Phone backup contacts - Best Replacement for MV_IPTel?

[bankingguy]

Hi Team,

I need to upgrade my Windows 2003 server running MV_IPTel. I need to ask, what is the best way to backup phone contacts if I will run a latest OS. Such as Windows 2012 or Linux 7.4? How do you backup yours?

 

[Wanebo]

FTP from what I remember. It's been a while. Check out the following link from the Avaya support forums.

https://support.avaya.com/forums/showthread.php?t=5124

 

[Wanebo]

But if it's time to move up from MV IPTel then it's time to install the Avaya utility server. IPTel you had to really play with permissions getting it to work on Win 2008 and I can only imagine it's gotten worse with 2012.

 

[bankingguy]

Right now there is no budget to install Utility server and I don't know if there is a separate installer for that if I don't want it on OVA. I tried searching for just an installer for Linux but cannot find it support website. and yes, security is one thing. got some ideas?

 

[jimbojimbo]

I typically use Apache HTTP Server with WebDAV

 

[bankingguy]

Hi Jimbojimbo,

Any security concerns when Phone tries to perform phone backup in Apache? What version of OS are you using? And version of your Apache? I need to remove my Windows 2K3 on the network Asap. Can you give me a high level overview how did you configure?

 

[janni78]

Since the example is on Windows they think you should give write access to Everyone, that shouldn't be the case if yo do it in Linux.
Should be enough that apache has write access to the folder where you store backups.


For Apache Web Servers

Create a “backup” folder under the root directory of your Web server, and make the folder writable by everyone. All backup files will be stored in that directory.
If your backup folder is for instance C:/Program Files/Apache Group/Apache2/htdocs/backup, the 46xxsettings.txt file should have a line similar to:

[SET BRURI

http://www.website.com/backup/

]

If your backup folder is the root directory, the 46xxsettings.txt file should have a line similar to:

[SET BRURI

http://www.website.com/

]

Edit your Web server configuration file httpd.conf.
Uncomment the two LoadModule lines associated with DAV:
LoadModule dav_module modules/mod_dav.so

LoadModule dav_fs_module modules/mod_dav_fs.so

NOTE: If these modules are not available on your system, typically the case on some Unix/Linux Apache servers, you have to recompile these two modules (mod_dav & mod_dav_fs) into the server. Other ways to load these modules might be available. Check your Apache documentation at

http://httpd.apache.org/docs/

for more details.

Add the following lines in the httpd.conf file:
#

# WebDAV configuration

#

DavLockDB "C:/Program Files/Apache Group/Apache2/var/DAVLock"

<Location />

Dav On

</Location>

For Unix/Linux Web servers the fourth line might look more like:

DavLockDB/usr/local/apache2/var/DAVLock

Create the var directory and make it writable by everyone. Right click Properties-->Security-->Add-->Everyone-->Full Control.

"Trying is the first step to failure..." - Homer

 

[jimbojimbo]

Bankingguy - There are always security concerns however if you have a segmented Voice VLAN then many of the concerns can be eliminated. Alternatively you can assign username/password for WebDAV but inconvenient. Since this is meta-data such as call history and contact info what are you security requirements? I also use the firewalld rules to limit the scope of subnets which can access the server. I disable SELinux since the context requirements can make changing files on the HTTP server a pain. You can also setup 802.1x provided you have setup a SCEP server to provide certificates to the phones. Keep in mind if you "clear" the phone you need to take the phone to a port without 802.1x so you can download the certificate again.

I run CentOS7 with automatic updates so I only have to reboot when kernel updates occur. I'm also on the latest phone firmware so HTTPS/TLS1.2 is what I use. There are plenty of notes/examples on the web about configuring apache HTTP security.

I use System Manager as a SubCA to the Enterprise CA and to sign the CSR for the Apache server.

Phone firmware download does require HTTP and not HTTPS.