JITC Installations

Introduction

Avaya Messaging is available in a version that is certified JITC compliant.

The Joint Interoperability Test Command (JITC) is a certifying agency for I.T. products for the U.S. Department of Defense. Corporations that deal with the various branches of the U.S. government may be required to have their software JITC certified to maintain the highest levels of interoperability, safety and security. JITC certified software has additional layers to help protect the client than non-certified software products.

Avaya Messaging can be purchased in a JITC certified format which encrypts the database files using FIPS approved encryption. Other security sensitive files and folders within Avaya Messaging are encrypted using Windows EFS. Communications use encrypted TLS (Transport Layer Security) protocols. This keeps all of your data and communications secure. Please contact your reseller for details.

When installing Avaya Messaging version 10.5+, almost all choices regarding program configuration are asked at the beginning so that the many components can be installed without interruption. The only variation that occurs after the initial selection is the PBX and integration type, which will be unique to most sites.

Requirements

Downloading Avaya Messaging

Avaya Messaging can be downloaded from the Avaya PLDS portal.  The same downloaded file can be used to install any version of the program including Single Server, High Availability (Primary, Secondary, Consolidated), Cloud Gateway, etc.

Download and save the file to a computer hard drive. It is a single, self-extracting executable file.  Copy the file to the destination computer(s) and double-click to extract all of the installation files to the local hard drive.

Run the Setup.exe file to launch the installer.

Continue with the chapter appropriate for your operating system (i.e. Windows 2019) or feature set (i.e. JITC).

Installation Preparation

Pre-requisites

•A JITC specific license for Avaya Messaging must be purchased.

•JITC installations are only supported on Windows Server 2012, 2016 and 2019.

All other system requirements are the same as for any other Avaya Messaging installation.

Deployment Configuration Considerations

•An Avaya Messaging server may be installed on the root drive (the same drive where Windows is installed). This must be a local drive. iSCSI targets are not supported.

•An Avaya Messaging server may be installed on a secondary drive (on a different drive from where Windows is installed). This must be a local drive. iSCSI targets are not supported.

•The drives may each be a physical drive (for best performance), or a single drive with partitions.

•The folders \uc\logs, \uc\DB, and \uc\messages may be mounted to a local drive. Network or mapped drives are not supported.

•In an ESX(i)/VMWare environment, SAN/iSCSI is supported, but only at the ESX(i) level. The iSCSI target must be mounted and managed by the ESX(i) host. If a virtual machine is to have a C drive and a D drive, they must be added as a virtual hard disk using the VMWare client.

•The rules for drive types and options are the same for virtual machine environments. The storage must be local, Direct Attached Storage or SAN.

Antivirus Applications

It is suggested that any antivirus applications currently active on the server computer be disabled during installation. Any other resource intensive applications or monitoring tools which may cause a conflict with the installation should also be disabled during the installation process.

Required Server Components

For Microsoft Windows Server 2012 R2, you must ensure that all the necessary server roles and features are installed on the system before proceeding with Avaya Messaging installation.

Server Roles and Features

1.From the Server Manager Dashboard, click Add roles and features.

If this screen is hidden, go to View and select Show Welcome Tile.

2.Click Next.

3.Leave the default settings as they are. Click Next.

4.Leave the default settings as they are. Click Next.

5.Enable the Application Server, Fax Server and Web Server (IIS) checkboxes.

Click Next.

Note: Throughout this installation, whenever you are prompted to confirm additions, always select Add Features.

6.Enable the .NET Framework 3.5 Features checkbox.

Optional:  If you plan to use SNMP Alarms with Avaya Messaging, the SNMP Service must be added to Windows before the program can be installed.  

If SNMP Alarms are required, scroll down and enable SNMP Service.

If SNMP Alarms are not required, skip this step.

Click Next.

7.Review the information, then click Next.

8.Ensure that HTTP Activation, under Windows Process Activation Service Support is enabled. Click Next.

9.On the Fax Server screen, click Next.

10.On the Print and Document Services screen, click Next.

11.No changes are required here. Click Next.

12.On the Web Server Role (IIS) screen, click Next.

13.Open Web Server > Common HTTP Features. Enable Directory Browsing, HTTP Errors, Static Content and HTTP Redirection.

Scroll down to Security, and enable Windows Authentication.

Under Application Development, enable .NET Extensibility 3.5, .NET Extensibility 4.5, ASP, ASP .NET 3.5, ASP .NET 4.5, CGI and WebSocket Protocol.

Locate FTP Server and enable FTP Service.

Click Next when ready.

14.Review the selections here. When ready to proceed, click Install.

15.If prompted to provide the Windows disk to load the files, click Specify an alternate source path and direct it to the appropriate drive.

16.Windows will now start the installation process for the chosen items. This process may take a while.

17.Once all changes are complete, Restart the server.

Installing Microsoft .NET Framework 4.8+

Avaya Messaging requires Microsoft .Net Framework version 4.8 or later to be installed to support various features within the program.  If it has not already been installed, the administrator must download it and install it manually.

1.Open a web browser and go to the Microsoft web site.  Search for the latest version of .Net Framework and install the application on the server.

2.Download the file to your server drive.  When ready, run the program to install this feature.

When finished, restart the server.

Certificates

Installing Certificates for Encrypted File System (EFS)

During installation, Avaya Messaging uses the Windows application Cipher to encrypt security sensitive files and folders.  This uses the certificate installed in the Personal folder of the current user (the service/DCOM user created during installation).  The certificate includes Encrypting File System under Intended Purposes.

Therefore, to ensure JITC compliance, you must to import the EFS certificate before installation.

Digital certificates can be purchased from a trusted Certificate Authority (CA), such as GoDaddy™ and Symantec™.  A properly constructed certificate issued by your corporation’s IT/Security team can also be used.

Installing a CA Signed Certificate

A Certifying Authority provides a file containing the certificate and the password that opens it.

Save the file to a known location on the voice server hard drive.

1.Open the Windows Control Panel and select User Accounts.

2.Click Manage your file encryption certificates.

3.Select A certificate issued by my domain’s certification authority. Click Next.

4.Enable Backup the certificate and key now, fill in the path to where the backup file will be saved, and give it a password. Click Next.

5.Enable All Logical Drives, then click Next.

6.The files will be encrypted. When it is finished, a result summary will be displayed. Click Close.

7.You can verify the success of the installation by opening the certmgr.msc.
Go to Personal > Certificates and verify that the certificate appears under your user name.

Backup and Restore the Certificate File

If you are using a certificate file from another source, or if you have not done so already, you should create a backup copy of the file.  If the certificate becomes corrupt, none of your data will be accessible unless the certificate can be restored.  

This section covers how to backup and restore the certificate file.

Backing-up the Certificate

To create a backup copy of the certificate file...

1.Launch the Certificate Manager console in Windows.
Right-click the Windows icon and choose Run.  Enter certmgr.msc and hit OK.

2.In the left-hand pane, open Personal > Certificates.  Your certificate(s) will be displayed in the right-hand pane.

3.Right-click the certificate and select All Tasks > Export.

4.When the Certificate Export Wizard starts, click Next.

5.Enable Yes, export the private key and click Next.

6.Enable Export all extended properties.  Choose Next.

7.The backup copy of the certificate file requires a password for encryption.  
Enable Password, then enter a password and re-enter to confirm.  When ready, click Next.

8.Save the file to your hard drive.  Click Next.

9.All parameters have been configured.  Review the settings and click Finish when ready.

10.A backup of the certificate file has been successfully created.  Click OK.

For maximum security, copy the file you just created to another drive (e.g. on another computer, network storage, on a thumb drive, etc.).  If the original computer is completely inaccessible, saving the file to another location will still allow you regain access to the system.

Restore the Certificate

To restore the certificate file from a backup...

1.Launch the Certificate Manager console in Windows.  Right-click the Windows icon and choose Run.
Enter certmgr.msc in the space, then hit Enter.

2.In the left-hand pane, the Personal folder will be empty.
Right-click in the right-hand pane.  Select All Tasks > Import.

3.When the Certificate Import Wizard starts, click Next.

4.Locate the backup file and select Next.

5.Enter the password that was used to secure the backup file.  Enable Include all extended properties.

6.Ensure that the restored certificate will be copied to the Personal store and click Next.

7.The configuration is complete.  Review the settings and click Finish when ready.

8.The certificate file will be copied onto the operating system of the current computer.

The certificate file has been successfully restored.

Reboot the server to have the changes take effect.

Import the Certificate on All Servers

1.Login to the server as any user.

2.Right-click Start > Run and enter CMD to launch the command line editor.

3.At the command line, enter the following inserting your credentials:

runas /user:computername\UciisUser “mmc certmgr.msc”

Click OK.

When prompted at the command line, enter the password for the UCIISUser.

The Certificate Manager console will open.

4.In the left-hand pane, the Personal folder will be empty.
Right-click in the right-hand pane.  Select All Tasks > Import.

5.When the Certificate Import Wizard starts, click Next.

6.Locate the backup file and select Next.

7.Enter the password that was used to secure the backup file.  Enable Include all extended properties.

8.Ensure that the restored certificate will be copied to the Personal store and click Next.

9.The configuration is complete.  Review the settings and click Finish when ready.

10.The certificate file will be copied onto the operating system of the current computer.

The certificate file has been successfully restored.

Reboot the server to have the changes take effect.

IIS Certificate Bindings

To enable an HTTPS connection, another certificate has to be installed in IIS. This certificate must be acquired from a certifying authority.

The HTTPS protocol must be enabled, and HTTP disabled.

1.On the computer that functions as the web server, open the IIS Manager console.
Select the local computer. Open Server Certificates in the right-hand pane.

2.Right-click in the right-hand pane and choose Import from the pop-up menu.

3.Enter the path to the certificate file and the password. Select Personal as the Certificate Store. Click OK.

4.Go to Sites > Default Web Site.
Click Bindings....

5.Add the HTTPS binding type.
Set the IP Address to All Unassigned. Leave Port at its default.
Change SSL Certificate to the certificate name installed above.
Click OK.

6.Remove HTTP from the list of bindings.
Click Close.

Disabling User Account Control Notification

1.Go to Settings > Control Panel. Select User Accounts.

2.Select Change Account Settings.

On the User Account Control Settings screen, click and drag the slider down to Never Notify.

Click OK and Close.

3.On the keyboard, click the Start button, and select Administrative Tools.

4.Double-click Local Security Policy.

5.Under Security Settings > Local Policies > Security Options, double-click
        User Account Control: Run all administrators in Admin Approval Mode.

6.Select Disabled. Click OK.

7.Reboot the server.

Install Microsoft .Net Framework 4.8+

Avaya Messaging requires Microsoft .Net Framework version 4.8 or later to be installed to support various features within the program.  If it has not already been installed, the administrator must download it and install it manually.

1.Open a web browser and go to the Microsoft web site.  Search for the latest version of .Net Framework and install the application on the server.

2.Download the file to your server drive.  When ready, run the program to install this feature.

When finished, restart the server.

Installing Avaya Messaging for JITC on a Single Server

This section covers installing Avaya Messaging in Single Server configuration. If you are planning a High Availability installation, jump to here.

Continue with the Avaya Messaging installation. The presence of a JITC license will be noted during installation and the appropriate files will be loaded. Encryption will be automatically enabled at that time.

Installation

1.Download the installation file (see chapter 4).  Run the file (double-click) to extract the contents.  Specify the location on your hard drive where you want to save the files.

2.In the extraction folder, run Setup.exe as administrator to install Avaya Messaging onto your voice server.

3.Once the Windows components have been verified, click Next to begin the installation.

4.Enter the DCOM user info (domain user account which has local administrator rights).  This is required by services which use local administrator rights.

Click OK after entering the necessary credentials.

5.Review all the license agreements and select
I accept the license agreement.

Click Next to continue.

6.You will be asked to select the destination of the installation. You may change the hard drive destination through the drop down menu. By default, the installation will create a UC folder on the C drive.

Click Next to continue.

7.Enable Single UC Server.

Click Next.

Single UC Server: When operating Avaya Messaging on a single server computer.

   Multiple UC Servers in High Availability: When running Avaya Messaging in High Availability mode for redundancy.

Avaya Messaging Cloud Gateway: Gateway allows end-to-end synchronization between the Avaya Aura Messaging server and Google's Gmail using Avaya Messaging message sync and the CSE.

8.Select the Avaya WebLM License option.

9.The License Upgrade Utility program opens and prompts you to enter the IP Address for the computer that houses the WebLM license engine.

Enter the address in the space provided, then click OK.

10.The utility will retrieve your license details from the server and display them here.  Review the license details and click Exit when ready.

11.Select the Components required at your site.

Click Next.

12.This screen shows all of the Windows roles and features that Avaya Messaging requires to operate properly.

For all items that are not checked, return to Windows and add any missing pieces to the operating system.

Click Next when finished or to refresh the display.

13.This screen shows IIS settings that Avaya Messaging requires to operate properly.

For all items that are not checked, return to the IIS Manager in Windows and set these options as required.

Click Next when finished or to refresh the display.

14.Select your PBX Brand then click Next.

15.Select your PBX model from the dropdown menu.

Click Next.

16.Enter the primary location from which most telephone calls will be placed. This will normally be where the corporate office is situated. Additional dialing locations and rules may be defined after the installation is complete.

Select the country from the dropdown menu, and enter the area code in the space provided.

Click Next to continue.

17.Enter and verify the password used for the local UC IIS User.  This is used when logging into any associated web applications, such as Web Access.

18.Enter a password to provide administrator only access to the system. This account password is used to configure the many elements of the system.

19.Enter the database encryption password. The database files will be encrypted with this password using the FIPS 140-2 certified security algorithms.
This password must meet the requirements outlined here.

20.Choose either Yes or No to determine whether the system will apply General Data Protection Regulation (GDPR) compliance procedures to your data.
With this option enabled, users and callers are notified that personal information will be collected.  This information can also be completely removed from the system upon request.

21.The preliminary information required for installation is now complete.

Click Next.

22.The selected components will now be installed. This process may take a while. 

23.If you are warned about components being in use, either use the Automatic Close option or manually close the process which is interfering with the installation.

Click OK when ready.

24.After all the components are copied, you may be asked to provide the settings for the PBX that you have chosen. Since this process varies greatly from system to system, please ensure that you configure your site’s PBX exactly as required.

25.Provide any additional settings for SIP integration for your site.

Click Next to continue.

26.After all the components are copied, you may be asked to provide the settings for the PBX that you have chosen. Since this process varies greatly from system to system, please ensure that you configure your site’s PBX as required.

27.On the SSO Configuration screen, enable Legacy SSO.  From the dropdown menu, enable the Providers that you want your clients to be able to use to access Web Admin, Avaya Messaging Admin, Web Access, and Web Reports.  Items that are disabled will not appear during client login.

When clients / admins want access to these programs, they login using their credentials for one of the listed programs.  They must have an account with that application before they can login.

Enable all that apply, then click OK.

Click Save when finished.

28.Click Finish to restart the server.

If you wish to restart your computer at a later time, disable the Restart check box then click Finish.

29.This alert is to remind you to properly share the UC installation folder (see here for details).

Click OK to restart the computer.

30.Verify that the Encryption File System (EFS) certificate has been saved to another secure location (see Backup and Restore the Certificate File on page 357).  If the certificate becomes corrupted, UC Communication will no longer function and are unrecoverable without this backup file.

Click OK to restart the computer.

Import Certificates

Once the installation is complete, remember to import both the UCIIS User and the UCAdmin user certificates to this computer.  See here for details.

Installing Avaya Messaging for JITC with High Availability

This section covers installing Avaya Messaging for JITC in a High Availability (HA) configuration. If you are planning a Single Server installation, jump to here.

An HA installation involves up to 21 servers: 1 Primary voice server, 1 Consolidated server, and up to 20 Secondary servers.  The program must be installed and configured on all 3 types of server.  If any of the servers fail, the remaining servers take over with no interruption in service.  The multiple server configuration also spreads large traffic loads across many machines to improve performance.

Continue with the Avaya Messaging installation.

The installation process for each type of server is slightly different and each will be covered separately here:

•Primary Voice Server

•Consolidated Server (Primary)

•Secondary Voice Servers

•Secondary Consolidated Server

•Installing Remote CSE Under JITC

•Installing Remote Web Server Under JITC

Primary Voice Server

1.Download the installation file (see chapter 4).  Run the file (double-click) to extract the contents. Specify the location on your hard drive where you want to save the files.

2.In the extraction folder, run Setup.exe as administrator to install Avaya Messaging onto the Primary server.

3.Once the Windows components have been verified, click Next to begin the installation.

4.Enter the DCOM user info (domain user account which has local administrator rights).  This is required by services which use local administrator rights.

Click OK after entering the necessary credentials.

5.Review the license agreement and select
I accept the license agreement.

Click Next when ready.

6.You will be asked to select the destination of the installation. You may change the hard drive destination through the drop down menu. By default, the installation will create a UC folder on the C drive.

Click Next to continue.

7.Enable Multiple UC Servers in High Availability.

Click Next.

Single UC Server: When operating Avaya Messaging on a single server computer.

Multiple UC Servers in High Availability: When running Avaya Messaging in High Availability mode for redundancy.

Avaya Messaging Cloud Gateway: Gateway allows end-to-end synchronization between the Avaya Aura Messaging server and Google's Gmail using Avaya Messaging message sync and the CSE.

8.Select Primary Voice Server.

Click Next.

9.When prompted, click Run to confirm the installation. The necessary files will be installed.

10.Once the process is complete the licensing screen will appear. It is recommended that you use Online Activation whenever possible. To do so, simply enter the Serial Number and Site ID .

Click Request Online Activation when finished.

11.Most of the fields in the Customer Site Registration window should already be filled in based upon the license and site numbers entered. Complete the form where necessary (all fields are required).

12.Confirm the contents of your license then click on the Set as Active License button.

13.If the process was successful the following confirmation screen will appear.

Click OK.

14.Click Exit to close the license window and continue with the installation.

15.This reminder may appear.

Click OK.

16.Select the Components required at your site.

Click Next.

17.This screen shows all of the Windows roles and features that Avaya Messaging requires to operate properly.

For all items that are not checked, return to Windows and add any missing pieces to the operating system.

Click Next when finished.

18.This screen shows IIS settings that Avaya Messaging requires to operate properly.

For all items not checked, refer to IIS Certificate Bindings for configuration details.

Click Next when finished.

19.Select your PBX Brand then click Next.

20.Select your PBX model from the dropdown menu.

Click Next.

21.If you will be installing a Secondary Consolidated server with your system, click Yes.

Otherwise, choose No.

A Secondary Consolidated server is optional.

22.Enter the IP Address for the Consolidated Server, and if selected, the IP Address for the Secondary Consolidated Server.

Both Consolidated servers require their own computers, but for now you only need to know their IP Addresses.

Click Next.

23.Enter the number of ports your system will use.

Click Next.

24.Enter the primary location from which most telephone calls will be placed. This will normally be where the corporate office is situated. Additional dialing locations and rules may be defined after the installation is complete.

Select the country from the dropdown menu, and enter the area code in the space provided.

Click Next to continue.

25.Enter and verify the password used for the local UC IIS User.  This is used when logging into any associated web applications, such as Web Access.

26.Enter the database encryption password. The database files will be encrypted with this password using the FIPS 140-2 certified security algorithms.

27.Enter the values in the spaces provided. These are provided with the certificate (either self-signed or a CA signed).

These values are used when configuring the certificates on here.

28.The preliminary information required for installation is now complete.

Click Next.

29.The selected components will now be installed. This process may take a while. 

30.If you are warned about components being in use, either use the automatic option or manually close the process which is interfering with the installation.

Click OK when ready.

31.After all the components are copied, you may be asked to provide the settings for the PBX that you have chosen. Since this process varies greatly from system to system, please ensure that you configure your site’s PBX exactly as required.

32.Provide any additional settings for SIP integration for your site.

Click Next to continue.

33.After all the components are copied, you may be asked to provide the settings for the PBX that you have chosen. Since this process varies greatly from system to system, please ensure that you configure your site’s PBX as required.Click Finish to restart the server.

If you wish to restart your computer at a later time, disable the Restart check box then click Finish.

34.This alert is to remind you to properly share the UC installation folder (see here for details).

35.Once the installation is complete, remember to import the UC IIS User certificate to this computer.  See here for details.

36.Verify that the Encryption File System (EFS) certificate has been saved to another secure location (see Backup and Restore the Certificate File on page 357).  If the certificate becomes corrupted, UC Communication will no longer function and are unrecoverable without this backup file.

Click OK to restart the computer.

Consolidated Server (Primary)

1.Download the installation file (see chapter 4).  Run the file (double-click) to extract the contents.  Specify the location on your hard drive where you want to save the files.

2.In the extraction folder, run Setup.exe as administrator to install Avaya Messaging onto your Consolidated server.

3.Once the Windows components have been verified, click Next to begin the installation procedure.

4.Enter the DCOM user info (domain user account which has local administrator rights).  This is required by services which use local administrator rights.

Click OK after entering the necessary credentials.

5.Review all the license agreements and select
I accept the license agreement.

Click Next to continue.

6.You will be asked to select the destination of the installation. You may change the hard drive destination through the drop down menu. By default, the installation will create a UC folder on the C drive.

Click Next to continue.

7.Enable Multiple UC Servers in High Availability.

Click Next.

Single UC Server: When operating Avaya Messaging on a single server computer.

Multiple UC Servers in High Availability: When running Avaya Messaging in High Availability mode for redundancy.

Avaya Messaging Cloud Gateway: Gateway allows end-to-end synchronization between the Avaya Aura Messaging server and Google's Gmail using Avaya Messaging message sync and the CSE.

8.Select Consolidated Database/File Server.

Click Next.

9.Enter the IP address for the Primary voice server.
Click Next.

10.On the C drive, open the Logs folder.

Open the file named icense using any text editor (e.g. Notepad).

Verify Highsecurity=1. If it does not, verify that the same file (Avaya Messaging Installation drive:\UC) on the Primary voice server does have this setting. If the setting is valid on the Primary, there is a connection or a sharing problem between the two machines. If the Primary is not correctly set, contact your reseller for an updated license.

Once any connection or sharing problems have been fixed, return to step 9 and check again for this file.

11.Select the Components required at your site.

Click Next.

12.This screen shows all of the Windows roles and features that the Consolidated server requires to operate properly.

For all items that are not checked, return to Windows and install any missing pieces into the operating system.

Click Next when finished.

13.Select your PBX Brand then click Next.

14.Select your PBX model from the dropdown menu.

Click Next.

15.Unless the Primary Server has been upgraded, enable No.

Click Next.

16.If you will be installing a Secondary Consolidated server with your system, click Yes.

Otherwise, choose No and continue with the next step.

A Secondary Consolidated server is optional.

Enter the Computer Name for the Secondary Consolidated server.

17.
Both Consolidated servers require their own computers, but for now you only need to know their IP Addresses.

Click Next.

18.Enter and verify the password used for the local UC IIS User.  This is used when logging into any associated web applications, such as Web Access.

19.Enter a password to provide administrator only access to Avaya Messaging. This account password is used to configure the many elements of the system.

20.Enter the database encryption password. The database files will be encrypted with this password using the FIPS 140-2 certified security algorithms.

21.Enter the values in the spaces provided. These are provided with the certificate (either self-signed or a CA signed).

These values are used when configuring the certificates on here.

22.Enter an encryption password to protect Mobilink communications.

23.Enter a password for the Mobilink identity file.

Click Next.

24.Enter and verify the password used for the local UCAdmin User.  This is used when logging into any associated web applications, such as Web Access.

25.Choose either Yes or No to determine whether the system will apply General Data Protection Regulation (GDPR) compliance procedures to your data.
With this option enabled, users and callers are notified that personal information will be collected.  This information can also be completely removed from the system upon request.

26.The preliminary information required for installation is now complete.

Click Next.

27.The selected components will now be installed. This process may take a while. 

28.If you are warned about components being in use, either use the Automatically Close option or manually close the process which is interfering with the installation.

Click OK when ready.

29.After all the components are copied, you may be asked to provide the settings for the PBX that you have chosen. Since this process varies greatly from system to system, please ensure that you configure your site’s PBX exactly as required.

30.On the SSO Configuration screen, enable Legacy SSO.  From the dropdown menu, enable the Providers that you want your clients to be able to use to access Web Admin, Avaya Messaging Admin, Web Access, and Web Reports.  Items that are disabled will not appear during client login.

When clients / admins want access to these programs, they login using their credentials for one of the listed programs.  They must have an account with that application before they can login.

Enable all that apply, then click OK.

Click Save when finished.

31.Click Finish to restart the server.

If you wish to restart your computer at a later time, disable the Restart check box then click Finish.

32.This alert is to remind you to properly share the UC installation folder (see here for details).

33.Once the installation is complete, remember to import both the UCIIS User and the UCAdmin user certificates to this computer.  See here for details.

34.Verify that the Encryption File System (EFS) certificate has been saved to another secure location (see Backup and Restore the Certificate File on page 357).  If the certificate becomes corrupted, UC Communication will no longer function and are unrecoverable without this backup file.

Click OK to restart the computer.

Secondary Voice Servers

Up to 20 Secondary servers can be added to a High Availability environment. Each must be given its own, unique identification number (e.g. 2-21) which is assigned during installation.

1.Download the installation file (see chapter 4).  Run the file (double-click) to extract the contents. Specify the location on your hard drive where you want to save the files.

2.In the extraction folder, run Setup.exe as administrator to install Avaya Messaging onto all of your Secondary servers.

3.Once the Windows components have been verified, click Next to begin the installation procedure.

4.Enter the DCOM user info (domain user account which has local administrator rights).  This is required by services which use local administrator rights.

Click OK after entering the necessary credentials.

5.Review all the license agreements and select
I accept the license agreement.

Click Next to continue.

6.You will be asked to select the destination of the installation. You may change the hard drive destination through the drop down menu. By default, the installation will create a UC folder on the C drive.

Click Next to continue.

7.Enable Multiple UC Servers in High Availability.

Click Next.

Single UC Server: When operating Avaya Messaging on a single server computer.

Multiple UC Servers in High Availability: When running Avaya Messaging in High Availability mode for redundancy.

Avaya Messaging Cloud Gateway: Gateway allows end-to-end synchronization between the Avaya Aura Messaging server and Google's Gmail using Avaya Messaging message sync and the CSE.

8.Select Secondary Voice Server.

Click Next.

9.Select the IP Address of the Primary Voice Server.

Click Next.

10.Enter the number for this Secondary Server.  Each Secondary server must have a unique identifying number assigned between 2 and 20.

Click Next.

11.On the Avaya Messaging installation drive, open the Logs folder.

Open the file named license using any text editor (e.g. Notepad).

Verify Highsecurity=1. If it does not, verify that the same file (IXM Installation drive:\UC) on the Primary voice server does have this setting. If the setting is valid on the Primary, there is a connection or a sharing problem between the two machines. If the Primary is not correctly set, contact your reseller for an updated license.

Once any connection or sharing problems have been fixed, return to step 8 and check again for this file.

12.Select the Components required at your site.

Click Next.

13.Select your PBX Brand then click Next.

14.Select your PBX model from the dropdown menu.

Click Next.

15.If you will be installing a Secondary Consolidated server with your system, click Yes.

Otherwise, choose No.

A Secondary Consolidated server is optional.

16.Enter the IP Address for the Consolidated Server, and if selected, the IP Address for the Secondary Consolidated Server.

Both Consolidated servers require their own computers, but for now you only need to know their IP Addresses.

Click Next.

17.Enter the number of ports your system will use.

Click Next.

18.Enter and verify the password used for the local UC IIS User.  This is used when logging into any associated web applications, such as Web Access.

19.Enter the database encryption password. The database files will be encrypted with this password using the FIPS 140-2 certified security algorithms.

20.Enter the values in the spaces provided. These are provided with the certificate.

These values must be the same as are used during the Primary voice server installation step 27.

21.The preliminary information required for installation is now complete.

Click Next.

22.The selected components will now be installed. This process may take a while. 

23.If you are warned about components being in use, either use the automatic option or manually close the process which is interfering with the installation.

Click OK when ready.

24.After all the components are copied, you may be asked to provide the settings for the PBX that you have chosen. Since this process varies greatly from system to system, please ensure that you configure your site’s PBX exactly as required.

25.Provide any additional settings for SIP integration for your site.

Click Next to continue.

26.After all the components are copied, you may be asked to provide the settings for the PBX that you have chosen. Since this process varies greatly from system to system, please ensure that you configure your site’s PBX as required.

27.Click Finish to restart the server.

If you wish to restart your computer at a later time, disable the Restart check box then click Finish.

28.This alert is to remind you to properly share the UC installation folder (see here for details).

29.Once the installation is complete, remember to import the UC IIS User certificate to this computer.  See here for details.

30.Verify that the Encryption File System (EFS) certificate has been saved to another secure location (see Backup and Restore the Certificate File on page 357).  If the certificate becomes corrupted, UC Communication will no longer function and are unrecoverable without this backup file.

Click OK to restart the computer.

Secondary Consolidated Server

The standard HA installation provides failover backup support for the voice servers at the site.  The Primary Voice server and one or more Secondary Voice servers prevent the loss of data if one of those machines should fail.  The Consolidated server is not backed up in this way by default.

While third-party software can provide backup and failover support for the Consolidated Server, Avaya Messaging natively supports the creation of a Secondary Consolidated server.  This must be another computer system with identical hardware to the Primary Consolidated machine.  Installing a Secondary Consolidated server creates a real-time mirror of the Primary Consolidated server.  If the Primary Consolidated server stops responding for a selectable amount of time, the system will trigger a failover onto the Secondary Consolidated server.

This is an optional procedure and will not affect the performance of the HA system.

Failover and Failback

The Consolidated server synchronizes the voice servers (Primary and all Secondaries) and maintains the database.  If the Consolidated server fails, the voice servers will continue to process voice traffic, but UM services (calendar sync, Email integration, transcription, etc.) will not be available.

During normal operations, the Primary and Secondary Voice servers communicate with the Primary Consolidated sever only.  The Secondary Consolidated server takes no active role in operations.  It communicates only with the Primary Consolidated server to mirror its current state and to check its operational status.

If the Primary Consolidated server stops responding to the Secondary Consolidated for a configurable period of time (10 minutes by default), the Secondary Consolidated server will contact each of the remote client servers (i.e. Secondary voice, Remote CSE, Remote Web, Remote Report).  Once they have all responded, the Secondary Consolidated will initiate the failover procedure.  The Secondary Consolidated now becomes the Primary Consolidated server and all of the client Voice servers begin synchronizing.

Once the old Primary Consolidated server has been repaired and the system detects it again, the now Primary Consolidated server will initiate the failback procedure where the two Consolidated servers switch roles again returning to their original configuration.

Manual Failover

If the Primary Consolidated server stops responding to the Secondary Consolidated for a configurable period of time (10 minutes by default), the Secondary Consolidated server will contact each of the remote client servers (i.e. Secondary voice, Remote CSE, Remote Web, Remote Report).  Once they have all responded, the Secondary Consolidated will initiate the failover procedure.  If any of the client servers do not respond, the Secondary Consolidated server will not failover automatically.  In this instance, the administrator has the option to initiate the failover manually.

For example, if a site has multiple data centers with a Consolidated server on each, and if the communication link between the sites fails, this will cause the Secondary Consolidated server to try to contact all of the client servers, but some may not be reachable since they are housed on the other, unreachable data center.  The administrator may wait to initiate a failover, or can act immediately depending on specific details of the situation.

The executable file (consolfailover.exe) is included with the HA installation in the \UC\DB folder of the installed hard drive on all clients. On the Secondary Consolidated server, open the command prompt, move to the \UC\DB directory and type the following:

consolfailover forcedfailover

This will initiate a failover where the Secondary Consolidated server takes over the functions of the Primary Consolidated server for all of the clients that are currently responding.  When communication with the missing client servers is restored, the Secondary Consolidated server will have them failover.

When communication with the Primary Consolidated server is restored, it rejoins the network temporarily as the Secondary Consolidated server.  After 10 minutes, the entire system will revert to its original configuration with both Consolidated servers returning to their original roles.

If any client servers have incorrect IP Addresses for the Consolidated servers, the administrator can run the following command on those servers to correct these values.  On each client server with incorrect details, open the command prompt, move to the \UC\DB directory and type the following:

consolfailover manual IPA_Secondary IPA_Primary

Enter the correct IP Address for the Secondary Consolidated server, followed by the correct IP Address of the Primary Consolidated server.

To see all of the possible parameters for this command, enter the following at the command prompt:

consolfailover /?

Installation

The installation of the Secondary Consolidated server must be done once the Primary Consolidated server is operational.

1.Download the installation file (see chapter 4).  Run the file (double-click) to extract the contents. Specify the location on your hard drive where you want to save the files.

2.In the extraction folder, run Setup.exe as administrator to install Avaya Messaging onto your Consolidated server.

3.Once the Windows components have been verified, click Next to begin the installation procedure.

4.Enter the DCOM user info (domain user account which has local administrator rights).  This is required by services which use local administrator rights.

Click OK after entering the necessary credentials.

5.Review all the license agreements and select
I accept the license agreement.

Click Next to continue.

6.You will be asked to select the destination of the installation. You may change the hard drive destination through the drop down menu. By default, the installation will create a UC folder on the C drive.

Click Next to continue.

7.Enable Multiple UC Servers in High Availability.

Click Next.

Single UC Server: When operating Avaya Messaging on a single server computer.

Multiple UC Servers in High Availability: When running Avaya Messaging in High Availability mode for redundancy.

Avaya Messaging Cloud Gateway: Gateway allows end-to-end synchronization between the Avaya Aura Messaging server and Google's Gmail using Avaya Messaging message sync and the CSE.

8.Select Secondary Consolidated Database/File Server.

Click Next.

9.Enter the IP Address of the Primary Voice server, then click Next.

10.On the Avaya Messaging installation drive, open the Logs folder.

Open the file named license using any text editor (e.g. Notepad).

Verify Highsecurity=1. If it does not, verify that the same file (IXM Installation drive:\UC) on the Primary voice server does have this setting. If the setting is valid on the Primary, there is a connection or a sharing problem between the two machines. If the Primary is not correctly set, contact your reseller for an updated license.

Once any connection or sharing problems have been fixed, return to step 8 and check again for this file.

11.Select the Components required at your site.

Click Next.

12.This screen shows all of the Windows roles and features that the Consolidated server requires to operate properly.

For all items that are not checked, return to Windows and install any missing components into the operating system.

Click Next when finished or to refresh the display.

13.Select your PBX Brand then click Next.

14.Select your PBX model from the dropdown menu.

Click Next.

15.Unless the Primary Server has been upgraded from a Single Server installation, choose No.
Click Next.

16.Enter the IP Address for the Primary Consolidated server.

17.Select the Email Server Type from the list of available options. This allows the system to set basic parameters which help to improve performance and reliability.

18.Enter and verify the password used for the local UC IIS User.  This is used when logging into any associated web applications, such as Web Access.

19.Enter a password to provide administrator only access to the system. This account password is used to configure the many elements of the system.

20.Enter the database encryption password. The database files will be encrypted with this password using the FIPS 140-2 certified security algorithms.

21.Enter the values in the spaces provided. These are provided with the certificate (either self-signed or a CA signed).

These values are used when configuring the certificates on here.

22.Enter an encryption password to protect Mobilink communications.

23.Enter a password for the Mobilink identity file.

Click Next.

24.Enter and verify the password used for the local UCAdmin User.  This is used when logging into any associated web applications, such as Web Access.

25.Enter the primary location from which most telephone calls will be placed. This will normally be where the corporate office is situated. Additional dialing locations and rules may be defined after the installation is complete.

Select the country from the dropdown menu, and enter the area code in the space provided.

Click Next to continue.

26.Choose either Yes or No to determine whether the system will apply General Data Protection Regulation (GDPR) compliance procedures to your data.
With this option enabled, users and callers are notified that personal information will be collected.  This information can also be completely removed from the system upon request.

27.The preliminary information required for installation is now complete.

Click Next.

28.The selected components will now be installed. This process may take a while. 

29.On the SSO Configuration screen, enable Legacy SSO.  From the dropdown menu, enable the Providers that you want your clients to be able to use to access Web Admin, Avaya Messaging Admin, Web Access, and Web Reports.  Items that are disabled will not appear during client login.

30.If you are warned about components being in use, either use the Automatically Close option or manually close the process which is interfering with the installation.

Click OK when ready.

31.After all the components are copied, you may be asked to provide the settings for the PBX that you have chosen. Since this process varies greatly from system to system, please ensure that you configure your site’s PBX exactly as required.

32.Click Finish to restart the server.

If you wish to restart your computer at a later time, disable the Restart check box then click Finish.

33.This alert is to remind you to properly share the UC installation folder (see for here details).

34.Once the installation is complete, remember to import the UC IIS User certificate to this computer.  See here for details.

35.Verify that the Encryption File System (EFS) certificate has been saved to another secure location (see Backup and Restore the Certificate File on page 357).  If the certificate becomes corrupted, UC Communication will no longer function and are unrecoverable without this backup file.

Click OK to restart the computer.

Configuring Consolidated Failover Timing

The Secondary Consolidated server regularly polls the Primary Consolidated server.  If the Primary Consolidated server fails to respond for a set period of time, the Secondary Consolidated initiates the failover process.

By default, this is 10 minutes.

This can be changed using the UC Admin program.

On the Primary Consolidated server:

1.Open Avaya Messaging Admin, and go to Configuration > Advanced.

2.Locate Time To Failure Of Consolidated and double-click to change the value.

3.In the Value Data field, enter the time (in minutes) that the Secondary Consolidated server should wait after losing contact with the Primary Consolidated server before starting the failover procedure.

Click OK to save the change.

Verifying Consolidated Server IP Addresses

You can check that the correct IP Address have been entered into the system through UC Admin.

1.Open UC Admin and login using administrator credentials.

2.Go to Advanced and locate Consolidated Server IP in the right-hand pane.  Verify that the IP address listed is correct.
Double-click the entry to change the value.

3.Locate Secondary Consolidated Server IP in the right-hand pane.  Verify that the IP address listed is correct.
Double-click the entry to change the value.

JITC Passwords

More stringent rules for user passwords are also required for a JITC certified installation. These include:

•Passwords must be at least 15 characters long.

•It must include at least one uppercase character (A-Z).

•...include at least one lowercase character (a-z).

•...include at least one non-alphabetic character (0-9, !@#$% etc.).

•A password must be changed every 60 days.

•No new password can be the same as a previous password extending back 10 iterations.

•The administrator can change the password at any time.

•The client can change their password only once within a 24 hour period.

•A client password can only be changed by the client or the administrator.

•A password cannot contain any personal information, such as names, telephone numbers, birthdays, etc.

These rules are enabled by automatically when installing the JITC compliant edition of Avaya Messaging. They can also be manually enabled through the Avaya Messaging Admin MMC under Configuration > Advanced.

Logging In

When logging in to Avaya Messaging applications (i.e. UC Admin, Web Admin), after putting in a correct password, the user is shown the details for the last successful and unsuccessful login attempts through their account.  The details include the date and time of the attempt and the IP address of the machine where the attempt was launched.

Review the details as necessary, then click OK  to complete the login process and launch the application.

Creating Public and Private Keys

Use the included utility to generate the required public and private keys used by Mobilink services to encrypt data in the synchronization process.

1.On the Primary computer, open the drive where Avaya Messaging has been installed.
Open the Sybase\SQL Anywhere 17\BIN64 (e.g. c:\Sybase/SQL Anywhere\BIN64) folder and run the createkey program.

2.At the prompt, enter 2048, then press Enter.

3.Key in the location where you want the public key to be stored. Include the name of the key.
The name MUST be    e2ee_PublicKey2048.pem . Press Enter.

4.Key in the location where you want the private key to be stored. Include the name of the key.
The name MUST be    e2ee_PrivateKey2048.pem . Press Enter.

5.Enter a password for Mobilink end-to-end encryption and press Enter. The password is the same as the one entered during the Consolidated server installation.

6.Copy the file generated for the public key to the Primary voice server, and to all Secondary servers.
Paste the file into the UC\Certificates folder on the drive where Avaya Messaging was installed.

Copy the file generated for the private key to the same folder on the Consolidated server.

Certificates for Mobilink Connection: Self-Signed

If you are using a self-signed certificate, run the following script from the command prompt to generate the Consolidated server identity and public certificates used by Mobilink services for authentication.

Change the highlighted sections so that they apply to your installation. Enter the same values that were used during the installation of the Primary voice server (step 27 on here).

Enter the password you chose for the Consolidated server during installation (Abc123def456gh! in this example).

All passwords must be JITC compliant (see here).

createcert -t rsa -b 2048 -sc CA -sst ON -sl Toronto -so "Test Org" -sou "Test OU" -scn "Test Cert" -x -m 0 -v 5 -ca 0 -u 1,3,4,5,6 -co c:\MobilinkPublicCertificate.crt -ko c:\ConsPrivateKey.pem -io c:\ConsolidatedIdentity.pem -kp Abc123def456gh!

The command line will generate 2 files, both located in the root of the installation drive (i.e. C:\): ConsolidatedIdentity.pem and ConsPrivateKey.pem.

Copy the ConsolidatedIdentity.pem certificate file to the UC\Certificates folder on the Consolidated server (and the Backup Condolidated server if present) to the drive where Avaya Messaging was installed.
For a certificate provided by a CA, rename the private key file and copy here.

Copy the MobilinkPublicCertificate.crt file to the UC\Certificates folder on the Consolidated (and the Backup Condolidated server if present), Primary and all Secondary Voice servers to the drive where Avaya Messaging was installed.
For a certificate provided by a CA, rename the public key file and copy here.

Certificates for Mobilink Connection: Not Self-Signed

If your site does not permit self-signed certificates, run the following scripts from the command prompt to generate the Consolidated server identity and public certificates used by Mobilink services for authentication.

Change the highlighted sections so that they apply to your installation.  Enter the same values that were used during the installation of the Primary voice server (step 27 on here).

Enter the password you chose for the Consolidated server during installation (Abc123def456gh! in this example).

The Private certificate password (Zyx987wvu654ts! in this example) is created here and must appear in the Public certificate command line.

All passwords must be JITC compliant (see here).

•Private Certificate:  This certificate will reside on the Consolidated server.

createcert -t rsa -b 2048 -sc CA -sst ON -sl Toronto -so "Test Org" -sou "Test OU" -scn "Test Cert" -x -m 0 -v 5 -ca 1 -u 6,7 -co c:\MobilinkPublicCertificateCA.pem -ko c:\ConsPrivateKeyCA.pem -io c:\ConsolidatedIdentityCA.pem -kp "Zyx987wvu654ts!"

•Public Certificate:  This certificate is used by Avaya Messaging to validate access using the private certificate.  Copies must be made on the Primary and all Secondary voice servers.

createcert -t rsa -b 2048 -sc CA -sst ON -sl Toronto -so "Test Org" -sou "Test OU" -scn "Test Cert" -m 0 -v 5 -ca 0 -u 1,3,4,5,6 -c c:\MobilinkPublicCertificateCA.pem -ck c:\ConsPrivateKeyCA.pem -cp "Zyx987wvu654ts!" -co c:\MobilinkPublicCertificate.crt -ko c:\ConsPrivateKey.pem -io c:\ConsolidatedIdentity.pem -kp "Abc123def456gh!"

The certificate files are created in the root directory of the C:\ drive.

Copy the ConsolidatedIdentity.pem certificate file to the UC\Certificates folder on the Consolidated server drive where Avaya Messaging was installed.

Copy the MobilinkPublicCertificate.crt certificate file to the UC\Certificates folder on the Primary and all Secondary servers to the drive where Avaya Messaging was installed.

Configuring TLS with Avaya Messaging for SIP

After Avaya Messaging has been installed, modifications must be made to the ETSIPService.ini file. This will enable TLS security with the correct settings for use with Avaya Messaging.

The ETSIPService.ini file is located in the UC/Configuration folder on the voice server hard drive.

Open it using Notepad or any similar text editor.

Make the necessary changes to the data in the file. If an item is not present, add it to the appropriate section. Create a new section at the end of the file if necessary.

This is an example of additions and changes that can be made to the file. Make the changes required for your site.

[PBX1]

Transport protocol=3

Enforce Secure RTP=1

MWI TCP Port = 5061

TCP Port = 5061

[SIP settings]

Ignore Local Addresses=Yes

TCP Enabled = Yes

TLS IP = 192.168.0.1:5061

[TLS Manager]

FIPS=0

[TLS Server]

Private [email protected]

[email protected]

Certificate Depth=5

Method=2

[TLS Client]

CA [email protected];

Intermediate [email protected]

Certificate Depth=5

Method=2

Key

Transport protocol: Set this value to 3. A TLS IP address must be defined under SIP settings.

Enforce Secure RTP:  Enter 1 to allow both AVP and SAVP.  Setting this to 2 will use secure RTP.

MWI TCP Port / TCP Port:  Set both of these values to 5061.

Ignore Local Addresses: Allows control of automatic stack binding with all available interfaces.  This must be set to Yes when using TLS.

TCP Enabled: TCP is required for use with TLS.  Set this option to Yes.

TLS IP: List all of the TLS local IP addresses for the Avaya Messaging server.  The format must be address, colon, port. For example,   IPAddress:port .  Set the port address to 5061.  Separate multiple server addresses in the list using a comma.

FIPS: Enables the FIPS module for an OpenSSL library.

Private Key: Enter the full path to the private key file (i.e.  c:\security\certificates\sip.key).  Adding the prefix @ will automatically include the path to the Avaya Messaging certificates folder: entering @sip.key expands the path to C:\UC\Certificates\sip.key (where C is the drive where Avaya Messaging is installed). The certificate file must be in PEM format.

Certificate: Enter the full path to the certificate file (i.e.  c:\security\certificates\sip.crt).  Adding the prefix @ will automatically include the path to the Avaya Messaging certificates folder: entering @sip.crt expands the path to C:\UC\Certificates\sip.crt (where C is the drive where Avaya Messaging is installed).

Certificate Depth: Defines the depth that an engine will consider legal in a certificate chain (certificates authorizing certificates). The default value is 5.

Method: Specify the version of TLS to use.     The default value is 2 (TLS 1.2).  If you installation requires an earlier version of TLS, change the value accordingly.

CA Certificates: Enter the full path to the PEM certificate file.  Adding the prefix @ will automatically include the path to the Avaya Messaging certificates folder.  A TLS engine can trust zero, one or more root certificates. Once an engine trusts a root certificate, it will approve all valid certificates issued by that root certificate.

Intermediate Certificates: Enter the full path to the PEM certificate file.  Adding the prefix @ will automatically include the path to the Avaya Messaging certificates folder.  An engine may hold a certificate that is not issued directly by a root certificate, but by a certificate authority delegated by that root certificate. To add this intermediate certificate to the chain of certificates that the engine will present during a handshake.

Certificate Depth: Defines the depth that an engine will consider legal in a certificate chain (certificates authorizing certificates). The default value is 5.

Method: Specify the version of TLS to use.     The default value is 2 (TLS 1.2).  If your installation requires an earlier version of TLS, change the value accordingly.

Installing Remote CSE Under JITC

When adding a Remote CSE server as part of a High Availability JITC installation, extra steps must be taken.  JITC uses encryption to secure data and communications between devices, so this extra layer must be incorporated into the configuration to ensure compliance.

The communications channel between the CSE Server and the Avaya Messaging Servers must be encrypted in a JITC compliant installation.  Similarly, the database on the CSE server must also be encrypted for data storage.

Installation Procedure

1.On the computer designated as the Remote CSE Server, open the Avaya Messaging folder on your server hard drive and run Setup.exe as administrator to launch the installer.  

When prompted, click Next.

2.Enter the DCOM user info (domain user account which has local administrator rights).  This is required by services which use local administrator rights.

Click OK after entering the credentials.

3.Review the license agreement.  Click Continue, enable the I accept the license agreement checkbox, then click Next.

4.You will be asked to select the destination directory for the installation.  You may change the hard drive destination through the drop down menu.  By default, the installation will create a UC folder on the C drive.

Click Next to continue.

5.Enable Multiple UC Servers in High Availability.

Click Next.

6.Select Remote Imap TSE Server (only).

Click Next.

7.Enter the IP Address of the Primary server.

Click Next.

8.Enter a number between 1-25 for this server.  

If you configure multiple CSE servers, each must be given a unique number;  no two servers can share the same number.

Avaya Messaging supports up to 25 CSE servers.

Click Next.

9.On the C drive, open the Logs folder.

Open the file named license using any text editor (e.g. Notepad).

Verify Highsecurity=1. If it does not, verify that the same file (Avaya Messaging Installation drive:\UC) on the Primary voice server does have this setting. If the setting is valid on the Primary, there is a connection or a sharing problem between the two machines. If the Primary is not correctly set, contact your reseller for an updated license.

Once any connection or sharing problems have been fixed, return to step 9 and check again for this file.

10.Select the Components required at your site.

Click Next.

11.If you will be installing a Secondary Consolidated server with your system, click Yes.

Otherwise, choose No.

A Secondary Consolidated server is optional.

12.Enter the IP Address for the Consolidated Server, and if selected, the IP Address for the Secondary Consolidated Server.

Both Consolidated servers require their own computers, but for now you only need to know their IP Addresses.

Click Next.

13.Select the Email Server Type from the list of available options.  This allows the system to set basic parameters which help to improve performance and reliability.  

When ready, click Next.

14.Enter the database encryption password.  The database files will be encrypted with this password using the FIPS 140-2 certified security algorithms.

This password must meet the requirements outlined here.

15.Enter the values in the spaces provided.  These are provided with the certificate.

These values must be the same as are used during the Primary voice server installation (step 27).

16.The preliminary information required for installation is now complete.   

Click Next.

17.The selected components will now be installed.  This process may take a while. 

18.Click Finish to restart the server.

If you wish to restart your computer at a later time, disable the Restart check box, then click Finish.

19.This alert is to remind you to properly share the UC installation folder (see here for details).

20.Verify that the Encryption File System (EFS) certificate has been saved to another secure location (see Backup and Restore the Certificate File on page 357).  If the certificate becomes corrupted, UC Communication will no longer function and are unrecoverable without this backup file.

Click OK to restart the computer.

The Remote CSE server installation is complete.

Installing Remote Web Server Under JITC

When adding a Remote Web server as part of a High Availability JITC installation, extra steps must be taken.  JITC uses encryption to secure data and communications between devices, so this extra layer must be incorporated into the configuration to ensure compliance.

The communications channel between the Web Server and the Avaya Messaging Servers must be encrypted in a JITC compliant installation.  Similarly, the database on the Web server must also be encrypted for data storage.

Installation Procedure

1.On the computer designated as the Remote Web Server, open the Avaya Messaging folder on your server hard drive and run Setup.exe as administrator to launch the installer.  

When prompted, click Next.

2.Enter the DCOM user info (domain user account which has local administrator rights).  This is required by services which use local administrator rights.

Click OK after entering the credentials.

3.Review the license agreement.  Click Continue, enable the I accept the license agreement checkbox, then click Next.

4.You will be asked to select the destination directory for the installation.  You may change the hard drive destination through the drop down menu.  By default, the installation will create a UC folder on the C drive.

Click Next to continue.

5.Enable Multiple UC Servers in High Availability.

Click Next.

6.Select Remote Web Application server (only).

Click Next.

7.Enter the IP Address of the Primary server.

Click Next.

8.Enter a number between 1-14 for this server.  

If you configure multiple Web servers, each must be given a unique number;  no two servers can share the same number.

Avaya Messaging supports up to 14 Web servers.

Click Next.

9.On the C drive, open the Logs folder.

Open the file named icense using any text editor (e.g. Notepad).

Verify Highsecurity=1. If it does not, verify that the same file (Avaya Messaging Installation drive:\UC) on the Primary voice server does have this setting. If the setting is valid on the Primary, there is a connection or a sharing problem between the two machines. If the Primary is not correctly set, contact your reseller for an updated license.

Once any connection or sharing problems have been fixed, return to step 9 and check again for this file.

10.Select the Components required at your site.

Click Next.

11.If you will be installing a Secondary Consolidated server with your system, click Yes.

Otherwise, choose No.

A Secondary Consolidated server is optional.

12.Enter the IP Address for the Consolidated Server, and if selected, the IP Address for the Secondary Consolidated Server.

Both Consolidated servers require their own computers, but for now you only need to know their IP Addresses.

Click Next.

13.Enter and confirm the password for the UCIIS user.  This must be the same UCIIS password that was created on the other servers.

14.Enter the database encryption password.  The database files will be encrypted with this password using the FIPS 140-2 certified security algorithms.

This password must meet the requirements outlined here.

15.Enter the values in the spaces provided.  These are provided with the certificate.

These values must be the same as are used during the Primary voice server installation.

16.Enter and verify the password used for the local UCAdmin User.  This is used when logging into any associated web applications, such as Web Access.

17.The preliminary information required for installation is now complete.   

Click Next.

18.The selected components will now be installed.  This process may take a while. 

19.Click Finish to restart the server.

If you wish to restart your computer at a later time, disable the Restart check box, then click Finish.

20.This alert is to remind you to properly share the UC installation folder (see here for details).

21.Once the installation is complete, remember to import both the UCIIS User and the UCAdmin User certificates to this computer.  See here for details.

22.Verify that the Encryption File System (EFS) certificate has been saved to another secure location (see Backup and Restore the Certificate File on page 357).  If the certificate becomes corrupted, UC Communication will no longer function and are unrecoverable without this backup file.

Click OK to restart the computer.

The Remote Web server installation is complete.