Multi-Tenancy Domains/Namespaces

Status
Not open for further replies.

KitchM

Member
Jul 15, 2019
168
6
18
I am confused about domains for the purpose of multi-tenancy. Are they necessary? Can they be namespaces? Is there a way to implement them without registering for a domain name and getting separate IP addresses? What does a home office do when the ISP only assigns one IP address that must be shared between all office systems but there are multiple phone numbers representing different businesses?

Thanks.
 

ad5ou

Active Member
Jun 12, 2018
892
205
43
The domain is for context matching.
For a single tenant the IP address of the machine is a usable “domain”
A domain name in the pbx doesn’t have to be a FQDN as long as the endpoint has a way to address SIP messages to that domain name.

The “easiest” and probably most common way for multi-tenant is to use tenantname.mydomain.com so the pbx domain records all reside with the provider’s dns. A single A record such as pbx.mydomain.com for the server and CNAM records for each tenantname pointed to pbx record works well.

Another option is to set endpoints to use a single host name or IP as the proxy address then each tenant “domain” can be just about any name. bobswidgets, acme, etc etc.
 

KitchM

Member
Jul 15, 2019
168
6
18
Thanks for the response.

It sounds like that last is the option for me.?.? Could you put that in simpler language for me? All I know is that I have a voip provider (SIP provder?), a small server in the corner running Debian 10 and FusionPBX, and that's about all. I am not sure where to make the settings in my FusionPBX.

Thanks again.
 

rubberducky

Member
Aug 30, 2017
51
7
8
38
My question would be: What do you want to use this system for?

If you have a small office and just want to use it to route calls to your local phones, then there's no reason to set up the multi tenant options. Multi tenancy only comes into play if you are serving multiple companies. If you aren't doing that then just set up your extensions and program them into your phones as necessary.

Multi tenancy comes into play when you have multiple companies you're trying to serve, which unless I missed something that isn't what you're trying to accomplish here. Each tenant is completely and totally separate from each other, and with the exception of calling eachother via actual phone numbers, they don't communicate. So please elaborate more on what you're trying to accomplish with this. Whats your end result?
 

KitchM

Member
Jul 15, 2019
168
6
18
Thanks, but quoted from above:
"What does a home office do when the ISP only assigns one IP address that must be shared between all office systems but there are multiple phone numbers representing different businesses?"
Different businesses means different companies.

Thanks. Have a great weekend.
 

ad5ou

Active Member
Jun 12, 2018
892
205
43
Now that you have mentioned a use case I’ll try to explain a little more.
In your situation, the setup would vary a little depending on where phones would access the pbx from and how separate the multiple companies need to be.

When I mentioned “context matching” I was referring to how Freeswitch routes calls.
In a typical Fusionpbx setup, an inbound call from a provider would first show up in the “public” context. Dial plan rules would then eventually transfer the call to a XML dialplan in a “domain” context. Extensions and other pbx features use dial plans inside their assigned “domain” context. Freeswitch uses the different “domains” to separate each ‘tenant’ since users for a given domain can’t interact with users outside of their own “domain”. The term “domain” in Freeswitch can also be considered a realm, context, or loosely a group.

As for your scenario of only having a single public IP address, a few port forwarding rules in your firewall will allow the PBX to operate just fine. If all of the endpoints connecting to the PbX are on the same local network you could possibly get by without any port forwarding depending on the type of sip provider connection you have.

The default Fusionpbx install script will build the PBX with a single domain set to the IP address of the server it is hosted on. If this server is on a local network, it would most likely be a private IP address. You could then add extensions to the PBX using the server IP address for “sip server” fields in phones. If each company doesn’t have to be totally separate from each other, you can use a numbering scheme for users to match the correct company. Outbound Caller ID can be set per extension to match correct company, and inbound numbers for each company can then be routed to the appropriate user,IVR, Ring group, etc.
 
  • Like
Reactions: ewdpb

markjcrane

Active Member
Staff member
Jul 22, 2018
530
184
43
50
There are multiple ways to do this with FQDN, local or even fictitious domains. My least favorite approach is to manage multiple companies on the same domain.
 
  • Like
Reactions: DigitalDaz

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,077
579
113
I'm struggling to make sense of this post at all.

I have a domain for example myhostedpbxdomain.com.

On the PBX and with DNS I can have:

acme.myhostedpbxdomain.com
bluesky.myhostedpbxdomain.com
charlieschocolate.myhostedpbxdomain.com
....

For as may domains as I want. They all point to the same IP address, what is the problem? Is there really a problem at all or just a misunderstanding of how the PBX works?
 
  • Like
Reactions: rubberducky

KitchM

Member
Jul 15, 2019
168
6
18
@DigitalDaz, you're not the only one.

Here are some questions that I have from what I've read:
  • Based upon "the setup would vary a little depending on where phones would access the pbx from and how separate the multiple companies need to be", is there a distance problem with connection and is there maybe some sort of legal issue with regard to company separation?
  • If "you could possibly get by without any port forwarding depending on the type of sip provider connection you have", then what are the different types of connections for which I should look?
  • If "There are multiple ways to do this with FQDN, local or even fictitious domains", then what are those ways?
  • "I have a domain for example myhostedpbxdomain.com.....". Well, I don't mean to shock you, but I don't have an FQDN. Sorry.
I have no domain but localhost 127.0.0.1. My router has an IP address assigned by the ISP (pretty standard stuff for most users) and I have a smart managed PoE switch where my little server and my Ethernet telephones are connected. My internal network is in the range of 192.168.0.xxx.

My current telephone connection provider is a VOIP company, who can supply a SIP trunk if this actually starts getting connected. My provider gives me a server address of something like sip.provider.com, available listening SIP ports are 5060, 5061, 5062, 5065, 5074, 5076, 5078, 5079, 5094 and 5098. There is also a user name and password. That's pretty much it.

Of course, none of that matters, IMHO. The issue appears to just be a FusionPBX/Freeswitch configuration issue based upon desired parameters. If company A is Line 1 and company B is Line 2, what do I enter where? Is there a gotcha somewhere which would make the FusionPBX/Freeswitch software cross the lines somehow? I certainly would not want that. But, if I have a portable phone which can answer any line, why couldn't a person know for which company she is answering the phone?

I liked the big meeting scene in the movie Margin Call, where the boss comes in to get information and he tells the fellow to speak to him like a little child or a golden retriever. That is what a newbie needs, IMHO, because that is certainly what I need now. I have installed the OS, the software and configured the system to get on the Internet. At this point, nothing I have done thru the program's interface has made any connection with my provider on any line, let alone make me able to do the rest of the setup. That has become a huge block, and there is no passing that point without simple direction.

Thank you all. Please let me know what else you all need.
 

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,077
579
113
Just buy a domain, they are cheap as chips.

You don't necessarily need that though...

Create your domains as normal, call them if you like company1.mypbx.com, company2.mypbx.com etc

The in the phones for the server, put in the respective company1.mypbx.com etc and in the outbound proxy put the Ip address of the PBX. You would need to do this probably anyway even if you buy a domain.
 

rubberducky

Member
Aug 30, 2017
51
7
8
38
I agree with DigitalDaz. While getting a domain isn't absolutely necessary, it will make your life a whole lot easier. $12 a year and you're golden.
You have a lot of the same questions I had when I first started out, and what I wound up doing is hiring a professional to help me get set up. Cost a few hundred USD back then, they set up the PBX, set up my first few tenants, and gave me a bit of training on what to do and how to do it. Best money I ever spent. Anyway, your questions.

Based upon "the setup would vary a little depending on where phones would access the PBX from and how separate the multiple companies need to be", is there a distance problem with connection and is there maybe some sort of legal issue with regard to company separation?
Distance isn't an issue, I have clients on both ends of California using this system as if they're in the same building. However legal might be. If you're selling this as a service, or just the IT guy who's setting this up for the company he works for, you want separate tenants. Reason being if you separate these company just into extension blocks like "Company 1 - extensions 100 - 199" "Company 2 - Extensions 200 - 299", that leaves you open to huge amounts of human error. What happens when you accidentally point a voicemail at the wrong company? (done that). What happens when someone fat fingers the extensions and instead of dialing 101 she dials 201? Suddenly you have someone talking to another individual, asking who the hell they are, and why are they on their phones? A mess waiting to happen. So using Domains make sure both of these scenarios don't happen.

If "you could possibly get by without any port forwarding depending on the type of sip provider connection you have", then what are the different types of connections for which I should look?
I believe what ad5ou was talking about (could be mistaken) is Registered vs No Reg. Most (like mine) sip providers do a non registration deal where they just send allll the traffic to your IP address without checking to see if anyone is listening on the other end. That setup you'd need port forwarding for sure. I think some providers do registration, which works differently. Then, if all your phones are on the same internal network, then you wouldn't have to worry about port forwarding signaling and RTP to your PBX. I will say that port forwarding is something you're going to want to get comfortable with quickly if you intend to start running your own PBX.

If "There are multiple ways to do this with FQDN, local or even fictitious domains", then what are those ways?
I have honestly never tried doing this without a domain name. Just from what I know about this setup would make that one hell of a headache. The way I did it was go into my GoDaddy DNS manager and simply add A records for clients, like client1.heylookihaveapbx.com client2.heylookihaveapbx.com, and point those to your Wan IP.

"I have a domain for example myhostedpbxdomain.com.....". Well, I don't mean to shock you, but I don't have an FQDN. Sorry.
I'm shocked. Shocked I tell you.

As vague as all of this is, I don't know of any Install-to-Sip-to-DomainSetup tutorials out there. DigitalDaz is always uploading tutorials so he might know of one. If you want to know some of the resources I've used in the past and continue to use for all this, feel free to drop me a PM.
 
Last edited:

ad5ou

Active Member
Jun 12, 2018
892
205
43
As mentioned above, if you have a registration based sip trunk with a provider and all of your extensions are connected inside your local lan then you can get away with no port forwarding. While this setup would work, it will limit where phones can connect from as well as limit provider options since most expect to be able to send SIP and RTP directly to a host name or IP address.

You can use a “dynamic DNS” service to avoid purchasing a domain name. This might be needed if you’re home IP address is subject to change and you want to have remote users.

I already stated how you can use fictional domain names for separating the groups in Freeswitch/Fusionpbx.

My question is do you really need a server of your own or is it feasible for you to use your existing provider for the functions you need?
 

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,077
579
113
@KitchM I just want to clarify exactly before I try and give you a solution.

So you have an onsite PBX that you want to serve multiple companies.

There are two common ways I see this done.

1. The companies are entirely separate and have their own physical phones.
2. The companies are being serviced by one team of physical phones ie one person may be taking calls on a phone for multiple companies.

Which of the above two are you?
 

KitchM

Member
Jul 15, 2019
168
6
18
First of all, thanks for the replies. Much appreciated.

Second, let me explain what a domain name costs. While it may seem trivial to get the name, it is useless without an associated IP address. That is where the costs come in. My ISP costs a lot for another IP address. It is prohibitive. So whenever anyone recommends a domain name, they need to consider the whole cost.

Similarly, the issue of costs come into play in a special sense whenever it is recommended that someone hire a professional. That is often not an option when first starting out. Therefore one must rely upon documentation (rarely useful) and user forums in the hope that someone may have similar experiences.

In a situation where SOHO is the target, then simplicity and cost effectiveness is paramount. This is becoming issue during the pandemic where work-at-home is becoming the future norm.

With those things said, please allow me to address each comment in some sort of order.

  • @rubberducky, How is port forwarding handled in the software?
  • @ad5ou, "While this setup would work, it will limit where phones can connect from as well as limit provider options since most expect to be able to send SIP and RTP directly to a host name or IP address." Could hostname be localhost, and can IP address be internal, non-routable ones?
  • "I already stated how you can use fictional domain names for separating the groups in Freeswitch/Fusionpbx." I'm sorry, but I must have missed that. But now that you've mentioned it, maybe you could explain how that is done in the software.
  • @DigitalDaz, the answer is number 2.
The puzzle is coming together. Once the rest of the pieces are found, I will be able to create a step-by-step guide I can actually follow (and share).

Thanks everyone.
 

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,077
579
113
You do not need a separate IP address for the domains.

Option2 is easy depending on whether or not you want to present different outbound caller IDs. For option2 you do not even need separate tenants.

If you need separate oubound caller IDs then you either need to dial a prefix first or you go down the multi domain route and have separate line keys for each company. This will need phones with buttons on. Also, if you need to bill each company separately for outbound calls, then you will need this route.
 

ad5ou

Active Member
Jun 12, 2018
892
205
43
Port forwarding isn't in the fustionpbx software.. this would be a Firewall/Router item. https://docs.fusionpbx.com/en/latest/firewall.html
Code:
Basic ports used

SIP TCP/UDP
5060-5090
RTP UDP
16384-32768
SSH
22
HTTP
80, 443
If server is on a private IP address and ports are forwarded, you will need to tell freeswitch what it's public IP address is for reliable connections outside of private network.
https://docs.fusionpbx.com/en/latest/search.html?q=external_rtp_ip&check_keywords=yes&area=default
https://docs.fusionpbx.com/en/latest/additional_information/nat.html?highlight=external_rtp_ip

Domains/hostname can be anything for the multi-tenant features. You wouldn't be able to point phones to "localhost" if that is what you call your server, but phones could connect via the private IP address if on same network.
https://docs.fusionpbx.com/en/latest/advanced/domains.html
To get by without purchasing IP address space and/or a domain name, you can use one of the many dynamic dns services out there.
https://www.google.com/search?q=free+dynamic+dns+service

For additional "domains" or companies, you can use a generic name, but will need to use "outbound proxy" setting in endpoints to find the proper domain name.
For example: server is 192.168.0.5 with "fake domains" as company1, company2, company3 and each "company" has an extension 101, 102, and 103

Phone 1
Account 1
Username: 100
Pw: somestrongpassword
Sip Server: company1
Outbound Proxy: 192.168.0.5

Account 2
Username: 100
Pw: somestrongpassword
Sip Server: company2
Outbound Proxy: 192.168.0.5

ETC ETC

The "outbound proxy" field tells the phones where to connect. the other information is for authentication to the proper domain/tenant.
If using a FQDN either purchased domain or free dyndns type, the hostname.domain.name would go in the outbound proxy field. If you had multiple resolvable hostnames, you could skip the outbound proxy part and use the real hostname address for each sip server field.

Since one person is handling calls for multiple companies, the same general scenario could be used with a single domain if small number of people are invoived.
Phone 1
Account 1 (company 1)
Username: 100
Pw: somestrongpassword
Sip Server: 192.168.0.5

Account 2 (company 2)
Username: 200
Pw: somestrongpassword
Sip Server: 192.168.0.5

ETC ETC
 
  • Like
Reactions: Jonathan Black

KitchM

Member
Jul 15, 2019
168
6
18
Thanks everyone.

I always thought the issue of port-forwarding did not apply to the software, but the comment threw me for a loop.

@DigitalDaz, are you saying that Caller ID is only available from the PBX? I thought it was provided by the service provider just like with VoIP.

@ad5ou, "If server is on a private IP address and ports are forwarded, you will need to tell freeswitch what it's public IP address is for reliable connections outside of private network." What I get from that is one may take the PBX server's IP address and forward it thru the router, thereby getting reliable connections. If that is not done, the connections may not be reliable. Is that the gist of it?

I don’t have any specific experience in this type of networking, but am willing to give it a go. I am going to try this method combined with the details suggested above. It looks promising.

Let us say that the domain name is based upon .local. One may then have to change the order of items in /etc/nsswitch.conf to make it work. (I am only recently using Debian.) Therefore I would use company1.local and company2.local for my domains. Yes, they both have to go thru the external IP address of the router and then the internal address of the server. That cannot be changed without purchasing another IP address from the provider, but not necessary in this case for simple VoIP service.

I am wondering it the software will accept it. Has anyone any experience with the possible solution?

Thanks again.
 

nktech1135

Member
Dec 16, 2017
53
2
8
us
First of all, thanks for the replies. Much appreciated.

Second, let me explain what a domain name costs. While it may seem trivial to get the name, it is useless without an associated IP address. That is where the costs come in. My ISP costs a lot for another IP address. It is prohibitive. So whenever anyone recommends a domain name, they need to consider the whole cost.

Similarly, the issue of costs come into play in a special sense whenever it is recommended that someone hire a professional. That is often not an option when first starting out. Therefore one must rely upon documentation (rarely useful) and user forums in the hope that someone may have similar experiences.

In a situation where SOHO is the target, then simplicity and cost effectiveness is paramount. This is becoming issue during the pandemic where work-at-home is becoming the future norm.

With those things said, please allow me to address each comment in some sort of order.

  • @rubberducky, How is port forwarding handled in the software?
  • @ad5ou, "While this setup would work, it will limit where phones can connect from as well as limit provider options since most expect to be able to send SIP and RTP directly to a host name or IP address." Could hostname be localhost, and can IP address be internal, non-routable ones?
  • "I already stated how you can use fictional domain names for separating the groups in Freeswitch/Fusionpbx." I'm sorry, but I must have missed that. But now that you've mentioned it, maybe you could explain how that is done in the software.
  • @DigitalDaz, the answer is number 2.
The puzzle is coming together. Once the rest of the pieces are found, I will be able to create a step-by-step guide I can actually follow (and share).

Thanks everyone.
I'm wondering if some wires are being crossed here. Let me ask a few more questions.
1, The IP you're getting from the ISP, is it a static or dynamic IP?
static means it never changes, this IP is always asigned to you.
Dynamic means that your internet modem is querying the ISP for an IP on a scheduled basis and the ISP is asigning the IP from a list of random addresses.
2, Is the pbx onsite for the companies it's servicing?
3, if not, why not host with someone like digital ocean or another cloud provider? Costs for this are $5/month and you get a static public IP
4, Even if the answer to question 2 above is yes, are there problems with cloud hosting?
Answers to this would help in deciding where this needs to go.
If you have a dynamic IP, the domain route might still be the route to go. If all phones are on the internal network you might consider coming up with a made up domain name, for example mypbx.local. Now in your local dns server, which is most likely your router add a hosts entry like this. '10.0.0.2 mypbx.local'
If you need separate domains do this instead.
'10.0.0.2 test1.mypbx.local'
'10.0.0.2 test2.mypbx.local'
Now in fusion go to domains and add the 2 domains as listed above and set up your extentions and routing for each one.
For the carrier you will still need to set up gateways for one or both companies, depending if they use the same carrier or not.
 

KitchM

Member
Jul 15, 2019
168
6
18
Nice points, nktech1135, so here's the answers:
  1. ISP's fiber gateway is assigned Dynamic address.
  2. Onsite
  3. I thought I had addressed that earlier. Yes, one can get a VPS with an IP address, but I fail to see how that helps with the idea of a PBX. The phones are here and the PBX would be on the server there. There is still the connectivity issue.
  4. Yes, I think I am going to try the .local address scheme. I have been looking at that and considering the configuration I will need to employ. I am definitely going to try the steps you suggest. They look like good common sense.
I must state that I am just learning the ins and outs of the Fusion system. Evidently I need to learn the basics on my own as to what to set where so as to get it working with my current VoIP/SIP provider. Once that is figured, I will test the system out. Wish me luck.
 
Status
Not open for further replies.