Rlse 7.5- UCM Security Domains 3

[golfdoctor]

I am in the preliminary stages of getting ready to go to Rlse 7.5

We have 3 nodes running Rlse 5.5 mixed TDM and IP [CS1000E x2,CS1000M x1] All are networked via H323. The NRS is at the CS1000M node. ELANS are presently NOT routeable at any node location.(only within own node) ISP1100 servers being switched out to HP COTS etc.

Due to the WAN bandwidth and the ELAN scenario is there any reason I cannot implement 3 security domains ?

Basically I want each node and its associated equipment to be in its own Security Domain. Going over the NTP's at nausea suggests this is not necessary however to my simple way of thinking for fault tolerance, node survivability and the geographic locations differences I would sure like to keep them separate if possible.

Any thoughts or suggestions would sure be appreciated as always


TGD

 

[biv343]

You can have three different security domains if you wish. The only time remotes need to be in the same security domain as the main site is when they are survivable media gateways. The database transfer/endorsement doesn't seem to work right if they are in separate security domains.

I typically put each system in it's own UCM domain so when UCM freaks out, which it will, you don't have issues at multiple locations.

If I got nothing more for Christmas than UCM going away, or at least the security crap being optional, I'd be a happy man.

 

[KCFLHRC]

If you aren't going to use SIP which will force you into System and Session Manager on 7.5 you should be fine with 3 separate Security domains. Probably not what Avaya would suggest but I don't have a lot of faith in them lately anyway. If it were me, I would make the Elan's and Tlan's routeable now and go with 1 Primary Security Server and 1 back up because inevitably you will be using SIP and it will cause you a lot less pain to do it now than it will later. The security piece is not really that bad as long as you understand it. But it can give you some grief initially. The key is the network, it has to be ready for it.

 

[biv343]

My favorite feature of UCM is when the accounts decide to lock out or expire, even when you set the security policies to never expire. I've fought that a bit in 7.5 and it looks like Avaya has released a new jboss patch that is supposed to fix that issue.

 

[golfdoctor]

Thanks for the responses and really appreciate the insights.

Basically I am sort of scared and wary of this. If things go south I want to at least try and keep it to the node vs the world.
Probably dinosour thinking however....

thanks again - stars for you both !


TGD

 

[KCFLHRC]

You are wise to be wary. 7.5 has several issues.

 

[monkey101]

you will not be able to have a backup NRS on a separate security domain...and you can avoid the huge bill for session and system manager buy buying 1 h323 trunk then you can stay with NRS as session manager does not do H323.

 

[Meridianman64]

Hi folks,

I am having issues of the original norteladmin login not working and separate passwords transitioning to UPPER case on their own.

Has anyone experienced this, as our vendor hasnt been able to assist either for two weeks. We are only having these issues on the recently and newly installed MG101 and the recently upgraded hybrid system.

Thanks!