Security

Last Updated : May 31, 2022 |

Additional configuration information

For additional configuration information, see Security Administration. Also see Avaya IP Office™ Platform Security Guidelines.

Configuration settings

Controls the various security settings of Manager. To control the security settings of the system, see the information on Security mode.

All settings, except Secure Communications, can only be changed when a configuration has been opened using a user name and password with Administrator rights or security administration rights.

Setting

Description

Request Login on Save

Default = On

By default a valid user name and password is required to receive a configuration from a system and also to send that same configuration back to the system. Deselecting this setting allows Manager to send the configuration back without having to renter user name and password details. This does not apply to a configuration that has been saved on PC and then reopened. This setting can only be changed when a configuration has been opened using a user name and password with Administrator rights or security administration rights.

Close Configuration/Security Settings After Send

Default = On.

When selected, the open configuration file or security settings are closed after being sent back to the system. This is the normal default. This setting does not affect multi-site network modes of Manager which always close the configuration after saving.

Before disabling this setting, you should recall that the configuration held by a running system can be changed by actions other than Manager. For example, changes made by users through phones. Keeping a configuration open in Manager for longer than necessary increases the chances that the copy of the configuration differs from the current configuration of the running system and will overwrite those changes when sent back to the system.

Save Configuration File After Load

Default = Off.

When selected, a copy of the configuration is saved to Manager's working directory (see Directories). The file is named using the system name and the suffix .cfg. This local file can only be changed when a configuration has been opened using a user name and password with Administrator rights.

Backup Files on Send

Default = Off.

If selected, whenever a copy of a configuration is sent to a system, a backup copy is saved in Manager's working directory. See the notes above.

The file is saved using the system name, date and a version number followed by the Backup File Extension as set below. This setting can only be changed when a configuration has been opened using a user name and password with Administrator rights.

Backup File Extension

Default = .BAK

Sets the file extension to use for backup copies of system configurations generated by the Backup Files on Send option above.

Number of Backup Files to keep

Default = Unlimited.

This option allows the number of backup files kept for each system to be limited. If set to a value other then Unlimited, when that limit would be exceeded, the file with the oldest backup file is deleted.

Enable Application Idle Timer (mins)

Default = On.

When enabled, no keyboard or mouse activity for 10 minutes will cause the Manager to grey out the application and re-request the current service user password. This setting can only be changed when a configuration has been opened using a user name and password with Administrator rights or security administration rights.

Secure Communications

Default = On

When selected, any service communication from Manager to the system uses the TLS protocol. This will use the ports set for secure configuration and secure security access. It also requires the configuration and or security service within the system's security configuration settings to have been set to support secure access. Depending on the level of that secure access selected, it may be necessary for the Manager Certificate Checks below to be configured to match those expected by the system for configuration and or security service.

  • When Secure Communications is set to On, a padlock icon is displayed at all times in the lower right Manager status field.

  • For Server Edition systems, Manager will always attempt to use secure communications regardless of the Secure Communications setting.

  • If no response to the use of secure communication is received after 5 seconds, Manager will offer to fallback to using unsecured communications.

Manager Certificate Checks

When the Secure Communications option above is used, Manager will process and check the certificate received from the system. This setting can only be changed when a configuration has been opened using a user name and password with Administrator rights or security administration rights. The options are:

  • Low: Any certificate sent by the system is accepted.

  • Medium: Any certificate sent by the system is accepted if it has previously been previously saved in the Windows' certificate store. If the certificate has not been previously saved, the user has the option to review and either accept or reject the certificate.

  • High: Any certificate sent by the system is accepted if it has previously been previously saved in the Windows' certificate store. Any other certificate cause a log in failure.

Certificate Offered to IP Office

Default = none Specifies the certificate used to identify Manager when the Secure Communications option is used and the system requests a certificate. Use the Set button to change the selected certificate. Any certificate selected must have an associated private key held within the store:

  • Select from Current User certificate store - Display certificates currently in the currently logged-in user store.

  • Select from Local Machine certificate store.

  • Remove Selection – do not offer a Manager certificate.
Related information
File  > Preferences