Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Avaya SBCE

Status
Not open for further replies.
RedTech443

RedTech443

MIS
Nov 22, 2013
600
US
I have an Avaya Session Boarder Controller (SBCE) set up and working. I am able to log in with both droid and iphone devices, using the certificates on the server. Once logged in everything works, however the only problem I am having is I have to manually send the Cert files to the user so they can manually import them into their phone, I see on the APP there is a way to auto download the settings and files. What I cannot figure out is how to do this or enable it. Nor can I find documentation. Using Avaya SBCE 7 and CM 6.3 with System Manager 6.3.



 
Sort by date Sort by votes
Strange thing is, my One-X communicator on Windows Desktop will log in successfully with no problems. I am thinking it has something to do with the certs, but I am still not sure.



 
Upvote 0 Downvote
I'm getting ready to get this process started and in the documentation it's stating to install the EMS-ova and SBC-ova separate, but when I downloaded the SW from the support site I'm only seeing a fresh vmware install of SBCE6.3. Is EMS somehow included within this because I don't see a separate download for it?
 
Upvote 0 Downvote
There might be 2 versions - SBCE+EMS, or just EMS only (or maybe SBC only) and I believe you pick the deployment model.

You can have a standalone single VM of EMS+SBC, but you can't use that to manage 2 SBCs - so it's 1 VM, or 3 VMs
 
Upvote 0 Downvote
The support site only had fresh vmware installs of 6.3 and 7.0 (1 ovf) and no mention of ems. Wasn't sure if EMS was embedded within the SBCE7.0 ovf.
 
Upvote 0 Downvote
I think the ova has the whole thing and you pick your deployment type when you toss it in VMWare
 
Upvote 0 Downvote
circling back on this.. do you have 3 different vm's prepared (2 SBC and 1 EMs) and then run the same OVF on each, picking what is to be installed? Or do you have 3 vm's prepared and launching that OVF from one server then gives the options during the install on where each component gets installed? I have a very stringent server team that won't turn anything over w/o full details.

 
Upvote 0 Downvote
You deploy the OVF template first to create the VM with the required VM configs. Depending on capacities of which size you deploy for.

And with the whole M1/A1/B1 interfaces trusted/untrusted/management, you'll have your work cut out for you with the server team!

But I can say for sure that you don't build a blank VM first and install software on it, you actually deploy the configured OS and application from the OVA/OVF template and your first time booting on the console, you assign initial config like user accounts, NTP, IPs, etc.
 
Upvote 0 Downvote
Got it, but if the SBC is the H/A setup with the EMS server separate, does this 1 OVF go through the creation of each during the config portion?
 
Upvote 0 Downvote
Earlier release of one-X Communicator client doesn't require certificates to be installed. I believe starting with version 6.2.10 or higher you have to install the certificates just like the Avaya Communicator clients for windows/android/iOS devices.
 
Upvote 0 Downvote
No, you'd need to deploy it 3 times and choose EMS once and SBC twice
 
Upvote 0 Downvote
In the end we were able to get it working, however it took a lot of research and nothing was straight forward as usual.

After receiving the new 3rd party certificates they came in the format of 4 different files,

root.crt
intermediate1.crt
intermediate2.crt
ServerCertificate.crt

We generated them from the CSR generation tool on the SBCE after generating the CSR file it also came with the .key file.

here is what we had to do to install them and get the 3rd party certs working.

Following this guide
basically had to combine the 4 files into one PEM file and do everything via the command line from the SBC. Once everything was verified working, we had to install them from the GUI and reboot the server for changes to work.
 
Upvote 0 Downvote
Hi,

When you install 3rd party certs in SBCE did you also install the certs in Session Manager? or is just in the SBCE public interface facing the clients?
 
Upvote 0 Downvote
I'd guess either/or.
You'd define a security profile for a signaling interface - so, you could have your 3rd party cert on the public side and the default Avaya cert on the security profile of the signaling interface on the inside if you're still using those on SM.
 
Upvote 0 Downvote
Yes we did just Public side facing for the 3rd party certs.

 
Upvote 0 Downvote
Since you've just done this perhaps you can give me guidance.. I'm going through the installing SBCE7 in a Virtual environment documentation and I see mention of the various interfaces, but there is nothing that really speaks about a deployment in a DMZ and what specifically needs to be configured. I'm deploying an H/A pair with separate EMS for testing out Avaya Communicator for external users. All I see mention of is IP's for a mngt interface and nothing that speaks of anything public facing. Can you steer me in the right direction with this?
 
Upvote 0 Downvote
AvayaRedTech,

Quick question on the 3rd party certs. What would be certificates that needs to be installed on the client side that will talk to the SBCE? For example for SIP trunking that uses TLS and also for remote workers (Avaya clients, 3rd party SIP endpoints) that will talk TLS to the SBCE?

Thanks
 
Upvote 0 Downvote
If they are trusted 3rd party certs, then that should be sufficient, as the certs tell the server to go to the trusted site and verify they are trusted. For example, if you get your certs from godaddy, the client will see the certs on the sbce and the cert will tell it to validate against godaddy to ensure it is trusted. One way I checked was on my droid under security, there is a option for trusted certs, in that list was my CA provider so my phone knew it was trusted.

If they are not trusted certs, then you will have to use the same certs that are on your SBCE and manually download them to your client device and add them as a trusted cert. Which is more of a pain.



Hope this helps.



 
Upvote 0 Downvote
Also sorry wpetilli, I missed your message just realized. Hope you have this issue solved?





 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Y
  • Question
Certs for SBCE
Replies
2
Views
272
Instructor of Avaya
Instructor of Avaya
abdou9
  • Locked
  • Question
Avaya sbce sending rtp to the wrong AMS causing one way audio
Replies
1
Views
387
mattKnight
mattKnight
BIS
  • Question
Avaya Infinity
Replies
1
Views
319
gnesvik
gnesvik
Saltylad
  • Locked
  • Question
Avaya Workplace
Replies
2
Views
322
SouthernKnight
SouthernKnight
JM2009
  • Locked
  • Question
Avaya AACC 1
Replies
1
Views
426
Mo. Abdullah
Mo. Abdullah

Part and Inventory Search

Sponsor

Back
Top