What is it?
Trusted Devices is an add-on for service gateway customers (Teams or Hangouts) to allow lobby-bypass for video endpoints not registered on the service. Without Trusted Devices, only video endpoints that are registered on the service using the Endpoint subscription service will bypass lobby.
How does it work?
Pexip offers two ways to trust non-registered endpoints:
- SIP authentication (recommended). (Defined as a 'challenge rule' in our portal.)
- IP address. (Defined as a 'trust rule' in our portal.)
The video endpoint calls from a domain the Pexip Service is configured to challenge. After providing SIP Auth, the call bypasses lobby. If unable to provide SIP Auth, the call disconnects.
If calling from a domain that is not set up to be challenged, the user will enter the lobby.
This is the most secure trust option. It requires that customer’s SBC can authenticate on behalf of its clients. (Pexip provides customer with a username/password to be used.)
Pexip supports multiple domains to be challenged per customer.
Trust if endpoint comes from a pre-configured list of IP addresses. Assumes that call control is correctly configured to validate endpoint, and only relay their own traffic to the Pexip service.
Any calls not showing the approved IP address will be placed in lobby.
Pexip supports multiple IP addresses / network masks.
1. How to order trusted devices?
See this article
2. How can I ensure my trusted devices are shown in the global directory when I'm on the service?
One can use static addresses to add unregistered endpoints to the global directory. Ask your Pexip partner for support on this feature.
3. What devices are supported?
Any SIP (2.0) compatible system.
4. Are non-SIP calls, e.g. H323, supported?
No. Any such calls will bypass any policy rules and therefore handled as no rules have been set.
5. What call controls are supported?
We have tested Infinity and Expressway. We don’t expect problems with other systems, but no guarantees.
Note: Multi-tenant systems (e.g. WebEx) are not supported, as multiple customers will then come from the same IP. If the customer has own call control / SBC, it should be work.