AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
Deploying Avaya Call Management System
Configuring the encryption passphrases
Last Updated : Apr 14, 2026 |
About this task
CMS automatically encrypts the data partitions on the storage disk drive during an OVA deployment. Encryption is not optional — the data partitions on the storage disk drive are always encrypted. A newly-deployed or upgraded system is assigned two default encryption passphrases. You can choose from either of the following default encryption passphrases:
cmsdefault
cms190941
The customer must decide whether they will require an encryption passphrase to be entered on the console after the system has shut down and rebooted. This includes shutdowns for administrative or maintenance procedures such as turning FIPS on and off, CMSADM restore, LAN restore, RPM update, software upgrades, and regular maintenance reboots as recommended by Avaya. It also includes unplanned shutdowns such as a system crash.
Caution:
If the customer requires an encryption passphrase after a shutdown, that passphrase must be entered on the system console. The passphrase cannot be entered remotely after the system has rebooted. You can work around this requirement by temporarily enabling auto-unlocking before doing the reboot, but you must remember to disable auto-unlocking after the reboot is complete.
Important:
Whether the customer requires the encryption passphrase after a shutdown and reboot, the customer must change the passphrases from the default to passphrases known only to the customer and Avaya services. The customer must record the new encryption passphrases in a safe, secure location.
Before you begin
Consult with the customer to find out whether they want to require an encryption passphrase after a shutdown and reboot. The customer can always change this decision.
Procedure
- Log on as root.
Important:
You cannot directly log on as root from a remote connection. You must log on using an administered CMS user ID, then use su - root to log on with root privileges.
- Enter:
cmssvc
The system displays the following menu:
Avaya(TM) Call Management System Services Menu Select a command from the list below. 1) auth_display Display feature authorizations 2) weblm_set Set up the connection to the WebLM 3) run_ids Turn Informix Database on or off 4) run_cms Turn Avaya CMS on or off 5) setup Set up the initial configuration 6) swinfo Display switch information 7) swsetup Change switch information 8) uninstall Remove the CMS rpm from the machine 9) patch_rmv Backout an installed CMS patch 10) back_all Backout all installed CMS patches from machine 11) security Administer CMS security features Enter choice (1-11) or q to quit: - Enter the number that corresponds to the security command.
The system displays the following menu:
Select one of the following: 1) FIPS 140-2 mode 2) Firewall 3) Enhanced Access Security Gateway (EASG) 4) Disk encryption Enter choice (1-4) or q to quit: - Enter the number that corresponds to the Disk encryption command.
The system displays the following menu:
Disk encryption auto-unlocking is enabled. Select one of the following 1) Change encryption passphrase 2) Enable auto-unlocking 3) Disable auto-unlocking Enter choice (1-3) or q to quit: - To change an encryption passphrase, do the following steps:
Important:
Whether the customer requires the encryption passphrase after a shutdown and reboot, the customer must change the passphrases from the default to passphrases known only to the customer and Avaya services. The customer must record the new encryption passphrases in a safe, secure location.
- Enter the number that corresponds to the Change encryption passphrase command.
The system displays the following message:
Select one of the following 1) Primary encryption passphrase 2) Secondary encryption passphrase Enter choice (1-2) or q to quit: - Select either the primary or secondary encryption passphrase option.
The system displays the following message:
Enter current encryption passphrase: - Enter a current encryption passphrase and press Enter.
The system displays the following message:
Enter new encryption passphrase: - Enter the new encryption passphrase and press Enter.
The system displays the following message:
Re-enter new encryption passphrase: - Re-enter the new encryption passphrase and press Enter.
The system displays messages similar to the following example:
Changing passphrase for disk partition /dev/sda3 ... Changing passphrase for disk partition /dev/sda7 ... Changing passphrase for disk partition /dev/sda10 ... Changing passphrase for disk partition /dev/sda11 ... - Repeat these steps for the second passphrase.
- Enter the number that corresponds to the Change encryption passphrase command.
- To enable encryption auto-unlocking, do the following steps:
- Enter the number that corresponds to the Enable auto-unlocking command.
The system displays the following message:
Enter an existing encryption passphrase: - Enter the current encryption passphrase and press Enter.
The system displays messages similar to the following example:
Adding auto-unlocking key file to partition /dev/sda3 ... Adding auto-unlocking key file to partition /dev/sda7 ... Adding auto-unlocking key file to partition /dev/sda10 ... Adding auto-unlocking key file to partition /dev/sda11 ... Changing reboot setting ... Auto-unlocking enabled successfully.
- Enter the number that corresponds to the Enable auto-unlocking command.
- To disable encryption auto-unlocking, do the following steps:
Caution:
If the customer requires an encryption passphrase after a shutdown, that passphrase must be entered on the system console. The passphrase cannot be entered remotely after the system has rebooted. You can work around this requirement by temporarily enabling auto-unlocking before doing the reboot, but you must remember to disable auto-unlocking after the reboot is complete.
- Enter the number that corresponds to the Disable auto-unlocking command.
The system displays the following message:
Enter an existing encryption passphrase: - Enter the current encryption passphrase and press Enter.
The system displays messages similar to the following example:
Changing reboot setting ... Removing auto-unlocking key file from partition /dev/sda3 ... Removing auto-unlocking key file from partition /dev/sda10 ... Removing auto-unlocking key file from partition /dev/sda7 ... Removing auto-unlocking key file from partition /dev/sda11 ...
- Enter the number that corresponds to the Disable auto-unlocking command.