What do you need our help with?

If you have an Avaya mid-market specific issue. We would love to hear from you.

Post your issue, whatever it may be and we will see what we can do to help. It may be a simple post, it may be a full technical guide.

Thanks!

2 thoughts on “What do you need our help with?

  1. If you have 3rd party certificate purchased and installed on primary IP office, what do we need to do on IP Office secondary server and IP Office Expansion gateways to ensure SIP phones fail over and TLS is maintained

    1. Hi! Great question.
      If you have multiple nodes then each will also need a certificate applying to them. At this point and because you are securing VoIP not just web traffic, you’ll need a UCC cert. These can support multiple entries and domains in the subject alternative name. Allowing for example, primary.letssupportnow.co.uk as the common name and then secondary.letssupportnow.co.uk and ip500.letssupportnow.co.uk in the alternate names as DNS entries. It is important for securing SIP over TLS that you also have the SIP domain listed as an alternate in the cert, letssupportnow.co.uk in this example. This relates to requirements in an RFC and is required by the latest Avaya clients like IX Workplace. Though the IP Office does not check the SIP domain, the clients do.

      For SIP resilience on a server edition or SCN, regardless of TLS each node/IP office needs to have the same SIP domain, for example: letssupportnow.co.uk. this is common to all, with each having their own registrar fqdn. These are populated to the auto-gen 46xxsettings.txt file to tell devices where to send the SIP traffic and registrations. With SIP resilience, the fail over server, determined through the resilience settings in place, will be listed also. Allowing each phone or app to know it’s failover server before an outage occurs.

      Using a UCC cert as described above will meet the requirements needed on each node to support the failover even when TLS is enabled.

      You could also deploy multiple different certificates on each server with the specific servers registrar fqdn as the common name. Just make sure the SIP domain is in the alternate’s and the CA/certificate type supports this. It is best to keep them all from the same CA as then the root CA downloaded to or used by the phones/applications will all be the same and only one will be required.

Leave a Reply

Your email address will not be published. Required fields are marked *