Dynamic Cloud Voice platform overview

AI-generated summary

Genesys Cloud's Dynamic Cloud Voice Platform is a limited access release feature that enables organizations to integrate voice capabilities with cloud infrastructure through BYOC (Bring Your Own Carrier) connections. The platform requires specific configuration steps including carrier compliance for BYOC Cloud, domain settings configuration for firewall allowlists, and implementation of BYOC Cloud public SIP IP addresses. Network security is maintained through firewall configurations and adherence to SIP addressing requirements. Users must meet specific carrier requirements and configure appropriate network security protocols to successfully implement the platform. The system supports Microsoft Teams integration and interaction flows, though data action failures may occur in these workflows.

The Dynamic Cloud Voice platform represents an evolution of the voice platform for Genesys Cloud and BYOC Cloud SIP trunking. This platform enhancement provides improved performance, updated network endpoints, and more security controls.

Considerations

Before you can enable the Dynamic Cloud Voice platform, you must understand that Genesys Cloud’s portion of this new platform only covers outbound calling. To enable the Dynamic Cloud Voice platform to include inbound calling, administrators must work with their carriers and make any adjustments described in this section.

Carrier requirements

For BYOC Cloud to work with a third-party carrier, the carrier must meet the following requirements. For more information, see Carrier requirements for BYOC Cloud.

SIP endpoint IP addresses for inbound and outbound calls

When you use this platform, the public SIP IP addresses differ from the previous BYOC Cloud SIP endpoints, which allows both platforms to coexist and also allows a user-controlled migration between platforms. Also, the platform uses different public IP addresses for requests inbound to Genesys Cloud (ingress) and for requests outbound from Genesys Cloud (egress).

For more information about the IP addresses, see BYOC Cloud public SIP IP addresses.

Note: Configure remote SIP endpoints, such as SBCs, that peer with BYOC Cloud to accept SIP requests from the egress IP address ranges and to send SIP requests to the ingress IP addresses.

Domain name suffixes for inbound calls

When you use this platform, the inbound request URIs use a different Domain Name System (DNS) or FQDN suffix: genesys.cloud. To see the SIP URI format, reference the Inbound Request URI box in the external SIP trunk configuration. Also, no separate subdomains exist for voice and byoc. There is only one subdomain: byoc.

For more information about the domain suffixes, see Domains for the firewall allowlist.

Public X.509 root certificate authority for SIP TLS

When you use this Voice platform with SIP TLS, the public root certificate authority that signs the Genesys Cloud SIP endpoints differ from the previous BYOC Cloud SIP endpoints. The original BYOC Cloud SIP endpoints are signed by DigiCert Root Certificate Authorities, while the Dynamic Cloud Voice platform SIP endpoints are signed by Amazon Trust Services.

For more information about TLS settings, see TLS trunk transport protocol specification for BYOC Cloud.

Note: Remote SIP endpoints, such as SBCs, that peer with BYOC Cloud must be configured to accept remote certificates that are signed by Amazon Trust Services, including the Amazon Root CA 1 and Amazon Root CA 2. The Dynamic Cloud Voice platform SIP endpoints are configured to trust remote certificates signed by the same public Certificate Authorities so the certificate on the remote SIP device does not need to change.

Public X.509 wildcard certificates for SIP TLS

When you use this platform with SIP TLS, the X.509 certificates on the endpoints are configured using common name wildcards. The original BYOC Cloud SIP endpoints used specific common names and subject alternate names to allow for subject name validation of the certificates. To support subject name validation using the custom SIP Termination Identifier and to support direct integrations with other third-party SIP endpoints, the termination identifier can be validated against the subject of the certificate using the wildcard.

Public X.509 client authentication extended key usage removal

Following the public Certificate Authorities move to remove the client authentication extended key usage (EKU), the Dynamic Cloud Voice platform SIP endpoints are signed with public certificates that do not include client authentication. BYOC does not support client authentication or mutual TLS. However, if a remote SIP endpoint previously requested a client certificate, the BYOC SIP endpoints provide their server certificate as included the client authentication EKU. This process is not a valid way to achieve authentication of the endpoints but can complete the process if mutual TLS was enabled on the remote SIP endpoints.

Accepted SIP TLS ciphers and elliptical curves

When you use this platform with SIP TLS, the approved TLS Ciphers differ slightly from the original BYOC Cloud SIP endpoints. For Elliptic-Curve Diffe-Hellman Ephemeral (ECDHE) ciphers, the platform supports more elliptical curves and initially includes secp256r1/P-256, in addition to the previously supported secp384r1/P-384.

Fore more information about TLS, see TLS trunk transport protocol specification for BYOC Cloud.

Trunking

Build trunks for the Dynamic Cloud Voice platform

While you can migrate existing BYOC trunks to the Dynamic Cloud Voice platform, Genesys recommends that you verify interoperability and configuration using a new test trunk before you migrate any trunks that carry live traffic.

To create a test trunk

Click Menu > Digital and Telephony > Telephony > Trunks.
Click the External Trunks tab.
Click Create New.
In External Trunk Name, enter a trunk name.
Copy all of the settings from your existing trunk and use them to create your test trunk.
Under Outbound | Outbound IPs, select Enable high capacity outbound platform.
Under Inbound | Inbound Request-URI reference box, you’ll see that the domain suffixes change to match the suffix for the selected platform.
Note: Be sure to configure the remote SIP endpoint to use the ingress IP addresses and egress IP address ranges, trust the TLS certificate authorities, and support the TLS cipher list.
Click Save.

Migrate existing trunks to the Dynamic Cloud Voice platform

When you migrate existing trunks from the original BYOC Cloud platform to the Dynamic Cloud Voice platform, ensure that you review all considerations and test a new trunk between the existing endpoints before you migrate a production trunk. You can move external trunks between the two BYOC platforms with a simple toggle, but other changes to the remote SIP endpoints can be more challenging to switch. Make sure that you configure the remote SIP endpoint to use the ingress IP addresses and egress IP address ranges, trust the TLS certificate authorities, and support the TLS cipher list. Use the following procedure to migrate an existing trunk to the Dynamic Cloud Voice platform:

Pre-migration

Add egress IP address ranges to the allowlist (ACL) of the remote SIP endpoints to allow calls from the BYOC SIP endpoints.
Import the Amazon Root CA certificates to the remote SIP endpoints to trust connections from the BYOC SIP endpoints.
Ensure support for the TLS ciphers list.

Migration

Click Menu > Digital and Telephony > Telephony > Trunks.
Click the External Trunks tab.
Locate and select your trunk.
Under Outbound | Outbound IPs, select Enable high capacity outbound platform to start sending outbound calls from the BYOC SIP endpoints.
Update the SIP session targets to the ingress IP addresses on the remote SIP endpoints to start sending inbound calls to the BYOC SIP endpoints.

[NEXT] Was this article helpful?

Get user feedback about articles.

Dynamic Cloud Voice platform overview View summary