Avaya Aura Presence Services Snap-in Reference

Avaya Inc.

Avaya Aura Presence Services Snap-in Reference

Configuring manual presence state expiration time. ... February 2021. Avaya Aura Presence Services Snap-in Reference.

Avaya Presence Services Snap in Reference R8.1.4 Apr2021
Avaya Aura® Presence Services Snap-in Reference
Release 8.1.x Issue 15
April 2021

© 2015-2021, Avaya Inc. All Rights Reserved. Notice While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing, Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document without the obligation to notify any person or organization of such changes. Documentation disclaimer "Documentation" means information published in varying mediums which may include product information, operating instructions and performance specifications that are generally made available to users of products. Documentation does not include marketing materials. Avaya shall not be responsible for any modifications, additions, or deletions to the original published version of Documentation unless such modifications, additions, or deletions were performed by or on the express behalf of Avaya. End User agrees to indemnify and hold harmless Avaya, Avaya's agents, servants and employees against all claims, lawsuits, demands and judgments arising out of, or in connection with, subsequent modifications, additions or deletions to this documentation, to the extent made by End User. Link disclaimer Avaya is not responsible for the contents or reliability of any linked websites referenced within this site or Documentation provided by Avaya. Avaya is not responsible for the accuracy of any information, statement or content provided on these sites and does not necessarily endorse the products, services, or information described or offered within them. Avaya does not guarantee that these links will work all the time and has no control over the availability of the linked pages. Warranty Avaya provides a limited warranty on Avaya hardware and software. Refer to your sales agreement to establish the terms of the limited warranty. In addition, Avaya's standard warranty language, as well as information regarding support for this product while under warranty is available to Avaya customers and other parties through the Avaya Support website: https://support.avaya.com/helpcenter/ getGenericDetails?detailId=C20091120112456651010 under the link "Warranty & Product Lifecycle" or such successor site as designated by Avaya. Please note that if You acquired the product(s) from an authorized Avaya Channel Partner outside of the United States and Canada, the warranty is provided to You by said Avaya Channel Partner and not by Avaya. "Hosted Service" means an Avaya hosted service subscription that You acquire from either Avaya or an authorized Avaya Channel Partner (as applicable) and which is described further in Hosted SAS or other service description documentation regarding the applicable hosted service. If You purchase a Hosted Service subscription, the foregoing limited warranty may not apply but You may be entitled to support services in connection with the Hosted Service as described further in your service description documents for the applicable Hosted Service. Contact Avaya or Avaya Channel Partner (as applicable) for more information. Hosted Service THE FOLLOWING APPLIES ONLY IF YOU PURCHASE AN AVAYA HOSTED SERVICE SUBSCRIPTION FROM AVAYA OR AN AVAYA CHANNEL PARTNER (AS APPLICABLE), THE TERMS OF USE FOR HOSTED SERVICES ARE AVAILABLE ON THE AVAYA WEBSITE, HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO UNDER THE LINK "Avaya Terms of Use for Hosted Services" OR SUCH SUCCESSOR SITE AS DESIGNATED BY AVAYA, AND ARE APPLICABLE TO ANYONE WHO ACCESSES OR USES THE HOSTED SERVICE. BY ACCESSING OR USING THE HOSTED SERVICE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE DOING SO (HEREINAFTER REFERRED TO INTERCHANGEABLY AS "YOU" AND "END USER"), AGREE TO THE TERMS OF USE. IF YOU ARE ACCEPTING THE TERMS OF USE ON BEHALF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THESE TERMS OF USE. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF

YOU DO NOT WISH TO ACCEPT THESE TERMS OF USE, YOU MUST NOT ACCESS OR USE THE HOSTED SERVICE OR AUTHORIZE ANYONE TO ACCESS OR USE THE HOSTED SERVICE. Licenses THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA WEBSITE, HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO, UNDER THE LINK "AVAYA SOFTWARE LICENSE TERMS (Avaya Products)" OR SUCH SUCCESSOR SITE AS DESIGNATED BY AVAYA, ARE APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC., ANY AVAYA AFFILIATE, OR AN AVAYA CHANNEL PARTNER (AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH AVAYA OR AN AVAYA CHANNEL PARTNER. UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES NOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN AVAYA CHANNEL PARTNER; AVAYA RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE USING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING, DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER REFERRED TO INTERCHANGEABLY AS "YOU" AND "END USER"), AGREE TO THESE TERMS AND CONDITIONS AND CREATE A BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE APPLICABLE AVAYA AFFILIATE ("AVAYA"). Avaya grants You a license within the scope of the license types described below, with the exception of Heritage Nortel Software, for which the scope of the license is detailed below. Where the order documentation does not expressly identify a license type, the applicable license will be a Designated System License as set forth below in the Designated System(s) License (DS) section as applicable. The applicable number of licenses and units of capacity for which the license is granted will be one (1), unless a different number of licenses or units of capacity is specified in the documentation or other materials available to You. "Software" means computer programs in object code, provided by Avaya or an Avaya Channel Partner, whether as stand-alone products, pre-installed on hardware products, and any upgrades, updates, patches, bug fixes, or modified versions thereto. "Designated Processor" means a single stand-alone computing device. "Server" means a set of Designated Processors that hosts (physically or virtually) a software application to be accessed by multiple users. "Instance" means a single copy of the Software executing at a particular time: (i) on one physical machine; or (ii) on one deployed software virtual machine ("VM") or similar deployment. License types Designated System(s) License (DS). End User may install and use each copy or an Instance of the Software only: 1) on a number of Designated Processors up to the number indicated in the order; or 2) up to the number of Instances of the Software as indicated in the order, Documentation, or as authorized by Avaya in writing. Avaya may require the Designated Processor(s) to be identified in the order by type, serial number, feature key, Instance, location or other specific designation, or to be provided by End User to Avaya through electronic means established by Avaya specifically for this purpose. Heritage Nortel Software "Heritage Nortel Software" means the software that was acquired by Avaya as part of its purchase of the Nortel Enterprise Solutions Business in December 2009. The Heritage Nortel Software is the software contained within the list of Heritage Nortel Products located at https://support.avaya.com/LicenseInfo under the link "Heritage Nortel Products" or such successor site as designated by Avaya. For Heritage Nortel Software, Avaya grants Customer a license to use Heritage Nortel Software provided hereunder solely to the extent of the authorized activation or authorized usage level, solely for the purpose specified in the Documentation, and solely as embedded in, for execution on, or for communication with Avaya equipment. Charges for Heritage Nortel Software may be based on extent of activation or use authorized as specified in an order or invoice.

Copyright Except where expressly stated otherwise, no use should be made of materials on this site, the Documentation, Software, Hosted Service, or hardware provided by Avaya. All content on this site, the documentation, Hosted Service, and the product provided by Avaya including the selection, arrangement and design of the content is owned either by Avaya or its licensors and is protected by copyright and other intellectual property laws including the sui generis rights relating to the protection of databases. You may not modify, copy, reproduce, republish, upload, post, transmit or distribute in any way any content, in whole or in part, including any code and software unless expressly authorized by Avaya. Unauthorized reproduction, transmission, dissemination, storage, and or use without the express written consent of Avaya can be a criminal, as well as a civil offense under the applicable law. Virtualization The following applies if the product is deployed on a virtual machine. Each product has its own ordering code and license types. Unless otherwise stated, each Instance of a product must be separately licensed and ordered. For example, if the end user customer or Avaya Channel Partner would like to install two Instances of the same type of products, then two products of that type must be ordered. Third Party Components "Third Party Components" mean certain software programs or portions thereof included in the Software or Hosted Service may contain software (including open source software) distributed under third party agreements ("Third Party Components"), which contain terms regarding the rights to use certain portions of the Software ("Third Party Terms"). As required, information regarding distributed Linux OS source code (for those products that have distributed Linux OS source code) and identifying the copyright holders of the Third Party Components and the Third Party Terms that apply is available in the products, Documentation or on Avaya's website at: https:// support.avaya.com/Copyright or such successor site as designated by Avaya. The open source software license terms provided as Third Party Terms are consistent with the license rights granted in these Software License Terms, and may contain additional rights benefiting You, such as modification and distribution of the open source software. The Third Party Terms shall take precedence over these Software License Terms, solely with respect to the applicable Third Party Components to the extent that these Software License Terms impose greater restrictions on You than the applicable Third Party Terms. The following applies only if the H.264 (AVC) codec is distributed with the product. THIS PRODUCT IS LICENSED UNDER THE AVC PATENT PORTFOLIO LICENSE FOR THE PERSONAL USE OF A CONSUMER OR OTHER USES IN WHICH IT DOES NOT RECEIVE REMUNERATION TO (i) ENCODE VIDEO IN COMPLIANCE WITH THE AVC STANDARD ("AVC VIDEO") AND/OR (ii) DECODE AVC VIDEO THAT WAS ENCODED BY A CONSUMER ENGAGED IN A PERSONAL ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO PROVIDER LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS GRANTED OR SHALL BE IMPLIED FOR ANY OTHER USE. ADDITIONAL INFORMATION MAY BE OBTAINED FROM MPEG LA, L.L.C. SEE HTTP://WWW.MPEGLA.COM. Service Provider THE FOLLOWING APPLIES TO AVAYA CHANNEL PARTNER'S HOSTING OF AVAYA PRODUCTS OR SERVICES. THE PRODUCT OR HOSTED SERVICE MAY USE THIRD PARTY COMPONENTS SUBJECT TO THIRD PARTY TERMS AND REQUIRE A SERVICE PROVIDER TO BE INDEPENDENTLY LICENSED DIRECTLY FROM THE THIRD PARTY SUPPLIER. AN AVAYA CHANNEL PARTNER'S HOSTING OF AVAYA PRODUCTS MUST BE AUTHORIZED IN WRITING BY AVAYA AND IF THOSE HOSTED PRODUCTS USE OR EMBED CERTAIN THIRD PARTY SOFTWARE, INCLUDING BUT NOT LIMITED TO MICROSOFT SOFTWARE OR CODECS, THE AVAYA CHANNEL PARTNER IS REQUIRED TO INDEPENDENTLY OBTAIN ANY APPLICABLE LICENSE AGREEMENTS, AT THE AVAYA CHANNEL PARTNER'S EXPENSE, DIRECTLY FROM THE APPLICABLE THIRD PARTY SUPPLIER. WITH RESPECT TO CODECS, IF THE AVAYA CHANNEL PARTNER IS HOSTING ANY PRODUCTS THAT USE OR EMBED THE H.264 CODEC OR H.265 CODEC, THE AVAYA CHANNEL

PARTNER ACKNOWLEDGES AND AGREES THE AVAYA CHANNEL PARTNER IS RESPONSIBLE FOR ANY AND ALL RELATED FEES AND/OR ROYALTIES. THE H.264 (AVC) CODEC IS LICENSED UNDER THE AVC PATENT PORTFOLIO LICENSE FOR THE PERSONAL USE OF A CONSUMER OR OTHER USES IN WHICH IT DOES NOT RECEIVE REMUNERATION TO: (I) ENCODE VIDEO IN COMPLIANCE WITH THE AVC STANDARD ("AVC VIDEO") AND/OR (II) DECODE AVC VIDEO THAT WAS ENCODED BY A CONSUMER ENGAGED IN A PERSONAL ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO PROVIDER LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS GRANTED OR SHALL BE IMPLIED FOR ANY OTHER USE. ADDITIONAL INFORMATION FOR H.264 (AVC) AND H.265 (HEVC) CODECS MAY BE OBTAINED FROM MPEG LA, L.L.C. SEE HTTP:// WWW.MPEGLA.COM. Compliance with Laws You acknowledge and agree that it is Your responsibility for complying with any applicable laws and regulations, including, but not limited to laws and regulations related to call recording, data privacy, intellectual property, trade secret, fraud, and music performance rights, in the country or territory where the Avaya product is used. Preventing Toll Fraud "Toll Fraud" is the unauthorized use of your telecommunications system by an unauthorized party (for example, a person who is not a corporate employee, agent, subcontractor, or is not working on your company's behalf). Be aware that there can be a risk of Toll Fraud associated with your system and that, if Toll Fraud occurs, it can result in substantial additional charges for your telecommunications services. Avaya Toll Fraud intervention If You suspect that You are being victimized by Toll Fraud and You need technical assistance or support, call Technical Service Center Toll Fraud Intervention Hotline at +1-800-643-2353 for the United States and Canada. For additional support telephone numbers, see the Avaya Support website: https://support.avaya.com or such successor site as designated by Avaya. Security Vulnerabilities Information about Avaya's security support policies can be found in the Security Policies and Support section of https:// support.avaya.com/security. Suspected Avaya product security vulnerabilities are handled per the Avaya Product Security Support Flow (https:// support.avaya.com/css/P8/documents/100161515). Downloading Documentation For the most current versions of Documentation, see the Avaya Support website: https://support.avaya.com, or such successor site as designated by Avaya. Contact Avaya Support See the Avaya Support website: https://support.avaya.com for product or Hosted Service notices and articles, or to report a problem with your Avaya product or Hosted Service. For a list of support telephone numbers and contact addresses, go to the Avaya Support website: https://support.avaya.com (or such successor site as designated by Avaya), scroll to the bottom of the page, and select Contact Avaya Support. Trademarks The trademarks, logos and service marks ("Marks") displayed in this site, the Documentation, Hosted Service(s), and product(s) provided by Avaya are the registered or unregistered Marks of Avaya, its affiliates, its licensors, its suppliers, or other third parties. Users are not permitted to use such Marks without prior written consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the Documentation, Hosted Service(s) and product(s) should be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the Marks without the express written permission of Avaya or the applicable third party. Avaya is a registered trademark of Avaya Inc.

All non-Avaya trademarks are the property of their respective owners. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.

Contents
Chapter 1: Introduction.......................................................................................................... 12 Purpose................................................................................................................................12 Change history......................................................................................................................12
Chapter 2: Overview............................................................................................................... 15 Presence Services overview...................................................................................................15 PS connector.................................................................................................................. 15 Presence Services architecture........................................................................................ 16 New in Presence Services Release 8.1.4................................................................................ 18 New in Presence Services Release 8.1.3................................................................................ 19 New in Presence Services Release 8.1.2................................................................................ 20 New in Presence Services Release 8.1................................................................................... 20 Key features of Presence Services......................................................................................... 21 Feature comparison...............................................................................................................22
Chapter 3: Interoperability..................................................................................................... 24 Avaya Product requirements.................................................................................................. 24 Product compatibility..............................................................................................................24
Chapter 4: Licensing.............................................................................................................. 25 Licensing.............................................................................................................................. 25
Chapter 5: Planning................................................................................................................ 27 Planning checklist..................................................................................................................27 Customer configuration data for Presence Services................................................................. 27 Cluster considerations........................................................................................................... 28 Requirements to resolve IP addresses.................................................................................... 30 FQDN requirements........................................................................................................ 30 DNS requirements...........................................................................................................31 Certificate requirements................................................................................................... 32 Latest software updates and patch information........................................................................ 32
Chapter 6: Deployment...........................................................................................................34 Presence Services single-server deployment...........................................................................34 Checklist for deploying a single-server Presence Services cluster....................................... 34 Presence Services multi-server deployment............................................................................ 49 Checklist for deploying a multi-server Presence Services cluster.........................................50 Specifying the IP addresses of the Session Border Controller or proxy servers for Presence Services cluster load balancing..........................................................................53 Presence Services geographically redundant deployment........................................................ 54 Checklist for deploying geographically redundant Presence Services clusters...................... 54 Administering System Manager LHNR to resolve Presence Services Cluster FQDN to Avaya Breeze® platform Security Module IP address of remote data centers........................ 57

April 2021

Avaya Aura® Presence Services Snap-in Reference

5

Comments on this document? infodev@avaya.com

Contents
Administering geographic-redundant Avaya Breeze® platform cluster to a managed element.......................................................................................................................... 58 Administering Avaya Aura® user for Geographic Redundancy............................................. 59 Administration of Avaya Aura® devices for Geographic Redundancy....................................59 Configuring data center DNS A records for the service FQDN.............................................60 Configuring data center HTTP SRV records for the service FQDNs..................................... 60 Modifying the Avaya Breeze® platform VM hard disk size..........................................................61 Deploying Presence Services on AWS.................................................................................... 62 Checklist for deploying Presence Services on AWS........................................................... 62 Creating CloudFormation templates..................................................................................63 Deploying a single-node CloudFormation stack..................................................................64 Deploying a multi-node CloudFormation stack................................................................... 66 Presence Services multimedia attachment storage configuration...............................................68 Multimedia attachment storage.........................................................................................68 Configuring iSCSI SAN.................................................................................................... 68 Attachment storage for Presence Services deployed on-premise........................................ 69 Attachment storage for Presence Services deployed on Cloud............................................69 About the second virtual hard disk for multimedia attachment storage................................. 69 Checklist for creating a second virtual hard disk.................................................................70 Adding a second virtual hard disk to the virtual machine..................................................... 70 Verifying the second virtual hard disk................................................................................ 71 Restarting the cluster node...............................................................................................72 Verifying the alternate attachment store.............................................................................73 Presence Services uninstallation and deletion......................................................................... 75 Uninstalling a snap-in service........................................................................................... 75 Deleting a snap-in service................................................................................................ 76 Manually deleting the multi-media attachments.................................................................. 77
Chapter 7: Post deployment verification.............................................................................. 78 Verifying that Presence Services snap-in is ready to support Presence and IM...........................78 Presence Services logging.....................................................................................................79
Chapter 8: Upgrade.................................................................................................................81 Upgrading from Presence Services 7.1.x or later to Presence Services 8.0 or later.....................81 Checklist for upgrading a Geographic Redundant deployment.................................................. 82 Disabling access to a data center........................................................................................... 83 Disable DNS......................................................................................................................... 85 Disabling Session Manager....................................................................................................85 Disabling Avaya Breeze® platform cluster running Presence Services........................................85 Enabling access to a data center............................................................................................ 85 Enabling Avaya Breeze® platform cluster running Presence Services........................................ 87 Enabling Session Manager.....................................................................................................87 Enable DNS..........................................................................................................................87 Considerations for upgrading Microsoft Federation deployment to Release 8.1.1........................88
Chapter 9: Administration......................................................................................................89

April 2021

Avaya Aura® Presence Services Snap-in Reference

6

Comments on this document? infodev@avaya.com

Contents
About Presence Services administration................................................................................. 89 Access control policy............................................................................................................. 90
Configuring access control policy......................................................................................91 Collectors............................................................................................................................. 92
AES Collector................................................................................................................. 92 Exchange Collector......................................................................................................... 98 Domino Collector...........................................................................................................108 Federation.......................................................................................................................... 124 About federation............................................................................................................124 Microsoft Real Time Communication (RTC) Federation.................................................... 125 Microsoft federation with external domains...................................................................... 139 Microsoft federation with external domains for multi-user chat support............................... 174 Microsoft federation with internal Avaya Aura domain and external Microsoft domain..........184 Microsoft federation with internal and external domains using inter-PS federation...............187 Microsoft Federation hostname verification......................................................................193 Inter-PS federation........................................................................................................ 195 XMPP federation........................................................................................................... 201 XMPP Federation with Cisco Jabber............................................................................... 217 Spaces Federation........................................................................................................ 225 Interoperability with Avaya Workplace................................................................................... 231 Support for Avaya Workplace Client ...............................................................................231 Avaya Workplace Client authentication configuration........................................................232 User administration........................................................................................................232 Mapping LDAP entry to Presence/IM handle using AADS.................................................235 Conversation and multimedia attachment file configuration............................................... 236 Avaya SBCE configuration for remote users to use Avaya Workplace multimedia messaging.................................................................................................................... 240 IM Blocking in Do Not Disturb state.......................................................................................254 Configuring IM Blocking in Do Not Disturb state............................................................... 255 Inter-domain, inter-tenant, and multi-tenancy Presence and IM .............................................. 256 Inter-Domain Presence and IM....................................................................................... 256 Inter-Tenant Presence and IM........................................................................................ 257 Multi-tenancy................................................................................................................ 257 Message Archiver and SMTP Archiving Service.....................................................................258 Message Archiver..........................................................................................................258 SMTP Archiving Service................................................................................................ 261 Offline IM storage................................................................................................................ 265 Configuring offline IM storage......................................................................................... 266 Port management................................................................................................................267 Changing a service port................................................................................................. 268 Restarting Presence Services........................................................................................ 268 Roster size enforcement...................................................................................................... 270 Configuring Roster limit..................................................................................................271

April 2021

Avaya Aura® Presence Services Snap-in Reference

7

Comments on this document? infodev@avaya.com

Contents
Network Management System..............................................................................................271 Configuring System Manager......................................................................................... 272 Exporting the MIB file.....................................................................................................273 Installing OpenNMS.......................................................................................................274 Starting OpenNMS........................................................................................................ 276 Configuring Linux firewall............................................................................................... 277 Accessing the OpenNMS web console............................................................................277 Importing MIB files into OpenNMS.................................................................................. 277 Modifying OpenNMS event definitions.............................................................................279 Creating OpenNMS node elements.................................................................................280 Testing the OpenNMS installation................................................................................... 281 Viewing the Alarm events in OpenNMS........................................................................... 282
Certificate management....................................................................................................... 283 Adding Subject Alternative Name DNS name to Security Module HTTPS Identify Certificate..................................................................................................................... 283 Add Subject Alternative Name DNS name and Other Name (XMPP Address) to WebSphere Identify Certificate....................................................................................... 284 Exporting Openfire Certificate (Linux)..............................................................................285 Exporting Openfire Certificate (Windows)........................................................................ 286 Importing certificate into Cluster Truststore...................................................................... 286 Importing System Manager root CA certificate into Openfire Truststore (Windows)............. 287 Importing the System Manager Default CA certificate into Microsoft Front End server Trust Store............................................................................................................................ 288 Creating Entity Profile on System Manager......................................................................288 Generating a certificate signing request on the Openfire server.........................................289 Signing the Openfire certificate signing request (CSR) on System Manager....................... 290 Installing the System Manager CA and Signed Openfire Certificate on Openfire................. 291 Retrieving a System Manager CA signed Certificate.........................................................291 Checklist for generating new identity certificate signed by System Manager....................... 292 Creating a Certificate Signing Request............................................................................292 Creating an end entity on System Manager..................................................................... 293 Creating the Signed Identity Certificate using the CSR..................................................... 293 OpenSSL command to view the signed certificate............................................................294 Generating new identity certificate from a third-party CA...................................................295 Presence components and identity certificates.................................................................295 Installing far-end Trust Certificates in Avaya Breeze® platform...........................................297 About issuing distribution point CRL extension.................................................................297
User and device administration.............................................................................................298 Categories of Presence/IM devices.................................................................................299 Checklist for configuring Presence/IM users.................................................................... 300 Configuring Presence/IM routing domain on System Manager.......................................... 301 Assigning Communication Profile Password to a user on System Manager........................ 302 Assigning Avaya Presence/IM communication address to user on System Manager........... 303 Assigning Presence Profile to a user on System Manager................................................ 304

April 2021

Avaya Aura® Presence Services Snap-in Reference

8

Comments on this document? infodev@avaya.com

Contents
Enabling Application Enablement Services collection for a user on System Manager.......... 305 Exporting certificate chain that signs the Session Manager identity....................................305 Importing certificate chain that signs Session Manager identity into device truststore.......... 306 Exporting certificate chain that signs the Presence Services identity..................................307 Importing certificate chain that signs the Presence Services identity into device truststore...308 Checklist for administering Presence and IM on a device..................................................309 User soft delete vs. hard delete.......................................................................................311 User lock and unlock management................................................................................. 311 Manual presence state expiration time............................................................................ 314 Avaya push notification management....................................................................................315 Push notifications.......................................................................................................... 315 Checklist for push notification service configuration..........................................................315 Third-party push notification provider requirements.......................................................... 316 Avaya Cloud account configuration................................................................................. 317 Firewall configuration.....................................................................................................318 Configuring the Avaya Push Notification provider on Presence Services............................ 318 Configuring a third-party push notification provider on Presence Services.......................... 320 Configuring mobile application settings........................................................................... 322 Configuration parameters for iOS applications................................................................. 324 Miscellaneous configuration................................................................................................. 324 Configuring the cluster IP address.................................................................................. 324 Enabling load balancer for Presence Services cluster.......................................................325 Viewing the supplier ID of the Presence Services snap-in service......................................325 Enabling Presence Services admin web GUI................................................................... 325 Accessing the Presence Services software inventory web service..................................... 326 Enabling Presence Services presence and IM support for XMPP clients............................ 327 Enabling SIP call processing time log..............................................................................327 Modifying the SIP subscription or publication expiry time.................................................. 328 Restarting Presence Services........................................................................................ 329 Changing the logging level............................................................................................. 330 Configuring Presence/IM routing domain on System Manager.......................................... 331 Backup and restore............................................................................................................. 332 Backup and restore for cluster database......................................................................... 332 Configuring the backup storage location..........................................................................333 Viewing the backup and restore job status.......................................................................334 Configuring the backup schedule....................................................................................334 Setting up Engagement Designer......................................................................................... 335 Setting up Engagement Designer with Presence Services................................................ 335 Encryption.......................................................................................................................... 337 Enabling message and attachment encryption................................................................. 337 Updating message and attachment encryption key...........................................................338 Disabling message and attachment encryption................................................................ 339 Resetting message and attachment encryption passphrase.............................................. 339

April 2021

Avaya Aura® Presence Services Snap-in Reference

9

Comments on this document? infodev@avaya.com

Contents
Configuring security cipher refresh time interval............................................................... 340
Chapter 10: Performance..................................................................................................... 341 Capacity and scalability specification.................................................................................... 341 Capacity specifications for multimedia messaging..................................................................343
Chapter 11: Security............................................................................................................. 346 Security settings..................................................................................................................346 REST API clients authentication..................................................................................... 346 Extended hostname validation........................................................................................356 Configuring Presence Services security policy................................................................. 357 Setting the communication protocol for XMPP clients to communicate with Presence Services....................................................................................................................... 358 Setting XMPP server-to-server mutual authentication to connect to Presence Services.......358 Enabling or disabling select same site mode....................................................................359
Chapter 12: Troubleshooting............................................................................................... 361 Presence Services alarms....................................................................................................361 Cluster Health Check failed alarms................................................................................. 367 Network outage causes presence to stop working for some or all users................................... 373 Presence and IM fails on SIP endpoints due to the PPM getHomeCapabilities fault.................. 374 Unable to get _People View................................................................................................. 375 Vysper fails to start when no domains are created in System Manager.................................... 375 Presence Services logging...................................................................................................376 Changing the logging level............................................................................................. 376 Repairing replication between Avaya Breeze® platform and System Manager.......................... 377 Verifying that Presence Services snap-in is ready to support Presence and IM.........................377 Presence Services cannot connect to a push notification provider........................................... 379 Geographic Redundancy..................................................................................................... 380 Failure and Recovery.....................................................................................................380
Chapter 13: Resources.........................................................................................................381 Presence Services documentation........................................................................................381 Finding documents on the Avaya Support website........................................................... 382 Accessing the port matrix document................................................................................382 Avaya Documentation Center navigation......................................................................... 383 Training.............................................................................................................................. 384 Viewing Avaya Mentor videos...............................................................................................384 Support.............................................................................................................................. 385 Using the Avaya InSite Knowledge Base......................................................................... 385
Appendix A: CLI commands................................................................................................ 386 presAlarmTest..................................................................................................................... 386 presBuildAttachmentDisk..................................................................................................... 387 presCleanup....................................................................................................................... 387 presClients......................................................................................................................... 388 presCollectMetrics...............................................................................................................390 presGraphMetrics................................................................................................................392

April 2021

Avaya Aura® Presence Services Snap-in Reference

10

Comments on this document? infodev@avaya.com

Contents
presHealthCheck.................................................................................................................393 presLog.............................................................................................................................. 394 presMsgStorageStat............................................................................................................ 395 presStatus.......................................................................................................................... 395 presUnlock......................................................................................................................... 397 smgrPresenceUserAccessControl........................................................................................ 397
Creating a user level access control................................................................................398 Deleting a user level access control................................................................................ 399 Viewing a user level access control.................................................................................399 Glossary.................................................................................................................................400

April 2021

Avaya Aura® Presence Services Snap-in Reference

11

Comments on this document? infodev@avaya.com

Chapter 1: Introduction

Purpose
This document describes tested Avaya Aura® Presence Services characteristics and capabilities, including feature descriptions, interoperability, performance specifications, security and licensing requirements. This document also contains Presence Services installation, configuration, administration, and basic maintenance checklist and procedures.
This document is intended for people who need to install, configure, and administer the Presence Services snap-in. This document contains specific information about this snap-in. For an overview of the Avaya Breeze® platform, see the Avaya Breeze® platform Overview and Specification. For general information about Avaya Breeze® platform snap-in deployment, see Quick start to Deploying Avaya Breeze® platform.

Change history

Issue 15

Date April 2021

14

February 2021

Summary of changes In Release 8.1.4, added the following sections: · Capacity specifications for multimedia messaging · presMsgStorageStat · Enabling or disabling select same site mode In Release 8.1.4, updated the following sections: · Configuring auto-close and auto-discard for inactive and closed
conversations and deleting old messages · Message Archiver · Enabling message archiving · Enabling Enterprise Basic authentication to authenticate REST API
clients Updated the following section: · Checklist for integrating AE Services with Presence Services.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

12

Comments on this document? infodev@avaya.com

Issue 13

Date January 2021

12

December 2020

11

Novermber 2020

10

October 2020

9

October 2020

8

June 2020

7

May 2020

Change history
Summary of changes Updated the following section: · Upgrading from Presence Services 7.1.x or later to Presence
Services 8.0 or later. Updated the following sections: · Checklist for integrating AE Services with Presence Services · Importing certificate chain that signs Session Manager identity into
device truststore Updated the "Checklist for deploying Presence Services on AWS" section. NextPlane is no longer supported. Removed references to NextPlane from this document. In Release 8.1.3, added the following sections: · Exporting certificates from Microsoft Office 365 · Configuring Exchange Collector to use Office 365 with basic
authentication · Configuring Exchange Collector to use Office 365 with OAuth
authentication type · Encryption · Enabling message and attachment encryption · Updating message and attachment encryption key · Disabling message and attachment encryption · Resetting message and attachment encryption passphrase · Configuring security cipher In Release 8.1.3, updated the following sections: · Microsoft Real Time Communication (RTC) Federation In Release 8.1.3, replaced instances of Lync with Skype for Business (S4B) Updated the following sections for a multi-node: · FQDN requirements · DNS requirements Updated Note in the "Offline IM storage" section.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

13

Comments on this document? infodev@avaya.com

Introduction

Issue 6

Date March 2020

5

January 2020

4

October 2019

3

August 2019

2

August 2019

1

June 2019

Summary of changes In Release 8.1.2, added the following sections: · Importing certificate in Avaya Breeze® platform
· Exporting certificates from Microsoft Office 365
· Configuring Office 365
· Manual presence state expiration time
· Configuring manual presence state expiration time
In Release 8.1.2, updated the following section:
· Configuring AES Collector Updated the following sections:.
· Checklist for deploying a multi-server Presence Services cluster
· Creating and installing the identity certificate used by Avaya Session Border Controller for Enterprise
Changed the version number to Release 8.1.1 for the following sections:
· Upgrading from Presence Services 7.0.x or later to Presence Services 8.1.1
· Considerations for upgrading Microsoft Federation deployment to Release 8.1.1
· Support for Avaya Workplace Client
Updated the "Key features of Presence Services" section.
Replaced "Creating PPM mapping profile for System Manager and Presence Server" section with the following sections:
· Creating standard PPM mapping profiles
· Standard PPM mapping profiles field descriptions
· Creating custom PPM mapping profiles
· Custom PPM mapping profiles field descriptions Updated the following sections:
· Checklist for integrating AES with Presence Services
· Configuring data center HTTP SRV records for the service FQDNs
· Cluster considerations Created the "Mapping LDAP entry to Presence/IM handle using AADS" section.
Renamed the "LDAP configuration for an Avaya Workplace Client client" section to "User administration" and updated. Release 8.1.

April 2021

Avaya Aura® Presence Services Snap-in Reference

14

Comments on this document? infodev@avaya.com

Chapter 2: Overview

Presence Services overview
Avaya Aura® Presence Services indicates the presence of a user through the presence states, such as Busy, Away, or Do Not Disturb. The presence is an indication of the availability of the user and the readiness to communicate across services, such as telephony, instant messaging (IM), and video.
The presentity is the visibility of a user on a shared communication network. The users who are a part of the presentity group have access to the presence status of another user. A watcher is a user who monitors the presentity of another user. The watcher must subscribe to Presence Services to receive presence updates for a presentity.
Presence Services supports collecting presence information from diverse sources. This information is aggregated for a user and then made available to the presence-aware applications. When an application subscribes to Presence Services, the application receives presence change notifications that contain the aggregated presence for a user and the communication resources available to the user. By using this information, the application can provide a visual indication about the presence of the user.
Presence Services is compatible with the client software from Microsoft®, IBM® Domino®, and open source. Users can utilize the following collectors to use the core Presence Services capabilities with other presence sources:
· AES collector: To collect telephony presence information from devices that are not presence capable, such as H323, DCP, and SIP endpoints administered as OPTIM extensions.
· Exchange collector: To collect the calendar and out-of-office information from Exchange mailboxes.
· Domino collector: To collect the calendar and out-of-office information from Domino mailboxes.
PS connector
PS connector is an Avaya Breeze® platform snap-in service used by other Avaya Breeze® platform applications. When PS connector is enabled, other application running on the same Avaya Breeze® platform cluster can get or set the presence status of a provisioned user using PS connector.

April 2021

Avaya Aura® Presence Services Snap-in Reference

15

Comments on this document? infodev@avaya.com

Overview
PS connector can run on either of the following clusters: · Co-resident Avaya Breeze® Core Platform cluster where Presence Services run. · Separate Avaya Breeze® cluster, which can be either Core Platform or General Purpose cluster.
Presence Services architecture

Figure 1: Avaya Breeze® platform architecture

April 2021

Avaya Aura® Presence Services Snap-in Reference

16

Comments on this document? infodev@avaya.com

Presence Services overview

Figure 2: Presence Services snap-in architecture

April 2021

Avaya Aura® Presence Services Snap-in Reference

17

Comments on this document? infodev@avaya.com

Overview

Figure 3: Client Connectivity to Presence Services cluster
New in Presence Services Release 8.1.4
Presence Services Release 8.1.4 supports the following new features and enhancements: Select same site mode With Release 8.1.4, Presence Services enables you to define the same site modes. Delete old messages With Release 8.1.4, Presence Services allows you to delete the old messages from the conversation history. Message archiving With Release 8.1.4, Presence Services lets you upload the attachments associated with the IMs to the SFTP server.

April 2021

Avaya Aura® Presence Services Snap-in Reference

18

Comments on this document? infodev@avaya.com

New in Presence Services Release 8.1.3
Maximum threshold With Presence Services Release 8.1.4, when the message capacity reaches the maximum threshold of 95%, system deletes the oldest messages until the lower threshold for message capacity is reached. The lower threshold for message capacity is 92%. Message storage capacity With Release 8.1.4, Presence Services displays the message storage capacity parameters for the system and the current count of messages in the cluster.

New in Presence Services Release 8.1.3

Presence Services Release 8.1.3 supports the following new features and enhancements: OAuth support for Office 365 With Presence Services Release 8.1.3, Exchange Collector provides the ability to use OAuth for authentication with Office 365. Messaging Security Enhancement With Release 8.1.3, Presence Services encrypts the messages and attachments that you share with others to make them more secured. The encrypted messages and attachments are secured with a passphrase and only the recipient has the special key to unlock and read them. Multiple Front End Pools of Skype for Business Servers With Release 8.1.3, Presence Services supports multiple Front End pools of Skype for Business servers for presence federation. Microsoft Active Directory 2019 With Release 8.1.3, Presence Services supports Microsoft Active Directory 2019. Font and Color support within text messages for Windows With Presence Services Release 8.1.3, font and color support within text messages is added for Windows the same way in which it is already supported for Mac and IOS Android. Supported upgrade paths The supported upgrade paths for Presence Services Release 8.1.3 are:

Release 8.1.2 8.1.1 8.1 8.0.x 7.1.x

Requirement Direct upgrade to 8.1.3 Direct upgrade to 8.1.3 Direct upgrade to 8.1.3 Direct upgrade to 8.1.3 Direct upgrade to 8.1.3

April 2021

Avaya Aura® Presence Services Snap-in Reference

19

Comments on this document? infodev@avaya.com

Overview

New in Presence Services Release 8.1.2

Presence Services Release 8.1.2 supports the following new features and enhancements: Manual presence state expiration time Presence Services Release 8.1.2 lets you define the expiration period of presence state that is set manually. Support for devices that do not support registration events The Default On-Hook State attribute allows you to configure the on-hook state of devices that are not supporting the registration events. Support for Office 365 Presence Services Release 8.1.2 supports Microsoft Office 365. Supported upgrade paths The supported upgrade paths for Presence Services Release 8.1.2 are:

Release 8.1.1 8.1 8.0.x 7.1.x

Requirement Direct upgrade to 8.1.2 Direct upgrade to 8.1.2 Direct upgrade to 8.1.2 Direct upgrade to 8.1.2

New in Presence Services Release 8.1
Presence Services Release 8.1 supports the following new features and enhancements: Enhancements to Avaya Workplace Client authentication Avaya Workplace Client clients uses OAuth2 (JWT) authentication mechanism to authenticate with Presence Services to use the services provided by Presence Services. Support to share multimedia attachments In Presence Services Release 8.1, Inter-PS federated Avaya Workplace Client users can share multimedia attachments. Support to archive Multimedia Messaging conversations The SMTP Archiving Service archives Multimedia Messaging conversations to an SMTP server. Supported upgrade paths The supported upgrade paths for Presence Services Release 8.1 are:

April 2021

Avaya Aura® Presence Services Snap-in Reference

20

Comments on this document? infodev@avaya.com

Release 8.0.x 7.1.x 7.0.1.x 7.0.0.x

Key features of Presence Services
Requirement Direct upgrade to 8.1. Direct upgrade to 8.1. Direct upgrade to 8.1. Direct upgrade to 8.1.

Key features of Presence Services
Presence Services support:
· Presence aggregation service that collects the presence information from Avaya and thirdparty sources and distributes the presence information to the Avaya tools.
· Aggregation of presence information from a variety of Avaya endpoints, including Avaya Workplace Client clients.
· Presence model that uses rules in an algorithm to arrive at an aggregated presence for a user.
· Protocols such as SIP and XMPP. These protocols enable Presence Services to aggregate and federate presence with major IM and messaging solutions and a number of userproductivity tools.
· Architectural design that improves network traffic management. To reduce traffic on the network, Presence Services uses server-to-server updates to collect and publish presence information.
· Supports robustness. 9600 Series IP Deskphones Release 6.5 and 7.0, Avaya one-X® Communicator Release 6.2, Avaya Workplace Client for Windows, and Avaya Workplace Client for iPad support this Presence Services feature.
· Up to 2048 characters for Extensible Messaging and Presence Protocol (XMPP) IM.
· Presence Services supports the following IM services. IM services allow users to exchange messages in various formats like text, image, voice, and video.
- Point-to-point IM between users.
- IM conversation status indication. For example, if the other user is typing a response, chat window displays an indication that the other user is typing a message.
- Multi-user chat.
- IM to federated users like XMPP and Microsoft RTC (Skype for Business).
- A user to log into multiple devices simultaneously. A user can log into multiple devices using the Multi-Device Access (MDA) feature. This is similar to placing all endpoints of the parties in a chat room.
- Storing of messages when user is offline.

April 2021

Avaya Aura® Presence Services Snap-in Reference

21

Comments on this document? infodev@avaya.com

Overview
- Sharing of multimedia message attachments. - Message archiving to keep a record of conversations for future reference. - Suspending of message and notifications delivery during the Do Not Disturb (DND) state. - Multi-tenant communication control. - Clustered deployment. - Multi-cluster deployments and auto-federation between clusters.

Feature comparison

The following table summarizes the operational and functional changes in the Presence Services releases.

Feature Apple Push Notification service (APNs) Access control lists AES collector Exchange collector Domino collector Microsoft Real Time Communication federation Inter-PS federation XMPP federation Spaces federation Simple authentication and security layer IM blocking in Do Not Disturb state Instant message broadcast Interoperability with Avaya Multimedia Messaging Inter-domain presence Inter-tenant communication control Multi-tenancy Message archiver Offline IM storage Avaya Solutions Platform servers KVM IPv6 Extended hostname validation

Release 7.1.x N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

Release 8.0.x Y Y Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y

R 8.1.x Y Y Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

22

Comments on this document? infodev@avaya.com

Feature Microsoft Office 365 Message Security Multiple Front End pools Microsoft Active Directory 2019

Feature comparison

Release 7.1.x Release 8.0.x

R 8.1.x Y Y Y Y

April 2021

Avaya Aura® Presence Services Snap-in Reference

23

Comments on this document? infodev@avaya.com

Chapter 3: Interoperability

Avaya Product requirements

Avaya product
Avaya Aura® System Manager
Avaya Breeze® platform
Avaya Aura® Session Manager
Avaya Aura® Communication Manager
Avaya Aura® Application Enablement Services
Avaya one-X® Client Enablement Services
Avaya Aura® Device Services

Minimum supported version 8.1.2 3.7 7.1.3 7.1.3
7.1.3
6.2.4
7.1.6

Product compatibility
For the latest and most accurate compatibility information, go to https://support.avaya.com/ CompatibilityMatrix/Index.aspx.

April 2021

Avaya Aura® Presence Services Snap-in Reference

24

Comments on this document? infodev@avaya.com

Chapter 4: Licensing

Licensing
Presence Services snap-in does not require a license to work, except for the following enhanced feature:
· Publish status to Microsoft RTC
If the Presence Services Enhanced snap-in is not installed, the enhanced features are disabled.
To enable the enhanced features, you must install Presence Services Enhanced snap-in and license file. For more information about installing Presence Services snap-in service and Presence Services Enhanced snap-in service, see "Loading the Presence Services snap-in" and "Installing a Presence Services snap-in" sections. For license file installation, you must activate and download the Presence Services Enhanced license file from Avaya PLDS and install the license file on System Manager WebLM.
Avaya enforces the service major version matching between the Presence Services snap-in and Presence Services Enhanced snap-in services. For example, the following Presence Services release 8 snap-in installation is supported.
A single license file supports the current version of the snap-in. For every major release of the snap-in, a new license file is required. For this reason, different versions of the snap-in might be in different license modes.
Avaya provides a 30­day grace period from the time a license error is first detected. When the error is detected, the snap-in enters license error mode and a major alarm is raised, but the enhanced feature remains fully functional. This provides enough time to fix the error before the snap-in stops working. You can view the license mode of the snap-in on the Avaya Breeze® platform Service Management page.
The license modes are:
· Normal -- No license error is detected. Indicated by a Green check mark on the Service Management page.
· Error -- There is a license error, but the enhanced feature continues to operate normally. Indicated by a yellow caution icon on the Service Management page. The Service Management page also shows the date when the 30-day grace period expires. Avaya Breeze® platform raises a major alarm when the snap-in enters license error mode.

April 2021

Avaya Aura® Presence Services Snap-in Reference

25

Comments on this document? infodev@avaya.com

Licensing
· Restricted -- There is a license error, and the 30­day grace period has expired. Indicated by a Red cross mark on the Service Management page. The Presence Services Enhanced snap-in automatically uninstalls and the enhanced features stop operating. Avaya Breeze® platform raises a critical alarm when the snap-in enters license restricted mode. To correct this problem, you might need to get a license file if you don't have one, or update to a license file for the matched major release.
Related links Installing a Presence Services snap-in on page 47 Loading the Presence Services snap-in on page 47

April 2021

Avaya Aura® Presence Services Snap-in Reference

26

Comments on this document? infodev@avaya.com

Chapter 5: Planning

Planning checklist

No.

Task

Notes

1

Keep the Key customer

configuration information ready

2

Verify the Cluster considerations

for deployment

3

Verify the licensing requirements

4

Download the latest software

updates and patch information

5

Check the available ports

Customer configuration data for Presence Services

Record the information in the following worksheet. These values need to be entered when deploying Presence Services.

No. Requirement 1 Location of Avaya Breeze® platform OVA 2 Avaya Breeze® platform Virtual Machine name 3 Avaya Breeze® platform Profile type 4 Avaya Breeze® platform Virtual Machine
hostname 5 Avaya Breeze® platform Management Module IP
address 6 Network mask for Avaya Breeze® platform
management network interface
7 Default gateway IP address
8 DNS domain

Value

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

27

Comments on this document? infodev@avaya.com

Planning

No. Requirement 9 Primary DNS server IP address 10 Secondary DNS server IP address (optional) 11 HTTP Proxy (optional) 12 Primary NTP server IP address 13 Secondary NTP server IP address (optional) 14 Login ID for customer account 15 Password for customer account 16 System Manager IP address 17 System Manager enrollment password 18 Avaya Breeze® platform SIP Entity name 19 Avaya Breeze® platform Security Module IP
address 20 Session Manager SIP Entity name 21 Avaya Breeze® platform Cluster name 22 Avaya Breeze® platform Cluster IP address 23 Location of the Presence Services SVAR 24 Presence Services Cluster SIP Entity name 25 Presence Services Cluster FQDN 26 Name of Entity Link between Avaya Breeze®
platform and Session Manager 27 Name of Entity Link between Presence Services
Cluster SIP Entity and Session Manager

Value

Cluster considerations
You can deploy Presence Services as a single virtual machine (VM) cluster or a multiple VM cluster. Before deploying Presence Services, consider the following:
· Single-VM cluster always runs in non-HA mode. · Multi-VM cluster always runs in HA mode. Non-HA multi-VM clusters are not supported. · A cluster accommodates a maximum of 10 VMs. All VMs in the cluster must have the same
Avaya Breeze® platform profile. Refer to the following tables for possible deployments. · The number of required VMs depends on the number of presence-enabled users that the
cluster hosts. For more information, see "Capacity and scalability specification." · Avaya Breeze® platform Release 3.5 supports five VM profiles. Each VM profile can have
different allocations of CPU, memory, and disk space.
During Avaya Breeze® platform deployment, you must select Avaya Breeze® platform 3.5 or later with any profile from 3 through 5.

April 2021

Avaya Aura® Presence Services Snap-in Reference

28

Comments on this document? infodev@avaya.com

Cluster considerations

Note:
You can deploy Presence Services 8.1 only on Avaya Breeze® platform 3.6 or later. Presence Services supports only profiles 3 to 5 of Avaya Breeze® platform 3.6 or later. For more information, see Deploying Avaya Breeze® platform.
- If Presence Services is the only snap-in deployed on the cluster, select the Avaya Breeze® platform profile based on the number of users that you want to host on this cluster. After you deploy the Avaya Breeze® platform profile, you must modify the hard disk size that is allocated to each Avaya Breeze® platform VM within the cluster.
- Ensure that the hard disk size is the same for each Avaya Breeze® platform VM within the cluster. For more information, see "Modifying the Avaya Breeze® platform VM hard disk size."

- If you are deploying the OVA by using the SDM, then you do not need to perform this step.
· The Number of users service attribute is used to define the capacity of the cluster. While configuring this attribute, you must specify the expected number of presence-enabled users on the cluster with adequate resources to service the users. For information about administering the number of users, see "Configuring number of users for a Presence Services cluster."

Changing this value requires a restart of the entire cluster, resulting in a service outage.
The following table summarizes the resource allocations of the different Avaya Breeze® platform profiles:

Avaya Breeze® platform profile 1 2 3 4 5

Number of vCPUs CPU Reservation (Mhz)

Not supported by Presence Services.

Not supported by Presence Services.

6

14400

8

19200

12

28000

Memory (GB)
10 16 27

Disk Space (GB)
150 300 500

The following table summarizes the possible deployments based on the planned number of users:

Note: Multi-node and highly-available (HA) deployments are supported only on Profile 5.

Planned Number of users
1000 5000 11,000 22,000

Number of VMs in a non-HA deployment
1 1 1 Not supported

Number of VMs in an HA deployment
Not supported Not supported 2 3

Minimum Avaya Breeze® platform profile
3
4
5
5
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

29

Comments on this document? infodev@avaya.com

Planning

Planned Number of users
33,000 44,000 55,000 65,000 75,000 84,000 168,000 250,000

Number of VMs in a non-HA deployment
Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported

Number of VMs in an HA deployment
4 5 6 7 8 9 18 (two 9-VM clusters) 27 (three 9-VM clusters

Minimum Avaya Breeze® platform profile 5 5 5 5 5 5 5 5

Related links Modifying the Avaya Breeze platform VM hard disk size on page 61 Configuring number of users for a Presence Services cluster on page 48 Capacity and scalability specification on page 341

Requirements to resolve IP addresses
This section provides information about the requirements to resolve IP addresses for: · FQDN · DNS · Certificates
FQDN requirements
Following are the FQDN requirements: · Asset FQDN must be <mgmt hostname>­sm100.<mgmt domain> · Services FQDN must be equal to Asset FQDN in a single-node configuration · Services FQDN must be equal to Cluster Load balancer FQDN in a multi-node configuration · Cluster load balancer FQDN domain and Asset FQDN domain must have common root (beyond the top level domain) to allow for appropriate generation of the Domain Attribute in the server supplied cookies
Example For a single-node:
· Breeze One Mgmt IP: 192.0.2.10

April 2021

Avaya Aura® Presence Services Snap-in Reference

30

Comments on this document? infodev@avaya.com

Requirements to resolve IP addresses
· Breeze One Mgmt FQDN: breeze_one.west.company.com · Breeze One Asset IP: 198.51.100.10 · Breeze One Asset FQDN: breeze_one-sm100.west.company.com · PS Cluster FQDN: breeze_one-sm100.west.company.com · Services FQDN: breeze_one-sm100.west.company.com For a multi-node: · Breeze One Mgmt IP: 192.0.2.10 · Breeze One Mgmt FQDN: breeze_one.west.company.com · Breeze One Asset IP: 198.51.100.10 · Breeze One Asset FQDN: breeze_one-sm100.west.company.com · Breeze Two Mgmt IP: 192.0.2.11 · Breeze Two Mgmt FQDN: breeze_two.west.company.com · Breeze Two Asset IP: 198.51.100.11 · Breeze Two Asset FQDN: breeze_two-sm100.west.company.com · PS Cluster FQDN: breeze_ps.west.company.com · Cluster LB FQDN: breeze.west.company.com · Cluster IPv4: 198.51.100.9 · Services FQDN: breeze.west.company.com
DNS requirements
Following are the DNS requirements: · Asset IP must resolve to Asset FQDN only · Asset FQDN must resolve to Asset IP address · PS Cluster FQDN must resolve to all Asset IP addresses · Cluster Load balancer FQDN must resolve to Cluster IP · Service FQDN must resolve to either Cluster Load Balancer IP (multi-node) or Asset IP (single-node)
Example For a single-node:
· breeze_one.west.company.com A 192.0.2.10 · breeze_one-sm100.west.company.com A 198.51.100.10 · 198.51.100.10 PTR breeze_one-sm100.west.company.com

April 2021

Avaya Aura® Presence Services Snap-in Reference

31

Comments on this document? infodev@avaya.com

Planning
For a multi-node: · breeze_one.west.company.com A 192.0.2.10 · breeze_one-sm100.west.company.com A 198.51.100.10 · breeze_two.west.company.com A 192.0.2.11 · breeze_two-sm100.west.company.com A 198.51.100.11 · breeze_ps.company.com A 198.51.100.10 · breeze_ps.company.com A 198.51.100.11 · breeze.company.com A 198.51.100.9 · 198.51.100.10 PTR breeze_one-sm100.west.company.com · 198.51.100.11 PTR breeze_two-sm100.west.company.com
Certificate requirements
Following is the certificate requirement: · Websphere/HTTP identity certificates must use Asset FQDN as CN, and must include the following in the SAN: - Asset FQDN - Service FQDN - PS Cluster FQDN
Example For a single-node:
· CN breeze_one-sm100.west.company.com · SAN breeze_one-sm100.west.company.com For a multi-node on Breeze One: · CN breeze_one-sm100.west.company.com · SAN breeze_one-sm100.west.company.com,breeze-ps.company.com,breeze.company.com For a multi-node on Breeze two: · CN breeze_two-sm100.east.company.com · SAN breeze_two-sm100.east.company.com,breeze-ps.company.com,breeze.company.com
Latest software updates and patch information
Before you start the deployment or upgrade of an Avaya product or solution, download the latest software updates or patches for the product or solution. For more information, see the latest

April 2021

Avaya Aura® Presence Services Snap-in Reference

32

Comments on this document? infodev@avaya.com

Latest software updates and patch information
release notes, Product Support Notices (PSNs), and Product Correction Notices (PCNs) for the product or solution on the Avaya Support web site at https://support.avaya.com/. After deploying or upgrading a product or solution, use the instructions in the release notes, PSNs, or PCNs to install any required software updates or patches. For third-party products used with an Avaya product or solution, see the latest release notes for the third-party products to determine if you need to download and install any updates or patches.

April 2021

Avaya Aura® Presence Services Snap-in Reference

33

Comments on this document? infodev@avaya.com

Chapter 6: Deployment

Presence Services single-server deployment

Checklist for deploying a single-server Presence Services cluster

Prerequisites: You must have the following before deploying Presence Services:
· VMware ESXi installed on a server with a host IP address assigned. For the recommended VMware ESXi version, see Deploying Avaya Breeze® platform or use Avaya Virtualization Platform.
· Session Manager requires a Listen Port with the Listen Port as 5061, Protocol as TLS, and Default Domain as the login domain of endpoint devices. Without this, PPM will fail for SIP endpoints. For more information, see Administering Avaya Aura® Session Manager.

Note: If you want to deploy Avaya Breeze® platform using IPv6, log on to System Manager and go to Element > Session Manager > Global Settings, and enable the IPv6 field. Ensure that you select the Endpoints check box for the Listen Port. For more information, see "Presence and IM fails on SIP endpoints due to the PPM getHomeCapabilities fault." In the following checklist, s refers to the number of deployed Session Managers. Checklist for deploying a single-server Presence Services cluster.

No. Task

Reference

1 Administer DNS A record to resolve Avaya -- Breeze® platform hostname to Avaya Breeze® platform Management Module IP address.

2 Administer DNS A record to resolve

--

System Manager hostname to IP address.

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

34

Comments on this document? infodev@avaya.com

Presence Services single-server deployment

No. Task

Reference

3 Administer DNS A record to resolve

Cluster FQDN requirement on page 36

Presence Services Cluster FQDN to

Avaya Breeze® platform Security Module

IP address.

Do not add a reverse lookup or associated pointer (PTR) record for this address.

4 Administer a DNS A record to resolve the -- Avaya Breeze® platform Security Module FQDN. The FQDN must be in the following format: <managementhostname>-sm100.domain. For example, mybreeze101-sm100.mycorp.com, where the FQDN of the management address is mybreeze101.mycorp.com.

Also, add a reverse lookup or associated pointer (PTR) record for this IP address.

Note:

This task applies when you deploy Avaya Breeze® platform using IPv6. For example, breeze245211sm100.aam3.com will resolve IPV6 : fc00:fc00:fc00:245::212. In this example, IP fc00:fc00:fc00:245::212 is the security IP, and security IPV6 is same as security IPV4.

5

Deploy the latest available Avaya Breeze® Deploying Avaya Breeze® platform on

platform on host server.

page 37

6

Confirm that Avaya Breeze® platform

successfully replicates with System

Manager.

Confirming that Avaya Breeze platform successfully replicates with System Manager on page 39

7

Administer Avaya Breeze® platform SIP

Administering Avaya Breeze platform SIP

Entity.

Entity on page 40

8 Administer s Entity Links between Avaya Administering Entity Link between Avaya Breeze® platform and Session Managers. Breeze platform and Session Manager on page 41

9 Administer Presence Services Cluster SIP Administering Presence Services Cluster SIP

Entity.

Entity on page 41

10 Administer s Entity Links between

Administering Entity Link between Presence

Presence Services Cluster SIP Entity and Services Cluster SIP Entity and Session

Session Managers.

Manager on page 42

11 Administer Avaya Breeze® platform server.

Administering Avaya Breeze platform server on page 43

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

35

Comments on this document? infodev@avaya.com

Deployment

No. Task

Reference

12 Administer Avaya Breeze® platform cluster Administering the Avaya Breeze platform

and assign Avaya Breeze® platform

cluster on page 44

server.

13 Administer Presence Services on Avaya Administering Presence Services on Avaya

Breeze® platform Managed Element.

Breeze platform managed element on

page 45

14 Administer System Manager LHNR to

Administering System Manager LHNR to

resolve Presence Services Cluster FQDN resolve Presence Services Cluster FQDN to

to Avaya Breeze® platform Security

Avaya Breeze platform Security Module IP

Module IP address.

address on page 46

15 Administer Avaya Breeze® platform alarming.

For information, see Deploying Avaya Breeze® platform.

16 Load Presence Services snap-in.

Loading the Presence Services snap-in on page 47

17 Ensure that at least one routing domain is Configuring Presence/IM routing domain on

configured on System Manager.

System Manager on page 301

18 Install Presence Services snap-in on Avaya Breeze® platform cluster.

Installing a Presence Services snap-in on page 47

19 Administer Presence Services System service attributes.

Configuring number of users for a Presence Services cluster on page 48

20 Restart Presence Services.

Restarting Presence Services on page 268

21 Verify that Presence Services snap-in is ready to support Presence and IM.

Verifying that Presence Services snap-in is ready to support Presence and IM on page 78

Related links Presence and IM fails on SIP endpoints due to the PPM getHomeCapabilities fault on page 374

Cluster FQDN requirement
Avaya Breeze® platform Security Module FQDN and Presence Services cluster FQDN must share a common root domain. The root domain is the highest hierarchical level of the domain name, even above top-level domains such as .com and .net.
Examples of valid Avaya Breeze® platform Security Module FQDN and Presence Services cluster FQDN are as follows:
· Avaya Breeze® platform Security Module FQDN:
<management_hostname>-sm100.mydomain.com · Presence Services cluster FQDN:
cluster.mydomain.com · Root domain:
"mydomain" in mydomain.com

April 2021

Avaya Aura® Presence Services Snap-in Reference

36

Comments on this document? infodev@avaya.com

Presence Services single-server deployment
Deployment of Avaya Breeze® platform
You can deploy Avaya Breeze® platform using one of the following:
· VMware vSphere Client · Solution Deployment Manager · VMware vCenter · Kernel-based Virtual Machine The following procedure describes the deployment of Avaya Breeze® platform on VMware vSphere Client, using ESXi 6.0, 6.5, or 6.7 and the latest available Avaya Breeze® platform. For information about deploying Avaya Breeze® platform using Solution Deployment Manager or VMware vCenter, see Deploying Avaya Breeze® platform. For information about deploying Avaya Breeze® platform using Kernel-based Virtual Machine, see Deploying Avaya Breeze® platform on Kernel-based Virtual Machine for Avaya Aura®. Deploying Avaya Breeze® platform using VMware vSphere Client Before you begin · Install VMware vSphere client on the desktop. · Verify that System Manager Enrollment Password is not expired. You can verify this setting
by logging into System Manager web console, and navigating to Services > Security > Certificates > Enrollment Password. · It is recommended that an Avaya Breeze® platform license be installed on System Manager prior to deploying Avaya Breeze® platform. Else, the server will immediately be in License Error Mode. For more information, see Deploying Avaya Breeze® platform. Procedure 1. Log in to the ESXi host server using VMware vSphere Client. 2. In the Inventory list, select the ESXi host. 3. Click File > Deploy OVF Template.
The system displays the Source window. 4. Click Browse, and select the Avaya Breeze® platform OVA.
See "Key customer configuration information," row 1. 5. Click Next.
The system displays the OVF Template Details window. 6. Verify that the details displayed match the version of the Avaya Breeze® platform that you
are expecting to deploy. · If the details do not match, you may have chosen the wrong OVA. Click Back and select
the correct OVA. · If the details do match, click Next.

April 2021

Avaya Aura® Presence Services Snap-in Reference

37

Comments on this document? infodev@avaya.com

Deployment
The system displays the End User License Agreement page. 7. If you accept the End User License Agreement click Accept, and click Next.
The system displays the Name and Location page. 8. Enter a name for the Avaya Breeze® platform Virtual Machine (VM), and click Next.
See "Key customer configuration information," row 2. The system displays the Deployment Configuration page. 9. Select the configuration profile that best fits the deployment, then click Next. See "Key customer configuration information," row 3. The system displays the Disk Format page. 10. In the Datastore field, click the datastore in which you want to store the virtual machine configuration files. Each datastore might have a different space. The Available space (GB) field shows the space available in the selected datastore. 11. Select the disk provisioning format you want, then click Next. Thick Provision Eager Zeroed is recommended for an Avaya Breeze® platform installation that will support Presence Services. The system displays the Network Mapping page. 12. Refer to Avaya Breeze® platform documentation for information on Network Mapping, and click Next. 13. On the Ready to Complete page, verify the options listed. 14. Click Finish. The OVA will take several minutes to deploy. 15. Once deployment is completed, within the VMware vSphere Client, the new VM will now appear in the Inventory List under the ESX host. Select the VM. 16. Right-click and select Power > Power On. 17. With the VM still selected, right-click and select Open Console. This pops up a console window showing the VM booting. You can use Ctrl + Alt to exit the window at any time. 18. During the boot, you will see the End User License Agreement. Scroll down through this document using the spacebar. At the bottom, enter yes if you agree to the terms. The VM continues to boot. 19. Towards the end of the boot sequence you are prompted to configure the VM. Enter y to proceed.

April 2021

Avaya Aura® Presence Services Snap-in Reference

38

Comments on this document? infodev@avaya.com

Presence Services single-server deployment
20. Enter the following details:
· Hostname: See "Key customer configuration information," row 4. · IP address: See "Key customer configuration information," row 5. · Netmask: See "Key customer configuration information," row 6. · Gateway IP address: See "Key customer configuration information," row 7. · DNS domain: See "Key customer configuration information," row 8. · Primary DNS server IP address: See "Key customer configuration information," row 9. · (Optional) Secondary DNS server IP address: See "Key customer configuration
information," row 10. · (Optional) When the system prompts, Would you like to configure an HTTP proxy?,
enter y or n depending on the network configuration. If you enter y, enter the HTTP proxy FQDN or the HTTP proxy IP address. See "Key customer configuration information," row 11.
Also, add a list of internal network domains to exclude from going through the HTTP proxy, to allow direct communication to applications such asSystem Manager and Exchange servers. · Avaya Timezone Selection · Date · Time · When the system prompts, Would you like to disable NTP?, enter no. · IP/FQDN of Primary NTP Server: See "Key customer configuration information," row 12. · (Optional) IP/FQDN of Secondary NTP Server: See "Key customer configuration information," row 13. · Login ID to use for the customer account: See "Key customer configuration information," row 14. · Password for Customer Login: See "Key customer configuration information," row 15. · IP Address of the System Manager: "Key customer configuration information," row 16. · Enrollment Password: See "Key customer configuration information," row 17. Related links Customer configuration data for Presence Services on page 27
Confirming that Avaya Breeze® platform successfully replicates with System Manager
Procedure 1. On the System Manager web console, navigate to Services > Replication.

April 2021

Avaya Aura® Presence Services Snap-in Reference

39

Comments on this document? infodev@avaya.com

Deployment
2. In Replica Group column, click the appropriate Avaya Breeze® platform replication group. 3. In Replica Node Host Name column, locate your newly-deployed Avaya Breeze® platform. 4. After 2 ­ 15 minutes, verify that the status of the Synchronization Status field is green/
Synchronized. If not, see Repairing replication between Avaya Breeze® platform and System Manager. Related links Repairing replication between Avaya Breeze platform and System Manager on page 377
Administering Avaya Breeze® platform SIP Entity
About this task Administer Avaya Breeze® platform as a SIP Entity so that you can configure Session Manager to route traffic through Avaya Breeze® platform. Procedure
1. On the System Manager web console, navigate to Elements > Routing > SIP Entities. 2. Click New. 3. In the Name field, type the name of your SIP Entity.
See "Key customer configuration information," row 18. 4. In the IPv4 Address field, type the IPv4 address of the Avaya Breeze® platform Security
Module.
See "Key customer configuration information," row 19. 5. (Optional) In the IPv6 Address field, type the IPv6 address of the Avaya Breeze® platform
Security Module.
See "Key customer configuration information," row 19. 6. In the Type field, select Avaya Breeze®. 7. From the SIP Link Monitoring drop-down menu, select Link Monitoring Enabled. 8. Click Commit.
Note: If you want to deploy Avaya Breeze® platform using IPv6, repeat the above procedure by using the IPv6 address in the IPv6 Address field. For the IPv6 Address field to appear, log on to System Manager and go to Element > Session Manager > Global Settings, and enable the IPv6 field. For information about other fields, see Deploying Avaya Breeze® platform. Related links Customer configuration data for Presence Services on page 27

April 2021

Avaya Aura® Presence Services Snap-in Reference

40

Comments on this document? infodev@avaya.com

Presence Services single-server deployment
Administering Entity Link between Avaya Breeze® platform and Session Manager
About this task Create an Entity Link to connect Session Manager to Avaya Breeze® platform. You must administer separate Entity Links for Avaya Breeze® platform servers in order to open SIP listeners on the designated ports. Procedure
1. On the System Manager web console, navigate to Elements > Routing > Entity Links. 2. Click New. 3. In the Name field, type a name for the Avaya Breeze® platform SIP Entity Link.
See "Key customer configuration information," row 26. 4. In the SIP Entity 1 field, select the Session Manager instance.
See "Key customer configuration information," row 20. 5. In the SIP Entity 2 field, select the Avaya Breeze® platform SIP Entity that you created in
"Administering Avaya Breeze® platform SIP Entity." See "Key customer configuration information," row 18. 6. In the Protocol field, enter TLS. 7. In the Connection policy field, enter trusted. 8. The system automatically enters 5061 in both the Port fields. Do not change these fields. 9. Click Commit. If you want to deploy Avaya Breeze® platform on IPv6, repeat the above steps by using IPv6 address in the IP Address family field. For the IP Address family field to appear, log on to System Manager and go to Element > Session Manager > Global Settings and enable the IPv6 field. Related links Administering Avaya Breeze platform SIP Entity on page 40 Customer configuration data for Presence Services on page 27
Administering Presence Services Cluster SIP Entity
Procedure 1. On the System Manager web console, navigate to Elements > Routing > SIP Entities. 2. Click New. 3. In the Name field, enter a name for the Presence Services Cluster SIP Entity. See "Key customer configuration information," row 24.

April 2021

Avaya Aura® Presence Services Snap-in Reference

41

Comments on this document? infodev@avaya.com

Deployment
4. In the FQDN or IPv4 Address field, enter the Presence Services Cluster IP address or FQDN. See "Key customer configuration information," row 25.
5. (Optional) In the FQDN or IPv6 Address field, enter the Presence Services Cluster IP address or FQDN. See "Key customer configuration information," row 25.
6. In the Type field, click Presence Services. 7. In the SIP Link Monitoring field, click Link Monitoring Enabled. 8. Click Commit.
Note: If you want to deploy Avaya Breeze® platform using IPv6, repeat the above procedure by using the IPv6 address in the IPv6 Address field. For the IPv6 Address field to appear, log on to System Manager and go to Element > Session Manager > Global Settings, and enable the IPv6 field. Related links Customer configuration data for Presence Services on page 27
Administering Entity Link between Presence Services Cluster SIP Entity and Session Manager
Procedure 1. On the System Manager web console, navigate to Elements > Routing > Entity Links. 2. In the Name field, enter a name for Entity Link. See "Key customer configuration information," row 27. 3. In the SIP Entity 1 field, select the Session Manager instance. See "Key customer configuration information," row 20. 4. In the Protocol field, select TLS. 5. In the Port field, type 5062.
Note: Note that this port number cannot be the same as the port number administered in "Administering Entity Link between Avaya Breeze® platform and Session Manager." 6. In the SIP Entity 2 field, select the Presence Services Cluster SIP Entity. See "Key customer configuration information," row 24. 7. In the Port field, type 5061. 8. In the Connection Policy field, select trusted. 9. Click Commit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

42

Comments on this document? infodev@avaya.com

Presence Services single-server deployment
Note:
If you want to deploy Avaya Breeze® platform using IPv6, repeat the above procedure by using the IPv6 address in the IPv6 Address field. For the IPv6 Address field to appear, log on to System Manager and go to Element > Session Manager > Global Settings, and enable the IPv6 field.
Related links Administering Entity Link between Avaya Breeze platform and Session Manager on page 41 Customer configuration data for Presence Services on page 27
Administering Avaya Breeze® platform server
Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Server Administration.
2. Click New.
3. In the SIP Entity field, select the SIP entity that you created in "Administering Avaya Breeze® platform SIP Entity".
See "Key customer configuration information," row 18.
4. Ensure that the value in the UCID Network Node ID field is unique across the solution deployment so that it does not conflict with other UCID-generating entities like Avaya Aura® Communication Manager or Avaya Aura® Experience Portal.
For more information about UCID, see Deploying Avaya Breeze® platform.
5. In the Management Network Interface section, in the FQDN or IP Address field, type the IP address of the Avaya Breeze® platform Management Network Interface.
See "Key customer configuration information," row 5.
6. In the Security Module section, do the following:
a. In the IPv4 Network Mask field, type the network mask used for the SIP (Security Module) network.
b. In the IPv4 Default Gateway field, type the default gateway used for the SIP (Security Module) network.
c. In the SIP Entity IPv6 Address field, type the security IPv6. d. In the IPv6 Default Gateway field, type the default gateway IPv6 used for the SIP
(Security Module) network.
See "Key customer configuration information," row 7.
For information about Call Control PHB and VLAN ID fields, see Deploying Avaya Breeze® platform.
7. Click Commit.
A new Managed Element instance of type Avaya Breeze® platform is automatically created at Services > Inventory > Manage Elements.

April 2021

Avaya Aura® Presence Services Snap-in Reference

43

Comments on this document? infodev@avaya.com

Deployment
Note: The Commit fails if the Avaya Breeze® platform license file on WebLM does not have the sufficient capacity to allow addition of another Avaya Breeze® platform server. Related links Administering Avaya Breeze platform SIP Entity on page 40 Customer configuration data for Presence Services on page 27
Administering the Avaya Breeze® platform cluster
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration. 2. Click New. 3. In the Cluster Profile field, click Core Platform. 4. In the Cluster Name field, enter a name for the cluster.
See "Key customer configuration information," row 21. 5. In the Cluster IPv4 field, do the following to assign an IP address to the cluster:
· In a single-node deployment, assign the same cluster IP address as the Avaya Breeze® platform Security Module IP address. See "Key customer configuration information," row 19.
· In a multi-node deployment, assign a unique, routable cluster IP address. See "Key customer configuration information," row 22.
6. To deploy Avaya Breeze® platform using IPv6, do the following: a. In the Cluster IPv4 field, type the IPv4 address. b. In the Cluster IPv6 field, type the IPv6 address.
Use the same IP for both IPv4 and IPv6. For example, 10.255.245.211 and fc00:fc00:fc00:245::211.
Note:
If IPv4 and IPv6 use the third IP address, then do not relate IP management and security IP. 7. In the Cluster Fully Qualified Domain Name field, do the following: · In a single-node deployment, this field must be left blank. · In a multi-node deployment, this field is optional. But if filled in, it must resolve to the cluster IP specified in Step 5. 8. Select the Enable Cluster Database check box. 9. Select the Enable Database Auto Switchover check box.

April 2021

Avaya Aura® Presence Services Snap-in Reference

44

Comments on this document? infodev@avaya.com

Presence Services single-server deployment
10. (Optional) In the Grid password field, do the following to secure the grid data exchanged between nodes in the cluster: · Select the Use secure grid check box. · In the Grid password field, type a password. This field also applies to Geographic Redundancy. So use the same secure grid setting and password on both Geo-Redundant clusters.
11. To enable the load balancer, select the Is Load Balancer enabled? check box.
Note: The load balancer is required for multi-node only. It is not required for single node. 12. Click the Servers tab. 13. In Unassigned Servers, click the plus sign (+) next to the Avaya Breeze® platform instance created in "Administering Avaya Breeze® platform server". The Avaya Breeze® platform instance appears in the Assigned servers list. 14. Click Commit. 15. Select the cluster instance and in the Cluster instance field, select Accept New Service. Related links Administering Avaya Breeze platform server on page 43 Customer configuration data for Presence Services on page 27
Administering Presence Services on Avaya Breeze® platform managed element
Procedure 1. On the System Manager web console, navigate to Services > Inventory. 2. Click Manage Elements. 3. Click New. 4. In the Type field, select Presence Services. 5. Under Select type of Presence Server to add, click Presence Services on Avaya Breeze. 6. Click Continue. 7. In the Presence Services SIP Entity field, select the Presence Services Cluster SIP Entity. For more information, see "Administering Presence Services Cluster SIP Entity." See "Key customer configuration information," row 24. 8. In the Primary Avaya Breeze Cluster field, select the Avaya Breeze® platform cluster that you created.

April 2021

Avaya Aura® Presence Services Snap-in Reference

45

Comments on this document? infodev@avaya.com

Deployment
For more information, see "Administering Avaya Breeze® platform SIP Entity."
See "Key customer configuration information," row 21.
The system populates the Avaya Breeze Cluster IP Address field. 9. Click Commit.
Note: · Specify values in the Data Center and Geo Redundant Avaya Breeze Cluster
fields only if Presence Services is deployed for geo-redundancy. For more information, see "Administering geographic-redundant Avaya Breeze® platform cluster to a managed element." · If you modify the value either in the Primary Avaya Breeze Cluster or GEO Redundant Avaya Breeze Cluster field, then you must perform this procedure again to update the managed element. Related links Administering Presence Services Cluster SIP Entity on page 41 Administering Avaya Breeze platform SIP Entity on page 40 Administering geographic-redundant Avaya Breeze platform cluster to a managed element on page 58 Customer configuration data for Presence Services on page 27
Administering System Manager LHNR to resolve Presence Services Cluster FQDN to Avaya Breeze® platform Security Module IP address
Procedure 1. Navigate to Elements > Session Manager > Network Configuration > Local Host Name Resolution. 2. Click New.
The system displays a New Local Host Name Resolution Name Entries window. 3. In the Host Name (FQDN) field, enter the Presence Services Cluster FQDN.
See "Key customer configuration information," row 25. 4. In the IP Address field, enter the Avaya Breeze® platform Security Module IP address.
See "Key customer configuration information," row 19. 5. In the Port field, enter 5061. 6. For the remaining fields, accept the default values. 7. Repeat the above steps, but in the IP Address field, enter the Avaya Breeze® platform
Security Module IPv6 address. 8. Click Commit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

46

Comments on this document? infodev@avaya.com

Presence Services single-server deployment
Related links Customer configuration data for Presence Services on page 27
Loading the Presence Services snap-in
Before you begin Note the location of the Presence Services SVAR file.
Note: If you are upgrading from Presence Services Release 8.0 or earlier, you must delete the old SVAR file before loading the Presence Services Release 8.0.1 or newer SVAR. Procedure 1. On System Manager, click Elements > Avaya Breeze®. 2. In the navigation pane, click Service Management > Services. 3. Select the Presence Services snap-in that you want to load, and click Load. 4. On the Load Service page, click Browse and go to your snap-in file location.
See "Key customer configuration information." 5. Click Open. 6. Click Load.
The system displays an Accept End User License Agreement page. 7. Read the end user licence agreement details, and click Accept. 8. To enable the licensed features, you must load the Presence Services enhanced snap-in
as well. Locate the Presence Services enhanced SVAR file and repeat Step 1 to Step 7 to load the service to System Manager. For more information about the licensed features, see the "Licensing" chapter. Related links Licensing on page 25 Customer configuration data for Presence Services on page 27
Installing a Presence Services snap-in
Procedure 1. On System Manager, click Elements > Avaya Breeze®. 2. In the navigation pane, click Service Management > Services. 3. Select the Presence Services snap-in that you loaded earlier. See "Loading the Presence Services snap-in." 4. Click Install. Presence Services displays the list of Avaya Breeze® platform clusters.

April 2021

Avaya Aura® Presence Services Snap-in Reference

47

Comments on this document? infodev@avaya.com

Deployment
5. Select the Avaya Breeze® platform cluster that you created earlier. See "Administering the Avaya Breeze® platform platform cluster."
6. Click Commit.
The installation might take several minutes to complete. 7. To see the status of the snap-in installation, click the Refresh Table icon in the upper-left
corner of the All Services list. 8. To enable the licensed features, do the following:
a. Install the Presence Services enhanced snap-in that you loaded earlier. b. Repeat Step 1 to Step 6 to install the Presence Services enhanced snap-in service.
Note that you must install the Presence Services enhanced snap-in in the same cluster in which you installed the Presence Services snap-in. However, the order of installation is not important. For more information about the licensed features, see the "Licensing" chapter. 9. If you are upgrading to Presence Services R8.1.3, then you must execute the following command in breeze node hosting the Presence Services snap-in:
sh /opt/Avaya/snap_in/ps/psng-cli-tools-<version>-SNAPSHOT/ presAlterTable.sh For example, if you are upgrading to Presence Services R8.1.3, then execute the following command:
sh /opt/Avaya/snap_in/ps/psng-cli-tools-8.1.3.0-SNAPSHOT/ presAlterTable.sh
Note:
In a cluster of more than one node, it is enough to execute Presence Services in any one node. Related links Licensing on page 25 Loading the Presence Services snap-in on page 47 Administering Avaya Breeze platform server on page 43
Configuring number of users for a Presence Services cluster
About this task The Number of users service attribute is used to optimize the performance of the cluster. In addition to this service attribute, other Presence Services administration changes might be needed. Most changes do not need a Presence Services restart, but some do. If changing any service attributes that require a Presence Services restart, it is recommended that all such changes are made at once. Other changes can be performed later. For information about administration procedures, see Chapter 9, "Administration."

April 2021

Avaya Aura® Presence Services Snap-in Reference

48

Comments on this document? infodev@avaya.com

Presence Services multi-server deployment
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the System group. 6. In the Number of Users field, in Effective Value, type the number of users that you want to support in the Presence Services cluster. Valid values are 500 through 125000. The default value is Automatic. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. You can perform the Presence Services administration changes now or after restarting the Presence Services cluster.
Next steps Restart Presence Services after updating this service attribute.
Presence Services multi-server deployment
A multi-server deployment requires the following IP addresses, where m is the number of physical servers, and n is the number of Presence Services instances in the cluster.
· m VMware ESXi host IP addresses · n Avaya Breeze® platform Management Module IP addresses · n Avaya Breeze® platform Security Module IP addresses · One Avaya Breeze® platform Cluster IP address For example, a cluster with five physical servers, each hosting one instance of Presence Services, requires 16 IP addresses and one Presence Services Cluster FQDN.
Note: For scaling out to the maximum supported user capacities with multiple clusters, only fully utilized clusters are supported. For example, support of less than 84,000 users is not supported on two or three clusters of any number of nodes. 84,000 users is only supported on a single cluster of 9 nodes.

April 2021

Avaya Aura® Presence Services Snap-in Reference

49

Comments on this document? infodev@avaya.com

Deployment

Similarly, support of less than 168,000 users is not supported on three clusters of any number of nodes. 168,000 users is only supported by two clusters of 9 nodes each.
Additionally:
· Support of two clusters is not supported until the first cluster has reached its maximum capacity of 84,000 users on 9 nodes.
· Support of three clusters is not supported until the first two clusters have reached their maximum capacity of 168,000 users.

Checklist for deploying a multi-server Presence Services cluster

Prerequisites: You must have the following before deploying Presence Services:
· For each server in the cluster, VMware ESXi is installed on the server with a host IP address assigned. For the recommended VMware ESXi version, see Deploying Avaya Breeze® platform.
· VMware vSphere client installed to access the ESXi server. For the recommended VMware vSphere version, see the VMware documentation.
· Session Manager requires a Listen Port with the Listen Port as 5061, Protocol as TLS, and Default Domain as the login domain of endpoint devices. Without this, PPM will fail for SIP endpoints. For more information, see Administering Avaya Aura® Session Manager.

Note: Ensure that you select the Endpoints check box for the Listen Port. For more information, see "Presence and IM fails on SIP endpoints due to the PPM getHomeCapabilities fault." In the following checklist: · n refers to the number of Presence Services instances in the cluster. · s refers to the number of deployed Session Managers. Checklist for deploying a multi-server Presence Services cluster

No. Task

Reference

1

Administer n DNS A records to resolve

--

Avaya Breeze® platform hostname to

Avaya Breeze® platform Management

Module IP address.

2 Administer one DNS A record to resolve -- System Manager hostname to IP address.

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

50

Comments on this document? infodev@avaya.com

Presence Services multi-server deployment

No. Task

Reference

3

Administer n DNS A records to resolve

Cluster FQDN requirement on page 36

Presence Services Cluster FQDN to

Avaya Breeze® platform Security Module

IP address.

Do not add any reverse lookup or associated pointer (PTR) records for any of these IP addresses.

4

Administer n DNS A records to resolve

--

the Avaya Breeze® platform Security

Module FQDNs. The FQDNs must be in

the following format: <management-

hostname>-sm100.domain. For example,

mybreeze101-sm100.mycorp.com, where

the FQDN of the management address is

mybreeze101.mycorp.com.

Also, add reverse lookup or associated pointer (PTR) records for those IP addresses.

5

Deploy n latest available Avaya Breeze® Deployment of Avaya Breeze platform on

platform instances on m host servers.

page 37

6

Confirm that n Avaya Breeze® platforms Confirming that Avaya Breeze platform

successfully replicate with System

successfully replicates with System

Manager.

Manager on page 39

7

Administer n Avaya Breeze® platform SIP Administering Avaya Breeze platform SIP

Entities.

Entity on page 40

8 Administer n*s Entity Links between Avaya Breeze® platform and Session Manager.

Administering Entity Link between Avaya Breeze platform and Session Manager on page 41

9 Administer one Presence Services Cluster SIP Entity.

Administering Presence Services Cluster SIP Entity on page 41

10 Administer s Entity Links between

Administering Entity Link between Presence

Presence Services Cluster SIP Entity and Services Cluster SIP Entity and Session

Session Managers.

Manager on page 42

11 Administer n Avaya Breeze® platform servers.

Administering Avaya Breeze platform server on page 43

12 Administer one Avaya Breeze® platform Administering the Avaya Breeze platform

cluster and assign n Avaya Breeze®

cluster on page 44

platform servers.

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

51

Comments on this document? infodev@avaya.com

Deployment

No. Task

Reference

13 Do the following:

REST API clients authentication on page 346

· Enable the load balancer in the cluster See "Certificate management." configuration

· Add DNS entry and reverse (PTR) record for service FQDN to the cluster IP that is configured in the cluster configuration

The service FQDN is used by the Avaya Workplace Client clients to connect to Presence Services.
· Add the Service FQDN to the SAN field of the WebSphere and HTTP security certificates.

Note:

If the Avaya Session Border Controller for Enterprise is present in Avaya Aura® solution and Presence Services is cluster of n nodes, then you must do the following:

· Define FQDN of each node in SAN of certificate.

· Configure DNS in such a way that each FQDN is resolvable in Avaya Session Border Controller for Enterprise.

14 Administer one Presence Services on Avaya Breeze® platform Managed Element.

Administering Presence Services on Avaya Breeze platform managed element on page 45

15 Administer n System Manager LHNR

Administering System Manager LHNR to

entries to resolve Presence Services

resolve Presence Services Cluster FQDN to

Cluster FQDN to Avaya Breeze® platform Avaya Breeze platform Security Module IP

Security Module IP address.

address on page 46

16 Administer Avaya Breeze® platform alarming.

See Deploying Avaya Breeze® platform.

17 Specify the IP addresses of the SBCE or Specifying the IP addresses of the Session

proxy servers for Presence Services

Border Controller or proxy servers for

cluster load balancing.

Presence Services cluster load balancing on

page 53

18 Load Presence Services snap-in.

Loading the Presence Services snap-in on page 47

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

52

Comments on this document? infodev@avaya.com

Presence Services multi-server deployment

No. Task

Reference

19 Ensure that at least one routing domain is Configuring Presence/IM routing domain on

configured on System Manager.

System Manager on page 301

20 Install Presence Services snap-in on Avaya Breeze® platform cluster.

Installing a Presence Services snap-in on page 47

21 Administer Presence Services System service attributes.

Configuring number of users for a Presence Services cluster on page 48

22 Restart Presence Services.

Restarting Presence Services on page 268

23 Verify that Presence Services snap-in is Verifying that Presence Services snap-in is

ready to support Presence and IM.

ready to support Presence and IM on

page 78

Related links Presence and IM fails on SIP endpoints due to the PPM getHomeCapabilities fault on page 374

Specifying the IP addresses of the Session Border Controller or proxy servers for Presence Services cluster load balancing
About this task Use this procedure to specify the IP addresses of the Session Border Controller (SBC) or the remote proxy servers to load balance the Presence Services cluster. This is required only when you use SBC to control inbound and outbound sessions. If you are not using SBC servers or remote proxy servers, skip this task.
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze®.
2. Click Cluster Administration.
3. On the Avaya Breeze Clusters page, click the cluster, and then click Edit.
4. For multi-node deployment, select the Is Load Balancer enabled? check box to enable the load balancer.
Note:
The load balancer is required for multi-node only, not for single node deployment.
5. On the Cluster Editor page, in Cluster Attributes section, in the Trusted addresses for converting to use X-Real-IP for session affinity field, do one of the following:
a. Specify the IP addresses of the Session Border Controller servers or the remote proxy servers that you want to use.
b. Leave the field blank if you are not using Session Border Controller servers or remote proxy servers.

April 2021

Avaya Aura® Presence Services Snap-in Reference

53

Comments on this document? infodev@avaya.com

Deployment
6. Click Commit. Related links
Disabling Avaya Breeze platform cluster running Presence Services on page 85
Presence Services geographically redundant deployment
Presence Services support Geographic Redundancy (GR), which is essentially a disaster recovery mechanism. It provides a way for enterprises to build a highly resilient Presence and IM solution by partitioning their data centers in two distant physical sites. The data is replicated between the two sites through geo-replication which provides additional redundancy in case a data center fails or there is some other event that makes the continuation of normal functions impossible. Presence Services Geographic Redundancy solution is based on active-active deployment model. Both the data centers provide services during normal operations. The users are partitioned between the two data centers, typically in accordance with the location. During normal operations, each data center provides services to the local users. On a wide area network (WAN), geolocation can help improve network performance so that users halfway across the planet can access the same services at local-area network (LAN) speeds. When disaster occurs and one of the data center goes down, the users of that data center migrate to the other data center to receive service and continue to be operational.
Checklist for deploying geographically redundant Presence Services clusters
A geographically redundant Presence Services solution requires deployment of two multi-server Presence Services clusters that are located in different data centers or sites. Prerequisites Get the following before deploying Presence Services:
1. A Geographic Redundancy enabled Avaya Aura® deployment in which: a. System Manager must be deployed in a geographic-redundant mode. See Administering Avaya Aura® System Manager. b. Session Manager must be deployed in both data centers and be geographically redundant. See Administering Avaya Aura® Session Manager. c. Communication Manager must be deployed in both data centers and must be geographically redundant aware. See Administering Avaya Aura® Communication Manager. d. Other components, such as Application Enablement Services must be deployed accordingly. See respective documentation.
2. Two data centers with separate DNS servers.

April 2021

Avaya Aura® Presence Services Snap-in Reference

54

Comments on this document? infodev@avaya.com

Presence Services geographically redundant deployment

Considerations 1. Geographic redundancy for Presence Services is only supported on High Available deployments. 2. Each data center must have enough capacity to service the complete set of users, that is local users and the users from the other data center, to ensure continued service to all after one of the data centers is nonfunctional.

Note: The Number of Users attribute must be configured with the combined number of users in both data centers and must have the same value on both clusters. For more information, see "Configuring number of users for a Presence Services cluster." 3. Configuration of Presence Services in both data centers must be identical. That is, the clusters must have the same set of service attributes. See Chapter 9, "Administration." 4. For all solution components to detect the geographically redundant event, ensure that the data access to the damaged data center (DC) is completely disabled. In the following checklist: · DC-1 refers to data center 1. · DC-2 refers to data center 2. · n refers to the number of servers in each Presence Services clusters. Checklist for deploying a geographically redundant Presence Services cluster.

No. Task

Reference

1

Administer one multi-server Presence cluster Presence Services multi-server

in DC-1.

deployment on page 49

2

Administer one multi-server Presence cluster Presence Services multi-server

in DC-2.

deployment on page 49

3

Administer additional n DNS A records on

--

DC-1 to resolve Presence Services cluster

FQDN of DC-2 to Avaya Breeze® platform

Security Module IP address of DC-1.

4

Administer additional n DNS A records on

--

DC-2 to resolve Presence Services cluster

FQDN of DC-1 to Avaya Breeze® platform

Security Module IP address of DC-2.

5

Administer additional n System Manager

Administering System Manager LHNR to

LHNR entries to resolve Presence Services resolve Presence Services Cluster FQDN

cluster FQDN of DC-1 to Avaya Breeze®

to Avaya Breeze platform Security Module

platform Security Module IP addresses of

IP address of remote data centers on

DC-2.

page 57

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

55

Comments on this document? infodev@avaya.com

Deployment

No. Task

Reference

6

Administer additional n System Manager

Administering System Manager LHNR to

LHNR entries to resolve Presence Services resolve Presence Services Cluster FQDN

Cluster FQDN of DC-2 to Avaya Breeze®

to Avaya Breeze platform Security Module

platform Security Module IP addresses of

IP address of remote data centers on

DC-1.

page 57

7

In the DNS server in DC-1, add two new DNS Configuring data center DNS A records

A records for:

for the service FQDN on page 60

1. DC1 Service FQDN resolving to the cluster IP address of the cluster in DC-1

2. DC2 Service FQDN resolving to the cluster IP address of the cluster in DC-1.

8

In the DNS server in DC-2, add two new DNS Configuring data center DNS A records

A records for:

for the service FQDN on page 60

1. DC2 Service FQDN resolving to the cluster IP address of the cluster in DC-2.

2. DC1 Service FQDN resolving to the cluster IP address of the cluster in DC-2.

9

Add Service FQDNs of both DC-1 and DC-2 to --

the SAN field of the "Security Module HTTP

Service" and "Websphere Service" identity

certificates in each cluster node, in both data

centers.

10 In the DNS server in DC-1, add an SRV record Configuring data center HTTP SRV

resolving the HTTPS service to the Service

records for the service FQDNs on

FQDN in DC-1.

page 60

11 In the DNS server in DC-2, add an SRV record Configuring data center HTTP SRV

resolving the HTTPS service to the Service

records for the service FQDNs on

FQDN in DC-2.

page 60

12 Administer DC-2 as Geo Redundant Cluster of Administering geographic-redundant

DC-1.

Avaya Breeze platform cluster to a

managed element on page 58

13 Administer DC-1 as Geo Redundant Cluster of Administering geographic-redundant

DC-2.

Avaya Breeze platform cluster to a

managed element on page 58

14 Restart Presence Services on both Presence Restarting Presence Services on

Clusters.

page 268

15 Verify that Presence Services snap-in is ready Verifying that Presence Services snap-in

to support Presence and IM.

is ready to support Presence and IM on

page 78

16 Administer Aura users for Geographic Redundancy.

Administering Avaya Aura user for Geographic Redundancy on page 59

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

56

Comments on this document? infodev@avaya.com

Presence Services geographically redundant deployment

No. Task

Reference

17 Administer devices for Geographic Redundancy.

Administration of Avaya Aura devices for Geographic Redundancy on page 59

Related links Configuring number of users for a Presence Services cluster on page 48

Administering System Manager LHNR to resolve Presence Services Cluster FQDN to Avaya Breeze® platform Security Module IP address of remote data centers
About this task To route messages correctly and in accordance with geo-location of servers, you must create appropriate LHNR records on System Manager. In a Geographic Redundant deployment, each Presence Services cluster FQDN has all the IP addresses of Avaya Breeze® platform nodes in both data centers. However, the priority of the IP address mapping to the local data center is higher than the priority of the IP address in the remote data center.
Procedure
1. Navigate to Elements > Session Manager > Network Configuration > Local Host Name Resolution.
2. Click New.
The system displays the New Local Host Name Resolution Name Entries window.
3. In the Host Name (FQDN) field, enter the Presence Services Cluster FQDN of local data center.
4. In the IP Address field, enter the Avaya Breeze® platform Security Module IP address of the server from remote data center.
5. In the Port field, type 5061.
6. In the Priority field, enter a higher number (lower priority) compared to the same FQDN mapping to local Avaya Breeze® platform Security Module IP address.
7. For the remaining fields, accept the default values.
8. Click Commit.
Note:
For Session Managers to load-balance traffic efficiently, ensure that all high priority LHNR records have same value X and all low priority LHNR records have same value Y, where Y > X.

April 2021

Avaya Aura® Presence Services Snap-in Reference

57

Comments on this document? infodev@avaya.com

Deployment

Example Consider the following details of geographically redundant data centers:
· There are two data centers (Presence Services Avaya Breeze® platform clusters) in New York & Hong Kong.
· Each cluster has two Avaya Breeze® platform servers. · Security module IP addresses of the server in New York are 192.0.2.10 and 192.0.2.20. · Security module IP addresses of the server in Hong Kong are 192.0.3.30 and
192.0.3.40. · Cluster FQDN of New York cluster is nyps.avaya.com. · Cluster FQDN of Hong Kong cluster is hkps.avaya.com. Using the data center details, create eight LHNR records as shown in the table below.

Sample LHNR records in a geographically redundant deployment

Host Name (FQDN) nyps.avaya.com nyps.avaya.com nyps.avaya.com nyps.avaya.com hkps.avaya.com hkps.avaya.com hkps.avaya.com hkps.avaya.com

IP Address
192.0.2.10 192.0.2.20 192.0.3.30 192.0.3.40 192.0.3.30 192.0.3.40 192.0.2.10 192.0.2.20

Port
5061 5061 5061 5061 5061 5061 5061 5061

Priority
100 100 200 200 100 100 200 200

Weight
100 100 100 100 100 100 100 100

Transport
TLS TLS TLS TLS TLS TLS TLS TLS

Administering geographic-redundant Avaya Breeze® platform cluster to a managed element
Before you begin Ensure that a managed element of type Presence Services that represents the Presence Services cluster exists on System Manager.
Procedure
1. On the System Manager web console, navigate to Services > Inventory.
2. Click Manage Elements.
3. Select the Presence Services managed element representing the local data center, and then click Edit.
4. In the Data Center field, select the data center that is configured to host the primary Avaya Breeze® platform cluster.

April 2021

Avaya Aura® Presence Services Snap-in Reference

58

Comments on this document? infodev@avaya.com

Presence Services geographically redundant deployment
5. In the GEO Redundant Avaya Breeze Cluster field, select the Avaya Breeze® platform cluster that must act as a geo-redundant cluster for the primary Avaya Breeze® platform cluster. For more information about administering the primary Avaya Breeze® platform cluster, see "Administering Presence Services on Avaya Breeze® platform managed element."
6. Click Commit.
Note: If you modify the value in the GEO Redundant Avaya Breeze Cluster field, then you must perform this procedure again to update the managed element. Related links Administering Presence Services on Avaya Breeze platform managed element on page 45
Administering Avaya Aura® user for Geographic Redundancy
About this task Please refer to "User and device administration" section for general information on administering endpoints. Procedure
1. Assign a Presence Profile to the user. For more information, see "Assigning Presence Profile to a user on System Manager".
2. For a SIP user, assign a Session Manager Profile with the following values: · Primary SM: Session Manager local to the user's data center. · Secondary SM: Session Manager in the other data center.
Related links Assigning Presence Profile to a user on System Manager on page 304 User and device administration on page 298
Administration of Avaya Aura® devices for Geographic Redundancy
See "User and device administration" section for general information on administering endpoints. In a Geographic Redundant deployment, ensure that endpoint is configured with two DNS servers, where the preferred server is the local DNS and secondary server is the remote DNS. For example, an Avaya Workplace Client on Windows client in New York should use the NY-DNS server as Preferred DNS Server and the HK-DNS server as Alternate DNS Server, whereas another client in Hong Kong should use HK-DNS as Preferred DNS Server and NY-DNS as Alternate DNS Server.

April 2021

Avaya Aura® Presence Services Snap-in Reference

59

Comments on this document? infodev@avaya.com

Deployment
Related links User and device administration on page 298
Configuring data center DNS A records for the service FQDN
About this task Presence Services clients in each data center must be able to resolve the FQDN of the Presence Services cluster HTTP load balancer called the Service FQDN. The Service FQDN must resolve to the IP address that is configured as the Cluster IP in System Manager. Cluster IP is configured by using the System Manager. Procedure Configure the cluster IP address. For more information, see "Configuring the cluster IP address."
Note: The cluster fully qualified domain name or Cluster FQDN must be left empty for Geographic Redundancy configuration. It can be provisioned for other types of deployments. The Cluster Fully Qualified Domain Name attribute is available in the Basic section below the Cluster IP in System Manager. The two data center DNS servers must be configured differently from each other to ensure that clients in each data center connect to the local Presence Services cluster, even if they are provisioned to access the Presence Server cluster in the geographically remote data center. Ensure that the two data center DNS servers are configured as follows: · Data center 1 must have both the clusters Presence Services service FQDN's, such as the local cluster and the geographic remote cluster Service FQDNs resolving to the local Presence Services cluster IP address. · Similarly, data center 2 must have both the clusters Presence Services service FQDNs resolving to its local Presence Services cluster IP address. Related links Configuring the cluster IP address on page 324
Configuring data center HTTP SRV records for the service FQDNs
About this task In each data center, Avaya Aura® Device Services servers must be able to resolve the HTTP protocol to the service FQDN. You must configure the DNS servers in each data center to resolve the _http._tls.<domain-name> to the service FQDN for Presence Services cluster in that data center.

April 2021

Avaya Aura® Presence Services Snap-in Reference

60

Comments on this document? infodev@avaya.com

Modifying the Avaya Breeze® platform VM hard disk size
Procedure 1. In data center 1, configure the DNS SRV record using the following parameters: · Domain: <Presence Services SIP Entity FQDN>. For example: mycorp.com · Service: _http · Protocol: _tls · Port Number: 443 · Host Offering Service: <Breeze-Service-FQDN>. For example: my-breeze-cluster-dc1 2. In data center 2, repeat the same configuration as done in step 1 using the Service FQDN. For example: my-breeze-cluster-dc2. · Domain: <Presence Services SIP Entity FQDN>. For example: mycorp.com · Service: _http · Protocol: _tls · Port Number: 443 · Host Offering Service: <Breeze-Service-FQDN>. For example: my-breeze-cluster-dc1
Modifying the Avaya Breeze® platform VM hard disk size
About this task After you deploy the Avaya Breeze® platform profile, use vCenter or vSphere to modify the hard disk size that is allocated to each Avaya Breeze® platform VM within the cluster. You can modify the hard disk size based on the required capacity.
Note: Ensure that the hard disk size is the same for each Avaya Breeze® platform VM within the cluster. Do not perform this procedure if you are using SDM to deploy the OVA. Before you begin Modifying the hard disk size might affect the service. Ensure that you set the Presence Services cluster to Deny New Service mode before you modify the hard disk size of the Avaya Breeze® platform VM. For more information, see "Disabling Avaya Breeze® platform cluster running Presence Services." Procedure 1. Shut down each Breeze server in the cluster. Do one of the following:
· Log in as root in the Linux CLI. At the command prompt, type poweroff. · On the System Manager web console, navigate to Elements > Avaya Breeze® >
Server Administration.

April 2021

Avaya Aura® Presence Services Snap-in Reference

61

Comments on this document? infodev@avaya.com

Deployment
Select the server that you want to shut down, and then click Shutdown system. Ensure that the server is in a deny state before you shut it down. 2. Log in to vCenter or vSphere VMware management client by using administrator credentials. 3. Navigate to the virtual machine that contains the Breeze server instance and ensure that the virtual machine is turned off. 4. Click Configure > VM Hardware, and then verify the current hard disk size. 5. Click Actions. 6. Click Edit Settings. 7. Select hard disk 1, and then increase the hard disk size to the required capacity. 8. Click OK. 9. Start the virtual machine. 10. After the virtual machine starts, log in to the Linux CLI. 11. At the command prompt, type lsblk to verify the size of the main hard disk. The result of the lsblk command shows hard disk 1 as either sda or vda. 12. Repeat Step 2 to Step 11 for each Breeze server in the cluster. Ensure that all the hard disks in the cluster are of the same size. 13. Set the mode of the Presence Services cluster to Accept New Service mode. For more information, see "Enabling Avaya Breeze® platform running Presence Services." Related links Disabling Avaya Breeze platform cluster running Presence Services on page 85 Enabling Avaya Breeze platform cluster running Presence Services on page 87
Deploying Presence Services on AWS
Checklist for deploying Presence Services on AWS
This checklist describes the high-level deployment process of Presence Services on Amazon Web Services. For more information on deploying Avaya Breeze® platform on AWS, see Deploying Avaya Breeze® platform on AWS for Avaya Aura®.

April 2021

Avaya Aura® Presence Services Snap-in Reference

62

Comments on this document? infodev@avaya.com

Deploying Presence Services on AWS

No.

Task

Reference

1

Generate CloudFormation See Creating CloudFormation

template.

templates on page 63.

2

Deploy a CloudFormation For a single-node, see Deploying a

stack.

single-node CloudFormation stack on

page 64.

For a multi-node, see Deploying a multi-node CloudFormation stack on page 66.

Creating CloudFormation templates
About this task Use CloudFormation templates to create an AWS stack. In AWS, message attachments are stored in S3 rather than on the disk. You do not need to configure a maximum size for the S3 bucket.
Important: To create CloudFormation templates, use one of the following web browsers:
· Google Chrome · Mozilla Firefox AWS does not support Internet Explorer and Microsoft Edge. · To create a single-node CloudFormation template, do the following: 1. On your web browser, run the template generator by opening the awssingle.htm file. 2. In the Number of users field, enter the maximum number of users.
Tip: You can also use the slider to enter the number of users. The template generator displays what EC2 instance type is used. Max number of users selected determines the disk size, and the disk size is driven by message storage. 3. Click Generate template. A template with ps-single.yaml file name is generated. 4. Save the ps-single.yaml text file to your computer. · To create a multi-node CloudFormation template, do the following: 1. On your web browser, run the template generator by opening the awsmulti.htm file. 2. In the Number of users field, enter the maximum number of users.

April 2021

Avaya Aura® Presence Services Snap-in Reference

63

Comments on this document? infodev@avaya.com

Deployment
Tip: You can also use the slider to enter the number of users. The template generator displays the number of nodes and type of EC2 instances that are used. Max number of users selected determines the disk size. The first two nodes hold the database and use a larger disk. Remaining nodes use a smaller disk. 3. In the Number of subnets field, enter the number of subnets on which the nodes are distributed. Each subnet will be placed in a different availability zone (AZ), so the maximum number of subnets depend on the number of AZs in the AWS region. You can also use the existing subnets or create new subnets. 4. If you want to create new subnets for availability zones, select the Create subnets check box. If you are planning to use the existing subnets, do not select Create subnets. 5. Click Generate template. A template with ps-multi.yaml file name is generated. 6. Save the ps-multi.yaml text file to your computer.
Deploying a single-node CloudFormation stack
About this task CloudFormation is an Amazon Web Services service used to create a stack. A stack is a graph of objects such as EC2 instances and EBS volumes inside the Amazon cloud. Use this procedure to deploy a standalone instance by using a single-node CloudFormation template. Before you begin
· Use standard Amazon Web Services procedures to create the required network setup, including Virtual Private Cloud (VPC) settings and Security Groups.
· Generate a single-node CloudFormation template. · Ensure that you have network access to the Amazon VPC before deploying an AMI. Procedure 1. Sign in to the AWS console and navigate to Services > Management & Governance >
CloudFormation.
2. On the CloudFormation page, click Create Stack. 3. On the Create Stack page, click Select Template. 4. On the Select Template page, in the Choose a template area, click Upload a template to
Amazon S3.

April 2021

Avaya Aura® Presence Services Snap-in Reference

64

Comments on this document? infodev@avaya.com

Deploying Presence Services on AWS
5. Click Browse, and choose the singlenode yaml CloudFormation template file that you generated.
6. Click Next. 7. On the Specify Details page, in the Stack name field, type the stack name.
The stack name is used to identify the stack within CloudFormation.
Note: The stack name must start with a letter and must contain letters, numbers, and dashes. 8. In the Amazon Machine Image ID field, type the Amazon Machine Image ID (AMI ID) of the Breeze instance that you converted using AWS specific OVA.
Tip: To obtain the AMI ID of an image, go to Services > EC2 > Images > AMIs . 9. Use the public/private key pair for initial login to the node. You can login to the node by using the ssh. For more information, see https://docs.aws.amazon.com/. The node is created within an existing subnet inside a virtual private cloud. 10. In the Network area, select the required Virtual Private Cloud and Subnet. The node accesses S3 using a VPC endpoint to avoid connecting to the Internet. If the VPC endpoint is not connected to the subnet, enter its subnet's route table ID so that one can be created. 11. In the DNS area, do the following: a. In Host name field, type the DNS host name. b. In DNS Domain field, type the name of the private DNS domain to use. 12. In DNS domain field, type the name of the private DNS domain to use. This domain name represents the domain name that clients use to access service. 13. If the domain is a new domain in this VPC, set Create domain to Y. Otherwise, set it to N. For Avaya Breeze® platform Management Module FQDN, use <host>.<domain>. For Avaya Breeze® platform Security Module FQDN, use <managementhostname>sm100.<domain>.
Note: Multimedia messaging server address in Equinox client must be set to Avaya Breeze® platform Security Module FQDN. 14. Click Create. The system displays the Stacks page, which shows the stack creation status.

April 2021

Avaya Aura® Presence Services Snap-in Reference

65

Comments on this document? infodev@avaya.com

Deployment
Deploying a multi-node CloudFormation stack
Before you begin · Use standard Amazon Web Services procedures to create the required network setup, including Virtual Private Cloud (VPC) settings and Security Groups. · Ensure that you have network access to the Amazon VPC before deploying an AMI. · Create a multi-node CloudFormation template.
Procedure 1. Sign in to the AWS console and navigate to Services > Management & Governance > CloudFormation. 2. Click Create Stack. The AWS EC2 Management console displays the first page of the Create stack wizard. 3. On the Select Template page, in the Choose a template area, click Upload a template to Amazon S3. 4. Click Browse, and choose the multi-node yaml CloudFormation template file that you generated. 5. Click Next. The system displays the Specify Details page. 6. In the Stack name field, type a name for the stack. This stack name must match the stack name portion of the FQDN of the load balancer.
Note: The stack name must start with a letter and must contain letters, numbers, and dashes. 7. In the Amazon Machine Image ID field, type the Amazon Machine Image ID (AMI ID) of the image that you imported.
Tip: You can obtain the AMI ID of an image from the EC2 AMI page. On a separate browser tab, navigate to Services > EC2 > Images > AMIs. 8. Use the public/private key pair for initial login to the node. You can login to the node by using the ssh. For more information, see https://docs.aws.amazon.com/. The nodes are evenly distributed among subnets. One subnet for each availability zone (AZ). All subnets belong to the same VPC, and you can select from the drop down. All AZs are in the same AWS region. If existing subnets are used, you can select them from the drop down. 9. In the Network area, select the required Virtual Private Cloud.

April 2021

Avaya Aura® Presence Services Snap-in Reference

66

Comments on this document? infodev@avaya.com

Deploying Presence Services on AWS
10. Do one of the following depending on whether you selected the Create subnets check box when creating the multi-node CloudFormation template: · If you have selected the check box, configure the required IPv4 address range in each subnet CIDR block field.
In CIDR notation, the number of bits in the network portion of the address follows a slash. For example, 192.0.2.10/28. The address range for the subnets must fall within the address range of the VPC and must not overlap any existing subnet within the VPC. · If you did not select the check box, select the required subnets from each Subnet field.
Note:
When using existing subnets, each subnet must be in a different availability zone.
Important:
When using existing subnets, if any of the subnets do not have access to a VPC endpoint, enter this subnet route table ID in the Route Table. To separate multiple IDs, use a comma. 11. In the Load balancer certificate ARN field, type the ARN.
In AWS, an application load balancer distributes messaging traffic to the nodes. Client HTTPS connections terminate on the ALB. So, a certificate must be provisioned. The certificate and its private key must be loaded into AWS certificate manager, which identifies them using an ARN. 12. In the DNS area, do the following:
a. In the Load balancer host name field, type the DNS load balancer host name. b. In the Server-to-server host name field, type the server-to-server host name. c. In the Host name field, type the DNS host name. d. In the DNS Domain field, type the name of the private DNS domain to use. 13. If the domain is a new domain in this VPC, set Create domain to Y. Otherwise, set it to N. For FQDN of Avaya Breeze® platform Management Network Interface on node N, use <host><N>.<domain>. For FQDN of Avaya Breeze® platform Security Module Network Interface on node N, use <host><N>-sm100.<domain>.
For FQDN of load balancer, use <lb>.<domain>.
Note:
Multimedia messaging server address in Equinox client must be set to FQDN of load balancer.
For FQDN for server-to-server communication, use <s2s>.<domain>. 14. Click Create.
The system displays the Stacks page, which shows the stack creation status.

April 2021

Avaya Aura® Presence Services Snap-in Reference

67

Comments on this document? infodev@avaya.com

Deployment
Presence Services multimedia attachment storage configuration
Multimedia attachment storage
To enable an Equinox client to use multimedia attachments, Presence Services requires an attachment store. Presence Services uses different attachment stores for the following deployment methods:
· On-premise: Presence Services attachment store uses the on-cluster virtual hard disk space that is provided by the virtual host services through its datastores. You can also build the datastores from local hard disks or SAN disk arrays.
· Cloud: Presence Services uses AWS S3 storage as the attachment store, along with a local caching store.
The maximum size of a multimedia attachment file is 32 MB. You can configure the default size settings for different attachment types such as video, audio, image, and text in the Presence Services service attributes. When you exceed the attachment store limit, Presence Services automatically starts removing the oldest attachment files from the store.
Configuring iSCSI SAN
About this task This topic contains a generic procedure to configure iSCSI SAN. For specific details, see the documentation of SAN and the virtual host service that you use. Procedure
1. Install SAN and network connections on the VM host for iSCSI use. Typically, a dedicated high speed (10Gb) network link is used.
2. Configure the SAN management software to connect to the VMware host. 3. On the VMware host, configure an iSCSI adapter to connect to the iSCSI target that you
configured in step 2. 4. On the VMware host, do the following:
a. Configure a dedicated network interface to connect to the SAN. b. Scan for the storage adapter to connect to the SAN. c. Add the new iSCSI storage devices and create a new datastore. d. Add virtual hard disks to the Avaya Breeze® platform virtual machines from the new
datastore. For more information, see "Adding a second virtual hard disk to the virtual machine."

April 2021

Avaya Aura® Presence Services Snap-in Reference

68

Comments on this document? infodev@avaya.com

Presence Services multimedia attachment storage configuration
Related links Adding a second virtual hard disk to the virtual machine on page 70
Attachment storage for Presence Services deployed on-premise
In an on-premise deployment of Presence Services, each Presence Server in the Presence Services cluster can contribute to the attachment store. The storage size of each contribution can be different. Presence Services stores two copies of each multimedia attachment file on different nodes in the cluster to support redundancy in case of a hardware failure. For large deployments supporting up to the maximum number of users, a large amount of storage is required. Usage estimates based on 40 instant messages per user per day, and 5% of those having attachments, would be approximately 50 TB of storage per cluster. For these large deployments, a SAN can be used. Consider the following for storing multimedia attachment files:
· Which SAN and how many SANs to deploy. · Size of the virtual hard disks that can be attached to the Avaya Breeze® platform cluster node
based on the usage. · Which Avaya Breeze® platform cluster node will host the virtual hard disks.
Note: Avaya recommends that you configure at least two cluster nodes with the virtual hard disks for load sharing and redundancy.
Attachment storage for Presence Services deployed on Cloud
In a cloud deployment of Presence Services, Presence Services on Avaya Breeze® platform that is running on AWS server instances uses AWS S3 for multimedia attachment storage. These server instances use local server disks to cache attachment requests to reduce AWS S3 charges. You must configure the AWS S3 region and bucket attributes from the Presence Services attributes on System Manager.
About the second virtual hard disk for multimedia attachment storage
A second virtual hard disk can be added to the Avaya Breeze® platform cluster node to store the multimedia attachment files. You can assign the disk storage from any datastore that is hosted by the virtual host.

April 2021

Avaya Aura® Presence Services Snap-in Reference

69

Comments on this document? infodev@avaya.com

Deployment
Note:
If you do not add a second virtual hard disk to the Avaya Breeze® platform cluster node before installing Presence Services, then, by default, the Presence Services software creates an alternate attachment store in the /var partition on the Avaya Breeze® platform server. Presence Services creates an alternate attachment store if a second hard disk is not found. If Presence Services is installed before adding the second virtual hard disk, then you must manually move the alternate attachment store to the second virtual hard disk so that the second hard disk has no interaction with other Breeze sub-systems.

Checklist for creating a second virtual hard disk

No.

Task

Reference

1

Add a second virtual hard

Adding a second virtual hard

disk to the Avaya Breeze®

disk to the virtual

platform cluster node virtual machine on page 70

machine

2

Verify the second virtual hard Verifying the second virtual

disk

hard disk on page 71

3

Restart the cluster nodes

Restarting the cluster

node on page 72

4

Verify the attachment store Verifying the alternate

attachment store on

page 73

Adding a second virtual hard disk to the virtual machine
About this task The following is a generic procedure for adding a second virtual hard disk to a virtual machine. For detailed information, see the VMware documentation.
Procedure
1. Using a web browser, enter the FQDN or IP address of the VMware host machine using HTTPS.
2. On the VMware Getting Started page, click Launch vSphere Client (HTML5).
3. Log in to the vCenter or vSphere management client by using the administrator credentials.
4. On the virtual machine inventory page, select the Avaya Breeze® platform cluster node that you want to use to host the new virtual hard disk to store the multimedia attachment files.

April 2021

Avaya Aura® Presence Services Snap-in Reference

70

Comments on this document? infodev@avaya.com

Presence Services multimedia attachment storage configuration
5. Click Configure, and then click VM Hardware to view the current list of hardware that is configured on the virtual machine.
6. Click ACTIONS, and then click Edit Settings. 7. In the Edit Settings dialog box, on the Virtual Hardware tab, click ADD NEW DEVICE, and
click Hard Disk. 8. In the Edit Settings dialog box, on the Virtual Hardware tab, click New Hard disk, to
expand and configure the attributes of the new virtual hard disk. 9. Set the virtual hard disk attributes. Do the following:
a. In the Maximum Size field, specify the size for the virtual hard disk. b. In the VM storage policy field, select the storage policy. The default is Datastore
Default. c. In the Location field, browse and select the datastore location for the virtual hard
disk, and click OK. In this example, Win2012 SAN datastore is selected. d. In the Disk Provisioning field, select Thin Provision as the format of the disk. For
better performance, select Thick Provision Eager Zeroed. e. In the Sharing field, select No Sharing. f. In the Shares field, select Normal. g. In the Limit ­ IOPs field, select unlimited as the upper limit of I/O operations per
second allocated to the virtual hard disk. h. In the Virtual flash read cache field, select the size of the virtual hard disk that you
want to use for cache. The default is 0 MB. i. In the Disk Mode field, select Dependent. j. In the Virtual Device Node field, select SCSI Controller 0 and SCSI(0:1) New Hard
disk.
Verifying the second virtual hard disk
Procedure 1. On the Virtual Machine Inventory page, select the Avaya Breeze® platform cluster node on which the new virtual hard disk is added. 2. Click the Configure tab, and then click VM Hardware to view the current list of hardware in the virtual machine. 3. Verify that the virtual machine has two hard disks. The following example shows the original hard disk 1 is hosted on the local datastore, and the new second larger hard disk is hosted by the Win2012 SAN.

April 2021

Avaya Aura® Presence Services Snap-in Reference

71

Comments on this document? infodev@avaya.com

Deployment

Restarting the cluster node
About this task To enable the Presence Services software to store the multimedia attachment files on the new virtual hard disk, you must restart the cluster node virtual machine on which the two virtual hard disks exist. Before you begin Restarting the cluster node affects the service. Hence, ensure that you set the Presence Services cluster to Deny New Service mode before you restart the cluster node.

April 2021

Avaya Aura® Presence Services Snap-in Reference

72

Comments on this document? infodev@avaya.com

Presence Services multimedia attachment storage configuration
Procedure Do one of the following: · Log in as root in the Linux CLI. At the command prompt, type reboot. · Restart the cluster node from the Breeze server administration page on System Manager.
Verifying the alternate attachment store
About this task If you do not add a second virtual hard disk to the Avaya Breeze® platform cluster node before installing Presence Services, then, by default, the Presence Services software creates an alternate attachment store in the /var partition on the Avaya Breeze® platform server. Presence Services creates an alternate attachment store if a second hard disk is not found. You can verify if the alternate store exists by using the Avaya Breeze® platform or Presence Services server. Procedure
1. Log in to the Avaya Breeze® platform running Presence Services as a root user. 2. At the command prompt, run the lsblk --b command as shown in the following example.
If the result of the lsblk -d command shows a second virtual hard disk named sdb or vdb, then the second virtual hard disk was added successfully. Else, verify the virtual hard disk settings in the virtual machine by using the vCenter or vSphere client, and reboot the Avaya Breeze® platform server. Example
[root@breeze106 ~]# lsblk -d NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 50G 0 disk sdb 8:16 0 50G 0 disk sr0 11:0 1 1024M 0 rom [root@breeze106 ~]#
3. At the command prompt, run the ls command as shown in the following example. If the result of the ls command shows the attachments directory and its contents, the attachment store directory structure is set up correctly. Else, perform Step 4. Example
[root@ breeze106 ~]# ls -l /opt/ps total 0 drwxrwx---. 7 asset susers 66 Aug 17 10:51 attachments [root@ breeze106 ~]# ls -l /opt/ps/attachments total 0 drwxrwx---. 2 asset susers 6 Aug 17 10:51 cache drwxrwx---. 2 asset susers 31 Aug 17 10:51 conf drwxrwx---. 2 asset susers 6 Aug 17 10:51 files drwxrwx---. 2 asset susers 6 Aug 17 10:51 log drwxrwx---. 2 asset susers 6 Aug 17 10:51 tmp [root@ breeze106 ~]# ls -l /var/ps

April 2021

Avaya Aura® Presence Services Snap-in Reference

73

Comments on this document? infodev@avaya.com

Deployment

ls: cannot access /var/ps: No such file or directory expected as /var/ps directory should not exist

# this error is

4. At the command prompt, run the ls command as shown in the following example.

If the result of the ls command shows that the /var/ps directory exists and contains an `attachment' directory, perform Step 5. Else, you can install the Presence Services software and the installation will create the proper directory structure.

Example

[root@ breeze106 ~]# ls -al /var/ps total 0 drwxrwx---. 7 asset susers 61 Aug 17 12:41 attachments
5. At the command prompt, run the presBuildAttachmentDisk command with the -move option to manually move the alternate attachment store from /var/ps to /opt/ps on the second virtual hard disk.

Note:
If the Presence Services software is installed, ensure that you set Presence Services to Deny New Service mode before you move the alternate attachment store to the second virtual hard disk. This will ensure that no new multimedia file attachments are added to the attachment store while the store is being moved.
[root@ breeze106 ~]# presBuildAttachmentDisk --move presBuildAttachmentDisk.sh: Attachment 2nd disk found presBuildAttachmentDisk.sh: Attachment disk is not mounted presBuildAttachmentDisk.sh: Attachment disk partitioned successfully presBuildAttachmentDisk.sh: Attachment disk formatted successfully presBuildAttachmentDisk.sh: Attachment disk mount point added presBuildAttachmentDisk.sh: Attachment disk mounted successfully presBuildAttachmentDisk.sh: Copying files from /var/ps/attachments to /opt/ps presBuildAttachmentDisk.sh: Removing files from /var/ps presBuildAttachmentDisk.sh: Done. Restart PresenceServices snapin
Use the ls command to verify that the store structure is created.
[root@ breeze106 ~]# ls -l /opt/ps total 0 drwxrwx---. 7 asset susers 66 Aug 17 12:41 attachments
6. If everything fails and the directory structure is not created properly, run the presBuildAttachmentDisk command, to completely remove any existing directory structure and create a new empty structure.
Use the detach option to remove the existing attachment store.
[root@ breeze106 ~]# presBuildAttachmentDisk --detach presBuildAttachmentDisk.sh: Attachment alternate directory cleanup started presBuildAttachmentDisk.sh: Attachment alternate directory not found presBuildAttachmentDisk.sh: Attachment 2nd disk found presBuildAttachmentDisk.sh: Attachment disk cleanup started presBuildAttachmentDisk.sh: Attachment disk cleanup, all attachment data on /dev/ psvg/presence_services will be lost Continue (y/n) ? y presBuildAttachmentDisk.sh: Attachment disk unmounted presBuildAttachmentDisk.sh: Remove entry for /dev/psvg/presence_services in /etc/ fstab

April 2021

Avaya Aura® Presence Services Snap-in Reference

74

Comments on this document? infodev@avaya.com

Presence Services uninstallation and deletion

presBuildAttachmentDisk.sh: Done [root@ breeze106 ~]#

Use the ls command to verify that the store is removed.

[root@ breeze106 ~]# ls -l /opt/ps ls: cannot access /opt/ps: No such file or directory [root@ breeze106 ~]# ls -l /var/ps ls: cannot access /var/ps: No such file or directory [root@ breeze106 ~]#

Use the autoconfigure option to create the new attachment store structure.

[root@ breeze106 ~]# presBuildAttachmentDisk --autoconfigure presBuildAttachmentDisk.sh: Attachment disk auto configuration started presBuildAttachmentDisk.sh: Attachment 2nd disk found presBuildAttachmentDisk.sh: Attachment disk is not mounted presBuildAttachmentDisk.sh: Attachment disk partitioned successfully presBuildAttachmentDisk.sh: Attachment disk formatted successfully presBuildAttachmentDisk.sh: Attachment disk mount point added presBuildAttachmentDisk.sh: Attachment disk mounted successfully presBuildAttachmentDisk.sh: Attachment directory /opt/ps/attachments created presBuildAttachmentDisk.sh: Attachment directory /opt/ps/attachments/files created presBuildAttachmentDisk.sh: Attachment directory /opt/ps/attachments/cache created presBuildAttachmentDisk.sh: Attachment directory /opt/ps/attachments/conf created presBuildAttachmentDisk.sh: Attachment directory /opt/ps/attachments/log created presBuildAttachmentDisk.sh: Attachment directory /opt/ps/attachments/tmp created presBuildAttachmentDisk.sh: Attachment store file /opt/ps/attachments/conf/store created presBuildAttachmentDisk.sh: Attachment hash file /opt/ps/attachments/conf/hash created presBuildAttachmentDisk.sh: Done [root@ breeze106 ~]#

Use the ls command to verify that the store structure is created.

[root@ breeze106 ~]# ls -l /opt/ps total 0 drwxrwx---. 7 asset susers 66 Aug 17 13:04 attachments

[root@ breeze106 ~]# ls -l /var/ps ls: cannot access /var/ps: No such file or directory expected [root@ breeze106 ~]#

# this is

Presence Services uninstallation and deletion
Uninstalling a snap-in service
About this task When you uninstall the Presence Services snap-in, Presence Services service attributes are not removed. For more information, see Chapter 9, "Administration."

April 2021

Avaya Aura® Presence Services Snap-in Reference

75

Comments on this document? infodev@avaya.com

Deployment
Before you begin Ensure that you set the Presence Services cluster to Deny new services mode. Procedure
1. On the System Manager web interface, click Elements > Avaya Breeze®. 2. In the navigation pane, click Service Management. 3. On the Service Management page, click Services and select the check box for the
PresenceServices snap-in version that you want to install. 4. Click Stop, and click Uninstall. 5. On the Confirm uninstall service page, perform the following steps:
a. Select the cluster. b. Select the Do you want to force the uninstall? check box to force the uninstall. c. Click Commit. Next steps To verify that the snap-in service is uninstalled, perform the following steps: 1. On the Server Administration page, verify that the Service Install Status field shows Uninstalling. 2. On the Service Management page, verify that the State field shows Loaded.
Note: If the snap-in is installed on any other clusters, the State field will still show Installed. 3. On the Cluster Administration page, verify that the Service Status page does not display the uninstalled service.
Deleting a snap-in service
About this task After all versions of the Presence Services snap-in have been deleted, Presence Services service attributes are removed. For more information, see Chapter 9, "Administration." Before you begin Ensure that the snap-in service is uninstalled. Procedure
1. On the System Manager web interface, click Elements > Avaya Breeze®. 2. In the navigation pane, click Service Management. 3. On the Service Management page, perform the following steps:
a. Click Services and select the check box for the PresenceServices snap-in that you uninstalled, and click Delete.

April 2021

Avaya Aura® Presence Services Snap-in Reference

76

Comments on this document? infodev@avaya.com

Presence Services uninstallation and deletion
b. Select the Please Confirm check box to confirm the deletion. c. Click Delete. Next steps Verify that the Service Management page does not display the deleted service.
Manually deleting the multi-media attachments
About this task In Presence Services Release 8.1, when you uninstall the Presence Services snap-in, you must manually delete the multi-media attachments. Procedure
1. For local file systems and SAN, go to the following directory and delete all the files: /opt/ps/attachments
2. For Amazon S3, go to the following directory and retrieve the name of the bucket that is used to store the multi-media attachment files: /opt/ps/attachments/conf The bucket name is located in the store.properties file under the /opt/ps/ attachments/conf directory of the Presence Server file system. For more information, see https://docs.aws.amazon.com/AmazonS3/latest/user-guide/ delete-bucket.html

April 2021

Avaya Aura® Presence Services Snap-in Reference

77

Comments on this document? infodev@avaya.com

Chapter 7: Post deployment verification

Verifying that Presence Services snap-in is ready to support Presence and IM
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration. 2. Locate the row for the cluster, and verify that: · The Cluster Profile field shows Core Platform. · The Cluster State field shows Accepting. · The Cluster Database field is green, and the value of Number of active connections for the active is not zero. · The Data Replication field shows a green checkmark. · The Service Install Status field shows a green checkmark. · The Tests Pass field shows a green checkmark. · The Data Grid Status field shows Up or is green. · The Overload Status field shows a green checkmark. 3. On the row for the cluster, use the arrow in the Details column to display the servers assigned to this cluster. 4. For each server, verify that: · The Security Module field shows Up. · The value of the Server Version field is correct. · The Server State field shows Accepting. · The Cluster Database field is green. · The Cluster Database Connection shows a green checkmark. · The Data Replication field shows a green checkmark. · The Service Install Status field shows a green checkmark. · The Tests Pass field shows a green checkmark.

April 2021

Avaya Aura® Presence Services Snap-in Reference

78

Comments on this document? infodev@avaya.com

Presence Services logging
· The Data Grid Status field shows Up. Following is an example of a single-server Presence Services cluster that is ready to support Presence and IM:

5. Navigate to Elements > Avaya Breeze® > Service Management > Services.
6. Locate the row for the Presence Services snap-in, and click on the Presence Services link within the Name column.
The system displays a PresenceServices: Avaya Breeze® Instance Status window.
7. Verify that the Service Install Status column shows Installed and a green checkmark in one or more rows.
8. Verify that the Cluster Name column identifies the expected cluster.
Following is an example of a Presence Services snap-in that is installed on a single-server cluster:

Presence Services logging
Presence Services logs are stored on the Avaya Breeze® server nodes in the following directory: /var/log/Avaya/services/PresenceServices/.

April 2021

Avaya Aura® Presence Services Snap-in Reference

79

Comments on this document? infodev@avaya.com

Post deployment verification
Multiple log files may be present, but the most recent application logs are available in the ps.log file. In a multi-server deployment, each node has its local logs only and they should be collected manually from each server to fetch the complete view of logs for the cluster.
By default, the application log level is set to INFO. To change the log level, see "Changing the logging level."
Presence Services also supports component level logging using the presLog CLI command. For more information, see "presLog."
Related links presLog on page 394 Changing the logging level on page 330

April 2021

Avaya Aura® Presence Services Snap-in Reference

80

Comments on this document? infodev@avaya.com

Chapter 8: Upgrade

Upgrading from Presence Services 7.1.x or later to Presence Services 8.0 or later
Before you begin · For Presence Services Release 8.0.1 and later, ensure that you delete previous versions of the snap-in before you load the new version. In this scenario, the existing attribute configuration is not preserved, so you must record all existing values before you proceed.
Important: A script is available to assist in recording the existing values. If the presAttributes command is not available, a copy of the script is available inside the PresenceServices-OptionalComponents.zip folder which is part of the PresenceServices-Bundle.zip folder. Copy this script to any Breeze node in your cluster and execute it as a privileged user. Note that encrypted values such as passwords and tokens are not revealed. Copy the values to a temporary place for reference, and use it to manually enter them again after upgrading. Procedure 1. Download the newer version of Presence Services from PLDS. 2. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration. 3. Select the cluster that you want to update. 4. Click Cluster State > Deny New Service. 5. Click Service Management > Services. 6. Click Stop. 7. Wait for all existing 7.1.x and 8.x.x versions of Presence Services to be in the Stopped state. 8. Click Uninstall. 9. Select all the clusters that you want to update, and select the check box to force the uninstall. 10. Click Commit. 11. Wait for all existing 7.1.x and 8.x.x versions of Presence Services to be in the loaded state.

April 2021

Avaya Aura® Presence Services Snap-in Reference

81

Comments on this document? infodev@avaya.com

Upgrade
12. Select all existing 7.1.x and 8.x.x versions of Presence Services. 13. Click Delete and confirm in the pop-up dialog that appears. 14. Upgrade Avaya Breeze® to the correct version. For more information on the supported
versions, see the latest release notes. For information on upgrading Avaya Breeze®, see Upgrading Avaya Breeze® platform. 15. On the System Manager web console, navigate to Elements > Avaya Breeze® > Service Management > Services. 16. Click Load, and browse to the new Presence Services-8.x.x.x.x.svar file. 17. Click Load. 18. Select the new loaded Presence Services service. 19. Click Install. 20. Select the cluster that you want to update. 21. Click Commit. 22. Wait for the new Presence Services to be in the Installed state. 23. Navigate to Elements > Avaya Breeze® > Configuration > Attributes 24. Select the Service Clusters tab and do the following:
a. In the Cluster drop-down, click cluster that you want to update. b. Select PresenceServices from the Service drop-down. 25. Re-apply all the previous service attribute configurations, and click Commit. 26. Navigate to Elements > Avaya Breeze® > Cluster Administration. 27. Select the cluster you updated. 28. Click Cluster State > Accept New Service.

Checklist for upgrading a Geographic Redundant deployment
If you are upgrading Presence Services deployed in Geographic Redundant mode, choose to do either of the following:
· Upgrade both data centers at once.
This upgrade option is service impacting and Presence Services are not available during the duration of the upgrade. Use the instructions provided in release notes to upgrade both data centers at the same time. · Upgrade one data center at a time
This upgrade option provides ability to do in-service upgrades, that is the Presence Services is available to the users of both the data centers while one of the data center is upgrading.

April 2021

Avaya Aura® Presence Services Snap-in Reference

82

Comments on this document? infodev@avaya.com

Disabling access to a data center

Warning: Upgrading a data center may impact Avaya Aura® services other than Presence Services. Upgrades should be scheduled during a maintenance window to avoid any service disruptions. In the following checklist, the two data centers are referred as DC-1 & DC-2

Checklist for performing in-service upgrade in a geographic redundant deployment.

No.

Task

Reference

1

Disable access to

Disabling access to a data center on

DC-1.

page 83

2

Perform DC-1 upgrade Upgrading from Presence Services 7.x to a

newer version on page 81

3

Enable access to

Enabling access to a data center on

DC-1.

page 85

4

Disable access to

Disabling access to a data center on

DC-2

page 83

5

Perform DC-2 upgrade Upgrading from Presence Services 7.x to a

newer version on page 81

6

Enable access to DC-2 Enabling access to a data center on

page 85

Disabling access to a data center
About this task The administrator must disable access to a data center undergoing an upgrade / failure / switchover. This ensures that the users serviced from this data center migrate to the other data center successfully. It is recommended that the whole data center is disabled by disconnecting it from the network or similar mechanisms. If it's not possible to do so, follow the procedure provided. Procedure To disable access to a data center, use the following flowchart.

April 2021

Avaya Aura® Presence Services Snap-in Reference

83

Comments on this document? infodev@avaya.com

Upgrade

April 2021

Avaya Aura® Presence Services Snap-in Reference

84

Comments on this document? infodev@avaya.com

Disable DNS
Disable DNS
The actual procedure to disable DNS server depends on the type of DNS deployed in the network and the host operating system. The administrators need to ensure that the target DNS is no longer providing services and the clients configured with this DNS server start using their secondary DNS, that is the DNS of the other data center.
Disabling Session Manager
Procedure 1. On the System Manager web console, navigate to Elements > Session Manager > Dashboard. 2. Select all Session Manager located in the target data center set the Service State to Deny New Service.
Disabling Avaya Breeze® platform cluster running Presence Services
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration. 2. Select the Presence Services cluster, and change the Cluster State to Deny New Service. 3. Uninstall Presence Services. For more information, see "Uninstalling a snap-in service."
Related links Uninstalling a snap-in service on page 75
Enabling access to a data center
Procedure To enable access to a data center, use the following flowchart.

April 2021

Avaya Aura® Presence Services Snap-in Reference

85

Comments on this document? infodev@avaya.com

Upgrade

April 2021

Avaya Aura® Presence Services Snap-in Reference

86

Comments on this document? infodev@avaya.com

Enabling Avaya Breeze® platform cluster running Presence Services
Enabling Avaya Breeze® platform cluster running Presence Services
Before you begin Ensure that the Avaya Breeze® platform servers running the Presence Services are recovered / powered up. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration.
2. Select the Presence Services cluster, and change the Cluster State to Accept New Service.
Enabling Session Manager
Before you begin Ensure that the servers running Session Manager are recovered / powered up. Procedure
1. On the System Manager web console, navigate to Elements > Session Manager > Dashboard.
2. Select all Session Manager located in the data center undergoing upgrade and set the Service State to Accept New Service.
Enable DNS
Ensure that the servers running DNS are recovered and powered up. The actual procedure to enable DNS server depends on the type of DNS deployed on the network and the host operating system. Ensure that after the data center is upgraded, the clients are able to use their primary DNS in local data center.

April 2021

Avaya Aura® Presence Services Snap-in Reference

87

Comments on this document? infodev@avaya.com

Upgrade
Considerations for upgrading Microsoft Federation deployment to Release 8.1.1
For upgrading from Microsoft federation deployment Release 7.0.x, 7.1.x, or 8.0 to Release 8.0.1 or later, note the following:
· Presence Services configuration attributes earlier in the S4B Federation group are replaced with a new Microsoft Federation group. You must manually migrate to the new Microsoft Federation group for 8.0.1 or later.
· Use of the AMM federation relay for Intra-enterprise federation is no longer required or supported.
· Intra-enterprise federation between two different domains is now supported. This federation works directly with the Microsoft Front End server and not the Microsoft Edge server as in previous 7.0.x and 7.1.x releases.
· Inter-enterprise federation between two different domains requires use of the at the edge of the Avaya Aura® network.
For more information, see "Microsoft Real Time Communication (RTC) Federation" section.
Related links Microsoft Real Time Communication (RTC) Federation on page 125

April 2021

Avaya Aura® Presence Services Snap-in Reference

88

Comments on this document? infodev@avaya.com

Chapter 9: Administration
About Presence Services administration
Presence Services functionality is administered through service attributes on System Manager at Elements > Avaya Breeze® > Configuration > Attributes. These attributes can be configured at a system level by using the Service Globals tab, and the attributes can be selectively overridden at a cluster level by using the Service Clusters tab.
Note: Avaya recommends that you configure the Presence Services service attributes at the cluster level by using the Service Clusters tab. This ensures that each cluster is configured independently. In Presence Services, only one attribute, that is Access Control Policy, can be administered on a Service Profile basis. Note the following for the XMPP Federation service attributes: · There are four instances of the XMPP Federation group: XMPP Federation 1, XMPP Federation 2, XMPP Federation 3, and XMPP Federation 4. · Different XMPP Federation group instances should be administered if Presence Services is federated with more than one XMPP server, and any of the following conditions are met:
- An administrator wants the ability to enable or disable the federations independently. For instance, Presence Services is federated with two Ignite Realtime Openfire servers, and an administrator wants the ability to enable federation to one server while disabling federation to the other server.
- Presence Services is federated to different kinds of XMPP servers. For instance, Presence Services is federated with an Ignite Realtime Openfire server and a pre-7.0 Presence Services server.
- An administrator wants the ability to configure the federations independently. For instance, Presence Services is federated with two Ignite Realtime Openfire servers, one using TLS and the other using TCP.

April 2021

Avaya Aura® Presence Services Snap-in Reference

89

Comments on this document? infodev@avaya.com

Administration
Access control policy
Presence Services uses the Avaya Breeze® platform service attribute to set the global, cluster, or user access control policy.
System Manager ACL configuration at Users > User Management > System Presence ACLs, used for releases of Presence Services deployments before release 7.0, is not applicable.
ACL does not support federated domains that have more than six characters in their top-level domain. For example, a Skype for Business (S4B) user with the address user1@example.systems is not supported as the top-level domain "systems" has more than six characters.
Access control determines whether a watcher can view a user's presence. There are three policy levels: ALLOW, BLOCK, and CONFIRM.
· ALLOW makes a user's presence public for all watchers. · BLOCK makes a user's presence private for all watchers. · CONFIRM gives the user the choice to allow or block presence for a particular watcher
through an authorization request presented to the user by the presence client. For example, the Avaya one-X® Communicator displays an authorization dialog box as shown in the figure below:

When changing an access control policy from ALLOW or BLOCK to CONFIRM, the presentity clients do not display access control authorization requests until after the presentity logs out and then logs back in again. When changing the policy from CONFIRM to ALLOW or BLOCK, previous access control authorizations continue to apply. To remove all previous access control decisions, use the access control script tool.
Note:
The default access control policy must not be set to CONFIRM if non-ACL-capable endpoints are deployed.

April 2021

Avaya Aura® Presence Services Snap-in Reference

90

Comments on this document? infodev@avaya.com

Access control policy
The access control policy is effective immediately. The new watcher requests receive an authorization request on the presentity's Avaya one-X® Communicator client. The existing watchers do not receive any new presence updates until the presentity logs out and logs in again. After the presentity logs in again, they get an authorization request for anyone who was watching the presentity before, or has just requested to watch them. Immediate authorization requests are avoided on all existing presentities who are watched, as it impacts the network. For example, if there are 125,000 presence users with 25 contacts each, there would be more than 3 million authorization requests. Batching of requests is required, adding complexity and potential new problems.
Related links Configuring access control policy on page 91
Configuring access control policy
About this task Presence Services communicates with System Manager to modify ACLs. If extended hostname validation is enabled, ensure that the System Manager identity certificate CN/SAN (DNSname) field matches the FQDN/IP configured when the Breeze server was installed and first set-up. For more information, see "Extended hostname validation." Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service for which you want to configure
the access control policy. 5. On the Attributes Configuration page, navigate to the Access Control group. 6. In the Access Control Policy field, in Effective Value, click Allow, Block, or Confirm. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. Related links Access control policy on page 90 Extended hostname validation on page 356

April 2021

Avaya Aura® Presence Services Snap-in Reference

91

Comments on this document? infodev@avaya.com

Administration
Collectors

AES Collector

AES Collector allows Presence Services to report telephony Presence from Communication Manager endpoints. AES Collector collects events from H323 and DCP telephones and SIP telephones administered as OPTIM extensions.
The number of AES servers that AES Collector can use is not limited. If you want AES Collector to use an AES server, ensure that the AES server is added to the System Manager Inventory list. If you want to prevent AES Collector from using an AES server, remove the AES server from the System Manager Inventory list. The System Manager Inventory list is used by AES Collector to identify the pool of AES servers that it can acquire a user from.
For more information about adding AES to the System Manager Inventory list, see the Administering Avaya Aura® System Manager guide.
For more information about configuring AES, see the Administering Avaya Aura® Application Enablement Services guide.
AES Collector collects events for any user with AES Collection explicitly enabled in the Presence communication profile, or enabled through the AES system policy. The AES system policy is at Elements > Presence > Configuration > Publish Presence with AES Collector ­ Default. For more information, see "Enabling Application Enablement Services collection for a user on System Manager". AES Collector sequentially tries the AES servers configured in the System Manager Inventory until it acquires the user from that AES.
Related links Enabling Application Enablement Services collection for a user on System Manager on page 305

Checklist for integrating AE Services with Presence Services

No. Task

1

Set up AE Services. Do the following:

· Deploy AE Services.

· Set up AE Services licenses.

Server AE Services server

Reference
See the Avaya Aura® Application Enablement Services deployment guides and Administering Avaya Aura® Application Enablement Services guide.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

92

Comments on this document? infodev@avaya.com

Collectors

No. Task

Server

2

Add an Application Enablement

System Manager

Services instance to System Manager.

Note:

· Specify the hostname of the AE Services server in the aes.aesMachineName.name attribute when adding the AE Services element.

Reference
For more information on Adding an Application Enablement Services instance to System Manager, see the Upgrading Avaya Aura® Application Enablement Services guide.

· Assign Communication Manager as the application for the AES element.

· When configuring AE Services element in Services > Inventory > Manage Elements, click New and in the Type field, select Application Enablement Services, and you must set up General, Access Profile, and Port sections.

3

Set up switch connection on the AE

AE Services server See the Administering Avaya

Services server.

Aura® Application Enablement

Services guide.

4

Configure Communication Manager.

Communication

Manager

See Configuring Communication Manager to integrate AES with Presence Services on page 94.

5

Create a CTI user account in AES for AE Services server See the Administering Avaya

Presence Services.

Aura® Application Enablement

Note:

Services guide.

Ensure that the CTI user account password does not contain a semicolon in it. If the password contains a semi-colon, the authentication fails on the AE server.

6

Configure the CTI user account in the Presence Services See Configuring AES

Presence Services attributes for AE

Collector on page 96.

Services Collector.

Note:

Ensure that the CTI user account password does not contain a semicolon in it. If the password contains a semi-colon, the authentication fails on the AE server.

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

93

Comments on this document? infodev@avaya.com

Administration

No. Task

Server

Reference

7

Add TSAPI link between AES and

Communication Manager.

AE Services server

See the Administering Avaya Aura® Application Enablement Services guide.

8

Create End Entity for AE Services in

System Manager

See the Administering Avaya

System Manager

Aura® Application Enablement

Services guide.

9

Generate the AE Services server

System Manager

See the Administering Avaya

certificate by using System Manager.

Aura® Application Enablement

Services guide.

10 Download the System Manager CA

System Manager

certificate that signed the AE Services

server certificate by using System

Manager.

See the Administering Avaya Aura® Application Enablement Services guide.

11 Import the AE Services services server AE Services server See the Administering Avaya

certificate and System Manager CA

Aura® Application Enablement

certificate into the AES server.

Services guide.

Configuring Communication Manager to integrate AES with Presence Services
Procedure
1. Log in to Communication Manager by using Putty.
2. Run the change node-names IP command and do the following on the change node names IP page:
a. In Name, type a name for the AES IP node.
b. In IP Address, type the IP address of the AES server.
c. Save the changes.
3. Run the change system-parameters customer-options command and do the following on the change system -parameters customer-options page:
a. In Computer Telephony Adjunct Links, type y.
b. Save the changes.
4. Run the add cti-link <x> command, where <x> is the CTI link number that is not assigned anywhere else in Communication Manager. Do the following on the change ctilink <x> page:
a. In Extension, type an extension number that complies with the numbering plan and is not assigned anywhere else in Communication Manager.
b. In Type, type ADJ-IP.
c. In Name, type a name for the AES link. For example, Link_To_Aes130.
d. Save the changes.

April 2021

Avaya Aura® Presence Services Snap-in Reference

94

Comments on this document? infodev@avaya.com

Collectors
5. Run the change ip-services command and do the following on the change ip-services page: a. In Service Type, type AESVCS. b. In Enabled, type y. c. In Local Node, type procr or clan depending on what is configured for your setup. d. In Local port, type 8765. e. In AE Services Server, type the hostname of the primary AES server. f. In Password, type the password of the AES switch connection.
Note:
The AES switch connection password must have 12 characters and must match the password that is configured on the AES server for the AES switch connection. g. In Enabled, type y. h. Save the changes. 6. To generate the universal call ID (UCID) and send it over the Adjunct Switch Application Interface (ASAI) protocol, run the change system-parameters features command and do the following on the change system-parameters features page: a. In Create Universal Call ID (UCID), type y. b. In UCID Network Node ID, type an identity number for the UCID network node.
This value must be unique within the network. c. In Send UCID to ASAI?, type y. d. Save the changes. 7. Run the change signaling-group <n> command, where <n> is the signaling group number that is configured in the trunk group.
This trunk group is configured in the route pattern of the AAR digit analysis table. This AAR digit analysis table contains the first digits of the extension numbers.
Do the following on the change signaling-group <n> page:
In IMS Enabled, type n. 8. Run the save translation all command to save the changes. 9. To perform automatic alternate routing (AAR) analysis, run the change aar analysis
<n> command, where <n> is the first digit of the extension number. Do the following on the change aar analysis <n> page:
If the numbering format at trunk is set to private, in Call Type, type lev0, lev1, or lev2 depending on the network level configuration for the route pattern. 10. Run the status aesvcs cti-link command to verify the status of TSAPI link.

April 2021

Avaya Aura® Presence Services Snap-in Reference

95

Comments on this document? infodev@avaya.com

Administration
Configuring AES Collector
About this task If extended hostname validation is enabled, ensure that the AES collector's identity certificate CN/SAN (DNSname) field matches the FQDN/IP of the AES. If you change the enabled or disabled behavior on Presence Services specifically for AES, you must restart the service in order for the changes to take effect. Failing the hostname validation will impact Presence Services ability to connect with AES and you will receive phone-related presence events (for non-presence capable phones). For more information, see "Extended hostname validation". Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the AES Collector group. 6. In Effective Value, do the following:
a. In the AES Collector Enabled field, click True.
The default value is False. b. In the Default On-Hook State field, click Available or Offline to set the on-hook state
of devices that are not supporting registration events.
The default value is Available. c. In the AES Server Username field, type the user name that the AES collector must
use when connecting to the AES server. d. In the AES Server Password field, type the password that the AES collector must
use when connecting to the AES server.
Note:
Ensure that the CTI user account password does not contain a semi-colon in it. If the password contains a semi-colon, the authentication fails on the AE server. e. In the Publish DND Status field, click True to enable the AES collector to publish Do Not Disturb (DND) status.
The default value is False. f. In the Away Timer (mins) field, type the time, in minutes, to change the state to away
after a call is disconnected.
The default value is 0. g. In the Out-of-Office timer (mins) field, type the time, in minutes, to change the state
to out-of-office after a call is disconnected.
The default value is 0.

April 2021

Avaya Aura® Presence Services Snap-in Reference

96

Comments on this document? infodev@avaya.com

Collectors
7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.
If you change any of the following attributes, you must restart the AES Collector: · AES Server Username · AES Server Password · Publish DND Status · Away Timer (mins) · Out-of-Office timer (mins) To restart AES Collector, restart Presence Services. For more information, see "Restarting Presence Services." 9. Install the root CA certificate. If the certificate on AES was signed by a certificate authority, install the root CA certificate from the authority. Else, install the AES self-signed certificate generated during the AES installation. Related links Extended hostname validation on page 356 Restarting Presence Services on page 268
Installing the root CA certificate
About this task For AES prior to Release 6.x, use the product certificate in the ZIP bundle. For AES Release 7.x or AES Release 6.x using 3rd party certificate, the CA signing the AES certificate needs to be imported into Avaya Breeze® platform. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration.
2. Click Cluster State > Deny new service. 3. Select the Avaya Breeze® platform cluster. 4. Click Certificate Management > Install Trust Certificate (All Avaya Breeze Instances). 5. In the Select Store Type to install trusted certificate field, select All. 6. Click Browse and choose the certificate file. 7. Click Retrieve Certificate. 8. Click Commit. 9. Click Reboot.
Wait for the Avaya Breeze® platform cluster reboot to be finished

April 2021

Avaya Aura® Presence Services Snap-in Reference

97

Comments on this document? infodev@avaya.com

Administration
10. Click Custer State > Accept New Service.
Configuration of AES Collector in a Geographic Redundant deployment
To configure AES Collector on Presence Services deployed in Geographic Redundant mode, AES Collector must be configured on Avaya Breeze® platform clusters in both data centers. See "Configuring AES Collector" to configure AES Collector on each cluster.
During normal operations, a user enabled for presence collection through AES Collector is managed by the home data center as configured in Presence Profile. When the data center is not operational, the remote data center automatically takes over the collection of presence information of the user.
Related links Configuring AES Collector on page 96
AES Collector network routing configuration
AES Collector connects to the AE Server using regular Linux routing rules. As the Avaya Breeze® platform default network route is associated with the Management Network Interface, outbound connections to the AE Server will use the Management Network Interface by default. To enable AES Collector to use the Avaya Breeze® platform Security Module Network Interface, the AE Server must be on the same subnet as the Avaya Breeze® platform Security Module Network Interface.
Exchange Collector
Exchange Collector is a Presence Server component which provides integration with an Microsoft (MS) Exchange Enterprise deployment. Exchange Collector collects and publishes the Calendar and Out of Office Assistant information for Exchange Mailboxes. The Exchange Mailbox servers manage Exchange Mailboxes.
The Exchange server provides an availability service, which makes the availability information of the users available to the external clients. Exchange Collector functions as one of these clients. Exchange Collector uses a polling mechanism to collect Calendar and Out of Office Assistant records from the Exchange server by using MS Exchange Web Service (EWS) and converts these records into presence events. Exchange Collector only collects for Aura users that are configured with a Microsoft Exchange communication address in their communication profile.
Presence Services supports the following versions of MS Exchange Server:
· 2007
· 2010
· 2010 Service Packs
· 2013
· 2016

April 2021

Avaya Aura® Presence Services Snap-in Reference

98

Comments on this document? infodev@avaya.com

Collectors
Note:
MS Exchange 2010 requires impersonation. However, for MS Exchange 2013 and 2016, you must run the following command for all used mailboxes, instead of configuring impersonation:
Add-MailboxPermission -Identity username@domain -user psadmin AccessRights FullAccess -InheritanceType all
Where, psadmin is the Exchange Server user name.
For more information, see "Configuring Exchange Collector".
Before you run the command, create or import the Presence Services session. For more information, see "Creating or importing a Presence Services session".
Exchange Collector connects to the Microsoft Exchange server securely using TLS. This connection requires that a Microsoft Exchange server certificate be installed into the Avaya Breeze® platform cluster where Exchange Collector is enabled. Typically, the CA certificate should be installed, as the CA certificate is used to sign the certificates for all the Microsoft Exchange servers in the network if there is more than one. Otherwise, a certificate for each Microsoft Exchange server must be imported into the cluster.
Related links Configuring Exchange Collector on-premise on page 102 Creating and importing a Presence Services session on page 101
Importing certificate in Avaya Breeze® platform
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration. 2. Select the Avaya Breeze® platform cluster to import the certificate into. 3. Click Certificate Management. 4. Select the Install Trust Certificate (All Avaya Breeze Instances) option. 5. On the Install Trusted Certificate page, in the Store Type to install trusted certificate field, select ALL. 6. Click Browse and select the certificate file exported earlier. 7. Click Retrieve Certificate. 8. Click Commit.
Exporting certificates from Microsoft Exchange server
About this task The following procedure describes how to extract the required certificate from an Exchange 2010 server. For newer versions of Microsoft Exchange, refer to Microsoft Exchange documentation.

April 2021

Avaya Aura® Presence Services Snap-in Reference

99

Comments on this document? infodev@avaya.com

Administration
Procedure 1. Start the Exchange Management Console. 2. Select Server Configuration. 3. Select the Exchange server from the list of servers in the top middle window. 4. Select Export Exchange Certificate from the Action list.

Repeat this procedure for each Microsoft Exchange server in the Exchange cluster. Alternatively, the CA certificate that was used to sign the certificate for each individual Exchange Server can be imported into the Avaya Breeze® platform cluster. This approach reduces the number of certificates that need to be exported from Exchange and imported to the Avaya Breeze® platform cluster.
Exporting certificates from Microsoft Office 365
About this task
Use the following procedure to export the required certificate from Microsoft Office 365.
Procedure
1. Go to https://www.digicert.com/digicert-root-certificates.htm and download Digicert Global Root CA certificates with the .pem extension.

April 2021

Avaya Aura® Presence Services Snap-in Reference

100

Comments on this document? infodev@avaya.com

Collectors

2. Go to https://www.digicert.com/digicert-root-certificates.htm and download Baltimore CyberTrust Root certificate.

Checklist for integrating Exchange Collector with Presence Services

#

Task

Server

Notes

1

DNS Requirement:

Presence server

Ensure all Client Access

Servers (CAS) in the

Exchange deployments

are resolvable by the

Presence server.

FQDNs are used internally by Presence Services Exchange web services collector to communicate with MS Exchange server.

2

Autodiscover Service: Presence server

Ensure that the

Presence server can

resolve

autodiscover.<yourExch

angeDomain> to one of

the CASs configured for

autodiscovery.

FQDNs are used internally by Presence Services Exchange web services collector to communicate with MS Exchange server.

3

Add the Microsoft

Presence server

Exchange user handles

to System Manager.

4

Create a new Active

MS Exchange server

Directory user to be

used as the Presence

Services account.

5

Set Full Access

MS Exchange server

Permissions for

Exchange Mailboxes.

6

Configure Exchange

MS Exchange server

Services for the

autodiscover service on

each CAS.

Creating and importing a Presence Services session
Procedure
1. To create a Presence Services session, run the following in the powershell on the Exchange server:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange ConnectionUri connection URI -Authentication Kerberos -Credential $UserCredential
connection URI is a string provided in the following format: http://FQDN of the exchange server/PowerShell/. For example, if your exchange FQDN is

April 2021

Avaya Aura® Presence Services Snap-in Reference

101

Comments on this document? infodev@avaya.com

Administration
MyExchangeServer.company.com then connection URI is: http:// MyExchangeServer.company.com/PowerShell/ 2. To import a Presence Services session, run the following in the powershell on the Exchange server:
Import-PSSession $Session
Configuring Exchange Collector on-premise
About this task If extended hostname validation is enabled, ensure that the Microsoft Exchange server's identity certificate CN/SAN (DNSname) field matches the FQDN of the Microsoft Exchange server. Failing the hostname validation will impact the Exchange collector's ability to collect calendar events and out-of-office information from the Microsoft Exchange server. This means that there will be no notification of meeting events or out-of-office information to any Presence Services users. For more information, see "Extended hostname validation." Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Exchange Collector group. 6. In Effective Value, do the following:
a. In the Exchange Collector Enabled field, click True to enable the Exchange Collector.
Exchange Collector collects and publishes Presence information on behalf of clients that do not support a native Presence implementation. b. In the Exchange Server URI field, type the URI of the Exchange server.
The URI format must be in the following format: https://<exchange FQDN>/ews/ exchange.asmx. c. In the Exchange Server Username field, type the user name that the Exchange collector must use when connecting to the Exchange server.
Type only the user part, not the domain part. d. In the Exchange Server Password field, type the password that the Exchange
collector must use when connecting to the Exchange server. e. In the Exchange Calendar Information Polling Period field, type the calendar
information collection interval in minutes. f. In the Exchange Calendar Request Rate field, type the maximum calendar request
per minute rate for the collector to send to the server.

April 2021

Avaya Aura® Presence Services Snap-in Reference

102

Comments on this document? infodev@avaya.com

Collectors
g. In the Exchange Out-Of-Office Information Polling Period field, type the Out-OfOffice information collection interval in minutes.
h. In the Exchange Out-Of-Office Request Rate field, type the Out-Of-Office request per minute rate for the collector to send to the server.
i. In the Exchange Publishing Period field, type the collector publish interval in minutes.
7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.
Important: If you change any of the following attributes, you must restart Presence Services: · Exchange Server URI · Exchange Server Username · Exchange Server Password · Exchange Calendar Information Polling Period · Exchange Calendar Request Rate · Exchange Out-Of-Office Information Polling Period · Exchange Out-Of-Office Request Rate · Exchange Publishing Period For more information, see "Restarting Presence Services" section.
Note: Ensure that you import the certificates that you exported earlier. Related links Restarting Presence Services on page 268 Extended hostname validation on page 356
Configuring Exchange Collector to use Office 365 with basic authentication type
About this task If extended hostname validation is enabled, ensure that the Microsoft Exchange server's identity certificate CN/SAN (DNSname) field matches the FQDN of the Microsoft Exchange server. Failing the hostname validation will impact the Exchange collector's ability to collect calendar events and out-of-office information from the Microsoft Exchange server. This means that there will be no notification of meeting events or out-of-office information to any Presence Services users. For more information, see "Extended hostname validation."

April 2021

Avaya Aura® Presence Services Snap-in Reference

103

Comments on this document? infodev@avaya.com

Administration
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Exchange Collector group. 6. In Effective Value, do the following: a. In the Exchange Collector Enabled field, click True to enable the Exchange Collector.
Exchange Collector collects and publishes Presence information on behalf of clients that do not support a native Presence implementation. b. In the Exchange Authentication Mechanism field, select basic . c. In the Exchange Server URI field, type the URI of the Exchange server in Office 365.
For example: https://outlook.office365.com/EWS/Exchange.asmx. d. In the Exchange Server Username field, type the user name that the Exchange
collector must use when connecting to the Exchange server.
Type only the user part, not the domain part. e. In the Exchange Server Password field, type the password that the Exchange
collector must use when connecting to the Exchange server. f. In the Exchange Calendar Information Polling Period field, type the calendar
information collection interval in minutes. g. In the Exchange Calendar Request Rate field, type the maximum calendar request
per minute rate for the collector to send to the server. h. In the Exchange Out-Of-Office Information Polling Period field, type the Out-Of-
Office information collection interval in minutes. i. In the Exchange Out-Of-Office Request Rate field, type the Out-Of-Office request
per minute rate for the collector to send to the server. j. In the Exchange Publishing Period field, type the collector publish interval in
minutes. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.
Important:
If you change any of the following attributes, you must restart Presence Services:
· Exchange Server URI

April 2021

Avaya Aura® Presence Services Snap-in Reference

104

Comments on this document? infodev@avaya.com

Collectors
· Exchange Server Username · Exchange Server Password · Exchange Calendar Information Polling Period · Exchange Calendar Request Rate · Exchange Out-Of-Office Information Polling Period · Exchange Out-Of-Office Request Rate · Exchange Publishing Period For more information, see "Restarting Presence Services" section.
Note: Ensure that you import the certificates that you exported earlier.
Configuring Exchange Collector to use Office 365 with OAuth authentication type
About this task If extended hostname validation is enabled, ensure that the Microsoft Exchange server's identity certificate CN/SAN (DNSname) field matches the FQDN of the Microsoft Exchange server. Failing the hostname validation will impact the Exchange collector's ability to collect calendar events and out-of-office information from the Microsoft Exchange server. This means that there will be no notification of meeting events or out-of-office information to any Presence Services users. For more information, see "Extended hostname validation." Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Exchange Collector group. 6. In Effective Value, do the following:
a. In the Exchange Collector Enabled field, click True to enable the Exchange Collector. Exchange Collector collects and publishes Presence information on behalf of clients that do not support a native Presence implementation.
b. In the Exchange Authentication Mechanism field, select OAuth to use OAuth authentication.

April 2021

Avaya Aura® Presence Services Snap-in Reference

105

Comments on this document? infodev@avaya.com

Administration
If you select OAuth, you must enter values in the following fields for the authentication to work:
· Exchange Server Scope URI
· Exchange Server Username
· Exchange Server Confidential Client Id
· Exchange Server Confidential Client Secret
· Exchange Server Tenant Specific Authority
c. In the Exchange Server URI field, type the URI of the Exchange server.
The URI format must be in the following format: https://<exchange FQDN>/ews/ exchange.asmx.
The default URI is: https://outlook.office365.com/EWS/Exchange.asmx
d. In the Exchange Server Scope URI field, type the URI of the Exchange server scope.
The URI format must be in the following format: https://<exchange FQDN>/.default.
The default URI is: https://outlook.office365.com/.default
e. In the Exchange Server Username field, type the user name that the Exchange collector must use when connecting to the Exchange server.
Type only the user part, not the domain part.
f. In the Exchange Calendar Information Polling Period field, type the calendar information collection interval in minutes.
g. In the Exchange Calendar Request Rate field, type the maximum calendar request per minute rate for the collector to send to the server.
h. In the Exchange Out-Of-Office Information Polling Period field, type the Out-OfOffice information collection interval in minutes.
i. In the Exchange Out-Of-Office Request Rate field, type the Out-Of-Office request per minute rate for the collector to send to the server.
j. In the Exchange Publishing Period field, type the collector publish interval in minutes.
k. In the Exchange Server Confidential Client Id field, type the confidential client ID of the Exchange server.
l. In the Exchange Server Confidential Client Secret field, type the confidential client secret of the Exchange server.
m. In the Exchange Server Tenant Specific Authority field, type the tenant specific authority of the exchange server.
7. (Optional) To override the default value, select the Override Default check box.

April 2021

Avaya Aura® Presence Services Snap-in Reference

106

Comments on this document? infodev@avaya.com

Collectors
8. Click Commit.
Important: If you change any of the following attributes, you must restart Presence Services: · Exchange Server URI · Exchange Server Scope URI · Exchange Server Username · Exchange Calendar Information Polling Period · Exchange Calendar Request Rate · Exchange Out-Of-Office Information Polling Period · Exchange Out-Of-Office Request Rate · Exchange Publishing Period · Exchange Server Confidential Client Id · Exchange Server Confidential Client Secret · Exchange Server Tenant Specific Authority For more information, see "Restarting Presence Services" section.
Note: Ensure that you import the certificates that you exported earlier.
Configuration of Exchange Collector in a Geographic Redundant deployment
To configure Exchange Collector on Presence Services deployed in Geographic Redundant mode, Exchange Collector must be configured on Avaya Breeze® platform clusters in both data centers. See "Configuring Exchange Collector" to configure Exchange Collector on each cluster. During normal operations, a user enabled for presence collection through Exchange Collector is managed by the home data center as configured in Presence Profile. When the data center is not operational, the remote data center automatically takes over the collection of presence information of the user. Related links Configuring Exchange Collector on-premise on page 102
Exchange Collector network routing configuration
Exchange Collector connects to the Microsoft Exchange server through the Avaya Breeze® platform Security Module Network Interface. This implies that the Microsoft Exchange server must either be on the same subnet as the Avaya Breeze® platform Security Module Network Interface, or the server must be reachable through the gateway on that subnet.

April 2021

Avaya Aura® Presence Services Snap-in Reference

107

Comments on this document? infodev@avaya.com

Administration
Domino Collector
Domino Collector is a Presence Services component that provides integration with an IBM® Domino enterprise deployment. Domino Collector collects and publishes the calendar and out-ofoffice information for Domino mailboxes. The Domino server manages Domino mailboxes. The Domino Calendar web service, which is included with Presence Services, must be installed on the Domino server. The Domino Calendar web service processes the calendar and out-of-office web service and retrieves calendar and out-of-office information. The results are sent back to the collector.
Domino Collector performs the following functions:
· Runs as a web service client for the Domino Calendar web service. · Uses a polling mechanism to send web service requests to the Domino Calendar web service
on the Domino server. · Converts the retrieved calendar and out-of-office information into presence events. · Collects for Aura users configured with a LotusNotes communication address in their
communication profile.
Presence Services supports Domino Server 9.0.1.
Configuring Domino Collector
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes.
3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster.
4. In the Service field, click the Presence Services service.
5. On the Attributes Configuration page, navigate to the Domino Collector group.
6. In Effective Value, do the following:
a. In the Domino Collector Enabled field, click True. b. In the Domino Server Web Service URI field, type the URI of the Domino web
server. c. In the Domino Server Username field, type the user name that the Domino collector
must use when connecting to the Domino server. d. In the Domino Server Password field, type the password that the Domino collector
must use when connecting to the Domino server. e. In the Domino Calendar Information Polling Period field, type the calendar
information collection interval in minutes. f. In the Domino Calendar Request Rate field, type the calendar request per minute
rate for the collector to send to the server.

April 2021

Avaya Aura® Presence Services Snap-in Reference

108

Comments on this document? infodev@avaya.com

Collectors
g. In the Domino Out-Of-Office Information Polling Period field, type the out-of-office information collection interval in minutes.
h. In the Domino Out-Of-Office Request Rate field, type the out-of-office request per minute rate for the collector to send to the server.
i. In the Domino Publishing Period field, type the interval in minutes. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.
If you change any of the following attributes, you must restart Domino Collector:
· Domino Server Web Service URI · Domino Server Username · Domino Server Password · Domino Calendar Information Polling Period · Domino Calendar Request Rate · Domino Out-Of-Office Information Polling Period · Domino Out-Of-Office Request Rate · Domino Publishing Period
To restart Domino Collector, restart Presence Services. For more information, see "Restarting Presence Services." Related links Restarting Presence Services on page 268
Configuration of Domino Collector in a Geographic Redundant deployment
To configure Domino Collector on Presence Services deployed in Geographic Redundant mode, Domino Collector must be configured on Avaya Breeze® platform clusters in both data centers. See "Configuring Domino Collector" to configure Domino Collector on each cluster.
During normal operations, a user enabled for presence collection through Domino Collector is managed by the home data center as configured in Presence Profile. When the data center is not operational, the remote data center automatically takes over the collection of presence information of the user.
Related links Configuring Domino Collector on page 108
Domino Collector network routing configuration
Domino Collector connects to the Domino server using regular Linux routing rules. As the Avaya Breeze® platform default network route is associated with the Avaya Breeze® platform Management Network Interface, outbound connections to the Domino server will use the Avaya Breeze® platform Management Network Interface by default.

April 2021

Avaya Aura® Presence Services Snap-in Reference

109

Comments on this document? infodev@avaya.com

Administration

To enable the Domino Collector to use the Avaya Breeze® platform Security Module Network Interface, the Domino server must be on the same subnet as the Avaya Breeze® platform Security
Module Network Interface.

Domino Collector integration

Checklist for integrating Domino Calendar with Presence Services

No. Task

Server

Link

1

Ensure that Presence Services can Presence Services

resolve the URI of the Domino server.

2

Install the Domino Calendar web

Domino Server

service database on the Domino

server.

Installing the Domino Calendar web service database on page 110

3

Sign the Domino Calendar web

service database.

Domino Server

Signing the Domino Calendar web service database on page 111

4

Create a new Aura user for Domino Domino Server

Collector.

Creating an Aura user for Domino Collector to authenticate on page 111

5

Provide access to the Aura user.

Domino Server

Providing reader access to an Aura user for Domino Collector to authenticate on page 119

6

Add Lotus Notes handle to the Aura Presence Services

Adding Lotus

user.

Notes handle to an

Aura user on

page 123

7

Configure Domino Collector.

Presence Services

Configuring Domino Collector on page 108

Installing the Domino Calendar web service database Procedure
1. Extract the Domino Calendar web service file, domino-calendar-ws.nsf, from the PresenceServices-Bundle ZIP file.

April 2021

Avaya Aura® Presence Services Snap-in Reference

110

Comments on this document? infodev@avaya.com

Collectors
2. Copy the domino-calendar-ws.nsf file to the data folder of the Domino server. For example, the location of the default data folder for a Domino server is: · /local/notesdata on a Linux installation. · c:\Program Files\IBM\Domino\Data on a Windows installation.
3. Open the IBM Domino administrator client, and connect to the Domino server. 4. Ensure that the Avaya Domino Calendar web service is on the Domino server. Signing the Domino Calendar web service database Procedure 1. Log in to the Domino Administrator client with the administrator credentials. 2. Click the Domino server. 3. Click Files. 4. Select the domino-calendar-ws.nsf database. 5. Click Tools > Database. 6. Click Sign. 7. In the Which ID do you want to use? field, select Active User's ID. 8. In the What do you want to sign? field, select All design documents. 9. Select the Update existing signatures only (faster) check box. 10. Click OK.
The system displays the 1 database processed - 0 errors message. Creating an Aura user for Domino Collector to authenticate
Procedure 1. Log in to the Domino Administrator client.

April 2021

Avaya Aura® Presence Services Snap-in Reference

111

Comments on this document? infodev@avaya.com

Administration 2. Click Administration > People & Groups.

3. In the People & Groups tab, click Domino Directories, and then click People.

April 2021

Avaya Aura® Presence Services Snap-in Reference

112

Comments on this document? infodev@avaya.com

4. In the right-hand sideTools pane, click People > Register.

Collectors

5. Click Server, and select the server to work with.
Note:
The Domino server creates the cert.id file when the server is installed. This file must be retrieved from the Domino server to the client computer used to run the Domino Administration client software. The cert.id file is located in the Domino server default data folder. This is the same folder where the domino-calendarws.nsf file was copied to in Step 2 of the installation checklist.

April 2021

Avaya Aura® Presence Services Snap-in Reference

113

Comments on this document? infodev@avaya.com

Administration 6. Click Certifier ID.
7. Select a Certifier ID and click OK. 8. In the Certifier password field, enter the certifier password.

April 2021

Avaya Aura® Presence Services Snap-in Reference

114

Comments on this document? infodev@avaya.com

Collectors 9. In the Register Person dialog box, enter the last name the Last name field.

10. Enter a password in the Password field.
The criteria for the password is based on the level set in the Password Quality Scale in the Password Options dialog box.

April 2021

Avaya Aura® Presence Services Snap-in Reference

115

Comments on this document? infodev@avaya.com

Administration 11. (Optional) Set the password options.
a. Click Password Options. b. Set the password strength using the Password Quality Scale slider. c. Select the Set internet password check box, to set an internet password. d. Click OK. 12. Click the green check mark. The user appears in the Registration Queue (local) pane.

April 2021

Avaya Aura® Presence Services Snap-in Reference

116

Comments on this document? infodev@avaya.com

13. Select the user entry and click Register.

Collectors

14. Click OK. 15. Click Done.

April 2021

Avaya Aura® Presence Services Snap-in Reference

117

Comments on this document? infodev@avaya.com

Administration 16. Verify that the new user is listed in the People folder.

17. Double-click the user entry to see information about the user. Verify that the username displays correctly in the User name field.

April 2021

Avaya Aura® Presence Services Snap-in Reference

118

Comments on this document? infodev@avaya.com

Collectors

Providing reader access to an Aura user for Domino Collector to authenticate About this task An Aura user must have reader access to emails of those users whose calendar or out-of-office information must be collected. Procedure 1. Log in to the Domino Administrator client.

April 2021

Avaya Aura® Presence Services Snap-in Reference

119

Comments on this document? infodev@avaya.com

Administration 2. Click the Files tab and navigate to the /local/notesdata > mails folder.

3. Select the mail entries for the user whose calendar and out-of-office information you need to collect.
For example, select the mail file of the user psadmin.
Note:
To collect calendar and out-of-office information for a new user, the administrator must navigate to this page and select the new mail file. 4. Right-click the selected file, and click Access Control > Manage.
The Manage Multiple ACLs dialog box displays.

April 2021

Avaya Aura® Presence Services Snap-in Reference

120

Comments on this document? infodev@avaya.com

Collectors

5. Click Add.... The Add ACL Entry dialog box displays.
6. Click the person icon, and select the Aura user using the Select Names dialog box. For example, select the Aura user psadmin.
7. Click Add to add the user to the Names pane.

April 2021

Avaya Aura® Presence Services Snap-in Reference

121

Comments on this document? infodev@avaya.com

Administration 8. Click OK.
9. In the User type field, select Person.

April 2021

Avaya Aura® Presence Services Snap-in Reference

122

Comments on this document? infodev@avaya.com

10. In the Access field, select Reader.

Collectors

11. Click OK. 12. Click OK. Adding Lotus Notes handle to an Aura user Procedure
1. Log in to the System Manager web console as an administrator. 2. Click Users > User Management > Manage Users. 3. Select the user, and click Edit.
The system displays the User Profile Edit page. 4. Click the Communication Profile tab. 5. In the Communication Address section, click New. 6. In the Type drop-down box, select Lotus Notes. 7. In the Fully Qualified Address field, type the Internet address of the Aura user.
For example, if the Internet address of the user is ps5603@ca.avaya.com, in the Handle field, type ps5603 and in the Domain field, type ca.avaya.com. 8. Click Add.

April 2021

Avaya Aura® Presence Services Snap-in Reference

123

Comments on this document? infodev@avaya.com

Administration
Federation
About federation
Presence Services allows Presence and IM exchange between Avaya Aura® users that are hosted by a Presence Services cluster. Through federation, Presence Services allows Presence and IM exchange between Avaya Aura® users, and users that are hosted by a third-party server. Presence Services also supports multi-user chat with federated users and Avaya Workplace Client clients. Presence Services supports multi-user chat sessions for XMPP and Microsoft RTC federated systems. For more information, see "Federated multi-user chat support and limitations." Federation can also be used to allow presence and IM exchange between Avaya Aura® users in different Presence Services clusters. Presence Services federation is certified with the following servers:
· Another Avaya Aura® Presence Services cluster Release 7.0 or later using SIP · Cisco Jabber using XMPP · Ignite Realtime Openfire using XMPP · Microsoft S4B using SIP In all of the above cases, federation is supported whether Presence Services is deployed as a single-server or multi-server cluster, and federation is supported whether Presence Services supports a single or multiple presence domains. Any standards based XMPP server is supported using the generic XMPP federation type. Related links Federated multi-user chat support and limitations on page 124
Federated multi-user chat support and limitations
Presence Services supports multi-user chat with federated users and Avaya Workplace Client clients. Presence Services supports multi-user chat sessions for XMPP and Microsoft RTC federated systems. Either Presence Services or the remotely federated system hosts the multi-user chat rooms or multi-user conferences. This is determined by which client, local or federated, starts the chat session. The following are the general limitations for multi-user chat support for both Microsoft RTC and XMPP federation:
· Presence Services does not support multi-user chat with a federated XMPP contact and a federated Microsoft contact in the same chat session.

April 2021

Avaya Aura® Presence Services Snap-in Reference

124

Comments on this document? infodev@avaya.com

Federation
· Avaya one-X® Communicator supports XEP0033 extended addressing for multi-user instant messaging. But it does not support XEP0045 multi-user chat. Therefore, Avaya one-X® Communicator does not support XEP0045 multi-user chat sessions with either Avaya Workplace Client or any federated contacts. Presence Services supports XEP0045 multi-user chat sessions only with Avaya Workplace Client clients.
The following are the XMPP specific limitations for multi-user chat support:
· Presence Services does not support multi-user chat rooms with passwords hosted on Presence Services or on a federated system.
· Presence Services does not support anonymous multi-user chat rooms.
· Avaya Workplace Client does not support modification of multi-user chat room nicknames. Presence Services pre-configures an Avaya Workplace Client user nickname to be the user's Presence/IM handle, including the domain.
· Presence Services does not allow modification of participant nicknames of a multi-user chat room that is hosted on Presence Services.
Microsoft Real Time Communication (RTC) Federation
Presence Services is a multiprotocol, multifunctional server providing presence and IM services to Avaya Aura® users. Presence Services collects and distributes the communication status of an Avaya Aura® user from the various communication endpoints connected on an enterprise network. Presence Services provides aggregation and composition services in its Event State Compositor (ESC) to create a composite presence document for an Avaya Aura® user. This composite presence document is available to any authorized subscribing enterprise user. A Presence server aggregates the presence for an Avaya Aura® user and obtains the presence of a user from the following sources:
· PIDF presence published by Avaya Aura® clients by using SIP, XMPP, or REST.
· Collected presence from an integrated enterprise system. For example, telephony presence through AES collection.
· Third-party presence integration such as Microsoft RTC presence.
Additionally, Presence Services provides IM capabilities to Avaya Aura® users. This capability is achieved by using the XMPP or REST protocol support within an Avaya Aura® client. Avaya Aura® users can engage in IM conversations with each other through their Avaya Aura® clients. After Microsoft RTC federation is enabled, Presence Services allows:
· Avaya Aura® users using their Avaya Aura® clients, to IM the other enterprise user colleagues who are using Skype for Business clients.
· Enterprise users, using Skype clients, to initiate an IM conversation with their enterprise colleagues who are using Avaya Aura® clients.
· Multi-user chat sessions with Microsoft RTC federated users and Avaya Workplace Client clients.

April 2021

Avaya Aura® Presence Services Snap-in Reference

125

Comments on this document? infodev@avaya.com

Administration
Note:
Presence Services 8.0.1 or later supports federation with Microsoft S4B 2015 Standard and Enterprise Editions.
Additionally, an Enterprise user can obtain the overall presence availability of their Avaya Aura® colleagues by adding the Presence/IM communication address or Avaya Presence handle of an Avaya Aura® user to their buddy list. The Skype client displays the presence against the contact address of an Avaya Aura® user.
This federated interworking model requires the management of trust configuration between the two systems, and the setup of network configuration in the form of DNS records (SRV and Host A records).
Note:
Presence Services does not support Microsoft RTC federation when Inter-Tenant Communication Control is enabled on System Manager.
Microsoft RTC federation is supported in two ways for a given user, True federation and Hybrid federation. If a user is administered as both, the Avaya Aura® user and the Microsoft RTC user then the hybrid federation model may be used. It provides an additional feature to Avaya Aura® watchers of the user ­ namely the aggregation of presence from two sources: Avaya Aura® and Microsoft RTC. For users that are administered in the Microsoft RTC only, the `True' federation model may be preferred. It offers minimal user administration and does not require additional Avaya Aura® licenses. In both cases, the user is defined in the Microsoft RTC system. A True federation user is not defined in the Avaya Aura® System Manager. A Hybrid federation user is defined in the Avaya Aura® System Manager and is presence enabled.
To enable an Avaya Aura® user as a Hybrid Microsoft RTC federation user, you must add the Microsoft SIP user handle to the Avaya Aura® user in System Manager. For more information, see "Adding Microsoft SIP user handles to System Manager."
Microsoft RTC federation supports both Internal Enterprise and External Enterprise federation.
Note:
Microsoft RTC Intra-Domain Federation does not support Hybrid users.
Note:
For correct user Presence/IM routing, all Avaya Presence/IM handles must be lowercase. Using uppercase characters might result in the inability to route presence and/or IM to an Avaya user from the other system, resulting in loss of presence updates or proper exchanging of IM's. Check if there are any Avaya users on System Manager with Avaya Presence/IM handles in uppercase characters and, if so, modify the handle using lowercase characters.
Note:
The hostname assigned to the Avaya Breeze® platform Security Module interface must be constructed using the shortname from the Avaya Breeze® platform server management hostname with the suffix -sm100. The suffix is not optional.

April 2021

Avaya Aura® Presence Services Snap-in Reference

126

Comments on this document? infodev@avaya.com

Federation

For example, if the Avaya Breeze® platform Management Module FQDN is hostA.domainA.com. Then, the Avaya Breeze® platform Security Module FQDN must be:
hostA-sm100.domainB.com, where domainA and domainB can be the same.

Note:
Presence Services support multi front end pools also.
You must follow this naming convention in the following sections:
· "Configuring DNS A Records"
· "Configuring Microsoft Front End server Trusted Application Pool, Trusted Application and Static Route"
· "Avaya Breeze® platform server certificates"
Related links Configuring DNS A Records on page 128 Configuring Microsoft Front End server Trusted Application Pool, Trusted Application and Static Route on page 130 Adding Microsoft SIP user handles to System Manager on page 127

Adding Microsoft SIP user handles to System Manager
Procedure 1. Log in to the System Manager web console as an administrator. 2. Navigate to Users > User Management > Manage Users. 3. On the User Management page, select the relevant user and click Edit. 4. On the User Profile Edit page, click the Communication Profile tab. 5. On the Communication Profile page, in the Communication Address section, click New. 6. From the Type drop-down list box, select Microsoft SIP. 7. In the Fully Qualified Address field, enter the handle and domain details. For example, in the Handle field, enter sip:handle and in the Domain field, enter S4Bdomain.com. 8. Click Add.

Checklist for configuring Microsoft Federation

No. Task

Reference

DNS Configuration: 1 Configure the DNS A record. Front End Server Configuration:

Configuring DNS A Records on page 128 Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

127

Comments on this document? infodev@avaya.com

Administration

No. Task

Reference

DNS Configuration:

2 Verify the Front End server certificate.

3 Import the System Manager Default CA certificate into Microsoft Front End server Trust Store.

4 Configure the Microsoft Front End server with Trusted Application Pool, Trusted Application and Static Route

5 Restart the Front End server service.

Avaya Aura® Configuration:

6

Configure Avaya Breeze® platform

server Certificates.

7 Configure SIP Entity and Entity Link to PS Federation Relay service.

8

Configure Avaya Breeze® platform

Attributes.

9

Configure Avaya Breeze® platform

nodes to use Microsoft domain

DNS server.

10 Add or update the existing Communication Manager application.

Verifying the Front End service Certificate on page 129 Importing the System Manager Default CA certificate into Microsoft Front End server Trust Store on page 288
Configuring Microsoft Front End server Trusted Application Pool, Trusted Application and Static Route on page 130
Restarting the Front End service on page 132
Configuring Avaya Breeze platform server Trusted Certificate for a single Microsoft Front End server on page 132 Configuring the SIP Entity and Entity Link to PS Federation Relay service on page 135
Configuring Avaya Breeze platform attributes on page 135 Configuring DNS Server Avaya Breeze platform nodes on page 137
Adding or updating the existing Communication Manager application on page 137

Configuring DNS A Records
Procedure
1. For every Avaya Breeze® platform server in the Presence Services cluster, a DNS A Record is required to resolve the Avaya Breeze® platform Security Module FQDN. The Avaya Breeze® platform Security Module FQDN is constructed from the Avaya Breeze® platform Management Module FQDN short host name plus suffix of -sm100. The IP address is the Avaya Breeze® platform Security Module IP address.
For example: The Avaya Breeze® platform Management Module FQDN is sc-8205.avaya.com, the FQDN short host name in this example is sc-8205. The A Record is created as:
· Host is sc-8205-sm100
· The FQDN is sc-8205-sm100.avaya.com

April 2021

Avaya Aura® Presence Services Snap-in Reference

128

Comments on this document? infodev@avaya.com

Federation

· The IP address is 192.0.2.25 which is the Avaya Breeze® platform Security Module IP address

There is one A Record per Breeze node. For n-nodes cluster, there are n DNS A Records.

2. Create DNS A Record(s) to resolve Presence Services Cluster FQDN. The IP address is the Avaya Breeze® platform Security Module IP address. We need to create multiple A Records to resolve the same Presence Services Cluster FQDN to each Avaya Breeze®
platform Security Module IP address.

For example:

In a three-node cluster, the cluster FQDN must resolve to three Security Module IP addresses. Combining 1 and 2, the screen shot shows the example of 3 nodes cluster A Record(s) under Forward Lookup Zones > domain avaya.com. The example has:

Presence Services Cluster FQDN

sc-8209-cl-03.avaya.com

Breeze server management FQDN(s) and Security Module IP address(es)

sc-8205.avaya.com 192.0.2.25

sc-8215.avaya.com 192.0.2.45

sc-8282.avaya.com 192.0.2.93

Note:
When you add New Host (A Record) in DNS, you can select the Create associated pointer (PTR) record check box. This step might eliminate the need to add the machine name to Reverse Lookup Zone if the zone already exists.
Verifying the Front End service Certificate
About this task Microsoft Front End server deployment requires the installation of a certificate in Deployment Wizard, Step 3: Request, Install or Assign Certificates. To federate with the Avaya Aura® system, the installed certificate must support Server and Client Authentication in the Enhanced Key Usage. Procedure
1. Log in to the Front End server. 2. Run Deployment Wizard, click Install or Update Skype for Business Server System,
and select Step 3: Request, Install or Assign Certificates. 3. Click Run Again. 4. Click Default Certificate, and click View > View Certificate Details.

April 2021

Avaya Aura® Presence Services Snap-in Reference

129

Comments on this document? infodev@avaya.com

Administration
5. Verify that the Enhanced Key Usage has the following:
Server Authentication(1.3.6.1.5.5.7.3.1) Client Authentication(1.3.6.1.5.5.7.3.2)
6. If not, you need to re-create the certificate with Server and Client Authentication and assign to the Front End service.
Configuring Microsoft Front End server Trusted Application Pool, Trusted Application and Static Route
About this task The administrator needs to configure the Presence Services cluster as a trusted application pool that can be referred to in a Front End static route and a trusted application definition.
Procedure
1. On Front End server for S4B, run Management Shell for S4B Server and on Skype for Business Front End server, run Skype for Business Server Management Shell.
2. Create a trusted application pool. Use the New-CsTrustedApplicationPool cmdlet to create a trusted application pool sc-8209-cl-03.avaya.com to host trusted application.
New-CsTrustedApplicationPool -Identity sc-8209-cl-03.avaya.com -Registrar Registrar:S4B2015-fe.bvwlab.com -Site 1 -ComputerFqdn sc-8205-sm100.avaya.com ThrottleAsServer $true -TreatAsAuthenticated $true -RequiresReplication $false
For more information, see help of the New-CsTrustedApplicationPool cmdlet. · Identity is the FQDN of the new pool and it is the Avaya Breeze® platform cluster
Load Balancer FQDN.
· Registrar is the FQDN of the Front End pool to which this trusted application pool belongs.
You can find the Register parameter with cmdlet Get-CsPool | Where-Object {$_.Services -match "Registrar:"}.
-Site is Site ID to which this trusted application pool belongs; use Get-CsSite cmdlet to retrieve the SiteId. -ComputerFqdn defines the FQDN of the first Avaya Breeze® platform Security Module FQDN in the trusted application pool. 3. Add other Avaya Breeze® platform node to the trusted application pool for multi-nodes cluster setup. Use the New-CsTrustedApplicationComputer cmdlet to add other Avaya Breeze® platform server(s) to the trusted application pool.
New-CsTrustedApplicationComputer -Identity sc-8215-sm100.avaya.com -Pool sc-8209cl-03.avaya.com
-Identity is Avaya Breeze® platform Security Module FQDN of the 2nd node. (For single node cluster, skip this step).
-Pool is the trusted application pool defined in step 2.

April 2021

Avaya Aura® Presence Services Snap-in Reference

130

Comments on this document? infodev@avaya.com

Federation
By adding all Avaya Breeze® platform nodes to the trusted application pool, it provides load-balanced setup for the Presence/IM services from all the hosts.
Repeat this step for each node in a multi-node cluster.
Note:
When creating a trusted application pool (and trusted application computer) in this way, Skype for Business will issue a warning:
Warning:
Machine xxx from the topology you are publishing was not found in Active Directory and will result in errors during Enable-CsTopology as it tries to prepare Active Directory entries for the topology machines.
This warning can be safely ignored as the Avaya Breeze® platform nodes are not domain joined in Microsoft Active Directory, and you should answer "Yes" to this warning.
4. Create a trusted application representing Presence Services. Use the NewCsTrustedApplication cmdlet to create a trusted application represents the Presence Services.
New-CsTrustedApplication -ApplicationID edps -TrustedApplicationPoolFqdn sc-8209cl-03.avaya.com -Port 5063
-ApplicationID is friendly identifier for the trusted application.
-TrustedApplicationPoolFqdn is the trusted application pool created in step 2.
5. Create a static route for Aura Presence/IM domain routing and associate this route with trusted application pool. Use the New-CsStaticRoute & SetCsStaticRoutingConfiguration cmdlets to create Static Route associated with global routing table.
$newstaticroute = New-CsStaticRoute -TLSRoute -Destination sc-8209cl-03.avaya.com -Port 5063 -MatchUri bvwlab.com -UseDefaultCertificate $true
Set-CsStaticRoutingConfiguration -Identity global -Route @{Add=$newstaticroute}
-TLSRoute defines that the static route we are creating will use SIP TLS transport.
-Destination is the FQDN of the next hop server for routing Presence or IM messages. In this example, the routing destination is the Avaya Breeze® platform cluster Load Balancer FQDN.
-Port is the Presence Service port for federation, default is 5063.
-MatchUri is the domain suffix used to determine if the Presence/IM message is being sent to an Aura user handle by this route. In this example, Skype client watching Aura client aura-user@bvwlab.com will use the defined static route, sending to destination at FQDN sc-8209-cl-03.avaya.com.

April 2021

Avaya Aura® Presence Services Snap-in Reference

131

Comments on this document? infodev@avaya.com

Administration
Note:
Microsoft Federation supports a shared domain setup, in which the Microsoft domain can be the same as Aura Presence or IM domain. In this shared domain configuration, Skype for Business will only send Presence or IM requests to Aura client which is not defined as Skype client. And Microsoft Federation also supports different domains between MS domain and Aura Presence or IM domain. If static routes for additional domains are required, re-run the two cmdlets above, substituting the -MatchUri parameter with desired Aura Presence or IM domain name. 6. Enable the new Topology. Use Enable-CsTopology cmdlet to enable the newly create topology.
The cmdlet has no passed parameter.
Restarting the Front End service
About this task After completing DNS changes, install Certificate for the Front End service and configuring trusted applications. It is recommended to restart Front End services. Procedure
1. On the Microsoft Front End Server, run Server Manager. 2. In the left navigation pane, select All Servers, and then navigate to the SERVICES
section. 3. In the Service Filter area, type Skype for Skype for Business. 4. Right-click the selected service. Do one of the following:
· Click Stop Services, and then click Start Services. · Click Restart Services.
Avaya Breeze® platform server certificates
Configuring Avaya Breeze® platform server Trusted Certificate for a single Microsoft Front End server
About this task Use this procedure to install Front End Certificate to the Avaya Breeze® platform Trusted Certificate store. Procedure
1. On the System Manager web console, navigate to Services > Inventory. 2. Click Manage Elements, and then select the Avaya Breeze® platform server. 3. Click More Actions > Manage Trusted Certificates > Add.

April 2021

Avaya Aura® Presence Services Snap-in Reference

132

Comments on this document? infodev@avaya.com

Federation
Note: The system might display as Configure Trusted Certificates from different System Manager version. 4. On the Add Trusted Certificate page, in the Select Store Type to add trusted certificate field, click WEBSPHERE. 5. Click Import using TLS. 6. In the IP Address field, type the IP address of the Front End Server. 7. In the Port field, type 5061. 8. Click Retrieve Certificate. 9. Verify the Certificate Details to confirm it is from the Front End Server, click Commit. There will be an additional certificate entry for WEBSPHERE from Front End server. 10. Click Done to complete the Trusted Certificate configuration. 11. Restart Avaya Breeze® platform server to make sure certificate change takes effect. The Restart operation can be deferred until after finishing both Trusted Certificate and Identity Certificate configurations. In multi-node Avaya Breeze® platform cluster setup, repeat this procedure for each node. Configuring Avaya Breeze® platform server Trusted Certificate for a pool of Microsoft Front End servers Procedure 1. In a browser, enter the URL of the Certificate Authority (CA). The URL is usually https://<microsoft-cert-authority-server-fqdn>/ certsrv. 2. When prompted, enter the login credentials. 3. Click Download a CA certificate, certificate chain, or CRL. 4. Select Base 64 as the encoding method. 5. Click Download CA certificate chain. 6. Click Save to download the certificate file. 7. On the System Manager web console, navigate to Services > Inventory. 8. Click Manage Elements, and then select the Avaya Breeze® platform server. 9. Click More Actions > Manage Trusted Certificates > Add.
Note: The system might display as Configure Trusted Certificates from different System Manager version.

April 2021

Avaya Aura® Presence Services Snap-in Reference

133

Comments on this document? infodev@avaya.com

Administration
10. On the Add Trusted Certificate page, in the Select Store Type to add trusted certificate field, click WEBSPHERE.
11. Click Import from file.
12. Click Browse and select the certificate you saved in Step 6.
13. Click Retrieve Certificate.
14. Verify the Certificate Details, and then click Commit.
15. Click Done to complete the Trusted Certificate configuration. 16. Restart Avaya Breeze® platform server to make sure certificate change takes effect.
The Restart operation can be deferred until after finishing both Trusted Certificate and Identity Certificate configurations.
In multinode Avaya Breeze® platform cluster setup, repeat this procedure for each node. Configuring Avaya Breeze® platform server Identity Certificate
Procedure
1. On the System Manager web console, navigate to Services > Inventory. 2. Click Manage Elements, and then select the Avaya Breeze® platform server.
3. Click More Actions > Manage Identity Certificates.
Note:
The system might display as Configure Identity Certificates from different System Manager version.
4. In the Manage Identity Certificates window, select WebSphere, and click Replace.
5. Select Replace this Certificate with Internal CA Signed Certificate and enter the following details: · Common Name (CN): Select the check box and enter the Avaya Breeze® platform Security Module FQDN. The Avaya Breeze® platform Security Module FQDN is constructed from the Avaya Breeze® platform Management Module FQDN short host name and suffix of -sm100.
· Key Algorithm: Select RSA.
· Key Size: Select 2048.
· Subject Alternative Name: DNS Name: Select the check box and enter (1) the same Avaya Breeze® platform Security Module FQDN as in the CN field (2) the Avaya Breeze® platform cluster Load Balancer FQDN separated by a comma.
You can use a third party certificate. The certificate must have the Avaya Breeze® platform Security Module FQDN in the Common Name (CN) field and have Subject Alternative Name (SAN) field as described above. You must select the Import third party certificate option.
6. Click Commit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

134

Comments on this document? infodev@avaya.com

Federation
7. Click Done to complete the Identity Certificate configuration. 8. Restart Avaya Breeze® platform server to make sure certificate change takes effect.
You can defer the Restart operation after finishing both Trusted Certificate and Identity Certificate configurations. In multi-node Avaya Breeze® platform cluster setup, repeat this procedure for each node.
Configuring the SIP Entity and Entity Link to PS Federation Relay service
Procedure 1. On the System Manager web console, navigate to Elements > Routing. 2. Click SIP Entities, and then click New. 3. Add a new SIP Entity entry that represents Presence Services Federation Relay. Do the following: a. In the Name field, type the name of the SIP Entity. b. In the IP Address field, type the Avaya Breeze® platform Security Module IP address. c. In the Type field, click Other. d. In the SIP Link Monitoring field, click Use Session Manager Configuration. Use default values for the other fields. 4. Click Commit to save the SIP Entity configuration. 5. In the Entity Links area, add an entity link between Session Manager and the Presence Services Federation Relay service using the following: a. In the Protocol field, click TLS. b. In the Port field, type 5063. c. In the Connection Policy field, click trusted.
Note: In multiple SM setup, create Entity Link from each SM to the same Presence Services Federation Relay service. 6. Click Commit. Repeat the same procedure for each Breeze server in a multi-node cluster setup.
Configuring Avaya Breeze® platform attributes
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster.

April 2021

Avaya Aura® Presence Services Snap-in Reference

135

Comments on this document? infodev@avaya.com

Administration
4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Microsoft Federation group. 6. In the Microsoft Federation Enabled field, in Effective Value, click True.
The default value is False. 7. In the Internal Microsoft Domain List field, in Effective Value, type the Microsoft domain
name. Use a comma as a separator to specify multiple Microsoft domain names. 8. (Optional) To override the default value, select the Override Default check box. 9. Enable or disable multimedia attachment support. This attribute must be enabled to allow Avaya Workplace Client users to share multimedia attachments with federated Microsoft users. Multimedia attachments are sent as web links to the federated conversation participants.
Note: The web link is temporary and expires after 10 minutes. The attachment file will not be accessible by using the link after 10 minutes. The default value is False so that the attachment support is disabled by default when Microsoft federation is enabled. To override the default value, select the Override Default check box.
Important: Attachments sent from Microsoft clients to Presence Services clients are not supported. 10. Click Commit. The following screen shot shows Microsoft Federation Attribute configuration for Microsoft domain bvwlab.com:

April 2021

Avaya Aura® Presence Services Snap-in Reference

136

Comments on this document? infodev@avaya.com

Federation

Configuring DNS Server Avaya Breeze® platform nodes
About this task The DNS server used by Avaya Breeze® platform does not need to be the same as the one used by the Microsoft servers. But in either case, the SRV and A records verified in Step 1, need to be resolvable by the DNS used by all Avaya Breeze® platform nodes.

Note: The DNS configuration can be during Avaya Breeze® platform installation, or can be adjusted later by using the CEnetSetup CLI command. For more information about the CEnetSetup CLI command, see the Administering Avaya Breeze® platform guide. Procedure

1. Verify DNS SRV Record representing Microsoft domain service locator and verify Front End server FQDN to IP address resolution using Linux cli command.

In the Microsoft RTC, Skype for Business configuration, it should have this _sipinternaltls._tcp SRV Record defined. The SRV record provides service location for Skype client to locate the service from Front End server. The same SRV Record is also used by Presence Service to locate the Front End server for Presence/IM service.

$ nslookup -querytype=srv _sipinternaltls._tcp.bvwlab.com 192.0.2.42

Server :

192.0.2.42

Address :

192.0.2.42#53

_sipinternaltls._tcp.bvwlab.com service = 1 100 5061 sip.bvwlab.com

$ nslookup sip.bvwlab.com

Server :

192.0.2.42

Address :

192.0.2.42#53

Name

: sip.bvwlab.com

Address : 192.0.2.43

In this example, the DNS Server IP address is 192.0.2.42 and _sipinternaltls._tcp SRV Record for domain bvwlab.com points to Front End server FQDN of sip.bvwlab.com and Front End FQDN sip.bvwlab.com is revolved to IP address 192.0.2.43.

2. Restart Presence Service Snap-in after modifying Breeze DNS resolver configuration file.

Adding or updating the existing Communication Manager application
About this task If the user has a Communication Manager application defined in the application sequence, then you must add or update the Communication Manager application.
Procedure
1. On the System Manager web console, navigate to Elements > Session Manager > Application Configuration.
2. Click Applications.
3. Click New to create a new Communication Manager application or select the existing Communication Manager application and click Edit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

137

Comments on this document? infodev@avaya.com

Administration
4. On the Application Editor page, in the Application area, do the following: a. In the Name field, type a name for the Communication Manager application. b. In the SIP Entity field, select the corresponding Communication Manager instance. c. In the CM System for SIP Entity field, select the corresponding Communication Manager entity.
5. In the Application Media Attributes area, do the following: a. Select the Enable Media Filtering check box. b. In the Audio field, click YES. c. In the Video field, click YES. d. In the Text field, click NOT_ONLY. e. In the Match Type field, click NOT_EXACT. f. In the If SDP Missing field, click ALLOW.
6. Click Commit .
Subscribing and publishing status to Microsoft RTC
About this task Presence Services from Release 7.1.2 supports the following:
· Subscribe for status with Microsoft RTC · Publish status to Microsoft RTC The subscriptions are associated with hybrid federation user. If configured with Microsoft SIP handle, a presence enabled Avaya Aura® user is a hybrid federation user. For more information about configuring a hybrid federation user, see "Adding Microsoft SIP user handles to System Manager".
Note: The Publish status to Microsoft RTC is a licensed feature. For more information, see "Licensing". Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® >
Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Microsoft Federation group. 6. In the Subscribe for status with Microsoft RTC field, in Effective Value, click True.
If you select True, the Avaya Aura® hybrid user presence status is the aggregation of presence states from two sources: Avaya Aura® and Microsoft RTC client.

April 2021

Avaya Aura® Presence Services Snap-in Reference

138

Comments on this document? infodev@avaya.com

Federation
The default is True. 7. In the Publish status to Microsoft RTC field, in Effective Value, click True.
If you select True, the Avaya Aura® hybrid user call state is published to Microsoft RTC to allow presence status aggregation in Microsoft RTC client. The default is False. 8. (Optional) To override the default value, select the Override Default check box. 9. Click Commit. Related links Adding Microsoft SIP user handles to System Manager on page 127 Licensing on page 25
Microsoft federation with external domains
The following diagram illustrates the message flow and server connections of the different components required to deploy External Domain federation:

Checklist for configuring Microsoft Federation with External Domains

No.

Task

Reference

DNS Configuration

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

139

Comments on this document? infodev@avaya.com

Administration

No.

Task

Reference

1

Add a DNS A record for Avaya Session Border

Controller for Enterprise to a Microsoft DNS server.

2

Add a DNS reverse pointer record for Avaya Session

Border Controller for Enterprise to a Microsoft DNS

server.

Avaya Session Border Controller for Enterprise Configuration

1

Create and install the identity certificate used by Avaya

Session Border Controller for Enterprise.

2

Retrieve the Microsoft Edge CA certificate.

3

Configure a TLS Client Profile used to connect to the

Microsoft Edge.

4

Configure a TLS Client Profile used to connect to the

Session Manager.

Adding a DNS A record for Avaya Session Border Controller for Enterprise to a Microsoft DNS server on page 144
Adding a DNS reverse pointer record for Avaya Session Border Controller for Enterprise to a Microsoft DNS server on page 144
Creating and installing the identity certificate used by Avaya Session Border Controller for Enterprise on page 147
Retrieving the Microsoft Edge CA certificate on page 148
Configuring a TLS Client Profile used to connect to the Microsoft Edge on page 148
Configuring a TLS Client Profile used to connect to the Session Manager on page 150
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

140

Comments on this document? infodev@avaya.com

Federation

No.

Task

Reference

5

Configure a TLS Server Profile used to receive

Configuring a

connections from the Microsoft Edge.

TLS Server

Profile used to

receive

connections

from the

Microsoft

Edge on

page 151

6

Configure a TLS Server Profile used to receive

Configuring a

connections from the Session Manager.

TLS Server

Profile used to

receive

connections

from the

Session

Manager on

page 153

7

Configure the Microsoft Edge external Signaling

Configuring the

Interface.

Microsoft Edge

external

Signaling

Interface on

page 154

8

Configure the Session Manager internal Signaling

Configuring the

Interface.

Session

Manager

internal

Signaling

Interface on

page 155

9

Configure the Media Interfaces.

Configuring the Media Interfaces on page 155

10

Configure the Server Interworking Profiles.

Configuring the Server Interworking Profiles on page 156

11

Configure the End Point Policy Groups.

Configuring the End Point Policy Groups on page 159

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

141

Comments on this document? infodev@avaya.com

Administration

No.

Task

12

Configure the Server Configuration Profiles.

13

Configure the Routing Profiles.

14

Configure the DNS server used by Avaya Session

Border Controller for Enterprise.

15

Enable External Topology Hiding.

16

Enable Internal Topology Hiding.

17

Set up the Microsoft Edge Border Rule.

18

Create a Signaling Manipulation Script.

19

Create the End Point flows.

Microsoft Edge Server SIP Federated Domain Configuration

Reference
Configuring the Server Configuration Profiles on page 157
Configuring the Routing Profiles on page 160
Configuring the DNS server used by the Avaya Session Border Controller for Enterprise on page 162
Enabling External Topology Hiding on page 163
Enabling Internal Topology Hiding on page 164
Setting up the Microsoft Edge Border Rule on page 164
Creating a Signaling Manipulation Script on page 164
Creating endpoint flows on page 165
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

142

Comments on this document? infodev@avaya.com

Federation

No.

Task

Reference

1

Configure the SIP Federated Domain.

Configuring the SIP federated domain on page 168

Routing between Session Manager and Avaya Session Border Controller for Enterprise Configuration

1

Set up the required certificates for Session Manager. Setting up

required

certificates for

Session

Manager on

page 170

2

Set up the Avaya Session Border Controller for

Setting up the

Enterprise Entity and Entity Link.

Avaya Session

Border

Controller for

Enterprise Entity

and Entity

Link on

page 170

3

Set up the Session Manager Routing Policy.

Setting up the Session Manager Routing Policy on page 171

4

Set up the Session Manager Regular Expression.

Setting up the

Session

Manager

Regular

Expression on

page 172

Presence Services Microsoft Federation Attributes Configuration

1

Set up the cluster attributes for External Domain

Setting up

Microsoft Federation.

cluster attributes

for External

Domain

Microsoft

Federation on

page 173

Communication Manager configuration

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

143

Comments on this document? infodev@avaya.com

Administration

No.

Task

Reference

1

Add or update the existing Communication Manager

Adding or

application.

updating the

existing

Communication

Manager

application on

page 137

DNS configuration
The DNS server used by the Avaya Aura® components does not need to be the same as the one used by the Microsoft servers. However, if not, the Microsoft Edge and Avaya Session Border Controller for Enterprise fully qualified domain names (FQDN) must be resolvable by the DNS used by the Avaya Session Border Controller for Enterprise server.
The following DNS entries must be made on the DNS server used by the Microsoft Edge and Avaya Session Border Controller for Enterprise:
1. Add a DNS A record so that the FQDN of the Avaya Session Border Controller for Enterprise external interface is resolvable by the Microsoft Edge server.
2. Add a DNS reverse pointer for the Avaya Session Border Controller for Enterprise external interface IP address to resolve the Avaya Session Border Controller for Enterprise external interface FQDN.
Adding a DNS A record for Avaya Session Border Controller for Enterprise to a Microsoft DNS server
Procedure
1. Log in to the Microsoft DNS server as an administrator.
2. In the Forward Lookup Zones section, create the domain for Avaya Session Border Controller for Enterprise, if it does not exist.
3. Right-click the correct domain and select New Host (A).
4. In the New Host dialog box, enter the Avaya Session Border Controller for Enterprise host name and IP address.
5. Click Add Host > OK, and then click Done.
Note:
When adding a new Host (A) record, you can select the Create associated pointer (PTR) record check box. This setting might eliminate the need to add the host name to Reverse Lookup Zone, if the zone already exists.
Adding a DNS reverse pointer record for Avaya Session Border Controller for Enterprise to a Microsoft DNS server
Procedure
1. Log in to the Microsoft DNS server as an administrator.

April 2021

Avaya Aura® Presence Services Snap-in Reference

144

Comments on this document? infodev@avaya.com

Federation
2. In the navigation pane, click Reverse Lookup Zones > New Zone. 3. On the Action menu, click New Zone. 4. Select Primary zone and store the zone in Active Directory. 5. Click Next. 6. Click To all DNS servers in the Active Directory domain . 7. Click Next. 8. Enter the Network ID portion of the IP address corresponding to the Avaya Session Border
Controller for Enterprise external interface, and click Next. 9. Select Allow both non-secure and secure dynamic updates, and click Next. 10. Click Finish. 11. Right-click the created zone and select New Pointer (PTR). 12. In the Host IP number field, enter the Avaya Session Border Controller for Enterprise
external IP address. 13. In the Host Name field, enter the FQDN of the Avaya Session Border Controller for
Enterprise external interface. 14. Click OK.
Configuring Avaya Session Border Controller for Enterprise
About this task A session border controller is a device used to exert control over incoming and outgoing signaling and media streams in an enterprise Avaya Aura® solution. It is typically deployed at the edge of a corporate network and used to control inbound and outbound sessions. In the Presence Services to Microsoft external domain federation deployment, the Avaya Session Border Controller for Enterprise is used to isolate the Aura servers from the public network. In addition to the configuration described in the Administering Avaya Session Border Controller for Enterprise guide, the following must be configured and or executed to setup federation:
Note: It is strongly recommended that TLS 1.2 be used in all TLS Client and Server Profiles. Procedure 1. Generate Avaya Session Border Controller for Enterprise identity certificate to be used in
the TLS Client Profiles. This certificate will be used in creating TLS client connections to the Microsoft Edge server and also to the Session Manager in the internal Avaya Aura® network/domain. 2. Retrieve the CA certificate from the Microsoft Edge server to import into the Avaya Session Border Controller for Enterprise. 3. Retrieve the CA certificate from the Session Manager to import into the Avaya Session Border Controller for Enterprise. If the System Manager is used as the CA, the Session

April 2021

Avaya Aura® Presence Services Snap-in Reference

145

Comments on this document? infodev@avaya.com

Administration
Manager CA can be downloaded from the System Manager by navigating to the Services > Security > Certificates > Authority > CA Structure & CRLs page.
4. Create two TLS Client Profiles for the outgoing connections to the Microsoft Edge and Session Manager.
5. Create two TLS Server Profiles for the incoming connections from the Microsoft Edge and Session Manager.
6. Configure an external Signaling Interface using the external TLS Server Profile.
7. Configure an internal Signaling Interface using the internal TLS Server Profile.
8. Create internal and external Media Interfaces.
9. Create Server Interworking Profiles for both the Session Manager and Microsoft Edge.
10. Create Server Configuration Profiles for both the Session Manager and Microsoft Edge.
11. Default Application Rules can be used, as there is no customization required.
12. Default Media Rules can be used, as there is no customization required.
13. Default Signaling Rules can be used, as there is no customization required.
14. Create two End Point Policy Groups for the Microsoft Edge and the Session Manager.
a. The Microsoft Edge End Point Policy Group requires a Border Rule.
b. The Session Manager End Point Policy Group uses defaults, as there is no customization required.
15. Create two Routing Profiles for the Microsoft Edge and the Session Manager. Each Routing Profiles will use the specific Server Configuration Profile created for Microsoft Edge and Session Manager.
16. Avaya Session Border Controller for Enterprise specific configuration for System Manager to Microsoft federation:
a. The DNS server used by the Avaya Session Border Controller for Enterprise needs to be able to resolve the FQDN of the Microsoft Edge server.
b. Enable topology hiding in both directions. Only enable topology hiding for the following headers: Via, SDP, and Record-Route. Specifically not Request-Line, To or From. This is required to enable back-to-back SIP dialogs between the Microsoft Edge and the Session Manager using FQDNs for Record Routes and Contact URIs.
c. Setup a Border Rule for the Microsoft Edge End Point Policy Group. This changes the contact in the initial SUBSCRIBE message sent from the System Manager to use an FQDN instead of an IP address. This is required to enable the Microsoft Edge to properly send NOTIFYs back to System Manager.
d. Create a Signaling Manipulation Rule to remove the GSID request URI parameter from the in-dialog SUBSCRIBEs sent from System Manager to the Microsoft Edge. This is required, since the Edge will not accept the modified in-dialog SUBSCRIBE request URI.

April 2021

Avaya Aura® Presence Services Snap-in Reference

146

Comments on this document? infodev@avaya.com

Federation
17. Create two End Point Flows. End Point Flows associate the various configuration profiles and options together to control signaling messages that flow thru the Avaya Session Border Controller for Enterprise.
Creating and installing the identity certificate used by Avaya Session Border Controller for Enterprise
Procedure
1. Log in to the Avaya Session Border Controller for Enterprise server as the administrator.
2. Click TLS Management > Certificates.
3. Click Generate CSR, and enter the following details:
a. The certificate Common Name field should be set to the FQDN of the Avaya Session Border Controller for Enterprise.
b. The certificate Subject Alt Name fields should have the following included: DNS:<FQDN-of-Avaya Session Border Controller for Enterprise>, IPAddress:<IP Address of the external interface>, IPAddress:<IP Address of the internal interface>.
c. Client and Server authentication enabled.
d. Key usage set to Digital Signature and Key Encipherment.
e. Set and confirm the passphrase.
f. Enter other details as required.
4. Download the CSR and private key file and use your Certificate Authority (CA) to sign the request and generate the identity certificate.
For example, the System Manager CA can be used to achieve this.
5. In TLS Management; Certificates, click Install to import the Avaya Session Border Controller for Enterprise identity certificate and private key file.
6. The CA certificate used to sign the CSR and identity certificate must be loaded into each server that will receive client connections from the Avaya Session Border Controller for Enterprise. This allows those servers (that is, Microsoft Edge and Session Manager) to authenticate incoming TLS client connections from the Avaya Session Border Controller for Enterprise.
7. For Standalone Avaya Session Border Controller for Enterprise, after installing the certificate, the following CLI command must be executed to sync the private key with the certificate:
a. Log in to the Avaya Session Border Controller for Enterprise through SSH using a tool like putty.
b. Change to the directory: /usr/local/ipcs/cert/key.
c. Execute the command: enc_key <private-key-file-name> <passphrase> .
# cd /usr/local/ipcs/cert/key

April 2021

Avaya Aura® Presence Services Snap-in Reference

147

Comments on this document? infodev@avaya.com

Administration
# enc_sbc.bvw.avaya.key avaya123 8. Using System Management, select Restart Application to restart the Avaya Session
Border Controller for Enterprise.
Retrieving the Microsoft Edge CA certificate
Procedure 1. Log in to the Microsoft Edge server as the administrator. 2. Start the Microsoft S4B or Skype for Business Deployment wizard. 3. Click Install or Update Skype for Business Server System. 4. Click Run Again in Step 3. The system displays the Certificate Wizard. 5. In the Certificate Wizard, select the External Edge Certificate (public Internet) group. 6. Click view. 7. Click View Certificate Details. The system displays the Microsoft Edge identity certificate. 8. Select Certification Path. 9. Select the CA certificate and click View Certificate. The system displays the Microsoft Edge CA certificate.
10. Click the Details tab, and then click Copy to File. 11. Select Base-64 encoded X.509 (.CER). 12. Click Next. 13. Enter a filename for the CA certificate file, and click Next.
For example, msEdgeCA. 14. Click Finish to save the file. 15. Click OK to close the Export was successful dialog box.
The exported CA certificate file is used in client and server profiles created in subsequent procedures. 16. Rename the certificate file from msEdgeCA.cer to msEdgeCA.pem.
Configuring a TLS Client Profile used to connect to Microsoft Edge
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as an administrator. 2. Click TLS Management > Client Profiles. 3. Click Add and enter an appropriate name for the profile.

April 2021

Avaya Aura® Presence Services Snap-in Reference

148

Comments on this document? infodev@avaya.com

Federation
For example: clientProfileToEdge. 4. Select the Avaya Session Border Controller for Enterprise identity certificate created
earlier, from the certificate menu. 5. If you require peer certificate verification, enable Peer Verification. 6. Load the peer CA certificate.
a. Click TLS Management > Certificates > Install > CA certificate. b. Browse to the certificate file and click upload.
In the following example, the peer CA certificate is msEdgeCA.pem, which is used to sign the Microsoft Edge identity certificate. 7. Select a verification depth of 1. 8. Select the required version of TLS. Avaya recommends that you select TLS 1.2. 9. Customize the encryption ciphers as required. Example The following figure shows a sample TLS Client Profile used to connect to Microsoft Edge.

April 2021

Avaya Aura® Presence Services Snap-in Reference

149

Comments on this document? infodev@avaya.com

Administration
Configuring a TLS Client Profile used to connect to the Session Manager
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as an administrator. 2. Click TLS Management > Client Profiles. 3. Click Add and enter an appropriate name for the profile. For example: clientProfileToSM. 4. Select the Avaya Session Border Controller for Enterprise identity certificate created earlier, from the certificate menu. 5. If you require peer certificate verification, enable Peer Verification. 6. Load the peer CA certificate. a. Click TLS Management > Certificates > Install > CA certificate. b. Browse to the certificate file and click upload. In the following example, the peer CA certificate is lab3SystemManagerCA.pem, which is used to sign the Session Manager identity certificate. 7. Select a verification depth of 1. 8. Select the required version of TLS. Avaya recommends that you select TLS 1.2. 9. Customize the encryption ciphers as required.
Example The following figure shows sample configuration for a TLS client profile to connect to the Session Manager.

April 2021

Avaya Aura® Presence Services Snap-in Reference

150

Comments on this document? infodev@avaya.com

Federation

Related links Configuring a TLS Client Profile used to connect to Microsoft Edge on page 148
Configuring a TLS Server Profile used to receive connections from Microsoft Edge
Procedure
1. Log in to the Avaya Session Border Controller for Enterprise server as an administrator. 2. Click TLS Management > Server Profiles. 3. Click Add, and enter an appropriate name for the profile.
For example: serverProfileExternal. 4. Select the Avaya Session Border Controller for Enterprise identity certificate created
earlier, from the certificate menu. 5. If you require peer certificate verification, enable Peer Verification.

April 2021

Avaya Aura® Presence Services Snap-in Reference

151

Comments on this document? infodev@avaya.com

Administration
6. Load the peer CA certificate. a. Click TLS Management > Certificates > Install > CA certificate. b. Browse to the certificate file and click upload. In the following example, the peer CA certificate is msEdgeCA.pem, which is used to sign the Microsoft Edge identity certificate.
7. Select a verification depth of 1. 8. Select the required version of TLS.
Avaya recommends that you select TLS 1.2. 9. Customize the encryption ciphers as required. Example The following figure shows a sample TLS Server Profile used to receive connections from Microsoft Edge.

April 2021

Avaya Aura® Presence Services Snap-in Reference

152

Comments on this document? infodev@avaya.com

Federation
Configuring a TLS Server Profile used to receive connections from the Session Manager
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as an administrator. 2. Click TLS Management > Server Profiles. 3. Click Add, and enter an appropriate name for the profile. For example: serverProfileInternal. 4. Select the Avaya Session Border Controller for Enterprise identity certificate created earlier, from the certificate menu. 5. If you require peer certificate verification, enable Peer Verification. 6. Load the peer CA certificate. a. Click TLS Management > Certificates > Install > CA certificate. b. Browse to the certificate file and click upload. In the following example, the peer CA certificate is lab3SystemManagerCA.pem, which is used to sign the Session Manager identity certificate. 7. Select a verification depth of 1. 8. Select the required version of TLS. Avaya recommends that you select TLS 1.2. 9. Customize the encryption ciphers as required.
Example The following figure shows a sample TLS Server Profile used to receive connections from the Session Manager.

April 2021

Avaya Aura® Presence Services Snap-in Reference

153

Comments on this document? infodev@avaya.com

Administration

Related links Configuring a TLS Server Profile used to receive connections from Microsoft Edge on page 151
Configuring the Microsoft Edge external Signaling Interface
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as the administrator. 2. Click Network & Flows > Signaling Interface. 3. Click Add and name the interface.
For example: external1. 4. Select the interface and IP Address that is connected to the public network where the
Microsoft Edge is accessible. 5. Enable TLS by specifying port 5061 and assign the previously created external TLS
Server Profile.
Typically, TCP and UDP are disabled.

April 2021

Avaya Aura® Presence Services Snap-in Reference

154

Comments on this document? infodev@avaya.com

Federation
Configuring the Session Manager internal Signaling Interface
Procedure 1. Repeat the earlier procedure to create a similar internal Signaling Interface to be used by Session Manager. 2. Assign a name to the interface appropriately. For example: internal1. 3. Set the IP Address, ports, and internal TLS Server Profile.
Configuring Media Interfaces
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as an administrator. 2. Create an internal media interface. a. Click Network & Flows > Media Interface. b. Click Add. The Edit Media Interface dialog box displays. c. In the Name field, enter a name for the internal media interface. d. In the IP Address field, select internal (A1, VLAN 0). e. Select an internal IP address. f. In the Port Range field, verify that the default port range is acceptable. g. Click Finish.

3. Create an external media interface. a. Click Network & Flows > Media Interface. b. Click Add. The Edit Media Interface dialog box displays.

April 2021

Avaya Aura® Presence Services Snap-in Reference

155

Comments on this document? infodev@avaya.com

Administration
c. In the Name field, enter a name for the external media interface. d. In the IP Address field, select external (B1, VLAN 0). e. Select an external IP address. f. In the Port Range field, verify that the default port range is acceptable. g. Click Finish.
Configuring the server interworking profiles
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as the administrator. 2. Click Configuration Profiles > Server Interworking. 3. Click Add and assign a name to the profiles. For example: lab3-sm and ms-edge. 4. Use the default settings except for the Advanced section. 5. In the Advanced section for the lab3-sm profile: a. Set Record Routes to Both Sides. b. Set Extensions to Avaya.

April 2021

Avaya Aura® Presence Services Snap-in Reference

156

Comments on this document? infodev@avaya.com

Federation

6. In the Advanced section for the ms-edge profile: a. Set Record Routes to None. b. Set Extensions to S4B.

Configuring the server configuration profiles
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as the administrator. 2. Click Configuration Profiles > Server Configuration.

April 2021

Avaya Aura® Presence Services Snap-in Reference

157

Comments on this document? infodev@avaya.com

Administration
3. Click Add and assign a name to the Server Configuration Profiles. For example: lab3-sm and ms-edge.
4. On the General tab, do the following: a. Server Type: Call Server b. SIP Domain: Aura Presence/IM domain c. IP Address / FQDN: IP Address of the Session Manager Asset Interface d. Port: 5061 e. Transport: TLS f. TLS Client Profile: TLS Client Profile to the Session Manager
5. Click Next. Authentication is disabled.
6. Click Next. Enable Heartbeat is disabled.
7. Click Next. 8. In the Advanced tab, do the following:
a. Enable DoS Protection: disabled b. Enable Grooming: enabled c. Interworking Profile: Session Manager Interworking Profile.
For example, lab3-sm. d. Signaling Manipulation Script: none e. Securable: disabled f. Enable FGDN: disabled 9. Click Finish to commit the changes. 10. Similarly, click Add again to create the Server Configuration Profile for the Microsoft Edge. 11. Assign a name to the profile ms-edge. 12. On the General tab, do the following: a. Server Type: Trunk Server b. SIP Domain: Microsoft domain c. IP Address / FQDN: IP Address of the Edge server d. Port: 5061 e. Transport: TLS

April 2021

Avaya Aura® Presence Services Snap-in Reference

158

Comments on this document? infodev@avaya.com

Federation
f. TLS Client Profile: TLS Client Profile to the Edge 13. Click Next.
Authentication is disabled. 14. Click Next.
Enable Heartbeat is disabled. 15. Click Next. 16. On the Advanced tab, set the following:
a. Enable DoS Protection: disabled b. Enable Grooming: enabled c. Interworking Profile: Session Manager Interworking Profile.
For example, ms-edge. d. Signaling Manipulation Script: none e. Securable: disabled f. Enable FGDN: disabled 17. Click Finish to commit the changes.
Configuring the End Point Policy Groups
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as the administrator. 2. Click Domain Policies > End Point Policy Groups. 3. Click Add and assign a name to the Policy Groups. For example: lab3sm and msEdge.

April 2021

Avaya Aura® Presence Services Snap-in Reference

159

Comments on this document? infodev@avaya.com

Administration 4. For the lab3sm Policy Group, use the default settings as show in the following figure:
5. For the msEdge Policy Group, use the default settings except for Border. Configure a specific border rule for the Microsoft Edge. As shown in the following figure, the Border Rules is named external-B1. Refer to the following Border Rule creation procedure.

Configuring the Routing Profiles
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as the administrator. 2. Click Global Profiles > Routing.

April 2021

Avaya Aura® Presence Services Snap-in Reference

160

Comments on this document? infodev@avaya.com

Federation 3. Click Add and assign a name to the Routing Profiles.
For example: toLab3sm and toMSEdge. 4. For the toLab3sm profile use the default settings, adding the lab3-sm Server Configuration
as the Next Hop Address as shown in the following figure:
5. For the toMSEdge profile use the default settings, adding the ms-edge Server Configuration as the Next Hop Address as shown in the following figure:

April 2021

Avaya Aura® Presence Services Snap-in Reference

161

Comments on this document? infodev@avaya.com

Administration
Configuring the DNS server used by the Avaya Session Border Controller for Enterprise
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as an administrator. 2. Click System Management. 3. In the Device tab, click the Edit link for the Avaya Session Border Controller for Enterprise device. 4. Configure the DNS settings. In the DNS settings pane: a. Enter the Primary and Secondary IP addresses of the DNS servers. In the following example, the primary address is the IP address of the Microsoft DNS server in the Microsoft domain. b. Select the appropriate Client IP that connects to the DNS servers. 5. Configure the IPv4 network settings. In the IPv4 Network Settings pane: a. Enter the management IP address of the Avaya Session Border Controller for Enterprise. b. Enter the subnet of the network system. c. Enter the IP address of the gateway. 6. Using System Management, select Restart Application to restart the Avaya Session Border Controller for Enterprise.

April 2021

Avaya Aura® Presence Services Snap-in Reference

162

Comments on this document? infodev@avaya.com

Example

Federation

Enabling External Topology Hiding
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as the administrator. 2. Click Configuration Profiles > Topology Hiding. 3. Click Add and assign a name to the profile. For example: msEdge.

April 2021

Avaya Aura® Presence Services Snap-in Reference

163

Comments on this document? infodev@avaya.com

Administration
4. Add the following three headers: a. Record-Route with Replace Action set to auto. b. SDP with Replace Action set to auto. c. Via with Replace Action set to auto.
Enabling Internal Topology Hiding
Procedure 1. Repeat the earlier procedure to create a similar Topology Hiding Profile used by the Session Manager. 2. Assign a name to the profile appropriately. For example: lab3sm. 3. Add the following three headers: a. Record-Route with Replace Action set to auto. b. SDP with Replace Action set to auto. c. Via with Replace Action set to auto.
Related links Enabling External Topology Hiding on page 163
Setting up the Microsoft Edge Border Rule
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as the administrator. 2. Click Domain Policies > Border Rules. 3. Click Add and assign a name the rule. For example: external-B1. 4. Enable Natting. 5. Enable SIP Published IP and set the SIP Published Domain to the FQDN of the Avaya Session Border Controller for Enterprise. 6. Enable SDP Published IP and set the SDP Published Domain to the FQDN of the Avaya Session Border Controller for Enterprise.
Creating a Signaling Manipulation Script
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as the administrator. 2. Click Configuration Profiles > Signaling Manipulation. 3. Click Add, set the title to RemoveGsid and add the following script:
within session "ALL" {

April 2021

Avaya Aura® Presence Services Snap-in Reference

164

Comments on this document? infodev@avaya.com

Federation
act on request where %DIRECTION="OUTBOUND" and %ENTRY_POINT="POST_ROUTING" {
remove(%HEADERS["Request_Line"][1].PARAMS["gsid"]); remove(%HEADERS["Request_Line"][1].PARAMS["asm"]); } }
4. Click Save to save the script file.
Creating End Point Flows
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as the administrator. 2. Click Network & Flows > End Point Flows > Server Flows. 3. Click Add to create the End Point Flow for the Session Manager. 4. Set the name of the flow to from-SM.

April 2021

Avaya Aura® Presence Services Snap-in Reference

165

Comments on this document? infodev@avaya.com

Administration 5. Set up the options and profiles create above as show in the following figure:

6. Click Add to create the End Point Flow for the Microsoft Edge. 7. Set the name of the flow to from-Edge. 8. Setup the options and profiles created above as shown in the following figure:
Note: The Edge flow has the RemoveGsid Signaling Manipulation Script configured.

April 2021

Avaya Aura® Presence Services Snap-in Reference

166

Comments on this document? infodev@avaya.com

Federation

April 2021

Avaya Aura® Presence Services Snap-in Reference

167

Comments on this document? infodev@avaya.com

Administration 9. The following shows the two End Point Flows: from-SM and from-MSEdge.

Microsoft edge server SIP federated domain configuration
A federated domain must be configured on the Microsoft S4B or Skype for Business system to allow signaling messages to be routed to the Avaya Session Border Controller for Enterprise from the Microsoft Edge server.
Configuring the SIP federated domain Procedure
1. Log in to the Microsoft Front End server as the administrator.
Note:
This administrator user must be part of the CSAdministrator group.
2. Start the Microsoft S4B Server Control Panel or the Skype for Business Server Control Panel application.
3. In the Federation and External Access section, select the SIP Federated Domains tab.
4. Select Allowed domain to add a new domain.
5. In the Domain name field, add the Presence or the IM handle domain used by the federated Avaya Aura® users.
For example, if a Microsoft user "ms-user@domain2.com" is federating with an Avaya Aura® user with a presence handle: "aura-user@domain1.com", then the domain field should contain: "domain1.com".

April 2021

Avaya Aura® Presence Services Snap-in Reference

168

Comments on this document? infodev@avaya.com

Federation
6. In the Access Edge service (FQDN) field, enter the FQDN of the Avaya Session Border Controller for Enterprise.
7. In the Comment field, add an appropriate comment. 8. Click Commit. 9. After the commit, ensure that the domain is set to Allow. Example

Configuring routing between Session Manager and Avaya Session Border Controller for Enterprise
A federated domain must be configured on the System Manager to allow the Session Manager to route signaling messages from Presence Services to the Microsoft Edge server through the Avaya Session Border Controller for Enterprise. The following items must be configured on System Manager:
· Certificates · Entity and Entity Link for the Avaya Session Border Controller for Enterprise with monitoring
disabled. · Session Manager Regular Expression. · Session Manager Routing Policy.

April 2021

Avaya Aura® Presence Services Snap-in Reference

169

Comments on this document? infodev@avaya.com

Administration
Setting up required certificates for Session Manager Procedure 1. Log in to the System Manager as the administrator. 2. Select Inventory from the Services group, and select Manage Elements. 3. Find and select the Session Manager in the list of elements. 4. In the More Actions field, click Manage Trusted Certificates. 5. The CA certificate that was used to sign the Avaya Session Border Controller for Enterprise identity certificate must be loaded into the SECURITY_MODULE_SIP trust store so that the Session Manager can validate the Avaya Session Border Controller for Enterprise identity certificate. Example The System Manager Default CA was used, and is selected in the following example:

Setting up the Avaya Session Border Controller for Enterprise entity and entity link Procedure 1. Log in to System Manager as an administrator. 2. Navigate to Elements > Routing, and then click SIP Entities.

April 2021

Avaya Aura® Presence Services Snap-in Reference

170

Comments on this document? infodev@avaya.com

Federation
3. Click New, and do the following: a. The name of the Avaya Session Border Controller for Enterprise server. b. The IP address or Fully qualified domain name (FQDN) of the Avaya Session Border Controller for Enterprise internal interface, that is on the internal domain or network. If a FQDN is used, it must be resolvable by the Session Manager. c. Set the Type to Other. d. Set the Location and Time zone. e. Loop Detection Mode can be left as On. f. SIP link monitor must be disabled.
Note: If the Avaya Session Border Controller for Enterprise is configured to respond to the OPTIONS SIP message properly, the link monitor can be enabled. But by default the Avaya Session Border Controller for Enterprise will pass the OPTIONS message through to the Microsoft Edge, which will not respond. g. All other fields can be left as default. 4. In the Entity Links area, create an entity link to the Session Manager. Do the following: a. In the Protocol field, click TLS. b. In the Port field, type 5061. c. In the Connection Policy field, click trusted. 5. Click Commit to create the entity and the entity link. Setting up the Session Manager routing policy Procedure 1. Log in to the System Manager as an administrator. 2. Click Elements > Routing > Routing Policies. 3. Click New, and enter the required data. a. Enter a name, for example "ms-external-federation". b. Clear the disabled box. c. Set retries to 0. d. Enter relevant notes. e. Select the destination SIP entity created earlier. f. Time of Day, Dial Patterns and Regular Expressions can be left in their default states. 4. Click Commit to create the routing policy.

April 2021

Avaya Aura® Presence Services Snap-in Reference

171

Comments on this document? infodev@avaya.com

Administration Example

Setting up the Session Manager regular expression Procedure
1. Log in to the System Manager as the administrator.
2. Click Elements > Routing > Regular Expressions.
3. Click New, and enter the required data.
a. The pattern is specified to match any user in the Microsoft domain that the Avaya Aura® users will federate with.
For example, if a Microsoft user "ms-user@domain2.com" is federating with an Avaya Aura® user with a presence handle "aura-user@domain1.com", then the pattern should be: ".*@domain2\.com" .
b. The rank order can be 0 or some other appropriate number.
c. Deny should be cleared.
d. In Routing Policy, click Add and select the policy created in the earlier procedure.
4. Click Commit to create the regular expression.

April 2021

Avaya Aura® Presence Services Snap-in Reference

172

Comments on this document? infodev@avaya.com

Federation
Presence Services Microsoft federation attributes configuration
The Microsoft external federated domain must be configured in the Presence Services cluster attributes on the System Manager to allow the System Manager to route signaling messages to the Microsoft Edge server through the Session Manager and Avaya Session Border Controller for Enterprise. Setting up cluster attributes for external domain Microsoft federation About this task
Note: For the External Domain Federation to work properly, the Microsoft domain configured in this procedure must be different than any of the Presence or IM domains in use by Presence Services users. Procedure 1. Log in to the System Manager as administrator. 2. Select Elements > Avaya Breeze® > Configuration. 3. Click Attributes. 4. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 5. In the Service field, click the Presence Services service. 6. On the Attributes Configuration page, navigate to the Microsoft Federation group. 7. In the Microsoft Federation Enabled field, in Effective Value, click True. 8. In the External Microsoft Domain List field, in Effective Value, type the list of domains
handled by Microsoft that are external to the enterprise where Presence Services is deployed. For example, "domain2.com" as used in the earlier examples. Use a comma as a separator to specify multiple domains. 9. (Optional) To override the default value, select the Override Default check box. 10. Enable or disable multimedia attachment support. This attribute must be enabled to allow Avaya Workplace Client users to share multimedia attachments with federated Microsoft users. Multimedia attachments are sent as web links to the federated conversation participants.
Note: The web link is temporary and expires after 10 minutes. The attachment file will not be accessible by using the link after 10 minutes. The default value is False so that the attachment support is disabled by default when Microsoft federation is enabled. To override the default value, select the Override Default check box.

April 2021

Avaya Aura® Presence Services Snap-in Reference

173

Comments on this document? infodev@avaya.com

Administration
Important: Attachments sent from Microsoft clients to Presence Services clients are not supported. 11. Click Commit.

Microsoft federation with external domains for multi-user chat support

Additional configuration is required to support multi-user chat between externally federated Microsoft users and Aura users using Avaya Workplace Clients. Both Microsoft hosted, and Presence Services hosted multi-user conferences are supported.

For limitations, see "Federated multi-user chat support and limitations" section.

Checklist for Microsoft External Federation Multi-User Chat

This checklist assumes that the checklist for configuring Microsoft Federation with External Domains has already been completed, and Microsoft external federation is functional.

No.

Task

Link

Session Manager Configuration

1

Add Session Manager routing policies.

Adding Session Manager

routing policies on

page 175

2

Add Session Manager regular expressions. Adding Session Manager

regular expressions on

page 176

Avaya Session Border Controller for Enterprise Configuration

1

Update the Edge and Session Manager end Updating the Edge and

point policy groups.

Session Manager end

point policy groups on

page 177

2

Update the RemoveGsid Signaling

Manipulation script.

Updating the RemoveGsid Signaling Manipulation script on page 179

3

Add new Signaling Manipulation Scripts

Adding new signaling

RestoreFromTag and AddSvc.

manipulation scripts

RestoreFromTag and

AddSvc on page 180

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

174

Comments on this document? infodev@avaya.com

Federation

No.

Task

Link

4

Enable the RestoreFromTag and AddSvc

Enabling the

Signaling Manipulation scripts.

RestoreFromTag and

AddSvc signaling

manipulation scripts on

page 181

5

Enable SIP Redirect support in the Edge

Enabling SIP redirect

Server interworking profile.

support in the Edge

server interworking

profile on page 183

Session Manager configuration
A separate routing policy and regular expression must be configured for each node in the Presence Services cluster. These regular expression routes will direct the Session Manager to route specific Microsoft multi-user chat signaling messages back to the correct Presence Server node.
Adding Session Manager routing policies
Procedure
1. Log in to the System Manager as an administrator.
2. Navigate to Elements > Routing, and then click Routing Policies.
3. Click New, and do the following:
a. Enter a name. For example, "ms-muc-to-ps-node1".
b. Clear the Disabled check box.
c. Set retries to 0. d. Enter relevant notes.
e. Select the Destination SIP Entity as the Presence Services or Breeze node. In a multinode cluster, use the first node.
f. Time of Day, Dial Patterns and Regular Expressions can be left in their default states.
4. Click Commit to create the routing policy.
Repeat this procedure for each node in the Presence Services cluster.
The following screenshot shows an existing routing policy for the Avaya Session Border Controller for Enterprise and two new policies for multi-user chat support.

April 2021

Avaya Aura® Presence Services Snap-in Reference

175

Comments on this document? infodev@avaya.com

Administration
Adding Session Manager regular expressions
Procedure 1. Log in to the System Manager as an administrator. 2. Navigate to Elements > Routing, and then click Regular Expressions. 3. Click New, and enter the required data. a. The pattern specified must match the Avaya Breeze platform Security Module FQDN followed by dot-star. For example, "ps-node106-sm100\.domain1\.com.*". b. The rank order can be 0 or some other appropriate number. c. Deny should be cleared. d. In Routing Policy, click Add and select the policy created in the previous procedure for this Presence Services node. 4. Click Commit to create the regular expression. Repeat this procedure for each node in the Presence Services cluster. The following screenshot shows the existing regular expression for the Avaya Session Border Controller for Enterprise and two new regular expressions for multi-user chat support.

April 2021

Avaya Aura® Presence Services Snap-in Reference

176

Comments on this document? infodev@avaya.com

Federation
Avaya Session Border Controller for Enterprise configuration
Additional configuration changes must be applied to the Avaya Session Border Controller for Enterprise to support multi-user chat between Microsoft and Avaya Workplace Clients. For mode details, see Administering Avaya Session Border Controller for Enterprise document. The following items must be configured or updated to support multi-user chat:
· The End Point Policy Group for the Microsoft Edge must be updated to use the signaling rule, "No-Content-Type-Checks".
· The End Point Policy Group for the Session Manager must be updated to use the signaling rule, "No-Content-Type-Checks".
· The existing RemoveGsid Signaling Manipulation script must be updated. · Two new Signaling Manipulation scripts" RestoreFromTag" and "AddSvc" must be added and
enabled. · SIP redirect (3xx) support must be enabled in the MS-Edge server interworking profile.
Updating the Edge and Session Manager end point policy groups
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as an administrator. 2. Click Domain Policies > End Point Policy Groups. 3. From the Policy Groups list, select the existing msEdge Policy Group and click Edit. 4. In the Signaling Rule field, select No-Content-Type-Checks.

April 2021

Avaya Aura® Presence Services Snap-in Reference

177

Comments on this document? infodev@avaya.com

Administration 5. The committed msEdge Policy Group appears under the Policy Group tab.
Repeat the procedure for the Session Manager end point policy group.

April 2021

Avaya Aura® Presence Services Snap-in Reference

178

Comments on this document? infodev@avaya.com

Federation
Updating the RemoveGsid Signaling Manipulation script
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as an administrator. 2. Click Configuration Profiles > Signaling Manipulation. 3. From the Signaling Manipulation Scripts list, select the existing "RemoveGsid" script. 4. Click Edit , and update the scripts as follows:
within session "ALL" {
act on request where %DIRECTION="OUTBOUND" and %ENTRY_POINT="POST_ROUTING" {
remove(%HEADERS["Request_Line"][1].PARAMS["gsid"]); remove(%HEADERS["Request_Line"][1].PARAMS["asm"]); %FROMTAG = %HEADERS["From"][1].PARAMS["tag"]; %HEADERS["From"][1].PARAMS["tag"].regex_replace("_local.*", ""); %HEADERS["From"][1].PARAMS["av-ps-conf-tag-o"] = %FROMTAG; %HEADERS["Contact"][1].URI.PARAMS["av-ps-conf-tag-o"] = %FROMTAG; } act on response where %DIRECTION="OUTBOUND" and %ENTRY_POINT="POST_ROUTING" { %TOTAG = %HEADERS["To"][1].PARAMS["tag"]; %HEADERS["To"][1].PARAMS["tag"].regex_replace("_local.*", ""); %HEADERS["Contact"][1].URI.PARAMS["av-ps-conf-tag-o"] = %TOTAG; } }
5. Click Save.

April 2021

Avaya Aura® Presence Services Snap-in Reference

179

Comments on this document? infodev@avaya.com

Administration
Adding new signaling manipulation scripts RestoreFromTag and AddSvc
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as an administrator. 2. Click Global Profiles > Signaling Manipulation . 3. Click Add, and set the title to RestoreFromTag and add the script as follows:
within session "ALL" {
act on response where %DIRECTION="INBOUND" and %ENTRY_POINT="AFTER_NETWORK" {
if (%HEADERS["From"][1].regex_match("av-ps-conf-tag-o")) then {
%HEADERS["From"][1].PARAMS["tag"] = %HEADERS["From"][1].PARAMS["av-ps-conf-tago"];
remove(%HEADERS["From"][1].PARAMS["av-ps-conf-tag-o"]); } } act on request where %DIRECTION="INBOUND" and %ENTRY_POINT="AFTER_NETWORK" { if (%HEADERS["Request_Line"][1].regex_match("av-ps-conf-tag-o")) then {
%HEADERS["To"][1].PARAMS["tag"] = %HEADERS["Request_Line"][1].URI.PARAMS["avps-conf-tag-o"];
remove(%HEADERS["Request_Line"][1].URI.PARAMS["av-ps-conf-tag-o"]); } } }
4. Click Save.

5. Click Add, and set the title to AddSvc and add the script as follows:
within session "ALL" {
act on request where %DIRECTION="OUTBOUND" and %ENTRY_POINT="POST_ROUTING"

April 2021

Avaya Aura® Presence Services Snap-in Reference

180

Comments on this document? infodev@avaya.com

Federation
{ %PS = "PresenceServices"; if (%HEADERS["Request_Line"][1].PARAMS["av-svc-fea"] != %PS ) then { %HEADERS["Request_Line"][1].PARAMS["av-svc-fea"] = %PS; }
} } within session "INVITE" {
act on request where %DIRECTION="OUTBOUND" and %ENTRY_POINT="POST_ROUTING" {
%CINV = "application/ms-conf-invite+xml"; if (%HEADERS["Content-Type"][1] = %CINV ) then {
%HEADERS["Avaya-Ms-Body-Type"][1] = %CINV; %BODY[1].regex_replace("\r\n", ""); %HEADERS["Avaya-Ms-Body"][1] = %BODY[1]; %HEADERS["Content-Type"][1] = "application/sdp"; %BODY[1] = "v=0XXo=- 0 0 IN IP4 0.0.0.0XXs=sessionXXc=IN IP4 0.0.0.0XXt=0 0XXm=message 5060 sip nullXXa=accept-types:text/plainXX"; %BODY[1].regex_replace("XX", "\r\n"); } } }
6. Click Save.

Enabling the RestoreFromTag and AddSvc signaling manipulation scripts
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as an administrator. 2. Click Network & Flows > End Point Flows > Server Flows. 3. Edit the existing Session Manager flow.

April 2021

Avaya Aura® Presence Services Snap-in Reference

181

Comments on this document? infodev@avaya.com

Administration 4. In the Edit Flow dialog, in the Signaling Manipulation Script field, select AddSvc.

5. Verify by viewing the MsEdge end point flow that it is configured to use the RemoveGsid signaling manipulation script.
6. Click Configuration Profiles > Server Configuration, and select the existing ms-edge server profile from the list.

April 2021

Avaya Aura® Presence Services Snap-in Reference

182

Comments on this document? infodev@avaya.com

Federation 7. Click the Advanced tab, and edit the Signaling Manipulation Script field to use
RestoreFromTag.
Enabling SIP redirect support in the Edge server interworking profile
Procedure 1. Log in to the Avaya Session Border Controller for Enterprise server as an administrator. 2. Click Configuration Profiles > Server Interworking. 3. Select the existing ms-edge interworking profile from the list. 4. Click the General tab, and click Edit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

183

Comments on this document? infodev@avaya.com

Administration 5. Enable the 3xx Handling option, and click Finish to save the changes.

Microsoft federation with internal Avaya Aura domain and external Microsoft domain
The following diagram illustrates the message flow and server connections of the different components. In this deployment, it is possible for Microsoft clients in domain #1 to federate with both Microsoft and Avaya Aura clients in domain #2. Similarly, it is possible for both Microsoft and Avaya Aura clients in domain #2 to federate with Microsoft clients in domain #1. If Avaya Aura clients are federated with Microsoft clients in domain #1, the messages tandem through the Microsoft system in domain #2.

April 2021

Avaya Aura® Presence Services Snap-in Reference

184

Comments on this document? infodev@avaya.com

Federation

Checklist for configuring Microsoft federation with internal Avaya Aura domain and external Microsoft domain

No.

Task

Reference

1

Configure Microsoft external domain federation between See Microsoft

the Microsoft systems in domain #1 and domain #2.

documentation

As a result of this setup, Microsoft clients in domain #1 must be able to federate with Microsoft clients in domain #2, and Microsoft clients in domain #2 must be able to federate with Microsoft clients in domain #1.

as this is a standard Microsoft configuration.

2

Configure Microsoft Real Time Communication (RTC) Microsoft Real

Federation between the Microsoft system in domain #2 Time

and the Avaya Aura Presence Services system in

Communication

domain #2.

(RTC)

As a result of this configuration, Microsoft clients in domain #2 must be able to federate with Avaya Aura

Federation on page 125

clients in domain #2, and Avaya Aura clients in domain

#2 must be able to federate with Microsoft clients in

domain #2.

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

185

Comments on this document? infodev@avaya.com

Administration

No.

Task

Reference

3

Configure Avaya Presence Services attributes to enable Configure Avaya

the tandem domain support.

Aura Presence

As a result of this configuration, Microsoft clients in domain #1 will be able to federate with Avaya Aura clients in domain #2, and Avaya Aura clients in domain #2 will be able to federate with Microsoft clients in domain #1.

Services attributes to enable tandem domain support on page 186

Configuring Presence Services attributes to enable tandem domain support
Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes.
3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster.
4. In the Service field, click the Presence Services service.
5. On the Attributes Configuration page, navigate to the Microsoft Federation group.
6. In the Microsoft Federation Enabled field, in Effective Value, click True.
7. In the Internal Microsoft Domain List field, in Effective Value, type the list of Microsoft domain names.
Use a comma as a separator to specify multiple Microsoft domains.
The syntax for configuring a tandem domain is: "target-domain-name : tandemdomain-name".
8. (Optional) To override the default value, select the Override Default check box.
9. Click Commit.
The following diagram shows the "Internal Microsoft Domain List" to be domain2.com, and domain1.com:domain2.com. This is the correct configuration for the diagram shown in the Microsoft federation with internal Avaya Aura domain and external Microsoft domain section.
The first entry "domain2.com" is used to federate in domain #2 between Microsoft and Avaya Aura users. The second entry "domain1.com : domain2.com" is used to federate between Microsoft users in domain #1 and the Avaya Aura users in domain #2. This configuration instructs Presence Services to use domain2.com as a tandem to reach Microsoft users in domain1.com.

April 2021

Avaya Aura® Presence Services Snap-in Reference

186

Comments on this document? infodev@avaya.com

Federation
Microsoft federation with internal and external domains using inter-PS federation
The following diagram illustrates the message flow and server connections of the different components required to deploy Internal domain federation combined with Inter-PS federation. Avaya Aura® users in domain 1 can watch Microsoft users in domain 2 using the Presence Services in domain 2 as a tandem server. Avaya Aura® users in domain 1 can also watch Avaya Aura® users in domain 2 using Inter-PS federation. Similarly Microsoft users in domain 2 can watch Avaya Aura® users in the external domain 1 via the tandem Presence Services in domain 2. They can also watch Avaya Aura® users in domain 2 using Microsoft Internal Domain federation. Using the concepts and configuration details described below, the Microsoft Front End server could be deployed in either domain, or one in each domain. For simplicity, the steps will cover a Front End server deployed only in domain 2.

April 2021

Avaya Aura® Presence Services Snap-in Reference

187

Comments on this document? infodev@avaya.com

Administration

Checklist for configuring Microsoft federation with internal and external domains using Inter-PS federation

No.

Task

Link

Domain 1 configuration

1

Configure Inter-PS Federation to domain 2.

2

Configure Session Manager routing policies

and regular expression to Avaya SBCE for

domain 1.

Domain 2 configuration

1

Configure Microsoft Internal domain

federation.

2

Configure Microsoft trusted application.

3

Configure Microsoft trusted application pool.

4

Configure Microsoft Front End static routing.

5

Configure Inter-PS federation to domain 1.

6

Configure Session Manager routing policies

and regular expressions to Avaya SBCE for

domain 2.

Configuring inter-PS federation to domain 2 on page 189
Configuring Session Manager routing policies and regular expression to Avaya SBCE for domain 1 on page 189
Configuring Microsoft internal domain federation on page 190
Configuring Microsoft trusted application on page 191
Configuring Microsoft trusted application pool on page 190
Configuring Microsoft Front End static routing on page 191
Configuring inter-PS federation to domain 1 on page 191
Configuring Session Manager routing policies and regular expressions to Avaya SBCE for domain 2 on page 192

Domain 1 configuration
The Avaya Aura® system in domain 1 is configured to use Inter-PS federation to allow its users to watch Avaya Aura® and Microsoft users in domain 2. Signaling for Avaya Aura® users watching Microsoft users in domain 2 is tandemed through the Presence Services in domain 2. All signaling is routed through Avaya Session Border Controller for Enterprise at the edges of each domain. Use of Avaya Session Border Controller for Enterprise is optional, since no message manipulation is required, but recommended to protect each domain from the public network. Since both Avaya Aura® and Microsoft users are in the same external domain that is, domain 2, a single set of configuration rules routing to that domain are required. For more information, see

April 2021

Avaya Aura® Presence Services Snap-in Reference

188

Comments on this document? infodev@avaya.com

Federation
"Checklist for configuring federation between two Presence Services clusters on different System Managers." Related links Checklist for configuring federation between two Presence Services clusters on different System Managers on page 196
Configuring inter-PS federation to domain 2
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Inter-PS Federation group. 6. In the Inter PS Federation Enabled field, in Effective Value, click True. 7. In the Inter-PS Domain Name List field, in Effective Value, add Domain 2. Use a comma as a separator to specify multiple domains. 8. (Optional) To override the default value, select the Override Default check box. 9. Click Commit.
Configuring Session Manager routing policies and regular expression to Avaya SBCE for domain 1
Procedure 1. On the System Manager web console, navigate to Elements > Routing. 2. Create a new regular expression and routing policy to route the Inter-PS messages to either the local Avaya Aura® Session Border Controller in domain 1 or the remote Session Manager in domain 2. The routing policy must have either the local Avaya SBCE or the remote Session Manager as its destination SIP Entity. 3. Ensure that the regular expression contains a generic user and domain regular expression that identifies the users in domain 2. For example, ".*@domain2\.com".
Domain 2 configuration
The Avaya Aura® system in domain 2 is configured to use Inter-PS federation to enable users and the Microsoft users to watch Avaya Aura® users in domain 1. Signaling for Microsoft users watching Avaya Aura® users in domain 1 is tandemed through the Presence Services in domain 2. All signaling is routing through Avaya Aura® Session Border Controller at the edges of each domain. Use of Avaya Aura® Session Border Controller is optional, since no message manipulation is required, but recommended to protect each domain from the public network

April 2021

Avaya Aura® Presence Services Snap-in Reference

189

Comments on this document? infodev@avaya.com

Administration
Following are the sets of routing configuration required: 1. Inter-PS federation between the domain 1 and domain 2. For more information, see "Checklist for configuring federation between two Presence Services clusters on different System Managers." 2. Microsoft internal domain federation within domain 2 between the Avaya Aura® and Microsoft systems. For more information, see "Microsoft Real Time Communication (RTC) Federation." 3. Additional Session Manager routing configuration required to force Microsoft internal federation signaling into Presence Services in domain 2. For more information, see "Configuring Microsoft Internal Domain Federation."
Related links Microsoft Real Time Communication (RTC) Federation on page 125 Checklist for configuring federation between two Presence Services clusters on different System Managers on page 196 Configuring Microsoft internal domain federation on page 190
Configuring Microsoft internal domain federation
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Microsoft Federation group. 6. In the Microsoft Federation Enabled field, in Effective Value, click True. 7. In the Internal Microsoft Domain List field, in Effective Value, type the list of domains handled by Microsoft that are internal to the enterprise where Presence Services is deployed.
Use a comma as a separator to specify multiple domain names. 8. (Optional) To override the default value, select the Override Default check box. 9. Click Commit.
Configuring Microsoft trusted application pool
Procedure
1. On the Microsoft Front End server, use the New-CsTrustedApplicationPool cmdlet to create the application pool.
2. Select one of the Presence Services cluster nodes as the ComputerFqdn. 3. Add all additional Presence Services cluster nodes into the pool using the New-
CsTrustedApplicationComputer cmdlet specifying each Presence Services node

April 2021

Avaya Aura® Presence Services Snap-in Reference

190

Comments on this document? infodev@avaya.com

Federation
and pool created earlier. For more information, see ,"Configuring Microsoft Front End server Trusted Application Pool, Trusted Application and Static Route."
Related links Configuring Microsoft Front End server Trusted Application Pool, Trusted Application and Static Route on page 130
Configuring Microsoft trusted application
Procedure
On the Microsoft Front End server, use the New-CsTrustedApplication cmdlet to create the trusted application specifying an application identity and the trusted pool created earlier. For more information, see "Configuring Microsoft Front End server Trusted Application Pool, Trusted Application and Static Route." Related links Configuring Microsoft Front End server Trusted Application Pool, Trusted Application and Static Route on page 130
Configuring Microsoft Front End static routing
Procedure
1. On the Microsoft Front End server, use the New-CsStaticRoute and SetCsStaticRoutingConfiguration cmdlets to create a static route. The static route will route signaling from the Microsoft Front End to the Domain 2 Presence Services federation relay component by specifying the trust application pool identifier, the internal domain (Domain 2) and port 5063.
2. Create a second static route that will route signaling from the Microsoft Front End to the Domain 2 Presence Services federation relay component by specifying the same trusted application pool identifier, the external domain (Domain 1) and port 5063. The Domain 2 Presence Services will forward the signaling to the Domain 1 Presence Services through Inter-PS federation. For more information, see "Configuring Microsoft Front End server Trusted Application Pool, Trusted Application and Static Route."
Related links Configuring Microsoft Front End server Trusted Application Pool, Trusted Application and Static Route on page 130
Configuring inter-PS federation to domain 1
Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes.
3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster.
4. In the Service field, click the Presence Services service.
5. On the Attributes Configuration page, navigate to the Inter-PS Federation group.

April 2021

Avaya Aura® Presence Services Snap-in Reference

191

Comments on this document? infodev@avaya.com

Administration
6. In the Inter PS Federation Enabled field, in Effective Value, click True.
7. In the Inter-PS Domain Name List field, in Effective Value, add Domain 1.
Use a comma as a separator to specify multiple domain names.
8. (Optional) To override the default value, select the Override Default check box.
9. Click Commit.
Configuring Session Manager routing policies and regular expressions to Avaya SBCE for domain 2
Procedure
1. On the System Manager web console, navigate to Elements > Routing. Create a new regular expression and routing policy to route the Inter-PS messages to either the local Avaya Aura® Session Border Controller in domain 2 or the remote Session Manager in domain 1.
a. Ensure that the routing policy has either the local Avaya Session Border Controller for Enterprise or the remote Session Manager as its destination SIP Entity.
b. Ensure that the regular expression contains a generic user and domain regular expression that identifies the users in domain 1 with an additional special parameter. For example, ".*@domain1\.com.*av-ps-ps-fed.*".
2. Create a second routing policy with three Regular Expressions.
One to route the tandem Inter-PS signaling from Domain 1 into the Domain 2 Presence Services to be forwarded to the Microsoft Front End. The second and third Regular Expressions to route the tandem presence and IM signaling from the Microsoft Front End into the local Presence Services cluster in Domain 2.
a. Ensure that the routing policy has the local Presence Services cluster as its destination SIP Entity.
This SIP Entity is of type Presence Services that represents the Presence Services cluster. b. Ensure that the first Regular Expression contains a generic user and domain Regular Expression that identifies the users in domain 2, either Avaya Aura or Microsoft users, with an additional special parameter.
This will route Inter-PS signaling from domain 1 into the Presence Services in domain 2. For example: .*@domain2\.com.*av-ps-ps-fed.* c. Ensure that the second and third Regular Expressions contains a generic user and domain Regular Expression that identifies the Aura users in domain 1 with additional special parameters.
One regular expression to route Microsoft federation presence signaling into the Domain 2 Presence Services to be forwarded through Inter-PS federation to Domain 1. For example: .*@domain1\.com.*av-msfe-ps-fed.*. The second Regular Expression to route Microsoft federation IM signaling into the domain 2 Presence Services to be forwarded through Inter-PS federation to domain 1. For

April 2021

Avaya Aura® Presence Services Snap-in Reference

192

Comments on this document? infodev@avaya.com

Federation
example: .*@domain1\.com.*av-msfe-imgw-fed.*. The separation of presence and IM signaling is to allow for deployments with AMM.
Microsoft Federation hostname verification
If extended hostname validation is enabled, then you must configure the following: · Session Manager for identify certificates · Breeze Server for identify certificates · Presence Services attributes
For more information, see "Extended hostname validation." Related links
Extended hostname validation on page 356
Setting up Identity Certificates for Session Manager
Procedure 1. Log in to the System Manager web console as an administrator. 2. Click Services > Inventory > Manage Elements. 3. Select the Session Manager instance. 4. In the More Actions field, select Manage Identity Certificates. 5. Select Security Module SIP, and click Replace. 6. From the Key Algorithm drop-down, select RSA. 7. From the Key Size drop-down, select 2048. 8. In the Subject Alternative Name field, do the following: a. Select the DNS Name check box and enter the FQDN, which should be the same as the Common Name filed. b. Select the IP Address check box, and enter the Session Manager Asset IP address. 9. Click Commit.
10. Repeat Step 3 to Step 7 for each Session Manager that have SIP Entity link to PSNG cluster.
11. Modify the Identity Certificates. 12. Restart the Session Manager.
Setting up Identity Certificates for Breeze server
Procedure 1. Log in to the System Manager web console as an administrator.

April 2021

Avaya Aura® Presence Services Snap-in Reference

193

Comments on this document? infodev@avaya.com

Administration
2. Click Services > Inventory > Manage Elements. 3. Select the Avaya Breeze® platform instance. 4. In the More Actions field, select Manage Identity Certificates. 5. Select Security Module SIP, and click Replace. 6. From the Key Algorithm drop-down, select RSA. 7. From the Key Size drop-down, select 2048. 8. In the Subject Alternative Name field, do the following:
a. Select the DNS Name check box, and enter the FQDN which should be the same as the Common Name filed.
b. Select the IP Address check box, and enter the Avaya Breeze® platform Security Module IP address.
9. Click Commit. 10. Repeat Step 3 to Step 7 for each Breeze nodes in a Presence Service cluster. 11. Modify the Identity Certificates. 12. Restart the Session Manager.
Configuring Presence Services attributes
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Microsoft Federation group. 6. In the Internal Microsoft Domain List field, in Effective Value, the domain name appears: If the extended hostname validation is enabled, the format is: domain-name followed by Front-End Server FQDN with parentheses enclosed. For example, for a Microsoft domain name (Microsoft Front-End Server FQDN). If Presence Services is federated with more than one Microsoft domains, use a comma to separate each domain and FQDN pair. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. The following screenshot shows Microsoft Federation Attribute configuration for federating with two Microsoft domains: ms.domain-a.com and ms.domain-b.com, with Front-End FQDNs for domain-1 and domain-2.

April 2021

Avaya Aura® Presence Services Snap-in Reference

194

Comments on this document? infodev@avaya.com

Federation

Inter-PS federation
Inter-PS federation allows exchange of Presence and IM between different Presence Services clusters. You can configure federation between:
· Two Presence Services clusters on the same System Manager. · Two Presence Services clusters on different System Managers.
Configuration of federation between two Presence Services clusters on the same System Manager
Presence Services to Presence Services federation between two clusters on the same System Manager works without explicit configuration. The two clusters may also share one or more domains. There are no domain limitations or requirements for federation to work. To set up Inter-PS federation, you will need:
· Two Presence Services clusters on the same System Manager, that is, two Avaya Breeze® platform core clusters running Presence Services.
· Presence Communication profile set up correctly for users, that is, Aura presence users must be assigned correctly to the presence clusters. This setting is required for Presence/IM to work.
Assigning Avaya Presence/IM communication address to user on System Manager About this task An Avaya Presence/IM communication address is a unique presence identifier for a user. Servers, devices, and other users use this identifier to exchange IM and presence information with the user. Before you begin A user must already exist on System Manager at Users > User Management. Procedure 1. On the System Manager web console, navigate to Users > User Management

April 2021

Avaya Aura® Presence Services Snap-in Reference

195

Comments on this document? infodev@avaya.com

Administration
The system displays the User Management page. 2. Click Manage Users. 3. Select the user, and click Edit.
The system displays the User Profile Edit page. 4. Click the Communication Profile tab. 5. In the Communication Address section, click New. 6. In the Communication Address Add/Edit dialog box, in the Type field, click Avaya
Presence/IM. 7. In the Fully Qualified Address fields, do the following:
a. In the first field, type the user part of the Avaya Presence/IM communication address. b. In the second field, type the Presence/IM routing domain that was defined in
"Configuring Presence/IM routing domain on System Manager."
Note: Both the user and domain must be in lowercase to use with XMPP clients and XMPP federation. For example, 1XC in both SIP & H323 mode use XMPP for IM, and therefore user and domain must use lowercase Presence/IM handles. Federation with any XMPP systems also require lowercase Presence/IM handles. 8. Click OK. 9. On the User Profile Edit page, click Commit.
Note: The Avaya Presence/IM communication address must be administered on the default Communication Profile. Related links Configuring Presence/IM routing domain on System Manager on page 301
Checklist for configuring federation between two Presence Services clusters on different System Managers
To set up Inter-PS federation, you will need: · Two Presence Services clusters on different System Managers. · Unique Presence domains for both the clusters. · Presence Communication profile set up correctly for users, that is, Aura presence users must be assigned correctly to the presence clusters. This setting is required for Presence/IM to work.
Note: For correct user routing from Session Manager to the Presence Services cluster, all Avaya Presence/IM handles must be lowercase. Using uppercase characters might result in the

April 2021

Avaya Aura® Presence Services Snap-in Reference

196

Comments on this document? infodev@avaya.com

Federation

inability for Session Manager to route presence and/or IM to an Avaya user from the other system, resulting in loss of presence updates or proper exchanging of IM's. Check if there are any Avaya users with Avaya Presence/IM handles in uppercase characters on both System Managers and, if so, edit the handle to lowercase characters.

No. Task

Reference

1

Enable Inter-PS federation for both the

Presence Services clusters.

Enabling Inter-PS federation on page 197

2

Enable or disable multimedia attachment

Enabling or disabling multimedia

support.

attachment support on page 198

3

Configure the Session Manager routing for Configuring the Session Manager

both the System Managers.

routing on page 198

4

Assign communication profile to users.

Assigning Avaya Presence/IM communication address to user on System Manager on page 195

5

Downloading certificate from the first System Downloading certificate from System

Manager instance.

Manager on page 199

6

Adding certificate to Session Manager on the Adding certificate to Session Manager on

second System Manager instance.

page 199

7

Downloading certificate from the second

System Manager instance.

Downloading certificate from System Manager on page 199

8

Adding certificate to Session Manager on the Adding certificate to Session Manager on

first System Manager instance.

page 199

Enabling Inter-PS federation About this task Inter-PS federation must be enabled on both clusters for federation to work correctly. Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Inter-PS Federation group. 6. In the Inter PS Federation Enabled field, in Effective Value, click True. 7. In the Inter-PS Domain Name List field, in Effective Value, type the list of federated Presence Services domain names.
Use a comma as a separator to specify multiple domain names. 8. (Optional) To override the default value, select the Override Default check box.

April 2021

Avaya Aura® Presence Services Snap-in Reference

197

Comments on this document? infodev@avaya.com

Administration
9. Click Commit. Enabling or disabling multimedia attachment support
About this task This attribute must be enabled to allow Inter-PS federated Avaya Workplace Client users to share multimedia attachments. Multimedia attachments are sent as web links to Inter-PS federated conversation participants.
Note: The web link is temporary and expires after 10 minutes. The attachment file will not be accessible by using the link after 10 minutes. Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® >
Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Inter-PS Federation group. 6. Select True to enable attachment support, or False to disable it.
Note: The default value is False so that the Inter-PS attachment support is disabled by default when Inter-PS federation is enabled. 7. To override the default value, select the Override Default check box. 8. Click Commit. Configuring the Session Manager routing Procedure 1. On the System Manager web console, navigate to Elements > Routing > SIP Entities > New. 2. Add a new Entity entry for the Session Manager on the other System Manager with the following values: · Name: Enter a name for Session Manager. · IP Address: Enter the asset IP address of Session Manager. · Type: Select Other. 3. Create SIP Entity Link to connect Session Manager on the host System Manager to this new SIP Entity. a. Select Entity Links, and click add. b. In the Name filed, type a name for the new SIP Entity Link.

April 2021

Avaya Aura® Presence Services Snap-in Reference

198

Comments on this document? infodev@avaya.com

c. In the SIP Entity 1 field, select local Session Manager instance. d. In the SIP Entity 2 field, select the newly created SIP Entity. e. In the Protocol field, enter TLS.
The system automatically enters 5061 in both the "Port" fields.
Important: Do not change the value in the "Port" fields. f. Click Commit. 4. Click Commit. 5. Click Routing > Routing Policies > New. 6. Create a routing policy with the following values: · Name: Enter a name for the routing policy. · Retries: Enter the number of retries. · SIP Entity as Destination: Select the SIP Entity created in Step 2. 7. Click Commit. 8. Click Routing > Regular Expressions > New. 9. Create regular expression with the following values: · Pattern: Add a pattern matching all users in the remote domain. For example, .*@alpha\.ps\.avaya\.com. · Routing Policy: Select the routing policy created in Step 5. 10. Click Commit. This procedure needs to be done on the other System Manager as well. Downloading certificate from System Manager Procedure 1. On the System Manager web console, navigate to Services > Security. 2. Click Certificates > Authority. 3. On the CA Functions page, click CA Structure & CRLs. 4. Click Download PEM file. 5. Save the downloaded file. Adding certificate to Session Manager Before you begin Download the certificate from System Manager.

Federation

April 2021

Avaya Aura® Presence Services Snap-in Reference

199

Comments on this document? infodev@avaya.com

Administration
Procedure 1. Navigate to Services > Inventory > Manage Elements. 2. Select the Session Manager instance and click More Actions > Manage Trusted Certificates. 3. Click Add. 4. Select Import from file and import the PEM file downloaded in "Downloading certificate from System Manager". 5. Click Retrieve Certificate. 6. Click Commit.
Related links Downloading certificate from System Manager on page 199
User or contact management from an Aura client
Presence Services clusters on the same System Manager A federated contact is added like any other Aura contact. The watcher is unaware of the fact that the presentity is external from presence perspective. H323 watcher of a federated presentity:

SIP watcher of a federated presentity:

April 2021

Avaya Aura® Presence Services Snap-in Reference

200

Comments on this document? infodev@avaya.com

Federation

Presence Services clusters on different System Managers A federated contact is added like an external contact. H323 or SIP watcher of a federated presentity:

Note: In a multi Session Manager deployment, that is a System Manager having multiple Session Managers, configure SIP Entity Links among Session Managers so that all Session Managers can communicate. This requirement is mandatory if Inter-PS federation is enabled.
XMPP federation
Presence Services uses XMPP to federate with the following types of remote deployments: · Presence Services prior to Release 7.0 · Cisco Jabber · Ignite Realtime Openfire · Any standard XMPP server

April 2021

Avaya Aura® Presence Services Snap-in Reference

201

Comments on this document? infodev@avaya.com

Administration

Ignite Realtime Openfire and Cisco Jabber only support a single local Presence/IM domain and support federation on a single-server deployment.
Presence Services supports multiple local Presence/IM domains and supports federation on a single-server or a multi-server cluster.
Federation between two deployments of Presence Services is supported using SIP. For more information, see "Inter-PS federation."
XMPP federation supports XEP 0045 multi-user chat only with Avaya Workplace Client clients. The chat rooms are hosted on either Presence Services or an XMPP federated system depending on which system starts the conference.
Related links Inter-PS federation on page 195

Key customer configuration information for XMPP federation

Obtain the following information, and record it in the Customer value column of the table, before performing the tasks in the checklist. The task descriptions include screenshots using the values in the Sample value column of "Single-server Cluster Federated with Ignite Openfire example values". The Sample value column is based on the following example:

· Presence Services is deployed on a single-server cluster with two local presence/IM domains.
· Federated with Ignite Realtime Openfire in a single-server deployment with a single presence/IM domain.
Single-server Cluster Federated with Ignite Openfire example values

No. Requirement
1 Avaya Breeze® platform Security Module IP addresses
2 Local Presence/IM domains

Customer value

3 S2S Port number 4 Remote Presence/IM domains 5 Remote server IP addresses 6 Remote type

Sample value 192.0.2.28
presenceservices1.ps.av aya.com presenceservices2.ps.av aya.com 5269 of.avaya.com 198.51.100.91 Openfire

Checklist for configuring XMPP federation
In the following checklists: · m refers to the number of servers in the local Presence Services cluster. · n refers to the number of local Presence/IM domains supported on the Presence Services cluster.

April 2021

Avaya Aura® Presence Services Snap-in Reference

202

Comments on this document? infodev@avaya.com

Federation

· o refers to the number of servers in the remote deployment. · p refers to the number of remote Presence/IM domains.

Checklist for configuring XMPP federation using TCP

No.

Task

Reference

1

Administer m * n DNS SRV

Administering DNS SRV records for local

records to resolve _xmpp-

Presence Services domains on page 210

server to Avaya Breeze®

platform Security Module IP

address and S2S Port for local

Presence/IM domain.

2

Administer o * p DNS SRV records Administering DNS SRV records for remote

to resolve _xmpp-server to remote domains on page 211

server IP address and S2S Port

for remote Presence/IM domain.

3

Administer XMPP federation in

Administering XMPP federation in unsecure mode

unsecure mode (TCP).

(TCP) on page 208

4

Administer Server to Server

Settings in Openfire.

Administering Server to Server Settings on Openfire on page 205

5

Administer Security Settings

Administering Security Settings (TCP) on

(TCP) in Openfire.

Openfire on page 206

6

Verify DNS resolution and server Verifying DNS resolution and server

reachability.

reachability on page 212

Checklist for configuring XMPP federation using TLS with self-signed

No.

Task

Reference

1

Administer m * n DNS SRV

Administering DNS SRV records for local

records to resolve _xmpp-

Presence Services domains on page 210

server to Avaya Breeze®

platform Security Module IP

address and S2S Port for local

Presence/IM domain.

2

Administer o * p DNS SRV records Administering DNS SRV records for remote

to resolve _xmpp-server to remote domains on page 211

server IP address and S2S Port

for remote Presence/IM domain.

3

Administer XMPP federation in

Administering XMPP federation in secure mode

secure mode (TLS).

(TLS) on page 209

4

Administer Server to Server

Settings in Openfire.

Administering Server to Server Settings on Openfire on page 205

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

203

Comments on this document? infodev@avaya.com

Administration

No.

Task

Reference

5

Administer Security Settings TLS Administering Security Settings TLS on

on Openfire.

Openfire on page 206

6

Administer Disable Certificate

Administering Disable Certificate Verification on

Verification in Openfire.

Openfire on page 207

7

Configure Openfire Certificate, if Significance of enabling extended hostname

Extended Hostname Validation is validation on page 214

enabled.

8

Export Openfire Certificate on

Exporting Openfire Certificate (Linux) on

Linux.

page 285

9

Export Openfire Certificate on

Exporting Openfire Certificate (Windows) on

Windows.

page 286

10

Import Certificate into Cluster

Importing certificate into Cluster Truststore on

Truststore.

page 286

11

Import System Manager root CA Importing System Manager root CA certificate into

certificate into Openfire Truststore Openfire Truststore (Windows) on page 287

on Windows.

12

Import System Manager root CA Importing the System Manager Default CA

certificate into Openfire Truststore certificate into Microsoft Front End server Trust

on Linux.

Store on page 288

13

Verify DNS resolution and server Verifying DNS resolution and server

reachability.

reachability on page 212

Checklist for configuring XMPP federation using TLS with System Manager CA signed

No.

Task

Reference

1

Administer m * n DNS SRV

Administering DNS SRV records for local

records to resolve _xmpp-

Presence Services domains on page 210

server to Avaya Breeze®

platform Security Module IP

address and S2S Port for local

Presence/IM domain.

2

Administer o * p DNS SRV records Administering DNS SRV records for remote

to resolve _xmpp-server to remote domains on page 211

server IP address and S2S Port

for remote Presence/IM domain.

3

Administer XMPP federation in

Administering XMPP federation in secure mode

secure mode (TLS).

(TLS) on page 209

4

Administer Server to Server

Settings in Openfire.

Administering Server to Server Settings on Openfire on page 205

5

Administering Security Settings Administering Security Settings TLS on

TLS on Openfire.

Openfire on page 206

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

204

Comments on this document? infodev@avaya.com

Federation

No.

Task

Reference

6

Configure Openfire Certificate, if Significance of enabling extended hostname

extended hostname validation is validation on page 214

enabled

7

Administer Disable Certificate

Administering Disable Certificate Verification on

Verification in Openfire.

Openfire on page 207

8

Create Entity Profile on System Creating Entity Profile on System Manager on

Manager.

page 288

9

Generate a Certificate Signing

Generating a certificate signing request on the

Request (CSR) on Openfire.

Openfire server on page 289

10

Sign the Openfire CSR on System Signing the Openfire certificate signing request

Manager.

(CSR) on System Manager on page 290

11

Install the System Manager CA

Installing the System Manager CA and Signed

and Signed Openfire Certificate on Openfire Certificate on Openfire on page 291

Openfire.

12

Verify DNS resolution and server Verifying DNS resolution and server

reachability.

reachability on page 212

Administering Server to Server Settings on Openfire
About this task This procedure uses the sample values in the "Single-server Cluster Federated with Ignite Openfire example values" table in the "Key customer configuration information for XMPP federation" section. Procedure
1. On the Openfire server, navigate to Server > Server Settings > Server to Server Settings.
2. In Service Enabled, select Enabled - Remote servers can exchange packets with this server on port 5269.
3. Assign a port number.
For example, 5269. 4. Click Save Settings. 5. In Idle Connections Settings, select the Never close idle connections check box.
This step is recommended. 6. Click Save Settings. 7. In Allowed to Connect, select the Anyone - Any remote server is allowed to connect
to this server. Use the table below to override the default settings check box.
This step is recommended. 8. Click Save Settings.

April 2021

Avaya Aura® Presence Services Snap-in Reference

205

Comments on this document? infodev@avaya.com

Administration
Related links Key customer configuration information for XMPP federation on page 202
Administering Security Settings (TCP) on Openfire
About this task Use this procedure to modify the Openfire server settings for TCP connections. The procedures are different depending on the version of Openfire installed. For more details, refer to Openfire documentation. Procedure
1. For Openfire 3.x: a. Navigate to Server > Server Settings > Security Settings. b. In Server Connection Security, configure the Openfire server to use TCP: a. Select the Custom check box. b. In the Server Dialback field, select Available. c. In the TLS method field, select Not Available. The Accept self-signed certificates. Server dialback over TLS is now available check box is not relevant when TCP is used. c. Click Save Settings.
2. For Openfire 4.x: a. Navigate to Server > Server Settings > Server to Server Settings. b. In the Plain-text (with STARTTLS) connections section, click Advanced Configuration. c. In TCP Settings, select Enabled and enter Port 5269. d. In STARTTLS policy, select Disabled. e. Click Save Settings.
Administering Security Settings TLS on Openfire
About this task Use this procedure to modify the Openfire server settings for TLS connections. The procedures are different depending on the version of Openfire installed. For more details, refer to Openfire documentation. Procedure
1. For Openfire 3.x: a. On the Openfire server, navigate to Server > Server Settings > Security Settings. b. In Server Connection Security, configure the Openfire server to use TLS: a. Select Required - Connections between servers always use secured connections.

April 2021

Avaya Aura® Presence Services Snap-in Reference

206

Comments on this document? infodev@avaya.com

Federation
b. Select the Accept self-signed certificates. Server dialback over TLS is now available check box.
c. Click Save Settings. 2. For Openfire 4.x:
a. Navigate to Server > Server Settings > Server to Server Settings. b. In the Plain-text (with STARTTLS) connections section, click Advanced
Configuration. c. In TCP Settings, select Enabled and enter Port 5269. d. In STARTTLS policy, select Required. e. In Mutual Authentication, select Needed if the Presence Services certificate
contains a subject alternative name (SAN) of the OtherName type with an XMPPaddr identifier. Otherwise, select Disabled. f. In Certificate chain checking, select Allow peer certificates to be self-signed and Verify that the certificate is currently valid. g. In Encryption Protocols, clear TLSv1.1 (not supported by Avaya Aura®). Ensure that the minimum supported TLS version configured on System Manager matches the TLS versions chosen on Openfire. For example, if the minimum supported version on System Manager is TLSv1.2, then TLSv1.2 must be selected on Openfire as well. h. Click Save Settings.
Administering Disable Certificate Verification on Openfire
About this task This procedure is required if the Presence Services certificate does not contain a subject alternative name (SAN) of the OtherName type and with an XMPPaddr identifier.
Note: This procedure is not supported for Openfire 4.1.1. Openfire versions greater than 4.1.1 support this procedure. Procedure 1. On the Openfire server, navigate to Server > Server Manager > System Properties >
Add new property. 2. In the Property Name field, add xmpp.server.certificate.verify. 3. In the Property Value field, add false. 4. Click Save Property. 5. Verify that the xmpp.server.certificate.verify entry appears in the list as false. 6. In the Property Name field, add xmpp.server.certificate.verify.chain, 7. In the Property Value field, add false.

April 2021

Avaya Aura® Presence Services Snap-in Reference

207

Comments on this document? infodev@avaya.com

Administration
8. Click Save Property. 9. Verify that the xmpp.server.certificate.verify.chain entry appears in the list as false.
Administering Enable Certificate Verification on Openfire
About this task This procedure is required if the Presence Services certificate contains a subject alternative name (SAN) of the OtherName type and with an XMPPaddr identifier. Procedure
1. On the Openfire server, navigate to Server > Server Manager > System Properties > Add new property.
2. In the Property Name field, add xmpp.server.certificate.verify. 3. In the Property Value field, add true. 4. Click Save Property. 5. Verify that the xmpp.server.certificate.verify entry appears in the list as true. 6. In the Property Name field, add xmpp.server.certificate.verify.chain, 7. In the Property Value field, add true. 8. Click Save Property. 9. Verify that the xmpp.server.certificate.verify.chain entry appears in the list as true.
Administering XMPP federation in unsecure mode (TCP)
About this task To federate Presence Services with another XMPP server, an instance of an XMPP Federation x service attribute group must be administered, where x is a value from 1 to 4. In some conditions, one instance can be shared for more than one federated server. This procedure uses the sample values in the "Single-server Cluster Federated with Ignite Openfire example values" table in the "Key customer configuration information for XMPP federation" section. x refers to a value from 1 to 4. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the XMPP Federation x group. 6. In the Component Enabled x field, in Effective Value, click True.
XMPP Federation is disabled by default.

April 2021

Avaya Aura® Presence Services Snap-in Reference

208

Comments on this document? infodev@avaya.com

Federation
7. To disable secure mode, in the Enable Secure Communications (TLS) x field, in Effective Value, click False. Secure mode (TLS) is enabled by default.
8. To change the federation server type, in the Federation Type x field, in Effective Value, click: · Openfire to federate with an Ignite Realtime Openfire server. · Avaya to federate with a pre-7.0 Presence Services server. · Cisco to federate with a Cisco Jabber server. · Generic to federate with other XMPP servers. Openfire is the default federation type.
9. To add the federated domain, in the XMPP Federation Domain List x field, in Effective Value, type one or more federated domains. In this example, type of.avaya.com.
10. (Optional) To override the default value, select the Override Default check box. 11. Click Commit. Related links Key customer configuration information for XMPP federation on page 202
Administering XMPP federation in secure mode (TLS)
About this task To federate Presence Services with another XMPP server, an instance of an XMPP Federation x service attribute group must be administered, where x is a value from 1 to 4. In some conditions, one instance can be shared for more than one federated server. This procedure uses the sample values in the "Single-server Cluster Federated with Ignite Openfire example values" table in the "Key customer configuration information for XMPP federation" section. x refers to a value from 1 to 4. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the XMPP Federation x group. 6. In the Component Enabled x field, in Effective Value, click True.
XMPP Federation is disabled by default. 7. To disable the secure mode, in the Enable Secure Communications (TLS) x field, in
Effective Value, click True.

April 2021

Avaya Aura® Presence Services Snap-in Reference

209

Comments on this document? infodev@avaya.com

Administration
Secure mode (TLS) is enabled by default. 8. To change the federation server type, in the Federation Type x field, in Effective Value,
click: · Openfire to federate with an Ignite Realtime Openfire server. · Avaya to federate with a pre-7.0 Presence Services server. · Cisco to federate with a Cisco Jabber server. · Generic to federate with other XMPP servers. Openfire is the default federation type. 9. To add the federated domain, in the XMPP Federation Domain List x field, in Effective Value, type one or more federated domains. In this example, type of.avaya.com. 10. (Optional) To override the default value, select the Override Default check box. 11. Click Commit. Related links Key customer configuration information for XMPP federation on page 202
Administering DNS SRV records for local Presence Services domains
About this task Use this procedure to administer n DNS SRV records to resolve xmpp-server to either Presence Services cluster FQDN (for multi-node clusters) or Avaya Breeze® platform Security Module IP address (for single-node clusters) and S2S port for each Presence/IM domain to be federated with the external XMPP system. This procedure uses the sample values in the "Single-server Cluster Federated with Ignite Openfire example values" table in the "Key customer configuration information for XMPP federation" section. Procedure On Domain Name Server used by the federated server, create an SRV record with the following values: · Domain: presenceservices1.ps.avaya.com · Service: _xmpp-server · Protocol: _tcp · Port number: 5269 · Host offering this service: Enter Presence Services cluster FQDN (for multi-node clusters) or
Avaya Breeze® platform Security Module IP address (for single-node clusters)

April 2021

Avaya Aura® Presence Services Snap-in Reference

210

Comments on this document? infodev@avaya.com

Federation

Repeat the procedure for each Presence/IM domain that you want to federate with external XMPP systems.
Related links Key customer configuration information for XMPP federation on page 202
Administering DNS SRV records for remote domains
About this task Use this procedure to administer o * p DNS SRV records to resolve xmpp-service to a remote IP address and the S2S port for a remote Presence/IM domain. o refers to the number of servers in the remote deployment. p refers to the number of remote Presence/IM domains. This procedure uses sample values in the "Single-server Cluster Federated with Ignite Openfire example values" table in the "Key customer configuration information for XMPP federation" section. Procedure
On the Domain Name Server used by the Presence Services cluster, create an SRV record with the following values:
· Domain: of.avaya.com

April 2021

Avaya Aura® Presence Services Snap-in Reference

211

Comments on this document? infodev@avaya.com

Administration
· Service: _xmpp-server · Protocol: _tcp · Port number: 5269 · Host offering this service: Enter the IP address of the Openfire server, for example,
192.0.2.86. Example

Related links Key customer configuration information for XMPP federation on page 202
Verifying DNS resolution and server reachability
About this task This procedure uses the sample values in the "Single-server Cluster Federated with Ignite Openfire example values" table in the "Key customer configuration information for XMPP federation" section. Procedure
1. Open an SSH session to the Avaya Breeze® platform Management Module IP address.

April 2021

Avaya Aura® Presence Services Snap-in Reference

212

Comments on this document? infodev@avaya.com

Federation 2. Run the nslookup command to verify that the xmpp-service resolves to the Openfire
server IP address and S2S port for the Openfire XMPP domain.
3. Run the ping command to verify that the Openfire server is reachable. 4. Access a command line interface on the Openfire server:
· If Openfire has been installed on a Linux/Unix server, open an SSH session to the Openfire server IP address.
· If Openfire has been installed on a Windows server, login to the server, and open a command line interface.
5. Run the nslookup command to verify that the xmpp-service resolves to the Avaya Breeze® platform Security Module IP address and S2S port for Presence Services Presence/IM domains.
6. Run the ping command to verify that the Presence Services servers are reachable.

Related links Key customer configuration information for XMPP federation on page 202

April 2021

Avaya Aura® Presence Services Snap-in Reference

213

Comments on this document? infodev@avaya.com

Administration

Significance of enabling extended hostname validation

If extended hostname validation is enabled, the following applies:
When an external XMPP server (e.g. Openfire) is federated with Presence Services, with an external domain <DOMAIN> (e.g. openfire.com) as configured in the Presence Services XMPP group attributes, then in order to establish an outgoing connection, that server's identity certificate must match one of the following criteria:
· SAN (DNSname) = <DOMAIN>
· SAN (otherType=SRV) = _xmpp-server.<DOMAIN> (e.g. _xmpp-server.openfire.com)
· SAN (otherType=xmppAddr) = <DOMAIN>
· CN = <DOMAIN> (if-and-only-if there are no SAN present)

Note:
If both XMPP Server to Server Mutual Authentication and Extended Hostname Validation attributes are enabled, then the hostname validation will also be performed for incoming XMPP S2S connections, as Presence Services will request the far-end send its identity certificate during the negotiation process.
Related links Extended hostname validation on page 356

Checklist for enabling certificate validation on Openfire when using TLS with CA signed

Checklist for enabling certificate validation on Openfire when using TLS with CA signed.

No.

Task

Reference

1

Add Subject Alternative Name

Add Subject Alternative Name DNS name and

(SAN) DNS Name and Other

Other Name (XMPP Address) to WebSphere

Name (XMPP Address) to

Identify Certificate on page 284

WebSphere Identify Certificate.

2

Enable Certificate Verification on Administering Enable Certificate Verification on

the Openfire server.

Openfire on page 208

Checklist for configuring XMPP federation in a Geographic Redundant deployment
If federation with an external XMPP server is desired in a Geographic Redundant deployment, XMPP federation must be configured on both Presence Services clusters. The external server may reside inside any of the two data centers, or may be external to both of them. In these deployments, the Avaya Breeze® platform servers of both the data centers send messages to the external server. However, for a given domain, the external server sends messages to only a single node of one of the data centers.

April 2021

Avaya Aura® Presence Services Snap-in Reference

214

Comments on this document? infodev@avaya.com

Federation

In the following checklist: · DC-1 refers to data center 1. · DC-2 refers to data center 2. · m refers to the number of servers in the each Presence Services clusters. · n refers to the number of local Presence/IM domains supported on the Presence Services clusters. · o refers to the number of external servers in the remote deployment. · p refers to the number of remote Presence/IM domains.

No. Task

Reference

1

Administer XMPP federation on DC-1.

Checklist for configuring XMPP federation on page 202

2

Administer XMPP federation on DC-2.

Checklist for configuring XMPP federation on page 202

3

Administer DNS on external XMPP server.

Administration of DNS on external XMPP server for a Geographic Redundant deployment on page 215

4

Administer additional m*n DNS SRV records on Administration of DNS on external

the primary DNS server of external XMPP server XMPP server for a Geographic

to resolve _xmpp-server to Avaya Breeze®

Redundant deployment on

platform Security Module IP address and S2S page 215

Port for local Presence/IM domain.

5

If a secondary DNS server is configured for

Administration of DNS on external

external XMPP server, then administer

XMPP server for a Geographic

additional m*n DNS SRV records on the

Redundant deployment on

secondary DNS server to resolve _xmpp-server page 215

to Avaya Breeze® platform Security Module IP

address and S2S Port for local Presence/IM

domain.

Administration of DNS on external XMPP server for a Geographic Redundant deployment
The procedure to configure primary and secondary DNS server may vary depending on the host operating system of the external XMPP server.
If the external XMPP server resides in one of the data centers:
· The XMPP server must be configured with two DNS servers.
The DNS local to the data center should be configured as primary DNS and the DNS of the other data center should be configured as secondary or alternate DNS sever.

April 2021

Avaya Aura® Presence Services Snap-in Reference

215

Comments on this document? infodev@avaya.com

Administration
If the external XMPP server is deployed outside both data centers, then select one of the following as applicable to the network deployment:
· The XMPP server must be configured with a DNS external to both data centers.
· The XMPP server must be configured with DNS from one of the data center as primary and the DNS from other data center as secondary.
Administration of DNS SRV records for local Presence Services domains in Geographic Redundant deployment
In a Geographic Redundant deployment the external server must be able to discover Presence Services in both data centers. During normal operations, for a given domain, the external server talks to a single node of one of the data centers (typically local data center). However, in the event of data center failure, it must be able communicate with one of the nodes in the other data center. To accomplish this, it is required to administer additional m * n DNS SRV records with lower priority to resolve _xmpp-server to the Avaya Breeze® platform Security Module IP address of other data center.
Please refer to Administering DNS SRV records for local Presence Services domains for general details on configuring such DNS SRV records.
Note:
The priority of SRV records must be assigned carefully. Smaller number in the priority field indicates higher priority of the record whereas bigger number in the priority field indicates lower priority of the record. Ensure that the priorities are assigned in such a way that the SRV records with IP addresses in the local data center of the DNS server takes precedence over the remote IP addresses.
Note:
If the deployment has multiple local Presence / IM domains, then it is recommended to load balance the traffic among various Avaya Breeze® platform servers based on the domains.
Example · There are two data centers (Presence Services Avaya Breeze® platform clusters) in New York & Hong Kong. · Each cluster has two Avaya Breeze® platform Servers. · Security module IP address of server in New York are 192.0.2.11 and 192.0.2.21. · Security module IP address of server in Hong Kong are 192.0.3.31 and 192.0.3.41. · Local presence domain are presenceservices1.ps.avaya.com and presenceservices2.ps.avaya.com.
Then, create four SRV records on New York DNS and another four SRV records on Hong Kong DNS, as shown in the table below.
SRV records on New York DNS

April 2021

Avaya Aura® Presence Services Snap-in Reference

216

Comments on this document? infodev@avaya.com

Federation

Domain

Service

presenceservices1.ps.a _xmpp-

vaya.com

server

presenceservices2.ps.a _xmpp-

vaya.com

server

presenceservices1.ps.a _xmpp-

vaya.com

server

presenceservices2.ps.a _xmpp-

vaya.com

server

SRV records on Hong Kong DNS

Domain

Service

presenceservices1.ps.a _xmpp-

vaya.com

server

presenceservices2.ps.a _xmpp-

vaya.com

server

presenceservices1.ps.a _xmpp-

vaya.com

server

presenceservices2.ps.a _xmpp-

vaya.com

server

Protocol _tcp

Priority 0

Weight 0

Port 5269

_tcp

0

0

5269

_tcp

1

0

5269

_tcp

1

0

5269

Host 192.0.2.11 192.0.2.21 192.0.3.31 192.0.3.41

Protocol _tcp

Priority Weight

0

0

_tcp

0

0

_tcp

1

0

_tcp

1

0

Port 5269 5269 5269 5269

Host 192.0.3.31 192.0.3.41 192.0.2.11 192.0.2.21

XMPP Federation with Cisco Jabber
Federation with Cisco Jabber
Presence Services allows multiple Avaya Aura® domains in one Presence Services cluster or single Presence Services server to be federated with one Cisco domain per Cisco Jabber server. To federate with multiple Cisco domains, multiple XMPP server to server interfaces must be deployed on Presence Services with each only serving one Cisco Jabber domain.
Presence Services and Cisco Jabber server replies on resolving DNS SRV record to get remote server address and port.
Presence Services supports:
· Both TCP and TLS for server to server connection. The default is TLS.
· Both CA-signed and self-signed certificates.
Attachments are not supported for CISCO federation.

April 2021

Avaya Aura® Presence Services Snap-in Reference

217

Comments on this document? infodev@avaya.com

Administration

Checklist for configuring XMPP federation with Cisco Jabber

No.

Task

Reference

1

Configure DNS SRV records.

Setting up DNS on page 218

2

Configure Presence Services to Configuring Presence Services attributes for

enable federation. Presence

XMPP federation with Cisco Jabber on page 219

Services support dynamic

configuration change except port

number.

3

Configure Cisco Jabber to enable Configuring Cisco Jabber on page 219

federation from Cisco Jabber

console. Cisco Jabber does not

support dynamic change. Restart

Connection Manager required.

4

If using TLS. import Cisco

Cisco Jabber certificates on page 220

certificate to presence server and

import System Manager certificate

to Cisco Jabber.

Setting up DNS
Before you begin Use this procedure to create DNS SRV record. This procedure is common for all XMPP federations. Procedure
To verify SRV records run following commands. · nslookup ­querytype=SRV _xmpp-server._tcp.<cisco jabber presence
domain> · nslookup ­querytype=SRV _xmpp-server._tcp.<presence services domain> Example
· nslookup ­querytype=SRV _xmpp-server._tcp.jabber.avaya.com · nslookup ­querytype=SRV _xmpp-server._tcp.pres.fed.avaya.com If the resolved SRV record is a domain, the domain must be resolvable. For example, vm92host90.aceott.avaya.com must resolve to 192.0.2.39.

April 2021

Avaya Aura® Presence Services Snap-in Reference

218

Comments on this document? infodev@avaya.com

Federation

Configuring Presence Services attributes for XMPP federation with Cisco Jabber
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the XMPP Federation x group. 6. In the Component Enabled x field, in Effective Value, click True.
XMPP Federation is disabled by default. 7. In the Enable Secure Communications (TLS) x field, in Effective Value, do one of the
following: · Click False for TCP. · Click True for TLS.
The default value is True. 8. In the Federation Type x field, in Effective Value, click Cisco. 9. In the XMPP Federation Domain List x field, in Effective Value, type a list of federated
domains separated by comma. 10. (Optional) To override the default value, select the Override Default check box. 11. Click Commit.
Configuring Cisco Jabber
Procedure 1. Log on to Cisco Unified IM and Presence Administration. 2. Click Presence > Inter-Domain Federation > XMPP Federation > Settings.

April 2021

Avaya Aura® Presence Services Snap-in Reference

219

Comments on this document? infodev@avaya.com

Administration

3. In General Settings section, ensure that the XMPP Federation Node Status field shows ON.
4. In the Security Settings section, make the following changes depending on whether TLS or TCP is used:

Field name
Security Mode
Require Client-side security certificate
Enable SASL EXTERNAL on all incoming connections
Enable SASL EXTERNAL on all outgoing connections
Dialback Secret
Confirm Dialback Secret

TCP No TLS check check
check
secret secret

TLS TLS Required check check
check
not used not used

5. Click Presence > Inter-Domain Federation > XMPP Federation > Policy.
6. Under XMPP Federation Policy Exception, select is not empty search criteria and click Find.
7. Click Add New.
8. In Domain Name/Host Name* field, add the domain of Presence Services.
9. Under Exception Applies To, select All federated packets from/to the above domain/ host.
10. Click Save.
11. Restart Cisco XCP XMPP Federation Connection Manager for the changes to take effect.

Cisco Jabber certificates

Generating a self-signed certificate Procedure 1. Log on to Cisco Unified IM and Presence OS Administration. 2. Click Security > Certificate Management. 3. Click Generate Self-signed.

The system opens a new window. 4. In the Certificate Purpose field, select cup-xmpp-s2s. 5. Click Generate.

The self-signed certificate is generated. 6. Find all certificates from Certificate List. 7. List all by using is not empty search criteria. 8. Click cup-xmpp-s2s.pem to open the certificate.

April 2021

Avaya Aura® Presence Services Snap-in Reference

220

Comments on this document? infodev@avaya.com

Federation
9. Click Download .PEM file. Importing certificate into Presence Services trust store
Procedure 1. Log on the System Manager web console from where Presence Services installed. 2. Navigate to Elements > Avaya Breeze®. 3. Click Cluster Administration. 4. Select the cluster on which Presence Services installed. 5. Click Certificate Management > Install Trust Certificate (All Avaya Breeze® Instances). 6. Click Browse to select the Cisco Jabber certificate pem file. 7. Click Retrieve Certificate. 8. Click Commit. The certificate is imported. 9. To view the certificate, do the following: a. On the System Manager web console, navigate to Services > Inventory. b. Click Manage Elements. c. On the Manage Elements tab, select the check box corresponding to the Avaya Breeze® platform server where you have imported the certificate. d. Click More Actions > Manage Trusted Certificates. e. On the Manage Trusted Certificates page, select the check box corresponding to the certificate. Presence Services displays the certificate details in the Certificate Details area.
Importing System Manager root certificate into Cisco Jabber trust store Procedure 1. On the System Manager web console, navigate to Services > Security > Certificates > Authority > CA Structure & CRLs. 2. Click Download PEM file to download the System Manager root certificate. 3. Log on to Cisco Unified IM and Presence OS Administration. 4. Click Security > Certificate Management. 5. Click Upload Certificate/Certificate chain. The system displays a new window. 6. Select cup-xmpp-trust. 7. Click Browse and select the file that you want to upload. 8. Click Upload.

April 2021

Avaya Aura® Presence Services Snap-in Reference

221

Comments on this document? infodev@avaya.com

Administration
Modifying default certificate to Subject Alternative Name certificate About this task When Presence Services is installed, Avaya Breeze® platform generates a default certificate. The owner is machine hostname. When Presence Services federates with remote XMPP server, Presence Services uses presence domain which is different from the hostname in most of the cases. To pass certificate validation on remote machine, the presence domain is added to default certificate. This setting is achieved by using Subject Alternative Name. Procedure 1. Log on to the System Manager web console from where Presence Services is installed. 2. Click Services > Inventory. 3. Click Manage Elements. 4. Select the Avaya Breeze® platform instance. 5. Click More Actions > Manage Identity Certificates. 6. Select Websphere, and click Replace. 7. Select the DNS Name check box, and enter the presence domain.

8. Click Commit. 9. Restart the cluster for the changes to take effect. 10. To view the certificate, do the following:
a. On the System Manager web console, navigate to Services > Inventory. b. Click Manage Elements. c. On the Manage Elements tab, select the check box corresponding to the Avaya
Breeze® platform server where you have saved the modified certificate.

April 2021

Avaya Aura® Presence Services Snap-in Reference

222

Comments on this document? infodev@avaya.com

Federation
d. Click More Actions > Manage Trusted Certificates. e. On the Manage Trusted Certificates page, select the check box corresponding to the
certificate. Presence Services displays the certificate details in the Certificate Details area. Generating the Certificate Signing Request file Procedure 1. Log on to Cisco Unified IM and Presence OS Administration. 2. Click Security > Certificate Management. 3. Click Generate CSR. The system displays a new window. 4. Select cup-xmpp-s2s. 5. Click Generate to generate the Certificate Signing Request (CSR) file. 6. Click Download CSR to save the cup-xmpp-s2s.csr file. Generating profile on System Manager Procedure 1. On the System Manager web console, navigate to Services > Security > Certificates > Authority. 2. Select Add End Entity, and enter the following details: · End Entity Profile: EXTERNAL_CSR _PROFILE · Username: Cisco · Password/Enrollment Code: Cisco · Confirm Password: Cisco · CN, Common name: <cisco jabber domain> · O, Organization: Avaya · C, Country: CA · OU, Organization Unit: Presence · L, Locality: Ottawa · ST, State or Province: Ontario · Certificate Profile: ID_CLIENT_SERVER · CA: tmdefaultca · Token: User Generated 3. Click Add.

April 2021

Avaya Aura® Presence Services Snap-in Reference

223

Comments on this document? infodev@avaya.com

Administration
Signing the Cisco Jabber CSR on System Manager Procedure 1. On the System Manager web console, navigate to Services > Security > Certificates > Authority. 2. Select Public Web. 3. Click Create Certificate from CSR, and enter the following details: · Username: cisco · Enrollment code: cisco · Paste the signing request from Cisco. · In the Result Type field, select PEM - full certificate chain 4. Click OK. 5. Open the resulting PEM file in text editor on Windows.
Installing System Manager signed Cisco certificate on Cisco Jabber Procedure 1. Log on to Cisco Unified IM and Presence OS Administration. 2. Click Security > Certificate Management. 3. Click Upload Certificate/Certificate Chain. The system displays a new window. 4. Select cup-xmpp-s2s.

April 2021

Avaya Aura® Presence Services Snap-in Reference

224

Comments on this document? infodev@avaya.com

5. Click Upload file.

Federation

Spaces Federation
Presence Services supports federation with Avaya OneCloud CPaaS to enable users to exchange instant messages as SMS with mobile users.
Spaces federation enables users to:
· Send IMs to a mobile user added as a private contact of an Aura user. · Receive the SMS sent by a mobile user as an IM. · Send and receive IM or SMS as described earlier using the Presence Services REST APIs.
Note: Federation between Avaya Aura® Presence Services and Avaya OneCloud CPaaS is supported only in geographical regions where Avaya OneCloud CPaaS is fully operational.
Prerequisites
Procedure 1. The organization must have a Avaya OneCloud CPaaS account and subscription for Avaya OneCloud CPaaS.
The Account SID and the Auth Token are required to configure the federation.

April 2021

Avaya Aura® Presence Services Snap-in Reference

225

Comments on this document? infodev@avaya.com

Administration
To access Avaya OneCloud CPaaS home page, go to https://zang.io/. To access the Avaya OneCloud CPaaS, go to https://cloud.zang.io/.
2. The organization needs access to Avaya OneCloud CPaaS phone numbers.
Avaya OneCloud CPaaS phone numbers can be bought from Avaya OneCloud CPaaS using the administrator dashboard. These numbers are assigned to Aura users to enable them to use Avaya OneCloud CPaaS services.
3. The organization must select the communication options with Avaya OneCloud CPaaS:
· Using Avaya OneCloud CPaaS events: If Spaces federation is configured in this mode, Avaya OneCloud CPaaS will send any incoming SMS as HTTP events to Presence Services.
This mode requires that the Avaya Breeze® platform cluster running Presence Services to be reachable from Avaya OneCloud CPaaS. The organization needs to ensure that HTTPS port 443 is not blocked by any firewall.
· Using Presence Services SMS polling service: If Spaces federation is configured in this mode, Presence Services polls Avaya OneCloud CPaaS periodically to fetch any incoming SMS. Hence, it is not required that Avaya OneCloud CPaaS send SMS events as they arrive. Use this mode of operation if the Avaya Breeze® platform cluster is not reachable from outside the enterprise.
This setting is required for receiving any incoming SMS from external users to the enterprise.
Importing CA certificate to the Avaya Breeze® platform cluster
About this task To communicate with Avaya OneCloud CPaaS securely, the CA which signs Avaya OneCloud CPaaS certificate needs to be imported on the Avaya Breeze® platform cluster. The certificate is provided in the Presence Services bundle ZIP file. Use the following procedure to import this certificate.
Procedure
1. Locate the Baltimore CyberTrust Root.pem file in the PresenceServicesBundle-x.x.x.x.zip.
2. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration.
3. Select the Avaya Breeze® platform cluster, and click Certificate Management > Install Trust Certificate (All Avaya Breeze® Instances).
4. Select Store Type as WEBSPHERE.
5. Choose file as the PEM from the Presence Services bundle ZIP.
6. Click Retrieve Certificate.
7. Click Commit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

226

Comments on this document? infodev@avaya.com

Federation
Enabling Spaces federation on Presence Services
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Avaya Breeze® platform cluster. 4. In the Service field, click PresenceServices service. 5. On the Attributes Configuration page, navigate to the Spaces Federation group. 6. In the Enable Spaces Federation field, in Effective Value, click True. 7. In the Avaya OneCloud CPaaS Account SID field, in Effective Value, type the Avaya OneCloud CPaaS account service identifier.
This information may be retrieved from Avaya OneCloud CPaaS administrator dashboard. 8. In the Avaya OneCloud CPaaS Auth Token field, in Effective Value, type the Avaya
OneCloud CPaaS account authentication token.
This information may be retrieved from Avaya OneCloud CPaaS administrator dashboard. 9. Leave the Avaya OneCloud CPaaS SMS Request URL field blank if you intend to use
Avaya OneCloud CPaaS events delivered to Presence Services, otherwise configure the Avaya OneCloud CPaaS PubSub SMS Request URL as per SMS settings of the Avaya OneCloud CPaaS application to use SMS polling. 10. (Optional) To override the default value, select the Override Default check box. 11. Click Commit.
Configuration of Spaces federation
Avaya OneCloud CPaaS must be configured so that Avaya OneCloud CPaaS can deliver incoming SMS to Presence Services.
If extended hostname validation is enabled, ensure that "zang.io" and "pubsub.zang.io" are resolvable through the DNS. Presence Services validates the certificate provided by Avaya OneCloud CPaaS Services. Failing, hostname validation impacts any outgoing communications with Avaya OneCloud CPaaS.
Related links Extended hostname validation on page 356
Configuring Spaces federation using Avaya OneCloud CPaaS events About this task Use the following procedure to configure SMS Request URL on Avaya OneCloud CPaaS as Avaya Breeze® platform URL.

April 2021

Avaya Aura® Presence Services Snap-in Reference

227

Comments on this document? infodev@avaya.com

Administration
Procedure 1. Log in to your Avaya OneCloud CPaaS account. 2. Navigate to Numbers > Manage Applications. 3. Click Add Application. 4. In the General tab, enter a name.
For example, PresenceServices 5. In the SMS tab, enter the SMS Request URL as http(s)://<breeze-cluster-
fqdn>/services/PresenceServices/rest/zang/sms. It is recommended to use https instead of http URL for secure transmission of data. If http URL is configured, the Avaya Breeze® platform cluster must allow non-secure communication. 6. After the application is created, assign it to the number. For more details, see "Assigning application to a number". Related links Assigning application to a number on page 229
Configuring Spaces federation using Presence Services SMS polling service About this task Use the following procedure to configure SMS Request URL on Avaya OneCloud CPaaS as PubSub URL. Procedure 1. Log in to your Avaya OneCloud CPaaS account. 2. Navigate to Numbers > Manage Applications. 3. Click Add Application. 4. In the General tab, enter a name.
For example, PresenceServices 5. In the SMS tab, enter the SMS Request URL as https://pubsub.zang.io/
<account-sid>/<container-name>. <account-sid> is the is the Avaya OneCloud CPaaS Account SID and <container-name> is any unique string within this account SID. 6. Configure Presence Services Avaya OneCloud CPaaS SMS Request URL to the URL created in previous step. 7. After the application is created, assign it to the number. For more details, see "Assigning application to a number". Related links Assigning application to a number on page 229

April 2021

Avaya Aura® Presence Services Snap-in Reference

228

Comments on this document? infodev@avaya.com

Federation
Assigning application to a number
About this task Once the application is created, it needs to be assigned to the phone numbers for Avaya OneCloud CPaaS to route the incoming SMS correctly to the Presence Services. Procedure
1. Log in to your Avaya OneCloud CPaaS account. 2. Navigate to Numbers > Manage Numbers. 3. Click on the number to update. 4. Navigate to the SMS tab. 5. Select the Use application sms settings check box. 6. Select the application created in the previous step, and click Save.
Repeat this procedure to all the numbers that need to be associated with the application.
Configuring users for Spaces federation
About this task Users must be assigned Avaya OneCloud CPaaS phone numbers to be able to send and receive SMS to external mobile users. Use the following procedure to enable users for Spaces federation. Procedure
1. On the System Manager web console, navigate to Users > User Management > Manage Users.
2. Select the user and click Edit. 3. Click the Communication Profile tab. 4. In the Communication Address field, click New. 5. Select Type as Other SIP. 6. Enter the Fully Qualified Address as <Avaya OneCloud CPaaS Phone
Number>@zang.io. 7. Click Add. 8. Click Commit. 9. Repeat Step 1 to Step 8 for all the users you want to be Avaya OneCloud CPaaS enabled.

April 2021

Avaya Aura® Presence Services Snap-in Reference

229

Comments on this document? infodev@avaya.com

Administration
Sending SMS to mobile users as private contacts
Procedure 1. Add external mobile users as private contacts of a Avaya OneCloud CPaaS-enabled Aura user to facilitate sending SMS to them through an IM. This can be done using an Avaya One-X Communicator client as shown in the following figure. The IM address is configured as <mobile number>@zang.io. You must suffix the mobile number with zang.io domain.

2. Once the private contact is added, the user can initiate an IM to this contact which will be delivered as a SMS to the mobile user.
a. Ensure that the Spaces federation is enabled and configured.
b. Ensure that the user has a Avaya OneCloud CPaaS phone number assigned in his communication profile.
The mobile user who receives this SMS will see the Avaya OneCloud CPaaS phone number of the sender.
If the mobile user sends an SMS or replies to an SMS, the SMS is delivered to the Aura user as an IM.
Sending SMS to mobile users through REST APIs
About this task An Avaya OneCloud CPaaS-enabled user can send SMS through Presence Services REST APIs.
Procedure
The user or application can use Avaya OneCloud CPaaS address space to specify the recipient mobile number.
There is no need to suffix the number with zang.io domain.

April 2021

Avaya Aura® Presence Services Snap-in Reference

230

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace
If the mobile user sends an SMS or replies to an SMS, the SMS is delivered to the Aura user as an IM through the Event Delivery Service on Avaya Breeze® platform.
Interoperability with Avaya Workplace
Support for Avaya Workplace Client
Presence Services 8.1.1 supports the following Presence and IM capable Avaya Workplace Client clients:
· Avaya Workplace Client 3.3 or later - Avaya Workplace Client Native - Avaya Workplace Client Web
· Avaya Workplace Client Attendant Avaya Workplace Client uses SIP for Presence information and REST protocol for IM. Avaya Workplace Client use Presence Services to:
· Gather real-time presence of users for watchers across the Avaya client portfolio. · Gather real-time presence of users for watchers across vendors such as Cisco, Microsoft,
and third-party clients. · Support point-to-point and multiparty messaging, and compose and send multimedia
messages, such as text, voice, video, file, and photo, between one or more Avaya Workplace Client users. · Create dynamic team or group conversations. · Hold subject-based conversations. · Support persistent conversations across devices and clients. · Store messages centrally and deliver the messages after the users connect. · Transition from multimedia messaging to voice, video, or multiparty collaborative calls. · Provide Is Typing and Message Read indication. · Provide emoticon pass through. Note:
· Presence Services does not support the Is Typing, Message Read, and emoticon and font pass through features when a user on an Avaya Workplace Client is in conversation with a contact on a federated system such as Microsoft S4B, Openfire, or Cisco Jabber.

April 2021

Avaya Aura® Presence Services Snap-in Reference

231

Comments on this document? infodev@avaya.com

Administration
· Presence Services does not support deployments where both Avaya Workplace Client and Avaya one-X® Communicator clients are used for instant messaging.
Avaya Workplace Client support limitations · Avaya Workplace Client release 3.4.8 and later support Access Control List functionality. Avaya Workplace Client prior to release 3.4.8 does not support Access Control List functionality. · You must specify the Avaya Breeze® platform cluster service FQDN in the Multimedia Messaging Server Address parameter of the Avaya Workplace Client client. This ensures that the Avaya Workplace Client client properly connects to Presence Services. · If you are planning to use Presence Services with Avaya Workplace Client clients, you must configure Avaya Aura® Device Services. For more information about configuring Avaya Aura® Device Services in geographically redundant Presence Services deployments, see Configuring data center HTTP SRV records for the service FQDNs on page 60.
Avaya Workplace Client authentication configuration
Avaya Workplace Client clients must authenticate with Presence Services to use the services provided by Presence Services. For more information about the authentication process, see REST API clients authentication on page 346.
User administration
Consider the following recommendations: 1. Avaya recommends that a user's Presence/IM address is equal to the user's e-mail address. For example: · User: John Smith · Presence/IM address: jsmith@example.com · e-mail address: jsmith@example.com Microsoft RTC deployments follow this approach. New Avaya PMM deployments should not have difficulties to follow this approach. 2. Alternatively, Presence/IM address domains and e-mail address domains must not overlap. For example: · User: John Smith · Presence/IM address: jsmith@pmm.example.com · e-mail address: jsmith@example.com Federated XMPP deployments typically follow this approach.
In deployments with federation, the Presence/IM addressing approach has to be consistent across federated solutions. For example, if a solution consists of an Avaya PMM solution federated with

April 2021

Avaya Aura® Presence Services Snap-in Reference

232

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace

an Microsoft RTC solution, both Avaya and Microsoft solutions must take the same approach. You will not experience any functional differences between the two approaches.
Additionally, you must follow the below guidelines:

Task

Guidelines

Administering Presence/IM service to solution users Administer only one service to a user:

· Administer Avaya PMM service to Avaya users using System Manager.

· Administer the federated Presence/IM service to Federated users using the appropriate Management Tool of the federated system.

This minimizes the overall administration work and
overall number of user-level licenses required. Solutions users include Avaya Aura® users and the
federated system users.

Administering Presence/IM address to solution users

Administration of the Presence/IM address to a user is part of administering the Presence/IM service to the user.

· For Aura users, this is done in System Manager user management by assigning an "Avaya Presence/IM Communication Address" to the user. The Presence/IM address can be administered with a value different than the user's e-mail address.

· For Federated users, this is done in the appropriate Management Tool of the federated system. Most of the third-party Presence/IM solutions allow the Presence/IM address to be administered with a value different than the user's e-mail address.

Note:
You must follow one of the recommendations during Presence/IM address assignment.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

233

Comments on this document? infodev@avaya.com

Administration

Administering Presence/IM users in the Enterprise Directory

· Every solution user must be defined in the Enterprise Directory. This is to facilitate ease of finding a user and initiating different modes of communication with the user without needing to manually enter a specific address required to reach the user.
· This recommendation is given in such a way to enable multiple-domain environments.
· User data in the Enterprise Directory must include an attribute whose value indicates the exact Presence/IM address of the user.
· In the Avaya documents, the selected attribute is referred to as the DIRIMATTRIBUTE.
· In the Avaya PMM solution, a configuration parameter is used to define the value of the DIRIMATTRIBUTE such as the name of the Directory attribute that holds the exact Presence/IM address of a user.
Note:
Another Avaya configuration parameter ­ DIRUSEIMDOMAIN ­ must be set to 0 (false).
· The designated directory attribute must be populated with the exact Presence/IM address of the user.
- For Avaya users, the value must equal the "Avaya Presence/IM" address value as administered in System Manager.
- For Federated users, the value must be equal Presence/IM address value administered to the user in the appropriate Management Tool of the federated system.
· If the Recommendation #1 is followed, the good candidate for the DIRIMATTRIBUTE is the e-mail attribute. For example, "mail" is the default Avaya value.
· If the Recommendation #2 is followed, there might not be an existing directory attribute that contains the exact Presence/IM address of the user. In such a case, the Directory schema may need to be extended by introduction of a new extension attribute and the attribute populated with the appropriate value for every user.

April 2021

Avaya Aura® Presence Services Snap-in Reference

234

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace
IWA support IWA can be used for users in the domain or sub-domain of the default enterprise directory. Administrators must ensure that the keytab provided to the server is generated for the default directory service. In addition, the client of these users must be enabled to use IWA. This can be done by setting SUPPORTWINDOWSAUTHENTICATION property to 1 in the client settings file. For all other domain users, this value must be set to 0. For more information, see REST API clients authentication on page 346.
Mapping LDAP entry to Presence/IM handle using AADS
Procedure 1. On the Avaya Aura® Device Services web console, navigate to Server Connections > LDAP Configuration > Enterprise Directory. 2. At the bottom of the Enterprise Directory Configuration screen, click Modify Attribute Mappings. 3. On the Modify LDAP Attribute Mappings screen, select IMHandle and enter the attribute used in your Enterprise directory under the Directory Field Name. In the following example, user's Presence handle from System Manager is entered under extensionAttribute15. In this scenario, the IM handle is mapped to custom field extensionAttribute15.

April 2021

Avaya Aura® Presence Services Snap-in Reference

235

Comments on this document? infodev@avaya.com

Administration
Conversation and multimedia attachment file configuration
New service attributes are introduced in Presence Services Release 8.0.1 to support Avaya Workplace Client. You must configure these service attributes to control IM conversations and multimedia attachment files.
Note: You must enable conversations for Avaya Workplace Client messaging. Conversation attributes include configuration for: · Excluding specific domains from IM participation. · Specifying the number of days after which Presence Services closes inactive conversations. · Specifying the number of days after which Presence Services deletes the closed conversations. · Specifying the number of hours after which Presence Services runs the conversation audit process. The conversation audit process searches and removes the inactive and closed conversations. · Specifying the maximum size of text messages. · Specifying the number of days after which Presence Services deletes the messages created in a conversation. Multimedia attachment attributes include configuration for: · Enabling Presence Services support for multimedia attachment files. · Specifying the maximum file size of different multimedia file types. · Specifying the location of the multimedia attachment store. The options are: Breeze server local disk and Amazon S3 for Presence Services cloud deployments.
Enabling conversations for an Avaya Workplace Client
About this task Presence Services uses the Conversations Enabled attribute to support conversations on Avaya Workplace Client. Avaya Workplace Client does not support the Block IMs for users in Do-Not-Disturb (DND) state feature. Avaya recommends that you set the Block IMs for users in Do-Not-Disturb (DND) state attribute to False if the Conversations Enabled attribute is set to True to enable conversations for Avaya Workplace Client. For more information, see "IM Blocking in Do Not Disturb state." If you set the Conversations Enabled attribute to True, Avaya recommends that you set the Offline IM Storage Enabled attribute to False. By default, Presence Services provides offline IM storage support for Avaya Workplace Client. For more information, see "Configuring offline IM storage."

April 2021

Avaya Aura® Presence Services Snap-in Reference

236

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service for which you want to enable conversations. 5. On the Attributes Configuration page, navigate to the Messaging (REST) group. 6. In the Conversations Enabled field, in Effective Value, click Enabled to retain instant messages as conversations. The default is Disabled.
Note: You must enable conversations for Avaya Workplace Client. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. Related links Configuring offline IM storage on page 266 IM Blocking in Do Not Disturb state on page 254
Excluding a messaging domain from participating in messaging
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster for which you want to specify the messaging domain that cannot participate in messaging. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Messaging (REST) group. 6. In the Excluded Messaging Domain List field, in Effective Value, specify the messaging domain. Use a comma as a separator to specify multiple messaging domains. The users in these domains cannot participate in messaging. By default, the Excluded Messaging Domain List field is blank. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

237

Comments on this document? infodev@avaya.com

Administration
Configuring auto-close and auto-discard for inactive and closed conversations, and deleting old messages
About this task The number of days that you specify for closing inactive conversations and discarding closed conversation affects the storage requirements. Messages in a conversation are automatically deleted after the specified days after creation.
Note: Changing the expiration setting directly affects storage requirements. Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® >
Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster that
contains the Presence Services service for which you want to configure auto-close and auto-discard of conversations. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Messaging (REST) group. 6. In Effective Value, do the following:
a. In the Close Inactive Conversations (days) field, type the number of days after which Presence Services closes the inactive conversations.
Valid values are from 1 through 365. b. In the Discard Closed Conversations (days) field, type the number of days after
which Presence Services deletes the closed conversations.
Valid values are 0 through 30. c. In the Conversation Audit Hour field, type the number of hours after which Presence
Services processes conversation auto-close and auto-discard.
Valid values are 0 through 23. a. In the Delete Old Messages (days) field, type the number of days after creation after
which Presence Services must automatically delete the messages in the conversation.
Important:
This field is visible for any release of Presence Services. However, you must only configure this field for Presence Services releases 8.1.3 or earlier. Do not update this field for Presence Services release 8.1.4 or later.
Valid values are 1 through 30. The default value is 1.

April 2021

Avaya Aura® Presence Services Snap-in Reference

238

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace
b. In the Delete Old Messages (days) for PS 8.1.4 onwards field, type the number of days after creation after which Presence Services must automatically delete the messages in the conversation.
Important:
This field is visible only for Presence Services 8.1.4 or later.
Valid values are 1 through 365. The default value is 1.
Note:
You can optionally restore this value from a previous version of Presence Services as follows:
Log on to the System Manager UNIX console as a root user. Copy the script MessageDeletionDays.sh from the file psng-svar-8.1.4.0SNAPSHOT.zip to a location on the console, and then execute the script from that path using the command: #sh <path>/MessageDeletionDays.sh <clusterName>. c. (Optional) To override the default value, select the Override Default check box.
d. Click Commit.
Enabling attachments and specifying storage type and maximum file size for attachment files
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes.
3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster that contains the Presence Services service for which you want to allow attachment files and configure the attachment file attributes.
4. In the Service field, click the Presence Services service.
5. On the Attributes Configuration page, navigate to the Messaging (REST) group.
6. In Effective Value, do the following:
a. In the Allow Attachments field, click True to allow attachments to be sent along with instant messages.
b. In the Attachment Storage Type field, click the storage type to store the attachment files.
The options are: Disk and Amazon.
c. In the Image Size field, type the maximum size of the image file that can be attached.
Valid values are 100 KB through 8,192 KB.

April 2021

Avaya Aura® Presence Services Snap-in Reference

239

Comments on this document? infodev@avaya.com

Administration
d. In the Audio Memos Size field, type the maximum size of the audio file that can be attached. Valid values are 100 KB through 32,768 KB.
e. In the Video Memos Size field, type the maximum size of the video file that can be attached. Valid values are 1024 KB through 32,768 KB.
f. In the Generic attachments Size field, type the maximum size of the generic file that can be attached. Valid values are 1024 KB through 32,768 KB.
g. (Optional) To override the default value, select the Override Default check box. h. Click Commit.
Configuring the text message size for an Avaya Workplace Client
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Messaging (REST) group. 6. In the Text Message Size field, in Effective Value, type the number of characters that you want to allow in text messages. Valid values are 140 through 2048. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.
Avaya SBCE configuration for remote users to use Avaya Workplace multimedia messaging
Checklist to configure Avaya SBCE for Presence Services to enable a remote user to use Avaya Workplace Client multimedia messaging
Configure the following on Avaya Session Border Controller for Enterprise (Avaya SBCE) so that Presence Services enables a remote user to use Avaya Workplace Client multimedia messaging.

April 2021

Avaya Aura® Presence Services Snap-in Reference

240

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace

No.

Task

Reference

1

Create an Avaya call server profile.

See "Creating an Avaya call server profile" in the Administering Avaya Session Border Controller for Enterprise guide.

2

Create an external signaling interface for the See "Creating an external signaling interface

phone network.

toward phone network" in the Administering

Avaya Session Border Controller for Enterprise

guide.

3

Create an internal signaling interface for the See "Creating an internal signaling interface

Avaya call server.

toward Avaya call server" in the Administering

Avaya Session Border Controller for Enterprise

guide.

4

Create an external media interface for the

See "Creating an external media interface toward

phone network.

phone network" in the Administering Avaya

Session Border Controller for Enterprise guide.

5

Create an internal media interface for the

See "Creating an internal media interface toward

Avaya call server.

Avaya call server" in the Administering Avaya

Session Border Controller for Enterprise guide.

6

Create PPM Mapping profiles.

See Creating standard PPM mapping profiles on page 242.

See Creating custom PPM mapping profiles on page 245.

7

Create a reverse proxy service for PPM

See "Creating a reverse proxy service for PPM

traffic.

traffic" in the Administering Avaya Session

Border Controller for Enterprise guide.

8

Configure reverse proxy service for

downloading file or firmware.

9

Create a media rule.

See "Creating reverse proxy service for file or firmware download" in the Administering Avaya Session Border Controller for Enterprise guide.
See "Creating a media rule" in the Administering Avaya Session Border Controller for Enterprise guide.

10

Create a server flow.

See "Creating server flow" in the Administering Avaya Session Border Controller for Enterprise guide.

11

Configure application rules for concurrent

See "Creating application rules" in the

sessions per endpoint and maximum

Administering Avaya Session Border Controller

concurrent sessions.

for Enterprise guide.

12

Create an endpoint policy.

See "Creating an endpoint policy" in the Administering Avaya Session Border Controller for Enterprise guide.

13

Create a routing profile to the Avaya call

See "Creating a routing profile to Avaya call

server.

server" in the Administering Avaya Session

Border Controller for Enterprise guide.

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

241

Comments on this document? infodev@avaya.com

Administration

No.

Task

Reference

14

Create a subscriber flow.

See "Creating a subscriber flow" in the Administering Avaya Session Border Controller for Enterprise guide.

15

If you are setting up an Avaya Scopia®

See "Administering Binary Floor Control

remote user, administer Binary Floor Control Protocol" and "Administering Far End Camera

Protocol and Far End Camera Control.

Control" in the Administering Avaya Session

Border Controller for Enterprise guide.

16

Add a URI group for emergency numbers. See "Creating a new URI group" in the

Administering Avaya Session Border Controller

for Enterprise guide.

17

Enable the URI group by selecting the

emergency URI group in the E911 URI

Group field in Avaya SBCE.

See "Managing SIP options" in the Administering Avaya Session Border Controller for Enterprise guide.

18

Create a reverse proxy policy for Avaya

See Creating a reverse proxy policy for Avaya

Workplace Client multimedia messaging.

Workplace Client multimedia messaging on

page 249.

19

Create a reverse proxy service for Avaya

See Creating a reverse proxy service for Avaya

Workplace Client multimedia messaging.

Workplace Client multimedia messaging on

page 250.

Creating standard PPM mapping profiles
About this task Use this procedure to create standard Personal Profile Manager (PPM) mapping profiles for the following server types:
· Presence · Session Manager · Branch Session Manager For example, you must create a mapping profile for each group of remote workers who use the same pair of Session Manager systems as the primary Session Manager and the secondary Session Manager. Standard PPM mapping profiles use the set of SIP server profiles, server addresses, signaling interfaces, and mapped transport values that are pre-defined in your system administration. For most deployments, you can use standard PPM mapping profiles. When creating PPM mapping profiles, consider the following: · Within a mapping profile, you can create multiple profile entries. · You can administer both standard and custom PPM profile entries in the same mapping
profile. · If you need to convert a profile entry from standard to custom or custom to standard, record
the current settings of the profile entry, delete the profile entry, and readminister the profile entry using the standard or custom options.

April 2021

Avaya Aura® Presence Services Snap-in Reference

242

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace
Procedure 1. Log on to the EMS web interface with administrator credentials. 2. On the Device menu, click the name of the SBCE to administer. 3. Navigate to DMZ Services > PPM Mapping. 4. Click the Add button that is above the Mapping Profiles list. The system displays a screen similar to the following example:

5. In the Profile Name field, type the profile name.
6. Click Next.
7. In the Server Type field, click one of the following options:
· Presence
· Session Manager
· Branch Session Manager
For Presence, the system displays the Mapping Profile window, which has options for Server Address and Signaling Interface for the SBC Device. For each option, select one of the pre-defined set of values.
For Session Manager or Branch Session Manager, the system displays the Mapping Profile window, which has options for SIP Server Profile, Server Address, Signaling Interface, and Mapped Transport. For each option, select one of the pre-defined set of values.

April 2021

Avaya Aura® Presence Services Snap-in Reference

243

Comments on this document? infodev@avaya.com

Administration
Important: You must use the FQDN of the server in the Server Address option for Presence, Session Manager, and Branch Session Manager servers. 8. Click Finish. The system adds the new mapping profile in the Mapping Profiles list and displays the settings for the profile entry that you created in the Mapping Profile tab.

9. After adding a new mapping profile, you can do any of the following operations for a mapping profile:
· (Optional) Click Click here to add a description to add a description of the mapping profile. After you add a description, click Finish. To change the description, click the displayed description.
· Click Rename to change the name of the mapping profile.
· Click Clone to duplicate the selected mapping profile under a new name. All profile entries assigned to the original mapping profile are copied over to the new mapping profile with the same options. You can then change those options as needed.
· Click Delete to delete the mapping profile and all of its profile entries.
10. For a mapping profile, you can do any of the following operations for the profile entries under the Mapping Profile tab:
· Click the Add button to create a new profile entry within the selected mapping profile. The options for a new profile entry are the same as when you created a mapping profile the first time. When you add multiple profile entries to a mapping profile, the entries can be either standard or custom profiles.
· Click Edit to change the options within a profile entry.
· Click Delete to delete the individual profile entry within the selected mapping profile.
Related links Standard PPM mapping profile field descriptions on page 245

April 2021

Avaya Aura® Presence Services Snap-in Reference

244

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace

Standard PPM mapping profile field descriptions

Name Profile Name Server Type
SIP Server Profile
Server Address

Description The name of the PPM mapping profile. The type of server. The options are:
· Presence
· Session Manager
· Branch Session Manager For Session Manager or Branch Session Manager, the profile that you want to assign to the Server Type.
SIP Server Profile is not used with Presence.
Important:
You must use the FQDN of the server in the Server Address option for Presence, Session Manager, and Branch Session Manager servers.

SBC Device
Signaling Interface Mapped Transport

For Session Manager or Branch Session Manager, the pre-defined IP address and port number of the Session Manager system for which you are creating a profile.
This is a display-only field that shows the SBCE server selected when adding a PPM mapping profile.
The signaling interface used for the profile.
For Session Manager or Branch Session Manager, the transport protocol used for the mapping profile.
Mapped Transport is not used with Presence.

Related links Creating standard PPM mapping profiles on page 242

Creating custom PPM mapping profiles
About this task Use this procedure to create custom PPM mapping profiles for the following server types:
· Presence · Session Manager · Branch Session Manager For example, you must create a mapping profile for each group of remote workers who use the same pair of Session Manager systems as the primary Session Manager and the secondary Session Manager. With custom PPM mapping profiles, you can administer server IP addresses, FQDNs, and ports that are not available with the standard set of pre-defined server properties. For example, if you have a geo-redundant deployment and the server that you want to connect to is not in the local network, you can use the custom options to link the servers.

April 2021

Avaya Aura® Presence Services Snap-in Reference

245

Comments on this document? infodev@avaya.com

Administration
When creating PPM mapping profiles, consider the following: · Within a mapping profile, you can create multiple profile entries. · You can administer both standard and custom PPM profile entries in the same mapping profile. · If you need to convert a profile entry from standard to custom or custom to standard, record the current settings of the profile entry, delete the profile entry, and readminister the profile entry using the standard or custom options.
Procedure 1. Log on to the EMS web interface with administrator credentials. 2. On the Device menu, click the name of the SBCE to administer. 3. Navigate to DMZ Services > PPM Mapping. 4. Click the Add button that is above the Mapping Profiles list. The system displays a screen similar to the following example:

5. In the Profile Name field, type the profile name.
6. Click Next.
7. In the Server Type field, click one of the following options:
· Presence · Session Manager · Branch Session Manager
8. Select the Custom check box. For the Session Manager or Branch Session Manager server types, you can click either check box.
The Mapping Profile window changes to show different options.

April 2021

Avaya Aura® Presence Services Snap-in Reference

246

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace
For Presence, the system displays options for Server Address and Mapped IP. For Session Manager or Branch Session Manager, the system displays options for SIP Server Profile, Server Address/Port, Server Transport, Mapped IP/Port, and Mapped Transport.
Important: You must use the FQDN of the server in the Server Address option for Presence, Session Manager, and Branch Session Manager servers. 9. Enter the required information for each option. 10. Click Finish. The system adds the new mapping profile in the Mapping Profiles list and displays the settings for the profile entry that you created in the Mapping Profile tab.

11. After adding a new mapping profile, you can do any of the following operations for a mapping profile:
· (Optional) Click Click here to add a description to add a description of the mapping profile. After you add a description, click Finish. To change the description, click the displayed description.
· Click Rename to change the name of the mapping profile.
· Click Clone to duplicate the selected mapping profile under a new name. All profile entries assigned to the original mapping profile are copied over to the new mapping profile with the same options. You can then change those options as needed.
· Click Delete to delete the mapping profile and all of its profile entries.
12. For a mapping profile, you can do any of the following operations for the profile entries under the Mapping Profile tab:
· Click the Add button to create a new profile entry within the selected mapping profile. The options for a new profile entry are the same as when you created a mapping profile the first time. When you add multiple profile entries to a mapping profile, the entries can be either standard or custom profiles.
· Click Edit to change the options within a profile entry.
· Click Delete to delete the individual profile entry within the selected mapping profile.

April 2021

Avaya Aura® Presence Services Snap-in Reference

247

Comments on this document? infodev@avaya.com

Administration

Related links Custom PPM mapping profile field descriptions on page 248

Custom PPM mapping profile field descriptions

Name Profile Name Server Type
SIP Server Profile Server Address
Server Address/Port

Description The name of the PPM mapping profile. The type of server. The options are:
· Presence
· Session Manager
· Branch Session Manager For Session Manager or Branch Session Manager, select the SIP Server Profile that you want to use before you click the Custom option. After you click Custom, this becomes a display-only field.
SIP Server Profile is not used with Presence.
Important:
You must use the FQDN of the server in the Server Address option for Presence, Session Manager, and Branch Session Manager servers.
Server Address is not used with Session Manager or Branch Session Manager.
Important:
You must use the FQDN of the server in the Server Address option for Presence, Session Manager, and Branch Session Manager servers.

Server Transport
SBC Device Mapped IP

For Session Manager or Branch Session Manager, the IP address or FQDN and port number of the server. You must manually enter these values.
Server Address/Port is not used with Presence.
For Session Manager or Branch Session Manager, the transport protocol used for the server.
Server Transport is not used with Presence.
This is a display-only field that shows the SBCE server selected when adding a PPM mapping profile.
For Presence, the IP or FQDN for the mapped device. You must manually enter these values.
Mapped IP is not used with Session Manager or Branch Session Manager.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

248

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace

Name Mapped IP/Port
Mapped Transport

Description
For Session Manager or Branch Session Manager, the IP or FQDN and the corresponding port for the mapped device. You must manually enter these values.
Mapped IP/Port is not used with Presence.
For Session Manager or Branch Session Manager, the transport protocol used for the mapping profile.
Mapped Transport is not used with Presence.

Related links Creating custom PPM mapping profiles on page 245

Creating a reverse proxy policy for Avaya Workplace Client multimedia messaging
Procedure
1. Log in to the Avaya SBCE web interface with administrator credentials.
2. In the navigation pane, click Global Profiles > Reverse Proxy Policy.
3. On the Reverse Proxy Policy page, provide data in the required fields.
For Avaya Workplace Client multimedia messaging, Avaya recommends that you set Enable Allow Web Socket to Y, which enables web sockets.
4. Click Finish.
Related links Reverse Proxy Policy field descriptions on page 249

Reverse Proxy Policy field descriptions

Name General Allow Web Sockets Request Max Body Size (in MB) Timeout Client Body Timeout Client Header Timeout DNS Resolver Timeout TLS/SSL Session Timeout
Server Read Timeout

Description
Permits Web Sockets if selected. Indicates the maximum size of the client request body.
Indicates the timeout for reading the client request body. Indicates the timeout for reading the client request header. Indicates the timeout for resolving domain name of server address. Indicates the time for which the client can reuse the SSL session parameters. Indicates the maximum time for which reverse proxy waits to read data from the server before marking it as unavailable
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

249

Comments on this document? infodev@avaya.com

Administration

Name Rate/Connection Limiting Enable Rate Limiting Total Number of Clients
Maximum simultaneous Connections (per client) Average Request Rate
Burst per Client

Description
Enables rate limiting. With rate limiting, you can restrict excessive SIP requests from a host and avoid a DoS attack. Indicates the size of the shared memory zone from which SIP requests will be monitored . This field is available only when you select the Enable Rate Limiting check box. Indicates the simultaneous connections per client.
Indicates the number of requests permitted per second or minute. If the number of requests exceed the rate specified in this field, the requests are processed at a defined rate. This field is available only when you select the Enable Rate Limiting check box. Indicates the maximum burst size. Excessive requests are delayed until the number of requests exceed the maximum burst size, after which the request is stopped with an error. This field is available only when you select the Enable Rate Limiting check box.

Related links Creating a reverse proxy policy for Avaya Workplace Client multimedia messaging on page 249

Creating a reverse proxy service for Avaya Workplace Client multimedia messaging
About this task The purpose of this task is to provide a reverse proxy for remote worker clients to be able to connect to the various nodes of the cluster. Use the following procedure for each Avaya SBCE.
Note: Each Breeze Asset FQDN must also be added to the external DNS and resolve to the external IP defined. Procedure 1. Log on to Element Management System (EMS) web interface. 2. Navigate to DMZ Services > Relay.
The EMS server displays the Relay Services page. 3. In the Reverse Proxy tab, click Add.

April 2021

Avaya Aura® Presence Services Snap-in Reference

250

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace
4. On the Add Reverse Proxy Profile page, do the following:
a. In the Service Name field, type the reverse proxy profile name.
b. Select the Enabled check box.
c. In the Listen IP field, click the external SBC IP address.
d. In the Listen Protocol field, select the HTTPS protocol.
The system enables the Listen TLS profile field.
e. In the Listen TLS Profile field, click the server TLS profile that you created.
For more information, see "Creating a new TLS server profile" in the Administering Avaya Session Border Controller for Enterprise guide. The CN or SAN of the certificate must contain the hostname of the Avaya Breeze® platform Security Module that is configured in this procedure and should be signed by same signatory that signs the Avaya Breeze® platform identity certificates.
f. In the Listen Port field, type the port for remote users.
g. In the Server Protocol field, click HTTPS.
h. In the Server TLS Profile field, click the client TLS profile that you created.
For more information, see "Creating a client profile" in the Administering Avaya Session Border Controller for Enterprise guide. The certificate must be signed by a signatory that is trusted by the Avaya Breeze® platform that is configured in this procedure.
i. In the Connect IP field, click the IP address that Avaya SBCE must use for communicating with the file servers.
j. In the PPM Mapping Profile field, click None. k. In the Server Addresses field, type the Avaya Breeze® platform Security Module IP
address of the Presence Services node.
l. Click Finish. 5. Repeat step 4 for each Avaya Breeze® platform node in the Presence Services cluster.
6. If the Presence Services cluster is a multinode cluster, you must configure a proxy for the load balancer IP address. You can either use an existing profile or add a new profile.
7. To use an existing proxy profile, do the following:
a. On the Reverse Proxy tab, click Edit corresponding to the proxy profile that you have created for the Avaya Breeze® platform Presence Services node.
b. In the Edit Profile <profile name> dialog box, in the Whitelisted URL field, type the whitelisted URL of /services/PresenceServices/rest/aem/.
Use the Whitelisted URL field corresponding to the Server Addresses field that contains the Avaya Breeze® platform Security Module IP address of the Presence Services node.

April 2021

Avaya Aura® Presence Services Snap-in Reference

251

Comments on this document? infodev@avaya.com

Administration
c. Click Add to add the server address of the cluster load balancer. d. In the Server Addresses field, type the IP address or FQDN of the cluster load
balancer. e. In the corresponding Whitelisted URL field, type the whitelisted URL of /aem/
resources. f. Click Finish. The following diagram illustrates an example of the settings for the nth Breeze node. In the example, one of the external IPs to relay both directly to the Breeze node and to the Breeze cluster load-balancer is selected, depending on the URL path.

8. To add a new profile, do the following: a. Repeat step 3 and 4.
Note: In the Server Addresses field in step 4, type the cluster IP address or cluster FQDN of the Presence Services cluster.

April 2021

Avaya Aura® Presence Services Snap-in Reference

252

Comments on this document? infodev@avaya.com

Interoperability with Avaya Workplace

For more information about Presence Services cluster IP address and cluster FQDN, see "Administering the Avaya Breeze® platform cluster."
b. Click Finish.
9. Complete the following procedure: Specifying the IP addresses of the Session Border Controller or proxy servers for Presence Services cluster load balancing on page 53. Add the SBC internal network Connect IP address to the list of "Trusted Addresses for converting to use X-real-IP for session affinity".
Result
Assuming a multi-node cluster of <n> servers, you must have something as follows:
Table 1: Reverse proxy

Service Name <Service name for Breeze node 1>
<Service name for Breeze node 2>
<Service name for Breeze node n>
<Service name for load-balancer>

Listen IP:Port and Protocol Network
<external IP address 1>:443 HTTPS
External network side
<external IP address 2>:443 HTTPS
External network side
<external IP address n>:443 HTTPS
External network side
<external IP address n+1>:443 HTTPS
External network side

Connect IP Network <internal IP address 1>
Internal network side
<internal IP address 2>
Internal network side
<internal IP address n>
Internal network side
<internal IP address n+1>
Internal network side

Server Protocol HTTPS

Server Addresses and Ports
<Breeze node 1 Asset FQDN>:443

HTTPS

<Breeze node 2 Asset FQDN>:443

HTTPS HTTPS

<Breeze node n Asset FQDN>:443, <Breeze Cluster FQDN>:443*
<Breeze Cluster FQDN>:443**

Table 2: External DNS

FQDN Breeze node 1 Asset FQDN Breeze node 2 Asset FQDN Breeze node n Asset FQDN Breeze Cluster Load-balancer

IP External IP address 1 External IP address 2 External IP address n External IP address n* or Dedicated LB (external IP address n+1)**

April 2021

Avaya Aura® Presence Services Snap-in Reference

253

Comments on this document? infodev@avaya.com

Administration

Table 3: Internal DNS

FQDN Breeze node 1 Asset FQDN Breeze node 2 Asset FQDN Breeze node n Asset FQDN Breeze Cluster Load-balancer

IP Node 1 Breeze Asset IP Node 2 Breeze Asset IP Node 3 Breeze Asset IP Breeze Cluster IP

* Use one external IP to also relay to the Breeze Cluster load-balancer. Follow step 7 to add Whitelisted URLs, and do not perform step 8. Do not create a separate service entry for the loadbalancer. ** Use a dedicated external IP to relay to the Breeze load-balancer. Follow step 8, and do not perform step 7. Do not add the Breeze Cluster FQDN to any of the Server Addresses of nodes 1 to n.
Related links Administering the Avaya Breeze platform cluster on page 44

IM Blocking in Do Not Disturb state
You can administer Presence Services to block IMs to a user who is in the Do Not Disturb (DND) state. If blocking is enabled and a user sends an IM to a user in the DND state, Presence Services:
· Persistently stores the IM.
· Sends an XMPP message to the sender indicating that the IM has been temporarily blocked.
· Delivers the IM when the recipient changes the state from DND to another state.
By default, IMs are not blocked to users in the DND state.
Note:
Avaya Workplace Client does not support the Block IMs for users in Do-Not-Disturb (DND) state feature. Avaya recommends that you set the Block IMs for users in Do-Not-Disturb (DND) state attribute to False if the Conversations Enabled attribute is set to True to enable conversations for Avaya Workplace Client.
For more information, see "Configuring IM Blocking in Do Not Disturb state" and "Enabling conversations for an Avaya Workplace Client."
DND Whitelisting If IM Blocking in DND state is enabled, then DND Whitelisting overrides this behavior. If user A in DND state initiates a chat session to user B, user B is added to user A's DND Whitelist. While user B is in user A's DND Whitelist, IMs from user B will be delivered to user A, even if user A is in DND state. When user A closes the chat session with user B, then user B is removed from user A's DND Whitelist.

April 2021

Avaya Aura® Presence Services Snap-in Reference

254

Comments on this document? infodev@avaya.com

IM Blocking in Do Not Disturb state
Example of IM blocking enabled · The status of user A is Available. User B sends IM1 to user A, Presence Services delivers IM1 to user A. · User A changes the state to DND. User B sends IM2 to user A, Presence Services blocks IM2. · User A opens chat session to user B. User B is added to user A's DND Whitelist. Presence Services delivers IM2 to user A. User A sends IM3 to user B, Presence Services delivers IM3 to user B. User B sends IM4 to user A. Presence Services delivers IM4 to user A. · User C sends IM5 to user A, Presence Services blocks IM5 as user C is not on user A's DND Whitelist. · User A closes chat session to user B. Presence Services removes user B from user A's DND Whitelist. User B sends IM6 to user A, Presence Services blocks IM6. · User A changes the state to a state other than DND, Presence Services delivers IM5 and IM6 to user A.
Related links Configuring IM Blocking in Do Not Disturb state on page 255 Enabling conversations for an Avaya Workplace Client on page 236
Configuring IM Blocking in Do Not Disturb state
About this task Avaya Workplace Client does not support the Block IMs for users in Do-Not-Disturb (DND) state feature. Avaya recommends that you set the Block IMs for users in Do-Not-Disturb (DND) state attribute to False if the Conversations Enabled attribute is set to True to enable conversations for Avaya Workplace Client. For more information, see "Enabling conversations for an Avaya Workplace Client." Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Messaging (XMPP) group. 6. In the Block IMs for users in Do-Not-Disturb (DND) state field, in Effective Value, do
one of the following: · To disable blocking of IMs to users in Do Not Disturb state, click False. · To enable blocking of IMs to users in Do Not Disturb state, click True. The default value is False.

April 2021

Avaya Aura® Presence Services Snap-in Reference

255

Comments on this document? infodev@avaya.com

Administration
7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. Related links Enabling conversations for an Avaya Workplace Client on page 236
Inter-domain, inter-tenant, and multi-tenancy Presence and IM
Inter-Domain Presence and IM
Presence Services supports multiple Presence/IM domains. By default, users with Avaya Presence/IM communication addresses in different Presence/IM domains can exchange Presence and IMs. You can administer Presence Services to block presence and IM exchange between users with Avaya Presence/IM communication addresses in different Presence/IM domains. For more information, see "Configuring Presence/IM routing domain on System Manager." Related links Configuring Presence/IM routing domain on System Manager on page 301
Configuring Inter-Domain Presence and IM
About this task This procedure only applies to Avaya Aura® users managed by the same System Manager instance. If federation is enabled on Presence Services, Presence and IM exchange is always allowed between Avaya Aura® users and federated users even if they are in different domains. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the System group. 6. In the Enable Inter-Domain Presence and IM field, in Effective Value, do one of the
following: · To enable Inter-Domain Presence and IM, click True.

April 2021

Avaya Aura® Presence Services Snap-in Reference

256

Comments on this document? infodev@avaya.com

Inter-domain, inter-tenant, and multi-tenancy Presence and IM
· To disable Inter-Domain Presence and IM, click False. The default value is True. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.
Inter-Tenant Presence and IM
By default, Presence Services prevents presence and IM from being shared between tenants. You can allow presence and IM between tenants by enabling the System attribute Enable InterTenant Presence and IM. Changing this attribute does not require a restart of Presence Services.
Configuring Inter-Tenant Presence and IM
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the System group. 6. In the Enable Inter-Tenant Presence and IM field, in Effective Value, do one of the following: · To enable Inter-Tenant Presence and IM, click True. · To disable Inter-Tenant Presence and IM, click False. The default value is False. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.
Multi-tenancy
System Manager supports the ability to assign a tenant ID to a user. For more information about tenant management, see Administering Avaya Aura® System Manager guide. On enabling Multi-tenancy, Presence Services:
· Blocks presence and IM sharing between users assigned to different tenants. · Does not notify a user of any presence state changes if the contact is assigned to a different
tenant.

April 2021

Avaya Aura® Presence Services Snap-in Reference

257

Comments on this document? infodev@avaya.com

Administration
· Does not deliver IMs if the sender is assigned to a different tenant than the recipient. Presence Services sends an XMPP message to the sender indicating that the IM has been blocked.
Multi-tenancy and Avaya Workplace Client
Avaya recommends that you enable the Messaging Address Validation feature on Avaya Workplace Client in the following situation:
· When multi-tenancy is enabled for a hosted solution on Avaya Aura®, and the domains are shared between two tenants, but inter-tenant communication is not allowed.
After the Messaging Address Validation feature is enabled, Avaya Workplace Client pre-validates the addresses in its contact list, and Presence Services indicates if communication between the two tenants is allowed.
Message Archiver and SMTP Archiving Service
Message Archiver
When you enable Message Archiver, Presence Services temporarily stores all incoming and outgoing IMs in a local database. An administrator must provide a reliable storage server to which Presence Services periodically transfers the files from the database. Archived IMs can only be accessed from the SFTP server. The administrator is responsible for providing, on the SFTP server, a secure, password-protected repository for the archived IMs. Archived IMs are transferred to the SFTP server as a .zip file which contains two files:
· A text summary file which identifies the number of entries, and timestamps for the first and last entry.
· An XML file which contains the IM information. When you enable the Include Attachment List feature in message archiving, Presence Services uploads any attachments associated with the IMs, along with the .zip files, to the SFTP server. If encryption is enabled, the attachments are decrypted and then uploaded to the SFTP server. The IDs of the attachments are included in the XML file along with the IM information. By default, Message Archiver is disabled. You can enable Message Archiver on System Manager. For more information, see Enabling Message Archiving on page 260.
Note: You can only use either SMTP Archiving or Message Archiver. You can not use both Message Archiver and SMTP Archiving services at the same time.

April 2021

Avaya Aura® Presence Services Snap-in Reference

258

Comments on this document? infodev@avaya.com

Message Archiver and SMTP Archiving Service
Based on the configured upload frequency, Presence Services periodically uses SSH File Transfer Protocol (SFTP) to transfer all IMs to the remote server. If successful, Presence Services removes the IMs from the database.
The first time the file transfer is unsuccessful, Presence Services:
· Raises the major alarm: Message Archive upload failed.
· Stores the date/time of the initial failure.
· Continues to persistently store all IMs in the database.
If a subsequent attempt is successful, Presence Services clears the major alarm and uploads all the .zip files that failed to upload. If you enable the Include Attachment List feature in message archiving, any attachments associated with the IMs are also uploaded. If subsequent attempts are unsuccessful, as long as the upload failure threshold is not reached, the major alarm remains raised, and Presence Services continues to persistently store all IMs in the database.
After the remote upload failures threshold is reached, Presence Services:
· Raises the critical alarm: Message Archiving Disabled.
· Continues to persist the IMs that were previously stored, but does not persist further IMs. Presence Services continues to periodically attempt to transfer the IMs to the remote server based on the configured upload frequency.
If successful, Presence Services:
- Clears the critical alarm and uploads all the .zip files that failed to upload. If you enable the Include Attachment List feature in message archiving, any attachments associated with the IMs are also uploaded.
- Removes the IMs from the database.
- Resumes storing IMs persistently in the local database.
For more information about major and critical alarms, see Presence Services alarms on page 361.
The following are some examples why file transfer may be unsuccessful:
· Invalid remote server credentials were configured.
· The remote server is out of service.
· Network connectivity issues.
Note:
If there are no archived messages when the upload timer expires, Presence Services does transfer a .zip file. The text summary file indicates that the number of entries is zero, and the timestamps are blank. The XML file contains three lines of "header" information, but no messages.
Example The upload frequency is 4 hours and the remote upload failures threshold is 5 days.

April 2021

Avaya Aura® Presence Services Snap-in Reference

259

Comments on this document? infodev@avaya.com

Administration
The first time the file transfer is unsuccessful, Presence Services · Raises the major alarm: Message Archive upload failed. · Stores the date and time of the initial failure. · Continues to persistently store all IMs in the database.
After 4 hours, Presence Services attempts another file transfer to the remote server. If unsuccessful, Presence Services:
· Does not clear the major alarm. · Continues to persistently store all IMs in the database. · Continues to attempt a file transfer every 4 hours. After 31 sequential file transfer failures, the remote upload failures threshold is reached and Presence Services: · Raises the critical alarm: Message Archiving Disabled. · Continues to persist the IMs that were previously stored, but does not persist more IMs. Presence Services continues to attempt a file transfer every 4 hours. If successful, Presence Services: · Clears the critical and major alarm: Message Archiving Disabled. · Uploads all .zip files that failed to upload. If you enable the Include Attachment List feature in
message archiving, any attachments associated with the IMs are also uploaded · Removes the previously-stored IMs from the local database. · Stores all incoming IMs in the local database.
Enabling Message Archiving
About this task Enable the archiving of messages to an SFTP server, optionally with message attachments. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Message Archiving group. 6. In Effective Value, do the following:
a. In the Message Archiving Enabled field, click True to enable Message Archiving. The default is False.
b. In the Message Archiving Remote Server Address field, type the IP address or Fully Qualified Domain Name (FQDN) of the remote SFTP server where you want to upload the archived messages.

April 2021

Avaya Aura® Presence Services Snap-in Reference

260

Comments on this document? infodev@avaya.com

Message Archiver and SMTP Archiving Service
c. In the Message Archiving Remote User field, type a login name to connect to the remote SFTP server.
d. In the Message Archiving Remote Password field, type a password to connect to the remote SFTP server.
e. (Optional) In the Message Archiving Remote Path field, type the sub-directory name on the remote SFTP server where Presence Services must upload the archived IMs.
Note: The path that you specify is relative to the home folder of the user and is not an absolute path. The sub-directory will be only one level under user's home. If left blank, Presence Services uploads the archived IMs to the home folder of the user. f. In the Message Archiving Remote Upload Frequency field, type the frequency, in hours, at which Presence server attempts to upload the archived IMs to the remote SFTP server. Valid values are from 1 through 24. The default value is 4 hours. g. In the Message Archiving Remote Upload Failures Threshold field, type the number of days of consecutive remote upload failures after which Presence Services disables Message Archiving. Valid values are from 1 through 15. The default is 5 days. h. (Optional) In the Include Attachment List field, click True to enable the inclusion of message attachments when archiving messages. The default is false. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.
SMTP Archiving Service
The SMTP Archiving Service archives Multimedia Messaging conversations to an SMTP server. The archived data includes text messaging and multimedia attachments posted in a conversation session. A Multimedia Messaging conversation is archived as number of conversation snippets. Conversation snippets cover a time interval from the conversation start to the conversation end. A single conversation is archived as multiple conversation snippets that belong to the same conversation and can be aggregated using the conversation ID or thread ID. Each conversation snippet is equivalent for sending an email to the SMTP server. Global Relay Archive is the supported archiving service from the Presence Services SMTP Archiving Service. An archived email has the following structure:
· Subject: Contains the conversation ID or thread ID, the number of participants, the number of messages, and the duration of the conversation in minutes.
· From: Contains the client that created the conversation. · To: Contains all participants of the conversation. For more information, see the "To:" field
description in RFC 2822.

April 2021

Avaya Aura® Presence Services Snap-in Reference

261

Comments on this document? infodev@avaya.com

Administration
· RCPT TO Header address: The RFC 2821 message envelope recipient. For more information, see configuration of the SMTP RCPT TO Header.
An email that archives a conversation can contain one or more conversation snippets. Each snippet includes the following components:
· Conversation Summary: - Conversation ID. - Subject: If the conversation has no subject, this field can be empty. - Start Time: If the conversation snippet contains the "Conversation started" event, then this field shows the timestamp of the "Conversation started" event. If the conversation snippet has no "Conversation started" event, the Start Time is the timestamp of the scheduled archiving timestamp. - End Time: If the conversation snippet has the "Conversation closed" event, the End Time is the timestamp of the "Conversation closed" event.
· Conversation Events: - Conversation started event: Identifies the conversation started event. - Message sent event: Identifies the text message or attachment delivery event. - User joined conversation event: Identifies that a participant joined the conversation. The event contains information about the inviter and who joined the conversation. - User left conversation event: Identifies who left the conversation. - Conversation subject change event: Identifies a new conversation subject and the person who changed the subject. - Conversation closed event: Identifies the conversation closed event.
· Conversation Activities: - Message sent activity: Contains information about the message sender and the time when the message was sent. This activity also applies to sending multimedia attachments. - Message retrieved activity: Contains information about the message recipient and the time when the message was retrieved. - Message read activity: Contains information about the message recipient who marked the message as read. The activity also contains information about the time when the message was read. - Attachment retrieve activity: Contains information about the person that retrieved the attachment and the time when the attachment was retrieved. The activity also has a reference to the attachments of the archived email.
Note: Only Avaya Workplace Client clients that participate in a conversation support all the listed events and activities. Other clients might not support certain events or activities. By default, the SMTP Archiving Service is disabled. For more information about configuration, see Configuring the SMTP archiving service on page 263.

April 2021

Avaya Aura® Presence Services Snap-in Reference

262

Comments on this document? infodev@avaya.com

Message Archiver and SMTP Archiving Service
Note: You can only use either SMTP Archiving or Message Archiver. You can not use both Message Archiver and SMTP Archiving services at the same time. When the SMTP archiving service is enabled, the service temporarily stores the archiving data in the local database. The Archiving Schedule attribute sets the time of day when the archiving is scheduled. On scheduled archiving, conversation snippets are built as archived emails, and then emails are delivered to the SMTP server. If the archived email delivery is successful, all temporary data is cleared. If the archived email delivery is unsuccessful, then Presence Services do the following: · Raises a major alarm, "SMTP archiving upload failed". · All the data is kept for re-delivery of the conversation snippet or email. If the archived email delivery is successfully delivered during the next scheduled upload, the major alarm is cleared. If the problem persists for the SMTP Upload Failures Threshold period, Presence Services raises a critical alarm, "SMTP archiving service is disabled". In this case, all previously archived conversation snippets are retained. All subsequent conversation events and activities, however, are no longer archived. After the critical alarm is raised, on each scheduled archiving, Presence Services tries to deliver previously archived conversation snippets to the SMTP server. If the delivery is successful, the SMTP Archiving Service resumes normal operation. Related links Configuring the SMTP archiving service on page 263
Configuring the SMTP archiving service
About this task Use this procedure to configure the SMTP archiving service.
Important: If you disable the SMTP Archiving Service, all undelivered archived conversation snippets and archived data from the local database will be deleted. To check if there are any undelivered archived data, run the pressStatus archiver CLI command to view the data in the local database. Before you begin Some SMTP Servers, including Global Relay, use the STARTTLS procedure for mail upload. To allow the SMTP archiving aervice to run the STARTTLS procedure, the trusted certificate must be uploaded from https://Global Relay Archive into the Avaya Breeze® platform server certificates list. Contact Global Relay to obtain the SMTP Mail Server certificate in the PEM format and then install the certificate as described in Importing the Global Relay SMTP server certificate into the Avaya Breeze platform server on page 265. Procedure 1. On the System Manager web interface, navigate to Elements > Avaya Breeze® >
Configuration. 2. Click Attributes.

April 2021

Avaya Aura® Presence Services Snap-in Reference

263

Comments on this document? infodev@avaya.com

Administration
3. On the Service Clusters tab, in the Cluster field, select the Presence Services cluster.
4. In the Service field, select the Presence Services service.
5. On the Attributes Configuration page, navigate to the SMTP Archiving Service group.
6. Navigate to the Effective Value column.
7. In the SMTP Archiving field, select Enable to enable the SMTP Archiving Service.
By default, the service is disabled.
8. In the SMTP Host field, enter the IP address or FQDN of the SMTP server that provides the archiving service.
You can also specify an SMTP server port using the following format: <SMTP server FQDN or IP>:<port number>. For example: smtp.host.fqdn.com:25. The default SMTP server port is 587. The supported ports are 587 and 25. If you do not specify the port or if you enter an unsupported port number, then the default port is used to communicate with the SMTP server.
Note:
If you are using Global Relay Archive, the SMTP Host is provided by Global Relay.
9. In the SMTP Service Username and SMTP Authentication Password fields, enter the valid user name and password that are provided by Global Relay Archiving Services.
10. In the Archiving Message Type field, enter the message type that is provided by Global Relay Archiving Services.
11. In the SMTP RCPT TO Header field, enter the RCPT TO address provided by Global Relay Archiving Services.
For more information, see RFC 2821.
12. In the Archiving Schedule field, set the required time and period for archiving.
The default value is "Every 3 hours: Runs at 00:00 03:00 to 21:00". This means that the scheduled archiving process runs every three hours, so there are eight uploads per day. The archiving process runs at 00:00 a.m., 03:00 a.m., 06:00 a.m. and so on.
13. In the SMTP Upload Failures Threshold field, enter the number of days of consecutive upload failures before the SMTP Archiving service is suspended.
The range is 1 to 7 days. The default value is 3 days. If the default value is used, the SMTP Archiving Service is disabled after 72 hours from the first upload failure.
14. Click Commit.
Related links SMTP Archiving Service on page 261 Importing the Global Relay SMTP server certificate into the Avaya Breeze platform server on page 265

April 2021

Avaya Aura® Presence Services Snap-in Reference

264

Comments on this document? infodev@avaya.com

Offline IM storage
Importing the Global Relay SMTP server certificate into the Avaya Breeze® platform server
Before you begin Contact Global Relay to obtain the SMTP Mail Server certificate in the PEM format. Procedure
1. On the System Manager web interface, navigate to Services > Inventory. 2. Click Manage Elements and then select the Avaya Breeze® platform server. 3. Click More Actions. 4. Click Manage Trusted Certificates.
Note: Depending on the System Manager system version, the field name might be Configure Trusted Certificates. 5. Click Add. 6. On the Add Trusted Certificate page, in the Select Store Type to add trusted certificate field, click WEBSPHERE. 7. Click Import from file and then select the Global Relay certificate in the PEM format. 8. Click Retrieve Certificate. 9. Click Commit. Related links Configuring the SMTP archiving service on page 263
Offline IM storage
If Offline IM Storage is enabled on Presence Services, and a user sends an IM to a user who is offline, then Presence Services:
· Stores the IM in a local database. These IMs survive events such as Presence Services restarts and High Availability failovers.
· Delivers the IM when the offline user logs in to an IM-capable endpoint. A user is considered to be offline only if the user is not logged in to an IM-capable device. If a user manually sets the presence state to Offline but remains logged in to an IM-capable device, then Offline IM Storage does not occur. If a user is logged in to multiple IM-capable devices, and then logs out of one device, then Offline IM Storage does not occur. In both of these cases, Presence Services delivers the IM to the devices of the user. The limitation is that the Presence Services stores a limited number of offline IMs for a user.

April 2021

Avaya Aura® Presence Services Snap-in Reference

265

Comments on this document? infodev@avaya.com

Administration
When Offline IM Storage is enabled, Presence Services does not provide an indication to the sender that the IM is temporarily stored or is delivered to the user. If Offline IM Storage is disabled and a user sends an IM to a user who is offline, Presence Services:
· Discards the IM. · Sends an XMPP message to the sender indicating that service is not available. If a user has reached the offline IM limit, and another user tries to send an IM to that user who is offline, Presence Services: · Discards the IM. · Sends an XMPP message to the sender indicating that service is not available. By default, Offline IM Storage is enabled, and the offline IM limit is 25 IMs per user. You can administer Offline IM Storage on System Manager.
Note: · Avaya recommends that you set the Offline IM Storage Enabled attribute to True and set the Conversations Enabled field to disabled when you use only XMPP clients like Avaya one-X® Communicator with Presence Services. · Avaya recommends that you set the Offline IM Storage Enabled attribute to False when Presence Services is deployed in an Avaya Workplace Client environment. By default, Presence Services provides offline IM storage support for Avaya Workplace Client clients. For more information, see Configuring offline IM storage on page 266. · You must enable either Offline IM Storage Enabled field or Conversations Enabled field at a time. Both the fields will not work together if they are enabled.
Configuring offline IM storage
About this task Avaya recommends that you set the Offline IM Storage Enabled attribute to False when Presence Services is deployed in an Avaya Workplace Client environment. By default, Presence Services provides offline IM storage support for Avaya Workplace Client clients. For more information, see "Enabling conversations for an Avaya Workplace client". Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster.

April 2021

Avaya Aura® Presence Services Snap-in Reference

266

Comments on this document? infodev@avaya.com

Port management
4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Messaging (XMPP) group. 6. In Effective Value, do the following:
a. In the Offline IM Storage Enabled field, click True to enable Offline IM Storage. The default is True.
b. In the Offline IM Storage Targeted Maximum IMs Per User field, type the maximum number of offline IMs stored per user. The default is 25 IMs.
7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. Related links Enabling conversations for an Avaya Workplace Client on page 236
Port management
Service Ports are administered on System Manager. When Avaya Breeze® platform is installed, Avaya Breeze® platform opens platform ports, such as 5061 which is used for SIP signaling. When the Presence Services snap-in is loaded, Presence Services additionally opens ports 5222, 5269, and 5063.
· Endpoint devices such as one-X® Communicator use port 5222 to establish an XMPP clientto-server connection to Presence Services.
· Third-party XMPP servers such as Ignite Realtime Openfire use port 5269 to establish an XMPP server-to-server connection to Presence Services.
· The Federation Relay component uses port 5063 to communicate with the Microsoft RTC Front End server.
Note: Any changes to the ports will require corresponding changes on endpoints or third-party server. Some endpoints may not support any port besides 5222. Avaya recommends that you do not change the default ports 5222, 5269, and 5063 because some endpoint devices and third-party servers are hard-coded to use these ports. If the port values are changed:
· Corresponding changes might be needed on endpoints or third-party servers. · A Presence Services restart is required. · For S2S, DNS SRV records need to be updated.

April 2021

Avaya Aura® Presence Services Snap-in Reference

267

Comments on this document? infodev@avaya.com

Administration
Changing a service port
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze®. 2. Click Configuration > Service Ports. 3. In the Service field, select the Presence Services snap-in. 4. In the Cluster field, select the Presence Services cluster. 5. In the Selected Service Ports table: · To change the XMPP Client to Server port, in the XMPP_C2S_Port row, select Override Default and enter the new port in the Effective Port Value field. · To change the XMPP Server to Server port, in the XMPP_S2S_Port row, select Override Default and enter the new port in the Effective Port Value field. 6. Click Commit. 7. Restart Presence Services.
Related links Restarting Presence Services on page 268
Restarting Presence Services
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Service Management. 2. Click Services. 3. Locate the Presence Services SVAR, and click the PresenceServices link. The system displays the PresenceServices: Avaya Breeze® Instance Status page. 4. In the Service Install Status column, verify the clusters on which the service is installed. 5. Click Service Management > Services, and then select the check box corresponding to the PresenceServices service. 6. Click Stop. The system displays a confirmation window listing all clusters on which the service is stopped. 7. Select the clusters that you want to stop, and click Stop. On the Service Management page, in the State column, the service state will change to Stopping.

April 2021

Avaya Aura® Presence Services Snap-in Reference

268

Comments on this document? infodev@avaya.com

Port management
8. Click the Refresh Table icon to refresh the screen.
Eventually, the State column will display Stopped, indicating that the service has stopped.
If you click the PresenceServices link, the PresenceServices: Avaya Breeze® Instance Status window will open showing the state as Stopped in the Service Install Status column.
9. Click Service Management > Services, and then select the check box corresponding to the PresenceServices service.
10. Click Start.
Note:
Before starting Presence Services, ensure that Service Install state is Stopped, as described in Step 8.
The system displays a confirmation window listing all clusters on which the service is installed.
11. Select the clusters that you want to start, and click Start.
On the Service Management page, in the State column, the service state will change to Starting.
12. Click the Refresh Table icon to refresh the screen.
Eventually, the State column will display Installed, indicating that the service has started.
If you click the PresenceServices link, the PresenceServices: Avaya Breeze® Instance Status window will open showing the state as Installed in the Service Install Status column.
Note:
When the Presence Services snap-in is restarted or a cluster High Availability event occurs, the system might take up to an hour for some connected endpoints to receive presence updates. You can reestablish the existing subscriptions. For over-engineered or lightly-loaded Presence deployments, you can shorten this recovery time by shortening the subscription time.
For more information, see "Modifying the SIP subscription or publication expiry time".
13. After 2-10 minutes, verify that Presence Services is ready to support Presence and IM.
For more information, see "Verifying that Presence Services snap-in is ready to support Presence and IM".
Related links Modifying the SIP subscription or publication expiry time on page 328 Verifying that Presence Services snap-in is ready to support Presence and IM on page 78

April 2021

Avaya Aura® Presence Services Snap-in Reference

269

Comments on this document? infodev@avaya.com

Administration
Roster size enforcement
Following are the types of users:
· Aura users: Presence and IM services are provided by Presence Services.
· Federated users: Presence and IM services are provided by a third-party server, which is federated with Presence Services.
When two users user A and user B have a presence relationship, the users assume one of three roles:
· Watcher: When user A adds user B to the contact or buddy list by subscribing to presence of user B , user A is a Watcher of user B.
· Presentity: When user A adds user B to the contact or buddy list by subscribing to presence of user B, user B is a Presentity of user A.
· Two-way: When user A adds user B to the contact or buddy list by subscribing to presence of user B, and user B adds user A to the contact or buddy list by subscribing to presence of user A, user A is both a Watcher of user B and a Presentity of user B.
Roster is the list of presence relationships of a user. On Presence Services, the size of roster of a user can be administered. By default, an Aura user can have:
· A maximum of 100 presentities (contacts), that is, 100 relationships where the user role is Watcher or Two-way.
· A maximum of 100 federated watchers, that is, 100 relationships where the user role is Presentity or Two-way, and the watcher is a federated user
In the case where an Aura user has a Two-way relationship with a federated watcher, the relationship is subject to both limits. For instance, if an Aura user has a Two-way relationship with 100 federated users, then both default limits have been reached.
For an Aura H.323 watcher, once an Aura user's maximum number of presentities or contacts has been reached, when the watcher attempts to add another presentity:
· Presence Services rejects the subscription and returns an XMPP error.
· The watching user will not see presence of the presentity.
· The device of watching user may display an error to the user. For more information, consult Avaya endpoint documentation.
For an Aura SIP watcher, once an Aura user's maximum number of presentities or contacts has been reached, when the watcher attempts to add another presentity:
· Presence Services rejects the subscription and returns a SIP error.
· The watching user will not see presence of the presentity.
· The Presence Buddy flag of the contact will be set to No. On System Manager, this is available at Users > User Management > Manage Users > Contacts > Associated Contacts.

April 2021

Avaya Aura® Presence Services Snap-in Reference

270

Comments on this document? infodev@avaya.com

Network Management System
· The device of watching user may display an error to the user. For more information, consult Avaya endpoint documentation.
For a federated SIP or XMPP watcher, once an Aura user's maximum number of federated watchers has been reached, when another federated watcher attempts to subscribe to the Aura user's presence:
· Presence Services rejects the subscription and returns a SIP or XMPP error. · Presence Services will not send the Aura user's presence information to the federated
server. Refer to the third-party server documentation to determine how the third-party server behaves in this scenario.
Configuring Roster limit
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the System group. 6. In the Roster Limit: Maximum Number of Contacts field, in Effective Value, type a value between 1 and 1000 that represents the maximum number of Aura and federated presentities that an Aura watcher can add to the contact list. The default number of users is 100. 7. In the Roster Limit: Maximum Number of External Watchers field, in Effective Value, type a value between 1 and 1000 that represents the maximum number of federated watchers that can add an Aura user to the contact list. The default number of users is 100. 8. (Optional) To override the default value, select the Override Default check box. 9. Click Commit.
Network Management System
This section describes how to setup a third-party Network Management System (NMS) to receive alarms from an Avaya Breeze® platform running Presence Services. In this document, OpenNMS

April 2021

Avaya Aura® Presence Services Snap-in Reference

271

Comments on this document? infodev@avaya.com

Administration
is used. OpenNMS is an enterprise grade network management platform developed in the open source model. For more information, go to https://www.opennms.org/en. The following sections describe how to:
· Configure System Manager. · Install and configure OpenNMS. · Test the setup by generating test alarms on a Avaya Breeze® platform server and receiving
them as events on OpenNMS.
Configuring System Manager
About this task System Manager is used to configure the SNMP Agent on Avaya Breeze® platform. The following procedure shows how to configure the Serviceability Agent on System Manager to enable Avaya Breeze® platform to send SNMP alarms (traps) to OpenNMS. Procedure
1. Configure an SNMP target v2 profile.
Note: A user profile is not required for a v2 target profile. a. On System Manager, navigate to Services > Inventory > Manage Serviceability Agents > SNMP Target Profiles. b. Click New. c. Fill in the following details:
· Name: Enter a name. · Description: Enter a short description. · IP Address: Enter the IP address of the openNMS server. · Port: Enter a port number. · Notification Type: Select trap. · Protocol: Select v2. · Community: Select public. d. Click Commit. 2. Configure the Serviceability Agent. a. On System Manager, navigate to Services > Inventory > Manage Serviceability Agents > Serviceability Agents. b. On the Serviceability Agents page, select the Avaya Breeze® platform hostname or multiple hosts that form a Avaya Breeze® platform cluster from the list of serviceability agents.

April 2021

Avaya Aura® Presence Services Snap-in Reference

272

Comments on this document? infodev@avaya.com

Network Management System
c. Once all the servers are selected, click Manage Profiles. d. Click the SNMP Target Profiles tab. e. Select the target profile configured earlier from the Assignable Profiles. f. Click Assign to make the profile to agent assignment.
The system moves the profile from the Assignable list to the Removable list. g. Click Commit.

Exporting the MIB file

About this task Management Information Base (MIB) files are used to describe the contents of the alarms or traps. These files define the Object Identifiers (OIDs) and data types used to build SNMP alarm messages. Some NMS systems require a complete specification of all the OIDs used for all alarm messages that a target system could generate. However, OpenNMS does not have this restriction. The following procedure describes how to retrieve all the MIBs to define every OID that could be sent from a Avaya Breeze® platform running Presence Services. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > System Tools and Monitoring.
2. Click SNMP MIB. 3. Click Download next to the ce-mibs-xxx.zip and the ce-services-mib.zip files.

Extract the following two files:

· opt/Avaya/AUS/snapin-alarms/avaya-products-PresenceServices.my

· SNAPIN-VARBIND/EDP-Snapin-var-bind-mib.my

$ unzip -l ce-services-mib.zip

Archive: ce-services-mib.zip

Length

Date Time Name

-------- ---- ---- ----

8175 06-03-16 11:18 opt/Avaya/AUS/snapin-alarms/Avaya-products-

EngagementDesigner.my

8194 07-13-16 17:24 opt/Avaya/AUS/snapin-alarms/CEServices-CommonAlarmDef-

Data.my

8221 09-22-16 15:11 opt/Avaya/AUS/snapin-alarms/avaya-products-

PresenceServices.my

--------

-------

32777

4 files

$ unzip -l ce-mibs-3.2.0.0.62002.zip

Archive: ce-mibs-3.2.0.0.62002.zip

Length

Date Time Name

-------- ---- ---- ----

0 06-29-16 12:07 CE/

10709 06-29-16 12:07 CE/CE-CommonAlarmDef-Data.my

4486 06-29-16 12:07 CE/SmSecMod-CommonAlarmDef-Data.my

3910 06-29-16 12:07 CE/CeThirdPrty-CommonAlarmDef-Data.my

0 06-29-16 12:07 CEELEM/

3863 06-29-16 12:07 CEELEM/CEELEM-CommonAlarmDef-Data.my

April 2021

Avaya Aura® Presence Services Snap-in Reference

273

Comments on this document? infodev@avaya.com

Administration

0 54084 29349 30159 73505 21431
5577 46150
0 5498 -------288721

06-29-16 12:07 06-29-16 12:02 06-29-16 12:02 06-29-16 12:02 06-29-16 12:02 06-29-16 12:02 06-29-16 12:02 06-29-16 12:02 06-29-16 12:07 06-29-16 12:02

STANDARD/ STANDARD/HOST-RESOURCES-MIB.my STANDARD/Tcp-mib.my STANDARD/SNMPv2-MIB.my STANDARD/If-mib.my STANDARD/Udp-mib.my STANDARD/INADS-MIB.my STANDARD/UCD-SNMP-MIB.my SNAPIN-VARBIND/ SNAPIN-VARBIND/EDP-Snapin-var-bind-mib.my ------16 files

4. Download the third MIB file Avaya_Aura_ServicabilityAgent_Mib.my from the Avaya support site:

a. Navigate to https://support.avaya.com/. b. Search with the string snmp white paper.

The system displays several versions of the System Manager SNMP White Paper document.
c. Download the appropriate version and find the Serviceability Agent MIB file attached in the appendix of the document.

These three MIB files provide a complete description of all the OIDs used by the alarms that are generated by Presence Services running on the Avaya Breeze® platform.
OpenNMS only requires the avaya-products-PresenceServices.my MIB file to be
imported.

Installing OpenNMS
About this task OpenNMS can be installed on Windows or Linux platform types. Refer to the installation documentation on the OpenNMS website for more details: https://docs.opennms.org/opennms/ releases/latest/guide-install/guide-install.html. Before you begin The following are the prerequisites for installing OpenNMS:
· Oracle Java SE Development Kit 8. OpenJDK is not recommended for production. · PostgrresSQL 9.1 or later. · Configured yum package manager. Installing OpenNMS with the yum package manager will ensure that all the pre-requisites are installed. Procedure 1. Download the OpenNMS repository file and install the packages as follows:
You must run the installation as the root user.
# rpm -Uvh http://yum.opennms.org/repofiles/opennms-repo-stable-rhel6.noarch.rpm # yum install opennms

April 2021

Avaya Aura® Presence Services Snap-in Reference

274

Comments on this document? infodev@avaya.com

Network Management System

. . . . . . Installed:
opennms.noarch 0:18.0.2-1

Dependency Installed: jdk1.8.0_60.x86_64 2000:1.8.0_60-fcs jicmp.x86_64 0:1.4.5-2 jicmp6.x86_64 0:1.2.4-1 opennms-core.noarch 0:18.0.2-1 opennms-webapp-jetty.noarch 0:18.0.2-1

Complete!

Note:

In this example, the Postgres database is already installed.

2. Use the following commands to prepare the database.

# service postgresql-9.1 initdb # chkconfig postgresql-9.1 on # service postgresql-9.1 start

# initialize the DB # enable DB server on system startup # start the DB server

3. Enter the following postgres command to create a database user for OpenNMS to use.

# su - postgres -bash-4.1$ createuser -P opennms Enter password for new role: opennms Enter it again: opennms Shall the new role be a superuser? (y/n) n Shall the new role be allowed to create databases? (y/n) n Shall the new role be allowed to create more new roles? (y/n) n -bash-4.1$ createdb -O opennms opennms -bash-4.1$ exit
4. Modify the password for the Postgres super user account.

# su - postgres -bash-4.1$ psql -c "ALTER USER postgres WITH PASSWORD 'opennms18';" ALTER ROLE -bash-4.1$ exit
5. Modify the postgres configuration for OpenNMS access over the local network.

a. Navigate to /var/lib/pgsql/9.1/data/.

b. Update the pg_hba.conf file as follows:

From:

#host #host

replication replication

To:

host all host all

6. Restart the postgres server.

postgres postgres all all

198.51.100.9/32 ::1/128 198.51.100.9/32 ::1/128

ident ident
md5 md5

# service postgresql-9.1 restart Stopping postgresql-9.1 service: Starting postgresql-9.1 service:

[ OK ] [ OK ]

April 2021

Avaya Aura® Presence Services Snap-in Reference

275

Comments on this document? infodev@avaya.com

Administration
7. Modify the OpenNMS database access configuration file using the passwords created earlier.
# vi /opt/opennms/etc/opennms-datasources.xml <jdbc-data-source name="opennms"
database-name="opennms" class-name="org.postgresql.Driver" url="jdbc:postgresql://localhost:5432/opennms" user-name="opennms" password="opennms"/> <jdbc-data-source name="opennms-admin" database-name="template1" class-name="org.postgresql.Driver" url="jdbc:postgresql://localhost:5432/template1" user-name="postgres" password="opennms18"/>

Starting OpenNMS

Procedure

1. Initialize and start OpenNMS.

# /opt/opennms/bin/runjava -s # /opt/opennms/bin/install -dis # service opennms start Starting OpenNMS:

[ OK ]

2. Verify that all the OpenNMS internal components are up and running.

# cd /opt/opennms/bin/

# ./opennms -v status

OpenNMS.Eventd

: running

OpenNMS.Trapd

: running

OpenNMS.Queued

: running

OpenNMS.Actiond

: running

OpenNMS.Notifd

: running

OpenNMS.Scriptd

: running

OpenNMS.Rtcd

: running

OpenNMS.Pollerd

: running

OpenNMS.PollerBackEnd : running

OpenNMS.EnhancedLinkd : running

OpenNMS.Ticketer

: running

OpenNMS.Collectd

: running

OpenNMS.Discovery

: running

OpenNMS.Vacuumd

: running

OpenNMS.EventTranslator: running

OpenNMS.PassiveStatusd : running

OpenNMS.Statsd

: running

OpenNMS.Provisiond

: running

OpenNMS.Reportd

: running

OpenNMS.Bsmd

: running

OpenNMS.Alarmd

: running

OpenNMS.Ackd

: running

OpenNMS.JettyServer : running

opennms is running

April 2021

Avaya Aura® Presence Services Snap-in Reference

276

Comments on this document? infodev@avaya.com

Network Management System
Configuring Linux firewall
Procedure If your OpenNMS server platform is using a firewall, you must open the following ports: · UDP 162: For receiving alarms or traps. · TCP 8980: For accessing the OpenNMS web console.
Accessing the OpenNMS web console
Procedure 1. You can access OpenNMS web console through http://<IP-or-FQDN-of ­ OpenNMS-server>:8980/opennms. 2. Use this user interface to configure OpenNMS and manage or monitor network devices called nodes. The default username and password used to login to the web console is admin/admin.
Importing MIB files into OpenNMS
About this task The exported MIB files must be imported into OpenNMS to interpret incoming SNMP alarms and convert them into OpenNMS events. Use the following steps to import the required MIB files. Procedure
1. On the OpenNMS web console, navigate to admin > Configure OpenNMS. 2. In Additional Tools, click SNMP MIB Compiler. 3. Click Upload MIB, and select the avaya-products-PresenceServices.my MIB file
for uploading. The system loads the MIB file into the pending area.

April 2021

Avaya Aura® Presence Services Snap-in Reference

277

Comments on this document? infodev@avaya.com

Administration

4. Right-click the avaya-products-PresenceServices.my file in the pending list and select Compile MIB.
The MIB file will now appear in the MIB compiled tree.

5. Right-click the avaya-products-PresenceServices.my file in the compiled list and select Generate Events.
6. Click Save Events File.

April 2021

Avaya Aura® Presence Services Snap-in Reference

278

Comments on this document? infodev@avaya.com

Network Management System
The system creates an OpenNMS event definition file for all Presence Services alarms defined in the MIB file.
Modifying OpenNMS event definitions
About this task The MIB compiler does not translate alarm severity or alarm parameters into the proper format for OpenNMS. You must edit each event to make it more usable and presentable in OpenNMS. Procedure
1. On the OpenNMS web console, navigate to admin > Configure OpenNMS. 2. In Event Management, click Customize Event Configurations. 3. In the Select Events Configuration File menu, select the AVAYA-PRODUCTS-
PRESENCESERVICES-MIB.events.xml events configuration file. 4. Delete the avCESERVICE1 trap event as the OID conflicts with the avCESERVICE29
event. 5. Perform the following steps to customize all the events:
a. Select the trap event and click Edit. For example, avCESERVICE20.
b. Modify the Severity field from Indeterminate to a more appropriate level. c. Modify any parameters in the Description text from either {1} or $1 to the OpenNMS
format of %parm[#1]%. d. Repeat for each parameter in this event.

April 2021

Avaya Aura® Presence Services Snap-in Reference

279

Comments on this document? infodev@avaya.com

Administration

6. Click Save and repeat for each trap event in the file. 7. After all the trap events have been updated, click Save Events File. 8. Click Yes to overwrite the existing file.
Creating OpenNMS node elements
About this task For OpenNMS to receive traps from Presence Services on the Avaya Breeze® platform, you must define a node to represent the Avaya Breeze® platform server. The following procedure describes how to create a node. Procedure
1. On the OpenNMS web console, navigate to admin > Configure OpenNMS. 2. In Provisioning, click Manually Add an Interface. 3. Enter the IP address of the Avaya Breeze® platform Management Network Interface.

April 2021

Avaya Aura® Presence Services Snap-in Reference

280

Comments on this document? infodev@avaya.com

4. Click Add. 5. Click Info to navigate to the Nodes page.

Network Management System

Testing the OpenNMS installation
About this task You can manually generate alarms or traps to test OpenNMS installation on the Avaya Breeze® platform using the CLI interface. Procedure
1. Log in to the Avaya Breeze® platform CLI interface and obtain root access. 2. Run the presAlarmTest.sh script to generate alarms for testing.
· Use the ­l option to list all available alarms. · Use the ­r option to raise an alarm. · Use the ­c option to clear an alarm.
# cd /opt/Avaya/snap_in/ps/bin/ # ./presAlarmTest.sh
Test Tool for raising/clearing all Presence Services alarms. Usage: presAlarmTest -l|-r|-c
Options: -l list all available alarms -r [alarm-event-code], raise a given alarm or leave alarm-event-code
blank to raise all alarms -c [alarm-event-code], clear a given alarm or leave alarm-event-code
blank to clear all alarms -h Prints this help

April 2021

Avaya Aura® Presence Services Snap-in Reference

281

Comments on this document? infodev@avaya.com

Administration

# ./presAlarmTest.sh -l

Available alarms:

MESSAGE_ARCHIVE_UPLOAD_FAILURE_ALARM_CODE_MAJOR

MESSAGE_ARCHIVE_UPLOAD_FAILURE_ALARM_CODE_CRITICAL

GEO_REMOTE_DATACENTER_FAILURE_ALARM_CODE_CRITICAL

GEO_CONFIG_ALARM_CODE_MAJOR GR_02

HEALTH_MONITOR_CLUSTER_ALARM_MAJOR HLTH_01

HEALTH_MONITOR_SERVER_ALARM_MAJOR

HLTH_02

HEALTH_MONITOR_CLUSTER_ALARM_CRITICAL HLTH_03

# ./presAlarmTest.sh -r IMArc_01

# ./presAlarmTest.sh -c IMArc_01

IMArc_01 IMArc_02 GR_01

Viewing the Alarm events in OpenNMS
Procedure
1. On the OpenNMS web console, navigate to Info > Nodes. This page will display the node summary page for the Avaya Breeze® platform server.
2. Click View Events to view any received alarms.
The following image shows the raised and cleared events that were generated from the alarms raised and cleared in the earlier section.

In this example, event 43 is a major alarm and event 44 is the clear event for the major event 43.
3. To view the details of the alarm, click on the green link on the event number.

April 2021

Avaya Aura® Presence Services Snap-in Reference

282

Comments on this document? infodev@avaya.com

Certificate management
The %parm[#xx]% parameters from the event definition have been updated with the actual alarm data as received from the Avaya Breeze® platform server. The following example shows two highlighted parameters in the Description field.

Certificate management
Adding Subject Alternative Name DNS name to Security Module HTTPS Identify Certificate
About this task Modify the certificate used for HTTPS communication on each Avaya Breeze® platform server in the Presence Services cluster to include a subject alternative name (SAN) of type DNS Name. This procedure uses the sample values in the "Single-server Cluster Federated with Ignite Openfire example values" table in the "Key customer configuration information for XMPP federation" section. Procedure
1. On the System Manager web console, navigate to Services > Inventory > Manage Elements.
2. On the Manage Elements tab, select an Avaya Breeze® platform instance. 3. Click More Actions, and then click Manage Identity Certificates.

April 2021

Avaya Aura® Presence Services Snap-in Reference

283

Comments on this document? infodev@avaya.com

Administration
4. On the Manage Identity Certificates page, select the Security Module HTTPS service name, and then click Replace.
5. Select the Common Name (CN) check box and in the field, type the Avaya Breeze® platform Security Module FQDN in the following format: <serverHostName>-sm100.<domain> Where, <serverHostName> and <domain> are the name of the host server and the domain that you specify when you install the Avaya Breeze® platform server or when you run the CEnetSetup CLI command. For more information about the CEnetSetup CLI command, see the Administering Avaya Breeze® platform guide.
6. On the Replace Identity Certificate page, in the Key Algorithm field, click RSA. 7. In the Key Size field, click 2048. 8. In the Subject Alternative Name group, select the DNS Name check box. 9. In the DNS Name field, specify the Avaya Breeze® platform Security Module FQDN.
If Presence Services is deployed in a multinode cluster, specify the Presence Services Service FQDN in addition to the Avaya Breeze® platform Security Module FQDN. Use a comma as a separator to specify the FQDNs. Ensure that there is no space after the comma. 10. Click Commit. 11. Repeat Step 2 to Step 9 for each Avaya Breeze® platform in the cluster. 12. Restart Presence Services. Related links Restarting Presence Services on page 268 Key customer configuration information for XMPP federation on page 202
Add Subject Alternative Name DNS name and Other Name (XMPP Address) to WebSphere Identify Certificate
About this task Modify the certificate used for XMPP communication on each Avaya Breeze® platform Server in the Presence Services cluster to include a subject alternative name (SAN) of type DNS Name and Other Name. This procedure uses the sample values in the "Single-server Cluster Federated with Ignite Openfire example values" table in the "Key customer configuration information for XMPP federation" section. Procedure
1. On the System Manager web console, navigate to Services > Inventory > Manage Elements.

April 2021

Avaya Aura® Presence Services Snap-in Reference

284

Comments on this document? infodev@avaya.com

Certificate management
2. Select an Avaya Breeze® platform instance. 3. From the More Actions menu, select Manage Identity Certificates. 4. Select the WebSphere service name, and click Replace. 5. Select the Common Name (CN) check box and in the field, type the Avaya Breeze®
platform Security Module FQDN in the following format: <serverHostName>-sm100.<domain> Where, <serverHostName> and <domain> are the name of the host server and the domain that you specify when you install the Avaya Breeze® platform server or when you run the CEnetSetup CLI command. For more information about the CEnetSetup CLI command, see the Administering Avaya Breeze® platform guide. 6. Select RSA for Key Algorithm. 7. In the Key Size field, enter 2048. 8. In the Subject Alternative Name field, select the DNS Name check box. 9. In the DNS Name field, type the Avaya Breeze® platform Security Module FQDN. If Presence Services is deployed in a multinode cluster, specify the Presence Services Service FQDN in addition to the Avaya Breeze® platform Security Module FQDN. Use a comma as a separator to specify the FQDNs. Ensure that there is no space after the comma. 10. For the Subject Alternative Name field, select the XmppAddr check box. 11. Add all Presence Services XMPP domains to the XmppAddr field in a comma-separated format. 12. Click Commit. 13. Repeat Step 2 to Step 11 for each Avaya Breeze® platform in the cluster. 14. Restart Presence Services. Related links Restarting Presence Services on page 268 Key customer configuration information for XMPP federation on page 202
Exporting Openfire Certificate (Linux)
About this task Export the Openfire self-signed certificate used on the Linux based Openfire server. This procedure uses the sample values in the "Key customer configuration information for XMPP federation" section. Procedure
1. On Linux, open an xterm.

April 2021

Avaya Aura® Presence Services Snap-in Reference

285

Comments on this document? infodev@avaya.com

Administration
2. Change directories to <Openfire install dir>/resources/security, where <Openfire install dir> is the directory where Openfire is installed.
3. Run the following to use the keytool command to export the certificate: keytool export -alias <of domain>_rsa -file openfire.cer -keystore keystore. The keytool command is provided in the JDK distribution of Java and sometimes with Openfire in <Openfire install dir>/jre/bin.
4. Save the openfire.cer file to be imported. Related links
Key customer configuration information for XMPP federation on page 202
Exporting Openfire Certificate (Windows)
About this task Export the Openfire self-signed certificate used on the Windows based Openfire server. This procedure uses the sample values in the "Key customer configuration information for XMPP federation" section. Procedure
1. On Windows, open a DOS prompt. 2. Change the directories to <Openfire install dir>\resources\security, where
<Openfire install dir> is the directory where Openfire is installed. 3. Run the following to use the keytool command to export the certificate: keytool -
export -alias <of domain>_rsa -file openfire.cer -keystore keystore. The keytool command is provided in the JDK distribution of Java and sometimes with Openfire in <Openfire install dir>\jre\bin. 4. If the system prompts for the password, enter the keystore password. 5. Save the openfire.cer file to be imported. Related links Key customer configuration information for XMPP federation on page 202
Importing certificate into Cluster Truststore
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration.

April 2021

Avaya Aura® Presence Services Snap-in Reference

286

Comments on this document? infodev@avaya.com

Certificate management
2. Select the cluster. 3. Click Certificate Management > Install Trust Certificate (All Avaya Breeze Instances). 4. In the Select Store Type to install trusted certificate field, select All. 5. On the next page, select Browse. 6. In the File Explorer window, select the Certificate file in DER or PEM format. 7. Click Retrieve Certificate. 8. Click Commit. 9. Restart Presence Services. Related links Restarting Presence Services on page 268
Importing System Manager root CA certificate into Openfire Truststore (Windows)
Procedure 1. On the System Manager web console, navigate to Services > Security > Certificates. 2. Click Authority. 3. Click CA Structure & CRLs. 4. Click Download PEM file. 5. Change directories to <Openfire install dir>\resources\security, where <Openfire install dir> is the directory where Openfire is installed. The default is C:\Program Files (x86)\Openfire. 6. Import the certificate into the Openfire truststore using a descriptive alias. For example, SystemManagerRootCA.
<Openfire install dir>\resources\security > <Openfire install dir>\jre\bin \keytool.exe -import -alias SystemManagerRootCA -keystore truststore -file SystemManagerCA.cacert.pem Enter keystore password: <enter the Openfire Keystore password> (Default is changeit) ... Trust this certificate? [no]: yes Certificate was added to keystore

April 2021

Avaya Aura® Presence Services Snap-in Reference

287

Comments on this document? infodev@avaya.com

Administration
Importing the System Manager Default CA certificate into Microsoft Front End server Trust Store
Procedure 1. Log in to the System Manager web console. 2. Click Services > Security > Certificates > Authority > CA Structure & CRLs. 3. Click Download pem file. 4. Save the pem file. The default downloaded file name is SystemManagerCA.cacert.pem 5. Upload the pem file to Microsoft Front End server. 6. Run Microsoft Management Console with Certificate snap-in on Computer account. 7. Click Console Root > Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates > All Tasks > Import. 8. In the Certificate Import Wizard, follow the steps of the wizard and select / import the uploaded pem file to the Trusted Root Certification Authorities. 9. To verify the imported certificate, click Console Root > Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
10. Select System Manager CA from certificate detail page. 11. Verify that the Serial number and the expiratory date of the newly imported certificate
matches the System Manager CA. 12. Restart the Front End server services after completing certificate import.
For more information, see "Restarting the Front End service." Related links
Restarting the Front End service on page 132
Creating Entity Profile on System Manager
About this task Create an Entity profile on System Manager to be used to signed an external certificate signing request (CSR). This procedure uses the sample values in the "Single-server Cluster Federated with Ignite Openfire example values" table in the "Key customer configuration information for XMPP federation" section. Procedure
1. On System Manager, navigate to Services > Security > Certificates.

April 2021

Avaya Aura® Presence Services Snap-in Reference

288

Comments on this document? infodev@avaya.com

Certificate management
2. Click Authority. 3. Click Add End Entity. 4. Add the following information:
· End Entity Profile: EXTERNAL_CSR_PROFILE · Username · Password or Enrollment Code · Confirm Password · CN, Common name: Of name · O, Organization: company name · C, Country: country code · OU, Organization Unit: group name · L, Locality: city name · ST, State or Province: city or province name · Certificate Profile: ID_CLIENT_SERVER · CA: tmdefaultca · Token: User Generated Use the same values that are used in the "Generating a certificate signing request on the Openfire server" section. 5. Click Add. Related links Generating a certificate signing request on the Openfire server on page 289 Key customer configuration information for XMPP federation on page 202
Generating a certificate signing request on the Openfire server
About this task Generate a certificate signing request (CSR) on the Openfire server. This procedure uses the sample values in the "Single-server Cluster Federated with Ignite Openfire example values" table in the "Key customer configuration information for XMPP federation" section. On the Openfire server, update the issuer information of the Certificate Signing Request. For Openfire 3.x, the certificates are found in Server > Server Settings > Server Certificates. For Openfire 4.x, the certificates are found in Server > TLS/SSL Certificates > Server Federation Stores > Identity store > Manage Store Contents. For more details, refer to the Openfire documentation.

April 2021

Avaya Aura® Presence Services Snap-in Reference

289

Comments on this document? infodev@avaya.com

Administration
Procedure 1. Add the following information: · Name: OF domain · Organizational Unit: group name · Organization: company name · City: city name · State: state or province name · Country Code: country code Use the same values used in the "Creating Entity Profile on System Manager" section. 2. Copy the CSR for the RSA algorithm in to a text editor.
Related links Creating Entity Profile on System Manager on page 288 Key customer configuration information for XMPP federation on page 202
Signing the Openfire certificate signing request (CSR) on System Manager
Procedure 1. On the System Manager web console, navigate to Services > Security > Certificates > Authority. 2. Select Public Web. 3. On the next page, click Create Certificate from CSR, and enter the following information: · Username: username · Enrollment code: password username and password are defined in the "Creating Entity Profile on System Manager" section. 4. Paste in the certificate signing request from Openfire previously saved in a text editor in the "Generating a certificate signing request on the Openfire server" section. 5. Select PEM - full certificate chain and click OK. 6. Save the resulting PEM file.
Related links Creating Entity Profile on System Manager on page 288 Generating a certificate signing request on the Openfire server on page 289

April 2021

Avaya Aura® Presence Services Snap-in Reference

290

Comments on this document? infodev@avaya.com

Certificate management
Installing the System Manager CA and Signed Openfire Certificate on Openfire
About this task On the Openfire server, the certificates used to identify the Openfire instance needs to be updated with the signed certificate generated by the Certificate Authority (System Manager). For Openfire 3.x, the certificates are found in Server > Server Settings > Server Certificates. For Openfire 4.x, the certificates are found in Server > TLS/SSL Certificates > Server Federation Stores > Identity store > Manage Store Contents. For more details, refer to the Openfire documentation. Procedure
1. Using a text editor, open the PEM file that you created in the "Signing the Openfire certificate signing request (CSR) on System Manager" section.
2. Copy and paste the System Manager CA certificate, and click Save. 3. Copy and Paste the OF domain certificate and click Save. 4. Delete any pending DSA certificate pending verification. Restart Openfire if necessary and
return to the Certificate settings page. Generate self-signed DSA certificates. 5. Click Click here to restart HTTP server. 6. Log in to the Openfire server. 7. On the Openfire server, navigate to Server > Server Settings > Server Certificates. 8. Click Click here to generate self-signed certificates to generate a self-signed DSA
certificate. Related links
Signing the Openfire certificate signing request (CSR) on System Manager on page 290
Retrieving a System Manager CA signed Certificate
Procedure 1. On System Manager, navigate to Services > Security > Certificates. 2. Click Authority. 3. Click Search End Entities. 4. In the Search end entity with username field, enter the username of the Entity Profile used to sign the certificate. 5. Click View_Certificates. 6. Click Download PEM file. 7. Save the PEM file.

April 2021

Avaya Aura® Presence Services Snap-in Reference

291

Comments on this document? infodev@avaya.com

Administration

Checklist for generating new identity certificate signed by System Manager

This checklist is used to generate a Certificate Signing Request (CSR) and associated private key to obtain a signed Identity certificate from the System Manager.

No.

Task

Reference

1

Create a Certificate Signing

Creating a Certificate Signing

Request.

Request on page 292

2

Create an end entity.

Creating an end entity on System Manager on page 293

3

Create the signed identity

Creating the Signed Identity

certificate using the CSR.

Certificate using the CSR on

page 293

Creating a Certificate Signing Request
About this task The Certificate Signing Request (CSR) file is created separately on either a Windows or Linux system. Procedure
To generate the CSR file, enter the following OpenSSL command line tool:
openssl req -out <csr-file.csr> -new -newkey rsa:2048 -nodes keyout <myprivate-key-file.pem> Example The following is a sample session:
$ openssl req -out csrFile.csr -new -newkey rsa:2048 -nodes -keyout myPrivateKey.pem Generating a 2048 bit RSA private key ....+++ ...................+++ writing new private key to 'myPrivateKey.pem' ----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [GB]:CA State or Province Name (full name) [Berkshire]:Ontario Locality Name (eg, city) [Newbury]:Belleville Organization Name (eg, company) [My Company Ltd]:Avaya Organizational Unit Name (eg, section) []:Avaya Common Name (eg, your name or your server's hostname) []:fqdn.ca.avaya.com

April 2021

Avaya Aura® Presence Services Snap-in Reference

292

Comments on this document? infodev@avaya.com

Certificate management
Email Address []:
Please enter the following 'extra' attributesto be sent with your certificate request A challenge password []: An optional company name []:Avaya
You should now see a CSR and private key file in your test directory: $ ls -l
total 6 -rw-r--r-- 1 user group 1045 Apr 20 11:35 csrFile.csr -rw-r--r-- 1 user group 1679 Apr 20 11:35 myPrivateKey.pem
Creating an end entity on System Manager
Procedure 1. Login to System Manager as administrator. 2. Navigate to Services > Security > Certificates > Authority. 3. Select RA Functions. 4. Add End Entity. 5. Select INBOUND_OUTBOUND_TLS in the End Entity Profile field. 6. Enter User name and Password . The user name and password must be new and will be used in the "Creating the Signed Identity Certificate using the CSR" section. 7. Complete the fields that you want in the certificate. 8. Enter the appropriate values in the CN and SAN fields. 9. In the Certificate Profile field, select ID_CLIENT_SERVER.
10. In the CA field, select tmdefaultca. 11. In the Token field, select User generated. 12. Click Add 13. Scroll down to the bottom of the page to verify that the End Entity is added successfully. Related links Creating the Signed Identity Certificate using the CSR on page 293
Creating the Signed Identity Certificate using the CSR
Procedure 1. On the System Manager web console, navigate to Services > Security > Certificates > Authority.

April 2021

Avaya Aura® Presence Services Snap-in Reference

293

Comments on this document? infodev@avaya.com

Administration
2. Click Public Web. 3. On the public EJBCA page:
a. Click Create Certificate from CSR in the Enroll menu. b. Enter the User name and Password.
These values should be the same that you used while creating the end entity earlier. c. Click Browse to retrieve the CSR file created earlier. d. Set the Result type field to PEM - certificate only. e. Click OK. f. Save the signed identity certificate file to your local computer.
OpenSSL command to view the signed certificate
About this task The OpenSSL command line tool can be used to verify or review the identity certificate contents. Example
$ openssl x509 -in newIdentiyCert.pem -text -noout Certificate: Data:
Version: 3 (0x2) Serial Number:
04:80:82:da:40:b9:db:fe Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=System Manager CA, OU=MGMT, O=AVAYA Validity Not Before: Apr 20 16:24:23 2016 GMT Not After : Apr 20 16:24:23 2018 GMT Subject: CN=fqdn.ca.avaya.com, OU=SDP, O=AVAYA, L=Belleville, ST=Ontario, C=US
Subject Public Key Info: Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit) Modulus (2048 bit): 00:ba:3c:b2:36:33:67:dc:ff:a0:6b:7a:1d:c7:77: <snip> ef:95:be:50:23:61:af:9d:e0:4f:37:58:b2:ac:a6: 20:d1 Exponent: 65537 (0x10001) X509v3 extensions:
X509v3 Subject Key Identifier: 8C:17:08:0F:AF:B5:FD:7E:D6:5E:02:DD:71:A2:97:E5:F2:40:B8:36
X509v3 Basic Constraints: critical CA:FALSE
X509v3 Authority Key Identifier: keyid:A4:C5:C0:96:86:60:21:3A:60:3A:58:56:6B:97:70:DD:C1:51:30:0B
X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement
X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication

April 2021

Avaya Aura® Presence Services Snap-in Reference

294

Comments on this document? infodev@avaya.com

X509v3 Subject Alternative Name: DNS:san1.ca.avaya.com
Signature Algorithm: sha256WithRSAEncryption 2b:07:d9:aa:0d:5b:5d:aa:d9:07:cc:6b:a3:7b:7f:9b:5c:2e: <snip> 5a:d4:f1:cd:ab:a0:f4:c8:86:b6:4a:c6:22:45:07:d5:86:d7: 49:03:c6:63

Certificate management

Generating new identity certificate from a third-party CA
About this task The certificate Signing Request (CSR) file is created separately on either a Windows or Linux system. Procedure
1. To generate the CSR file, enter the following OpenSSL command line tool: openssl req -out <csr-file.csr> -new -newkey rsa:2048 -nodes keyout <my-private-key-file.pem>
Note: The openssl command doesn't prompt for the SAN fields. 2. Send the CSR to the third-party CA for signing.
Note: Some third-party vendors allow uploading of CSR files and will also prompt for additional SAN fields. 3. The third-party vendor will return the signed certificate.

Presence components and identity certificates

The following table provides which identity certificates are used by various Presence components.

Presence component
Presence Services 8.x to Presence Services 8.x Federation

Connection type server through System Manager

Identity certificate
SecurityModuleSI P

Comments
Asset module presents the SecurityModuleSI P identity certificate in the server hello during TLS negotiation.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

295

Comments on this document? infodev@avaya.com

Administration Presence component S4B 2015 Federation
Openfire Federation
Jabber Federation
Presence Services 7.x Federation WebServices / REST
Client to Server XMPP

Connection type server through System Manager
server through local XMPP port
server through local XMPP port
server trough local XMPP port
server through load-balancer
server (through local XMPP port)

Identity certificate SecurityModuleSI P
Websphere
Websphere
Websphere
SecurityModuleHT TP
Websphere

Comments
Asset module presents the SecurityModuleSI P identity certificate in the server hello during TLS negotiation.
Presence Services presents the Webshere identity certificate in the 'server hello' during TLS negotiation.
Presence Services presents the Webshere identity certificate in the 'server hello' during TLS negotiation.
Presence Services presents the Webshere identity certificate in the 'server hello' during TLS negotiation.
Internal HTTP proxy module presents the SecurityModuleH TTPidentity certificate in the 'server hello' during TLS negotiation.
No certificate checking

April 2021

Avaya Aura® Presence Services Snap-in Reference

296

Comments on this document? infodev@avaya.com

Certificate management
Installing far-end Trust Certificates in Avaya Breeze® platform
About this task Many Presence components or features require Trust Certificates to be installed into the trust store on the Avaya Breeze® platform to allow the feature software to connect securely to other servers on the network. For example: AES and Exchange collectors, different types of SIP federation, and different types of XMPP federation. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration.
2. Select the Avaya Breeze® platform cluster from the list. 3. Click Certificate Management > Install Trust Certificate (All Avaya Breeze Instances). 4. On the Install Trusted Certificate page, do the following:
a. In the Select Store Type to install trusted certificate field, click All. b. Click Choose File and navigate to the trust certificate file. c. Click Retrieve Certificate to upload the selected file to System Manager. d. Click Commit.
About issuing distribution point CRL extension
You must set the issuing distribution point CRL extension to critical to comply with RFC 5280 in the following situations:
· When System Manager is the certification authority (CA) and issuing distribution point is enabled for the certificate revocation list (CRL).
· When Certificate Revocation Validation is set to an option other than None and issuing distribution point is enabled for all downloaded CRLs. For more information about the Certificate Revocation Validation feature, see the Administering Avaya Aura® System Manager guide. To set the issuing distribution point CRL extension to critical for downloaded CRLs, verify with the certification authority that generates the CRL.
Related links Setting the issuing distribution point CRL extension to critical for System Manager CA on page 298

April 2021

Avaya Aura® Presence Services Snap-in Reference

297

Comments on this document? infodev@avaya.com

Administration
Setting the issuing distribution point CRL extension to critical for System Manager CA
Procedure 1. On the System Manager web console, navigate to Services > Security > Certificates. 2. Click Authority. 3. Under CA Functions, click Certification Authorities. 4. On the Manage Certification Authorities page, under List of Certification Authorities, select the active certification authority for which you want to set issuing distribution point CRL extension to critical, and then click Edit CA. 5. On the Edit CA page, under CRL Specific Data, in the Issuing Distribution Point on CRLs row, select the Critical check box. Note: Select the Critical check box only if the corresponding Use check box is selected.
Related links About issuing distribution point CRL extension on page 297
User and device administration
This section describes: · User administration on System Manager. · DNS administration for devices. · Certificate management for devices. Note: The steps in the procedures vary depending on: · The type of device that the user logs in to. · The mode that the user selects when logging into the device.
Related links Administration of Avaya Aura devices for Geographic Redundancy on page 59 Administering Avaya Aura user for Geographic Redundancy on page 59 Assigning Presence Profile to a user on System Manager on page 304

April 2021

Avaya Aura® Presence Services Snap-in Reference

298

Comments on this document? infodev@avaya.com

User and device administration
Categories of Presence/IM devices
Avaya supports four categories of Presence/IM devices: · Category 1: Next-generation SIP mode · Category 2: SIP mode · Category 3: H.323 mode · Category 4: Non-Presence/IM capable
Category 1 devices: Category 1 devices are strongly recommended because the devices:
· Are more resilient to network or server outages. · Support Presence/IM features such as High Availability and Geo Redundancy. · Support higher overall capacity in a multi-node Presence Services cluster deployment as the
resources are used more efficiently. · Do not need an end user to administer Presence Services information on device. · Do not need an end user to change device settings if a user's home Presence Services
cluster changes. The Category 1 devices do not need an end user to administer a Presence Services address or an Avaya Presence/IM communication address. Instead, the device automatically gets this information through Personal Profile Manager (PPM) web service of Session Manager. The Presence Services address is returned as a Fully Qualified Domain Name (FQDN), which the device resolves to one or more IP addresses using DNS. FQDN addressing is required for Presence Services features such as High Availability and Geo Redundancy. Example:
· Avaya one-X® Communicator SIP 6.2.6 or later Category 2 devices: Category 2 devices require an end user to administer a Presence Services address, and an Avaya Presence/IM communication address. The Presence Services address is usually administered as an IP address. The end user logs in using SIP mode. Example:
· Avaya Workplace Client 3.10 or above for Windows · Avaya one-X® Communicator SIP pre-6.2.6 Category 3 devices: Category 3 devices require an end user to administer a Presence Services address, and an Avaya Presence/IM communication address. The Presence Services address is usually administered as an IP address. The end user logs in using H.323 mode.

April 2021

Avaya Aura® Presence Services Snap-in Reference

299

Comments on this document? infodev@avaya.com

Administration
Example: · Avaya one-X® Communicator H.323
Category 4 devices: Category 4 devices are typically hard desk phones that:
· Do not support the SIP or XMPP protocol for presence and IM. · Do not have the ability to exchange messages with other devices. · Do not have the ability to publish their own presence state information. Example: · Avaya 9600 series H.323 phones · Avaya 96X1 series H.323 phones · Avaya digital and analog desk phones

Checklist for configuring Presence/IM users

In the following table: · M indicates that the task is mandatory for the device. · O indicates that the task is optional for the device. · -- indicates that the task is not applicable for the device.
Step 2 to Step 5 can be performed together or as independent steps. Step 11 to Step 15 can be performed together or as independent steps.

No. Task

Device category

Reference

1

2 34

1

Configure Presence/IM

M

M M M Configuring Presence/IM routing domain

routing domain on System

on System Manager on page 301

Manager.

2

Assign Communication

M

M M M Assigning Communication Profile

Profile Password to user on

Password to a user on System

System Manager.

Manager on page 302

3

Assign Avaya Presence/IM M

M M M Assigning Avaya Presence/IM

communication address to

communication address to user on

user on System Manager.

System Manager on page 195

4

Assign Presence Profile to M

M M M Assigning Presence Profile to a user on

user on System Manager.

System Manager on page 304

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

300

Comments on this document? infodev@avaya.com

User and device administration

No. Task

Device category

Reference

1

2 34

5

Enable Application

Enablement Services

collection for user on

System Manager.

--

-- -- M Enabling Application Enablement

Services collection for a user on System

Manager on page 305

6

Administer DNS A records M

O O ----

to resolve Presence

Services Cluster FQDN to

Avaya Breeze® platform

Security Module IP

addresses.

7

Export certificate chain that M

M -- -- Exporting certificate chain that signs the

signs Session Manager

Session Manager identity on page 305

identity.

8

Import certificate chain that M

M -- -- Importing certificate chain that signs

signs Session Manager

Session Manager identity into device

identity into device

truststore on page 306

truststore.

9

Export certificate chain that M

M M -- Exporting certificate chain that signs the

signs Presence Services

Presence Services identity on page 307

identity.

10 Import certificate chain that M signs Presence Services identity into device truststore.

M M -- Importing certificate chain that signs the Presence Services identity into device truststore on page 308

11 Administer Presence and M IM on the device.

M M -- Checklist for administering Presence and IM on a device on page 309

Configuring Presence/IM routing domain on System Manager
About this task On System Manager, users are configured with communication addresses, which are unique identifiers within a solution. A communication address is composed of a user part (referred to as handle on System Manager) and domain part. Within the Presence/IM solution, a user is uniquely identified by an Avaya Presence/IM communication address, which is composed of a user part, and a Presence/IM domain part. The Presence/IM domain may be the same as a user's SIP domain, or it may be different. For example, if the same domain is used for both SIP and Presence/IM, a user may be assigned the following communication addresses:
· Avaya SIP communication address set to user1@domainA.com · Avaya Presence/IM communication address set to user1@domainA.com

April 2021

Avaya Aura® Presence Services Snap-in Reference

301

Comments on this document? infodev@avaya.com

Administration
For example, if different domains are used for SIP and Presence/IM, a user may be assigned the following communication addresses:
· Avaya SIP communication address set to user1@domainB.com · Avaya Presence/IM communication address set to user1@domainC.com Presence/IM domains are configured on System Manager with type as SIP. Presence Services supports multiple Presence/IM domains. For example, there could be two users with Avaya Presence/IM communication addresses in different domains on System Manager: · User 2 with Avaya Presence/IM communication address set to user2@domainD.com · User 3 with Avaya Presence/IM communication address set to user3@domainE.com Procedure 1. On the System Manager web console, navigate to Elements > Routing.
The system displays the Introduction to Network Routing Policy page. 2. In the navigation pane, click Domains.
The system displays the Domain Management page. 3. Click New. 4. In the Name field, type the Presence/IM domain name. 5. In the Type field, select sip. 6. Click Commit to save the changes.
Assigning Communication Profile Password to a user on System Manager
Before you begin The user must already exist on System Manager at Users > User Management. Procedure
1. On the System Manager web console, navigate to Users > User Management. The system displays the User Management page.
2. In the navigation pane, click Manage Users. 3. Select the user, and click Edit.
The system displays the User Profile Edit page. 4. On the Communication Profile tab, click Communication Profile Password.

April 2021

Avaya Aura® Presence Services Snap-in Reference

302

Comments on this document? infodev@avaya.com

User and device administration
5. In the Comm-Profile Password dialog box, do the following: a. In the Comm-Profile Password field, type a communication profile password. b. In the Re-enter Comm-Profile Password field, re-type the communication profile password. c. Click OK.
6. Click Commit.
Assigning Avaya Presence/IM communication address to user on System Manager
About this task An Avaya Presence/IM communication address is a unique presence identifier for a user. Servers, devices, and other users use this identifier to exchange IM and presence information with the user. Before you begin A user must already exist on System Manager at Users > User Management. Procedure
1. On the System Manager web console, navigate to Users > User Management The system displays the User Management page.
2. Click Manage Users. 3. Select the user, and click Edit.
The system displays the User Profile Edit page. 4. Click the Communication Profile tab. 5. In the Communication Address section, click New. 6. In the Communication Address Add/Edit dialog box, in the Type field, click Avaya
Presence/IM. 7. In the Fully Qualified Address fields, do the following:
a. In the first field, type the user part of the Avaya Presence/IM communication address. b. In the second field, type the Presence/IM routing domain that was defined in
"Configuring Presence/IM routing domain on System Manager."
Note: Both the user and domain must be in lowercase to use with XMPP clients and XMPP federation. For example, 1XC in both SIP & H323 mode use XMPP for IM, and therefore user and domain must use lowercase Presence/IM handles. Federation with any XMPP systems also require lowercase Presence/IM handles. 8. Click OK.

April 2021

Avaya Aura® Presence Services Snap-in Reference

303

Comments on this document? infodev@avaya.com

Administration
9. On the User Profile Edit page, click Commit. Note: The Avaya Presence/IM communication address must be administered on the default Communication Profile.
Related links Configuring Presence/IM routing domain on System Manager on page 301
Assigning Presence Profile to a user on System Manager
Before you begin The user must already exist on System Manager at Users > User Management with an assigned Avaya Presence/IM communication address. Procedure
1. On the System Manager web console, navigate to Users > User Management. 2. Click Manage Users. 3. Select the user, and then click Edit. 4. On the User Profile Edit page, click the Communication Profile tab. 5. Turn on Presence Profile.
If Presence Profile is already turned on, turn off and turn on Presence Profile again. The system displays the Presence Profile fields. 6. In the System field, click the Presence Services cluster of the user. The options in the System field are based on all Presence Services Managed Elements. For more information, see "Administering Presence Services on Avaya Breeze® platform Managed Element". The system automatically populates the SIP Entity Name and IM Gateway SIP Entity fields. 7. Click Commit .
Note: The Presence Profile must be administered on the default Communication Profile. Related links Administering Presence Services on Avaya Breeze platform managed element on page 45

April 2021

Avaya Aura® Presence Services Snap-in Reference

304

Comments on this document? infodev@avaya.com

User and device administration
Enabling Application Enablement Services collection for a user on System Manager
Before you begin The user must already exist on System Manager at Users > User Management with an assigned Avaya Presence Profile. Procedure
1. On the System Manager web console, navigate to Users > User Management. 2. Click Manage Users. 3. Select the user, and then click Edit. 4. On the User Profile Edit page, click the Communication Profile tab. 5. Turn on Presence Profile.
If Presence Profile is already turned on, turn off and turn on Presence Profile again. The system displays the Presence Profile fields. 6. In the Publish Presence with AES Collector field, do one of the following to specify whether the user presence should be obtained by using an Application Enablement Services Collector: · To enable Application Enablement Services Collector for the user, click On or click
System Default if the Application Enablement Services system policy is On. · To disable Application Enablement Services Collector for the user, click Off or click
System Default if the Application Enablement Services system policy is Off. The Application Enablement Services system policy is configured at Elements > Presence > Configuration > Publish Presence with AES Collector -- Default. For more information, see "AES Collector". 7. Click Commit. Related links AES Collector on page 92
Exporting certificate chain that signs the Session Manager identity
Before you begin To establish a secure SIP connection to Session Manager, recent versions of SIP devices require that the certificate chain that signed the Session Manager identity be imported into truststore of the platform hosting the device.

April 2021

Avaya Aura® Presence Services Snap-in Reference

305

Comments on this document? infodev@avaya.com

Administration
About this task This is the first of two steps required to establish trust between SIP devices and Session Manager. The following example procedure shows how to export the certificate chain when the Certificate Authority is System Manager. Procedure
1. On the System Manager web console, navigate to Services > Security. 2. In the navigation pane, click Certificates. 3. Click Authority. 4. In the navigation pane, click CA Functions > CA Structure & CRLs. 5. Click Download PEM file. 6. In the dialog box, click Save File to save the certificate to the desktop. 7. At the desktop, rename SystemManagerCA.cacert.pem such that the file extension
ends with cer. For example, SystemManagerCA.cacert.cer
Importing certificate chain that signs Session Manager identity into device truststore
About this task This is the second of the two steps required to establish trust between SIP devices and Session Manager. The following example procedure shows how to import the certificate chain into a Windows 10 platform. Before you begin To establish a secure SIP connection to Session Manager, recent versions of SIP devices require that the certificate chain that signed the Session Manager identity be imported into truststore of the platform hosting the device. Procedure
1. On the desktop, locate the certificate exported in the "Exporting certificate chain that signs the Session Manager identity" section.
2. Double-click the file, or right-click and choose Install Certificate. 3. In the dialog box, click Open.
The system displays a Certificate window. 4. Click Install Certificate.
The system displays a Certificate Import Wizard dialog box.

April 2021

Avaya Aura® Presence Services Snap-in Reference

306

Comments on this document? infodev@avaya.com

User and device administration
5. Select the certificate store location. · Select Current User to install the certificate for the current user. · Select Local Machine to install the certificate on the Local machine.
6. Click Next. 7. Select Place all certificates in the following store, and choose Browse to the right of
the Certificate store field. The system displays the Select Certificate Store window. 8. Select Trusted Root Certificate Authorities, and click OK. 9. In the Certificate Import Wizard window, select Next. 10. In the Completing the Certificate Import Wizard window, click Finish. 11. If the certificate is installed on this server, the system displays a Security Warning window. Select Yes. Result The system displays a window indicating that the import was successful. Related links Exporting certificate chain that signs the Session Manager identity on page 305
Exporting certificate chain that signs the Presence Services identity
Before you begin To establish a secure XMPP connection to Presence Services, recent versions of SIP and H.323 devices require that the certificate chain that signed the Presence Services identity be imported into truststore of the platform hosting the device. About this task This is the first of two steps required to establish trust between devices and Presence Services for XMPP services. The following example shows how to export the certificate chain when the Certificate Authority is System Manager.
Note: If System Manager is the Certificate Authority for both Session Manager and Presence Services , then there is no need to repeat this task if it was already performed in "Exporting certificate chain that signs the Session Manager identity". Procedure 1. On the System Manager web console, navigate to Services > Security. 2. In the navigation pane, click Certificates. 3. Click Authority.

April 2021

Avaya Aura® Presence Services Snap-in Reference

307

Comments on this document? infodev@avaya.com

Administration
4. In the navigation pane, click CA Functions > CA Structure & CRLs. 5. Click Download PEM file. 6. In the dialog box, click Save File to save the certificate to the desktop. 7. At the desktop, rename SystemManagerCA.cacert.pem such that the file extension
ends with cer. For example, SystemManagerCA.cacert.cer Related links Exporting certificate chain that signs the Session Manager identity on page 305
Importing certificate chain that signs the Presence Services identity into device truststore
Before you begin To establish a secure XMPP connection to Presence Services, recent versions of SIP and H.323 devices require that the certificate chain that signed the Presence Services identity be imported into truststore of the platform hosting the device. About this task This is the second of two steps required to establish trust between devices and Presence Services for XMPP services. The following example procedure shows how to import the certificate chain into a Windows 7 platform. For more information, consult Avaya endpoint documentation.
Note: If System Manager is the Certificate Authority for both Session Manager and Presence Services , then there is no need to repeat this task if it was already performed in "Importing certificate chain that signs the Session Manager identity into device truststore". Procedure 1. On the desktop, locate the certificate that was exported in the "Exporting certificate chain
that signs the Presence Services identity" section. 2. Either double-click on the file, or right-click and choose Install Certificate. 3. In the dialog box, click Open.
The system displays a Certificate window. 4. Click Install Certificate.
The system displays a Certificate Import Wizard dialog box. 5. Click Next. 6. Select Place all certificates in the following store, and choose Browse to the right of
the Certificate store field. The system displays the Select Certificate Store window.

April 2021

Avaya Aura® Presence Services Snap-in Reference

308

Comments on this document? infodev@avaya.com

User and device administration
7. Select Trusted Root Certificate Authorities, and click OK. 8. In the Certificate Import Wizard window, select Next. 9. In the Completing the Certificate Import Wizard window, click Finish. 10. If the certificate had not been previously installed on this server, then the system displays a
Security Warning window. Select Yes. Result The system displays a window indicating that the import was successful Related links Importing certificate chain that signs Session Manager identity into device truststore on page 306 Exporting certificate chain that signs the Presence Services identity on page 307

Checklist for administering Presence and IM on a device

In the following table, M indicates that the task is mandatory for the device and -- indicates that the task is not applicable to the device.

No. Task

Device category Notes/Reference

1234

1 Administer

M M M -- Password is required to authenticate the user for

Communication Profile

XMPP on Presence Services. See Assigning

password on the

Communication Profile Password to a user on

device.

System Manager on page 302.

2 Administer Session M M -- -- SIP Presence messages are routed to Presence

Manager address on

Services through Session Manager. On System

the device.

Manager, a user's Session Manager is administered

at Users > User Management > Manage Users >

Communication Profile > Session Manager

Profile.

3 Enable Instant Messaging and Presence on the device.

M M M -- On most Avaya devices, IM and Presence is disabled by default.

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

309

Comments on this document? infodev@avaya.com

Administration

No. Task

Device category Notes/Reference

1234

4 Administer Presence -- M M -- · For Category 1 devices, do not administer

Services address on

Presence Services address, as device

the device.

automatically learns this using PPM.

· For Category 2 and 3 devices, administer Presence Services address.

If using FQDN format:

- Enter Presence Services Cluster FQDN. See Customer configuration data for Presence Services on page 27.

- Administer DNS A records to resolve Presence Services Cluster FQDN to Avaya Breeze® platform Security Module IP addresses.

If using IP Address format:

- For Presence Services single-server deployment, enter the Avaya Breeze® platform Security Module IP address. For more information, see Administering Avaya Breeze platform SIP Entity on page 40.

- For Presence Services multi-server deployment, enter one of the Avaya Breeze® platform Security Module IP addresses within the cluster. For more information, see Administering Avaya Breeze platform SIP Entity on page 40. To maximize efficiency of the Presence Services cluster, a system administer must ensure that Avaya Breeze® platform Security Module IP addresses are equally distributed across devices.

FQDN format is strongly recommended as it is required for Presence Services features such as High Availability and Geo Redundancy.

5 Administer Avaya

-- M M -- · For Category 1 devices, do not administer Avaya

Presence/IM

Presence/IM communication address as device

communication

automatically administers using PPM.

address on the device.

· For Category 2 and 3 devices, administer Avaya

Presence/IM communication address. See

Assigning Avaya Presence/IM communication

address to user on System Manager on page 195.

April 2021

Avaya Aura® Presence Services Snap-in Reference

310

Comments on this document? infodev@avaya.com

User and device administration
User soft delete vs. hard delete
When managing users on System Manager at Home > Users > User Management > Manage Users, a delete option is provided that supports both soft and hard delete. Depending on the delete you perform, ACLs and contact lists may or may not be deleted. Soft delete The user is marked as deleted. The logged-in users will be logged out and watchers will not see the presence of the deleted user. If the user is restored, the contacts and ACL rules will be restored. Hard delete The logged-in users will be logged out and watchers will not see the presence of the deleted user. The deleted users contacts and ACL rules are removed from the system. To re-add the user in the system, the end user must recreate the contacts and re-answer any ACL pop ups.
User lock and unlock management
You can do the following to manage locking and unlocking of users from logging in to Presence Services:
· Enable or disable automatic locking of users after the users exceed the configured maximum unsuccessful login attempts.
· Configure the maximum unsuccessful login attempts per user after which Presence Services locks the user.
· Enable or disable automatic unlocking of users after the configured maximum lockout time expires.
· Configure the maximum lockout time for the user after unsuccessful login attempts.
Enabling user locking
About this task Use this procedure to configure Presence Services to lock users after they exceed the predefined maximum unsuccessful login attempts. For more information, see "Configuring maximum unsuccessful login attempts per user." Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster.

April 2021

Avaya Aura® Presence Services Snap-in Reference

311

Comments on this document? infodev@avaya.com

Administration
4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the User Locking/Unlocking service
group. 6. In the User Lockout Enabled field, in Effective Value, click True to enable automatic
locking of user. The default setting is False. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. Related links Configuring maximum unsuccessful login attempts per user on page 312
Configuring maximum unsuccessful login attempts per user
About this task Presence Services locks users after they exceed the maximum unsuccessful login attempts only if the User Lockout Enabled attribute is set to True. For more information, see "Enabling user locking." Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the User Locking/Unlocking service
group. 6. In the Maximum unsuccessful login attempt per user field, in Effective Value, type the
number of unsuccessful login attempts that a user can make within one hour before getting locked out. Valid values are 3 through 9. The default value is 3. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. Related links Enabling user locking on page 311

April 2021

Avaya Aura® Presence Services Snap-in Reference

312

Comments on this document? infodev@avaya.com

User and device administration
Enabling automatic user unlock
About this task If you set the Automatic User Unlock Enabled attribute to True, Presence Services automatically unlocks the users after the configured maximum lockout time expires. For more information, see "Configuring maximum lockout time for users." Alternatively, a system administrator can also unlock a user by using the presUnlock CLI command. For more information, see "presUnlock." Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the User Locking/Unlocking service
group. 6. In the Automatic User Unlock Enabled field, in Effective Value, click True to enable
automatic unlocking of users after the configured maximum lockout time expires. The default value is False. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. Related links Configuring maximum lockout time for users on page 313 presUnlock on page 397
Configuring maximum lockout time for users
About this task If you set the Automatic User Unlock Enabled attribute to True, Presence Services automatically unlocks the users after the maximum lockout time expires. For more information, see "Enabling automatic user unlock." If you set the Automatic User Unlock Enabled attribute to False, a user with administrative credentials can manually unlock the users by using the presUnlock CLI command. For more information, see "presUnlock." Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster.

April 2021

Avaya Aura® Presence Services Snap-in Reference

313

Comments on this document? infodev@avaya.com

Administration
4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the User Locking/Unlocking service
group. 6. In the Maximum Lockout Time field, in Effective Value, type the maximum time, in hours,
for which Presence Services locks users after unsuccessful login attempts. Valid values are 1 through 24. The default value is 24. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. Related links Enabling automatic user unlock on page 313 presUnlock on page 397
Manual presence state expiration time
You can administer the Presence Server to define the expiration period of presence state that is set manually. When the manual presence state period expires, the presence state changes to automatic and a notification is sent to other users of your new presence state. Your manual presence state expires based on the configuration in the Manual state expiration time section. For example, if you set your presence state manually to Busy, and the Manual state expiration time for Busy is set to 600, then your Busy presence state expires after 600 seconds and the presence state changes to automatic. When your presence state changes, a notification is sent to other presence users of your new presence state. This feature is supported on OneX and Avaya Workplace Clients. You can select one or more of the following presence states manually:
· Available · Busy · Away · Do-Not-Disturb · Out-of-Office · Offline
Configuring manual presence state expiration time
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes.

April 2021

Avaya Aura® Presence Services Snap-in Reference

314

Comments on this document? infodev@avaya.com

Avaya push notification management
3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Manual state expiration time. 6. (Optional) To override the default value of a presence state, select the Override Default
check box against the presence state that you want to configure. 7. In the Available field, in Effective Value, type the expiration time in seconds. 8. Click Commit.
Avaya push notification management
Push notifications
The push notification mechanism enables clients to receive incoming call alerts and other notifications from the Apple Push Notification service (APNs). The push notification service sends notifications automatically. Therefore, an application can receive notifications even when it is suspended or in Sleep mode. The Presence Services can send push notifications about incoming messages. For telephonyrelated events, such as incoming call notifications or voice mail status update, use push notifications on the Avaya Aura® Web Gateway. Push notification provider Presence Services interacts with the APNs through a push notification provider. You must register your Presence Services system with the push notification provider before activating push notifications. The default provider is the Avaya Push Notification provider, which must be used to support push notifications for Avaya Workplace Client for iOS. If you want to use push notifications for third-party Avaya Breeze Client SDK-based iOS applications, you must use a third-party push notification provider. For the Avaya Push Notification Provider, you must create and configure an Avaya Cloud account. This account is used to store the data required to authorize your Presence Services system. This account requirement does not apply if you are working with a third-party provider. Related links Accessing the Presence Services software inventory web service on page 326
Checklist for push notification service configuration
Use this checklist to set up the push notification service for your iOS applications. Depending on whether you are planning to work with the default Avaya Push Notification provider or a third-party push notification provider, the task you perform are slightly different.

April 2021

Avaya Aura® Presence Services Snap-in Reference

315

Comments on this document? infodev@avaya.com

Administration

No.

Task

Notes

1

Set up an Avaya Cloud account.

See Avaya Cloud account

configuration on page 317.

This step is not required for third-party notification providers.

2

Configure the third-party push

See the requirements in Third-party

notification provider.

push notification provider

requirements on page 316.

This step is not required if you are working with the Avaya Push Notification provider.

3

Configure your enterprise network See Firewall configuration on page 318.

firewall.

4

Configure the push notification

· If you are working with the Avaya

provider on Presence Services.

Push Notification provider, see

Configuring the Avaya Push

Notification provider on Presence

Services on page 318.

· If you are working with a third-party push notification provider, see Configuring a third-party push notification provider on Presence Services on page 320.

5

Configure push notifications for

See Configuring mobile application

mobile applications.

settings on page 322.

6

Set the parameters to enable push See Configuration parameters for iOS

notifications on iOS applications.

applications on page 324.

To enable push notifications in iOS applications, you must configure the required parameters using Avaya Aura® Device Services or a settings file. Avaya Aura® Device Services is the recommended option if it is available in your deployment.

Third-party push notification provider requirements
By default, Presence Services uses the Avaya Push Notification provider for Avaya clients, such as Avaya Workplace Client for iOS. If you are planning to use push notifications for third­party AvayaTM Client SDK-based iOS applications, you must use a third-party provider, for example, developed by the iOS application developer. This provider must implement the following APIs:
· Interface with the Apple Push Notification service (APNs). Implementation of this interface ensures that the APNs trusts the third-party push notification provider to send notifications to

April 2021

Avaya Aura® Presence Services Snap-in Reference

316

Comments on this document? infodev@avaya.com

Avaya push notification management
Avaya clients. For more information about implementing the interface and the APIs required by the APNs, see APNs Overview. · Interface with Avaya Aura® servers. The third-party push notification provider must trust Presence Services to receive push notifications from it. Presence Services uses the OAuthbased API for authentication. For more information about the APIs, see AvayaTM Client SDK. Currently, the existing third-party push notification providers do not support Avaya APIs.
Avaya Cloud account configuration
If you are planning to use the Avaya Push Notification provider, you must create and configure an Avaya Cloud account. This account stores the parameters required to authorize your Presence Services system. Use the following sections to create and configure your Avaya Cloud account.
Avaya Spaces account registration
To create an Avaya Spaces account, see Signing Up for Avaya Spaces Account. If you want to use your Avaya Spaces account for push notification management only and do not want to use other Avaya Spaces features, you can choose the Free plan, which is free of charge and does not expire for the mobile push notification application.
Company domain provisioning
You must provide the company domain associated with your Presence Services system. To add the company domain, follow the steps in "Creating a Company and Domain" at Configuring Spaces.
Adding the Avaya Mobile Push Notification Service to a company profile on your Avaya Cloud account
About this task To activate the push notification service for Presence Services , you must add the Avaya Mobile Push Notification Service application to your company profile on the Avaya Cloud account. Procedure
1. Log in to https://accounts.avayacloud.com/ as an administrator. 2. From the dashboard, on the left area, click Manage Companies. 3. Select the required company and then click the Apps tab. 4. Click Configure New App. 5. From the Product drop-down list, select Avaya Mobile Push Notification Service. 6. Click Save.
Avaya Cloud creates a new Avaya Mobile Push Notification Service application.

April 2021

Avaya Aura® Presence Services Snap-in Reference

317

Comments on this document? infodev@avaya.com

Administration
Next steps When you configure notifications, you provide authorization data to the Public Settings section of your new Avaya Mobile Push Notification Service application.
Firewall configuration
Avaya Aura® Web Gateway communicates with the Avaya Push Notification provider cloud service using HTTPS. To use the Avaya Push Notification provider, your enterprise network firewall and the HTTP proxy server must allow outbound HTTPS connections to the Avaya Push Notification provider address, which is pnp.avaya.com:443.
Important: If you configured push notifications for Release 3.7, Avaya Aura® Web Gateway still uses the old apnp.avaya.com Avaya Push Notification provider address. Avaya recommends that you change this address to pnp.avaya.com and update your enterprise network firewall and HTTP proxy server settings to pnp.avaya.com:443 For applications other than Avaya Workplace Client for iOS, you must use a third-party provider. The firewall and the HTTP proxy of your enterprise must allow outbound HTTPS connections to this push notification provider. For iOS devices running in your enterprise network, Apple push notifications rely on connectivity between iOS devices and the Apple Push Notification service network. For more information about port configuration required to receive Apple push notifications, see https://support.apple.com/enus/ht203609
Configuring the Avaya Push Notification provider on Presence Services
About this task To use the Avaya Push Notification provider, you must generate authorization data and export this data to your Avaya Cloud account. You cannot edit other provider data, such as the name or address, and you cannot delete the Avaya Push Notification provider from Presence Services. For a cluster, perform this procedure once, regardless of the number of nodes in the cluster. Before you begin
· Create and configure an Avaya Cloud account. · Import certificate into Cluster Truststore. For more information, see Importing certificate into
Cluster Truststore on page 286. Procedure
1. On the Presence Services web interface, navigate to Push Notification > Providers. 2. From Push Notification Provider, select Avaya Provider. 3. In Enter Company Domain, enter your company domain.

April 2021

Avaya Aura® Presence Services Snap-in Reference

318

Comments on this document? infodev@avaya.com

Avaya push notification management
You must enter the same company domain that you provided in your Avaya Cloud account.
4. Click Generate Key.
The Presence Services generates a public and private key pair and an identifier. This data is required to authorize Presence Services on the push notification provider. The Presence Services also updates the following values:
· System Id: A unique identifier for your system.
· Public Key: A public key.
5. Click Export.
Presence Services displays a pop-up window with the authorization information in JSON format. You must provide this data to your Avaya Cloud account.
The following is an example of the authorization data:
{ "systemId": "548235dd-ecfa-45c3-84a7-70aa63c331d5.mycompany.com", "publicKey": "-----BEGIN PUBLIC KEY-----
\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4Ay/RDdOvyaK4NbsJI9tvEyg82B+ \ni11RyEFM0JoyRezs8U1F/KjoLCfgt2G4TmVaqDeKLtj4vTtiLdHVKt+L1A==\n-----END PUBLIC KEY-----",
"alg": "ES256" "description": "Avaya Aura Presence Services", }
Important:
· Do not close the Providers page on the Presence Services administration portal while you are exporting authorization data to your Avaya Cloud account.
· Do not save the data you provided on the Providers page of the Presence Services administration portal until you export authorization data to your Avaya Cloud account. Otherwise, the push notification service might not work as expected.
6. Copy the authorization data, including the surrounding curly brackets, and save it in a file on your computer.
7. In a new browser tab, log in to your Avaya Cloud account and navigate to Manage Companies.
8. Select the required company and navigate to the Apps tab.
9. From App, select Avaya Mobile Push Notification Service.
10. Replace the content in Public Settings with the content of the file that you created in step 6 and then save your changes.
You must ensure that the authorization data you enter in Public Settings is a valid JSON string. If the data uses an invalid format, the Avaya Cloud account displays a warning message, but still allows you to save changes.
The Avaya Cloud account stores authorization data internally. Public Settings only displays the authorization data that you entered last. You will not lose any previously entered authorization data if you overwrite existing content with the new authorization data.

April 2021

Avaya Aura® Presence Services Snap-in Reference

319

Comments on this document? infodev@avaya.com

Administration
11. Return to the Providers page on the Avaya Presence Server administration portal. 12. Click Test to verify that your system can connect and authenticate with the push
notification provider. 13. Do one of the following:
· If the verification completed successfully, click Save. · If the verification failed, fix the issue as described in "Presence Services cannot connect
to a push notification provider" section, and then re-run the connection test. If the problem persists, contact Avaya support personnel.
Configuring a third-party push notification provider on Presence Services
About this task To use push notifications on third-party iOS applications, you require a third-party push notification provider. An Avaya Breeze Client SDK application developer can implement a third-party push notification provider. Use this procedure to set up or update a third-party push notification provider on Presence Services. Before you begin A third-party Avaya Breeze Client SDK application developer must implement the third-party push notification provider. For more information about push notification provider requirements, see Third-party push notification provider requirements on page 316. Procedure
1. On the Presence Services web interface, navigate to Push Notification > Providers. 2. Do one of the following:
· To add a new provider configuration, click Add. · To edit an existing provider, select the required provider from Push Notification
Provider and then click Edit. 3. In Enter Company Domain, enter the domain where your Presence Services is deployed.
For example: mycompany.com 4. In Push Notification Provider Name, enter a name for the provider.
For example: MyPushNotificationProvider. This name is used in the Presence Services administration portal for display purposes only. 5. In Push Notification Provider Address, enter the FQDN where your push notification provider is deployed. For example: mypushnotifications.mycompany.com

April 2021

Avaya Aura® Presence Services Snap-in Reference

320

Comments on this document? infodev@avaya.com

Avaya push notification management
6. In Push Notification Provider Port, enter the port number for the push notification provider.
The default port is 443. 7. Click Generate Key.
The Presence Services generates a public and private key pair and an identifier. This data is required to authorize Presence Services on the push notification provider. The Presence Services also updates the following values:
· System Id: A unique identifier for your system. · Public Key: A public key. 8. Click Export.
Presence Services displays a pop-up window with the authorization information in JSON format. You must provide this data to your Avaya Cloud account.
The following is an example of the authorization data:
{ "systemId": "548235dd-ecfa-45c3-84a7-70aa63c331d5.mycompany.com", "publicKey": "-----BEGIN PUBLIC KEY-----
\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4Ay/RDdOvyaK4NbsJI9tvEyg82B+ \ni11RyEFM0JoyRezs8U1F/KjoLCfgt2G4TmVaqDeKLtj4vTtiLdHVKt+L1A==\n-----END PUBLIC KEY-----",
"alg": "ES256" "description": "Avaya Aura Presence Services", }
Important: · Do not close the Providers page on the Presence Services web interface while you
are exporting authorization data to your push notification provider. · Do not save the data you provided on the Providers page of the Presence Services
web interface until you export authorization data to your push notification portal. Otherwise, the push notification service might not work as expected. 9. Copy the system ID and public key data and provide it to your push notification provider.
For example:
"systemId": "9bf8f4ab-99b1-452b-9b7f-e75aacf31d19.mycompany.com" "publicKey": "-----BEGIN PUBLIC KEY----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9rtz4fuYhGm2JlvnI6lZmate8eEX \na4wvmklSdHGYZHos7y8xNBNCEj9wc3klayOKHYIVIeL0ryVFgM16Ud5FDQ==\n-----END PUBLIC KEY-----"
The steps you must perform to provide authorization data are provider-specific. For more information, contact your third-party push notification provider vendor. 10. Return to the Provider Settings page on the Presence Services administration portal. 11. Click Test to verify that your system can connect and authenticate with the push notification provider.

April 2021

Avaya Aura® Presence Services Snap-in Reference

321

Comments on this document? infodev@avaya.com

Administration
12. Do one of the following: · If the verification completed successfully, click Save. · If the verification failed, fix the issue as described in "Presence Services cannot connect to a push notification provider" section, and then re-run the connection test. If the problem persists, contact Avaya support personnel.
Related links Removing a third-party push notification provider on page 322
Removing a third-party push notification provider
About this task Use this procedure to remove the configuration for a third-party push notification provider from Presence Services. You can only remove a provider that is not used by any mobile applications. You cannot remove the default, built-in Avaya Push Notification provider. Procedure
1. On the Presence Services web interface, navigate to Push Notification > Provider. 2. In Push Notification Provider, select the required provider. 3. Click Remove and then click Yes in the confirmation window. Related links Configuring a third-party push notification provider on Presence Services on page 320
Configuring mobile application settings
About this task Use this procedure to configure push notifications for an iOS application. For third-party iOS applications, you must provide information about the application and select the required third-party push notification provider. Presence Services already contains configuration data for Avaya Workplace Client for iOS. You only need to select the amount of information notification messages will contain and to test that Avaya Workplace Client for iOS can receive notifications from the Avaya Push Notification provider. You cannot remove Avaya Workplace Client for iOS configuration data from the system.
Important: You must use the Avaya Push Notification provider for Avaya applications, such as Avaya Workplace Client for iOS. Before you begin Configure a push notification provider on Presence Services. For more information, see Configuring the Avaya Push Notification provider on Presence Services on page 318 and Configuring a third-party push notification provider on Presence Services on page 320.

April 2021

Avaya Aura® Presence Services Snap-in Reference

322

Comments on this document? infodev@avaya.com

Avaya push notification management
Procedure 1. On the Presence Services web interface, navigate to Push Notification > Applications. 2. Do one of the following: · To create a new mobile application configuration, click Add. · To edit the settings for an existing configuration, from Application Name, select the required application and then click Edit. 3. In Application Name, provide an appropriate application name. 4. In Application Id, provide the iOS application bundle identification string. Each application must have a unique identification string. 5. In Push Notification Provider, select the required push notification provider. 6. In Message Content Restriction, select one of the following options to specify the amount of information that is provided when an iOS application receives a push notification: · Highly Restricted: The application indicates that you have a new message. No other message detail is displayed. · Restricted: The application displays the message subject, sender, and, if the message contains an attachment, the attachment type. It will not display the message text. · Unrestricted: The application displays the message text and information about the subject, sender, and, if the message contains an attachment, the attachment type. This is the recommended option. 7. To verify that the Presence Services can send notifications to the mobile application, click Test.
8. Do one of the following: · If the verification completed successfully, click Save. · If the verification failed, fix the issue as described in "iOS application cannot connect to a push notification provider" in Troubleshooting Avaya Multimedia Messaging and then rerun the connection test. If the problem persists, contact Avaya support personnel.
Related links Disabling push notifications on page 323
Disabling push notifications
About this task Use this procedure to disable push notifications for a specific application. You cannot delete the pre-defined configuration for Avaya Workplace Client for iOS. Procedure
1. On the Presence Services web interface, navigate to Push Notification > Applications.

April 2021

Avaya Aura® Presence Services Snap-in Reference

323

Comments on this document? infodev@avaya.com

Administration
2. In the Application field, select the required mobile application. 3. Click Remove and then click Yes to confirm. Related links Configuring mobile application settings on page 322
Configuration parameters for iOS applications
To enable the use of push notifications on iOS applications, you must provide the ESM_PUSH_NOTIFICATION_ENABLED parameter to iOS applications using an automatic device configuration service. This parameter is used to enable or disable push notifications. To enable push notifications, set the parameter to 1. To disable push notifications, set the parameter to 0. You can use one of the following methods to configure this parameter:
· Import the parameter to the Dynamic Configuration service on Avaya Aura® Device Services using the dynamicConfigUpload.txt file. For more information, see "Administration of the Dynamic Configuration service" in Administering Avaya Aura® Device Services.
· Use the 46xxsettings.txt configuration file to push the parameter to clients. The Dynamic Configuration service is the recommended method. Use this option if Avaya Aura® Device Services is available in your deployment.
Miscellaneous configuration
Configuring the cluster IP address
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration. 2. On the Avaya Breeze Clusters page, select the check box corresponding to the cluster, and then click Edit. 3. On the Cluster Editor page, click the General tab. 4. In the Basic group, in the Cluster IPV4 field, type the cluster IP address. In a single-node deployment, specify the same cluster IP address as the Avaya Breeze® platform security module IP address. In a multinode deployment, specify a unique, routable cluster IP address. 5. Click Commit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

324

Comments on this document? infodev@avaya.com

Miscellaneous configuration
Enabling load balancer for Presence Services cluster
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze®, and then click Cluster Administration. 2. On the Avaya Breeze Clusters page, select the cluster, and then click Edit. 3. On the Cluster Editor page, under Cluster Attributes, select the Is Load Balancer enabled? check box, and then click Commit.
Viewing the supplier ID of the Presence Services snap-in service
About this task The supplier ID is a hard-coded value that the snap store uses to identify the Avaya Presence Services snap-in. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service for which you want to view the
supplier ID. 5. On the Attributes Configuration page, navigate to the System group.
Presence Services shows the supplier ID in the Supplier ID field.
Enabling Presence Services admin web GUI
About this task After you enable the Presence Services admin web GUI, you can access the Presence Services software inventory web service. For more information, see "Accessing the Presence Services Software Inventory web service." Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster.

April 2021

Avaya Aura® Presence Services Snap-in Reference

325

Comments on this document? infodev@avaya.com

Administration
4. In the Service field, click the Presence Services service for which you want to enable the Presence Services admin web GUI.
5. On the Attributes Configuration page, navigate to the System group. 6. In the Enable Presence Services Admin Web GUI field, in Effective Value, click True to
enable the Presence Services admin web GUI. The default is False. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. Related links Accessing the Presence Services software inventory web service on page 326
Accessing the Presence Services software inventory web service
About this task You can access the Presence Services software inventory web service, after you enable the Presence Services admin web GUI. For more information, see "Enabling Presence Services admin web GUI." Procedure
1. On the System Manager web console, click Elements > Avaya Breeze® 2. Click Cluster Administration.
A list of Avaya Breeze® platform clusters appear. 3. For the cluster containing Presence Services, in the Service URL field, select Presence
Services Admin. A new window appears. 4. Log in using System Manager administrative credentials. Presence Services Status page appears. 5. You can perform the following: · Click IM BROADCAST to use Instant Message Broadcast Tool. · Click THIRD PARTY SOFTWARE for information about third-party software inventory. · Click USERS for information about cluster users. · Click STATUS to view the status of the notifications. · Click PUSH NOTIFICATION to push the notifications about incoming call alerts and
other notifications. · Click MESSAGE SECURITY to configure message security settings, which includes
enabling and disabling of encryption, and also setting and updating of security passphrase.

April 2021

Avaya Aura® Presence Services Snap-in Reference

326

Comments on this document? infodev@avaya.com

6. After making the required changes, click Log Off.
Related links Enabling Presence Services admin web GUI on page 325 Push notifications on page 315

Miscellaneous configuration

Enabling Presence Services presence and IM support for XMPP clients
About this task After you set the Enable client-to-server XMPP services attribute to True, Presence Services enables presence and IM support for the XMPP clients. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the System group. 6. In the Enable client-to-server XMPP services field, in Effective Value, do one of the
following: · Click True to enable Presence Services presence and IM support for XMPP clients. · Click False to disable Presence Services presence and IM support for XMPP clients.
The default is True. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.

Enabling SIP call processing time log
About this task You can enable SIP call processing time log. You can use the log files later to debug problems that are related to SIP messaging. You can also use the log files to track the processing time of SIP messages within Presence Services.
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.

April 2021

Avaya Aura® Presence Services Snap-in Reference

327

Comments on this document? infodev@avaya.com

Administration
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the System group. 6. In the Enable SIP Call Processing Time Log field, in Effective Value, do one of the
following: · Click True to enable logging of the SIP call processing time. · Click False to disable logging of the SIP call processing time. The default is False. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.
Modifying the SIP subscription or publication expiry time
About this task When the Presence Services snap-in is restarted or a cluster High Availability event occurs, the system might take up to an hour for some connected endpoints to receive presence updates. You can reestablish the existing subscriptions. For over-engineered or lightly-loaded Presence deployments, you can shorten this recovery time by shortening the subscription time. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the System group. 6. In the Subscription/Publication Expiry Time field, in Effective Value, type the
subscription time in seconds. Valid values are 600 seconds through 43200 seconds. The default value is 2000 seconds. For presence deployments with more than 5000 users per server, leave the Subscription/Publication Expiry Time attribute at the default value of 2000 seconds. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

328

Comments on this document? infodev@avaya.com

Miscellaneous configuration
Restarting Presence Services
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Service Management. 2. Click Services. 3. Locate the Presence Services SVAR, and click the PresenceServices link. The system displays the PresenceServices: Avaya Breeze® Instance Status page. 4. In the Service Install Status column, verify the clusters on which the service is installed. 5. Click Service Management > Services, and then select the check box corresponding to the PresenceServices service. 6. Click Stop. The system displays a confirmation window listing all clusters on which the service is stopped. 7. Select the clusters that you want to stop, and click Stop. On the Service Management page, in the State column, the service state will change to Stopping. 8. Click the Refresh Table icon to refresh the screen. Eventually, the State column will display Stopped, indicating that the service has stopped. If you click the PresenceServices link, the PresenceServices: Avaya Breeze® Instance Status window will open showing the state as Stopped in the Service Install Status column. 9. Click Service Management > Services, and then select the check box corresponding to the PresenceServices service.
10. Click Start.
Note: Before starting Presence Services, ensure that Service Install state is Stopped, as described in Step 8. The system displays a confirmation window listing all clusters on which the service is installed. 11. Select the clusters that you want to start, and click Start. On the Service Management page, in the State column, the service state will change to Starting. 12. Click the Refresh Table icon to refresh the screen. Eventually, the State column will display Installed, indicating that the service has started.

April 2021

Avaya Aura® Presence Services Snap-in Reference

329

Comments on this document? infodev@avaya.com

Administration
If you click the PresenceServices link, the PresenceServices: Avaya Breeze® Instance Status window will open showing the state as Installed in the Service Install Status column.
Note: When the Presence Services snap-in is restarted or a cluster High Availability event occurs, the system might take up to an hour for some connected endpoints to receive presence updates. You can reestablish the existing subscriptions. For over-engineered or lightly-loaded Presence deployments, you can shorten this recovery time by shortening the subscription time. For more information, see "Modifying the SIP subscription or publication expiry time". 13. After 2-10 minutes, verify that Presence Services is ready to support Presence and IM. For more information, see "Verifying that Presence Services snap-in is ready to support Presence and IM". Related links Modifying the SIP subscription or publication expiry time on page 328 Verifying that Presence Services snap-in is ready to support Presence and IM on page 78
Changing the logging level
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration > Logging. The system displays the Logging page. 2. Do the following: a. In the Cluster field, select the required cluster. b. In the Server field, select the required server. c. In the Service field, click PresenceServices. d. In the Log Level field, select the type of logs that you want to view. 3. In the All Loggers in Service -- PresenceServices section, select PresenceServices. 4. Click Set Log Level, and then click Commit.
Note: The Clear Logs button is not supported for Presence Services.

April 2021

Avaya Aura® Presence Services Snap-in Reference

330

Comments on this document? infodev@avaya.com

Miscellaneous configuration
Configuring Presence/IM routing domain on System Manager
About this task On System Manager, users are configured with communication addresses, which are unique identifiers within a solution. A communication address is composed of a user part (referred to as handle on System Manager) and domain part. Within the Presence/IM solution, a user is uniquely identified by an Avaya Presence/IM communication address, which is composed of a user part, and a Presence/IM domain part. The Presence/IM domain may be the same as a user's SIP domain, or it may be different. For example, if the same domain is used for both SIP and Presence/IM, a user may be assigned the following communication addresses:
· Avaya SIP communication address set to user1@domainA.com · Avaya Presence/IM communication address set to user1@domainA.com For example, if different domains are used for SIP and Presence/IM, a user may be assigned the following communication addresses: · Avaya SIP communication address set to user1@domainB.com · Avaya Presence/IM communication address set to user1@domainC.com Presence/IM domains are configured on System Manager with type as SIP. Presence Services supports multiple Presence/IM domains. For example, there could be two users with Avaya Presence/IM communication addresses in different domains on System Manager: · User 2 with Avaya Presence/IM communication address set to user2@domainD.com · User 3 with Avaya Presence/IM communication address set to user3@domainE.com Procedure 1. On the System Manager web console, navigate to Elements > Routing.
The system displays the Introduction to Network Routing Policy page. 2. In the navigation pane, click Domains.
The system displays the Domain Management page. 3. Click New. 4. In the Name field, type the Presence/IM domain name. 5. In the Type field, select sip. 6. Click Commit to save the changes.

April 2021

Avaya Aura® Presence Services Snap-in Reference

331

Comments on this document? infodev@avaya.com

Administration
Backup and restore
Backup and restore for cluster database
Prior to release 8.0.1, Presence Services used the cluster database to store end-user information such as manual presence states and manual notes. The Backup and Restore feature of Avaya Breeze® platform is used to back up and restore this user data. As of release 8.0.2, Presence Services uses the cluster database to persist user conversation and store message-related data to fully support features of Avaya Workplace Client. The Backup and Restore feature of Avaya Breeze® platform also backs up and restores IM conversations, messages, and multi-media attachment files for the Presence Services clusters.
Note: This affects the amount of disk space required to store the backup files. For more information about cluster database backup and restore, see the Administering Avaya Breeze guide.
Backing up a cluster
About this task Configure Presence Services to back up the attachments if they are stored on the disk. Before you begin Configure the cluster database backup. For information on how to configure the cluster database backup, see the Administering Avaya Breeze® platform guide. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration > Attributes.
2. In the Attributes Configuration page, click Service Clusters tab and do the following: a. In the Cluster field, select the required cluster. b. In the Service field, click PresenceServices. c. Scroll down to Attachment Backup/Restore section.
3. In the Attachment Backup/Restore Enabled attribute field, do the following: a. To override the default value, select the Override Default check box. b. In the Effective Value , click True.
4. In the Backup Server Address field, type the IP address or FQDN of the FTP server where attachments will be stored.
5. In the Backup Server Username field, type the user name.

April 2021

Avaya Aura® Presence Services Snap-in Reference

332

Comments on this document? infodev@avaya.com

Backup and restore
6. In the "Backup Server User Password field, type the password. 7. (Optional) In the Backup Server Directory Path field, enter a subdirectory path under the
user's home directory where attachments are backed up. If the subdirectory is empty, the top level in user's home directory is used. Do not enter a path starting with "/" because directories at levels higher than the user's home directory nay not be accessible. 8. Click Commit. 9. To perform the backup, see "Backing up a cluster" section in Administering Avaya Breeze® platform guide. During the backup, the parameters configured in this section are used to copy attachments to the remote server.
Restoring a cluster
About this task You can restore any cluster where Cluster database is enabled. After the cluster database is restored, stop and start the Presence Services to initialize the restored data. Additionally, any attachments that are backed up to the remote server configured in the "Backing up a cluster" section will also be copied back to the cluster's disk. Before you begin Cluster database must be enabled. Procedure
1. To restore a cluster, follow the instructions as provided in "Restoring a cluster" section in Administering Avaya Breeze® platform guide. During the restore, the parameters configured in the "Backing up a cluster" section are also used to retrieve attachments stored remotely and transfer them back to the cluster.
2. Stop and start the Presence Services.
Configuring the backup storage location
About this task Configure the backup and restore settings to set up a remote server as a backup server on which you want to store the backup files. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze®, and then click Cluster Administration.
2. Click Backup and Restore, and then click Configure to configure the settings for the server on which you want to store the backup files.
3. On the Backup Storage Configuration page, do the following: a. In the FQDN or IP Address field, type the FQDN or IP address of the remote server where you want to store the backup files.

April 2021

Avaya Aura® Presence Services Snap-in Reference

333

Comments on this document? infodev@avaya.com

Administration
b. In the Login field, type the user name that has SSH privileges to access the backup server.
c. In the Password field, type the password to access the backup server. d. In the SSH Port field, type the SSH port of the backup server.
The default port is 22. e. In the Directory field, type the directory location on the backup server where you
want to store the backup files. f. In the Retained backup copies per cluster per snap-in DB field, click the number of
copies of the backup files that you want to store on the backup server. 4. Click Commit.
Viewing the backup and restore job status
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze®, and then click Cluster Administration. 2. On the Avaya Breeze Clusters page, click Backup and Restore, and then click Job Status. The Backup and Restore Status page displays the status of the backup and restore jobs.
Configuring the backup schedule
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze®, and then click Cluster Administration. 2. On the Avaya Breeze Clusters page, select the Presence Services cluster for which you want to schedule the backup. 3. Click Backup and Restore, and then click Backup. 4. On the Cluster DB Backup page, under Backup, select the Presence Services service for which you want to schedule the backup. 5. Under Job schedule, in the Backup Password field, type a password for the backup file. 6. In the Schedule Job area, do one of the following: · Click Run immediately to run the backup immediately. · Click Schedule later to schedule the backup for a later date and time. 7. If you select the Schedule later option, do the following: a. In the Task Time area, specify the date and time to run the backup.

April 2021

Avaya Aura® Presence Services Snap-in Reference

334

Comments on this document? infodev@avaya.com

Setting up Engagement Designer
b. In the Recurrence area, click Execute task one time only to run the backup one time. Or click Tasks are repeated and specify the time interval after which the backup procedure must run.
c. In the Range area, click End After and specify the number of occurrences after which the backup procedure must end. Or click End By Date and specify the date after which the backup procedure must end.
8. Click Commit. Related links
Restoring a backup file on page 335
Restoring a backup file
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze®, and then click Cluster Administration. 2. On the Avaya Breeze Clusters page, select the Presence Services cluster for which you want to restore the backup files. 3. Click Backup and Restore, and then click Restore. 4. On the Backup and Restore Jobs page, select the backed-up cluster that you want to restore, and then click Restore to restore the cluster database and attachment files to the Presence Services cluster. This step restores the backup file that contains the cluster database and attachment files to the Presence Services cluster.
Related links Configuring the backup schedule on page 334
Setting up Engagement Designer
Setting up Engagement Designer with Presence Services
About this task Use this procedure to set up Engagement Designer 3.3 with Presence Services. Before you begin Ensure that you have the following:
1. System Manager with a core platform cluster and a general purpose cluster. 2. Core platform cluster running Presence Services.

April 2021

Avaya Aura® Presence Services Snap-in Reference

335

Comments on this document? infodev@avaya.com

Administration
3. General purpose cluster running Engagement Designer 3.3 and Presence Services Connector.
Procedure 1. Configure the Presence Services connector to point to the Presence Services installation. You must use the Avaya Breeze® platform Management Module IP address, and not the Avaya Breeze® platform Security Module IP address. 2. Add Presence Services tasks to the Engagement Designer by doing the following: a. On the System Manager web console, navigate to Elements > Avaya Breeze®, and then click Cluster Administration. Ensure that you have logged into System Manager by using the FQDN, and not by using the IP address. b. In the Service URL column of the General Purpose cluster profile, click Designer Console URL. The Engagement Designer admin console is launched. c. Click Bundles on the Engagement Designer admin console. d. On the Bundles page, click Upload to upload the Presence Services Tasks svar file. e. Click Deploy. 3. To design a work flow, click the Engagement Designer link. In the Designer page, you must see the icons as shown in the image.

4. Drag and drop Presence Services Tasks into the designer. 5. Click Save and click Start to run the configuration. 6. You must connect each component. Do the following:
a. Hover over the Start component. When you hover over, you will see the Arrow icon. b. Click the Arrow icon and move your mouse over to connect to the "New Presence"
task. c. Move your mouse to connect the Presence task to the End task. The configuration must appear as shown in the following image:

April 2021

Avaya Aura® Presence Services Snap-in Reference

336

Comments on this document? infodev@avaya.com

Encryption

7. Click on the Set Presence task. The properties pane appears. 8. Enter the values, and then click Apply . 9. Click Close. 10. To run the Presence task, click the debug tool that is available on the top of the page.
You will be guided through a set of steps.
Encryption
The encryption feature keeps your messages and attachments more secure. It also lets you store your messages and attachments in an encrypted format. When a message or attachment is encrypted, it is secured with a passphrase and only the recipient has the special key to unlock and read it. Major severity alarms are raised when:
· Message encryption is enabled. · Message encryption is disabled. · A passphrase is updated.
Enabling message and attachment encryption
Before you begin Ensure that you have administrative access with Security Admin role permissions to the System Manager web console. Procedure
1. Log in to the System Manager web console. 2. Navigate to Elements > Cluster Administration. 3. In the Service URL column of the desired cluster, click Presence Services Admin.
The system displays the Avaya Aura® Presence Services login page in a new tab. 4. Log in using the same credentials that you use to log in to the System Manager web
console.

April 2021

Avaya Aura® Presence Services Snap-in Reference

337

Comments on this document? infodev@avaya.com

Administration
5. Click Message Security. 6. Select the Encryption Enabled check box. 7. Enter a new passphrase.
Important: Ensure that you remember the passphrase. If you forget the passphrase, you cannot recover it from the system. You can however reset it. 8. Click Save. 9. Verify the configuration: a. Click Message Security. b. Verify that the Encryption Enabled check box is selected. c. Ensure that the Update Passphrase field displays the passphrase as masked characters.
Updating message and attachment encryption key
Before you begin Ensure that you have administrative access with Security Admin role permissions to the System Manager web console. This role enables you to update the passphrase key without knowing the existing key. Procedure
1. Log in to the System Manager web console. 2. Navigate to Elements > Cluster Administration. 3. In the Service URL column of the desired cluster, click Presence Services Admin.
The system displays the Avaya Aura® Presence Services login page in a new tab. 4. Log in using the same credentials that you use to log in to the System Manager web
console. 5. Click Message Security. 6. Enter a new passphrase in the Update Passphrase field.
Important: Ensure that you remember the passphrase. If you forget the passphrase, you cannot recover it from the system. You can however reset it. 7. Click Save.

April 2021

Avaya Aura® Presence Services Snap-in Reference

338

Comments on this document? infodev@avaya.com

Encryption
Disabling message and attachment encryption
Before you begin Ensure that you have administrative access with Security Admin role permissions to the System Manager web console. Procedure
1. Log in to the System Manager web console. 2. Navigate to Elements > Cluster Administration. 3. In the Service URL column of the desired cluster, click Presence Services Admin.
The system displays the Avaya Aura® Presence Services login page in a new tab. 4. Log in using the same credentials that you use to log in to the System Manager web
console. 5. Click Message Security. 6. Clear the Encryption Enabled check box. 7. Click Save.
Resetting message and attachment encryption passphrase
Before you begin Ensure that you have administrative access with Security Admin role permissions to the System Manager web console. About this task If you forget your message and attachment encryption passphrase, use this procedure to reset it without being prompted for the existing passphrase. Procedure
1. Log in to the Breeze® node CLI as a root user. 2. Run the following script:
presMessageSecurity.sh -r On successful completion, the system displays the message Security Passphrase reset is enabled. Please set new passphrase in PS Admin Page. 3. To reset the passphrase, go to the Avaya Aura® Presence Services page from the System Manager web console. After the reset, the new passphrase takes effect immediately.

April 2021

Avaya Aura® Presence Services Snap-in Reference

339

Comments on this document? infodev@avaya.com

Administration
Configuring security cipher refresh time interval
Before you begin Ensure that you have administrative access with Security Admin role permissions to the System Manager web console. About this task The system runs an audit periodically to refresh the security cipher. The default time interval between audits is 5 minutes. Use this procedure to configure a different time interval. Procedure
1. Log in to the System Manager web console, as an administrator. 2. Click Elements > Avaya Breeze > Configuration > Attributes. 3. In the Cluster field, select the desired cluster. 4. In the Service field, select Presence Services. 5. Go to the Messaging (REST) section. 6. In the Security cipher audit interval field, enter the valid time interval in minutes. 7. Click Commit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

340

Comments on this document? infodev@avaya.com

Chapter 10: Performance

Capacity and scalability specification

Capacity and scalability specification

Endpoint Max. no.

mode

of users

Max. no. of devices

Max. avg. no. of contacts per user

Default max. contacts per user

SIP

Up to

117,000 on 40

11,000 on a single

a single

cluster,

server,

235,000 on

84,000 on a dual

a 9-VM

cluster, and

cluster1,

350,000 on

168,000 on a triple

dual 9­VM cluster2

cluster, and

250,000 on

triple 9­VM

cluster1

1003

Max. no. of subscription s/ minute/ server
300

Max. no. of presence updates per second/ server

Max. no. of XMPP IMs per second/ server

30

44

Table continues...

1 Clustered deployments of Presence Services are limited to a maximum of 9 VMs in a cluster and all VMs in the cluster must reside on the same subnet. A total of 168,000 users can be supported if two 9­VM clusters are deployed, and 250,000 users can be supported if three 9-VM clusters are deployed. For cluster deployments all VMs in the cluster must use the same resource profile: 12 vCPUs, 32 GB of RAM, and 28,800 Mhz of CPU reservation.
2 When the Multi-Device Access feature is used, Presence Services can support an average of 1.4 devices per user for a maximum total of 117,000 devices per cluster or 350,000 devices per Aura system with maximum of three 9­ VMPresence Services clusters.
3 By default, the maximum number of contacts permitted per user is 100. This option is configurable and the maximum can be increased but a fully-loaded Presence Services system can only support an average of 40 contacts per user.

April 2021

Avaya Aura® Presence Services Snap-in Reference

341

Comments on this document? infodev@avaya.com

Performance

Endpoint Max. no.

mode

of users

Max. no. of devices

Max. avg. no. of contacts per user

Default max. contacts per user

H.323 (XMPP)

Up to

84,000 on 40

11,000 on a single 9­

a single

VM cluster,

VM, 84,000 168,000 on

on a 9­VM a dual 9­

cluster1,

VM cluster,

168,000 on and 350 on

dual 9­VM a triple 9­

cluster, and VM cluster2

250,000 on

triple 9­VM

cluster1

1003

Max. no. of subscription s/ minute/ server
300

Max. no. of presence updates per second/ server

Max. no. of XMPP IMs per second/ server

30

44

Capacity and scalability specification

Feature AES Collector
IBM Domino Collector
Microsoft Exchange Collector Clustering

Restriction You can configure 4000 station monitors for each collector.
You can configure a maximum of 32,000 stations for each Presence Services cluster. You can configure 11,000 users for each collector.
Each collector can only communicate with a single Domino server. You can configure 11,000 users for each collector.
Each collector can only communicate with a single Exchange cluster. You can configure a maximum of 9 VMs and a maximum of two clusters for each cluster System Manager.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

342

Comments on this document? infodev@avaya.com

Capacity specifications for multimedia messaging

Feature High Availability

Restriction · Up to 11,000 users: total of 2 VMs in the cluster · Up to 22,000 users: total of 3 VMs in the cluster · Up to 33,000 users: total of 4 VMs in the cluster · Up to 44,000 users: total of 5 VMs in the cluster · Up to 55,000 users: total of 6 VMs in the cluster · Up to 65,000 users: total of 7 VMs in the cluster · Up to 75,000 users: total of 8 VMs in the cluster · Up to 84,000 users: total of 9 VMs in the cluster · Up to 168,000 users: total of 18 VMs, two clusters of 9 VMs each · Up to 250,000 users: total of 27 VMs, three clusters of 9 VMs each When High Availability is deployed, the additional servers are used for normal service as the cluster supports active-active High Availability protection and balances the load to all servers. High Availability provides fault protection for single server failures only. Cascading failures are not protected.

Note: For scaling out to the maximum supported user capacities with multiple clusters, only fully utilized clusters are supported. For example, support of less than 84,000 users is not supported on two or three clusters of any number of nodes. 84,000 users is only supported on a single cluster of 9 nodes. Similarly, support of less than 168,000 users is not supported on three clusters of any number of nodes. 168,000 users is only supported by two clusters of 9 nodes each. Additionally:
· Support of two clusters is not supported until the first cluster has reached its maximum capacity of 84,000 users on 9 nodes.
· Support of three clusters is not supported until the first two clusters have reached their maximum capacity of 168,000 users.

Capacity specifications for multimedia messaging
The following sections describe the maximum capacities for Presence Services deployment topologies to help you calculate the best message persistence time (PT) for the various topologies.

April 2021

Avaya Aura® Presence Services Snap-in Reference

343

Comments on this document? infodev@avaya.com

Performance

Table 4: Maximum capacities for Presence Services deployment topologies

Topology
Cluster of 1 VM-Profile-3 node Cluster of 1 VM-Profile-4 node Cluster of 1 VM-Profile-5 node Cluster of 2 VM-Profile-5 nodes Cluster of 3 VM-Profile-5 nodes Cluster of 4 VM-Profile-5 nodes Cluster of 5 VM-Profile-5 nodes Cluster of 6 VM-Profile-5 nodes Cluster of 7 VM-Profile-5 nodes Cluster of 8 VM-Profile-5 nodes Cluster of 9 VM-Profile-5 nodes

Maximum number of users
Umax Up to 1,000 Up to 5,000 Up to 11,000 Up to 11,000 Up to 22,000 Up to 33,000 Up to 44,000 Up to 55,000 Up to 65,000 Up to 75,000 Up to 84,000

Maximum number of persisted messages
Mmax (millions)

Description

Up to 0.9 Up to 4.3 Up to 9.5 Up to 9.5 Up to 18.8 Up to 28.3 Up to 37.7 Up to 47.1 Up to 55.7 Up to 64.3 Up to 72.0

Non-HA topology HA topology

Note: When the maximum threshold for message capacity is reached (which is 95%), the system deletes the oldest messages until the lower threshold for message capacity is reached (which is 92%). Persistence Time (PT) of a message Use the following algorithm to calculate the persistence time of a message using the preceding table for maximum capacities for Presence Services deployment topologies. The advantage of this algorithm is that it is not based on traffic patterns. 1. Determine the number of users (Ua) and the average message rate per user (MRPU) for
your topology. 2. Select a topology from the preceding table that closely matches your topology such that
Umax  Ua. Note the corresponding value of Mmax. 3. Calculate the message persistence time using the formula: PT = Mmax / (Ua x MRPU). 4. Verify if the persistence time matches your requirement. If you need a longer message
persistence time, select a topology that is next in the row in the table. Example: The following example assumes a HA topology set up with 10,000 users, requiring an average message rate of 200 messages a week for each user. Using the algorithm, you can calculate the persistence time of a message as follows:
1. Determine Ua and MRPU: According to the requirement, Ua is 10,000 users and MRPU is 200.

April 2021

Avaya Aura® Presence Services Snap-in Reference

344

Comments on this document? infodev@avaya.com

Capacity specifications for multimedia messaging
2. Select a topology from the maximum capacities table: The most economical topology is a "Cluster of two VM-Profile-5 nodes". This topology has Ua of 11,000 users, which is greater than required 10,000 users. Also, the corresponding Mmax value is 9.5 million.
3. Calculate the message persistence time: PT = Mmax / (Ua x MRPU) = 9.5 million / (10,000 x 200) = 4.75 weeks.
4. Verify if the persistence time matches your requirement: If, for example, you want a longer persistence time, choose a topology that is in the next row of the capacity table, which is, a "Cluster of 3 VM-Profile-5 nodes". The corresponding Mmax value is 18.8 million. The persistence increases as follows: PT = Mmax / (Ua x MRPU) = 18.8 million / (10,000 x 200) = 9.4 weeks.
5. Repeat the calculation until you are satisfied with the message persistence time.

April 2021

Avaya Aura® Presence Services Snap-in Reference

345

Comments on this document? infodev@avaya.com

Chapter 11: Security

Security settings

REST API clients authentication

REST API clients must authenticate with Presence Services to use the services provided by Presence Services.
Presence Services supports the following authentication types for REST API clients:

Authentication type Avaya
Enterprise

Authentication mechanism Digest
Basic

Authentication strategy
Use the Avaya Aura® credentials that are configured in System Manager.
Use the credentials that are configured in an Enterprise Directory service.

Source of user credentials used to authenticate the client
The Presence or IM handle and communication profile password that is configured in the user profile in System Manager.
For more information, see Enabling Avaya Digest authentication to authenticate REST API clients on page 349.
The Enterprise Directory server user element that is selected in the Presence Services configuration, and the password of the Enterprise Directory user.
For more information, see Enabling Enterprise Basic authentication to authenticate REST API clients on page 349.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

346

Comments on this document? infodev@avaya.com

Security settings

Authentication type Enterprise
Enterprise

Authentication mechanism IWA (Kerberos)
OAuth2 (JWT)

Authentication strategy
Use Single Sign On integrated Microsoft Windows credentials.
Use the JWT Bearer token provided by the client.

Source of user credentials used to authenticate the client
The user name and password of Microsoft Windows.
For more information, see Enterprise IWA over Kerberos authentication to authenticate REST API clients on page 352.
User authenticates with an authentication server like Avaya Aura® Device Services, AAS, and presents the issued JWT to Presence Services.
For more information, see Enabling Enterprise OAuth2/JWT authentication on page 355.

In addition to the specific configuration of Presence Services cluster service attributes for each authentication type, you must configure additional elements for Presence Services single-node and multinode cluster types.

For Presence Services single-node clusters, do the following:

Task Configure the Service FQDN

Comments
Configure the Service FQDN in DNS, which for a single-node cluster is the Avaya Breeze® platform Security Module FQDN.
The DNS entry resolves to the Avaya Breeze® platform Security Module IP address.

For Presence Services multinode clusters, do the following:

Task Configure the cluster IP address
Enable load balancer
Configure the Service FQDN

Comments
For more information, see Configuring the cluster IP address on page 324.
For more information, see Enabling load balancer for Presence Services cluster on page 325.
Configure the Service FQDN in the DNS. The DNS resolves the Service FQDN to the cluster IP address.

April 2021

Avaya Aura® Presence Services Snap-in Reference

347

Comments on this document? infodev@avaya.com

Security

Note:
· REST API clients use Service FQDN to connect to Presence Services.
· Add the Service FQDN that you configured in the preceding procedures to the SAN field of the HTTP Security Identity certificate of all Presence Services cluster nodes. Add the Service FQDN to the SAN field if it is not already added to the CN field.
· AADS is required for Presence Services and Equinox deployments in order to autoconfigure the Avaya Workplace Clients. For more information, see Configuring data center HTTP SRV records for the service FQDNs on page 60

Service attribute requirements for enterprise authentication

When the "Authentication Mechanism" service attribute is set to "Enterprise", Presence Services offers a combination of Basic, IWA/Kerberos, or OAuth2/JWT to the clients. The setting of other configuration attributes decide this. If the requirements of an authentication protocol are met, it is offered by the server to the clients.

Basic 4

Applicable Domains

Required

Directory URL

Required

Directory User DN

Required7

Directory User Password Required4

User Search Base

Optional

User Mapping Directory Required Attribute

User Identity Directory Attribute

Required

Kerberos Service

N/A

Principal

OAuth2 - Authentication N/A Server Public Key

OAuth2 - User Id Token N/A Key

OAuth2 - JWT Algorithm N/A

IWA5,6 N/A Required Required4 Required4 Optional Required
Required
Required
N/A
N/A
N/A

OAuth2 N/A N/A N/A N/A N/A N/A
N/A
N/A
Required
Required
Required

· N/A = Not applicable in the context of this authentication mechanism

4 Basic authentication is offered only when at least one Enterprise Directory Group is configured correctly. 5 IWA takes only the default Enterprise Directly Group into account and is offered only when this group's settings are
correct. 6 IWA also requires the Keytab file to be uploaded to the server. If not, IWA is not offered. 7 If Directory User DN is provided, Directory User Password must be provided. If anonymous access is desired, both
attributes must be blank. Also, note that in such cases, the directory should be configured to allow anonymous access.

April 2021

Avaya Aura® Presence Services Snap-in Reference

348

Comments on this document? infodev@avaya.com

Security settings
Enabling Avaya Digest authentication to authenticate REST API clients
About this task In Avaya Digest authentication, Presence Services authenticates the user name and password of the client against the profile data of the user that is configured in System Manager. Presence Services verifies the client-provided user name against the Presence/IM handle of the user and the client-provided password against the communication profile password. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Client REST Services group. 6. In the Enable Client REST Services field, in Effective Value, click True. 7. In the Authentication Mechanism field, in Effective Value, click Avaya. 8. In the Session Expiry field, in Effective Value, specify the session time out in minutes.
The default time is 15 minutes. You can ignore all other attributes in the Client REST Services group for Avaya Digest authentication. 9. (Optional) To override the default value, select the Override Default check box. 10. Click Commit.
Enabling Enterprise Basic authentication to authenticate REST API clients
About this task In Enterprise Basic authentication, Presence Services authenticates the user name and password of the REST API client against the user data that is configured in the Enterprise Directory Service. Presence Services verifies the client-provided user name against the value that is configured in the User Identity Directory Attribute field, and the client-provided password against the value that is configured in the Directory User Password field. The set of attributes under the Client REST Services is the default Enterprise Directory service. Four additional Enterprise Directory services can be configured. Settings for the Enterprise Directory services are located at the bottom of the Service Attributes. Each service group is labelled as Enterprise Directory 2-5 respectively. Each service group is configured in a similar fashion as the default Enterprise Directory service with one additional constraint. Each of these additional services must be configured with a list of comma-separated domains. For users in these domains or any sub-domains, the matching Enterprise Directory service will be used to authenticate the user. If no matching domain is specified among these additional services, the default Enterprise Directory service is used. Administrator must ensure that there are no duplicate domains used among the Enterprise Directory configurations. Otherwise, the wrong directory

April 2021

Avaya Aura® Presence Services Snap-in Reference

349

Comments on this document? infodev@avaya.com

Security
service could be used to authenticate and fail. Additionally, a health check alarm is raised if there are duplicate domains amongst the additional enterprise directories, which means, none of the additional enterprise directory should have a domain in common. If the domain attribute is blank, the entire Enterprise Directory configuration for that service group is ignored. All Enterprise Directory configuration changes require a Presence Services restart to take effect. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Client REST Services group. 6. In Effective Value, do the following:
a. In the Enable Client REST Services field, click True. b. In the Authentication Mechanism field, click Enterprise. c. In the Directory URL field, specify the connection URL to the directory service in the
format: ldap(s)://<address>:<port> d. In the Directory User DN field, specify the distinguished name of the administrative
user that is used to connect to the directory service.
Keep this field blank if you want to use anonymous directory searching. e. In the Directory User Password field, specify the password of the administrative
user that is used to connect to the directory service.
Keep this field blank if you want to use anonymous directory searching. f. In the User Search Base field, specify the distinguished name of the search base that
is used for user searches in the directory. g. In the User Identity Directory Attribute field, specify the user attribute in the
Enterprise Directory that is used by the Presence Services server for user identification.
You can set this attribute to any attribute, but the typical attributes are userPrincipalName, sAMAccountName, or uid. h. In the User Mapping Directory Attribute field, specify the Enterprise Directory data field that the Presence Services server maps to the user login name that is configured in the user profile in System Manager. i. In the Session Expiry field, specify the session time out in minutes.
The default is 15 minutes.

April 2021

Avaya Aura® Presence Services Snap-in Reference

350

Comments on this document? infodev@avaya.com

Security settings

Note:

The Kerberos Service Principal field is not applicable for Enterprise Basic Authentication.

7. (Optional) To override the default value, select the Override Default check box.

8. Click Commit. Example Example of service attribute configuration for Enterprise Basic authentication of an REST API client:

Service attribute Enable Client REST Service
Authentication Mechanism
Directory URL

Example value True
Enterprise
ldap://198.51.100.10:389

Comments
Set to true to enable the REST interface for REST API clients.
Set to enable Enterprise ­ Basic authentication.
The Enterprise directory IP address and port.

Directory User DN
Directory User Password User Search Base User Identity Directory Attribute User Mapping Directory Attribute
Kerberos Service Principal Session Expiry

Note:

The scheme is ldap, which is not secure.

CN=admin,OU=Users, DC=lab1,DC=avaya,DC=com

The Directory access user is defined as admin under the Users container.

my-nice-password
OU=MYLAB,DC=lab1,DC=avaya ,DC=com uid

The password of the user to access the Enterprise Directory.
Search for users under the MYLAB organizational unit.
The Enterprise Directory server uses this data field to search for users.

userPrincipalName

The Presence Services server uses this data field to verify against the login name of the user that is configured in System Manager.

Not applicable

Not applicable

15 (default)

The session time out (in minutes) after which REST sessions expire.

April 2021

Avaya Aura® Presence Services Snap-in Reference

351

Comments on this document? infodev@avaya.com

Security
Enterprise IWA over Kerberos authentication to authenticate REST API clients
Enterprise Integrated Windows Authentication (IWA) over Kerberos provides a single sign-on experience for the REST API client application that runs on Windows. The Windows PC credentials of a user are used to generate a Kerberos token. Presence Services uses this token in the authentication process. To use this authentication type, the administrator must generate a Kerberos keytab file and upload it to Presence Services. The keytab file enables Presence Services to authenticate against the Kerberos KDC. For more information about generating the keytab file, see "Generating the keytab file". Related links Generating the keytab file on page 352
Generating the keytab file About this task You can generate the keytab file on a Key Distribution Center (KDC). Typically, this is the same server where the Enterprise Directory service is running. The Microsoft enterprise directory is called Active Directory. Procedure 1. Create a new IWA service account. For example: ps_spn_user Do not select an account that is associated with an existing user. 2. If you are using Microsoft Active Directory 2008 or later, run the following command to attach the service principal name (SPN) to the domain name: setspn -S HTTP/<PS_LB_FQDN> <SPN_User_Login_WithoutDomain> For example:
setspn -S HTTP/ps.example.com ps_spn_user
3. Generate the ps.keytab file by running the following command: ktpass /out c:\ps.keytab /mapuser <SPN_User_Login_WithoutDomain>@<KERBEROS_REALM> /princ HTTP/ <PS_LB_FQDN>@<KERBEROS_REALM> /pass +rndPass /crypto all /kvno 0 For example:
ktpass /out c:\ps.keytab /mapuser ps_spn_user@EXAMPLE.COM /princ HTTP/ ps.example.com@EXAMPLE.COM /pass +rndPass /crypto all /kvno 0
where: <SPN_User_Login_WithoutDomain> is ps_spn_user <KERBEROS_REALM> is EXAMPLE.COM

April 2021

Avaya Aura® Presence Services Snap-in Reference

352

Comments on this document? infodev@avaya.com

Security settings
<PS_LB_FQDN> is ps.example.com
Note:
Parameters are case-sensitive. For example, kerberos_realm is not the same as KERBEROS_REALM. Uploading the keytab file Procedure 1. Log in to System Manager by using administrator credentials. 2. Navigate to Services > Inventory, and then click Manage Elements. 3. Do one of the following: · For a new Presence Services element, use the Import Kerberos Keytab File field to specify the keytab file. · For an existing Presence Services element, select the element, and then click Edit. Use the Import Kerberos Keytab File field to specify the keytab file. 4. Click Commit. Enabling Enterprise IWA / Kerberos authentication to authenticate REST API clients About this task IWA is offered to clients only through the default enterprise directory service configured within the "Client REST Services" group. Any additional enterprise directories configured are not used for IWA authentication. Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Client REST Services group. 6. In Effective Value, do the following: a. In the Enable Client REST Services field, click True. b. In the Authentication Mechanism field, click Enterprise. c. In the Directory URL field, specify the connection URL to the directory service in the format: ldap(s)://<address>:<port> d. In the Directory User DN field, specify the distinguished name of the administrative user that is used to connect to the directory service.
Keep this field blank if you want to use anonymous directory searching. e. In the Directory User Password field, specify the password of the administrative
user that is used to connect to the directory service.

April 2021

Avaya Aura® Presence Services Snap-in Reference

353

Comments on this document? infodev@avaya.com

Security

Keep this field blank if you want to use anonymous directory searching.

f. In the User Search Base field, specify the distinguished name of the search base that is used for user searches in the directory.
g. In the User Identity Directory Attribute field, specify userPrincipalName .

This is mandatory if IWA is required.
h. In the User Mapping Directory Attribute field, specify the Enterprise Directory data field that the Presence Services server maps to the user login name that is configured in the user profile in System Manager.

i. In the Kerberos Service Principal field, specify the service principal name (SPN) that is used to generate the Kerberos keytab file.

Enterprise IWA authentication is enabled after you specify the SPN in this field. If you do not specify the SPN in this field, Presence Services uses Enterprise Basic authentication.

j. In the Session Expiry field, specify the session time out in minutes.

The default is 15 minutes.

7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.

Example Example of service attribute configuration for Enterprise IWA authentication of an REST API client.

Service attribute Enable Client REST Services
Authentication Mechanism
Directory URL

Example value True
Enterprise
ldap://198.51.100.10:389

Comments
Set to True to enable the REST interface for REST API clients.
Set to enable Enterprise ­ IWA authentication.
Enterprise Directory IP address and port.

Directory User DN
Directory User Password User Search Base

Note:

The scheme is ldap, which is not secure.

CN=admin,OU=Users, DC=lab1,DC=avaya,DC=com

The Directory access user is defined as admin under the Users container.

my-nice-password
OU=MYLAB,DC=lab1,DC=avaya ,DC=com

The password of the user to access the Enterprise Directory.
Search for users under the MYLAB organizational unit.

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

354

Comments on this document? infodev@avaya.com

Security settings

Service attribute User Identity Directory Attribute User Mapping Directory Attribute
Kerberos Service Principal
Session Expiry

Example value userPrincipalName
userPrincipalName
HTTP/ ps.example.com@EXAMPLE.CO M 15 (default)

Comments
The Enterprise Directory server uses this data field to search for users.
The Presence Services server uses this data field to verify against the login name of the user that is configured in System Manager.
The service principal name (SPN) that is used to generate the Kerberos keytab file.
The session time out (in minutes) after which REST sessions expire.

Enabling Enterprise OAuth2/JWT authentication About this task OAuth2 configuration is available through the configuration attributes within REST Client Services group and it does not have any dependency on any enterprise directory. This authentication mechanism can be offered in addition to Enterprise Basic and Enterprise IWA mechanisms, provided those mechanisms are enabled. It cannot be offered with Avaya Digest mechanism.
Note:
· 1. Presence Services supports JWT Bearer tokens. 2. Presence Services supports following JWT algorithms: RS256, RS512, ES256 and ES512.
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Client REST Services group. 6. In Effective Value, do the following: a. In the Enable Client REST Services field, click True. b. In the Authentication Mechanism field, click Enterprise. c. In the OAuth2 - Authentication Server Public Key field, enter the Public Key of the Authentication Server which issues the token in PEM PKCS#8 format. For example, start with -----BEGIN PUBLIC KEY-----.

April 2021

Avaya Aura® Presence Services Snap-in Reference

355

Comments on this document? infodev@avaya.com

Security
d. In the OAuth2 - User Id Token Key field, enter the name of the claim within the token which carries user identity. This user identity must always be the login name of the user on System Manager.
e. In the OAuth2 - JWT Algorithm field, enter the name of the Cryptographic Algorithms for Digital Signatures and MACs used by Authentication Server to generate JWTs. This setting must match with the setting on authentication server.
7. Click Commit.
Extended hostname validation
Extended hostname validation provides an extra measure of certificate checking when establishing outgoing TLS connections with another server. When extended hostname validation is enabled, Presence Services validates the identity of the other server based on the certificate received during the negotiation process. Specifically, Presence Services validates the other server's identity as specified in the Common Name (CN) field of the Subject Name or the Subject Alternative Name (SAN) against the IPs or FQDNs configured in the system prior to the TLS connection setup. If there is a mismatch between the value in the certificate received and the provisioned/expected value, the connection is dropped immediately.
Note:
Ideally, the Common Name field is only examined if-and-only-if the SAN field is not present.
Note:
For SAN (DNSname) fields, one level of wild-carding is acceptable. For example, an external server may have *.example.com configured in its certificate. This would match against servers configured as level1.example.com or www.example.com, but would not match level2.level1.example.com or example.com.
Related links Enabling or disabling extended hostname validation on page 356
Enabling or disabling extended hostname validation
About this task By default, extended hostname validation is disabled. However, you can enable or disable extended hostname validation as required. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service.

April 2021

Avaya Aura® Presence Services Snap-in Reference

356

Comments on this document? infodev@avaya.com

Security settings
5. On the Attributes Configuration page, navigate to the Security group. 6. In the Extended Hostname Validation field, in Effective Value, do one of the following:
· To enable extended hostname validation, click Enabled. · To disable extended hostname validation, click Disabled. The default value is Disabled. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit. Related links Extended hostname validation on page 356
Configuring Presence Services security policy
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service for which you want to configure the security policy. 5. On the Attributes Configuration page, navigate to the Security group. 6. In the Presence Security Policy field, in Effective Value, do one of the following: · Click Secure Mode. If you select Secure Mode, external clients and servers must use TLS as the communication protocol to connect to Presence Services. · Click Best Effort Security. If you select Best Effort Security, external clients and servers must use either TCP or TLS as the communication protocol to connect to Presence Services. · Click No Security. If you select No Security, external clients and servers must use TCP as the communication protocol to connect to Presence Services. The default is Best Effort Security. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

357

Comments on this document? infodev@avaya.com

Security
Setting the communication protocol for XMPP clients to communicate with Presence Services
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Security group. 6. In the XMPP Client to Server Secure Communication (TLS) Mode field, in Effective Value, do one of the following: · Click Required. If you select Required, an XMPP client must use TLS as the communication protocol to connect to Presence Services. · Click Optional. If you select Optional, an XMPP client must use either TCP or TLS as the communication protocol to connect to Presence Services. · Click Disabled. If you select Disabled, an XMPP client must use TCP as the communication protocol to connect to Presence Services. The default is Optional. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.
Setting XMPP server-to-server mutual authentication to connect to Presence Services
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration. 2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service.

April 2021

Avaya Aura® Presence Services Snap-in Reference

358

Comments on this document? infodev@avaya.com

Security settings
5. On the Attributes Configuration page, navigate to the Security group. 6. In the XMPP Server to Server Mutual Authentication field, in Effective Value, do one of
the following: · Click Required.
If you select Required, the far-end XMPP server must send a valid certificate to Presence Services for verification. · Click Optional. If you select Optional, far-end XMPP server certificate verification is desired but not required. · Click Disabled. If you select Disabled, Presence Services does not request a certificate from the farend XMPP server. The default is Required. 7. (Optional) To override the default value, select the Override Default check box. 8. Click Commit.
Enabling or disabling select same site mode
About this task By default, select same site mode is disabled. However, you can enable or disable select same site mode as required. Procedure
1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration.
2. Click Attributes. 3. On the Service Clusters tab, in the Cluster field, click the Presence Services cluster. 4. In the Service field, click the Presence Services service. 5. On the Attributes Configuration page, navigate to the Security group. 6. (Optional) To override the default value, select the Override Default check box. 7. In the Select Same Site Mode field, in Effective Value, select one of the following:
· Disabled: Same site is not sent. · Lax: Same site mode will be lax. · None: Same site mode will be none. · Strict: Same site mode will be strict. The default value is Disabled.

April 2021

Avaya Aura® Presence Services Snap-in Reference

359

Comments on this document? infodev@avaya.com

Security
Note: If you are using 1XW Release prior to 3.17, you must set the Select Same Site Mode as Disabled. Otherwise, multimedia may not work properly. 8. Click Commit.

April 2021

Avaya Aura® Presence Services Snap-in Reference

360

Comments on this document? infodev@avaya.com

Chapter 12: Troubleshooting

Presence Services alarms

Presence Services alarms can be viewed by using any of the following options: · Open an SSH session to Avaya Breeze® platform Management Module IP address, navigate to the event.log file located at /var/log/Avaya/services. · On the System Manager web console, navigate to Services > Events > Alarms. · On the System Manager web console, navigate to Services > Events > Logs > Log Viewer.
Presence Services alarms The following alarms are supported on Presence Services:

Event ID CluMon_01

Alarm name Cluster Monitor

Severity Critical

PresServ_CLR_CluMo Clear Cluster Monitor n_01

Critical

IMArc_01 CLR_IMArc_01 IMArc_02 CLR_IMArc_02 GR_01

Message Archive upload Major failed

Clear Message Archive Major upload failed

Message Archiving Disabled

Critical

Clear Message Archiving Critical disabled

Lost Connectivity to remote Geographic Redundancy cluster

Critical

Description
Raised when the Presence Services node within a cluster has failed.
Raised when the Presence Services node is running and clears the PresServ_CluMon_01 alarm.
Raised when an attempt to SFTP archived messages to a remote site has failed.
Raised when the Presence Services node is running and clears the IMArc_01 alarm.
Raised when Message Archiving is disabled due to too many consecutive SFTP failures.
Raised when the Presence Services node is running and clears the IMArc_02 alarm.
Raised when Presence Services loses connectivity to the remote Geographic Redundancy cluster.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

361

Comments on this document? infodev@avaya.com

Troubleshooting

Event ID CLR_GR_01

Alarm name
Clear Lost Connectivity to remote Geographic Redundancy cluster

Severity Critical

GR_02 CLR_GR_02 HLTH_01 CLR_HLTH_01

Presence Services

Major

Geographic Redundancy

misconfigured

Clear Presence Services Major Geographic Redundancy misconfigured

Cluster Health Check failed

Major

Clear Cluster Health Check failed

Major

SMTPArc_01 CLR_SMTPArc_01 SMTPArc_02

SMTP archiving upload failed
Clear SMTP archiving upload failed
SMTP archiving Service Disabled -- Run time failure

Major Major Critical

CLR_SMTPArc_02 SMTPArc_03

Clear SMTP archiving service disabled
SMTP archiving Service Disabled -- Configuration failure

Critical Critical

CLR_SMTPArc_03

Clear SMTP archiving Service Disabled

Causes and resolutions of the alarms
Alarm name Causes

Critical Resolutions

Description
Raised when Presence Services establishes connectivity to the remote Geographic Redundancy cluster and clears the GR_01 alarm.
Raised when Presence Services Geographic Redundancy is misconfigured.
Raised when Presence Services Geographic Redundancy is configured correctly and clears the GR_02 alarm.
Raised when a Presence Services cluster-level health check has failed.
Raised when a Presence Services cluster-level health check has passed and clears the HLTL_01 alarm.
Raised when SMTP upload to the SMTP Server is failed.
Raised when Presence Services clear the SMTPArc_01 alarm.
Raised when SMTP archiving is disabled due to the fact that multiple consecutive attempts of uploading archived messages to the SMTP server are failed.
Raised when Presence Services clear the SMTPArc_02 alarm.
Raised when Presence Services cannot enable the SMTP archiving service due to incorrect configuration.
Raised when Presence Services clear the SMTPArc_03 alarm.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

362

Comments on this document? infodev@avaya.com

Presence Services alarms

Cluster Monitor · Network outage · Hardware failure · Software failure

1. Check the CluMon_01 log to identify the failed server.
2. On the System Manager web console, navigate to Elements > Avaya Breeze® > Server Administration.

3. Select the failed server.

4. From the Shutdown System menu, select Reboot.

5. If this fails, open an SSH session to the Avaya Breeze® platform Management Module IP address as root user.

6. Run the reboot command.

7. If this fails, verify the Enet connectivity to the server by pinging the server from a remote server.

8. If this fails, troubleshoot the server hardware.

Message Archive upload failed

Messaging Archiving attributes have been misconfigured.
For example, an invalid Remote Server Address has been entered.

Reconfigure the Message Archiving attributes
on System Manager at Elements > Avaya Breeze® > Configuration > Attributes.

Message

EXPORT_FAILED: Presence

Raise a ticket.

Archive upload Services failed to store the archived

failed

messages in XML format.

Message

ZIP_FAILED: Presence Services

Archive upload failed to create a ZIP file.

failed

Raise a ticket.

Message Archive upload failed

UPLOAD_FAILED: Remote server is reachable, but SFTP to the remote server failed for an unknown reason.

Troubleshoot the remote server to ensure that the remote server successfully accept files through SFTP.

Message

EXCEPTION or UNKNOWN:

Archive upload Internal Presence Services failure.

failed

Raise a ticket.

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

363

Comments on this document? infodev@avaya.com

Troubleshooting
Message Archiving Disabled

Messaging Archiving is enabled and configured through the service attributes at Elements > Avaya Breeze® > Configuration > Attributes > Group. This alarm is raised when the Message Archive upload failed alarm is continually raised for the duration specified in the Message Archiving Remote Upload Failures Threshold attribute.

Clear the condition that has caused the Message Archive upload failed alarm, that is, IMArc_01 to be raised. Once IMArc_01 is cleared, the system will clear the IMArc_02 alarm.

Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

364

Comments on this document? infodev@avaya.com

Lost Connectivity to remote Geographic Redundancy cluster

· Network outage · Hardware failure · Software failure

Presence Services alarms
In the following example:
· Clusters A and B are configured on System Manager at Elements > Avaya Breeze® > Cluster Administration, each with multiple Avaya Breeze® platform servers assigned.
· Managed Elements A and B are configured at Services > Inventory > Managed Element of type Presence Services on Avaya Breeze® with GEO Redundant Avaya Breeze Cluster as cluster B and A.
· Geographic Redundancy works correctly, then cluster A detects loss of connectivity to cluster B.
Cluster A raises a Lost Connectivity to Geographic Redundancy cluster alarm, which includes fields:
· Host Name: Short host name of one server in cluster A.
· Source IP Address: IP address of same server as earlier.
· Description: Lost connectivity to Geographic Redundancy cluster B.
To clear this alarm:
1. Restart Presence Services on cluster B. See Restarting Presence Services on page 268.
2. If alarm does not clear within 2-15 minutes, verify Enet connectivity between clusters by opening an SSH connection to one server in cluster A and pinging the Avaya Breeze® platform Security Module IP address of a server in cluster B, and vice versa. If this fails, troubleshoot the network.
3. If no Enet connectivity issues detected, troubleshoot the hardware of servers in cluster B.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

365

Comments on this document? infodev@avaya.com

Troubleshooting

Presence Services Geographic Redundancy misconfigured

· Geographic Redundancy is misconfigured.
· Geographic Redundancy cluster restart is pending after configuration.
· Primary and geo-redundant clusters are configured with the same data center value.

In the following example:
Clusters A and B are configured at Elements > Avaya Breeze® > Cluster Administration.
To clear this alarm:
1. On the System Manager web console, navigate to Services > Inventory > Manage Elements.
2. On the Manage Elements tab, select the managed element of type Presence Services on Avaya Breeze® with Primary Avaya Breeze Cluster field as cluster A, and then click Edit to edit the managed element.
3. On the Manage Elements tab, do the following:
a. In the Data Center field, select the data center that is configured to host cluster B.
b. In the GEO Redundant Avaya Breeze Cluster field, select B.
c. Click Commit.
4. On the Manage Elements tab, select the managed element of type Presence Services on Avaya Breeze® with Primary Avaya Breeze Cluster field as cluster B, and then click Edit to edit the managed element.
5. On the Manage Elements tab, do the following:
a. In the Data Center field, select the data center that is configured to host cluster A.
b. In the GEO Redundant Avaya Breeze Cluster field, select A.
c. Click Commit.
Note:
Ensure that the data centers that host cluster A and cluster B are different.
For more information about specifying a data center for the Presence Services cluster, see Administering geographic-redundant Avaya Breeze platform cluster to a managed element on page 58.
Table continues...

April 2021

Avaya Aura® Presence Services Snap-in Reference

366

Comments on this document? infodev@avaya.com

Presence Services alarms

SMTP archiving upload failed
SMTP archiving Service Disabled -- Run time failure
SMTP archiving Service Disabled -- Configuration failure
Cluster Health Check failed

· Network outage. · SMTP server is offline.
The SMTP Archiving attribute is enabled, but the SMTP Archiving failure occurs after the SMTP Upload Failures Threshold is reached.

6. Restart Presence Services for both the clusters. For more information, see Restarting Presence Services on page 268.
· Troubleshoot the network connectivity to the SMTP server.
· Contact the SMTP server administrator to resolve the server offline issue.
Clear the condition that causes the "SMTP archiving upload failed: SMTPArc_01 being raised" alarm. With the SMTPArc_01 alarm is cleared, the system will also clear this SMTPArc_02 alarm.

· SMTP Archiving Service attributes were incorrectly configured.
· At the time of configuration, the SMTP server is either offline or not reachable.

· Reconfigure the SMTP Archiving Service attributes on System Manager at Elements > Avaya Breeze® > Configuration > Attributes.
· Ensure that the SMTP server is operating and that the data path from the Presence Services server to the SMTP server is good.

See "Cluster Health Check failed alarms" section.

Cluster Health Check failed alarms
Domains are overlapping between enterprise directory groups
Cause Enterprise directory groups 2-5 in the Service Attributes page have a list of domains. The domain specified in the alarm message is found in multiple groups. Solution
1. Modify the enterprise directory groups and remove the duplicated domain. 2. Restart the Presence Services. Related links Presence Services alarms on page 361
Too many users have AES Collector enabled
Cause AES Collector system policy is defined at Elements > Presence > Configuration > Publish Presence with AES Collector ­ Default. Users inherit the system policy, and it can be overridden via Users > User Management > Manage Users > New > Communication Profile > Presence Profile > Publish Presence with AES Collector.

April 2021

Avaya Aura® Presence Services Snap-in Reference

367

Comments on this document? infodev@avaya.com

Troubleshooting
Users are assigned to a cluster at Users > User Management > Manage Users > New > Communication Profile > Presence Profile > System. This alarm is raised when the number of users assigned to this cluster, with AES Collector enabled, exceeds the number supported on the cluster. Solution Reduce the number of users assigned to this cluster with AES Collector enabled in one of the following ways: · Modify the AES Collector system policy at Elements > Presence > Configuration > Publish
Presence with AES Collector ­ Default. The possible values are Off and On. · Modify the individual user settings at Users > User Management > Manage Users >
Communication Profile > Presence Profile > Publish Presence with AES Collector. The possible values are On, Off, System Default.
Number of contact rosters exceeds the system limit
Cause A contact or roster is a concrete relationship where one user, also known as a watcher, wants to see the presence of another user presentity, and indirectly requires allocation of system resources. The number of contacts or rosters on the system can impact the system performance. This health check monitors whether the system has too many contacts or rosters and advises the administrator to take action. Solution If this alarm is raised, the administrator must examine the report logs on the roster. For example, Current Roster Statistics is: · Total Allowed Roster Size=x · Allocated Rosters=y (y%) · Actual Roster Size=z (z%) Where: x is the total number allowed by the system and is only impacted by the number of users. y is the number of rosters allocated from system resources based on the number of provisioned users (y% is a percentage of y from x). z is the actual number of rosters (actual presence relationships) created on the system (z% is percent of z from x). If z exceeds x, then there are too many rosters created. Increase the overall capacity of the system by adding more virtual machines to allow the system to support more users. Then, you can request the users to reduce the number of presence contacts in their contact list. If y exceeds x, then the system is in danger of exceeding the resources if every user creates their maximum number of contacts. Increase the overall capacity of the system by adding more virtual machines to allow the system to support more users. Then, you can reduce the value of the Roster Limit: Maximum Number of Contacts and Roster Limit: Maximum Number of External Watchers service attributes.

April 2021

Avaya Aura® Presence Services Snap-in Reference

368

Comments on this document? infodev@avaya.com

Presence Services alarms
For more information, see "Configuring Roster Limit" and "Configuring number of users for a Presence Services cluster." Related links Configuring Roster limit on page 271 Configuring number of users for a Presence Services cluster on page 48
Number of provisioned users is over the configured attribute limit
Cause The system raises a health check alarm when the number of provisioned users exceeds the limit configured in the service attribute. Solution Perform one of the following: · Increase the value of the Number of Users service attribute.
A service restart is required after the configuration change to take effect. The number of users cannot exceed to what is supported by the Avaya Breeze® platform profile. For more information, see "Cluster considerations." · Unassign some users from the cluster by changing their Presence Services communication profile. Related links Cluster considerations on page 28
Number of configured users is over the support limit
Cause The system raises a health check alarm if the number of users configured in the server global or cluster service attribute is greater than the maximum number of users supported by the Avaya BreezeTM VM profile. Solution Perform one of the following: · Change the Avaya Breeze® platform VM profile by adjusting the number of CPUs and/or the
total amount of physical memory available. A service restart is required after the configuration change to take effect. For more information, see "Cluster considerations." · Change the value of the Number of Users service attribute to match the currently deployed Avaya Breeze® platform VM profile. Related links Cluster considerations on page 28

April 2021

Avaya Aura® Presence Services Snap-in Reference

369

Comments on this document? infodev@avaya.com

Troubleshooting
No DNS SRV records found for any Presence domain for XMPP Federation
Cause The system raises a health check alarm if XMPP federation is enabled and there are no XMPP DNS SRV records created that resolve to any of the Presence Services domains configured for the cluster. Solution Configure proper SRV records for presence domains that can be resolved into current cluster. For more information, see "Administering DNS SRV records for local Presence Services domains." Related links Administering DNS SRV records for local Presence Services domains on page 210
Signaling security health check alarms
Solution Depending on the security policy set, verify the following service attributes in the Security group: · If the Presence Security policy is Secure Mode:
a. Ensure that the SIP Entity links are using TLS. b. Ensure that the XMPP Client to Server Secure Communication (TLS) Mode field is set
as Required. c. Ensure that the XMPP Federation <x> > Enable Secure Communication (TLS) <X> field
is set as True. · If the Presence Security policy is No Security:
a. Ensure that the SIP Entity links are using TCP. b. Ensure that the XMPP Client to Server Secure Communication (TLS) Mode field is set
as Disabled. c. Ensure that the XMPP Federation <x> > Enable Secure Communication (TLS) <X> field
is set as False. · If the Presence Security policy is Best Effort Security, any transport type is accepted.
No SIP Entity Link created for fqdnOrIpaddress FQDNOrIP_ADDRESS
Cause The system raises a health check alarm if "No SIP Entity Link created for fqdnOrIpaddress FQDNOrIP_ADDRESS" where FQDNOrIP_ADDRESS is the Presence services SIP Entity FQDN or IP address. Solution Ensure that SIP Entity Link is created for SIP Entity FQDN or IP address. For more information, see "Administering Entity Link between Avaya Breeze® platform and Session Manager". Related links Administering Entity Link between Avaya Breeze platform and Session Manager on page 41

April 2021

Avaya Aura® Presence Services Snap-in Reference

370

Comments on this document? infodev@avaya.com

Presence Services alarms
There is no PS SIP entity with matching FQDN as is configured in Local Host Name Resolution for the server's Security Module SIP entity IP
Cause The server's Security Module SIP Entity IP address is specified in the System Manager > Elements > Session Manager > Network Configuration > Local Host Name Resolution. However, the FQDN provided in this page does not match the SIP entity FQDN. Solution Modify the FQDN in the Local Host Name Resolution page or in the SIP Entity page so that the FQDN's match.
Too many events in DRS queue
Cause This condition is usually caused by traffic overload on the Presence Services cluster while a very large number of moves, adds and changes are occurring in System Manager. Solution Restart the Presence Services.
Server does not have an associated Presence Services SIP Entity FQDN or IP address
Cause There is no Presence Services SIP Entity associated with this Breeze server. Solution Create the associated Presence Services SIP Entity.
Federation domains are overlapping between federation groups
Cause The system found an external federation domain that is provisioned in multiple places in the Service Attributes. This may lead to unpredictable presence behavior. Solution Navigate to the Service Attributes and audit the values for: · Inter-PS Federation: Inter-PS Domain Name List · Microsoft Federation: Internal Microsoft Domain List & External Microsoft Domain List · XMPP Federation (1-4): XMPP Federation Domain List (1-4) If a domain is duplicated and this is not intended, remove the domain.

April 2021

Avaya Aura® Presence Services Snap-in Reference

371

Comments on this document? infodev@avaya.com

Troubleshooting
Federation domains overlap with Aura domains
Cause The system found an internal Aura domain that is also been provisioned as an external federation domain. This may lead to unpredictable presence behavior. You can find the internal Aura domains at: System Manager > Elements > Routing > Domains. Solution Navigate to the Service Attributes and audit the values for: · Inter-PS Federation: Inter-PS Domain Name List · Microsoft Federation: Internal Microsoft Domain List and External Microsoft Domain List · XMPP Federation (1-4): XMPP Federation Domain List (1-4) If an Aura domain is provisioned and this is not intended, remove the domain.
PresenceServicesEnhanced Snap-in is not installed
Cause Microsoft Federation is enabled. However, the PresenceServicesEnhanced Snap-in is not installed in the cluster. Solution Install PresenceServicesEnhanced Snap-in in the cluster. For more information, see the "Licensing" chapter.
Warning: If the Presence Services is in License error condition, installing PresenceServicesEnhanced Snap-in is blocked until the License error is corrected as mentioned in the "License has expired" section. Related links License has expired on page 372 Licensing on page 25
License has expired
Cause Microsoft Federation is enabled. However, there is no License installed in WebLM or the installed License is expired. Solution Get the PresenceServices License file from Avaya support. Install the License file on the WebLM. For more information, see the "Licensing" chapter. Related links Licensing on page 25

April 2021

Avaya Aura® Presence Services Snap-in Reference

372

Comments on this document? infodev@avaya.com

Network outage causes presence to stop working for some or all users
Load Balancer is not enabled on a multi-node cluster
Solution Ensure that the Load balancer checkbox is enabled in the Avaya Breeze® platform Cluster Configuration page for a multi-node cluster.
No FQDN is configured for a Service IP IP_ADDRESS
Cause No FQDN is configured for a Service IP IP_ADDRESS, where IP_ADDRESS is a cluster IP address in a multinode cluster or an Avaya Breeze® platform Security Module IP address in a single-node cluster. Solution For a single node cluster, define a DNS A record for the Avaya Breeze® platform Security Module IP address. For a multi-node cluster, define a DNS A record for Cluster IP of the Avaya Breeze® platform cluster or define the Avaya Breeze® platform cluster Load Balancer FQDN.
Server does not have an associated Presence Services managed element
Solution Ensure that there is an inventory managed element of type Presence Services at System Manager > Services > Inventory > Management Elements. Related links Presence Services alarms on page 361
Managed element is not assigned to the current cluster
Solution Ensure that there is an inventory managed element of type Presence Services at System Manager > Services > Inventory > Management Elements. Related links Presence Services alarms on page 361
Network outage causes presence to stop working for some or all users
Cause High Availability initiates the backup node to take over, but the primary node is still active. Therefore, when the network recovers more than one node service the same users resulting in potential wrong presence.

April 2021

Avaya Aura® Presence Services Snap-in Reference

373

Comments on this document? infodev@avaya.com

Troubleshooting
Solution 1. If only one node was disconnected, that is, the cable pulled out from one server: a. Log in to the Avaya Breeze® platform server that lost the network connectivity. b. Run the stop -s dcm command. c. Run the start -s dcm command. d. To check the status of DCM, run the statapp command. 2. If more than one node was disconnected or you are not able to determine which node was not connected: a. Log in to the System Manager web console. b. Navigate to Elements > Avaya Breeze®. c. Click Service Management > Services. d. Select the cluster and click Stop. e. Select your cluster and click Start.
Presence and IM fails on SIP endpoints due to the PPM getHomeCapabilities fault
Cause SIP endpoints invoke the Personal Profile Manager (PPM) web service on Session Manager to discover capabilities. PPM getHomeCapabilities is used to discover the home Presence Services cluster of an endpoint. If unsuccessful, Presence and IM are not supported on the endpoint. Solution
1. Open an SSH session to Session Manager management IP address. 2. Start the traceSM tool. 3. When starting the capture, ensure that PPM is selected. 4. Log in to the SIP endpoint. 5. Verify that the endpoint sends PPM getHomeCapabilities to Session Manager. 6. If Session Manager returns Fault : DataNotAvailable:
a. On the System Manager web console, navigate to Elements > Routing > SIP Entities.
b. Edit the Session Manager SIP Entity. c. Add a Listen Port. d. In the Listen Port field, enter 5061. e. In the Protocol field, enter TLS.

April 2021

Avaya Aura® Presence Services Snap-in Reference

374

Comments on this document? infodev@avaya.com

Unable to get _People View
f. In the Default Domain field, enter the login domain of endpoint devices. g. Select the Endpoints check box. h. Click Commit.
Unable to get _People View
Cause The Domino Calendar collector uses the _People database view available in the Domino server. However, for some Domino servers with localized templates, this _People view name is based on the locale of the template. For example, the German template contains the view _Personen, instead of _People. This causes the calendar collector to fail. The log message on the Presence Services server for this error condition is: Unable to get _People View. This log message is a FINE level log message. Solution To fix this issue, the Domino administrator must create the _People view.
Vysper fails to start when no domains are created in System Manager
Cause When no domains are created in System Manager, Vysper fails to start and reports the following error:
2017-01-17 08:50:24,471 [context-init-thread] presence.bootstrap.PsBootStrapServletListener ERROR - ContextInitThread#run() Exception while initializing, Unregister from CAR Error reading domains java.lang.IllegalArgumentException: Error reading domains
at com.avaya.presence.xmpp.gw.XmppGateway.initVysper(XmppGateway.java:142) at com.avaya.presence.xmpp.gw.XmppGateway.start(XmppGateway.java:83) at com.avaya.presence.bootstrap.PsBootStrapServletListener $ContextInitThread.run(PsBootStrapServletListener.java:487)
Solution 1. Configure domains on System Manager. 2. Restart Presence Services.
Related links Restarting Presence Services on page 268 Configuring Presence/IM routing domain on System Manager on page 301

April 2021

Avaya Aura® Presence Services Snap-in Reference

375

Comments on this document? infodev@avaya.com

Troubleshooting
Presence Services logging
Presence Services logs are stored on the Avaya Breeze® server nodes in the following directory: /var/log/Avaya/services/PresenceServices/. Multiple log files may be present, but the most recent application logs are available in the ps.log file. In a multi-server deployment, each node has its local logs only and they should be collected manually from each server to fetch the complete view of logs for the cluster. By default, the application log level is set to INFO. To change the log level, see "Changing the logging level." Presence Services also supports component level logging using the presLog CLI command. For more information, see "presLog." Related links presLog on page 394 Changing the logging level on page 330
Changing the logging level
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Configuration > Logging. The system displays the Logging page. 2. Do the following: a. In the Cluster field, select the required cluster. b. In the Server field, select the required server. c. In the Service field, click PresenceServices. d. In the Log Level field, select the type of logs that you want to view. 3. In the All Loggers in Service -- PresenceServices section, select PresenceServices. 4. Click Set Log Level, and then click Commit.
Note: The Clear Logs button is not supported for Presence Services.

April 2021

Avaya Aura® Presence Services Snap-in Reference

376

Comments on this document? infodev@avaya.com

Repairing replication between Avaya Breeze® platform and System Manager
Repairing replication between Avaya Breeze® platform and System Manager
Procedure 1. On the System Manager web console, navigate to Services > Replication. 2. In Replica Group column, click the appropriate Avaya Breeze® platform replication group. 3. In Replica Node Host Name column, locate Avaya Breeze®. 4. Verify that the status of the Synchronization Status field is green. If not, go to Step 5. 5. If Presence Services Snap-in has been deployed, in the Product column, verify that both Avaya Breeze® platform and Presence Services are displayed. 6. Select Avaya Breeze® platform, and click Repair. 7. After 2­15 minutes, verify that the status of the Synchronization Status field is green. If not, go to Step 8. 8. Verify that Enrollment Password is not expired. a. Navigate to Services > Security. b. In the navigation pane, click Certificates > Enrollment Password. 9. If the Enrollment Password is expired: a. Enter a password, and click Commit. It is highly recommended that the same password must be used. Otherwise, Avaya Breeze® platform and Presence Services must be re-administered, because System Manager Enrollment Password was configured during deployment of Avaya Breeze® platform. For more information, see Deploying Avaya Breeze® platform. b. Open an SSH session to the Avaya Breeze® platform Management Module IP address as sroot. c. On the command line interface, enter initTM -f. d. When prompted for the enrollment password, enter the password that you provided in Step 9a. e. Repeat Step 1 to Step 6.
Verifying that Presence Services snap-in is ready to support Presence and IM
Procedure 1. On the System Manager web console, navigate to Elements > Avaya Breeze® > Cluster Administration.

April 2021

Avaya Aura® Presence Services Snap-in Reference

377

Comments on this document? infodev@avaya.com

Troubleshooting
2. Locate the row for the cluster, and verify that: · The Cluster Profile field shows Core Platform. · The Cluster State field shows Accepting. · The Cluster Database field is green, and the value of Number of active connections for the active is not zero. · The Data Replication field shows a green checkmark. · The Service Install Status field shows a green checkmark. · The Tests Pass field shows a green checkmark. · The Data Grid Status field shows Up or is green. · The Overload Status field shows a green checkmark.
3. On the row for the cluster, use the arrow in the Details column to display the servers assigned to this cluster.
4. For each server, verify that: · The Security Module field shows Up. · The value of the Server Version field is correct. · The Server State field shows Accepting. · The Cluster Database field is green. · The Cluster Database Connection shows a green checkmark. · The Data Replication field shows a green checkmark. · The Service Install Status field shows a green checkmark. · The Tests Pass field shows a green checkmark. · The Data Grid Status field shows Up. Following is an example of a single-server Presence Services cluster that is ready to support Presence and IM:

April 2021

Avaya Aura® Presence Services Snap-in Reference

378

Comments on this document? infodev@avaya.com

Presence Services cannot connect to a push notification provider
5. Navigate to Elements > Avaya Breeze® > Service Management > Services. 6. Locate the row for the Presence Services snap-in, and click on the Presence Services link
within the Name column. The system displays a PresenceServices: Avaya Breeze® Instance Status window. 7. Verify that the Service Install Status column shows Installed and a green checkmark in one or more rows. 8. Verify that the Cluster Name column identifies the expected cluster. Following is an example of a Presence Services snap-in that is installed on a single-server cluster:

Presence Services cannot connect to a push notification provider
Condition When you test the connectivity to the push notification server, it fails. Solution
1. Ensure that the enterprise firewall is configured as described in "Firewall configuration". 2. Do one of the following:
· If you are testing the connectivity to the Avaya Push Notification provider, ensure that the authorization data, which you entered in Public Settings on your Avaya Cloud account, is a valid JSON string with the correct Presence Services data.
· If you are testing the connectivity to a third-party push notification provider, ensure that you correctly entered the system ID and public key information on your push notification provider.
3. If the problem persists, contact Avaya support.

April 2021

Avaya Aura® Presence Services Snap-in Reference

379

Comments on this document? infodev@avaya.com

Troubleshooting
Geographic Redundancy
Failure and Recovery
There are multiple scenarios where it is desired that a data center is made non-operational, and the users are migrated over to the other data center. Scenarios include occurrence of some disastrous event which leaves a data center completely or partially non-functional, in-service upgrades or even a routine maintenance procedure. In any of these scenarios, administrators must ensure that the access to the data center undergoing maintenance is completely disabled. For more information, see "Disabling access to a data center." Conversely, while recovering a failed data center or making a data center functional after maintenance, administrators must ensure that all the components are recovered and ready to provide service before the users are allowed access to the data center. For more information, see "Enabling access to a data center." Related links Enabling access to a data center on page 85 Disabling access to a data center on page 83

April 2021

Avaya Aura® Presence Services Snap-in Reference

380

Comments on this document? infodev@avaya.com

Chapter 13: Resources

Presence Services documentation

The following table lists the documents related to Presence Services. Download the documents from the Avaya Support website at https://support.avaya.com.

Title Overview Avaya Aura® Presence Services Snap-in Reference
Avaya Breeze® platform Overview and Specification
Administering Administering Avaya Breeze® platform
Administering Avaya Aura® System Manager
Implementing Deploying Avaya Breeze® platform

Use this document to:
Find information about the product characteristics, interoperability, administer, and configure.
Find information about the product characteristics and capabilities, including feature descriptions, interoperability, performance specifications, security, and licensing requirements.
Find the procedures to administer and configure Avaya Breeze® platform.
Find the procedures to administer and configure System Manager.
Find the procedures to install Avaya Breeze® platform.

Audience
Sales Engineers, System administrators, and support personnel Sales Engineers
System administrators and support personnel System administrators and support personnel
Avaya professional services, implementation engineers, support personnel, and system administrators

April 2021

Avaya Aura® Presence Services Snap-in Reference

381

Comments on this document? infodev@avaya.com

Resources
Finding documents on the Avaya Support website
Procedure 1. Go to https://support.avaya.com. 2. At the top of the screen, type your username and password and click Login. 3. Click Support by Product > Documents. 4. In Enter your Product Here, type the product name and then select the product from the list. 5. In Choose Release, select the appropriate release number. The Choose Release field is not available if there is only one release for the product. 6. In the Content Type filter, click a document type, or click Select All to see a list of all available documents. For example, for user guides, click User Guides in the Content Type filter. The list only displays the documents for the selected category. 7. Click Enter.
Accessing the port matrix document
Procedure 1. Go to https://support.avaya.com. 2. Log on to the Avaya website with a valid Avaya user ID and password. 3. On the Avaya Support page, click Support by Product > Documents. 4. In Enter Your Product Here, type the product name, and then select the product from the list of suggested product names. 5. In Choose Release, select the required release number. 6. In the Content Type filter, select one or both the following categories: · Application & Technical Notes · Design, Development & System Mgt The list displays the product-specific Port Matrix document. 7. Click Enter.

April 2021

Avaya Aura® Presence Services Snap-in Reference

382

Comments on this document? infodev@avaya.com

Presence Services documentation
Avaya Documentation Center navigation
The latest customer documentation for some programs is now available on the Avaya Documentation Center website at https://documentation.avaya.com.
Important: For documents that are not available on Avaya Documentation Center, click More Sites > Support on the top menu to open https://support.avaya.com. Using the Avaya Documentation Center, you can: · Search for content by doing one of the following:
- Click Filters to select a product and then type key words in Search. - From Products & Solutions, select a solution category and product, and then select the
appropriate document from the list. · Sort documents on the search results page. · Click Languages ( ) to change the display language and view localized documents. · Publish a PDF of the current section in a document, the section and its subsections, or the
entire document. · Add content to your collection by using My Docs ( ).
Navigate to the Manage Content > My Docs menu, and do any of the following: - Create, rename, and delete a collection. - Add topics from various documents to a collection. - Save a PDF of selected content in a collection and download it to your computer. - Share content in a collection with others through email. - Receive collection that others have shared with you. · Add yourself as a watcher using the Watch icon ( ). Navigate to the Manage Content > Watchlist menu, and do the following: - Enable Include in email notification to receive email alerts. - Unwatch selected content, all content in a document, or all content on the Watch list page. As a watcher, you are notified when content is updated or deleted from a document, or the document is removed from the website. · Share a section on social media platforms, such as Facebook, LinkedIn, and Twitter. · Send feedback on a section and rate the content.

April 2021

Avaya Aura® Presence Services Snap-in Reference

383

Comments on this document? infodev@avaya.com

Resources
Note: Some functionality is only available when you log on to the website. The available functionality depends on the role with which you are logged in.

Training

The following courses are available on the Avaya Learning website at https://www.avayalearning.com. To search for the course, log in to the Avaya Learning Center, enter the course code in the Search field and click Go.

Course code 20980W

Course title What's New with Avaya Aura® Release 8.1

Viewing Avaya Mentor videos
Avaya Mentor videos provide technical content on how to install, configure, and troubleshoot Avaya products.
About this task
Videos are available on the Avaya Support website, listed under the video document type, and on the Avaya-run channel on YouTube.
· To find videos on the Avaya Support website, go to https://support.avaya.com/ and do one of the following:
- In Search, type Avaya Mentor Videos, click Clear All and select Video in the Content Type.
- In Search, type the product name. On the Search Results page, click Clear All and select Video in the Content Type.
The Video content type is displayed only when videos are available for that product.
In the right pane, the page displays a list of available videos.
· To find the Avaya Mentor videos on YouTube, go to www.youtube.com/AvayaMentor and do one of the following:
- Enter a key word or key words in the Search Channel to search for a specific product or topic.
- Scroll down Playlists, and click a topic name to see the list of videos available for the topic. For example, Contact Centers.

April 2021

Avaya Aura® Presence Services Snap-in Reference

384

Comments on this document? infodev@avaya.com

Note: Videos are not available for all products.

Support

Support
Go to the Avaya Support website at https://support.avaya.com for the most up-to-date documentation, product notices, and knowledge articles. You can also search for release notes, downloads, and resolutions to issues. Use the online service request system to create a service request. Chat with live agents to get answers to questions, or request an agent to connect you to a support team if an issue requires additional expertise.
Using the Avaya InSite Knowledge Base
The Avaya InSite Knowledge Base is a web-based search engine that provides: · Up-to-date troubleshooting procedures and technical tips · Information about service packs · Access to customer and technical documentation · Information about training and certification programs · Links to other pertinent information
If you are an authorized Avaya Partner or a current Avaya customer with a support contract, you can access the Knowledge Base without extra cost. You must have a login account and a valid Sold-To number. Use the Avaya InSite Knowledge Base for any potential solutions to problems.
1. Go to http://www.avaya.com/support. 2. Log on to the Avaya website with a valid Avaya user ID and password.
The system displays the Avaya Support page. 3. Click Support by Product > Product-specific Support. 4. In Enter Product Name, enter the product, and press Enter. 5. Select the product from the list, and select a release. 6. Click the Technical Solutions tab to see articles. 7. Select relevant articles.

April 2021

Avaya Aura® Presence Services Snap-in Reference

385

Comments on this document? infodev@avaya.com

Appendix A: CLI commands

presAlarmTest

Run this script on Avaya Breeze® platform to trigger or clear Presence Services alarms.

You must log in as a root user to run this command.

Syntax

presAlarmTest [-l] [-r] [-c] [-h]

Options:

· -l: Lists all available alarms. · -r [alarm-event-code]: Raises a given alarm or omits the alarm-event-code to raise all
alarms. · -c [alarm-event-code]: Clears a given alarm or omits the alarm-event-code to clear all
alarms. · -h: Prints the help. Sample output 1
# cd /opt/Avaya/snap_in/ps/bin/ # ./presAlarmTest.sh

Test Tool for raising/clearing all Presence Services alarms. Usage: presAlarmTest -l|-r|-c
Options: -l list all available alarms -r [alarm-event-code], raise a given alarm or leave alarm-event-code blank
to raise all alarms -c [alarm-event-code], clear a given alarm or leave alarm-event-code blank
to clear all alarms -h Prints this help

Sample output 2

# ./presAlarmTest.sh -l

Available alarms:

MESSAGE_ARCHIVE_UPLOAD_FAILURE_ALARM_CODE_MAJOR

MESSAGE_ARCHIVE_UPLOAD_FAILURE_ALARM_CODE_CRITICAL

GEO_REMOTE_DATACENTER_FAILURE_ALARM_CODE_CRITICAL

GEO_CONFIG_ALARM_CODE_MAJOR GR_02

HEALTH_MONITOR_CLUSTER_ALARM_MAJOR HLTH_01

HEALTH_MONITOR_SERVER_ALARM_MAJOR

HLTH_02

HEALTH_MONITOR_CLUSTER_ALARM_CRITICAL HLTH_03

IMArc_01 IMArc_02 GR_01

Sample output 3

# ./presAlarmTest.sh -r IMArc_01

April 2021

Avaya Aura® Presence Services Snap-in Reference

386

Comments on this document? infodev@avaya.com

Sample output 4
# ./presAlarmTest.sh -c IMArc_01

presBuildAttachmentDisk

presBuildAttachmentDisk
Use the following script to configure the attachment store disk and directory structure.
Note: Ensure that you set Presence Services to Deny New Service mode before you run the script. Syntax presBuildAttachmentDisk --autoconfigure | --detach | --move Options · --autoconfigure: Configures the attachment disk if it exists, otherwise creates an alternate attachment directory structure in /var/ps. · --detach: Removes the existing attachment data and unmounts the attachment disk or removes the alternate attachment directory from /var/ps. · --move: Moves the alternate attachment store from /var/ps to /opt/ps on the second virtual hard disk.

presCleanup
You must run this script after Presence Services has been uninstalled from System Manager.
Caution: The presCleanup command force cleans Presence Services on Avaya Breeze® platform. Use this command with caution. Syntax presCleanup [-db] [-log] [-grid] [-all] Options: · -db: Cleans the Presence Services database. · -log: Deletes the Presence Services log files. · -grid: Undeploys any Presence Services processing units and associated directories. · -all: Cleans the Presence Services database, deletes the Presence Services log files, and Undeploys any Presence Services processing units and associated directories.

April 2021

Avaya Aura® Presence Services Snap-in Reference

387

Comments on this document? infodev@avaya.com

CLI commands

presClients

This command is used to:

· List all users or devices logged in to the Presence Services instance.

· Display current presence document (PIDF) for online and offline users.

· Take actions on the subscriptions for logged-in users.

Syntax

presClients [-h] [-u <login_name>] [-m {SIP|XMPP}] [-i <client_ip> ] [-n <ps_node>] [-t|-r|--resend-list[<list_name>]] [-p]

Options:

· -u <login_name>: Avaya user login name. · -m {SIP|XMPP}: Device communication protocol. · -i <client_ip>: Device IP address.

· -n <ps_node>: Presence Services address (IP or FQDN).

Actions (must specify a filter):

· -r: Resend Notify(s) or stanza(s) with full PIDF to watcher for all active or non-list presence event subscriptions.
· --resend-list [list_name]: Resend Notify(s) with full PIDF to watcher for each presentity in the active list subscription (SIP devices only).
· -t [restart | disable]: Terminate active subscriptions or connections to the device. SIP devices receive a termination Notify to all active subscriptions.

- restart: Client may resubscribe immediately - disable: Client must not resubscribe until logging out and logging in.

XMPP endpoints receive a XMPP Stream closure stanza. · -p [tuples]: Display current presence document (PIDF) of the user. This action can be
used only with the -u filter. Sample output 1

# presClients

Active Presence Server Client Connections

Cluster : cluster-185

Nodes : 32646=192.0.2.10,32648=198.51.100.10

Active Publish & Subscriptions(node/expires remaining)

User

IP Address

Mode

User-Agent/

Resource

Last Publish Time

Publish

Self

Winfo

Acl

list(s)

----------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

----

2600002@avaya.com | 192.0.10.111:60269 | SIP |

Avaya one-X Communicator

| 2015-09-30 17:49:17 | 32648/369 | 32648/1568 | 32648/1568 | 32648/1568 |

default( 32648/1568)

April 2021

Avaya Aura® Presence Services Snap-in Reference

388

Comments on this document? infodev@avaya.com

presClients

2600003@avaya.com | 192.0.10.155:60834 | SIP |

Avaya Flare Engine

| 2015-09-30 18:42:58 | 32646/3589 | 32646/4788 | 32646/4788 |

-/- |

-/-

Sample output 2

# presClients -u 2600002@avaya.com -p

Active Presence Server Client Connections

userid

|

ipaddress

| lastpublishtime

-------------------+---------------------+---------------------

2600002@avaya.com | 198.51.100.101:52308 | 2016-02-26 15:45:11

PIDF:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<presence entity="pres:2600002@yash.ps.avaya.com" xmlns="urn:ietf:params:xml:ns:pidf"

xmlns:avav="urn:avaya:com:presence:rpid:availability"

xmlns:avcl="urn:avaya:com:PS:rpid:vclass" xmlns:pscaps="urn:com:avaya:pidf:servcaps:ps"

xmlns:d="urn:ietf:params:xml:ns:pidf:data-model"

xmlns:caps="urn:ietf:params:xml:ns:pidf:caps"

xmlns:r="urn:ietf:params:xml:ns:pidf:rpid"

xmlns:apas="urn:com:avaya:pidf:rpid:extended" xmlns:cc="urn:com:avaya:presence:cc">

<tuple id="enterprise-im_b137287c-bdc2-5c3a-92a1-06d7628eea5d">

<status>

<basic>open</basic>

</status>

<r:class>Enterprise IM</r:class>

<avcl:vClass>Avaya.1XC</avcl:vClass>

<r:activities>

<avav:available/>

</r:activities>

<contact>2600002@yash.ps.avaya.com</contact>

<timestamp>2016-02-26T10:45:11.112-05:00</timestamp>

</tuple>

<tuple id="video_b137287c-bdc2-5c3a-92a1-06d7628eea5d">

<status>

<basic>closed</basic>

</status>

<r:class>Video</r:class>

<avcl:vClass>Avaya.1XC</avcl:vClass>

<r:activities>

<avav:offline/>

</r:activities>

<contact>sips:2600002@avaya.com</contact>

<timestamp>2016-02-26T10:45:11.111-05:00</timestamp>

</tuple>

<tuple id="phone_b137287c-bdc2-5c3a-92a1-06d7628eea5d">

<status>

<basic>open</basic>

</status>

<r:class>Phone</r:class>

<apas:extended-state>

<apas:phonestate>

<apas:onhook/>

</apas:phonestate>

</apas:extended-state>

<avcl:vClass>Avaya.1XC</avcl:vClass>

<r:activities>

<avav:available/>

</r:activities>

<contact>sips:2600002@avaya.com</contact>

<timestamp>2016-02-26T10:45:11.111-05:00</timestamp>

</tuple>

<d:person id="ps_generated">

<r:activities>

<avav:available/>

</r:activities>

April 2021

Avaya Aura® Presence Services Snap-in Reference

389

Comments on this document? infodev@avaya.com

CLI commands <avav:availabilityDescription> <avav:component type="overall-presence-state"/> </avav:availabilityDescription> </d:person> </presence>

presCollectMetrics

The presCollectMetrics command-line tool can be used to discover real-time and historical data about the Presence Services system.

Syntax

presCollectMetrics [-u JMX user] [-p JMX port] [-P JMX password] [-i node IP] [-r | -h] <Metrics>

Options:

· --u JMX user · --p JMX port · --P JMX password · --I node IP · --r: Real-time metrics.

By default, the real-time metrics is displayed for all components when no parameters are specified. · --h: Historical metrics. · Metrics: The valid metrics are sip, gigaspaces, xmpp, http, and aem. · --help Sample output 1

# presCollectMetrics Gigaspaces
com.avaya.presence.om:type=GigaspacesMetrics,192.0.2.51 CPU Percentage=0.33% Heap Usage (MB)=104.83 Object Count=1803 Thread Count=211
Sample output 2

# presCollectMetrics sip

com.avaya.presence.om:type=SipMetrics,192.0.2.51

Active Subscriptions (Incoming)

= 4

Directed

= 1

RLMI

= 1

Dynamic List

= 0

ACL

= 1

Winfo

= 1

Active Subscriptions (Outgoing)

= 60

Active IM Sessions

Incoming

= 0

April 2021

Avaya Aura® Presence Services Snap-in Reference

390

Comments on this document? infodev@avaya.com

presCollectMetrics

Outgoing

= 0

Counters

--------

Publishes

= 0

Notifications

= 0

Instant Messaging

In-Dialog Messages

= 0

Out-of-Dialog Messages (Incoming) = 0

Out-of-Dialog Messages (Outgoing) = 0

In a multi-node Presence Services cluster, it is possible to collect metrics for a particular node, by specifying the Avaya Breeze® platform Management Module IP address of that node.

Sample output 3

# presCollectMetrics -i 192.0.2.51

com.avaya.presence.om:type=SipMetrics,192.0.2.51

Active Subscriptions (Incoming)

= 4

Directed

= 1

RLMI

= 1

Dynamic List

= 0

ACL

= 1

Winfo

= 1

Active Subscriptions (Outgoing)

= 60

Active IM Sessions

Incoming

= 0

Outgoing

= 0

Counters

--------

Publishes

= 0

Notifications

= 0

Instant Messaging

In-Dialog Messages

= 0

Out-of-Dialog Messages (Incoming) = 0

Out-of-Dialog Messages (Outgoing) = 0

Failed to connect to PS (failed to lookup mbean for: Xmpp) com.avaya.presence.om:type=GigaspacesMetrics,192.0.2.51
CPU Percentage=0.32% Heap Usage (MB)=149.23 Object Count=1805 Thread Count=211
It is possible to retrieve data about a metric type from the past 24 hours by using the -h parameter. The data is collected by the system every five minutes for up to 24 hours. When using the -h parameter, a comma-separated value (CSV) file is written to the disk. This CSV file can be loaded into a program such as, Microsoft Excel or can be used to generate a graph using the presGraphMetrics command-line tool. Sample output 4 # presCollectMetrics -h sip
Wrote : psng-gigaspaces-20160314102531.csv

April 2021

Avaya Aura® Presence Services Snap-in Reference

391

Comments on this document? infodev@avaya.com

CLI commands
presGraphMetrics
This command is used to get graph historical metric data generated by the presCollectMetrics command-line tool. The --help parameter displays how it is used. Syntax presGraphMetrics -f CSV Filename -T1|24 -t Options:
· --f: File name. · --T1|T24: T1 will display the metrics from the last hour. T24 will display the metrics from the
last 24 hours. · --t: Total count Sample output 1 # presGraphMetrics --help
Invalid option: -Presence Services Graph Metrics Tool
Usage: presGraphMetrics -f <CSV Filename> -T<1|24> <Column Names To Graph ...> e.g. presGraphMetrics -f psng-gigaspaces.csv -T24 THREAD_COUNT WRITE READ -t show Total Count where T 1 = Last hour or 24 = Last 24 hours
Sample output 2 # presGraphMetrics -f ./psng-gigaspaces-0160314102531.csv -T24 HEAP_USED_MB
== Graph completed in 1.056 sec filename = "psng-20160314103301.png" width = 1104, height = 867 byteCount = 32778 imginfo = "<img src='psng-20160314103301.png' width='1104' height = '867'>" No print lines found Wrote : psng-20160314103301.png
The resulting PNG graphics file can be loaded by an image viewing program.

April 2021

Avaya Aura® Presence Services Snap-in Reference

392

Comments on this document? infodev@avaya.com

presHealthCheck

presHealthCheck
This CLI command is used to manually check the health of the Presence Services Snap-in on Avaya Breeze® platform. The health checks are the same ones normally executed by the Health Monitor. Running the presHealthCheck command does not result in any logs or alarms regardless of the results of the check.
Sample output 1
# presHealthCheck -h
Presence Services Health Check Tool Runs all health checks that are normally executed by the Health Monitor. Running health checks from this tool does not result in any logs or alarms regardless of the results of the checks. Usage: presHealthCheck
-h Prints this help

April 2021

Avaya Aura® Presence Services Snap-in Reference

393

Comments on this document? infodev@avaya.com

CLI commands
Sample output 2 # presHealthCheck
Results are: FederationDomainsHealthChecks:overlappingDomainsAcrossFederationConfigurations FAILED FederationDomainsHealthChecks:overlappingDomainsAcrossSmgrConfiguredDomains PASSED AesCollectionHealthChecks:checkForWatchingTooManyUsers PASSED AesCollectionHealthChecks:checkForAbandonedUsers PASSED

presLog

Use this script to enable or disable component level logging for the Presence Services application.

Syntax

presLog {[[-p <package,p2,p3,...,all>[-f]]]-l <level>} | -d | -r | -h]]

Options:

· -p <package_list>: Displays the package names separated by commas and without any spaces.

· -l <level> ALL|FINEST|FINER|FINE|INFO|WARN|ERROR|FATAL

· --f: Redirects the package logging to an additional file. Available only with -p option. Package logs are stored in /var/log/Avaya/services/PresenceServices/module.log

· --d: Displays all package settings.

· --r: Resets all settings to default.

· --h: Displays this help.

Sample output 1

# presLog -d

========================================================

Package

Level Module Description

========================================================

ac

....

Availability Calculator

aes

....

AES

auth

....

Authentication

calendar

....

Calendar

clustermonitor ....

Cluster Monitor

collector

....

Collector

common

....

Common

datagrid

....

Data Grid

dataobject

....

Data Object

domino

....

Domino

exchange

....

Exchange

ews

....

EWS

ews-http

....

EWS-Http

interps

....

Interps Federation

S4B

....

S4B Federation

relay

....

Fed Relay

sipfed

....

Sip Federation

xmppfed

....

XMPP Federation

messaging

....

Message Archiver

migration

....

Migration

model

....

Model

April 2021

Avaya Aura® Presence Services Snap-in Reference

394

Comments on this document? infodev@avaya.com

om

....

Operation Metrics

rest

....

REST

servlet

....

Servlet

sip

....

SIP

smgr

....

SMGR

utils

....

Utils

xmpp

....

XMPP

=================================================

Global presence package log level(....): ALL

Sample output 2
# presLog -p aes ALL Update Packages: aes Level: ALL

Sample output 3
# presLog -r Reset level for all packages Restart the Exchange collector for EWS traces to take effect

presMsgStorageStat

presMsgStorageStat

Use this script to enable users to view the message storage capacity parameters for the system and the current count of messages in the cluster.

Note:

If the total message count in the system is higher, tool may take time to return the output.

Sample output 1
# presMsgStorageStat -h

Presence Services Message Storage Status Tool Provides information regarding message storage capacity including the current message count and oldest message age in the cluster. Usage: presMsgStorageStat
-h Prints this help
Sample output 2
# presMsgStorageStat

Current Message Count in the Cluster Maximum Message Capacity for the Cluster Maximum Message Capacity per Node Low Threshold value for the Cluster High Threshold value for the Cluster Oldest Message Age

- 2(0.00%) - 9500000 - 4750000 - 8740000(92%) - 9025000(25%) - 28 days

presStatus
This script enables the user to view the status of components. The script provides an option to view all components or to view a specific component.

April 2021

Avaya Aura® Presence Services Snap-in Reference

395

Comments on this document? infodev@avaya.com

CLI commands
Sample output 1 # presStatus -h
Presence Services Status Script Usage: presStatus [-u JMX_user] [-p JMX_port] [-pass JMX_password] [-i Node_IP] [-r | h] ComponentName Valid components are: gigaspaces, ps, aes, aem, exchange, domino, sip xmpp http or all Options: -r real-time status update (default option)
-h historical status records --help
Sample output 2 # presStatus ps
com.avaya.presence.om:type=PsMetrics,192.0.2.67 PS Startup=Thu Nov 22 11:15:42 EST 2018 PS Version=8.0.2.0.11002 Breeze Version=3.5.0.1.07350101 Breeze Management IP=192.0.2.67 Breeze Asset FQDN=vm67host23-sm100.ottps.avaya.com Breeze Asset IP=192.0.2.68 PS Cluster FQDN=my-presence-cluster.ottps.avaya.com Breeze Cluster FQDN=my-cluster.ottps.avaya.com Breeze Cluster IP=192.0.2.59 XMPP Service FQDN=my-presence-cluster.ottps.avaya.com Multimedia Messaging Service FQDN=my-cluster.ottps.avaya.com Multimedia Messaging Service IP=192.0.2.59 Multimedia Messaging Resources FQDN=vm67host23-sm100.ottps.avaya.com Multimedia Messaging Resources IP=192.0.2.68 Multimedia Messaging Authorization Cookie Domain=ottps.avaya.com SMGR FQDN=ottsmgr2.ottps.avaya.com Provisioned Users=5 Maximum Supported Users=Automatic Geographic Redundancy Enabled=false Cluster Name=my-cluster-name HA Enabled=true Number of Local Partitions=1 Total number of Active Partitions=2 Total number of Backup Partitions=2 Super-Cluster Connection Status
m1cluster-191={id:3024,connectionAddress:vm197host90.ottps.avaya.com,connectionState:START UP}
m2cluster-102={id:3023,connectionAddress:vm103host90.ottps.avaya.com,connectionState:WEBSO CKET_CONNECTED}
my-cluster2={id:3022,connectionAddress:thornton-vm18sm100.ottps.avaya.com,connectionState:STARTUP}
ps-traffic={id:3020,connectionAddress:vm86host26sm100.ottps.avaya.com,connectionState:STARTUP}
ps-gamma={id:620,connectionAddress:vm72host220sm100.ottps.avaya.com,connectionState:WEBSOCKET_CONNECTED}
y1-cluster-45={id:621,connectionAddress:vm44host37sm100.ottps.avaya.com,connectionState:DISCONNECTED}
y2-cluster-185={id:622,connectionAddress:vm183host10sm100.ottps.avaya.com,connectionState:RESOURCE_DISCOVERED}

April 2021

Avaya Aura® Presence Services Snap-in Reference

396

Comments on this document? infodev@avaya.com

presUnlock

presUnlock

Use this script to:

· List users locked out due to too many failed login attempts. · Allow unlocking of users based on login name.

Syntax presUnlock [-h] [-u login_name [unlock]]

Options:

· -h: Displays the help. · -u login_name: Displays the details of the locked user. Use all to select all users. · unlock: Unlocks a particular user. You cannot use this parameter with all.
Sample output 1
# presUnlock -u user0@avaya.com Display locked user details: User Login Name = user0@avaya.com

loginName

| numFailedAttempts | lastFailedTime

| isUserLocked

-----------------+-------------------+--------------------------+--------------

user0@avaya.com | 3

| 2016-12-22T17:08:40-0500 | true

(1 rows)

Sample output 2
# presUnlock -u all Display locked user details:

loginName

| numFailedAttempts | lastFailedTime

| isUserLocked

-----------------+-------------------+--------------------------+--------------

user0@avaya.com | 3

| 2016-12-22T17:08:40-0500 | true

user1@avaya.com | 3

| 2016-12-22T17:10:22-0500 | true

(2 rows)

Sample output 3

# presUnlock -h

Description: This script provides the capability to view users that are locked out, and

to unlock a specific user

This script can only be run by administrative access

Usage:

presUnlock [-h] [-u <login_name> [unlock]]

Options:

-h -u <login_name>
[unlock] be used with 'all'.

Show this help. Select user by loginname. Use 'all' to select all users. Use this additional argument to unlock a particular user. Can not

smgrPresenceUserAccessControl
This script is a user level access control script that enables user-level configuration of access control. This script is packaged with the Presence Services tools on Avaya Breeze® platform. This

April 2021

Avaya Aura® Presence Services Snap-in Reference

397

Comments on this document? infodev@avaya.com

CLI commands
script will not run on Avaya Breeze® platform and therefore must be transferred to a directory on System Manager. This script replaces the presuseracls tool used in Presence Services Release 6.2.4. However, the presuseracls tool is still used in Presence Services Release 6.2.4. To run the script, type sh smgrPresenceUserAccessControl.sh <options> <arguments> on the System Manager command line. This will display online help. Refer to the online help of the script for full detailed usage information. Sample output root >sh smgrPresenceUserAccessControl.sh -h
Description: This script can be used to view, create, modify or delete Presence Services user level access control. Partial input can be used to view a list of matching presentities/watchers. This script must be run on the SMGR server with user root. All presentity/watcher inputs are based on the SMGR full login name - not the SIP or Presence/IM Communication Addresses. Usage: sh smgrPresenceUserAccessControl -create) allow|block presentity watcher create access control Usage: sh smgrPresenceUserAccessControl -create) allow|block presentity -ext watcher create access control for an external watcher Usage: sh smgrPresenceUserAccessControl -modify) allow|block presentity watcher modify access control Usage: sh smgrPresenceUserAccessControl -delete) presentity - delete all access control for a presentity Usage: sh smgrPresenceUserAccessControl -delete) presentity watcher - delete access control for a presentity watcher pair Usage: sh smgrPresenceUserAccessControl --delete-allow - delete all allow access control for every user Usage: sh smgrPresenceUserAccessControl --delete-block - delete all block access control for every user Usage: sh smgrPresenceUserAccessControl --delete-all - delete all access control for every user Usage: sh smgrPresenceUserAccessControl -p [presentity] - show presentity access control, shows all if presentity is not specifiedt Usage: sh smgrPresenceUserAccessControl -w [watcher] - show watcher referenced access control, shows all if presentity is not specified Usage: sh smgrPresenceUserAccessControl -h - show this help Usage: sh smgrPresenceUserAccessControl presentity - show presentity access control
Creating a user level access control
Before you begin · Transfer the smgrPresenceUserAccessControl file from the Presence Services CLI tools directory of Avaya Breeze® platform to the System Manager folder. · Start an SSH session using PuTTY and connect to the System Manager server using the IP addresses.
Procedure 1. Log in to the System Manager CLI as a root user.

April 2021

Avaya Aura® Presence Services Snap-in Reference

398

Comments on this document? infodev@avaya.com

smgrPresenceUserAccessControl
2. Run sh smgrPresenceUserAccessControl.sh -c [allow | block] presentityloginname watcherloginname to create a user level Access Control for a particular presentity watcher login name.
Deleting a user level access control
Before you begin · Transfer the smgrPresenceUserAccessControl file from the Presence Services CLI tools directory of Avaya Breeze® platform to the System Manager folder. · Start an SSH session using PuTTY and connect to the System Manager server using the IP addresses.
Procedure 1. Log in to the System Manager CLI as a root user. 2. Get the presentityloginname information from the System Manager for the Access Control that needs to be deleted. 3. Type sh smgrPresenceUserAccessControl.sh --d presentityloginname and press Enter to delete user level Access Control for a particular presentity login name.
Viewing a user level access control
Before you begin · Transfer the smgrPresenceUserAccessControl file from the Presence Services CLI tools directory of Avaya Breeze® platform to the System Manager folder. · Start an SSH session using PuTTY and connect to the System Manager server using the IP addresses.
Procedure 1. Log in to the System Manager CLI as a root user. 2. Type one of the following: · sh smgrPresenceUserAccessControl.sh presentityloginname, and press Enter to display all the user level ACLs for a particular presentity login name. · root >sh smgrPresenceUserAccessControl.sh --p presentityloginname, and press Enter to display all the user level ACLs.

April 2021

Avaya Aura® Presence Services Snap-in Reference

399

Comments on this document? infodev@avaya.com

Glossary

Asset FQDN
Cluster Load balancer FQDN
PS Cluster FQDN
Services FQDN

The FQDN associated with the Breeze asset.
The FQDN configured as the "Cluster Fully Qualified Domain Name" on the breeze cluster.
The FQDN defined by Presence Services SIP Entity.
The FQDN that the client configures as the Multimedia Messaging Server address.

April 2021

Avaya Aura® Presence Services Snap-in Reference

400

Comments on this document? infodev@avaya.com

Index

Special Characters
_People view Domino collector .........................................................375
A
about access control policy .................................................... 90 ASBCE configuration ..................................................177 extended hostname validation ....................................356 federation ....................................................................124 service attributes .......................................................... 89 Session Manager configuration .................................. 175
accessing software inventory web service .................................. 326
accessing port matrix .........................................................382 adding
DNS A record for Avaya session border controller for enterprise to a microsoft DNS sever ...........................144 DNS reverse pointer record for Avaya Session Border Controller for Enterprise to a Microsoft DNS server ... 144 second virtual hard disk to the virtual machine .............70 Session Manager regular expressions ....................... 176 Session Manager routing policies ...............................175 Signaling Manipulation Scripts ................................... 180 adding Lotus Notes handle to Aura user ........................... 123 administering Avaya Breeze cluster ....................................................44 geographic redundant Avaya Breeze cluster ................58 administering Presence Services Avaya Breeze managed element ..................................45 administrator log in Avaya SBCE ............................................................... 147 SBCE ..........................................................................147 AES Collector ...................................................................... 96 Geographic Redundant deployment .............................98 network routing configuration ....................................... 98 overview ....................................................................... 92 alarm ..................................................................................361 CLR_IMArc_01 ........................................................... 361 CLR_IMArc_02 ........................................................... 361 CLR_SMTPArc_01 ..................................................... 361 CLR_SMTPArc_02 ..................................................... 361 CLR_SMTPArc_03 ..................................................... 361 CluMon_01 ................................................................. 361 GR_01 ........................................................................ 361 GR_02 ........................................................................ 361 HLTH_01 .....................................................................361 IMArc_01 .................................................................... 361 IMArc_02 .................................................................... 361 PresServ_CLR_CluMon_01 ....................................... 361 SMTPArc_01 ...............................................................361

alarm (continued) SMTPArc_02 ...............................................................361 SMTPArc_03 ...............................................................361
architecture .......................................................................... 16 assigning
application to a number .............................................. 229 associated contacts ........................................................... 270 attachment encryption ....................................................... 337 attachment files
configuring .................................................................. 239 Aura client ..........................................................................200 authentication
Avaya Workplace ................................................232, 346 REST API clients ........................................................ 346 auto-closing inactive conversations ................................................ 238 auto-discarding closed conversations .................................................. 238 automatic user unlock enabling ...................................................................... 313 Avaya Breeze .......................................................................39 Avaya Breeze attributes configuring .................................................................. 135 Avaya Breeze cluster administering ................................................................ 44 Avaya Breeze Entity Link ..................................................... 41 Avaya Breeze server ............................................................43 Avaya Breeze SIP Entity ......................................................40 Avaya Cloud adding push notification service to company profile ... 317 configuring account .................................................... 317 provisioning company domain .................................... 317 Avaya Push Notification provider configuring .................................................................. 318 Avaya SBCE administrator login ...................................................... 147 configuration ............................................................... 145 Avaya support website .......................................................385 Avaya Workplace Avaya Digest authentication ....................................... 349 enabling conversations ...............................................236 Enterprise Basic authentication .................................. 349 Enterprise IWA authentication .................................... 353 Enterprise IWA over Kerberos authentication .............352 Kerberos authentication ..............................................353 support ........................................................................231
B
back up .............................................................................. 332 cluster ......................................................................... 332
backup file restoring ......................................................................335

April 2021

Avaya Aura® Presence Services Snap-in Reference

401

Comments on this document? infodev@avaya.com

Index

backup schedule configuring .................................................................. 334
C
CA certificate importing .....................................................................226
capacity ......................................................................341, 348 capacity specification
multimedia messaging ................................................343 certificate ........................................................................... 199 certificate management ..................................................... 298 certificates
Avaya Breeze trusted certificate for connection to Global Relay server ............................................................... 265 certificate signing request .................................................. 290 certificate validation Openfire ......................................................................214 checklist ............................................................................. 300 configuring Avaya SBCE ............................................ 240 configuring Microsoft Federation with external domains .....................................................................................139 configuring Microsoft Federation with internal Avaya Aura domain and external Microsoft domain .......................185 creating a second virtual hard disk ............................... 70 deploying Presence Services on AWS ......................... 62 federation ............................................................195, 196 for configuring microsoft federation with internal and external domains using inter-PS federation ................188 for Microsoft External Federation Multi-User Chat ..... 174 geographically redundant Presence Services clusters .54 IM ................................................................................309 integrating Domino Calendar with Presence Services 110 Microsoft Federation ...................................................127 multi-server cluster ....................................................... 50 presence .....................................................................309 Presence Services deployment .................................... 34 push notification configuration .................................... 315 upgrading geographic redundant deployment .............. 82 XMPP federation ........................................................ 202 Cisco domain ..................................................................... 217 Cisco Jabber ......................................................................218 configuring .................................................................. 219 federation ....................................................................217 Presence Services ......................................................219 Cisco Jabber CSR ............................................................. 224 CloudFormation templates creating .........................................................................63 CLR_IMArc_01 .................................................................. 361 CLR_IMArc_02 .................................................................. 361 CLR_SMTPArc_01 .............................................................361 CLR_SMTPArc_02 .............................................................361 CLR_SMTPArc_03 .............................................................361 CluMon_01 ........................................................................ 361 cluster back up ....................................................................... 332 Cluster considerations

Cluster considerations (continued) Planning ........................................................................28
cluster database backup ........................................................................ 332 restore ........................................................................ 332
Cluster FQDN requirement .................................................................. 36
cluster IP address configuring .................................................................. 324
collection delete ..........................................................................383 edit name ....................................................................383 generating PDF .......................................................... 383 sharing content ........................................................... 383
command OpenSSL .................................................................... 294
Communication Manager application ................................ 137 Communication Profile Password ......................................302 communication protocol for XMPP clients
setting ......................................................................... 358 configuration ........................................................................ 27
conversation ............................................................... 236 multimedia attachments ..............................................236 routing profiles ............................................................ 162 configuration checklist Microsoft Federation with external domains ............... 139 Microsoft Federation with external Microsoft domain . 185 Microsoft Federation with internal Avaya Aura domain .....................................................................................185 configuring ................................................. 189, 191, 192, 314 access control policy .................................................... 91 attachment files .......................................................... 239 Avaya Breeze attributes ..............................................135 Avaya Breeze server identity certificate ......................134 Avaya Breeze server trusted certificate ...................... 133 Avaya Breeze server Trusted Certificate .................... 132 Avaya Push Notification provider settings .................. 318 Avaya SBCE ............................................................... 145 backup schedule .........................................................334 backup storage location ..............................................333 cluster IP address .......................................................324 data center DNS A records ...........................................60 data center HTTP SRV records .................................... 60 DNS ............................................................................ 144 DNS A Records .......................................................... 128 domain 2 .....................................................................189 end point policy groups ...............................................159 firewall for push notifications ...................................... 318 IM Blocking in Do Not Disturb state ............................255 inter-PS federation for domain 2 .................................189 inter-PS federation to domain 1 ..................................191 iSCSI SAN .................................................................... 68 Linux firewall ...............................................................277 media interfaces ......................................................... 155 Microsoft Edge external signaling interface ................154 Microsoft Federation with external domains ............... 139

April 2021

Avaya Aura® Presence Services Snap-in Reference

402

Comments on this document? infodev@avaya.com

Index

configuring (continued) Microsoft Front End server Trusted Application Pool, Trusted Application and Static Route ......................... 130 Microsoft Front End static routing ...............................191 Microsoft internal domain federation .......................... 190 microsoft trusted application pool ............................... 190 mobile application settings for push notifications ....... 322 number of users ............................................................48 offline IM storage ........................................................ 266 Presence Services attributes ......................................194 routing between session manager and session border controller .....................................................................169 routing profiles ............................................................ 160 SBCE ..........................................................................145 security policy ............................................................. 357 server configuration profiles ....................................... 157 server interworking profiles .........................................156 Session Manager internal signaling interface .............155 SIP entity .................................................................... 135 SIP federated domain .................................................168 SMTP Archiving Service .............................................263 Spaces federation using Avaya OneCloud CPaaS events .....................................................................................227 text message size .......................................................240 third-party push notification provider .......................... 320 unsuccessful login attempts ....................................... 312 user lockout time ........................................................ 313
configuring Communication Manager AES Presence Services integration ..............................94
Configuring security cipher ................................................ 340 contact management
Aura client ...................................................................200 content
publishing PDF output ................................................ 383 searching .................................................................... 383 sharing ........................................................................383 sort by last updated .................................................... 383 watching for updates .................................................. 383 courses .............................................................................. 384 create custom PPM mapping profile ......................................245 standard PPM mapping profile ................................... 242 creating Aura user .....................................................................111 Avaya Spaces account ............................................... 317 certificate signing request ...........................................292 CloudFormation templates ........................................... 63 end entity on System Manager ...................................293 end point flows ............................................................165 reverse proxy policy ....................................................249 reverse proxy service ................................................. 250 signaling manipulation script ...................................... 164 signed identity certificate ............................................ 293 CSR ................................................................................... 290 custom PPM mapping profile field descriptions .........................................................248

D
deleting snap-in service ............................................................. 76
deploying multi-node CloudFormation stack .................................66 single-node CloudFormation stack ............................... 64
device administration ......................................................... 298 device configuration ...........................................................298 disable attachment encryption ........................................... 339 disable message encryption .............................................. 339 disable messaging security enhancement .........................339 disabling
Avaya Breeze platform cluster ......................................85 certificate verification on Openfire .............................. 207 data center access ....................................................... 83 DNS .............................................................................. 85 extended hostname validation ....................................356 push notifications for mobile application .....................323 select same site mode ................................................359 session manager .......................................................... 85 DNS ............................................................................. 46, 218 DNS administration ............................................................298 DNS configuration ..............................................................298 DNS resolution ...................................................................212 DNS server ........................................................................ 137 DNS SRV ................................................................... 210, 211 documentation Presence Services ......................................................381 documentation center ........................................................ 383 finding content ............................................................ 383 navigation ................................................................... 383 documentation portal ......................................................... 383 finding content ............................................................ 383 navigation ................................................................... 383 document changes .............................................................. 12 domain 1 configuration ...................................................... 188 domains are overlapping between enterprise directory groups ............................................................................................ 367 Domino Calendar ............................................................... 110 Domino Calendar web service database ........................... 110 Domino Collector ............................................................... 108 Geographic Redundant deployment ...........................109 network routing configuration ..................................... 109
E
Enable Certificate Verification Openfire ......................................................................208
enabling AES collection ............................................................ 305 Application Enablement Services collection ............... 305 automatic user unlock .................................................313 Avaya Breeze platform cluster ......................................87 data center access ....................................................... 85 DNS .............................................................................. 87 enterprise OAuth2 or JWT authentication .................. 355

April 2021

Avaya Aura® Presence Services Snap-in Reference

403

Comments on this document? infodev@avaya.com

Index

enabling (continued) extended hostname validation ....................................356 external topology hiding ..............................................163 internal topology hiding ...............................................164 Inter-PS federation ............................................. 197, 198 load balancer .............................................................. 325 presence and IM support for XMPP clients ................ 327 Presence Services admin web GUI ............................325 RestoreFromTag and AddSvc Signaling Manipulation Scripts .........................................................................181 select same site mode ................................................359 Session Manager ..........................................................87 SIP call process time log ............................................ 327 Sip Redirect support ................................................... 183 tandem domain support ..............................................186 user locking .................................................................311
enabling conversations Avaya Workplace ........................................................236
encryption .......................................................................... 337 passphrase reset ........................................................ 339
encryption in presence service .................................. 337­339 Enrollment Password .........................................................377 Entity Link ............................................................................ 42 Entity Profile .......................................................................288 EULA ................................................................................... 47 event definitions .................................................................279 Exchange Collector ............................................102, 103, 105
Geographic Redundant deployment ...........................107 network routing configuration ..................................... 107 excluding messaging domain ..................................................... 237 export certificate Session manager identity ........................................... 305 exporting Microsoft Office 365 certificate ................................... 100
F
failure and recovery ........................................................... 380 feature comparison .............................................................. 22 federated multi-user chat
support and limitations ................................................124 federation
about ...........................................................................124 federation domains are overlapping .................................. 371 federation domains overlap with Aura domains .................372 field descriptions
custom PPM mapping profile ......................................248 Reverse Proxy ............................................................ 249 standard PPM mapping profile ................................... 245 finding content on documentation center ...........................383 finding port matrix .............................................................. 382 firewall configuring for push notifications ................................ 318 FQDN ...................................................................................50

G
generating Certificate Signing Request file .................................. 223 keytab file ................................................................... 352
geographically redundant deployment .................................54 Geographic Redundancy ..................................................... 59 Geographic Redundant deployment
DNS ............................................................................ 215 DNS SRV records .......................................................216 getHomeCapabilities ..........................................................374 Global Relay SMTP server configuring Avaya Breeze trusted certificate .............. 265 GR_01 ............................................................................... 361 GR_02 ............................................................................... 361
H
H.323 mode ....................................................................... 299 hard disk size .......................................................................61 HLTH_01 ............................................................................361
I
identify certificates Breeze server ............................................................. 193 Session Manager ........................................................193
identity certificate ............................................................... 295 IM .........................................................................................21 IMArc_01 ........................................................................... 361 IMArc_02 ........................................................................... 361 IM Blocking in Do Not Disturb state ................................... 254 importing
certificate into Cluster Truststore ................................ 286 Cisco Jabber certificate .............................................. 221 importing certificate ..............................................................99 Importing the System Manager Default CA certificate into Microsoft Front End server Trust Store ..............................288 InSite Knowledge Base ......................................................385 installing far-end trust certificates .............................................. 297 snap-in ..........................................................................47 integrating with ............................................................................... 92 integrating Domino Calendar with Presence Services checklist ...................................................................... 110 integrating exchange collector with presence services ......101 Inter-Domain IM ................................................................................256 Presence .................................................................... 256 Inter-PS federation .............................................................195 Inter-Tenant IM ................................................................................257 Presence .................................................................... 257 Inter-Tenant Presence and IM ........................................... 257 iOS configuring push notifications ..................................... 315

April 2021

Avaya Aura® Presence Services Snap-in Reference

404

Comments on this document? infodev@avaya.com

Index

issuing distribution point CRL extension ............................................................ 297
K
key configuration information XMPP federation ........................................................ 202
keytab file generating ...................................................................352
L
latest software patches ........................................................ 32 LDAP configuration
Avaya Workplace ........................................................232 License expired ..................................................................372 licensing ...............................................................................25 Linux .................................................................................. 285 load balancer
enabling ...................................................................... 325 Load Balancer is not enabled on a multi-node cluster .......373 load balancing
Presence Services cluster ............................................ 53 loading snap-ins
service .......................................................................... 47 logging ......................................................................... 79, 376 logging level ...............................................................330, 376
M
manage attachment encryption ......................................... 338 manage message encryption .............................................338 manually
deleting the multi-media attachments ...........................77 manual presence state
configuring .................................................................. 314 expiration time ............................................................ 314 mapping LDAP entry into Presence/IM handle ......................... 235 Message Archiver .............................................................. 258 enabling message archiving ....................................... 260 enabling message archiving with message attachments .....................................................................................260 message encryption ...........................................................337 messaging security enhancement ..................................... 337 MIB .................................................................................... 273 MIB files importing .....................................................................277 Microsoft Edge configuring TLS client profile ...................................... 148 Microsoft Edge Border Rule setup ...........................................................................164 Microsoft Edge CA retrieving certificate .................................................... 148 microsoft edge server SIP federated domain configuration ........................... 168

Microsoft Exchange server exporting certificate ...................................................... 99
Microsoft federation external domains ........................................................ 139 multi-user chat support ............................................... 174 with internal domain and Microsoft domain ................ 184
Microsoft Federation .......................................................... 193 microsoft federation with internal and external domains using inter-PS federation .............................................................187 Microsoft Office 365
exporting certificate .................................................... 100 Microsoft Real Time Communication (RTC) Federation .... 125 Microsoft SIP user handle
System Manager ........................................................ 127 microsoft trusted application .............................................. 191 mobile application
disabling push notifications .........................................323 modifying ............................................................................. 61
SIP subscription time ..................................................328 multimedia attachment storage ............................................68
second virtual hard disk ................................................69 multi-server deployment ...................................................... 49 multi-tenancy
Avaya Workplace ........................................................258 Multi-tenancy ..................................................................... 257 My Docs .............................................................................383
N
Network Management System ...........................................271 network outage .................................................................. 373 new identity certificate
System Manager ........................................................ 292 new in release
Presence Services ........................................................20 new in release 8.1.2
Presence Services ........................................................20 new in release 8.1.3
Presence Services ........................................................19 new in release 8.1.4
Presence Services ........................................................18 next-generation SIP mode ................................................. 299 node elements ................................................................... 280 No DNS SRV records found for any Presence domain for XMPP Federation .............................................................. 370 No FQDN is configured for a Service IP IP_ADDRESS .... 373 non-Presence/IM capable ..................................................299 No SIP Entity Link created for fqdnOrIpaddress FQDNOrIP_ADDRESS ..............................................370, 371 Number of configured users is over the support limit ........ 369 number of provisioned users ............................................. 369 number of users
configuring .................................................................... 48
O
offline IM storage

April 2021

Avaya Aura® Presence Services Snap-in Reference

405

Comments on this document? infodev@avaya.com

Index

offline IM storage (continued) configuring .................................................................. 266
Offline IM storage ...............................................................265 Openfire Certificate ....................................................285, 286 OpenNMS .................................................................. 271, 274
alarms event ............................................................... 282 starting ........................................................................276 System Manager configuration ...................................272 OpenNMS installation test ..............................................................................281 OpenNMS web console ..................................................... 277 overview AES Collector ............................................................... 92 Domino Collector ........................................................ 108 Exchange Collector ...................................................... 98 Presence Services ........................................................15 Spaces federation .......................................................225
P
patch information ................................................................. 32 PCN ..................................................................................... 32 planning
checklist ........................................................................27 port management ...............................................................267 Port Management .............................................................. 268 port matrix ..........................................................................382 PPM mapping profile
custom ........................................................................ 245 standard ......................................................................242 Prerequisites Spaces federation .......................................................225 presAlarmTest ....................................................................386 presBuildAttachmentDisk ...................................................387 presCleanup ...................................................................... 387 presClients .........................................................................388 presCollectMetrics ............................................................. 390 Presence/IM routing domain ......................................301, 331 presence component ......................................................... 295 presence model ................................................................... 21 presence profile prerequisites ............................................................... 129 Presence Profile ................................................................ 304 presence services configuring microsoft federation attributes ..................173 Presence Services administration ............................................................... 89 attachment storage deployed on cloud .........................69 attachment storage for deployed on-premise ............... 69 new in release .............................................................. 20 new in release 8.1.2 ..................................................... 20 new in release 8.1.3 ..................................................... 19 new in release 8.1.4 ..................................................... 18 restarting .............................................................268, 329 Presence Services admin web GUI enabling ...................................................................... 325 Presence Services cluster

Presence Services cluster (continued) load balancing .............................................................. 53
Presence Services Cluster FQDN ....................................... 46 Presence Services deployment
checklist ........................................................................34 PresenceServicesEnhanced Snap-in is not installed ........ 372 Presence Services session
create ..........................................................................101 import ..........................................................................101 presentity ........................................................................... 270 presGraphMetrics .............................................................. 392 presHealthCheck ............................................................... 393 presLog ..............................................................................394 presMsgStorageStat .......................................................... 395 PresServ_CLR_CluMon_01 .............................................. 361 presStatus ..........................................................................395 presUnlock .........................................................................397 product compatibility ............................................................ 24 profile ................................................................................. 223 providing access to a Aura user .........................................119 PS connector ....................................................................... 15 PSN ..................................................................................... 32 publishing status Microsoft RTC .............................................................138 push notification cannot complete test connection ................................ 379 push notifications ............................................................... 315 adding push notification service to company profile ... 317 Avaya Cloud account ..................................................317 configuration parameters for iOS clients .................... 324 configuring ........................................................................
Avaya Push Notification provider settings ........... 318 company domain in Avaya Cloud ........................ 317 mobile applications settings ................................ 322 third-party provider settings .................................320 configuring firewall ......................................................318 creating Avaya Spaces account ................................. 317 disabling for mobile application .................................. 323 removing provider .......................................................322 third-party push notification provider requirements .... 316
R
receive Microsoft Edge connections configure TLS client profile ......................................... 151
receive Session Manager connections configure TLS client profile ......................................... 153
release notes for latest software patches ............................ 32 removing
push notification provider ............................................322 repairing replication ........................................................... 377 requirements ........................................................................24
certificate ...................................................................... 32 DNS .............................................................................. 31 FQDN ........................................................................... 30 third-party push notification provider .......................... 316 resolving

April 2021

Avaya Aura® Presence Services Snap-in Reference

406

Comments on this document? infodev@avaya.com

Index

resolving (continued) IP addresses .................................................................30
REST API clients Avaya Digest authentication ....................................... 349 Enterprise Basic authentication .................................. 349 Enterprise IWA authentication .................................... 353 Enterprise IWA over Kerberos authentication .............352 Kerberos authentication ..............................................353
restarting cluster node .................................................................. 72 Front End service ....................................................... 132 Presence Services ..............................................268, 329
restore ................................................................................333 restoring
a cluster ...................................................................... 333 backup file .................................................................. 335 retrieving Microsoft Edge CA certificate ..................................... 148 Reverse Proxy field descriptions .........................................................249 reverse proxy policy creating .......................................................................249 reverse proxy service creating .......................................................................250 root CA certificate ................................................................ 97 Windows ..................................................................... 287 root certificate cisco jabber ................................................................ 221 roster ..................................................................................270 Roster limit configuring .................................................................. 271 Roster limit is exceeded .....................................................368 Roster size enforcement ....................................................270 routing ................................................................................198 routing configuration between session manager and session border controller .....................................................................................169 routing policy setup session manager ........................................................ 171
S
SAN ................................................................... 222, 283, 284 SBCE
administrator login ...................................................... 147 configuration ............................................................... 145 scalability ................................................................... 341, 348 searching for content ......................................................... 383 security cipher audit time interval ...................................... 340 Security Module HTTPS Identify Certificate .............. 283, 284 security policy configuring .................................................................. 357 Security Settings Openfire ......................................................................206 TCP ............................................................................ 206 self-signed certificate cisco jabber ................................................................ 220

sending SMS private contacts .......................................................... 230 REST APIs ................................................................. 230
Server does not have an associated Presence Services managed element .............................................................. 373 Server does not have an associated Presence Services SIP Entity FQDN or IP address ................................................ 371 server reachability ..............................................................212 Server to Server Settings
Openfire ......................................................................205 service port ........................................................................ 268 Session Manager
configuring TLS client profile ...................................... 150 routing .........................................................................198 Session manager identity .................................................. 305 session manager routing policies and regular expression to Avaya session border controller for enterprise for domain 1 ............................................................................................ 189 session manager routing policies and regular expression to Avaya session border controller for enterprise for domain 2 ............................................................................................ 192 setting Avaya session border controller for enterprise entity and entity link .....................................................................170 cluster attributes for external domain microsoft federation .....................................................................................173 communication protocol for XMPP clients .................. 358 Engagement Designer with Presence Services ......... 335 issuing distribution point CRL extension .....................298 required certificates for session manager ...................170 session manager regular expression ..........................172 session manager routing policy .................................. 171 XMPP server-to-server authentication ........................358 setting up Microsoft Edge Border Rule ....................................... 164 setup certificates for session manager .................................170 sharing content .................................................................. 383 signaling manipulation script creating .......................................................................164 Signaling security health check alarms ..............................370 signed Cisco certificate ......................................................224 Signed Openfire Certificate ................................................291 significance extended hostname validation ....................................214 signing Domino Calendar web service database .................... 111 single-server deployment .....................................................34 SIP ....................................................................................... 21 SIP dialog ............................................................................ 46 SIP Entity administering ................................................................ 41 SIP federated domain configuration .................................. 168 SIP mode ........................................................................... 299 SIP subscription time modifying .................................................................... 328 smgrPresenceUserAccessControl .....................................397

April 2021

Avaya Aura® Presence Services Snap-in Reference

407

Comments on this document? infodev@avaya.com

Index

SMTPArc_01 ......................................................................361 SMTPArc_02 ......................................................................361 SMTPArc_03 ......................................................................361 SMTP Archiving Service .................................................... 261
configuring .................................................................. 263 configuring Avaya Breeze trusted certificate .............. 265 snap-in loading .......................................................................... 47 snap-in service uninstall ........................................................................ 75 software inventory web service ..........................................326 software patches ..................................................................32 sort documents by last updated .........................................383 Spaces federation configuration ....................................................... 227, 228 configure users ........................................................... 229 enabling ...................................................................... 227 SRV ....................................................................................218 standard PPM mapping profile field descriptions .........................................................245 Subject Alternative Name .................................. 222, 283, 284 subscribing status Microsoft RTC .............................................................138 supplier ID viewing ........................................................................325 support ...............................................................................385 support IM ....................................................................78, 377 support Presence .........................................................78, 377 System Manager CA signed Certificate .............................291 System Manager LHNR .................................................46, 57

U
unsuccessful login attempts configuring .................................................................. 312
update messaging security enhancement ......................... 338 updating
Edge and Session Manager End Point Policy Groups .....................................................................................177 RemoveGsid Signaling Manipulation Script ............... 179 upgrading Presence Services from 7.1.x to 8.0 or later ................ 81 upgrading Microsoft Federation considerations .............................................................. 88 uploading keytab file ................................................................... 353 user hard delete .................................................................. 311 soft delete ................................................................... 311 user administration ............................................................ 298 user and endpoint administration .......195, 299, 303, 306­308 user configuration .............................................................. 298 user level access control ........................................... 398, 399 user lock and unlock management ............................................................... 311 user locking enabling ...................................................................... 311 user lockout time configuring .................................................................. 313 user management Aura client ...................................................................200

T

V

tandem domain support enabling ...................................................................... 186
TCP ............................................................................206, 208 text message size
configuring .................................................................. 240 third-party CA
identity certificate ........................................................295 third-party push notification provider
configuring .................................................................. 320 requirements ...............................................................316 TLS .................................................................................... 209 TLS client profile configuration Microsoft Edge ............................................................148 receive connections from Microsoft Edge ...................151 receive connections from Session Manager ...............153 Session Manager ........................................................150 Too many events in DRS queue ........................................ 371 too many users have AES Collector enabled .................... 367 training ............................................................................... 384 trusted certificate ............................................................... 199 two-way ..............................................................................270

verifying alternate attachment store ............................................73 second hard disk .......................................................... 71
videos ................................................................................ 384 viewing
backup and restore job status .................................... 334 supplier ID .................................................................. 325 VMware vSphere Client ....................................................... 37 Vysper ................................................................................375
W
watcher .............................................................................. 270 watch list ............................................................................ 383 Windows ............................................................................ 286
X
XMPP ...................................................................................21 XMPP connection ................................................................ 46 XMPP federation ................................................201, 208, 209
Cisco Jabber ...............................................................218 Geographic Redundant deployment ...........................214

April 2021

Avaya Aura® Presence Services Snap-in Reference

408

Comments on this document? infodev@avaya.com


Antenna House PDF Output Library 6.5.1119 (Windows (x64))