Basic requirements

This document is written for IT personnel, with basic technical knowledge, and describes the basic requirements that must be met by the customer for Puzzel to work properly.

Puzzel is a web-based, dynamic Contact Centre and Switchboard solution (skill-based routing/Automatic Call Distribution) and it consists of:

  • Puzzel Agent Application
  • Puzzel Administration Portal

The Puzzel platform is connected to the public switched telephone network (PSTN). The platform is redundant and multitenant.

You can also find useful information and articles about our products and features on our support-site. This includes FAQ’s, user guides and chat setup documents.

Security

The Puzzel platform is constantly being improved regarding functionality and stability. Our servers are protected behind clustered firewalls, and all configurations are stored on Puzzel’s platform. Users are authorized to access certain features when applying the correct username and password. Different features will be revealed depending on how the user login on is configured.

The Puzzel web servers and trigger-servers are in the DMZ-segment of Puzzel’s network.

Both the agent application and administration portal only allow traffic (both outbound and inbound) on port 443 (https) to access Puzzel’s servers. Our customer must allow https to point towards the Puzzel sub network(s).

The Puzzel platform (where a customer’s service information is located) is placed on a different network, separated from DMZ. The segment where the Puzzel platform is located does not allow any direct traffic from Internet. Only certain ports between DMZ and the Puzzel platform are permitted through the firewall.

All servers on the Puzzel platform have the latest anti-virus software installed. The servers are frequently being upgraded with the latest security-patches. An extensive backup-routine is also implemented for additional security.

You can read more about Puzzel and our platform security on our trust centre web site found at https://www.puzzel.com/uk/about-us/trust-centre.

Platform Migration to Microsoft Azure

Puzzel are planning to migrate its platform to Microsoft’s public cloud platform Azure. The migration will be effectuated gradually, and during the transition period Puzzel’s platform will be a “hybrid cloud”, with services being delivered from Puzzel’s established on-prem data centres in parallel with Azure. The migration is planned to be completed within 2022.

As of August 31st, 2020, the agent application is planned to be delivered from Azure. This means that network communication must be allowed to the Azure regions in addition to Puzzel’s on-prem data centres. For companies enforcing restrictions on client’s communication over internet we recommend that restrictions are enforced on DNS level. If it is a requirement to restrict traffic on IP address level, communication must be allowed towards all relevant IPs for the Azure regions. In the transition-period from on-prem to Azure, we urge you to allow traffic to both our on-prem platform (as today) and Azure.

See “Firewall” sub-chapter under Agent Application chapter below for more details.

The old agent applications (web and desktop) no longer supported hence removed from this document, will be delivered on our on-prem platform until end-of-life.

Puzzel's Agent Application

Puzzel’s agent application (PAA) is our web-based user interface for agents. Agents use PAA to respond to enquiries from all channels (voice, chat, email, and social media), and is easily accessed through https://agent.puzzel.com.

The requirements for the agent application are solely browser based and does not have a .NET framework requirement nor hardware or operating system requirement.

Browser Requirements 

The agent web application should in general function in most updated internet browsers, but we only test and support the versions listed below. Among these we recommend the Chrome browser since it supports our Softphone-related feature of Jabra headset integration.

Browser Lowest Version Supported
Google Chrome 81
Microsoft Edge (Chromium) 81

 

Configuring Browsers

JavaScript must be enabled in the browser.

The agent application uses cookies, therefor cookies should be enabled in the browser. By signing in to the agent application, the user accepts the use of cookies.

Name Resolution | DNS

The agent application will require name resolution via DNS for the following addresses for access:

  • api.puzzel.com
  • agent.puzzel.com
  • trigger.puzzel.com

Trigger-server

When the agent signs in to the agent application, it establishes contact with the trigger-server on port 443 using SignalR over the https-protocol and waits for a response.

The agent application will display screen popup information for incoming calls, chats, e-mails and social media requests. It automatically detects if a firewall terminates the https-connection (for example if the “time to live”-value has expired), and then tries to re-establish the https-connection.

For browsers supporting websockets (e.g. Chrome) in addition to https, wss://trigger.puzzel.com:443 must be opened in the firewall.

The agent application will display a notification for incoming calls, chats, e-mails and social media requests. The notifications are based on the Notifications API and may not be supported in all browsers.

Verifying connection to the trigger server

To verify the trigger server in the agent application, write: https://agent.puzzel.com/

Open the developer tool in the browser (F12) and press the tab Console.

You will typically see an entry like:

[triggerClient-1385652327723] TriggerServer Connected to server, sending Logon..

[triggerClient-1385652327726] onStateChanged([object Object]) - Connected

[triggerClient-1385652327728] TriggerServer Connection started

2018-12-17 10:17:35.343 INFO [trigger] Connect 

app-bundle-ff35dbd746.js:1 2018-12-17 10:17:35.351 INFO [trigger] State changed: connecting 

app-bundle-ff35dbd746.js:1 2018-12-17 10:17:35.609 INFO [trigger] State changed: connected 

app-bundle-ff35dbd746.js:1 2018-12-17 10:17:35.610 INFO [trigger] Started

Firewall

The agent application portal is only available through the https protocol. Most companies allow this traffic through their firewalls, but some customers will only permit https traffic to trusted sites. The trusted site-list is configured on the customer’s site.

As of August 31st, 2020, the agent application is planned to be hosted on Azure. This means that for the agent application to work through the customer-firewall, the customer must permit traffic towards both Puzzel’s data centres and the relevant Azure regions.

Puzzel recommend that customers with a strict firewall policy configure their firewall to allow traffic to the DNS names used by Puzzel. Since Azure is designed for redundancy across multiple regions, the services are not assigned a fixed IP-address. By configuring the firewall to allow traffic to the DNS name, the IP used can be dynamically allowed based on DNS. This mitigates the need to configure a large number of IP-subnets on the firewall.

The minimum requirement for utilizing the agent application is to allow https-traffic (both inbound and outbound) on port 443 towards DNS names https://agent.puzzel.com and https://trigger.puzzel.com. To allow for future service expansions, it is recommended to allow traffic to all sub-domains under puzzel.com: https://*.puzzel.com.

As an alternative to configuring the firewall to allow traffic based on DNS, it is possible to configure firewall rules based on IP address. In this case it is required to configure the firewall to allow https traffic on port 443 to all the relevant IPs for Azure in addition to the public IP address used by Puzzel’s data centres.

The IP ranges used by Azure’s datacenters are available in a machine readable format here: https://www.microsoft.com/en-us/download/details.aspx?id=56519.

The minimum requirement for utilizing the agent application is to allow https-traffic (both inbound and outbound) on port 443 towards IP ranges specified for AzureCloud.WestEurope, AzureCloud.NorthEurope, AzureCloud.NorwayEast and AzureCloud.NorwayWest as well as IP-addresses 212.89.52.50 and 212.89.52.111, which are the IP-addresses used by Puzzel’s on-prem data centres for agent.puzzel.com and trigger.puzzel.com respectively. 

For browsers supporting websockets (e.g. Chrome), the URL for this is wss://trigger.puzzel.com:443

Web-based lookups 

A request can be set up to trigger web-based lookups from our platforms event handler. These lookups will be sent from the following public IP-address ranges:

212.89.48.0 – 212.89.48.24

212.89.59.0 – 212.89.59.24

If more specific restrictions are required, the following IP-addresses should be on the allow-list:

212.89.48.14

212.89.48.17

212.89.59.14

212.89.59.1

Softphone

A softphone is embedded in the agent application and enables agents to answer calls from the solutions queues using a phone build into the application, instead of using an external phone (usually with a landline or mobile phone). Softphone utilizes WebRTC-technology to transfer the conversations audio using the agent’s internet browser and internet connection as a carrier.

Softphone has a cost and requires a setup by Puzzel. Softphone can be activated on some or all agents, based on your needs. Please contact your key account manager for further information regarding prices and cost.

It is recommended to start testing softphone with only one or two agents to begin with, and eventually extend the number of users. The agent is required to allow the agent application access to use the computers microphone device when answering a Softphone call for the first time, for Softphone to function correctly. This is requested through a popup in the browser but can also be accessed through the content settings in Chrome (chrome://settings/content).

Agents can toggle between logging on with a softphone or an external phone in the agent application, and calls can be answered manually or with auto answer (a setting in the applications menu).

Softphone requires that agents have a sufficient and stable internet access, preferably on a wired connection.

The current WebRTC implementations use Opus (audio) codecs. The Opus codec is used for audio and supports constant and variable bitrate encoding and requires 6–510 Kbit/s of bandwidth (per call). The codec can switch seamlessly and adapt to variable bandwidth.

Softphone-related firewall-requirements

The customer firewall should allow these traffics for Softphone service:

Direction Protocol Port IP Address Comment
Outbound TCP 443 212.89.56.160 (acwebrtc.puzzel.com) Application Signaling
Outbound Websockets 443 wss://acwebrtc.puzzel.com:443 Application Signaling
Outbound TCP/UDP 19302 74.125.140.127
74.125.143.127
turn/stun/ice/nat/tcp-udp hole punch
Outbound UDP 32768-65531 212.89.56.161
212.89.56.162
Real-Time stream traffic

Other

There are other factors worth considering when there are problems related to softphone:

  • Various firewall-settings
  • Pop-up blockers
  • Intrusion Detection Systems (IDS)
  • Access-filters in routers
  • Load-balancers

Capacity

The amount of web traffic between the agent application and the Puzzel platform, depends on many factors. Some important factors are:

  • Which features in the agent application are most frequently used by the agent
  • The number of queues in the customer’s Puzzel-solution
  • The periodic queue refresh configuration (how often refresh)
  • How often the agent manually refreshes in the agent application
  • The number of calls/emails/chats per day to each agent
  • The number of status changes per day (Log on/off/pause/back)
  • How often the agent uses contact search
Puzzel Agent Application
Description Amount of data sent/received Update frequency
Status and clock < 1 KB for status and clock Updated automatically every 5th sec

Queues:

Agent Normally sees the Queue overview in the agent application

Depends on the number of queues. Approx. 0,4KB per queue + 1KB “overhead”.
Example: 5 queues = 5x0,4KB + 1KB = 3KB
By default, updated automatically every 10th sec
Other Activity Status change, call commands, < 1KB
Search: depends on result set, typically around 10kB.
On agent action

If the available bandwidth for Puzzel is too small, this will of course affect the agent application. Automatic queue updating and actions like log on/off or transfer calls will take relatively longer time.

Puzzel's Administration Portal

Puzzel’s administration portal is our web-based user interface for supervisors and administrators, and is accessed through https://admin.puzzel.com.

The administration portal provides instant access to real-time information, and detailed historical reports. It lets you make live changes to the contact centre set up; alongside the tools you need to manage day-to-day operations.

The requirements for the administration portal are solely browser-based; it does not have any .NET framework requirement nor hardware or operating system requirements.

Browser requirements

The administration portal should in general function in most updated internet browsers, but we only support the versions listed below. Among these we recommend the Chrome browser since it best supports our Call Flow Tool.

Browser Lowest Version Supported
Google Chrome 81
Microsoft Edge (Chromium) 81

The following tablets have been tested and approved for the administration portal:

  • Ipad 2 - Safari browser
  • Samsung Galaxy Tab 10.1 - Chrome browser

Name resolution / DNS

The administration portal requires a name resolution for the following addresses in order to access the Puzzel platform:

  • admin.puzzel.com                  should resolve to 212.89.52.60

Dependent on the customer’s DNS configuration, these entries may need to be added manually on the customer’s PC and server machines.

Firewall

The administration portal is only available through the https protocol. Most companies allow this traffic through their firewalls.

Some customers will only permit https to trusted sites. This trusted site list is configured at the customer’s site. For the administration portal to work through the customer-firewall, the customer must permit https-traffic (outbound) on port 443 towards 212.89.52.60.

Other

These are other factors worth considering in cases where there are problems acquiring 100% functionality with the administration portal:

  • Various firewall-settings
  • Intrusion Detection Systems (IDS)
  • Access-filters in routers
  • Load-balancers

Published

03/08/2020 - 10:08

Last updated

24/09/2020 - 10:40