InfinityOne - Prerequisites

SSL Certificate Requirement

Release 2 of InfinityOne adds the capability of using an InfinityOne client application on an mobile device such as an iPhone. However, in order to do so, the InfinityOne server must have a valid, signed SSL (Secure Socket Layer) certificate installed. Because the use of SSL increases the level of security when passing traffic over the public internet, Apple mandates this for all its application developers, and is highly recommended for Android application developers. The process is documented in Generating and Installing a Commercially Signed SSL Certificate. If you are installing InfinityOne for the first time, it is recommended that you complete the certificate installation prior to InfinityOne installation, or that you review the process and ensure that you have done the necessary planning with respect to Host Names.

The use of an SSL certificate was not a prerequisite on previous releases of InfinityOne, but is mandatory on Release 2 if you plan to support the Mobility client interface.
Note: If you have installed the SSL as a prerequisite for using mobile clients in an existing InfinityOne deployment, it will be necessary to restart the InfinityOne service before the SSL can be used by the application. If you have purchased an SSL from E-MetroTel, our installation process does not restart the InfinityOne server as doing so will impact existing InfinityOne calls. Please ensure proper notification to users prior to performing this required step.
The hostname of the UCX Server / InfinityOne Server must match the name associated with the SSL certificate.

Allow Invalid Self-Signed Certificates (Temporary Access without SSL Certificate)

WARNING: This procedure allows a temporary bypass of the commercial SSL certificate requirement.  It has been added in order to simplify the installation process for customer trial and evaluation implementations.  However, it reduces the level of security in the solution as it does not authenticate the client-server connection and does not encrypt the transmission, and should not be used for long term deployment.

The process of purchasing, configuring, and installing an SSL certificate sometimes requires coordination of multiple groups within a company, and in fact sometimes requires soliciting support from third parties if the UCx InfinityOne customer contracts it IT support to a different organization than the telephony support.  Since there is no license required for implementing InfinityOne and using any of the supported clients on a UCx system, including mobile device clients, E-MetroTel has implemented a mechanism for temporarily bypassing the SSL certificate authentication process.

Note that this setting is not related to the UCX Self-Signed SSL Certificate configuration.

This SSL Certificate bypass function is controlled by a single setting in the InfinityOne Administration settings, which can only be accessed after the Installation Wizard has been completed and the First Time Login of the Admin account has been completed.  The setting for this bypass function is described in InfinityOne - SSL Certificate Bypass, which is intended only to be used for a short term period.

Upgrading from a Previous Release

If you are upgrading from a previous version of InfinityOne, take note of the following:

  • ​The Host Name field in the InfinityOne Installation Wizard defaulted to the Host Name or IP address used to initiate the wizard.  If that Host Name differs from the name that you plan to associate with the commercially signed SSL certificate, or if an IP address was originally used, then  it will be necessary to change them on the InfinityOne system. Refer to InfinityOne Release 2 - Changing the Network Parameters.

Administering the InfinityOne Server

When you first start the process of installing and configuring the InfinityOne server, you will be required to be using a browser based connection to the UCx software via the Web Based Configuration Utility. Once you have activated the InfinityOne server, you will use the browser to connect directly with the server for the initial configuration steps, and then have the option of download a desktop application to any Windows, Linux, or OSX (Mac) device.

All on-going management, administration, and changes to the InfinityOne Server can be done through an administrator account on either a web browser or the InfinityOne desktop application. The InfinityOne Mobility client does not support administrator level privilege access.

Enabling Remote Devices to Access the InfinityOne Server

In order to allow InfinityOne softphones (Desktop, Browser or Mobile) to access your InfinityOne Server from the public network, you should configure your router to forward the following ports to the IP address of your InfinityOne Server (by default 192.168.1.200):

If your InfinityOne Server is behind NAT, you must enter the public IP address of the UCx Server in the Public IP field on the Nortel Settings page.
Rule Name
Port Number/Port Range
Port Type
Infinity One Site Port (signaling) 21326 (default *) TCP
RTP (media) 10000 - 13999 UDP

* If you use a non-default port number for the Site URL Por Number (configured in InfinityOne Installation Wizard or the InfinityOne Administration/General/Network settings), use the actual port number for the first rule in the table above.

Page Tags: 
chat
admin guide
webRTC
infinity
One
iOne