Juancho2015
Technical User
Hi there.
Any expert on AAC 8 implementation? I have several questions on this matter.
Any expert on AAC 8 implementation? I have several questions on this matter.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Avaya Aura Conferencing 8
- Thread starter Juancho2015
- Start date
- Status
mattKnight
Programmer
Perhaps if you asked your question...
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
- Thread starter
- #3
Juancho2015
Technical User
Hi mattKnight
I have an AAC 8 istalled with Aura profile and integrated with CM, SM and SMGR.
First of all, I need to migrate the web conferencing elements to the DMZ. Documentation is not clear enough about that.
- Which apps should I deploy on the DMZ server?
- How should that be done?
- Which OVA is needed to do so?
Second:
I've been provided with new certificates to install for web conferencing and I'm not sure on where and how must this tusk be performed. I have the pfx and c7b files, plus the password. Is there any risk?
Third:
meet-me conference number is configured to play Spanish but plays English when called from an Avaya H323 or SIP phone. When called from outside or another PBX (Nortel CS1K) it plays in Spanish as configured. I took some traces and realized that calls from CM show anonymous@anonymous.invalid in FROM header. Could that be the reason for this failure? If so, how can I fix it?
Thanks.
I have an AAC 8 istalled with Aura profile and integrated with CM, SM and SMGR.
First of all, I need to migrate the web conferencing elements to the DMZ. Documentation is not clear enough about that.
- Which apps should I deploy on the DMZ server?
- How should that be done?
- Which OVA is needed to do so?
Second:
I've been provided with new certificates to install for web conferencing and I'm not sure on where and how must this tusk be performed. I have the pfx and c7b files, plus the password. Is there any risk?
Third:
meet-me conference number is configured to play Spanish but plays English when called from an Avaya H323 or SIP phone. When called from outside or another PBX (Nortel CS1K) it plays in Spanish as configured. I took some traces and realized that calls from CM show anonymous@anonymous.invalid in FROM header. Could that be the reason for this failure? If so, how can I fix it?
Thanks.
mattKnight
Programmer
What type of deployment? SME/Medium/Large
What sort of resilience? None ADR etc?
Have you got the opportunity to use a load balancer / reverse proxy?
I'd have to review the docs to work this out
but I think you'll need the
Platform OVA (for example AAC80000306)
Application Bundle (for example AAC80000302)
and the relevant platform and Application patches
As I implied, all our servers are in the same DMZ and we route web traffic using a reverse proxy device so you are breaking new territory here.
Click add, give the certificate a name and upload the pfx file. You'll be prompted for the password.
You'll need to add the root & intermediate certs to the relevant store in Element Manger -> security too
Bind this new cert to the network element and then probably restart the NE
Watch out though, in my experience AAC is a bit touchy about certificates - it certainly doesn't like wildcard certificates.
However, all our certificates are on the reverse proxies and so we use self signed to the backend servers
I'd suspect that your locations are not set right in Provisioning or don't match in System Manager. IP maps etc. It is a requirement that your locations in AAC8 match the ones in System Manager
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
What sort of resilience? None ADR etc?
The documentation is indeed a bit lacking, but useable - of course it may be easier for me as I have English as a first language. There is a step by step procedure in "Deploying Avaya Aura® Conferencing: Advanced installation and configuration Release 8.0.3" April 2105 version starting on page 255
Have you got the opportunity to use a load balancer / reverse proxy?
I'd have to review the docs to work this out
but I think you'll need the
Platform OVA (for example AAC80000306)
Application Bundle (for example AAC80000302)
and the relevant platform and Application patches
As I implied, all our servers are in the same DMZ and we route web traffic using a reverse proxy device so you are breaking new territory here.
This is all done through Element manager - security -> keystore
Click add, give the certificate a name and upload the pfx file. You'll be prompted for the password.
You'll need to add the root & intermediate certs to the relevant store in Element Manger -> security too
Bind this new cert to the network element and then probably restart the NE
Watch out though, in my experience AAC is a bit touchy about certificates - it certainly doesn't like wildcard certificates.
However, all our certificates are on the reverse proxies and so we use self signed to the backend servers
I'd suspect that your locations are not set right in Provisioning or don't match in System Manager. IP maps etc. It is a requirement that your locations in AAC8 match the ones in System Manager
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
- Thread starter
- #5
Juancho2015
Technical User
It's an medium corresident simplex deployment without load balancers, and reverse proxy is not yet commissioned (customer's responsibility). Unfortunately, AAC was installed by a competitor months ago and I'm not pretty sure about all current configurations. Actually I did not yet figure out all IPs and FQDNs this server is using. EG: I don't know the IP assigned to FMG nor its FQDN
I'm using the manual you refer to, but I can't find a precise description of the process to install the DMZ server.
Would you recomend to install the entire AAC server (with all NEs) at the DMZ? If so, can the actual server be moved and reconfigured or it needs to be reinstalled? (the entire Aura platform is located at corporate LAN)
I will look at locations in AAC and SMGR.
I'm using the manual you refer to, but I can't find a precise description of the process to install the DMZ server.
Would you recomend to install the entire AAC server (with all NEs) at the DMZ? If so, can the actual server be moved and reconfigured or it needs to be reinstalled? (the entire Aura platform is located at corporate LAN)
Should the new certificate be binded to Web conferencing elements only? How exactly can this be done? I found that I can bind the certificate to collaboration agent.mattKnight said:
I will look at locations in AAC and SMGR.
mattKnight
Programmer
No, I wouldn't for many reasons - security being on of them. With your topology, I'd keep the AAC and Aura platform in the same DMZ.
I would assume that you would need to reinstall from scratch if you were going to do this. It would certainly be easier than re-ip addressing the system.
Reverse proxy is the best way. Point out that they need to complete their work before you can do yours
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
- Thread starter
- #7
Juancho2015
Technical User
Actually, CM, SM and SMGR are not located in a DMZ but in the corporate LAN. Since I need to move Web Conferencing components from LAN to DMZ, my question is if it would be easier and better to move al AAC components to the DMZ.
My customer has two DMZs: one called Internet DMZ, another called Corporate DMZ, and, behind that is the corporate LAN where the entire Aura platform (CM, SM, SMGR, AAC, etc.) is located. Company´s reverse proxies are meant to populate services (like Web Conferencing) located in Corporate DMZ. In fact, using reverse proxy is part of the planned deployment, and now we are setting a lab-alike proxy to start testing, since we´re not sure about compatibility.
mattKnight
Programmer
I wasn't clear with what I meant. I used the phrase DMZ to mean network zone.
I stand by what I said though. Keep the aura infrastructure and the aac server in the same network zone I.e. no firewall between them
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
I stand by what I said though. Keep the aura infrastructure and the aac server in the same network zone I.e. no firewall between them
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
- Thread starter
- #9
Juancho2015
Technical User
Got it!
Well... I still have some doubts regarding on how to bind the new certificate to web conferencing element and the process to install the new DMZ server (in the DMZ) for web conferencing. This is mandatory as customer only populate services through servers located in DMZ. They do not allow to populate services from LAN to internet.
mattKnight
Programmer
Just FYI, Avaya have just released SP6 and there looks to be a whole set of updated documents.
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
- Thread starter
- #11
Juancho2015
Technical User
Thanks, fellow. I'll read them and try to figure out how to install the new DMZ server with just Web Conferencing deployed.
- Thread starter
- #12
Juancho2015
Technical User
Hi Matt
I think I found a problem or wrong configuration in this AAC since I'm not able to access the FMG admin web page (I get the server might be down message). Do you know a way to find out FMG and FMG manager IP addresses?
I think I found a problem or wrong configuration in this AAC since I'm not able to access the FMG admin web page (I get the server might be down message). Do you know a way to find out FMG and FMG manager IP addresses?
mattKnight
Programmer
The FMGadmin page is usually on your provisioning address so for example
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
- Thread starter
- #14
Juancho2015
Technical User
I was talking about the IP addresses defined at initial setup after deployment. I get access to the FMG admin web page but login fails with message "Connection to the Server failed, Server might be down. Or Check for your network connection".
mattKnight
Programmer
ah... I see what you mean now
you can do a ifconfig and look for the ip address associated with bond0
ther1
Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
you can do a ifconfig and look for the ip address associated with bond0
ther1Take Care
Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
- Thread starter
- #16
Juancho2015
Technical User
Both FMG and FMG admin are meant to be attached to bond0ther1 interface?
I can see that IP address belongs to Media server, which is abnormal from my point of view but audio conferences are working fine.
ther1 interface?I can see that IP address belongs to Media server, which is abnormal from my point of view but audio conferences are working fine.
- Thread starter
- #17
Juancho2015
Technical User
I think I found the reason why AAC plays English prompts when called from CM H323 and SIP extension: I see the header "Accept-Language=EN" in invite. I was unable to remove nor modify this message. Any idea?
- Status
Similar threads
- Locked
- Question
- Locked
- Question