Testing, Environment | Avaya 555-245-600 specification

Avaya Communication Manager and Servers

Testing

During the development of the S8300, S8500, and S8700-series Servers, or in production of upgrades to its software, Avaya subjects the system to a variety of common “attack tools” to find any overlooked or accidentally created security holes. The exact set of tools that are used varies to keep up with the technology. Common tools include nmap and nessus. Security problems found by these efforts are corrected before the product or the service pack is released.

Environment

Avaya servers are as secure as reasonably possible, consistent with the operational needs of the product and business in which they are used. Security, however, does not end with the servers. These servers are connected to one or more networks that are, in turn, connected to other equipment in the enterprise.

Recommendations for network security

Avaya recommends that these servers be located behind a firewall. Where this firewall is located with respect to other LAN components must be designed on a case-by-case basis. Avaya Professional Services can assist owners in configuring their networks for both security and optimal IP Telephony operation. Other vendors also specialize in this type of consulting. Owners are advised to seek assistance if internal staff is not trained in these areas. Security holes that arise from negligence, ignorance, or oversight or the pressures of schedule or budget are all equally usable by hackers. Malicious activity is a moving target, and what is safe today might not be safe tomorrow. Avaya is committed to providing appropriate secure solutions for its products, and to continuously monitoring evolving security threats. Avaya S8700 and S8300 servers are appropriately secure against the known threats. Avaya responds quickly should new threats appear. Consult these resources for the latest security information:

●Your Avaya account team

●The Avaya support Web site: http://www.avaya.com/support

Click Security Advisory in the Technical Database list on the left side of the page.

Issue 6 January 2008 237

Image 237

Avaya 555-245-600 manual Testing, Environment, Recommendations for network security

Contents

Avaya Application Solutions For full legal page information, please see the documents About This Book Contents Greenfield deployment 109 LAN switching products 163 Deploying IP Telephony 175 Voice quality network requirements 245 Getting the IP network ready for telephony 281 Quality of Service guidelines 315 Index 373 Using this book OverviewAudience Downloading this book and updates from the Web Technical assistance Related resourcesWithin the US International Sending us comments Trademarks Avaya Application Solutions product guide Avaya Application Solutions IP Telephony Deployment Guide Avaya Application Solutions Communication Manager traffic flow Avaya servers Avaya Communication ManagerLinux-based servers Avaya Definity Servers Avaya Integrated Management Avaya Media Gateways Avaya Communication Manager applications Avaya communication devices Avaya SIP application enablement Avaya SIP solutions Avaya Distributed Office Distributed Office Configurations Networked remote sites Main business location Distributed Office benefits Distributed Office implementationSelecting a construct I40 constructs Analog I40 constructsT1/E1 Trunk Interface Construct Ports = BRI I120 constructs Distributed Office application module and media modules Avaya AM110 Application ModuleI120 constructs Analog 10/100 T1/E1 Streamlined Deployment Telephony media modulesLAN module Provisioning status Fully configured systems From-scratch configuration Partially configured systems Avaya Application Solutions platforms Avaya Application Solutions platforms Overview Terminology Avaya G700 Media Gateway with the S8300 Server Small to mid-size enterprise Stand alone Office Pstn with IP Trunk link To Avaya PBXs G700 hardware architecture Avaya G700 Media Gateway front view G700 Media Gateway Processor VoIP Engine complex Voice Announcement over the LAN Avaya IA770 Intuity Audix Messaging Option for S8300/G700 S8300 primary controller architecture S8300 as an LSP G450 Media Gateway G450 Features Vrrp RTP-MIB Supported media modules in the G450 G450 physical descriptionSupported media modules Media module Description Telephony media modules Voice over IP VoIP Additional featuresCall center capabilities WAN media modules LAN services Rapid Spanning Tree Protocol Rstp WAN servicesPort mirroring Port redundancy Management access security features Network security featuresMedia modules necessary for each WAN line G250 and G350 Media Gateways Alarms and troubleshooting featuresConverged Network Analyzer CNA test plug Link Layer Discovery Protocol Lldp G250 and G350 Features Ospf Modes of DeploymentPPP RIP G350 Configurations Fixed ports on the G350 front panel Port Description G350 Specifications Button Description Buttons on the G350 front panelRST ASB TTR Additional G350 functions and capacities Function Capacity Avaya G250 analog Media Gateway Chassis G250 Configurations Line TrunkIsdn BRI Console G150 Media Gateway G250 DCP and G250 DS1 Media GatewaysETR IG550 Integrated Gateway Personal computers IG550 features J4350/J6350 Services Router features CLI Slot numbers on the Juniper J4350 Services Router IG550 and J4350 Services Router physical description Slot locations on J6350 Services Router IG550 and J6350 Services Router physical description TGM550 Gateway Module TGM550 physical description Series Router Physical Interface Modules Supported interface modules Modules Description Interface module capacities Description Capacity Comments Summary of services Configuring media gateway options Converged Network Analyzer CNA test plug Backup and restore IG550 maximum media gateway capacities Avaya S8400 Server Definity CSI TN8400AP circuit pack S8400 Server Small to mid-size enterprise Avaya Application Solutions platforms Mid-market to large enterprise Avaya S8700-series Server, fiber-PNC configurationS8500 Server S8500 capacities S8700-series Servers S8720 and S8730 Servers Avaya S8700-series external features S8700-series external features Other components Internal hardware elements Avaya S8700/MCC1 fiber-PNC major components Control network through an Avaya Ethernet switch S8700-series / MCC1 signaling path Circuit packs that support IP signaling and media traffic Mid-market to large enterprise Avaya Application Solutions platforms TN2302AP Media Processor operation Media Gateways MCC1 Media Gateway SCC1 Media Gateway ATM network Center Stage Switch Standard reliability configuration S8700-series fiber-PNC configuration for higher availability Figure notes High reliability configuration S8700-series fiber-PNC in a high reliability configuration Avaya S8700-series Server IP-PNC configuration Critical reliability configurationS8700-series fiber-PNC survivability Location with another Avaya IP PBX S8700-series Server IP-PNC a basic phone call Main components S8700-series Server IP-PNC major components S8700-series IP-PNC reliability configurations S8700 IP-PNC standard configuration S8700 IP-PNC configuration Combined IP and fiber Port Network Connectivity Server Supported Direct Media Gateway CapacityReliabilities Supported Central Connect Gateways Capacity limit for media gateways Configuration rules Ipsi Mixed reliability options Processor Ethernet ESS support for combined IP-PNC and fiber-PNC configurations LSP Avaya IP Office Components needed for Greenfield deployment Greenfield deployment Greenfield IP Telephony deployment Servers H.323 Gatekeeper Media Gateways and Port Networks Avaya Communication Manager S8300 standalone solution small-to-midsize enterprise Greenfield configurations S8700-series / G650 IP-PNC Medium-to-large enterprise solutions S8700-series IP-PNC system S8700-series IP-PNC with remote G700s or G350s S8700-series IP-PNC with remote G700 or G350s S8700-series with G150/G250 large number of remote branches Required circuit packs for S8700-series configuration Signaling path S8700 / G650 configuration Media flow path S8700 IP-PNC configuration Evolution from circuit-switched to IP Migration from Definity Server R to S8700 fiber-PNC Phase 1 Processor replacement S8700-series Servers fiber-PNC configuration IP-enabled Definity configuration Phase 2 IP-enable the Port Networks to support IP endpoints IP-enabling the S8700 fiber-PNC configuration Phase 3 Server consolidation S8700 / G700 / G350 system with Local Survivable Processors Intelligent networking and call routing Voice and multimedia networking Media Gateway control IP Port Network / Media Gateway connectivity Call Processing Communication Manager gatekeepersRegistration and alternate gatekeeper list Discovery and registration process to the gatekeeper Call signaling Media processor circuit packs VoIP resources Media stream handlingDtmf tone handling Media stream for audio conferencing Separation of Bearer and Signaling SBS Modem/Fax/TTY over IP Multi-location Pass-thru Fax, Modem, and TTYoIP options RelayOff Modem Off Fax, Modem, and TTYoIP options IP-based trunks IP tie trunks Trunk signaling Avaya SIP Enablement Services SES Overview SES ServerSamp SES Network Communication Manager as the SIP Feature ServerSES Edge Server SES Core Router SIP Endpoints Features SIP AdjunctsSIP Endpoints Home-edge single box solution SIP deployment scenariosSIP and DNS Multi-home multi-Communication Manager system Typical home/edge configuration Multi-home multi-Communication Manager configuration Multi-home single Communication Manager system Multi-home single Communication Manager configuration Call processing Avaya-Toshiba Solution Avaya-Toshiba Solution Avaya G860 Media Gateway G860 Front view System Controller Board G860 Components G860 Trunk Media Processing Module TP-6310 Configuration with Avaya Communication Manager Example configuration for call center Communication applications MobilityIP Telephones or IP Softphones Extension to Cellular Call Center applications Call Center Compact Call Center Messaging Avaya Call Management System CMS Unified Communication CenterConferencing systems Meet-me conferencing Meeting Exchange Enterprise Edition Avaya Meeting Exchange Solutions TDM Networks Meeting Exchange Web Conferencing Meeting Exchange Express Edition Video Telephony Solutions Application Programming Interfaces APIs Computer Telephony Integration CTI Best Services Routing BSR polling Page C363T Converged Stackable switch Avaya C360 converged stackable switches C363T-PWR Converged Stackable switch Features of the C360 converged stackable switches Stacking Layer 2 features Management Layer 3 features Power over Ethernet PoE Switches from Extreme Networks Available PoE Switch Options Avaya Power over Ethernet PoE switches 1152A1 Power Distribution Unit Midspan Power UnitsPower priority mechanism Designed usage Barrel connector through brick transformer Power modes Avaya IP TelephonesPower using adapters Interoperability with Wireless Access Point products 1152B Midspan Power Distribution Units Avaya Model Number 1152B Power Distribution UnitsSummary Number Ports VPN Client Converged infrastructure security gatewaysSG200 SG203 and SG208 VPN Client Page Deploying IP Telephony Avaya Application Solutions IP Telephony Deployment Guide Introduction Traffic engineering Topology Design inputs Design inputs Endpoint traffic usage Endpoint specifications Example 1 configuration data Endpoints Atlanta Boston Example 1 Station usageDCP Preliminary calculations Additional design criteria Communities of interest Call usage rates Traffic engineering Call usage rates Example 2 Uniform Distribution model Erlangs Traffic engineering Call usage rates ⎛ number of stations in Site i ⎞ ⋅ total outbound CUR Example 3 Empirical approach for existing systems Expanded COI matrices From endpoints in Site To endpoints in Site Example 4 Expanded COI matrices Endpoints in a three-site system Atlanta Boston Cleveland 12.7 Number of type t stations in Site From Site Network of Avaya systems and system sites COIs for multiple-site networks Overview Resource sizing Signaling resources Examples of media streams between Avaya endpoints Media processing and TDM resources IP-TDM-IP connectivity HairpinningShuffling Connectivity modes between two IP endpoints Intra-site TDM and Media Processing resource requirements COI Inter-site TDM and Media Processing resource requirements Example 5 TDM and media processing usage Re-categorization of CURs from Table Endpoints Totals Traffic engineering Erlangs G700 MGs 320 Processing occupancy Relationship Between Processing Occupancy and Bhcc Rate Direct media connect shuffling SIP traffic engineering LAN allocation and SIP trunks Registration SIP specific featuresSubscription and notification Instant messaging Communication Manager and SES server processor occupancy IP bandwidth and Call Admission Control COI Matrix Example 6 IP bandwidth considerations Resource sizing Bits Payload size per packet Packet 711 729 Example 7 LAN bandwidth Example 8 WAN bandwidth Resource sizing Final checks and adjustments Physical resource placement Avaya Distributed Office Traffic engineering Your security policy Security What are you protecting it from? What are you trying to protect?How likely is a threat against these assets? Recommendations for your security policy Built-in Linux security features Avaya Communication Manager and ServersProprietary vs. open operating systems One-time passwords Shell accessAvaya capitalizes on Linux’ security advantage Remote access Root access Monitoring and alarming Secure access LAN isolation configurations Data encryptionS8700 with Avaya MCC1 or SCC1 Media Gateways Security S8700-series Server with Avaya G650 Media Gateways Virus and worm protection Testing EnvironmentRecommendations for network security IP Telephony circuit pack security TN2312BP IP Server Interface IpsiTelnet Control link TN2302AP and TN2602AP Media Processors TN799DP Control LAN C-LAN Toll fraud Hacking methods Avaya’s security design Your toll fraud responsibilities Toll fraud indemnificationAdditional toll fraud resources Security Tune-up Service Security Audit ServiceToll Fraud Intervention Hotline Avaya Security HandbookPage Voice quality network requirements Network delay Codec delay Packet loss Jitter Network packet loss Packet loss concealment PLC Echo Signal levels Echo and Signal Levels CodecsTone Levels PCM CS-ACELPACELPMP-MLQ Codec and H.248 Media Gateways Silence suppression/VAD CNA Application Performance Rating Transcoding/tandeming Issue 6 January 2008 Voice Available application modelsVideo conferencing Enterprise model Avaya Integrated Management offers Integrated Management overview documents VoIP Monitoring Management Offer Administration Tools Offer System Management Offer Enterprise Network Management Offer Multi Router Traffic Grapher Third-party network management products HP OpenView Network Node Manager Network management models Centralized hybrid Distributed component Centralized management model Page Reliability and Recovery IPTDG43 Reliability Survivability solutions Release 3.0 system example S8700-series Server Separation Enterprise survivable servers ESS ESS System Capacities ESS and H.248 Media GatewaysESS and Adjunct Survivability Connection preserving upgrades for duplex servers Inter Gateway Alternate Routing IgarR2MFC Survivability for branch office media gateways Media Gateway recovery via LSP S8300/G700/G350 configuration Modem dial-up backup Auto fallback process IP endpoint recovery IP endpoint recovery Recovery algorithm IP Endpoint Time to Service Converged Network Analyzer for network optimization Changes in IP end pointsOperation with NAT/Firewall Environment IP endpoint recovery Page Getting the IP network ready for telephony Avaya Application Solutions IP Telephony Deployment Guide IP Telephony network engineering overview Access Layers in a hierarchical network Description CoreDistribution Voice quality Packet loss maximum packet/ frame loss between endpoints Jitter Best practices Common issues General guidelines LAN issues Speed and duplex Ethernet switches VLANs Vlan definedPort or native Vlan Vlan binding feature C360 Trunk configurationConfigured option Mod/port vid WAN QoS Codec selection and compressionRecommendations for QoS Serialization delay Network designRouting protocols and convergence Frame Relay Overview of frame relayMultipath routing Committed information rate burst range Frame relay issue and alternatives Additional frame relay information Mpls Convergence advantages VPN Communication security Managing IP Telephony VPN issues Network management and outsourcing models Firewall technologies Conclusion NAT IP Telephony without NAT Converged network design Design and ManagementDesign for Simplicity Design for Scalability Design for Manageability Server Cluster Topologies Layered Server Cluster Topology Layers Redundancy Integrated high density switch topology Redundant connections Layer Sample spanning tree Vrrp configured for Core Access References for Converged network design on Page CoS Quality of Service guidelines IP precedence bits ToS bits Comparison of Dscp with original TOS Layer 3 QoS Layer 2 QoS Serialization delay matrix QoS guidelinesPacket size Line 128 256 512 1024 1500 Speed Bytes Layer 3 QoS 802.1Q tag Ieee 802.1 p/Q Recommendations for end-to-end QoS DiffServ Differentiated Services DiffServ TOS byte CRITIC/ECP Original TOS specification Bit Value Use Description Round-robin Queuing methods CB-WFQ / LLQ / CBQ Frame Relay traffic shaping Traffic shaping and policing MTU Fragmentation Application perspective FRF.12 Recommendations for RTP header compression Network perspective RTP header compression test Equipment configuration for RTP header compression test Configuration Examples of QoS implementation Assumptions for Example High-quality service across a congested WAN link Command Meaning Administration commands for Example Example 2 C-LANS cannot tag their traffic CommandMeaning Example 3 More restrictions on the traffic X330 WAN Module Converged infrastructure LAN switches Trust packet tagging Change control Network recovery Layer 2 mechanisms to increase reliability Spanning treeLink Aggregation Groups Layer 3 availability mechanisms Routing protocolsVrrp and Hsrp Multipath routing Dial backup Ospf RIP Convergence times Converged Network Analyzer Converged Network Analyzer CNA components Headquarters CNA deployment Measurement plane Simultaneous monitoring of all paths Controlling edge routers Configuration and deployment details Avaya network readiness assessment services Problems with data networks What if my network functions well today? Basic network readiness assessment service Survey Site Configuration Survey Vital Agent analysis Detailed network readiness assessment service Detailed network readiness assessment process Customer can Data for individual Professional Customer responsibilities DiscoveryElement monitoring Synthetic IP Telephony measurements Remote analysisReport generation Customer deliverables Page Appendix a CNA configuration and deployment Basic configuration Configuring CNAConfiguring Virtual Module Interfaces Default Gateway BGP on the Engine Module Service Provider Access Links Measurements Assigning USTATs to ProvidersUstat GRE Tunnels Decision making Edge Router GRE Tunnel Interfaces Configuring the Routers Interface Tunnel1 Description GRE to provider1 Route Maps VIP Routing Routing Configuration Bgp cluster-id Route Reflection CNA commands Command summary Route-assert-filter force link provider1 Router Ra commands Interface Tunnel2 description GRE to provider2 Router Rb commandsPage Index CSS NAT LFI LAN WAN