TLS support for the MPA Network Testing
Feature Request - TLS (SIPS) support for the MPA SIP Registration Test
Product: Mitel Performance Analytics (MPA)
Version in use: 3.6.2.289
Component: Active / Network Testing - SIP Registration Test
Request type: Feature enhancement
- Summary
We request that the SIP Registration Test (Active / Network Testing) be extended to support TLS (SIPS) as a transport, in addition to the current UDP and TCP. Today the test can only register over UDP or TCP, which makes it unable to monitor SIP environments where remote access is TLS-only.
- Current limitation
The SIP Registration Test supports UDP and TCP only. There is no option to register over TLS (SIPS). As a result, the test cannot register against any SIP endpoint that mandates TLS.
- Our use case
We monitor a multi-site MiVoice deployment with MPA. A SIP Registration Test runs from a Network Testing probe against the MiVoice Business call server on the internal interface (UDP), and we keep it as a registrar health check.
We also need to validate the remote-worker (teleworker) registration path as a real external user would experience it: from the public side, through the MiVoice Border Gateway (MBG), down to the call server.
On the MBG, the public Set-side SIP support is TLS-only (TCP/TLS enabled, UDP and TCP cleartext disabled) with SRTP-only media. This is an intentional security posture that we do not intend to weaken for a monitoring tool. Because that path is TLS-only, the MPA SIP Registration Test cannot reproduce or monitor it.
- Impact
We cannot use MPA Active Testing to monitor the end-to-end teleworker SIP registration chain. The synthetic test is limited to the internal interface and does not cover the TLS / MBG teleworking path. A failure affecting only the external registration path (while the internal registrar stays healthy) cannot be detected today.
- Requested enhancement
Add TLS (SIPS) as a selectable transport for the SIP Registration Test, with:
Transport selection: UDP / TCP / TLS
Configurable TLS port (e.g. 5061) and target FQDN
Certificate handling: validate against a trust store and/or an option to ignore certificate validation
Pass/fail reporting consistent with the existing UDP/TCP test, so it can feed the same Alert Profiles
- Why it matters
TLS-only SIP on public interfaces is becoming the norm. Without TLS support, MPA Active Testing cannot validate the path most exposed to outages and certificate issues - the remote-worker registration path. Adding TLS would close this gap.
Submitted by: Bouygues Telecom - MPA integration team
Context: Production MiVoice deployment, public-facing SIP access enforced as TLS-only / SRTP-only.