Avaya Aura® Communication Manager

Data Privacy Guidelines

Release 10.2.x
Issue 1
December 2023
© 2016-2023, Avaya LLC Licenses
All Rights Reserved. THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA
Notice WEBSITE, HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO,
UNDER THE LINK “AVAYA SOFTWARE LICENSE TERMS (Avaya
While reasonable efforts have been made to ensure that the infor- Products)” OR SUCH SUCCESSOR SITE AS DESIGNATED BY
mation in this document is complete and accurate at the time of AVAYA, ARE APPLICABLE TO ANYONE WHO DOWNLOADS,
printing, Avaya assumes no liability for any errors. Avaya reserves USES AND/OR INSTALLS AVAYA SOFTWARE, PURCHASED
the right to make changes and corrections to the information in this FROM AVAYA LLC., ANY AVAYA AFFILIATE, OR AN AVAYA
document without the obligation to notify any person or organization CHANNEL PARTNER (AS APPLICABLE) UNDER A COMMERCIAL
of such changes. AGREEMENT WITH AVAYA OR AN AVAYA CHANNEL PARTNER.
Documentation disclaimer UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING,
AVAYA DOES NOT EXTEND THIS LICENSE IF THE SOFTWARE
“Documentation” means information published in varying mediums WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA
which may include product information, operating instructions and AFFILIATE OR AN AVAYA CHANNEL PARTNER; AVAYA
performance specifications that are generally made available to users RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU
of products. Documentation does not include marketing materials. AND ANYONE ELSE USING OR SELLING THE SOFTWARE
Avaya shall not be responsible for any modifications, additions, or de- WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR
letions to the original published version of Documentation unless USING THE SOFTWARE, OR AUTHORIZING OTHERS TO DO SO,
such modifications, additions, or deletions were performed by or on YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM
the express behalf of Avaya. End User agrees to indemnify and hold YOU ARE INSTALLING, DOWNLOADING OR USING THE
harmless Avaya, Avaya's agents, servants and employees against all SOFTWARE (HEREINAFTER REFERRED TO
claims, lawsuits, demands and judgments arising out of, or in connec- INTERCHANGEABLY AS “YOU” AND “END USER”), AGREE TO
tion with, subsequent modifications, additions or deletions to this doc- THESE TERMS AND CONDITIONS AND CREATE A BINDING
umentation, to the extent made by End User. CONTRACT BETWEEN YOU AND AVAYA LLC OR THE
Link disclaimer APPLICABLE AVAYA AFFILIATE (“AVAYA”).

Avaya is not responsible for the contents or reliability of any linked Avaya grants You a license within the scope of the license types de-
websites referenced within this site or Documentation provided by scribed below, with the exception of Heritage Nortel Software, for
Avaya. Avaya is not responsible for the accuracy of any information, which the scope of the license is detailed below. Where the order
statement or content provided on these sites and does not neces- documentation does not expressly identify a license type, the appli-
sarily endorse the products, services, or information described or of- cable license will be a Designated System License as set forth below
fered within them. Avaya does not guarantee that these links will in the Designated System(s) License (DS) section as applicable. The
work all the time and has no control over the availability of the linked applicable number of licenses and units of capacity for which the li-
pages. cense is granted will be one (1), unless a different number of li-
censes or units of capacity is specified in the documentation or other
Warranty materials available to You. “Software” means computer programs in
Avaya provides a limited warranty on Avaya hardware and software. object code, provided by Avaya or an Avaya Channel Partner,
Refer to your sales agreement to establish the terms of the limited whether as stand-alone products, pre-installed on hardware prod-
warranty. In addition, Avaya’s standard warranty language, as well as ucts, and any upgrades, updates, patches, bug fixes, or modified
information regarding support for this product while under warranty is versions thereto. “Designated Processor” means a single stand-
available to Avaya customers and other parties through the Avaya alone computing device. “Server” means a set of Designated Pro-
Support website: https://support.avaya.com/helpcenter/ getGener- cessors that hosts (physically or virtually) a software application to
icDetails?detailId=C20091120112456651010 under the link “Warranty be accessed by multiple users. “Instance” means a single copy of
& Product Lifecycle” or such successor site as designated by Avaya. the Software executing at a particular time: (i) on one physical ma-
Please note that if You acquired the product(s) from an authorized chine; or (ii) on one deployed software virtual machine (“VM”) or sim-
Avaya Channel Partner outside of the United States and Canada, the ilar deployment.
warranty is provided to You by said Avaya Channel Partner and not License types
by Avaya.
Designated System(s) License (DS). End User may install and use
“Hosted Service” means an Avaya hosted service subscription that each copy or an Instance of the Software only: 1) on a number of
You acquire from either Avaya or an authorized Avaya Channel Part- Designated Processors up to the number indicated in the order; or 2)
ner (as applicable) and which is described further in Hosted SAS or up to the number of Instances of the Software as indicated in the or-
other service description documentation regarding the applicable der, Documentation, or as authorized by Avaya in writing. Avaya
hosted service. If You purchase a Hosted Service subscription, the may require the Designated Processor(s) to be identified in the order
foregoing limited warranty may not apply but You may be entitled to by type, serial number, feature key, Instance, location or other spe-
support services in connection with the Hosted Service as described cific designation, or to be provided by End User to Avaya through
further in your service description documents for the applicable electronic means established by Avaya specifically for this purpose.
Hosted Service. Contact Avaya or Avaya Channel Partner (as appli-
cable) for more information. Named User License (NU). You may: (i) install and use each copy or
Instance of the Software on a single Designated Processor or Server
Hosted Service per authorized Named User (defined below); or (ii) install and use
each copy or Instance of the Software on a Server so long as only
THE FOLLOWING APPLIES ONLY IF YOU PURCHASE AN AVAYA
authorized Named Users access and use the Software. “Named
HOSTED SERVICE SUBSCRIPTION FROM AVAYA OR AN AVAYA
User”, means a user or device that has been expressly authorized by
CHANNEL PARTNER (AS APPLICABLE), THE TERMS OF USE
Avaya to access and use the Software. At Avaya’s sole discretion, a
FOR HOSTED SERVICES ARE AVAILABLE ON THE AVAYA
“Named User” may be, without limitation, designated by name, cor-
WEBSITE, HTTPS://SUPPORT.AVAYA.COM/LICENSEINFO UNDER
porate function (e.g., webmaster or helpdesk), an e-mail or voice
THE LINK “Avaya Terms of Use for Hosted Services” OR SUCH
mail account in the name of a person or corporate function, or a di-
SUCCESSOR SITE AS DESIGNATED BY AVAYA, AND ARE
rectory entry in the administrative database utilized by the Software
APPLICABLE TO ANYONE WHO ACCESSES OR USES THE
that permits one user to interface with the Software.
HOSTED SERVICE. BY ACCESSING OR USING THE HOSTED
SERVICE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON Shrinkwrap License (SR). You may install and use the Software in
BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE accordance with the terms and conditions of the applicable license
DOING SO (HEREINAFTER REFERRED TO INTERCHANGEABLY agreements, such as “shrinkwrap” or “clickthrough” license accom-
AS “YOU” AND “END USER”), AGREE TO THE TERMS OF USE. IF panying or applicable to the Software (“Shrinkwrap License”).
YOU ARE ACCEPTING THE TERMS OF USE ON BEHALF A
COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT
YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THESE Heritage Nortel Software
TERMS OF USE. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF
YOU DO NOT WISH TO ACCEPT THESE TERMS OF USE, YOU “Heritage Nortel Software” means the software that was acquired by
MUST NOT ACCESS OR USE THE HOSTED SERVICE OR Avaya as part of its purchase of the Nortel Enterprise Solutions Busi-
AUTHORIZE ANYONE TO ACCESS OR USE THE HOSTED ness in December 2009. The Heritage Nortel Software is the software
SERVICE. contained within the list of Heritage Nortel Products located at
https://support.avaya.com/LicenseInfo under the link “Heritage Nortel
Products” or such successor site as designated by Avaya. For Herit- HOSTING OF AVAYA PRODUCTS MUST BE AUTHORIZED IN
age Nortel Software, Avaya grants Customer a license to use Herit- WRITING BY AVAYA AND IF THOSE HOSTED PRODUCTS USE OR
age Nortel Software provided hereunder solely to the extent of the EMBED CERTAIN THIRD PARTY SOFTWARE, INCLUDING BUT
authorized activation or authorized usage level, solely for the pur- NOT LIMITED TO MICROSOFT SOFTWARE OR CODECS, THE
pose specified in the Documentation, and solely as embedded in, for AVAYA CHANNEL PARTNER IS REQUIRED TO INDEPENDENTLY
execution on, or for communication with Avaya equipment. OBTAIN ANY APPLICABLE LICENSE AGREEMENTS, AT THE
Charges for Heritage Nortel Software may be based on extent of AVAYA CHANNEL PARTNER’S EXPENSE, DIRECTLY FROM THE
activation or use authorized as specified in an order or invoice. APPLICABLE THIRD PARTY SUPPLIER.
Copyright WITH RESPECT TO CODECS, IF THE AVAYA CHANNEL
PARTNER IS HOSTING ANY PRODUCTS THAT USE OR EMBED
Except where expressly stated otherwise, no use should be made of
THE H.264 CODEC OR H.265 CODEC, THE AVAYA CHANNEL
materials on this site, the Documentation, Software, Hosted Service, PARTNER ACKNOWLEDGES AND AGREES THE AVAYA
or hardware provided by Avaya. All content on this site, the docu-
CHANNEL PARTNER IS RESPONSIBLE FOR ANY AND ALL
mentation, Hosted Service, and the product provided by Avaya in-
RELATED FEES AND/OR ROYALTIES. THE H.264 (AVC) CODEC
cluding the selection, arrangement and design of the content is
IS LICENSED UNDER THE AVC PATENT PORTFOLIO LICENSE
owned either by Avaya or its licensors and is protected by copyright
FOR THE PERSONAL USE OF A CONSUMER OR OTHER USES
and other intellectual property laws including the sui generis rights IN WHICH IT DOES NOT RECEIVE REMUNERATION TO: (I)
relating to the protection of databases. You may not modify, copy,
ENCODE VIDEO IN COMPLIANCE WITH THE AVC STANDARD
reproduce, republish, upload, post, transmit or distribute in any way (“AVC VIDEO”) AND/OR (II) DECODE AVC VIDEO THAT WAS
any content, in whole or in part, including any code and software un-
ENCODED BY A CONSUMER ENGAGED IN A PERSONAL
less expressly authorized by Avaya. Unauthorized reproduction, ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO PROVIDER
transmission, dissemination, storage, and or use without the express
LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS GRANTED
written consent of Avaya can be a criminal, as well as a civil offense OR SHALL BE IMPLIED FOR ANY OTHER USE. ADDITIONAL
under the applicable law.
INFORMATION FOR H.264 (AVC) AND H.265 (HEVC) CODECS
Virtualization MAY BE OBTAINED FROM MPEG LA, L.L.C. SEE HTTP://
WWW.MPEGLA.COM.
The following applies if the product is deployed on a virtual machine.
Each product has its own ordering code and license types. Unless Compliance with Laws
otherwise stated, each Instance of a product must be separately li- You acknowledge and agree that it is Your responsibility for comply-
censed and ordered. For example, if the end user customer or Avaya ing with any applicable laws and regulations, including, but not limited
Channel Partner would like to install two Instances of the same type to laws and regulations related to call recording, data privacy, intellec-
of products, then two products of that type must be ordered. tual property, trade secret, fraud, and music performance rights, in
Third Party Components the country or territory where the Avaya product is used.
“Third Party Components” mean certain software programs or por- Preventing Toll Fraud
tions thereof included in the Software or Hosted Service may contain “Toll Fraud” is the unauthorized use of your telecommunications sys-
software (including open source software) distributed under third tem by an unauthorized party (for example, a person who is not a
party agreements (“Third Party Components”), which contain terms corporate employee, agent, subcontractor, or is not working on your
regarding the rights to use certain portions of the Software (“Third
company's behalf). Be aware that there can be a risk of Toll Fraud
Party Terms”). As required, information regarding distributed Linux associated with your system and that, if Toll Fraud occurs, it can re-
OS source code (for those products that have distributed Linux OS
sult in substantial additional charges for your telecommunications
source code) and identifying the copyright holders of the Third Party services.
Components and the Third Party Terms that apply is available in the
products, Documentation or on Avaya’s website at: https:// sup- Avaya Toll Fraud intervention
port.avaya.com/Copyright or such successor site as designated by
If You suspect that You are being victimized by Toll Fraud and You
Avaya. The open source software license terms provided as Third
need technical assistance or support, call Technical Service Center
Party Terms are consistent with the license rights granted in these
Toll Fraud Intervention Hotline at +1-800-643-2353 for the United
Software License Terms, and may contain additional rights benefiting
States and Canada. For additional support telephone numbers, see
You, such as modification and distribution of the open source soft-
the Avaya Support website: https://support.avaya.com or such suc-
ware. The Third Party Terms shall take precedence over these Soft-
cessor site as designated by Avaya.
ware License Terms, solely with respect to the applicable Third Party
Components to the extent that these Software License Terms impose Security Vulnerabilities
greater restrictions on You than the applicable Third Party Terms.
Information about Avaya’s security support policies can be found in
The following applies only if the H.264 (AVC) codec is distributed with the Security Policies and Support section of https:// sup-
the product. THIS PRODUCT IS LICENSED UNDER THE AVC port.avaya.com/security.
PATENT PORTFOLIO LICENSE FOR THE PERSONAL USE OF A
CONSUMER OR OTHER USES IN WHICH IT DOES NOT RECEIVE Suspected Avaya product security vulnerabilities are handled per the
REMUNERATION TO (i) ENCODE VIDEO IN COMPLIANCE WITH Avaya Product Security Support Flow (https:// sup-
THE AVC STANDARD (“AVC VIDEO”) AND/OR (ii) DECODE AVC port.avaya.com/css/P8/documents/100161515).
VIDEO THAT WAS ENCODED BY A CONSUMER ENGAGED IN A Downloading Documentation
PERSONAL ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO
PROVIDER LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS For the most current versions of Documentation, see the Avaya
GRANTED OR SHALL BE IMPLIED FOR ANY OTHER USE. Support website: https://support.avaya.com, or such successor site
ADDITIONAL INFORMATION MAY BE OBTAINED FROM MPEG LA, as designated by Avaya.
L.L.C. SEE HTTP://WWW.MPEGLA.COM. Contact Avaya Support
Service Provider See the Avaya Support website: https://support.avaya.com for product
THE FOLLOWING APPLIES TO AVAYA CHANNEL PARTNER’S or Hosted Service notices and articles, or to report a problem with your
HOSTING OF AVAYA PRODUCTS OR SERVICES. THE PRODUCT Avaya product or Hosted Service. For a list of support telephone num-
OR HOSTED SERVICE MAY USE THIRD PARTY COMPONENTS bers and contact addresses, go to the Avaya Support website:
SUBJECT TO THIRD PARTY TERMS AND REQUIRE A SERVICE https://support.avaya.com (or such successor site as designated by
PROVIDER TO BE INDEPENDENTLY LICENSED DIRECTLY FROM Avaya), scroll to the bottom of the page, and select Contact Avaya
THE THIRD PARTY SUPPLIER. AN AVAYA CHANNEL PARTNER’S Support.
Trademarks
The trademarks, logos and service marks (“Marks”) displayed in this
site, the Documentation, Hosted Service(s), and product(s) provided by
Avaya are the registered or unregistered Marks of Avaya, its affiliates,
its licensors, its suppliers, or other third parties. Users are not permit-
ted to use such Marks without prior written consent from Avaya or such
third party which may own the Mark. Nothing contained in this site, the
Documentation, Hosted Service(s) and product(s) should be construed
as granting, by implication, estoppel, or otherwise, any license or right
in and to the Marks without the express written permission of Avaya or
the applicable third party.
Avaya is a registered trademark of Avaya LLC.
All non-Avaya trademarks are the property of their respective owners.
Linux® is the registered trademark of Linus Torvalds in the U.S. and
other countries.
 Table of Contents

1. INTRODUCTION ...................................................................................................................... 6
2. Document Change History .................................................................................................... 7
3. Consent Management ............................................................................................................ 7
4. Security of processing ........................................................................................................... 7
4.1 Security of Control Channel Processing – Data in transit .......................................... 7
4.1.1 Summary of How to Configure the TLS Control Channel Connections ................... 10
4.2 Security of Log Processing – Data in Transit ............................................................ 16
4.3 Security of Media Stream Processing – Data in Transit ........................................... 17
4.4 Protecting Data Transferred from Communcation Manager and Residing on
Another Server ......................................................................................................................... 17
4.5 Security of Processing – Data at Rest ........................................................................ 18
4.5.1 Encryption Terminology ........................................................................................... 18
4.5.2 OS-Level Encryption on Communication Manager ................................................. 20
4.5.3 Encryption Status Command ................................................................................... 24
4.5.4 Encryption Local Key Command ............................................................................. 24
4.5.5 Encryption Remote Key Command ......................................................................... 24
4.5.6 Encryption Passphrase Command .......................................................................... 25
4.5.7 Customer Configuration Upgrade Examples ........................................................... 27
4.5.8 Key Server Alarms ................................................................................................... 28
4.5.8.1 Summary of Communication Manager’s Key Server Inaccessibility
Maintenance Process ......................................................................................................... 28
4.5.8.2 Summary of How CM SNMP’s OID and data is Compiled ............................... 30
4.5.8.3 Summary of CM Server Alarms ........................................................................ 30
4.5.8.4 Summary of CM Alarm Varbinds. ..................................................................... 31
4.5.9 Performance Impact of Data Encryption .................................................................. 34
4.5.10 Backup and Restore ................................................................................................ 34
5. Personal Data Minimization - Retention ............................................................................. 35
5.1 Log Retention Configuration ....................................................................................... 35
6. Security for Administrative Access to Personal Data ...................................................... 39
6.1 Security For Administrative Access to Station Data ................................................. 39
7. Fulfillment of Data Subject Requests ................................................................................. 40
8. Data Anonymization and Pseudonymization .................................................................... 41
9. Maintaining Compliance After a Restore/Change Operation ........................................... 42
10. Trouble Shooting & Diagnostic Operation ....................................................................... 43
Appendix A: Logs Included in Log Retention Administration ............................................... 44
Appendix B: Logs Excluded from Log Retention Administration ......................................... 45
Appendix C: Setting up a Remote key Server ......................................................................... 47
Reference ..................................................................................................................................... 50

Page 5 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
1. INTRODUCTION
This guide provides a set of instructions to advise the Customer’s Data Privacy Administrator on
how to manually administer the Communication Manager (CM) so that the product solution may
best satisfy the care of Personal Data.

Whether on premises or in the cloud, Avaya wants to ensure you have the proper security
and privacy safeguards in place for your data.

Avaya Enterprise Cloud™ provides built-in safeguards to secure customer assets, specifically
customer data. Avaya Enterprise Cloud™ adheres to the following IT security and data privacy
requirements:
• General Data Protection Regulation (GDPR)

• Health Insurance Portability and Accountability Act (HIPAA)

• Payment Card Industry (PCI)

For more details about the security and data privacy safeguards Aura Enterprise Cloud can
provide, please refer to the following documents:
• Security for Avaya Enterprise Cloud (April 2023)

• Privacy Fact Sheet: Avaya Enterprise Cloud™ for UC and CC

Avaya Aura Customers assume the following responsibilities:

• The customer is responsible for the security and privacy of all data of that does not
reside in the Aura Enterprise Cloud (i.e., from the customer's premises to the cloud).

• Avaya is responsible for the security and privacy of data that resides in the Aura En-
terprise Cloud.

• The customer will adhere to all of the recommendations made within these Data Pri-
vacy Guidelines.

• The customer will adhere to all governmental data privacy requirements as required
by their business (e.g., GDPR, CCPA, PCI. HIPAA).
The Data Privacy solution will be served by the set of features in the individual product and by the
configuration of these product features as directed by the Customer’s Data Privacy Administrator.
An enterprise wide solution will require that all of the Avaya products be configured to operate in
a systematic and consistent fashion to achieve the Data Privacy policies required by the Avaya
customer to protect the privacy of both employees and their end-customers.

For the configuration steps, use the following documentation as a reference:

➢ “Avaya Aura® Communication Manager Overview and Specification” Release 10.2.x, De-
cember 2023.
➢ “Upgrading Avaya Aura® Communication Manager” Release 10.2.x, December 2023.
➢ “Deploying Avaya Aura® Communication Manager in Virtualized Environment” Release
10.2.x, December 2023.
➢ “Deploying Avaya Aura® Communication Manager in Virtual Appliance” Release 10.2.x,
December 2023.
➢ “Administering Avaya Aura® Communication Manager” Release 10.2.x, December 2023.

Page 6 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 ➢ “Avaya Aura® Communication Manager Feature Description and Implementation” Re-
lease 10.2.x, December 2023.
➢ “Avaya Aura® Communication Manager Screen Reference” Release 10.2.x, December
2023.
➢ “Maintenance Commands for Avaya Aura® Communication Manage, Branch Gateways,
and Servers” Release 10.2.x, December 2023.
➢ Red Hat Enterprise Linux 8 Security Hardening:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/se-
curity_hardening
➢ “Administering Avaya G430 Branch Gateway” Release 10.1.x, December 2021.
➢ “Administering Avaya G450 Branch Gateway” Release 10.1.x, December 2021.
➢ “Avaya G430 Branch Gateway CLI Reference”, Release 10.1.x, December 2021.
➢ “Avaya G450 Branch Gateway CLI Reference”, Release 10.1.x, December 2021.

2. DOCUMENT CHANGE HISTORY

EVENT CHANGE DESCRIPTION

DPG Version 1.0 Released 8 Dec 2023 This document was updated to reflect the CM
R10.2 base.
• Upgraded RedHat Linus to 8.4.
•
Updated the LUKS Key Server app to v2.
This supports 32 slots for Remote Key
Server addresses and/or Passphrases.
Table 1: Document Change History

3. CONSENT MANAGEMENT

The Communication Manager does not provide consent management as part of its feature set.
Instead, the Data Privacy Administrator must find a suitable external consent management solu-
tion.

The solution must be managed so that the Data Privacy Administrator provides a consent request
to the third-party Data Subject (e.g., employee) at initial use and before processing of Personal
Data. The Data Privacy Administrator must securely store this consent information. In addition, if
the Data Subject decides to opt-out for the use of their personal information, the Data Privacy Ad-
ministrator must appropriately remove this personal information from configuration records using
the techniques described later in these configuration notes.

4. SECURITY OF PROCESSING
4.1 SECURITY OF CONTROL CHANNEL PROCESSING – DATA IN TRANSIT

The product must be configured so that all Personal Data in transit is encrypted.
The Data Privacy Administrator must configure the Communication Manager such that:
• The browser connection for Web-based administration is provided by a TLS connection.
• The SIP signaling links to peer CM and SM servers is provided by a TLS connection.
• The H.248 Control link between gateway and CM is provided by a TLS connection.

Page 7 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 • The control links to adjuncts (AES, CMS, CDR) is provided by a TLS connection. Some
of these are a new feature in 10.2.
• The H.323 signaling link between H323 phones and CM is provided by a TLS connection.
• All Syslog communication to remote Syslog server(s) must be conveyed over a TLS con-
nection. This is a new feature in 10.2.

To configure TLS connections, it is important to load Identity and CA certificates onto Communi-
cation Manager using the SMI interface pages for certificate management.
Details on how to administer TLS and Certificate Management on Communication Manger can be
found in the whitepaper “TLS & Certificate Management Guidelines for CM R7.1” and in the ad-
ministration documents as enumerated in the Abstract section.

Figure 1 illustrates how TLS connections are employed on Communication Manager.

In all situations, for best encryption of control channels, it is required that TLS be the configuration
setting.

Page 8 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Figure 1: TLS Links Employed by Communication Manager with Identity Certificates

Page 9 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
4.1.1 Summary of How to Configure the TLS Control Channel Connections

With reference to Figure 1, the configuration of the TLS encryption option for transport of control
channels is spread across several unique feature administration steps that are supplied by both
the SAT interface and the web-based SMI pages. To help guide the customer to the correct docu-
mentation, the subsection will summarize the location of the necessary administration screens.
For some of the less common commands, sample administrative screen captures are provided to
help the customer locate the administrative fields on these screens.

1) Browser Interface for Web-Based SMI Administration:

a. This interface only operates as an HTTPS interface. So, there is no setting re-
quired to select TLS transport.
b. This operates over the TCP port 443.
c. The ‘Server Access’ SMI page has a middle pane which is entitled “Minimum
TLS Version”. The field name “System Management Interface (SMI)” must be
configured. To operate successfully with modern browser releases, this should
be configured to “TLS Version 1.2”.

2) Serial CDR Connections:

a. This interface operates to tunnel the Call Detailed Recording (CDR) information
from CM serial reporting links CDR1 and CDR2 over to the customer’s CDR col-
lection servers under the transport coverage of the TLS connection.
b. On the ‘System-Parameter CDR’ SAT, there is the ability to administer the follow-
ing for “Service Type” rows for CDR1 and CDR2.
i. There is a field, “Enable CDR Storage on Disk” that can be set to yes/no
to enable local disk storage. Note that if CDR disk storage is selected,
the serial CDR1 / CDR2 is disabled.
ii. There is a field, “Primary Output Endpoint” than can be set for “CDR1”
and/or “CDR2”.
The inclusion of the keywords (CDR1 and CDR2) serve to select this.
c. On the ‘IP Services’ SAT screen there is the ability to configure the following.
i. There is the ability to specify the near-end IP address with the column
entry “Local Node”. This is the CM side.
ii. There is the ability to specify the near-end TCP port with the column en-
try “Local Port”. This is the CM side.
iii. There is the ability to specify the far-end IP address with the column en-
try “Remote Node”. This is the customer’s CDR receiver.
iv. There is the ability to specify the far-end TCP port with the column entry
“Remote Port”. This is the customer’s CDR receiver.
v. New in CM Release 10.2 and later, is a new column entry “TLS Encryp-
tion”. This should be set to “y” to enable the use of TLS encryption for
these CDR1 and CDR2 link.

Figure 2 illustrates the ‘IP Services’ SAT screen

Page 10 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Figure 2: TLS Link for CDR1 and CDR2 Application

3) Peer SIP Signaling Trunks:

a. This interface operates to tunnel SIP Signaling information within a TLS connec-
tion between CM and a peer SIP Signaling entity.
b. This operates over the TCP port 5061.
c. The ‘Signaling Group’ SAT form has a field “Transport Method” which must be
set to “TLS” to direct that signaling information between CM and a peer SIP Sig-
naling entity be tunneled over a TLS connection.
d. The ‘Server Access’ SMI page has a middle pane which is entitled “Minimum
TLS Version”. The field name “CM Signaling connections” must be configured. to
operate successfully with the version of the peer SIP signaling entity. We recom-
mend that “TLS Version 1.2” be selected for best security.

4) Signaling to G.4xx Gateways:

a. This interface operates to tunnel H.248 Control information within a TLS connec-
tion between CM and a subtending G4xx gateway.
b. This operates over the TCP port 2944.
c. The ‘Media Gateway’ SAT form has a field “Link Encryption Type” which must be
set to “TLS-only” to ensure best security.
Figure 3 illustrates this ‘Media Gateway’ SAT form.
d. The ‘Media Gateway’ SAT form has a field “Mutual Authentication” that should be
set for desired customer requirements. If the customer is going to use Identity
Certificates on the G4xx gateway, then this field should be set to “y” on CM. If the
customer does not wish to use Identity Certificates on the G4xx gateway, then
this field should be set to “n” on CM.

Page 11 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
add media-gateway next Page 1 of 2
MEDIA GATEWAY 3

Type: g450
Name:
Serial No:
Link Encryption Type: TLS-only
Network Region: Location: 1
Site Data:
Recovery Rule: none

Registered? n
FW Version/HW Vintage:
MGP IPV4 Address:
MGP IPV6 Address:
Controller IP Address:
MAC Address:

Mutual Authentication? y

Figure 3: TLS Link for Gateway on CM’s Media Gateway Form

5) Signaling to H.323 stations:

a. This interface operates to tunnel H.323 Signaling information within a TLS con-
nection between CM and a subtending H.323 phone (which is capable of sup-
porting the TTS-TLS option).
i. This operates over the TCP port 1300.
The ‘IP Network Region’ SAT form has a field “H.323 Security Profiles” which must be set
to “H323TLS” to ensure using a TLS connection as a best security practice.
i. Figure 4 illustrates the ‘IP Network Region’ SAT form.
b. The ‘station – page 3’ SAT form has a field “Require Mutual Authentication if
TLS” that should be set for desired customer requirements. If the customer is go-
ing to use Identity Certificates on the H.323 phones, then this field should be set
to “y” on CM. If the customer does not wish to use Identity Certificates on the
H.323 phones, then this field should be set to “n” on CM.

Page 12 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Figure 4: TLS Link for H.323 Phone on CM’s IP Network Region Form

6) Connection to AES Server:

a. This interface operates to tunnel control information from CM to the AES server
within a TLS connection.
b. This operates over the TCP port 8765.
c. This connection only operates with TLS. Therefore, there is no administration
required to specify the transport protocol.

7) Connection to Duplicated CM Server:

a. This interface operates to tunnel the memory structure updates (using a proprie-
tary memory shadowing protocol) within a TLS connection between the CM Main
server and the CM Secondary server.
b. This operates over the TCP port 12080.
c. This connection protocol is configured using the ‘Duplicated Parameters’ SMI
page. It is recommended that “encrypted software-based duplication” be selected
as the transport protocol.
d. The ‘Server Access’ SMI page has a middle pane which is entitled “Minimum
TLS Version”. The field name “CM Duplication Link” must be configured. to oper-
ate successfully with the version of CM supported on the customer site. We rec-
ommend that “TLS Version 1.2” be selected for best security.

8) Connection to Filesync Data with Survivable Servers

a. This interface operates to tunnel translation file information (using the RSync pro-
tocol) within a TLS connection between the CM Main server and the survivable
server (ESS or LSP).
b. This operates over the TCP port 21874.
c. This connection only operates with TLS. Therefore, there is no administration
required to specify the transport protocol.

Page 13 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 d. The ‘Server Access’ SMI page has a middle pane which is entitled “Minimum
TLS Version”. The field name “Filesync connections” must be configured. to op-
erate successfully with the version of CM supported on the customer site. We
recommend that “TLS Version 1.2” be selected for best security.

9) Connection to Send Syslog Info to Remote Logging Server

a. This interface operates to tunnel syslog information with a TLS connection.
b. This operates over the TCP port 6514.
c. The ‘Server Log Files’ SMI page (as illustrated in Figure 6) has a middle pane
which is entitled ‘Syslog Servers”. There is the ability to export Syslog infor-
mation to up to five remote servers. The “protocol” field should be set to “TLS” for
proper secured connections.

10) Connection to Pass Control Info to CMS Server

a. This interface operates to tunnel the private Processor Channel control link from
CM main server to the CMS adjunct server under the transport coverage of the
TLS connection.
b. On the SAT screen for ‘Communication-Interface Processor-Channel’, there is
the ability to administer the following using the SAT commands for ‘change com-
munication-interface processor-channels’ and the ‘status processor-channels x’
com-
mands.
i. Set CM to operate as the Server Side (for TLS)
ii. CMS is configurable to use a TCP port in the range of 5001-64500.
iii. Set the Listen TCP port, along with Procr IP Address
iv. Administer the Destination CMS server (including the TCP port and the
IP address).
c. On the SAT screen for ‘System Parameter Feature – page 12’, under the ‘Re-
porting Adjunct Release’ section, there is a parameter “CMS (appl mis)” which
indicates the protocol version of the remote CMS system. Note: ‘appl mis’ desig-
nates the “Management Information System Initialization and Configuration”.
Figure 5 illustrates this SAT screen.
i. If the CMS version is configured to a version less than “19.1+(secured)”,
then the CM’s GIP module will just establish a TCP connection (current
operation).
ii. If the CMS version is configured to a version equal to (or greater than)
“19.1+(secured)”, then the CM’s GIP module will establish a TLS connec-
tion over to the CMS server.
d. NOTE:
i. The CMS client will not support mutual authentication.
ii. CM will use the Communication User Service certificate repository (as
illustrated in Figure 1) for access to the CM Identity Certificate that will be
exchanged.
iii. The SAT status command “status communication-interface processor-
channel” will show the status as “TCP Connected”. This information, cou-
pled with the configuration settings is to be interpreted as “the TLS con-
nection has been established”.

Page 14 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Figure 5: TLS Link for the Processor Channel between CM and the CMS Server

Page 15 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
4.2 SECURITY OF LOG PROCESSING – DATA IN TRANSIT

Communication Manager provides the ability for a Data Privacy Administrator to select the use of
TLS transport of the log information which is to be conveyed to a remote Syslog server.
CM supports a pane entitled ‘Syslog Servers’ on the ‘Server Log Files SMI” configuration web
page. Figure 6 illustrates the configuration page.

Figure 6: Server Log Files SMI page – Syslog Service Configuration

The Communication Manager remote syslog supports the following capabilities:

• Up to 5 remote log servers may be supported.
• Log transport may be UDP, TCP, or TLS. However, TLS is the recommended setting for
strong encryption of the data-in-transit.
• TLS link uses its own application repository for certificates.
• The Syslog-over-TLS feature was introduced into CM R8.1 and CM Release 7.1.3.4.

Page 16 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
Details on how to administer TLS and Certificate Management on CM can be found in the white-
paper “TLS & Certificate Management Guidelines for CM R7.1” and in the administration docu-
ments as enumerated on the Abstract section.

There is a “filter” option that allows the Data Privacy Administrator to select which log events may
be sent via Syslog over to the remote Syslog server. The categories are:
• Security events
• CM IP events
• Command History of the Linux shell
• Kernel events
• General message events (for the OS).

4.3 SECURITY OF MEDIA STREAM PROCESSING – DATA IN TRANSIT

Communication Manager operates as a feature server and directs all the media handling which
the G4xx gateway and AMS Software media gateway anchors. Communication Manager is the
“Master” or “Head End” server and the Gateway is the directed “Slave” device in this relationship.
On the Communication Manager SAT administrative interface, the properties for the codec set
and IP network region define how voice and video media streams are managed.
Specifically, on the IP Codec SET form the following items must be configured:
• ‘Media Encryption’ must be set for using either AES128 or AES256 for encrypted RTP
operation.
• ‘Encrypted SRTCP’ must be set for proper operation.
Once this information is configured on Communication Manager, it will be pushed down across
the H.248 control channel to the G4xx Media gateway and via the SIP control link to Avaya Media
Server; so that call connections, involving the gateway, will be established using the desired se-
curity services by the Data Privacy Administrator.

4.4 PROTECTING DATA TRANSFERRED FROM COMMUNCATION MANAGER AND

RESIDING ON ANOTHER SERVER

The Data Privacy Administration must ensure that all data transferred from Communication Man-
ager to another server is stored in a secure manner.

This includes:
• Backups
• Call Detail Record (CDR) Data
• All Logs transferred to a remote server via Remote Syslog
• Configuration data on the Main CM server which is shadowed over to memory on the Du-
plicated CM server.
• Configuration data on the Main CM server which is remotely filesync-ed down to the sur-
vivable processor (ESS or LSP).

Page 17 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
4.5 SECURITY OF PROCESSING – DATA AT REST

4.5.1 Encryption Terminology

The following terminology is used in this guide when describing the Data Encryption feature:

Boot-time Encryption Passphrase – An Encryption Passphrase that must be manually en-

tered from console during system startup to gain access to the Encrypted Data at Rest. (Rec-
ommended).

Communication
Manager

Figure 7 Boot-time Encryption Passphrase provided at console before system startup.

CLEVIS – a Red Hat Enterprise Linux client application used on Communication Manager to
retrieve a remote encryption key during system startup.

Data at Rest – Data that resides on the Avaya Aura® Communication Manager application’s
Disk drive(s).

Encryption of Data at Rest - Encryption of Data at Rest that is implemented using Linux
Unified Key Setup (LUKS) OS-Level Encryption.

Encryption Passphrase – A passphrase that is required to administer and/or gain access to

the Encrypted Data at Rest. All deployments having Data Encryption enabled must have at
least one Encryption Passphrase.
Although they refer to the same thing, the term “Boot-time Encryption Passphrase”” is often
used to refer to an “Encryption Passphrase” that must be manually entered at system-start up
because no Local Key or Remote Key Server has been administered.

Linux Unified Key Setup (LUKS) – A method of encryption provided by the Linux Operating
system that will automatically encrypt any data that is written to the disk and will automatically
decrypt the data when it is read from the disk.

Local Key – A key file that is stored locally on the server to gain access to the Encrypted
Data at Rest. A Local key may be used instead of having to manually entering an Encryption

Page 18 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Passphrase at system startup. Although convenient, it is not very secure and should be used
temporarily and with caution.

Communication
Manager

Keyfile

Figure 8 Local Key residing on Communication Manager disk.

Remote Key –a key that is provided by a separate, Remote Key Server to gain access to the
Encrypted Data at Rest. A Remote Key may be used instead of having to manually enter an
Encryption Passphrase at system startup (Recommended).

Remote Key Server – a remote server running the Linux TANG application.
During system startup, Communication Manager client uses the Linux CLEVIS application to
request a remote key from the Remote Key Server.

TANG – a Red Hat Enterprise Linux server application used by a Remote Key Server to pro-
vide a remote encryption key during a Communication Manager’s system startup.

Communication Remote Key

Manager Server
Keyfile

Figure 9 Remote Key provided by Remote Key Server to Communication Manager

Page 19 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
4.5.2 OS-Level Encryption on Communication Manager

The Communication Manager provides support for OS-Level platform encryption.

• The following solution templates shall be supported:
1. OVA-based deployment
i. All OVA-based deployments operate on a similar OVF definition that
contains general elements and vendor specific elements.
ii. For OVA-based deployment, the following installation packages will be
supported:
1. VMware vCenter
2. Software Deployment Manager (SDM)
2. Software-Only deployment

• For OVA-based deployment, the file system is typically partitioned across individual disk
partitions as follows:
1. Application object code is located on one disk partition.
2. Operational data (static configuration & dynamic processing data) is located on
another disk partition.
3. The /var/log data typically resides on another disk partition.
Avaya has defined that the “Operational data”, “Backup data”, “Configuration data”, and
“/var/log data” reside in a structure that is encrypted. This approach ensures that per-
sonal data will be encrypted along with the normal operational data.

Important! SDM Release 10.2 or later must be used when using SDM to deploy the Release
10.2 OVA. The Data Encryption options described below may not be correctly displayed in earlier
versions of SDM.

This will provide the appropriate disk partitioning to support the encryption process. Additionally,
CM Feature Package 10.2 must be installed. Figure 10 and Figure 11 illustrate this installation
screen. The following steps will be required for the OVA installation:

1) The installer tool will check the OVF structure to see if “encryption_supported is set to
“true”. If this is correct, proceed to step #2.

2) An explicit conformation will be required by the customer to indicate whether OS-level en-
cryption should be enabled or disabled.

3) If you request that encryption is to be enabled,

• You will be prompted to enter the new “Encryption Passphrase”.

• You will be prompted to enter the “Encryption Passphrase” a second time. The
“Encryption Passphrase will not be shown on the user screen.

NOTE: It is extremely important that you remember the Encryption Passphrase and
keep it secure! There is no way to recover an Encryption Passphrase! If an Encryp-
tion Passphrase is forgotten, the only solution is to first re-deploy the Release with
OVA.

4) If the “Encryption Passphrase” is valid and meets the complexity policy of LUKS, the in-
staller will pass this “Encryption Passphrase” in the environment file to the application’s
bootloader.

5) On finding the Encryption Passphrase present in the environment file, the application’s
bootloader will send this Encryption Passphrase to the LUKS utility service. This will re-
sult in LUKS creating an encryption key and will store this so that it may only be ac-
cessed by the “Encryption Passphrase”.

Page 20 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 6) Finally, the Installer will present an option:
• Require Encryption Passphrase at Boot-Time.
• If you leave this box “checked”, the Avaya Application’s bootloader will require
that this Encryption Passphrase be manually re-entered whenever the system is
rebooted.
• If you “uncheck” the box, the Avaya application’s bootloader will create a local
key file. This will allow the Application’s bootloader to start unattended without
needing to re-enter the Encryption Passphrase.

Once the application has booted up, the Release 10.2 and later Avaya Aura® application
will support a set of OS-CLI commands for viewing the administrative settings, managing
the Local Key Store and configuring the Remote Key Server(s).
These commands are:
• encryptionStatus
• encryptionLocalKey
• encryptionRemoteKey
• encryptionPassphrase

7) When the OVA is installed and when encryption has been enabled, the Clevis client will
install a ‘clevis” administration account on CM.
• This account in not accessible by any other administration account.
• The account has a status description of “ /sbin/nologin” and the account is
locked.

SECURITY

NOTE 1: The use of a Remote Key Server is the most secure environment and is recommended.

NOTE 2: The use of the LocalKey is not as secure and should be used with caution. Its primary
purpose is to serve during a staging period of product installation. There may be some key diag-
nostic sessions in which it is advantageous to use this feature when the network is down, and the
Remote Key Server(s) are inaccessible.

SDM TOOL USAGE NOTES:

NOTE 1: In previous versions of Avaya Aura® Communication Manager, when Solution Deploy-
ment Manager was used to upgrade from one major release to a new major release (using a new
OVA) SDM would preserve the old system’s logs and home directories and attach that to the new
system thus preserving that data. Due to the nature of the disk encryption technology being used,
that functionality is now disabled. The SDM installation process will no longer copy the old /var
and /var/logs from the old system to the new system, even if the user chooses not to encrypt.

NOTE 2: It is recommended that SDM version 10.2 be deployed.

This release has a few new features:
a) First, if the customer enters “1” to enable encryption, it will then prompt for the “Encryp-
tion Passphrase”. Alternatively, if the customer enters “2” to disable encryption, it will not
prompt for the “Encryption Passphrase”.
b) Secondly, this SDM version 10.2 has a feature to open a ‘console’ window in the browser
(Chrome, Firefox, IE) so that the customer may use this browser to manually enter an En-
cryption Passphrase.

Page 21 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Figure 10: OVA Installation Administration Screen 1

Page 22 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Figure 11: OVA Installation Administration Screen 2

Page 23 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
4.5.3 Encryption Status Command

NOTE 1: Once the customer has successful installed the 10.2 OVA and has subsequently added
the CM Feature Pack 10.2, if the customer types this command, the presence of a response is an
indication that 10.2 is successfully loaded.

NOTE 2: After the Data Privacy Administrator has completed the 10.2 patch install, a new termi-
nal session must be opened in order to invoke the encryptionStatus CLI command.

NOTE 3: If the Remote Key Server is down, then the encryptionStatus command may take
around 2 minutes and 10 seconds to execute.

Once the Avaya Aura® 10.2 Communication Manager has booted-up, the following OS-CLI com-
mand is available to check the status of encryption:
➢ encryptionStatus
o This command is available via a customer suser account.
o This command displays the status of the data encryption options.
o The display shall be as follows:
data encryption: {enabled | disabled}
local key: {enabled | disabled}
Encryption Passphrase required at boot-time: {yes/no}
remoteKeyServers:
remoteServer1 IPaddr, port {accessible/not accessible}
…
remoteServer6 IPaddr, port {accessible/not accessible}

4.5.4 Encryption Local Key Command

Once the Avaya Aura® application has booted-up, the following OS-CLI command is available to
change the Local Key:
➢ encryptionLocalKey {enable | disable}
o This command is available via a customer suser account.
o This command informs the application that the Local Key is to be configured (added
to the Encryption Slot which is under the control of Red Hat).
o The options are:
• enable: Enable the Local Key.
• disable: Disable the Local Key.
o In response to entering a command option such as “enable”, the response will be:
Encryption Passphrase Required at Boot-time: No
o In response to entering a command option such as “Disable”, the response will be:
Encryption Passphrase Required at Boot-time: Yes

NOTE: The primary usage case for this command is for the case where the customer leaves the
“Require Encryption Passphrase at Boot-Time” box checked and then discovers that he would
rather operate with the Local Key. He could issue a CLI command for “encryptionLocalKey ena-
ble” to configure the Local Key.
Subsequently, a customer may wish to disable the Local Key and return to an Encryption Pass-
phrase operation by using the command “encryptionLocalKey disable”.
A Local Key entry will have precedence for access on a Remote Key Server search if there are
entries for both Local Key and Remote Key Server in this LUKS table.

4.5.5 Encryption Remote Key Command

Once the Avaya Aura® application has booted-up, the following OS-CLI command is available to
enter a Remote Key Server entry:
➢ encryptionRemoteKey [ add | remove | list ] [address] [port]
o This command is available via a customer suser account.

Page 24 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 o This command informs the application that the Remote Key Server table is to be con-
figured. These commands result in changes to the Encryption Slot table (under con-
trol of Red Hat).
o The command options are:
• add: Add a server address to the Remote Key Server table.
▪ The associated parameter is “address”.
• remove: Remove a server address from the Remote Key Server table.
▪ The associated parameter is “address”.
• list: List all of the entries in the Remote Key Server table.
• [address] specifies the IP address of the given Remote Key Server.
▪ The address may be IPv4 or IPv6.
▪ Alternatively, the address may be an FQDN.
• [port] specifies the TCP port number used to reach the given Remote Key server.
➢ Output response is “Local Key is now disabled”.

Once one or more entries are added to the Remote Key Server table:
1) If one or more entries are entered into the Remote Key Server table, then the Local Key
will be disabled.
2) If customer subsequently desires to use the Local Key (even with one or more Remote
Key Servers provisioned, he may execute the “encryptionLocalKey enable” CLI com-
mand.
3) A maximum of six entries may be entered into the Remote Key Server table. If there are
seven entries, the customer must “remove” one entry before attempting to add another
entry.
4) In the CM application there will be a maintenance routine which will periodically (once
every 15 minutes) attempt to access the Remote Server address(s) in the Encryption Slot
table. If a server address in unavailable, the CM application shall issue an alarm.

4.5.6 Encryption Passphrase Command

Once the Avaya Aura® application has booted-up, the following OS-CLI command is available to
change the Encryption Passphrase with the following interactive command:

➢ encryptionPassphrase [ add | change | remove | list ]

o This command is available via a customer suser account.
o The command options are:
• add: Add another Encryption Passphrase to the Encryption Slot table.
o To add another Encryption Passphrase, you must identify yourself by typing
a current passphrase.
o Interactively, you will be asked to enter:
❖ Current Encryption Passphrase
❖ New Encryption Passphrase
❖ Confirm New Encryption Passphrase
o The Linux PAM (Password Authentication Module) may be used to supply
the policy rules for this new password such as:
• Minimum Encryption Passphrase length
• Maximum Encryption Passphrase length
• Character string must include characters from at least 4 of the following
classes:
❖ Lowercase, Uppercase, Numeric, Special Characters
• Character string must not have more than 4 consecutive repeated char-
acters.

• change: Change to value of an existing manual passphrase.

o Note: If no encryptionPassphrase argument is entered, this will default to
“change”.

Page 25 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 o To add another Encryption Passphrase, you must identify yourself by
typing a current passphrase.
o Interactively, you will be asked to enter:
❖ Current Encryption Passphrase
❖ New Encryption Passphrase
❖ Confirm New Encryption Passphrase
• remove: Remove one of the Encryption Passphrase(s) from the Encryption Slot
table.

o To remove the Encryption Passphrase, you must identify yourself by typ-

ing a current Encryption Passphrase.

• list: Display the 32 slots for the Encryption Slots table.

o The slots are filled starting with “slot number 0”.

o The LUKS application always fills empty slots first.
o If a table slot is emptied (due to a” Remote Key Server address” or “En-
cryption Passphrase being removed, that slot will be the first filled with a
new addition.
o If a Local Key is enabled, this will also be assigned a Key Slot.
o An example of a display will be as follows:

Slot Status Passphrase/Remote Server

------------------------------------------------
Key Slot 0: ENABLED Passphrase
Key Slot 1: ENABLED 10.129.179.82
Key Slot 2: ENABLED Passphrase
Key Slot 3: DISABLED empty
Key Slot 4: DISABLED empty
Key Slot 5: DISABLED empty
Key Slot 6: DISABLED empty
Key Slot 7: DISABLED empty

NOTE1: It is more secure if the customer will select a unique Encryption Passphrase for each
virtual application server which is created.

NOTE2: LUKS supports the ability to support more than one Encryption Passphrase. So, we
have continued this ability with our CM-OSI commands.
a) For simplicity, we require a minimum on one entry for an Encryption Passphrase, one en-
try to accommodate changing the Encryption Passphrase, and the final six entries may
be used for either Remote Key Server addresses or additional manual Passphrase(s).

b) If a customer has a Remote Key Server and subsequently (for staging or diagnostic pur-
poses) wish to enable the Local Key option, this will also occupy a Encryption Slot.
This will result in the status table to show:

Slot Status Passphrase/Remote Server

------------------------------------------------
Key Slot x: Enabled Local Key

c) Note that once the Local Key option is enabled (as in part (b)), that if the customer subse-
quently then enables another Remote Key server, this will cause the Local Key option to
be disabled.

Page 26 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
4.5.6.1.1 Encryption Slots

Encryption slots are used to maintain the product’s encryption configuration. Each Encryption
Passphrase, Local Key, or Remote Key Server consumes one encryption slot. A total of 31 en-
cryption slots are available for use by the administrator of the Avaya Aura® Communication Man-
ager application and one slot is reserved for internal use.

Encryption slots are displayed by the “encryptionPassphrase list” and “encryptionRemoteKey list”
commands:

$ encryptionPassphrase list

Slot Status Passphrase/Remote Server

------------------------------------------------
Key Slot 0: ENABLED Passphrase
Key Slot 1: ENABLED 10.129.128.206
Key Slot 2: ENABLED 10.129.128.207
Key Slot 3: DISABLED empty
Key Slot 4: DISABLED empty
Key Slot 5: DISABLED empty
Key Slot 6: DISABLED empty
Key Slot 7: DISABLED empty

4.5.7 Customer Configuration Upgrade Examples

➢ Scenario 1A: Existing customer desires data encryption feature & does not want to use
Remote Key Server, & DOES want to enter Boot-Time Passphrase
1) Customer deploys the 10.2 OVA for the desired target application.
a) Customer enters “Enable” for data encryption.
b) Customer checks the option “Require Encryption Passphrase at Boot-
Time” to enable the Local Key.
2) Customer then installs FP/SP for 10.2 if available.

➢ Scenario 1B: Existing customer or a green field customer desires data encryption fea-
ture & does not want to use the Remote Key Server, & does NOT want to enter Boot-
Time Passphrase
1) Customer deploys the 10.2 OVA for the desired target application.
a) Customer enters “Enable” for data encryption.
b) Customer unchecks the option “Require Encryption Passphrase at Boot-
Time” to enable the Local Key.
2) Customer then installs FP/SP for 10.2 if available.

➢ Scenario 2: Existing customer or a green field customer desires data encryption feature
& does not want to use the Remote Key Server, & does NOT want to enter Boot-Time
Passphrase
1) Customer deploys the 10.2 OVA for the desired target application.
a) Customer enters “Enable” for data encryption.
b) Customer unchecks the option “Require Encryption Passphrase at Boot-
Time” to enable the Local Key.
2) Customer then installs FP/SP for 10.2 if available.

➢ Scenario 3: Existing customer desires data encryption feature & does want to use Re-
mote Key Server.
1) Customer deploys the 10.2 OVA for the desired target application.

Page 27 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 a) Customer enters “Enable” for data encryption.
b) Customer unchecks the option “Require Encryption Passphrase at Boot-
Time” to enable the Local Key.
2) Customer then installs FP/SP for 10.2 if available.
3) Customer supplies their own Remote Key Server.
4) The customer issue the OS-CLI command for “encryptionRemoteKey” to enter
one or more addresses for the Remote Key Server(s).
a) The Local Key will automatically be disabled.

➢ Scenario 4: Existing customer or green field customer desires data encryption feature &
does want to use Remote Key Server.
1) Customer deploys the 10.2 OVA for the desired target application.
a) Customer enters “Enable” for data encryption.
b) Customer unchecks the option “Require Encryption Passphrase at Boot-
Time” for enable Local Key.
2) Customer then installs FP/SP for 10.2 if available.
3) Customer supplies their own Remote Key Server.
4) The customer issue the OS-CLI command for “encryptionRemoteKey” to enter
one or more addresses for the Remote Key Server(s).
a) The Local Key will automatically be disabled.

➢ Scenario 5: Existing customer was using the Local Key and now decides to upgrade his
security to begin using a Remote Key Server.
1) Customer supplies their own Remote Key Server.
2) The customer issues the OS-CLI command for “encryptionRemoteKey” to enter
one or more addresses for the Remote Key Server(s).
a) The Local Key will automatically be disabled.

4.5.8 Key Server Alarms

The 10.2 feature of OS-Level Encryption provides for the strong security support that has the en-
cryption key stored in a Remote Key Server. For redundancy purposes, it is possible for a single
Communication Manager to point to more than one key server. The design supports a maximum
of six key servers to be supported.

If there should be a problem with accessing the Remote Key Server(s), this could create prob-
lems when the Communication Manager application undergoes a reboot operation. To help the
Services organization(s), there is a maintenance process which continuously scans access to
these servers and if there is an outage, an alarm is posted and an SNMP trap message is send.

4.5.8.1 Summary of Communication Manager’s Key Server Inaccessibility Maintenance

Process

There is a Key Server Accessibility shell script that will execute at a rate of once every 15 minutes
to go out and check the list of configured Remote Key Servers to see if they are all accessible.
This shell script will invoke the “encryptionStatus” OS-CLI command to obtain the list of config-
ured servers, along with the IP address and the status of whether the access is “accessible” or
“not-accessible”.

The strategy for posting alarms will be as follows:

a) If CM can reach one or more of the configured key servers, but cannot reach all config-
ured key servers, a “Warning” alarm will be issued.
b) If CM cannot reach any of the configured key servers, a “Minor” alarm will be issued.
c) If either of these alarm conditions clears, then CM will re-issue that alarm with the sever-
ity set to “cleared”.

Page 28 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
In response to an SNMP alarm, the customer/craftsperson should manually invoke the “encryp-
tionStatus” OS-CLI command to obtain the precise status about which Remote Key server has
either entered an alarm state or has resolved the alarm. For illustrative purpose, the following
subsection provides a scenario of how alarms are raised and cleared when access to the Re-
mote Key Server(s) is changing with time.

4.5.8.1.1 Scenario showing Key Server Alarm notification

There are two Remote Key Servers (one located at IP=x and one located at IP=Y).
As the server accessibility changes the following script illustrates the alarm notifications.

1. Initially both Remote Key Servers are available

2. Remote Key Server X becomes unavailable

a. CM generates a warning alarm for avCMAlmServWarning notification type.
b. In the varbind group, avCmAlmServEvtID = 10 to denote a warning that a single
server is inaccessible.
c. In the varbind group, avCmalmAlarmSeverity = 6 to denote a warning.
d. In the varbind group, avCmAlmAlarmDescription is filled with the string “one or
more key servers are unreachable”.

3. Remote Key Server Y also becomes unavailable (leaving no remote key servers accessi-
ble)
a. CCM generates a warning alarm for avCMAlmServMinor notification type.
b. In the varbind group, avCmAlmServEvtID = 11 to denote a warning that no serv-
ers are accessable
c. In the varbind group, avCmalmAlarmSeverity = 5 to denote a minor
d. In the varbind group, avCmAlmAlarmDescription is filled with the string “all key
servers are unreachable”.

4. Remote Key Server X becomes available

a. CM generates a resolve (clearing) alarm for avCMAlmServResolved notification
type.
b. In the varbind group, avCmAlmServEvtID = 11 to denote a warning that CM has
cleared the “Minor” alarm condition.
c. In the varbind group, avCmalmAlarmSeverity = 5 to denote a minor to be re-
solved/cleared
d. In the varbind group, avCmAlmAlarmDescription is filled with the string “one or
more key servers are unreachable”.
Subsequent testing reveals that a single server is inaccessible, so steps (e)
through (h) are executed.
e. CM generates a warning alarm for avCMAlmServWarning notification type.
f. In the varbind group, avCmAlmServEvtID = 10 to denote a warning that a single
server is inaccessible.
g. In the varbind group, avCmalmAlarmSeverity = 6 to denote a warning.
h. In the varbind group, avCmAlmAlarmDescription is filled with the string “one or
more key servers are unreachable”.

5. Remote Key Server Y becomes available

a. CM generates a resolve (clearing) alarm for avCMAlmServResolved notification
type.
b. In the varbind group, avCmAlmServEvtID = 10 to denote a warning that CM has
cleared the “Warning” alarm condition.
c. In the varbind group, avCmalmAlarmSeverity = 6 to denote a warning.
d. In the varbind group, avCmAlmAlarmDescription is filled with the string “all key
servers are reachable”.

Page 29 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 e. There are now no alarms outstanding.

4.5.8.2 Summary of How CM SNMP’s OID and data is Compiled

All SNMP operations involve access to an object instance. Recall that only “leaf” objects in the
object identifier tree may be accessed (that is only scalar objects).
It is possible in SNMP to group a number of operations to the same trap into a single message.
Thus, a management operator may get the values of all the scalar objects of this particular group
in a single SNMP trap message, listing all values.

To implement multiple-object exchanges, the SNMP PDU includes a “variableBindings” field. This
field consists of a sequence of references to object instances, together with the value of those ob-
jects. This sequence list is commonly referred to as the “varbind” list. In the case of the CM trap
structure, we use a set of eleven objects in the varbind group.

4.5.8.3 Summary of CM Server Alarms

Full path: iso(1).org(3).dod(6).internet(1).private(4).enter-

prises(1).avaya(6889).mibs(2).avCommMgr Mibs(73).avCmAlarmMib(9).avCmAlmNotifica-
tions(0)

The set of “notifications” for sending trap messages for the category of CM Server Alarms
is shown in the list below.
Note 1: Only the “Minor”, “Warning”, and “Resolved” Notification messages are employed
with the Remote Key Server Alarms.
Note 2: The full OID is the base OID & the Notification number.
For example, 1.3.1.4.1.6889.2.73.9.0.3001 is the full OID for Minor server alarm.
Note3: The Varbind list varies by the alarm type. Not that the difference between an
“alarm” and a “Resolved (clearing) alarm” is that the “resolved date/time” is substituted
for “alarmed data/time”.

-- Generic Server Alarms: 3000-3003

-- 1.3.1.4.1.6889.2.73.9.0.3001
avCmAlmServMinor NOTIFICATION-TYPE
OBJECTS { avCmAlmIPAddress, avCmAlmSystemName, avCmAlmProductID,
avCmAlmServSourceName, avCmAlmServEvtID,
avCmAlmAlarmSeverity, avCmAlmOrigModAlarmSeverity,
avCmAlmAlarmedDate, avCmAlmAlarmedTime,
avCmAlmServLogID, avCmAlmServAlarmDescription }
STATUS current
DESCRIPTION " A Minor Server alarm has been generated by the
system. "
::= { avCmAlmNotifications 3001 }

-- 1.3.1.4.1.6889.2.73.9.0.3002
avCmAlmServWarning NOTIFICATION-TYPE
OBJECTS { avCmAlmIPAddress, avCmAlmSystemName, avCmAlmProductID,
avCmAlmServSourceName, avCmAlmServEvtID,
avCmAlmAlarmSeverity, avCmAlmOrigModAlarmSeverity,
avCmAlmAlarmedDate, avCmAlmAlarmedTime,
avCmAlmServLogID, avCmAlmServAlarmDescription }
STATUS current

Page 30 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 DESCRIPTION " A Warning Server alarm has been generated by the
system. "
::= { avCmAlmNotifications 3002 }

-- 1.3.1.4.1.6889.2.73.9.0.3003
avCmAlmServResolved NOTIFICATION-TYPE
OBJECTS { avCmAlmIPAddress, avCmAlmSystemName, avCmAlmProductID,
avCmAlmServSourceName, avCmAlmServEvtID,
avCmAlmAlarmSeverity, avCmAlmOrigModAlarmSeverity,
avCmAlmResolvedDate, avCmAlmResolvedTime,
avCmAlmServLogID, avCmAlmServAlarmDescription }
STATUS current
DESCRIPTION " A Server Alarm has been resolved by the system. "
::= { avCmAlmNotifications 3003 }

4.5.8.4 Summary of CM Alarm Varbinds.

To implement multiple-object exchanges, the SNMP PDU includes a “variableBindings” field. This
field consists of a sequence of references to object instances, together with the value of those ob-
jects. This sequence list is commonly referred to as the “varbind” list. In the case of the CM trap
structure, we use a set of the alarm Varbinds as described in Table 2 and in Table 3.

Full path: iso(1).org(3).dod(6).internet(1).private(4).enter-

prises(1).avaya(6889).mibs(2).avCommMgr Mibs(73).avCmAlarmMib(9).avCmA-
larmObjects(1).avCmAlmNotificationObjects(1)

Alarm Varbind List Value Notes

avCmAlmIPAddress Char string (100 max) IP Address of the CM server sending this
alarm.
1.3.6.1.4.1.6889.2.73.9.1.1.1 This is applied by the GMM.
avCmAlmSystemName Char string (256 max) Host name of the CM server sending this
alarm.
1.3.6.1.4.1.6889.2.73.9.1.1.2 This is applied by the GMM.
avCmAlmProductID Char string (11 max) This is the CM product ID of the system
which is sending the trap notification.
1.3.6.1.4.1.6889.2.73.9.1.1.3 This is applied by the GMM.
avCmAlmSourceName Char String (10 max) This is the source name for the server
1.3.6.1.4.1.6889.2.73.9.1.1.30 alarm.
• “_LX”.
avCmAlmServEvtID Char string (5 max) This is set to event type for the server
alarm.
1.3.6.1.4.1.6889.2.73.9.1.1.31 • “10” for “warning, one or more key
servers are unreachable”
• “11” for “minor, all key servers are
unreachable”
avCmAlrmAlarmSeverity Char string (3 max) This contains the alarm severity of the CM
process.
1.3.6.1.4.1.6889.2.73.9.1.1.8
Industry products use a list with the follow-
ing values:
cleared (1),
indeterminate (2),
critical (3),
major (4),
minor (5),

Page 31 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Alarm Varbind List Value Notes
warning (6)

avCmAlmOrigModAlarm- Char string (11 max) This object contains the original alarm se-
Severity verity as well as the modified/reported
alarm severity of a CM process alarm.
1.3.6.1.4.1.6889.2.73.9.1.1.9
avCmAlmAlarmedDate Char string (5) This is the date that the alarm was gener-
ated by the source CMprocess.
1.3.6.1.4.1.6889.2.73.9.1.1.10 Day/Month in format “11/12”.
This is applied by the GMM.

avCmAlmAlarmedTime Char string (8) This is the time that the alarm was gener-
ated by the source CM process.
1.3.6.1.4.1.6889.2.73.9.1.1.11 Time in hours/min/sec in format
“xx:yy:zz”.
This is applied by the GMM.

avCmAlmServLogID Char string (5 max) Logical ID for the server location. This is
set to “A’
1.3.6.1.4.1.6889.2.73.9.1.1.32
The full set of choices are:
• “*” for Security
• “A” for Application
• “S” for System
• “M” for System Mgmt.

avCmAlmServAlarmDescrip- Char string (80) Dependent upon the alarm condition with
tion respect to Key server access, one of the
following strings is included in this field:
1.3.6.1.4.1.6889.2.73.9.1.1.33
• “one or more key servers are un-
reachable”.
• “all key servers are unreachable”.
• “all key servers are reachable”.

Table 2: Trap “Alarm” Varbind Definition

Full path: iso(1).org(3).dod(6).internet(1).private(4).enter-

prises(1).avaya(6889).mibs(2).avCommMgr Mibs(73).avCmAlarmMib(9).avCmA-
larmObjects(1).avCmAlmNotificationObjects(1)

Alarm Varbind List Value Notes

avCmAlmIPAddress Char string (100 max) IP Address of the CM server sending this
alarm.
1.3.6.1.4.1.6889.2.73.9.1.1.1 This is applied by the GMM.

avCmAlmSystemName Char string (256 max) Host name of the CM server sending this
alarm.
1.3.6.1.4.1.6889.2.73.9.1.1.2 This is applied by the GMM.

avCmAlmProductID Char string (11 max) This is the CM product ID of the system
which is sending the trap notification.
1.3.6.1.4.1.6889.2.73.9.1.1.3 This is applied by the GMM.

Page 32 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Alarm Varbind List Value Notes
avCmAlmSourceName Char String (10 max) This is the source name for the server
1.3.6.1.4.1.6889.2.73.9.1.1.30 alarm.
• “_LX”.

avCmAlmServEvtID Char string (5 max) This is set to event type for the server
alarm.
1.3.6.1.4.1.6889.2.73.9.1.1.31 • “10” for “warning, one or more key
servers are unreachable”
• “11” for “minor, all key servers are
unreachable”

avCmAlrmAlarmSeverity Char string (3 max) This contains the alarm severity of the CM
process
1.3.6.1.4.1.6889.2.73.9.1.1.8
Gateway products use a list with the fol-
lowing values:
cleared (1),
indeterminate (2),
critical (3),
major (4),
minor (5),
warning (6)

avCmAlmOrigModAlarm- Char string (11 max) This object contains the original alarm se-
Severity verity as well as the
modified/reported alarm severity of a CM
1.3.6.1.4.1.6889.2.73.9.1.1.9 process alarm.

avCmAlmResolvedDate Char string (5) This is the date that the alarm was re-
solved (cleared) by the source CMprocess.
1.3.6.1.4.1.6889.2.73.9.1.1.12 Day/Month in format “11/12”.
This is applied by the GMM.

avCmAlmResolvedTime Char string (8) This is the time that the alarm was re-
solved (cleared) by the source CM pro-
1.3.6.1.4.1.6889.2.73.9.1.1.13 cess.
Time in hours/min/sec in format
“xx:yy:zz”.
This is applied by the GMM.

avCmAlmServLogID Char string (5 max) Logical ID for the server location. This is
set to “A’
1.3.6.1.4.1.6889.2.73.9.1.1.32
The full set of choices are:
• “*” for Security
• “A” for Application
• “S” for System
• “M” for System Mgmt.

Page 33 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Alarm Varbind List Value Notes
avCmAlmServAlarmDescrip- Char string (80) Dependent upon the alarm condition with
tion respect to Key server access, one of the
following strings is included in this field:
1.3.6.1.4.1.6889.2.73.9.1.1.33
• “one or more key servers are un-
reachable”.
• “all key servers are unreachable”.
• “all key servers are reachable”.

Table 3: Trap “Resolve” Varbind Definition

4.5.9 Performance Impact of Data Encryption

Data Encryption using OS-Level Encryption appears to have very little impact on the performance
of Communication Manager (less than 2%).

4.5.10 Backup and Restore

The operation of all backup and restore features will work the same regardless of whether OS
Level Encryption has been enabled. This means that data can be freely transferred to and from
encrypted and unencrypted filesystems.

Specifically,
• Backups from an unencrypted filesystem can be restored to either an unencrypted or an
encrypted filesystem.
• Backups from an encrypted filesystem can be restored to either an unencrypted or an en-
crypted filesystem.

Page 34 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
5. PERSONAL DATA MINIMIZATION - RETENTION

The Communication Manager will only collect and process the Personal Data necessary to per-
form the purpose of the call processing.
The Data Privacy Administrator shall use the logging feature in a secure and careful fashion. Only
those logs that are necessary for the maintenance of the gateway product shall be used and
shared with service providers.

5.1 LOG RETENTION CONFIGURATION

With the R8.1.2 release the feature of Log Retention is introduced. he Data Privacy Administrator
shall set the “Log Storage Retention” feature to minimize the log data storage.
• Saved log data would be deleted after this retention period is reached.
• Saved log data may also be deleted if the configured storage capacity has been ex-
ceeded.
• Log Retention Period time be programmable in units of days of storage.
On Communication Manager, there are four types of log categories which typically have personal
data associated with them:
• Call Detail Recording (CDR) logs
• Command History logs
• ecs logs (MST Traces)
• General Messages logs

NOTE: The Survivable CDR reporting is administrated separately from the Communication Man-
ager Main server. the Log Retention configuration parameters are saved in a Registry file on the
CM main server. This Registry file is pushed by the Filesync procedure and sent down to the Sur-
vivable server (ESS and LSP). The Customer/Craft person may access these Log Retention fea-
tures via the administrative interface on the Survivable server and modify some of the values. But
these new settings may not be “saved” in the translation records after a reboot/restart event.

With reference to Figure 12, there is a parameter named “CDR Retention (days) which is how the
Data Privacy Administrator would configure the log retention for the CDR logs. The following is a
summary of the capabilities:
o The current design has a capacity for storage of 20 files (each 20 Mbytes in size).
o The customer can access these files via the CDR account profile. With this account pro-
file, the customer may transfer and remove files in the directory /var/home/ftp/CDR.
o The range of the retention is from 1 to 20 days.
▪ Note that the CM’s CDR Capacity Scan will delete the oldest of the twenty aged
log files. So, this leaves 19 collected days plus the current day.

Page 35 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Figure 12: System Parameters -CDR SAT page –Log Retention Configuration

With reference to Figure 13, on the SMI page for ‘Server Log Files’ there has been a bottom
pane added for “Log Retention Period”. On this administrative pane, the customer may configure
the retention period (days) and the capacity (megabytes for the following:
1) Command History (include SAT interface and SMI interface activity, along with OS-CLI
commands)
a. The days of log events collected can be configured from 0 to 365 days.
b. The storage capacity may be configured from 1 to 600 megabytes.
2) CM ecs log files (including MST traces)
a. The days of log events collected can be configured from 0 to 30 days.
b. The storage capacity can be configured from 100 to 1000 megabytes.
i. From empirical experience, these can grow by 100 megabytes per day if
the customer/services craft are collecting MST traces, so they may fill

Page 36 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 storage capacity in ten days. The customer/services craft is responsible
for off-loading the collected information every few days.
3) Linux OS level general logs
a. The days of log events collected can be configured from 0 to 180 days.
b. The storage capacity can be configured from 1 to 50 megabytes.

General Notes:
• These log categories have been identified as having the potential to have some per-
sonal customer data. For this reason, these log categories have been provided with
the retention period coverage.
• Secondly, it is important to note that Communication Manager rolls-over the daily col-
lection around midnight (12:00AM for the local time zone). If configured for one day
or more, this is the time that the current day of storage becomes entered as “day 1”.
The current “day 1” becomes rolled into “day 2”, and similarly for other days of stor-
age.
• There will always be some log data that is saved in the current file. Only at the rollo-
ver period is that current file transferred into the “day 1” storage.
• If the day is set to “0”, there may be events collected during the partial day. But at
midnight’s rollover, this day’s events would not be stored. So, there is no residual
events saved past the rollover period.
• The Data Privacy Administrator should apply the configuration settings to the CM
Main server. This server will then do a filesync with the survivable processors (ESP
and LSP). While it is possible to log into the survivable processors and to change the
Log Retention feature settings, it should be noted that any of these local changes to
the survivable processors will be overwritten when the main CM server conducts its
daily audits (and resynchronization.

Page 37 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 Figure 13: Server Log Files SMI page –Log Retention Configuration

Cautionary Note: A customer who is experiencing service problems, should not set the Log Re-
tention Period for a duration that is less than 30 days (CDR has a maximum limit of 20 days). This
will allow the Avaya Tier Support personal to gain access to important log information for purpose
of problem re-creation and efficient debugging operation.

Page 38 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
6. SECURITY FOR ADMINISTRATIVE ACCESS TO PERSONAL DATA

6.1 SECURITY FOR ADMINISTRATIVE ACCESS TO STATION DATA

Most of the information contained with the SAT screens and the SMI web-based pages, do not
contain personal data. However, through the association of the “name” field on the station form
and the “extension number” it would be possible to start a search of administration records and
associate of some information across the other administration fields.

The following SAT forms have a “Name” field where the customer’s employee or contact center
agent exists. The Data Privacy Administrator must ensure that the use of the content in this
“Name” field is consistent with the Consent Management forms.
If there is a concern not to share names, the Data Privacy Administrator should consider the fol-
lowing:
• Leave the ‘name’ field blank.
• Or provide pseudonymization of the name field, such as “Tier Support Agent10”.
Identified SAT forms:
1. Station – page 1
o “Name” field

2. Station – page 4
o “Feature Button Label” field

3. IP Node Name
o “Name” field
▪ The presence of an actual name in this form would directly link an Inter-
net URL with this name.
4. Pickup Group
o “Name” field
▪ This is an optional field for allowing a name to be added to a pickup key
on a station.

5. Vector Directory Number

o “Name” field
▪ This is an option field that can be associated with a VDN.

6. Agent Login
o “Name” field

7. BCMS
o “Name” field
▪ This “Basic” CMS name is not likely to be associated with a real person,
but it is possible.

Page 39 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
7. FULFILLMENT OF DATA SUBJECT REQUESTS

The Data Privacy Administrator may fulfill requests by Data Subjects to review, change, or delete
their personal data by using the following features described earlier in this document:

1) User Data
a. Communication Manager: Administration of Station & Agent SAT screens
2) Call History
a. Communication Manager: Command History logs
3) Call Detail Records
a. Communication Manager: CDR Logs
4) Log/Trace Data
a. Communication Manager MST Trace logs and General OS logs

Page 40 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
8. DATA ANONYMIZATION AND PSEUDONYMIZATION

Communication Manager does not provide a capability to automatically anonymize or pseudony-

mize user data. If pseudonymization is desired, the Data Privacy Administrator may manually
pseudonymize the user information via the Station and Agent administration screens provided by
Communication Manager.

Page 41 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
9. MAINTAINING COMPLIANCE AFTER A RESTORE/CHANGE OPERATION

The Communication Manager does not provide an automated ability to recall any actions taken
by the Data Privacy Administrator (or any other administrator) after a backup operation has oc-
curred.
Therefore, it is the duty of the Data Privacy Administrator to maintain current backups and to
backup each, and every time an administration change is executed.

Page 42 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
10. TROUBLE SHOOTING & DIAGNOSTIC OPERATION

In response to a customer notification of a reported problem with product operation, Avaya Ser-
vices (and/or Business Partner) will investigate the problem. This investigation will require collec-
tion of the following:
• Collection of the trouble description which the customer provides.
• Collection of existing logs which may be stored on the Communication Manager
• Collection of log information which the customer (or Services partner) may have stored
on a remote log server.
• Services team may have to enable some diagnostic trace tools and execute some call
testing with the Communication Manager and then collect new traces.
Upon further analysis, the problem may be escalated through both the Services organization and
product development. There may be some further iteration of testing such that it takes some
length of time to resolve the problem (days/weeks). Once the problem is identified and resolved,
there may need to be some configuration and/or design patches applied as part of the trouble
resolution. Finally, this customer site may have to be observed for some additional time.

During this entire duration of trouble investigation, it may be necessary for the Services team to
keep diagnostic traces/logs for purpose of before/after comparison.
Once the Services team (and design team) and the customer reach agreement on the trouble
resolution, then all debugging trace/log information shall be destroyed/deleted. Operationally
speaking, both the Data Privacy Administration and the Customer’s IT staff; along with the Ser-
vices team shall consult to make sure that all debugging information has been removed and that
the customer equipment has been configured for proper operation going forward.

Page 43 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
APPENDIX A: LOGS INCLUDED IN LOG RETENTION ADMINISTRATION

The following Communication Manager logs will have Log Retention settings applied to them:
• /var/log/ecs/commandhistory

• /var/log/messages

• /var/log/ecs/<timestamp>.log

• /var/home/ftp/CDR/S000001-0001-190924-10_47

• /var/home/ftp/CDR/S000001-0001-190924-11_13

• /var/home/ftp/CDR/S000001-0001-190924-11_17

Page 44 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
APPENDIX B: LOGS EXCLUDED FROM LOG RETENTION ADMINISTRATION
The following Communication Manager logs will NOT have Log Retention settings applied to
them. These files are not viewed as containing personal data. Rather they are OS operational log
data.
• /var/log/kernel
• /var/log/aide/*.log
• /var/log/audit/*

• /var/log/boot.log

• /var/log/btmp

• /var/log/coreservices/*

• /var/log/defty/dumps/*

• /var/log/dmesg

• /var/log/dupmgr/*

• /var/log/defty/dumps/*

• /var/log/dmesg

• /var/log/dupmgr/*

• /var/log/ecs/wdlog

• /var/log/filesync/*

• /var/log/httpd/access_log

• /var/log/httpd/error_log

• /var/log/httpd/ssl_requests.log

• /var/log/krm/*

• /var/log/maillog

• /var/log/mgetty.tty*.log

• /var/log/mt/*

• /var/log/ntpstats/*

• /var/log/ppp/connect-errors

• /var/log/sa/*

Page 45 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 • /var/log/spooler

• /var/log/tallylog

• /var/log/up2date

• /var/log/wpa_supplicant.log

• /var/log/wtmp

• /var/log/yum.log

Page 46 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 APPENDIX C: SETTING UP A REMOTE KEY SERVER

It is highly recommended that multiple Remote Key Servers be administered so that there is al-
ways one available if an individual Remote Key Server becomes inaccessible.

Careful network planning is required to ensure that at least one Remote Key Server is accessible
during network outages. If no Remote Key Server can be accessed, manual entry of the Encryp-
tion Passphrase will be required at system startup if the machine reboots during the outage (un-
less a Local Key has also been enabled).

Note! To ensure a secure environment, the Remote Key Server should not reside on the same
Virtual Machine Host as Avaya Aura® Communication Manager or any other Avaya Aura® appli-
cation(s) that use the Remote Key Server.

The following describes the basic steps required to setup a Remote Key Server on a Linux Plat-
form.

1. On the Remote Key Server, install Linux 7.x or later.

2. On the Remote Key Server, update the existing installed Linux software packages.

$ yum update

3. On the Remote Key Server, Install the TANG Server application.

Page 47 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
 $ yum -y install
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscripti
on-manager to register.
repository | 3.0 kB 00:00
repository/primary_db | 109 MB 00:02
Resolving Dependencies
--> Running transaction check
---> Package tang.x86_64 0:6-1.el7 will be installed
--> Processing Dependency: jose >= 8 for package: tang-6-1.el7.x86_64
--> Processing Dependency: libjose.so.0(LIBJOSE_1.0)(64bit) for package: tang-6-
1.el7.x86_64
--> Processing Dependency: libjose.so.0()(64bit) for package: tang-6-1.el7.x86_6
4
--> Processing Dependency: libhttp_parser.so.2()(64bit) for package: tang-6-1.el
7.x86_64
--> Running transaction check
---> Package http-parser.x86_64 0:2.7.1-5.el7_4 will be installed
---> Package jose.x86_64 0:10-1.el7 will be installed
---> Package libjose.x86_64 0:10-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
tang x86_64 6-1.el7 repository 32 k
Installing for dependencies:
http-parser x86_64 2.7.1-5.el7_4 repository 28 k
jose x86_64 10-1.el7 repository 47 k
libjose x86_64 10-1.el7 repository 56 k
Transaction Summary
================================================================================
Install 1 Package (+3 Dependent packages)
Total download size: 162 k
Installed size: 358 k
Downloading packages:
(1/4): http-parser-2.7.1-5.el7_4.x86_64.rpm | 28 kB 00:00
(2/4): jose-10-1.el7.x86_64.rpm | 47 kB 00:00
(3/4): libjose-10-1.el7.x86_64.rpm | 56 kB 00:00
(4/4): tang-6-1.el7.x86_64.rpm | 32 kB 00:00
--------------------------------------------------------------------------------
Total 798 kB/s | 162 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libjose-10-1.el7.x86_64 1/4
Installing : jose-10-1.el7.x86_64 2/4
Installing : http-parser-2.7.1-5.el7_4.x86_64 3/4
Installing : tang-6-1.el7.x86_64 4/4
Verifying : jose-10-1.el7.x86_64
1/4
Verifying : http-parser-2.7.1-5.el7_4.x86_64
2/4
Verifying : tang-6-1.el7.x86_64
3/4
Verifying : libjose-10-1.el7.x86_64
4/4
Installed:
tang.x86_64 0:6-1.el7
Dependency Installed:
http-parser.x86_64 0:2.7.1-5.el7_4 jose.x86_64 0:10-1.el7 libjose.x86_64
0:10-1.el7
Complete!

Page 48 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
4. Setup Firewall on the Remote Key Server to enable the port that it will use (e.g., port 80).

$ firewall-cmd --permanent --zone=public --add-port=80/tcp

success

$firewall-cmd --reload
success

5. Enable the TANG Service on the Remote Key Server.

$ systemctl --now enable tangd.socket

Created symlink from /etc/systemd/system/multi-user.tar-
get.wants/tangd.socket to /usr/lib/systemd/system/tangd.socket.

6. On Communication Manager, add the Remote Key Server using the “encryptionRemoteKey add”
command. The command will only succeed if the Avaya Aura® Communication Manager appli-
cation can connect to it.

$ encryptionRemoteKey add 10.129.128.207 80

Enter existing passphrase:
Setting up system for remote key servers
Removing local keystore
Local Key Store is now disabled.

7. On Communication Manager, verify connectivity with the Remote Key Server using the “encryp-
tionStatus” command.

$ encryptionRemoteKey add 10.129.128.207 80

Enter existing passphrase:
Setting up system for remote key servers
Removing local keystore
Local Key Store is now disabled.

For additional information, see:

Red Hat Enterprise Linux 8 Security Guide – Using Network-Bound Disk Encryption
https://access.redhat.com/documentation/en-
US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Network-
Bound_Disk_Encryption.html

Page 49 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023
REFERENCE

• Avaya Aura® Communication Manager Overview and Specification, Release10.2.x, De-

cember 2023.

• Upgrading Avaya Aura® Communication Manager, Release10.2.x, December 2023.

• Deploying Avaya Aura® Communication Manager in Virtualized Environment, Re-

lease10.2.x, December 2023.

• Deploying Avaya Aura® Communication Manager in Virtual Appliance, Release10.2.x,

December 2023.

• Administering Avaya Aura® Communication Manager, Release10.2.x, December 2023.

• Avaya Aura® Communication Manager Feature Description and Implementation, Re-

lease10.2.x, December 2023

• Avaya Aura® Communication Manager Screen Reference, Release10.2.x, December

2023.

• Maintenance Commands for Avaya Aura® Communication Manage, Branch Gateways,

and Servers, Release10.2.x, December 2023.

• Avaya Aura® Product Privacy Statement, Release10.2.x, December 2023.

• Red Hat Enterprise Linux 8 Security Guide – Encryption:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/secu-
rity_guide/sec-encryption
• Security for Avaya Enterprise Cloud

• Privacy Fact Sheet: Avaya Enterprise Cloud™ for UC and CC

• General Data Protection Regulations (GDPR):
https://gdpr-info.eu/

• California Consumer Privacy Act (CCPA):

https://www.oag.ca.gov/privacy/ccpa

• Payment Card I Security Standards (PCI)

https://www.pcisecuritystandards.org/

• Health Insurance Privacy and Accountability Act (HIPAA)

https://www.hhs.gov/hipaa/index.html

Page 50 of 50 Avaya Aura® Communication Manager Data Privacy Guidelines Dec 2023