functionality to provide backwards compatibility. Enhanced feature support is offered with WebRTC Pro, but will also adjust certain settings, and therefore must be one of the first selections.
Where there are differences in operation between WebRTC and WebRTC Pro, these will be identified in the table entries, below.
Configure WebRTC Settings
To configure WebRTC settings on MBG:
- On the MBG main page, click the Teleworking tab and click WebRTC.
- Enter or edit the options as required and click Save:
Field
Description
Notes
Enabled
Select to enable the WebRTC feature.
Displays the status of the WebRTC service.
Hosting Mode
Select the location of the WebRTC web site:
- Host WebRTC client locally: The WebRTC client is hosted on the MBG web server.
- Host WebRTC on separate server: The WebRTC client is hosted on a standalone web server, either the MiCollab web server or, if your implementation includes a MiVoice 5000 ICP, your enterprise web server.
If you select Host WebRTC client locally, configuration is complete when you save the WebRTC settings. Users may then initiate a call by entering the following addresses in a web browser:- Anonymous call mode https://<MBG-FQDN>/webrtc/call.php?to=<CalledNumber | SipUri>
- Subscriber call mode https://<MBG-FQDN>/webrtc/index.php
If you select Host WebRTC client on separate server and choose to employ the WebRTC client that is pre-installed on the MiCollab web server, configuration is complete when you save the WebRTC settings. Users may then initiate a call by entering the following addresses in their MiCollab Web Client:- Subscriber call mode <https://<MiCollab-server_FQDN>/ucs/micollabwebrtc>
If you select Host WebRTC client on separate server and choose to host the WebRTC client on your enterprise web server, after saving the WebRTC settings, you must download the Software Development Kit (SDK), modify the files contained in the kit to suit your requirements, and then upload the files to your enterprise web server. For details, see Configure Web Server for WebRTC. Users may then initiate a call by entering the following addresses in a web browser:-
Anonymous call mode https://<standalone-web-server-FQDN>/webrtc/call.php?to=<CalledNumber | SipUri>
-
Subscriber call mode https://<standalone-web-server-FQDN>/webrtc/index.php
Note: To host the WebRTC client on your enterprise web server, your implementation must include the MiVoice 5000; other ICPs are not supported.
If you select WebRTC Pro, Host WebRTC client locally option is selected by default.
Operating Mode
Select an operating mode:- WebRTC: This provides WebRTC functionality as provided in previous MBG releases.
- WebRTC Pro: This provides enhanced feature support for MiCollab Web Clients in the Chrome browser when used with an MiVB call server.
Default is set to WebRTC.
Note:- These settings apply to the gateway, not to individual users or devices.
- WebRTC Pro can only be used with MiCollab Web Clients in a Chrome browser with an MiVB call server. Other call servers, browsers and clients, including the AWV PC client are not supported in this mode.
- To support both WebRTC and WebRTC Pro in a single deployment multiple MBGs must be used.
Client Mode
Select the call mode(s) that users can employ to initiate calls from their web browsers:
- Anonymous: Users can initiate anonymous click-to-call sessions from a browser to the call controller. To access this service, users are required to provide minimal credentials (name and CAPTCHA entry). MBG then directs them to an internal service that has been configured on the Anonymous WebRTC ICP.
- Subscriber: Users can access the company directory and place calls from a browser using a SIP web phone. To access this service, users are required to provide their MBG login credentials (set-site username and password). MBG then registers them with an ICP that has been configured on the ICPs screen.
- Anonymous and Subscriber: Users can initiate both anonymous and subscriber calls.
A CAPTCHA is a type of challenge-response test used to determine whether or not the user is human.
If you select WebRTC Pro, Anonymous and Subscriber option is selected by default.
Webserver shared secret
Enter the password shared between MBG and the web server.
This value must be set even when the MBG system is configured to function as a web server.
Anonymous WebRTC ICP
Select the ICP to which WebRTC clients will connect.
The following ICP types are supported:
- MiVoice Business
- MiVoice 5000
- MiVoice MX-ONE
- MiVoice Office 400
Only one ICP can be selected for each MBG that is configured to support WebRTC Anonymous calls. Multiple ICPs are not supported.
Note: Multiple ICPs are supported for WebRTC Subscriber calls. When a user logs in, he or she provides their MBG login credentials (set-site username and password); MBG then registers the user with one of the ICPs configured on the ICPs screen.
WebRTC protocol security mode
This field controls encryption for WebRTC communications. Two options are available:
- Public only: Encryption is enabled for WebRTC communications on the public interface of MBG (the Internet) but not the private interface.
- Public and Private: Encryption is enabled for WebRTC communications on both the public and private interfaces of MBG. Currently, this mode is available only with MiVoice 5000, not with MiVoice Business.
For encryption to work properly on the public interface of the WebRTC server, you must configure the system with a third-party web certificate as follows:
- Add the 3rd-party Web Server Certificate.
- Enable WebRTC feature.
The secured protocols used on the public interface of MBG are:
- HTTPS (for web pages and services).
- SIP over WSS for signaling.
- DTLS-SRTP for media.
The secured protocols used on the private interface of MBG are:
- SRTP over UDP for media.
Note: WebRTC automatically detects a web certificate change and loads up the new certificate.
Note:If you select WebRTC Pro mode, Public and Private option is selected by default.
WebRTC permit/deny mode
This field controls the operation of the permit/deny security feature that can be enabled on the WebRTC application. The permit consists of “trusted addresses” belonging to ICPs that are configured on MBG. The deny consists of “untrusted addresses” belonging to endpoints that are suspected of malicious behavior such as brute force attacks.
- Permit and Deny: Addresses on the permit (trusted ICPs) are allowed. Addresses on the deny (untrusted endpoints) are blocked.
- Neither: The feature is disabled. All addresses are allowed.
An address will be dropped from the deny after five hours, provided that it does not engage in suspicious behavior during that time.
Note:If you select WebRTC Pro, Neither option is selected by default.
Video enabled
Select to enable video in addition to audio. Clear to enable audio only.
To take advantage of this feature, both SIP endpoints must support the VP8 codec. Otherwise, transcoding must be enabled.
When this field is enabled, users will see a video panel on the call web site. If this field is disabled, the video panel will not appear.
Video is enabled by default if WebRTC Pro mode is selected.
Transcoding enabled
Select to enable transcoding to/from the codecs supported by WebRTC web clients (VP8) and Mitel devices (G.711 and H.264).
Transcoding video can be CPU intensive. To prevent your system from experiencing issues, you may need to instruct your users to limit the number of video calls that they place at any one time.
If your implementation includes the Mitel MiVoice Video Phone (UC360), enable Transcoding to support video calls.
LDAP server
If you are using Subscriber call mode in conjunction with the MiVoice 5000, and you wish to look up/retrieve user information from an LDAP database such as Active Directory, enter the address of the LDAP server. For example, to use the LDAP database included with the MiVoice 5000, enter the address of the MiVoice 5000.
LDAP DN
Enter the LDAP Distinguished Name.
LDAP login
Enter the LDAP login ID.
LDAP password
Enter the LDAP login password.
Pictures server URL
If you are using Subscriber call mode and wish to retrieve user images from a media server, enter the URL of the server. For example, to use the media server included with the MiVoice 5000, enter https://hostname/photos/local/ as the URL.
The image files require the following format: <number>.png
Where <number> is each user's telephone number.
Voicemail digits
Enter the telephone number required to access the voicemail system. Typically, this is a hunt group number.
Configure WebRTC Port Ranges (Optional)
If your solution is in a container, WebRTC Port Ranges are auto-configured at deployment, and cannot be modified.
You can set the range of ports available for use by WebRTC on the public (external) and private (internal) interfaces of MBG. By default, ports 32000 to 32500 are assigned to the public interface, and ports 33000 to 33500 are assigned to the private interface. For most implementations, you should use the default values; no change is required.
To configure WebRTC port ranges on MBG:
- On the MBG main page, click the Network tab and click Port ranges.
- If required, update the following port ranges:
-
WebRTC public starting port
-
WebRTC public ending port
-
WebRTC private starting port
-
WebRTC private ending port
-
After completing the configuration, double-check all settings. They are critical to the operation of the WebRTC gateway and are included in the Software Development Kit (SDK) that you download for deployment to your web server.
WebRTC Pro Port Ranges
The WebRTC Pro connections behave like SIP Teleworker devices and use the existing Teleworker media ports instead of specific WebRTC ports. The media port selection range for WebRTC Pro is covered under Teleworker settings.