Various protocols are used for inter-element communication within a deployment. These protocols include SIP, HTTPS, RMI (Remote Method Invocation), and JMX (Java Management Extensions). The common method for securing these protocols is TLS (Transport Layer Security). TLS will be used to secure the communication channel to prevent eavesdropping and message tampering. In addition, credentials used to establish these mutually authenticated TLS sessions can be leveraged to provide element–level authentication and authorization.

Identity (endpoint or Server) and Trusted (Root) Certificates are integral in establishing such TLS sessions. PKI (Public Key Infrastructure) is a commonly used and scalable technology to facilitate provisioning and remote management of these certificates and establish trust domains for a deployment.

The Trust Management Service delivered via the System Manager Centralized Management System is responsible for,

• Participating in a customer’s Public Key Infrastructure (PKI), if one exists.

  • For customers that do have a PKI within their enterprise but would like to create a separate domain of trust (derived from their Root CA) for Avaya components OR use a third-party (e.g., Verisign) as their trust provider.

• Lifecycle management of identity certificates for Avaya products,

  • Secure storage of Private Keys

  • Issuance of Certificates

  • Renewal of Certificates

  • Revocation of Issued Certificates

• Publish revocation information for issued certificates.

• Centralized Management (view, add and delete) of Trusted Certificates.

Avaya products interact with the System Manager Trust Management Service using the SCEP protocol for certificate enrollment, and by providing a web service interface and a JMX interface to enable remote management of certificates by System Manager’s Trust Management Service.