High Availability Installations on AWS
Last updated
Last updated
This guide provides instructions on how to deploy PortSIP PBX HA on the AWS EC2 environment.
Operating System: Ubuntu 20.04 LTS 64-bit is required.
AWS EC2 Instances: You will need three AWS EC2 instances. In this guide, the terms EC2 server, PBX server, and node are used interchangeably, all referring to an AWS EC2 instance.
Instance Specifications: Each EC2 instance should have a minimum of 4 vCPUs and 4GB of memory.
Public IP Assignment: Ensure to select the Assign a public IP automatically option when creating each EC2 instance.
Private IP Address: Each EC2 instance must be assigned a static private IP address.
Location: All EC2 instances must be located within the same Region, VPC, and subnet.
Elastic IP Address: An Elastic IP address must be allocated.
Virtual IP: A virtual IP is required. This should be an unused private IP address within the same VPC/subnet.
Elastic Block Store Volume: An Elastic Block Store(EBS) volume is needed.
Figure 1-1 PortSIP PBX HA Architecture
The Pacemaker is a high-availability Cluster Resource Manager (CRM) that can be used to manage resources and ensure that they remain available in the event of a node failure.
The PortSIP PBX HA uses the Pacemaker to do the resource management and monitoring, once the event of PBX node failure, the resources will automatically move to a working node in the cluster.
Amazon Elastic Block Store (Amazon EBS) is an easy-to-use, scalable, high-performance block-storage service designed for Amazon Elastic Compute Cloud (Amazon EC2). It provides block-level storage volumes for use with EC2 instances. EBS volumes behave like raw, unformatted block devices.
You can mount these volumes as devices on your instances. EBS volumes that are attached to an instance are exposed as storage volumes that persist independently from the life of the instance. You can create a file system on top of these volumes, or use them in any way you would use a block device (such as a hard drive). You can dynamically change the configuration of a volume attached to an instance.
The EBS is utilized in the PortSIP HA scenario to synchronize data (DB, recording files, log files, and prompt files) between the PBX nodes.
To connect to the PBX service, all SIP clients (IP Phone, Softphone, Mobile App, WebRTC Client) will access the Virtual IP of PortSIP PBX in the HA scenario.
The working mechanisms of PortSIP PBX HA are as follows:
Node Configuration: Three PBX nodes operate concurrently to prevent split-brain scenarios during HA switching.
Data Storage: EBS is utilized to store PBX data, which includes active call information, recording files, logs, call records, and user-uploaded prompt voice files.
Access Point: A Virtual IP (VIP), an unused static private IP in the APC/subnet, serves as the access entry point for the PBX system.
IP Mapping: The Elastic IP consistently points to the Virtual IP, which is exposed for the IP Phone, APP, and Web browser access.
Status Monitoring: Pacemaker is used to monitor the status between EC2 servers.
Service Provision: The primary node provides services. If the primary node goes DOWN, the Pacemaker will immediately drift the VIP to the standby node upon detection. User service requests will then be automatically routed to the standby node, which will continue to provide services.
Call Restoration: Any established call on the primary node will be automatically restored by the standby node.
All Linux commands must be performed as the default user "ubuntu".
To set up the PortSIP PBX HA on AWS, you’ll need to create the user group and user in IAM.
Open IAM. You can choose an existing group or create a new one by clicking on Create group.
The permissions policies for this user group must include AmazonEC2FullAccess and AmazonEBSCSIDriverPolicy.
As the below screenshot shows up, you could name the group hagroup, and ensure that the permissions policies include both AmazonEC2FullAccess and AmazonEBSCSIDriverPolicy.
To create a new user, follow these steps:
Click on Users to view the list of users.
Click on Create user to start the process of creating a new user.
As the below screenshot shows up, you could name the user hauser, and assign this user to the previously created user group hagroup.
Once you’ve successfully created the user, follow these steps to create an access key for that user (hauser):
Click on Create access key.
In Step 1, under Access key best practices & alternatives, select Command Line Interface (CLI) for the Use case.
Proceed to Step 3, Retrieve access keys. Here, it's crucial to note and save the Access key and Secret access key for future use.
In the PortSIP PBX HA setup, all PBX nodes will be deployed within the same Availability Zone (in this example, we’re using us-west-1), VPC, and subnet. It’s important to assign a static private IP from the subnet to each PBX node.
To do this, open the AWS VPC menu and use the default VPC(You can also create a new VPC). As shown in the screenshot below, the VPC IPv4 CIDR is 172.31.0.0/16.
To set up the subnets, follow these steps:
Click on Subnets to view the list of subnets. If there are no existing subnets, click on Create subnet to create a new one.
As shown up below the example, the Subnet ID could be subnet-8cadc4e8, with an IPv4 CIDR of 172.31.16.0/20, and located in the Availability Zone us-west-1c.
The CIDR must be 20 otherwise the installation will fail.
In this scenario, we’ll assign the following static private IPs to the nodes:
Node 1: 172.31.16.133
Node 2: 172.31.16.134
Node 3: 172.31.16.135
To set up the security group, follow these steps:
Click on Security Groups to view the list of security groups. If there are no existing security groups, click on Create security group to create a new one.
For example, your Security Group name could be pbx-ha, with a Security Group ID of sg-0e2bea9ea4033f893.
TYPE
PROTOCOL
PORT RANGE
SOURCE
DESCRIPTION
Custom UDP
UDP
35000 - 65000
0.0.0.0/0
RTP
ALL TCP
TCP
0 - 65535
172.31.0.0/16
ALL UDP
UDP
0 - 65535
172.31.0.0/16
Custom TCP
TCP
5432
172.31.0.0/16
db
SSH
TCP
22
0.0.0.0/0
ssh
Custom UDP
UDP
5060
0.0.0.0/0
pbx sip/udp
Custom TCP
TCP
5061
0.0.0.0/0
pbx sip/tcp
Custom TCP
TCP
5063
0.0.0.0/0
pbx sip/wss
Custom TCP
TCP
8882-8900
0.0.0.0/0
pbx
Custom TCP
TCP
10443
0.0.0.0/0
sbc webrtc
HTTP
TCP
80
0.0.0.0/0
http
HTTPS
TCP
443
0.0.0.0/0
https
The rule for ALL TCP and ALL UDP is allowed under the same subnet, all hosts can access each other.
TYPE
PROTOCOL
PORT RANGE
DESTINATION
DESCRIPTION - OPTIONAL
All traffic
All
All
0.0.0.0/0
–
Configure the security group when creating all HA EC2 instances.
Please follow the below steps to create the EC instance.
In the Section Application and OS Images (Amazon Machine Image), please choose the AMI Ubuntu Server 20.04 LTS (HVM), SSD Volume Type.
In the section Instance type, please choose the instance type t2.medium or other instance types.
You should choose the appropriate instance type for your business usage.
For higher user volumes and concurrent calls, more CPU and memory resources are required. Therefore, it's important to choose an instance type that is appropriate for your specific needs. Please consider your user volume and call concurrency when selecting your instance type.
You can reference the Hardware Specifications to choose the instance type.
In the Key pair (login) section, you have the option to select an existing Key pair name or create a new one by clicking on Create new key pair.
For instance, in this guide, we’ll create a new key pair and name it aws-portsip-pbx-ha. This will generate a certificate file named aws-portsip-pbx-ha.pem.
In the PortSIP PBX HA, all EC2 instances must use the same key pair.
To set up the network for the EC2 servers, follow these steps:
Choose the VPC vpc-027ba466 and Subnet subnet-8cadc4e8 that you created earlier.
For Auto-assign public IP, select Enable.
In the Firewall (security groups) section, select the existing security group pbx-ha that you created earlier.
Note: In the Advanced network configuration > Network interface 1 section, enter the following IPs for the Primary IP field:
Node 1: Enter "172.31.16.133"
Node 2: Enter "172.31.16.134"
Node 3: Enter "172.31.16.135"
In the Section Storage(Volume) we can configure the disk for the PBX HA, this disk is used for installing the Linux OS, usually, 40G or 100G is enough.
By default, AWS automatically sets up the Host Name for each EC2 instance once it’s successfully created. This means you don't have to manually assign a Host Name to each instance, simplifying the setup process.
In this scenario, it shows up as the below.
NODE
HOST NAME
PUBLIC IP
PRIVATE IP
DISK
DEFAULT USER
1
ip-172-31-16-133
Auto-assign
172.31.16.133
/dev/sda (40GB)
ubuntu
2
ip-172-31-16-134
Auto-assign
172.31.16.134
/dev/sda (40GB)
ubuntu
3
ip-172-31-16-135
Auto-assign
172.31.16.135
/dev/sda (40GB)
ubuntu
Next, you'll need to allocate an Elastic IP for the PBX HA. Here’s how:
Click on Elastic IPs to list the current allocated Elastic IPs. Click on Allocate Elastic IP address to create a new one. For example, your allocated IPv4 address could be 54.151.30.9, with an allocation ID of eipalloc-02c7cf64a5cd449c.
Next, you’ll need to create an EBS volume to store the PBX HA data. This volume usually should be large since it is used to store the PBX data such as DB, recording files, logs, and chat files, in your production environment, we suggest it be as big as possible, such as 1000G.
Here’s how:
Click on Volumes to view the list of volumes.
Click on Create volume to create a new one.
For example, your volume info could look like this:
io2
vol-0e06e1e9da3c49b67
1000GB
500
us-west-1c
No
No
The following screenshot shows the example:
Perform the below command on all EC2 instances.
You can use the following command to check the AWS CLI version:
Take the region name as the screenshot, in case the region name is us-west-1.
Perform the below command on all EC2 instances.
Enter the necessary information for the prompts.
You’ll need to upload the aws-portsip-pbx-ha.pem
file to the /home/ubuntu/.ssh/
directory of the node with IP 172-31-16-133
. This aws-portsip-pbx-ha.pem
file is the key pair that was generated when creating the EC2 instances.
Perform the below command on the node ip-172-31-16-133 only.
The following command should only be executed on the EC2 ip-172-31-16-133.
Please prepare the value for the below Variables.
pbx01_instance_id
string
The instance id of the node 1
pbx02_instance_id
string
The instance id of the node 2
pbx03_instance_id
string
The instance id of the node 3
private_vip_address
string
The virtual IP(in the example, 172.31.16.130 is used)
eip_address
string
Elastic IP Address
eip_allocation_id
string
Elastic Allocation ID
ebs_volume_id
string
EBS Volume ID
pbx_image
string
PortSIP PBX docker image
ssh_private_key_file
string
The path of certificate file for the key pair "aws-portsip-pbx-ha"
The following command should only be executed on the EC2 ip-172-31-16-133.
The following command should only be executed on the EC2 ip-172-31-16-133.
Perform the below command on the node ip-172-31-16-133 only.
The execution may take a long time, so patience is required. Please do not interrupt, restart, or shut down while the process is in progress.
Once the resource configuration is complete, you can access your PBX by opening https://54.151.30.9:8887 in a web browser. All future PBX management, configuration, and access will be done through the Elastic IP 54.151.30.9.
You can also resolve your web domain to the Elastic IP.
When you sign into the PBX Web portal, the setup wizard will automatically pop up. In its first step, Enter the private virtual IP 172.31.16.130 as the filed Private IPv4, and enter the Elastic IP 54.151.30.9 as the filed Public IPv4.
Once successfully completed the Setup Wizard, select the menu Advanced > Settings > Advanced, select the Enable Call Recovery option, and confirm by clicking on the OK button.
Once you successfully configured the PortSIP PBX HA as per the above steps, you can use the following commands to manage the PBX HA.
All commands should be performed only on the EC2 instance ip-172-31-16-133.
The following output indicates that the PBX HA is working properly. The EC2 instance with IP 172-31-16-133 is serving as the current master node, while the EC2 instances with IPs 172-31-16-134 and 172-31-16-135 are acting as slave nodes.
Perform the below command only on the EC2 instance ip-172-31-16-133.
The output will indicate the current master node is on which EC2 instance.
Use the below command to restart the PBX.
The following output indicates that the PBX is successfully restarted.