Transcript
Avaya Solution & Interoperability Test Lab
Application Notes for Configuring SIP Connectivity between Avaya Voice Portal and Avaya Communication Manager using Avaya SIP Enablement Services – Issue 1.0
Abstract These Application Notes describe how to configure SIP connectivity between Avaya Voice Portal (VP) and Avaya Communication Manager using Avaya SIP Enablement Services (SES). The configuration consists of an Avaya SES home server functioning as a SIP proxy/registrar server with SIP trunking to Avaya Communication Manager. Avaya VP is a web-based and speech enabled interactive voice response system that is configured as an adjunct system on the Avaya SES home server. Secure SIP connectivity is achieved by utilizing Transport Layer Security (TLS) as the proxy transport for SIP signaling between Avaya Communication Manager, Avaya SES, and Avaya VP. In addition, these Application Notes describe how to configure media encryption using Secure Real-Time Protocol (SRTP) to enable secure communications for self-service customers.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
1 of 38 VP-SES-CM
1. Introduction These Application Notes describe how to configure SIP connectivity between Avaya Voice Portal (VP) and Avaya Communication Manager using Avaya SIP Enablement Services (SES).
1.1.
Avaya SIP Enablement Services
Avaya SES combines the standard functions of a SIP proxy or registrar server with SIP trunking support to create a SIP communication network supporting telephony, instant messaging, conferencing, and collaboration solutions. It is deployed in a network of one or more SES hosts, multiple Avaya Communication Manager, Avaya Modular Messaging, and Avaya VP systems. The Avaya SES integrates these servers into an overall system that delivers services on a system basis rather than an individual server basis. It utilizes a single administrative system for management of all user information in the SIP network. The configuration discussed in these Application Notes consists of an Avaya SES home server functioning as a SIP proxy/registrar server with SIP trunking to Avaya Communication Manager. The configuration also contains an Avaya SES edge server that functions as a core router for the SIP private network; however, it is not the focus of these Application Notes.
1.2.
Avaya Voice Portal
Avaya VP is a web-based and speech enabled interactive voice response system that is configured as an adjunct system on the Avaya SES home server. An Avaya SES adjunct is an entity that provides services to the Avaya SES home server via a SIP interface. The Avaya VP system is composed of a Voice Portal Management System (VPMS) server, one or more Media Processing Platform (MPP) servers, and typically includes web-based application servers that provide automated speech recognition and text-to-speech services. The MPP provides media processor resources and is the proxy interface to the web-based application servers. In these Application Notes, the VPMS uses the SIP protocol to communicate with Avaya Communication Manager via the Avaya SES home server. The VPMS provides centralized management for the MPP(s) and provides a web interface for administering the Avaya VP system. For Avaya VP, Avaya SES delivers invites to the VPMS.
1.3.
Secure SIP Connectivity
Secure SIP connectivity is achieved by utilizing Transport Layer Security (TLS) as the proxy transport for SIP signaling between Avaya Communication Manager, Avaya SES, and Avaya VP. TLS is a protocol that provides a mechanism for securely transmitting data over the network. The protocol allows client/server applications to use encrypted transmissions and to perform authentication by using digital certificates. This helps prevent eavesdropping, tampering with transmissions, and message forgery. Media encryption is achieved by using Secure Real-Time Protocol (SRTP) enabling secure communications for self-service customers. SRTP is a media encryption standard, defined in RFC 3711 as a profile of RTP. Please consult reference [7] in Section 8 of these Application
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
2 of 38 VP-SES-CM
Notes for RFC 3711. The implementation of SRTP, supported using Avaya Communication Manager Release 4.0 and Avaya VP Release 4.0 enables the following: •
Encryption of Real-time Transport Protocol (RTP) (e.g., AES-128 in counter mode).
•
Authentication of RTP and Real-time Transport Control Protocol (RTCP) streams using the HMAC-SHA1-80 keyed hash algorithm.
•
Direct SRTP connectivity between devices natively supporting SRTP.
•
The insertion of gateway media processing resources where required.
An incoming call from an Avaya Media Gateway trunk or endpoint to Avaya VP utilizes a TN2602AP media processor resource as an intermediary device. The TN2602AP media processor encrypts and authenticates the RTP media stream received from a trunk or endpoint on the way to the MPP server, and authenticates and decrypts the SRTP media stream in the opposite direction from the MPP server.
1.4.
Reference Network Configuration
Figure 1 illustrates the Retail Store Headquarters configuration used to verify these Application Notes. The Retail Store Headquarters location consists of the following equipment: • • • • • •
An Avaya S8710 Media Server pair An Avaya G650 Media Gateway (containing C-LAN and Crossfire Telephony Network (TN) boards) Avaya SES servers (separate home and edge servers) An Avaya Voice Portal system (VPMS, one MPP server, and Speech Servers) Avaya H.323 and SIP endpoints Network switches and a WAN router
All H.323 IP endpoints register to Avaya Communication Manager running on the Avaya S8710 Media Servers and all SIP endpoints register on the Avaya SES home server. Note: These Application Notes assume that the Retail Store Headquarters depicted in Figure 1 is already in place, as well as Avaya Communication Manager, Avaya Media Gateway, routers, and switches. Please consult the appropriate documentation in Section 8 for more information on installing and configuring these components.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
3 of 38 VP-SES-CM
Figure 1: Reference Network Configuration Diagram
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
4 of 38 VP-SES-CM
2. Equipment and Software Validated The following equipment and software were used for the sample configuration provided: Equipment Avaya Communication Manager • Avaya S8710 Media Server Avaya G650 Media gateway • IPSI (TN2312BP) • C-LAN (TN799DP) • IP Media Resource 320 (TN2602AP) Avaya Voice Portal • Voice Portal Management System • Media Processing Platform Avaya SIP Enablement Services • Home server • Edge server Avaya Telephones • 4625 Series IP Telephone • One-X Deskphone SIP for 9630 Series IP Telephone
Software 4.0.1 (R014x.00.1.731.1) HW 10 FW 040 HW 01 FW 024 HW 02 FW 030 4.0.0.0-2901 4.0.0.0-2901 4.0.0.0-032.0 4.0.0.0-032.0 R2.8 R1.0
Table 1 - Equipment and Version Validated
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
5 of 38 VP-SES-CM
3. Configure Avaya Communication Manager This section details the administration on Avaya Communication Manager that must be performed to set up SIP connectivity to Avaya VP using Avaya SES. These Application Notes assume all equipment in Table 1 has been previously administered with the exception of the configuration parameters required to interconnect Avaya VP with Avaya Communication Manager using Avaya SES. The following pages detail instructions on how to verify and administer the required configuration parameters. For additional information, please consult reference [2] in Section 8.
3.1. Verify Avaya Communication Manager Licenses To set up SIP connectivity to the Avaya VP system using Avaya SES, certain Avaya Communication Manger licenses must be active. The next steps verify these required licenses. If any licenses are missing, contact the Avaya Authorized Sales representative. The following commands were entered on an Avaya Communication Manager System Access Terminal (SAT) on the Avaya S8710 Media Server: Step Description 1.
Issue the command display system-parameters customer options to display the active licensed features. Go to Page 2 and verify that there is sufficient remaining SIP trunk capacity. The number of available SIP trunks is the difference between the Maximum Administered SIP Trunks and the USED field values. display system-parameters customer-options OPTIONAL FEATURES
Page
IP PORT CAPACITIES Maximum Administered H.323 Trunks: Maximum Concurrently Registered IP Stations: Maximum Administered Remote Office Trunks: Maximum Concurrently Registered Remote Office Stations: Maximum Concurrently Registered IP eCons: Max Concur Registered Unauthenticated H.323 Stations: Maximum Video Capable H.323 Stations: Maximum Video Capable IP Softphones: Maximum Administered SIP Trunks:
200 50 0 0 0 0 0 0 256
USED 93 4 0 0 0 0 0 0 120
Maximum Number of DS1 Boards with Echo Cancellation: Maximum TN2501 VAL Boards: Maximum Media Gateway VAL Sources: Maximum TN2602 Boards with 80 VoIP Channels: Maximum TN2602 Boards with 320 VoIP Channels: Maximum Number of Expanded Meet-me Conference Ports:
0 10 10 128 128 50
0 1 0 1 1 0
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
2 of
11
6 of 38 VP-SES-CM
Step Description 2.
Go to Page 3 and verify that the ARS/AAR Dialing without FAC field is set to “y”. The Automatic Alternate Routing (AAR) dialing without Feature Access Code (FAC) feature is required to route extensions or range of extensions over the SIP trunk to the Avaya VP system. display system-parameters customer-options OPTIONAL FEATURES Abbreviated Dialing Enhanced List? Access Security Gateway (ASG)? Analog Trunk Incoming Call ID? A/D Grp/Sys List Dialing Start at 01? Answer Supervision by Call Classifier? ARS? ARS/AAR Partitioning? ARS/AAR Dialing without FAC? ASAI Link Core Capabilities? ASAI Link Plus Capabilities? Async. Transfer Mode (ATM) PNC? Async. Transfer Mode (ATM) Trunking? ATM WAN Spare Processor? ATMS? Attendant Vectoring?
3.
y n y n n y y y y y n n n n y
Page
3 of
Audible Message Waiting? Authorization Codes? CAS Branch? CAS Main? Change COR by FAC? Computer Telephony Adjunct Links? Cvg Of Calls Redirected Off-net? DCS (Basic)? DCS Call Coverage? DCS with Rerouting?
11
y n n n n n y y y y
Digital Loss Plan Modification? y DS1 MSP? n DS1 Echo Cancellation? y
Go to Page 4 and verify that the Media Encryption Over IP field is set to “y” to allow for SRTP media encryption on calls routed to the Avaya VP system. display system-parameters customer-options OPTIONAL FEATURES Emergency Access to Attendant? y Enable 'dadmin' Login? y Enhanced Conferencing? y Enhanced EC500? y Enterprise Survivable Server? n Enterprise Wide Licensing? n ESS Administration? y Extended Cvg/Fwd Admin? n External Device Alarm Admin? n Five Port Networks Max Per MCC? n Flexible Billing? n Forced Entry of Account Codes? n Global Call Classification? n Hospitality (Basic)? y Hospitality (G3V3 Enhancements)? y IP Trunks? y
Page
4 of
11
IP Stations? y ISDN Feature Plus? ISDN Network Call Redirection? ISDN-BRI Trunks? ISDN-PRI? Local Survivable Processor? Malicious Call Trace? Media Encryption Over IP? Mode Code for Centralized Voice Mail?
y y y y n n y n
Multifrequency Signaling? y Multimedia Call Handling (Basic)? n Multimedia Call Handling (Enhanced)? n
IP Attendant Consoles? y
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
7 of 38 VP-SES-CM
Step Description 4.
Go to Page 5 and verify that the Private Networking and Uniform Dialing Plan fields are set to “y”. These fields, along with the ARS/AAR Dialing without FAC feature (shown in Step 3) allow for routing a range of extensions to the Avaya VP system for processing by various self service applications (as administered on Avaya VP). display system-parameters customer-options OPTIONAL FEATURES Multinational Locations? y Multiple Level Precedence & Preemption? n Multiple Locations? y Personal Station Access (PSA)? Posted Messages? PNC Duplication? Port Network Support?
y n n y
Processor and System MSP? n Private Networking? y Processor Ethernet? y
Page
5 of
11
Station and Trunk MSP? n Station as Virtual Extension? n System Management Data Transfer? Tenant Partitioning? Terminal Trans. Init. (TTI)? Time of Day Routing? Uniform Dialing Plan? Usage Allocation Enhancements? TN2501 VAL Maximum Capacity?
n n y n y y y
Wideband Switching? n Wireless? n
Remote Office? n Restrict Call Forward Off Net? y Secondary Data Module? y
3.2. Configure SIP trunk to Avaya SES Home Server This section details the administration on Avaya Communication Manager that must be performed to set up a SIP trunk to Avaya SES home server. Step Description 1.
Issue the command change node-names ip to assign the node names for the C-LAN board and Avaya SES home server. The node name for the Media Processor board is also assigned using this command. The following values were entered for the Name and IP Address fields for this configuration example: “ses-home1” and “30.1.1.35” for the Avaya SES home server, “CLAN” and “30.1.1.4” for the C-LAN board, and “MediaResource” and “30.1.1.32” for the IP Media Resource 320 board. Submit the changes. change node-names ip
Page
2 of
2
IP NODE NAMES Name ses-home1 C-LAN MediaResource
CB; Reviewed; SPOC 6/11/2007
IP Address 30.1.1.35 30.1.1.4 30.1.1.32
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
8 of 38 VP-SES-CM
Step Description 2.
Issue the command change ip-codec-set x, where x is the IP codec set number used for SIP connectivity to Avaya VP. For this configuration example, IP codec set 6 is used. Enter “G.711MU” as the only Audio Codec and retain the defaults for the remaining fields. For the Media Encryption field, enter “1-srtp-aescm128-hmac80” as the first choice encryption and authentication algorithms for SRTP. Submit the changes. change ip-codec-set 6
Page
1 of
2
IP Codec Set Codec Set: 6 Audio Codec 1: G.711MU 2: 3: 4: 5: 6: 7:
Silence Suppression n
Frames Per Pkt 2
Packet Size(ms) 20
Media Encryption 1: 1-srtp-aescm128-hmac80 2: 3:
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
9 of 38 VP-SES-CM
Step Description 3.
Issue the command change ip-network-region x, where x is the IP network region number (9 for this configuration). Enter “retail.com” for the Authoritative Domain field, “6” for the Codec Set field (refer to Step 2), and “yes” for the Intra-region IP-IP Direct Audio and Inter-region IP-IP Direct Audio fields. The IP-IP Direct Audio settings ensure the most efficient use of the TN2602AP Media Processor resources. change ip-network-region 9
Page
1 of
19
IP NETWORK REGION Region: 9 Location: Authoritative Domain: retail.com Name: Avaya VP MEDIA PARAMETERS Intra-region IP-IP Direct Audio: yes Codec Set: 6 Inter-region IP-IP Direct Audio: yes UDP Port Min: 16384 IP Audio Hairpinning? y UDP Port Max: 32767 DIFFSERV/TOS PARAMETERS RTCP Reporting Enabled? y Call Control PHB Value: 46 RTCP MONITOR SERVER PARAMETERS Audio PHB Value: 46 Use Default Server Parameters? y Video PHB Value: 26 802.1P/Q PARAMETERS Call Control 802.1p Priority: 6 Audio 802.1p Priority: 6 Video 802.1p Priority: 5 AUDIO RESOURCE RESERVATION PARAMETERS H.323 IP ENDPOINTS RSVP Enabled? n H.323 Link Bounce Recovery? y Idle Traffic Interval (sec): 20 Keep-Alive Interval (sec): 5 Keep-Alive Count: 5
4.
Go to Page 3 to configure the Inter Network Region Connection Management parameters between IP network region 9 (Avaya VP) and IP network region 1 (Retail Store Headquarters location). Set the Code Set field to “6” (refer to Step 2), “y” for the direct WAN field, and “NoLimit” for the WAN-BW-Limits field for calls routed between Avaya VP and the Retail Store Headquarters endpoints and trunks. Submit the changes. change ip-network-region 9
Page
3 of
19
Inter Network Region Connection Management src dst codec direct WAN-BW-limits Video rgn rgn set WAN Units Total Norm Prio Shr Intervening-regions 9 1 6 y NoLimit
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
Dyn CAC IGAR n
10 of 38 VP-SES-CM
Step Description 5.
Issue the command display ip-network-region x, where x is the IP network region number (1 for the Retail Store Headquarters location). Verify that the Inter-region IP-IP Direct Audio field is set to “yes” to ensure the most efficient use of the TN2602AP Media Processor resources for calls to Avaya VP. display ip-network-region 1
Page
1 of
19
IP NETWORK REGION Region: 1 Location: Authoritative Domain: retail.com Name: Retail HQ MEDIA PARAMETERS Intra-region IP-IP Direct Audio: yes Codec Set: 1 Inter-region IP-IP Direct Audio: yes UDP Port Min: 16384 IP Audio Hairpinning? y UDP Port Max: 32767 DIFFSERV/TOS PARAMETERS RTCP Reporting Enabled? y Call Control PHB Value: 46 RTCP MONITOR SERVER PARAMETERS Audio PHB Value: 46 Use Default Server Parameters? y Video PHB Value: 26 802.1P/Q PARAMETERS Call Control 802.1p Priority: 6 Audio 802.1p Priority: 6 Video 802.1p Priority: 5 AUDIO RESOURCE RESERVATION PARAMETERS H.323 IP ENDPOINTS RSVP Enabled? n H.323 Link Bounce Recovery? y Idle Traffic Interval (sec): 20 Keep-Alive Interval (sec): 5 Keep-Alive Count: 5
6.
Issue the command display cabinet x, where x is the cabinet number assigned to the Avaya G650-port carrier “A” at the Retail Store Headquarters location utilized for SIP connectivity to the Avaya VP. Verify that the IP Network Region field in set to “1” (refer to Step 5). display cabinet 1 CABINET CABINET DESCRIPTION Cabinet: 1 Cabinet Layout: G650-rack-mount-stack Cabinet Type: expansion-portnetwork
Location: 1 Rack:
Room:
CARRIER DESCRIPTION Carrier Carrier Type E D C B A
CB; Reviewed; SPOC 6/11/2007
IP Network Region: 1
not-used not-used not-used not-used G650-port
Floor:
Building:
Number PN PN PN PN PN
01 01 01 01 01
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
11 of 38 VP-SES-CM
Step Description 7.
Issue the command add ip-interface uucss, where uu is the cabinet, c is the carrier, and ss the slot of the respective C-LAN board. Enter “C-LAN” for the Node Name field (refer to Step 1). Enter the appropriate information for the Subnet Mask and Gateway Address fields (as shown). Set the Enable Ethernet Port field to “y” and the Network Region to “1” (refer to Step 6). Submit the changes. add ip-interface 01a02
Page
1 of
1
IP INTERFACES
Type: Slot: Code/Suffix: Node Name: IP Address: Subnet Mask: Gateway Address: Enable Ethernet Port? Network Region: VLAN:
C-LAN 01A02 TN799 D C-LAN 30 .1 .1 .4 255.255.255.0 30 .1 .1 .254 y 1 n
Link: Allow H.323 Endpoints? y Allow H.248 Gateways? y Gatekeeper Priority: 5
Target socket load and Warning level: 400 Receive Buffer TCP Window Size: 8320 ETHERNET OPTIONS Auto? y
8.
Repeat Step 7 to assign the IP Media Processor utilized for SIP connectivity to Avaya VP. Enter “MediaResource” for the Node Name field (refer to Step 1). Enter the appropriate information for the Subnet Mask and Gateway Address fields (as shown). Set the Enable Ethernet Port field to “y” and the Network Region to “1” (refer to Step 6). Submit the changes. add ip-interface 01a03
Page
1 of
1
IP INTERFACES
Type: Slot: Code/Suffix: Node Name: IP Address: Subnet Mask: Gateway Address: Enable Ethernet Port? Network Region: VLAN:
MEDPRO 01A03 TN2602AP MediaResource 30 .1 .1 .32 255.255.255.0 30 .1 .1 .254 y 1 n
ETHERNET OPTIONS Auto? y
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
12 of 38 VP-SES-CM
Step Description 9.
Issue the command add signaling-group x, where x is an available signaling group number. Signaling group 9 is used for this configuration example. Enter the following: • • • • • •
Group Type – “sip” Near-end Node Name – “C-LAN” (refer to Steps 1& 7) Far-end Node Name – “ses-home1” (refer to Step 1) Far-end Network Region – “9” (refer to Step 3) Far-end Domain – “retail.com” Direct IP-IP Audio Connections – “y” (allows for the optimization of RTP paths to reduce the use of IP Media Processor resources when possible)
Submit the changes. Note: Transport Layer Security “tls” is the default for the Transport Method field. The Nearend Listen Port and Far-end Listen Port for TLS is “5061”. add signaling-group 9
Page
1 of
1
SIGNALING GROUP Group Number: 9
Group Type: sip Transport Method: tls
Near-end Node Name: C-LAN Near-end Listen Port: 5061
Far-end Node Name: ses-home1 Far-end Listen Port: 5061 Far-end Network Region: 9
Far-end Domain: retail.com Bypass If IP Threshold Exceeded? y DTMF over IP: rtp-payload
Direct IP-IP Audio Connections? y IP Audio Hairpinning? y
Enable Layer 3 Test? n Session Establishment Timer(min): 120
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
13 of 38 VP-SES-CM
Step Description 10.
Issue the command add trunk-group x, where x is an available trunk group number. Trunk group 9 is used for this configuration example. Enter the following: • • • • • •
Group Type – “sip” Group Name – Enter a descriptive name TAC – Refer to the Dial Plan to enter an available trunk access code. Service Type – “tie” Signaling Group – “9” (Refer to Step 9) Number of Members – For this example configuration, 48 members were configured.
Submit the changes. add trunk-group 9
Page
1 of
21
TRUNK GROUP Group Number: Group Name: Direction: Dial Access? Queue Length: Service Type:
9 Group Type: To-SES/Home-Main COR: two-way Outgoing Display? n 0 tie Auth Code?
sip CDR Reports: y 1 TN: 1 TAC: 109 n Night Service: n Signaling Group: 9 Number of Members: 48
11.
Issue the command save translation to make the changes permanent.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
14 of 38 VP-SES-CM
3.3. Configure Call Routing to the Avaya Voice Portal system This section details the administration on Avaya Communication Manager that must be performed to set up call routing to the Avaya VP system. Step Description 1.
Issue the command change route-pattern x, where x is an available route pattern number. Route pattern 9 is utilized for routing calls to Avaya VP in this configuration example. For the Pattern Name field, enter a descriptive name for the route pattern. Enter the trunk group number assigned in Step 9 for the Grp No field, and assign an appropriate Facility Restriction Level ( 0 is the least restrictive) for the FRL field. Submit the changes. change route-pattern 9 Page Pattern Number: 9 Pattern Name: To VP-sip SCCAN? n Secure SIP? n Grp FRL NPA Pfx Hop Toll No. Inserted No Mrk Lmt List Del Digits Dgts 1: 9 0 2: 3: 4: 5: 6:
1: 2: 3: 4: 5: 6:
BCC VALUE TSC CA-TSC 0 1 2 M 4 W Request
ITC BCIE Service/Feature PARM
y y y y y y
rest rest rest rest rest rest
y y y y y y
CB; Reviewed; SPOC 6/11/2007
y y y y y y
y y y y y y
y y y y y y
n n n n n n
n n n n n n
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
1 of
3
DCS/ QSIG Intw n n n n n n
IXC
user user user user user user
No. Numbering LAR Dgts Format Subaddress none none none none none none
15 of 38 VP-SES-CM
Step Description 2.
Issue the command change uniform-dialplan x, where x is the leading digits (as defined in the dial plan) to be assigned for routing calls to Avaya VP. In this configuration example, the extension range 222-06xx is set aside for assigning extensions to various self-service applications served by Avaya VP. Go to Page 2 to add new entries. Enter the following: • • • • •
Matching Pattern – “22206” (Leading digits dialed) Len – “7” (The length of the extension) Del – “0” (No digit deletion) Net – “aar” (Sent to the Automatic Alternate Routing table) Conv – “n” (No conversion)
Submit the changes. change uniform-dialplan 22206 UNIFORM DIAL PLAN TABLE
Page
2 of
2
Percent Full: 0 Matching Pattern 22206
3.
Len Del 7 0
Insert Digits
Node Net Conv Num aar n
Issue the command change aar analysis x, where x matches the same leading digits used in Step 11. The AAR DIGIT ANANLYSIS TABLE matches the leading digits dialed (as per the Uniform Dial Plan) to the desired route pattern. Go to Page 2 to add new entries to the AAR DIGIT ANANLYSIS TABLE. Enter the following: • • • • •
Dialed String – “22206” (Leading digits dialed) Total Min – “7” (Minimum number of digits expected) Total Max – “7” (Maximum number of digits expected) Route Pattern – “9” (Refer to Step 1) Call Type – “aar” (Automatic Alternate Routing)
Submit the changes. change aar analysis 22206
Page
2 of
2
AAR DIGIT ANALYSIS TABLE Percent Full: Dialed String 22206
4.
Total Min Max 7 7
Route Pattern 9
Call Type aar
Node Num
2
ANI Reqd n
Issue the command save translation to make the changes permanent.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
16 of 38 VP-SES-CM
4. Configure Avaya Voice Portal This section details the administration on Avaya VP that must be performed to setup SIP connectivity to Avaya Communication Manager using Avaya SES. For additional information on how to configure Avaya VP with web-based application services to provide voice and speech response self-service applications, please consult references [2] [3] in Section 8 of these Application Notes. In addition, reference [2] describes how to configure Avaya VP to communicate with Avaya Communication Manager using the H.323 protocol.
4.1. Verify Avaya Voice Portal Licenses and Security Certificates Avaya VP utilizes primary and secondary WebLM servers for implementation of feature licenses. If activation of additional features or ports is required, an updated license file must be obtained and installed on the WebLM server. The license life contains details about the features and number of ports purchased. To obtain an updated license file, please contact the Avaya Authorized Sales representative. To configure TLS as the proxy transport for SIP signaling between Avaya VP, Avaya SES, and Avaya Communication Manager, a security certificate must be installed on Avaya VP and a complementary trusted certificate on the Avaya SES home server (refer to Section 5.1). These digital certificates are used to establish a mutually authenticated connection with the Avaya SES home server. The digital certificates can be externally generated by a third-party security vendor and then imported to the Avaya VP and Avaya SES home server. For more security information on Avaya VP, please consult reference [4] in Section 8 of these Application Notes. Note: During the installation of Avaya VP software, a different set of self-signed security certificates are generated for authentication and authorization during TLS communications between the VPMS and MPP(s). The following section illustrates how to verify the licenses and import the security certificate for Avaya VP. Step Description 1.
Access the VPMS web interface by typing the following URL on a web browser and then pressing
: “http:///VoicePortal” Log in to VPMS using proper credentials.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
17 of 38 VP-SES-CM
Step Description 2.
In the left pane of the VPMS window that appears, click on Expand All to show all options available under each section. Click on System Configuration Æ Licensing.
3.
Verify that there are sufficient licenses for Telephony Ports (including ASR and TTS connections if necessary). Click on System Configuration Æ Certificates.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
18 of 38 VP-SES-CM
Step Description 4.
To install the security certificate (.pks file) obtained by a third-party security vendor, enter its location in the Enter Security Certificate Path field or click on the Browse button to locate it. Enter the password for the security certificate provided by the security vendor in the Password field. Click on the Install button to import the security certificate. The resulting screen illustrates a successfully imported security certificate.
4.2. Configure a SIP Connection The following section illustrates how to configure a SIP connection on the Avaya VPMS. Step Description 1.
Click on System Configuration Æ VoIP Connections. Click on the SIP tab to continue.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
19 of 38 VP-SES-CM
Step Description 2.
Click on the Add button to add a SIP connection. Note: The Avaya VP 4.0 Release only supports one SIP connection.
3.
Enter the following to add a new SIP connection: • • •
Name – “SES-home” (A unique identifier for this SIP connection). Proxy Transport – “TLS” (A security certificate is required to be installed before adding SIP TLS connection (refer to Section 4.1)). Proxy Server Address – “ses-home1” (Fully-qualified domain name or an IP address).
Click on the Continue button. The VPMS verifies the information and tries to obtain the SIP proxy certificate from the Avaya SES home server. Note: The Proxy Server Port default for TLS is 5061, and the field changes accordingly when the proxy transport is selected.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
20 of 38 VP-SES-CM
Step Description 4.
Once the VPMS verifies the submitted information, additional fields appear including the obtained SIP proxy certificate. Enter the following: •
• •
SIP Domain – “retail.com” (The pattern used when routing outbound call to this SIP trunk [sip:@retail.com]). This entry matches the domain configured on the Avaya SES home server and on Avaya Communication Manager (refer to Step 9 in Section 3.2). Maximum Simultaneous Calls – “20” (The maximum number of calls that this SIP trunk can handle at one time). Number of Outbound Calls Allowed – “15” (The maximum number of simultaneous outbound calls allowed on this SIP trunk).
Make sure the SIP proxy certificate is valid and then click on the check box to insert a check mark for the Trust this certificate field. Scroll the screen down by using the scroll bar on the right to continue.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
21 of 38 VP-SES-CM
Step Description 5.
To configure the MPP to utilize SRTP media encryption, leave the default STRP values that are already selected, and click on the Add button to add the SRTP configuration in the Configured SRTP List window. Click on the Save button to commit the configuration for the new SIP connection.
6.
The screen below illustrates that the SIP connection has been successfully configured and saved.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
22 of 38 VP-SES-CM
4.3. Configure an Application The following section illustrates how to configure a test voice XML application to verify the SIP connection on Avaya VPMS. Please consult reference [2] in Section 8 to perform the following configuration tasks prior to configuring the test application: • • •
Adding the MPP server(s) Adding an ARS Server Adding a TTS Server
Step Description 1.
Click on System Configuration Æ Applications. Click the Add button to configure a new application.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
23 of 38 VP-SES-CM
Step Description 2.
In the Name field, enter a descriptive name for the test voice XML application “Test App 1”. Enter the URL “http:///mpp/misc/avptestapp/dtmf/intro.vxml” in the VoiceXML URL field. The URL is a link to the test voice XML application that resides on the MPP server. In the Speech Servers section, add the ASR and TTS servers as shown below (if available). In the Application Launch section, enter the extension “2220601” for the test application in the Called Number field and click on the Add button. The Avaya SES home server will have a corresponding Application ID to route this extension (refer to Step 4 in Section 5.3) to Avaya VP. Avaya Communication Manager will route the extension range 22206xx to the SIP trunks in order to reach the test application on Avaya VP (refer to Section 3.3). Click on the Save button to commit the configuration.
3.
Repeat Steps 1-2 to assign an extension to each additional application on Avaya VP.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
24 of 38 VP-SES-CM
5. Configure Avaya SIP Enablement Services This section only details the configuration required on Avaya SES to set up SIP connectivity to Avaya Communication Manager and Avaya VP and assumes the Avaya SES service is already in place. For additional administration information on Avaya SES, please consult references [6] in Section 8.
5.1. Importing Trust Certificate To configure TLS as the Proxy Transport for SIP signaling between Avaya VP, Avaya SES, and Avaya Communication Manager, a security certificate must be installed on Avaya VP and a complementary trusted certificate on the Avaya SES home server (refer to Section 4.1). These digital certificates are used to establish a mutually authenticated connection with the Avaya SES home server. The digital certificates can be externally generated by a third-party security vendor and then imported to the Avaya VP and Avaya SES home server. For more security information on Avaya VP, please consult reference [4] in Section 8 of these Application Notes. The following section illustrates how to verify the licenses and import the trusted certificate (for Avaya VP) on the Avaya SES home server. Step Description 1.
Access the Avaya SES home server web interface by typing the following URL on a web browser and then pressing enter: “http:///admin” Press the Continue button on the Welcome web page and then press the Yes button in the Security Alert pop-up window (not shown).
2.
When the Integrated Management Standard Manager Solutions Login web page appears, log in using proper credentials (not shown).
3.
Click the Launch Maintenance Web Interface link to enter the Maintenance web pages.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
25 of 38 VP-SES-CM
Step Description 4.
Click on Security Æ Trusted Certificates. In the Security Information pop window, click on the Yes button (not shown).
5.
Click on the Import button to add the externally generated trusted certificate (by a third-party security vendor) to allow for TLS as the proxy transport for SIP signaling between Avaya VP and the Avaya SES home server.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
26 of 38 VP-SES-CM
Step Description 6.
In the File Name field, enter the path and file name of the trusted certificate or click the Browse button to locate the file. Click on the View button to view the certificate information (not shown). Click on the Import button to continue.
7.
The following screen on the right appears upon successful import of the trust certificate. Click the OK button to continue. The Trusted Certificates web page illustrates the added certificate (shown below).
5.2. Configuring Media Server Interface Administrators can only administer Avaya SES on the master administration system. The recommended deployment is for the master administration system to be installed on the Avaya SES edge server in a SIP network as shown in Figure 1. Step Description 1.
Access the Avaya SES edge server web interface by typing the following URL on a web browser and then pressing enter: “http:///admin” Press the Continue button on the Welcome web page and then press the Yes button in the Security Alert pop-up window (not shown).
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
27 of 38 VP-SES-CM
Step Description 2.
When the Integrated Management Standard Manager Solutions Login web page appears, log in using proper credentials (not shown).
3.
Click the Launch Administration Web Interface link to enter the Administration web pages.
4.
Click on Media Servers Æ Add to add the Media Server Interface. Enter the following: • • • • • • • •
Media Server Interface Name – “C-LAN” (Any descriptive name). Host – “30.1.1.35” (Avaya SES home server). SIP Trunk Link Type – “TLS” (Refer to Step 9 in Section 3.2). SIP Trunk IP Address – “30.1.1.4” (Refer to Step 1 in Section 3.2). Media Server Admin Address – “30.1.1.3” (IP address of Avaya S8710 Media Server). Media Server Admin Login – “administrator” (Avaya Communication Manager administration account with System Access Terminal (SAT) access). Media Server Admin Password – “” Media Server Admin Password Confirm – “”
Click the Add button to continue.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
28 of 38 VP-SES-CM
Step Description 5.
Click the Update link to save the changes on both the Avaya SES home and edge servers.
5.3. Configuring Avaya Voice Portal as an Adjunct System Step Description 1.
Click on Adjunct Systems Æ Add to add the VPMS as an adjunct system. Enter “vpms-hq” for the VPMS name in the System Name field. For the Host field, select “30.1.1.35” which is the Avaya SES home server IP address with which the VPMS will be integrated. Click the Add button to submit the change. Click on the Continue button (not shown) to continue.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
29 of 38 VP-SES-CM
Step Description 2.
Click on the List Application IDs(1) link for the adjunct system added (vpms-hp) in Step 1.
3.
Click on the Add an Application ID link.
4.
Enter the extension “2220601” for the Application ID field (refer to Step 2 in Section 4.3). Repeat Steps 3 and 4 to add additional application IDs for each application extension on Avaya VP. Click the Add button to submit the change. Click on the Continue button (not shown) to continue.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
30 of 38 VP-SES-CM
Step Description 5.
Click on Adjunct Systems Æ List. Click on the List Adjunct Servers(0) link for the adjunct system added (vpms-hp) in Step 1.
6.
Click on the Add Another Adjunct Server to System vpms-hq link to add the MPP as the Adjunct Server for the VPMS adjunct system.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
31 of 38 VP-SES-CM
Step Description 7.
Enter “mpp1-hq” (a unique name for the MPP adjunct server) in the Server Name field. Enter the extension “2220699” that Avaya Communication Manager will use to reach the MPP adjunct server for the Server ID field (the Avaya SES uses this extension to form the SIP URI for the adjunct system). The Link Type field default is “TLS” (refer to Step 3 in Section 4.2). Enter the MPP server IP address “30.1.1.38” for the Server IP Address field. Click the Add button to submit the change. Click on the Continue button (not shown) to continue.
8.
Press the Update link to save the changes.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
32 of 38 VP-SES-CM
6. Verification Steps This section provides the tests that may be used to verify proper SIP connectivity between Avaya VP and Avaya Communication Manager using Avaya SES. Step Description 1.
From the VPMS administration web pages, click on System Maintenance Æ MPP Manager. Click on the check box to add a check mark next to the Server Name to select the MPP server(s). If the MPP server(s) Mode column fields are shown as “Offline”, click on the Online button under Mode Commands to change the Mode to “Online”. Click the Start button and then on the OK button (not shown) to start the MPP server(s). Click on the Refresh button (upper right hand side) to refresh the MPP Manager status. Verify that the MPP server(s) State column fields update to “Running” and the Config column fields update to “OK”. Note: If the MPP server was added prior to configuration of the SIP connection, it must be restarted in order to function properly.
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
33 of 38 VP-SES-CM
Step Description 2.
Click on System Maintenance Æ System Monitor. From the default VoicePortal Details tab, verify that the VPMS and MPP(s) do not have any active alarms (as shown below with green check marks in the Alarms column) and the Call Capacity fields for the MPP reflect the configured maximum simultaneous calls for the SIP connection (refer to Step 4 in Section 4.2).
3.
From the Avaya Communication Manager System Access Terminal (SAT), issue the command list trace tac x, where x is the assigned TAC (refer to Step 10 in Section 3.2). Place a call from IP station 2222005 to Avaya VP using the extension 2220601 assigned to access the test application (refer to Step 2 in Section 4.3). Verify the following: • • •
Route pattern 9 is chosen based on the dialed digits “2220601” and UDP/AAR configuration (refer to Section 3.3). A member of trunk group 9 is seized (Note the trunk group member number. It will be used in following step). The greeting “Welcome to Avaya Voice Portal Verification Application” is heard followed by the test menu prompts.
list trace tac 109 LIST TRACE time
data
10:50:53 dial 2220601 route:UDP|AAR 10:50:53 term trunk-group 9 cid 0x2c 10:50:53 dial 2220601 route:UDP|AAR 10:50:53 route-pattern 9 preference 1 cid 0x2c 10:50:53 seize trunk-group 9 member 5 cid 0x2c 10:50:53 Calling Number & Name 2222005 4625-hq 10:50:53 Proceed trunk-group 9 member 5 cid 0x2c 10:50:53 Alert trunk-group 9 member 5 cid 0x2c 10:50:53 G711MU ss:off ps:20 rn:9/1 30.1.1.38:30012 30.1.1.32:16956 10:50:53 xoip: fax:Relay modem:off tty:US 30.1.1.32:16956 uid:0x50062 10:50:53 active trunk-group 9 member 5 cid 0x2c 10:51:02 TRACE COMPLETE trunk-group 9 cid 0x2c
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
34 of 38 VP-SES-CM
Step Description 4.
Issue the command status trunk x/y, where x is the trunk group number and y is the member number (refer to Step 3) for the call placed in Step 3 from station 2222005 to the Avaya VP test application. Verify the following: • • • • •
The Signaling near-end IP address and port (Near-end IP Addr : Port fields) of the CLAN assigned in Steps 7 and 9 of Section 3.2 (for this configuration “30.1.1.4:5061”). The Signaling far-end IP address and port (Far-end IP Addr : Port fields) of the Avaya SES home server assigned in Step 4 of Section 5.2 (for this configuration “30.1.1.35:5061”). The Audio near-end IP address (Near-end IP Addr field) of the IP Media Processor utilized for SIP connectivity to Avaya VP assigned in Step 8 of Section 3.2 (for this configuration “30.1.1.32”). The Audio far-end IP address (Far-end IP Addr field) of the Avaya MPP server (for this configuration “30.1.1.38”). The Audio Connection Type field is “ip-tdm” even though IP-IP Direct Audio is enabled (refer to Step 3, Step 5 and Step 9 in Section 3.2).
Note: A network packet analyzer should also be utilized to verify media and signaling encryption between Avaya Communication Manager and Avaya VP. status trunk 9/5
Page
1 of
3
TRUNK STATUS Trunk Group/Member: 0009/005 Port: T00096 Signaling Group ID:
Service State: in-service/active Maintenance Busy? no
IGAR Connection? no Connected Ports: S00001
Port Signaling: 01A0217 G.711MU
Audio: 01A0504 Video: Video Codec:
Near-end IP Addr : Port 30. 1. 1. 4 : 5061 30.
1.
1. 32
: 16892
Far-end IP Addr : Port 30. 1. 1. 35 : 5061 30.
1.
1. 38 : 30004
Authentication Type: None Audio Connection Type: ip-tdm
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
35 of 38 VP-SES-CM
Step Description 5.
Go to Page 3 to view the SRC PORT TO DEST PORT TALKPATH information. Verify the following: •
The call leg from the IP Media Processor (30.1.1.32) to the Avaya MPP server (30.1.1.38) is utilizing the G.711 codec with SRTP media encryption (1-srtp-aescm128hmac80) as defined in Step 2 of Section 3.2 and in Step 5 of Section 4.2.
•
The call leg from station 2222005 (30.1.1.195) utilizes the IP Media Processor (30.1.1.32) as an intermediary resource (as shown in bold below) even though IP-IP Direct Audio is enabled (refer to Step 3, Step 5 and Step 9 in Section 3.2).
status trunk 9/5
Page
3 of
3
SRC PORT TO DEST PORT TALKPATH src port: T00096 T00096:TX:30.1.1.38:30004/g711u/20ms/1-srtp-aescm128-hmac80 01A0504:RX:30.1.1.32:16892/g711u/20ms/1-srtp-aescm128-hmac80:TX:tdm:a251 01A0501:RX:tdm:a251:TX:30.1.1.32:16884/g711u/20ms S00001:RX:30.1.1.195 :19942/g711u/20ms
dst port: S00001
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
36 of 38 VP-SES-CM
7. Conclusion These Application Notes described how to configure and verify SIP connectivity between Avaya VP and Avaya Communication Manager using Avaya SES. SIP connectivity is achieved by utilizing TLS as the proxy transport for SIP signaling between Avaya Communication Manager, Avaya SES, and Avaya VP. Media encryption is achieved using Secure Real-Time Protocol (SRTP) supported with Avaya VP 4.0 and Avaya Communication Manager 4.0, enabling secure communications for self-service customers.
8. Additional References Product documentation for Avaya products may be found at http://support.avaya.com. [1] “Administrator’s Guide for Avaya Communication Manager”, Issue 3.1, February 2007; Doc ID: 03-300509 [2] “Configuring Avaya Voice Portal with Avaya Communication Manager and Designing a Sample Speech Application using Avaya Dialog Designer”, Issue 1.0, September 2006 [3] “Administering Avaya Voice Portal 4.0”, May 2007 [4] “Avaya Voice Portal 4.0 Security White Paper”, May 2007 [5] “SIP Support in Avaya Communication Manager”, Issue 6.1, March 2007; Comcode: 555246-206 [6] “Installing and Administering SIP Enablement Services”, Issue 2.1, March 2007; Doc ID 03600768 The Internet Engineering Task Force (IETF) tracks and adopts some of the proposals published in RFC (Request for Comments) documents, as Internet standards. The following is a link to RFC 3711: http://www.ietf.org/rfc/rfc3711.txt [7] “The Secure Real-Time Transport Protocol”, RFC 3711, March 2004 [8] “SIP (Session Initiation Protocol)”, RFC 3261, June 2002
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
37 of 38 VP-SES-CM
©2007 Avaya Inc. All Rights Reserved.
Avaya and the Avaya Logo are trademarks of Avaya Inc. All trademarks identified by ® and ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. The information provided in these Application Notes is subject to change without notice. The configurations, technical data, and recommendations provided in these Application Notes are believed to be accurate and dependable, but are presented without express or implied warranty. Users are responsible for their application of any products specified in these Application Notes. Please e-mail any questions or comments pertaining to these Application Notes along with the full title name and filename, located in the lower right corner, directly to the Avaya Solution & Interoperability Test Lab at [email protected]
CB; Reviewed; SPOC 6/11/2007
Solution & Interoperability Test Lab Application Notes ©2007 Avaya Inc. All Rights Reserved.
38 of 38 VP-SES-CM
