Domain Structure of Yeastar P-Series Cloud PBX

Before you start to deploy domain for Yeastar P-Series Cloud PBX, you need to know the domain requirements and provide Yeastar with SSL certificates and keys of your domain.

Domain structure and requirements

The YCM Server, SBC Proxy Server and Cloud PBX instance require domain names. Refer to the following requirements to set up domain for your servers and PBX instances.

Domain level

The followings are the domain level requirements of the servers and Cloud PBX instance.

YCM Server
The YCM Server domain can contain 2LD, 3LD, or 4LD, with an easy-to-remember domain name, you can access the YCM server conveniently.
For example, if the YCM Server has 3LD, the domain name can be ycm.example.com.
SBC Proxy Server
PBX services dealt by the SBC Proxy Server use independent domain names, the wildcard domain of which is installed on the SBC Proxy Server.
The SBC Proxy Server domain level is related to the Cloud PBX domain. For example, if the Cloud PBX domain contains 4LD, and the wildcard domain of Cloud PBXs is *.cloud.example.com, then the SBC Proxy Server domain should contain 5LD, and the wildcard domain should be *.proxy1.cloud.example.com.

Important: In the wildcard domain name of SBC Proxy Server, the DNS label to the right of the wildcard character (*) MUST be proxy1.
Cloud PBX instance
The Cloud PBX domain can contain 2LD, 3LD, or 4LD. with an easy-to-remember domain name, you can access the Cloud PBXs conveniently.
For example, if the Cloud PBX has 4LD, the domain name can be pbx1.cloud.example.com.

Domain forwarding

You need to set up domain forwarding to make the domains of your YCM Server, SBC Proxy Server and Cloud PBX instances point to the IP address of the target servers.

YCM Server
Forward the domain of YCM Server to its public IP address.
For example, the public IP address of YCM Server is 123.123.123.123, and the domain name is ycm.yeastar.com, you should forward ycm.yeastar.com to 123.123.123.123.
SBC Proxy Server
Forward the wildcard domain of SBC Proxy Server to its public IP address.
When the domain name is resolved, it will point to the SBC Proxy Server, through which the related traffic flow of the PBX services dealt by SBC Proxy Server is sent to the specific PBX residing behind.
For example, the public IP address of SBC Proxy Server is 124.124.124.124, and the wildcard domain name is *.proxy1.cloud.example.com, you should forward *.proxy1.cloud.example.com to 124.124.124.124.
Cloud PBX instance
- Basic Architecture
  In a basic deployment architecture, there is only one SBC Server. In this case, you need to forward the wildcard domain of the Cloud PBX instances to the public IP address of the SBC Server.
  When the domain name of a Cloud PBX is resolved, it will point to the SBC Server, through which the traffic flow is sent to the specific PBX residing behind.
  
  Figure 1. Cloud PBX domain forwarding in basic architecture
- High Availability (HA) Architecture
  If you adopt a High Availability architecture for SBC Server, you will deploy more than one SBC server. In this case, you need to create a Cloud Load Balancer (CLB) for managing the SBC Servers, and forward the wildcard domain of the Cloud PBX instances to the public IP address of the Load Balancer.
  When the domain name of a Cloud PBX is resolved, it will point to the Load Balancer. The Load Balancer then distribute traffic across the SBC Servers, through which the traffic flow is sent to the specific PBX residing behind.
  
  Figure 2. Cloud PBX domain forwarding in HA architecture

Certificate requirements

The following PBX features require security certificates.

Secure web access with HTTPS
WebRTC
Auto Provisioning
LDAPs

To implement the above features, you need to provide Yeastar with certificates and keys that meet the following requirements:

SSL certificate chain and keys: You need to purchase and provide Yeastar the required domain certificates, including two Wildcard SSL Certificates and a Single Domain SSL Certificate.; Note: The certificate chain should include the root certificate, intermediate certificate, and end-user certificate.

Compatible with NGINX server: Yeastar P-Series Cloud PBX uses NGINX as web server, your SSL certificates should work on an NGINX server.

Compatible with IP phones

The SSL certificates must work with the customers' IP phones. For more information of the supported certificates on IP phones, contact the IP phone manufacturer.

For example:

If your customers use Yealink phones with firmware V86, you need to choose one of the Supported CA Certificates on Yealink Phones V86.
If your customers use Yealink phones with firmware V85, you need to choose one of the Supported CA Certificates on Yealink Phones V85.
If your customers use Yealink phones with firmware V84, you need to choose one of the Supported CA Certificates on Yealink Phones V84.
If your customers use Yealink phones with firmware V83, you need to choose one of the Supported CA Certificates on Yealink Phones V83.