Deploying Avaya Aura® Session Manager

Deploying Avaya Aura® Session Manager
Release 6.3
Issue 6
November 2014
© 2014 Avaya Inc.
All Rights Reserved.
Notice
While reasonable efforts have been made to ensure that the
information in this document is complete and accurate at the time of
printing, Avaya assumes no liability for any errors. Avaya reserves
the right to make changes and corrections to the information in this
document without the obligation to notify any person or organization
of such changes.
Documentation disclaimer
“Documentation” means information published by Avaya in varying
mediums which may include product information, operating
instructions and performance specifications that Avaya may generally
make available to users of its products and Hosted Services.
Documentation does not include marketing materials. Avaya shall not
be responsible for any modifications, additions, or deletions to the
original published version of documentation unless such
modifications, additions, or deletions were performed by Avaya. End
User agrees to indemnify and hold harmless Avaya, Avaya's agents,
servants and employees against all claims, lawsuits, demands and
judgments arising out of, or in connection with, subsequent
modifications, additions or deletions to this documentation, to the
extent made by End User.
applicable number of licenses and units of capacity for which the
license is granted will be one (1), unless a different number of
licenses or units of capacity is specified in the documentation or other
materials available to you. “Software” means Avaya’s computer
programs in object code, provided by Avaya or an Avaya Channel
Partner, whether as stand-alone products, pre-installed , or remotely
accessed on hardware products, and any upgrades, updates, bug
fixes, or modified versions thereto. “Designated Processor” means a
single stand-alone computing device. “Server” means a Designated
Processor that hosts a software application to be accessed by
multiple users. “Instance” means a single copy of the Software
executing at a particular time: (i) on one physical machine; or (ii) on
one deployed software virtual machine (“VM”) or similar deployment.
Concurrent User License
Concurrent User License (CU). End User may install and use the
Software on multiple Designated Processors or one or more Servers,
so long as only the licensed number of Units are accessing and using
the Software at any given time. A “Unit” means the unit on which
Avaya, at its sole discretion, bases the pricing of its licenses and can
be, without limitation, an agent, port or user, an e-mail or voice mail
account in the name of a person or corporate function (e.g.,
webmaster or helpdesk), or a directory entry in the administrative
database utilized by the Software that permits one user to interface
with the Software. Units may be linked to a specific, identified Server
or an Instance of the Software.
Link disclaimer
Copyright
Avaya is not responsible for the contents or reliability of any linked
websites referenced within this site or documentation provided by
Avaya. Avaya is not responsible for the accuracy of any information,
statement or content provided on these sites and does not
necessarily endorse the products, services, or information described
or offered within them. Avaya does not guarantee that these links will
work all the time and has no control over the availability of the linked
pages.
Except where expressly stated otherwise, no use should be made of
materials on this site, the Documentation, Software, Hosted Service,
or hardware provided by Avaya. All content on this site, the
documentation, Hosted Service, and the Product provided by Avaya
including the selection, arrangement and design of the content is
owned either by Avaya or its licensors and is protected by copyright
and other intellectual property laws including the sui generis rights
relating to the protection of databases. You may not modify, copy,
reproduce, republish, upload, post, transmit or distribute in any way
any content, in whole or in part, including any code and software
unless expressly authorized by Avaya. Unauthorized reproduction,
transmission, dissemination, storage, and or use without the express
written consent of Avaya can be a criminal, as well as a civil offense
under the applicable law.
Warranty
Avaya provides a limited warranty on Avaya hardware and software.
Refer to your sales agreement to establish the terms of the limited
warranty. In addition, Avaya’s standard warranty language, as well as
information regarding support for this product while under warranty is
available to Avaya customers and other parties through the Avaya
Support website: http://support.avaya.com or such successor site as
designated by Avaya. Please note that if you acquired the product(s)
from an authorized Avaya Channel Partner outside of the United
States and Canada, the warranty is provided to you by said Avaya
Channel Partner and not by Avaya.
Licenses
THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA
WEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO OR
SUCH SUCCESSOR SITE AS DESIGNATED BY AVAYA, ARE
APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR
INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC.,
ANY AVAYA AFFILIATE, OR AN AVAYA CHANNEL PARTNER (AS
APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH
AVAYA OR AN AVAYA CHANNEL PARTNER. UNLESS
OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES
NOT EXTEND THIS LICENSE IF THE SOFTWARE WAS
OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA
AFFILIATE OR AN AVAYA CHANNEL PARTNER; AVAYA
RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU
AND ANYONE ELSE USING OR SELLING THE SOFTWARE
WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR
USING THE SOFTWARE, OR AUTHORIZING OTHERS TO DO SO,
YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM
YOU ARE INSTALLING, DOWNLOADING OR USING THE
SOFTWARE (HEREINAFTER REFERRED TO
INTERCHANGEABLY AS “YOU” AND “END USER”), AGREE TO
THESE TERMS AND CONDITIONS AND CREATE A BINDING
CONTRACT BETWEEN YOU AND AVAYA INC. OR THE
APPLICABLE AVAYA AFFILIATE (“AVAYA”).
Avaya grants you a license within the scope of the license types
described below, with the exception of Heritage Nortel Software, for
which the scope of the license is detailed below. Where the order
documentation does not expressly identify a license type, the
applicable license will be a Designated System License. The
Third Party Components
“Third Party Components” mean certain software programs or
portions thereof included in the Software or Hosted Service may
contain software (including open source software) distributed under
third party agreements (“Third Party Components”), which contain
terms regarding the rights to use certain portions of the Software
(“Third Party Terms”). As required, information regarding distributed
Linux OS source code (for those Products that have distributed Linux
OS source code) and identifying the copyright holders of the Third
Party Components and the Third Party Terms that apply is available
in the Documentation or on Avaya’s website at: http://
support.avaya.com/Copyright or such successor site as designated
by Avaya. You agree to the Third Party Terms for any such Third
Party Components.
Virtualization
Each product has its own ordering code and license types. Note that
each Instance of a product must be separately licensed and ordered.
For example, if the end user customer or Avaya Channel Partner
would like to install two Instances of the same type of products, then
two products of that type must be ordered.
Preventing Toll Fraud
“Toll Fraud” is the unauthorized use of your telecommunications
system by an unauthorized party (for example, a person who is not a
corporate employee, agent, subcontractor, or is not working on your
company's behalf). Be aware that there can be a risk of Toll Fraud
associated with your system and that, if Toll Fraud occurs, it can
result in substantial additional charges for your telecommunications
services.
Avaya Toll Fraud intervention
If you suspect that you are being victimized by Toll Fraud and you
need technical assistance or support, call Technical Service Center
Toll Fraud Intervention Hotline at +1-800-643-2353 for the United
States and Canada. For additional support telephone numbers, see
the Avaya Support website: http://support.avaya.com or such
successor site as designated by Avaya. Suspected security
vulnerabilities with Avaya products should be reported to Avaya by
sending mail to: securityalerts@avaya.com.
Trademarks
Avaya® and Avaya Aura® are registered trademarks of Avaya Inc. in
the United States of America and/or other jurisdictions.
All non-Avaya trademarks are the property of their respective owners.
Linux® is the registered trademark of Linus Torvalds in the U.S. and
other countries.
Downloading Documentation
For the most current versions of Documentation, see the Avaya
Support website: http://support.avaya.com, or such successor site as
designated by Avaya.
Contact Avaya Support
See the Avaya Support website: http://support.avaya.com for Product
or Hosted Service notices and articles, or to report a problem with
your Avaya Product or Hosted Service. For a list of support telephone
numbers and contact addresses, go to the Avaya Support website:
http://support.avaya.com (or such successor site as designated by
Avaya), scroll to the bottom of the page, and select Contact Avaya
Support.
Contents
Chapter 1: Introduction............................................................................................................ 6
Purpose.................................................................................................................................. 6
Intended audience................................................................................................................... 6
Document changes since last issue...................................................................................... 6
Related resources................................................................................................................... 6
Documentation.................................................................................................................. 6
Training............................................................................................................................ 8
Viewing Avaya Mentor videos............................................................................................. 8
Warranty................................................................................................................................. 9
Support.................................................................................................................................. 9
Chapter 2: Deployment process and general information.................................................. 10
Deployment process.............................................................................................................. 10
Ethernet port labels by server type.......................................................................................... 10
Feature pack to release mapping............................................................................................ 11
Supported servers................................................................................................................. 11
Accessing the Compatibility Matrix.......................................................................................... 11
Available media..................................................................................................................... 12
Chapter 3: Planning and configuration................................................................................. 13
Planning checklist.................................................................................................................. 13
Registering for PLDS....................................................................................................... 14
Downloading software from PLDS.................................................................................... 15
Writing the ISO image to a DVD....................................................................................... 16
Site preparation............................................................................................................... 16
Worksheets........................................................................................................................... 16
Session Manager configuration information worksheet....................................................... 18
Session Manager Entity information worksheet.................................................................. 19
Chapter 4: Deploying Session Manager............................................................................... 20
Session Manager installation checklist.................................................................................... 20
Activating entitlements..................................................................................................... 21
Setting an Enrollment Password....................................................................................... 22
Configuring the laptop for direct connection to the server.................................................... 23
Disabling proxy servers in Microsoft Internet Explorer......................................................... 23
Disabling proxy servers in Mozilla Firefox.......................................................................... 24
Connecting a laptop to the server..................................................................................... 24
Configuring Session Manager with SMnetSetup................................................................. 25
Authentication files for Session Manager........................................................................... 27
Installing Session Manager in a geographic redundancy enabled system............................. 29
Chapter 5: Session Manager administration........................................................................ 31
Session Manager administration checklist............................................................................... 31
4
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Contents
Adding domain names for a Session Manager......................................................................... 31
Adding Session Manager as a SIP entity................................................................................. 32
Administering Session Manager............................................................................................. 32
Configuring Session Manager redundancy on the same System Manager................................. 33
Chapter 6: Alarming Configuration....................................................................................... 34
Network Management Systems Destinations........................................................................... 34
Activating and managing the Session Manager serviceability agent........................................... 35
Alarming configuration checklist.............................................................................................. 35
Adding a Session Manager to the SAL Gateway................................................................ 35
Chapter 7: Post-installation verification procedures.......................................................... 37
Post-installation verification checklist...................................................................................... 37
Checking the Session Manager service state..................................................................... 37
Testing the System Manager and Session Manager installation.......................................... 37
Generating a test alarm................................................................................................... 39
Verifying Data Replication to Session Manager.................................................................. 39
Accepting new service..................................................................................................... 40
Chapter 8: Certificate management...................................................................................... 42
SIP Identity Certificate........................................................................................................... 42
HTTPS Identity Certificate...................................................................................................... 43
Viewing the TLS version........................................................................................................ 44
Using the System Manager CA............................................................................................... 45
Exporting the System Manager CA................................................................................... 45
Adding System Manager CA to Communication Manager................................................... 46
Adding System Manager’s Root Certificate to 96xx Phones................................................ 47
Installing Enhanced Validation Certificates for Session Manager......................................... 47
Removing trusted certificates........................................................................................... 48
Using a third party CA............................................................................................................ 49
Adding a third party CA to Communication Manager.......................................................... 49
Adding a third party Root Certificate to 96xx Phones.......................................................... 50
Installing third party certificates on Session Manager......................................................... 51
Adding trusted certificates................................................................................................ 52
Demo certificates.................................................................................................................. 53
Chapter 9: Troubleshooting................................................................................................... 54
Server has no power.............................................................................................................. 54
Unable to access Service State.............................................................................................. 54
Chapter 10: Maintenance procedures................................................................................... 55
Upgrades to Session Manager............................................................................................... 55
Remote access..................................................................................................................... 55
Appendix A: OS-level logins for Session Manager............................................................. 56
Appendix B: Product notifications........................................................................................ 58
Viewing PCNs and PSNs....................................................................................................... 58
Registering for product notifications........................................................................................ 59
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
5
Chapter 1: Introduction
Purpose
This document provides information on the deployment and initial administration of Avaya Aura®
Session Manager Release 6.3 on Avaya Aura® System Platform.
For information about deploying a Branch Session Manager, see Deploying Avaya Aura® Branch
Session Manager on the Avaya support website at http://support.avaya.com.
For information about deploying Avaya Aura® Session Manager in a virtualized environment, see
Deploying Avaya Aura® Session Manager using VMware® in the Virtualized Environment .
Intended audience
The primary audience for this document is anyone who installs, configures, and verifies Avaya
Aura® Session Manager on Avaya Aura® System Platform.
Document changes since last issue
The following changes have been made to this document since the last issue:
• Added missing authentication file information (overview, creating an authentication file, starting
the AFS application, installing an authentication file).
Related resources
Documentation
See the following related documents at http://support.avaya.com.
For the latest information, see the Session Manager Release Notes.
6
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Related resources
Title
Description
Audience
Avaya Aura® Session Manager
Security Design
Describes the security considerations,
features, and solutions for Session
Manager.
Network
administrators,
services, and support
personnel
Avaya Aura® Session Manager
Overview and Specification
Describes the key features of Session
Manager.
IT management
Deploying Avaya Aura® Session
Manager
Describes how to install and configure a
Session Manager instance.
Services and support
personnel
Deploying Avaya Aura® Branch
Session Manager
Describes how to install and configure
Branch Session Manager.
Services and support
personnel
Deploying Avaya Aura®
Communication Manager on System
Platform
Describes how to install the appropriate
Services and support
Communication Manager template, including personnel
Branch Session Manager, on the server.
Deploying Avaya Aura® Session
Manager using VMware® in the
Virtualized Environment
Describes how to deploy the Session
Manager virtual application in a VMware
environment.
Services and support
personnel
Upgrading Avaya Aura® Session
Manager
Describes the procedures to upgrade a
Session Manager to the latest software
release.
Services and support
personnel
Installing Service Packs for Avaya
Aura® Session Manager
Describes the procedures to install service
packs on Session Manager.
Services and support
personnel
Installing Patches for Avaya Aura®
Session Manager
Describes the procedures to install patches
on Session Manager.
Services and support
personnel
Installing the Avaya S8800 Server for
Avaya Aura® Communication
Manager
Describes the installation procedures for the
S8800 Server.
Services and support
personnel
Installing the Avaya S8510 Server
Family and Its Components
Describes the installation procedures for the
S8510 Server.
Services and support
personnel
Installing the Dell™ PowerEdge™
R610 Server
Describes the installation procedures for the
Dell™ PowerEdge™ R610 server.
Services and support
personnel
Installing the Dell™ PowerEdge™
R620 Server
Describes the installation procedures for the
Dell™ PowerEdge™ R620sServer.
Services and support
personnel
Installing the HP ProLiant DL360 G7
Server
Describes the installation procedures for the
HP ProLiant DL360 G7 server.
Services and support
personnel
Installing the HP ProLiant DL380p
G8 Server
Describes the installation procedures for the
HP ProLiant DL380p G8 server.
Services and support
personnel
Describes the procedures to troubleshoot
Session Manager, resolve alarms, and
replace hardware.
Services and support
personnel
Overview
Implementation
Maintaining
Maintaining and Troubleshooting
Avaya Aura® Session Manager
Administration
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
7
Introduction
Title
Description
Audience
Administering Avaya Aura Session
Manager
Describes the procedures to administer
Session Manager using System Manager.
System
administrators
Administering Avaya Aura®
Communication Manager Server
Options
Describes the procedures to administer
System
Communication Manager as a feature server administrators
or an evolution server. Provides information
related to Session Manager administration.
Avaya Aura® Session Manager Case
Studies
Provides case studies about common
administration scenarios.
®
System
administrators
Training
The following courses are available on https://www.avaya-learning.com. To search for the course, in
the Search field, enter the course code and click Go .
Course code
Course title
1A00236E
Knowledge Access: Avaya Aura® Session and System Manager Fundamentals
4U00040E
Knowledge Access: Avaya Aura® Session Manager and System Manager
Implementation
5U00050E
Knowledge Access: Avaya Aura® Session Manager and System Manager Support
5U00095V
System Manager Implementation, Administration, Maintenance and
Troubleshooting
5U00096V
Avaya Aura® Session Manager Implementation, Administration, Maintenance and
Troubleshooting
5U00097I
Avaya Aura® Session and System Manager Implementation, Administration,
Maintenance and Troubleshooting
5U00103W
Avaya Aura® Session Manager 6.2 Delta Overview
5U00104W
Avaya Aura® Session Manager 6.2 Delta Overview
5U00105W
Avaya Aura® Session Manager Overview
ATU00171OEN
Avaya Aura® Session Manager General Overview
ATC00175OEN
Avaya Aura® Session Manager Rack and Stack
ATU00170OEN
Avaya Aura® Session Manager Technical Overview
ATC01840OEN
Survivable Remote Avaya Aura® Session Manager Administration
3U00100O
Designing Avaya Aura 6.2 Part 1
3U00101O
Designing Avaya Aura 6.2 Part 2
Viewing Avaya Mentor videos
Avaya Mentor videos provide technical content on how to install, configure, and troubleshoot Avaya
products.
8
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Warranty
About this task
Videos are available on the Avaya Support website, listed under the video document type, and on
the Avaya-run channel on YouTube.
Procedure
• To find videos on the Avaya Support website, go to support.avaya.com and perform one of the
following actions:
• In Search, type Avaya Mentor Videos to see a list of the available videos.
• In Search, type the product name. On the Search Results page, select Video in the
Content Type column on the left.
• To find the Avaya Mentor videos on YouTube, go to www.youtube.com/AvayaMentor and
perform one of the following actions:
• Enter a key word or key words in the Search Channel to search for a specific product or
topic.
• Scroll down Playlists, and click the name of a topic to see the available list of videos posted
on the website.
Note:
Videos are not available for all products.
Warranty
Avaya provides a 90-day limited warranty on Session Manager. For more information about the
terms of the limited warranty, see the sales agreement or other applicable documentation . In
addition, see the standard warranty and details about Session Manager support during the warranty
period on the Avaya Support website at https://support.avaya.com under Help & Policies> Policies
& Legal > Maintenance and Warranty Information. See also Help & Policies > Policies & Legal
> License Terms.
Support
Go to the Avaya Support website at http://support.avaya.com for the most up-to-date
documentation, product notices, and knowledge articles. You can also search for release notes,
downloads, and resolutions to issues. Use the online service request system to create a service
request. Chat with live agents to get answers to questions, or request an agent to connect you to a
support team if an issue requires additional expertise.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
9
Chapter 2: Deployment process and
general information
Deployment process
The following are the high-level steps for installing, administering, and verifying the installation of a
Session Manager.
• Complete the planning checklist.
• Complete the site preparation activities.
• Complete the configuration worksheets.
• Install the Session Manager server.
• Administer and configure the Session Manager.
• Verify the Session Manager installation and configuration.
Ethernet port labels by server type
10
Server
Eth0 (Management Interface)
Eth2 (Security Module)
S8800
1
3
S8510
GB1
GB3
S8300D
Internal
Internal
HP DL360 G7
1
3
HP DL360p G8
1
3
Dell R610
1
3
Dell R620
1
3
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Feature pack to release mapping
Feature pack to release mapping
Avaya Aura® 6.2 Feature Pack
Avaya Aura® Session Manager Release
Avaya Aura® 6.2 Feature Pack 1
Session Manager 6.3
Avaya Aura® 6.2 Feature Pack 2
Session Manager 6.3.2
®
Session Manager 6.3.4
®
Session Manager 6.3.8
®
Session Manager 6.3.9
Avaya Aura 6.2 Feature Pack 3
Avaya Aura 6.2 Feature Pack 4
Avaya Aura 6.2 Feature Pack 4 Service Pack 1
Supported servers
Session Manager Release 6.3 supports:
• S8510 and S8800 servers for upgrades only.
• S8300D server for Survivable Remote.
Session Manager supports the following servers:
Release
Servers
6.3
Dell R610, HP DL360 G7
6.3.2
6.3.4
Dell R610, Dell R620, HP DL360 G7, HP DL360 G8
6.3.8
6.3.9
HP and Dell will discontinue HP DL360 G7 and Dell R610 servers in the near future. For more
information, see the respective vendor websites.
Avaya has issued End of Sale notices for the S8800 and S8510 servers. Avaya supports these
servers for existing installations only. For information about the effective dates, see the Avaya
support website at http://support.avaya.com/.
Accessing the Compatibility Matrix
The Compatibility Matrix provides compatibility information of the Avaya products that are supported
with the various releases of Session Manager.
Note:
The screen refreshes each time you make a selection.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
11
Deployment process and general information
Procedure
1. Access the Avaya support website at http://support.avaya.com.
2. At the lower left of the screen, under Tools, click Product Compatibility Matrix.
3. Scroll down the Tools screen and click on the Click here to access the Compatibility
Matrix link.
4. At the bottom of the screen, select Avaya Aura® Session Manager from the Product dropdown menu.
5. Select the appropriate release from the Release drop-down menu.
6. Select Compatible Avaya Components from the Components and Products drop-down
menu.
7. Click the red (View All) link under the Primary Components title.
Available media
Avaya provides the following media for Release 6.3:
• Session Manager Release 6.3 software DVD: Comcode 700507032.
• Session Manager Release 6.3 Linux 6.2 operating system kickstart DVD: Comcode
700507034.
• Session Manager Release 6.3 Linux 6.2 kickstart upgrade DVD: Comcode 700507035.
• Session Manager Release 6.3 ISO image: asm-6.3.*installer.iso.
• Session Manager Release 6.3 Linux 6.2 OS upgrade ISO image: csp-6.2-*upgrade.iso.
12
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Chapter 3: Planning and configuration
Planning checklist
Verify the customer has completed the following procedures before deploying the Session Manager
instance.
#
Action
Notes
1
Verify the System Manager template is installed
and operating.
To install the System Manager
template, see Deploying Avaya
Aura® System Manager on
System Platform on the Avaya
support Web site at http://
www.avaya.com/support.
Beginning with Release 6.3, you can install System
Manager in the following environments:
• Geographic Redundancy: In this mode, you
install System Manager as the primary System
Manager server and the secondary System
Manager server.
• Non-Geographic Redundancy: In this mode,
you install System Manager as a standalone
System Manager server.
2
Obtain the License Activation Code.
You must have a license activation code (LAC)
before you install Session Manager. The LAC email
recipients are identified during the order placement
process.
3
Check the Network ports.
The Avaya Aura® Session Manager: Port Matrix
identifies which network ports must be open in
firewalls. This document is available at http://
www.avaya.com/support
4
Access the PLDS Web site.
If you do not have access to the Product License
Delivery System (PLDS) Web site, see the Avaya
Access FAQ.
5
Register for PLDS if you have not already
registered.
November 2014
Registering for PLDS on
page 14.
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
13
Planning and configuration
#
Action
Notes
6
Download the appropriate software from PLDS.
Downloading software from
PLDS on page 15.
7
Write the ISO image to DVD or CD.
Writing the ISO image to a
DVD on page 16
Note:
The customer must have the
Linux operating system
Kickstart DVD and the
Session Manager software
CD on the site to address
installation issues and
catastrophic failures.
8
Complete the Session Manager configuration
information worksheet and verify that the
information is correct.
Session Manager configuration
information worksheet on
page 18.
9
Complete the Session Manager Entity information
worksheet and verify that the information is correct.
Session Manager Entity
information worksheet on
page 19.
10
Verify the site preparation steps are complete.
Site preparation on page 16.
11
Install the Session Manager server.
Continue with the Session
Manager installation checklist on
page 20.
Note:
The PLDS download ID for the source RPMs ISO image (RHEL source code used by Session
Manager) is SM000000041.
Registering for PLDS
Procedure
1. Go to the Avaya Product Licensing and Delivery System (PLDS) website at https://
plds.avaya.com.
The PLDS website redirects you to the Avaya single sign-on (SSO) webpage.
2. Log in to SSO with your SSO ID and password.
The PLDS registration page is displayed.
3. If you are registering:
• as an Avaya Partner, enter the Partner Link ID. If you do not know your Partner Link ID,
send an email to prmadmin@avaya.com.
14
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Planning checklist
• as a customer, enter one of the following:
- Company Sold-To
- Ship-To number
- License authorization code (LAC)
4. Click Submit.
Avaya will send you the PLDS access confirmation within one business day.
Downloading software from PLDS
About this task
Note:
You can download product software from http://support.avaya.com also.
Procedure
1. Type http://plds.avaya.com in your Web browser to go to the Avaya PLDS website.
2. Enter your Login ID and password to log on to the PLDS website.
3. On the Home page, select Assets.
4. Select View Downloads.
5. Search for the available downloads using one of the following methods:
• By download name
• By selecting an application type from the drop-down list
• By download type
After entering the search criteria, click Search Downloads.
6. Click the download icon from the appropriate download.
7. When the system displays the confirmation box, select Click to download your file now.
8. If you receive an error message, click the message, install Active X, and continue with the
download.
9. When the system displays the security warning, click Install.
When the installation is complete, PLDS displays the downloads again with a check mark
next to the downloads that have completed successfully.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
15
Planning and configuration
Writing the ISO image to a DVD
Important:
When you are writing the ISO image to a DVD, do not run other resource-intensive applications
on the computer. Any application that uses the hard disk intensively could cause errors that can
render the DVD useless.
Before you begin
1. Download any required software from PLDS.
2. Verify that the md5 checksum of the downloaded ISO image matches the md5 checksum
that is displayed for the ISO image on the PLDS Web site.
3. Verify the computer or server has a DVD writer and software that can write ISO images to a
DVD.
Procedure
Write the ISO image of the installer to a DVD.
Site preparation
#
Action
1
VPN access is available.
2
All of the prerequisites as per the planning sheet
have been completed.
3
All required hardware has been purchased and
delivered on site.
4
All required licenses have been purchased and
are accessible.
5
Staging and verification activities have been
planned and resources assigned.
Notes
Worksheets
The following worksheets contain the information that you need for administering Session Manager
and Session Manager related entities using System Manager.
16
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Worksheets
Important:
Do not use underscores in any of the Name fields. Names may only contain letters, numbers,
and hyphens. System host names cannot contain underscore characters according to Internet
standards RFC 952.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
17
Planning and configuration
Session Manager configuration information worksheet
Make one copy of the Session Manager configuration information worksheet for each Session
Manager that you install.
Field
Information to enter
Session Manager server host name (short name)
Note:
Session Manager host names can
contain letters, numbers, and hyphens.
You cannot enter underscore characters
in the host names.
Session Manager IP address. Eth 0 IP address
(management interface for the Session Manager on the
customer network)
Netmask (Network Mask Eth0)
Gateway IP address (for Eth0)
Network Domain (For example, MyCompany.com)
Primary DNS server IP address
Secondary DNS (if applicable)
Tertiary DNS (if applicable)
DNS Search Domains (separated with a space)
System Manager Virtual FQDN
Primary System Manager IP Address
Primary System Manager FQDN
Secondary System Manager IP Address (optional)
Secondary System Manager FQDN (optional)
Local time zone
Secondary NTP server (if applicable)
Tertiary NTP server (if applicable)
Customer Linux Login (default is cust)
Enrollment Password
Important:
Verify the enrollment password is active.
18
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Worksheets
Session Manager Entity information worksheet
Use the Session Manager Entity information worksheet to record information required for
administering SIP entities such as Session Manager and Communication Manager.
Note:
Some fields do not apply to every type of entity.
Enter the following information to administer SIP Entities and Entity Links.
Field
Information to Enter
Entity Name
Entity Type (For example, Session Manager)
Location Name
Management IP Address (SAT address for
Communication Manager)
FQDN
Port (For example, 5060, 5061)
Transport (For example, UDP, TCP, or TLS)
Session Manager Security Module IP Address
Session Manager Security Module Network Mask
Session Manager Security Module Default Gateway
CLAN/PROCR Node
Name
November 2014
CLAN/PROCR
Signaling Group #
Tunk Group #
IP Address
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
19
Chapter 4: Deploying Session Manager
Session Manager installation checklist
You need a copy of this checklist for each Session Manager that you are installing.
The customer must have the Linux operating system Kickstart DVD and the Session Manager
software CD on the site to address installation issues and catastrophic failures. The software is also
available for download from PLDS.
Note:
The host names for Session Manager and System Manager must only contain letters, numbers,
and hyphens. You cannot use underscores in host names.
Important:
In previous releases of Session Manager, you could use a laptop for installation. Starting with
Session Manager 6.3.8, the EULA displays during the first boot after the new server is turned on.
You must use a monitor and keyboard to see and accept the EULA.
#
Action
Link/Notes
1
Complete and verify the information in the
planning checklist.
Planning checklist on page 13.
2
Install the Session Manager server.
For server installation procedures, see the
appropriate server documentation on the
Avaya support site at http://
support.avaya.com.
3
Install the license file.
Activating entitlements on page 21.
4
Connect the keyboard and monitor to the
Session Manager server.
You must use a keyboard and monitor to
see and accept the EULA.
5
Turn on the server and accept the EULA
when prompted.
6
Log in to the System Manager that is
associated with the Session Manager.
7
Establish the Session Manager enrollment
password on System Manager.
8
(Optional) To use a laptop:
Setting an Enrollment Password on
page 22.
1. Configure the laptop for direct
connection to the server.
20
1. Configuring the laptop for direct
connection to the server on page 23
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Session Manager installation checklist
#
Action
Link/Notes
2. Disable proxy servers.
2. Disabling proxy servers in Microsoft
Internet Explorer on page 23 or
Disabling proxy servers in Mozilla
Firefox on page 24.
3. Connect the laptop to the server.
3. Connecting a laptop to the server on
page 24
9
Start an AFS application, create an
authentication file, and install the
authentication file for Session Manager.
Follow the procedures in the section
Authentication files for Session Manager on
page 27.
10
Configure the Session Manager using the
SMnetSetup command.
Configuring Session Manager with
SMnetSetup on page 25.
11
Important:
Verify the System Manager and Session
Manager Management entries are added to
the customer DNS. Otherwise, you will see
Trust Management and DRS
synchronization issues.
12
Verify network connectivity exists between
System Manager and the Session
Managerservers
13
Ping the System Manager from the Session
Manager server to ensure that the Session
Manager is connected to your network.
If these entries are not added to the
customer DNS, you must update the
System Manager /etc/hosts file with the
Session Manager Management IP
addresses, FQDNs, and hostnames.
Proper software installation of Session
Manager requires network connectivity
between System Manager and the Session
Managers.
For a Geo-Redundant System Manager,
make sure that the Session Manager can
ping both System Manager servers. If the
primary System Manager is down, make
sure that the secondary System Manager is
up.
14
Administer the Session Manager.
Continue with the Session Manager
administration checklist on page 31.
Activating entitlements
When entitlements are activated, PLDS sends an Activation Record to the registered customer
email address. The email contains the entitlement details and the license file. To use the license file,
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
21
Deploying Session Manager
you must install the license on the System Manager server, which is the License Host WebLM
server.
Before you begin
To install a license on a server, you must have license activation codes (LAC) and the Host ID of the
System Manager server, which is the WebLM server.
Procedure
1. Enter http://plds.avaya.com in the address bar of your Web browser to access the
Avaya PLDS Web site.
2. Enter your Login ID and password to log on to the PLDS website.
3. Enter the LAC, which you have received through an email, in the LAC(s) field in the Quick
Activation section.
4. Enter the host information.
5. Click Next to validate the registration detail.
6. Enter the System Manager information.
The Host ID is the MAC address from the machine hosting the WebLM server. For more
information on how to obtain MAC address, click Help.
7. Enter the number of licenses you want to activate.
8. Read and accept the Avaya Legal Agreement.
9. Send a confirmation email:
a. Enter any additional certificate recipient email addresses in the E-mail to: field.
b. (Optional) Enter Comments.
c. Click Finish.
10. Click View Activation Record and verify the information.
Setting an Enrollment Password
Procedure
1. On the System Manager web console, under Services, click Security > Certificates >
Enrollment Password.
2. If a password already exists and the Time Remaining is not 0, skip the remaining steps. The
enrollment password is already valid.
3. In the Password expires in box, select a value from the drop-down menu for when the
password should expire.
4. If a password already exists, copy the password to the Password box.
22
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Session Manager installation checklist
5. If a password does not exist:
a. Enter a password in the Password field and click Commit
b. Make note of the password displayed on the screen for future reference.
Note:
The system updates the Time remaining using the Password expires in value.
Configuring the laptop for direct connection to the server
This procedure describes how to configure the laptop using Windows 7. The procedure may differ
for other versions of Windows.
Make a note of the changes you make on your laptop to restore to the standard configuration.
Procedure
1. On the laptop desktop, right-click Network.
2. Click Properties.
3. Double-click on Local Area Connection.
4. In the General tab of the Local Area Connection Properties dialog box, click Properties.
5. Click on the text for Internet Protocol Version 4 (TCP/IPv4) in the list of items.
6. Click Properties.
7. In the Internet Protocol (TCP/IP) Properties dialog box, under the General tab, select Use
the following IP address.
Warning:
Do not click the Alternate Configuration tab.
8. In the IP address field, enter 192.11.13.5.
9. In the Subnet mask field, enter 255.255.255.252.
10. In the Default gateway field, enter 192.11.13.6.
11. Click OK.
Disabling proxy servers in Microsoft Internet Explorer
About this task
Before connecting directly to the services port, disable the proxy servers in Microsoft Internet
Explorer.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
23
Deploying Session Manager
Procedure
1. Start Microsoft Internet Explorer.
2. Select Tools > Internet Options.
3. Click the Connections tab.
4. Click LAN Settings.
5. Clear the Use a proxy server for your LAN option.
Tip:
To re-enable the proxy server, select the Use a proxy server for your LAN option
again.
6. Click OK to close each dialog box.
Disabling proxy servers in Mozilla Firefox
Before connecting directly to the services port, disable the proxy servers in Firefox.
Note:
This procedure is for Firefox on a Windows-based computer. The steps can vary slightly if you
are running Linux or another operating system on your laptop.
Procedure
1. Start Firefox.
2. Select Tools > Options.
3. Select the Advanced option.
4. Click the Network tab.
5. Click Settings.
6. Select the No proxy option.
Tip:
To re-enable the proxy server, select the appropriate option again.
7. Click OK to close each dialog box.
Connecting a laptop to the server
Before you begin
• Ensure that you have an SSH client application, such as PuTTY, installed on your laptop.
• Configure the IP settings of the laptop for direct connection to the server.
• Disable the use of proxy servers.
24
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Session Manager installation checklist
The use of the the remote services laptop is only for SSH access to the Session Manager. Session
Manager does not support Web access.
Procedure
1. Connect the laptop to the services port Eth1 with a standard or crossover Ethernet cable.
See Ethernet port labels by server type on page 10 for the port assignments on a particular
server.
2. Start an SSH client application session, such as PuTTY.
3. In the Host Name (or IP Address) field, enter 192.11.13.6.
The system assigns the IP address 192.11.13.6 to the services port.
4. Verify the protocol is SSH.
5. Verify that the Port is 22.
6. Click Open.
Note:
When you connect to the server for the first time, the system displays the PuTTY
Security Alert window.
7. Click Yes to accept the server host key and display the PuTTY window.
8. Log in using craft on Session Manager, or admin on System Platformand System Manager.
9. To close PuTTY, enter exit.
Configuring Session Manager with SMnetSetup
Session Manager is shipped with the following configuration:
• System Name: avaya-asm
• Eth0: 192.168.0.2/24
• Eth1: 192.11.13.6/30
• DNS Domain: localdomain
• DNS Server: 127.0.0.1
SMnetSetup automatically populates the fields related to the System Manager after you enter the
Primary System Manager IP address.
Important:
In previous releases of Session Manager, you could use a laptop for installation. Starting with
Session Manager 6.3.8, the EULA displays during the first boot after the new server is turned on.
You must use a monitor and keyboard to see and accept the EULA.
Before you begin
Connect the laptop to the server, or connect a monitor and USB keyboard to the server.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
25
Deploying Session Manager
Procedure
1. Connect the Ethernet Ports to the customer Local Area Network using cables according to
the server type. See Ethernet port labels by server type on page 10 for the port assignments
for the different servers.
2. Login to the Session Manager as craft.
3. Enter the command SMnetSetup
4. Using the information from the Session Manager configuration information worksheet on
page 18, enter the information as required:
a. Enter the Session Manager server hostname.
b. Enter the Session Manager Management IP address.
c. Enter the Netmask.
d. Enter the Gateway IP address.
e. Enter the Network Domain.
f. Enter the Primary DNS server IP address.
g. Enter the Secondary DNS (if applicable).
h. Enter the Tertiary DNS (if applicable).
i. Configure the local time zone.
j. When prompted for Disable NTP?, enter no.
k. Enter the NTP server.
l. Enter the Secondary NTP server (if applicable).
m. Enter the Tertiary NTP server (if applicable).
n. At the prompt, press Enter.
o. When prompted, create a customer account with a password.
p. Enter the Primary System Manager IP Address.
q. If the System Manager is unreachable, you are prompted for the following information:
• Enter “y” if System Manager is setup with Geographic Redundancy.
• Enter the Primary System Manager FQDN.
• Enter the Secondary System Manager IP address (if necessary).
• Enter the Secondary System Manager FQDN (if necessary).
• Enter the virtual System Manager FQDN.
• Verify your settings.
r. Enter the enrollment password.
The system starts the configuration script automatically. The configuration takes
approximately 10 minutes to complete.
26
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Session Manager installation checklist
Authentication files for Session Manager
Note:
Beginning with Session Manager 6.2, you must create and install an authentication file.
The authentication file contains Access Security Gateway (ASG) keys. With the ASG keys, Avaya
Services can securely gain access to the customer system.
A default authentication file is installed with Session Manager. You must replace the default file
using the Authentication File System (AFS) to create a unique authentication file. AFS is an online
application available at RFA.
AFS authentication files have a plain text XML header with encrypted authentication data. Each
authentication file contains an authentication file ID (AFID) to identify the file. You need the AFID to
create a new authentication file for an upgrade or to replace the current authentication file on the
server.
Note:
You must install the unique authentication file. Failure to install the unique authentication file
results in receiving an alarm that retransmits once a day until you install the authentication file.
Starting the AFS application
Before you begin
AFS is available only to Avaya service personnel and Avaya Partners. If you are a customer and
need an authentication file, contact Avaya or your authorized Avaya Partner.
You must have a login ID and password to start the AFS application. You can sign up for a login at
http://rfa.avaya.com.
Procedure
1. Enter http://rfa.avaya.com in your Web browser.
2. Enter your login information and click Submit.
3. Click Start the AFS Application.
A security message is displayed.
4. Click I agree.
The AFS application starts.
Creating an authentication file for a Session Manager
To acquire an authentication file, use one of the following options:
• Download the authentication file directly from AFS.
• Receive the authentication file in an email.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
27
Deploying Session Manager
Procedure
1. Log in to AFS.
2. In the Product field, select SM Session Manager.
3. In the Release field, select the software release number, then click Next.
4. Select New System, then click Next.
5. If you want to download the authentication file directly from AFS to your computer:
a. Click Download file to my PC.
b. Click Save in the File Download dialog box.
c. Select the location where you want to save the authentication file, and then click Save.
d. Click Close in the Download complete dialog box to complete the download.
After AFS creates the authentication file, AFS displays a confirmation message that contains
the system type, release, and authentication file ID (AFID).
6. To receive the authentication file in an email message:
a. Enter the email address in the Email Address field.
b. Click Download file via email.
AFS sends the email message that includes the authentication file as an attachment
and the AFID, system type, and release in the message text.
c. Save the authentication file to a location on the computer of the email recipient.
7. To view the header information in the authentication file:
a. Locate the saved file.
b. Open the file with WordPad.
The header includes the AFID, product name and release number, and the date and time
that AFS generated the authentication file.
Installing an authentication file
Procedure
1. Log in to the Session Manager server using the customer login.
2. Enter echo $HOME.
3. Using WinSCP or some other file transfer program, transfer the authentication file to the
Session Manager server into the directory represented by $HOME.
4. Load the authentication file manually using the loadpwd command. For example:
loadpwd -l <path to the auth file>.
5. Use the displaypwd command to display information about the currently loaded
authentication file.
28
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Session Manager installation checklist
Installing Session Manager in a geographic redundancy enabled
system
Before you begin
In a Geographic Redundancy-enabled system, verify the two standalone System Manager servers
that you are designating as the primary and secondary servers:
• Are supported servers.
• Have the same hardware configuration.
• Are running the same version of System Manager software including the template, service
packs, and patches.
• Have the same version of the System Platform software, including service packs.
• Can communicate with each other over the network.
• Have synchronized network time.
For System Manager installation information, see Deploying Avaya Aura® System Manager on
System Platform and Deploying Avaya Aura® System Manager on VMware in Virtualized
Environment.
For the procedures related to initial administration and the setup of the Geographic Redundancyenabled system, see the chapter Session Manager in a geographically redundant System Manager
environment in Administering Avaya Aura® Session Manager.
High-level steps for the installation
Procedure
1. Install or upgrade the primary System Manager standalone server with System Manager 6.3
software.
2. Install the secondary System Manager.
3. Configure both System Manager servers for the Geographic Redundancy operation.
4. Replicate the primary System Manager data to the secondary System Manager.
5. Install or upgrade the Session Manager server with Session Manager Release 6.3 software.
Use the configuration information from the Session Manager
6. Synchronize System Manager data with the Communication Manager system.
Result
The installation system updates are as follows:
1. The installation steps establish trust between the System Manager and Session Manager in
the normal manner.
2. The system performs the first set of replications including the FQDN and IP addresses of
both System Managers.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
29
Deploying Session Manager
3. The Session Manager detects the two sets of FQDNs and IP addresses of both System
Managers and automatically reconfigures the System Managers to the Geographic
Redundancy mode.
4. Session Manager queries both System Manager servers and determines the master server.
5. After the Session Manager automatically reconfigures the System Manager servers, the
system operates in the Sunny Day Geographic Redundancy mode.
Note:
If the primary System Manager is off the network and the secondary System Manager is active,
you can install Session Manager 6.3 using the following commands:
1. On the Session Manager CLI, enter the command dnat_failover.sh
MASTER_SMGR_IP , where MASTER_SMGR_IP is the IP address of the secondary
System Manager.
2. Run the command initTM.
Geographic Redundancy system verification
Perform this verification procedure after you install or upgrade the system.
Procedure
1. On the secondary System Manager, verify the primary System Manager is running in the
Active mode.
2. On the primary System Manager, verify the secondary System Manager is running in the
Standby mode.
30
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Chapter 5: Session Manager administration
For a complete description of Session Manager administration, including administration of a
Geographic Redundant system, see Administering Avaya Aura® Session Manager.
Session Manager administration checklist
Use the following checklist for the initial administration of a newly-installed Session Manager.
#
Administration action
Link
1
Log into the System Manager associated
with the Session Manager.
2
Add Domain Names.
Adding domain names for a Session
Manager on page 31.
3
Add the installed Session Manager as a SIP
Entity.
Adding Session Manager as a SIP entity on
page 32.
4
Administer the Session Manager.
Administering Session Manager on
page 32.
5
Configure alarming.
Continue with the Alarming configuration
checklist on page 35.
Adding domain names for a Session Manager
Procedure
1. On the home page of the System Manager Web Console, under Elements, click Routing >
Domains.
2. Click New.
3. In the Name field, enter the Network Domain Name of the Session Manager.
4. In the Type field, click SIP.
5. (Optional) Enter a description in the Notes field.
6. Click Commit.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
31
Session Manager administration
Adding Session Manager as a SIP entity
Procedure
1. On the System Manager web console home page, under Elements, select Routing > SIP
Entities.
2. Click New.
3. In the Name field, enter the name of the Session Manager.
4. In the FQDN or IP Address field, enter the IP address of the Session Manager Security
Module. This IP address is not the management IP address.
5. In the Type field, set the type to Session Manager.
6. In the Port section of the screen, click Add.
7. Add the port, protocol, and default domain entries for each port and protocol on which the
Session Manager listens for SIP traffic. Add failover ports if the SIP entity is a failover group
member. For more information about Failover Groups, see Administering Avaya Aura®
Session Manager.
8. Click Commit.
Administering Session Manager
Procedure
1. On the home page of the System Manager Web Console, under Elements, select Session
Manager > Session Manager Administration.
2. In the Session Manager Instances, click New.
3. In the SIP Entity Name field, enter the name of the Session Manager.
4. (Optional) In the Description field, enter a description for the Session Manager.
5. In the Management Access Point Host Name/IP field, enter the IP address of the host on
which the Session Manager is installed.
6. In the Network Mask field, enter the network mask of the Session Manager Security
Module.
7. In the Default Gateway field, enter the default gateway of the Session Manager Security
Module.
8. Verify the Enable Monitoring box is checked.
9. Click Commit.
Note:
32
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Configuring Session Manager redundancy on the same System Manager
The Session Manager configuration changes can take several minutes to replicate to the
Session Manager servers. Wait a few minutes before you continue with validation of the
configuration.
Configuring Session Manager redundancy on the same
System Manager
About this task
In the following configuration example, SM-1 is one Session Manager instance and SM-2 is the
active backup.
Route-through failover relies on Communication Manager look-ahead routing to choose alternate
routes. The route pattern form adds the secondary or failover trunk group administration.
If you use Local Host Name Resolution load balancing, you do not need additional administration if
you reuse the same Port IDs and IP addresses, such as C-LANs or procr, for the added SM-2 trunk
groups.
Procedure
1. Add SM-2 as the backup Session Manager server.
2. On SM-2, create the entity links that exist on SM-1. For example, VP-1.
3. For route-through failover, add an entity link SM-1 to SM-2.
4. Add the trunk setup on your device, such as Communication Manager and Voice Portal. For
example, if you have a Communication Manager signaling group to SM-1, you must add a
Communication Manager signaling group to SM-2.
All other administration is accessible to SM-2 automatically. You do not need to perform
additional dial plan administration.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
33
Chapter 6: Alarming Configuration
Network Management Systems Destinations
The Session Manager serviceability agent can send SNMPv2c/v3 traps or informs for alarms to
multiple destinations such as:
• SAL Gateway (mandatory)
• System Manager Trap Listener
• Third-party NMS
• Avaya SIG server
SAL Gateway is a mandatory trap destination for traps sent to Avaya Services for system
maintenance. SAL Gateway converts the traps to alarms and forwards the alarms to the Avaya Data
Centre for ticketing purposes. Therefore, after you install or upgrade from release earlier than 6.2 to
Session Manager Release 6.2 or later, you must configure the serviceability agent with the SAL
Gateway as a trap destination. You can configure the serviceability agent by using System Manager
Web Console. You must also configure Session Manager as a managed device on the SAL
Gateway. Optionally, you can configure any third-party Network Management Systems (NMS) as a
trap destination. Based on customer requirements, Avaya technicians can also configure Avaya SIG
server as another trap destination.
For upgrades from Release 6.2 or later, the configuration of the serviceability agent persists through
the Session Manager upgrade.
You can add an NMS destination using System Manager Web Console. To add an NMS destination,
you must create a target profile for the NMS destination and then attach the target profile to a
serviceability agent. For more information on activating agents and attaching target profiles, see
Managing Serviceability Agents in Administering Avaya Aura® System Manager.
34
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Activating and managing the Session Manager serviceability agent
Activating and managing the Session Manager
serviceability agent
You activate and manage the Session Manager serviceability agent using the System Manager web
console. To add a Network Management System (NMS) destination, you first create a target profile
for the NMS destination and then attach the target profile to a serviceability agent.
For more information on activating agents and attaching target profiles, see the SNMP Support
chapter in Maintaining and Troubleshooting Avaya Aura® Session Manager.
For the Geographic Redundant system setup, administer both System Manager instances as targets
for alarming.
Alarming configuration checklist
#
Action
Link/Notes
1
Configure the Serviceability Agent for Session
Manager.
See the chapter for SNMP
support for Session Manager in
Maintaining and Troubleshooting
Avaya Aura® Session Manager.
2
Add the Session Manager to the SAL Gateway.
Adding a Session Manager to the
SAL Gateway on page 35.
3
Test the installation.
Continue with the Postinstallation verification
checklist on page 37.
Adding a Session Manager to the SAL Gateway
Configure alarming and remote access for a Session Manager instance.
Before you begin
The Secure Access Link (SAL) Gateway must already be set up for System Manager Release 6.3.
Procedure
1. Log in to the System Platform Web console.
2. Click Server Management > SAL Gateway Management.
3. On the SAL Gateway Management page, click Launch SAL Gateway Management
Portal.
4. When the SAL Gateway login page appears, enter the same user ID and password that you
used when you logged in to the System Platform Web Console.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
35
Alarming Configuration
5. In the navigation pane of the SAL Gateway user interface, select Secure Access Link
Gateway > Managed Element.
6. On the Managed Element page, click Add new.
7. Enter information in the following fields:
• Host Name: Host Name of the Session Manager.
• IP Address: IP Address of the Session Manager.
• In the Model field, select SessionMgr_x.x.x.x from the drop-down menu.
The Product field is filled in automatically after you select Session Manager.
• Solution element ID: The Solution Element ID (SE ID) of Session Manager. The format of
the ID is (NNN)NNN-NNNN where N is any digit from 0 to 9.
• Product ID: The Product ID of Session Manager.
• Select the Provide remote access to this device check box.
• Select the Transport alarms from this device check box.
Important:
The SAL Gateway forwards alarms for this Session Manager only after you select the
Provide remote access to this device and Transport alarms from this device
check boxes.
8. Click Add.
9. Click Apply to apply the changes.
10. Restart the SAL Gateway for the configuration changes to take effect:
a. In the navigation pane of the SAL Gateway user interface, select Administration >
Apply Configuration Changes.
b. Click Apply next to Configuration Changes.
The system restarts the SAL Gateway and updates the SAL Gateway with the new
configuration values.
36
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Chapter 7: Post-installation verification
procedures
Post-installation verification checklist
Action
#
1
2
Link
Verify the Session Manager Service State
is Deny New Service.
Checking the Session Manager service
state on page 37.
Test the System Manager/Session Manager
installation.
Testing the System Manager and
Session Manager installation on
page 37.
3
Verify Data Replication to Session Manager. Verifying Data Replication to Session
Manager on page 39
4
Change the service state to Accept New
Service for the Session Manager server.
Accepting new service on page 40.
Checking the Session Manager service state
Procedure
1. On the home page of the System Manager Web Console, under Elements, click Session
Manager.
2. On the Session Manager Dashboard page, verify the service state for the new Session
Manager is Deny New Service.
Testing the System Manager and Session Manager installation
About this task
Verify the System Manager and Session Manager are installed and configured properly, and that the
servers and applications are communicating.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
37
Post-installation verification procedures
Procedure
1. On the System Manager Web Console home page, under Elements, select Session
Manager > System Tools > Maintenance Tests.
2. Select System Manager from the Select Target drop-down menu.
3. Click Execute All Tests.
4. Verify all tests display Success.
5. On the System Manager Web Console home page, under Elements, select Session
Manager > System Status > Security Module Status.
6. Verify the status is Up for all Session Managers.
7. Verify the IP address is correct.
8. If the status is Down, reset the security module:
a. Select the appropriate Session Manager from the table.
b. Click Reset.
Warning:
The Session Manager cannot process calls while the security module is being
restarted.
9. On the System Manager Web Console home page, under Elements, select Session
Manager.
10. On the Session Manager Dashboard page, verify the installed software versions of all
Session Managers are the same.
11. On the System Manager Web Console, under Elements, select Session Manager >
System Tools > Maintenance Tests.
12. Select the appropriate Session Manager instance from the drop-down menu.
13. Click Execute All Tests.
14. Verify all tests ran successfully.
15. Check the replication status of the Session Managers:
a. On the System Manager Web Console, under Services, click Replication.
The Synchronization Status should be green and the status should be Synchronized.
b. If the status is not Synchronized, select the check box next to SessionManagers (type
Replica Node) and click View Replica Nodes to determine which Session Manager is
not synchronized with System Manager.
16. Verify there are no active alarms for the Session Manager. On the System Manager Web
Console home page, under Services, click Events > Alarms.
17. If the System Manager and customer NMS are configured to forward alarms, generate a test
alarm to verify forwarding of alarms. See Generating a test alarm on page 39.
38
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Post-installation verification checklist
18. For Geographic Redundant systems:
a. On the System Manager Web Console home page, under Services, select Inventory
> Managed Elements.
b. Verify the managed elements in the Managed by column display the correct value of
the managing System Manager.
Generating a test alarm
Generate a test alarm to the targets assigned to the serviceability agent. These targets may include:
• A SAL Gateway (the alarm is forwarded to ADC)
• System Manager Trap Listener
• Third-party NMS
• Avaya SIG server
You can either run the generateTestAlarmSM.sh script using the Session Manager CLI, or you can
use the Generate Test Alarm button on the Serviceability Agents screen.
Procedure
1. If using the Session Manager CLI:
a. Login to the Session Manager server.
b. Enter Session Manager CLI command generateTestAlarmSM.sh.
2. If using the Generate Test Alarm button on the Serviceability Agents screen:
a. On the System Manager web console, under Services, click Inventory > Manage
Serviceability Agents > Serviceability Agents.
b. Select a Hostname from the list and click Generate Test Alarm.
3. Verify the System Manager received the test alarm message:
a. On the System Manager Web Console, under Services, select Events > Alarms.
b. Verify the message Test alarm for testing only, no recovery action necessary
displays under the Description column.
4. If the serviceability agent is configured with other targets, verify the other targets also
received the test alarm.
Verifying Data Replication to Session Manager
Procedure
1. On the home page of the System Manager Web console, under Services, click Replication.
2. Verify that the status for the appropriate replica group is Synchronized.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
39
Post-installation verification procedures
3. If the replica group is not in a Synchronized, Queued for Repair, or Repairing state,
continue with the following troubleshooting steps.
Troubleshooting steps
About this task
Perform the following troubleshooting steps if the replica group state is not Synchronized, Queued
for Repair, or Repairing, or if the replica group is stuck in the Starting state.
Procedure
1. Log in to the System Manager Web interface.
2. Under Services, click Replication.
3. Select the appropriate Replica Group for the Session Manager server.
4. Click View Replica Nodes.
5. Verify information in the /etc/hosts file of the System Manager:
a. Log in to the CLI of the System Manager.
b. Verify the /etc/hosts file has the IP address, FQDN, and hostnames of itself and all
of the associated Session Managers (applicable only if DNS is not used for host
resolution of an IP address).
Note:
Hostname is case sensitive.
6. Enter the smconfig command and verify the basic data entry values of Session Manager.
7. Enter initTM. The command should complete within 10 minutes. If it does not complete
within that time, continue with the next step.
8. Verify that the system date and time on the Session Manager server is the same as the
system date and time on the System Manager virtual machine. Trust certificate initialization
can fail if the clocks differ by more than a few seconds.
9. Verify the information on the Network Configuration page on the System Platform Web
Console (Server Management > Network Configuration).
10. On System Manager, verify the Session Manager is synchronized.
Accepting new service
Note:
Even though the Security Module displays the status as Up, the security module might take 5 to
10 minutes before the security module can begin routing calls.
40
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Post-installation verification checklist
Procedure
1. On the home page of the System Manager Web Console, under Elements, click Session
Manager.
2. On the Session Manager Dashboard page, select the appropriate Session Manager in the
Session Manager Instances table.
3. Click Service State.
4. Select Accept New Service from the drop-down menu.
5. Click Confirm.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
41
Chapter 8: Certificate management
Session Manager uses five unique certificates: WebSphere, SAL Agent, Management, SIP, and
HTTPS. SIP and HTTPS are the most important because these certificates communicate with
outside entities such as Communication Manager and endpoints.
Any changes to these interfaces can cause major service interruptions. Be very careful when
changing these certificates. The near end and far end use the certificates to trust each other. Each
side presents its identity certificate during TLS negotiation. If one side does not trust the identity
certificate of the other side, the connect fails. For an entity to trust another certificate, the entity must
contain the root CA certificate from the CA that issued the identity certificate. Some example CAs
are VeriSign, Symantec, System Manager, and Avaya's SIP Product CA.
The root CA certificate must be stored in the entity's trusted list, also known as a trust store. To
change the SIP or HTTPS identity certificate of a Session Manager, each far end entity must first
contain the new root CA certificate in its trusted list. You must add the new root CA certificate to the
trusted list of the far end before changing the identity certificates.
There are two options for handling certificates for a new installation:
• Use the new System Manager issued ID certificates (default behavior). See Using the System
Manager CA on page 45.
• Use third party ID certificates. See Using a Third Party CA on page 49.
SIP Identity Certificate
Generate the Session Manager SIP Identity Certificate with the following X509v3 extensions and
attributes.
Attribute
Value
Required?
Authority Information
Access
OCSP - URI:http://{ocsp-server}{:ocsp-port}{/
ocsp-path}
Optional
Authority Key Identifier
hash
Required1
CRL Distribution Points URI:http://{crl-server}{:crl-port}{/crl-path}
Optional
Optional
1
42
Authority key identifiers are required elements in end entity certificates to properly establish the trust chain.
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
HTTPS Identity Certificate
Attribute
Value
URI:ldap://{crl-server}{:crl-port}{/crl-dn}2
Required?
Extended Key Usage
id-kp-serverAuth = 1.3.6.1.5.5.7.3.2.1
Required
id-kp-clientAuth = 1.3.6.1.5.5.7.3.2.2
Optional3
id-kp-sipDomain = 1.3.6.1.5.5.7.3.20
Contraindicated 4
digitalSignature
All values are Optional. 5
Key Usage
nonRepudiation
keyEncipherment
dataEncipherment
Subject
CN={fqdn}
Required
Subject Alternative
Name
IP:{ip}
Optional
URI:sip:{domain}
Required 6
DNS:{domain}
Required 7
DNS:{fqdn}
Required
Subject Key Identifier
hash
Recommended
Validity
validity period
Required
HTTPS Identity Certificate
Generate the Session Manager HTTPS Identity Certificate with the following X509v3 extensions and
attributes.
2
3
4
5
6
7
8
Attribute
Value
Required?
Authority Information
Access
OCSP - URI:http://{ocsp-server}{:ocsp-port}{/
ocsp-path}
Optional
Authority Key Identifier
hash
Required8
CRL Distribution Points URI:http://{crl-server}{:crl-port}{/crl-path}
Optional
URI:ldap://{crl-server}{:crl-port}{/crl-dn}9
Optional
URLS and DNs that identify the location of CRLs in LDAP directories can be complex. Entities must be able to handle
characters as defined by the LDAP URI specification in RFC 4516.
Required if the same Identity Certificate is used when the server is acting as a client.
Validation of the presence of the id-kp-sipDomain extended key usage as described in RFC 5924 is discouraged, as
it limits use of the certificate to SIP only and forces certificate proliferation.
Values may vary as specified in RFC 5280 and RFC 3279.
The SIP domain may not be known at install time, so the URI:sip:{domain} Subject Alternative Name value
suggested by RFC 5922 is not likely to be present.
See Footnote 6. Also, the 96xx endpoints require the SIP domain to be present in the CN or as a DNS:{domain} entry
in the Subject Alternative Name field.
Authority key identifiers are required elements in end entity certificates to properly establish the trust chain.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
43
Certificate management
Attribute
Value
Required?
Extended Key Usage
id-kp-serverAuth = 1.3.6.1.5.5.7.3.2.1
Required
id-kp-clientAuth = 1.3.6.1.5.5.7.3.2.2
Optional10
digitalSignature
All values are Optional. 11
Key Usage
nonRepudiation
keyEncipherment
dataEncipherment
Subject
CN={fqdn}
Required
Subject Alternative
Name
IP:{ip}
Optional 12
DNS:{fqdn}
Required
Subject Key Identifier
hash
Recommended
Validity
validity period
Required
Viewing the TLS version
Determine if you are using a demo identity certificate.
Procedure
1. On the home page of the System Manager Web Console, under Services, click Inventory >
Manage Elements.
2. Select the Session Manager instance.
3. Click More Actions > Configure Identity Certificates.
4. Select the securitymodule.
5. Check the Issuer Name.
If the Issuer Name field contains CN=SIP Product Certificate Authority, OU=SIP Product
Certificate Authority, O=Avaya Inc., C=US, you have a demo identity certificate.
9
10
11
12
44
URLS and DNs that identify the location of CRLs in LDAP directories can be complex. Entities must be able to handle
characters as defined by the LDAP URI specification in RFC 4516.
Required if the same Identity Certificate is used when the server is acting as a client.
Values may vary as specified in RFC 5280 and RFC 3279.
For the 96xx endpoints, PPM is defined as an IP address so PPM certificates must contain the IP:{ip} Subject
Alternative Name entry when these endpoints are part of the solution.
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Using the System Manager CA
Using the System Manager CA
System Manager can act as a certificate authority similar to VeriSign and Symantec. Many adopters,
such as Communication Manager, Session Manager, and Presence, already use certificates issued
by System Manager.
For fresh installations, all Identity Certificates, including SIP and HTTPS, are issued by the System
Manager CA. You must install the System Manager trusted root certificates on endpoints that
communicate with Session Manager over TLS for the endpoints to trust the Session Manager
identity certificate.
Use this checklist for using the Identity Certificates issued by the System Manager.
Action
#
Link
Export the System Manager CA.
Exporting the System Manager CA on
page 45.
2
Add the Root Certificate of the System
Manager to Communication Manager.
Adding the System Manager CA to
Communication Manager on page 46.
3
Add System Manager Root Certificate to
96xx phones.
Adding the System Manager Root
Certificate to 96XX phones on page 47.
4
Add the System Manager Root Certificate to
any other SIP connections, such as CS1K
and Radvision.
1
Replace the Session Manager SIP and
HTTP Identity Certificates.
5
Installing Enhanced Validation
Certificates on Session Manager on
page 47.
Note:
This step needs to be performed for all
Session Manager servers and Branch
Session Manager servers.
6
Remove the SIP CA Root Certificate from all
trust lists, such as Communication Manager
and phones.
Other Session Manager servers
administered under the same System
Manager will already trust the new
Identity Certificate.
Removing trusted certificates on
page 48.
Exporting the System Manager CA
Procedure
1. On the home page of the System Manager Web Console, under Services, select Security >
Certificates > Authority.
2. On the main page, click Download pem file.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
45
Certificate management
3. Save the file.
Note:
To avoid HTTP download issues, save the file with the .txt extension.
Adding System Manager CA to Communication Manager
When you configure the Session Manager’s SIP Identity Certificate to use System Manager as the
CA, links to Communication Manager will go down because the Communication Manager will not
trust the System Manager CA. Use this procedure to make Communication Manager trust the
System Manager CA certificate.
Procedure
1. Verify you can access the System Manager CA certificate.
2. Log in to the Communication Manager server web interface.
3. Click Administration and select Service (Maintenance).
4. In the left menu, under Miscellaneous, click Download Files.
5. Select File(s) to download from the machine I’m using to connect to the server.
6. Click Browse.
7. Select the System Manager CA certificate you want to download and click Open.
8. Click Download.
9. In the left menu, under Security, click Trusted Certificates.
10. Click Add.
11. Enter the name of the downloaded System Manager CA certificate.
Note:
You only need to enter the name of the file.
12. Click Open.
13. Select the Communication Manager check box.
14. Click Add.
15. Restart Communication Manager.
Warning:
Select Delayed Shutdown and Restart server after shutdown. Restarting the
Communication Manager server stops the SMI server you are currently using. You will be
unable to access the Web pages until the server restarts.
46
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Using the System Manager CA
Adding System Manager’s Root Certificate to 96xx Phones
This procedure describes how to make phones trust the System Manager CA certificate.
Important:
To avoid a service outage, run this procedure before switching Session Manager to certificates
issued by System Manager.
Procedure
1. Copy the file to the file server that the 96xx phones are using.
2. On the file server, edit the file 46xxsettings.txt.
3. In the file, set the TRUSTCERTS option to include the System Manager CA certificate. For
example:
SET TRUSTCERTS “smgr.txt, av_sipca_pem_2027.txt”
4. Reboot all of the phones.
After rebooting, the phones download the System Manager root CA and are ready to the
replacing of the Session Manager’s SIP identity certificate.
Installing Enhanced Validation Certificates for Session Manager
By default, 96xx phones perform enhanced validation of certificates. To make use of these
certificates, you need to populate the Common Name and Subject Alternate Name of the
certificate. You need to perform this procedure for all Session Managers and Branch Session
Managers.
Important:
The 96xx phones need to trust the System Manager Root Certificate before you replace an SIP
or HTTP certificates. Failure to do so results in the loss of communication with the phones.
Procedure
1. On the home page of the System Manager Web Console, under Services, click Inventory >
Manage Elements.
2. Select the appropriate Session Manager from the list and click More Actions.
3. Select Configure Identity Certificates from the drop-down menu.
4. On the Identity Certificates page, select Security Module SIP, or the name associated
with Common Name securitymodule.
5. Click Replace.
6. On the Replace Identity Certificate page, select Replace this Certificate with Internal CA
Signed Certificate.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
47
Certificate management
7. Select the Common Name (CN) checkbox and enter the host name or IP address of the
Security Module. The address is the same as the SIP Entity address.
8. Select RSA for the Key Algorithm.
9. Select 2048 or 4096 as the Key Size.
10. Select the DNS Name checkbox and enter the SIP domain (for example, avaya.com). You
can enter multiple SIP domains using commas (no spaces), such as
avaya.com,company.com,xyz.com.
11. Click Commit.
12. On the Identity Certificates page, select Security Module HTTP.
13. Click Replace.
14. On the Replace Identity Certificate page, select Replace this Certificate with Internal CA
Signed Certificate.
15. Select the Common Name (CN) check box and enter the host name or IP address of the
Security Module. The address is the same as the SIP Entity address.
16. Select RSA for the Key Algorithm.
17. Select 2048 or 4096 as the Key Size.
18. Select the DNS Name checkbox and enter the SIP domain (for example, company.com).
You can enter multiple SIP domains using commas (no spaces), such as
abc.com,company.com,xyz.com.
19. Click Commit.
20. Restart all phones.
After rebooting, the phones download the System Manager Root CA and will be able to
communicate with the Session Manager.
Removing trusted certificates
Procedure
1. On the home page of the System Manager Web Console, under Services, click Inventory >
Manage Elements.
2. Select a Session Manager instance.
3. Click More Actions > Configure Trusted Certificates.
4. Select the certificates you want to remove, then click Remove.
The system removes the certificates from the list of trusted certificates in the Session
Manager instance.
48
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Using a third party CA
Using a third party CA
The use of third party certificates is optional. Third party certificates are not required.
A third party CA can be a commercial vendor such as VeriSign and Symantec, or an enterprise-run
CA that is maintained by the customer’s IT department. You can create third party certificates using
openssl or open source tools such as EJBCA (http://www.ejbca.org).
Use this checklist for using third party Identity Certificates.
Action
#
Link
Add the third party Root Certificate to
Communication Manager.
1
2
3
Adding a third party Root Certificate to
Communication Manager on page 49.
Repeat this step for each Communication
Manager that is connected to the Session
Manager.
Add the third party Root Certificate CA to
96xx phones.
Adding a third party root certificate CA to
96xx phones on page 50.
Add the third party Root Certificate CA to the For example, Avaya Voice Portal and
trusted list for any other adjunct device that
Meeting Exchange.
uses TLS to connect to Session Manager
through SIP.
.
4
Replace the Session Manager SIP and
HTTP Identity Certificates.
Installing third party certificates on
Session Manager on page 51.
5
Add the third party certificate to the trusted
list.
Adding trusted certificates on page 52.
Adding a third party CA to Communication Manager
Configure Communication Manager to trust a third party root CA.
When you replace the SIP CA with the third party certificate, all Communication Manager TLS
connections will go down.
Perform this procedure for each Communication Manager that is connected to the Session
Manager.
Procedure
1. Verify you can access the third party root CA certificate.
2. Log in to the Communication Manager server web interface.
3. Click Administration and select Service (Maintenance).
4. In the left menu, under Miscellaneous, click Download Files.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
49
Certificate management
5. Select File(s) to download from the machine I’m using to connect to the server.
6. Click Browse.
7. Select the third party CA certificate you want to download and click Open.
8. Click Download.
9. In the left menu, under Security, click Trusted Certificates.
10. Click Add.
11. Enter the name of the downloaded third party CA certificate.
Note:
You only need to enter the name of the file.
12. Click Open.
13. Select the Communication Manager check box.
14. Click Add.
15. Restart Communication Manager.
Warning:
Select Delayed Shutdown and Restart server after shutdown. Restarting the
Communication Manager server stops the SMI server you are currently using. You will be
unable to access the Web pages until the server restarts.
16. Repeat this procedure for each Communication Manager connected to the Session
Manager.
Adding a third party Root Certificate to 96xx Phones
This procedure describes how to make phones trust a third party Root Certificate CA.
Important:
To avoid a service outage, perform this procedure before switching the Session Manager to
certificates issued by System Manager.
Procedure
1. Copy the third party root certificate file to the file server that the 96xx phones are using.
2. On the file server, edit the file 46xxsettings.txt.
3. In the file, set the TRUSTCERTS option to include the third party CA certificate. For
example:
SET TRUSTCERTS “Third_Party_CA.txt, av_sipca_pem_2027.txt”
4. Reboot all the phones.
50
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Using a third party CA
After rebooting, the phones download the System Manager root CA and are ready to the
replacing of the Session Manager’s SIP identity certificate.
Installing third party certificates on Session Manager
This procedure describes how to install a third party certificate for SIP and HTTP on Session
Manager.
When the certificate changes to the third party certificate, each SIP Entity must trust the third party
CA.
Procedure
1. On the home page of the System Manager Web Console, under Services, click Inventory >
Manage Elements.
2. Select the appropriate Session Manager from the list and click More Actions.
3. Select Configure Identity Certificates from the drop-down menu.
4. Install the SIP third party certificate:
a. On the Identity Certificates page, select Security Module SIP, or the name
associated with Common Name securitymodule.
b. Click Replace.
c. On the Replace Identity Certificate page, select Import third party PKCS#12 file.
d. When prompted for Please select a file, browse for the third party signed certificate.
e. Enter the password in the Password field.
f. Click Retrieve Certificate. The certificate details section displays the details of the
certificate.
g. Click Commit.
5. On the home page of the System Manager Web Console, under Services, click Inventory >
Manage Elements.
6. Select the appropriate Session Manager from the list and click More Actions.
7. Select Configure Identity Certificates from the drop-down menu.
8. Install the HTTP third party certificate:
a. On the Identity Certificates page, select Security Module HTTP.
b. Click Replace.
c. On the Replace Identity Certificate page, select Import third party PKCS#12 file.
d. When prompted for Please select a file, browse for the third party signed certificate.
e. Enter the password in the Password field.
f. Click Retrieve Certificate. The certificate details section displays the details of the
certificate.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
51
Certificate management
g. Click Commit.
Adding trusted certificates
You can import a trusted certificate:
• from a file.
• by copying the contents of a PEM file.
• from a list of an existing certificates.
• from a remote location using a TLS connection.
Procedure
1. On the home page of the System Manager Web Console, under Services, click Inventory >
Manage Elements.
2. Select a Session Manager instance.
3. Click More Actions > Configure Trusted Certificates.
4. On the Trusted Certificates page, click Add.
5. To import a certificate from a file:
a. Select Import from file.
b. Click Browse and locate the file.
c. Click Retrieve Certificate.
d. Click Commit.
6. To import a certificate in the PEM format:
a. Select Import as PEM Certificate.
b. Locate the PEM certificate.
c. Open the certificate using Notepad.
d. Copy the entire contents of the file. You can include the start and end tags: -----BEGIN
CERTIFICATE-----" and "-----END CERTIFICATE----.
e. Paste the contents of the file where indicated.
f. Click Commit.
7. To import certificates from existing certificates:
a. Select Import from existing.
b. Select the certificate from the Global Trusted Certificate section.
c. Click Commit.
8. To import certificates using TLS:
a. Select Import using TLS.
52
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Demo certificates
b. Enter the IP Address of the location in the IP Address field.
c. Enter the port of the location in the Port field.
d. Click Retrieve Certificate.
e. Click Commit.
Demo certificates
Previously, Session Manager was shipped with demo certificates issued by the SIP CA to simplify
TLS connection setup. Demo certificates are non-unique identity certificates issued by the Avaya
SIP Product Certificate Authority. Demo certificates are very insecure and do not meet current NIST
standards (SHA256 and 2048 bit keys).
Starting with Session Manager 6.3.8, Session Manager no longer uses or supports default demo
certificates for new installations. Fresh installations of Session Manager result in SIP and HTTP
certificates signed by System Manager. In most cases, existing TLS connections will break until the
System Manager CA is installed on the far end. You can reinstall the demo certificates to quickly
restore a previously working environment.
For upgrades, Session Manager preserves the previous certificates. If a demo certificate was in use
in the previous release, the certificate is preserved through the upgrade.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
53
Chapter 9: Troubleshooting
The following sections describe troubleshooting steps for errors that may occur during installation or
administration of the Session Manager server.
Server has no power
Procedure
1. Verify the power cord to the server is plugged into a non-switched outlet or uninterrupted
power supply (UPS).
2. If using a UPS, verify the UPS is plugged into a non-switched outlet.
3. If the server has a single power supply, verify the power supply bay is installed and is seated
securely.
4. Verify the outlet has power.
5. Check the LEDs of the server and verify the AC LED and the DC LED are both lit during
normal operation.
Unable to access Service State
Procedure
1. Check the cables for Eth0 and Eth2. See Ethernet port labels by server type on page 10 for
the correct port labels.
2. Create an SSH session to the Session Manager server with the Management Interface IP
address using the customer login.
3. Enter the command SMnetSetup
4. Verify the settings using the Session Manager configuration information worksheet.
54
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Chapter 10: Maintenance procedures
Upgrades to Session Manager
To upgrade to a new software release for Session Manager, see Upgrading Avaya Aura® Session
Manager on the Avaya support Web site at http://www.avaya.com/support.
To install service packs for Session Manager, see Installing Service Packs for Avaya Aura® Session
Manager on the Avaya support Web site at http://www.avaya.com/support.
To install patches for Session Manager, see Installing Patches for Avaya Aura® Session Manager
on the Avaya support Web site at http://www.avaya.com/support.
Note:
Upgrade System Manager before starting the upgrade process on Session Managers.
Remote access
Secure Access Link (SAL) uses the existing Internet connectivity of the customer for remote support
and alarming. All communication from the customer environment is sent by Secure Hypertext
Transfer Protocol Secure (HTTPS). SAL requires upload bandwidth, for example, from customer to
Avaya or Avaya Partner, of at least 90 Kbs with round trip latency no greater than 150 ms.
Business Partners without SAL Concentrator must provide their own IP-based connectivity, for
example, B2B VPN connection, to deliver remote services.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
55
Appendix A: OS-level logins for Session
Manager
The following is a list of logins that are created during the Session Manager software installation:
• craft: An Avaya services login to gain access to the system remotely for troubleshooting
purposes.
• sroot: An Avaya services root permission login to gain access to the system remotely for
troubleshooting purposes. You cannot gain access to the sroot login directly from a login
prompt except on the server console.
• customer: A login that the SMnetSetup script creates. The default name of the customer
login is cust. The customer must ensure the security of this login account. The customer login
can run software tools which do not require root access on the Session Manager servers.
• CDR_User: A restricted shell login for the Call Detail Recording (CDR) feature. CDR collects
call data from the Session Manager server. This login is restricted to sftp access only.
• asset: A login created during the installation of the Security Module software. By default,
access to the system using this login is disabled.
• spirit: A login created by the Secure Access Link remote alarming and remote access
module for Avaya services.
• postgres: A login created by the installation of the Session Manager software PostgresSQL
database system. Access to the system using this login is disabled.
• init : An Avaya services login that accesses the system remotely for troubleshooting
purposes.
• inads: An Avaya services login that accesses the system remotely for troubleshooting
purposes.
• rasaccess: An Avaya services login that accesses the system remotely for troubleshooting
purposes.
• jboss: A login created for running the management jboss and is not a login account.
• wsuser: A login created for running WebSphere and is not a login account.
56
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Warning:
As of Session Manager Release 6.2, the Access Security Gateway secures the following logins
and prevents unauthorized access to the Session Manager servers by non-Avaya services
personnel:
• sroot
• inads
• rasaccess
• init
• craft
Using the customer login account, you can run most of the maintenance and troubleshooting
commands. You do not need root access for standard maintenance and support purposes. For
more information, see PSN (PSN003925U).
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
57
Appendix B: Product notifications
Avaya issues a product change notice (PCN) for a software update. A PCN accompanies a service
pack or patch that must be applied universally.
Avaya issues a product support notice (PSN) when there is a change in a product. A PSN provides
information such as a workaround for a known problem and steps to recover software.
Both of these types of notices alert you to important issues that directly impact Avaya products.
Viewing PCNs and PSNs
Procedure
1. Go to the Avaya Support website at http://support.avaya.com.
2. Enter your login credentials, if applicable.
3. On the top of the page, click DOCUMENTS.
4. In the Enter your Product Here field, enter the name of the product, then select the product
from the drop-down menu.
5. In the Choose Release field, select the specific release from the drop-down menu.
6. In the list of filters, select the Product Correction Notices and/or Product Support Notices
check box.
Note:
You can select multiple filters to search for different types of documents at one time.
7. Click Enter.
58
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Registering for product notifications
Registering for product notifications
Note:
This procedure applies only to registered Avaya customers and business partners with an SSO
login.
Procedure
1. Go to the Avaya Support website at http://support.avaya.com.
2. Log in using your SSO credentials.
3. Click on the MY PROFILE link.
4. Click the highlighted HI, <username> tab.
5. Select E Notifications from the menu.
6. In the Product Notifications section:
a. Click Add More Products.
b. Select the appropriate product.
7. In the Product box that appears on your screen:
a. Select the appropriate release or releases for which you want to receive notifications.
b. Select which types of notifications you want to receive. For example, Product Support
Notices and Product Correction Notices (PCN).
c. Click Submit.
8. If you want notifications for other products, select another product from the list and repeat
the above step.
9. Log out.
November 2014
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
59
Index
A
accepting new service ......................................................... 40
access, remote .................................................................... 55
accessing
Compatibility Matrix ...................................................... 11
activating entitlements ......................................................... 21
adding
System Manager root certificate to phones .................. 47
third party root certificate to phones ............................. 50
trusted certificates ........................................................ 52
adding NMS Destination ...................................................... 35
adding SIP Entity
Session Manager ..........................................................32
adding System Manager CA
to Communication Manager ......................................... 46
adding third party CA
to Communication Manager ......................................... 49
administering
Session Manager ..........................................................32
administration checklist ........................................................31
AFS
starting ..........................................................................27
alarm configuration
checklist ........................................................................35
alarm test ............................................................................. 39
authentication file
installing ........................................................................28
Authentication File
creating .........................................................................27
Avaya Learning ......................................................................8
C
certificate management ....................................................... 42
checking
Session Manager service state .................................... 37
checklist
administration ............................................................... 31
alarming configuration .................................................. 35
installation .....................................................................20
post-installation verification .......................................... 37
Session Manager planning procedures ........................ 13
site preparation .............................................................16
Communication Manager
trusting system Manager CA ........................................ 46
trusting third party CA ...................................................49
Compatibility Matrix
accessing ......................................................................11
configuration
redundancy ...................................................................33
configuring
Enrollment Password ....................................................22
60
connecting
a laptop to the server ....................................................24
courses .................................................................................. 8
creating Authentication File ................................................. 27
D
demo certificates ..................................................................53
deployment process overview ............................................. 10
documentation
related .............................................................................6
document changes ................................................................ 6
domain names
adding for a Session Manager ......................................31
downloading software .......................................................... 15
DVD
writing ISO image ......................................................... 16
E
enhanced validation certificates
installing ........................................................................47
Enrollment password
setting ........................................................................... 22
entitlements
activating ...................................................................... 21
Ethernet port labels ..............................................................10
exporting
System Manager CA .................................................... 45
F
feature pack to release mapping ......................................... 11
Firefox
disabling proxy servers .................................................24
G
generate an alarm ................................................................39
geographic redundancy ....................................................... 29
H
HTTP identity certificates
replacing ....................................................................... 47
HTTPS Identity Certificate
extensions and attributes table .....................................43
I
installation
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Index
installation (continued)
testing for System Manager or Session Manager ........ 37
installation checklist ............................................................. 20
installed logins ..................................................................... 56
installing
authentication file ..........................................................28
enhanced validation certificates ................................... 47
third party certificates ................................................... 51
installing Session Manager
geographic redundancy ................................................ 29
Internet Explorer
disabling proxy servers .................................................23
IP settings
configuring on laptop .................................................... 23
ISO image
writing to DVD ...............................................................16
L
laptop
configuring to connect to server ................................... 23
legal notice ...............................................................................
logins
installed ........................................................................ 56
M
managed element
configuring in SAL Gateway ......................................... 35
mapping
feature packs to releases ............................................. 11
media ................................................................................... 12
N
Network Management Systems Destinations ...................... 34
new service
changing state to accept ...............................................40
NMS
adding ...........................................................................35
NMS destinations .................................................................34
notifications ..........................................................................58
P
PCNs
viewing ..........................................................................58
PCN updates ....................................................................... 58
planning procedures
checklist ........................................................................13
PLDS ................................................................................... 14
downloading software ...................................................15
post-installation
verification procedures ................................................. 37
product notification enrollment .............................................59
product notifications
November 2014
e-notifications ............................................................... 59
proxy servers
disabling in Firefox ........................................................24
disabling in Internet Explorer ........................................ 23
PSNs
viewing ..........................................................................58
PSN updates ........................................................................58
R
redundancy configuration .................................................... 33
registering ............................................................................ 14
related documentation ........................................................... 6
remote access ..................................................................... 55
removing
trusted certificates ........................................................ 48
replacing
HTTP identity certificates ..............................................47
SIP identity certificates ................................................. 47
replication verification .......................................................... 39
root certificate
adding to phones .......................................................... 47
S
SAL Gateway
configuring a managed element ................................... 35
servers
supported for Session Manager ................................... 11
service pack upgrades .........................................................55
service state
Session Manager ..........................................................37
Session Manager
administration ............................................................... 32
Session Manager information worksheet .............................18
SIP Entity information worksheet .........................................19
SIP Identity Certificate
extensions and attributes table .....................................42
SIP identity certificates
replacing ....................................................................... 47
site preparation
checklist ........................................................................16
SMnetSetup ......................................................................... 25
SNMP traps ......................................................................... 34
software upgrades ............................................................... 55
support ...................................................................................9
supported servers ................................................................ 11
System Manager
adding CA to Communication Manager ........................46
System Manager CA
exporting .......................................................................45
using ............................................................................. 45
T
testing
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
61
Index
testing (continued)
System/Session Managers ...........................................37
third party CA
using ............................................................................. 49
third party certificates
installing ........................................................................51
third party root certificate
adding to phones .......................................................... 50
TLS version
viewing ..........................................................................44
training ................................................................................... 8
troubleshooting .................................................................... 54
troubleshooting - cannot access service state .....................54
troubleshooting - server has no power ................................ 54
trusted certificates
adding ...........................................................................52
removing .......................................................................48
trust management
enrollment password .................................................... 22
U
using
System Manager CA .................................................... 45
third party CA ................................................................49
V
verify alarm configuration .....................................................39
verifying
data replication ............................................................. 39
videos .................................................................................... 8
viewing
PCNs ............................................................................ 58
PSNs ............................................................................ 58
TLS version .................................................................. 44
W
warranty ................................................................................. 9
worksheet, Session Manager information ............................18
worksheet, SIP Entity information ........................................19
worksheets ...........................................................................16
62
Deploying Avaya Aura® Session Manager Release 6.3
Comments? infodev@avaya.com
November 2014
Open as PDF
Similar pages