Mike's PBX Cookbook

CS1000E Rls. 7.5 Installation

Previous page Next page

2. Configure and Join the Secure Domain

The most significant change in Release 7.5/7.6 is the requirement to deploy the Unified Communications Manager (UCM). The UCM creates a security "umbrella" where components and applications must first register in order to function in the system.

Once this security domain is established, and the elements are registered to it, only one password is required to access any individual element: called "single sign-on".

Release 7.5 requires Microsoft Internet Explorer v.6.02 with Java Runtime Environment (JRE) version 1.5 or higher. An alternative is Windows 7 with Internet Explorer 8 (set to IE7 Browser mode). Anything else, and you're on your own! It is always important to turn off browser caching and auto-complete. See Internet Explorer settings for details.

Always do your UCM configuration on the TLAN, Avaya recommends it, and it honestly works better. Register Linux elements on the TLAN, and VXWorks elements on the ELAN.

Base Element Access

Make sure you've updated the computer's hosts file (C:\Windows\System32\drivers\etc\) with the FQDN/IP address, unless using a DNS server. We must access the base elements in order to configure security. This can be done in two ways.

  1. Browse to the elements IP address
  2. Browse to the elements URL: FQDN/local-login

If you browse to the elements IP address, you will get its Local Login screen - login with the local user account: admin2.

After the security domain is established, access to the UCM is accomplished by navigating to https://FQDN. The elements are listed in the main window (show below), and local access is accomplished by clicking on the Element Name link.

For most systems, this initial step in the installation process is the only time the base element will ever be accessed directly.

Perform Security Configuration:

Every installation has one Primary Security Server (UCM0 or SS0).
You may optionally configure one Backup Security Server (UCM1 or SS1).
All other cards/servers, such as the MAS, are Member Servers.

For each element:

UCM Security Configuration

For the Primary Security Server:

For the Backup/Member Servers:

Local Administration:

The following configuration changes are performed on each server under Local Administration:

  1. Base System > Networking > DNS and Hosts - add the other cards
  2. Base System > Networking > Route Table - if required, not shown here
  3. Base System > Date and Time > edit clock source

Open UCM, https://FQDN, then from the main UCM Elements screen click on the primary security server base element:

DNS and Hosts:

Set Clock Source

Set the clock source:

Set Clock Source

You may prefer to Set the Time with NTP.

Modify security policy:

This step is optional. We will simplify security policy and change the default password to something easy.

Security Policy

Remember to reinstitute good password practices once configuration is complete.

Refer to Unified Communications Management Common Services Fundamentals Avaya CS1000 7.5 - NN43001-116 - Chapter 5 for additional information on Security Roles and Policies.

Install security certificate on PC:

Until now each time a new browser window is opened to access UCM a certificate warning must be acknowledged. To overcome this, download and install the certificate. Depending on the operating system and version of Internet Explorer, you may need to add the FQDN to the list of trusted sites.

When complete, close Internet Explorer, open another IE window, navigate to UCM and see if the certificate import worked.

Previous page Next page