Enrolling a cluster in System Manager

Last Updated : Nov 28, 2024 |

About this task

Perform the following procedure to enroll an existing media server cluster in System Manager.

Before you begin

  • Ensure that a media server cluster is already configured.

  • Ensure that you have the following Avaya Aura® System Manager information available:

    • Fully Qualified Domain Name (FQDN) of the System Manager server.

    • System Manager HTTPS server port. The default port is 443.

    • System Manager administrative account username and password. The specified user account must be assigned with a role or roles that have the permissions of the element types Avaya Aura Media Server, Session Manager and Routing, and elements. For the permissions from Session Manager and Routing, only the permission for Web Services > Routing is required. An example role that has the required permissions is System Administrator.

    • Enrollment password for System Manager Trust Management.

  • Ensure that there is network access between the media server and System Manager.

  • Ensure that the FQDN of each media server in the cluster can be resolved by DNS or the local hosts file.

  • Ensure that the FQDN of System Manager can be resolved by DNS or the local hosts file.

  • Ensure that the FQDN of each media server has the same parent domain as the System Manager FQDN used for Single Sign-On.

  • Ensure that the difference in system time between the System Manager server and each Media Server is within 10 minutes. The Media Server and System Manager must use the same NTP server for time.

Procedure

  1. For the Primary node of the media server cluster, navigate to EM > Security > System Manager > Enrollment.

    EM displays a page describing the enrollment process.

  2. Click Begin Enrollment.

    EM displays step one of the enrollment process.

  3. In the Cluster section, type the Administrative name and Administrative description for the media server cluster.

    Administrative name is a name of your choice that helps you easily identify this cluster. This value must be unique among all media servers enrolled with System Manager. After enrollment, this value can only be updated using System Manager.

    Administrative description is a definition of your choice that helps you easily describe this cluster. After enrollment, this value can only be updated using System Manager.

  4. In the Servers section, type the Element Administrative Name and Element Administrative Description for each server.

    Element Administrative Name is a name of your choice that helps you easily identify this server. This value must be unique among all media servers enrolled with System Manager. This value cannot be updated after enrollment.

    Element Administrative Description is a definition of your choice that helps you easily describe this server. This value cannot be updated after enrollment.

  5. Click Next.

    EM displays step two of the enrollment process.

  6. In the Server Configuration section, provide the FQDN and port for System Manager. The default System Manager port is 443.
    Note:

    If primary System Manager is not available for the enrollment, stop the enrollment. After primary System Manager becomes available, start the enrollment process again.

  7. In the Administrative Account section, provide the System Manager administrative account credentials required to register the Media Server.
  8. Click Next.

    EM displays step three of the enrollment process.

    Note:

    If EM cannot validate System Manager server certificates with the Media Server trust store, then EM displays the certificates received from System Manager. Click Acknowledge to proceed with the enrollment or Decline to end the enrollment process.

  9. If you have replaced the media server generated self-signed certificates with the certificates signed by the same CA on each server in the cluster, (following the procedure in Replacing Default Staging certificates), select Use existing certificates already imported and click Next.

    Otherwise, select one of the following options appropriate for your system:

    • If the current certificate setup in the cluster is correct on each Media Server and all the following are true for your system, then select Use existing certificates already imported and click Next:

      • The key identity certificate for the Media Server is in the Media Server key store.

      • The trust certificate to verify the System Manager key identity certificate is in the Media Server trust store. If the certificate chain is used, the trust certificates of root certificate authority and all intermediate certificate authorities must be in the Media Server trust store.

      • The key identity certificate for the Media Server is at least assigned to the OAM and EM service profiles.

    • Select Create a new System Manager-signed certificate when System Manager is the signing authority for certificates in the Media Server setup as the root certificate authority and a System Manager-signed certificate is not in the key store of the Media Server. Click Next to configure the certificate fields as follows:

      • Select the strength of the certificate key. Avaya recommends using strong security by selecting a Key bit length of 2048 or higher, and a Signature algorithm of SHA256 or higher.

      • Type the name of the organization using the certificate in the Organization and Organization Unit fields.

      • Type an ISO-3166 country code for the Country field.

      • Type the full name of the state or province in the State/Province field.

      • Type the location name in the City/Locality field.

      • If the subject alternative name with the server IP address is required for the certificate, select Include Subject Alternative Name with IP address and enter the IP address.

      • If the subject alternative name with the server FQDN is required for the certificate, select Include Subject Alternative Name with FQDN and enter the FQDN.

      • In the Trust Management section, provide the System Manager trust management enrollment password. This is the enrollment password that the media server must use to acquire a System Manager-signed certificate from System Manager Trust Management.

        See Administering Avaya Aura® System Manager or the Avaya Aura® System Manager Online Help for additional details about this password and when it expires.

      Note:

      If System Manager is the signing authority and serves as an intermediate certificate authority, do not select Create a new System Manager-signed certificate in the enrollment process. See Creating a new certificate signed by System Manager as the root certificate authority in the key store to set up the certificates then select Use existing certificates already imported.

  10. Click Next.

    EM displays the final step of the enrollment process.

  11. Verify the System Manager enrollment information. Click Previous if any information needs to be changed.
  12. Click Enroll.

    EM displays a progress spinner during the enrollment process. After the enrollment completes, the system restarts the Media Server SOAP service and EM.

  13. Close the EM browser window or tab.

    Wait for the EM restart to complete.

  14. To verify the Media Server enrollment process, log in to each Element manager in the cluster using System Manager credentials

    After enrolling with System Manager, you can use System Manager credentials to access EM.

Next Steps

The enrollment process automatically assigns the System Manager-signed certificate to the media server OAM and EM service profiles. If the System Manager-signed certificate needs to be applied to other Media Server service profiles see Assigning a certificate to a service profile.

If required by the adopting solution, access System Manager to configure the location and application for the newly enrolled media server. See Location and application assignment on System Manager.