Page 119 - Asterisk™: The Future of Telephony
P. 119

FTP is currently the preferred method of allowing Polycom phones to obtain their
               configuration. It works well, is fairly easy to configure, and is well supported by the
               community.

               FTP
               FTP is currently our favorite way to configure Polycom sets. To install it on your CentOS
               system, the following command will install VSFTPD, the Very Secure FTP Daemon:
                   # yum -y install vsftpd
               Then, in order to lock things down, we need to prevent anonymous logins, with a simple
               change to the vsftpd config file, /etc/vsftpd/vsftpd.conf:

                   # anonymous_enable=NO
               Restart the server with service vsftpd restart. To ensure that the daemon runs after
               every reboot, run chkconfig vsftpd on.
               Now, we have to create a user account and group for the Polycom sets to use:

                   # groupadd PlcmSpIp
                   # useradd PlcmSpIp -g PlcmSpIp -p PlcmSpIp
                   # passwd PlcmSpIp
               Set the password to PlcmSpIp (the default FTP password for Polycom sets). This can
               be changed, but will then require manual configuration from each set in order to advise
               them of their nonstandard credentials. ‖
               For added security, let’s make sure the FTP server keeps that account in a chroot jail:
                   # echo PlcmSpIp >> /etc/vsftpd/vsftpd.chroot_list
               That pretty much does it as far as preparing the operating system to provide the required
               services to the phones.

               The Polycom configuration files
               While there seem to be a lot of different files that are needed to make a Polycom set
               work, they are each fairly easy to understand.
               The bootROM.  This can best be described as the BIOS and operating system of the phone.
               Perhaps there is a more technical explanation, but why make things confusing? The
               bootROM should not need to be updated regularly, but it is good to keep an eye on
               the current releases to see if a newer bootROM has features that will be of benefit in
               your environment. This file will be named bootrom.ld.



               ‖ You can get into assigning complex and unguessable passwords for the phones to use, but unless you are
                 going to input the passwords into each phone manually, you’ll have to pass them their FTP user name and
                 password from the DHCP server. Any device that can get on the voice network can get the same information
                 from the DHCP server. We’re not telling you to ignore security, just don’t assume that creating separate
                 passwords for each phone is going to improve security.

                                                                   Configuring SIP Telephones | 91
   114   115   116   117   118   119   120   121   122   123   124