Avaya 4600 Series IP Telephones Application Note
Contents
1. AVAYA Avaya Solution amp Interoperability Test Lab Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones Issue 1 1 Abstract These Application Notes describe the configuration procedures for enabling Microsoft Office Communicator MOC clients to operate Avaya Communication Manager phones The MOC client and Microsoft Office Communications Server OCS provide the user with multiple modes of communications such as Instant Messaging IM voice and video The configuration steps described herein focus on the TR 87 integration between Avaya Application Enablement Services and Microsoft OCS The TR 87 integration allows MOC clients to make and answer calls on Avaya Communication Manager phones as well as perform basic call control operations such as hold retrieve transfer and disconnect RL Reviewed Solution amp Interoperability Test Lab Application Notes 1 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 1 Introduction These Application Notes describe the procedures for configuring TR 87 integration between Avaya Communication Manager and Microsoft Office Communications Server OCS The TR 87 integration allows a Microsoft Office Communicator MOC client running on a Microsoft Windows computer to operate an Avaya Communication Manager phone using CSTA CTI call control constructs Microsoft OCS is comprised of several component servers that may run2. H E Mediation Servers enabled Peter riffi T t U H T ne P Live Communications Serwer z 4 atk Opens the properties dialog box For the current selection RL Reviewed Solution amp Interoperability Test Lab Application Notes 40 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC User Lois Griffin Properties Communications 7 Enable user For Office Communications Server Sign in name sip lois ia sitlms net Server or pool Entpool sitims net bd Meetings M alow anonymous participants Policy Default Policy f VIEW Mote Meeting settings cannot be changed unless the glabal setting allows per user configuration Additional options OK Cancel Apply Help RL Reviewed Solution amp Interoperability Test Lab Application Notes SPOC 11 5 2007 41 of 48 2007 Avaya Inc All Rights Reserved OCS ACM RCC 3 In the User Options dialog box in the Telephony section select Enable Remote call control enter sip aes lt FQDN of AE Services server gt for Server URI and enter an E 164 Tel URI for Lme URI The trailing five digits of the E 164 Tel URI should contain the user s Avaya Communication Manager phone extension see Section 4 1 In the sample configuration users were configured with Line URIs of the form Tel 17328823xxx where 23xxx 1s the user s Avaya Communication Manager phone extension and 17328823xxx is the corresponding E
3. Select Certificate msocsent1 sithms net Properties General IM Conferencing Telephony Conferencing Certificate Server Certificate Specity the certificate to be used for inbound and outbound connections on this server lssued to Entpool sitlms net Issued by SITLOA Valid from 3162007 17 45 AM to 3715 2009 11 45 AM Delete Certificate Warning This certificate is used by all Office Communications Server roles running on this computer with the exception of the Web Components Server Changing the certificate will have no effect on existing connections OF Cancel Apply Help In the Select Certificate dialog box select the certificate installed in Section 5 3 and click on ORK Note This new certificate replaces the certificate assigned during Microsoft OCS installation Select Certificate Select the certificate you want to use Intended F Friendly name Expiration Tei Entpool E s Serverclien um 5 2009 SITLCA Server Aut MSOCSENTI 5 15 2009 Server AUE gt Cancel View Certificate RL Reviewed Solution amp Interoperability Test Lab Application Notes 22 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Properties dialog box click on OR msocsent1 sithmns net Properties General IM Conferencing Telephony Conferencing Certificate Server Certificate Specity the certificate to be used for inbound and outbound
4. Conclusion These Application Notes described the configuration procedures for enabling Microsoft Office Communicator MOC clients to place answer hold retrieve transfer and disconnect calls on Avaya Communication Manager phones The integration between MOC clients and Avaya Communication Manager phones was achieved through TR 87 integration between Avaya Application Enablement Services and Microsoft OCS The following was observed from sanity testing of basic telephony functionality On a call between two RCC associated Avaya phones when the call is transferred to an EV client the transfer succeeds but the call is dropped on the RCC client associated with the transferred Avaya phone the call is still up between the transferred phone and EV client 10 Additional References 1 Application Notes for Call Routing Between Avaya Communication Manager and Microsoft Office Communications Server Issue 1 0 September 2007 The following document may be obtained from http support avaya com 2 Avaya MultiVantage Application Enablement Services Administration and Maintenance Guide Release 4 0 1 Issue 7 July 2007 Document Number 02 300357 3 Avaya MultiVantage Application Enablement Services Implementation Guide for Microsoft Live Communications Server Issue 3 July 2007 Document Number 02 601893 The following documents may be obtained from http www microsoft com 4 Microsoft Office Communications Serve
5. CERTIFICATE REQUEST MOTE Pease make a note of Certificate Alas as this value wil be required for menue Certificate Alias aeservercert Certificate Request PEM Utilities Hel In the Microsoft Certificate Services Advanced Certificate Request page click on Submit a certificate request by using a base 64 encoded CMC or PKCS 10 file or submit a renewal request by using a base 64 encoded PKCS 7 file Microsoft Certificate Services SITLCA Home Advanced Certificate Request The policy of the CA determines the types of certificates you can request Click one of the following options to Create and submit a request to this CA Ma GavievanescucashesrelvewesieesscavawesseansenuetscesnsenssedanenacesnucnecrsGstsecesereaceedeessecuececessneaewesiseausencsessesauesaresacesutssccchasevecerasenesececessinweresucmasessubensesssscccesGresneeserscsdsearsceasudreceseuerucinercnsteaceesesaucressceueeniesssesetestsesstessesscexstssscessseesseseessachtetcsesessecesssessecetsevsevsneccscanssscesvecscssstestecarusrseeveesteceresceueesseseeee Submit a certificate request by using a base 64 encoded UMC or PKCS 10 Tile or submit a renewal request by using a base 64 encoded PKCS 7 file Request a certificate fora smart card on behalf of another user by using the smart card certificate enrollment station Note You must have an enrollment agent certificate to submit a request on behalf of another user RL Reviewed Solut
6. Database Certificate Management Base Search DN CheUsers DC sitlhms DC ret TRS Configuration IP Address 135 8 19 100 Active Directory t Dial Plan Status and Control So i User DN for Query Authentication ChEAaministrator CN Users DC sit Confirm Password kakalaka hahaka RL Reviewed Solution amp Interoperability Test Lab Application Notes 31 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the left pane select Dial Plan gt Switch Administration In the Switch Dial Plan Administration page select the switch connection corresponding to the appropriate Avaya Communication Manager and click on Detail BG Application En V AVAYA EE Operations Adn CTI OAM Home You are here gt Administration gt 487 Configuration gt Dial Plan gt Administration t Network Configuration Switch Connections CTI Link Admin DMCC Configuration msavem4 TSAPI Configuration l etall Securty Database Certificate Management TRE Configuration Active Directory Dial Plan Switch Administration ase a See St Switch Dial Plan Administration Administered Switches RL Reviewed Solution amp Interoperability Test Lab Application Notes 32 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 3 In the Dial Plan Settings Conversion Rules page click on Add in the From TelURI section Avaya AE Services uses the From TelURI table to c
7. an RCC associated Avaya phone Verify that the RCC client displays a conversation window for each call and the user can move easily between the conversation windows Verify that call hold retrieve disconnect and transfer operations performed from a RCC client are accurately reflected on the Avaya phone associated with the RCC client Verify that call hold retrieve disconnect and transfer operations performed from an RCC associated Avaya phone are accurately reflected on the RCC client Establish multiple inbound and outbound calls on an RCC associated Avaya phone Verify that the RCC client displays a conversation window for each call and the user can move easily between the conversation windows Establish an IM conversation between two RCC clients and escalate the conversation to a voice call Verify that the call is established successfully on the associated RCC phones Configure an RCC client to forward calls to another destination Avaya phones associated and not associated with RCC clients and EV clients Place inbound calls to the Avaya phone associated with the forwarding RCC client Verify that the calls are forwarded to the correct destinations Verify that the presence status of the RCC client correctly reflects the telephony status in a call or idle of the associated Avaya phone RL Reviewed Solution amp Interoperability Test Lab Application Notes 46 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 9
8. and trailer into the Windows clipboard RL Reviewed Solution amp Interoperability Test Lab Application Notes 28 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the left pane of the Avaya AE Services OAM Web Interface select CTI OAM Admin gt Administration gt Certificate Management gt Server Certificate gt Pending Requests In the Pending Requests Certificate Requests page select the alias for the certificate request created in Steps 3 and click on Manual Enroll Application En Operations Adn You are here gt Administration gt Certificate Management v Administration Pending Server Certificate Requests gt Network Configuration Switch Connections ea Delete TSAPI Configuration Alias Creation Date Security Database aeservercert Wed Sep 05 2007 18 16 31 Certificate Management Server Certificate Pending Requests Default Settings T e rti te TRS Configuration 10 In the Server Certificate Manual Enrollment Request page click on Import z Ap plication En Operations Adn CTI OAM Home You are here gt Administration gt Certificate Management Administrati g ee Server Certificate Manual Enrollment Request Network Configuration Switch Connections t CTI Link Admin t OMEC Configuration TSAPI Configuration Security Database HIIBuDCCasEc agawkTEcMBboGalUE Ax MTh MhdmF le sEuce LObGleLmSldDEOMaws AIUE
9. of Microsoft OCS lt name2 gt is the FQDN of a physical server on which Microsoft OCS is running and lt name3 gt is the FQDN of the Microsoft OCS enterprise pool If there are multiple SIP domains supported on Microsoft OCS or if Microsoft OCS runs on multiple physical servers then append the SIP domains and FQDNs in the manner illustrated above In the example below san dns sip sitlms net amp dns msocsent1 sitlms net amp dns Entpool sitlms net is entered Key Options Create new key set Use existing key set CSP Microsoft Enhanced Cryptographic Provider v1 0 gt Key Usage Exchange foa hin 1024 Sa key Size 1024 a Ea common key sizes 1024 2048 4096 8192 156384 Automatic key container name User specified key container name Mark keys as exportable IM Store certificate in the local computer certificate store Stores the cediicate in the local computer store instead of in the users ceniicate store Does nat Install the root CA s certificate You must be an administrator to generate or use a key in the local machine store Additional Options Request Format CMC PKCS10 Hash Algorithm SHA 1 Only used to sign request l Save request to a file Banidns Ssip sitlms net edns mso Attributes 7 In the Microsoft Certificate Services Certificate Issued page click on Install this certificate Microsoft Certificate Services SITLCA Certificate Issued The certificate you
10. presented in the call alert and added to the MOC Recent Contacts list Application En Operations Adn CTI OAM Home You are here gt Administration gt TRS Configuration gt Dial Plan Administration S Add Dial Plan msavcmi Network Configuration Switch Connections CTI Link Admin MEC Configuration TSAPI Configuration Security Database Maximum Length Certificate Management TRE Configuration Active Directory Delete Length Dial Plan To TelURI Minimum Length Matching Pattern Replacement String Switch Administration In the Add Dial Plan page click on Apply a Application En AVAYA Be Operations Adn GTI OAM Home You are here gt Administration gt TRE Configuration gt Dial Plan Administration ic SOT Add Dial Plan Network Configuration Switch Connections CTI Link Admin DMCC Configuration i TSA amp PT Confiniiration a Warning Are you sure you want to add this Dial Plan The original calling party number sent by Microsoft OCS for such a call may be in fact an E 164 formatted number but the leading is removed by Avaya Communication Manager RL Reviewed Solution amp Interoperability Test Lab Application Notes 39 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 7 Configure Microsoft Office Communications Server This section highlights the Microsoft Office Communications Server OCS configuration for TR 87 integration with
11. right click on the Web Server template and select Duplicate Template EF certtmpl Certificate Templates OF x Gel File Action View Window Help gt a elg yal Certificate Templates Gl Workstation Authentication Windows Server 2003 En Allowed Fe Duplicate Template E c iar ae FaUser All Tasks Mot allowed Ga Trust List Signing aia Mot allowed G Subordinate Certification Properties Mot allowed Gd smartcard User Help Mot allowed Ga Smartcard Logon Windows 2000 Mot allowed RL Reviewed Solution amp Interoperability Test Lab Application Notes 12 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Properties of New Template dialog box select the General tab and enter a descriptive Template display name and Template name Properties of New Template Issuance Requirements Superseded Templates Extensions Security General Request Handling Subject Name Template display name web Server plus Client Authentication Minimum Supported L s Windows Server 2003 Enterprise Edition After vou apply changes to this tab you can no longer change the template name Template name webs erverClientAuthent Validity period Renewal period Publish certificate in Active Directory Bo not automatically reenroll if a duplicate certificate evists inactive Directory careel e _ 5 In the Properties of New Template dialog box select the Request Handling tab and ensure th
12. 1 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC Repeat Steps 3 5 to configure an entry that adds a leading digit to E 164 formatted external numbers and click on Apply Changes The leading digit must be the ARS Access Code configured on Avaya Communication Manager for ARS routing refer to 1 This entry applies to the called number when a RCC client sends a call initiation request to Avaya AE Services where the called number is the E 164 formatted number of an external phone In the example below the entry matches E 164 11 digit numbers that start with 1 and adds a leading 9 Note that since the order of From TelURI entries is significant this entry must be configured and placed after the entries described in Steps 4 8 Application En Operations Adn CTI OAM Home You are here gt Administration gt TRS Configuration gt Dial Plan eee Add Dial Plan msavem1 Network Configuration Switch Connections CTI Link Admin DMEC Configuration TSAPI Configuration Security Database Maximum Length Certificate Management TRE Configuration Active Directory Delete Length Dial Plan From TelURI Minimum Length Matching Pattern Note or 7 Replacement String Switch Administration Default Settings Cancel Changes Note Alternatively RCC clients can dial the ARS Access Code followed by the 11 digit external number without the leading Avaya AE Services would send the r
13. 164 11 digit number Click on OK User Options Telephony Select a telephony option These settings affect only those calls that are routed through IP PS TM or remote call control gateways Enable PC to PC communication only Enable Remote call control Enable Enterprise Voice Enable FES integration Mote To enable both remote call control and PES integration you must specify a Server URI below Policy Default Policy Server URI sip aes msavaes sitlns net Line URI tel 17320823001 Federation Enable federation Enable remote user access Enable public IM connectivity Archiving Archive intemal lH conversations T Archive federated hl conversations Note Archiving settings cannot be changed unless the global setting allows per user configuration M Enable enhanced presence Mote Enhanced presence cannot be changed once it has been set Cancel Help Ea Back in the selected user s Properties dialog box click on OKR Repeat Steps 4 for other users with RCC clients RL Reviewed Solution amp Interoperability Test Lab Application Notes 42 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the left pane of the Microsoft Office Communications Server 2007 MMC snap in expand the Forest node down to the Enterprise Pool level Forest gt Enterprise pools gt lt name of Pool gt right click on Front Ends and select Properties i Mi
14. Avaya AE Services These Application Notes assume that basic Microsoft OCS server installation and configuration have already been performed according to the guidelines provided in 6 7 and 8 These Application Notes further assume that user accounts have been created in Microsoft Active Directory and enabled for Microsoft OCS On the Microsoft OCS server launch the Microsoft Office Communications Server 2007 MMC snap in In the left pane expand the Forest node down to the Users level Forest gt Enterprise pools gt lt name of Pool gt gt Users In the right pane right click on a user and select Properties iv Microsoft Office Communications Server 7007 Heal File Window Help Office Communications Server 2007 SIP URI Eat Forest sitlms net M Enabled Bryan Katz sip bkatz sitIms net Sa Enterprise pools A Enabled Chuck Bertsch sipichuck sitlms met E entpool Enabled David Boyer sip dgboyer sitlms met Enabled Dilbert Engineer sip dilbertm sitins net Enabled Homer Simpson sips homerm sitins met Enabled Lois Griffin cire loic Sith re Configure Users H E Web Conferencing H E Aly Conferencing H web Components J Standard Edition Servers 4rchiving and CDR Servers Marge Simpson Michael Scott Delete users crated wsizaat Move USES __HHSLZDP1 sitinsnet _Autodttendant Unassigned users Enabled MSLZDP 1 ithns net sithns net Autodkbendant gt iati 4 Enable eter Griffin i LSE Ser
15. C 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 5 6 Request and Install Server Certificate on Avaya Application Enablement Services Server This section describes the steps for requesting the server certificate based on the certificate template created in Section 5 2 from the Microsoft Enterprise CA and installing the server certificate on an Avaya AE Services server On the Microsoft OCS server launch a web browser and log into the Avaya AE Services OAM Web Interface In the left pane select CTI OAM Admin gt Administration gt Certificate Management gt Server Certificate In the Server Certificates page click on Add Application En Operations Adn CTI OAM Home You are here gt Administration gt 4dministration 9s SS eee Server Certificates Network Configuration Switch Connections CTI Link Admin view Add Delete DMCC Configuration ees Alias Status Issued To Issued By Expiration Date TSAPI Configuration Security Database Certificate Management Server Certificate Pending Requests Default Settings Trusted Certificate t TRE Configuration RL Reviewed Solution amp Interoperability Test Lab Application Notes 25 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 2 Inthe Add Server Certificate page configure the following and click on Apply Certificate Alias enter a descriptive name Password and Re enter Password enter an arbitrary pas
16. CHMF OX Zhe WVExXDTALBoNVB ASTBFNIVEWNETAPBGNVB be TCExpbrllyb2 ZOMGsw Pending Requests COYDVOOGEWIVUZCBnzaNBokqhkiGowOBAQEF ALOB QdwgYkCgYE ax iVe1MS1qMKkz Default Settings LEGJ 7 ZaunfOosSRVY 6yESeqf4oxS ZyHNOmIDi6PDmlep YOF Zp LhPahMbPadFo aM Trusted Certificate MevdVoytsoftholYr3 on4fVNdocvr3an ThekY jnzO0ylwee Mc YIvwewlb znulskzePt Vee cee gLnpHOLeSN60sq tN B2 21 LCV4rEC awk ALaabMERGCS GS Ih3 DOEJBZEMEwpJ eet SO bnk lemduMTI eMaoccsqGs Ib3 DORBRAUAL4GBABFeSoco Dt Aunt yCOSROfE4YxbP Status and Control TOcOvhsrbdq 1 1a SANE YW17 pLeYCOX3NpeS ZOPMVtOBViid4dacEtGx Tre iqhwds Maintenance E0cmB6t kbrsecwi VabgoTavimkr agpedf ys uVedukJeerv9o dF Db JkbAM ge3x Ae xGROSqx HbHE2 Lbho Logs Utilities Help NOTE Pease make a note of Certificate Ales as this value will be required for manu Certificate Alias aeservercert Certificate Request PEM Server Certificate RL Reviewed Solution amp Interoperability Test Lab Application Notes 29 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Server Certificate Import page enter the same Certificate Alias ensure that the Establish Chain of Trust checkbox is checked paste the copied contents from Step 8 into the Certificate PEM textbox and click on Apply y AVAVA Application En a y Operations Adn CTI OAM Home You are here gt Administration gt Certificate Management Administration Network Configuration Switch Connections
17. CS server After saving navigate to that directory in Windows Explorer right click on the CA certificate chain file and select Install Certificate File Edit wiew Favorites Tools Help Bak E F e Search F gt Folders 3 Ge x le B Address C C Cert Name Date Modified Attributes certnew prt ZEB PKCS 7 Certificates 8 30 2007 4 53 PM A Install Certificate Open with Ej Scan for viruses Send To Cut Copy Create Shortcut Delete Rename Properties RL Reviewed Solution amp Interoperability Test Lab Application Notes 8 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC Description In the Certificate Import Wizard dialog box click on Next Certificate Import Wizard Ea Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust lists and certificate revocation lists From your disk to a certificate store 4 certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections 4 certificate store is the system area where certificates are kept To continue click Mex Cancel In the Certificate Import Wizard dialog box select Place all certificates in the following store and click on Browse Certificate Import Wizard Ea Certificate Store Certificate stores are system areas where certif
18. CS number is already known from an appropriate entry in the From TelURI table see Steps 4 6 To TelURI Minimum Length Maximum Length Pattern Match Delete Length Replacer Edit Delete Reorder RL Reviewed Solution amp Interoperability Test Lab Application Notes 38 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Add Dial Plan To TelURI page configure an entry that adds a leading to non E 164 formatted numbers and click on Apply Changes This entry applies to the calling or called number when Avaya AE Services sends a call notification to a RCC client where the number lacks a leading This can occur when an external phone or EV client calls a RCC client or when the Avaya Communication Manager phone associated with the RCC client dials an external phone After the leading is added the RCC client attempts to resolve the E 164 formatted calling called number to the name of a Microsoft OCS user If the caller or callee is an external phone then the resolution does not return a name The E 164 formatted calling called number is then presented in the call alert and added to the MOC Recent Contacts list The external phone can thus be easily called back using the MOC Recent Contacts list assuming the From TelURI entry in Step 9 has been added If the caller is an EV client then the resolution returns the name of the EV client user The calling user s name is then
19. CTI Link Admin MEC Configuration TSAPI Configuration Security Database Certificate PEM Certificate Management ZaVy ERpH2 4SREM9c2 LObGLIZLERDPWS1aD9jOUN LenRpZmljYER1P27he2U b2dq Server Certificate 2WUNMOO2 xhestsY2 VydeG lmaWhNhdGlybkF ldGhycmloeTRBEBgGgrbgEFBocwiaoY aHRo Pending Requests cDovLe LeYWoxLnaNpdGxteysuzsovoe VydEVucmeshCotceF RNS SeaxsksehsaNubmyo XINIVExDOSS jcnQwDAYDVROTAQH BAIWADALBGNVHOSEBANCBaaWwPAYIEWYBBAGC Default Settings NxUHBCSwLOY LEWYBEAGCNxULhSS K4Ga3 22 FmzEZSMorge 7ICwOFOdsug Wewo1e Trusted Certificate ZRIBAAABQNVHSUEF j AUBGarBQEF BOcDAQY IEwYBBQUHAWIWwJIwYIKWYBBAGCHxUK t TRE Configuration BRBowSDARBQgrbgEFBOcDATAEBGgrbygEFBOcD A ANBgkqhEI GSWOBACUF AAOc AOE A RFOtte yYWGrd LBDoLigqs LNDPRSONSapgsDuctbuyseyve4s6 12whbaYewnhqxd Th N96 Up9RzZunl ZaZND limvwasV4asdvbsGcLSGNuouVuUny VMO xbYZzF aoskdPtatl Maintenance LHIaDbTt HeqbaskGmgs yuoXed 7ahEIni hO2 5a3HpRiihiFTaks2 7Wuhd IWrent Alarms zkaRFuCiTNkn3s4V ol6fLilwH8Qo0uwkStflnyV92 6pPmsnd6lUcKeq4npH3 5Sbbsu Logs uRESEZ GDI Lar skh ewothmgoViltvPH ukpp brikeEtc m Im4GByTOLFSZhbqIiche Utilities INNfei l GNVREZ ReViGko Help Server Certificate Import Certificate Alias aeservercert Establish Chain of Trust Status and Control If the import is successful the message Certificate imported successfully is displayed on the Server Certificate Import page RL Reviewed Solution amp Interoperability Test Lab Applica
20. Desktop Edition licenses if not contact an authorized Avaya account representative to obtain any required licenses Change Password License installed on Jul 30 2007 4 10 32 PM EDT Server Properties gt Manage Users iew Peak Usage Logout z sje License Acquisition Status License acquisition enabled Yes Currently failed over No Licensed Features Feature Expiration Keyword Date Application Enablement Connections VALUE_AEC_CONNECTIONS 2008 01 26 16 s CYLAN Proprietary Links TSAPI Version Not Applications Enablement Connections Not Version 2008 01 26 ital VALUE_4EC_VERSION CVLAN Switch Connections DLG SmallofferTypes 8400 chawk chawk lspjcsi MediumOfferTypes Not 2008 01 26 s8500 s8500_blade m_blade counted LargeOfferTypes sray seagull TSAPI Simultaneous Users VALUE_TSAPI_USERS 2006 01 26 1000 o Unified CC API Desktop Edition VALUE_AEC_UNIFIED_CC_DESKTop 2008 01 26 1000 o Licensed Acquired Product Notes VALUE_NOTES gt RL Reviewed Solution amp Interoperability Test Lab Application Notes 5 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 4 3 TR 87 Port Launch a web browser enter the URL https lt IP address of AE Services server gt 8443 MVAP and log into the Avaya AE Services OAM Web Interface In the left pane select CTI OAM Admin In the left pane of the CTI OAM Home Web Interface select Adminis
21. E Services where the called number is the E 164 formatted number assigned to an EV client The extracted extensions can then be used by Avaya Communication Manager to route the calls to Microsoft OCS according to the routing configuration described in 1 In the example below the entry matches E 164 11 digit numbers that start with 1732883 and deletes the leading six digits to obtain extensions of the form 3xxxx The routing configuration described in 1 routes calls placed to 3xxxx to Microsoft OCS Note that Avaya Communication Manager applies the same routing configuration when RCC clients use extension dialing 1 e dialing 3xxxx to call EV clients Repeat this step as necessary for each range of E 164 formatted numbers assigned to EV clients Th P waya Application En Operations Adn CTI OAM Home You are here gt Administration gt 287 Configuration gt Dial Plan Administration z ee Add Dial Plan msavcemi1 Network Configuration Switch Connections CTI Link Admin OMEC Configuration TSAPI Configuration security Database Maximum Length 41 ahficate Manzgement Matching Pattern tel 1732683 TRE Configuration e Active Directory Delete Length 6 Dial Plan From TelURI Minimum Length 11 Replacement String Switch Administration Default Settinas si Cancel Changes RL Reviewed Solution amp Interoperability Test Lab Application Notes 35 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reser
22. R2 Enterprise Edition Service Pack 2 XP Professional Version 2002 Service Pack 2 Table 1 Equipment Software List RL Reviewed Solution amp Interoperability Test Lab Application Notes 4 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 4 Avaya Communication Manager and Avaya Application Enablement Services Integration These Application Notes assume that basic Avaya Communication Manager and Avaya Application Enablement AE Services administration has already been performed These Application Notes further assume that an AE Services connection and TSAPI CTI link has already been configured and established between Avaya Communication Manager and Avaya AE Services 4 1 Extensions In the sample configuration assume that Avaya Communication Manager phones that are associated with RCC clients are assigned 5 digit extensions that begin with 23 Avaya Communication Manager phones that are not associated with RCC clients are assigned 5 digit extensions that begin with 21 and 22 and Microsoft EV clients are assigned 5 digit extensions that begin with 3 4 2 Avaya AE Services License Launch a web browser enter the URL https lt IP address of AE Services server gt WebLM and log into the Avaya AE Services Web License Manager interface In the left pane under Licensed Products click on Application_Enablement In the right pane verify that there are sufficient Unified CC API
23. Signing Digital Rights Director Service Email Replication Document Signing Embedded Windows System Component Verification Encrypting File System File Recovery IP security end system IP secunty IKE intermediate IP secunty tunnel termination IP security user 11 In the Edit Application Policies Extension dialog box ensure that both Server Authentication and Client Authentication are included in the Application Policies list Click on OKR Edit Application Policies Extension An application policy defines how a certificate can be used Application policies Client Authentication Server Authentication Add Edit Remove Make this extension critical Cancel RL Reviewed Solution amp Interoperability Test Lab Application Notes 16 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 12 In the Properties of New Template dialog box click on OR Properties of New Template General lssuance Requirements Superseded Templates Request Handling Subject Name Extensions Security To modify an extension select it and then click Edit Extensions included in this template Application Policies Certificate Template Information I ssuance Policies Key Usage Description of Key Usage Signature requirements Digital signature Allow key exchange only with key encryption 13 In the Certification Authority MMC snap in expand the Cer
24. at Purpose is set to Signature and encryption Click on CSPs Properties of New Template Issuance Requirements Superseded Templates Extensions Security General Request Handling Subject Hame Purpose Signature and encryption Archive subject s encryption private key 1 Include symmetric algorithms allowed by the subject T Delete revoked or expired certificates do not archive Minimum key size 1024 Allow private key to be exported Do the following when the subject i enrolled and when the private key associated with this certificate is used f Enroll subject without requiring any user input f Prompt the user during enrollment Prompt the user during enrollment and require user input when the private kenis Used To choose which cryptographic service providers CSP should be used click CSPs OF Cancel Apply RL Reviewed Solution amp Interoperability Test Lab Application Notes 13 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the CSP Selection dialog box select Requests must use one of the following CSPs and check the Microsoft Enhanced Cryptographic Provider v1 0 checkbox Click on OR Choose which cryptographic service providers CSF can be used in requests C Requests can use any CSP available on the subject s computer Requests must use one of the following CSPs ESFs Germplus GemSAFE Card CSP 1 0 LJInfineo
25. cation list CRLI orto view the status of a pending request For more information about Certificate Services see Certificate Seraces Documentation Select atask Request a certificate View the status of a pending certificate request aiSeusnbeaseenctereactvcnnsscesesenucessarciiserseses cneeecs Ceaststertwneseveeucacetanccucesieesstessseueccneeatseeanesnarnurcnesceescneceerseterstasctaoeesncesnsteasrceatensy ownload a CA certificate certificate chain or CRL RL Reviewed Solution amp Interoperability Test Lab Application Notes 7 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 3 In the Microsoft Certificate Services Download a CA Certificate Certificate Chain or CRL page select the Current CA certificate of the Microsoft Enterprise CA set Encoding method to Base 64 and click on Download CA certificate chain Microsoft Certificate Services SITLOA Download a CA Certificate Certificate Chain or CRL To trust certificates issued fram this certification authority install this CA certificate chain To download a CA certificate certificate chain or CEL select the certificate and encoding method CA certificate Current SITLCA Encoding method O DER Base 64 Download CA certificate EERE eee rt Download CA certificate chain Download latest base CEL Download latest delta CRL When prompted save the CA certificate chain file to a local directory on the Microsoft O
26. connections on this server Issued to Entpool sitlms net Issued by SITLOA Valid from 737 2007 2 29 PM to 873072003 2 29 PM Select Certificate Delete Certificate Warning This certificate is used by all Office Communications Server roles running on this computer with the exception of the Web Components Server Changing the certificate will have no effect on existing connections i Cancel Apply Help Repeat Steps 1 4 on each Microsoft OCS server in the enterprise pool 5 5 Install Certificate Chain Trusted Certificate on Avaya Application Enablement Services Server This section describes the steps for installing the Microsoft Enterprise CA certificate chain trusted certificate on an Avaya AE Services server On a Microsoft OCS server make a copy of the CA certificate chain file downloaded in Section 5 1 Steps 1 4 Open the copied file with a text editor and replace CERTIFICATE with PKCS in both the header and trailer Copy the entire contents of the modified file into the Windows clipboard RL Reviewed Solution amp Interoperability Test Lab Application Notes SPOC 11 5 2007 23 of 48 2007 Avaya Inc All Rights Reserved OCS ACM RCC 2 On the Microsoft OCS server launch a web browser and log into the Avaya AE Services OAM Web Interface In the left pane select CTI OAM Admin gt Administration gt Certificate Management gt Trusted Certificate In the Trusted Certi
27. crosoft Office Communications Server 200T ea File Window Help Office Communications Server 2007 Flat Forest sitlms net G Enterprise pools VE pool View New Window From Here Standard Edition Selle H Archiving and CDR ERT Be Unassigned users H E Mediation Servers Front Ends Properties Federation Host Authorization Archiving Voce General Routing Compression Authentication Routing Specify static routes for outbound connections Matching URI MextHop Port Trarspot Edit Remove Warning The host address must also be added to the Host Authorization tab OF Cancel Apply Help RL Reviewed Solution amp Interoperability Test Lab Application Notes 43 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Add Static Route dialog box in the Matching URI section enter the FQDN of the Avaya AE Services server for Domain In the Next hop section enter the FQDN of the Avaya AE Services server for FQDN select TLS for Transport and enter the Avaya AE Services TR 87 Port see Section 4 3 for Port Click on OR Add Static Route Matching URI Wildcard characters can be used in the domain names Domain msavaest siti net Phone URI Nest hop FOON msavaes sitins net P address Transport TLS z Fort drza Replace host in request UAI Cancel Help In the Front Ends Properties dialog box select th
28. e Avaya Solution amp Interoperability Test Lab at interoplabnotes list avaya com RL Reviewed Solution amp Interoperability Test Lab Application Notes 48 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC
29. e Certificate Authority CA or from CAs in the same certificate chain In the sample configuration a Microsoft Enterprise CA running on Microsoft Windows Server 2003 serves as the CA for both 5 1 Install Certificate Chain Trusted Certificate on Microsoft OCS Server This section describes the steps for downloading the certificate chain trusted certificate from the Microsoft Enterprise CA and installing the certificate chain on a Microsoft OCS server The certificate chain should actually have already been installed during Microsoft OCS installation this section is provided for reference and completeness On the Microsoft OCS server launch a web browser and enter the URL http lt Name or IP address of Certificate Authority server gt certsrv If prompted for a user name and password enter the credentials of a domain administrator account In the Microsoft Certificate Services Welcome page click on Download a CA certificate certificate chain or CRL Microsoft Certificate Senices SITLCA Welcome Use this Yeb site to request a certificate for your Web browser e mail client or other program By using a certificate you can verify your identity to people you communicate with over the Web sign and encrypt messages and depending upon the type of certificate you request perform other security tasks You can also use this Web site to download a certificate authority CA certificate certificate chain or certificate revo
30. e Host Authorization tab and click on Add Front Ends Properties General Routing Compression Authentication Federation Host Authorization Archiving Voice Specii authorized hosts such as gateways application servers special clients that need additional bandwidth and so forth Outbound Onl Throttle As Se Treat As A Remove OF Cancel Apply Help RL Reviewed Solution amp Interoperability Test Lab Application Notes 44 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Add Authorized Host dialog box in the Server section select FQDN and enter the FQDN of the Avaya AE Services server In the Settings section ensure that the Outbound Only checkbox is unchecked and check the Throttle As Server and Treat As Authenticated checkboxes Click on OR Add Authorized Host Ea msavaest sitlms net T Outbound Only IM Throttle As Server M Treat As Authenticated In the Front Ends Properties dialog box click on OR Front Ends Properties General Routing Compression Authentication Federation Host Authorization Archiving Voice Specii authorized hosts such as gateways application servers special clients that need additional bandwidth and so forth Outbound Onl Throttle As 5e Treat As A meavaes1 sitlns net Mo Add Edit Remove Cancel Apply Help RL Reviewed Solution amp Interoperability Tes
31. emplate dialog box select the Extensions tab In the Extensions included in this template section select Application Policies and click on Edit Properties of New Template General Request Handling Subject Name lssuance Requirements Superseded Templates Extensions Security To modify an extension select it and then click Edit Extensions included in this template Application Policies Certificate Template Information I ssuance Policies I Key Usage Description of Application Policies Server Authentication OF Cancel Apply In the Edit Application Policies Extension dialog box click on Add Edit Application Policies Extension An application policy defines how a certificate can be used Application policies Server Authentication Edit Remove Make this extension critical ik Cancel RL Reviewed Solution amp Interoperability Test Lab Application Notes 15 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 10 In the Add Application Policy dialog box select Client Authentication and click on OK Add Application Policy Ea An application policy called enhanced key usage in Windows 2000 defines how a certificate can be used Select the application policy required for valid signatures of certificates issued by this template Application policies Certiticate Request Agent Client Authentication Code
32. ent V aya Application En Operations Adn CTI OAM Home You are here gt Administration gt TRS Configuration gt Dial Plan Administration S eRe Add Dial Plan msavcmi Network Configuration Switch Connections CTI Link Admin DMCC Configuration TSAPI Configuration Securty Database Maximum Length Certificate Management Matching Pattern an ooa T T TRE Configuration ient Active Directory Delete Length 6 From TelURI Minimum Length Dial Plan Replacement String Switch Administration Default Settings 2 i Cancel Changes Application En Operations Adn CTI OAM Home You are here gt Administration gt TRS Configuration gt Dial Plan Administration E __ Add Dial Plan Network Configuration Switch Connections CTI Link Admin DMCC Configuration E DMCC Configuration Dpply TSAPI Configuration iA i m i Warning Are you sure you want to add this Dial Plan Repeat Steps 3 5 as necessary for each range of E 164 formatted numbers assigned to RCC clients RL Reviewed Solution amp Interoperability Test Lab Application Notes 34 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC Repeat Steps 3 5 to configure an entry that extracts the extensions from the E 164 formatted numbers assigned to the EV clients refer to 1 and Section 4 1 This entry applies to the called number when a RCC client sends a call initiation request to Avaya A
33. es however operation of Avaya SIP telephones is currently not supported RL Reviewed Solution amp Interoperability Test Lab Application Notes 2 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC Both RCC and EV clients are registered with Microsoft OCS which is comprised of one or more of each of the following Front End Servers IM Conferencing Servers Telephony Conferencing Servers A V Conferencing Servers Web Conferencing servers and IIS Servers In the sample configuration of Figure 1 the aforementioned component servers reside on a single physical server in an Microsoft OCS Enterprise Edition EE Consolidated configuration The Microsoft OCS server and Mediation Server are supported by a Microsoft SQL 2005 database server as well as another Microsoft Windows Server running Active Directory AD DNS and Certificate Authority CA servers The Microsoft Exchange 2007 Server is enabled with Unified Messaging and provides e mail voicemail and Auto Attendant services Microsoft AD Microsoft Microsoft OCS EE Microsoft DNS and CA Exchange Consolidated Microsoft SQL Mediation Servers 2007 Server Server 2005 Server Server M 103 0 135 8 19 0 24 120 Prt ea 2 slelslelele es Avaya SIP Enablemen Avaya G350 Media Gateway and Services Server Avaya 8300 Server running Avaya Communication Manager 123 Enterprise IP Network a Oo Avaya Appl
34. esulting dialed 2 digit string as is since the From TelURI table only affects numbers with a leading RL Reviewed Solution amp Interoperability Test Lab Application Notes 37 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Dial Plan Settings Conversion Rules page click on Add in the To TelURI section Avaya AE Services uses the To TelURI table to convert extensions and number strings received from Avaya Communication Manager into formatted numbers that Microsoft OCS recognizes For example when an RCC associated Avaya Communication Manager phone places or receives a call Avaya Communication Manager sends a call notification to Avaya AE Services where the calling and called numbers may be extensions or any number strings An appropriate entry in the To TelURI table can convert the numbers into E 164 formatted numbers or any other formatted numbers that Microsoft OCS recognizes In the sample configuration Microsoft OCS users were all assigned E 164 11 digit numbers If the reformatted calling called number is that of another Microsoft OCS user whether configured for RCC or EV mode then the RCC client can also resolve the number to the calling user s name No explicit To TelURI table entry is necessary for calls where the calling called number is the extension of an RCC associated Avaya Communication Manager phone This is because the mapping between the extension and associated Microsoft O
35. ficates page click on Import Application En Operations Adn CTI OAM Home You are here gt Administration gt Certificate Management gt Trusted Ce Administration p Trusted Certificates t Network Configuration Switch Connections t CTI Link Admin es Peg er a ee Export Delete DMCC Configuration Ean RE Po oaee re E Alias Status Issued To IssuedBy E t Security Database Certificate Management t Server Certificate Trusted Certificate t TRE Configuration avayaprea valid Avaya Product Root CA Avaya Product Root CA Sun Au 3 In the Trusted Certificate Import page enter a descriptive name for Certificate Alias and paste the copied contents from Step 1 into the Certificate PEM textbox Click on Apply Te Application En Operations Adn CTI OAM Home You are here gt Administration gt Trusted Ce Administrati r E Trusted Certificate Import Network Configuration Switch Connections t CTI Link Admin t DMCC Configuration TSAPI Configuration t Security Database Certificate Management t Server Certificate Certificate Alias catrusted Certificate PEM Trusted Certificate t TRE Configuration Status and Control Maintenance If the import is successful the message Certificate imported successfully is displayed on the Trusted Certificate Import page RL Reviewed Solution amp Interoperability Test Lab Application Notes 24 of 48 SPO
36. icates are kept Windows can automatically select a certificate store or you can specify 4 location For Automatically select the certificate store based on the type of certificate Place all certificates in the Following store Certificate shore fo lt Back Nexk gt Cancel RL Reviewed Solution amp Interoperability Test Lab Application Notes 9 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Select Certificate Store dialog box select Trusted Root Certification Authorities and click on OR Select Certificate Store Select the certificate store you wank to use ia 4 T Show physical stores concel_ In the Certificate Import Wizard dialog box click on Next Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location For Automatically select the certificate store based on the type of certificate Place all certificates in the Following store Certificate shore Trusted Root Certification Authorities Browse Cancel RL Reviewed Solution amp Interoperability Test Lab Application Notes 10 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC Description In the Certificate Import Wizard dialog box click on Finish Certificate Import Wizard Completing the Certificate Import Wizard You have succe
37. ication Enablement Services Server Microsoft Office Communicator Clients in EV mode Avaya 4600 Series H 323 and SIP Telephones Microsoft Office Communicator Clients in RCC mode operating Avaya 4600 Series H 323 Telephones Figure 1 Network Configuration RL Reviewed Solution amp Interoperability Test Lab Application Notes 3 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 3 Equipment and Software Validated The following equipment and software were used for the sample configuration provided Equipment amp Software Avaya S8300 Server Avaya Communication Manager 4 0 1 RO14x 00 1 731 2 Avaya G350 Media Gateway Media Gateway Processor 26 33 0 Avaya Application Enablement Services Server 4 0 1 Build 57 0 Avaya SIP Enablement Services Server SES 4 0 0 0 033 6 Avaya 4600 Series H 323 IP Telephones 2 8 4621S W 2 8 4625S W Avaya 4600 Series SIP Telephones 2 2 2 4621S W Microsoft Active Directory DNS Server and 5 2 3790 1830 Certification Authority on Microsoft Windows Server 2003 R2 Enterprise Edition Service Pack 2 Microsoft Exchange 2007 Server on Microsoft Windows Server 2003 R2 Enterprise x64 Edition Service Pack 2 Microsoft Office Communications Server 2007 on Server 2003 R2 Enterprise Edition Service Pack 2 Microsoft SQL 2005 Server on Microsoft Windows Server 2003 R2 Enterprise Edition Service Pack 2 Microsoft Mediation Server on Microsoft Windows Server 2003
38. ion amp Interoperability Test Lab Application Notes 27 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Submit a Certificate Request or Renewal Request page paste the copied contents from Step 3 into the Saved Request textbox select the Certificate Template created in Section 5 2 and click on Submit Microsoft Certificate Services SITLCA submit a Certificate Request or Renewal Request To submit a Saved request to the CA paste a base 64 encoded CMC or PKCS 10 certificate request or PACS 7 renewal request generated by an external source such as a Web server in the saved Request box Saved Request gqLnpHOLe SN 60sqYth B2 Z11CV4rECawEaiaadb Base 64 encoded bnRlemowMNTIeztaoccsqGs Ins DGEBRBAUAASGBABFe certificate request TOcOvhxmbdq11la SdNE U14pLevcox3sNpeSZOPMy CMC or K0emB tXhrsecwe VahgTivimkr a gqpely uvxtiu PECS 10 or xGROSqxHbHf2 Lbbo PKCS 7 Browse for a file to insert Certificate Template Web server plus Client Authentication Additional Attributes Attributes Microsoft Certificate Services SITLCA Certificate Issued The certificate you requested was issued to you C DER encoded or Base 64 encoded Download certificate chain When prompted save the certificate file to a local directory on the Microsoft OCS server After saving open the certificate file with a text editor and copy the entire contents of the certificate file including the header
39. ion gt Dial Plan Administration t Network Configuration Switch Connections CTI Link Admin DMEC Configuration TSAPI Configuration Security Database Certificate Management TRE Configuration Active Directory Dial Plan Switch Administration Default Settings Status and Control Dial Plan Settings Conversion Rules for msavcm1 From TelURI r FF Minimum Length Maximum Length Pattern Match Delete Length Replacer Yr OF Maintenance F Alarms Logs t Utilities RL Reviewed Solution amp Interoperability Test Lab Application Notes 33 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Add Dial Plan From TelURI page configure an entry that converts the E 164 formatted numbers assigned to the RCC clients see Section 7 Step 3 to the corresponding Avaya Communication Manager phone extensions see Section 4 1 and click on Apply Changes This entry applies to the calling number when a RCC client sends a call initiation request to Avaya AE Services and allows Avaya Communication Manager to identify the phone for which the RCC client is placing the call In the example below the entry matches E 164 11 digit numbers that start with 17328823 and deletes the leading six digits to obtain extensions of the form 23xxx Note This entry also applies to the called number if the called number is the E 164 formatted number assigned to another RCC cli
40. line request IP security IKE intermediate Key Recovery Agent Key Recover Agent GARAS and AS Server Chent Authentication Server Authentication Router Offline request Client Authentication Smartcard Logon Client Authentication Smart Card Logon Smartcard User Secure Email Client Authentication Smart Card Logor Eel Trust List Signing Microsoft Trust List Signing Ga ae Da EE easa Client apinan aa E Ga asi Aue nicaion 5 3 Request and Install Server Certificate on Microsoft OCS Server This section describes the steps for requesting the server certificate based on the certificate template created in Section 5 2 from the Microsoft Enterprise CA and installing the server certificate on a Microsoft OCS server On a Microsoft OCS server launch a web browser and enter the URL http lt Name or IP address of Certificate Authority server gt certsrv If prompted for a user name and password enter the credentials of a domain administrator account In the Microsoft Certificate Services Welcome page click on Request a certificate Microsoft Certificate Senices SITLCA Home Welcome Use this Yeb site to request a certificate for your Web browser e mail client or other program By using a certificate you can verify your identity to people you communicate with over the Yeb sign and encrypt messages and depending upon the type of certificate you request perform other security tasks You can also use this Web site to down
41. load a certificate authority CA certificate certificate chain or certificate revocation list RL arto view the status of a pending request For more information about Certificate Services see Certificate Seraces Documentation Select a task Request 4 certificate View the status of a pending certificate request Download a CA certificate certificate chain or CEL RL Reviewed Solution amp Interoperability Test Lab Application Notes 18 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Microsoft Certificate Services Request a Certificate page click on advanced certificate request Microsoft Certificate Services SITLCA Request a Certificate Select the certificate type User Certificate In the Microsoft Certificate Services Advanced Certificate Request page click on Create and submit a request to this CA Microsoft Certificate Services SITLCA Advanced Certificate Request The policy of the CA determines the types of certificates you can request Click one of the following options to APERM EARRA RRENA EARRANN RARAN RARAN KARIN NAARAAN ANANN RNANA RARRA RARAN RN KANAN RNAAN KARAN KARRA RARMARN NNAEN ANANN KARNA KARRA RN RARAN ANNAN NPARN NARAN Create and submit a request to this CA Submit a certificate request by using a base B4 encoded CMC or PKCS 10 file or submit a renewal request by using a base 64 encoded PKCS file Request a certificate fora smart card
42. n SICRYPT Base Smart Card COP L Microsoft Base Cryptographic Provider v1 0 L Microsoft Base D55 and Diffie Hellman Cryptographic Provider Microsoft OH SChannel Cryptographic Provider Microsott Enhanced Cryptographic Provider v1 0 Microsoft Enhanced 055 and Diffie Hellman Cryptographic Prov Microsoft Enhanced ASA and AES Cryptographic Provider Mi Microsoft ASA SChannel Crontaqrankic Provider x Cancel 7 In the Properties of New Template dialog box select the Subject Name tab and ensure that Supply in the request is selected Properties of New Template Issuance Requirements Superseded Templates Extensions Security General Request Handling subject Hame Select this option to allow a yvanety of subject name formats or if you do not have access to the domain of which the subject t a member Autoenrollment i not allowed if you choose this option Build from this Active Directory information Select this option to enforce consistency among subject names and to simplify certificate administration Subject name format None T nelude e mail name in subject name Include this Information in alternate subject name E mail name T ONS name User printcipal name UPN T Service principal name SFM x eae ao RL Reviewed Solution amp Interoperability Test Lab Application Notes 14 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Properties of New T
43. on behalf of another user by using the smart card certificate enrollment station Note You must have an enrollment agent certificate to submit a request on behalf of another user In the Microsoft Certificate Services Advanced Certificate Request page select the Certificate Template created in Section 5 2 and configure the fields in the Identifying Information For Offline Template section For Name enter the FQDN of the Microsoft OCS enterprise pool Microsoft Certificate Services SITLCA Advanced Certificate Request Cerificate Template Web server plus Client Authentication Identifying Information For Offline Template Name Entpool sitlms net E Mail Company Avaya Department SITL City Lincroft state Mew Jersey Country Region us RL Reviewed Solution amp Interoperability Test Lab Application Notes 19 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC Scroll down in the Microsoft Certificate Services Advanced Certificate Request page In the Key Options section select Microsoft Enhanced Cryptographic Provider v1 0 for CSP and check the Store certificate in the local computer certificate store checkbox In the Additional Options section enter a descriptive Friendly Name for the certificate and enter the following without the quotes in the Attributes text box san dns lt namel gt amp dns lt name2 gt amp dns lt name3 gt where lt namel gt is the SIP domain
44. on the same physical Microsoft Windows server or on separate physical servers depending on the desired capacity topology and security Consult 4 and 5 for further details on the Microsoft OCS architecture and deployment options The MOC client is a Microsoft Windows application that allows the user to communicate with other MOC users using any combination of Instant Messaging IM audio and video in both point to point and conferencing scenarios For voice communications each MOC client may be configured as an Enterprise Voice EV or a Remote Call Control RCC client EV mode is configured when the user wants voice calls to be established on the computer on which the MOC client runs whereas RCC mode is configured when the user has an existing PBX phone and wants voice calls to be established on the PBX phone More specifically in EV mode Microsoft OCS handles the user s voice calls whereas in RCC mode the PBX handles the user s voice calls and the MOC client only provides a user interface for operating the PBX phone These Application Notes focus on the RCC clients particularly the configuration required to allow RCC clients to place answer hold retrieve transfer and disconnect calls on Avaya Communication Manager phones The configuration for EV clients as well as for routing calls between EV clients and Avaya Communication Manager phones 1s covered in 1 It should be noted that these Application Notes also assume that the call
45. onvert E 164 formatted numbers in TR 87 requests received from Microsoft OCS into extensions and number strings that Avaya Communication Manager can handle and route For example when an RCC client places a call on behalf of an Avaya Communication Manager phone Microsoft OCS sends a call initiation request to Avaya AE Services The calling number device identifier in the request is the number assigned to the RCC user in Microsoft OCS see Section 7 Step 3 and may be in E 164 format An appropriate entry in the From TelURI table would then be required to extract the extension of the associated Avaya Communication Manager phone from the E 164 formatted number In the sample configuration Microsoft OCS users were all assigned E 164 1 1 digit numbers If the called number in the request is also an E 164 formatted number which commonly occurs when the RCC client places a call using the MOC Contacts list an appropriate entry in the From TelURI table can extract the intended extension and or append routing digits The From TelURI table however does not convert numbers that are not E 164 formatted so Avaya AE Services passes such numbers without modification to Avaya Communication Manager Therefore RCC clients can also dial any extension or number string that Avaya Communication Manager is appropriately configured to handle and route 2 Application En AVAYA PE Operations Adn CTI GAM Home You are here gt Administration gt JTRS Configurat
46. pplication Notes 26 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC In the Server Certificate Manual Enrollment Request page copy the entire contents of the Certificate Request PEM textbox into the Windows clipboard 4 TAN i Application En d AVAYA PE Operations Adn CTI OAM Home You are here gt Administration gt Certificate Management Administration Server Certificate Manual Enrollment Request t Network Configuration Switch Connections t CTI Link Admin t DMCC Configuration TSAPI Configuration Security Database Certificate Management HEGIN CERTIFICATE REQUEST taerer cert heats MHITBubCCasECaGawaTEcMBoGslvEsxMThsNhomF lecEuce LObGlsLmsldDEOnaws a MiALUECHNF OS Zhe WExDTALBGNVEBaASTBFNIVEWXETAPRQNY EB acTCExpbrillyhe Z20Mosw Pending Requests ding Requests COYDVOOGEwIVUsChnzsanbokqghkiGowOBagerF saAonl GawgYkRCq Y EaxlVeilMSlquke Default Settings BILEGI4Xaunt Gos 3RVYo6yESeqt4oxS2yHNOmIDi6PlmUep Yor zp LhFahMbFoaHFog aM Trusted Certificate Mill2vdVoytSthnol Yrs On4atvNdocvFin 7hesYjnzoyWwe2etcuYIv2ulb enulskKzPT qLnpHoOLrst 6o0sqYth Bb2 211CV4rECawE hiaabubeocsgGs Ins DOEJBZENEwpJ i ey Configuration MmmeonklemouNTlenaoccaqes Ibs DOEBBAULASCR ARF esoco DtaumtyCoskofbayebP Status and Control TocOvhxmbdqlla SANEYW14pLeYCOxsNpes ZOPMVtOBViildacEtGx rr 1qumgs Maintenance FO0cmB 6tzbrsecwe VahgoTsivimkr igqpelDl uv eWukJ62FrVv9 dF on IkDaMN qes x Alarms By GRhOSgqxtblte Lbh END
47. r 2007 Technical Overview July 2007 5 Microsoft Office Communications Server 2007 Planning Guide July 2007 6 Microsoft Office Communications Server 2007 Enterprise Edition Deployment Guide July 2007 7 Microsoft Office Communications Server 2007 Enterprise Voice Planning and Deployment Guide July 2007 8 Microsoft Office Communications Server 2007 Administration Guide July 2007 9 Integrating Telephony with Office Communications Server 2007 July 2007 RL Reviewed Solution amp Interoperability Test Lab Application Notes 47 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 2007 Avaya Inc All Rights Reserved Avaya and the Avaya Logo are trademarks of Avaya Inc All trademarks identified by and are registered trademarks or trademarks respectively of Avaya Inc All other trademarks are the property of their respective owners The information provided in these Application Notes is subject to change without notice The configurations technical data and recommendations provided in these Application Notes are believed to be accurate and dependable but are presented without express or implied warranty Users are responsible for their application of any products specified in these Application Notes Please e mail any questions or comments pertaining to these Application Notes along with the full title and filename located in the lower right corner directly to th
48. requested was issued to you a RL Reviewed Solution amp Interoperability Test Lab Application Notes 20 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC Repeat Steps 1 7 on each Microsoft OCS server in the enterprise pool 5 4 Assign Server Certificate to Microsoft OCS Enterprise Pool Server Connections This section describes the steps for assigning the server certificate installed in Section 5 3 to inbound and outbound connections on a Microsoft OCS enterprise pool server On a Microsoft OCS server launch the Microsoft Office Communications Server 2007 MMC snap in In the left pane expand the Forest node down to the Front Ends level Forest gt Enterprise pools gt lt name of Pool gt gt Front Ends right click on the FQDN of a physical server on which Microsoft OCS runs and select Properties Hag Microsoft Office Communications Server 7007 ea File Window Help Office Communications Server 2007 Fl Forest sitins net Validation H Av Conferencing Deactivate a E web Components Certificates E E Standard Edition Servers H E Archiving and COR Servers Start E Unassigned users stop Mediation Servers New Window From Here i i ORA J Live Communications Servel Refresh RL Reviewed Solution amp Interoperability Test Lab Application Notes 21 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 2 In the Properties dialog box click on
49. routing configuration described in 1 has already been implemented since calls between RCC clients and EV clients are functionally equivalent to calls between Avaya Communication Manager phones and EV clients 2 Configuration The sample configuration described throughout these Application Notes is shown in Figure 1 The Avaya 4600 Series H 323 and SIP Telephones are registered with Avaya Communication Manager running on the Avaya S8300 Server and Avaya SIP Enablement Services SES respectively The Avaya Application Enablement AE Services server provides interfaces for CTI applications e g Microsoft OCS to control Avaya Communication Manager elements For voice communications the MOC clients in RCC mode are able to operate Avaya telephones whereas the MOC clients in EV mode are standalone voice endpoints served by Microsoft OCS Users with RCC clients still have the option of placing voice calls to other MOC users directly from their MOC clients 1 e instead of using the MOC client to place the calls from their PBX phones These voice calls always arrive on the called user s MOC client even if the called MOC client is a RCC client This is because such calls are internal to Microsoft OCS and are thus not impacted by the call routing between Microsoft OCS and Avaya Communication Manager Although depicted in Figure 1 as operating Avaya H 323 telephones RCC mode MOC clients can also operate Avaya digital and analog telephon
50. ssfully completed the Certificate Import wizard You have specified the Following settings Certificate Store Selected by User Trusted Root Certific Content PECS 7 Certificates File Manne CH Certicertnew pyb Cancel Repeat Steps 1 9 on each Microsoft OCS server in the enterprise pool RL Reviewed Solution amp Interoperability Test Lab Application Notes 11 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 5 2 Create Certificate Template for Server Certificates The server certificates exchanged between Avaya AE Services and Microsoft OCS must support both Server Authentication and Client Authentication This section describes the steps for creating a certificate template for such server certificates on the Microsoft Enterprise CA 1 On the Microsoft Enterprise CA server launch the Certification Authority Microsoft Management Console MMC snap in Certificate Templates Certificate Templates 2 In the left pane of the Certification Authority MMC snap in expand the Certification Authority node right click on Certificate Templates and select Manage to launch the Certificate Templates MMC snap in 3 Certification Authority File Action View Help St Gain a Issued Certificates Issued Certificates Pending Requests _ Pending Requests Failed Requests of 9 Failed Requests Mew Refresh Help 3 In the right pane of the Certificate Templates MMC snap in
51. sword Distinguished Name enter CN lt FQDN of Avaya AE Services server gt U lt Department gt O lt Company gt L lt City gt S lt State gt C lt Country Region gt Use the same Department Company City State and Country Region values entered in Section 5 3 Step 5 In the example below CN msavaes sitlms net OU SITL O Avaya L Lincroft S New Jersey C US is entered Challenge Password and Re enter Challenge Password enter an arbitrary password Leave the other fields at the defaults NR N Application En i y Operations Adn CTI OAM Home You are here gt Administration gt Administrati p E a Add Server Certificate Network Configuration Switch Connections t CTI Link Admin t DMCC Configuration ISAPI Configuration Security Database Enrollment Method Manual Certificate Management Certificate Key Parameters Server Certificate Pending Requests Default Settings Password PTT Trusted Certificate TRS Configuration E Status and Control Key Size 1024 M Maintenance Certificate Request Parameters T Certificate Alias aeservercert C Create Self Signed Certificate Encryption Algorithm 3DES Re enter Password eeccsccees Certificate Validity Days 1825 Distinguished Name CN msavaes sitlms netOU SITL O Avaya L Lincrat Challenge Password rriiiitii Re enter Challenge Password eesesesese 3 Cancel RL Reviewed Solution amp Interoperability Test Lab A
52. t Lab Application Notes 45 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 8 Verification Steps The following steps may be used to verify the configuration Place outbound calls from a RCC client to Avaya phones associated and not associated with RCC clients EV clients and Microsoft Exchange voicemail access and Auto Attendant using extension dialing Verify that the calls are established successfully on the associated RCC Avaya phones Place outbound calls from a RCC client to Avaya phones associated and not associated with RCC clients EV clients and Microsoft Exchange voicemail access and Auto Attendant using the MOC Contacts list Verify that the calls are established successfully on the associated RCC Avaya phones Establish a call between two RCC associated Avaya phones Verify that both users names are displayed on the RCC clients Establish a call from an Avaya phone to an RCC associated Avaya phone Verify that the calling extension is displayed on the RCC client Establish a call from an EV client to an RCC associated Avaya phone Verify that the name of the calling user is displayed on the RCC client Establish outbound calls from an RCC associated Avaya phone Verify that the calls are accurately reflected on the RCC client Place inbound calls to an RCC associated Avaya phone Verify that the calls can be answered at the RCC client and the phone Establish multiple inbound and outbound calls on
53. tification Authority node right click on Certificate Templates and select New gt Certificate Template to Issue i Certification Authority File RL Reviewed SPOC 11 5 2007 CJ Issued Certificates Pending Requests oo Failed Requests Action View Help am a amp 2 Certification Authority Local HEA SITLCA gad Administrator Basic EFS Computer Kal Directory Email Replication ad Domain Controller EA Domain Controller Authentication el FES Recovery Anant Certificate Template to Issue Revoked Certificates Manage Exchange User oY Subordinate Certification Authority Refresh BA User Export List Gel web Server View Help Solution amp Interoperability Test Lab Application Notes 2007 Avaya Inc All Rights Reserved Intended Purpose Microsoft Trust List Signing Encrypting File Encrypting File System Client Authentication Server Authentication Directory Service Email Replication Client Authentication Server Authentication Client Authentication Server Guthenticatio File Recovery Secure Email Secure Email lt All gt Encrypting File System Secure Email Clien Server Authentication 17 of 48 OCS ACM RCC In the Enable Certificate Templates dialog box select the Certificate Template created in Steps 3 12 and click on OK W Enable Certificate Templates Select one or more Certificate Templates to enable on this Certification Authority IPSec Off
54. tion Notes 30 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 6 Avaya Application Enablement Services TR 87 Configuration This section describes the Active Directory and Dial Plan configuration on Avaya AE Services for TR 87 integration with Microsoft OCS Launch a web browser and log into the Avaya AE Services OAM Web Interface In the left pane select CTI OAM Admin gt Administration gt TR87 Configuration gt Active Directory In the Active Directory Configuration page configure the following and click on Apply Changes e User DN for Query Authentication enter the Distinguished Name DN of an Active Directory user object that has sufficient privileges for accessing Active Directory In the example below the DN of the domain administrator is entered CN Administrator CN Users DC sithns DC net Password and Confirm Password enter the Active Directory password for the user Base Search DN enter a DN that includes all Active Directory users particularly those that are also configured as Microsoft OCS users IP Address enter the IP address of the Active Directory server Port enter 389 Th P KAYA Application En Operations Adn CTI OAM Home You are here gt Administration TRE7 Configuration gt SHAA EE Active Directory Configuration Network Configuration Switch Connections CTI Link Admin OMEC Configuration Password lnesseees TSAPI Configuration r Security
55. tration gt Network Configuration gt Ports In the right pane enable TR 87 Port and click on Apply Changes not shown below l a AVAYA Application Enablement Services Operations Administration and Maintenance POAM Home Help Logout You are here gt Administration gt Network Configuration gt Ports CTI CAM Home Administration Network Configuration Local IP NIC Configuration Ports Switch Connections CTI Link Admin DMCC Configuration TSAPI Configuration Security Database Certificate Management gt TR87 Configuration Status and Control Maintenance Ports CV LAN Port TCP Port 9999 DLG Port TCP Port 5678 vr TSAPI Port TCP Port 450 v CSTA Tlinks Port v TCP Port Min 1050 v TCP Port Max 1065 _ DMCC Server Enabled Disabled Ports On Unencrypted Port Encrypted Port 4722 TR 87 Port 4723 E O H 323 Port TCP Port Min 3000 TAM Mensk KRAwe ANN RL Reviewed Solution amp Interoperability Test Lab Application Notes 6 of 48 SPOC 11 5 2007 2007 Avaya Inc All Rights Reserved OCS ACM RCC 5 Certificates The Avaya AE Services and Microsoft OCS servers must exchange signed server certificates each time a Transport Layer Security TLS enabled TCP connection is initiated between the two servers The certificates must be obtained from the sam
56. ved OCS ACM RCC Repeat Steps 3 5 to configure an entry that extracts the extensions from E 164 formatted numbers corresponding to Avaya Communication Manager phones that are not associated with RCC clients This entry applies to the called number when a RCC client sends a call initiation request to Avaya AE Services where the called number is an E 164 formatted number containing the extension of an Avaya Communication Manager phone that is not associated with an RCC client In the example below the entry matches E 164 11 digit numbers that start with 17328822 and deletes the leading six digits to obtain extensions of the form 22xxx Repeat this step as necessary for each range of E 164 formatted numbers corresponding to Avaya Communication Manager phones that are not associated with RCC clients A z Application En i AVAYA A Operations Adn CTI OAM Home You are here gt Administration gt 487 Configuration gt Dial Plan Se Add Dial Plan msavem1 t Network Configuration Switch Connections CTI Link Admin DMCC Configuration TSAPI Configuration Security Database Maximum Length Certificate Management TRS Configuration Active Directory Delete Length 6 Dial Plan From TelURI Minimum Length Matching Pattern tel 17328822 Mote or Replacement String Switch Administration Default Settings i vancel Changes RL Reviewed Solution amp Interoperability Test Lab Application Notes 36 of 48 SPOC 1
Download Pdf Manuals
Related Search