Securing SysMonitor

Last Updated : Apr 20, 2022 |

About this task

SysMonitor has a number of connection methods: Two legacy (UDP and TCP), and two contemporary (HTTP and HTTPS). Only the HTTPS method is fully secure, but has the highest processing overhead. UDP has the least.

IP Office support of the various SysMonitor connection methods is controlled by the security settings as follows:

HTTP Service Security Level

HTTP

HTTPS

UDP

TCP

Disabled

Disabled

Disabled

n/a

n/a

Unsecure Only

Enabled

Disabled

n/a

n/a

Unsecure + Secure

Enabled

Enabled

n/a

n/a

Secure Low

Disabled

Enabled

n/a

n/a

Secure Medium

Disabled

Enabled

n/a

n/a

Secure High

Disabled

Enabled

n/a

n/a

Unsecured Interfaces | DevLink

HTTP

HTTPS

UDP

TCP

Disabled

Disabled

Enabled

Disabled

Disabled

Enabled

Enabled

Enabled

Enabled

Enabled

Procedure

  1. A Service User account should be used rather than the legacy Monitor Password, the IP Office Manager security using the setting System > Unsecured Interfaces > Use Service User Credentials. For default accounts that can use SysMonitor in this way, see Default Administrative Users and Rights Groups.
  2. The legacy UDP and TCP connection methods should be disabled via the Manager security setting System > Unsecured Interfaces > Devlink.

    • Note: If the legacy connection methods are not disabled, the password exchange between SysMonitor and IP Office is unsecure.

  3. Select the correct connection methods in the SysMonitor File > Select Unit tab. If HTTPS is used, an identity certificate (certificate plus private key) is requested. This is used by SysMonitor to identify itself. For more information about certificates and PKI, see Certificates and Trust.
  4. To ensure only HTTPS is used, the IP Office Manager security setting Services > HTTP > Service Security Level should be set to disable HTTP.

    • Note: The IP Office HTTP service is used by many components including H323 phones, IP Office lines,IP Office SoftConsole, Voicemail Pro and Avaya one-X® Portal for IP Office.

  5. Any log files saved by SysMonitor may be read by any other SysMonitor instance without authorization. This file can include configuration and other sensitive information and therefore access to these files must be controlled.
Related information
Securing IP Office Applications