From Release 10.2, encryption of backup files is mandatory. For more information on the encryption commands, see Maintenance Commands for Avaya Aura® Communication Manager, Branch Gateways and Servers.
From Release 10.1, you can enable or disable data encryption for Avaya Aura® applications at the time of deployment. Data Encryption is supported only for Avaya Solutions Platform 130 and VMware Virtualized Environment. Once you deploy the application with data encryption, you cannot disable data encryption after deployment.
In a software-only environment, the customer must enable the encryption at the operating system (OS) level. To be Data Privacy compliant, the customer must first encrypt the OS and apply the Release 8.1.2 or later patch.
For Data Privacy configuration, the software-only customer has the ability to protect data-in-transit, by utilizing the configuration to specify that TLS connections will be used in all situations like signaling, control, and log transport. Communication Manager Release 8.1.2 provides some further enhancements for TLS coverage to include CDR streaming and Communication Manager-to-CMS control channel.
For Data Privacy configuration for log retention, the software-only customer has the ability to deploy Release 8.1.2 features.
By enabling Data Encryption, your Communication Product's certain Operational data and Log Files will be encrypted. You will be prompted to enter a passphrase that will be used to create or access an encryption key. You must remember the encryption passphrase, if not it can result in locking up the system. Secondly, you will be asked to configure the option for local key storage.
It is important to note that the encryption of the disk may have a performance impact. For further information, refer to the Avaya Product Administration guide(s). Before you select an encryption option, please read the Data Privacy Guideline so that you may better understand these options.
By disabling Data Encryption, your Communication Product's Operational data and Log Files will not be stored in encrypted partitions.
If encryption is enabled and the Require Encryption Pass-Phrase at Boot-Time check box is selected, you need to reenter the encryption passphrase whenever the application reboots.
During reboot, the application prompts you to enter the encryption passphrase on VM console at first boot and upon entering the correct encryption passphrase, the system mounts all the encrypted disks.
If encryption is enabled and the Require Encryption Pass-Phrase at Boot-Time check box is not selected during OVA deployment, the application creates the Local Key Store and the system does not prompt you to type the encryption passphrase whenever the application reboots to mount the encrypted disks. You can also set up the remote key server by using the encryptionRemoteKey command after the deployment of the application.
The following users can run the data encryption commands:
