AVAYA AURA SYSTEM MANAGER

OVERVIEW
Fabio Felizzola
Channel Sales Engineer

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy
 Avaya Aura® Solution
Avaya Aura®
System Manager Architecture
Geo-Redundant
Failover Avaya
Communicator
Portfolio Applications Applications Applications
SEC
PRI Avaya Aura Presence Services and Snap-Ins and Snap-Ins
Avaya Aura Messaging
Avaya Aura Contact Center
Avaya Scopia® Avaya Aura Experience Portal
Clients Avaya Aura®
Breeze

PSTN
Avaya Session
Avaya Aura® Session Manager Boarder
Controller for
Enterprise
SIP
Trunks

Avaya Aura TDM

Conferencing Trunks

G-Series
Gateway

Avaya
SIP endpoints Avaya Aura® Avaya Aura® Avaya Aura®
3rd Party PBXs Avaya CS 1000
for Survivable Communication Media Server
Remote Manager

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 2
 AVAYA’S SOLUTION MANAGEMENT MODEL

 Avaya follows a 3 layer management structure that is

overlaid on top of the industry standard FCAPS model
and framework for network management.

Fault Configuration Accounting Performance Security

Avaya Maintenance, ACS,

AOS, APS

Service Management
Avaya System Mgmt

CCCM
SMGR VPFM System/Network Management
AIM

EM
EM Element Management
Prod
Prod
Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 3
 AVAYA AURA® SYSTEM MANAGER
(SYSTEM/NETWORK MANAGEMENT LAYER)

Management is a key differentiator to drive customer TCO, both CAPEX and OPEX. Avaya
Signature
Aura® System Manager provides integrated common management for all strategic UC
products, and a converged management solution across the entire Avaya portfolio.

• Single management solution across Avaya UC, CC, SME, and Data products
Value & Benefits • Driving excellent management experiences and low TCO.
Statements • Will provides critical customer features such as geo-redundancy, Web Services Interface
to user data, and increased scale for larger enterprises.
• Simplest enterprise integration with System Manager as the single point of integration
for all Avaya UC applications.

Fault Configuration Accounting Performance Security

+ Logging + Common User + Call accounting, + Leverage Avaya + Authentication

+ Log Harvesting Service Provisioning Usage, and TEM VPFM SSO Framework
+ Data replication + Provided through + Leverage Avaya + Role Based
+ Alarming and distribution Access Control
FCAPS 3rd pty partners Integrated
+ SNMP + Element inventory, (DevConnect) Management FPM (RBAC)
Capabilities + Voice/Data registration for CM + Certificate
+ Geo Redundancy Management
+ Discovery
+ Licensing
framework (WebLM,
PLDS)

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 4
 SUMMARY OF SYSTEM MANAGER 7.0.1
FUNCTIONALITY
 Common User Provisioning  Primary Management Interface
 Provision user services for all apps in (Central UI & Data Master)
single workflow  Session Manager
 Presence Services
 Enterprise Directory Integration  Avaya Breeze
‒ AD, OpenLDAP, Domino, eDirectory and SunOne
 CE Snap-in’s: Work Assignment, Performance
Center, Interaction Center, etc.
 Bulk Import and Export (Excel/XML)
 SMGR and CM Database Reporting
 User Provisioning Rules
 Centralized WebLM Licensing
 Web Services Interface – User
 Runtime Topology Service (RTS)
Provisioning
– Discovery and Inventory
 Multi-Tenant Management
 Scheduler Framework
 Web Services Interface – Routing and
 Trust Management (PKI) framework
Dialing Plan Management
 Data replication and distribution
 Administrator Authentication and Role
Based Access Control (RBAC)  Fault Management
 Embedded Identity Management – Central Logging and Alarm collection

(OpenSSO) for Authentication  Redundancy (High Availability and Geographic

Redundancy)
 Enterprise Level Authentication
– Active Directory, Sun LDAP 5.2, OpenLDAP RADIUS,
 Solution Deployment Manager
Kerberos Security Assertion Markup Language (SAML)

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 5
 SYSTEM MANAGER LANDING PAGE
 Main Landing Page an Admin sees after logging into System Manager
 Supports Single-Sign-On and Role Based Access
 Centralized Management for User Management, Element Management
and Central Services

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 6
 SYSTEM MANAGER 7.0 -
USERS

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 7
 ADMINISTRATOR
Primary User Interface to create and manage
Administrators

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 8
 ROLES - ROLES BASED ACCESS CONTROL
(RBAC)
 System Manager uses RBAC to control access to its management capabilities
 Roles definition page is used for the configuration of Built-in and Custom Roles
 Roles can be applied to any administrator and element

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 9
 PASSWORD POLICY PAGE FOR
ADMINISTRATORS
 Password Policy applies to all System Manager Administrators
 Capabilities include: Industry standard policies for password Aging,
History, Strength and Lockout

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 10
 AUTHENTICATION (SINGLE SIGN ON)
 System Manager Supports local and 3rd Party Authentication services.
 3rd Party Enterprise Authentication via Active Directory, Sun LDAP,
OpenLDAP, RADIUS, Kerberos, and Security Assertion Markup
Language (SAML)

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 11
 USER MANAGEMENT – USER PROVISIONING
MANAGER (UPM)

 Single point of
administration to provision
user services for multiple
Avaya products
 Using User Profile
Manager (UPM) you can
perform the following
tasks:
– Add a user profile (i.e. user 96xx SIP
identity information)
Avaya
– View, modify, and delete and Communicator
existing user profile
– Add and modify a
communication profile of a Avaya Aura
Conferencing
user (services and endpoint)
– Assign or remove permission, Avaya Aura
Messaging
roles, and groups
– Manage User Contact Lists
– Global Changes
One X Mobile
– Search Utility
Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy Breeze Snap-ins 12
 USER PROVISIONING RULES (UPR)
 Automates the user provisioning process by enabling the creation of
provisioning rules that consist of user attributes and configuration data.
 The UPR can be associated with a user as part of the user provisioning
workflow to automate and simplify the user provisioning process.

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 13
 USER MANAGEMENT - ENTERPRISE
DIRECTORY SYNCHRONIZATION
 System Manager supports over 35 attributes that can be synced to an Enterprise
Directory Server. Some examples include, Phone Number, Mailbox Number,
Employee Number, Location Information, User Provisioning Rule, as well as many
other attributes associated with an Employee

User Provisioning Rule Mapping

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 14
 LDAP SYNC OF ENTERPRISE DIRECTORY ADMIN
ROLES WITH SMGR ADMIN ROLES
Enterprise LDAP
Server
What and Why

 System Manager 7.0 introduces the ability to synchronize

Enterprise Directory roles as defined in a customer’s LDAP
Directory to System Manager Administrator roles.

 Built upon SMGR’s User Management LDAP Directory

Synchronization feature.

 Introduces a new LDAP attribute mapping in SMGR that allows

the Administrator to correlate an LDAP Directory role to a System Manager 7.0
System Manager role as defined in SMGR RBAC.

 The attribute mapping mechanism includes both pre-defined

System Manger 7.0
system roles as well as custom roles on SMGR. LDAP Mapping UI

 Simplifies the central administration of System Manager

Administrators

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 15
 SYSTEM MANAGER 7.0
- ELEMENTS

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 16
 ELEMENTS OVERVIEW
 The Elements section of the SMGR Landing Page enables an administrator to
access Element Managers that are local (on SMGR) and remote (on element) to
SMGR. Direct access is enabled via the Single Sign On (SSO) feature in SMGR
 The Element Mangers provide applications specific Administration, Maintenance and
Performance Reporting for the Avaya Aura Product

 Applications supported include: Session Manager, Communication Manager,

Presence, Engagement Development , Media Server, Work Assignment,
Conferencing, Messaging, Meeting Exchange, IP Office, and CS1000 Call Server

Session Manager - Element Manager Example

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 17
 SYSTEM MANAGER 7.0 -
SERVICES

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 18
 SYSTEM MANAGER GEOGRAPHIC
REDUNDANCY

Continuous
Data Sync

System Manager Primary System Manager Secondary

Primary/Secondary Strategy Failure Mode Recovery Mode

• Primary System Manager in Data
Center 1 and Secondary System Manager in
Data Center 2
• System Managers are on different subnets
In normal operation (Sunny Day mode):
• Primary SMGR is ACTIVE (read/write)
Secondary SMGR is STANDBY (read only)
• Primary SMGR replicates database changes
to the Secondary SMGRs
• Primary SMGR provides all Mgmt. Services
• Secondary
Avaya – ConfidentialSMGR has aUse
& Proprietary. sub-set oftoServices
pursuant
• “Heartbeat” between the SMGR’s
will send alarm if connection lost
between SMGRs
• Manual activation of Secondary
• Secondary SMGR server can take
over all management functions
• Both SMGR servers can operate,
each managing a subset of the
network in a “Split WAN” scenario.
your signed agreement or Avaya Policy
• Heartbeat reestablished.
• Chose go-forward Database as part
of recovery
• SMGR GR provides health data and
statistics to aid in the recovery
process
19
 MULTI-TENANT SUPPORT FOR PRIVATE
CLOUD
For Enterprise customers requiring segmentation of
users into Tenant group with within their Avaya Aura® Segmentation of Users into Tenant Groups. Administrators
solution view/manage one Tenant at a time

As in the case of separation for security purposes, Phone number ranges can be assigned to each tenant
organization divisional purposes etc. Administrators permissions restrict access to specific
Tenant Groups so only Administrators assigned to a
(Capex model) specific group can perform admin tasks on users of that
Tenant
Management interface for Inter-Tenant Communication
Control (ITCC) feature
System Manager Provides other management functions (Fault management,
Logging, Licensing, Software Management, Security
Certificates (PKI))
Granular management of all CM objects, many with discrete
access control

Avaya Aura® Infrastructure

- Single Aura solution supports
Presence AES
multiple Tenants/Customers
Avaya Aura® Avaya Aura® Messaging
Session Communication AAC
Manager Manager

SBC Inter-tenant Communication Control (ITCC):

Enables applications to segregate features for each
customer (SM, PS, CM)
Tenant #1
End-Users in one Enterprise cannot call End-Users in
another Company without going out of the Aura to the
CSP’s PSTN infrastructure and back into Aura
Tenant #2 Contact lookup & Presence across tenants is also
Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy restricted 20
 SOLUTION DEPLOYMENT MANAGER (SDM)
 Solution Deployment Manager is an integrated utility used to automate and help maintain
the management of firmware and software for Session Manager, Communication Manager
(including TN Boards and Media Modules), Gateways and IP Office. It is also used to
deploy all Avaya Aura 7 application OVAs.
 Capabilities Include: OVA deployments, Virtual Machine Management, Local Software
Library, Analyze software versions of discovered elements and cross reference customer
entitlements in PLDS; Download new versions of software/firmware from PLDS, perform
pre-upgrade checks, and ability to rollback an upgrade

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 21
 SOLUTION DEPLOYMENT MANAGER-CLIENT (SDM-
CLIENT)

 For the initial SMGR deployment or where SMGR is not accessible (such as
certain remote locations), there will be a SDM-Client that can reside on a
technician’s laptop/PC. This will provide the necessary functionality to install the
OVAs on either an Avaya Appliance or Customer Provided VE. The SDM client
will use the same API back end and user interface as the main SMGR/SDM.

 Note that the SDM-Client is not

intended to be the main solution, but
rather cover special cases where a
Centralized SMGR-SDM is not
available.
 SMGR with embedded SDM is the
RH Linux
primary management solution for
Avaya Aura 7.0
SDM-Client 7.0
OVA
AVP
AVP

System Manager 7.0

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 22
 SOLUTION DEPLOYMENT MANAGER - CLIENT (SDM-
CLIENT)

 For the initial SMGR

deployment or where SMGR is
not accessible
 Windows based (Win 7 and 8)
 Support Flexible Footprint
 Application Configuration
 Lifecycle Management
 Patch AVP Hypervisor
 Patch SMGR
 Migrate SMGR from System
RH Linux
Platform
 Can be used with AVP
Appliance and Customer VE SDM-Client 7.0
OVA
AVP
Offers AVP

Note: The SDM-Client is not intended to be the main Aura System Manager 7.0
Management solution

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 23
 LICENSE MANAGEMENT – CENTRALIZED
WEBLM IN SMGR
 System Manager can provide License Management for Avaya Aura Applications.
 Capabilities Include: Ability install and uninstall Licenses; Configure License Server
properties; and View license utilization for supported applications

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 24
 SYSTEM MANAGER – CM AND DATABASE
REPORTS
System Manager provides the ability to generate reports based on
Communication Manager objects that are stored in the System Manager
database and list/Display Reports run on Communication Manager.

Capabilities include:
• Reports can be generated in CSV, PDF or HTML
formats
• Ability to customize report output (e.g. which fields,
report header, delimiters)
• Ability to send report to a predefined Email address.
As well as to Secure Copy (SCP) and sFTP report
output to a file server
• Ability to control access via the System Manager
RBAC infrastructure
• A total of 500 canned CM List and Display reports will
be available in SMGR 7.0. In addition, the reporting
infrastructure is capable of running reports against all
CM attributes stored in the SMGR database.
• Enables customers using ASA/MSA Reporting to have
the same services available after migrating to SMGR.

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 25
 WEB SERVICES INTERFACE – USER
MANAGEMENT
 Avaya Aura® System Manager User User Create, Update and Delete Work Flow
Management Web Service (UM WS) interface
will support provisioning of users in the System
Manager. Invokes
Client App
 Using System Manager UM WS, you can:
– Create and update user profiles and associate Status Invokes
users with groups, roles, and communication
addresses, for example, handle and domain, User Manager •Authenticate user
and communication profiles. Communication Server Side Web method •Authorize user
•A wrapper which will expose
profiles include the Avaya Aura® Session User Management method for
Manager (SM) profile, Avaya Aura® one record in single message
Communication Manager endpoint profile, CS Invoke

1000 endpoint profile, Avaya Aura® Messaging

profile, CallPilot messaging profile, and IP Data converter •Data Validation
•Converts user data
Office Branch Gateway endpoint profile. object to the DB specific
object
– Create and update the user profile with a Existing APIs
Invoke
contact list, addresses, and private contacts.
– Retrieve a list of users with minimal user data RMI API Extension Pack
(includes Business Logic
(UPM API)
based on search criteria And DB extension)
Various logs will be
– Obtain complete user profiles based on the generated at the
server side Persist Element
login name. Managers

– Delete user profiles. SMG

CM
R DB
 Documentation and SDKs posted on Avaya CS1000
DevConnect
etc.

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 26
SYSTEM MANAGER WEB SERVICES INTERFACE FOR
ROUTING AND DIAL PLAN MANAGEMENT

What and Why

Customers and partners have a WS API
need to automatically update routing
data within SMGR without the need
to go to the SMGR UI. Data affecting
SM routing data
The Dialing Plan and Routing System
Manager (customer provided)
Management Web Service Interface 7.0
will provide for remote programmatic
access for querying, adding,
modifying, and deleting of Session
SMGR
Manager Routing domain data. DB

The primary Routing domain data

Avaya Aura®
types are Domains, Locations, Avaya Aura® Session Avaya Aura®
Adaptations, SIP Entities, Entity Communication Manager Communication
Manager Manager
Links, Time Ranges, Routing
Policies, Dial Patterns, and Regular
Expression data.

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 27
 END USER SELF SERVICE PORTAL
 Supports Password Change for SIP Communications Profile, CM Endpoint
PIN (H.323 Clients) and Messaging Password

 Password Change User Interface can be launched from any device that Enterprise
Authentication
supports a browser (Browser on PC, IPhone, IPad, Android Device) Server

 A user’s Communication Address (SIP or E.164 Handle) and existing

Communication Profile password are required to initiate the password
change. This is not a password reset feature.

 External Authentication (7.0.1). Supported LDAP Applications: Active

Directory 2003, 2008, 2012; OpenLDAP 2.4.21; IBM Domino 7.0; Novell
eDirectory 8.8; SunOne Directory/Java System Directory 6.3. Up to Two
LDAP Servers are supported.

 Supports Password Complexity set by Avaya Aura Administrator

SMGR Self-Service
Portal

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 28
 BULK IMPORT EXPORT – USER PROVISIONING
DATA AND ROUTING DATA
 System Manager provides the ability to bulk import and export routing, user, and
element data.
 XML and Excel based file formats are supported.

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 29
 SECURITY - CERTIFICATE MANAGEMENT
 System Manager can function as a CA (Certificate Authority) for Avaya products, to
establish a trust relationship (PKI)
 Capabilities Include : Certificate storage and distribution to Avaya Products; Automatic
renewal of expired or about to expire certificates; raising alarms on critical certificate
related events; Add, modify, and remove certificates; and the ability to replace Avaya
certificates with 3rd party certificates

Support 3rd Party Certification whitepaper available on http://support.avaya.com

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 30
 OUT OF BAND MANAGEMENT (ISOLATED
MANAGEMENT LAN)
What and Why

 Avaya Aura 7 introduces the ability to separate management and non-management network traffic across two
physically and/or logically separated connections which enables customers to simplify network planning and
security by isolating administrative/system management traffic separate from the public networking traffic. OOBM
on the Avaya Provided Servers is implemented based on the networking facilities available in the Appliance
Virtualization Platform (AVP).

 The Solution Deployment Manager (SDM) service within System Manager will provide the configuration of the
OOBM management IP addresses, vSwtich, port group setup and any static routing required to route traffic onto the
management network.

 The OOBM feature is also available for Customer Provided Virtualization Environments (VE). In the Customer
Provided VE offer, the customer is responsible for the configuration of the vSwitches and connection to the network.

Examples of SMGR Management Network Traffic Include:

• Database Replication with Session Manager
• Element Management (i.e. SM, CM, etc.)
• User Management
• Solution Deployment, Upgrades and Updates

Examples of SMGR Non-Management or Public Network Traffic

Include:
• End-user Self-provisioning
• Client devices getting certificates through SCEP

Applications that support OOBM include:

CM, SM, SMGR, AES, PS, H323 Gateways

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 31
 INVENTORY
 Lists the Elements registered with System Manager
 Capabilities Include: Element Discovery, Element Synchronization with SMGR, Management of
Serviceability Agents, Edit Element Configuration Properties

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 32
 ALARM MANAGEMENT
 System Manager uses standard SNMP (v1,v2c and v3) for alarm management.
 Capabilities Include : Alarm viewer; Ability to sort, filter or search for an alarm;
View details of an alarm; Change status of an alarm; Export alarms; E-mail
notification of an alarm

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 33
 LOG MANAGEMENT
 System Manager provides central access to application log harvesting, audit logging
of Admin activity and security log collection.
 Capabilities Include : Log Harvesting; Log Viewer; Ability to list, sort, filter or search for
logs; and View details of a log

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 34
 BACKUP AND RESTORE
 System Manager provides for the backup and restore of data that is stored in the
SMGR database.

Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 35
Avaya – Confidential & Proprietary. Use pursuant to your signed agreement or Avaya Policy 36