What's new

In addition to the many features and capabilities provided in previous releases, Avaya Modular Messaging Release 3.1 offers the following new or enhanced features and capabilities:

• Security enhancements
• Restricted Outlook Client
• Web Client
• Support for the IBM Domino server
• User interface improvements
• System administration improvements

Note: The availability of the features and capabilities described in this topic depends on your system's configuration. Some features and capabilities are available only with the Avaya Message Storage Server (MSS), the Microsoft Exchange server, or with the IBM Domino server.

Security enhancements

The following security enhancements apply only to Modular Messaging systems with the Avaya Message Storage Server (MSS):

• Role-Based Access Control
• Authentication of MSS logins using a AAA server
• Improved logging of MSS administration activity
• LDAP Directory updates using SSL encryption

Role-Based Access Control

Role-Based Access Control (RBAC) gives customers the ability to create administration accounts (logins) on the MSS based on customer-defined roles. Customer-defined roles can be tailored to give each administrator only the access privileges that are needed to perform that administrator's job.

When you set up an administrative role, you specify which web-administration pages the role can access and the access type. The access type can be read and write or read only. The administrative roles you create can have access privileges that are the same as the sa (system administrator) or vm (voice messaging administrator) account, or you can create administrative roles that have different access privileges. The sa account provides access to all customer-accessible system functions. The vm account provides access to all subscriber-management functions.

When an administrative role is created, the role is assigned a role identifier (Role ID). Role identifiers are then used to assign access privileges to administration accounts on the MSS. For customers who use an Authentication, Authorization, and Accounting (AAA) sever to authenticate administration accounts on the MSS, accounts that will be authenticated by the AAA server, must also be defined on the AAA server.

Authentication of MSS logins using a AAA server

An Authentication, Authorization, and Accounting (AAA) server is an optional, customer-provided server that can be used to authenticate the credentials of administrators logging in to the MSS. The MSS can be configured to use one or two Remote Authentication Dial-In User Service (RADIUS), Lightweight Directory Access Protocol (LDAP), or Active Directory AAA servers to authenticate logins. For RADIUS servers, administration accounts on the MSS that will be authenticated by the AAA server, must also be defined on the AAA server.

Improved logging of MSS administration activity

Information about administration activity on the MSS is always sent to logs on the MSS server. In addition to logging this information locally, for Release 3.1, the MSS can be configured to send logging information to an external, customer-provided server using the syslog protocol (RFC 3164). Only one syslog server can be administered, however, that server can be configured as a syslog relay server that forwards logging information to multiple syslog servers. Logging information stored on the MSS can be viewed using the web-administration interface.

For Release 3.1, in addition to information that was logged for previous releases, the MSS logs the following information about administration activities:

• User name and role ID of the administrator
• Log ins, log outs, failed log ins, failed LDAP binds (connects), and password expiration warnings
• Identification of the web page or LDAP object that was changed
• Date and time, including time zone, that the change was made
• Whenever web-page data is changed and saved, field values (changed and unchanged) and button pushes are logged
• For LDAP changes, the IP address or fully qualified domain name of the client that made the change
• The requested LDAP operation and result (success or failure)

LDAP Directory updates using SSL encryption

The Modular Messaging system can receive LDAP directory updates from other Modular Messaging systems or from Message Networking systems. Directory updates enable these systems to share subscriber information, which makes it easier for subscribers on different systems to exchange voice or email messages. In past releases, authentication was required for directory updates, but there was no way to enforce encryption of the content of the directory update (subscriber information). For Release 3.1, Modular Messaging and Message Networking systems can be administered to enforce Secure Sockets Layer (SSL) encryption of incoming directory updates.

Restricted Outlook Client

The Restricted Outlook Client is available only with the Avaya Message Storage Server (MSS). Modular Messaging Restricted Outlook Client creates a Modular Messaging inbox and outbox within the Microsoft Outlook email application. These Modular Messaging mailboxes are separate from the corporate email mailboxes and allow subscribers to access, send, and manage voice messages from within Microsoft Outlook.

The Restricted Outlook Client helps companies in the financial sector comply with a variety of regulatory requirements regarding their communications with outside parties. The Restricted Outlook Client allows companies to:

• Clearly identify a digitized voice message from an email message. Companies must be able to distinguish between these two types of messages because email messages are subject to different regulatory requirements than voice messages.
• Prevent the transmission of voice messages to individuals who are not on the companies’ existing voicemail system.

Web Client

The Web Client has been enhanced to prevent cross site scripting attacks. These attacks inject Web-based text messages with script that gathers data about a subscriber's mailbox.

Administrators can disable client-side scripting when the Web Client displays the text and HTML portions of a message.

Support for the IBM Domino server

Avaya Modular Messaging Release 3.1 supports the IBM Domino server, versions 6.5 and 7.0, as a message storage server. It also supports the same feature set as Modular Messaging for Microsoft Exchange, with the following exceptions: Octel Analog Networking (which is provided by Message Networking) and Future Deliveries.

In addition to the user interface improvements described below, Release 3.1 supports these features on the IBM Domino server:

• Broadcast message. Allows you to send a message to every subscriber on the system.
• Personal distribution lists (PDL). Subscriber Options allows subscribers to create lists of addresses for future mailings. PDLs are represented in Lotus Notes as Groups and are supported by all Modular Messaging TUIs.
• Modular Messaging AUDIX and Modular Messaging Serenade TUIs
• Web Subscriber Options
• VMEnable and FEDBQuery tools for managing bulk messages
• Message privacy. Subscribers can use their TUI or the Lotus Notes client to mark a message as private. If a subscriber marks a message as private, Modular Messaging for IBM Domino prevents the recipient from copying or forwarding the message. If the recipient replies to the message, the original message is excluded from the reply.
• Message sorting by media type. When accessing messages using a TUI, messages can be sorted by media type. This new capability is particularly important for users who receive a lot of email.

User interface improvements

Modular Messaging provides the following user interface improvements:

• Access to unsent voice messages
• Notify Me for internal messages
• Personal Operator

Access to unsent voice messages

This improvement allows subscribers to retrieve messages that would have previously been lost if the switch disconnects a call.

If the telephone drops a call while the subscriber is composing a voice message, the TUI will save the unsent message in the Drafts folder. The next time the subscriber logs into the TUI, she can either complete and send the message, delete the message, or skip the message for later access.

All TUIs (Aria, AUDIX, and Serenade) and all system configurations (MSS, Exchange, and Domino) support this feature improvement.

Notify Me for internal messages

Previously, Modular Messaging sent subscribers an email alert only when a call-answered voice message arrived in their mailbox. Now, it sends an alert regardless of how the message arrives.

Personal Operator

A personal operator is a designated extension or mailbox to which the system can transfer callers when the original call is not answered. In previous releases, your system administrator defined a personal operator for each subscriber. In this release, the system administrator retains the ability to define a subscriber's personal operator. However, each subscriber can now:

• Set up their own personal operator.
• View and select the attendant schedule.

These abilities allow subscribers more flexibility when they need to reroute calls to another receptionist or operator.

Subscribers can configure their own personal operator number using their TUI, Subscriber Options, or Web Subscriber Options. All TUIs (Aria, AUDIX, and Serenade) and all system configurations (MSS, Exchange, and Domino) support this feature improvement.

System administration improvements for the MSS server

The following improvements to the MSS server are included in this release:

• Network Time Protocol (NTP) improvements allow the MSS to synchronize with a time server.
• IMAP4 super user allows custom IMAP4 clients to monitor many subscriber mailboxes.
• A pre-upgrade tool produces a report that your software specialist uses to plan an upgrade from Modular Messaging R1.1 and R2.0 systems. This tool is installed on the R1.1 or R2.0 system before the upgrade.
• A backup verification tool analyzes the backup media. This tool is also installed on the R1.1 or R2.0 system before the upgrade.
• Administrators can now connect Modular Messaging to their companies' corporate domain or they can create a private domain.

Top of page