Answering the chats and the calls from outside

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Answering the chats and the calls from outside

Postby bghayad » Sun Jul 07, 2019 6:57 am

Hello;

vicibox 7.0.3, vicidial 2.12-15, Build 160508-0139, asterisk 11.22.0-vici, Single Machine

Is it possible that agent to answer the chats and the calls from outside the office? What is the best design for this?
And how can we do this without having security risk, because if the agents will use the Internet to reply for the chats and the calls, then we need to be in protection because the Internal network which contains important database should not be accessed from outside in any way and there should be an isolation.
It is also need to be taken into consideration, that while some agents will answer from outside the office, there will be also another agents who will answer from inside the office. So what is the suggested solution for this?

I used before the remote agent feature (I tried it little just to have idea), but it does not support the ability to answer the chats ! Also, how should I deploy vicidial to be in secure?

I will upgrade the version using vicibox version 8

Regards
Bilal
bghayad
 
Posts: 579
Joined: Sun Jan 01, 2012 4:53 pm

Re: Answering the chats and the calls from outside

Postby bghayad » Tue Jul 09, 2019 7:12 am

Reference to above question, I am thinking in below and I would to get the advice if I am in the right direction or what should I modify on my approach:

I am assuming that remote agent can only answer call and can not answer chat, correct?

If that the case, I am thinking to have Database Server on one machine with IP address and in the Internal network (which is behind firewall) and then to have the web and telephony server on another separated machine with another IP address and in DMZ at the firewall (which can be accessed via Internet).

So, if I provided VPN for agents that outside the office, they will be able to reach to the machine that contains the web and telephony server which is located in the DMZ of the firewall and has connection to the Database Server, in that case, agents can reply for calls and chats from outside office through Internet in a secure way and using iPAD or small Laptop (because telephone smart phone might not work in good performance with VPN).

I hope to hear any suggestion on my approach and advise me with a fully thanks in advance.

Regards
Bilal
bghayad
 
Posts: 579
Joined: Sun Jan 01, 2012 4:53 pm

Re: Answering the chats and the calls from outside

Postby williamconley » Tue Jul 09, 2019 5:13 pm

Remote Agent has nothing to do with location. Remote Agent is for agents who do not have a computer, ignore the naming convention.

If your agents have computers (for chat), they should be "logged in agents" instead of "remote agents". If they will not be taking phone calls, just make them "OnHook" agents by modifying the agent phone to OnHook. No call until they get an inbound phone call (if that never happens, the system will never try to call them and they can Chat all day!).

Do not put your server in the DMZ unless you have a whitelisted firewall on the server. Vicibox installs a firewall, but it is not by default a whitelist. In other words, the world will be able to see (and attack) your server if you put it in the DMZ. You may not appreciate the result.

However, Dynamic Good Guys firewall has pre-installation instructions to lock down your firewall and make it whitelisted. You can also go the extra bit and install DGG if you like, which gives you an easy method to add/remove Authorized IPs in the whitelist. It even includes a special configuration to allow you to "self-add" to the whitelist if you're in Starbucks on your iPad and want to look at the real time screen (or jump into a chat session with an agent).

With a whitelist based system, VPN is not necessary. You will authorize each individual IP address who can access the system OR use the Special DGG link to allow them to authorize themselves. They just need the Special Link and a valid user/pass to gain access.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Answering the chats and the calls from outside

Postby bghayad » Wed Jul 10, 2019 6:05 am

Thank you William a lot.

Remote Agent is for agents who do not have a computer

Do you mean it is for agent who need to answer calls from smart phone?

If your agents have computers (for chat)

What if the agents does not have computer and need to chat? Example: from their smart phone.

With a whitelist based system, VPN is not necessary.

Do you mean I have to give the server an public IP address and place it behind the firewall with whitelist?
Because if the server has private IP address and the agents who are outside the office need to access the server, they will place an URL which contains public IP address (the public IP address of the router "default gateway") and this will cause the vicidial to reject the request. What is the solution in this case?

Regards
Bilal
bghayad
 
Posts: 579
Joined: Sun Jan 01, 2012 4:53 pm

Re: Answering the chats and the calls from outside

Postby williamconley » Wed Jul 10, 2019 12:02 pm

1) a smart phone is a computer. it has a web browser. whether or not it can handle the vicidial agent screen is based on the os and browser software you are using.

2) it is not required to have a public ip directly on the vicidial server to whitelist a server. forwarding ports through your router is sufficient. this is not a function of Vicidial, but a simple "web server port 80/443 forwarding" scenario. Millions of systems do this and it's not hard to set up. For the web. Phone calls are different, but you sound as though you are using the mobile phone for the phone so all that is left is web.

3) default gateway is not the public ip. in fact, if you are on a private network the default gateway is the private ip of the router that has the public IP. But as per #2 above, this is not related to Vicidial. Port forwarding is not difficult, but once that port is forwarded the whitelist requirement kicks in as the entire world can now access your web interface. So whitelisting the server at that point becomes important.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Answering the chats and the calls from outside

Postby bghayad » Mon Jul 15, 2019 3:23 pm

Hello William;

it is not required to have a public ip directly on the vicidial server to whitelist a server. forwarding ports through your router is sufficient. this is not a function of Vicidial, but a simple "web server port 80/443 forwarding" scenario.


The problem that I faced it, when I was doing port forward but from port to port, as example:
Port 8880 to be directed to port 80

So in this case, the agent will place in the URL the following: http://ip_address:8880 and the router will direct this request to the vicidial IP address and port 80 (it is port mapping and forwarding). This was not working (seems the vicidial rejected this) and I do not know why it is rejected?

You might ask me, why you did this port mapping and forwarding and did not forward port 80 of public IP address to port 80 of the Internal IP address, the answer is: because of security, we prefer to use our own ports, specially if we used https, where traffic is encrypted, this will help in the security.
Moreover, some routers are using port 80 for router web tool administration, and that lead us to use another port and do the port mapping and forwarding.

Do you have any idea to overcome this problem?

Regards
Bilal
bghayad
 
Posts: 579
Joined: Sun Jan 01, 2012 4:53 pm

Re: Answering the chats and the calls from outside

Postby williamconley » Mon Jul 15, 2019 9:26 pm

Port mapping gives you a false sense of security. If you leave port 8080 open to the public you will eventually have the same problem on that port as you would on port 80. But if you whitelist your system (only allow approved IPs to gain access to your server unless your server initiates the contact, which is very easy to do), then you can use standard ports on everything and still be secure.

Plus: Vicidial does not reject port 8080 or any other port that has been forwarded. However, apache will log any rejections if apache is responsible for the rejection. Your firewall will also log rejections if you are using the stock configuration in OpenSuSE's iptables setup.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)


Return to Support

Who is online

Users browsing this forum: Majestic-12 [Bot] and 112 guests