Avaya

Modular Messaging Help

Home | Search | Site Index
Print | Back | Fwd | Legal | Close

 Getting Started 
 Installation 
 Administration 
 Maintenance 
 Reference 
Home > Getting started > Modular Messaging and security > Adjuncts

Adjuncts

The Modular Messaging system includes components and features that depend on the Avaya Messaging Application Server (MAS) and Avaya Message Storage Server (MSS).

Topics in this section include:

Access Security Gateway

This topic discusses the Access Security Gateway (ASG) for Modular Messaging systems with MAS and MSS.

The ASG is an optional authentication interface. You can use ASG to secure the voice mail, system administration, and craft logins on the MSS. The gateway uses a challenge-and-response mechanism rather than the standard login and password to use dial-up communication ports. To start an administrative or maintenance session, dial-up port users must enter a valid login ID to activate the ASG interface. To use the administration and maintenance features, you must enter the correct numeric response. Using the ASG can reduce the possibility of unauthorized remote access to the system.

You administer ASG parameters to specify whether access to the system requires ASG authentication. You can assign this protection to all system administration maintenance ports or to a subset of those ports. If ASG does not protect a port or login, the user can enter the system with the standard login and password.

The following procedure describes how the ASG interface works:

  1. At the beginning of the login session, the user is prompted to enter a login ID.

  2. When ASG receives the login ID, it generates a number based on the system ASG secret key number. Next, ASG presents this 7-digit number as a challenge.

  3. The user must have a hand-held device, called the ASG Key. The ASG Key must be set with an ASG secret key number. The secret number must match the assigned user ASG secret key number in the Modular Messaging system.

  4. The user enters the PIN and challenge number into the ASG Key.

  5. The ASG Key generates and displays a unique, 7-digit numeric response that corresponds to the challenge number.

  6. The user enters the response number at the prompt.

  7. When the user response corresponds to the numeric response expected by the Modular Messaging system, the user logs in.

If the response does not correspond, the user is not authenticated and is denied access to the system. Also, the failed authentication attempt is recorded in the system history log.

Note: The system administrator determines how many times a user can try to log in. If the user is not authenticated after that number of attempts, the system displays the message INVALID LOGIN and terminates the session.

For more information on administering ASG on Modular Messaging systems with MAS and MSS, see "Administering the Access Security Gateway (ASG)" on the Modular Messaging with Avaya MAS and MSS CD-ROM.

For more information about ASG and Avaya Modular Messaging security, see ASG Key User Guide, 585-212-012.

Mailbox Manager

This topic discusses Mailbox Manager (MBM) for Modular Messaging systems with Avaya Message Storage Server (MSS).

Mailbox Manager for Avaya Modular Messaging is a Windows interface for executing moves and adds. Mailbox Manager affects the database stored on the MSS of the Modular Messaging system. Administrators can create, edit, and delete subscribers. Administrators can also edit Class of Service (COS) profiles. Mailbox Manager extracts information from the MSS and maintains an offline database on your desktop. You can make the changes that you want to the subscribers and COSs. Mailbox Manager sends the changes to the MSS.

Mailbox Manager uses the Lightweight DIrectory Access Protocol (LDAP) to communicate  with the MSS. You can configure Modular Messaging to enforce several levels of security when Mailbox Manager uses LDAP.

  • The lowest security level does not require encryption. Mailbox Manager does not need to use any security except that subscriber passwords are automatically encrypted.

  • The middle security level is to force use of Simple Authentication Security Layer (SASL). The credentials that Mailbox Manager uses to log in to the MSS are encrypted. Subscriber passwords are automatically encrypted.

  • The highest security level is to force use of Secure Sockets Layer (SSL). The MSS insists that the entire LDAP communication with Mailbox Manager be encrypted.

The selection of security settings depends on the firewall, network bandwidth, and capacity of your system.

Typically, you install Mailbox Manager on a system administrator desktop or laptop computer. You can also install MBM on the current administrator workstation when the computer meets the minimum requirements. For more information, see the Mailbox Manager User Guide. The Mailbox Manager User Guide is available on the Mailbox Manager Software CD-ROM in pdf format.

Mailbox Manager has a static IP address needed for the Trusted Server connection. However, if the corporate network has a dynamic host configuration protocol (DHCP) environment, Mailbox Manager must be installed on the MAS.

Mailbox Manager connects to a network through a trusted server connection on the MSS. Mailbox Manager uses the mbmserver trusted server profile on the MSS. The mbmserver profile consists of the IP address of the computer on which you have set up MBM and a password. You must use alphanumeric character combinations for trusted server passwords. Ensure that passwords are at least eight characters in length and not composed of easily guessed words or numeric combinations.

Note: When changing the password for the mbmserver profile on the MSS, you must run the Connection Setup wizard to establish connection between the MBM computer and the MSS. For more information, see the Mailbox Manager User Guide. The Mailbox Manager User Guide is available on the Mailbox Manager Software CD-ROM in pdf format.

You can use two types of logins to access MBM: System Technician and System Administrator. The System Technician login is reserved for technical support representatives. The System Administrator is the primary login and does not have a default password.

You can create additional users and set up permissions for each user. Password protect all logins to MBM.

Do not leave any desktop or laptop computer that has MBM installed unattended, even briefly. Lock your computer whenever you are not working on it to prevent any unauthorized access to MBM. Avaya recommends that you change the passwords on a regular basis to prevent unauthorized people gaining access to your system and adjuncts.

Messaging Network

Avaya Message Networking (MN) system is a network integrator. Message Networking allows the Avaya Modular Messaging system to communicate with other messaging servers that use supported industry-standard and Avaya proprietary protocols. You can network Modular Messaging with additional Modular Messaging and voice mail systems. To do so, use Avaya Message Networking with the MSS over the LAN. For more information on Modular Messaging networking for systems with Avaya MAS and MSS, see Networking.

For more information about Messaging Network access and security, see "Messaging Network access" in Access mechanisms. For more information about Messaging Network access, see "Network security issues that can occur" in Network security.

Web Client

The Avaya Modular Messaging Web Client provides a Web-based visual client interface to the messages stored on the MSS. Subscribers can use a Web browser to access and to manage their messages just as they do from standard e-mail applications.

The Web Client server software can be installed only on English versions of Windows 2003 server. If you install the Web Client server for use in Asian languages, you must install the Windows East Asian language pack. Otherwise, the system does not display languages properly for the Web Client users. For more information, see your Windows 2003 server documentation.

Installation requirements for the server software include the following installations:

  • Install the server software directly on a server without using Terminal Services.

  • Install and routinely update Microsoft Windows security patches to protect the operating system from known security weaknesses. See http://www.avaya.com/ support for recommended Microsoft service packs and security updates.

Software requirements for the client personal computer include the following applications:

  • Windows 2000 or Windows XP

    Caution!
    If users try to log on to the Web Client with an unsupported browser, the system might block the logon. The type of unsupported browser the user is using determines whether logon is blocked. For example, the system blocks logon with Apple and UNIX operating systems, but not with some versions of Internet Explorer or Netscape Navigator. If users are allowed to log on with an unsupported browser, Web Client features might not function properly.

  • Internet Explorer Release 6.0 with Service Pack 1

For more information, see "Software prerequisites" in Avaya Modular Messaging Web Client Server Installation and Upgrades (pdf). The guide is on the Web Client software CD-ROM.

Avaya Unified Communication Center Speech Access

Avaya Unified Communication Center Speech Access (UCC SA) provides an interface that enables subscribers to use speech commands to perform the following tasks through a telephone:

  • Use and manage voice messages.

  • Place calls.

  • Place conference calls.

  • Use Microsoft Exchange.

  • Use IBM Lotus Domino.

UCC SA subscribers use a telephone to communicate with UCC SA in spoken English, regardless of user location. UCC SA employs Automatic Speech Recognition (ASR) technology to respond to speech commands and uses Text-to-Speech (TTS) technology to read text messages.

There are two types of configurations. In a UCC SA standalone configuration, all UCC SA platform components and software applications reside on one server, the Speech Server. In a multiple server configuration, two or more speech servers are connected to form a multiple server configuration referred to as a Server Set.

The UCC SA platform consists of Windows-based speech servers that provide data connectivity. The UCC SA uses standard communication protocols to interact with external systems. Based on the different systems that can be included in a UCC SA configuration, there are network and security issues that must be addressed.

Avaya expects the UCC SA installer or administrator to implement the following security practices:

  • Implement the UCC SA platform within the company network.

  • Use the corporate firewall that manages Internet access to protect both the standalone and the multiple server configurations.

  • In multiple server configurations, install the UCC SA software on all speech servers with NMS cards in the Server Set. Connect all speech servers to a common private branch exchange (PBX). The Server Set must be on the same network.

  • Follow Microsoft recommendations on how to secure Windows-based servers. For the latest security checklist, see the Microsoft Web site at www.microsoft.com.

  • Practice baseline security measures for Windows, including the following tasks:

For more information, see "Interoperability and security" in the Avaya Unified Communication Center Speech Access (UCC SA) Site Preparation Guide (pdf). The guide is on the UCC SA documentation CD-ROM.

 

Top of page

Home | Search | Site Index | Print | Back | Fwd | Legal | Close

©2007 Avaya Inc. All rights reserved. Last modified: