Deploying Avaya Aura® Device Services

Release 7.1
Issue 2
August 2017
© 2016-2017, Avaya Inc.
All Rights Reserved.
Notice
While reasonable efforts have been made to ensure that the
information in this document is complete and accurate at the time of
printing, Avaya assumes no liability for any errors. Avaya reserves
the right to make changes and corrections to the information in this
document without the obligation to notify any person or organization
of such changes.
Documentation disclaimer
“Documentation” means information published in varying mediums
which may include product information, operating instructions and
performance specifications that are generally made available to users
of products. Documentation does not include marketing materials.
Avaya shall not be responsible for any modifications, additions, or
deletions to the original published version of Documentation unless
such modifications, additions, or deletions were performed by or on
the express behalf of Avaya. End User agrees to indemnify and hold
harmless Avaya, Avaya's agents, servants and employees against all
claims, lawsuits, demands and judgments arising out of, or in
connection with, subsequent modifications, additions or deletions to
this documentation, to the extent made by End User.
Link disclaimer
Avaya is not responsible for the contents or reliability of any linked
websites referenced within this site or Documentation provided by
Avaya. Avaya is not responsible for the accuracy of any information,
statement or content provided on these sites and does not
necessarily endorse the products, services, or information described
or offered within them. Avaya does not guarantee that these links will
work all the time and has no control over the availability of the linked
pages.
Warranty
Avaya provides a limited warranty on Avaya hardware and software.
Refer to your sales agreement to establish the terms of the limited
warranty. In addition, Avaya’s standard warranty language, as well as
information regarding support for this product while under warranty is
available to Avaya customers and other parties through the Avaya
Support website: https://support.avaya.com/helpcenter/
getGenericDetails?detailId=C20091120112456651010 under the link
“Warranty & Product Lifecycle” or such successor site as designated
by Avaya. Please note that if You acquired the product(s) from an
authorized Avaya Channel Partner outside of the United States and
Canada, the warranty is provided to You by said Avaya Channel
Partner and not by Avaya.
Hosted Service
THE FOLLOWING APPLIES ONLY IF YOU PURCHASE AN AVAYA
HOSTED SERVICE SUBSCRIPTION FROM AVAYA OR AN AVAYA
CHANNEL PARTNER (AS APPLICABLE), THE TERMS OF USE
FOR HOSTED SERVICES ARE AVAILABLE ON THE AVAYA
WEBSITE, HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO UNDER
THE LINK “Avaya Terms of Use for Hosted Services” OR SUCH
SUCCESSOR SITE AS DESIGNATED BY AVAYA, AND ARE
APPLICABLE TO ANYONE WHO ACCESSES OR USES THE
HOSTED SERVICE. BY ACCESSING OR USING THE HOSTED
SERVICE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON
BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE
DOING SO (HEREINAFTER REFERRED TO INTERCHANGEABLY
AS “YOU” AND “END USER”), AGREE TO THE TERMS OF USE. IF
YOU ARE ACCEPTING THE TERMS OF USE ON BEHALF A
COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT
YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THESE
TERMS OF USE. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF
YOU DO NOT WISH TO ACCEPT THESE TERMS OF USE, YOU
MUST NOT ACCESS OR USE THE HOSTED SERVICE OR
AUTHORIZE ANYONE TO ACCESS OR USE THE HOSTED
SERVICE.
Licenses
THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA
WEBSITE, HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO,
UNDER THE LINK “AVAYA SOFTWARE LICENSE TERMS (Avaya
Products)” OR SUCH SUCCESSOR SITE AS DESIGNATED BY
AVAYA, ARE APPLICABLE TO ANYONE WHO DOWNLOADS,
USES AND/OR INSTALLS AVAYA SOFTWARE, PURCHASED
FROM AVAYA INC., ANY AVAYA AFFILIATE, OR AN AVAYA
CHANNEL PARTNER (AS APPLICABLE) UNDER A COMMERCIAL
AGREEMENT WITH AVAYA OR AN AVAYA CHANNEL PARTNER.
UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING,
AVAYA DOES NOT EXTEND THIS LICENSE IF THE SOFTWARE
WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA
AFFILIATE OR AN AVAYA CHANNEL PARTNER; AVAYA
RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU
AND ANYONE ELSE USING OR SELLING THE SOFTWARE
WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR
USING THE SOFTWARE, OR AUTHORIZING OTHERS TO DO SO,
YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM
YOU ARE INSTALLING, DOWNLOADING OR USING THE
SOFTWARE (HEREINAFTER REFERRED TO
INTERCHANGEABLY AS “YOU” AND “END USER”), AGREE TO
THESE TERMS AND CONDITIONS AND CREATE A BINDING
CONTRACT BETWEEN YOU AND AVAYA INC. OR THE
APPLICABLE AVAYA AFFILIATE (“AVAYA”).
Avaya grants You a license within the scope of the license types
described below, with the exception of Heritage Nortel Software, for
which the scope of the license is detailed below. Where the order
documentation does not expressly identify a license type, the
applicable license will be a Designated System License as set forth
below in the Designated System(s) License (DS) section as
applicable. The applicable number of licenses and units of capacity
for which the license is granted will be one (1), unless a different
number of licenses or units of capacity is specified in the
documentation or other materials available to You. “Software” means
computer programs in object code, provided by Avaya or an Avaya
Channel Partner, whether as stand-alone products, pre-installed on
hardware products, and any upgrades, updates, patches, bug fixes,
or modified versions thereto. “Designated Processor” means a single
stand-alone computing device. “Server” means a set of Designated
Processors that hosts (physically or virtually) a software application
to be accessed by multiple users. “Instance” means a single copy of
the Software executing at a particular time: (i) on one physical
machine; or (ii) on one deployed software virtual machine (“VM”) or
similar deployment.
License types
Designated System(s) License (DS). End User may install and use
each copy or an Instance of the Software only: 1) on a number of
Designated Processors up to the number indicated in the order; or 2)
up to the number of Instances of the Software as indicated in the
order, Documentation, or as authorized by Avaya in writing. Avaya
may require the Designated Processor(s) to be identified in the order
by type, serial number, feature key, Instance, location or other
specific designation, or to be provided by End User to Avaya through
electronic means established by Avaya specifically for this purpose.
Named User License (NU). You may: (i) install and use each copy or
Instance of the Software on a single Designated Processor or Server
per authorized Named User (defined below); or (ii) install and use
each copy or Instance of the Software on a Server so long as only
authorized Named Users access and use the Software. “Named
User”, means a user or device that has been expressly authorized by
Avaya to access and use the Software. At Avaya’s sole discretion, a
“Named User” may be, without limitation, designated by name,
corporate function (e.g., webmaster or helpdesk), an e-mail or voice
mail account in the name of a person or corporate function, or a
directory entry in the administrative database utilized by the Software
that permits one user to interface with the Software.
Shrinkwrap License (SR). You may install and use the Software in
accordance with the terms and conditions of the applicable license
agreements, such as “shrinkwrap” or “clickthrough” license
accompanying or applicable to the Software (“Shrinkwrap License”).
Copyright
Except where expressly stated otherwise, no use should be made of
materials on this site, the Documentation, Software, Hosted Service,
or hardware provided by Avaya. All content on this site, the
documentation, Hosted Service, and the product provided by Avaya
including the selection, arrangement and design of the content is
owned either by Avaya or its licensors and is protected by copyright
and other intellectual property laws including the sui generis rights
relating to the protection of databases. You may not modify, copy,
reproduce, republish, upload, post, transmit or distribute in any way
any content, in whole or in part, including any code and software
unless expressly authorized by Avaya. Unauthorized reproduction,
transmission, dissemination, storage, and or use without the express
written consent of Avaya can be a criminal, as well as a civil offense
under the applicable law.
Virtualization
The following applies if the product is deployed on a virtual machine.
Each product has its own ordering code and license types. Note,
unless otherwise stated, that each Instance of a product must be
separately licensed and ordered. For example, if the end user
customer or Avaya Channel Partner would like to install two
Instances of the same type of products, then two products of that
type must be ordered.
Third Party Components
“Third Party Components” mean certain software programs or
portions thereof included in the Software or Hosted Service may
contain software (including open source software) distributed under
third party agreements (“Third Party Components”), which contain
terms regarding the rights to use certain portions of the Software
(“Third Party Terms”). As required, information regarding distributed
Linux OS source code (for those products that have distributed Linux
OS source code) and identifying the copyright holders of the Third
Party Components and the Third Party Terms that apply is available
in the products, Documentation or on Avaya’s website at: https://
support.avaya.com/Copyright or such successor site as designated
by Avaya. The open source software license terms provided as Third
Party Terms are consistent with the license rights granted in these
Software License Terms, and may contain additional rights benefiting
You, such as modification and distribution of the open source
software. The Third Party Terms shall take precedence over these
Software License Terms, solely with respect to the applicable Third
Party Components to the extent that these Software License Terms
impose greater restrictions on You than the applicable Third Party
Terms.
The following applies only if the H.264 (AVC) codec is distributed with
the product. THIS PRODUCT IS LICENSED UNDER THE AVC
PATENT PORTFOLIO LICENSE FOR THE PERSONAL USE OF A
CONSUMER OR OTHER USES IN WHICH IT DOES NOT RECEIVE
REMUNERATION TO (i) ENCODE VIDEO IN COMPLIANCE WITH
THE AVC STANDARD (“AVC VIDEO”) AND/OR (ii) DECODE AVC
VIDEO THAT WAS ENCODED BY A CONSUMER ENGAGED IN A
PERSONAL ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO
PROVIDER LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS
GRANTED OR SHALL BE IMPLIED FOR ANY OTHER USE.
ADDITIONAL INFORMATION MAY BE OBTAINED FROM MPEG LA,
L.L.C. SEE HTTP://WWW.MPEGLA.COM.
Service Provider
THE FOLLOWING APPLIES TO AVAYA CHANNEL PARTNER’S
HOSTING OF AVAYA PRODUCTS OR SERVICES. THE PRODUCT
OR HOSTED SERVICE MAY USE THIRD PARTY COMPONENTS
SUBJECT TO THIRD PARTY TERMS AND REQUIRE A SERVICE
PROVIDER TO BE INDEPENDENTLY LICENSED DIRECTLY FROM
THE THIRD PARTY SUPPLIER. AN AVAYA CHANNEL PARTNER’S
HOSTING OF AVAYA PRODUCTS MUST BE AUTHORIZED IN
WRITING BY AVAYA AND IF THOSE HOSTED PRODUCTS USE
OR EMBED CERTAIN THIRD PARTY SOFTWARE, INCLUDING
BUT NOT LIMITED TO MICROSOFT SOFTWARE OR CODECS,
THE AVAYA CHANNEL PARTNER IS REQUIRED TO
INDEPENDENTLY OBTAIN ANY APPLICABLE LICENSE
AGREEMENTS, AT THE AVAYA CHANNEL PARTNER’S EXPENSE,
DIRECTLY FROM THE APPLICABLE THIRD PARTY SUPPLIER.
WITH RESPECT TO CODECS, IF THE AVAYA CHANNEL
PARTNER IS HOSTING ANY PRODUCTS THAT USE OR EMBED
THE G.729 CODEC, H.264 CODEC, OR H.265 CODEC, THE
AVAYA CHANNEL PARTNER ACKNOWLEDGES AND AGREES
THE AVAYA CHANNEL PARTNER IS RESPONSIBLE FOR ANY
AND ALL RELATED FEES AND/OR ROYALTIES. THE G.729
CODEC IS LICENSED BY SIPRO LAB TELECOM INC. SEE
WWW.SIPRO.COM/CONTACT.HTML. THE H.264 (AVC) CODEC IS
LICENSED UNDER THE AVC PATENT PORTFOLIO LICENSE FOR
THE PERSONAL USE OF A CONSUMER OR OTHER USES IN
WHICH IT DOES NOT RECEIVE REMUNERATION TO: (I) ENCODE
VIDEO IN COMPLIANCE WITH THE AVC STANDARD (“AVC
VIDEO”) AND/OR (II) DECODE AVC VIDEO THAT WAS ENCODED
BY A CONSUMER ENGAGED IN A PERSONAL ACTIVITY AND/OR
WAS OBTAINED FROM A VIDEO PROVIDER LICENSED TO
PROVIDE AVC VIDEO. NO LICENSE IS GRANTED OR SHALL BE
IMPLIED FOR ANY OTHER USE. ADDITIONAL INFORMATION
FOR H.264 (AVC) AND H.265 (HEVC) CODECS MAY BE
OBTAINED FROM MPEG LA, L.L.C. SEE HTTP://
WWW.MPEGLA.COM.
Compliance with Laws
You acknowledge and agree that it is Your responsibility for
complying with any applicable laws and regulations, including, but not
limited to laws and regulations related to call recording, data privacy,
intellectual property, trade secret, fraud, and music performance
rights, in the country or territory where the Avaya product is used.
Preventing Toll Fraud
“Toll Fraud” is the unauthorized use of your telecommunications
system by an unauthorized party (for example, a person who is not a
corporate employee, agent, subcontractor, or is not working on your
company's behalf). Be aware that there can be a risk of Toll Fraud
associated with your system and that, if Toll Fraud occurs, it can
result in substantial additional charges for your telecommunications
services.
Avaya Toll Fraud intervention
If You suspect that You are being victimized by Toll Fraud and You
need technical assistance or support, call Technical Service Center
Toll Fraud Intervention Hotline at +1-800-643-2353 for the United
States and Canada. For additional support telephone numbers, see
the Avaya Support website: https://support.avaya.com or such
successor site as designated by Avaya.
Security Vulnerabilities
Information about Avaya’s security support policies can be found in
the Security Policies and Support section of https://
support.avaya.com/security.
Suspected Avaya product security vulnerabilities are handled per the
Avaya Product Security Support Flow (https://
support.avaya.com/css/P8/documents/100161515).
Downloading Documentation
For the most current versions of Documentation, see the Avaya
Support website: https://support.avaya.com, or such successor site
as designated by Avaya.
Contact Avaya Support
See the Avaya Support website: https://support.avaya.com for
product or Hosted Service notices and articles, or to report a problem
with your Avaya product or Hosted Service. For a list of support
telephone numbers and contact addresses, go to the Avaya Support
website: https://support.avaya.com (or such successor site as
designated by Avaya), scroll to the bottom of the page, and select
Contact Avaya Support.
Trademarks
The trademarks, logos and service marks (“Marks”) displayed in this
site, the Documentation, Hosted Service(s), and product(s) provided
by Avaya are the registered or unregistered Marks of Avaya, its
affiliates, its licensors, its suppliers, or other third parties. Users are
not permitted to use such Marks without prior written consent from
Avaya or such third party which may own the Mark. Nothing
contained in this site, the Documentation, Hosted Service(s) and
product(s) should be construed as granting, by implication, estoppel,
or otherwise, any license or right in and to the Marks without the
express written permission of Avaya or the applicable third party.
Avaya is a registered trademark of Avaya Inc.
All non-Avaya trademarks are the property of their respective owners.
Linux® is the registered trademark of Linus Torvalds in the U.S. and
other countries.
 Contents

Chapter 1: Introduction............................................................................................................ 8
Purpose.................................................................................................................................. 8
Prerequisites........................................................................................................................... 8
Change history........................................................................................................................ 9
®
Chapter 2: Avaya Aura Device Services overview............................................................. 10
Architecture topology............................................................................................................. 11
Cluster topology.................................................................................................................... 12
Solution components............................................................................................................. 13
Chapter 3: Planning and configuration................................................................................. 15
Planning............................................................................................................................... 15
Planning checklist............................................................................................................ 15
Latest software updates and patch information.................................................................. 16
Data required for installation............................................................................................. 17
Downloading software from PLDS.................................................................................... 19
Server hardware and resources for VMware...................................................................... 20
VMware software requirements........................................................................................ 20
AADS virtual machine resource requirements.................................................................... 20
Supported browsers........................................................................................................ 21
Supported servers........................................................................................................... 21
Configuration tools and utilities......................................................................................... 21
Virtual disk volume specifications for partitioning versions 1.0 and 2.0................................. 21
System layer commands.................................................................................................. 23
Preconfiguration steps........................................................................................................... 29
Pre-deployment checklist................................................................................................. 29
Configuring SSH terminal keepalive timer.......................................................................... 30
Adding data center.......................................................................................................... 30
Assigning Session Manager to a data center..................................................................... 31
Enabling data storage clustering....................................................................................... 32
Verify whether Cassandra service started in Session Manager............................................ 32
Setting up the DNS server................................................................................................ 33
Updating DNS addresses and search domains.................................................................. 37
Updating NTP addresses................................................................................................. 38
Licensing.............................................................................................................................. 38
®
Avaya Aura Device Services licensing requirements......................................................... 38
Adding a license file to System Manager........................................................................... 39
Chapter 4: Deploying Avaya Aura Device Services OVA.................................................... 40
Deployment methods............................................................................................................. 40
®
Avaya Aura Device Services installation checklist................................................................... 40
Installation on VMware checklist............................................................................................. 41

August 2017 Deploying Avaya Aura® Device Services 4

Comments on this document? [email protected]
 Contents

®
Deploying Avaya Aura Device Services OVA on VMware using vCenter vSphere client............. 42
VM Deployment Configuration Parameters and Network Parameters field descriptions......... 44
®
Deploying Avaya Aura Device Services OVA on vSphere connected directly to the host............ 45
®
Deploying the Avaya Aura Device Services OVA through Solution Deployment Manager from
System Manager................................................................................................................... 46
VM Management field descriptions................................................................................... 48
®
Configuring virtual IP address for Avaya Aura Device Services cluster configuration................. 53
®
Avaya Aura Device Services post-installation checklist........................................................... 54
Chapter 5: Post deployment configuration.......................................................................... 56
®
Adding an Avaya Aura Device Services instance to System Manager...................................... 56
®
Pairing Session Manager with an Avaya Aura Device Services node....................................... 58
®
Effect of Session Manager on Avaya Aura Device Services..................................................... 59
®
Logging on to the Avaya Aura Device Services console on VMware......................................... 59
®
Avaya Aura Device Services installation checklist................................................................... 60
®
Configuring an Avaya Aura Device Services seed node in a cluster......................................... 61
Initial Installation Configuration field descriptions................................................................ 64
®
Configuring an Avaya Aura Device Services node in a cluster................................................. 67
Running the post installation script.......................................................................................... 70
Checking for DRS synchronization.......................................................................................... 71
Importing a trusted LDAP certificate........................................................................................ 72
®
Configuring virtual IP address for Avaya Aura Device Services cluster configuration................. 73
®
Logging in to the Avaya Aura Device Services web interface................................................... 74
Chapter 6: Configuration........................................................................................................ 76
Saving existing LDAP settings................................................................................................ 76
Configuration........................................................................................................................ 76
®
Configuring Avaya Aura Device Services using the configuration utility............................... 77
®
Configuring the Avaya Aura Device Services server firewall.............................................. 93
®
Avaya Aura Device Services certificate configuration........................................................ 93
LDAP settings configuration........................................................................................... 100
Importing a trusted LDAP certificate................................................................................ 117
®
Avaya Aura Device Services remote access configuration............................................... 118
Cluster node configuration................................................................................................... 128
®
Avaya Aura Device Services cluster installation.............................................................. 128
Enabling PPM rate limiting for Session Manager.................................................................... 134
®
Setting up TLS link for Avaya Scopia iView.......................................................................... 135
Enabling the Enhanced Access Security Gateway after OVA deployment................................ 136
Removing EASG................................................................................................................. 137
Checklist for reverse proxy configuration............................................................................... 138
Creating a Certificate Signing Request.................................................................................. 139
TLS Certificates screen field descriptions.............................................................................. 139
Creating a Certificate Signing Request (CSR) using OpenSSL................................................ 141
Creating an end entity.......................................................................................................... 141
Creating the certificate using a CSR..................................................................................... 142

August 2017 Deploying Avaya Aura® Device Services 5

Comments on this document? [email protected]
Contents

Uploading certificate file....................................................................................................... 143

Synchronizing and installing certificate in a multi-server deployment........................................ 144
Downloading the System Manager PEM certificate................................................................ 145
Installing CA certificate........................................................................................................ 145
®
Signing identity certificates for Avaya Aura Device Services using third party CA certificates.... 146
Configuring System Manager to trust third party root CA certificates........................................ 147
Creating a new TLS server profile......................................................................................... 148
TLS server profile screen field descriptions...................................................................... 148
Creating a client profile........................................................................................................ 150
TLS client profile screen field descriptions....................................................................... 151
Adding reverse proxy........................................................................................................... 153
Integrated Windows Authentication administration and management....................................... 154
Authentication prerequisites........................................................................................... 154
Setting up the Windows Domain Controller...................................................................... 155
®
Setting up IWA on the Avaya Aura Device Services administration portal......................... 156
System layer (OS) updates on VMware virtual machines........................................................ 158
Determining if a system update is applicable................................................................... 158
Downloading, extracting, and staging a system layer update............................................. 159
Installing a staged system layer update........................................................................... 160
®
Chapter 7: Upgrading Avaya Aura Device Services........................................................ 162
®
Rolling back Avaya Aura Device Services............................................................................ 163
Upgrading existing test configurations................................................................................... 164
Chapter 8: Troubleshooting and maintenance................................................................... 165
®
Checking Avaya Aura Device Services status...................................................................... 165
Service unavailable............................................................................................................. 165
™ ®
Avaya Equinox is unable to connect to Avaya Aura Device Services.................................... 166
™
Running patch to allow Avaya Equinox for Windows to reach Web Deployment service.......... 166
® ®
Running the patch to allow Avaya Aura Web Gateway to reach Avaya Aura Device Services
auto-configuration service.................................................................................................... 167
runUserDiagnostics tool....................................................................................................... 168
®
Shutting down Avaya Aura Device Services gracefully.......................................................... 169
Data on Cassandra is corrupted........................................................................................... 169
®
Uninstalling Avaya Aura Device Services............................................................................. 169
®
Session Manager still shows Avaya Aura Device Services data after decommissioning........... 170
Installing SIP CA certificate from CLI..................................................................................... 172
Chapter 9: Back up and restore system information........................................................ 173
Backup and restore checklist................................................................................................ 173
Backing up user data storage............................................................................................... 174
®
Backing up Avaya Aura Device Services.............................................................................. 174
BackupAADS.sh options...................................................................................................... 175
Restoring user data storage................................................................................................. 175
®
Restoring Avaya Aura Device Services................................................................................ 176
RestoreAADS.sh options..................................................................................................... 176

August 2017 Deploying Avaya Aura® Device Services 6

Comments on this document? [email protected]
 Contents

®
Avaya Aura Device Services cluster backup and restore....................................................... 177
Chapter 10: Resources......................................................................................................... 178
Documentation.................................................................................................................... 178
Finding documents on the Avaya Support website........................................................... 178
Viewing Avaya Mentor videos............................................................................................... 179
Support.............................................................................................................................. 180
Appendix A: Examples of Microsoft Active Directory LDAP property files.................... 181
Appendix B: LDAP search results and referrals................................................................ 183
®
Changing the password of the Avaya Aura Device Services virtual machine on VMware
through SSH....................................................................................................................... 186
Appendix C: Virtualization................................................................................................... 187
Thin vs. thick deployments................................................................................................... 187
®
Increasing the disk size of the Avaya Aura Device Services virtual machine through
VMware........................................................................................................................ 187
®
Increasing CPU and Memory of the Avaya Aura Device Services virtual machine............. 189
Increasing the size of a virtual disk.................................................................................. 189
Increasing the size of a disk volume on a virtual machine................................................. 190
Increasing the virtual machine disk size in the Appliance Virtualization Platform (AVP)
environment.................................................................................................................. 192
Appendix D: Aliases............................................................................................................. 193

August 2017 Deploying Avaya Aura® Device Services 7

Comments on this document? [email protected]
Chapter 1: Introduction

Purpose
This document describes the installation, configuration, initial administration, and basic maintenance
checklist and procedures of Avaya Aura® Device Services.
This document is intended for people who install and configure a verified Avaya Aura® Device
Services reference configuration at a customer site.

Prerequisites
Before deploying the product, ensure that you have the following knowledge, skills, and tools.
Knowledge
• System Manager
• Session Manager
• Presence Services
• Avaya Session Border Controller for Enterprise
• Solution Deployment Manager (SDM) and SDM client
• Cassandra database
• LDAP Server
• vSphere client
• Certificates
• Avaya Equinox™ clients
Skills
• To deploy Session Manager.
• To set up the enterprise LDAP directory.
• To administer the System Manager console.
Tools
For information about tools and utilities, see Configuration tools and utilities.

August 2017 Deploying Avaya Aura® Device Services 8

Comments on this document? [email protected]
 Change history

Change history
Issue Date Summary of changes
Issue 1 July 2017 • Introduced Disk Partitioning version 2.0.
• Added information on system layer commands.
• Added information on Upgrading existing test configurations.
Issue 2 August 2017 • Added a procedure for signing identity certificates using third party
Certificate Authority (CA) certificates.
• Added a procedure to create a Certificate Signing Request (CSR)
using OpenSSL.
• Added a procedure to increase virtual machine disk size.

August 2017 Deploying Avaya Aura® Device Services 9

Comments on this document? [email protected]
Chapter 2: Avaya Aura® Device Services
overview

Avaya Aura® Device Services provides a set of services to Avaya Equinox™ 3.0. Avaya Aura®
Device Services is co-resident with Session Manager and is delivered as separate OVA.
The following services are provided when using Avaya Aura® Device Services with Avaya Equinox™
3.0:
• Contact: To use the Contact service, a user must be a provisioned user on LDAP Server.
Using the contact service, you can:
- Manage the contact detail from any device.
- Add, update, and delete a contact.
- Perform an enterprise search of existing sources of contacts, such as, System Manager,
multiple LDAPs, single LDAP multiple domains, and local only.
Avaya Aura® Device Services supports directory search of up to 300 contacts. The number
of contacts displayed in search results for a client depends on the number of search results
that the client supports.
- Set and retrieve information, such as, preferred names, picture, and preferences. Using the
Picture service, you can create and override, delete, and update the picture of a user. This
also provides a centralized, firewall-friendly interface to include these picture urls in the
contact information or search results.
- Search and retrieve information about Avaya Scopia® users and terminals.
You can use Avaya Aura® Device Services to search for Avaya Scopia® users and terminals
only when iView’s address is configured on Avaya Aura® Device Services.
• Notification: The Notification service provides a common infrastructure that allows a client or
endpoint to subscribe to receive events from a number of service resources using a single
connection.
• Dynamic Configuration: The Dynamic Configuration service provides discovery of
configuration settings to UC Clients. You can customize these settings on a global, group,
individual, or platform basis. The Dynamic Configuration service uses the automatic
configuration feature of Avaya Equinox™ 3.0 to facilitate the configuration details to the UC
clients. This helps the user to avoid manual configuration of their client. To log in to the client,
the user needs to enter their credentials, such as, email address or Windows user id, along
with their enterprise credentials.

August 2017 Deploying Avaya Aura® Device Services 10

Comments on this document? [email protected]
 Architecture topology

The Dynamic Configuration service is supported on the following Avaya Equinox™ 3.0 devices:
- Avaya Equinox™ for Android
- Avaya Equinox™ for iOS
- Avaya Equinox™ for Mac
- Avaya Equinox™ for Windows
• Web Deployment: The Web Deployment service publishes and deploys the UC client updates
to the devices of the end users. The Web Deployment service is supported on the following
devices of the Avaya Equinox™ 3.0:
- Avaya Equinox™ for Mac
- Avaya Equinox™ for Windows

Architecture topology
Avaya Aura® Device Services and Session Manager share the same Cassandra database.
To provide services to the Avaya UC clients in Release 3.0, Avaya Aura® Device Services services
are hosted in a separate Tomcat 8 container. Whereas the existing Session Manager services
including PPM are hosted in a JBOSS container. A common contacts schema is shared between
Avaya Aura® Device Services and PPM.
The DRS synchronization performs the synchronization between System Manager and the local
Avaya Aura® Device Services DRS replica.
The following diagram depicts the architecture of Avaya Aura® Device Services:

August 2017 Deploying Avaya Aura® Device Services 11

Comments on this document? [email protected]
Avaya Aura® Device Services overview

Figure 1: Avaya Aura® Device Services architecture

Avaya Aura® Device Services is aligned with Session Manager, Appliance Virtualization Platform,
and VMware Virtualized Environment offers. The VMware license embedded in Appliance
Virtualization Platform does not support vCenter.

Cluster topology
When the Enable Data Storage Cluster flag is checked, all the Session Manager instances become
members of a Cassandra cluster. Each Session Manager instance in the cluster can also be
configured as part of a data center.

August 2017 Deploying Avaya Aura® Device Services 12

Comments on this document? [email protected]
 Solution components

Figure 2: Cassandra Clustering Topology

Solution components
Components Description
®
Avaya Aura core • System Manager
• Session Manager
• Communication Manager
• Presence Services
• WebLM
Enterprise Directory The Enterprise LDAP server.
Avaya-provided server Appliance Virtualization Platform
Endpoints • Avaya Equinox™ for Android Release 3.0
• Avaya Equinox™ for iOS Release 3.0
• Avaya Equinox™ for Mac Release 3.0
• Avaya Equinox™ for Windows Release 3.0

August 2017 Deploying Avaya Aura® Device Services 13

Comments on this document? [email protected]
Avaya Aura® Device Services overview

Virtualized components Description

ESXi Host A virtual machine running the ESXi Hypervisor software.
ESXi Hypervisor A platform that runs multiple operating systems on a host computer at
the same time.
vSphere Client An application that installs and manages virtual machines. vSphere
Client connects to a vCenter server or directly to an ESXi host if a
vCenter Server is not used. The application is installed on a personal
computer or accessible through a web interface.
vCenter Server An administrative interface from VMware for the entire virtual
infrastructure or data center, including VMs, ESXi hosts, deployment
profiles, distributed virtual networking, and hardware monitoring.
Appliance Virtualization Platform A platform that is a customized OEM version of VMware ESXi 5.5.
Appliance Virtualization Platform supports ESXi 5.5 and 6.0.
With Appliance Virtualization Platform, customers can run any
combination of supported applications on Avaya-supplied servers.
Appliance Virtualization Platform provides greater flexibility in scaling
customer solutions to individual requirements.
Appliance Virtualization Platform is available only in an Avaya-appliance
offer. Avaya-appliance offer does not support VMware® tools, such as
vCenter and vSphere Client. You can configure and manage Appliance
Virtualization Platform by using Solution Deployment Manager that is
part of System Manager, or by installing the Solution Deployment
Manager client.
Solution Deployment Manager The centralized software management solution of Avaya that provides
deployment, upgrade, migration, and update capabilities for the Avaya
Aura® virtual applications.
Open Virtualization Appliance The virtualized operating system and application packaged in a single
file that is used to deploy a virtual machine.

You can deploy AADS if you have any of the following:

• Solution Deployment Manager
• vSphere Client
• vCenter server
• Appliance Virtualization Platform

August 2017 Deploying Avaya Aura® Device Services 14

Comments on this document? [email protected]
Chapter 3: Planning and configuration

Planning

Planning checklist
This chapter describes the planning and pre-configuration that you must perform before installing
the Avaya Aura® Device Services server.
Warning:
When you deploy Avaya Aura® Device Services, avoid copying and pasting commands directly
from this document. This can introduce unwanted characters and errors. Double-check all inputs
you copy or type them manually.
Ensure you follow the steps in sequence before deploying the Avaya Aura® Device Services OVA.
# Task Reference

1 Identify the hypervisor and verify that See AADS virtual machine resource
the capacity meets the OVA requirements on page 20.
requirements.
2 Plan the staging and verification See AADS virtual machine resource
activities and assign the resources. requirements on page 20.
3 Purchase the required licenses. Go to the Avaya Product Licensing and
Delivery System at https://plds.avaya.com/.
Register for PLDS and do the
following:
• Obtain the license file.
• Activate license entitlements in
PLDS.
4 Download the required Avaya Aura® See Downloading software from PLDS on
Device Services OVA. page 19.
See Configuration tools and utilities on
page 21.
5 Verify the md5sum of the ova file
matches with the md5sum on PLDS.

August 2017 Deploying Avaya Aura® Device Services 15

Comments on this document? [email protected]
Planning and configuration

# Task Reference

6 Gather and keep configuration data See Avaya Aura® Device Services
ready. Questionnaire and Data required for
installation on page 17.
7 It is recommended that you deploy
Avaya Aura® Device Services on the
same subnet as the Session
Manager management subnet.
8 If you use Nginx as an external load
balancer, ensure the following:
• The network latency between
Avaya Aura® Device Services and
the associated Session Manager
must be less than 5 ms.
• The Avaya Aura® Device Services
servers, load balancers, and virtual
IP should be in the same subnet.
9 Avaya Aura® Device Services For single node installations, see Deploying
supports single node and cluster AADS OVA on page 45 and Post
node installations. deployment configuration on page 56.
If you choose to install a standalone For cluster node installations, in addition to
Avaya Aura® Device Services at Deploying AADS OVA on page 45 and Post
present, but in future decide to move deployment configuration on page 56, see
to a cluster that uses a virtual IP, the Cluster node configuration on page 128.
original standalone node needs to be
reconfigured with the original virtual
IP as the front end FQDN.
Accordingly, the new FQDN addition
for Avaya Aura® Device Services
must be notified to your clients.
To avoid this scenario, you can plan
in advance and add a virtual IP for
the front end FQDN of the standalone
node. This would make the transition
from a standalone node to a cluster
easier in the future.

Latest software updates and patch information

Before you start the deployment or upgrade of an Avaya product or solution, download the latest
software updates or patches for the product or solution. For more information, see the latest release
notes, Product Support Notices (PSN), and Product Correction Notices (PCN) for the product or
solution on the Avaya Support Web site at https://support.avaya.com/.

August 2017 Deploying Avaya Aura® Device Services 16

Comments on this document? [email protected]
 Planning

After deploying or upgrading a product or solution, use the instructions in the release notes, PSNs,
or PCNs to install any required software updates or patches.
For third-party products used with an Avaya product or solution, see the latest release notes for the
third-party products to determine if you need to download and install any updates or patches.

Data required for installation

Gather and keep the following data ready before you attempt Avaya Aura® Device Services
installation.
Parameter Notes Value

LDAP type Avaya Aura® Device Services supports the following

LDAP types:
• OpenLDAP 2.4.31
• Domino 8.5.3
• Novell
• Active Directory 2008
• Active Directory 2012
• Oracle Directory Server 5.2
• Active Directory Lightweight Directory Services
(LDS) 2008
• LDS 2012
Ensure that your system uses one of the following
LDAP types before you install Avaya Aura® Device
Services.
Additional LDAP • LDAP URL
parameters
• Bind DN
• Bind Credential
• UID Attribute ID
• Base Context DN
• Role Filter
• Role Context DN
• Role Attribute ID
• Role Recursion
• Search Scope
• User IDs for admin role, users role, and auditor role
• Active users filter

August 2017 Deploying Avaya Aura® Device Services 17

Comments on this document? [email protected]
Planning and configuration

Parameter Notes Value

For examples of LDAP parameters, see LDAP

configuration on page 81 or Examples of Microsoft
Active Directory LDAP property files on page 181.
Avaya Aura® Ensure that Avaya Aura® components are at least at
components the versions specified in the following list:
• Session Manager: 7.0.1.2.xxxxxx or later
• System Manager: 7.0.1.2.xxxxxx or later
System Manager You must know the System Manager FQDN before
FQDN attempting installation.
System Manager If you use System Manager for enrolling certificates,
enrollment ensure you have the enrollment password.
password
Go to System Manager home page, and click
Security > Enrollment Password to check the
enrollment password has expired. If the Time
Remaining field displays zero, the password has
expired. If the password expired, type a new
password.
Session Manager To view the Session Manager Asset IP address, go to
Asset IP the System Manager home page, and click Session
Manager > Session Manager Administration.
Then, in the Session Manager Instances tab, select
a Session Manager instance, and click View. The
Session Manager asset IP address is displayed in the
SIP Entity IP Address field.
Session Manager To view the Session Manager management IP
management IP address, go to the System Manager home page, and
address click Session Manager > Session Manager
Administration. Then, in the Session Manager
Instances tab, select a Session Manager instance,
and click View. The Session Manager management
IP address is displayed in the Management Access
Point Host Name/IP field.
Keystore Set this while running the binary installer to any
password password of 6 characters or more.
Avaya Aura® While running the binary installer, use the same user
Device Services name that you specify while deploying the Avaya
CLI user name Aura® Device Services ova.
Avaya Aura® While running the binary installer, use the same
Device Services password that you specify while deploying the Avaya
CLI password Aura® Device Services ova.
Number of Avaya Aura® Device Services supports single node
deployment and multiple node deployments. By using the profile
nodes chosen during Session Manager deployment and the

August 2017 Deploying Avaya Aura® Device Services 18

Comments on this document? [email protected]
 Planning

Parameter Notes Value

number of users you need to support, determine how

many nodes you will need.
IP addresses/ For every n Avaya Aura® Device Services nodes to be
FQDNs deployed, you must have n+1 IP addresses. N
addresses for n nodes, and one virtual IP address.
For example, for deploying 3 nodes, you must have 3
IP addresses-one for each node, and one IP for the
virtual IP address.

Downloading software from PLDS

When you place an order for an Avaya PLDS-licensed software product, PLDS creates the license
entitlements of the order and sends an email notification to you. The email includes a license
activation code (LAC) and instructions for accessing and logging into PLDS. Use the LAC to locate
and download the purchased license entitlements.
In addition to PLDS, you can download the product software from http://support.avaya.com using
the Downloads and Documents tab at the top of the page.
Note:
Only the latest service pack for each release is posted on the support site. Previous service
packs are available only through PLDS.
Procedure
1. Enter http://plds.avaya.com in your Web browser to access the Avaya PLDS website.
2. Enter your login ID and password.
3. On the PLDS home page, select Assets.
4. Click View Downloads.
5. Click on the search icon (magnifying glass) for Company Name.
6. In the %Name field, enter Avaya or the Partner company name.
7. Click Search Companies.
8. Locate the correct entry and click the Select link.
9. Enter the Download Pub ID.
10. Click Search Downloads.
11. Scroll down to the entry for the download file and click the Download link.
12. In the Download Manager box, click the appropriate download link.

August 2017 Deploying Avaya Aura® Device Services 19

Comments on this document? [email protected]
Planning and configuration

Note:
The first link, Click to download your file now, uses the Download Manager to
download the file. The Download Manager provides features to manage the download
(stop, resume, auto checksum). The click here link uses your standard browser
download and does not provide the download integrity features.
13. If you use Internet Explorer and get an error message, click the install ActiveX message at
the top of the page and continue with the download.
14. Select a location where you want to save the file and click Save.
15. If you used the Download Manager, click Details to view the download progress.

Server hardware and resources for VMware

VMware offers compatibility guides that list servers, system, I/O, storage, and backup compatibility
with VMware infrastructure. For more information about VMware-certified compatibility guides and
product interoperability matrices, see http://www.vmware.com/resources/guides.html.

VMware software requirements

The following VMware software versions are supported:
• VMware vSphere ESXi 5.5 and 6.0
• VMware vCenter Server 5.5 and 6.0

AADS virtual machine resource requirements

s
Session Up to 2.5K 2.5K to 4.5K 4.5K to 7K 7K to 10K 10K to 23.3K
Manager Device Devices (Profile Devices (Profile Devices (Profile Devices (Profile Devices (Profile
Footprint 1) 2) 3) 4) 5)
AADS device Up to 750 Up to 1350 Up to 2100 Up to 3000 Up to 5240
footprints Devices Devices Devices Devices Devices
(Profile 1) (Profile 2) (Profile 3) (Profile 4) (Profile 5)
CPU Minimum 2300 MHz, Hyper-threaded
vCPUs 6 8 8 10 12
CPU MHz 6900 9200 9200 11500 13800
Reservation
Memory 5120 8192 10240 10240 12288
Reservation
(MB)

August 2017 Deploying Avaya Aura® Device Services 20

Comments on this document? [email protected]
 Planning

For capacity supported for Session Manager, see Avaya Aura® Session Manager Overview and
Specification.

Supported browsers
You can access the Avaya Aura® Device Services web interface on the following browsers:
• Internet Explorer 9.0 and later
• Mozilla Firefox 39.0 and later

Supported servers
You can deploy the Avaya Aura® Device Services OVA on the following servers:
• HP ProLiant DL360 G7
• Dell™ PowerEdge™ R610
• HP ProLiant DL360p G8
• Dell™ PowerEdge™ R620
• HP ProLiant DL360 G9
• Dell™ PowerEdge™ R630

Configuration tools and utilities

To deploy and configure the Avaya Aura® Device Services open virtual application (OVA), you need
the following tools and utilities:
• The Avaya Aura® Device Services OVA
• A remote computer running the vSphere client, Solution Deployment Manager Client, or
Solution Deployment Manager through System Manager
You can use any of these tools to deploy the Avaya Aura® Device Services OVA: vSphere
client, Solution Deployment Manager client, or Solution Deployment Manager through System
Manager.
• A physical server
• A browser for accessing the Avaya Aura® Device Services web interface
• PuTTy, WinSCP, and WinZip

Virtual disk volume specifications for partitioning versions 1.0

and 2.0
Avaya Aura® Device Services supports partitioning versions 1.0 and 2.0 with OVA deployments.
When you upgrade a system from a previous release to the current release, the system remains on

August 2017 Deploying Avaya Aura® Device Services 21

Comments on this document? [email protected]
Planning and configuration

partitioning version 1.0. When you deploy a new OVA for this release, the system is on partitioning
version 2.0.
Disk partitioning must be extended based on the number of users on the system. The following table
shows the file system layout for systems on partitioning versions 1.0 and 2.0.
Partitioning version 1.0
Disk Volume Volume Size (GiB)
Disk 1 Disk 2 Disk 3
/boot1 0.2
swap 2 8.0
/3 41.8
/home4 4.0
/opt/Avaya5 21.0
/media/data6 20.0
Total for disk 50.0 25.0 20.0
Total disk size 95.0

Partitioning version 2.0

Disk Volume Volume Size (GiB)
Disk 1 Disk 2 Disk 3
/boot 0.2
swapff 7 8.0
/ 4.0
/ftmp8 2.8
/var9 3.0
/var/log10 2.0
/var/log/audit11 3.0
/home12 4.0
/opt/Avaya13 15.0

1 The size of these volumes are static and cannot be increased.

2 The size of these volumes are static and cannot be increased.
3 The size of these volumes are static and cannot be increased.
4 The size of these volumes are dynamic and can be increased.
5 The size of these volumes are dynamic and can be increased.
6 The size of these volumes are dynamic and can be increased.
7 The size of these volumes are static and cannot be increased.
8 The size of these volumes are dynamic and can be increased.
9 The size of these volumes are dynamic and can be increased.
10 The size of these volumes are dynamic and can be increased.
11 The size of these volumes are dynamic and can be increased.
12 The size of these volumes are dynamic and can be increased.
13 The size of these volumes are dynamic and can be increased.

August 2017 Deploying Avaya Aura® Device Services 22

Comments on this document? [email protected]
 Planning

Disk Volume Volume Size (GiB)

Disk 1 Disk 2 Disk 3
/var/log/Avaya14 33.0
/media/data15 20.0
Total for disk 42.0 33.0 20.0
Total disk size 95.0

System layer commands

The sys command line alias facilitates the use and discovery of system layer commands. Typing
this command without arguments provides syntax help, and a list of supported system layer
commands. The following is an example:
[admin@server4889aads ~]$ sys

Execute system layer commands.

-h, --help
Command syntax (this help)

-hh, --hhelp
Verbose help

Available commands:

secconfig [Manage security settings]

versions [Query version information]
volmgt [Manage disk volume sizes]

Command invocation syntax:

sys <command> <arguments>

Command syntax
sys <command> -h

[admin@server4889aads ~]$

Verbose help information

-hh is used for verbose help information, which provides a brief description of each available
system layer command. The following is an example:
[admin@server4889aads ~]$ sys -hh

The "sys" command line alias facilitates access to the following commands
related to the system layer of UCApp appliances. To obtain help with
each of these commands, use the "-h" (or "--help") argument for help
with command line syntax, and "-hh" (or "--hhelp") for verbose help.

secconfig
Manages security-related settings.

versions

14 The size of these volumes are dynamic and can be increased.

15 The size of these volumes are dynamic and can be increased.

August 2017 Deploying Avaya Aura® Device Services 23

Comments on this document? [email protected]
Planning and configuration

Queries the version information of various elements of the system

layer.

volmgt
Queries the sizes of existing disk volumes and extends their sizes.

[admin@server4889aads ~]$

Any arguments provided after the name of the system layer command are passed through to that
command.
Related links
sys secconfig command on page 24
sys versions command on page 24
sys volmgt command on page 25

sys secconfig command

sys secconfig provides access to the secconfig command, which existed in previous
releases. The following is an example of this command:
[admin@server4950aads ~]$ sys secconfig --hhelp

This script is used to manage run-time security settings on this appliance.

The following command-line arguments are available:

--help, -h
Prints terse help (command line syntax).

--hhelp, -hh
Prints verbose help (this help).

--sshCBC < --enable | --disable | --query >

-cbc < -e | -d | -q >
Enables, disables, and queries the current state of SSH daemon
CBC-based ciphers.

[admin@server4950aads ~]$

Related links
System layer commands on page 23

sys versions command

The sys versions command provides a summary of key system layer information, including the
type of appliance (OVA), the version number of the system layer, the version of the current
partitioning, and the OVA that was originally deployed.
[admin@server4889aads ~]$ sys versions

Appliance type : AADS

System layer version : 3.2.0.0.8
Partitioning version : 1.0
Original OVA deploy : aads-3.2.0.0.329

[admin@server4889aads ~]$

Related links
System layer commands on page 23

August 2017 Deploying Avaya Aura® Device Services 24

Comments on this document? [email protected]
 Planning

sys volmgt command

Syntax help: sys volmgt --help
The sys volmgt command is used to query and extend disk volumes on the system. The following
provides the command line syntax for this command:
[admin@server4889aads ~]$ sys volmgt --help

Syntax:
--help, -h
--hhelp, -hh
--version, -v
--status, -st
--summary, -s
--monitor [tail|less], -m [tail|less]
--logs, -l
--scan
--extend <volume> [ <n>m | <n>g | <n>t --remaining ]
--extend --all
--reset

[admin@server4889aads ~]$

Verbose help: sys volmgt --hhelp

The verbose help information for the scripts provides more information about what the tool is used
for.
[admin@server4889aads ~]$ sys volmgt --hhelp

This script provides for the ability to extend the sizes of volumes on this
system. In order for a volume to be extended in size, the disk that hosts
the volume must first be increased in size using the tools that are used
to manage deployed virtual machines (VMware).

The following example illustrates how to add 20 GiB of storage to the

application log volume (/var/log/Avaya). This volume is located on the second
disk of the system and so this example assumes that disk 2 has been increased
in size by 20 GiB.

sys volmgt --extend /var/log/Avaya 20g

The above example will do two things:

1) It will extend the size of the LVM logical volume by 20 GiB.

2) It will then extend the size of the Linux file system that is
located inside that volume to the new size of the LVM logical
volume.

Step (2) above may take several minutes to complete for larger volumes. If,
for some reason, this second operation is interrupted, it can be re-run
using the same command, but WITHOUT specifying the size argument. For example,
the following command is used to perform step (2) only for the application
log volume (/var/log/Avaya).

sys volmgt --extend /var/log/Avaya

If in doubt as to whether or not all file systems have been fully extended in
their respective volumes, step (2) can be executed across all volumes using
a single command as follows:

sys volmgt --extend --all

August 2017 Deploying Avaya Aura® Device Services 25

Comments on this document? [email protected]
Planning and configuration

Performing step (2) on a file system that is already fully extended in its
LVM volume is a null operation (does no harm).

Note the following general points regarding this script:

- The extending of a volume cannot be undone. Make sure the correct volume
is being extended, and by the correct size. To confirm any extend
operation, the user is required to enter the response "confirm"
(case insensitive).

- In order to avoid impacting system performance, avoid performing extend

operations during periods of high traffic.

- Extend operations are performed by a background process, in order to

avoid interference due to loss of an SSH connection. Avoid powering down
or rebooting a server while there is a background operation in progress.
The presence of a running background operation can be queried as follows:

sys volmgt --status

- Logical volumes on the system are referenced using their Linux file system
mount points, such as /var/log/Avaya and /media/data, with the exception
of the volume containing Linux swap, which has no mount point. The Linux
swap volume is referenced using "swap".

- Sizes are specified in base 2 units rather than base 10 (SI) units. For
example, 1g = 1 GiB = 1024 x 1024 x 1024 bytes.

- Summary information is displayed in GiB, with a resolution of two decimal

places. When extending the sizes of LVM volumes, units can be specified
in mebibytes (m), gibibytes (g), or tebibytes (t).

- Due to file system overhead allocation by the Linux kernel, the size
of a file system will never exactly match the size as reported by
the LVM volume that contains that file system. To be certain that a file
system is fully extended to the size of the volume that contains it,
inspect the log file after issuing the extend operation as follows:

sys volmgt --monitor less

To perform such a check across all volumes:

sys volmgt --extend --all

sys volmgt --monitor less

The following arguments are supported by this script:

--help, -h
Terse help.

--hhelp, -hh
Verbose help (this help).

--version, -v
Prints the version of this script to stdout.

--status, -st
Prints the current status of this tool. Use this to determine
if there is a background operation in progress, or the results
of the last background operation.

--summary, -s
Prints a summary of disks, the LVM volumes contained on each disk,
and the file system contained in each LVM volume. Disk information

August 2017 Deploying Avaya Aura® Device Services 26

Comments on this document? [email protected]
 Planning

includes the size of the disk and the amount of free space
available for allocation to volumes on the disk. LVM volume
information includes the size of the LVM volume. File system
information includes the size of the Linux file system and the
current amount of space that is in use on that file system.

Due to file system overhead allocation by the Linux kernel, the

size of a file system will never exactly match the size as reported
by the LVM volume that contains that file system. Refer to the top of
this help information for more information.

--monitor [tail|less]
-m [tail|less]
Browse the log file for the latest extend operation. Specify "tail"
to use the tail browser. Specify "less" to use the less
browser, which allows scrolling and searching through the log file.
If neither is specified, the browser defaults to the tail browser.

--logs
Generate a zip file in the current working directory that contains
all logs generated to date by this script.

--scan
Scan disks for newly available storage. Do this after increasing
the disk size of one of more disks. Once scanned, the newly
available space appears in the "Free" column in the "--summary"
output, and is now available for allocation to volumes on that disk.

A summary is printed after the scan to show the updated volume

information.

--extend <volume> [ <n>m | <n>g | <n>t --remaining ]--extend --all

The first form of the command operates on a single volume. If a size
is specified, then the LVM volume is extended by that size (step 1),
and the file system it contains is extended to use the new space
made available in that volume (step 2). If a size is not specfied,
then the file system contained in that volume is extended (i.e.,
step 2 only).

The "--all" form of the command is used to perform step 2 across

all volumes on the system.

For more information, see the examples at the top of this help.

If "--remaining" is specified for the size, then the specified

volume is extended with all remaining free space on that disk.
If a specific increment is provided, then the volume is extended
by that amount, reducing the amount of free space on the disk
by that amount. Specific sizes are in the form of a number
(e.g., "10", "10.5", or ".5") and a unit. Units are "m" for
mebibites, "g" for gibibytes", and "t" for tebibytes".

The smallest increment that can be specified is 100 MiB.

Example invocations:

sys volmgt --extend /var/log/Avaya 10g

sys volmgt --extend /var/log/Avaya 10.5g
sys volmgt --extend /var/log/Avaya 0.5g
sys volmgt --extend /var/log/Avaya .5g
sys volmgt --extend /var/log/Avaya 500m
sys volmgt --extend /var/log/Avaya --remaining
sys volmgt --extend /var/log/Avaya

--reset

August 2017 Deploying Avaya Aura® Device Services 27

Comments on this document? [email protected]
Planning and configuration

Resets internal tracking data. Use this if this script is blocked

on an invalid background progress indication. This condition can
arise if a background operation was prematurely terminated due to,
for example, a system reboot. Verify that no background operations
are in progress prior to executing this command, through verification
of the process id as reported by the "--status" argument.

[admin@server4889aads ~]$

Partitioning examples: sys volmgt --summary

Avaya Aura® Device Services supports partitioning versions 1.0 and 2.0.
The following example shows a summary of the information provided by this command for a version
1.0 partitioned system:
[admin@server4889aads ~]$ sys volmgt --summary

Disk and Volume Summary

+----------- Disk ------------+------------------- Volume --------------------+

| | LVM File System |
| Num Name Size Free | Name Size Size Usage |
+-----------------------------+-----------------------------------------------+
| 2 sdb 25.00 0.00 | /home 4.00 3.94 1.49 |
| | /opt/Avaya 21.00 20.67 1.27 |
+-----------------------------+-----------------------------------------------+
| 3 sdc 10.00 0.00 | /media/data 10.00 9.84 0.15 |
+-----------------------------+-----------------------------------------------+

The following example shows a summary of the information provided by this command for a version
2.0 partitioned system:
[admin@server4950aads ~]$ sys volmgt -s

Disk and Volume Summary

+----------- Disk ------------+------------------- Volume --------------------+

| | LVM File System |
| Num Name Size Free | Name Size Size Usage |
+-----------------------------+-----------------------------------------------+
| 1 sda 41.78 0.00 | / 4.00 3.81 1.26 |
| | /home 4.00 3.81 0.05 |
| | /opt/Avaya 14.97 14.61 1.14 |
| | /tmp 2.81 2.71 0.01 |
| | /var 3.00 2.89 0.03 |
| | /var/log 2.00 1.91 0.00 |
| | /var/log/audit 3.00 2.89 0.00 |
| | swap 8.00 n/a n/a |
+-----------------------------+-----------------------------------------------+
| 2 sdb 60.00 0.00 | /var/log/Avaya 60.00 58.93 0.05 |
+-----------------------------+-----------------------------------------------+
| 3 sdc 20.00 0.00 | /media/data 20.00 19.56 0.04 |
+-----------------------------+-----------------------------------------------+
| 4 sdd 10.00 0.00 | /media/cassandra 10.00 9.71 0.02 |
+-----------------------------+-----------------------------------------------+

Related links
System layer commands on page 23

August 2017 Deploying Avaya Aura® Device Services 28

Comments on this document? [email protected]
 Preconfiguration steps

Preconfiguration steps

Pre-deployment checklist
Use this checklist to prepare your system before deploying the Avaya Aura® Device Services ova
file.
No. Task Description Notes

1 Adding a data center. See Adding data center on

page 30.
2 Assigning a Session See Assigning Session
Manager instance to a Manager to a data
data center. center on page 31.
3 Enable data storage To pair a Session Manager
clustering on Session instance with an Avaya
Manager. Aura® Device Services
instance, you must enable
data storage clustering.
If the Enable Data Storage
Cluster field on the
Session Manager
Administration page is
selected, all Session
Managers are added to the
Cassandra database
cluster.
If the Enable Data Storage
Cluster field is not
selected, all the Cassandra
nodes run in standalone
mode.
Cassandra clustering
should be done only when
Avaya Aura® Device
Services servers are
configured and paired with
Session Manager.
See Enabling data storage
clustering on page 32.
4 Setting the SSH See Configuring SSH
keepalive timer. terminal keepalive timer on
page 30.

August 2017 Deploying Avaya Aura® Device Services 29

Comments on this document? [email protected]
Planning and configuration

No. Task Description Notes

5 Updating DNS addresses See Updating DNS

and search domains. addresses and search
domains on page 37.
6 Updating NTP See Updating NTP
addresses. addresses on page 38.

Configuring SSH terminal keepalive timer

About this task
If the SSH terminal expires when installation is in progress, you will have to restart the installation.
Procedure
1. Open PuTTY.
2. In the Category section, click Connection.
3. In the Seconds between keepalives field, type an interval in milliseconds.
When you set a non-zero value in this field, the system sends a keepalive message
periodically, and prevents the session from timing out

Adding data center

Procedure
1. On the home page of the System Manager Web Console, in Elements, click Session
Manager > System Status > User Data Storage.
2. On the User Data Storage page, click the Data Center tab, and then click New.
The system displays the Edit Data Center page.
3. In the Name field, type the name of the data center.
4. In the Description field, type the description about the data center.
5. Click Commit.
Note:
A Warning message might display. However, the process is unaffected and you can
proceed to add the data center.
Related links
Data Center page field descriptions on page 31

August 2017 Deploying Avaya Aura® Device Services 30

Comments on this document? [email protected]
 Preconfiguration steps

Data Center page field descriptions

Name Description
Data Center The name of a data center.
Description The description of a data center.
Details The details of the Session Manager instances assigned to a data center.
# of assigned SMs The number of core Session Manager instances assigned to a data center.
SM The name of the core Session Manager assigned to a data center.
Description The description of the core Session Manager.

Name Description
New Creates a new Data Center. Assigns Core Session Managers to any Data
Center.
Edit Modifies a Data Center name, description, or modifies assignment of Core
Session Manager to any Data Center.
Delete Deletes a data center if the data center is not assigned to a core Session
Manager server.
View Displays the read only view of Data Center.

Related links
Adding data center on page 30

Assigning Session Manager to a data center

Before you begin
Data Centers need to be added before the Session Manager assigning.
About this task
You can assign a Session Manager instance to a data center while adding a Session Manager
instance or after adding the Session Manager instance using the Edit button.
Procedure
1. On the home page of the System Manager Web Console, in Elements, click Session
Manager > System Status > User Data Storage.
2. On the User Data Storage page, click the Data Center tab.
3. Select a data center and click Edit.
The system displays the Edit Data Center page.

August 2017 Deploying Avaya Aura® Device Services 31

Comments on this document? [email protected]
Planning and configuration

4. To assign Session Manager to data center, under the SMs unassigned or assigned to
other Data Center section, from the Data Center drop-down list, select the data center
name.
• If you select the same data center name for Session Manager, the system refreshes the
page and displays the assigned data center under the SMs in Data Center section.
• If you select the other data center name for Session Manager, the system displays the
assigned data center under the SMs unassigned or assigned to other Data Center
section.
5. Click Commit.
The system displays the Confirm Data Center assignments page.
6. Verify the data center and SM assignment.
7. Click Confirm.

Enabling data storage clustering

About this task
Enable the data storage clustering to activate Cassandra data replication and optionally, assign
Session Managers to discrete data centers for geo-redundancy.
You must preferably use Data Center assignment when Session Manager servers are
geographically separated.
Procedure
1. On the home page of the System Manager Web Console, in Elements, click Session
Manager > Session Manager Administration.
2. On the Global Settings tab, click Enable Data Storage Clustering.
3. Click Commit.

Verify whether Cassandra service started in Session Manager

About this task
Before beginning ova deployment, you must ensure that the Cassandra service has started.
Procedure
1. Log in to Session Manager through CLI or log in to System Manager.
2. Do one of the following:
• On the Session Manager CLI, type statapp.
The system displays the current status of the Cassandra service.

August 2017 Deploying Avaya Aura® Device Services 32

Comments on this document? [email protected]
 Preconfiguration steps

• Go to Session Manager > System Status > User Data Storage and check whether the
Cluster Status column shows that SM is part of a cluster.
3. If the service is not up, log in to the Session Manager CLI and type start —s cassandra
to start the Cassandra service.

Setting up the DNS server

About this task
You require the DNS setup only if the user uses an email address for automatic configuration. You
do not need the DNS setup if the user uses a standard web address.
Create records on the DNS server of the enterprise to link your DNS server to the settings file. Use
split-horizon DNS and the same FQDN for Session Border Controller and Session Manager if you
want to prevent users from re-configuring their clients when working outside of the enterprise
network.
Note:
You might need to discuss with your DNS provider if your level of service is sufficient to provide
support for DNS Service Discovery (DNS-SD). For more information, see DNS-Based Service
Discovery. Avaya Equinox™ uses DNS PTR records consistent with the DNS-SD RFC, which in
some cases might require an additional level of service from your DNS provider.
Before you begin
• Create the settings file.
• Configure a web server and save the settings file to that web server. You must know the URL
of the file on the web server.
• Set the following information based on your DNS server policy:
- SRV and TXT record time-to-live period in seconds. For example, 300. During this time, the
client or intermediate servers might cache the retrieved record. Usually, the SRV and TXT
record time-to-live periods share the same value.
- Web server port number. You can enter 0 to keep the default port number for the protocol.
- SRV record priority. For example, 0.
- SRV record weight. For example, 0.
Procedure
1. Create a PTR record that links the descriptive name of your settings file to the domain of the
enterprise.
a. Ensure that you name the PTR record as _avaya-ep-config._tcp.<domain>.
b. Use the descriptive name for the settings file as the target of the PTR record:
<Descriptive name>._avaya-ep-config._tcp.<domain>.
The following is an example of a PTR record: _avaya-ep-config._tcp.example.com.
IN PTR East._avaya-ep-config._tcp.example.com.
In case of Microsoft DNS Manager, the following is an example of a PTR record:

August 2017 Deploying Avaya Aura® Device Services 33

Comments on this document? [email protected]
Planning and configuration

_avaya-ep-config._tcp.example.com

East._avaya-ep-config._tcp.example.com

Tip:
In the left pane of Microsoft DNS Manager, you must create the PTR, SRV, and TXT
records at the _avaya-ep-config level. If the _avaya-ep-config level does not exist, you
must manually create the same. Right-click _avaya-ep-config and then select Other
New Records, select the resource record type, and then click Create Record.
2. Create an SRV record linking the descriptive name of your settings file to the web server
where the file resides.
If the URL to the settings file is https://server.example.com/East_settings.txt,
then the server name is server.example.com.
An SRV record also includes the following information:
• SRV time-to-live period in seconds during which the client or intermediate servers might
cache the retrieved record.
The following is an example of an SRV record: East._avaya-ep-
config._tcp.example.com. 300 IN SRV 0 0 443 server.example.com.
In this example:
• 300 is the time-to-live period

August 2017 Deploying Avaya Aura® Device Services 34

Comments on this document? [email protected]
 Preconfiguration steps

• The first zero is the priority, the second zero is the weight, and 443 is the port number.
In case of Microsoft DNS Manager, the following is an example of a SRV record:

East Properties

_tcp.example.com

East

443

server.example.com

3. Create a TXT record linking the descriptive name of your settings file to the remaining URL
information.
TXT records are provisioned differently depending on the DNS server. However, all TXT
records must have the following parameters:
• txtvers: The text version of the TXT record. This value indicates the structure version of
the record. You must always set the value to 1.
• path: The path to the settings file. An example value is path=/East_settings.txt.
• proto: The web server access scheme. This value is usually http or https.
The following is an example of a TXT record: East._avaya-ep-
config._tcp.example.com. 300 IN TXT "txtvers=1" "proto=https"
"path=/East_settings.txt"
In this example, 300 is the time-to-live period.
In case of Microsoft DNS Manager, the following is an example of a TXT record:

August 2017 Deploying Avaya Aura® Device Services 35

Comments on this document? [email protected]
Planning and configuration

East Properties

East

East._avaya-ep-config._tcp.example.com

txtvers=1
proto=https
path=/East_settings.txt

Sample DNS SRV records configuration

Note:
You might need to discuss with your DNS provider if your level of service is sufficient to provide
support for DNS Service Discovery (DNS-SD). For more information, see DNS-Based Service
Discovery. Avaya Equinox™ uses DNS PTR records consistent with the DNS-SD RFC, which in
some cases might require an additional level of service from your DNS provider.
To support automatic configuration, you must configure the PTR, SRV, and TXT records in your
DNS server configuration. For more information, see the documentation of your DNS server.
PTR records
Provides a list of configurations with multiple PTR records.
Format: _avaya-ep-config._tcp.<domain>. IN PTR <Descriptive name>._avaya-
ep-config._tcp.<domain>
Examples:
• _avaya-ep-config._tcp.example.com. IN PTR East._avaya-ep-
config._tcp.example.com

August 2017 Deploying Avaya Aura® Device Services 36

Comments on this document? [email protected]
 Preconfiguration steps

• _avaya-ep-config._tcp.example.com. IN PTR West._avaya-ep-

config._tcp.example.com
SRV records
Provides a link from the descriptive name to the web server where you stored the file.
Format: <Descriptive name>._avaya-ep-config._tcp.<domain>. <TTL> IN SRV
<priority> <weight> <port number> <web server FQDN>
Examples:
• East._avaya-ep-config._tcp.example.com. 300 IN SRV 0 0 443
server.example.com
• West._avaya-ep-config._tcp.example.com. 300 IN SRV 0 0 443
server.example.com
TXT records
Provides a link from the descriptive name to the URL information, protocol, and path.
Format: <Descriptive name>._avaya-ep-config._tcp.<domain>. <TTL> IN TXT
"txtvers=1" "proto=<http or https>" "path=<file path>"
Examples:
• East._avaya-ep-config._tcp.example.com. 300 IN TXT "txtvers=1"
"proto=https" "path=/East_settings.txt"
• West._avaya-ep-config._tcp.example.com. 300 IN TXT "txtvers=1"
"proto=https" "path=/West_settings.txt"
Related links
Configuration tools and utilities on page 21

Updating DNS addresses and search domains

Procedure
1. Log in to Avaya Aura® Device Services with admin credentials.
2. To create a local copy of the configuration file, type the following commands:
cd $HOME
cp /etc/resolv.conf .
cp ./resolv.conf ./resolv.conf.orig

3. To edit the local file with the new information, type vi ./resolv.conf.
4. Update the search domain and IP addresses as required.
Search domains are space delimited, on a single line as per the following format: search
domain-name domain-name domain-name....
You can add one DNS name server on each line, as per the following format: nameserver
ipv4–address.
5. To verify the changes, type diff ./resolv.conf.orig ./resolv.conf.

August 2017 Deploying Avaya Aura® Device Services 37

Comments on this document? [email protected]
Planning and configuration

6. To replace the system file, type sudo cp ./resolv.conf /etc/resolv.conf.

7. To inspect the updated system copy, type cat /etc/resolv.conf.
8. To clean up local copies, type rm ./resolv.conf ./resolv.conf.orig.

Updating NTP addresses

Procedure
1. Log in to Avaya Aura® Device Services with administrator credentials.
2. To create a local copy of the configuration file use the following commands:
cd $HOME
cp /etc/ntp.conf .
cp ./ntp.conf ./ntp.conf.orig

3. To edit the local file with new information, type vi ./ntp.conf.

The relevant entries are listed at the bottom of the file.
Every configured NTP server has a pair of lines in the format:
• server ipv4_address iburst
• restrict ipv4_address mask 255.255.255.255 nomodify notrap noquery
4. Add, update or remove these pairs of lines for every NTP server.
Replace the ipv4_address with the ipv4 address of the NTP server, keeping all remaining
content for these lines unmodified.
5. To verify changes, type diff ./ntp.conf.orig ./ntp.conf.
6. To replace the system file, type sudo cp ./ntp.conf /etc/ntp.conf.
7. To inspect the system file, type cat /etc/ntp.conf.
8. To clean up the local files, type rm ./ntp.conf ./ntp.conf.orig.
9. To restart the machine so that the new settings to take effect, type sudo reboot.

Licensing

Avaya Aura® Device Services licensing requirements

Avaya Aura® Device Services is sold per instance and by major release number. To access Avaya
Aura® Device Services, you require a license.

August 2017 Deploying Avaya Aura® Device Services 38

Comments on this document? [email protected]
 Licensing

Avaya Aura® Device Services periodically checks WebLM to determine whether the required license
is available. If an appropriate license is not present, the Avaya Aura® Device Services administration
GUI displays a license error mode.
In clusters, all Avaya Aura® Device Services nodes are assigned licenses if available. If a node in
the cluster becomes unavailable, WebLM frees the license for that node after 10 minutes. When the
node becomes available again, WebLM again assigns a license to the node if licenses are available.
You can upload license files through System Manager.

Adding a license file to System Manager

Procedure
1. Log on to System Manager with admin credentials.
2. In the Services section, click Licenses.
3. Click Install License.
4. Based on the browser you are using do one of the following:
• If you are using Chrome click Choose file and locate the license file
• If you are using Internet Explorer or Firefox click Browse and locate the license file
5. Click Accept the License Terms & Conditions.
6. Click Install.
After the license is installed, System Manager lists Device Services under the Licensed
Features section.
Next steps
After Avaya Aura® Device Services installation is completed, log in to the Avaya Aura® Device
Services administration GUI and check the status of the server node entitlements from Client
Administration > Feature Entitlements.

August 2017 Deploying Avaya Aura® Device Services 39

Comments on this document? [email protected]
Chapter 4: Deploying Avaya Aura Device
Services OVA

Deployment methods
You can deploy Avaya Aura® Device Services ova by using any of the following methods:
• Option 1: VMware vSphere using Vcenter on page 42
• Option 2: VMware vSphere that is connected directly to the host (without vCenter) on page 45
• Option 3: Solution Deployment Manager from System Manager on page 46
• Option 4: Solution Deployment Manager client on page 46

Avaya Aura® Device Services installation checklist

Perform the following procedures in the described sequence during Avaya Aura® Device Services
installation.
No. Task Description Notes

1 Cluster Configuration To specify whether the

deployment is for initial
node or secondary
node in a cluster.
2 Front-end host, System Provides System
Manager and Certificate Manager details.
Configuration
3 Session Manager Provides associated
Database Configuration Session Manager
details.
4 LDAP Configuration Validates LDAP entries
for AADS configuration.
5 Clustering Configuration Cluster Utilities:
Configures SSH for the
nodes in the cluster.

August 2017 Deploying Avaya Aura® Device Services 40

Comments on this document? [email protected]
 Installation on VMware checklist

No. Task Description Notes

Virtual IP Configuration:
Enables virtual IP, and
sets virtual IP Master/
backup node.

Important:
One Virtual IP can
support up to three
nodes. If you
foresee that the
cluster will expand
to more than three
nodes, use an
external load
balancer.
6 Advanced Configuration Defaults values
(optional) selected when not
opted.
7 Add a certificate to the Imports certificates
TrustStore other than the available
default System
Manager certificates

Installation on VMware checklist

To deploy Avaya Aura® Device Services on a VMware virtual machine using the Avaya Aura® Device
Services OVA file, you must perform the following actions:
No. Task Notes

1 Deploy the OVA. The Avaya Aura® Device

Services OVA file
includes openjdk.
Operating system
updates for virtual
machines include
updates for openjdk.
2 Make required adjustments to the When you deploy a new
partitioning volumes. Release 7.1 OVA, your
system is on partitioning

August 2017 Deploying Avaya Aura® Device Services 41

Comments on this document? [email protected]
Deploying Avaya Aura Device Services OVA

No. Task Notes

version 2.0. For

information about:
• Disk volume
specifications for your
system’s partitioning
version, see, Virtual
disk volume
specifications for
partitioning versions
1.0 and 2.0 on page 21
3 Install or restore the application For more information,
layer as required. see Deploying Avaya
Aura Device Services
OVA on VMware using
vCenter vSphere
client on page 42

Deploying Avaya Aura® Device Services OVA on VMware

using vCenter vSphere client
Before you begin
FQDNs, where mentioned in the procedure, are mandatory.
Deploy Session Manager. For information about deploying Session Manager, see Deploying Avaya
Aura® Session Manager.
Note:
If you choose to install a standalone Avaya Aura® Device Services at present, but in future
decide to move to a cluster that uses a virtual IP, the original standalone node needs to be re-
configured with the original virtual IP as the front end FQDN. Accordingly, the new FQDN
addition for Avaya Aura® Device Services must be notified to your clients.
To avoid this scenario, you can plan in advance and add a virtual IP for the front end FQDN of
the standalone node. This would make the transition from a standalone node to a cluster easier
in the future.
Procedure
1. In the vSphere client, click the host ESXi server.
2. Click File > Deploy OVF Template.

August 2017 Deploying Avaya Aura® Device Services 42

Comments on this document? [email protected]
 Deploying Avaya Aura® Device Services OVA on VMware using vCenter vSphere client

3. In the Deploy OVF Template window, do one of the following to deploy the Avaya Aura®
Device Services OVF package (AADS.7.1.0.0.ova):
• Click Browse and provide the Avaya Aura® Device Services OVA file location.
• If the OVA file is on an http server, type the URL in the Deploy from a file or URL field.
The system deploys the Avaya Aura® Device Services OVF package (AADS.7.1.0.0.ova).
4. Click Next.
5. In the OVF Template Details window, verify the details of the Avaya Aura® Device Services
OVA template and click Next.
The system displays the End User License Agreement window.
6. Read the license agreement and click Accept.
7. Click Next.
The system displays the Name and Location window.
8. In the Name field, type the name of the new virtual machine.
9. Click Next.
The system displays the Deployment Configuration window.
10. In the Configuration field, click an Avaya Aura® Device Services profile that matches your
requirement, and click Next.
11. In the Disk Format window, ensure that the correct Datastore location and Available space
is displayed. Accept the default disk format to store the virtual machine and virtual disks for
the Avaya Aura® Device Services OVA, and click Next.
12. In the Network Mapping window, ensure that the correct network available for that virtual
machine is selected, and click Next.
If you see more than one network interface during deployment, disable the second interface.
One interface is sufficient for configuring Avaya Aura® Device Services. Connect the first
Network Interface to vSwitch. The vSwitch maps the network interface of with Avaya Aura®
Device Services the real physical interface of the server.
Note:
Although the Out of Band Management option is displayed, it is not supported in the
current release.
13. Specify the Management Network Settings and Account login Details fields.
For information about the field descriptions, see VM Deployment Configuration Parameters
and Network Parameters field descriptions on page 44.
Ensure that you deploy Avaya Aura® Device Services on the same subnet as the Session
Manager to which the Avaya Aura® Device Services instance is associated.
14. Click Next.
The system displays the Ready to Complete window.

August 2017 Deploying Avaya Aura® Device Services 43

Comments on this document? [email protected]
Deploying Avaya Aura Device Services OVA

15. (Optional) Click the Power on after deployment check box to start the Avaya Aura® Device
Services automatically after deployment.
16. Verify the deployment settings and click Finish.
The system displays the progress of the tasks in the Deploying AADS window.
Related links
Configuring an Avaya Aura Device Services seed node in a cluster on page 61
AADS virtual machine resource requirements on page 20
Thin vs. thick deployments on page 187
VM Deployment Configuration Parameters and Network Parameters field descriptions on page 44

VM Deployment Configuration Parameters and Network

Parameters field descriptions
You must gather and keep ready the configuration data before deploying Avaya Aura® Device
Services. An asterisk (*) indicates that inputs for the field are mandatory.
Name
Management Network Settings
VM IP Address*
VM Hostname or FQDN*
VM Netmask*
Default Gateway IP Address*
Default Search List
DNS Server IP Address*
NTP Server IP Address or FQDN*
Timezone
Account login Details
Admin user*
Admin user password*
Confirm Password*
Admin Group name*
Description
Specifies the IP address of the virtual machine.
Specifies the host name or FQDN of the virtual machine.
Specifies the netmask of the virtual machine.
Specifies the default gateway IP address of the virtual machine.
Specifies the domain name server (DNS) suffix domains to use
for DNS queries. If there is more than one domain, separate
each domain with a comma.
Specifies the DNS server IP address of the virtual machine. If
there are more than one IP addresses, separate each entry with
a comma.
Specifies the NTP server IP address or FQDN. If there are more
than one NTP servers, separate each IP address or FQDN with a
comma.
Specifies the time zone of the virtual machine.
Specifies the user name of the admin user.
You must use the admin user defined during OVA deployment for
logging in to Avaya Aura® Device Services.
Specifies the password of the admin user.
Re-specifies the password of the admin user.
Specifies the group name of the admin user.

August 2017 Deploying Avaya Aura® Device Services 44

Comments on this document? [email protected]
 Deploying Avaya Aura® Device Services OVA on vSphere connected directly to the host

Related links
Configuring an Avaya Aura Device Services seed node in a cluster on page 61
Initial Installation Configuration field descriptions on page 64
Configuring Avaya Aura Device Services using the configuration utility on page 77
Front-end host, System Manager, and certificate configuration on page 78
LDAP configuration on page 81
Clustering configuration on page 90
Advanced configuration on page 91
AADS virtual machine resource requirements on page 20
Thin vs. thick deployments on page 187

Deploying Avaya Aura® Device Services OVA on vSphere

connected directly to the host
Before you begin
Deploy Session Manager. For information about deploying Session Manager, see Deploying Avaya
Aura® Session Manager.
Note:
If you choose to install a standalone Avaya Aura® Device Services at present, but in future
decide to move to a cluster that uses a virtual IP, the original standalone node needs to be
reconfigured with the original virtual IP as the front end FQDN. Accordingly, the new FQDN
addition for Avaya Aura® Device Services must be notified to your clients.
To avoid this scenario, you can plan in advance and add a virtual IP for the front end FQDN of
the standalone node. This would make the transition from a standalone node to a cluster easier
in the future.
Procedure
1. In the vSphere client, click the host ESXi server.
2. Click File > Deploy OVF Template.
3. In the Deploy OVF Template window, do one of the following to deploy the Avaya Aura®
Device Services OVF package (AADS.7.1.0.0.ova):
• Click Browse and provide the Avaya Aura® Device Services OVA file location.
• If the OVA file is on an http server, type the URL in the Deploy from a file or URL field.
The system deploys the Avaya Aura® Device Services OVF package (AADS.7.1.0.0.ova).
4. Click Next.
5. In the OVF Template Details window, verify the details of the Avaya Aura® Device Services
OVA template and click Next.

August 2017 Deploying Avaya Aura® Device Services 45

Comments on this document? [email protected]
Deploying Avaya Aura Device Services OVA

The system displays the End User License Agreement window.

6. Read the license agreement and click Accept.
7. Click Next.
The system displays the Name and Location window.
8. In the Name field, type the name of the new virtual machine.
9. Click Next.
The system displays the Deployment Configuration window.
10. In the Configuration field, click an Avaya Aura® Device Services profile that matches your
requirement, and click Next.
11. In the Disk Format window, ensure that the correct Datastore location and Available space
is displayed. Accept the default disk format to store the virtual machine and virtual disks for
the Avaya Aura® Device Services OVA, and click Next.
12. In the Network Mapping window, ensure that the correct network available for that virtual
machine is selected, and click Next.
Note:
Although the Out of Band Management option is displayed, it is not supported in the
current release.
13. Click Next.
The system displays the Ready to Complete window.
14. (Optional) Click the Power on after deployment check box to start the Avaya Aura® Device
Services automatically after deployment.
15. Verify the deployment settings and click Finish.
The system displays the progress of the tasks in the Deploying AADS window.

Deploying the Avaya Aura® Device Services OVA through

Solution Deployment Manager from System Manager
About this task
Use the procedure to create a virtual machine on the ESXi host and deploy Avaya Aura® Device
Services OVA on the server provided by Avaya.
Before you begin
• Complete the Deployment checklist.
For information about the Deployment checklist, see Deploying Avaya Aura® applications from
System Manager.

August 2017 Deploying Avaya Aura® Device Services 46

Comments on this document? [email protected]
 Deploying the Avaya Aura® Device Services OVA through Solution Deployment Manager from System Manager

• Add a location.
• Add Appliance Virtualization Platform or an ESXi host to the location.
• Download the required OVA file to System Manager.
Procedure
1. On the System Manager web console, click Services > Solution Deployment Manager,
and then click VM Management.
2. In VM Management Tree, select a host.
3. On the Virtual Machines tab, in the VMs for Selected Location <location name> section, click
New.
The system displays the VM Deployment section.
4. In the Select Location and Host section, do the following:
a. In Select Location, select a location.
b. In Select Host, select a host.
The system displays the host name in the Host FQDN field.
5. In Data Store, select a data store, if not displayed upon host selection.
The page displays the capacity details.
6. Click Next.
7. In the Deploy OVA section, do the following:
a. In Select Software Library, select the local or remote library where the OVA file is
available.
b. In Select OVAs, select the OVA file that you want to deploy.
c. In Flexi Footprint, select the footprint size that the application supports.
8. Click Next.
9. In the Properties page, specify the following: management network settings, public network
settings, and Admin user details.
Although the system displays the Out of Band Management option, it is not supported in the
current release.
10. Click Deploy.
11. Click Accept the license terms.
In the Hosts for Selected Location <location name> section, the system displays the
deployment status in the Current Action Status column.
The system displays the virtual machine on the VMs for Selected Location <location name>
page.
12. To view details, click Status Details.

August 2017 Deploying Avaya Aura® Device Services 47

Comments on this document? [email protected]
Deploying Avaya Aura Device Services OVA

VM Management field descriptions

Locations
Name Description
Location Name The location name.
City The city where the host is located.
Country The country where the host is located.

Button Description
New Displays the New Location section where you can provide the details of the
location that you want to add.
Edit Displays the Edit Location section where you can change the details of an
existing location.
Delete Deletes the locations that you select.
The system moves the hosts associated with the deleted locations to
unknown location.

Hosts
Name Description
Host Name The name of the host.
Host IP The IP address of the host.
Host FQDN FQDN of the host.
IPv6 The IPv6 address of the host.
If the IP address of the ESXi host is an IPv4 address, the column does not
display any value.
vCenter FQDN The FQDN of vCentre.
Current Action The operation that is currently being performed on the host.
Last Action The last completed operation on the host.
License Status The status of the license.
Host Version The host version.
Offer Type The host type. The options are:
• AVP: Appliance Virtualization Platform host
• Customer VE: customer-provided VMware ESXi host
SSH Status The SSH service status. The values are enabled and disabled.
Host Certificate The certificate status of the Appliance Virtualization Platform host. The
values are:
• : The certificate is added in Solution Deployment Manager and correct.

August 2017 Deploying Avaya Aura® Device Services 48

Comments on this document? [email protected]
 Deploying the Avaya Aura® Device Services OVA through Solution Deployment Manager from System Manager

Name Description
• : The certificate is not accepted or invalid.
You can click View for details of the certificate status.
vCenter Certificate The certificate status of the ESXi host. The values are:
• : The certificate is correct.
The system enables all the options in More Actions that apply to
VMware ESXi host.
• : The certificate is not accepted or invalid.
You can click View for details of the certificate status.

Note:
Depending on the Appliance Virtualization Platform host and vCenter certificate status, the
system enables the options in More Actions.

Button Description
Auto Refresh The option to automatically refresh the page with the
latest changes. For example, the page updates:
• The VM state when a virtual machine changes
• The license status or certificate status of host when
host changes
The system refreshes the data every minute.
Add Displays the New Host section where you can
provide the details of the host that you want to add.
Edit Displays the Host Information section where you can
change the details of an existing host.
Remove Removes the hosts that you select only from the
Solution Deployment Manager client.
The system moves the hosts associated with the
deleted locations to unknown location.
Change Network Params > Change Host IP Displays the Host Network/IP Settings section where
Settings you can change the host IP settings for the
Appliance Virtualization Platform host.
Change Network Params > Change Network Displays the Host Network Setting section where you
Settings can change the network settings for the Appliance
Virtualization Platform host.
Refresh Refreshes the status of the hosts.
More Actions > AVP Update/Upgrade Displays the Update host page where you can
Management provide the Appliance Virtualization Platform patch
file for updating the Appliance Virtualization Platform
host.

August 2017 Deploying Avaya Aura® Device Services 49

Comments on this document? [email protected]

Deploying Avaya Aura Device Services OVA
Button
More Actions > Change Password
More Actions > SSH > Enable SSH
More Actions > SSH > Disable SSH
More Actions > Syslog config > Push
More Actions > Syslog config > View
More Actions > Syslog config > Delete
More Actions > Lifecyle Actions > Host Restart
More Actions > Lifecyle Actions > Host
Shutdown
More Actions > AVP Cert. Management >
Generate/Accept Certificate
More Actions > AVP Cert. Management > Manage
Certificate
August 2017 Deploying Avaya Aura® Device Services
Comments on this document?
[email protected]
Description
Displays the Change Password section where you
can change the password for the Appliance
Virtualization Platform host.
Enables SSH for the Appliance Virtualization
Platform host.
When SSH for the Appliance Virtualization Platform
host is enabled, the system displays SSH enabled
successfully.
Disables SSH on the Appliance Virtualization
Platform host.
When SSH for Appliance Virtualization Platform is
disabled, the system displays Disabling SSH for
AVP host with <IP address> <FQDN>,
<username>.
Displays the Push Syslog Configuration section
where you can push the syslog configuration on the
virtual machine host. Also Syslog is only for
Appliance Virtualization Platform. You can select
multiple Hosts and Push syslog configuration on
selected hosts.
Displays the View Syslog Configuration section
where you can view syslog profiles of selected the
Appliance Virtualization Platform host.
Displays the Delete Syslog Configuration section
where you can select and delete configured syslog
profiles.
Restarts the host and virtual machines that are
running on the Appliance Virtualization Platform host.
Shuts down the host and virtual machines that are
running on the Appliance Virtualization Platform host.
Displays the Certificate dialog box where you can
manage certificates for the host.
Depending on the host type, the options are:
• Generate Certificate: To generate certificate for
Appliance Virtualization Platform host only.
• Accept Certificate: To accept a valid certificate for
the host or vCenter.
• Decline Certificate: To decline the certificate for
Appliance Virtualization Platform host only. You
must regenerate the certificate and accept if you
decline a host certificate.
Displays the Load Certificate dialog box from where
you can view/generate certificates for Appliance
50
 Deploying the Avaya Aura® Device Services OVA through Solution Deployment Manager from System Manager

Button Description
Virtualization Platform hosts, and download them.
You can also upload and push third-party signed
certificates to the selected host.
More Actions > AVP Cert. Management > Generic Displays the Create/Edit CSR dialog box from where
CSR you create or edit the generic CSR data.
More Actions > Set Login Banner Displays the Message of the Day dialog box from
where you can push the login banner text to the
selected host.

Note:
This feature is only available in System
Manager Solution Deployment Manager.
Solution Deployment Manager Client does not
support Set Login Banner.

Virtual Machines
Name Description
VM Name The name of the virtual machine.
VM IP The IP address of the virtual machine.
VM FQDN FQDN of the virtual machine.
VM IPv6 The IPv6 address of the virtual machine, if any.
VM App Name The name of the application virtual machine . For
example, Session Manager.
VM App Version The version of the application virtual machine. For
example, 7.1.
VM State The state of the virtual machine. The states are
Started and Stopped.
Current Action Status The status of the current operation. The statuses
are:
• Deploying
• Starting
• Stopping
The Status Details link provides the details of the
operation in progress.
Last Action The last action performed on the virtual machine.
Host Name The hostname of the VMware host or Appliance
Virtualization Platform host on which the virtual
machine resides.
Trust Status The status of the connection between System
Manager and the virtual machine.
The status can be Success or Failed.

August 2017 Deploying Avaya Aura® Device Services 51

Comments on this document? [email protected]
Deploying Avaya Aura Device Services OVA

Name Description
When the connection between System Manager and
the virtual machine establishes, Trust Status
changes to Success.
Only when the trust status is Success, you can
perform other operations.
Data Store The data store name.

Button Description
New Displays the VM Deployment section where you can
provide the host and deploy an application.
Edit Displays the VM Deployment section where you can
change the details of a virtual machine.
Delete Turns off the virtual machines and deletes the
selected virtual machine from host and Solution
Deployment Manager Client.
Start Starts the selected virtual machines.
Stop Stops the selected virtual machines.
Show Selected Displays only the selected virtual machines.
More Actions > Restart Starts the selected virtual machines that were
stopped earlier.
More Actions > Refresh VM Updates the status of the virtual machines.
More Actions > Re-establish Connection Establishes the connection between System
Manager and the virtual machine.
When the connection between System Manager and
the virtual machine establishes, the Trust Status
changes to Success.
More Actions > Update Static Routing Displays the VM Update Static Routing section
where you can update the IP address of Utility
Services for static routing.
More Actions > Syslog config > Push Displays the Push Syslog Configuration section
where you can push the syslog configuration on the
selected virtual machine.
More Actions > Syslog config > View Displays the View Syslog Configuration section
where you can view all configured syslog profiles.
More Actions > Syslog config > Delete Displays the Delete Syslog Configuration section
where you can select and delete configured syslog
profiles.

August 2017 Deploying Avaya Aura® Device Services 52

Comments on this document? [email protected]
 Configuring virtual IP address for Avaya Aura® Device Services cluster configuration

Configuring virtual IP address for Avaya Aura® Device

Services cluster configuration
Procedure
1. Log in to Avaya Aura® Device Services with admin credentials.
You must use the admin user defined during OVA deployment for logging in to Avaya Aura®
Device Services.
2. Go to /opt/Avaya/DeviceServices/version/CAS/version/bin, where version is
the current version.
For example, /opt/Avaya/DeviceServices/7.1.0.0.243/CAS/7.1.0.0.243/bin.
3. Run the configureAADS.sh script on the installed Avaya Aura® Device Services.
4. In the Avaya Aura Device Services Configuration Utility dialog box, click Front-end host,
System manager and Certificate Configuration and click Select.
5. Click Frontend FQDN and click Select.
6. Type the FQDN of the virtual IP and click OK.
You must configure a virtual IP for the cluster seed node only before installing other cluster
nodes. Configuring virtual IP is necessary only if the cluster Nginx load balancer is used.
7. Click Local frontend host and click Select.
8. Type the FQDN of the node to which you have logged in and click OK.
9. Click Apply.
10. Click Clustering Configuration and click Select.
11. Click Virtual IP Configuration and click Select.
12. Click Enable Virtual IP.
The system enables the virtual IP address that forms the interface for client requests in the
clustered environment. The system displays the Enable or disable Virtual IP handling on
this node field.
13. Click Yes to continue.
14. Click Virtual IP Address and click Select.
15. Type the IP address that forms the front end to the clients and click OK.
16. Click Virtual IP Interface and click Select.
17. Type the Ethernet interface over which the virtual IP must be configured.
For example, in the Virtual IP Interface field, type eth0.
18. Click Virtual IP master node and click Select.

August 2017 Deploying Avaya Aura® Device Services 53

Comments on this document? [email protected]
Deploying Avaya Aura Device Services OVA

19. Do one of the following:

• For the initial or seed node, click Yes.
• For the backup in the cluster, click No.
20. Click Virtual IP router ID and click Select.
21. Type a value between 1 and 255 and click OK.
The Virtual IP router ID in the master and backup Avaya Aura® Device Services instances
must match. The default value for this field is 61. When an Avaya Multimedia Messaging
cluster and an Avaya Aura® Device Services cluster are configured on the same subnet, the
Virtual IP router ID differentiates between the clusters. The Virtual IP router ID must be
unique for each cluster.
22. Click Virtual IP authentication password and click Select.
23. Type the password for the virtual IP address and click OK.
24. Click Apply to continue.
The system displays the results of the virtual IP configuration.
25. Click Continue.
26. Click Return to Main Menu.
27. Click Continue to continue with the configuration of the virtual IP.
The system restarts AADS services.
28. Run the configureAADS.sh script for another node in the cluster and repeat the steps to
configure a virtual IP.
This node is designated as the backup node when you set the Virtual IP Master Node field
to n. Virtual IP configuration is required only for the master and backup nodes in the cluster,
and not for subsequent nodes in the cluster.
Next steps
Use the same procedure to install the subsequent cluster nodes.
On the Avaya Aura® Device Services UI, go to Cluster Configuration > Cluster Nodes to confirm
whether Avaya Aura® Device Services are running.

Avaya Aura® Device Services post-installation checklist

The following checklist describes the steps and post-configuration that you must perform after
installing the Avaya Aura® Device Services server.
Ensure that you complete the following after running the Avaya Aura® Device Services binary
installer.

August 2017 Deploying Avaya Aura® Device Services 54

Comments on this document? [email protected]
 Avaya Aura® Device Services post-installation checklist

Note:
When a contact is added to Associated Contact in System Manager, the contact will be
synchronized to the client. Any contact that is not added to Associated Contact will not be
synchronized. For information about adding a contact to Associated Contact, see Administering
Avaya Aura® System Manager.
Avaya Aura® Device Services services are available only after DRS and LDAP synchronization is
completed. The time required for synchronization varies based on the number of contacts
administered.
For information about installing patches and upgrades, see Avaya Aura® Device Services release
notes.
No. Task Description Notes

1 From the System See Checking for DRS

Manager synchronization on
administration GUI, page 71.
verify that DRS
replication is
synchronized.

Important:
Before DRS
synchronization,
ensure that you
add the Avaya
Aura® Device
Services host
name and IP
address to the
etc hosts file of
System
Manager.
2 From the Avaya See Setting up user This is to ensure that
Aura® Device synchronization with the sync is successful.
Services LDAP Server after
administration GUI, deployment on
run the Force page 102.
LDAP Sync option
to sync LDAP.
3 Check status of Log in to Avaya Aura®
Avaya Aura® Device Device Services and
Services. check whether
Services status in the
right pane changes to
STARTED.

August 2017 Deploying Avaya Aura® Device Services 55

Comments on this document? [email protected]
Chapter 5: Post deployment configuration

Adding an Avaya Aura® Device Services instance to

System Manager
Repeat these steps for all Avaya Aura® Device Services nodes in the cluster.
Before you begin
Deploy the Avaya Aura® Device Services OVA.
Note:
Avaya Aura® Device Services is available only with Avaya Equinox™ 3.0.
Procedure
1. On the System Manager web console, click Services > Inventory.
2. In the left navigation pane, click Manage Elements.
3. On the Manage Elements page, click New.
The system displays the New Elements page.
4. In the General section, from the Type field, select Avaya Aura Device Services.
The system refreshes the page and displays the New Avaya Aura Device Services page.
5. On the General tab, perform the following:
a. In the Name field, type the name of the Avaya Aura® Device Services server.
b. In the Description field, type the description of the Avaya Aura® Device Services
server.
c. In the Node field, type the IP of the Avaya Aura® Device Services server.
6. On the Attributes tab, perform the following:
a. In the Login field, type the admin login name to access the Avaya Aura® Device
Services server.
b. In the Password field, type the admin password to access the Avaya Aura® Device
Services server.
c. In the Confirm Password field, retype the admin password to access the Avaya Aura®
Device Services server.

August 2017 Deploying Avaya Aura® Device Services 56

Comments on this document? [email protected]
 Adding an Avaya Aura® Device Services instance to System Manager

d. In the Version field, type the version of the Avaya Aura® Device Services server.
e. In the Location field, type the location name of the Avaya Aura® Device Services
server.
7. Go back to the General tab.
Important:
Access profiles of type GRCommunication and TrustManagement are available by
default.
8. Select the TrustManagement access profile, and click Edit.
9. In the Access Profile Details section, in the Name field, type a name for the access profile.
10. In the Access Profile Type field, click Trust Management .
11. In the Protocol field, click https.
12. In the Host field, type the FQDN or IP address of the Avaya Aura® Device Services server.
13. Leave the Container Type field blank.
14. Leave the other fields unchanged at default values.
15. Click Save.
To enable SSO login, you must add an access profile of type EMURL. Steps 13a to 13k
show how to add an access profile of type EMURL.
16. To add an EMURL access profile, on the General tab, in the Access Profile section, perform
the following:
a. Click New.
b. In the Application System Supported Protocol section, in the Protocol field, click URI.
c. In the Access Profile Details section, in the Name field, type a name for the access
profile.
d. In the Access Profile Type field, click EMURL.
e. In the Protocol field, click https.
f. In the Host field, type the Avaya Aura® Device Services server FQDN.
g. In the Port field, type 8445.
h. In the Path field, type /admin.
i. In the Order field, retain the default value.
j. In the Description field, type a description of the access profile.
k. Click Save.
17. Click Commit.
Next steps
Go to the System Manager home page and click Device Services in the Elements section.

August 2017 Deploying Avaya Aura® Device Services 57

Comments on this document? [email protected]
Post deployment configuration

The Device Services page displays the Avaya Aura® Device Services element you added. After
Avaya Aura® Device Services installation is complete, you can click the name of the Avaya Aura®
Device Services element to open the Avaya Aura® Device Services home page.

Pairing Session Manager with an Avaya Aura® Device

Services node
About this task
You can pair a Session Manager instance to an Avaya Aura® Device Services node while adding a
Session Manager instance or after adding the Session Manager instance using the Edit button.
Repeat these steps for all Avaya Aura® Device Services nodes in the cluster.
For example, for a Session Manager cluster with two nodes, SM01 and SM02, to deploy an Avaya
Aura® Device Services cluster with two nodes, AADS01 and AADS02, you must pair:
• SM01 with AADS01
• SM02 with AADS02
Before you begin
Assign the Session Manager instance to a data center.
Procedure
1. On the home page of the System Manager Web Console, in Elements, click Session
Manager > Session Manager Administration.
2. On the Session Manager Administration page, click the Session Manager Instances tab.
3. In the Session Manager Instances section, select a Session Manager instance, and click
Edit.
The system displays the Edit Session Manager page.
4. From Data Center, select a data center if one is not already assigned.
If you do not assign the Session Manager instance to a data center, the system displays the
following message: Session Manager must be assigned to a Data Center to
pair with an Avaya Aura Device Services Server.
5. From Avaya Aura Device Services Server Pairing, select an Avaya Aura® Device Services
server.
When an AADS server is already paired with a Session Manager instance, the system does
not display that Avaya Aura® Device Services Server in the Avaya Aura Device Services
Server Pairing drop-down list.
6. Click Commit.

August 2017 Deploying Avaya Aura® Device Services 58

Comments on this document? [email protected]
 Effect of Session Manager on Avaya Aura® Device Services

Effect of Session Manager on Avaya Aura® Device

Services
Session Manager can have one of the following Service States:
• Accept New Service: In this state, Session Manager accepts incoming calls.
When Session Manager is in Accept New Service state, Avaya Aura® Device Services contact
services works uninterrupted.
• Deny New Service: In this state, Session Manager denies any new call attempts and service
requests.
When Session Manager is in Deny New Service state, Avaya Aura® Device Services Contact
Services do not work. Avaya Aura® Device Services is also placed in Deny New Service state
and sends an HTTP/503 error for all add, update, and delete requests for contact service.
• Maintenance Mode: In this state, Session Manager is placed in a dormant state for
maintenance.
When Session Manager is in Maintenance state, Avaya Aura® Device Services Contact
Services do not work. Avaya Aura® Device Services is also placed in Maintenance state and
sends an HTTP/503 error for all add, update, and delete requests for contact service.

Logging on to the Avaya Aura® Device Services console

on VMware
About this task
Use this procedure if the Avaya Aura® Device Services VM is not already powered on.
Procedure
1. Select the host server, right-click the Avaya Aura® Device Services virtual machine.
2. Select Power, and click Power On.
3. Click the Console tab.
The system prompts you to type the login name and password.
4. Log in with admin credentials.
Next steps
All prerequisites for installation are now complete. You can now use the binary installer to complete
the installation of the Avaya Aura® Device Services server.

August 2017 Deploying Avaya Aura® Device Services 59

Comments on this document? [email protected]
Post deployment configuration

Avaya Aura® Device Services installation checklist

Perform the following procedures in the described sequence during Avaya Aura® Device Services
installation.
No. Task Description Notes

1 Cluster Configuration To specify whether the

2 Front-end host, System
Manager and Certificate
Configuration
3 Session Manager
Database Configuration
4 LDAP Configuration
5 Clustering Configuration
deployment is for initial
node or secondary
node in a cluster.
Provides System
Manager details.
Provides associated
Session Manager
details.
Validates LDAP entries
for AADS configuration.
Cluster Utilities:
Configures SSH for the
nodes in the cluster.
Virtual IP Configuration:
Enables virtual IP, and
sets virtual IP Master/
backup node.

Important:
One Virtual IP can
support up to three
nodes. If you
foresee that the
cluster will expand
to more than three
nodes, use an
external load
balancer.
6 Advanced Configuration Defaults values
(optional) selected when not
opted.
7 Add a certificate to the Imports certificates
TrustStore other than the available
default System
Manager certificates

August 2017 Deploying Avaya Aura® Device Services 60

Comments on this document? [email protected]
 Configuring an Avaya Aura® Device Services seed node in a cluster

Configuring an Avaya Aura® Device Services seed node in

a cluster
Before you begin
Ensure that Cassandra services for all the Session Manager instances in the cluster are running on
all the Session Manager nodes. To check the status of the Cassandra service, go to Session
Manager > System Status > User Data Storage. If the User Data Storage column displays a green
check mark, the Cassandra services are running.
About this task
Use this procedure for an Avaya Aura® Device Services seed node in a cluster or for a standalone
Avaya Aura® Device Services instance.
Procedure
1. Log in to Avaya Aura® Device Services with admin credentials.
You must use the admin user defined during OVA deployment for logging in to Avaya Aura®
Device Services.
2. If you have Avaya Aura® Device Services 7.0.1 service pack 1 or later, type app install.
The system displays the Avaya Aura Device Services Installer dialog box.
Note:
You must not resize the SSH console during the installation and configuration of Avaya
Aura® Device Services.
If you are on Avaya Aura® Device Services 7.0.1, you must go to cd /opt/Avaya/, and
type ./installAADS.sh. The app install command is not available in Avaya Aura®
Device Services 7.0.1.
3. At the password for admin prompt, type the password for the admin user.
4. In the Initial Installation Configuration screen, select Cluster Configuration and press
Enter.
5. In the Clustering screen, ensure the value of Initial cluster node field is y and select Return
to Main Menu.
The default value for the Initial cluster node field is y. While installing a seed node or the
first node in the cluster, you must ensure the Initial cluster node field is y. For subsequent
nodes, you can set the Initial cluster node field to n and set the Cluster seed node field to
the IP address of the seed node.
6. In the Initial Installation Configuration screen, select Front-end host, System Manager and
Certificate Configuration and press Enter.
7. In the Front-end host, System Manager and Certificate Configuration screen, set values for
the following parameters:
• Front-end FQDN of Avaya Aura® Device Services server

August 2017 Deploying Avaya Aura® Device Services 61

Comments on this document? [email protected]
Post deployment configuration

• System Manger FQDN

• System Manager version
• System Manager HTTPS port
• System Manager Enrollment Password
• Local Front-end host
• Keystore password
Ensure that the keystore password is at least 6 characters long.
8. Select Return to Main Menu and press Enter.
9. In the Initial Installation Configuration screen, select Session Manager Cassandra
Configuration and press Enter.
10. In the Session Manager Cassandra Configuration screen, set values for the following
parameters:
• Session Manager Management IP or FQDN
• Session Manager Asset IP or FQDN
11. Select Return to Main Menu and press Enter.
12. In the Initial Installation Configuration screen, select Continue and press Enter.
After the system successfully performs the pre-installation checks, the system displays the
Results of Configuration checks screen.
13. In the Configuration Summary screen, select Accept and continue and press Enter.
14. In the Results of Configuration Checks screen, select Continue and press Enter.
The system displays the End User License Agreement.
15. Select Accept and press Enter.
16. Select Accept and press Enter.
The system displays the Running Installation script screen.
The system displays the progress of the tasks in the Running Installer Script window. The
system installs the required RPMs, downloads certificates from System Manager, creates
database schema, and performs the required initial configuration. After successful
installation, the system displays the Results of Installation Script screen.
17. In the Results of Installation Script screen, select Continue and press Enter.
18. In the Main Menu screen, select LDAP Configuration and press Enter.
19. In the LDAP Configuration screen, set values for the following parameters:
• Directory Type
• URL for LDAP server
• Bind DN

August 2017 Deploying Avaya Aura® Device Services 62

Comments on this document? [email protected]
 Configuring an Avaya Aura® Device Services seed node in a cluster

• Bind Credential
• UID Attribute ID
• Base Context DN
• Administrator Role
• Auditor Role
• User Role
• Services Administrator Role
• Services Maintenance & Support Role
• Integrated Windows Authentication Configuration
• testUser
If you select testUser and select Apply, this option is used to validate the following LDAP
settings:
- Verifies that the user is searchable with a given base DN and search filter
- Lists the group to which the user belongs-user, admin, or auditor
- Validates the values for Role Attribute ID and Role Name Attribute
- Verifies the Last Updated Time attribute, role filter syntax, and active users search filter
syntax
The configuration is not saved if any of these validations fail.
The testUser parameter is optional. If you do not specify a value in the testUser field, the
system skips validation and directly saves the configuration in the database.
The testUser should be a valid user on LDAP and in the given Base Context DN.
20. Select Advanced LDAP Parameters and press Enter.
21. In the Advanced LDAP Paramters screen, verify the default values for the parameters and
update if required.
22. Select Return to previous menu and press Enter.
23. In the LDAP Configuration screen, select Apply and press Enter.
24. In the LDAP Configuration screen, select Yes and press Enter.
25. In the Results of LDAP Parameter Configuration screen, select Continue and press Enter.
26. In the Main Menu screen, select Clustering Configuration and press Enter.
27. In the Clustering Configuration screen, select Virtual IP Configuration and press Enter.
28. In the Virtual IP Configuration screen, set values for the following parameters:
• Set Enable virtual IP to y.
• Set Virtual IP address to the virtual IP that you want to use.

August 2017 Deploying Avaya Aura® Device Services 63

Comments on this document? [email protected]
Post deployment configuration

• Set Virtual IP interface to the required value.

• Set Virtual IP master node to y.
• Set Virtual IP router ID to the required value.
• Set Virtual IP authentication password.
Ensure that you use the same password for subsequent Avaya Aura® Device Services
nodes in the cluster.
• Set Override port for reverse proxy to the required field.
• Set Use System Manager for certificates parameters to the required field.
29. Select Apply and press Enter.
30. In the Main menu screen, select Exit Configure and press Enter.
31. (Optional) To manually start the Avaya Aura® Device Services services, type sudo /etc/
init.d/AADSService start.
The system starts the Avaya Aura® Device Services services and displays the following
message:
Avaya Aura Device Services installation/upgrade is complete.
Related links
Initial Installation Configuration field descriptions on page 64
Configuring Avaya Aura Device Services using the configuration utility on page 77
AADS virtual machine resource requirements on page 20
Thin vs. thick deployments on page 187
VM Deployment Configuration Parameters and Network Parameters field descriptions on page 44

Initial Installation Configuration field descriptions

Name
Cluster Configuration
Initial cluster node Specifies the deployment of the first node in a
cluster.
The options are:
• y: If this is the initial installation or a standalone
installation, set the Initial cluster node field to y.
• n: If this is not the first AADS in the cluster, set the
Initial cluster node field to n, and specify a Seed
Node IP.
Local node IP address Specifies the IP address of the current node.
Cluster seed node Specifies the IP address of the seed node.

August 2017 Deploying Avaya Aura® Device Services 64

Comments on this document? [email protected]
 Configuring an Avaya Aura® Device Services seed node in a cluster

Name
User ID (UID) of product user on seed node The user ID of a non-root Linux user who performs
the Avaya Aura® Device Services server installation.
Front-end host, System Manager and Certificate Configuration
Front-end FQDN Specifies the FQDN of Avaya Aura® Device Services
server. Clients must use this FQDN to gain access to
the services provided by Avaya Aura® Device
Services.
System Manager FQDN Specifies the FQDN of System Manager.
System Manager Version Specifies the version of System Manager.
System Manager HTTPS Port The HTTPS port to configure the Alarm Agent for the
current Avaya Aura® Device Services server.
The default value for this setting is 443.
System Manager Enrollment Password Specifies the enrollment password of System
Manager that external clients use to request a
certificate.
The enrollment password must match the password
provided during System Manager installation. This
password is set from the Security page of System
Manager from Certificates > Enrollment
Password. Contact the System Manager
administrator if you do not know the enrollment
password.
Use System Manager for certificates Specifies if the certificates are retrieved from System
Manager or from imported from files.
The options are:
• y: If you want to retrieve certificates from System
Manager.
• n: if you want to retrieve certificates from imported
files.
Local frontend host Specifies the local FQDN of the node.
Keystore password Specifies the password for the Java-based Avaya
Aura® Device Services certificates.
The minimum length for this password is 6
characters.
Override port for reverse proxy Specifies whether you use an external reverse proxy.
Enable this setting only if clients will not be
connecting directly to the Avaya Aura® Device
Services server, but rather using a proxy server as
part of a remote access solution that is configured to
receive connections on a port other than the default
port 8443.

August 2017 Deploying Avaya Aura® Device Services 65

Comments on this document? [email protected]
Post deployment configuration

Name
Cassandra Encryption
Enable inter-node encryption for Cassandra
cluster node
Session Manager Cassandra Configuration
Session Manager IP or FQDN Address [localhost] Specifies the management IP address or the FQDN
of Session Manager.
Session Manager Asset IP or FQDN Address
Advanced Configuration
Run the firewall configuration script
Clear database directories and files
Select y (yes) to configure the port for the reverse
proxy server or n (no) to keep the default
configuration that remains disabled.
If you select y (yes), the menu displays a new setting
for the reverse proxy port: Front-end port for
reverse proxy.
Specifies if inter-node encryption for Cassandra
cluster node is enabled.
The options are:
• y: If you want to enable the inter-node encryption
for Cassandra cluster node
• n: If you don't want to enable the inter-node
encryption for Cassandra cluster node.
Specifies the asset IP address or the FQDN of
Session Manager.
The system uses the Session Manager Asset IP
address for starting PPM SOAP API. The system
stores the Session Manager Asset IP address in the
cas-settings.properties file.
To view the Session Manager Asset IP address, see:
Viewing the Session Manager Asset IP address.
Specifies if you want to run firewall configuration
scripts during the initial installation phase.
The options are:
• y: If you want to run the firewall configuration
scripts.
• n: if you don't want to run the firewall configuration
scripts.
The default value for this setting is y.
Specifies if the system removes the database
directories and files during the installation.
The options are:
• y: If you want to clear database directories and
files.

August 2017 Deploying Avaya Aura® Device Services 66

Comments on this document? [email protected]
 Configuring an Avaya Aura® Device Services node in a cluster

Name
• n: if you don't want to clear database directories
and files
The default value for this setting is y.
Remove log files from log directory Specifies if the system removes log files from the
directory during the install and uninstall phases.
The options are:
• y: If you want to clear the log files from the log
directory.
• n: If you do not want to clear the log files from the
log directory.
The default value for this setting is n.

Related links
AADS virtual machine resource requirements on page 20
Thin vs. thick deployments on page 187
VM Deployment Configuration Parameters and Network Parameters field descriptions on page 44

Configuring an Avaya Aura® Device Services node in a

cluster
Before you begin
Install the seed Avaya Aura® Device Services node for the cluster.
Ensure that Cassandra services for all the Session Manager instances in the cluster are running on
all the Session Manager nodes. To check the status of the Cassandra service, go to Session
Manager > System Status > User Data Storage. If the User Data Storage column displays a green
check mark, the Cassandra services are running.
About this task
You must use this procedure for the second node or for any subsequent nodes in the cluster.
Procedure
1. Log in to Avaya Aura® Device Services with admin credentials.
You must use the admin user defined during OVA deployment for logging in to Avaya Aura®
Device Services.
2. If you have Avaya Aura® Device Services 7.0.1 service pack 1 or later, type app install.
The system displays the Avaya Aura Device Services Installer dialog box.

August 2017 Deploying Avaya Aura® Device Services 67

Comments on this document? [email protected]
Post deployment configuration

Note:
You must not resize the SSH console during the installation and configuration of Avaya
Aura® Device Services.
If you are on Avaya Aura® Device Services 7.0.1, you must go to cd /opt/Avaya/, and
type ./installAADS.sh. The app install command is not available in Avaya Aura®
Device Services 7.0.1.
3. At the password for admin prompt, type the password for the admin user.
4. In the Initial Installation Configuration screen, select Cluster Configuration and press
Enter.
5. In the Clustering screen, set the value of Initial cluster node field to n and select Return to
Main Menu.
6. In the Clustering screen, set the value of the Local node IP address field to the IP address
of the new Avaya Aura® Device Services node and press Enter.
7. In the Clustering screen, set the value of the Cluster seed node field to the IP address of
the seed node or the first cluster node, and press Enter.
8. In the Clustering screen, set the value of the User ID of product user on seed node field,
type the UID of the seed node, and click Enter.
9. In the Initial Installation Configuration screen, select Front-end host, System Manager and
Certificate Configuration and press Enter.
10. Select Return to Main Menu and press Enter.
11. In the Front-end host, System Manager and Certificate Configuration screen, set values for
the following parameters:
• Front-end FQDN
For a cluster, specify the FQDN of the virtual IP as the Front-end FQDN.
• System Manger FQDN
• System Manager version
• System Manager HTTPS port
• System Manager Enrollment Password
• Local Front-end host
• Keystore password
Ensure that the keystore password is at least 6 characters long.
Important:
The values that you specify on this screen must match the values provided for the
seed node.
12. Select Return to Main Menu and press Enter.

August 2017 Deploying Avaya Aura® Device Services 68

Comments on this document? [email protected]
 Configuring an Avaya Aura® Device Services node in a cluster

13. In the Initial Installation Configuration screen, select Session Manager Cassandra
Configuration and press Enter.
14. In the Session Manager Cassandra Configuration screen, set values for the following
parameters:
• Session Manager Management IP
• Session Manager Asset IP
15. Select Return to Main Menu and press Enter.
16. Select Continue and press Enter.
17. In the Configuration Summary screen, verify the values, select Accept and Continue and
press Enter.
The installer performs pre-install checks.
18. In the Results of configuration checks screen, select Continue and press Enter.
The system displays the End User License Agreement.
19. Select Accept and press Enter.
20. Select Accept and press Enter.
The system displays the progress of the tasks in the Running Installer Script window. The
system installs the required RPMs, downloads certificates from System Manager, creates
database schema, and performs the required initial configuration. After successful
installation, the system displays the Results of Installation Script screen.
21. Select Continue and press Enter.
22. In the Main Menu screen, select Clustering Configuration and press Enter.
23. In the Clustering Configuration screen, select Cluster Utilities and press Enter.
24. In the Clustering Configuration screen, select Configure SSH RSA Public/Private Keys
and press Enter.
The system displays a command line screen.
25. In the Add additional host to the list prompt, type y and press Enter.
26. In the Enter a new host identifier prompt, type the IP address of the seed node and press
Enter.
27. In the User prompt, type the admin user name for the seed node and press Enter.
28. If the system displays the SSH RSA Key exists. Replace with a new one prompt, type y
and press Enter.
29. In the Are you sure you want to continue connecting prompt, type y and press Enter.
30. At the password prompts, type the admin passwords for the servers for which the system
displays the IP addresses or FQDNs and press Enter.

August 2017 Deploying Avaya Aura® Device Services 69

Comments on this document? [email protected]
Post deployment configuration

31. At the SSH RSA configuration is complete prompt, press Enter to continue.
The system displays the Cluster Utilities screen.
32. Select Return to Main Menu and press Enter
33. In the Clustering Configuration screen, select Virtual IP Configuration and press Enter.
34. In the Virtual IP Configuration screen, set values for the following parameters:
• Set Enable virtual IP to y.
• Set Virtual IP address to the virtual IP that you want to use.
• Set Virtual IP interface to the required value.
• Set Virtual IP master node to n.
• Set Virtual IP router ID to the required value.
• Set Virtual IP authentication password to the password you set on the seed node.
35. Select Apply and press Enter.
36. In the Clustering Configuration screen, select Return to Main Menu and press Enter
37. In the Main Menu screen, select Add a Certificate to the TrustStore and press Enter.
This step is optional if you use a certificate different from the System Manager certificate.
38. Select Continue and press Enter.
The system displays a message for Avaya Aura® Device Services service restart.
39. Select Yes and press Enter.
40. In the Results of service AADS restart screen, select Continue and press Enter.
Avaya Aura® Device Services service installation is completed.

Running the post installation script

About this task
Avaya Aura® Device Services services are available only after DRS and LDAP synchronization is
completed. The time required for synchronization varies based on the number of contacts
administered.
Note:
When a contact is added to Associated Contact in System Manager, the contact will be
synchronized to the client. Any contact that is not added to Associated Contact will not be
synchronized. For information about adding a contact to Associated Contact, see Administering
Avaya Aura® System Manager.
For information about installing patches and upgrades, see Avaya Aura® Device Services release
notes.

August 2017 Deploying Avaya Aura® Device Services 70

Comments on this document? [email protected]
 Checking for DRS synchronization

The post-installation script determines the status of the system after a fresh Avaya Aura® Device
Services installation or upgrade.
Procedure
1. Log in to the Avaya Aura® Device Services server.
2. Go to /opt/Avaya/DeviceServices/version/CAS/version/misc.
3. Type sudo ./clitool-acs.sh postInstallSystemVerification.
The command checks whether:
• Avaya Aura® Device Services services such as Nginx, Postgres, Cassandra, Tomcat,
RecoveryManager are up
• Avaya Aura® Device Services and Session Manager are associated
• 9042 SSL port is open for Cassandra queries
• Cassandra clustering is enabled
• LDAP sync is completed
4. Type sudo ./clitool-acs.sh postInstallSystemVerification -u user_ID -
p password -e email_address.
Here, user_ID is the Avaya Aura® Device Services user ID, password is the password, and
email_address is the user’s email address.
This command checks whether REST API services such as web deployment, resource
discovery, contact service, search directory, and auto-configuration are available. In addition,
it checks whether Avaya Aura® Device Services PPM connectivity is established.

Checking for DRS synchronization

About this task
The DRS process synchronizes data between System Manager and Avaya Aura® Device Services.
The synchronization time varies depending on the network and number of users in the system.
Services might fail if DRS is not in sync. Therefore, ensure that DRS is synchronized after
installation
Procedure
1. In System Manager, go to Services > Replication.
2. Select the replication group.
3. Search for the Avaya Aura® Device Services nodes and check whether they are listed as
Synchronized.

August 2017 Deploying Avaya Aura® Device Services 71

Comments on this document? [email protected]
Post deployment configuration

Importing a trusted LDAP certificate

About this task
Use this procedure to import the LDAP certificate to enable secure LDAP.
Before you begin
Deploy the Avaya Aura® Device Services OVA.
Procedure
1. Log in to Avaya Aura® Device Services with admin credentials.
You must use the admin user defined during OVA deployment for logging in to Avaya Aura®
Device Services.
2. Go to /opt/Avaya/DeviceServices/version/CAS/version/bin, where version is
the current version.
For example, /opt/Avaya/DeviceServices/7.1.0.0.243/CAS/7.1.0.0.243/bin.
3. Run the configureAADS.sh script on the installed Avaya Aura® Device Services.
4. In the Avaya Aura Device Services Configuration Utility dialog box, navigate to LDAP
Configuration and click Select.
5. On the LDAP Configuration page, select Import Secure LDAP trusted certificate and click
Select.
Note:
To use secure LDAP, you must first import a secured and trusted LDAP certificate. This
helps to validate the connection with a secure LDAP.
6. On the Import Secure LDAP trusted certificate page, select Certificate file and click Select.
The system displays a page to specify the path of the certificate.
7. In the text box, type the full path and file name of the LDAP trusted certificate.
The file must be in the .pem or .der format.
8. Ensure that the URL of the secured LDAP Server is: ldaps://
<IP_Address>:<SECURE_PORT>.
Here, IP_Address is the IP address of LDAP Server, and SECURE_PORT is 3269.
9. Click Apply to save and apply the LDAP configuration settings.
Related links
Configuration on page 76

August 2017 Deploying Avaya Aura® Device Services 72

Comments on this document? [email protected]
 Configuring virtual IP address for Avaya Aura® Device Services cluster configuration

Configuring virtual IP address for Avaya Aura® Device

Services cluster configuration
Procedure
1. Log in to Avaya Aura® Device Services with admin credentials.
You must use the admin user defined during OVA deployment for logging in to Avaya Aura®
Device Services.
2. Go to /opt/Avaya/DeviceServices/version/CAS/version/bin, where version is
the current version.
For example, /opt/Avaya/DeviceServices/7.1.0.0.243/CAS/7.1.0.0.243/bin.
3. Run the configureAADS.sh script on the installed Avaya Aura® Device Services.
4. In the Avaya Aura Device Services Configuration Utility dialog box, click Front-end host,
System manager and Certificate Configuration and click Select.
5. Click Frontend FQDN and click Select.
6. Type the FQDN of the virtual IP and click OK.
You must configure a virtual IP for the cluster seed node only before installing other cluster
nodes. Configuring virtual IP is necessary only if the cluster Nginx load balancer is used.
7. Click Local frontend host and click Select.
8. Type the FQDN of the node to which you have logged in and click OK.
9. Click Apply.
10. Click Clustering Configuration and click Select.
11. Click Virtual IP Configuration and click Select.
12. Click Enable Virtual IP.
The system enables the virtual IP address that forms the interface for client requests in the
clustered environment. The system displays the Enable or disable Virtual IP handling on
this node field.
13. Click Yes to continue.
14. Click Virtual IP Address and click Select.
15. Type the IP address that forms the front end to the clients and click OK.
16. Click Virtual IP Interface and click Select.
17. Type the Ethernet interface over which the virtual IP must be configured.
For example, in the Virtual IP Interface field, type eth0.
18. Click Virtual IP master node and click Select.

August 2017 Deploying Avaya Aura® Device Services 73

Comments on this document? [email protected]
Post deployment configuration

19. Do one of the following:

• For the initial or seed node, click Yes.
• For the backup in the cluster, click No.
20. Click Virtual IP router ID and click Select.
21. Type a value between 1 and 255 and click OK.
The Virtual IP router ID in the master and backup Avaya Aura® Device Services instances
must match. The default value for this field is 61. When an Avaya Multimedia Messaging
cluster and an Avaya Aura® Device Services cluster are configured on the same subnet, the
Virtual IP router ID differentiates between the clusters. The Virtual IP router ID must be
unique for each cluster.
22. Click Virtual IP authentication password and click Select.
23. Type the password for the virtual IP address and click OK.
24. Click Apply to continue.
The system displays the results of the virtual IP configuration.
25. Click Continue.
26. Click Return to Main Menu.
27. Click Continue to continue with the configuration of the virtual IP.
The system restarts AADS services.
28. Run the configureAADS.sh script for another node in the cluster and repeat the steps to
configure a virtual IP.
This node is designated as the backup node when you set the Virtual IP Master Node field
to n. Virtual IP configuration is required only for the master and backup nodes in the cluster,
and not for subsequent nodes in the cluster.
Next steps
Use the same procedure to install the subsequent cluster nodes.
On the Avaya Aura® Device Services UI, go to Cluster Configuration > Cluster Nodes to confirm
whether Avaya Aura® Device Services are running.

Logging in to the Avaya Aura® Device Services web

interface
About this task
You can access the Avaya Aura® Device Services web interface by using the Avaya Aura® Device
Services URL or System Manager. To use System Manager for single sign on, you must add the
Avaya Aura® Device Services instance to System Manager.

August 2017 Deploying Avaya Aura® Device Services 74

Comments on this document? [email protected]
 Logging in to the Avaya Aura® Device Services web interface

Procedure
1. Open a compatible web browser.
2. Type the URL in one of the following formats:
• https://<IP_Address>:8445/admin/
• https://<FQDN>:8445/admin/
In the DNS add an entry to map IP address with the FQDN.
If the FQDN does not resolve through DNS, you must add the IP address and FQDN of
Avaya Aura® Device Services in the etc/hosts file of the system from where you are
accessing the Avaya Aura® Device Services web interface. The default path of the hosts file
on a Microsoft Windows system is C:\Windows\System32\drivers\etc.
3. Press Enter.
If your browser does not have a valid security certificate, the system displays a warning with
instructions to load the security certificate.
4. (Optional) If you are certain your connection is secure, accept the server security certificate
to access the Logon screen.
5. On the Logon screen, do the following:
a. In the Username field, type the user name.
b. In the Password field, type the password.
To access the web-based administration portal, use an account with an administrator role
defined in the LDAP server configuration.
6. In the Password field, type the password.
7. Click Log on.
The system displays the Avaya Aura® Device Services home page.

August 2017 Deploying Avaya Aura® Device Services 75

Comments on this document? [email protected]
Chapter 6: Configuration

Saving existing LDAP settings

About this task
Before configuring Avaya Aura® Device Services, you can use the following steps to save the
current LDAP settings.
Procedure
1. Log in to Avaya Aura® Device Services with admin credentials.
2. At the command prompt, type clitool.sh ldapConfiguration >
ldap_settings.txt.
The system copies the existing LDAP configuration to the ldap_settings.txt file.
You must not cut and paste to a file from a terminal because, pasting from a terminal might
introduce some unwanted white space.

Configuration
The following table summarizes the server configuration tasks that you must perform during or after
the installation of the Avaya Aura® Device Services server for each of the deployment models
presented.
Table 1: Summary of server configuration tasks

Task Physical server deployment OVA deployment on a virtual

machine
Single server Cluster Single server Cluster
Configure Front-end host, If not configured If not configured If not configured If not configured
System Manager and during the initial during the initial during the initial during the initial
certificate configuration installation installation installation installation
phase. phase. phase. phase.
Certificates can be:
Repeat for every Repeat for every
• Managed by System
node in the node in the
Manager
cluster. cluster.
• Local certificates

August 2017 Deploying Avaya Aura® Device Services 76

Comments on this document? [email protected]
 Configuration

Task Physical server deployment OVA deployment on a virtual

machine
Single server Cluster Single server Cluster
• Intermediate CA certificates
Perform the task that
corresponds to the certificate
type that you use.
LDAP configuration Y Y — once, on the Y Y — once, on the
seed node seed node
Clustering Configuration N Y N Y
Perform tasks as Perform tasks as
indicated in the indicated in the
Cluster Cluster
installation installation
section. section.

Related links
Configuring Avaya Aura Device Services using the configuration utility on page 77
Configuring the Avaya Aura Device Services server firewall on page 93
LDAP settings configuration on page 100
Importing a trusted LDAP certificate on page 72
Avaya Aura Device Services remote access configuration on page 118

Configuring Avaya Aura® Device Services using the configuration

utility
Procedure
1. (Optional) Run the Avaya Aura® Device Services configuration utility.
sudo /opt/Avaya/DeviceServices/7.0.1.0.1248/CAS/7.0.1.0.1248/bin/configureAADS.sh

Important:
Perform this step only if you run the configuration utility at a later time after the
installation.
During the installation, the configuration menu is displayed after you accept the EULA.
The script checks the current configuration of Avaya Aura® Device Services and opens the
configuration menu.
2. Provide the required configuration settings.
3. Select Continue and press Enter.

August 2017 Deploying Avaya Aura® Device Services 77

Comments on this document? [email protected]
Configuration

Next steps
The following settings are mandatory for an Avaya Aura® Device Services installation:
• Front-end host, System Manager and certificate configuration, if not configured during the initial
installation phase
• LDAP authentication parameters
• Cluster configuration, mandatory if you are deploying an Avaya Aura® Device Services cluster
• Leave the CORS Configuration and Serviceability Agent Configuration field unchanged.
To configure advanced settings, such as certificate warning period, security banner, or re-run the
firewall configuration script, select the Advanced Configuration menu option.
Important:
After you configure the mandatory settings, you must restart the Avaya Aura® Device Services
service:
sudo service AADSService start

If there are other settings that you must configure after restarting the Avaya Aura® Device
Services server, you can run the configuration utility as described in Step 1 and gain access to
the required configuration settings.

Front-end host, System Manager, and certificate configuration

Use the following table as an aid for configuring the front-end host, System Manager, and certificate
related settings.
Warning:
Changing the System Manager Server FQDN after the installation will invalidate existing users
data in the system, if the FQDN points to a System Manager server that contains a different set
of users. You must change the FQDN only when switching to another replicated instance of the
current System Manager. For any other situation, you must reinstall the Avaya Aura® Device
Services system.
Table 2: Front-end host, System Manager and Certificate Configuration settings

Item name Description Equivalent properties file parameter

®
Front-end FQDN The front-end FQDN of the Avaya Aura REST_FRONTEND_HOST
Device Services server.
For a cluster deployment, you must
configure the front-end FQDN as the
FQDN of the virtual IP address. If an
external load balancer is used, set this
value to the FQDN of the load balancer.
The front-end FQDN is the address that
end-user clients use to access the
services provided by Avaya Aura® Device
Services.

August 2017 Deploying Avaya Aura® Device Services 78

Comments on this document? [email protected]
 Configuration

Item name Description Equivalent properties file parameter

The default value for this field depends on
the configuration present in the /etc/
hosts file of the Avaya Aura® Device
Services server.
System Manager The FQDN of the Avaya Aura® System SYSTEM_MGR_IP
FQDN Manager that signs the Avaya Aura®
Device Services certificates.
System Manager The System Manager web admin user SYSTEM_MGR_GUI_ADMIN
web admin name.
username
This field is optional.
System Manager The System Manager web admin SYSTEM_MGR_GUI_ADMIN_PASSWD
web admin password.
password
This field is optional.
System Manager The HTTPS port used for the Alarm Agent SYSTEM_MGR_HTTPS_PORT
HTTPS Port for the current Avaya Aura® Device
Services server.
The default value for this setting is 443.
System Manager The Avaya Aura® System Manager SYSTEM_MGR_PW
Enrollment enrollment password.
Password
Override port for Specifies if you use an external reverse OVERRIDE_FRONTEND_PORT
reverse proxy proxy server.
For the Front-end port for reverse proxy
Enable this setting only if clients will not setting, the equivalent parameter is
be connecting directly to the Avaya Aura® REST_FRONTEND_PORT.
Device Services server, but rather using a
proxy server as part of a remote access
solution that is configured to receive
connections on a port other than the
default port 8443.
The Avaya Aura® Device Services server
still listens on port 8443, but publishes the
override port to the client.
Select y (yes) to configure the port for the
reverse proxy server or n (no) to keep the
default configuration that remains
disabled.
If you select y (yes), the menu displays a
new setting for the reverse proxy port:
Front-end port for reverse proxy.

Note:
If this parameter is changed after the
installation, all of the nodes in a

August 2017 Deploying Avaya Aura® Device Services 79

Comments on this document? [email protected]
Configuration

Item name Description Equivalent properties file parameter

cluster must be restarted to apply the

change.
The command is sudo service
AADSService restart.
Use System Specifies if the certificates are retrieved USE_SMGR
Manager for from Avaya Aura® System Manager or
If the USE_SMGR option is set to n (no),
certificates from imported files.
you must configure the following
Select y (yes) to retrieve certificates from parameters for importing the certificate
Avaya Aura® System Manager or n (no) to files:
retrieve certificates from imported files.
• REST_KEY_FILE
If you select n (no), the menu displays
• REST_CRT_FILE
new settings for configuring the certificate
files. To configure the certificate settings, • SIP_KEY_FILE
you must provide the complete file path • SIP_CERT_FILE
name to the:
• OAM_KEY_FILE
• REST interface key file
• OAM_CRT_FILE
• REST interface certificate file
• NODE_KEY_FILE
• SIP interface key file
• NODE_CRT_FILE
• SIP interface certificate file
• CA_CRT_FILE
• OAM interface key file
• OAM interface certificate file
• node key file
• node certificate file
• signing authority certificate file
Local frontend The local FQDN of the node. LOCAL_FRONTEND_HOST
host ®
The Avaya Aura Device Services
configuration utility uses this value to
generate certificates for the node.

Important:
In a clustered configuration, the
Local frontend host is different from
one node to the other and is also
different from the Front-end FQDN.
Keystore The keystore password for the MSS and KEYSTORE_PW
password Tomcat Avaya Aura® Device Services
certificates.

August 2017 Deploying Avaya Aura® Device Services 80

Comments on this document? [email protected]
 Configuration

Item name Description Equivalent properties file parameter

The minimum length for this password is
6 characters. The characters supported
for the keystore password are:
• a to z
• A to Z
• 0 to 9
• other supported characters:
exclamation point (!), at symbol (@),
hash (#), percent sign (%), caret (^),
star (*), question mark (?), underscore
(_), dot (.)

LDAP configuration
Warning:
Changing the LDAP configuration parameters, other than Bind DN and Bind Credential, once
they are configured, might invalidate the existing user data. For example, changing how user
roles are found can remove one or more roles from the existing user, which will block the user
from accessing the Avaya Aura® Device Services system. Also, changing the server URL must
only be done to switch the configuration to another replicated instance of the current LDAP
directory. In all the other cases, you must reinstall the Avaya Aura® Device Services system.
Table 3: LDAP configuration settings

Item name Description Equivalent properties file parameter

Load LDAP The Load LDAP properties from file pathToLdapPropertiesFile
properties from menu contains an item called Path to
file properties file.
You can create a Java properties file that
contains the LDAP properties instead of
entering the LDAP configuration settings
manually. The Path to properties file
option is for configuring the absolute path
to this file.
The LDAP properties file must contain the
equivalent properties file parameters
specified in this table.
The default value for this setting is
<install_dir>/config/
ldap.properties, where
<install_dir> is the Avaya Aura®
Device Services installation directory.

August 2017 Deploying Avaya Aura® Device Services 81

Comments on this document? [email protected]
Configuration

Item name Description Equivalent properties file parameter

Import Secure The Import Secure LDAP trusted LDAP_TRUSTSTORE_CERTFILE
LDAP trusted certificate menu contains the following
LDAP_TRUSTSTORE_PASSWORD
certificate items:
• Certificate file: The path and filename
for the LDAP trusted certificate. The
certificate file must be in the .PEM
format.
• Truststore Password: The password
for Tomcat truststore.

Important:
Only configure these settings if you
need a Secure LDAP connection.
Directory Type The LDAP directory type of the enterprise. ldapType
The supported directory types are the
following:
• Microsoft Active Directory 2008 and
2012
• IBM Domino Server 7.0
• Novell e-directory 8.8
• OpenLDAP 2.4
• LDS 2008
• LDS 2012
URL for LDAP The URL for gaining access to the LDAP ldapUrl
server server. This is a mandatory setting.
The URL must have the following format:
<protocol>://<LDAP server FQDN or
IP address>:<port>

For example:
ldap://myserver.mycompany.com:3268
ldaps://myserver.mycompany.com:
3269

The protocol can be LDAP or LDAPS,

depending on the LDAP server type.
For Microsoft Active Directory, use the
catalog LDAP ports.
The default global catalog LDAP port
values are 3268 for LDAP and 3269 for
LDAPS.
The default domain LDAP ports values
are 389 for LDAP and 636 for LDAPS.

August 2017 Deploying Avaya Aura® Device Services 82

Comments on this document? [email protected]
 Configuration

Item name Description Equivalent properties file parameter

Note:
If an FQDN is used to specify the
LDAP server, the enterprise might
map the FQDN to multiple, replicated
LDAP servers using the DNS round-
robin mechanism as an attempt for
load-balance and for redundancy
purpose. Sporadic authentication
failures can occur if one of the LDAP
servers is offline and the DNS round-
robin mechanism resolves the FQDN
to the IP of the LDAP server that is
offline.
If this outcome cannot be tolerated, a
more reliable load-balancing
mechanism, such as a dedicated
load-balancer in front of the LDAP
servers, will be needed.
For Active Directory, use the Global
Catalog service port instead of the default
LDAP/LDAPS ports.
Bind DN The Distinguished Name (DN) of the user bindDN
that has read and search permissions for
the LDAP server users and roles. This is
a mandatory setting.
The format of the Bind DN depends on
the configuration of the LDAP server.

Note:
Even though the parameter name is
Bind DN, the format of its value is not
limited to the DN format. The format
can be any format that the LDAP
server can support for LDAP bind.
For example: for Active Directory,
you can use "domain\user",
"user@domain", as well as the actual
DN of the user object.
Bind Credential The password that the Avaya Aura® bindCredential
Device Services server requires for the
LDAP bind operation. This is a mandatory Important:
setting. If you configure the LDAP settings
using the properties file, you must
enter the Bind Credential manually
by running the configureAADS.sh
script.

August 2017 Deploying Avaya Aura® Device Services 83

Comments on this document? [email protected]
Configuration

Item name Description Equivalent properties file parameter

UID Attribute ID The User ID attribute name, as uidAttrID
determined by the LDAP server
configuration. This is a mandatory setting.
This parameter is used for searching
users in the LDAP server.
For example: sAMAccountName
Base Context DN The DN of the context used for LDAP baseCtxDN
authentication.
For example:
ou=aadsusers,dc=example,dc=com
Administrator The list of LDAP roles that match the adminRole
Role Avaya Aura® Device Services
Administrator role.
For example:
If the Administrator role is configured as
AADSAdmin,AADSxyz, any user whose
list of roles contains AADSAdmin or
AADSxyz is mapped to the Avaya Aura®
Device Services ADMIN role.

Note:
The values of the roles are case-
sensitive when they are mapped to
the application roles. So they must
match exactly to the roles name
found for a user for the mapping of
the LDAP roles to the Avaya Aura®
Device Services application roles to
succeed.

Important:
To avoid situations when potential
loss of credentials could impact the
administration tasks, Avaya
recommends creating more than one
user account with administrator
privileges.
Auditor Role The list of LDAP roles that match the auditorRole
Avaya Aura® Device Services Auditor role.
For example:
If the Auditor role is configured as
AADSAuditor,AADSxyz, any user
whose list of roles contains the
AADSAuditor or AADSxyz role is

August 2017 Deploying Avaya Aura® Device Services 84

Comments on this document? [email protected]
 Configuration

Item name Description Equivalent properties file parameter

mapped to the Avaya Aura® Device
Services AUDITOR role.

Note:
The values of the roles are case-
sensitive when they are mapped to
the application roles. So they must
match exactly to the roles name
found for a user for the mapping of
the LDAP roles to the Avaya Aura®
Device Services application roles to
succeed.
User Role The list of LDAP roles that match the usersRole
Avaya Aura® Device Services User role.
For example:
If the User role is configured as
AADSUser,AADSxyz, any user whose list
of roles contains the AADSUser or
AADSxyz role is mapped to the Avaya
Aura® Device Services USER role.

Note:
The values of the roles are case-
sensitive when they are mapped to
the application roles. So they must
match exactly to the roles name
found for a user for the mapping of
the LDAP roles to the Avaya Aura®
Device Services application roles to
succeed.
Services The list of LDAP roles that match the serviceAdminRole
Administrator Services Administrator role.
Role
For example:
If the User role is configured as
AADSUser,AADSxyz, any user whose list
of roles contains the AADSUser or
AADSxyz role is mapped to the Avaya
Aura® Device Services Services
Administrator role.

Note:
The values of the roles are case-
sensitive when they are mapped to
the application roles. So they must
match exactly to the roles name
found for a user for the mapping of

August 2017 Deploying Avaya Aura® Device Services 85

Comments on this document? [email protected]
Configuration

Item name Description Equivalent properties file parameter

the LDAP roles to the Avaya Aura®

Device Services application roles to
succeed.
Maintenance and The list of LDAP roles that match the serviceMaintenanceRole
Support Role Maintenance and Support role.
For example:
If the User role is configured as
AADSUser,AADSxyz, any user whose list
of roles contains the AADSUser or
AADSxyz role is mapped to the Avaya
Aura® Device Services Maintenance and
Support role.

Note:
The values of the roles are case-
sensitive when they are mapped to
the application roles. So they must
match exactly to the roles name
found for a user for the mapping of
the LDAP roles to the Avaya Aura®
Device Services application roles to
succeed.
Advanced LDAP The menu that contains advanced LDAP
parameters parameters to configure depending on the
structure of the LDAP server.
Test User If you select testUser and select Apply, testUser
this option is used to validate the following
LDAP settings:
• Verifies that the user is searchable with
a given base DN and search filter
• Lists the group to which the user
belongs-user, admin, or auditor
• Validates the values for Role Attribute
ID and Role Name Attribute
• Verifies the Last Updated Time attribute,
role filter syntax, and active users
search filter syntax
The configuration is not saved if any of
these validations fail.
The testUser parameter is optional. If you
do not specify a value in the testUser
field, the system skips validation and

August 2017 Deploying Avaya Aura® Device Services 86

Comments on this document? [email protected]
 Configuration

Item name Description Equivalent properties file parameter

directly saves the configuration in the
database.

Table 4: Advanced LDAP attributes

The following table contains the LDAP configuration settings accessible through the Advanced LDAP
attributes menu:

Item name Description Equivalent properties file

parameter
Role Filter The string to use for role filtering. roleFilter
The format of the string depends
on the LDAP server configuration.
For example:
(&(objectClass=group)
(member={1}))
Role Attribute ID The Role Attribute ID parameter roleAttrID
has a different meaning,
depending on the value of
RoleAttributeIsDN:
• If RoleAttributeIsDN is true, this
is the attribute that contains the
DN used to find the object that
contains the role name.
• If RoleAttributeIsDN is false, this
is the name of the attribute that
contains the role name.
For example: memberOf
Roles Context DN The Roles Context DN to use for rolesCtxDN
searching roles.
The roles search in LDAP is
performed by using the Roles
Context DN in combination with
the Role Filter.
For example:
ou=aadsusers,dc=example,d
c=com
Role Name Attribute This parameter has a different roleNameAttrID
meaning, depending on the value
of RoleAttributeIsDN:
• If RoleAttributeIsDN is true, the
value of the attribute set in
RoleAttributeID is used to find
the object that contains the role
and this parameter stores the

August 2017 Deploying Avaya Aura® Device Services 87

Comments on this document? [email protected]
Configuration

Item name Description Equivalent properties file

Role Attribute is DN (true/false)
Role Recursion
Allow Empty Passwords (true/
false)
Search Scope (0 - 2)
parameter
name of the attribute that
contains the role name.
• If RoleAttributeIsDN is false, this
parameter is ignored.
For example: cn
The setting to determine if the role roleAttrIsDN
attribute is stored in the DN or in
another object.
If you set this parameter to true,
the role is stored in the attribute
defined by the Role Name
Attribute parameter.
If you set this parameter to false,
the role attribute of the user
contains the name of the role.
The setting to enable or disable roleRecursion
role recursion.
For example: the user jsmith can
be in the Sales group, which can
be in the AADS users group. In
this case, Role Recursion must be
set to true to permit role recursion.
The setting to determine if empty allowEmptyPasswords
passwords are allowed in the
LDAP directory.
The setting to determine the scope searchScope
of the role search.
The role search starts from the
Role Context DN and uses the
Role Filter. The search scope
determines the depth of the
search as follows:
• Level 0, also named
OBJECT_SCOPE, indicates that
the search is performed only on
the named role context.
• Level 1, also named
ONELEVEL_SCOPE, indicates
that the search is performed
directly under the named role
context.
• Level 2, also named
SUBTREE_SCOPE, indicates

August 2017 Deploying Avaya Aura® Device Services 88

Comments on this document? [email protected]


Item name
Language used in Directory
Active users search filter string
Last updated time attribute
August 2017
[email protected]
Configuration
Description Equivalent properties file
parameter
that the search is performed at
the named role context and in
the sub-tree rooted at the named
role context.
The language used in the LDAP language
directory.
The following languages are
supported:
• Russian
• German
• Spanish
• English
• Korean
• French
• Portuguese
• Simplified Chinese
• Japanese
• Italian
The search filter string used to activeUsersFilter
identify active users.
If the LDAP server supports a
method of determining whether a
user is active, this setting must
contain the attribute that
determines if a user is active.
If this setting is not configured, the
Avaya Aura® Device Services
User Management component
handles all the users as active
users.
For example:
(&(objectClass=user)
(objectCategory=Person)(!
(userAccountControl:
1.2.840.113556.1.4.803:=2
)))
The attribute that contains the last lastUpdatedTimeAttr
time when an LDAP object was
modified, in the ASN.1
Generalized Time Notation.
Deploying Avaya Aura® Device Services 89
Comments on this document?
Configuration

Item name Description Equivalent properties file

parameter
The Avaya Aura® Device Services
User Management component
uses this attribute to identify
updated users when synchronizing
the user data with the LDAP
server.
If this parameter is not configured,
the User Management component
compares the data of every user
to the data that exists in the LDAP
server.

Load parameter defaults
Note:
Configuring this parameter
improves the efficiency of the
user synchronization process
and reduces the traffic
between the Avaya Aura®
Device Services server and
the LDAP server during user
synchronization.
The script to load the default
values for the parameters.

Clustering configuration
The Cluster Configuration menu contains the tools and settings that you must use for configuring the
Avaya Aura® Device Services nodes in a clustered environment.
The Cluster Configuration menu contains the following submenus:
• Cluster Utilities
• Virtual IP Configuration
Cluster utilities
Table 5: Cluster Utilities

Item name Description Equivalent properties file parameter

Configure SSH The Configure SSH RSA Public/Private
RSA Public/ Keys utility configures the SSH RSA keys
Private Keys for SSH login configuration.
You must run this utility from the seed
node, after installing the other nodes in
the cluster.
This setting does not have an equivalent
parameter in the installation.properties
file.
You must configure the cluster using the
configuration tool after the silent
installation is complete.

August 2017 Deploying Avaya Aura® Device Services 90

Comments on this document? [email protected]
 Configuration

Virtual IP Configuration
The virtual IP address is necessary in a clustered environment, so that all the nodes in the cluster
can be accessed using the same IP address.
Table 6: Virtual IP settings

Item name Description Equivalent properties file parameter

Enable virtual IP The setting to enable the usage of a KA_ENABLED
virtual IP address.
If you set this parameter to y (yes), you
If you select n (no), the configuration must also configure the following
script does not configure the virtual IP parameters:
address.
• KA_VIRTUAL_IP
If you select y (yes), new configuration
• KA_INTERFACE
settings for the virtual IP address are
displayed in the configuration menu: • KA_MASTER_YN
• Virtual IP address: the virtual IP • KA_AUTHENTICATION_PASSWORD
address to be shared by the current
• KA_ROUTER_ID
node
• Virtual IP interface: the network
interface to use for the virtual IP. The
form of this interface must be eth0.
• Virtual IP master node: the setting to
determine if the current node is the
master node in the cluster
• Virtual IP authentication password: the
password to use for virtual IP
authentication.

Advanced configuration
Table 7: Advanced configuration settings

Item name Description Equivalent properties file parameter

Certificate The number of days before the expiry CERT_WARNING_PERIOD
Warning Period date of a certificate causes the system to
raise an alarm.
Maximum The maximum message count that the MAX_MESSAGE_COUNT
Message Count system can return per conversation, when
a user performs a database a query to
view a conversation.
If you set the Maximum message count
in a query value to NULL, the system
uses the default value in the database
initialization settings.

August 2017 Deploying Avaya Aura® Device Services 91

Comments on this document? [email protected]
Configuration

Item name Description Equivalent properties file parameter

OS Security The menu for configuring the firewall RUN_FIREWALL_CONFIG
Utility automatically on the current node.
If you set this parameter to y (yes), the
Select Run the firewall configuration firewall configuration script is run during
script and press Enter to run the firewall the silent installation.
configuration script.
Avaya recommends that you run this
script to configure the firewall
automatically and not perform a manual
configuration.

Warning:
The firewall configuration script
replaces the current configuration of
the firewall on the server where you
are performing the installation, so
you must open any other ports
required for your server manually
after you run this script.
Long Poll The menu that contains the AVAYA_REQUEST_TIMEOUT
Timeout Recommended Long Poll Timeout
configuration option. Use this option for
setting the value to use in the Avaya-
Request-Timeout HTTP header for long-
poll requests.

Important:
The long poll timeout value can be
from 30 to 120. Lowering this value
results in increased traffic on the
server, but network configuration
may require that you set a lower
value.
If you do not configure this parameter, the
default database initialization setting is
used.
Configure Host IP The menu that contains the IP address SNMP_IP_ADDR
for SNMP for managing this server setting for
management configuring the IP address of the Network
Interface to use for SNMP.
Security Banner The menu for configuring security banner SECURITY_BANNER_PATH
File settings.
The Security Banner File setting must
contain the path to the security banner
file.

August 2017 Deploying Avaya Aura® Device Services 92

Comments on this document? [email protected]
 Configuration

Item name Description Equivalent properties file parameter

The security banner file is a text file that
contains the security warnings displayed
when a user or administrator logs in to the
administration portal or using an SSH
console.

Configuring the Avaya Aura® Device Services server firewall

About this task
Use this procedure to reset the firewall settings back to the defaults, or to allow additional ports
through the server firewall.
Procedure
1. Run the following command to open the Configuration utility:
sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/bin/configureAADS.sh

2. Select Advanced Configuration > OS Security Tools > Run the firewall configuration
script.
The firewall is configured automatically.
3. (Optional) Add the required ports to the firewall configuration.
For example, to allow port 7010 through the firewall, use the following command in a Linux
shell:
sudo iptables -I INPUT 6 -p tcp -m tcp --dport 7010 -j ACCEPT

For more information about firewall configuration, see “Firewall configuration” in the Red hat
customer portal.
Run the following command to ensure that the ports were added successfully:
For example:
sudo iptables --list
sudo service iptables status

Related links
Configuration on page 76

Avaya Aura® Device Services certificate configuration

The Avaya Aura® Device Services server has multiple options for certificate management, which
include:
• Importing local or public certificates.
• Importing local certificates that are signed by an intermediate Certificate Authority.

August 2017 Deploying Avaya Aura® Device Services 93

Comments on this document? [email protected]
Configuration

• Viewing the details for a certificate.

Certificate management is performed during the installation of the Avaya Aura® Device Services
server and there are no additional steps required after the installation is complete. The following
sections illustrate the steps to perform for every certificate management option. After you import a
certificate, you must restart for the changes to take effect.
For information about managing the Avaya Aura® Device Services root certificate and for managing
identity certificates, see Administering Avaya Aura® System Manager.
For details about adding CA signed certificate used by Lync edge server and updating the TLS
certificate through Session Manager, see Avaya Aura® Presence Services Snap-in Reference.
If you do not use Avaya Aura® System Manager certificates, the Avaya Aura® Device Services
server requires four .PEM certificates and their corresponding key files:
• The REST interface certificate is used for the communication with the clients.
• The SIP interface certificate is used for SIP communication for integration with Lync.
• The OAMP interface certificate is used for the OAMP GUI.
• The node certificate is used for internode communication such as cluster notifications. The
node certificate is also used for encrypting database traffic.
Avaya Aura® Device Services supports PKS12-format certificates. The signing authority certificate
file is also required.
Important:
• All certificates must contain Subject Alternate Names for the FQDN of the Avaya Aura®
Device Services server and the FQDN of the local Avaya Aura® Device Services node.
• The Common Name of the Node certificate must contain the FQDN of the local Avaya
Aura® Device Services node. In a cluster, every Avaya Aura® Device Services node has a
different FQDN.

Command for viewing certificate details

You can view certificate details by running displayCertificate.sh under the misc directory.
sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/misc/displayCertificates.sh <cert-
type>

You can enter one of the following <cert-type> values:

• oam
• rest
• sip
• node
• ca
• licensing

August 2017 Deploying Avaya Aura® Device Services 94

Comments on this document? [email protected]
 Configuration

• ldap
• psng
Example
The following is an example output of the command:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4043459183551203610 (0x381d40b44b5c491a)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=System Manager CA, OU=MGMT, O=AVAYA
Validity
Not Before: Jun 24 12:49:18 2016 GMT
Not After : Jun 24 12:49:18 2018 GMT
Subject: CN=AWSDev-14.cnda.avaya.com, O=Avaya, C=US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:96:48:38:bb:64:aa:86:86:79:9a:ab:b5:a5:58:
c7:d7:9a:ee:ee:c3:39:f9:47:1a:9b:d4:f0:f9:5b:
02:c6:92:5d:aa:73:43:d2:c8:f6:e6:af:1a:77:91:
6d:0d:d9:0a:f8:17:64:4c:be:7c:18:e3:56:60:fa:
ec:b0:fb:75:38:b9:96:f1:78:8d:99:12:9a:2b:38:
e8:9c:f9:75:d2:2a:8d:63:83:d3:72:b7:6f:78:d8:
3d:b7:48:a8:90:ec:5d:c3:67:68:11:69:d2:0a:ff:
48:be:b8:6f:35:3a:b6:ed:d8:63:9e:0e:6e:c1:58:
5b:87:5e:78:5e:7c:a3:8e:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:AWSDev-14.cnda.avaya.com
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:03:1B:17:D2:B9:C7:0B:78:45:51:56:86:F1:4A:48:1A:3D:00:D4:D0

X509v3 Extended Key Usage:

TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
58:EF:09:4E:87:03:89:FC:49:A4:58:DD:9F:3C:21:0A:46:BC:52:7E
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment,
Key Agreement
Signature Algorithm: sha1WithRSAEncryption
89:ed:f3:6d:59:67:5f:38:a1:77:ee:50:15:20:a8:2f:f3:e3:
39:7e:ff:2d:4a:7d:48:8e:c8:2d:f1:ac:f0:0c:f0:26:a4:c8:
e8:09:e6:a5:e1:c8:56:9d:a8:35:b1:40:4d:a0:d2:04:91:b6:
dd:f8:67:27:c2:bc:b8:01:96:45:29:28:0b:5b:8c:7b:e5:b7:
7a:e2:e3:50:88:b9:c9:f2:d7:0f:77:0f:2c:7e:16:02:25:2e:
1e:e1:dc:2b:cf:ca:8f:25:cb:73:65:d5:f6:52:b9:d3:67:8f:
f6:e5:9f:49:7a:58:20:87:90:af:64:8a:2a:d4:46:95:ed:ea:
aa:b2:f2:6a:a1:be:46:98:c2:b0:e6:bf:89:41:6b:e5:63:a2:
5b:d9:ec:48:47:4f:dd:84:cd:cb:da:9a:5a:ec:12:4c:84:25:
6a:dd:31:90:64:03:cd:e3:5e:50:25:0a:6a:ab:77:5c:69:c3:
c2:86:62:bd:38:41:31:3a:73:14:77:1f:f0:e8:92:06:39:36:
5b:49:cc:a5:4b:24:60:68:0c:b4:86:51:cf:49:bf:8e:d5:f1:
ca:7f:15:4e:e4:b4:ff:df:2e:11:cd:5c:57:9a:df:78:c0:b1:
03:12:50:5c:a2:1b:51:1f:18:50:7e:e3:bb:af:a3:28:db:01:
fe:43:b6:1b
SHA1 Fingerprint=DB:3E:FB:84:80:76:74:DC:25:E4:93:85:CE:D6:84:4F:B6:71:DB:33

August 2017 Deploying Avaya Aura® Device Services 95

Comments on this document? [email protected]
Configuration

Importing the Avaya Aura® System Manager trusted certificate

About this task
If you use Avaya Aura® System Manager for certificate management, you must configure the
System Manager connection details, enable using System Manager for certificate management, and
enter the enrollment password.
The following procedure describes how to configure the Avaya Aura® Device Services server for
certificate management using Avaya Aura® System Manager.
Procedure
1. Run the Avaya Aura® Device Services configuration utility.
sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/bin/configureAADS.sh

2. Select Front-end host, System Manager and Certificate Configuration.

3. Set Use System Manager to y (yes).
4. Configure the System Manager connection details:
• System Manager FQDN
• System Manager HTTPS Port or the Front-end port for reverse proxy, if applicable
To configure the reverse proxy port number, you must first set the Override port for
reverse proxy setting to y (yes).
5. Configure the System Manager Enrollment Password option.
The System Manager enrollment password is used for adding the certificates to the trust
store of the client applications.
6. After you finish configuring the Avaya Aura® Device Services server, check the configuration
utility log files to ensure that the System Manager configuration was made successfully.
7. Restart after adding certificates for the changes to take effect.

Importing local certificates

About this task
If you do not use Avaya Aura® System Manager for certificate management, Avaya Aura® Device
Services provides you with the possibility of using certificates that are specific to your organization
and have the certificates signed by a local or public certificate authority.
The following procedure describes how to import the certificate files and the corresponding key files
using the configuration utility.
Procedure
1. Run the Avaya Aura® Device Services configuration utility.
sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/bin/configureAADS.sh

2. Select Front-end host, System Manager and Certificate Configuration.

August 2017 Deploying Avaya Aura® Device Services 96

Comments on this document? [email protected]
 Configuration

3. Configure the System Manager connection details:

• System Manager FQDN
• System Manager HTTPS Port or the Front-end port for reverse proxy, if applicable
To configure the reverse proxy port number, you must first set the Override port for
reverse proxy setting to y (yes).
4. Configure the System Manager Enrollment Password option.
The System Manager enrollment password is used for adding the certificates to the trust
store of the client applications.
5. Set Use System Manager to n (no).
The menu displays options for importing individual certificate files and the corresponding key
files.
6. Configure the following options to provide the paths to the certificate and key files:
• REST interface key file
• REST interface certificate file
• SIP interface key file
• SIP interface certificate file
• OAM interface key file
• OAM interface certificate file
• node key file
• node certificate file
• signing authority certificate file
Both the certificate and the corresponding key file must be present on the server when they
are imported. If one pair of files is not imported because one or both files are missing, the
other files may still be imported, so that you can selectively replace individual certificates.
You can also generate certificates using Avaya Aura® System Manager and replace
individual certificates, such as the front-end certificates.
7. Configure the path to the Lync certificate file under Advanced Configuration > Import
Microsoft Lync trusted certificate.
8. Configure the MSS/Tomcat keystore password option.
The MSS/Tomcat keystore password is used for adding the certificates to the trust store of
the client applications. The role of the keystore password is similar to the role of the Avaya
Aura® System Manager enrollment password in the configurations that use the Avaya Aura®
System Manager root certificate.
9. Restart Avaya Aura® Device Services and check the configuration utility log files to ensure
that the certificates were imported successfully.

August 2017 Deploying Avaya Aura® Device Services 97

Comments on this document? [email protected]
Configuration

Importing intermediate CA certificates

About this task
In some deployments where certificates are imported rather than generated by Avaya Aura® System
Manager, server certificates are signed by an intermediate Certificate Authority (CA) rather than a
root CA. To use the certificates, a chain of trust is required: the root CA signs the intermediate CA
certificate and the intermediate CA signs the server certificate.
To create a certificate chain, you must concatenate the PEM-format certificate files for the server
and the intermediate CA, so that the server certificate is first.
Important:
Only the REST and OAM front-end certificates support intermediate Certificate Authorities. The
node and back-end certificates do not support intermediate CAs and importing certificate chains
for those certificates fails.
The following procedure describes how to concatenate the PEM-format certificate files and import
the files using the configuration utility.
Procedure
1. Copy the server certificate file to a new file for concatenation.
For example:
cp server.crt certificate-chain.crt

2. Concatenate the intermediate certificate file to the file created in the previous step.
For example:
cat intermediateca.crt >> certificate-chain.crt

3. Run the Avaya Aura® Device Services configuration utility.

sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/bin/configureAADS.sh

4. Select Front-end host, System Manager and Certificate Configuration.

5. Configure the System Manager connection details:
• System Manager FQDN
• System Manager HTTPS Port or the Front-end port for reverse proxy, if applicable
To configure the reverse proxy port number, you must first set the Override port for
reverse proxy setting to y (yes).
6. Configure the System Manager Enrollment Password option.
The System Manager enrollment password is used for adding the certificates to the trust
store of the client applications.
7. Set Use System Manager to n (no).
The menu displays options for importing individual certificate files.
8. Select one of the following options to provide the path to the concatenated certificate file:
• REST interface certificate file

August 2017 Deploying Avaya Aura® Device Services 98

Comments on this document? [email protected]
 Configuration

• OAM interface certificate file

9. Import the key file of the certificate by using the corresponding menu option:
• REST interface key file
• OAM interface key file
The key file does not require alteration. Import the key file as if you are importing individual
certificates.
10. Import the Lync certificate file using Advanced Configuration > Import Microsoft Lync
trusted certificate.
11. Configure the MSS/Tomcat keystore password option.
The MSS/Tomcat keystore password is used for adding the certificates to the trust store of
the client applications. The role of the keystore password is similar to the role of the Avaya
Aura® System Manager enrollment password in the configurations that use the Avaya Aura®
System Manager root certificate.
12. Restart Avaya Aura® Device Services and check the configuration utility log files to ensure
that the certificates were imported successfully.

Viewing the current CA used to sign the Session Manager certificate

Procedure
1. On the home page of the System Manager Web Console, in Services, click Inventory >
Manage Elements.
2. Select the primary Session Manager from the list, and click More Actions.
3. Click Configure Identity Certificates.
4. Click Security Module HTTPS.
The system displays the Certificate details. In the Issuer Name field, you can view which CA
issued the certificate.

Importing SIP CA certificate to the Avaya Aura® Device Services trust store
About this task
Before release 6.3.8, Session Manager used the default SIP CA to sign the certificate used by PPM
HTTP. After release 6.3.8, the System Manager CA is used. You must manually import SIP CA
certificate to the Avaya Aura® Device Services trust store if you had Session Manager 6.3.8 or
earlier, and upgraded to a later release.
Procedure
1. Log in to the Avaya Aura® Device Services server.
2. Type sudo keytool —importcert —file <CA_Certificate>.cer —
keystore /opt/Avaya/DeviceServices/<version>/CAS/<version>/cert/ssl-
ts.jks —alias "CA_alias"

August 2017 Deploying Avaya Aura® Device Services 99

Comments on this document? [email protected]
Configuration

Here, CA_Certificate is the name of the CA certificate file in PEM or DER format. CA_alias is
the alias you want to assign this certificate

LDAP settings configuration

Avaya Aura® Device Services uses the LDAP servers for user authentication, user authorization,
and retrieving user details.
The following sections provide tasks and configuration examples for the LDAP settings.
The LDAP settings configuration is performed during the Avaya Aura® Device Services installation
and there are no additional actions required after the installation is complete.
Avaya Aura® Device Services will follow referrals in LDAP in case the returned host is known. It will
work if the bind credentials are valid in the referred to server.
Related links
Configuration on page 76
Importing the Secure LDAP certificate using the configuration utility on page 100
Importing the Secure LDAP certificate using the web-based administration portal on page 101
Setting up user synchronization with LDAP Server after deployment on page 102
LDAP configuration for Microsoft Active Directory on page 102
LDAP attribute mapping on page 110
LDAP configuration best practices on page 114
LDAP parameter descriptions on page 115

Importing the Secure LDAP certificate using the configuration utility

About this task
Using a Secured LDAP server requires adding a CA trust certificate file to the Tomcat trust store.
The following procedure describes how to import the certificate using the configuration utility.
Before you begin
The Avaya Aura® Device Services configuration utility can import certificate files in the .PEM format
only.
If the certificate file has a different format, such as .der, you must first convert the file to the .PEM
format using the openssl command in the Avaya Aura® Device Services CLI.
For example:
openssl x509 -inform DER -outform PEM -in certificate.der -out certificate.pem

Procedure
1. Run the configuration utility.
sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/bin/configureAADS.sh

2. Select LDAP Configuration > Import Secure LDAP trusted certificate.

August 2017 Deploying Avaya Aura® Device Services 100

Comments on this document? [email protected]
 Configuration

3. In the Trusted LDAP certificate settings menu, configure the following settings:
• Certificate file: the path and filename for the LDAP trusted certificate. This file must be in
the PEM format.
• Truststore password: The password for the Tomcat trust store. This is the same
password as the MSS/Tomcat keystore password configured in the Front-end host,
System Manager and Certificate Configuration menu.
Note:
If you perform a silent installation, the equivalent parameters that you must configure in
the installation.properties file are the following:
• LDAP_TRUSTSTORE_CERTFILE
• LDAP_TRUSTSTORE_PASSWORD
Related links
LDAP settings configuration on page 100

Importing the Secure LDAP certificate using the web-based administration

portal
About this task
The following procedure describes how to import a Secure LDAP certificate, in the case when
Secure LDAP is used.
Before you begin
The Avaya Aura® Device Services server must be installed and configured before you can gain
access to the web-based administration portal.
Procedure
1. Log in to the Avaya Aura® Device Services administration portal.
The URL for gaining access to the administration portal is https://<hostname>:8445/
admin.

Important:
For the hostname, always use the same Avaya Aura® Device Services server FQDN that
you use for generating certificates. You will be redirected to the Login page if you use the
IP address instead of the FQDN.
To gain access to the web-based administration portal, you must use an account that has the
Administrator role defined in the LDAP server configuration.
2. Select Server Connections > LDAP Configuration > Enterprise Directory.
3. Select the Secure LDAP check box.
4. Click Import Certificate to import the certificate file from the location where it is stored on
the hard disk.

August 2017 Deploying Avaya Aura® Device Services 101

Comments on this document? [email protected]
Configuration

5. Click Save.
Related links
LDAP settings configuration on page 100

Setting up user synchronization with LDAP Server after deployment

About this task
Important:
Before using Avaya Aura® Device Services, you must synchronize the user with LDAP Server.
Procedure
1. Log on to the Avaya Aura® Device Services interface.
2. In the left navigation pane, click Server Connections > LDAP Configuration > Enterprise
Directory.
The system displays the Enterprise LDAP Server Configuration page.
3. In the User Synchronization Update Instructions section, do the following:
a. Click Force LDAP Sync.
The system displays the following message:
WARNING!Force LDAP Sync will re-synchronize all the LDAP user
data. This action will impact on-going Device Services
operations and must be performed during a maintenance window.
b. Click OK.
The system displays the following message:
Starting update.
c. Click OK.
d. Ensure that system displays the following message: Last Sync Status :
Successful as on : <date and time of the synchronization>.
For example: Last Sync Status : Successful as on : Tue, Sep 06,
2016 13:54:36 (UTC+5:30).
e. Specify a date and time to schedule the synchronization of Avaya Aura® Device
Services users with the Enterprise LDAP Server users.
f. Select the Repeat check box and click the day to set up a recurring event for
synchronization.
g. Click Save.
Related links
LDAP settings configuration on page 100

LDAP configuration for Microsoft Active Directory

August 2017 Deploying Avaya Aura® Device Services 102

Comments on this document? [email protected]
 Configuration

The following sections contain tasks for configuring the LDAP server for Microsoft Active Directory
(AD).
The tasks follow the LDAP configuration example provided in this section, to provide a
comprehensive view of how the LDAP configuration must be made.

dc=example,
dc=com

dc=global,
dc=example,
dc=com

ou=Users, ou=Groups,
dc=global, dc=global,
dc=example, dc=example,
dc=com dc=com

cn=AMM User1, cn=AMM User2, cn=AMM User3, cn=AMMAdmin, cn=AMMUsers, cn=AMMAuditor, cn=AMMDelegates,
ou=Users, ou=Users, ou=Users, ou=Groups, ou=Groups, ou=Groups, ou=Groups,
dc=global, dc=global, dc=global, dc=global, dc=global, dc=global, dc=global,
dc=example, dc=example, dc=example, dc=example, dc=example, dc=example, dc=example,
dc=com dc=com dc=com dc=com dc=com dc=com dc=com

Figure 3: LDAP configuration example

• Company DNS domain: example.com

• Domain: GLOBAL
• Active Directory FQDN: gdc.global.example.com. This FQDN could be mapped to more than
one replicated AD servers with different IPs.
• The Active Directory provides both LDAP and LDAPS (LDAP over TLS) accesses to the Active
Directory Global Catalog (see http://technet.microsoft.com/en-us/library/cc728188(v=ws.
10).aspx for details on what is Global Catalog) through ports 3268 and 3269, respectively.
• The user that has privileges to read and search the Active Directory (User: AADSAssistant,
Password: admin123).
• Domain users.
Note:
The LDAP attribute "mail" must be set as its value is used as the unique identifier for an
AADS User
- AADS User 1 which has the following attributes:
• sAMAccountName=aadsuser1

August 2017 Deploying Avaya Aura® Device Services 103

Comments on this document? [email protected]
Configuration

• [email protected]
• [email protected]
• givenName=User1
• sn=AADS
- AADS User 2 which has the following attributes:
• sAMAccountName=aadsuser2
• [email protected]
• [email protected]
• givenName=User2
• sn=AADS
- AADS Admin which has the following attributes:
• sAMAccountName=aadsadmin
• [email protected]
• [email protected]
• givenName=Admin
• sn=AADS
• Groups:
- “AADSAdmin” contains the users that can access the AADS OAMP GUI. In this example,
this group contains the DN (Distinguished Name) of the user “AADS Admin” as the value of
its “member” attributes.
- “AADSUsers” contains the users that can access the AADS REST interface. In this example,
this group contains the DN of the user “AADS User1” and the group “AADSDelegates” as
the value of its “member” attributes.
- “AADSAuditor” contains the users that have read-only access to the OAMP GUI. In this
example, this group contains the DN of the users “AADS User1” and “AADS User2” as the
values of its “member” attribute.
- “AADSDelegates” is a subgroup of “AADSUsers”. So the users in this group should also
have access to AADS REST interface. In this example, this group contains the DN of
the user “AADS User2” as the value of its “member” attributes.
Related links
LDAP settings configuration on page 100
Configuring the binding parameters on page 105
Configuring the authentication parameters on page 105
Configuring the role search parameters on page 107
Configuring the internationalization parameters on page 107
Configuring the user management parameters on page 109

August 2017 Deploying Avaya Aura® Device Services 104

Comments on this document? [email protected]
 Configuration

Configuring the binding parameters

About this task
The following procedure describes how to configure the LDAP binding parameters when Microsoft
Active Directory (AD) is used.
Procedure
1. In the Avaya Aura® Device Services CLI, run the following command to start the
configuration utility:
sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/bin/configureAADS.sh

2. Select LDAP Configuration.

3. Configure the following settings:
Parameter Description Example
URL for LDAP The URL used to locate the Active Directory server. ldaps://
Server ® gdc.global.example.c
Avaya Aura Device Services uses the AD Global
om:3269
Catalog instead of the Avaya Aura® Device Services
LDAP interface. The Global Catalog contains the
replicated copies of data in all of the enterprise
domains. This avoids the need for delegated searches
by following references in the LDAP to other AD domain
controllers.

Note:
Microsoft Active Directory uses a Secure LDAP
connection. For the LDAPS connection, a CA
(Certificate Authority) certificate for the CA that
signed the AD server certificate needs to be
imported into the Avaya Aura® Device Services
trust store before the LDAP configuration can be
made.
Bind User The user that has read/search access to Active global
Directory. \AADSAssistant
Bind Credential The password for the Bind User. admin123

Related links
LDAP configuration for Microsoft Active Directory on page 102

Configuring the authentication parameters

About this task
The following procedure describes how to configure the LDAP authentication parameters when
Microsoft Active Directory (AD) is used.

August 2017 Deploying Avaya Aura® Device Services 105

Comments on this document? [email protected]
Configuration

Procedure
1. In the Avaya Aura® Device Services CLI, run the following command to start the
configuration utility:
sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/bin/configureAADS.sh

2. Select LDAP Configuration and configure the following settings:

Parameter Description Example
UID Attribute ID The LDAP attribute that contains the user ID used for sAMAccoutName
authentication.
userPrincipalName
For Microsoft Active Directory, there are usually two
types of userID: Domain user ID or User Principal
Names. Avaya Aura® Device Services also supports
authentication using the email address of a user.
• For Domain user ID authentication, the “UID Attribute
ID” must be set to “sAMAccoutName”.
See MultipleActiveDirectorydomains for how to set
this up in an AD forest
• For authentication using User Principal Name, “UID
Attribute ID” must be set to “userPrincipalName”.

Note:
For Microsoft Active Directory,
“userPrincipalName” is an optional attribute. So if
authentication using User Principal Name (or UPN)
is used, ensure that each user has the
“userPrincipalName” attribute set.
Base Context DN The base DN where the search for the user must start. dc=global,dc=exampl
Usually, the base DN is the root DN for the AD domain. e,dc=com

3. Select LDAP Configuration > Advanced LDAP parameters and configure the following
settings:
Parameter Description Example
Allow Empty The setting to enable user authentication without a false
Passwords password.
Microsoft Active Directory does not allow users to
authenticate without a password, so you must set the
Allow Empty Passwords setting to false.

Related links
LDAP configuration for Microsoft Active Directory on page 102

August 2017 Deploying Avaya Aura® Device Services 106

Comments on this document? [email protected]
 Configuration

Configuring the role search parameters

About this task
The following procedure describes how to configure the LDAP role search parameters when
Microsoft Active Directory (AD) is used.
Role search for Avaya Aura® Device Services users are really about finding the associated “role”
strings for a user in LDAP. For AD, this is about the user group names that a user belongs to.
In Microsoft Active Directory, the DNs of the groups that a user belongs to are stored in the
“memberOf” attribute of a user. The “memberOf” attribute also stores the Exchange mailing lists that
a user belongs to. Conversely, the group objects that the user belongs to contain a “member”
attribute that stores the DNs of all of the users and sub-groups that are members of this group.
Procedure
1. In the Avaya Aura® Device Services CLI, run the following command to start the
configuration utility:
sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/bin/configureAADS.sh

2. Select LDAP Configuration > Advanced LDAP parameters.

3. Configure the parameter settings as described in Parameter settings on page 115.
4. Configure the attributes as described in Role configuration on page 116.
Related links
LDAP configuration for Microsoft Active Directory on page 102

Configuring the internationalization parameters

About this task
The internationalization parameters specify how a user’s given name and surname are stored in
Microsoft Active Directory (AD), as well as the language used to store these names. Optionally, for
non-Latin script languages, two of the parameters also specify how the ASCII transliteration of these
names is stored.
The following procedure describes how to configure the LDAP internationalization parameters when
AD is used.
Procedure
1. Log in to the Avaya Aura® Device Services administration portal.
The URL for gaining access to the administration portal is https://<hostname>:8445/
admin.

Important:
For the hostname, always use the same Avaya Aura® Device Services server FQDN that
you use for generating certificates. You will be redirected to the Login page if you use the
IP address instead of the FQDN.
To gain access to the web-based administration portal, you must use an account that has the
Administrator role defined in the LDAP server configuration.

August 2017 Deploying Avaya Aura® Device Services 107

Comments on this document? [email protected]
Configuration

2. Select Server Connections > LDAP Configuration > Enterprise Directory.

3. Configure the language setting:
Parameter Description Default value
Language used in The language code of one of the languages supported en
Directory by Avaya Aura® Device Services.

4. Click Save.
5. Click Modify Attribute Mappings.
6. Configure the following settings:
Parameter Description Default value
nativeFirstName The attribute that stores the “given name” of the user in givenName
the language of the LDAP server.
nativeSurName The attribute that stores the “surname” of the user in the sn
language of the LDAP server.
givenName This is only applicable if the language in AD is one of
the non-Latin script based ones.
surName This is only applicable if the language in AD is one of
the non-Latin script based ones.

The "nativeFirstName" and "nativeSurName" parameters allow the user to identify the LDAP
attributes used to store the user's native language given name and surname. These are
mandatory parameters with defaults of "givenName" and "sn".
The "givenName" and "surName" parameters allows the user to identify the LDAP attributes
used to store the ASCII transliteration of the user's given name and surname, respectively.
These are optional parameters and only used only if the "Language used in Directory"
parameters are set to one of the non-Latin script languages.
The internationalization of the names must be done using the language tags specified
in RFC 3866.
To configure internationalization for Microsoft Active Directory, you must configure custom
attributes for the native and the ASCII transliterations of the names, if both types of names
are needed.
7. Click Save.
The Avaya Aura® Device Services services restart for the changes to take effect.
Related links
LDAP configuration for Microsoft Active Directory on page 102

August 2017 Deploying Avaya Aura® Device Services 108

Comments on this document? [email protected]
 Configuration

Configuring the user management parameters

About this task
Microsoft Active Directory (AD) users can be disabled by Administrators. The active state is tracked
using one bit in the value of the attribute “userAccountControl”. The “whenChanged” attribute in AD
is updated with the timestamp of the last time the object is updated.
The following procedure describes how to configure the user management parameters for Microsoft
Active Directory.
Procedure
1. In the Avaya Aura® Device Services CLI, run the following command to start the
configuration utility:
sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/bin/configureAADS.sh

2. Select LDAP Configuration > Advanced LDAP parameters.

3. Configure the following settings:
Parameter Description Example
Active users The active users search filter string contains the (&(objectClass=user)
search filter string following elements: (objectCategory=Per
son)(!
• objectClass: because the object needs to be of the
(userAccountControl:
“user” object class as this is the object class that AD
1.2.840.113556.1.4.8
uses to store AD user data.
03:=2)))
• objectCategory: because AD also uses the “user”
object class for objects other than AD users. Notably,
the “Computer” object is also of “user” object class.
Adding this condition ensures that the object found is
an AD user object.
• userAccountControl:
The string “1.2.840.113556.1.4.803” specifies a bit-
wise AND filter to check the second lowest bit in the
value of “userAccountControl”, which is “1” if the user
is disabled. Negating this filter using the “!” operator
results in filtering for users that are NOT disabled.
For details on bitwise filters and an example of using
it to locate disabled users in AD, see: http://
support.microsoft.com/kb/269181
Last updated time The value for AD is “whenChanged”. whenChanged
attribute

Related links
LDAP configuration for Microsoft Active Directory on page 102

August 2017 Deploying Avaya Aura® Device Services 109

Comments on this document? [email protected]
Configuration

LDAP attribute mapping

Attribute mapping consists of associating the Avaya Aura® Device Services Application fields with
attributes from the LDAP server configuration, depending on the organization requirement.
You can configure attribute mapping using the Attribute Mapping menu on the Avaya Aura® Device
Services administration portal.
Related links
LDAP settings configuration on page 100
Configuration and data mapping use cases on page 110
Attribute mapping use case: changing the address attribute on page 113
Attribute mapping use case: adding the language to the directory service response on page 113

Configuration and data mapping use cases

Avaya Multimedia Messaging uses Avaya Aura® Device Services to validate addresses. Avaya
Aura® Device Services brings the address information or handle data from Enterprise Directory and
System Manager.
Enterprise Directory query
The query used is based on a URI from the Avaya Multimedia Messaging side, which should not
contain a schema. Avaya Aura® Device Services uses the LDAP attribute mapping from the
configuration to build the filter to query the LDAP. The filter can use the attributes mapped to
EmailAddress, EmailAddress-1, IMHandle, IMHandle-1, or LyncAddress, and it is intended for the
SMTP, SIP, and XMPP schema.
The following are sample default mappings:
Application Field Name Directory Field Name
Email address mail
EmailAddress-1 <not mapped>
IMHandle <not mapped>
IMHandle-1 <not mapped>
LyncAddress msrtcsip-primaryuseraddress
SMGRLoginname userPrincipalName

If the Avaya Multimedia Messaging sends a validation request to Avaya Aura® Device Services for
address [email protected], the Avaya Aura® Device Services will set the filter as follows:
OR: 8 items
Filter: ([email protected])
Filter: (mail=sip:[email protected])
Filter: (mail=xmpp:[email protected])
Filter: (mail=smtp:[email protected])
Filter: ([email protected])
Filter: (msrtcsip-primaryuseraddress=sip:[email protected])
Filter: (msrtcsip-primaryuseraddress=xmpp:[email protected])
Filter: (msrtcsip-primaryuseraddress=smtp:[email protected])

August 2017 Deploying Avaya Aura® Device Services 110

Comments on this document? [email protected]
 Configuration

Leave the IMHandle and IMHandle-1 attributes unmapped. Avaya Multimedia Messaging uses the
EmailAddress value as the internal contact. When the EmailAddress and IMHandle mapping return
different attribute values, the validation might fail.
System Manager query
Avaya Multimedia Messaging sends a query to Avaya Aura® Device Services, which first queries
LDAP, brings back the information, and extracts the values returned for EmailAddress and
SMGRLoginname. Avaya Aura® Device Services then queries System Manager using
SMGRLoginName, and if that fails, then it uses EmailAddress.
Application Field Name System Manager Field Name
SMGRLoginName Login Name
Email address Login Name, OR Microsoft Exchange
Communication Address, OR Other Email
Communication Address

The user information is available in both Enterprise Directory and System Manager
If Avaya Aura® Device Services is able to retrieve data from both Enterprise Directory and System
Manager, it merges these two data sets, and sends this information back to the Avaya Multimedia
Messaging server.
If Avaya Aura® Device Services queries the System Manager data, and if it does not find any related
information from System Manager, it sends back the data only from Enterprise Directory.
The user information is available on System Manager but not on Enterprise Directory
The Avaya Multimedia Messaging server sends a query to Avaya Aura® Device Services. If the
relevant user is not available on Enterprise Directory, the query is redirected to System Manager.
Avaya Aura® Device Services attempts to use the received URI from Avaya Multimedia Messaging
to match the System Manager, Login Name, Microsoft Exchange Communication Address, or Other
Email Communication Address.
If a match is found, then Avaya Aura® Device Services extracts the SMGRLoginName, creates a
query filter with the SMGRLoginName, and then sends another query to the Enterprise Directory.
The fetched data is merged with System Manager data and sent back to Avaya Multimedia
Messaging. If the second query to Enterprise Directory fails to bring back data because no relevant
data exists, then only System Manager data is sent back to the Avaya Multimedia Messaging server.
User in Enterprise Directory and System Manger
Table 8: Avaya Multimedia Messaging server mappings

Application Field Name Directory Field Name

Email address mail
EmailAddress-1 <not mapped>
IMHandle <not mapped>
IMHandle-1 <not mapped>
LyncAddress msrtcsip-primaryuseraddress
SMGRLoginname userPrincipalName

August 2017 Deploying Avaya Aura® Device Services 111

Comments on this document? [email protected]
Configuration

Table 9: Enterprise Directory mappings

Enterprise Directory Field Value

mail [email protected]
userPrincipalName [email protected]

Table 10: System Manager mappings

System Manager Field Value

Login Name [email protected]
Avaya SIP handle [email protected]
Avaya Presence/IM handle [email protected]

Avaya Multimedia Messaging sends a validation request for [email protected] to Avaya Aura®
Device Services, which then sends a query to Enterprise Directory with the filter shown in Enterprise
Directory querySystem Manager queryThe user information is available in both Enterprise Directory
and System Manager on page 110.
OR: 8 items
Filter: ([email protected])
Filter: (mail=sip:[email protected])
Filter: (mail=xmpp:[email protected])
Filter: (mail=smtp:[email protected])
Filter: ([email protected])
Filter: (msrtcsip-primaryuseraddress=sip:[email protected])
Filter: (msrtcsip-primaryuseraddress=xmpp:[email protected])
Filter: (msrtcsip-primaryuseraddress=smtp:[email protected])
When Enterprise Directory gets a match for [email protected], it returns:
[email protected]
[email protected]
Avaya Aura® Device Services sends the following query to System Manager:
Filter: Login [email protected]
When System Manager gets a match on Login Name, it returns the Avaya SIP handle and the
Avaya Presence or IM Handle.
Avaya Aura® Device Services merges the information and returns handles to Avaya Multimedia
Messaging:
Contact = [email protected]
SIP Handle= [email protected]
XMPP [email protected]
Related links
LDAP attribute mapping on page 110

August 2017 Deploying Avaya Aura® Device Services 112

Comments on this document? [email protected]
 Configuration

Attribute mapping use case: changing the address attribute

About this task
The following task provides a use case for attribute mapping when the Directory Service Response
contains address as postalCode, instead of StreetAddress.
By default, the address application field in the directory service response contains the
streetAddress LDAP attribute value of the user.
To configure the address application field to contain the postal address, perform the following
actions:
Procedure
1. Log in to the Avaya Aura® Device Services administration portal.
The URL for gaining access to the administration portal is https://<hostname>:8445/
admin.

Important:
For the hostname, always use the same Avaya Aura® Device Services server FQDN that
you use for generating certificates. You will be redirected to the Login page if you use the
IP address instead of the FQDN.
To gain access to the web-based administration portal, you must use an account that has the
Administrator role defined in the LDAP server configuration.
2. Select Server Connections > LDAP Configuration > Enterprise Directory.
3. Click Modify Attribute Mappings.
4. Find the address application field.
5. In the combo box next to the address application field, select postalCode.
6. Click Save.
7. To apply the changes immediately, click Force update.
Related links
LDAP attribute mapping on page 110

Attribute mapping use case: adding the language to the directory service response
About this task
The following task provides a use case for attribute mapping when the Directory Service Response
contains the language of the user.
The attribute used for determining the language of a user depends on each organization.
By default, the language field does not have a default attribute mapping. The
preferredLanguage attribute used in the following example is not a pre-loaded attribute. You
must type the preferredLanguage name in the custom attribute field.

August 2017 Deploying Avaya Aura® Device Services 113

Comments on this document? [email protected]
Configuration

Important:
Before you type the name of a custom attribute, ensure that the attribute is available in your
Directory configuration and that the attribute is available or part of the global catalogue.
The following procedure describes how to map the preferredLanguage attribute to the
language application field by using the custom attribute field.
Procedure
1. Log in to the Avaya Aura® Device Services administration portal.
The URL for gaining access to the administration portal is https://<hostname>:8445/
admin.

Important:
For the hostname, always use the same Avaya Aura® Device Services server FQDN that
you use for generating certificates. You will be redirected to the Login page if you use the
IP address instead of the FQDN.
To gain access to the web-based administration portal, you must use an account that has the
Administrator role defined in the LDAP server configuration.
2. Select Server Connections > LDAP Configuration > Enterprise Directory.
3. Click Modify Attribute Mappings.
4. Find the language application field.
5. In the Custom Attribute Field column that corresponds to the language application field,
click the cell and type preferredLanguage.
6. Click Save.
7. To apply the changes immediately, click Force update.
Related links
LDAP attribute mapping on page 110

LDAP configuration best practices

Ensure you use the following best practices during LDAP configuration for Avaya Aura® Device
Services.
• Align SMGRLoginName to email address, sAMAccountName or upn.
• Turn on LDAP synchronization between System Manager and LDAP.
• Map SMGRLoginName to an LDAP attribute such as email address, sAMAccountName or
upn on the Avaya Aura® Device Services attribute mapping page. This depends on how it is
configured in Step 1 for the dap filed in the Avaya Aura® Device Services Administration GUI.
Even if the above best practices are not followed, make sure you include a Microsoft Exchange
Server (SMTP) handle in System Manager for all user records. This facilitates correlation of System
Manager user records with LDAP records.

August 2017 Deploying Avaya Aura® Device Services 114

Comments on this document? [email protected]
 Configuration

Related links
LDAP settings configuration on page 100

LDAP parameter descriptions

Parameter settings
The following table describes the parameter settings according to the search mechanism that you
choose:
Parameter Search mechanism #1: Search mechanism #2:
Find the user, extract the group DNs from Find the groups that the user belongs to
the “memberOf” attribute, and get the role and extract the role string from one of the
strings from each of the group objects attributes
Example Description Example Description
Role Filter (&(objectClass=user) <UID Attribute ID> is (&(objectClass=grou “{1}” is the
(objectCategory=Pers the value of the “UID p)(member={1})) placeholder to be
on)(<UID attribute Attribute ID” replaced by the DN
ID>={0})) parameter. of the user object.
The DN is identified
“{0}” is the
during the
placeholder that will
authentication
be replaced by the
process.
authenticating user
ID. This filter looks for a
group object whose
“member” attribute
contains a value of
the authenticating
user DN.
Role Context ou=Users,dc=global, The purpose of the ou=Groups,dc=globa The purpose of the
DN dc=example,dc=com search is to find the l,dc=example,dc=co search is to find the
user and then extract m roles whose
the role objects from “member” attribute
the “memberOf” user contains the user.
attribute.
Role Attribute “memberOf” This attribute CN This contains the
ID contains the list of group’s name (e.g.
DNs of the groups to “AADSAdmin”, etc.)
which the user
belongs to.
Role Attribute true The “memberOf” false The “Role Attribute
is DN values are the DNs of ID” already contains
the group/mailing list the “role” string
objects. name.
Role Name CN The attribute defined Leave this empty
Attribute by Role Name because “Role
Attribute contains the Attribute is DN” is
group name. false.

August 2017 Deploying Avaya Aura® Device Services 115

Comments on this document? [email protected]
Configuration

Parameter Search mechanism #1: Search mechanism #2:

Find the user, extract the group DNs from Find the groups that the user belongs to
the “memberOf” attribute, and get the role and extract the role string from one of the
strings from each of the group objects attributes
Example Description Example Description
For example:
AADSAdmin
Role 0 This configuration 1 or higher You must set this
Recursion does not allow value to 0 if there are
recursive search. no subgroups or a
value from 1 to 10 to
Note: support searches of
Using this users that are in
configuration, the subgroups.
users under the In this example, the
“AADSDelegates” recursive search is
group will not be needed to find the
able to use user in the
Avaya Aura® “AADSDelegates”
Device Services group, so this value
so this is not the must be set to at
recommended least 1.
configuration for
this example.

Role configuration
To search the role base context and under it, set Search Scope to 2 or SUBTREE_SCOPE . The
configuration of the following roles is the same, regardless of the configured search mechanism:
Role Description Example
Administrator Role This role specifies the list of the “role” string extracted from AADSAdmin
LDAP that would be mapped to the Avaya Aura® Device
Services server ADMIN application role.
User Role This role specifies the list of the “role” string extracted from AADSUsers
LDAP that would be mapped to the Avaya Aura® Device
Services server USERS application role.
Auditor Role This role specifies the list of the “role” string extracted from AADSAuditor
LDAP that would be mapped to the Avaya Aura® Device
Services server AUDITOR application role.
Service Avaya Aura® Device Services does not currently use this role. Leave this setting
Administrator Role blank.
Services Avaya Aura® Device Services does not currently use this role. Leave this setting
Maintenance and blank.
Support Role
Security While this role is present in the Avaya Aura® Device —
Administrator Role Services configuration script, it is not currently used by

August 2017 Deploying Avaya Aura® Device Services 116

Comments on this document? [email protected]
 Configuration

Role Description Example

Avaya Aura® Device Services. It is used by other servers,
such as Avaya Aura® Web Gateway.

Related links
LDAP settings configuration on page 100

Importing a trusted LDAP certificate

About this task
Use this procedure to import the LDAP certificate to enable secure LDAP.
Before you begin
Deploy the Avaya Aura® Device Services OVA.
Procedure
1. Log in to Avaya Aura® Device Services with admin credentials.
You must use the admin user defined during OVA deployment for logging in to Avaya Aura®
Device Services.
2. Go to /opt/Avaya/DeviceServices/version/CAS/version/bin, where version is
the current version.
For example, /opt/Avaya/DeviceServices/7.1.0.0.243/CAS/7.1.0.0.243/bin.
3. Run the configureAADS.sh script on the installed Avaya Aura® Device Services.
4. In the Avaya Aura Device Services Configuration Utility dialog box, navigate to LDAP
Configuration and click Select.
5. On the LDAP Configuration page, select Import Secure LDAP trusted certificate and click
Select.
Note:
To use secure LDAP, you must first import a secured and trusted LDAP certificate. This
helps to validate the connection with a secure LDAP.
6. On the Import Secure LDAP trusted certificate page, select Certificate file and click Select.
The system displays a page to specify the path of the certificate.
7. In the text box, type the full path and file name of the LDAP trusted certificate.
The file must be in the .pem or .der format.
8. Ensure that the URL of the secured LDAP Server is: ldaps://
<IP_Address>:<SECURE_PORT>.
Here, IP_Address is the IP address of LDAP Server, and SECURE_PORT is 3269.

August 2017 Deploying Avaya Aura® Device Services 117

Comments on this document? [email protected]
Configuration

9. Click Apply to save and apply the LDAP configuration settings.

Related links
Configuration on page 76

Avaya Aura® Device Services remote access configuration

You can configure Avaya Aura® Device Services to be accessible to remote workers using Avaya
Equinox™ clients from outside the enterprise network. The following configuration methods are
available:
• Virtual private Network (VPN)
• Avaya Session Border Controller for Enterprise (Avaya SBCE)
• Application Delivery Controllers (formerly named Reverse Proxies)
The following section contains an example for configuring the remote access feature using Avaya
Session Border Controller for Enterprise and instructions for configuring the A10 Thunder ADC.
Related links
Configuration on page 76
Configuring remote access on page 118

Configuring remote access

About this task
You can use the Avaya SBCE for relaying HTTP and HTTPS traffic between Avaya Aura® Device
Services enabled application clients (such as the Avaya Equinox™ clients) and Avaya Aura® Device
Services. For more information about relay services configuration in Avaya SBCE, see
Administering Avaya Session Border Controller for Enterprise.
Before you begin
• If a reverse proxy or relay is configured to listen on a port other than the default port 8443, the
Override port for reverse proxy setting from the Front-end host, System Manager and
Certificate Configuration menu must be set to y (yes). You must also set a value for the
Front-end port for reverse proxy parameter.
• HTTPS traffic relay for Avaya Aura® Device Services requires that you configure an external IP
address for Avaya SBCE.
Note:
To use the remote worker functionality, you must configure one of the following:
• Implement Split-Horizon DNS: Avaya recommends the use of this configuration. This
configuration optimizes traffic so that clients connect to Session Manager directly on the
internal network and only use Avaya SBCE when external.
• Use Public cloud model: All FQDNs or URLs must point to the reverse proxy or Avaya
SBCE. This configuration is used for cloud deployments and also for on premise

August 2017 Deploying Avaya Aura® Device Services 118

Comments on this document? [email protected]
 Configuration

deployments. By using this configuration, calls are preserved during any network transition
from Wi-Fi to cellular data when the client IP address can change during an active call.
• Implement for internal access only and all remote devices must use VPN: This
configuration is used when a security policy is in place such that all traffic must be either
internal or via VPN. The VPN solution that is deployed must have sufficient bandwidth and
latency to support the expected volume of VoIP calls.
Procedure
1. In the Avaya SBCE, navigate to Device Specific Settings > Relay Services.
2. In the Remote Configuration field, configure the parameters with the following values:
• Remote Domain: the Avaya Aura® Device Services server domain.
• Remote IP: the IP address of the Avaya Aura® Device Services server.
• Remote Port: the Front-end port for reverse proxy configured during the Avaya Aura®
Device Services server installation. The default value is 8443.
• Remote Transport: TCP.
3. In the Device Configuration field, configure the parameters with the following values:
• Published Domain: the Avaya Aura® Device Services server domain.
• Listen IP: the External Avaya SBCE IP address created for Avaya Aura® Device Services
relay.
• Listen Port: 8443 or 443.
• Connect IP: the internal Avaya SBCE IP address.
• Listen Transport: TCP.
Related links
Avaya Aura Device Services remote access configuration on page 118

A10 Thunder Application Delivery Controller Configuration

Before you configure the A10 Thunder Application Delivery Controller (ADC) for interworking with
the Avaya Aura® Device Services, ensure that:
• The A10 Thunder 1030s software version is 2.7.1 P3 or higher.
• You have reviewed the following guides:
- A10 Networks Apache Web Server deployment guide
- A10 Thunder Series and AX Series System Configuration and Administration Guide
Importing the A10 Client SSL Certificate
About this task
The following procedure describes how to import the A10 Client SSL Certificate.
Before you begin
Obtain an X509 certificate and the associated private key from a Certificate Authority.

August 2017 Deploying Avaya Aura® Device Services 119

Comments on this document? [email protected]
Configuration

Important:
The Avaya Aura® Device Services enabled client must import the System Manager's Root
Certificate in order to successfully establish the SSL connection with the A10 server.
Procedure
1. Log in to the ACOS Admin interface.
2. In the Config Mode tab, select SLB > SSL Management > Certificate.
3. Click Import.
4. Enter the required information:
• The name of the certificate file
• The source for importing the certificate: local, remote, or text
• The certificate file format
• The source for importing the Key file: local, remote, or text
• The key file format
Note:
In order for the Split-Horizon DNS to work properly, you must provide the certificate
Common Name with a Fully-Qualified Domain Name and not an IP address. The A10
external FQDN must also match the Avaya Aura® Device Services internal FQDN
5. Click OK and then click Save.
Importing the A10 Server SSL Certificate
About this task
The following procedure describes how to import the A10 Server SSL Certificate.
Before you begin
Obtain an X509 certificate and the associated private key from a Certificate Authority.
Important:
The A10 server will not be able to establish an SSL connection with the backend Avaya Aura®
Device Services server if the Server SSL certificate has not been provisioned.
Procedure
1. Log in to the ACOS Admin interface.
2. In the Config Mode tab, select SLB > SSL Management > Certificate.
3. Click Import.
4. Enter the required information:
• The name of the certificate file
• The source for importing the certificate: local, remote, or text

August 2017 Deploying Avaya Aura® Device Services 120

Comments on this document? [email protected]
 Configuration

• The certificate file format

• The source for importing the Key file: local, remote, or text
• The key file format
5. Click OK and then click Save.
Importing the System Manager root certificate
About this task
The following procedure describes how to import the Avaya Aura® System Manager root certificate
into A10.
Before you begin
Obtain a copy of the root certificate from System Manager.
For information about obtaining the System Manager root certificate, see the Administering Avaya
Aura® System Manager guide.
Procedure
1. Log in to the ACOS Admin interface.
2. In the Config Mode tab, select SLB > SSL Management > Certificate > Import.
3. Enter the required information:
• The name of the certificate
• The source for importing the certificate
• The certificate format
• The certificate source
• The source for importing the key
• The private key source
4. Click OK and then click Save.
Creating the A10 server SSL template
About this task
The following procedure describes how to create the A10 Server SSL certificate template.
Procedure
1. Log in to the ACOS Admin interface.
2. In the Config Mode tab, select SLB > Template > SSL > Server SSL.
3. Click Add.
4. Enter the required information:
• The name of the SSL server
• The name of the certificate file

August 2017 Deploying Avaya Aura® Device Services 121

Comments on this document? [email protected]
Configuration

• The name of the key file

• Pass phrase and pass phrase confirmation
• TLS/SSL version
• Close notification
• Session ticket
• SSL forward proxy
• The size and time-out of the Session Cache
• Server certificate error
5. Click OK and then click Save.
Creating the A10 client SSL template
About this task
The following procedure describes how to create the A10 client SSL certificate template.
Procedure
1. Log in to the ACOS Admin interface.
2. In the Config Mode tab, select SLB > Template > SSL > Client SSL.
3. Click Add.
4. Enter the required information:
• The name of the certificate
• The chain certificate name
• The name of the key file
• Pass phrase and pass phrase confirmation
• Whether to bypass SSLv2
• Session cache size and timeout
• Session ticket lifetime
• SSL false start
• Whether to reject requests for SSLv3
• Server name indication
5. Click OK and then click Save.
Creating an IP source NAT
About this task
The following procedure describes how to import the Avaya Aura® System Manager root certificate
into A10.

August 2017 Deploying Avaya Aura® Device Services 122

Comments on this document? [email protected]
 Configuration

Before you begin

Obtain a copy of the root certificate from System Manager.
For information about obtaining the System Manager root certificate, see the Administering Avaya
Aura® System Manager guide.
Procedure
1. Log in to the ACOS Admin interface.
2. In the Config Mode tab, select IP Source NAT > IPv4 Pool.
3. Enter the required information:
• The name of the IPv4 pool
• The start IP address
• The end IP address
• The net mask
• The gateway
• The HA group
• The IP-RR
• The source for importing the key
• The private key source
4. Click OK and then click Save.
Creating the Avaya Aura® Device Services backend server
About this task
The following procedure describes how to create the Avaya Aura® Device Services backend server.
Procedure
1. Log in to the ACOS Admin interface.
2. In the Config Mode tab, select SLB > Service > Server.
3. Click Add twice.
4. Enter the required information:
• The name of the backend server
• The host name or IP address of the backend server
• The GSLB external IP address
• The IPv6 mapping of GSLB
• Weight
• Health monitor

August 2017 Deploying Avaya Aura® Device Services 123

Comments on this document? [email protected]
Configuration

• Connection limit
• Connection resume
• Slow start
• Spoofing cache
• Firewall
• Stats data
• Extended stats
• Server template
• HA priority cost
• Description
5. (Optional) Create an alternate server.
6. Expand the Port section and configure the connection details for the Avaya Aura® Device
Services backend servers.
7. Click OK and then click Save.
Creating a virtual server
About this task
The following procedure describes how to create a virtual server using the A10 interface.
Procedure
1. Log in to the ACOS Admin interface.
2. In the Config Mode tab, select SLB > Service > Virtual Server.
3. Click Add.
4. Enter the required information:
• The name of the virtual server
• The IP address or the CIDR subnet
• Enable or disable the virtual server
• The condition for disabling the virtual server
• Enable or disable the ARP status
• Enable or disable the Stats Data
• Enable or disable Extended Stats
• Flag for redistribution
• HA group
• Virtual server template

August 2017 Deploying Avaya Aura® Device Services 124

Comments on this document? [email protected]
 Configuration

• Policy template
• Description
5. Expand the Port section and configure the connection details for the virtual server.
6. Click OK and then click Save.
Creating a service group
About this task
The following procedure describes how to create a service group using the A10 interface.
Procedure
1. Log in to the ACOS Admin interface.
2. In the Config Mode tab, select SLB > Service > Service Group.
3. Click Add.
4. Enter the required information:
• The name of the service group
• The service group type
• The service group algorithm
• Enable or disable the Auto Stateless Method
• The traffic replication
• The health monitor
• The server template
• The server port template
• The policy template
• Enable or disable minimum active members
• Enable or disable priority affinity
• Enable sending a client reset when the server selection fails
• Enable sending log information for the backup server events
• Enable or disable Stats Data
• Enable or disable Extended Stats
• Priority
• Description
5. Expand the Server section and configure the servers of the service group.
6. Click OK and then click Save.

August 2017 Deploying Avaya Aura® Device Services 125

Comments on this document? [email protected]
Configuration

Creating a virtual service

About this task
The following procedure describes how to create a virtual service using the A10 interface.
Procedure
1. Log in to the ACOS Admin interface.
2. In the Config Mode tab, select SLB > Service > Virtual Service.
3. Click Add.
4. Enter the required information:
• The name of the virtual service
• The virtual service type
• The virtual service port
• The virtual service address
5. Click OK and then click Save.
Configuring A10 for LDAP searches
About this task
The following procedure describes how to perform A10 configuration to enable LDAP searches for
clients.
Procedure
1. To create an LDAP backend server, perform the following actions:
a. In the ACOS Admin interface, click the Config Mode tab.
b. Select SLB > Service > Server.
c. Click Add twice.
d. In the General section, configure the name and the host or IP address of the LDAP
backend server.
e. In the Port section, configure the port and the weight.
f. Click OK and then click Save.
2. To create a service group, perform the following actions:
a. In the ACOS Admin interface, click the Config Mode tab.
b. Select SLB > Service > Service Group.
c. Click Add.
d. In the Service Group section, configure the name of the LDAP service group.
e. In the Server section, select the servers to add to the service group.
f. Click OK and then click Save.

August 2017 Deploying Avaya Aura® Device Services 126

Comments on this document? [email protected]
 Configuration

3. To create a virtual service, see Creating a virtual service on page 126.

4. To edit a virtual server, perform the following actions:
a. In the ACOS Admin interface, click the Config Mode tab.
b. Select SLB > Service > Virtual server.
c. Click Edit.
d. Edit the configuration of the virtual server.
e. Click OK and then click Save.
Configuring A10 for LDAP authentication
About this task
The following procedure describes how to configure A10 for performing LDAP authentication before
the HTTP requests are redirected to the backend Avaya Aura® Device Services server.
Procedure
1. To create an LDAP server, perform the following actions:
a. In the ACOS Admin interface, click the Config Mode tab.
b. Select Security > Authentication > Server.
c. Click Add twice.
d. In the General section, configure the connection details for the LDAP server.
e. Click OK and then click Save.
2. To enable HTTP log on, perform the following actions:
a. In the ACOS Admin interface, click the Config Mode tab.
b. Select Security > Authentication > Logon.
c. Click Add.
d. Configure the HTTP logon settings.
e. Click OK and then click Save.
3. To configure the HTTP relay, perform the following actions:
a. In the ACOS Admin interface, click the Config Mode tab.
b. Select Security > Authentication > Relay.
c. Click Add.
d. Configure the authentication relay settings.
e. Click OK and then click Save.
4. To create an authentication template, perform the following actions:
a. In the ACOS Admin interface, click the Config Mode tab.
b. Select Security > Authentication > Template.

August 2017 Deploying Avaya Aura® Device Services 127

Comments on this document? [email protected]
Configuration

c. Click Add.
d. Configure the authentication template.
e. Click OK and then click Save.
5. To edit a virtual service, perform the following actions:
a. In the ACOS Admin interface, click the Config Mode tab.
b. Select SLB > Service > Virtual Service.
c. Click Edit.
d. Edit the virtual service.
e. Click OK and then click Save.

Cluster node configuration

Avaya Aura® Device Services cluster installation

An Avaya Aura® Device Services cluster requires Avaya Aura® Device Services servers that belong
to the same network, configured as follows:
• One seed node
• 1 to 27 additional nodes
The installation of a cluster consists of installing the Avaya Aura® Device Services server on all the
nodes, by following a process similar to the single-server installation, while also configuring cluster-
specific details.
To achieve redundancy, you must install an Avaya Aura® Device Services cluster of more than one
nodes and configure a virtual IP address or an external load balancer. The client applications use
the FQDN that resolves to the virtual IP address or the FQDN of the load balancer to gain access to
Avaya Aura® Device Services.
If you use the embedded Avaya Aura® Device Services load balancing mechanism, you must
configure a virtual IP master node and a virtual IP backup node. Also, the virtual IP address must be
in the same subnet as the Avaya Aura® Device Services nodes.
• The virtual IP master node is the initial node and handles the Avaya Aura® Device Services
requests by default.
• The virtual IP backup node is an additional node that handles the load balancing functions
when the master node is not functioning.

August 2017 Deploying Avaya Aura® Device Services 128

Comments on this document? [email protected]
 Cluster node configuration

Warning:
To be able to handle all the HTTP requests, at least two virtual IP nodes- the Virtual IP master
node and Virtual IP backup node must function correctly at all times. If both virtual IP master
node and virtual IP backup nodes are unavailable, the Avaya Aura® Device Services server
does not function correctly.

Installing an Avaya Aura® Device Services cluster

About this task
Use this procedure to install an Avaya Aura® Device Services cluster.
Before you begin
Ensure that you understand the Avaya Aura® Device Services prerequisites. The prerequisites for
installing an Avaya Aura® Device Services cluster are the same as for installing an individual Avaya
Aura® Device Services server.
Note:
The Avaya Aura® Device Services cluster must be installed by a Linux user with sudo privileges,
created during the pre-configuration setup. The User ID (UID) of the Linux user that performs
the installation must be the same on all the Avaya Aura® Device Services nodes. After a user is
configured, run the following command to display the ID of the user:
id -u <user_name>

For example:
id -u Avaya

Procedure
1. Install the initial node.
2. Install one or more additional nodes.
Important:
Proceed with the next steps only after installing all the Avaya Aura® Device Services
nodes.
3. After all the required cluster nodes are installed, perform the following actions on the Avaya
Aura® Device Services initial node to configure the SSH/RSA Public/Private keys:
a. To open the Avaya Aura® Device Services configuration utility, run the following
command:
sudo /opt/Avaya/DeviceServices/<version>/CSA/<version>/bin/configureAADS.sh

b. Select Clustering Configuration > Cluster Utilities > Configure SSH/RSA Public/
Private Keys.
The system displays the other nodes that are configured in the cluster.
c. Ensure that the list of nodes is complete and enter n (no).
d. When the system prompts you to enter a user name for a host, enter the Linux user that
was used to install the Avaya Aura® Device Services installation.

August 2017 Deploying Avaya Aura® Device Services 129

Comments on this document? [email protected]
Configuration

e. If the system prompts you to replace the existing keys, enter y (yes).
f. If the system displays the following error, enter y (yes):
The authenticity of the host can't be established.
g. When the system prompts you to enter a password for a host, enter the password of the
Linux user that was used to install the Avaya Aura® Device Services installation.
h. When the configuration is complete, press Enter and exit the configuration menu.
4. (Optional) Start every node in the cluster individually.
Using a Linux shell for each Avaya Aura® Device Services server in the cluster, run the
following command:
sudo service AADSService start

Installing the initial cluster node

Procedure
1. Run the Avaya Aura® Device Services installer.
2. Select the Cluster Configuration menu and ensure that:
• The Initial cluster node option is set to y (yes).
• The Local Node IP address option is set to the IP address of the node.
3. Select Return to Main Menu and press Enter to return to the previous menu.
4. (Optional) In the Cassandra Encryption menu, enable or disable SSL encryption for
internode communication between the database servers on the Avaya Aura® Device
Services nodes.
5. Select the Front-end host, System Manager and Certificates configuration menu and
configure the settings that are accessible from the menu.
Use the information provided in the tables in previous sections.
Important:
• For a cluster deployment, you must configure the front-end FQDN as the FQDN of the
virtual IP address. If an external load balancer is used, set this value to the FQDN of the
load balancer.
• You can also configure the Front-end host, System Manager and certificates settings at a
later time, by running the Avaya Aura® Device Services configuration utility.
If Cassandra internode encryption is enabled, you must make the configuration settings
from this menu during the initial installation phase and not at a later time.
6. Select Continue until the Avaya Aura® Device Services installation starts and accept the
End-User License Agreement.
The installation takes approximately 10 minutes to complete.
The system displays a new configuration menu for further configuration of the Avaya Aura®
Device Services server.

August 2017 Deploying Avaya Aura® Device Services 130

Comments on this document? [email protected]
 Cluster node configuration

The configuration menu is also accessible at a later time, by running the Avaya Aura® Device
Services configuration utility.
7. Perform the LDAP configuration.
Important:
The LDAP configuration for the cluster is performed during the installation of the initial
node. Additional configuration on each of the additional nodes is not required.
8. Select Clustering Configuration > Virtual IP Configuration to enable the usage of a virtual
IP address.
Important:
The virtual IP address is used for redundancy management, which is supported for three
or more Avaya Aura® Device Services nodes.
If you use an external load balancer, configuring a virtual IP address is not necessary.
If you use an external load balancer, you must configure the Avaya Aura® Device
Services Front-end host as the FQDN of the load balancer.
If you set Enable virtual IP to y (yes), the system displays new configuration options for the
virtual IP address.
Important:
Write down the virtual IP authentication password. You need this password for
configuring the virtual IP backup node.
Next steps
• Install additional cluster nodes.
• Configure the SSH/RSA Public/Private keys.

Installing an additional node

Before you begin
Ensure the following:
• You have set the Virtual IP master node as y in the initial/seed node.
• You have set the Virtual IP authentication password. You need this password later.
• You have deployed the OVA and configured a Session Manager for that Avaya Aura® Device
Services node.
• The Front-end FQDN on the seed node points to the FQDN of the virtual IP. Use the following
steps to ensure the same.
1. Add an entry in the DNS to denote that the FQDN of the virtual IP address has been
mapped.
2. Provide the FQDN value in the Front-end FQDN field.
3. The local Front-end host must be unchanged. It should be the hostname of the seed
node.

August 2017 Deploying Avaya Aura® Device Services 131

Comments on this document? [email protected]
Configuration

Important:
Installation of an additional node will impact ongoing Avaya Aura® Device Services operations
and must be performed during a maintenance window.
Procedure
1. On the additional node, run the Avaya Aura® Device Services installation binary.
2. Select Cluster Configuration and do the following:
a. Set the Initial cluster node option to n (no).
b. Ensure that the Local Node IP address option is set to the IP address of the current
node.
c. Set the Cluster seed node to the IP address of the seed node.
d. Set the User ID (UID) of product user on seed node to the ID of the non-root Linux
user that performs the Avaya Aura® Device Services server installation.
e. Select Return to Main Menu and press Enter.
3. Select the Front-end host, System Manager and Certificates configuration menu and
configure the settings that are accessible from the menu.
4. Select Apply and press Enter.
5. Select Session Manager Cassandra Configuration and do the following:
a. In the Session Manager IP or FQDN Address [localhost] field, type the IP or FQDN
address of the associated Session Manager.
b. In the Session Manager Asset IP or FQDN Address field, type the asset IP address
or the FQDN of Session Manager.
c. Select Apply and press Enter.
6. Select Clustering Configuration > Virtual IP Configuration > Enable Virtual IP menu to
enable or disable the usage of a virtual IP address.
Important:
The virtual IP address is used for redundancy management, which is supported for two
or more Avaya Aura® Device Services nodes.
If you use an external load balancer, configuring a virtual IP address is not necessary.
If you use an external load balancer, you must configure the Avaya Aura® Device
Services Front-end host as the FQDN of the load balancer.
If you set Enable virtual IP to y (yes), the system displays new configuration options for the
virtual IP address.
Note:
The virtual IP address must be enabled only for the nodes that handle load balancing
and you must set only one additional node as a virtual IP backup node.

August 2017 Deploying Avaya Aura® Device Services 132

Comments on this document? [email protected]
 Cluster node configuration

The backup node is a node that has Enable virtual IP set to y (yes) and Virtual IP
master node set to n (no).
You only need to configure the virtual IP while you install the seed node and the backup
node. If you install any additional node after seed node and backup node, the system will
configure the virtual IP automatically.
7. To configure the virtual IP, do the following:
a. In the Virtual IP address field, type the virtual IP address shared by all the cluster
nodes.
b. In the Virtual IP interface field, type the interface used for the virtual IP address.
If you are using a configuration that has multiple Ethernet interfaces, you must set this
value to eth0.
c. In the Virtual IP master node field, type n (no).
d. In the Virtual IP authentication password field, type the password that you have set in
the seed node.
e. Select Apply and press Enter.
f. Select Return to Main Menu and press Enter.
8. Select Continue and press Enter.
9. Select Continue > Accept and continue > Continue.
10. Click Accept to accept the End-User License Agreement.
The system displays a new configuration menu for further configuration of the Avaya Aura®
Device Services server.
11. Configure the other settings required for the Avaya Aura® Device Services server installation
and select Continue to finish the installation.
Next steps
• Install other additional nodes, if required.

Changing the LDAP parameters after installing an Avaya Aura® Device

Services cluster
About this task
You can change the LDAP configuration by running the Avaya Aura® Device Services configuration
utility or by using the Avaya Aura® Device Services administration portal.
The LDAP reconfiguration is performed locally on one Avaya Aura® Device Services node by
running a script that synchronizes the LDAP configuration through all the cluster nodes.
The following procedure describes how to change the LDAP parameters after an Avaya Aura®
Device Services cluster is installed.

August 2017 Deploying Avaya Aura® Device Services 133

Comments on this document? [email protected]
Configuration

Procedure
1. Change the LDAP configuration by performing one of the following actions on one of the
Avaya Aura® Device Services cluster nodes:
• Run the configureAADS.sh script and select LDAP Configuration.
• Log in to the administration portal and select Server Connections > LDAP
Configuration > Enterprise Directory.
2. Restart each node in the Avaya Aura® Device Services cluster.

Changing the seed node of a cluster

About this task
Use this procedure to change the seed node only if you need to decommission the seed node. If you
are not installing a new node but assigning the seed node function to an existing node, follow the
procedure starting with Step 2.
Note:
Before running the setSeedNode script, disable the virtual IP on the node so that the new seed
node can be set as the virtual IP master afterwards.
Procedure
1. Install the new node as an additional cluster node.
2. Log on to the new node and run the setSeedNode.sh script.
For example:
sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/misc/setSeedNode.sh

3. Log on to each of the other cluster nodes and run the setSeedNode.sh script with the IP
address of the new seed node as a parameter.
4. Restart the Avaya Aura® Device Services service on the new seed node.
sudo service AADSService restart

5. Restart the Avaya Aura® Device Services service on the other cluster nodes.
sudo service AADSService restart

Next steps
• Disable the virtual IP on the old seed node.
• Configure the new node to be the virtual IP Master node. The initial node of the cluster is
usually designated as the virtual IP master node.

Enabling PPM rate limiting for Session Manager

Before you begin
Ensure that the Session Manager instance is associated with Avaya Aura® Device Services.

August 2017 Deploying Avaya Aura® Device Services 134

Comments on this document? [email protected]
 Setting up TLS link for Avaya Scopia® iView

Procedure
1. Log in to the System Manager web console.
2. Click Inventory > Manage Elements.
3. Select the Session Manager instance that is associated with Avaya Aura® Device Services,
and click Edit.
4. In the Personal Profile Manager (PPM) - Connection Settings section, select the Limited
PPM Client Connection check box.
5. In the Maximum Connections per PPM Client field, type 3.
6. Select the PPM Packet Rate Limiting check box.
7. In the PPM Packet Rate Limiting Threshold field, type 200.
8. Click Commit.

Setting up TLS link for Avaya Scopia® iView

About this task
Avaya Scopia® certificates are signed by VeriSign and Avaya Aura® Device Services certificates are
signed by System Manager. Therefore, TLS links are not established until you import both CAs to
Avaya Aura® Device Services.
Procedure
1. Log in to Avaya Aura® Device Services by using SSH.
2. Import Avaya Scopia® CAs to the Avaya Aura® Device Services truststore.
Type sudo keytool –importcert –file ScopiaCA1.cer –keystore /opt/
Avaya/DeviceServices/<version>/CAS/<version>/cert/cas–serverAuth.jks
–alias "ScopiaCA1".
Type sudo keytool –importcert –file ScopiaCA1.cer –keystore /opt/
Avaya/DeviceServices/<version>/CAS/<version>/cert/cas-serverAuth.jks
–alias "ScopiaCA2".
Type sudo keytool –list –keystore /opt/Avaya/DeviceServices/
<version>/CAS/<version>/cert/cas–serverAuth.jks.
3. Access the iView management site at http://<IVIEW>:8080/iview/, and do the following:
• If you have iView 8.3, set the com.radvision.icm.mcuproxy.xmlapi.useSSL Avaya Scopia®
parameter to true and set the com.radvision.icm.mcuproxy.xmlapi.ssl.port Avaya Scopia®
parameter to 3346.
The com.radvision.icm.mcuproxy.xmlapi.useSSL parameter must be set to true for TLS
mode and false for TCP mode.

August 2017 Deploying Avaya Aura® Device Services 135

Comments on this document? [email protected]
Configuration

The default port for TLS is 3346 and for TCP is 3336.
• If you have iView 9.0, set the com.vnex.vcms.core.aadsIP Avaya Scopia® parameter to
the Avaya Aura® Device Services address and restart iView to apply the changes.
Avaya Aura® Device Services accepts the incoming connection if the address matches the
address on the iView synchronization page on the Avaya Aura® Device Services
administration web interface.
4. Log in to the Avaya Aura® Device Services web interface.
5. Click Server Connections > iView Synchronization.
6. In the Version number field, select the iView version.
Avaya Aura® Device Services supports only one iView version at a time. Therefore, you must
select either 8.3 or 9.0 from the Version Number field.
7. In the IP address field, type the IP address or FQDN for iView.
For example, type alphaiview1.dr.avaya.com.
8. If you have iView 8.3, do the following:
a. In the Port to bind the connection field, type the port number.
b. Select the Secure connection check box to use TLS connection between Avaya Aura®
Device Services and iView 8.5.
9. Click Save.
10. Restart the Avaya Aura® Device Services service.

Enabling the Enhanced Access Security Gateway after

OVA deployment
About this task
Use this procedure to enable Enhanced Access Security Gateway (EASG) functionality in Avaya
Aura® Device Services. Avaya support engineers can use this functionality to access your computer
and resolve product issues in real time.
The EASG is installed automatically when you deploy the Avaya Aura® Device Services OVA on a
VMware standalone host or on vCenter.
Procedure
1. Open the SSH console as an administrator.
2. Check the status of EASG by running the following command:
EASGStatus

By default, the EASG status is disabled.

August 2017 Deploying Avaya Aura® Device Services 136

Comments on this document? [email protected]
 Removing EASG

3. To enable EASG, run the following command:

sudo /usr/sbin/EASGManage --enableEASG

4. Run the following command to verify the product certificate:

sudo EASGProductCert --certInfo

The system displays the product certificate details.

For example:

If the certificate expires within 360, 180, 30, or 0 days, the system logs a certificate expiry
notification to the /var/log/messages file.

Removing EASG
About this task
Use this procedure to remove EASG permanently. You can use the OVA deployment process to
reinstall EASG.

August 2017 Deploying Avaya Aura® Device Services 137

Comments on this document? [email protected]
Configuration

Procedure
In the SSH console, run the following command to remove EASG:
sudo /opt/Avaya/permanentEASGRemoval.sh

Checklist for reverse proxy configuration

In networks where connections to an Avaya Aura® Device Services instance go through Avaya
SBCE placed in a DMZ, some additional configurations are required for the reverse proxy.
No. Task Notes

1 Configure Avaya Aura® Device The Front-end IP or address

Services with the appropriate front
end certificate.
2 Generate certificate request on
Avaya SBCE by using the Avaya
Aura® Device Services front-end
FQDN.
3 Issue certificate from Certificate
Authority.
4 Ensure port 8443 is open on both
sides of Avaya SBCE.
5 Install server certificates on Avaya
SBCE.
6 Install client certificates on Avaya
SBCE.
7 Create client and server TLS
profiles.
8 Add reverse proxy.
configured during installation is used
as the common name for the nginx
certificate and published during
resource discovery. The front-end
certificate is used on port 8443 and is
located at /opt/Avaya/
DeviceServices/
<version>/CAS/<version>/
nginx/certs/nginx.crt.
See Creating a Certificate Signing
Request on page 139.
See Creating an end entity on
page 141 and Creating the certificate
using a CSR on page 142.
See Uploading certificate file on
page 143 and Synchronizing and
installing certificate in a multi-server
deployment on page 144.
See Downloading the System
Manager PEM certificate on page 145
and Installing CA certificate on
page 145.
See Creating a new TLS server
profile on page 148 and Creating a
client profile on page 150.
See Adding reverse proxy on
page 153.

August 2017 Deploying Avaya Aura® Device Services 138

Comments on this document? [email protected]
 Creating a Certificate Signing Request

Creating a Certificate Signing Request

Procedure
1. Log in to the Avaya SBCE EMS web interface with administrator credentials.
2. In the left navigation pane, click TLS Management > Certificates.
The system displays the Certificates screen.
3. Click Generate CSR.
The system displays the TLS Management Generate CSR window.
4. Enter the appropriate information in the TLS Management Generate CSR screen, and click
Generate CSR.
Ensure that the Key Encipherment and Digital Signature check boxes are selected. Do not
clear these check boxes.
In the Common Name field, type the Avaya Aura® Device Services FQDN.
5. In the Subject Alt Name field, type the Avaya Aura® Device Services FQDN.
6. Click Download CSR and Download Private Key.

TLS Certificates screen field descriptions

Certificates tab
Name Description
Installed Certificates Some Certificate Authority (CA) signed certificate or self-signed certificate. This
certificate is incorporated into a server certificate profile and sent to clients to set
up a TLS connection.

Note:
All certificates, certificate authorities, and certificate revocation lists
uploaded to the EMS must be valid X.509 certificates in the PEM format.
Certificates not in this format might be converted using a proper SSL tool,
such as the publicly available OpenSSL tool. You can access this tool from
https://www.openssl.org/.
Installed CA The unsigned public key certificates from a Certificate Authority (CA), which
Certificates vouch for the correctness of the data contained in a certificate and verify the
signature of the certificate.
Installed Certificate The Certificate Revocation Lists (CRLs) that contain the serial numbers of CSRs
Revocation Lists that have been revoked, or are no longer valid, and should not be relied upon by
any system subscriber.

August 2017 Deploying Avaya Aura® Device Services 139

Comments on this document? [email protected]
Configuration

Install Certificate
Name Description
Type The type of certificate that you want to install.
Options are: Certificate, CA Certificate, or Certificate Revocation List.
Name The name of the certificate that you want to install.
This field is optional, and if not specified, the filename of the uploaded certificate
is used as the certificate name. Additionally, specifying a name same as another
certificate will overwrite the existing certificate with the one being uploaded.
Overwrite Existing An option to control whether uploading a certificate with the same name is
permitted.
If this field is cleared, uploading a certificate with the same name as another
certificate causes failure. If this field is selected, when you upload a certificate
with the same name overwrites an existing certificate.
Allow Weak/Certificate An option to permit usage of a weak private keys. This option bypasses the
Key check that requires strong private keys. EMS rejects private keys lesser than
2048 bits or signed with an MD5 based hash by default.
Certificate File The location of the certificate on your system. Depending on your browser, click
Browse or Choose file to browse for the file.
If the third party CA provides separate Root CA and Intermediate certificates, you
must combine both files into a single certificate file for Avaya SBCE. To combine
the files, add the contents of each certificate file one after the other, with the root
certificate at the end.
Trust Chain File The trust chain file used to verify the authenticity of the certificate. Depending on
the browser, click Browse or Choose File to locate the file.
Key The private key that you want to use. You can opt to use the existing key from the
filesystem or select a file containing another key.
Key File The button that is displayed when you select Upload Key File in the Key field.
Depending on the browser, click Browse or Choose File to locate the file.

Generate CSR
Name Description
Country Name The name of the country within which the certificate is being created.
State/Province Name The state/province where the certificate is being created.
Locality Name The locality (city) where the certificate is being created.
Organization Name The name of the company or organization creating the certificate.
Organizational Unit The group within the company or organization creating the certificate.
Common Name The name used to refer to or identify the company or group creating the
certificate.
You cannot provide wildcard (*) characters in this field.
Algorithm The hash algorithms (SHA256) to be used with the RSA signature algorithm.

August 2017 Deploying Avaya Aura® Device Services 140

Comments on this document? [email protected]
 Creating a Certificate Signing Request (CSR) using OpenSSL

Name Description
Key Size (Modulus The certificate key length (2048, or 4096) in bits.
Length)
Key Usage The purpose for which the public key might be used: Key Encipherment, Non-
Extension(s) Repudiation, Digital Signature.
The Digital Signature and Key Encipherment options are selected by default.
Subject Alt Name An optional text field that can be used to further identify this certificate.
You can provide multiple comma-separated entries in this field. You cannot
provide wildcard (*) characters in this field.
Avaya SBCE does not support SIP URI as a valid value for the Subject Alt
Name field.
Passphrase The password used when encrypting the private key.
Confirm Passphrase A verification field for the Passphrase.
Contact Name The name of the individual within the issuing organization acting as the point-of-
contact for issues relating to this certificate.
Contact E-mail The e-mail address of the contact.

Creating a Certificate Signing Request (CSR) using

OpenSSL
About this task
Use this procedure to generate CSR using OpenSSL.
Before you begin
Ensure that you have the OpenSSL utility.
Procedure
1. Crete an OpenSSL configuration file.
2. Run the following command:
openssl req -out createCSR.csr -newkey rsa:2048 -nodes –keyout keyCSR.key -config
configCSR.config

Creating an end entity

Procedure
1. On the System Manager web console, click Services > Security.
2. In the left navigation pane, click Certificates > Authority.

August 2017 Deploying Avaya Aura® Device Services 141

Comments on this document? [email protected]
Configuration

3. Click RA Functions > Add End Entity.

4. On the Add End Entity page, in End Entity Profile, select INBOUND_OUTBOUND_TLS.
5. Type the username and password.
The password is mandatory for each end entity. Without the password, you cannot generate
the certificate from System Manager because you require the password to authenticate the
certificate generation request.
6. Enter the relevant information in the fields.
The system automatically selects the following:
• ID_CLIENT_SERVER in Certificate Profile
• tmdefaultca in CA
• User Generated in Token
With User Generated, the system generates the certificate by using CSR. You can also
select P 12 file.
7. Click Add.
The system displays the message End Entity <username> added successfully.

Creating the certificate using a CSR

Before you begin
Create an end entity as described in Creating an end entity on page 141.
Procedure
1. On the System Manager web console, click Services > Security.
2. In the left navigation pane, click Certificates > Authority.
3. In the left navigation pane, click Public Web.
4. On the public EJBCA page, click Enroll > Create Certificate from CSR.
5. To get your certificate, on the Certificate Enrollment from a CSR page, do the following:
a. Enter the same username and the password that you provided while creating the end
entity.
b. In the text box, paste the PEM-formated PKCS10 certification request.
c. Click OK.
A certificate in PEM format is generated. The certificate contains the values provided in
the end entity.

August 2017 Deploying Avaya Aura® Device Services 142

Comments on this document? [email protected]
 Uploading certificate file

Uploading certificate file

Before you begin
Obtain the signed certificate from the Certificate Authority (CA). You might also receive a certificate
trust chain if the CA did not directly sign the certificate. The certificate trust chain might be provided
as a separate file or it might be concatenated directly onto the signed certificate.
If the signed certificate is not in a PEM-encoded format, reencode the certificate in the PEM format
before uploading it to the EMS.
An open-source SSL library with utilities for conversions is available at: http://www.openssl.org
You can use this utility to convert a file with a DER-encoded format to a PEM format, as shown in
the example below:
openssl x509 –in input.der –inform DER –out output.pem –outform PEM
You can convert a certificate with a .PEM extension to the .CRT extension by renaming the file and
changing the PEM extension to .CRT.
Procedure
1. In the left navigation pane, click TLS Management > Certificates.
2. Click Install.
3. In the Type field, select Certificate.
4. In the Name field, type the name of the Certificate file.
Note:
You can type only letters, numbers, and underscores in the Name field. Enter the name
of the Certificate file that is uploaded to the EMS. If the name of the Certificate file that
you browse for uploading has a different name, that name will be changed with the
Certificate name that is uploaded to the EMS.
5. In the Certificate File field, click Browse and browse to the location of the Certificate file.
6. In the Key field, select one of the following options:
• Use Existing Key from Filesystem: Select this option if you generated a CSR from the
Generate CSR screen. In this option, the key file is already in the correct location on the
EMS.
Note:
If you are using this option, ensure that the Common Name in the Generate CSR
screen matches with the name of the install certificate.
• Upload Key File: Select this option if you generated a CSR by using an alternate method
than the built-in Generate CSR screen.
In this option, you must upload the private key as described in Step 7.
7. (Optional) In the Key File field, click Browse and browse to the location of the key file

August 2017 Deploying Avaya Aura® Device Services 143

Comments on this document? [email protected]
Configuration

8. In the Trust Chain File field, click Browse and browse to the location of the trust chain file.
This step is required if the CA provided a separate certificate trust chain.
If the third party CA provides separate Root CA and Intermediate certificates, you must
combine both files into a single certificate file for Avaya SBCE. To combine the files, add the
contents of each certificate file one after the other, with the root certificate at the end.
9. Click Upload.
The system uploads the signed X.509 certificate, and the key file, if necessary, to the EMS.
Next steps
Synchronize the certificate to Avaya SBCE through a secure shell (SSH) session.

Synchronizing and installing certificate in a multi-server

deployment
About this task
A multi-server deployment can consist of one or more Avaya SBCE HA pairs or multiple individual
Avaya SBCE servers. Use this procedure to synchronize and install certificates for each Avaya
SBCE server in the multi-server deployment.
Procedure
1. Using a terminal emulation program such as PuTTY, start a secure shell (SSH) connection to
each Avaya SBCE individually in a multiple server deployment.
2. In the Host Name (or IP address) field, type the IP address of an individual SBCE box.
3. In the Port field, type 222 and click Open.
A short delay might occur before connecting.
4. To log in to Avaya SBCE, use ipcs login and password.
5. At the $ prompt, type sudo su and press Enter.
The system displays a prompt to enter the password.
6. At the password prompt, type the ipcs password.
7. At the # prompt, type clipcs and press Enter.
The system displays the CLIPCS console commands level, which is one level below root-
level. For a list and descriptions of available CLIPCS commands, see “CLIPCS Console
Commands”.
8. At the # prompt, type certsync and press Enter.
Avaya SBCE synchronizes with EMS and displays the list of available certificates.

August 2017 Deploying Avaya Aura® Device Services 144

Comments on this document? [email protected]
 Downloading the System Manager PEM certificate

9. Type certinstall certificate_file_name, where certificate_file_name is the name

of the certificate file that you want to install.
If the certinstall command does not accept the certificate file name that you enter,
rename the file with extension .crt and enter the filename again.
10. When the system requests the key passphrase, enter the passphrase.
If you used the CSR generation utility that is built into Avaya SBCE, the passphrase is the
password you entered in the Generate CSR screen.
11. At the # prompt, type exit and press Enter.
The system exits the program level and displays the $ prompt.
12. At the $ prompt, type exit and press Enter.
The system exits the secure shell session. You can also exit the session by clicking the
Cancel (X) button in the upper-right portion of the window.
13. Use the EMS web interface to restart the Avaya SBCE application.

Downloading the System Manager PEM certificate

Procedure
1. On the System Manager web console, click Services > Security.
2. In the left navigation pane, click Certificates > Authority.
3. Click CA Functions > CA Structure & CRLs.
4. Click Download PEM file.
The system downloads the .pem file on your system.

Installing CA certificate
Before you begin
Change the extension of the CA certificate to .crt.
Procedure
1. In the left navigation pane, click TLS Management > Certificates.
2. Click Install.
3. In the Type field, select CA Certificate.
4. In the Name field, type a name for the certificate.

August 2017 Deploying Avaya Aura® Device Services 145

Comments on this document? [email protected]
Configuration

5. Click Browse to locate the certificate file.

6. Click Upload.

Signing identity certificates for Avaya Aura® Device

Services using third party CA certificates
About this task
You can use the following procedure to sign identity certificates for Avaya Aura® Device Services
using third party CA certificates.
Note:
In the following procedure, the third party CA certificate can be a public CA or an internal private
CA.
Before you begin
• Create a CSR with the following X509 extensions:
- keyUsage = nonRepudiation, digitalSignature, keyEncipherment
- extendedKeyUsage = serverAuth, clientAuth
• Ensure that the CSR contains the following:
- If the certificate is only used on the Avaya SBCE, the request contains the subjectAltName
extension that lists the cluster FQDN in the SAN.
- If the certificate is used on both Avaya SBCE and the Avaya Aura® Device Services server,
the request contains the subjectAltName extension that lists the cluster FQDN as well as the
FQDN of each cluster member in the SAN.
Note:
From the security perspective, Avaya recommends that you generate separate
certificates for each node, including the cluster FQDN and the individual cluster node
FQDN in subjectAltName.
• Do not provide the password for a key because password protected keys are not supported.
• Ensure that the key generated along with the CSR is stored safely.
• Ensure that once the certificate is generated, you have received the identity certificate, root CA
certificate, and all intermediate CA certificates in the .PEM format from the certification
authority. If these certificates are not in the .PEM format, you can convert these certificates
using the OpenSSL tool.
• Generate the identity certificate chain.
Procedure
1. Log on to Avaya Aura® Device Services using your SSH credentials.
2. Go to /opt/Avaya/DeviceServices/version/CAS/version/nginx/certs.

August 2017 Deploying Avaya Aura® Device Services 146

Comments on this document? [email protected]
 Configuring System Manager to trust third party root CA certificates

3. Run the following command:

sudo cat rootCA.pem >> auth_ca.crt

In this command, >> is used to append the root CA certificate file to the end of the
auth_ca.crt file.
4. Check that each certificate in the auth_ca.crt file is correct using the OpenSSL
command.
You should see the new root CA certificate and the System Manager root CA certificate.
5. Import the intermediate CA certificate and the root CA certificate to the Avaya SBCE trust
store if you are using reverse proxy on the Avaya SBCE to Avaya Aura® Device Services.
6. Run the configuration utility:
/opt/Avaya/DeviceServices/version/CAS/version/bin/configureAADS.sh
7. Click Front-end host, System Manager and Certificate Configuration.
8. Click Use System Manager for Certificates and type n to not use System Manager for
certificates.
9. Click REST Interface certificate configuration. If the certificate is not in the PKCS12
format, type n on the REST Interface certificate configuration screen.
10. Add the key file to the REST interface PEM key file and the certificate chain to the REST
interface PEM certificate file.
11. Click Signing authority certificate configuration on the Front-end host, System Manager
and Certificate Configuration screen.
12. If the CA root certificate is not in the PKCS12 format, type n.
13. Click Signing Authority PEM certificate file and add the signing authority CA certificate.
14. Click Return to previous menu.
15. Click Apply.

Configuring System Manager to trust third party root CA

certificates
Procedure
1. Log on to the System Manager web console.
2. Click Home > Services > Inventory > Manage Elements .
3. Select System Manager from the Elements.
4. Click Configure Trusted Certificates in the More Actions list.
5. Click Add and select Import from file.

August 2017 Deploying Avaya Aura® Device Services 147

Comments on this document? [email protected]
Configuration

6. Click Choose File and browse to the third party root CA certificate.
7. Click Commit.
8. Restart the System Manager JBOSS™ process.
From the SSH session on the System Manager, run the following command as a root
user:
service jboss restart

Note:
The service jboss restart command affects the service for the System Manager.

Creating a new TLS server profile

Procedure
1. Log on to the EMS web interface with administrator credentials.
2. In the left navigation pane, click TLS Management > Server Profiles.
The system displays the Server Profiles screen.
3. Click Add.
The system displays the New Profile window.
4. Enter the requested information into the appropriate fields.
5. Click Finish.
The TLS Server profile is created, installed, and listed in the application pane.
Related links
TLS server profile screen field descriptions on page 148

TLS server profile screen field descriptions

Both TLS Server Profiles and TLS Client Profiles share the same configuration parameters.
Therefore, the parameter descriptions in the following table match those in the table in TLS Client
Profile Pop-up Screen Field Descriptions on page 151
Note:
The only exception is regarding the Peer Verification parameter setting (see description below).
This setting determines if a peer verification operation should be performed. In a TLS client
profile, the Peer Verification parameter setting cannot be changed and is locked to: Required,
while in a TLS server profile, the Peer Verification parameter may be set to one of three possible
values: Required, Optional, or None.

August 2017 Deploying Avaya Aura® Device Services 148

Comments on this document? [email protected]
 Creating a new TLS server profile

Field Description
TLS Profile
Profile Name The descriptive name used to identify this profile.
Certificate The certificate presented when requested by a peer.
Certificate Info
Peer Verification One of three check boxes indicating whether peer verification is required:
• Required: The incoming connection must provide a certificate, the certificate
must be signed by one of the Peer Certificate Authorities, and not be
contained in a Peer Certificate Revocation List. In a client profile
configuration screen, the Required check box is a locked setting and cannot
be deselected.
• Optional: The incoming connection may optionally provide a certificate. If a
certificate is provided, but is not contained in the Peer Certificate Authority
list, or is contained in a Peer Certificate Revocation List, the connection will
be rejected.
• None: No peer verification will be performed.

Note:
Peer Verification is always required for TLS Client Profiles, therefore the
Peer Certificate Authorities, Peer Certificate Revocation Lists, and
Verification Depth fields will be active.
Peer Certificate The CA certificates to be used to verify the remote entity identity certificate, if
Authorities one has been provided.

Note:
Using Ctrl or Ctrl+Shift, any combination of selections can be made from
this list.
Using Ctrl+Shift , the user can drag to select multiple lines, and using
Ctrl, the user can click to toggle individual lines.
Peer Certificate Revocation lists that are to be used to verify whether or not a peer certificate is
Revocation Lists valid.

Note:
Using Ctrl or Ctrl+Shift, any combination of selections can be made from
this list.
Using Ctrl+Shift , the user can drag to select multiple lines, and using
Ctrl, the user can click to toggle individual lines.
Verification Depth The maximum depth used for the certificate trust chain verification. Each CA
certificate might also have its own depth setting, referred to as the path length
constraint. If both are set, the lower of these two values is used.
Renegotiation Parameters
Renegotiation Time The amount of time after which the TLS connection must be renegotiated. This
field is optional and must be set to 0 to disable.

August 2017 Deploying Avaya Aura® Device Services 149

Comments on this document? [email protected]
Configuration

Field Description
Renegotiation Byte The amount of bytes after which the TLS connection must be renegotiated.
Count This field is optional and must be set to 0 to disable.
Handshake Options
Version The TLS versions that the client or servers accepts or offers.
The options are:
• TLS 1.2
• TLS 1.1
• TLS 1.0
The default value for this field is TLS 1.2. Ensure that you select an
appropriate TLS version according to the TLS version that the server supports.
Ciphers The level of security to be used for encrypting data. Available selections are:
• Default: The cipher suite recommended by Avaya.
• FIPS: The cipher suite recommended by Avaya for FIPS 140–2 compatibility.
• Custom: Selecting the Custom radio button enables a user-defined level of
encryption that can be configured by using the Value field described below.
Value A field provided to contain a textual representation of the ciphers settings used
by OpenSSL.
For a full list of possible values, see the OpenSSL ciphers documentation at
http://www.openssl.org/docs/apps/ciphers.html.

Note:
The Value field is an advanced setting that must not be changed without
an understanding of how OpenSSL handles ciphers. Invalid or incorrect
settings in this field can cause insecure communications or even
catastrophic failure.

Related links
Creating a new TLS server profile on page 148

Creating a client profile

Procedure
1. Log in to Avaya SBCE EMS web interface with administrator credentials.
2. In the left navigation pane, click TLS Management > Client Profiles.
3. Click Add.
The system displays the New Profile window.
4. Enter the requested information in the appropriate fields.

August 2017 Deploying Avaya Aura® Device Services 150

Comments on this document? [email protected]
 Creating a client profile

5. Click Finish.
The system installs and displays the new TLS client profile.
Related links
TLS client profile screen field descriptions on page 151

TLS client profile screen field descriptions

Both TLS Server Profiles and TLS Client Profiles share the same configuration parameters.
Therefore, the parameter descriptions in the following table match those in the table in TLS server
profile pop-up window field descriptions on page 148.
Note:
The only exception is regarding the Peer Verification parameter setting. This setting determines
whether a peer verification operation must be performed. In a TLS client profile, the Peer
Verification parameter setting cannot be changed and is locked to: Required. In a TLS server
profile, the Peer Verification parameter can be set to one of three possible values: Required,
Optional, or None.
Name Description
TLS Profile
Profile Name A descriptive name used to identify this profile.
Certificate The certificate presented when requested by a peer.
Certificate Info
Peer The incoming connection must provide a certificate, the certificate must be signed by one
Verification of the Peer Certificate Authorities, and not be contained in a Peer Certificate Revocation
List. In a client profile configuration screen, the Required is selected for this field.

Note:
Peer Verification is always required for TLS Client Profiles, therefore the Peer
Certificate Authorities, Peer Certificate Revocation Lists, and Verification Depth
fields will be active.
Peer The CA certificates to be used to verify the remote entity identity certificate, if one has
Certificate been provided.
Authorities
Note:
Using Ctrl or Ctrl+Shift, any combination of selections can be made from this list.
Using Ctrl+Shift , the user can drag to select multiple lines, and using Ctrl, the user
can click to toggle individual lines.
Peer Revocation lists that are to be used to verify whether a peer certificate is valid.
Certificate
Revocation Note:
Lists Using Ctrl or Ctrl+Shift, any combination of selections can be made from this list.

August 2017 Deploying Avaya Aura® Device Services 151

Comments on this document? [email protected]
Configuration

Name Description

Using Ctrl+Shift , the user can drag to select multiple lines, and using Ctrl, the user
can click to toggle individual lines.
Verification The maximum depth used for the certificate trust chain verification. Each CA certificate
Depth might also have its own depth setting, referred to as the path length constraint. If both are
set, the lower of these two values is used.
Extended Determines whether or not server certificates will be verified only by the DNS entry in the
Hostname Common Name or Subject Alt Name of the certificate served by the remote server.
Verification
Custom Permits the user to define a custom hostname that will be accepted if served by the
Hostname remote server. This is primarily intended for use with legacy Avaya products.
Override
Renegotiation Parameters
Renegotiation The amount of time after which the TLS connection must be renegotiated. This field is
Time optional and must be set to 0 to disable.
Renegotiation The number of bytes after which the TLS connection must be renegotiated. This field is
Byte Count optional and must be set to 0 to disable.
Handshake Options
Version The TLS versions that the client or servers accepts or offers.
The options are:
• TLS 1.2
• TLS 1.1
• TLS 1.0
The default value for this field is TLS 1.2. Ensure that you select an appropriate TLS
version according to the TLS version that the client supports.
Ciphers The level of security to be used for encrypting data. Available selections are:
• Default: The cipher suite recommended by Avaya.
• FIPS: The cipher suite recommended by Avaya for FIPS 140–2 compatibility.
• Custom: Selecting the Custom radio button enables a user-defined level of encryption
that can be configured by using the Value field described below.
Value A field provided to contain a textual representation of the ciphers settings used by
OpenSSL.
For a full list of possible values, see the OpenSSL ciphers documentation at http://
www.openssl.org/docs/apps/ciphers.html.

Note:
The Value field is an advanced setting that must not be changed without an
understanding of how OpenSSL handles ciphers. Invalid or incorrect settings in this
field can cause insecure communications or even catastrophic failure.

Related links
Creating a client profile on page 150

August 2017 Deploying Avaya Aura® Device Services 152

Comments on this document? [email protected]
 Adding reverse proxy

Adding reverse proxy

About this task
You must configure the reverse proxy with the listed IP towards the enterprise and connect the IP to
the network outside the enterprise.
In a remote worker environment ensure split DNS configuration for Avaya Aura® Device Services to
function properly.
Procedure
1. Log on to EMS.
2. In the left navigation pane, click Device Specific Settings > DMZ Services > Relay
Services.
The system displays the Relay Services page.
3. In the Reverse Proxy tab, click Add.
4. On the Add Reverse Proxy page, do the following:
a. In the Service Name field, type the reverse proxy profile name.
b. Select the Enabled check box.
c. In the Listen IP field, click the external SBC IP address.
d. In the Listen Protocol field, select the protocol published towards remote workers.
If you select the HTTPS protocol, the system enables the Listen TLS Profile field.
e. In the Listen TLS Profile field, click the TLS profile you created.
The default TLS profiles, such as AvayaSBCServer have demonstration certificates. For
optimum security, Avaya recommends that you do not use demonstration certificates.
f. In the Listen Port field, type 8443 or the override port defined on Avaya Aura® Device
Services.
g. In the Server Protocol field, click the protocol used for the Avaya SBCE server.
For security reasons, Avaya recommends the use of HTTPS.
h. In the Server TLS Profile field, click the TLS profile that you created.
i. In the Connect IP field, click the IP address that Avaya SBCE must use for
communicating with the file servers.
j. In the Server Addresses field, type the Avaya Aura® Device Services server address
and port.
This field accepts an IP address or FQDN and port. Preferably, specify the FQDN and
port in the Server Addresses field. This field must match the Subject Alt Name
defined in the Avaya Aura® Device Services server certificate.
k. In the Load Balancing Algorithm field, select a load balancing algorithm.

August 2017 Deploying Avaya Aura® Device Services 153

Comments on this document? [email protected]
Configuration

l. Select the Allow Web Sockets check box.

m. In the Whitelisted IPs field, type the whitelisted IPs.
5. Click Finish.

Integrated Windows Authentication administration and

management
Integrated Windows Authentication (IWA) enables you to log in to different services with the same
credentials. To support IWA, some Avaya Aura® Device Services server administration is required.
Users must be able to authenticate to the AADS API using a preexisting authentication to a
Windows domain. AADS uses SPNEGO to negotiate authentication with the client and Kerberos to
validate the authentication of the client user. User roles are retrieved normally through LDAP.
Use the following sections to complete IWA configuration on the AADS and Active Directory servers.
Errors in the setup might cause the authentication to fail. You can enable debug logs to assist with
troubleshooting.

Authentication prerequisites
You must have the following to set up IWA:
• An Active Directory server.
• A DNS server for the DNS domain of Active Directory.
• A Windows client on the Active Directory domain.
• An AADS server that is resolvable by the DNS.
• A domain user that will be mapped to the Service Principal Name (SPN) of the AADS server.
• Domain users for all individual users.
Important:
The Active Directory, Windows client, and AADS server must resolve each other’s FQDNs.
However, they do not need to use the same DNS server or to belong to the same zone.
Note:
For information about setting up the DNS server, see Administering Avaya Communicator for
Android, iPad, and Windows.

August 2017 Deploying Avaya Aura® Device Services 154

Comments on this document? [email protected]
 Integrated Windows Authentication administration and management

Setting up the Windows Domain Controller

About this task
Use this procedure to add the AADS SPN to a domain user on the Windows Domain Controller or
the Active Directory server. The SPN must be unique across the domain. To avoid issues with
duplicated SPNs, keep track of any SPNs assigned to users.
For detailed information about Domain Controller users, see https://technet.microsoft.com/en-us/
library/cc786438(v=ws.10).aspx.
Important:
Enter all commands exactly as shown in this procedure, and use the following guidelines:
• The host name used to access the Tomcat server must match the host name in the SPN
exactly. Otherwise, authentication will fail.
• The server must be part of the local trusted intranet for the client.
• The SPN must be formatted as HTTP/<host name> and must be exactly the same
everywhere.
• The port number must not be included in the SPN.
• Only one SPN must be mapped to a domain user.
• The Kerberos realm is always the uppercase equivalent of the DNS domain name. For
example, EXAMPLE.COM.
Procedure
1. Create a new IWA service account.
Do not select an account associated with an existing user.
2. If you are using Active Directory 2008 or higher, run the following command to attach the
SPN to the domain name:
setspn -S HTTP/<FRONT-END FQDN> <Domain user login>

In the following example, “<FRONT-END FQDN>” is aads.example.com and “<Domain

user login>” is aads_user:
setspn -S HTTP/aads.example.com aads_user

Important:
• If you are using Active Directory 2003, you must use setspn -A instead of setspn
-S.
• When you use setspn -S, the Active Directory server searches for other users with
the same SPN assigned. If the server finds a duplicated SPN, see step 3 on
page 155.
3. (Optional) To remove a duplicated SPN from another user, run the following command:
setspn -d <SPN> <old user>

August 2017 Deploying Avaya Aura® Device Services 155

Comments on this document? [email protected]
Configuration

4. Use the following command to generate a tomcat.keytab file:

ktpass /out c:\tomcat.keytab /mapuser <Domain User Login>@<Kerberos realm> /princ
HTTP/<FRONT-END FQDN>@<Kerberos realm> /pass +rndPass /crypto all /kvno 0

In the following example, <Domain User Login> is aads_principal, <Kerberos

realm> is EXAMPLE.COM, and <FRONT—END FQDN> is aads.example.com:
ktpass /out c:\tomcat.keytab /mapuser [email protected] /princ HTTP/
[email protected] /pass +rndPass /crypto all /kvno 0

The tomcat.keytab file enables AADS to authenticate against the Kerberos Key
Distribution Center (KDC). This file assigns a random password to the user.
5. Transfer the generated tomcat.keytab file to the AADS server using the OAMP
administration portal.
Since this is a credentials file, handle it securely and delete the original file after this file is
imported into the AADS server. You can generate and re-import a new tomcat.keytab file
anytime.

Windows Domain Controller command descriptions

Setting up the Windows Domain Controller on page 155 uses the following command values:

Command Description Example value

<FRONT—END The REST front host FQDN of the AADS server. This aads.example.com
FQDN> is either the FQDN of the Virtual IP assigned to the
cluster (if internal load balancing is used) or the
FQDN of the external load balancer, if it is used.
<Domain user The Windows login ID for the domain user you aads_user
login> created.
<Kerberos realm> The domain name for the Kerberos realm. The EXAMPLE.COM
Kerberos realm is always the uppercase equivalent
of the DNS domain name.

Setting up IWA on the Avaya Aura® Device Services

administration portal
About this task
This procedure describes the changes you must perform on the Avaya Aura® Device Services
administration portal to configure IWA.
Procedure
1. On the Avaya Aura® Device Services administration portal, click LDAP Configuration.
2. In the Server Address and Credentials area, do the following:
a. In the Windows Authentication drop-down menu, select Negotiate.

August 2017 Deploying Avaya Aura® Device Services 156

Comments on this document? [email protected]
 Integrated Windows Authentication administration and management

b. In the Confirm Action dialog box, click OK.

c. In UID Attribute ID, type userPrincipalName.
If this field is not set to userPrincipalName, you might encounter license issues and
other unpredictable behavior.
d. Ensure that the other settings are appropriate for the LDAP configuration of your
Domain Controller.
Important:
The LDAP server that you use must be the domain controller with the appropriate
Active Directory version as the server type.
3. In the Configuration for Windows Authentication area, complete the following information
using the same values you provided when setting up the Windows Domain Controller:
a. In Service Principal Name (SPN), type HTTP/<FRONT—END FQDN>.
For example, HTTP/aads.example.com.
b. Click Import to import the tomcat.keytab file transferred from the Windows Domain
Controller.
In cluster deployments, the file is transferred to all nodes in the cluster. An additional
option is available to send the file to specific nodes in a cluster.
c. In Kerberos Realm, type the Kerberos realm, which is usually in all uppercase letters.
For example, EXAMPLE.COM.
d. In DNS Domain, type the DNS domain of the Domain Controller.
For example, example.com.
e. (Optional) Select the Use SRV Record check box.
f. (Optional) If Use SRV Record is not selected, in KDC FQDN, type the FQDN of the
Domain Controller.
This value also includes the DNS domain at the end. For example, ad.example.com.
g. (Optional) In KDC Port, retain the default value of 88.
This field is only visible if Use SRV Record is not selected.
h. (Optional) In a cluster deployment, click Send Keytab File to send the
tomcat.keytab file you imported in step 3.b on page 157 to a specific node.
This option is useful if the import to a node failed or if you add a new node to your
cluster.
4. Click Save to retain the settings and restart the server.
The settings that you updated are used to generate the files needed to configure the Tomcat
JAASRealm and the corresponding Sun JAAS Login module for GSS Bind.

August 2017 Deploying Avaya Aura® Device Services 157

Comments on this document? [email protected]
Configuration

System layer (OS) updates on VMware virtual machines

Each VMware virtual machine that is created by deploying the Avaya Aura® Device Services OVA
file has a system layer (operating system). The system later is updated with system layer updates
provided by Avaya.
Important:
Do not apply updates obtained from sources other than Avaya to the system layer of Avaya
Aura® Device Services VMware virtual machines. Only use update artifacts provided by Avaya.
Note:
This section only applies to VMware virtual machines. Customers are responsible for updating
the operating system when Avaya Aura® Device Services is installed onto physical servers,
using update artifacts from Red Hat.
The process to install a system layer update involves the following steps:
• Determine if the system layer update is applicable to the given virtual machine. If the
update is not applicable, then there is no action required.
• Download, extract, and stage the update.
• Install the update during a maintenance window.
Related links
Determining if a system update is applicable on page 158
Downloading, extracting, and staging a system layer update on page 159
Installing a staged system layer update on page 160

Determining if a system update is applicable

About this task
Before installing a system update for a virtual machine, query the version of the currently installed
system. Use the current version to determine if the system layer requires an update. It is possible
that the machine was installed using an OVA that was already built with the latest system layer
version.
Procedure
1. Log in to the virtual machine using the administrative user id.
2. Query the version number of the system version by running the sys versions command.

Note:
The patch level reported by the above command is not used at this time, and is to be
ignored.

August 2017 Deploying Avaya Aura® Device Services 158

Comments on this document? [email protected]
 System layer (OS) updates on VMware virtual machines

Next steps
If the above system version is already on the recommended system update, then no further action is
required.
If the above system version is lower than the recommended system update version, then continue
with the process to download and stage the update.
Related links
System layer (OS) updates on VMware virtual machines on page 158

Downloading, extracting, and staging a system layer update

About this task
Before installing a system layer update, you must first download the update from the Avaya support
site, and then extract and stage the update on the system. The staging process places the update
into a system area, which prepares the system for installation of the update.
Procedure
1. Download the update from the Avaya Support web site.
2. Transfer the update to the admin account of the server to be updated, using standard file
transfer methods, such as SFTP or SCP.
3. Log in to the admin account of the server using SSH
4. To extract the update, use the following command:
tar -zxf ucapp-system-3.0.0.0.9.tgz

5. To stage the update, change to the required directory and perform the following staging
command:
cd ucapp-system-3.0.0.0.9
sudo ./update.sh --stage

6. (Optional) To free up disk space, clean up the downloaded and extracted files using the
following commands:
cd..
rm ucapp-system-3.0.0.0.9.tgz
rm -rf ucapp-system-3.0.0.0.9

Tip:
It is recommended to clean up the downloaded and extracted artifacts after staging. The
staging operation copies the content to an internal system area. The downloaded and
extracted content are no longer required.
7. To verify that the update has been staged, query the status:
sysUpdate --status

August 2017 Deploying Avaya Aura® Device Services 159

Comments on this document? [email protected]
Configuration

Note:
The sysUpdate command is added to the system the first time a system update is
staged. After staging, if the command is not recognized, you must exit the current
session and establish a new session. Establishing a new session creates the
sysUpdate command (alias) for the new session.

Tip:
If a system update is staged in error, the staged update can be deleted as follows. It is
not possible to delete a staged update once the installation of the update has started.
sysUpdate --delete

For additional help with the sysUpdate command, use one of the following commands.
The --help option provides command line syntax. The --hhelp option provides
verbose help.
sysUpdate --help
sysUpdate --hhelp

Next steps
Install the staged update during a maintenance window.
Related links
System layer (OS) updates on VMware virtual machines on page 158

Installing a staged system layer update

About this task
After a system update is staged, it can then be installed. The installation runs in the background in
order to minimize the possibility of interference, such as the loss of an SSH session. The
background installation process follows these steps:
• A login warning message is created so users logging into the system know that a system
update is in progress.
• If the application is running, it is shut down.
• The update is installed onto the system.
• The server is rebooted.
• Post-reboot cleanup actions are performed.
• The application is started.
• The login warning message is removed.
Important:
Do not perform any system maintenance actions, such as starting, stopping, or upgrading the
application, while the system update is in progress.

August 2017 Deploying Avaya Aura® Device Services 160

Comments on this document? [email protected]
 System layer (OS) updates on VMware virtual machines

Procedure
1. Log in to the administrative account using SSH.
2. Type sysUpdate ––install to start the installation

Tip:
The progress of the update can be monitored using one of the following commands. The
first command uses the Linux tail browser, whereas the second uses the Linux less
browser.
sysUpdate --monitor
sysUpdate --monitor less

The status of the update can be queried using the command:

sysUpdate --status

You can obtain logs of the current, and previous, system layer update installations, by
using the following command. This command places a zip file of the logs in the current
working directory.
sysUpdate --logs

Related links
System layer (OS) updates on VMware virtual machines on page 158

August 2017 Deploying Avaya Aura® Device Services 161

Comments on this document? [email protected]
Chapter 7: Upgrading Avaya Aura® Device
Services

About this task

With these steps you can upgrade Avaya Aura® Device Services.
Important:
For upgrading clusters, follow the steps in this section for all nodes in the cluster, beginning with
the seed node.
Before you begin
• Download the 7.1.0.X.XXX binary file
• Ensure the system has only two loads installed at a time.
Procedure
1. Upgrade the system layer.
ucapp-system-3.2.0.0.9.tgz is an example of a system layer upgrade artifact.
2. Make the required adjustments to the partitioning 1.0 volumes.
a. Confirm that the system is on partitioning version 1.0 using the sys versions
command.
b. Set the /media/data volume to 20.0 GiB.
3. Upgrade the application layer.
a. Log on to the Avaya Aura® Device Services server as an administrator.
b. Type app removeinactive.
This step removes the inactive Avaya Aura® Device Services version.
4. Transfer the binary file to the administrator home folder on the Avaya Aura® Device Services
server by using a file transfer tool of your choice.
5. Type chmod 755 aads-7.1.0.0.205.bin.
This step makes the file executable.
6. Type sudo ./aads-7.1.0.0.205.bin.
The system begins the upgrade.

August 2017 Deploying Avaya Aura® Device Services 162

Comments on this document? [email protected]
 Rolling back Avaya Aura® Device Services

After the upgrade is complete, restart services, and then check DRS replication on System
Manager
Note:
In case you add a third load the upgrade will fail and the system will prompt to remove
an old load.
Related links
Rolling back Avaya Aura Device Services on page 163
Upgrading existing test configurations on page 164

Rolling back Avaya Aura® Device Services

About this task
You can roll back to a previously installed AADS version if the previous AADS version is still present
on the server. The rollback operation cannot be performed on the first AADS version installed.
The AADS service become unavailable during rollback.
In a cluster, you must roll back every node before the nodes are started.
Before you begin
You must clear the dynamic settings from the database. To clear the database do the following:
• Go to /opt/Avaya/DeviceServices/<version>/CAS/<version>/misc/
• Run the following command as a non-root user, sudo ./clitool-acs.sh
cleanAutoConfigTestConfigurations.
Procedure
1. Log on to the AADS server as admin.
2. Type sudo /opt/Avaya/DeviceServices/version/CAS/version/uninstaller/
rollbackAADS.sh.
Here, version is the current AADS version.
sudo /opt/Avaya/DeviceServices/7.1.0.0.243 /CAS/7.1.0.0.243 /uninstaller/
rollbackAADS.sh

3. In an AADS cluster, run the same command on every node to roll back to the previous
version.
4. After rolling back every node in the cluster, type sudo /etc/init.d/AADSService
start.
The AADS service starts.
Related links
Upgrading Avaya Aura Device Services on page 162

August 2017 Deploying Avaya Aura® Device Services 163

Comments on this document? [email protected]
Upgrading Avaya Aura® Device Services

Upgrading existing test configurations

About this task
Upgrading Avaya Aura® Device Services may sometimes introduce new auto-configuration settings.
In such a scenario, all existing auto-config test configurations must be upgraded to reflect newly
introduced settings. For this, you must perform the following task.
Procedure
1. Log on to the Avaya Aura® Device Services server as an administrator.
2. Go to /opt/Avaya/DeviceServices/<version>/CAS/<version>/misc/.
For example, go to /opt/Avaya/DeviceServices/7.1.0.0.277/CAS/7.1.0.0.277/
misc/
3. Run the following command as a non-root user, sudo ./clitool-acs.sh
upgradeAutoConfigTestConfigurations.
This command automatically upgrades the existing test configurations.
Related links
Upgrading Avaya Aura Device Services on page 162

August 2017 Deploying Avaya Aura® Device Services 164

Comments on this document? [email protected]
Chapter 8: Troubleshooting and
maintenance

Overview
This section describes the maintenance and troubleshooting procedures specific to deploying Avaya
Aura® Device Services. For more information about troubleshooting steps and commands, see
Administering Avaya Aura® Device Services.

Checking Avaya Aura® Device Services status

Procedure
1. Log in to the Avaya Aura® Device Services CLI.
2. Type sudo service AADSService status.
The system displays the current status of Avaya Aura® Device Services

Service unavailable
Condition
Avaya Aura® Device Services services are not available and displays a 503 error.
Cause
Avaya Aura® Device Services is not paired to Session Manager.
DRS synchronization is not complete.
Traffic exceeds acceptable limits.
Solution
1. Log in to Session Manager and check whether Avaya Aura® Device Services is paired to the
Session Manager.
2. Wait for traffic to reduce to acceptable limits.
3. Ensure that DRS synchronization is done.

August 2017 Deploying Avaya Aura® Device Services 165

Comments on this document? [email protected]
Troubleshooting and maintenance

Avaya Equinox™ is unable to connect to Avaya Aura®

Device Services
Condition
Avaya Equinox™ is unable to connect to Avaya Aura® Device Services to complete the mutual
authentication for client identity certificates.
Cause
On Avaya Aura® Device Services, on the HTTPS Clients screen, the administrator has set the
Client-Device Certificate Policy as Required.
Solution
On the HTTP Clients screen, the administrator must set the Client-Device Certificate Policy as
None.

Running patch to allow Avaya Equinox™ for Windows to

reach Web Deployment service
About this task
For software updates through Avaya Equinox™ for Windows client, you must apply a patch by
following the instructions in this section. The patch opens port 8442 for Web deployment service and
sets up port 8442 to pass web deployment requests without certificate validation.
Important:
You must use this procedure only if you have Avaya Equinox™ for Windows clients and ESG
servers in your environment.
If you have only Avaya Aura® Device Services and Avaya Equinox™ for Windows clients in the
network, you must set the REST and OAMP fields on the Client Administration > Client
Settings screen to None.
You can use the patch with the following arguments:
• enable: to apply the workaround to allow Avaya Equinox™ for Windows to reach Web
Deployment service
• disable: to revert the workaround to allow Avaya Equinox™ for Windows to reach Web
Deployment service
If the disable argument is used, the patch removes port 8442 from nginx and iptables. In this
procedure, the enable argument is used to apply the workaround.
You must run this patch after every upgrade or rollback of Avaya Aura® Device Services so that the
Web deployment service works for the Windows client.
Procedure
1. Go to /opt/Avaya/DeviceServices/version/CAS/version/misc/.

August 2017 Deploying Avaya Aura® Device Services 166

Comments on this document? [email protected]
Running the patch to allow Avaya Aura® Web Gateway to reach Avaya Aura® Device Services auto-configuration service

2. Type sudo ./webdeployment-patch.sh enable.

For example, the sudo ./webdeployment-patch.sh enable command displays the
following messages:
grep acs-nginx-webdeployment-8442.conf /opt/Avaya/DeviceServices/
7.1.0.0.243/nginx/1.8.0-1/conf/nginx.conf
acs-nginx-webdeployment-8442.conf will be added now
iptables rule will be added now
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
2017-01-24_12:17:36 Reloading Nginx ..................... [ OK ]
After running the patch, you must download URL and appcast URL to use port 8442.
3. Log in to the Avaya Aura® Device Services administration user interface.
4. In the navigation pane, click Web Deployment > Deployment.
The system displays the Software Update Deployment page.
5. Change the Download URL port for Appcast to 8442.
For example, https://<AADS FQDN/IP Address>:8442/acs/resources/webdeployment/
downloads/Avaya Equinox Setup 3.0.0.136.msi
6. Change the APPCAST URL port in Dynamic Configurations to 8442.
For example, https://<AADS FQDN/IP Address>:8442/acs/resources/webdeployment

Running the patch to allow Avaya Aura® Web Gateway to

reach Avaya Aura® Device Services auto-configuration
service
About this task
You can perform this task only if you have Avaya Aura® Web Gateway server setup in the Avaya
Aura® Device Services environment and if the REST certificate policy is set to NONE. on the Avaya
Aura® Device Servicesadministration user interface.
You must run the dynamicconfigurations-patch.sh script to allow the connection between
Avaya Aura® Web Gateway and Avaya Aura® Device Services auto-configuration service using
certificate policy. This patch opens the port 8440 for auto-configuration service and the Avaya Aura®
Device Services provides the auto-configuration service on the port 8440.
You must run this patch after every upgrade or rollback of Avaya Aura® Device Services to allow
Avaya Aura® Web Gateway to reach Avaya Aura® Device Services auto-configuration service.
Procedure
1. Go to /opt/Avaya/DeviceServices/version/CAS/version/misc/.
2. Type sudo ./dynamicconfigurations-patch.sh enable.

August 2017 Deploying Avaya Aura® Device Services 167

Comments on this document? [email protected]
Troubleshooting and maintenance

runUserDiagnostics tool
The runUserDiagnostics tool is used with the clitool-acs.sh tool for collecting and dumping user
and contact-related information.
You can run the command for a user by:
• specifying the user’s email ID
• specifying a filename that contains comma separated email IDs of more than one user
The tool generates an excel file for each user. The file name contains the email address of the
user to distinguish the file name for each user.
Syntax
sudo ./clitool-acs.sh runUserDiagnostics [-e email_address] [-f
<absolute_filepath><filename>] [-d <email_address>][-a]

e Creates an excel file in /opt/Avaya/ directory that contains contact-related

information for the email ID specified

f Creates excel files in /opt/Avaya/ directory that contains contact-related

information for each email ID specified in the text file

d Deregisters a registered user and removes all user related data from Avaya
Aura® Device Services

a Creates an excel file in /opt/Avaya/ directory that contains the number of

contacts in Session Manager and Avaya Aura® Device Services for all
registered Avaya Aura® Device Services users

email_address Email address of a user

filename Filename containing comma separated email IDs. The file must be accessible
from the misc directory for clitool and stored under opt/Avaya or a sub-
directory.

absolute_filepath Absolute filepath of the directory where the filename containing comma
separated email IDs is stored.

Example
The following examples show how the runUserDiagnostics tool can be used with the available
features.
sudo ./clitool-acs.sh runUserDiagnostics -e [email protected]

Creates an output file for containing contact related information for [email protected].
sudo ./clitool-acs.sh runUserDiagnostics -f /opt/Avaya/filelist.txt

Creates output files containing contact related information for every email specified in /opt/
Avaya/filelist.txt.
sudo ./clitool-acs.sh runUserDiagnostics -d [email protected]

August 2017 Deploying Avaya Aura® Device Services 168

Comments on this document? [email protected]
 Shutting down Avaya Aura® Device Services gracefully

Deregisters [email protected] and removes all data related to this user from Avaya Aura®
Device Services.
sudo ./clitool-acs.sh runUserDiagnostics -a

Checks the number of contacts in Session Manager and Avaya Aura® Device Services for all
registered Avaya Aura® Device Services users and creates a file opt/Avaya/Contacts.xls.
Files
The following files are associated with the runUserDiagnostics tool:
• opt/Avaya/DeviceServices/version/CAS/version/misc/clitool-acs.sh
• /opt/Avaya/Contact.xls

Shutting down Avaya Aura® Device Services gracefully

Procedure
1. Log in to the Avaya Aura® Device Services CLI.
2. Type sudo service AADSService stop.

Data on Cassandra is corrupted

Condition
Data on Cassandra is corrupted.
Solution
Uninstall Avaya Aura® Device Services and reinstall again.

Uninstalling Avaya Aura® Device Services

About this task
When you uninstall all Avaya Aura® Device Services nodes or a seed node, the system
decommissions Avaya Aura® Device Services and removes all data related to Avaya Aura® Device
Services from Session Manager. In a cluster configuration, if you uninstall one Avaya Aura® Device
Services node, the system removes the data related to that node from Session Manager and thus all
other nodes in the cluster can function without interruption.
Decommission the additional nodes first, and the seed nodes last.
Procedure
1. Log in to Avaya Aura® Device Services CLI.

August 2017 Deploying Avaya Aura® Device Services 169

Comments on this document? [email protected]
Troubleshooting and maintenance

2. Type sudo /opt/Avaya/DeviceServices/<version>/CAS/<version>/

uninstaller/uninstallAADS.sh.
This command restores the system to the point before deploying Avaya Aura® Device
Services.
If you run the uninstallAADS.sh script on the last node or seed node, the system displays a
prompt to confirm whether you want to decommission Avaya Aura® Device Services
3. For the last node, at the message to confirm decommissioning Avaya Aura® Device
Services, select Yes to proceed.
The system deletes all Avaya Aura® Device Services data.

Session Manager still shows Avaya Aura® Device Services

data after decommissioning
Solution
1. After uninstalling Avaya Aura® Device Services, log in to the associated Session Manager as
sroot.
2. Type avcqlsh.
3. At the avcqlsh prompt, type describe keyspaces.
Check whether any of the following keyspaces are present:
• acs
• versions
• http_notification
• clusteradmin
• notificationservice
• cas_common_data
4. For every community, type use community_x_y, where x and y are community numbers.
5. Type describe tables.
Check whether the system displays any contacts table.
6. If any keyspaces or contacts table are present, do one of the following:
• Remove keyspaces and contacts table manually.
For removing keyspaces, type drop keyspace_name, where keyspace_name is the
keyspace name.
For removing the contacts table, type drop table community_x.contacts.

August 2017 Deploying Avaya Aura® Device Services 170

Comments on this document? [email protected]
 Session Manager still shows Avaya Aura® Device Services data after decommissioning

Session Manager has its own table called contact. The Avaya Aura® Device Services table
is called contacts. Ensure you delete only the Avaya Aura® Device Services contacts
table.
• Run a script to remove keyspaces.
Type the following script code and create a .sh file:
#!/bin/bash
#Copyright 2016-2017 Avaya Inc., All Rights Reserved.
#
# THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF Avaya Inc.
#
# The copyright notice above does not evidence any actual or intended
# publication of such source code.
#
# Some third-party source code components may have been modified from their
# original versions by Avaya Inc.
#
# The modifications are Copyright 2016-2017 Avaya Inc., All Rights Reserved.
#
# Avaya - Confidential & Restricted. May not be distributed further without
# written permission of the Avaya owner.
############################################################################

#Get the cassandra user name password from the user

gatherDBUserPassword()
{
# Prompt for Database user and password
if [ -z $DB_USER ]; then
echo
read -p "Please enter the cassandra user name: " DB_USER 2>&1
fi
if [ -z $DB_PASSWORD ]; then
read -s -p "Please enter the cassandra password: " DB_PASSWORD 2>&1
echo
fi
echo
}

#Get the list of keyspaces from cassandra

getKeyspaceList()
{
$CASSANDRA_HOME/bin/cqlsh -u $DB_USER -p $DB_PASSWORD --ssl <<CQLSH4 | tail -n
+4 | cut -d '|' -f1
select keyspace_name from system.schema_keyspaces;
CQLSH4
return ${PIPESTATUS[0]}
}

gatherDBUserPassword

CAS_KEYSPACES="`getKeyspaceList`"
if [[ ! "$?" = "0" ]]; then
echo "The user name , password for cassandra may not be correct please
verify"
exit
fi

cql=""
for KEYSPACE in $CAS_KEYSPACES
do
#echo $KEYSPACE
if [[ $KEYSPACE == community* ]] ;

August 2017 Deploying Avaya Aura® Device Services 171

Comments on this document? [email protected]
Troubleshooting and maintenance

then
cql="Use $KEYSPACE;DROP TABLE IF EXISTS contacts;"
$CASSANDRA_HOME/bin/cqlsh -u $DB_USER -p $DB_PASSWORD --ssl -e "$cql"
echo $cql
fi
done

cql="DROP KEYSPACE IF EXISTS acs;DROP KEYSPACE IF EXISTS cas_common_data;DROP

KEYSPACE IF EXISTS versions;DROP KEYSPACE IF EXISTS clusteradmin;DROP KEYSPACE
IF EXISTS notificationservice;DROP KEYSPACE IF EXISTS http_notification;"
echo $cql
$CASSANDRA_HOME/bin/cqlsh -u cassandra -p cassandra --ssl -e "$cql"
echo "Finished deleting the keyspaces and column families related to AADS"

Make the script executable by using the command chmod +x script_name.sh.

Run the script with the command ./ script_name.sh.

Installing SIP CA certificate from CLI

About this task
If you upgrade Session Manager earlier than release 6.2 FP4 to 7.0.1 or later, before installing
Avaya Aura® Device Services, the system displays a PPM certificate error while adding contacts.
The system displays an error because Session Manager expects a SIP CA certificate. To resolve
this error, install a SIP CA certificate from the CLI.
Procedure
1. Log in to Avaya Aura® Device Services with administrator credentials.
2. Go to /opt/Avaya/DeviceServices/7.1.0.0.xxx/CAS/7.1.0.0.xxx/bin
3. Type sudo ./demo_certs.sh -I
The system displays the message Certificate was added to keystore..
4. Restart Avaya Aura® Device Services services.

August 2017 Deploying Avaya Aura® Device Services 172

Comments on this document? [email protected]
Chapter 9: Back up and restore system
information

Backup and restore checklist

Use the following sequence to back up and restore Avaya Aura® Device Services.
Note:
On restoring Avaya Aura® Device Services on new OVA you must re-configure SSH RSA Public
key and SSH RSA Private key on seed node. Additionally the re-configuration updates the new
RSA key of the other nodes.
Re-configuration of SSH RSA keys is a must for cluster system. It is not required for standalone
system.
For more information, see Configuring an Avaya Aura® Device Services node in a cluster on
page 67.
No. Task Description

1 Back up Session Manager to See Backing up user data storage on

preserve data such as LDAP
settings and tables.
2 Back up Avaya Aura® Device
Services.
3 If data changed on Session
Manager, restore the database on
Session Manager.
4 Run the binary installer for Avaya
Aura® Device Services.
5 Restore Avaya Aura® Device
Services.
page 174.
See Backing up Avaya Aura Device
Services on page 174.
See Restoring user data storage on
page 175.
See Restoring Avaya Aura Device
Services on page 176.

August 2017 Deploying Avaya Aura® Device Services 173

Comments on this document? [email protected]
Back up and restore system information

Backing up user data storage

About this task
Run the backup immediately. Running the backup on demand does not alter the nightly backup
schedule.
Procedure
1. On the Home page of the System Manager Web console, in Elements, click Session
Manager > System Status > User Data Storage.
2. Click Backup and Restore.
3. Select the Session Manager or multiple Session Manager instances on which to run the
backup.
4. Click Backup.
5. Click Confirm to start the backup process, or Cancel to cancel the backup request.

Backing up Avaya Aura® Device Services

Before you begin
Back up Session Manager to preserve data, such as LDAP settings.
About this task
During the Avaya Aura® Device Services backup, the system backs up the following data:
• Trust/Keystores
• Installation settings
• Session Manager connectivity details
• System Manager connectivity details
• Nginx configuration settings
• Configuration files
If you specify a backup directory, the system creates the backup in that backup directory. If you do
not specify a backup directory, the system creates the backup in the current working directory.
You can back up Avaya Aura® Device Services without backing up the associated Session Manager
instances and vice versa.
Procedure
1. Log in to Avaya Aura® Device Services using the administrator credentials that were defined
during the OVA deployment.
2. Go to /opt/Avaya/DeviceServices/<version>/CAS/<version>/bin, where
<version> is the current Avaya Aura® Device Services version.

August 2017 Deploying Avaya Aura® Device Services 174

Comments on this document? [email protected]
 BackupAADS.sh options

3. Run the backup script.

For example:
sudo ./backupAADS.sh -d /home/admin backup2016

In this example, the backup was created in the /home/admin directory. The backup file
name specified is backup2016.

BackupAADS.sh options
The backupAADS.sh script is located in the /opt/Avaya/DeviceServices/<version>/CAS/
<version>/bin directory.
You can use the following options with the backupAADS.sh script:

-h Prints usage options for the backupAADS.sh script.

-d Specifies the directory for the backup.

-t Creates the backup as a .tar file.

-v Displays information for debugging.

Restoring user data storage

The restore operation:
• Only restores call history information that exists in a backup file.
• Deletes call history information that exists only in the database.
Procedure
1. On the home page of the System Manager Web Console, in Elements, click Session
Manager > System Status > User Data Storage.
2. Click Backup and Restore.
3. Select the Session Manager on which to run the restore operation.
4. Click Restore.
5. In the Restore File column, select the appropriate file you want to restore from the drop-
down menu.
6. Do one of the following:
• Click Commit to accept the selection.

August 2017 Deploying Avaya Aura® Device Services 175

Comments on this document? [email protected]
Back up and restore system information

• Click Reset to reload the Restore File selection list.

• Click Cancel to cancel the restore request and return to the User Data Storage screen.
7. Click Confirm to send a request to each Session Manager to begin the restore operation
using the selected file, or click Cancel to cancel the restore request.

Restoring Avaya Aura® Device Services

About this task
You can restore a backup of an Avaya Aura® Device Services node with the restoreAADS.sh
utility. You can use this procedure to restore nodes in a cluster.
Before you begin
• Back up Avaya Aura® Device Services using the backupAADS.sh script.
• Run the binary installer by providing the node IP address, Session Manager IP address, and
System Manager data and then exit the installer at the Results of installation Script screen.
After running the binary installer, if Session Manager data has changed, restore the database
on Session Manager.
Procedure
1. Log in to Avaya Aura® Device Services using the administrator credentials that were defined
during the OVA deployment.
2. Go to /opt/Avaya/DeviceServices/<version>/CAS/<version>/bin, where
<version> is the current AADS version.
3. Change the ownership of the backup file by running the following command:
sudo chown –R <admin_user:admin_grp> <full_path_to_backup_tar_file>

4. Run the restore script by providing the path to the backup file.
For example:
sudo ./restoreAADS.sh /home/admin/backup2016_uc-aads1-traffic

In this example, the backup file is backup2016_uc-aads1–traffic.tar.

5. After the restoration is complete, restart services by running the following command:
sudo service AADSService restart

RestoreAADS.sh options
The restoreAADS.sh script is located in the /opt/Avaya/DeviceServices/
<version>/CAS/<version>/bin directory.
You can use the following options with the restoreAADS.sh script:

August 2017 Deploying Avaya Aura® Device Services 176

Comments on this document? [email protected]
 Avaya Aura® Device Services cluster backup and restore

-h Displays usage options for the restoreAADS.sh script.

-c Restores only configuration files.

-s Skips sha256 checksum validation.

-S Displays sha256 checksums.

Avaya Aura® Device Services cluster backup and restore

You must back up and restore every Avaya Aura® Device Services node in a cluster separately. The
procedure for backing up and restoring is the same as that for individual nodes described in Backing
up Avaya Aura Device Services on page 174 and Restoring Avaya Aura Device Services on
page 176. All nodes are backed up and restored independent of each other.

August 2017 Deploying Avaya Aura® Device Services 177

Comments on this document? [email protected]
Chapter 10: Resources

Documentation
See the following related documents at http://support.avaya.com.
Title Use this document to: Audience
Implementing
Deploying Avaya Aura® Device Services Deploy Avaya Aura® Device Services. Sales Engineers,
Solution Architects,
Implementation
Engineers, Support
Personnel
Deploying Avaya Aura® Session Deploy the Session Manager OVA. Sales Engineers,
Manager Solution Architects,
Implementation
Engineers, Support
Personnel
Administering
Administering Avaya Aura® Device Administer Avaya Aura® Device Services. Sales Engineers,
Services Solution Architects,
Support Personnel
Administering Avaya Aura® Session Administer the Session Manager Sales Engineers,
Manager interface. Solution Architects,
Support Personnel

Related links
Finding documents on the Avaya Support website on page 178

Finding documents on the Avaya Support website

Procedure
1. Navigate to http://support.avaya.com/.
2. At the top of the screen, type your username and password and click Login.
3. Click Support by Product > Documents.

August 2017 Deploying Avaya Aura® Device Services 178

Comments on this document? [email protected]
 Viewing Avaya Mentor videos

4. In Enter your Product Here, type the product name and then select the product from the
list.
5. In Choose Release, select an appropriate release number.
6. In the Content Type filter, click a document type, or click Select All to see a list of all
available documents.
For example, for user guides, click User Guides in the Content Type filter. The list displays
the documents only from the selected category.
7. Click Enter.
Related links
Documentation on page 178

Viewing Avaya Mentor videos

Avaya Mentor videos provide technical content on how to install, configure, and troubleshoot Avaya
products.
About this task
Videos are available on the Avaya Support website, listed under the video document type, and on
the Avaya-run channel on YouTube.
Procedure
• To find videos on the Avaya Support website, go to http://support.avaya.com and perform one
of the following actions:
- In Search, type Avaya Mentor Videos to see a list of the available videos.
- In Search, type the product name. On the Search Results page, select Video in the
Content Type column on the left.
• To find the Avaya Mentor videos on YouTube, go to www.youtube.com/AvayaMentor and
perform one of the following actions:
- Enter a key word or key words in the Search Channel to search for a specific product or
topic.
- Scroll down Playlists, and click the name of a topic to see the available list of videos posted
on the website.
Note:
Videos are not available for all products.

August 2017 Deploying Avaya Aura® Device Services 179

Comments on this document? [email protected]
Resources

Support
Go to the Avaya Support website at http://support.avaya.com for the most up-to-date
documentation, product notices, and knowledge articles. You can also search for release notes,
downloads, and resolutions to issues. Use the online service request system to create a service
request. Chat with live agents to get answers to questions, or request an agent to connect you to a
support team if an issue requires additional expertise.

August 2017 Deploying Avaya Aura® Device Services 180

Comments on this document? [email protected]
Appendix A: Examples of Microsoft Active
Directory LDAP property files

Examples of Microsoft Active Directory LDAP configuration that uses the user ID as
the account name
# Binding parameters
ldapUrl=ldaps://gdc.global.example.com:3269
bindDN=global\AADSAssistant
bindCredential=admin123

# Authentication parameters
uidAttrID=sAMAccoutName
baseCtxDN=dc=global,dc=example,dc=com
allowEmptyPasswords=false

# Authorization parameters based on method #2 by searching for the groups

roleFilter=(&(objectClass=group)(member={1}))
rolesCtxDN=ou=Groups,dc=global,dc=example,dc=com
roleAttrID=cn
roleAttrIsDN=false
roleNameAttrID=
roleRecursion=1
searchScope=2
adminRole=AADSAdmin
usersRole=AADSUsers
auditorRole=AADSAuditor

# Internationalization parameters
language=en

# User management parameters

activeUsersFilter=(&(objectClass=user)(objectCategory=Person)(!(userAccountControl:
1.2.840.113556.1.4.803:=2)))
lastUpdatedTimeAttr=whenChanged

Examples of Microsoft Active Directory LDAP configuration that uses the email
address as the account name
# Binding parameters
ldapUrl=ldaps://gdc.global.example.com:3269
bindDN=global\AADSAssistant
bindCredential=admin123

# Authentication parameters
uidAttrID=mail
baseCtxDN=dc=global,dc=example,dc=com
allowEmptyPasswords=false

# Authorization parameters based on method #2 by searching for the groups

roleFilter=(&(objectClass=group)(member={1}))

August 2017 Deploying Avaya Aura® Device Services 181

Comments on this document? [email protected]
Examples of Microsoft Active Directory LDAP property files

rolesCtxDN=ou=Groups,dc=global,dc=example,dc=com
roleAttrID=cn
roleAttrIsDN=false
roleNameAttrID=
roleRecursion=1
searchScope=2
adminRole=AADSAdmin
usersRole=AADSUsers
auditorRole=AADSAuditor

# Internationalization parameters
language=en

# User management parameters

activeUsersFilter=(&(objectClass=user)(objectCategory=Person)(!(userAccountControl:
1.2.840.113556.1.4.803:=2)))
lastUpdatedTimeAttr=whenChanged

August 2017 Deploying Avaya Aura® Device Services 182

Comments on this document? [email protected]
Appendix B: LDAP search results and
referrals

Search Request Responses

Search Result:
The results of the search operation are returned as zero or more SearchResultEntry and/or
SearchResultReference messages, followed by a single SearchResultDone message.
Each SearchResultEntry represents an entry found during the search. Each
SearchResultReference represents an area not yet explored during the search.
Referral:
The referral result code indicates that the contacted server is unable to run the operation, while
another server might be able to run the same.
LDAP Search Result Reference
If the server was able to locate the entry referred to by the baseObject but could not search one or
more non-local entries, the server may return one or more SearchResultReference messages,
each containing a reference to another set of servers for continuing the operation.
If Avaya Aura® Device Services receives a SearchResultReference, it will attempt to resolve the
returned LDAP URI, and launch a new query for each returned reference, with the same filter unless
a new filter is included in the reference. Any new references will also be followed.
The following is an example of a case when a reference would be returned when a domain is
queried about another domain in the forest.
Ie
Source domain, dc=ottawa,dc=valley,dc=eh
Child domain, dc=upper,dc=ottawa,dc=valley,dc=eh

ldapsearch -v -H ldap://ottawa.valley.eh:389 -b "dc=ottawa,dc=valley,dc=eh"

"samaccountname=a.upper" mail msrtcsip-primaryuseraddress telephonenumber
ldap_initialize( ldap://ottawa.valley.eh:389/??base )
filter: samaccountname=a.upper
requesting: mail
# extended LDIF
#
# LDAPv3
# base <dc=ottawa,dc=valley,dc=eh> with scope subtree
# filter: samaccountname=a.upper
# requesting: mail
#

August 2017 Deploying Avaya Aura® Device Services 183

Comments on this document? [email protected]
LDAP search results and referrals

# search reference
ref: ldap://upper.ottawa.valley.eh/DC=upper,DC=ottawa,DC=valley,DC=eh

# search reference
ref: ldap://DomainDnsZones.ottawa.valley.eh/DC=DomainDnsZones,DC=ottawa,DC=val
ley,DC=eh

# search result
search: 2
result: 0 Success

# numResponses: 3
# numReferences: 2

LDAP Reference with Active Directory:

If you have Active Directory as your Enterprise source and it uses integrated DNS, the forest root
will have a ForestDNSZones partition, while all domains with integrated DNS will have a
DomainDNSZones partition. The forest root will also contain the Configuration partition.
This means any query to the Active Directory source will return references to all of these partitions.
The following is an example of querying the forest root.
ldapsearch -v -H ldap://west.bytown.city:389 -b "dc=west,dc=bytown,dc=city"
"samaccountname=a.west" mail
ldap_initialize( ldap://west.bytown.city:389/??base )
filter: samaccountname=a.west
requesting: mail
# extended LDIF
#
# LDAPv3
# base <dc=west,dc=bytown,dc=city> with scope subtree
# filter: samaccountname=a.west
# requesting: mail
#

# Able West, West Users, west.bytown.city

dn: CN=Able West,OU=West Users,DC=west,DC=bytown,DC=city
mail: [email protected]

# search reference
ref: ldap://DomainDnsZones.west.bytown.city/DC=DomainDnsZones,DC=west,DC=bytown,DC=city

# search reference
ref: ldap://ForestDnsZones.west.bytown.city/DC=ForestDnsZones,DC=west,DC=bytown,DC=city

# search reference
ref: ldap://west.bytown.city/CN=Configuration,DC=west,DC=bytown,DC=city

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 1
# numReferences: 3

August 2017 Deploying Avaya Aura® Device Services 184

Comments on this document? [email protected]
 LDAP Referral
The referral result code indicates that the contacted server is unable to run the operation, and that
one or more other servers might be able to. Reasons for this include:
• The target entry of the request is not held locally, but the server has knowledge of its possible
existence elsewhere.
• The operation is restricted on this server, perhaps due to a read-only copy of an entry to be
modified.
The following is an example of when a source will return referral when a query is sent to a source
that is not authoritative in the base context.
source domain, dc=upper,dc=ottawa,dc=valley,dc=eh

send query with base context of dc=ottawa,dc=valley,dc=eh

ldapsearch -v -H ldap://upper.ottawa.valley.eh:389 -b "dc=ottawa,dc=valley,dc=eh"

"samaccountname=a.ottawa" mail msrtcsip-primaryuseraddress telephonenumber
ldap_initialize( ldap://upper.ottawa.valley.eh:389/??base )
filter: samaccountname=a.ottawa
requesting: mail msrtcsip-primaryuseraddress telephonenumber
# extended LDIF
#
# LDAPv3
# base <dc=ottawa,dc=valley,dc=eh> with scope subtree
# filter: samaccountname=a.ottawa
# requesting: mail msrtcsip-primaryuseraddress telephonenumber
#

# search result
search: 2
result: 10 Referral
text: 0000202B: RefErr: DSID-03100781, data 0, 1 access points
ref 1: 'ottawa.valley.eh'

ref: ldap://ottawa.valley.eh/dc=ottawa,dc=valley,dc=eh

# numResponses: 1

If the Avaya Aura® Device Services receives a Referral, it will attempt to resolve the returned LDAP
URI and launch a new query for each returned referral, with the same filter. This is unless specified
otherwise in the referral.
Typically, the referred to URI will be equal to the base context in the query.
Recommendations
Minimize the number of queries sent to the Enterprise source for any given transaction. This might
improve Avaya Aura® Device Services performance, and also minimize the impact on the source.
Base Context:
To avoid referrals when choosing base context DN, choose the highest granularity that your
enterprise source is authoritative in.
Active Directory:
The ForestDNSZones, DomainDNSZones, and Configuration partitions are not replicated to the
global catalog. Therefore, search requests to global catalog will not return references to said
partitions. Thus if possible it is advisable to use the global catalog on Active Directory instead of the
standard LDAP source.

August 2017 Deploying Avaya Aura® Device Services 185

Comments on this document? [email protected]
LDAP search results and referrals

Multiple Domains:
If the Enterprise is built on Active Directory, it is advisable to use global catalog, instead of counting
on referral or reference. This might minimize the number of queries. If using alternate Enterprise
sources, you might experience degradation if many or all queries require referral to another source.
Related links
Changing the password of the Avaya Aura Device Services virtual machine on VMware through
SSH on page 186

Changing the password of the Avaya Aura® Device

Services virtual machine on VMware through SSH
About this task
When you log in to the system for the first time, change the password and then log in again.
Procedure
1. Log in to the system as admin.
You must use the admin user defined during OVA deployment for logging in to Avaya Aura®
Device Services.
The system prompts you to type the password.
2. Type the password.
The system displays the following message:
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user admin.
Changing password for admin.
3. Follow the instruction on the screen to change the password.
After you change the password, the system closes the SSH session.
Related links
LDAP search results and referrals on page 183

August 2017 Deploying Avaya Aura® Device Services 186

Comments on this document? [email protected]
Appendix C: Virtualization

Thin vs. thick deployments

When creating a virtual disk file, VMware ESXi uses a thick type of virtual disk by default. The thick
disk pre-allocates the space specified during the creation of the disk. For example, if you create a 10
megabyte disk, all 10 megabytes are pre-allocated for that virtual disk.
• Thin provisioned disks can grow to the full size specified at the time of virtual disk creation, but
do not shrink. Once the blocks have been allocated, they cannot be un-allocated.
• By implementing thin provisioned disks, you are able to over-allocate storage. If storage is
over-allocated, thin virtual disks can grow to fill an entire datastore if left unchecked.
• If a guest operating system needs to make use of a virtual disk, the guest operating system
must first partition and format the disk to a file system it can recognize. Depending on the type
of format selected within the guest operating system, the format may cause the thin
provisioned disk to grow to full size. For example, if you present a thin provisioned disk to a
Microsoft Windows operating system and format the disk, unless you explicitly select the Quick
Format option, the Microsoft Windows format tool writes information to all sectors on the disk,
which in turn inflates the thin provisioned disk to full size.
Related links
Increasing the disk size of the Avaya Aura Device Services virtual machine through VMware on
page 187
Increasing CPU and Memory of the Avaya Aura Device Services virtual machine on page 189
Increasing the size of a virtual disk on page 189
Increasing the size of a disk volume on a virtual machine on page 190
Increasing the virtual machine disk size in the Appliance Virtualization Platform (AVP)
environment on page 192

Increasing the disk size of the Avaya Aura® Device Services

virtual machine through VMware
About this task
Use this procedure only in a VMware virtualized environment.
Avaya Aura® Device Services OVA contains three virtual hard disks:
• Hard disk 1

August 2017 Deploying Avaya Aura® Device Services 187

Comments on this document? [email protected]
Virtualization

• Hard disk 2
• Hard disk 3
Before you begin
Install the VMware with an Enterprise Plus license.
Procedure
1. Shut down the Avaya Aura® Device Services virtual machine.
2. In the vSphere client inventory, select and right-click the Avaya Aura® Device Services virtual
machine and click Edit Settings.
3. On the Virtual Machine Properties window, in the Hardware tab, select one of the following:
• Hard disk 2
• Hard disk 3
4. Change the hard disk size settings and click OK.
5. Restart the Avaya Aura® Device Services virtual machine.
6. Log in to the Avaya Aura® Device Services server.
7. To apply changes to the size of a virtual disk, use the following commands:
a. To resize an application virtual disk, type the following commands:
presize -v /dev/sdb
lvextend -l +100%FREE /dev/mapper/application_vg-Avaya
resize2fs /dev/mapper/application_vg-Avaya

b. To resize the media data virtual disk, use the following commands:
presize -v /dev/sdb
lvextend -l +100%FREE /dev/mapper/media_vg-Avaya
resize2fs /dev/mapper/media_vg-Avaya

8. To extend the memory of the virtual machine, do the following:

a. On the Virtual Machine Properties window, in the Hardware tab, select Memory.
b. Modify the memory value, and click OK.
9. To extend the number of CPUs of the virtual machine, do the following:
a. On the Virtual Machine Properties window, in the Hardware tab, select CPUs.
b. Modify the memory value, and click OK.
10. To extend the size of disk volumes, use one of the following commands:
sys volmgt --extend <volume> <x>m
sys volmgt --extend <volume> <x>g
sys volmgt --extend <volume> <x>t

Where, m indicates megabytes, g indicates gigabytes, and t indicates terabytes.

Related links
Thin vs. thick deployments on page 187

August 2017 Deploying Avaya Aura® Device Services 188

Comments on this document? [email protected]
 Thin vs. thick deployments

Increasing CPU and Memory of the Avaya Aura® Device Services

virtual machine
About this task
Use this procedure only in a VMware virtualized environment.
Before you begin
Install VMware with an Enterprise Plus license.
Procedure
1. Shut down the Avaya Aura® Device Services virtual machine.
2. In the vSphere client inventory, select and right-click the Avaya Aura® Device Services virtual
machine and click Edit Settings.
3. On the Virtual Machine Properties window, in the Hardware tab, click Memory or CPUs.
4. Do one of the following:
• Change memory configuration.
• Change CPU settings.
5. Click OK to exit the window.
6. Restart the Avaya Aura® Device Services virtual machine.
Related links
Thin vs. thick deployments on page 187

Increasing the size of a virtual disk

About this task
Each virtual disk holds one or more disk volumes. Before you can increase the size of a disk
volume, you must first increase the size of the host disk to provide the required disk space.
This procedure describes how to adjust the size of a virtual disk in the Virtualization Enabled (VE)
environment. The VE environment uses the standard VMware infrastructure facilities. This
procedure applies to virtual machines on both partitioning versions 1.0 and 2.0.
Before you begin
• Ensure that the system layer on the virtual machine has been upgraded to the current Release
3.2. You can verify this using the sys versions command.
• Delete all snapshots from the virtual machine. You cannot adjust disk sizes while snapshots
exist.
• Determine the disk volume to be increased in size.
• Determine the disk number that hosts the disk volume. You can use the sys volmgt --
summary command for more information.

August 2017 Deploying Avaya Aura® Device Services 189

Comments on this document? [email protected]
Virtualization

Procedure
1. If the virtual machine is installed and running, log in to the system, and shut down the
operating system by running the following command:
sudo shutdown -h now

2. Stop your virtual machine if it is still running.

3. Click Edit Settings.
4. From the Hardware tab, select the hard disk to be enlarged.
5. In Disk Provisioning, enter a higher value for the disk size and select the appropriate unit of
measure.
6. Click OK.
7. Power on the virtual machine.
Next steps
Increase the size of the disk volume.
Related links
Thin vs. thick deployments on page 187

Increasing the size of a disk volume on a virtual machine

About this task
Use this procedure to increase the size of a disk volume. The upgrade process for an OVA from a
previous release requires an increase in the size of one or more disk volumes.
In rare circumstances, Avaya support might recommend specific increments in disk volume sizes to
address unexpected disk engineering issues.
Before you begin
Increase the size of the virtual disks that host the volumes to be increased. This process makes new
disk space available. For example, if the volume requires an additional 20.0 GiB of space and the
host disk is currently 50.0 GiB, then you must change the size of the host disk to 70.0 GiB.
Procedure
1. If the virtual machine is not running, then power it up.
2. Scan the disks on the virtual machine to detect newly available disk space by running the
following command:
sys volmgt --scan

Tip:
For more information about this command, you can use the following commands:
• For syntax help: sys volmgt -h

August 2017 Deploying Avaya Aura® Device Services 190

Comments on this document? [email protected]
 Thin vs. thick deployments

• For verbose help: sys volmgt -hh

After the scan is complete, an updated file system summary is displayed. The newly
available disk space is reported in the Disk > Free column.
3. Allocate all of the unused space on the disk to the target volume by running the following
command:
sys volgt --extend <volume> --remaining

For <volume>, specify the name of the volume as it appears in the Volume > Name column.
All --extend operations are run as background tasks.
a. To monitor the status of the operation in progress or of the last completed operation, run
the following command:
sys volmgt --monitor less

b. To gather all volume management logs into a zip file in the current working directory, run
the following command:
sys volmgt --logs

c. If a disk has multiple volumes and more than one volume is being increased in size, use
one of the following commands to allocate a specific amount of unused space to a
volume:
sys volgt --extend <volume> <x>m
sys volgt --extend <volume> <x>g
sys volgt --extend <volume> <x>t

In these commands, m means megabytes, g means gigabytes, t means terabytes, and

<x> is a decimal number. For example, the following increments the /var/log volume
by 10.5 GiB:
sys volmgt --extend /var/log 10.5g

4. Verify that the new space has been allocated to the volume by running the following
command:
sys volmgt --summary

Due to disk overhead, the size of the volume reported under the Volume > LVM Size column
will never exactly match the size reported under the Volume > File System > Size column.
a. If you suspect that the file system size is not correct, verify that the operation is
complete by running the following command:
sys volmgt --status

b. If the status is reported as “Complete”, you can correct the situation using --extend
without an increment value:
sys volmgt --extend /var/log

This operation does not add more space to the volume that hosts the file system.
Instead, it reissues the command to make full use of the current volume.

August 2017 Deploying Avaya Aura® Device Services 191

Comments on this document? [email protected]
Virtualization

Tip:
Similar to using --extend to increase volume sizes, you can also monitor the --
extend operation and gather logs using the following commands:
sys volmgt --monitor less
sys volmgt --logs

Related links
Thin vs. thick deployments on page 187

Increasing the virtual machine disk size in the Appliance

Virtualization Platform (AVP) environment
About this task
Use this procedure to increase the disk size of a virtual machine in the AVPenvironment. You only
need to perform this procedure if you have deployed an earlier version of Avaya Aura® Device
Services 7.1 to an AVP host and if you need to change the size of the /media/data volume. The /
media/data volume resides on disk 3 and is less than 20 GiB.
Before you begin
Upgrade the system layer on the virtual machine to the current release.
Procedure
1. Upgrade the Avaya Aura® Device Services OVA.
For more information about upgrading, see Upgrading Avaya Aura Device Services on
page 162.
2. Back up the upgraded Avaya Aura® Device Services data.
For more information about backing up the data, see Backing up Avaya Aura Device
Services on page 174.
3. Deploy the Avaya Aura® Device Services OVA.
For more information about deploying, see Deployment methods on page 40.
4. Restore the backed up data.
For more information about restoring, see Restoring Avaya Aura Device Services on
page 176.
Related links
Thin vs. thick deployments on page 187

August 2017 Deploying Avaya Aura® Device Services 192

Comments on this document? [email protected]
Appendix D: Aliases

Aliases provide an alternate and convenient way to run commonly used commands without
specifying long path names. The arguments available for the original commands apply for the
command aliases as well.
Alias Description
app Provides commands for application-specific tasks such as backup, restore, and
view status. If you type app without arguments, the system displays the available
subcommands.
For example, the following commands give the same results
• sudo /opt/Avaya/DeviceServices/version/CAS/bin/backupAADS.sh, use
• app backup
svc Provides commands for managing services, such as starting, stopping, and viewing
status. If you type svc without arguments, the system displays the available
subcommands.
For example, the following commands give the same results:
• sudo service AADSService location
• svc aads location
cdto Provides an easy way to navigate through directories of the installed application. If
you type cdto without arguments, the system displays the available subcommands.
For example, the following commands give the same results:
• cd /opt/Avaya/DevicesSerivces/version/CAS/version
• cdto cas

August 2017 Deploying Avaya Aura® Device Services 193

Comments on this document? [email protected]

Index
A certificates ....................................................................93, 146
A10 configuration ....................................................... 119, 123
configuring LDAP authentication ................................ 127
configuring LDAP searches ........................................ 126
creating virtual service ................................................126
service group .............................................................. 125
virtual server ............................................................... 124
AADS
AADS overview .............................................................10
browser requirements ...................................................21
overview ....................................................................... 10
rolling back ................................................................. 163
virtual machine resource requirements ........................ 20
AADS cluster
backup and restore .....................................................177
AADS VM Deployment
Configuration Parameters .............................................44
Network Parameters .....................................................44
Add End Entity ................................................................... 141
adding
reverse proxy ..............................................................153
adding license file ................................................................ 39
Additional node
Installing ..................................................................... 131
Adjusting the size of virtual disks .......................................189
aliases ................................................................................193
architecture diagram
Avaya Aura Device Services .........................................11
assigning
data center ....................................................................31
auto-configuration service ..................................................167
Avaya Aura Device Services ................................................56
supported servers .........................................................21
topology ........................................................................ 11
VMware software requirements ....................................20
B cluster configuration ..................................................... 90
backing up
Avaya Aura Device Services ...................................... 174
backupAADS.sh
options ........................................................................ 175
best practices ..................................................................... 114
C system manager ........................................................... 78
CA signed certificates ........................................................ 146
Cassandra clustering
topology ........................................................................ 12
Certificate Enrollment ........................................................ 142
certificate file
uploading .................................................................... 143
August 2017 Deploying Avaya Aura® Device Services
Comments on this document?
[email protected]
intermediate CA certificate ........................................... 98
local certificates ............................................................ 96
System Manager certificate .......................................... 96
certificate signing requests ................................................ 141
certificate using CSR
create ..........................................................................142
change history ....................................................................... 9
changing
CPU ............................................................................ 189
memory .......................................................................189
changing password
AADS ..........................................................................186
checking
DRS synchronization .................................................... 71
status .......................................................................... 165
checklist ............................................................................... 54
before deploying ova .................................................... 29
planning procedures ............................................... 15, 54
cleaning
AADS data after decommissioning .............................170
cluster
change LDAP parameters after install ........................133
changing seed node ................................................... 134
installation ...................................................................128
install cluster ...............................................................129
installing cluster node ................................................. 130
commands
system layer ................................................................. 23
command values
Windows Domain Controller ....................................... 156
components ......................................................................... 13
Avaya Aura Device Services ........................................ 13
configuration
active directory ........................................................... 155
advanced configuration ................................................ 91
Avaya SBCE for remote access ..................................118
certificates .................................................................... 78
firewall configuration .....................................................93
front-end host ............................................................... 78
import secure LDAP certificate ................................... 100
IWA ..................................................................... 154, 155
LDAP configuration .......................................................81
LDAP settings .............................................................100
remote access .............................................................118
tools and utilities ........................................................... 21
Windows Domain Controller ....................................... 155
configuration tasks ...............................................................76
configure
run configuration script ................................................. 77
configuring
194

configuring (continued)
virtual IP address ....................................................53, 73
CPU and Memory .............................................................. 189
creating
client profile ................................................................ 150
CSR ............................................................................ 139
new TLS server profile ................................................148
creating an end entity ........................................................ 141
Creating certificate using certificate signing request ......... 142
D I
data center
adding ...........................................................................30
field descriptions ...........................................................31
data corruption ...................................................................169
data storage clustering ........................................................ 32
deploying
Open Virtual Application ......................................... 42, 45
OVA using vSphere Client ...................................... 42, 45
Deploying an OVA file
Avaya Aura Device Services ........................................ 46
Device Services ............................................................46
deployment
thick ............................................................................ 187
thin ..............................................................................187
deployment methods ........................................................... 40
descriptions
LDAP parameter ......................................................... 115
disk partitioning ....................................................................21
DNS server .......................................................................... 33
DNS SRV records ................................................................ 36
downloading
System Manager PEM certificate ............................... 145
downloading software
using PLDS ...................................................................19
Downloading system layer .................................................159
E Windows Domain Controller setup ............................. 155
enabling
enhanced access security gateway after OVA
deployment ................................................................. 136
PPM rate limiting ........................................................ 134
end entry
create ..........................................................................141
extracting system layer ...................................................... 159
F Active Directory internationalization parameters ........ 107
field description
TLS Certificates screen .............................................. 139
field descriptions
Hosts ............................................................................ 48
Locations ...................................................................... 48
new profile .................................................................. 151
August 2017 Deploying Avaya Aura® Device Services
Comments on this document?
[email protected]
Index
field descriptions (continued)
new server profile screen ........................................... 148
Virtual Machines ........................................................... 48
Filed description
Initial Installation Configuration .....................................64
H
Hosts ....................................................................................48
importing
LDAP certificate .................................................... 72, 117
SIP CA certificate ......................................................... 99
trusted certificate ...................................................72, 117
increasing
disk size ..............................................................187, 192
Increasing the size of a disk volume
virtual machine ........................................................... 190
Initial Installation Configuration
field description .............................................................64
installation
checklist ........................................................................41
Installation
checklist ..................................................................40, 60
installation data ....................................................................17
installing
CA certificate .............................................................. 145
certificate to SBCE ..................................................... 144
Installing
an additional node ...................................................... 131
installing SIP CA certificate ................................................172
integrated Windows authentication support setup ............. 154
IWA
active directory ........................................................... 155
administration portal ................................................... 156
prerequisites ............................................................... 154
L
latest software patches ........................................................ 16
LDAP
configuration ............................................................... 114
LDAP configuration
Active Directory authentication parameters ................105
Active Directory binding parameters ...........................105
Active Directory role search parameters .................... 107
Active Directory user management parameters ......... 109
attribute mapping ........................................................ 110
attribute mapping use case .........................................113
change LDAP parameters after installing cluster ....... 133
import secure LDAP certificate ................................... 101
Microsoft Active Directory ...........................................102
195
Index
LDAP configuration (continued)
property file examples ................................................ 181
System Manager login name use cases ..................... 110
LDAP parameter
descriptions .................................................................115
LDAP referrals ................................................................... 183
LDAP search results .......................................................... 183
LDAP server
user synchronization after deployment .......................102
licensing requirements .........................................................38
Locations ............................................................................. 48
log on
AADS web interface ..................................................... 74
O server hardware and resources ........................................... 20
OpenSSL ........................................................................... 141
overview
AADS ............................................................................10
P user synchronization after deployment .......................102
Pairing Session Manager
with an Avaya Aura Device Services ............................ 58
patch information ................................................................. 16
planning procedures
checklist ........................................................................15
PLDS
downloading software ...................................................19
post deployment .................................................................. 54
post-installation script
running ..........................................................................70
PPM rate limiting
enabling ...................................................................... 134
prerequisites .......................................................................... 8
IWA ............................................................................. 154
R sys ....................................................................................... 23
Reestablish Connection .......................................................48
related documentation ....................................................... 178
release notes for latest software patches ............................ 16
remote worker configuration
A10 client SSL certificate ............................................ 119
A10 client SSL template ............................................. 122
A10 server SSL certificate .......................................... 120
A10 server SSL template ............................................121
creating IP source NAT ...............................................122
importing System manager root certificate ................. 121
removing EASG ................................................................. 137
resources
server ............................................................................20
restoreAADS.sh
options ........................................................................ 176
restoring .............................................................................176
reverse proxy
August 2017 Deploying Avaya Aura® Device Services
Comments on this document?
[email protected]
reverse proxy (continued)
checklist ......................................................................138
rolling back
AADS ..........................................................................163
running
post-installation script ................................................... 70
runUserDiagnostics ........................................................... 168
S
saving
LDAP settings ...............................................................76
Scopia iView
settings for Avaya Aura Device Services ....................135
service unavailable ............................................................ 165
Session Manager Service States
effect on Avaya Aura Device Services ..........................59
setting up
DNS server ................................................................... 33
IWA ............................................................................. 156
shutting down
Avaya Aura Device Services ...................................... 169
SIP CA certificate ...............................................................172
software patches ..................................................................16
SSh terminal keealive timer
configuring .................................................................... 30
staged system layer ...........................................................160
staging system layer .......................................................... 159
starting
AADS services ........................................................61, 67
virtual machine ............................................................. 59
status
checking ..................................................................... 165
support ...............................................................................180
synchronizing
certificate to SBCE ..................................................... 144
sys secconfig ....................................................................... 24
system layer
secconfig ...................................................................... 24
versions ........................................................................ 24
volmgt ........................................................................... 25
system layer (OS) .............................................................. 158
system layer commands ...................................................... 23
system manager
adding ...........................................................................56
system update ................................................................... 158
sys versions ......................................................................... 24
sys volmgt ............................................................................25
T
thick deployment ................................................................187
thin deployment ................................................................. 187
third party certificates .........................................................146
196
 Index

third party root CA ..............................................................147

troubleshooting
overview ..................................................................... 165

U
uninstalling
Avaya Aura Device Services ...................................... 169
Update Static Routing ..........................................................48
updating
DNS addresses ............................................................ 37
NTP addresses .............................................................38
search domains ............................................................ 37
upgradeAutoConfigTestConfigurations .............................. 164
upgrading
Avaya Aura Device Services ...................................... 162
test configurations ...................................................... 164
upload
certificate file ...............................................................143

V
verifying
cassandra service started .............................................32
videos ................................................................................ 179
viewing
current CA .................................................................... 99
virtual IP address
configuring .............................................................. 53, 73
Virtual Machines .................................................................. 48

August 2017 Deploying Avaya Aura® Device Services 197

Comments on this document? [email protected]