Security

Figure 72: Avaya S8700-series Server with an Avaya MCC1 or an SCC1 Media Gateway

To provide the most secure environment that is possible for the system, network access should be divided into separate zones of control. These zones are sometimes referred to as DMZs.

One VLAN can be administered for administrative traffic, one for call signaling, another for voice bearer traffic, and so on.

Layer 3 boundary devices (routers, layer 3 switches, and firewalls) should be administered to enforce the corporate security policy on traffic that is destined for the Avaya S8700-series Server, its Avaya MCC1 or SCC1 Media Gateways, or adjuncts.

Packet filters can permit administrative access only from an administrator's PC and to deny access from the Avaya S8700-series Server or its gateways to the corporate LAN while allowing call signaling and bearer traffic from all IP Telephones appropriate access.

234 Avaya Application Solutions IP Telephony Deployment Guide

Page 234
Image 234
Avaya 555-245-600 manual Security