Follow these steps to manually install an ec2 Sentinel VoLTE cloud environment.

Tip An output (bulleted in blue) from a step should be noted, as it forms the input to a subsequent step.

1 Determine the AMI IDs

Determine the AMI IDs for the VoLTE, HSS and Clearwater images:

  • $VOLTEAMIID

  • $HSSAMIID

  • $CWAMIID.

2 Create a keypair, VPC, and security groups

Create a keypair

Step Command Output

1

Create keypair

ec2-create-keypair cloud-keypair

$KEYPAIR

Create a VPC

If the ec2 account is an ‘ec2 classic’ then it won’t have a default VPC.
If there is no default VPC, follow the steps in this table.
Otherwise, use the default VPC.

Step Command Output

1

Create VPC

ec2-create-vpc 10.0.0.0/24

$VPCID

2

Create Internet Gateway

ec2-create-internet-gateway

$GATEWAYID

3

Attach Internet Gateway to VPC

ec2-attach-internet-gateway $GATEWAYID -c $VPCID

4

Create Route Table

ec2-create-route-table $VPCID

$ROUTETABLEID

5

Create Route Table entry

ec2-create-route $ROUTETABLEID -g $GATEWAYID -r 0.0.0.0/0

6

Create Subnet

ec2-create-subnet -c $VPCID -i 10.0.0.0/24

$SUBNETID

7

Modify Subnet: Auto-assign public IP

ec2-modify-subnet-attribute $SUBNETID -m true

8

Set DNS hostnames to true

ec2-modify-vpc-attribute -c $VPCID -d true

9

Associate Subnet to Route Table

ec2-associate-route-table $ROUTETABLEID -s $SUBNETID

Use the default VPC

If the ec2 account has a default-VPC, then use that and one of its subnets:

  • $VPCID

  • $SUBNETID.

Create two security groups

Step Command Output

1

Create Access group

ec2-create-group "VoLTE cloud access" -d "Access Security group for VoLTE environment" -c $VPCID

$SGID‑ACCESS

2

Create Internal group

ec2-create-group "VoLTE cloud internal" -d "Internal Security group for VoLTE environment" -c $VPCID

$SGID‑INTERNAL

3 Add rules to security groups

Add these rules to the security groups you created:

Security group Rules

Access

SIP

ec2-authorize $SGID-ACCESS -P tcp -p 5052 -o $SGID-INTERNAL
ec2-authorize $SGID-ACCESS -P tcp -p 5054 -o $SGID-INTERNAL
ec2-authorize $SGID-ACCESS -P tcp -p 5060
ec2-authorize $SGID-ACCESS -P udp -p 5060

SSH

ec2-authorize $SGID-ACCESS -P tcp -p 22

RTP

ec2-authorize $SGIDaccess -P udp -p 16000-18000

Internal

All internal traffic

ec2-authorize $SGID-INTERNAL -P all -o $SGID-INTERNAL

All traffic from access group

ec2-authorize $SGID-INTERNAL -P all -o $SGID-ACCESS

SSH

ec2-authorize $SGID-INTERNAL -P tcp -p 22

GUI Access for REM, HSS, MRF

ec2-authorize $SGID-INTERNAL -P tcp -p 8080
ec2-authorize $SGID-INTERNAL -P tcp -p 443

Limit outbound access to only the access and internal security groups

ec2-authorize $SGID-INTERNAL -P all -o $SGID-INTERNAL --egress
ec2-authorize $SGID-INTERNAL -P all -o $SGID-ACCESS --egress
ec2-revoke $SGID-INTERNAL -P all -s 0.0.0.0/0 --egress

4 Create the instances from the AMIs

Command Output

1

ec2-run-instances $VOLTEAMIID -t m3.large -k $KEYPAIR -s $SUBNETID
--associate-public-ip-address true -g $SGID-INTERNAL

$VOLTE_INSTANCE_ID

2

ec2-run-instances $HSSAMIID -t m1.medium -k $KEYPAIR -s $SUBNETID --associate-public-ip-address true -g $SGID-INTERNAL

$HSS_INSTANCE_ID

3

ec2-run-instances $CWAMIID -t m3.large -k $KEYPAIR -s $SUBNETID --associate-public-ip-address true -g $SGID-INTERNAL

$CW_INSTANCE_ID

Note
  • If you are using a Perimeta SBC, then it should use the Access Security group.

  • If you are not using Perimeta, then Clearwater should use the Access Security group.

  • VOLTE, HSS and MRF (when used) should use the Internal Security group.

5 Note IP addresses and DNS names

Note the following:

internal IP address of each of the servers

  • $VOLTE-INTERNAL-IP

  • $HSS-INTERNAL-IP

  • $CW-INTERNAL-IP

internal DNS name of each of the servers

  • $VOLTE-INTERNAL-DNS

  • $HSS-INTERNAL-DNS

  • $CW-INTERNAL-DNS

external IP address of each of the servers

  • $VOLTE-EXTERNAL-IP

  • $HSS-EXTERNAL-IP

  • $CW-EXTERNAL-IP

external DNS of each of the servers

  • $VOLTE-EXTERNAL-DNS

  • $HSS-EXTERNAL-DNS

  • $CW-EXTERNAL-DNS

6 Add entries to each instance in /etc/hosts

ssh into each instance and add these entries to /etc/hosts:

Instance Entry

volte-instance

$VOLTE-INTERNAL-IP

hss-instance

$HSS-INTERNAL-IP

clearwater-instance

$CW-INTERNAL-IP

7 Update configuration

Update these configurations:

Configuration What to update Command

HSS Application Server

rhino address

rhinosipaddr="sip:$VOLTE-INTERNAL-DNS:5060;transport=tcp" +
Via HSS Admin GUI --> Services / Application Servers page

or

ssh ec2 hss +
mysql -u root -ppassword -D hss_db -e "update application_server set server_name = '$rhinosipaddr' where name = 'Rhino_AS';"

HSS S-CSCF

clearwater address

cwsipaddr="sip:$CW-INTERNAL-IP:5054" +
Via HSS Admin GUI --> Network Configuration / Preferred S-CSCF Sets page

or

ssh ec2 hss +
mysql -u root -ppassword -D hss_db -e "update preferred_scscf_set set scscf_name = '$cwsipaddr' where name = 'sprout';"

clearwater

HSS and upstream details

ssh ec2 cw +
vi /etc/clearwater/config +
upstream_hostname=$CW-INTERNAL-IP +
hss_hostname=$HSS-INTERNAL-DNS +
hss_port=3868

/etc/clearwater/s-cscf.json

clearwater hostname

ssh ec2 cw +
vi /etc/clearwater/s-cscf.json
{
   "s-cscfs" : [
   {   "server" : "sip:$CW-EXTERNAL-DNS:5054;transport=TCP",
   "priority" : 0,
   "weight" : 100,
   "capabilities" : []
   }
   ]
}

8 Effect changes

To effect the configuration changes:

Step Command

1

Install Ralf and point clearwater config at Ralf

ssh ec2 cw +
vi /etc/clearwater/config +
#ralf_hostname=
Note If CDF is not required, ignore the above and comment out Ralf.

2

Restart clearwater to pick up changes

ssh ec2 cw +
sudo service clearwater-infrastructure restart +
sudo monit stop bono +
sudo monit stop ellis +
sudo monit restart sprout +
sudo monit restart homestead

3

Update details in HSS configuration

ssh ec2 hss +
vi /home/ubuntu/HSS/FHoSS/deploy/DiameterPeerHSS.xml +
change: +
FQDN="$HSS-INTERNAL-DNS" +
Realm="example.com" +
<Acceptor port="3868" bind="$HSS-INTERNAL-IP" /> +
vi /home/ubuntu/HSS/FHoSS/deploy/hss.properties +
change: +
host=$HSS-INTERNAL-IP +
port=8080

4

Restart HSS to pick up changes

ssh ec2 hss +
sudo /etc/init.d/hss stop +
sudo /etc/init.d/hss start
Previous page Next page