secure access link 1.8 gateway implementation guide

8/13/2019 Secure Access Link 1.8 Gateway Implementation Guide

1/159

Secure Access Link 1.8SAL Gateway Implementation Guide

Doc ID: 143291Sept 2011

Issue Number: 26


2/159

ii

2010 Avaya Inc. All rights reserved.NoticeWhile reasonable efforts were made to ensure that the information in this document was complete and accurate atthe time of printing, Avaya Inc. can assume no liability for any errors. Changes and corrections to the information inthis document may be incorporated in future releases.

Documentation disclaimerAvaya Inc. is not responsible for any modifications, additions, or deletions to the original published version of thisdocumentation unless such modifications, additions, or deletions were performed by Avaya. Customer and/or EndUser agree to indemnify and hold harmless Avaya, Avaya's agents, servants and employeesagainst all claims, lawsuits, demands and judgments arising out of, or in connection with, subsequent modifications,additions or deletions to this documentation to the extent made by the Customer or End User.

Link disclaimerAvaya Inc. is not responsible for the contents or reliability of any linked Web sites referenced elsewhere within thisdocumentation, and Avaya does not necessarily endorse the products, services, or information described or offeredwithin them. We cannot guarantee that these links will work all of the time and we have no control over the availabilityof the linked pages.

WarrantyAvaya Inc. provides a limited warranty on this product. Refer to your sales agreement to establish the terms of the

limited warranty. In addition, Avayas standard warranty language, as well as information regarding support for thisproduct, while under warranty, is available through the following Web site:http://www.avaya.com/support

CopyrightExcept where expressly stated otherwise, the Product is protected by copyright and other laws respecting proprietaryrights. Unauthorized reproduction, transfer, and or use can be a criminal, as well as a civil, offense under theapplicable law.

Open Source AttributionThe Product utilizes open source and third-party software. For copyright notifications and license text of third-partyopen source components, please see the file named Avaya/Gateway/LegalNotices.txt in the directory in which youhave installed the software.

Avaya supportAvaya provides a telephone number for you to use to report problems or to ask questions about your product. The

support telephone number is 1-800-242-2121 in the United States. For additional support telephone numbers, see theAvaya Web site:http://www.avaya.com/support.
http://www.avaya.com/supporthttp://www.avaya.com/supporthttp://www.avaya.com/supporthttp://www.avaya.com/supporthttp://www.avaya.com/supporthttp://www.avaya.com/supporthttp://www.avaya.com/supporthttp://www.avaya.com/support


3/159

iii

Contents

PREFACE ................................................................................................................................................................... 1Purpose ..................................................................................................................................................................... 1Audience .................................................................................................................................................................. 1Conventions used ..................................................................................................................................................... 1Contacting Avaya technical support ........................................................................................................................ 2

1: INTRODUCTION TO SAL GATEWAY ............................................................................................................. 3

Secure Access Link overview .................................................................................................................................. 3SAL egress model ................................................................................................................................................ 3SAL features ........................................................................................................................................................ 3

SAL Gateway overview ........................................................................................................................................... 4Summary of SAL Gateway features ..................................................................................................................... 4

Other SAL components ............................................................................................................................................ 4Concentrator servers ........................................................................................................................................... 5Secure Access Policy Server................................................................................................................................ 5

How the SAL components work .............................................................................................................................. 5

2: SAL GATEWAY INSTALLATION AND UNINSTALLATION ...................................................................... 7

Software installation prerequisites ........................................................................................................................... 7Hardware and software requirements ................................................................................................................. 7

Preinstallation tasks ................................................................................................................................................. 9Registering SAL Gateway ..................................................................................................................................... 10Customer responsibilities and preconditions.......................................................................................................... 11

Items required for SAL ...................................................................................................................................... 11Optional items for SAL ...................................................................................................................................... 12

Installing the SAL Gateway using the GUI ........................................................................................................... 12

Updating IPtables ................................................................................................................................................... 18Disabling SELinux ............................................................................................................................................ 19Additional firewall rules for remote administration of the SAL Gateway ......................................................... 19Configuring facilities to write logs: GUI or interactive mode .......................................................................... 19Configuring facilities to write logs: Command line or unattended mode ......................................................... 20Changing the owner of the SSL directory to installation user ........................................................................... 31

Restarting SAL Gateway services ...................................................................................................................... 31Installing SAL Gateway in the command line mode ............................................................................................. 35Uninstalling SAL Gateway using the GUI ............................................................................................................. 40

Uninstalling SAL Gateway using the command line mode ................................................................................ 43Postinstallation configuration ................................................................................................................................ 44

Testing the functions of the SAL Gateway ......................................................................................................... 44Testing the functions of the Gateway UI ........................................................................................................... 45

Upgrading the SAL Gateway ................................................................................................................................. 45Modes of SAL Gateway upgrade installations .................................................................................................. 45

3: SAL GATEWAY CONFIGURATIONS ............................................................................................................ 47

Accessing the SAL Gateway interface for configuration ....................................................................................... 47User authentication ........................................................................................................................................... 47SAL Gateway home page................................................................................................................................... 48

Configuring the administration of the SAL Gateway ............................................................................................ 49Configuring SAL Gateway .................................................................................................................................... 49Configuring a managed element ............................................................................................................................ 50


4/159

iv

Editing the managed element configuration ...................................................................................................... 53Deleting the record for a managed element ...................................................................................................... 53Exporting managed element data ...................................................................................................................... 53

Viewing SAL Gateway diagnostic information ..................................................................................................... 54Run diagnostics ................................................................................................................................................. 54Refresh .............................................................................................................................................................. 54Show report ....................................................................................................................................................... 55

Configuring with an LDAP server ......................................................................................................................... 55Configuring with a proxy server ............................................................................................................................ 56Configuring SAL Gateway communication with a Secure Access Concentrator Core Server .............................. 57

Editing FQDN values for alarming ................................................................................................................... 58Configuring SAL Gateway communication with a Secure Access Concentrator Remote Server ......................... 59Configuring with a Secure Access Policy Server ................................................................................................... 60PKI ......................................................................................................................................................................... 61

Configuring PKI ................................................................................................................................................ 61Creating mappings ............................................................................................................................................ 62

Configuring local roles........................................................................................................................................... 63Mapping local groups to roles .......................................................................................................................... 64Adding a local role mapping ............................................................................................................................. 64Editing a local role mapping ............................................................................................................................. 65

Configuring OCSP/CRL ........................................................................................................................................ 65Customer authentication and authorization of remote access attempts ............................................................ 65

Configuring an NMS server ................................................................................................................................... 66Managing Service Control ..................................................................................................................................... 68Managing certificates ............................................................................................................................................. 69

Certificate authority .......................................................................................................................................... 69Viewing additional certificate information ....................................................................................................... 69Uploading a certificate...................................................................................................................................... 69

Deleting a certificate ......................................................................................................................................... 70Resetting certificates to factory settings ............................................................................................................ 70

Importing and exporting certificates to the SAL Gateway trust keystore .............................................................. 70Importing certificates ........................................................................................................................................ 71Exporting certificates ........................................................................................................................................ 71

Using Apply Configuration Changes ..................................................................................................................... 71Logging out ............................................................................................................................................................ 72

4: SYSLOG FOR SAL GATEWAY ........................................................................................................................ 73

About Syslog .......................................................................................................................................................... 73Syslogd service .................................................................................................................................................. 73

Syslog for SAL Gateway logging .......................................................................................................................... 74Configuring syslog ................................................................................................................................................. 74

Editing the syslog configuration file ................................................................................................................. 74Viewing logs .......................................................................................................................................................... 75

Log Viewer ........................................................................................................................................................ 75

5: SAL GATEWAY INVENTORY ......................................................................................................................... 78

Inventory collection process .................................................................................................................................. 78Using the SAL Gateway UI to view and control inventory ................................................................................... 79Viewing inventory .............................................................................................................................................. 80

Exporting an inventory report ........................................................................................................................... 80Collecting inventory on-demand for a device ................................................................................................... 80

Adding and updating credentials for inventory collection ..................................................................................... 81Types of credentials ........................................................................................................................................... 81Using credentials delivered from Avaya ........................................................................................................... 82Using user defined credentials .......................................................................................................................... 83

Adding SNMP credentials ................................................................................................................................. 84


5/159

v

Editing credentials ............................................................................................................................................ 85Role of the SAL model in inventory collection ..................................................................................................... 85

SAL model ......................................................................................................................................................... 85CIM ........................................................................................................................................................................ 85

Data elements in an inventory report ................................................................................................................ 86Inventory diagnostics ............................................................................................................................................. 86Troubleshooting for inventory ............................................................................................................................... 87

Viewing inventory log files ................................................................................................................................ 87

6: MONITORING THE HEALTH OF MANAGED DEVICES .......................................................................... 91

SAL Gateway heartbeat functionality .................................................................................................................... 91Checking the health of monitored Communication Manager servers .................................................................... 91

Viewing heartbeat monitoring configuration for a managed device ................................................................. 92Starting health status monitoring for a managed device ................................................................................... 92

Suspending health monitoring for a managed device ............................................................................................ 93Starting and stopping monitoring service ......................................................................................................... 93

Configuration for heartbeat monitoring in models ................................................................................................. 93

APPENDIX-1 ............................................................................................................................................................ 95

Backing up and restoring SAL Gateway ................................................................................................................ 95

APPENDIX-2 ............................................................................................................................................................ 97

Installing Red Hat Enterprise Server 5.0 ................................................................................................................ 97Necessary Linux packages (minimum) .............................................................................................................112

APPENDIX-3 ...........................................................................................................................................................115

Installing Java 1.5 .................................................................................................................................................115

APPENDIX-4 ...........................................................................................................................................................117

SNMP traps ...........................................................................................................................................................117List of traps that the SAL Watchdog can generate ................................................................................................118

APPENDIX-5 ...........................................................................................................................................................119

Product alarm configuration ..................................................................................................................................119Communications Manager ...............................................................................................................................119

Modular Messaging Application Server ...............................................................................................................120Enabling SNMP ................................................................................................................................................120Configuring alarming .......................................................................................................................................121Configuring inventory collection......................................................................................................................122

Application Enablement Services .........................................................................................................................123Release 4.2 .......................................................................................................................................................123Administering Product ID ................................................................................................................................123Enabling SNMP ................................................................................................................................................123Release 5.2.1 ....................................................................................................................................................125SNMP components for AE Services ..................................................................................................................125

Administering Product ID ................................................................................................................................125

Enabling SNMP ................................................................................................................................................125G860 High Density Trunk Gateway .....................................................................................................................126

Enabling SNMP ................................................................................................................................................126Voice Portal ..........................................................................................................................................................126

Enabling SNMP ................................................................................................................................................126

APPENDIX-6: REDUNDANCY FOR SAL GATEWAY .....................................................................................127

Redundant gateways for remote access, alarming, and inventory .........................................................................127

APPENDIX-7: SAL GATEWAY DIAGNOSTICS...............................................................................................129


6/159

vi

SAL Diagnostics: General concept of operation ...................................................................................................129Complete, annotated, diagnostic output ................................................................................................................130

Data Transport Component Diagnostics..........................................................................................................130HeartBeat Component Diagnostics ..................................................................................................................135Configuration Change Component Diagnostics...............................................................................................136

NmsConfig Component Diagnostics ................................................................................................................136ProductConfig Component Diagnostics ...........................................................................................................136Inventory Component Diagnostics ...................................................................................................................136Alarm Component Diagnostics ........................................................................................................................137Agent Mgmt Component Diagnostics ...............................................................................................................139CLINotification Component Diagnostics .........................................................................................................139

LogManagement Component Diagnostics .......................................................................................................139LogForwarding Component Diagnostics .........................................................................................................140ConnectivityTest Component Diagnostics ........................................................................................................140

AxedaDiagnostics Component Diagnostics .....................................................................................................140Linux Diagnostic Component Diagnostics .......................................................................................................140Additional information that diagnostics returns ..............................................................................................141

Troubleshooting for SAL Gateway diagnostics ....................................................................................................142

GLOSSARY .............................................................................................................................................................149


7/159

1

Preface

PurposeThe SAL Gateway Implementation Guide explains how to install and configure a SAL Gateway.

Audience

This document is for the use of service personnel who:

Install the gateway

Configure the gateway for the remote service of managed devices

Conventions used

Font: Boldis used for:

o Emphasis

o User interface labels

Example: Click Next.

Font: Courier New, Bold is used for commands.

Example: Execute the command unzip SAL.zip.

Font: Courier is used for GUI output.

Example: The directory already exists!

Font: Verdana, with expanded character spacing is used for inputs.

Example: You must enter the value abc.


8/159

2

Contacting Avaya technical support

If you still have questions after reading this manual, or the online help for the SAL Gatewayinstaller, you can contact Avaya Inc. for technical support.

Avaya Support

Mail Avaya Inc. 211 Mt. Airy Road, BaskingRidge, NJ 07920, USA

Internet http://support.avaya.com

Phone +1 (866)-GO-AVAYA


9/159

3

1: Introduction to SAL Gateway

Secure Access Link overviewSecure Access Link (SAL) is an Avaya serviceability solution for support and remotemanagement of a variety of devices and products. SAL provides remote access, alarmreception and inventory capabilities. SAL uses the existing Internet connectivity of thecustomer to facilitate remote support from Avaya. All communication is outbound from thecustomers environment over port 443 using HTTPS.

SAL egress model

As egress filtering is considered an important best practice, SAL provides an egress model of

remote access that includes customer policy management of remote access, file transfers, andegress data flow. This gives the customer complete control over whether access to their devices ispermitted or not. All connectivity is fundamentally established from the network of the customer.As SAL facilitates remote access in an egress fashion by having the SAL Gateway send HTTPSrequests to Avaya, customers need not expose open ports on the Gateway to the Internet. SALsupports any TCP-based application layer protocol including the following: SSH, HTTPS, telnet, sftp,ftp, and RDC.

SAL features

SAL provides the following features:

Enhanced availability and reliability of supported products through secure remote accessSupport for service provision from Avaya, partners, system integrators, or customers

Administration of alarming through configuration changes

Elimination of the requirement for modems and dedicated telephone lines at the customersites

Security features:

Communication initiated from customer networks (egress connectivity model)

Detailed logging

Support for Public Key Infrastructure (PKI)-based user certificates for Avaya

support personnel to remotely access managed devicesAuthentication that customers control

Rich authorization management based on policy

Support for local access and management options

Reduced firewall and network security configuration


10/159

4

SAL Gateway overview

SAL Gateway is a software package that:

Facilitates remote access to support personnel and tools that need to access supporteddevices

Collects and sends alarm information to a Secure Access Concentrator Core Serveron behalf of the managed devices

Provides a user interface to configure its interfaces to managed devices, ConcentratorRemote and Core Servers, and other settings

The SAL Gateway is installed on a Red Hat Enterprise Linux host in the customer networkand acts as an agent on behalf of several managed elements. It receives alarms fromproducts and forwards them to the Secure Access Concentrator Core Server.

The SAL Gateway polls the Secure Access Concentrator Servers with Hypertext TransferProtocol Secure (HTTPS) for connection requests and authorizes connection requests inconjunction with the Secure Access Policy Server. The use of the policy server is optional.

The SAL Gateway also sends alarms through HTTPSto the Secure Access Concentrator CoreServer as they are received, and periodically polls with HTTPS to report availability status.

The SAL Gateway provides remote access to those devices that are configured for remoteaccess within it. It controls connections to managed elements, new or updated models; andverifies certificates for authentication. The SAL Gateway also communicates with a SecureAccess Concentrator Remote Server.

NNoottee

The SAL model is a collection of the alarming configuration, inventory configuration and SALGateway component configurations that define how a SAL Gateway provides service to aparticular set of remotely managed devices.

Summary of SAL Gateway features

The SAL Gateway user interface provides access to administer the following SAL Gatewaysettings:

Secure Access Concentrator Remote and Core Server host names

Proxy servers

Managed device connectivity

Policy server and LDAP authentication

Network Management Server details

The ability to view SAL Gateway logsSAL Gateway status and diagnostic capabilities

Other SAL components

This section provides descriptions of other SAL components.


11/159

5

Concentrator servers

There are two Concentrator servers:

Secure Access Concentrator Core Server (SACCS) that handles alarming andinventory

Secure Access Concentrator Remote Server (SACRS) that handles remote access,and updates models and configuration

Secure Access Policy Server

Customers can deploy an optional Secure Access Policy Server (Policy server) that centrallydefines and manages access and control policies. Gateways enforce the policies. The SALGateway polls the Policy server for updates on policies. The Policy server provides activemonitoring and termination of remote access sessions. For more information on the Policyserver, seeAvaya Secure Access LinkSecure Access Policy Server: Installation andMaintenance Guide.

While policy decisions can be made in the SAL Gateway or the Secure Access Policy Server,it is the SAL Gateway that enforces all policies.

Policy server capacity

The policy server can support up to 500 managed devices, regardless of how manygateways are used. The combination can have many variations:

One gateway with 500 managed devices

100 gateways with the gateway and four additional managed devices each

250 gateways, each with only the gateway and one managed device

500 gateways, each with no managed device

How the SAL components work

The SAL Gateway relays alarms and heartbeats to the Secure Access Concentrator CoreServer. A SAL Gateway can collect alarms through the receipt of SNMP traps or the receiptof Initialization and Administration System (INADS) alarms. It provides the collected alarminformation to the upstream Secure Access Concentrator Core Enterprise Server.

NNoottee

For a list of SNMP traps that can help you plan how your Network ManagementSystem (NMS) responds to events, see Appendix-4.

SAL provides remote access to managed devices through HTTPS requests originating insidea customer network. SAL Gateway customers have ultimate control over all SAL facilitatedaccess to their devices. All connectivity is originally established from the network of thecustomer, and customer controlled SAL components enforce authorizations.

When a request for remote access reaches the Avaya Secure Access Concentrator RemoteEnterprise Server, the request is sent to the gateway that authenticates the user anddetermines if the connection should be authorized.


12/159


13/159

7

2: SAL Gateway installation anduninstallation

Customers can install the SAL Gateways on computers they provide and maintain.

Avaya recommends that users back up any critical information or previous SAL Gatewayversions before installing a SAL Gateway. The SAL Gateway software does not provide anybackup capability. For the names of files you may want to back up, see Appendix-1: Backingup and Restoring SAL Gateway.

The SAL Gateway installer can be run interactively from a Linux desktop.

Software installation prerequisites

An installation of SAL 1.8 Gateway must satisfy a minimum set of software and hardwarerequirements. For a list of necessary Linux packages, seeNecessary Linux packages.

NNoottee

The computer that is used to download the software requires the following browserversions: IE 6.0 or IE 7.0, or FireFox 3.x with the FireFTP plug-in. The plug-in is requiredonly if the software is downloaded from:

Linux

An FTP server

Within Firefox

Hardware and software requirements

Component Minimum Recommended

Operating System

ONLY Red Hat EnterpriseLinux Server Release 5.032-bit for standalonegateways.

No other versions are

currently supported.

Processor1 GHz

Hard Drive 40 GB free space

Memory 2GB

Network 100 Mbps Ethernet or NIC

CD-ROM DriveIt may be useful for RedHat installations.


14/159


15/159


16/159


17/159

11

2. Add managed devices to your SAL Gateway using the Solution Element IDs (SEID)provided to you in Step 1 and Step 3 (if requested).

NNoottee

The first device to be added must be the SAL Gateway itself.

3. When you have added all your managed devices, complete Step 2 of the registrationsheet for each managed device you added to your gateway, and send this sheet [email protected].

When the SAL Gateway registration sheet with Step 2 completed reaches Avaya, theAvaya Registration team makes the appropriate changes to allow access to yourmanaged devices through the SAL Gateway.

By means of an e-mail Avaya confirms that remote access to your product has beenenabled through your SAL Gateway.

4. This step is applicable if the SAL Gateway supports alarming for the managed device.Change the alarm destination on your managed devices, if necessary, so that alarmsare routed to your SAL Gateway. Consult your product documentation to accomplishthis task. For steps to change alarm destinations for the most common Avaya

applications, seeAppendix-5.

Customer responsibilities and preconditions

The SAL Gateway runs on customer-provided hardware with a customer-installed operatingsystem. The customer owns the control and care of the hardware and the operating system.

A customer has the following responsibilities:

Items required for SAL

Install Red Hat Enterprise Linux 5.0.

NNoottee

For the procedure to install RHEL 5.0, seeAppendix-2.

Install JRE 1.5.

NNoottee

For the procedure to install Java 1.5, seeAppendix-3.

Create user accounts and groups. For details on how to create a user and group forthe SAL Gateway, see the sectionIdentify SAL Gateway panel.

Acquire, maintain, and manage firewalls. General information on firewalls is available aten.wikipedia.org/wiki/Personal_firewall and en.wikipedia.org/wiki/Firewall_(networking).

Set up uninterruptible power supply (UPS). If you want to compare UPS BackupPower Systems from the leading Uninterruptible Power Supply manufacturers, seerelevant information atwww.42u.com/ups-systems.htm.

Back up and restore the SAL Gateway files and directories. For details, see Appendix-1.
http://www.42u.com/ups-systems.htmhttp://www.42u.com/ups-systems.htmhttp://www.42u.com/ups-systems.htmhttp://www.42u.com/ups-systems.htm


18/159

12

Ensure that the Domain Name Server (DNS) is set up for the proper functioning ofthe SAL Gateway on the network.

Ensure the security of the platform for the SAL Gateway: some secure mechanismmust be in place to prevent attacks on the SAL Gateway UI and unauthorized accessto the SAL Gateway UI. One of the simple things you can do is to have proper usernames and passwords for authorized users.

Restart the syslog service after the SAL Gateway installation.

Optional items for SAL

Set up the Pluggable Authentication Modules for Linux (PAM), if you want to usealternate authentication mechanisms such as LDAP.

Configure syslogd, if you want audit log entries to be written to an external server.

Install the Policy server on a different host, if you want to restrict remote access to acertain time window, set of people, a set of managed devices, or want to controlautomatic update of the product support models of the Gateway. For information on

the Policy server, seeAvaya Secure Access LinkSecure Access Policy Server:Installation and Maintenance Guide.

Install the required certificates if you want to use a Policy server.

Install the proxy server if the SAL Gateway needs to use a proxy to communicatewith the Secure Access Concentrator Core and the Secure Access ConcentratorRemote servers on the Internet.

Install the LDAP server, if you want to use LDAP-based authentication to the Gateway.You can also employ group-based policies for remote access.

Set up anti-virus software, if you want such protection for the SAL Gateway host.

Enter an appropriate system warning message. A text box on the SAL Gateway UI

Log on page displays the default system usage warning:

This system is restricted solely to authorized users for legitimatebusiness purposes only. The actual or attempted unauthorized access,use, or modification of this system is strictly prohibited. Unauthorizedusers are subject to company disciplinary procedures and or criminal andcivil penalties under state, federal, or other applicable domestic andforeign laws. The use of this system may be monitored and recorded foradministrative and security reasons. Anyone accessing this systemexpressly consents to such monitoring and recording, and is advised thatif it reveals possible evidence of criminal activity, the evidence ofsuch activity may be provided to law enforcement officials. All usersmust comply with all corporate instructions regarding the protection ofinformation assets.

The /etc/issue file holds the text for the warning. It is the system administrator whoedits this file and enters appropriate messages for system users.

Installing the SAL Gateway using the GUI

To install SAL Gateway in the GUI mode:

1. Download the SAL Gateway software. It is available at:


19/159

13

https://plds.avaya.com/poeticWeb/avayaLogin.jsp?ENTRY_URL=/esd/viewDownload.htm&DOWNLOAD_PUB_ID=SAL00000003

2. Log in to the system on which you want to install the SAL Gateway. Useadministrator privileges from the GUI and open a new console on the GUI.

NNoottee

Before you start, ensure that the JAVA_HOME variable is set on the machine onwhich you want to install the SAL Gateway. Set it at the same location as the JREinstallation.

3. Create a directory in your home directory and copy the SAL.zip file there.

4. Execute the command unzip SAL.zipfrom the command line to unzip the SAL

installable file.

5. Execute the command ./runInstaller.shfrom the command line. The command

invokes the installer GUI.

Using the installation panels

The system displays the Language selection panel. The default language is English.

1. Click OK.

The system displays the installation Welcome panel.

2. Click Next.

Avaya global software license terms

The system displays the Avaya global software license terms panel (Figure 2-1).
https://plds.avaya.com/poeticWeb/avayaLogin.jsp?ENTRY_URL=/esd/viewDownload.htm&DOWNLOAD_PUB_ID=SAL00000003https://plds.avaya.com/poeticWeb/avayaLogin.jsp?ENTRY_URL=/esd/viewDownload.htm&DOWNLOAD_PUB_ID=SAL00000003https://plds.avaya.com/poeticWeb/avayaLogin.jsp?ENTRY_URL=/esd/viewDownload.htm&DOWNLOAD_PUB_ID=SAL00000003https://plds.avaya.com/poeticWeb/avayaLogin.jsp?ENTRY_URL=/esd/viewDownload.htm&DOWNLOAD_PUB_ID=SAL00000003https://plds.avaya.com/poeticWeb/avayaLogin.jsp?ENTRY_URL=/esd/viewDownload.htm&DOWNLOAD_PUB_ID=SAL00000003


20/159

14

Figure 2-1: Avaya global software license terms

1. Click the I accept the terms of this license agreementoption.NNoottee

You must accept the terms of the license agreement to continue with the installation.Until you accept the terms of the license agreement, the Nextbutton on the panelremains unavailable.

2. Click Next.

Preinstall configuration audit

The system displays the Pre-install configuration audit panel (Figure 2-2).


21/159

15

Figure 2-2: Pre-install configuration audit

The system checks the configuration settings and displays the status of the following:

OS Version

RAM

WWaarrnniinngg

Even with the Avaya recommended 2-GB RAM memory, your SAL Gateway may failto format the alarms that reach it. If so, edit the startup timeout value in the file:

vi /SpiritAgent/wrapper.config

Install_Dir_Path is the location where the SAL Gateway is installed.

The default startup timeout value in the file is 90 seconds. Edit the value so that the

file displays the following value: wrapper.startup.timeout=180.CPU Speed

Java Version

Java Vendor

Crucial checks

If the following checks fail, the installer cancels the installation.


22/159

16

Check for the availability of the JAVA_HOME environment variable

Check to discover whether the JAVA_HOME variable is set correctly

Check to discover whether the JAVA_HOME variable is set in the PATH variable andwhether the version is 1.5, or a version higher than 1.5

The JAVA_HOME variable is set at the location where the JRE is installed.

Check to discover whether the /etc/hosts, /etc/sysconfig/network, and hostnamecommands have the same host name

Check to discover whether port 7443 is free

If the following check fails, the installer displays a warning and proceeds with theinstallation.

Check to discover whether the syslog, iptables and ntpd services are active

NNoottee

Ensure that you have the required Java version and Java vendor, as these are mandatoryrequirements for the installation. Also ensure that there is adequate disk space on the

system for the SAL Gateway pack.Click Nexton thePre-install configuration audit panel.

Selecting the installation path

The system displays the Installation path panel. The panel displays the default installationpath.

1. If this is the path you want, click Nextto install the files in the default directory.

If the default path directory already exists, the system displays a warning: Thedirectory already exists! Are you sure you want to install here andpossibly overwrite existing files?

2. Click Yesor No.

Option Result

Yes Overwrites the directory.

NoThe system displays the SAL GatewayPack selection page.

3. Click Browseto select the location details for the installation, if you need to changethe default path.

NNoottee

Avaya recommends that you select a new folder for the installer. To create a targetdirectory on the system, specify a directory name. Click OK on the box that thesystem displays.

4. ClickNext.


23/159

17

Selecting packs

The system displays the Packs selection panel (Figure 2-3).

Figure 2-3: Packs selection

1. Select the AgentGatewaycheck box if it is not already selected.

When you select the pack, the system displays the size of the pack, the SAL Gatewaydescription, and details of the required space and the available space.

2. Click Next.

Changing system configuration files

The system displays the Change system configuration files panel (Figure 2-4).


24/159

18

Figure 2-4: Change system configuration files

1. Select the Iptablecheck box.CCaauuttiioonn

Failure to update the IPTables renders the SAL Gateway user interface inaccessible andprevents SNMP traps from reaching the Gateway.

1. Select the Syslogcheck box.

NNoottee

Syslog is the logging tool for SAL Gateway. The Gateway installer edits the/etc/syslog.conf file if you select the Syslogcheck box. If you clear the check box,you must edit the /etc/syslog.conf file. Failure to do this might result in the Gatewaycomponents not writing syslog and logging after the installation.

2. Click Next.

Updating IPtables

1. If you clear the Iptablecheck box on the Change system configuration files panelduring a SAL Gateway installation, update the IPtables with the following commands:

/sbin/iptables -I INPUT -i lo -j ACCEPT


25/159

19

/sbin/iptables -I INPUT -p udp -m udp --dport 8162 -j ACCEPT

/sbin/iptables -I INPUT -p tcp -m tcp --dport 5108 -j ACCEPT


/sbin/iptables -I INPUT -p udp -m udp --dport 162 -j ACCEPT


/sbin/iptables -I INPUT -m state --state RELATED,ESTABLISHED -jACCEPT

/sbin/iptables -t nat -I PREROUTING -p udp -m udp --dport 162 -jREDIRECT --to-ports 8162

2. Execute the following command to save the iptables configuration:

service iptables save

Disabling SELinux

Disable SELinux on the SAL Gateway. Even with the Iptables rules provided in this section,the SAL Gateway fails to function properly if SELinux is in the enforcingmode.

1. To disable SELinux, login to the SAL Gateway and execute the command:

system-config-securitylevel-tui

2. For SELinux, select the option Disabled, and click OK.

Additional firewall rules for remote administration of the SALGateway

The SAL Gateway requires additional firewall rules for its remote administration. These rules

are not required for the proper functioning of the SAL Gateway, but are necessary forremote access and troubleshooting.

1. To allow remote administration of the SAL Gateway, execute the followingcommands:

/sbin/iptables -I INPUT -p icmp -m icmp --icmp-type any -j ACCEPT


2. Execute the following command to save the iptables configuration:

service iptables save

Configuring facilities to write logs: GUI or interactive mode

If you select the SYSLOGcheck box on the Change system configuration files panel duringa SAL Gateway installation, the SAL Gateway installer automatically edits the/etc/syslog.conf file if Local0, Local4 and Local5 are not already configured. If the facilitiesare configured, the installer displays the following warning on the Installation Progresspanel: Do you want to continue? The box also displays the explanation: SAL Gateway sysloglog files are mixing with the customer syslog log files.The panel provides two options:

No: Rolls back the installation


26/159

20

Yes: Continues the installation

Configuring facilities to write logs: Command line or unattendedmode

In the command line mode of SAL Gateway installation, the installer logs the warningregarding the configuration of facilities and rolls back the installation.You can choose either of two options to continue with the installation:

Option 1

1. In the AgentGateway_Response.properties file for the command line installation,change the value to SYSLOGSelect=false.

2. Edit the syslog configuration file manually.

Option 2

Install the SAL Gateway in the GUI or interactive mode.

Identifying the SAL Gateway

The system displays the Identify SAL Gateway panel (Figure 2-5).


27/159

21

Figure 2-5: Identify SAL Gateway

1. Enter the credentials for the SAL Gateway server identification: Solution Element ID,Alarm/ Inventory ID, andIP Address.

Field Name Description

Solution Element IDAvaya Solution Element ID is a uniqueidentifier in the form (xxx)xxx-xxxxwhere x is a digit.

Alarm/Inventory ID

Avaya Alarm ID, also called Product ID,is a unique 10-character ID assigned to adevice, for example, this SAL Gateway,and is used to report alarms to Avaya.

IP AddressIP address of the server where the SALGateway is being installed

If you fail to enter a value for the Solution Element IDfield, the system displaysthe Input Problem message: Please provide valid Solution Element ID.

If you fail to enter a value for the Alarm/Inventory IDfield, the system displaysthe Input Problem message: Please provide valid Alarm ID.

2. Click Next.


28/159

22

NNoottee

If you have not yet submitted your request to Avaya for your Avaya SolutionElement ID and Product/Alarm/Inventory ID, see step 2 inRegistering SAL Gateway,in Chapter 2. You may not proceed past this point until you have an Avaya SolutionElement ID and product/Alarm/Inventory ID. Your SAL Gateway starts operationsonly if you perform this step and enter these values.

The SAL Gateway and the Concentrator Servers, if deployed, are assigned SolutionElement IDs and Product IDs and are treated as managed devices. These values helpAvaya Services to uniquely identify your managed device if it raises an alarm. Thesevalues also help the Avaya Secure Access Concentrator Enterprise Remote Serverfacilitate remote access to these products.

Identifying the SAL Gateway user

The system displays the Identify SAL Gateway user panel (Figure 2-6).

Figure 2-6: Identify SAL Gateway user

The User Namefield displays the default SAL user name, saluser.

The User Groupfield displays the default SAL user group, salgroup.


29/159

23

Click Next.

NNoottee

You can edit the default user and user group names. The installer uses the names enteredhere to create a user and user group with these names. The SAL Gateway employs theseusers to start its components. The saluserowns the Gateway file system.

Configuring the Concentrator Core Server

The system displays Concentrator Core Server configuration panel.

The SAL Gateway requires the following information to establish a connection to a SecureAccess Concentrator Core Server for delivery of alarms and inventory information. If youuse the default values, your SAL Gateway establishes a connection to the Avaya SecureAccess Concentrator Core Server. The panel displays the Primary and Secondary locationdetails for theSecure Access Concentrator Core Server.

The Platform Qualifierfield displays the default value: Enterprise-production.Unless you are explicitly instructed, you must not change the default.

The Primary destinationfield displays the default host name:secure.alarming.avaya.com. The fully qualified host name of the Secure AccessConcentrator Core server is the host name that the SAL Gateway first contacts.

The Portfield displays the default port number for the primary destination: 443.

The Secondary destinationfield displays the default host name.

The Portfield displays the default port number for the secondary destination.

Click Next.

NNoottee

Entries for the secondary destination server and port are mandatory.

Configuring the Concentrator Remote Server

The system displays the Primary and Secondary location details for the ConcentratorRemote Server configuration (Figure 2-7).

The SAL Gateway requires the information you provide here to contact the Secure AccessConcentrator Remote Server (SACRS) for remote access.


30/159

24

Figure 2-7: Concentrator Remote Server Configuration

The Primary destinationfield displays the default host name:sl1.sal.avaya.com.

NNoottee

The hostname sl1has a lower case letter Land the number 1following the letter s.

The Portfield displays the default port number: 443.

The Secondary destinationfield displays the default host name.

The Portfield displays the default port number.

NNoottee

You can edit the default values on the panel if the defaults are not required.

Click Next.

Proxy settings

The system displays the Proxy settings panel (Figure 2-8).


31/159

25

Figure 2-8: Proxy settings

1. Select the Proxy Requiredcheck box for Internet access outside the firewall of thecustomer.

The system displays the Proxy server details.

NNoottee

The use of the customer proxy server is optional and depends on the localconfiguration. This proxy works the way a proxy that is required for browsing does. Ifyou have a company proxy in your Web browser, it is likely that you will need one inthis context too.

You need a proxy server if there is no direct communication between the SALGateway and the Concentrator Servers. The SAL Gateway then uses the proxy serverfor communication with the Concentrator Servers.

2. Enter your proxy server details.

a. Select the HTTP, Authenticated HTTP or the SOCKS proxy type.

b. Enter the host name or the IP address of the proxy server.

If you fail to enter a host name for the proxy, the system displays thefollowing Input Problem message: Please provide valid Host Name forCustomer proxy.


32/159

26

c. Enter the port number of the proxy server.

If you fail to enter a port number for the proxy, the system displays thefollowing Input Problem message: Please provide valid Port forCustomer proxy.

SAL does not support SOCKS proxies that use authentication.

3. Click Next.

Proxy authentication settings

If you select the Authenticated HTTP option on the Proxy settings panel, the system displaysthe Proxy authentication settings panel (Figure 2-9).

1. In the Userfield, enter the user name.

If you fail to enter a user name for the proxy, the system displays the followingInput Problem message: Please provide valid User Name for Customer proxy.

2. In the Passwordfield, enter the password to be associated with the user name.

If you fail to enter a password for the proxy, the system displays the following InputProblem message: Please provide valid Password for Customer proxy.

3. Click Next.


33/159

27

Figure 2-9: Proxy authentication settings

Configuring the Policy server

The system displays the Policy server configuration panel (Figure 2-10).


34/159

28

Figure 2-10: Policy server configuration

The use of the policy server is optional. A policy server can be used without an LDAP server.If you decide to use a Policy server, enter the values for the host name and the port fields.

1. In the Hostnamefield, enter the host name or the IP address of the Policy server.

2. In the Portfield, enter the port number of the Policy server.

3. Click Next.

Configuring the LDAP server

The system displays the LDAP server configuration panel (Figure 2-11).


35/159

29

Figure 2-11: LDAP server configuration

An LDAP server is necessary if you want group-based policies such as whitelists andblacklists. You must enter the details for the LDAP server.

1. In the Server Addressfield, enter the host name or the IP address of the LDAPserver.

2. In the Portfield, enter the port number of the LDAP Server.

3. In theBind DNfield, enter the Bind Distinguished Name of the LDAP Server.

This is the DN to use in binding to the LDAP server. The Bind operation authenticatesthe SAL Gateway to the LDAP server.

4. In the Passwordfield, enter the password to be used in conjunction with the BindDistinguished Name.

5. In the Base DNfield, enter the Base Distinguished Name of the LDAP Server.

Base = base object search.

This is the DN of the branch of the directory where all searches should start. At thevery least, this must be the top of your directory tree, but could also specify asubtree in the directory.

Example of Base DN: uid=people,dc=stanford,dc=edu


36/159


37/159

31

Changing the owner of the SSL directory to installation user

During a SAL Gateway installation, if you use the SAL Gateway Truststore Directory panel toselect a location for the SSL directory other than the default AgentGateway installationdirectory, the saluser or the installation user requires certain permissions to make the SALGateway functional.

The saluser or the installation user requires these permissions to:Read and write the spirit-trust.jks file located in the SSL directoryCopy any new file from the Certificate Management page of the SAL Gateway UI intothis directory

Depending on preferences, SAL Gateway users can adopt any of several methods to providethese permissions, one of which is outlined. This method assumes the SSL directory chosenwas /usr/local/ssl and changes the owner and group.

1. To change the owner and group of the SSL directory to the installation user andgroup, log in as root and execute the following command:

chown R saluser:salgroup /usr/local/ssl/

2. If you want to provide permissions only for the files within the folder, execute the

following command:

chown saluser:salgroup /usr/local/ssl/

This change helps the SAL Gateway administrator upload certificates from the CertificateManagement page.

CCaauuttiioonn

Ensure you grant these permissions immediately after you install the SAL Gateway. A SALGateway installation with insufficient permissions for the SSL folder adversely affects SALGateway services. Without these permissions, the Gateway UI and the Axeda Agent fail tostart, and the SAL Agent fails to function properly.

Restarting SAL Gateway services

Restart the SAL Gateway services after you grant necessary permissions for the SSL folder.1. Execute the following command to restart the Gateway UI service:

/sbin/service gatewayUI restart

2. Execute the following command to restart the Spirit Agent service:/sbin/service spiritAgent restart

3. Execute the following command to restart the Axeda Agent service:/sbin/service axedaAgent restart

Administration access for Avaya

The system displays the Administration access for Avaya panel (Figure 2-13).


38/159

32

Figure 2-13: Administration access for Avaya

The panel displays the Rolefield.

1. Enter a role for the Avaya technician.

You can select from the following roles:

Administrator

This role grants the user all permissions on all the UI pages except the followingones:

LDAP (Read only)Policy Server (Read only)PKI Configuration (Read only)OCSP/CRL Configuration (Read only)

Certificate Management (Read only)The Administrator role excludes permissions to edit security settings. Only aSecurity Administrator can change security settings and this role is not availableto Avaya support personnel.

Browse

This role grants the user the Read only access permission to all pages.


39/159

33

NNoottee

If you select Denyfrom the options, the user is denied access to the SAL Gatewayuser interface.

This panel is used to assign a role that defines permissions to the Avaya supportpersonnel who may have to access the managed device to provide service.

2. Click Next.

Pack installation progress

The system displays the Pack installation progress panel (Figure 2-14).

Figure 2-14: Pack installation progress

The bars on the panel display the progress of the installation such as the parsing and theexecuting of files. The installer also creates the uninstaller pack and the uninstaller wrapper.

NNoottee

The system does not display the Nextand the Previousbuttons until the installation iscomplete.

Click Nextwhen all the files are unzipped and installed.


40/159

34

Installation summary

The system displays the Installation summary panel (Figure 2-15).

Figure 2-15: Installation summary

The panel displays the following information:

The installation status to show whether the installation process is complete or hasfailed

The package or packages that have been installed

The name of the installed SAL Gateway

The location details of the Uninstaller program

If you click Quitduring a SAL Gateway installation, the system displays a box with the

warning: This will cancel the installation!

1. Click Yesonly if you want to quit the installation.

2. Click Done.

The SAL Gateway installer completes the installation procedure and reverts to thecommand mode.


41/159

35

NNoottee

An Uninstaller directory is created under the installation directory, in the defaultdirectory >/Uninstaller. You can use the Uninstaller if you want touninstall the Gateway. For uninstallation instructions, see the sectionUninstallingSAL Gateway using the GUI.

You may occasionally have to back up the configuration and the data files, or makeregular backups in accordance with company policies. In such cases, use theinherent capabilities of Red Hat Enterprise Linux 5.0 to back up the SAL Gatewayinstallation.

Installing SAL Gateway in the command line mode

Refer to the following sections in this document before you undertake a SAL Gatewayinstallation:

Preinstallation tasks

Customer responsibilities and preconditions

You can also use the command line mode to install the SAL Gateway.

Use the command:

./runInstaller.sh [-m gui/ unattended] [-i ]

[o ]

where:

mis the parameter for mode.

You can specify either the GUI or the unattended mode for the installation.

iis the parameter for the input response file.

This is the response property file with key value pairs that the installer could use in theunattended or GUI mode to override the values specified in the default configuration file.

is the parameter for the output response file.

This is the path of the response file the installer generates and could be used for anunattended installation.

Other options

ris the parameter for rollback with the options, true and false.

You can rollback the installation in the event of an error for the unattended mode ofinstallation.

phas the options abort and ignore.

This continues or cancels the installation in the event of a prerequisite failure in theunattended mode of installation.


42/159

36

Command for Help

To view Help, use the following command:

./runInstaller.sh --help

Command to continue installation in the event of a preinstall audit failure

Use the following command if you want to ignore a preinstall audit failure during aninstallation:

./runInstaller.sh -m unattended -i AgentGateway_Response.properties

-p ignore

Command to exit an installation in the event of a preinstall audit failure

Use the following command to exit an installation in the event of a preinstall audit failure.

./runInstaller.sh -m unattended -i AgentGateway_Response.properties

AgentGateway_Response.properties file

SAL provides an AgentGateway_Response.properties file with the SAL Gateway software. Ifyou use the command line mode for a SAL Gateway installation, you can use this file toenter values for the SAL Gateway configurations done during an installation.

Information in the file Additional information

# Language selection code

localeISO3=eng

English is the default language theinstaller uses.

# Please read the License Agreement under the'license' folder at the location of 'SAL.zip'extraction

agreelicence=Agree

To continue with the installation, thevalue of the agreelicenceattribute mustbe Agree.

# Installation Path Information

INSTALL_PATH=/opt/avaya/SAL/gateway

You can change the default installationpath, /opt/avaya/SAL/gateway. If youspecify a new directory path, the installercreates the target directory on thesystem.

For more details, see the Installation path

panel in the section Installing SALGateway using the GUI.

# pack name is fixed

packs=AgentGateway

The pack name is fixed. Do not changethis information.


43/159

37


# If following values are true then GatewayInstaller update the IPTABLE and SYSLOG

IPTABLESelect=trueSYSLOGSelect=true

Keep the values for IPTABLESelectandSYSLOGSelectas true.

If the installation fails due to some syslogerrors, change the value for

SYSLOGSelectto falseand reinstall SALGateway.

If you set the value for SYSLOGSelecttofalse, you must edit the /etc/syslog.conffile manually after the installation. If youfail to edit the file, the SAL Gatewaycomponents may not write syslog andlogging after the installation. For moreinformation, seeEditing the syslogconfiguration file.

For more details, see the Change SystemConfiguration Files panel in the sectionInstalling SAL Gateway using the GUI.

# Agent Gateway Configuration mandatoryfields

GATEWAY.SOLUTION.ELEMENTID=(777)000-9999SPIRIT.ALARMID=1234567890AGENTGATEWAY_IPADRESS=192.168.1.10

You must replace the representativevaluesfor ELEMENTIDand ALARMIDwiththe actual Solution Element ID and theAlarm or Product ID obtained from Avaya.For the procedure to obtain thesenumbers for your SAL Gateway, seeRegistering SAL Gateway.

You must replace the representative valuefor AGENTGATEWAY_IPADRESSwith theactual IP address of the host server where

the SAL Gateway is being installed.For more details, see the Identify SALGateway panel in the section InstallingSAL Gateway using the GUI.

# Select the USER_ACCOUNT andUSER_GROUP of Agent Gateway mandatoryfields

AGENTGATEWAY_USERNAME=saluserAGENTGATEWAY_USERGROUP=salgroup

The username provided, if existing, musthave the execute permissions to the Bashshell for the Gateway services to runsuccessfully.

For more details, see the Identify SALGateway User panel in the sectionInstalling SAL Gateway using the GUI.

# Avaya Enterprise Configuration mandatoryfields

PRIMARY_AVAYA_ENTERPRISE_PASSPHRASE=Enterprise-production

PRIMARY_AVAYA_ENTERPRISE_URL=secure.alarming.avaya.com

PRIMARY_AVAYA_ENTERPRISE_PORT=443

Unless you are explicitly instructed, donot change these default values.

For more details, see the ConcentratorCore Server Configuration panel and theConcentrator Remote ServerConfiguration panel in the sectionInstalling SAL Gateway using the GUI.


44/159

38


PRIMARY_AXEDA_ENTERPRISE_URL=sl1.sal.avaya.com

PRIMARY_AXEDA_ENTERPRISE_PORT=443

# Avaya Enterprise Configuration Optionalfields

SECONDARY_AVAYA_ENTERPRISE_URL=secure.alarming.avaya.com

SECONDARY_AVAYA_ENTERPRISE_PORT=443

SECONDARY_AXEDA_ENTERPRISE_URL=sl1.sal.avaya.com

SECONDARY_AXEDA_ENTERPRISE_PORT=443

If you have secondary Concentrator Coreand Remote Servers for yourenvironment, replace these values withactual values for the secondarydestinations.

# Customer Proxy Configuration Optional fields

ProxySelect=falseCUSTOMER_PROXY_TYPE=HTTPCUSTOMER_PROXY_HOSTNAME=localhostCUSTOMER_PROXY_PORT=

CUSTOMER_PROXY_USER=CUSTOMER_PROXY_PASSWORD=

The use of the customer proxy server is

optional and depends on your localconfiguration.

To use a proxy server, make the followingchanges:

Change the value for ProxySelecttotrue.

According to your requirement, set theCUSTOMER_PROXY_TYPEfields value asone of the following:

- HTTP: For HTTP proxy withoutauthentication

- AuthenticatedHTTP: For HTTPproxy with authentication

- SOCKS: For SOCKS proxy withoutauthentication

For HOSTNAME, PORT, USER, andPASSWORD, specify the valuesaccording to your proxy serversettings.


45/159

39


# Model Package Installation fields

MODEL_RADIO_SELECTION=OFFLINE

For model package installation, set one ofthe following two modes as the value ofthe MODEL_RADIO_SELECTIONfield:

ONLINE: When the installation mode is

ONLINE, the SAL Gateway Installercommunicates with the configuredConcentrator Core Server located atAvaya or BP site to download andinstall the latest model packageavailable at the Concentrator CoreServer.

OFFLINE: When the mode is OFFLINE, theSAL Gateway Installer gets the modelpackage from the location specified by thevalue of MODELS_INSTALL_PATH.

#Any local Path to Models package

MODELS_INSTALL_PATH=/var/Models.zip

For the offline installation mode of modelpackage, this key-value pair specifies thefile system path to the model package.

For the offline installation mode of modelpackage, you must replace therepresentative value with the directorypath where you have downloaded themodel package.

You must download the model packagefrom the global URL for the Enterpriseserver, for example,https://secure.alarming.avaya.com/reposi

tory/.

# Policy Server Configuration Optional fields

POLICY_SERVER_HOSTNAME=POLICY_SERVER_PORT=

To use a policy server, enter the hostname and port number of the policyserver in the appropriate fields.Otherwise, keep the values blank.

# LDAP Server Configuration Optional fields

LDAP_SERVER_HOSTNAME=LDAP_SERVER_PORT=LDAP_SERVER_BINDDN=LDAP_SERVER_BINDDN_PASSWORD=LDAP_SERVER_BASEDN=

LDAP_SERVER_GROUP_BASEDN=

To use an LDAP server, enter appropriatevalues in the fields according to yourLDAP server settings. Otherwise, keep thevalues blank.

For more details, see the LDAP ServerConfiguration panel in the section

Installing SAL Gateway using the GUI.

# SNMP SubAgent Configuration Optional fields

SNMP_SERVER_HOSTNAME=127.0.0.1SNMP_SERVER_PORT=705

The SNMP SubAgent needs the host nameor the IP address, and the port number ofthe SNMP Master Agent to register itselfwith the Master Agent.

For more details, see the SNMP SubAgentconfigurarion panel in the sectionInstalling SAL Gateway using the GUI.


46/159

40


# Location of the SAL Gateway Truststore

UserPathPanelVariable=/opt/avaya/SAL/gateway/SSL

You can change the default path to/SSL.

For more details, see the SAL Gatewaytruststore directory panel in the section

Installing SAL Gateway using the GUI.

# Assign Role to Avaya Technician

AVAYA_TECH_ASSIGNED_ROLE=Administrator

For details, see the Administration Accessfor Avaya panel in the section InstallingSAL Gateway using the GUI.

Uninstalling SAL Gateway using the GUI

You can also uninstall the SAL Gateway.

WWaarrnniinngg

Do not use the Quitoption on the panel during an uninstallation procedure. If you clickQuit,you can render your system unstable.

If you accidentally click Quit, the system displays a dialog box that seeks confirmation toquit the uninstallation. If you click Yes, the uninstallation process is disrupted and thesystem may be rendered unstable. You may then have to undertake a manual clean-up ofthe disk, and stop services manually.

To uninstall the SAL Gateway:

1. Log in to the system on which the SAL Gateway is installed.

2. From the GUI, use administrator permissions and open a new console on the GUI.

3. Navigate to the directory where you have already installed the SAL Gateway.

4. Browse within the directory and locate the Uninstaller directory. You will find thisdirectory under the specified SAL Gateway installer directory.

5. Locate and execute the ./runUninstaller.shscript by invoking it from the

command line.

The system displays the Welcome panel.

6. Click Next.

The system displays the Language options page.

7. Click OK.

8. Click Next.

The system displays the Uninstall options panel (Figure 2-16).


47/159

41

Figure 2-16: Uninstall options

NNoottee

At present, only the Uninstalloption to uninstall the entire application is supported.

9. Click Next.The system displays the Select Installed packs panel (Figure 2-17).


48/159


49/159

43

Figure 2-18: Removing files

12.Click Next.

The system displays the Uninstallation summary panel. This panel displays the pack,SAL Gateway, which has been uninstalled successfully.

13.Click Done.

The uninstallation is complete.

Uninstalling SAL Gateway using the command line mode

To uninstall the SAL Gateway using the command line mode:

1. Log in to the system on which the Gateway is installed using administratorpermissions from the command line.

2. Navigate to the installation path and locate the Uninstaller directory.

3. Execute the command:./runUninstaller.sh -m unattended -i ../

autoInstall_AgentGateway.properties

4. Wait for the system to perform the uninstallation. It takes about one to two minutesto complete the uninstallation. The system reverts to the command prompt once theuninstallation is complete.


50/159


51/159

45

Testing the functions of the Gateway UI

To check whether the Gateway UI works on the system on which you installed the SALGateway or not:

Use a browser on another computer to reach the URL https://:7443.

Upgrading the SAL Gateway

The SAL Gateway installer supports an upgrade capability so that a predefined lower releasegateway can be upgraded to a higher release one. For example, you can upgrade SALGateway R1.5 to SAL Gateway R1.8.

NNoottee

When you start an upgrade installation of the SAL Gateway with a lower version of thesoftware, the installer performs an audit to detect the availability of an older version.

If the installer detects an older supported version for an upgrade, it communicates theinformation to the user and proceeds with the only upgrade option to a higher version.

If the audit does not detect the availability of an earlier version of the SAL Gateway, theinstaller works the way it does for a new installation.

In cases where the installer detects a lower version of the software that is unsupportedfor upgrade, the installer displays an Error message. In such cases, you must move to ahigher supported version by means of an available upgrade path.

The SAL Release policy currently supports upgrades from n-2 (n minus 2) to n versionand n-1 (n minus 1) to n version. This implies that the n-3 (n minus 3) version of theSAL Gateway cannot be directly upgraded to n version.

Modes of SAL Gateway upgrade installations

You can perform a SAL Gateway upgrade installation in two modes:

Interactive or the GUI mode

Silent or unattended mode

Upgrading the SAL Gateway in the GUI mode or interactive mode

1. Unzip the SAL.zip file at the location where you want to install the SAL Gateway andexecute the following command to start the installation:

./runInstaller.sh script

The system displays the Language panel.

2. Select the default language, English.

The system displays the Welcome panel.

3. On the Welcome panel, click Next.

The system displays the Avaya Global Software License Terms panel.


52/159

46

4. Click the I accept the terms of this license agreementoption.

You must accept the terms of the license agreement to continue with the installation.

5. Click Next.

The system displays the Pre-install Configuration Audit panel.

6. When the configuration audit is complete, scroll through the audit report.You have the options to continue with the installation or cancel it.

7. Click Next to continue the installation. If you want to cancel the installation, clickQuit.

The system displays the Installation path panel.

8. Click Next.

The system displays all the components needed for an installation. Select thecomponents you want to install. It is preferable for you to select all the components.

9. Click Next.

The installer takes a few minutes to complete the backup of the earlier version of thesoftware and starts the upgrade. The installer copies all the files on to the targetsystem after the backup process.

Once the installation is complete, the installer creates an uninstaller that can helpyou in uninstalling the SAL Gateway whenever required.

10.Click Done.

The installer completes the upgrade installation procedure and reverts to thecommand mode.

Upgrading the SAL Gateway in the unattended mode

The SAL Gateway installer uses the following command:

./runInstaller.sh [-m gui/unattended] [-i ]

[o ] [p ignore]

Use the AgentGateway_Response.propertiesfile when you upgrade SAL Gateway inthe silent mode of installation.

Ensure that the value of the INSTALL_PATH key in the response file is identical to theSAL Gateway path of the previously installed version of the SAL Gateway. If the entry inthe response file does not match the path of the previously installed version, theinstaller cancels the upgrade.


53/159

47

3: SAL Gateway configurations

The Secure Access Link (SAL) Gateway includes a Web-based Gateway UI that provides

status information, configuration interfaces, and logging. It provides a means to configureand monitor the gateway as well as the associated devices for alarming and remote access.

The Gateway UI provides SAL users with the following configuration options:

View configurations: Users can view the server configurations done during theinstallation of the SAL Gateway.

Change configurations: Users can edit existing configurations and apply them.

The Gateway UI also provides feedback on the success or status of a configuration.

Prerequisites for the SAL Gateway configurations:

An installed SAL Gateway

An authorized user id for the user to log in to the SAL Gateway

A computer with a browser and network access to the SAL Gateway

Accessing the SAL Gateway interface for configuration

To access the SAL Gateway interface for configurations:

1. Browse to the host name and port that the SAL Gateway has been configured with.

You can access the SAL Gateway either on a local network or through the SecureAccess Concentrator Remote Server after the gateway has established a session with

the Concentrator.2. To access the SAL Gateway on a local network:

https://[host name or IP address of the SAL Gateway]:7443

3. To access the SAL Gateway through the Secure Access Concentrator Remote Server:

https://:7443/

The system displays a login screen.

The SAL Gateway authenticates a user with local credentials.

You may want to use the Secure Access Concentrator Remote Server UI to establisha connection to the Web page as the local port changes if you already have 7443

open on your computer.Your system administrator can provide you with the Linux login credentials to usehere.

User authentication

The SAL Gateway authenticates users in two ways:


54/159

48

Users with local host shell accounts log in with a user name and a password.

Certificate authenticated users log in with e-tokens or certificates. Avaya supportpersonnel usually use certificates for authentication.

Authentication with local credentials

1. Enter your user name and password.

2. Click Log on.

NNoottee

When a user logs in to the SAL Gateway with a username and password, the loginmechanism of the Gateway uses the credentials to establish an SSH connection tothe Gateway. The SSH method of authentication only supports authentication basedon passwords.

SAL Gateway support does

secure access link 1.8 gateway implementation guide

Documents