Table of Contents
Advertisement
Root access
On a Linux system, the highest administrative-access level is called root. Direct logins to
root-level accounts are not permitted on S8700 and S8300 servers. Administrative access,
which requires root-level permissions, is handled through "proxy" programs that grant specific
access to specific accounts. The ability to obtain full, root-level access is granted only in very
special circumstances. By tightly restricting the root password, Avaya systems are less
susceptible to accidental or malicious system access.
Remote access
Avaya S8700 and S8300 servers have a modem port for remote maintenance access, and for
sending maintenance alarms calls. The server logins that establish this remote connection are
separate from other logins that allow administrative functions. One login account can establish a
connection, and once the link is established, a second login is necessary to administer the
system. The dial-in line can also be restricted to:
Disallow all incoming calls.
Allow only one incoming call.
Allow all incoming calls.
When the interface is set to "allow one incoming call only," the line is enabled to answer a single
call. As soon as a call arrives, the line is disabled, and must be re-enabled through
administration before another call will be accepted. This feature does not inhibit outgoing alarm
calls, which are needed for maintenance. Normally, the line is disabled for all calls. When a
maintenance activity is needed, the maintenance technician must contact the server
administrator and request that the line be activated. The server administrator must then log in to
the server, and enable the line for one call only. The maintenance technician then calls the
server, performs the necessary maintenance, and disconnects. At this point the line is
automatically disabled again. Enabling the data line for one call only is a good example of a
feature that illustrates the trade-off that is required between security and convenience. Having
the data line disabled provides better security, but during diagnostic activity, when multiple calls
must be made, the server administrator must be called to manually re-enable the line for each
call. In addition, Avaya employs Expert systems technology to contact systems automatically for
monitoring and diagnostics. Disabling the data line disables this technology, which results in
higher maintenance costs, and possibly longer times out of service when a failure does occur.
Avaya Communication Manager and Media Servers
Issue 3.4.1 June 2005
191
Advertisement
Table of Contents
