Product Support Notice



Similar documents
Product Support Notice. FTP backup MSS to a Windows 2003 Server

Product Support Notice

Citrix XenServer Workload Balancing Quick Start. Published February Edition

Dell One Identity Cloud Access Manager How to Configure for High Availability

F-SECURE MESSAGING SECURITY GATEWAY

Integrated Citrix Servers

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

How to Configure an Initial Installation of the VMware ESXi Hypervisor

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Web Security Firewall Setup. Administrator Guide

Trouble Shooting SiteManager to GateManager access via a corporate Intranet

Contents Notice to Users

Product Support Notice

F-Secure Messaging Security Gateway. Deployment Guide

DameWare Server. Administrator Guide

Web Remote Access. User Guide

Fireware Essentials Exam Study Guide

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

MIGRATION GUIDE. Authentication Server

HP Device Manager 4.7

Enable Connectivity for 3PAR Storage:

SOA Software API Gateway Appliance 7.1.x Administration Guide

Dell One Identity Cloud Access Manager Installation Guide

vrealize Air Compliance OVA Installation and Deployment Guide

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Deploying Dell OpenManage Server Administrator on VMware ESXi Using Dell Online Depot and VMware Update Manager

Installation Guide Supplement

ENABLING SINGLE SIGN-ON FOR EMC DOCUMENTUM WDK-BASED APPLICATIONS USING IBM WEBSEAL ON AIX

Deploy Remote Desktop Gateway on the AWS Cloud

Syncplicity On-Premise Storage Connector

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

CA NetQoS Performance Center

CA Spectrum. Microsoft MOM and SCOM Integration Guide. Release 9.4

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

Disaster Recovery Configuration Guide for CiscoWorks Network Compliance Manager 1.8

Deployment Guide. Deploying F5 BIG-IP Global Traffic Manager on VMware vcloud Hybrid Service

Using IIS Application Request Routing to Publish Lync Server 2013 Web Services

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

RealPresence Platform Director

Configuring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0

Interworks. Interworks Cloud Platform Installation Guide

2 Downloading Access Manager 3.1 SP4 IR1

Installation Guide. SafeNet Authentication Service

Integrating Avaya Aura Presence Services with Microsoft OCS

EMC Data Domain Management Center

Hyper V Windows 2012 and 8. Virtual LoadMaster for Microsoft Hyper V on Windows Server 2012, 2012 R2 and Windows 8. Installation Guide

Ports Reference Guide for Cisco Virtualization Experience Media Engine for SUSE Linux Release 9.0

Spotlight Management Pack for SCOM

Placing the BlackBerry Enterprise Server for Microsoft Exchange in a demilitarized zone

Transparent Identification of Users

Sample Configuration: Cisco UCS, LDAP and Active Directory

The steps will take about 4 hours to fully execute, with only about 60 minutes of user intervention. Each of the steps is discussed below.

.Trustwave.com Updated October 9, Secure Web Gateway Version 11.0 Amazon EC2 Platform Set-up Guide

Clearswift SECURE Exchange Gateway Installation & Setup Guide. Version 1.0

Remote Filtering Software

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

Rebasoft Auditor Quick Start Guide

Avaya Port Matrix: Avaya Diagnostic Server 2.5

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

User Guide. Cloud Gateway Software Device

SSL-VPN 200 Getting Started Guide

Resonate Central Dispatch

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

IGEL Linux and Microsoft Remote Desktop Connection Broker 2012 R2

Using Cisco UC320W with Windows Small Business Server

Foglight. Foglight for Virtualization, Free Edition Installation and Configuration Guide

Configuring PA Firewalls for a Layer 3 Deployment

StatusScope Remote Monitoring Service. Mobile User Guide

How To Manage Storage With Novell Storage Manager 3.X For Active Directory

Configuration Notes 0215

Deploying EMC Documentum WDK Applications with IBM WebSEAL as a Reverse Proxy

Product Support Notice

Deploying System Center 2012 R2 Configuration Manager

Cloud.com CloudStack Community Edition 2.1 Beta Installation Guide

Integration Guide. SafeNet Authentication Service. Using SAS with Web Application Proxy. Technical Manual Template

Symantec AntiVirus Corporate Edition Patch Update

Overview of WebMux Load Balancer and Live Communications Server 2005

Trouble Shooting SiteManager to GateManager access

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1

Owner of the content within this article is Written by Marc Grote

Application Note. Gemalto s SA Server and OpenLDAP

Network Configuration Settings

RackConnect User Guide

Deploying F5 to Replace Microsoft TMG or ISA Server

XMS FULLY AUTOMATED PROVISIONING: SERVER CONFIGURATION AND QUICK START GUIDE

MS Skype for Business and Lync. Integration Guide

Application Notes for the Ingate SIParator with Avaya Converged Communication Server (CCS) - Issue 1.0

Cisco Expressway IP Port Usage for Firewall Traversal. Cisco Expressway X8.1 D December 2013

Strong Authentication for Microsoft TS Web / RD Web

Installing and Configuring vcenter Support Assistant

Deploying IBM Lotus Domino on Red Hat Enterprise Linux 5. Version 1.0

Secure Installation and Operation of Your Xerox Multi-Function Device. Version 1.0 August 6, 2012

Quick Guide of HiDDNS Settings (with UPnP)

Application Notes for Configuring Yealink T-22 SIP Phones to interoperate with Avaya IP Office - Issue 1.0

CTERA Portal Datacenter Edition

For Active Directory Installation Guide

SGI NAS. Quick Start Guide a

Transcription:

PSN # PSN004098u Product Support Notice Original publication date: 8-Nov-13. This is Issue #06, Published date: 21-Feb-14. 2014 Avaya Inc. All Rights Reserved. Severity/risk level High Urgency Complete by ATTENTION: Mandatory Administrative Update for SAL Remote Access Infrastructure Improvement PRODUCTS AFFECTED: All versions {versions 1.5, 1.8., 2.0, 2.1, 2.2} of Secure Access Link (SAL) Gateway, including: Standalone SAL Gateway (software only) Virtualized SAL vappliance on VMware SAL Gateway on System Platform (Services-VM) SAL Gateway packaged with Avaya Diagnostic Server ION SAL SA5600 DESCRIPTION OF CHANGE: SAL remote access backend infrastructure update In support of the Westminster facility and data center migration and in continuing efforts to ensure our remote access connectivity solution with our customer is as current as possible, Avaya is updating the Secure Access Link (SAL) remote access backend infrastructure. This upgrade will provide increased scalability and availability of the communication between customer and partner SAL Gateways and Avaya s infrastructure. Part of this upgrade will consist of moving the current environment to a new facility which will require some configuration changes at the customer site in order to take advantage of the new capabilities. SAL was designed based on the strictest customer security requirements which mandated a premise-based configurable solution. Due to this design, customer configuration changes will be necessary to ensure continued support. The details for the changes required by the customer and partner are listed in this PSN and include updating firewalls, outbound proxies, and DNS host entries with new IP addresses and fully qualified domain names (FQDN) to allow SAL Gateways to connect appropriately with the new environment. The changes on the customer network to accommodate the new IP addresses and FQDNs are critical for continued access and ability to support Avaya products via the SAL remote access method. In order to provide the best support possible we are asking that all Customers and Business Partners make these change within the timeframes listed below. Avaya will utilize automation to reconfigure/re-point most of the SAL Gateways, but only if they have network access to the new environment. Thus it s imperative to verify and comply with the details within this PSN. Please note: This PSN and Infrastructure update has no impact on the SAL alarming capabilities or infrastructure CUSTOMER ACTIONS REQUIRED: Each customer environment is unique and may need to address different variables within their environment. For each environment, the following questions need to be asked: 1. Do you have any firewall rules that enable SAL Gateway to communicate with Avaya SAL Enterprise? 2. Does your environment have a proxy server? 3. Does your SAL Gateway use DNS to communicate to Avaya? Note: Firewall and proxy settings within the customer network can be made immediately in preparation for the migration. Administration configuration changes to the SAL Gateway cannot be made before March 17, 2014. Any changes previous to this date will introduce disruption of remote access services. Based on the answers to the above questions, the following network settings decision table will aid you in the required changes.

Network settings update decision table To move to the new Avaya infrastructure, determine which scenario applies to you. Complete the actions listed in the following table according to one of the two conditions that matches your network environment. The actions are described in the Network settings update table. Does your SAL Gateway use DNS resolution to communicate with the current Avaya SAL Remote Server and Global Access Servers? Actions (Details for each Action ID are detailed in Table 2: Network Settings Updates) Yes 1. Change your firewall settings, if applicable. 2. Change your outbound proxy server settings, if applicable. No 1. Change your firewall settings, if applicable. 2. Change your outbound proxy server settings, if applicable. 3. Change the network mapping for the operating system of the SAL Gateway host. 4. Change the Remote Server hostname in the SAL Gateway UI ONLY if your current setting is sl1.sal.avaya.com or 198.152.212.33 Due date Complete between now/receipt and April 30, 2014 NOTE: Avaya will reconfigure SAL Gateways to point to the new SAL Remote Servers. (remote.sal.avaya.com, sas[1-4, 21, 22, 31, 32].sal.avaya.com) Therefore, you must complete the listed actions by April 30 to avoid interruption in the communication to the Avaya Remote Access infrastructure. Complete between now/receipt and April 30, 2014 NOTE: Complete the listed actions by April 30 to avoid interruption to the remote access infrastructure. Complete between March 17 and NOTE: Start the listed actions beginning March 17, 2014 to avoid interruption to the remote access infrastructure. Network Settings Updates (Table 2) # Action Description Required 1 Change your firewall settings Contact your networking and IT teams to configure the firewall Yes on your network to allow access to the new hostnames, IP Complete between now/receipt and the addresses, and ports mentioned in the IP Reference Tables section (Table 1). 2 Change your outbound proxy server settings Complete between now/receipt and the 3 Change the network mapping for the operating system of the SAL Gateway host Have your proxy server configured to allow outbound communications to the new hostnames, IP addresses, and ports mentioned in the IP Reference Tables section (Table 1). The following is a sample procedure to modify the network mapping for a Linux host to add the new addresses. You may use other methods to add the new addresses to the hosts file. 1. Log in to the Linux server as the root user. 2. Open the hosts file located at /etc/hosts in the text Yes Yes, if you do not use global DNS resolution 2014 Avaya Inc. All Rights Reserved. Page 2

# Action Description Required Complete between March 17 and April editor, and add the following entries: 30, 2014 135.11.107.20 remote.sal.avaya.com 135.11.105.105 sas1.sal.avaya.com 135.11.105.106 sas2.sal.avaya.com 135.11.105.107 sas3.sal.avaya.com 135.11.105.109 sas4.sal.avaya.com 135.10.203.5 sas21.sal.avaya.com 135.10.203.6 sas22.sal.avaya.com 198.152.76.5 sas31.sal.avaya.com 198.152.76.6 sas32.sal.avaya.com 3. Save and close the file. 4 Change the Remote Server hostname in the SAL Gateway UI ONLY if your current setting is sl1.sal.avaya.com or 198.152.212.33 Completion between March 17 and 1. Log on to the SAL Gateway UI. 2. Based on your SAL version, perform one of the following in the navigation pane: For version 1.5 to 1.8, click Administration > Remote Access. For version 2.0 to 2.2, click Administration > Remote Server. 3. Click Edit, and enter the new address for Remote Server in the following fields: For version 1.5 to 1.8, modify the values in the Primary Server Host Name / IP Address and the Secondary Server Host Name / IP Address fields. For version 2.0 to 2.2, modify the values in the Primary Remote Server and the Secondary Remote Server fields. See Table 1 in the Reference Tables section for the new hostname and the IP address of Remote Server. 4. Click Apply. 5. Log off from the SAL Gateway UI. Yes, if you do not use global DNS resolution 2014 Avaya Inc. All Rights Reserved. Page 3

IP Reference Tables This section contains the values for the additional hostnames and IP addresses as part of the Avaya Remote Access infrastructure upgrade for the Primary Remote Server and the Secondary Remote Server. Table 1: Additional IP addresses for SAL Remote Server Port: 443/TCP Hostname IP Address Subnet Mask Notes remote.sal.avaya.com 135.11.107.20 255.255.255.128 Deployed November 2013. sas1.sal.avaya.com 135.11.105.105 255.255.255.224 Deployed November sas2.sal.avaya.com 135.11.105.106 2013. sas3.sal.avaya.com 135.11.105.107 sas4.sal.avaya.com 135.11.105.109 sas21.sal.avaya.com 135.10.203.5 135.10.203.0/28 Additional servers are sas22.sal.avaya.com 135.10.203.6 sas31.sal.avaya.com 198.152.76.5 198.152.76.0/28 sas32.sal.avaya.com 198.152.76.6 being deployed in the first half of calendar year 2014. In anticipation of this infrastructure increase, these host names must be included to assure uninterrupted operation. TESTING YOUR CHANGE: To ensure that the configuration settings have been completed and the SAL Gateway is successfully migrated, the following test can be run. 1. Ensure to test the connections after the all of the changes have been made for each of the IP addresses in Table 1. 2. The tests below can use either curl or wget, which are available as commands on the SAL Gateway Operating System. 3. Note the following: If your SAL Gateway HTTPS requests are proxied, you will need to do the following step first. If you do not run this command for your proxy, the subsequent test commands will not succeed. a. Please export the https_proxy variable. b. Replace your proxy server address for <proxyserver.net> and port for <port> as per example below: export https_proxy https_proxy=http://<username:password@><proxyserver.net>:<port> e.g. export https_proxy https_proxy=http://proxy.mycompany.com:8000/ 4. Log into your SAL Gateway. Any user privilege can run this following command. 5. To test using curl, type in the following command: curl -m10 -k -o /dev/null --silent --head --write-out '%{http_code}' https://remote.sal.avaya.com:443 2014 Avaya Inc. All Rights Reserved. Page 4

Example screenshot of the curl command being run successfully from linux login [user] - A response with a value of 200 indicates SUCCESSFUL communication: curl -m10 -k -o /dev/null --silent --head --write-out '%{http_code}' https://remote.sal.avaya.com:443 200 6. To test using wget, type in the following command: wget --no-check-certificate --timeout=10 --spider -S "https://remote.sal.avaya.com:443/" 2>&1 grep "HTTP/" awk '{print $2}' Example screenshot of the wget command being run successfully from linux login [user] - A response with a value of 200 indicates SUCCESSFUL communication: wget --no-check-certificate --timeout=10 --spider -S "https://remote.sal.avaya.com:443/" 2>&1 grep "HTTP/" > awk '{print $2}' 200 7. Repeat either command for all IP addresses and host names in table 1. ADDITIONAL INFORMATION FOR OUR BUSINESS PARTNERS: Avaya will publish additional guidance for BPs with and without concentrators once the new migration dates have been announced. HELPFUL TIPS AND FAQS: The following are some helpful hints. However, they might not apply to all customer networking requirements. In general, customers and partners need to apply their policies to allow outbound HTTPS connections to Avaya. Firewall and proxy settings within the customer network can be made any time in preparation for the. Administration configuration changes to the SAL Gateway cannot be made before March 17, 2014. Any changes prior to this date will introduce disruption of remote access services. Avaya will use automation to reconfigure the SAL Gateways to point to the new SAL Remote Servers. This automation will validate that the Gateway can communicate through firewall and proxies prior to making the SAL Gateway configuration change. The network changes in the PSN are critical to support this automation. Also note that Avaya may utilize this automation outside of the dates noted above. If DNS is not configured and you are using static mapping between IP address and FQDN, ensure that the /etc/hosts and /etc/sysconfig/network files have host name entries that match the ones the system displays when you use the command hostname. If all of the SAL server host names or IP addresses are not included in the SAL Gateway configuration update, including those scheduled for deployment later in 2014, you will have intermittent connectivity for SAL Remote Access. 2014 Avaya Inc. All Rights Reserved. Page 5

IMPACTS AND MITIGATIONS: Avaya will maintain both data centers for a limited time afterwards to avoid customer disruption and evaluate compliance; however, that does not lessen the urgency for customers to take action listed in the PSN. In order to receive the best possible support from Avaya, we are asking for your support in migrating by the dates in the tables above. If the necessary changes to the customer network configuration have not been completed before the shutdown date, the customer may no longer receive remote access support through the SAL infrastructure. Disclaimer: ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED AS IS. AVAYA INC., ON BEHALF OF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES (HEREINAFTER COLLECTIVELY REFERRED TO AS AVAYA ), DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE STEPS RECOMMENDED WILL ELIMINATE SECURITY OR VIRUS THREATS TO CUSTOMERS SYSTEMS. IN NO EVENT SHALL AVAYA BE LIABLE FOR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE INFORMATION OR RECOMMENDED ACTIONS PROVIDED HEREIN, INCLUDING DIRECT, INDIRECT, CONSEQUENTIAL DAMAGES, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF AVAYA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE INFORMATION PROVIDED HERE DOES NOT AFFECT THE SUPPORT AGREEMENTS IN PLACE FOR AVAYA PRODUCTS. SUPPORT FOR AVAYA PRODUCTS CONTINUES TO BE EXECUTED AS PER EXISTING AGREEMENTS WITH AVAYA. All trademarks identified by or TM are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. 2014 Avaya Inc. All Rights Reserved. Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information