Avaya TSAPI with SIPREC

This topic provides guidelines for configuring Avaya TSAPI interface with SIPREC for CXone Multi-ACD (CXone Open).

The supported Avaya AES TSAPI versions are 8.1.3 and 10.1.

Avaya site engineer is responsible for all procedures in the Avaya environment. The procedures described in this section are by recommendation only!

Follow these steps to set up the Avaya TSAPI interface with SIPREC.

Step 1: Prepare Avaya AES TSAPI Environment

Step 2: Prepare Session Border Controllers (SBCs) to integrate with CXone Multi-ACD (CXone Open):

• Prepare Oracle (Acme Packet) SBC

• Prepare Ribbon (Sonus) SBC

• Prepare AudioCodes SBC

• Prepare Avaya SBC for Enterprise (SBCE) Environment

Step 4: Download and save the Essential Data for 3rd Party Connectivity Config in CXone Excel file. You will be required to fill in essential information as you proceed. Once you have finished entering all the necessary details and prepared your environment for CXone Multi-ACD, you must submit the Excel file to your NICE Professional Services representative.

Prepare Avaya AES TSAPI Environment

You must configure the Avaya AES TSAPI Server before you configure CXone Multi-ACD.

The supported Avaya AES TSAPI versions are 8.1.3 and 10.1.

Perform these steps to prepare the Avaya AES TSAPI environment:

Step 1: Verify the TSAPI License and Status

Step 2: Prepare the AES Environment

Step 3: Add a User

Step 4: Verify the Tlink

Step 5: Create a Secure Connection Using VPN

Step 1: Verify the TSAPI License and Status

Before configuring the Avaya TSAPI interface, you must verify that the Avaya TSAPI Service is running, and that the license is valid.

To verify the TSAPI Service and status:

1. Log in to the AES Server. The Application Enablement Services page appears.

2. From the menu, select AE Services.

   View image

   

3. Verify:

   • The TSAPI Service Status column is Online and that the State is Running.

   • The Licensed Mode column shows Normal Mode.

Step 2: Prepare the AES Environment

An Avaya site engineer is responsible for all procedures in the Avaya environment. These procedures are recommendations and guidelines only!

In an AES environment, the AES administrator must prepare the AES-CTI link connections.

Step 3: Add a User

The user must be added to the system via the webpage.

This procedure must be performed together with an Avaya administrator. The AES administrator must first prepare the AES-CTI link connection.

At the end of this step, you are required to provide to NICE Professional Services:

• User credentials.

To add a user:

1. On the AE Services menu, navigate to User Management > User Admin and click Add User.

   View image

   

2. In the Add User window, configure the mandatory fields:

   1. User Id

   2. Common Name

   3. Surname

   4. User Password

   5. Confirm Password

   6. Change the CT User setting to Yes.

3. Click Apply to save the information.

4. Save these user credentials in the Excel file. Once you have finished entering all the necessary details and prepared your environment, submit the Excel file to NICE Professional Services.

5. Verify that the User created successfully message appears in the Add User Results window.

   View image

   

6. Provide unrestricted monitoring for all devices to user:

   1. On the AE Services menu, expand Security > Security Database > CTI Users and click Search Users.

   2. In the Search Users window, search for the user created previously.

      View image

      

   3. Click Search. The new user appears.

      View image

      

   4. Click Edit.

      View image

      

   5. In the Edit CTI User window, in the User Profile area, select Unrestricted Access.

   6. Click Apply Changes.

      View image

      

   7. In the Apply Changes to CTI User Properties, click Apply.

Step 4: Verify the Tlink

In the CTI Connection TSAPI configuration, the Server Name parameter uses the Tlink value.

At the end of this step, you are required to provide to NICE Professional Services:

• Tlink name

To verify the Tlink:

1. In the AES webpage, select Security > Security Database > Tlinks.

   View image

   

   The list of Tlinks appears in the Tlink Name column. If your site uses more than one Tlink, make sure you choose the correct Tlink, according to the switch name.
   

   The Tlink consists of these segments:
   

   View image

   

   • AVAYA - Vendor

   • # - Separator

   • AVAYA10 - Switch / Connection Name (as defined in Communication Manager Interface> Switch Connections)

   • CSTA/CSTA-S - Non-Secure / Secure Portal

   • AES10 - AES Server Name

2. Save the correct Tlink name in the Excel file. Once you have finished entering all the necessary details and prepared your environment, submit the Excel file to NICE Professional Services.

3. If using the secured Tlink, verify that the TLS version is configured in the AES. Navigate to Networking > TCP/TLS Settings.

   View image

   

4. By default, only Support TLSv1.2 Protocol is enabled. TLSv1.2 Protocol is supported as a sole security protocol.

5. Since default certificates are no longer provided, the Avaya site engineer must generate the relevant certificate and upload it to the Avaya telephony system in CXone. Navigate to Security > Certificate Management > Server Certificates.

   View image

   

6. In the Server Certificates window, in the Alias column, select the certificate and click Export.

   View image

   

7. In the Server Certificate Export window, verify that No, do not export the private key is selected and click Export.

8. Upload this exported certificate to the Avaya telephony system in Cxone.

Step 5: Create a Secure Connection Using VPN

This step must be performed only in coordination with NICE Professional Services.

At the end this step, by completing the form in the Essential Data for 3rd Party Connectivity Config in CXone Excel file, you will provide the necessary details to NICE Professional Services, who will aid you in establishing a secure VPN connection with CXone.

SIPREC environments only are required to complete additional information in the form, so that SBC can establish a connection between SIPREC and CXone.

1. NICE Professional Services will provide you with the VPN connect form.

   1. Fill out the provided form with details of your side and the necessary information for CXone Multi-ACD.

   2. NICE Professional Services will coordinate with CXone teams to ensure all fields are appropriately filled out.

   3. Both parties must agree on the form and details.

2. NICE Professional Services will schedule a collaborative call:

   1. To agree on the form and provided details with CXone Multi-ACD.

   2. With CXone teams for VPN provisioning.

3. You will set up two VPNs: one for resiliency and one for failover.

4. Configure routing by setting up BGP over VPN with CXone Multi-ACD firewalls or create static routes to the provided IP addresses.

5. Configure NAT. NAT your endpoint behind a public IP, either advertised via BGP or using static routing.

6. Configure firewall settings:

   1. Allow inbound traffic from the provided IP addresses (2) into the CTI Endpoint.

   2. Open the required ports. See Ports and Protocols by Application for more information.

   3. For High Availability environments, the ports mentioned above in step b must be open for all servers, active and standby.

7. NICE Professional Services will coordinate with CXone teams to:

   • Ensure the VPN form is correctly filled out.

   • Schedule a time with CXone teams for VPN provisioning and routing setup.

   • Test VPN tunnel, routing, and connectivity.

Prepare Oracle (Acme Packet) SBC

This section describes how to prepare the Oracle (Acme Packet) Session Border Controller (SBC) to integrate with CXone Multi-ACD (CXone Open).

The procedures described in this section are recommendations only. The Oracle site engineer should perform all procedures.

Workflow

Use this workflow to prepare your Oracle (Acme Packet) SBC for CXone Multi-ACD. Before beginning this workflow, you must ensure that site components are configured.

phase	Description	reference
Phase 1: Site Preparation
	Step 1: Review the prerequisites.	(Optional) Encryption Prerequisites
Phase 2: Set up Oracle SBC
	Step 1: Verify that the license is valid and includes the Session Recording feature. SRTP requires Software TLS.	Verify the License
	Step 2: Configure the recording realm to which the SBC connects.	Configure the Recording Realm
	Step 3: Configure the Session Recording Server (SRS) connection.	Configure the Session Recording Server (SRS) Connection
	Step 4: (Optional) For more than one recorder, configure the connection to the session recording group (SRG).	(Optional) Configure the Session Recording Group (SRG)
	Step 5: Configure a SIP Interface.	Configure SIP Interfaces, Realms, and Session Agents for the SRS and SRG
	Step 6: Configure an ingress or egress realm:
	Step 7: Configure a session agent.	Configure SIP Interfaces, Realms, and Session Agents for the SRS and SRG
	Step 8: Generate UCIDs for inbound calls.	Configure the Generation of Universal Call Identifiers for Inbound Calls

Configure the Generation of Universal Call Identifiers for Inbound Calls

The Universal Call Identifier Session Plug-in Language (SPL) plug-in for an Oracle SBC can be configured to generate or preserve a universal call identifier based on the configuration. Once a universal call identifier is generated or preserved, the system adds the value to all subsequent egress SIP requests within the session. You can also configure the plug-in to remove unwanted universal call identifier headers to avoid duplicity in egress SIP requests. Avaya UCID can be added as extension data to the session element in the metadata of a recording when SIPREC is used.

(Optional) Encryption Prerequisites

1. Verifying one call leg is encrypted:

   For encryption of the recorder call leg, verify that one of the other SBC call legs either going in/coming out of the SBC is encrypted.

2. Follow the Oracle documentation for configuring certificates.

Verify the License

Verify that the license is valid and includes the Session Recording feature.

1. Connect to the Acme Packet CLI and type the user password.

2. Type the following and press Enter:

   enable

3. Type the superuser password and press Enter:

4. Type the following and press Enter:

   configure terminal

5. Type the following and press Enter:

   system

6. Type the following and press Enter:

   license

7. Type the following and press Enter:

   show

   View image

   

8. Verify that the license is valid (not expired).

9. Verify that the license includes Session Recording.

10. For SRTP, verify that the license includes Software TLS.

Configure the Recording Realm

1. Connect to the Acme Packet CLI and type the user password.

2. Type the following and press Enter:

   enable

3. Type the superuser and press Enter:

4. Type the following and press Enter:

   configure terminal

5. Type the following and press Enter:

   media-manager

6. Type the following and press Enter:

   realm-config

7. Configure the realm name, type:

   identifier <Name of the realm>

   This must be the same as the recording realm name you define in Configuring the Session Recording Server (SRS) Connection or (Optional) Configuring the Session Recording Group (SRG).

8. Configure the interface, type the following and press Enter:

   network-interfaces <interface>

   For example: network-interfaces M01:0

9. Configure the RTCP Mux feature, type the following and press Enter:

   rtcp-mux enable

10. Type the following and press Enter:

    done

    View image

    

    The graphic above is for example purposes only. In a non secure environment, the media-sec- policy is blank.

Configure the Session Recording Server (SRS) Connection

The SRS is the VRSP.

1. Make sure you completed Configuring the Recording Realm.

2. Connect to the Acme Packet CLI and type the user password.

3. Type the following and press Enter:

   enable

4. Type the superuser password and press Enter.

5. Type the following and press Enter:

   configure terminal

6. Type the following and press Enter:

   session-router

7. Type the following and press Enter:

   session-recording-server

8. Configure the SRS name, type the following and press Enter:

   name <name of the SRS>

   For example: name NiceVRSP

9. (Optional) Configure the SRS description, type the following and press Enter:

   description <description of the SRS>

   For example: description SignalingToVRSP

10. Configure the SRS realm, type the following and press Enter:

    realm <Name of the realm>

    For example: realm recording-realm

11. Configure the SRS mode, type the following and press Enter:

    mode selective

12. Configure the destination IP address, type the following and press Enter:

    destination <IP address of the VRSP>

    For example: destination 192.168.10.10

13. Configure the destination port:

    • In a non-secure environment, type port 5060 and press Enter

    • In a secure environment, type port 5061 and press Enter

14. Configure the transport layer protocol:

    • In a non-secure environment, for TCP as the transport layer protocol, type transport-method TCP and press Enter

    • In a secure environment, type DynamicTLS and press Enter

15. Type the following and press Enter:

    done

    View image

    

16. Add the SRS to a SIP Interface, Realm, or Agent Session. See Configuring SIP Interfaces, Realms, and Session Agents for the SRS and SRG.

    While you can add the SRS to all three recording options, the system automatically prioritizes your selection in this order: first Agent Session, then Realm, and then SIP Interface.

17. To enable recording with recorders that expect RTP on consecutive ports (VoIP loggers), you must disable force-parity. By default, force-parity is already disabled using the force-parity parameter. To verify that force-parity is disabled, type:

    configure terminal

    session-router

    session-recording-server

    select [choose the recording server name by number]

    View image

    

    show

    The configuration of the Session Recording Server appears.

18. Check that force-parity is disabled.

    View image

    

19. If force-parity is enabled, type the following and press Enter:

    force-parity disabled

    done

20. Save and activate the configuration.

(Optional) Configure the Session Recording Group (SRG)

Configure this if you have more than one recorder.

1. Verify you completed Configuring the Recording Realm.

2. Connect to the Acme Packet CLI and type the user password.

3. Type the following and press Enter:

   enable

4. Type the superuser password and press Enter.

5. Type the following and press Enter:

   configure terminal

6. Type the following and press Enter:

   session-router

7. Type the following and press Enter:

   session-recording-group

8. Configure the SRG name, type the following and press Enter:

   name SRG:<name of the session recording group>

   For example: name SRG:NiceRecordingServer

9. (Optional) Add the SRG description, type the following and press Enter:

   description <description of the SRG>

   For example: description SignalingToRecGroup

10. Configure the strategy of the SRG, for example, RoundRobin (see below). Type the strategy name and press Enter:

    strategy RoundRobin

    Note that a NICE VRSP pair does not support load balancing.

11. To view additional strategy options (such as Hunt, LeastBusy, PropDist, and LowSusRate), type the following and press Enter:

    strategy?

12. Configure the number of session recording servers that will be allocated to the SRG, type the following and press Enter:

    simultaneous-recording-servers

    followed by the number of servers.

    For a NICE VRSP pair, the number is 2.

13. Type exit and repeat this action until you reach the first superuser prompt (#), for example:

    NiceSBC4500(configure)# session-router

    NiceSBC4500(session-router)# session-recording-group

    NiceSBC4500(session-recording-group)# exit

    NiceSBC4500(session-router)# exit

    NiceSBC4500(configure)# exit

    NiceSBC4500#

14. Specify the session recording servers to be included in the group. Type the session recording server names in quotation marks, with a space between each session recording server name, and press Enter:

    "<servername1> <servername2>"

    This must be the same as the recording realm name you define in Configuring the Session Recording Server (SRS) Connection.

15. Type the following and press Enter:

    done

    View image

    

16. Type the following and press Enter:

    verify-config

17. When you receive the notice Verification successful, type the following and press Enter:

    save-config

18. Type the following and press Enter:

    activate-config

Configure SIP Interfaces, Realms, and Session Agents for the SRS and SRG

Prepare Ribbon (Sonus) SBC

This section describes how to prepare the Ribbon (Sonus) Session Border Controller (SBC) to integrate with CXone Multi-ACD (CXone Open). The information in this guide is relevant for the Ribbon 5000 and 7000 Series Core SBC and the Virtual Core SBC.

The procedures described in this guide are recommendations only and should be performed by a certified Ribbon engineer.

Verify the License

The first step in configuring the Ribbon SBC to integrate with the CXone Multi-ACD environment is to verify that the license is valid and includes the SBC-SIPREC feature.

1. Connect to the Ribbon SBC with the user name admin.

2. In the Command Line Interface (CLI) type: show table system licenseInfo.

   The license information appears.

   View image

   

3. Verify that the license is valid (not expired).

4. Verify that the line for the SBC-SIPREC feature includes the license ID, an expiration date that has not yet passed, and a usage limit greater than 0.

Configure an Additional Zone

An additional zone, which can be named, for example, NICE_ZONE, must be added for the recorder. The name of the zone is arbitrary, but the same name that is used to configure it must also be used to reference it in subsequent steps.

This zone must have properties similar to those shown in the example.

To create a new zone named NICE_ZONE (an example):

1. At the command line prompt in the Command Line Interface (CLI), enter:

   configure

   The CLI responds with this message:

   Entering configuration mode private

2. At the CLI command line prompt, enter:

   set addressContext default zone NICE_ZONE id 0

3. At the CLI command line prompt, enter:

   set addressContext default zone NICE_ZONE sipTrunkGroup NICE_TG state enabled mode inService policy carrier 0000 country 1 localizationVariant northAmerica tgIPVersionPreference both-ipv4-and-ipv6 digitParameterHandling numberingPlan NANP_ACCESS Value for 'media mediaIpInterfaceGroupName' [LIF1,LIF2]: LIF2

4. At the CLI command line prompt, enter:

   set addressContext default zone NICE_ZONE sipTrunkGroup NICE_TG ingressIpPrefix 172.0.0.0 8

5. At the CLI command line prompt, enter:

   set addressContext default zone NICE_ZONE sipTrunkGroup NICE_TG signaling messageManipulation outputAdapterProfile UUID-MessageBody

6. At the CLI command line prompt, enter:

   set addressContext default zone NICE_ZONE sipSigPort 1001 ipInterfaceGroupName LIF1 ipAddressV4 172.21.13.62 portNumber 5060 mode inService state enabled recorder disabled siprec enabled transportProtocolsAllowed sip-udp,sip-tcp

7. At the CLI command line prompt, enter:

   commit

Configure Call Recording

There are five steps to configuring call recording.

Send a UCID to the Recorder

In an Avaya environment the Universal Call Identifier (UCID) of every call must be sent to the recorder.

Configure TLS and SRTP

Follow these procedures for TLS and SRTP configuration.

Prepare AudioCodes SBC

This section describes how to prepare and configure the AudioCodes Session Border Controller (SBC) to integrate with CXone Multi-ACD (CXone Open).

The supported AudioCodes SBC version is 7.4.

The procedures described in this section are recommendations only. The AudioCodes site engineer must perform the AudioCodes preparation and configuration.

Workflow

Use this workflow to prepare your AudioCodes SBC system for CXone Multi-ACD (CXone Open).

Step 1: Verify the License

Step 2: Configure the Proxy Set for CXone Environment

Step 3: Configure the IP Group for the CXone AudioCodes SBC

Step 4: (Secure/Non-secure Environments) Configure SIP Recording

Step 5: Send a UCID to the CXone AudioCodes SBC

Workflow for Secure SIPREC

Use this workflow to prepare your AudioCodes SBC system for secure SIPREC configuration with CXone Multi-ACD (CXone Open).

Step 1: Verify the License

Step 2: (Secure Environments only) Configure the Proxy Set

Step 3: Configure Secure IP Profile

Step 4: (Secure Environments only) Configure the IP Group

Step 5: (Secure Environments only) Import and Export Certificates for SIP Recording

Step 6: (Secure/Non-secure Environments) Configure SIP Recording

Step 7: Send a UCID to the CXone AudioCodes SBC

Verify the License

Verify that the license is valid and that the SBC-SIPREC feature is supported.

1. Connect to the AudioCodes SBC via web.

   View image

   

2. Click the ADMINISTRATION menu.

3. Under TIME & DATE, expand MAINTENANCE and select License Key.

4. Under VOIP FEATURES, verify that the license supports SIPRec Sessions.

   View image

   

Configure the Proxy Set for CXone Environment

This procedure provides guidelines for configuring the SBC for the CXone AudioCodes SBC, including the IP address of the CXone AudioCodes SBC.

1. In the menu, click SIGNALING & MEDIA.

2. Under TOPOLOGY VIEW, expand CORE ENTITIES and select Proxy Sets.

   View image

   

3. In the list of Proxy Sets, click New.

4. In the Proxy Set window, under GENERAL:

   1. In the Name field, enter a name.

   2. From the SBC IPv4 SIP Interface drop-down list, select the SIP interface.

   3. Click APPLY.

      View image

      

5. Scroll down and click the Proxy Address link.

   View image

   

6. In the Proxy Sets > Proxy Address window, click New and add IP address for CXone AudioCodes SBC.

   View image

   

7. In the Proxy Address window, under GENERAL, in the Proxy Address field, enter the CXone AudioCodes SBC IP address.

   View image

   

8. Click APPLY.

(Secure Environments only) Configure the Proxy Set

This procedure provides guidelines for configuring the SBC Proxy Set and the Proxy IP address for the CXone AudioCodes SBC for secure connection.

1. In the menu, click SIGNALING & MEDIA.

2. Under TOPOLOGY VIEW, expand CORE ENTITIES and select Proxy Sets.

   View image

   

3. In the list of Proxy Sets, click New.

4. In the Proxy Set window, under GENERAL:

   1. In the Name field, enter a name.

   2. From the SBC IPv4 SIP Interface drop-down list, select the SIP interface.

   3. From the TLS Context Name drop-down list, select the TLS Context with the SBC certificate.

      View image

      

5. Scroll down and click the Proxy Address link.

   View image

   

6. In the Proxy Sets > Proxy Address window, click New and add the IP address for CXone AudioCodes SBC.

   View image

   

7. In the Proxy Address window, under GENERAL, in the Proxy Address field, enter the CXone AudioCodes SBC IP address and set the Transport Type to TLS.

   View image

   

8. Click APPLY.

Configure Secure IP Profile

1. From the Setup menu, go to SIGNALING & MEDIA. Under TOPOLOGY VIEW, expand CODERS & PROFILES and select IP Profiles.

   View image

   

2. In the list of IP Profiles, click New.

   View image

   

3. In the list IP Profiles window, under MEDIA SECURITY, make sure the SBC Media Security Mode is set to Secured.

4. Click APPLY.

Configure the IP Group for the CXone AudioCodes SBC

1. In the menu, click SIGNALING & MEDIA.

2. Under TOPOLOGY VIEW, expand CORE ENTITIES and select IP Groups.

   View image

   

3. In the list of IP Groups, click New.

4. In the IP Groups window, under GENERAL:

   1. In the Index field, configure the next sequential number.

   2. In the Name field, enter a name.

   3. From the Topology Location drop-down list, select the location.

   4. From the Type drop-down list, select Server.

   5. From the Proxy Set field, select the Proxy Set for this IP Group.

   6. In the IP Profile field, enter an existing IP Profile ID.

   7. In the Media Realm Name field, select the existing Media Realm name.

      View image

      

5. Click APPLY.

(Secure Environments only) Configure the IP Group

1. In the menu, click SIGNALING & MEDIA.

2. Under TOPOLOGY VIEW, expand CORE ENTITIES and select IP Groups.

   View image

   

3. In the list of IP Groups, click New.

4. In the IP Groups window, under GENERAL:

   1. In the Index field, configure the next sequential number.

   2. In the Name field, enter a name.

   3. From the Topology Location drop-down list, select the location.

   4. From the Type drop-down list, select Server.

   5. From the Proxy Set field, select the CXone Proxy Set for this IP Group.

   6. In the IP Profile field, select the secure IP Profile previously created in Configure Secure IP Profile.

   7. In the Media Realm Name field, select the existing Media Realm name.

      View image

      

5. Click APPLY.

6. Then click Save.

(Secure Environments only) Import and Export Certificates for SIP Recording

At the end of this step, you are required to provide to NICE Professional Services:

• The certificate in PEM format

1. To import the CXone AudioCodes SBC certificate to the SBC, go to SETUP > IP NETWORK. Under NETWORK VIEW, expand SECURITY and select TLS Contexts.

   View image

   

2. In the TLS Context window, click Trusted Root Certificates.

   View image

   

3. Click Import.

4. In the Import New Certificate window, click Choose File and browse to the CXone AudioCodes SBC certificate. Verify the CXone AudioCodes SBC certificate is in PEM format.

   View image

   

5. Click OK.

6. In the TLS Contexts window, click Certificate Information.

   View image

   

7. On the Certificate Information page, under CERTIFICATE, copy the text of the certificate. Create a certificate from this text.

   View image

   

8. Send the certificate in PEM format to the NICE Professional Services together with the CA, if exists.

(Secure/Non-secure Environments) Configure SIP Recording

This section describes the procedure for SIP Recording enablement and the SIP Recording routing configuration.

1. In the menu, click SIGNALING & MEDIA.

   View image

   

2. Expand SIP RECORDING and select SIP Recording Settings.

3. Under General, from the SIP Recording Metadata Format drop-down list, select either Legacy or RFC 7865 Metadata option. CXone Multi-ACD (CXone Open) supports both options. Configure according to your preferences.

4. Click APPLY.

5. Form SIP RECORDING, select SIP Recording Rules.

   View image

   

6. In the SIP Recording Rules area, click New.

7. In the SIP Recording Rules window, under GENERAL:

   1. From the Recorded IP Group list, select the existing agent's side group ID.

   2. In the Recorded Source Pattern field, enter the source prefix to be recorded.

   3. In the Recorded Destination Pattern field, enter the destination prefix to be recorded.

   4. From the Peer IP Group list, select the Service Provider side's group ID.

   5. From the Caller list, select Both.

8. Under RECORDING SERVER:

   1. From the Recording Server (SRS) IP Group list, select the previously created IP Group for the Recorder.

      See Configure the IP Group for the CXone AudioCodes SBC or (Secure Environments only) Configure the IP Group.

      View image

      

9. Click APPLY.

10. A new row is added in the SIP Recording Routing section.

    View image

    

11. To save all new information, click Save.

Send a UCID to the CXone AudioCodes SBC

In an Avaya environment, the Universal Call Identifier (UCID) of every call must be sent to the CXone AudioCodes SBC.

Prepare Avaya SBC for Enterprise (SBCE) Environment

This section describes how to prepare the Avaya environment for integrating the Avaya Session Border Controller for Enterprise (SBCE) with CXone Multi-ACD (CXone Open) environment for SIPREC communication.

The supported Avaya SBCE versions are 8.1.3 and 10.1.

The procedures described in this guide are recommendations only and should be performed by a certified Avaya site engineer.

For comprehensive information about configuring the Avaya switch, see the Avaya documentation.

Workflow

Use this workflow to set up Avaya SBCE active recording with CXone Multi-ACD.

Before beginning this workflow, you must ensure that site components are configured.

• Step 1: Configure the TLS

• Step 2: Configure a Recording Server

• Step 3: Create a Routing Profile

• Step 4: Send a UCID to the CXone AudioCodes SBC

• Step 5: Create a Recording Profile

• Step 6: Create a Session Policy

• Step 7: Create an Application Rule

• Step 8: Create a Media Rule

• Step 9: Create an Endpoint Policy Group

• Step 10: Add a Session Flow

• Step 11: Create a Server Flow

Configure the TLS

Configure a Recording Server

Session recording is a critical requirement for some businesses. Use this procedure to set up session recording for SIPREC.

To configure a Recording Server:

1. Ensure that the configurations for SIP trunking between Session Manager and the carrier were completed.

2. Log in to the EMS Web interface with administrator credentials.

3. From Device: select the SBC application name from the drop-down list.

4. In the left navigation pane, select Services > SIP Servers.

5. On the Server Configuration page, click Add.

6. On the Add Server Configuration Profile page, in the Profile Name field, type a name for the new server profile.

7. Click Next.

8. On the Edit Server Configuration Profile window, in the Server Type field, click Recording Server.

   View image

   

9. For TLS Client Profile, select the client profile you created in Configure the TLS.

10. In the IP Address / FQDN field, type the IP address of the CXone AudioCodes SBC server.

11. In the Port field, enter 5061.

12. In the Transport field, select TLS transport protocol.

13. Click Next.

14. On the Add Server Configuration — Advanced page, to select the interworking profile, perform one of these:

    • In the Interworking Profile field, select the avaya-ru profile.

      The avaya-ru profile is the default interworking profile.

    • Clone the default avaya-ru interworking profile and select the cloned interworking profile.

15. Verify that the Enable Grooming check box is selected.

    For a recording server, the system selects the Enable Grooming field by default. Do not clear the Enable Grooming check box.

16. Click Finish.

Create a Routing Profile

A new routing profile must be created for the Recording Server. Routing profiles define a specific set of packet routing criteria that are used in conjunction with other types of domain policies. Routing profiles identify a particular call flow and thereby ascertain which security features are applied to those packets. The parameters defined by routing profiles include packet transport settings, name server addresses and resolution methods, next hop routing information, and packet transport types.

To create a routing profile:

1. Log in to the EMS Web interface with administrator credentials.

2. In the navigation pane, select Configuration Profiles > Routing. The Application pane displays the existing routing profiles. The Content Area displays the routing rules comprising a selected routing profile.

3. In the Application pane, click Add.

4. Type a distinctive name for the new routing profile, and click Next.

   View image

   

5. Enter the requested information in the appropriate fields, which are described in the table below.

   To use alternate routing, ensure that you set the Trans Expire field on the Timers tab from Global Profiles > Server Interworking to an appropriate short duration. Any request sent from the server times out if a response is not received within the time set as the transaction expiration timer. Therefore, alternate routing does not work if the Trans Expire field is set to the default value of 32 seconds.

   Field Name	Description
   URI Group	Indicates the URI Group to which the next hop routing profile applies. The possible values are: * Emergency
   Time of Day	Indicates the time of day for the trunk server to resolve the routing profile. For remote users, do not use the Time of Day field to resolve the routing profile.
   Load Balancing	Indicates the type of load balancing option. Leave the default value.
   Transport	Indicates the next hop address that you must configure. Alternatively, select the transport type. The system uses the routing profile transport type to route the message.
   Next Hop In-Dialog	Indicates the Next Hop configuration for the In-Dialog message. If you enable the Next Hop In-Dialog option, the In-Dialog request will try to use the same routing entry to route the message.
   NAPTR	Indicates whether Naming Authority Pointer is activated or deactivated. When you select the Load Balancing algorithm as DNS/SRV, the system enables the NAPTR check box. If you disable NAPTR, you must specify the transport protocol.
   Next Hop Priority	Indicates whether in cases when the SBC fails to route a message using the resolved routing entry from the message, that is, using the request URI or Route Header, the system will send the message to the alternate routing entry from the routing profile.
   Ignore Router Header	Indicates whether Avaya SBCE will ignore the Route Header.
   ENUM	Indicates whether the support for the E.164 Number Mapping (ENUM) protocol is enabled.
   ENUM Suffix	Indicates the ENUM suffix that is added to change the number to a domain name. This field is available only when you select the ENUM check box.
   Add	Adds a next hop address.
   Priority / Weight	Indicates the priority and weight assigned for load balancing options. Leave the default value.
   Server Configuration	Indicates the server configuration.
   Next Hop Address	Indicates the IP address or domain of the Next Hop server. You can add up to 20 next hop addresses.
   Transport	Indicates the transport type for each next hop address. Select the protocol for transporting outgoing signaling packets. The supported options are: None TCP UDP In this case, the Common Transport Type field is unavailable. You can select the transport type according to the next hop address.

6. Click Finish. The Application pane displays the new Routing profile.

Enable UCID

UCID must be enabled for the signaling rules used on the Session Manager endpoint policy group content.

To enable UCID:

1. Log in to the EMS Web interface with administrator credentials.

2. In the left navigation pane, select Domain Policies > Signaling Rules. The left Application pane displays the existing Signaling Rule sets, and the Content pane displays the parameters of the selected Signaling Rule set.

3. Click the Signaling Rule that Avaya SBCE must use for the Session Manager.

4. Click the UCID tab.

5. Click Edit.

6. Select the UCID check box to enable it.

   View image

   

7. In the Node ID field, enter a node ID. Every entity that generates a UCID has a node ID. The node ID must be unique across a solution.

8. In the Protocol Discriminator field, click 0x00. The protocol discriminator configured on Avaya SBCE must match the value configured for Communication Manager. If the Communication Manager CTI application requires the protocol discriminator 0x04 for the legacy Interaction Center application, you can set the protocol discriminator to 0x04.

9. Click Finish.

Create a Recording Profile

To create a recording profile:

1. Log in to the EMS Web interface with administrator credentials.

2. In the left navigation pane, select Configuration Profiles > Recording Profile.

3. Click Add in the Recording Profiles section to add a new recording profile.

   View image

   

4. Select the required Routing Profile.

5. Select Full Time as the Recording Type.

Create a Session Policy

A recording type and a routing profile must be assigned by creating a new session policy for the Recording Server.

To create a session policy for a Recording Server:

1. Log in to the EMS Web interface with administrator credentials.

2. In the left navigation pane, select Domain Policies > Session Policies. The left Application pane displays the existing session policies, and the Content pane displays the parameters of the selected session policy.

3. In the Applications pane, click Add.

4. In the Session Policy window, in the Policy Name field, type a name for the new session policy, and click Next. The second Session Policy window is displayed.

   View image

   

5. Select the Media Anchoring check box.

6. Select the Recording Server check box.

7. Select the Recording Profile that has been created in Create a Recording Profile.

   The Routing Profile is assigned to the Recording Profile.

8. In the Recording Type field, select the type of recording required. The available options are Full Time and Selective.

9. (Optional) To play a tone to indicate that the call is being recorded, select the Play Recording Tone check box.

   The default recording tone is the CALL_CONNECTING wave file. If required, you can replace the default tone with a new, short duration wave file.

10. (Optional) To configure Avaya SBCE to terminate the session when the Recording Servers do not respond, select the Call Termination on Recording Failure check box.

11. In the Routing Profile field, select the routing profile that Avaya SBCE must use for the Recording Server.

12. Click Finish.

Create an Application Rule

A new application rule must be created for the Recording Server. Application rules define the type of SBC-based Unified Communications (UC) applications that Avaya SBCE protects. You can also specify the maximum number of concurrent voice and video sessions that your network can process before resource exhaustion. Application Rules are part of the Endpoint Policy Group configuration. A customized application rule or the default application rule can be selected from a list during the configuration while creating an Endpoint Policy group.

The Application Rules function is available in the Domain Policies menu.

To configure an Application Rule for a Recording Server:

1. Log in to the EMS Web interface with administrator credentials.

2. In the left navigation pane, select Domain Policies > Application Rules. The left application pane displays the existing Application Rule sets, and the content pane displays the parameters comprising the selected Application Rule set.

3. In the left Applications Rules pane, click Add.

4. In the Application Rule window, enter a name for the new Application Rule and click Next. The second Application Rule window is displayed.

   View image

   

5. Enter the requested information in the fields which are described in below.

   Field Name	Description
   Application Type	Indicates the type of SIP application for which this Application Rule is being configured. The possible values are: Audio Video
   In	Indicates whether the application rule applies to the audio and video traffic entering the enterprise network.
   Out	Indicates whether the application rule applies to the audio and video traffic originating from within the enterprise network.
   Maximum Concurrent Sessions	Indicates the maximum number of concurrent application sessions that can be active for the selected application type. Additional application requests are blocked when this threshold is exceeded.
   Maximum Sessions Per Endpoint	Indicates the maximum number of application sessions that can be active for an endpoint. Additional application requests are blocked when this threshold is exceeded.
   CDR Support	Indicates the type of support for call detail records (CDR). The possible values are: None: No call detail records are not provided. With RTP: Call detail records with call quality and call statistics are provided in addition to the changes in call states. Without RTP: Call detail records with only the changes in call states are provided.
   RTCP Keep-Alive	Indicates whether the RTCP Keep-Alive feature is enabled.

6. Click Finish to save, then exit, and return to the Application Rules page.

Create a Media Rule

A new media rule must be created for the Recording Server. For SRTP calls, verify that interworking is enabled.

To create a media rule for a Recording Server:

1. Log in to the EMS Web interface with administrator credentials.

2. In the left navigation pane, select Domain Policies > Media Rules. The Applications pane displays the existing Media Rule sets, and the Content pane displays the parameters for the selected Media Rule set.

3. In the left Applications Rules pane, click Add.

4. In the Media Rule window, enter a name for the new Media Rule.

5. Click Next.

6. On the Audio Encryption tab, under the Audio Encryption area, click the dropdown and select:

   1. SRTP_AES_CM_128_HMAC_SHA1_80 cipher for Preferred Format #1.

   2. SRTP_AES_CM_128HMAC_SHA1_32 cipher for Preferred Format #2.

   3. NONE for Preferred Format #3.

      View image

      

7. Click Next.

   View image

   

8. CXone Multi-ACD SIPREC supports only the G711A, G711U, G729 and G729A audio codecs. The CXone AudioCodes SBC will reject the offer if there is no matching codec in the SDP offer. In the Audio Codec section, select the Codec Prioritization check box and select the supported codecs as the preferred codecs.

9. (Optional) Select the Allow Preferred Codecs Only check box.

10. (Optional) If you require media transcoding, select the Transcode check box.

    For transcoded calls, you must configure the transcoded codec G711 or set the codec prioritization as G711MU. For SIPREC, one side of the call is transcoded, and the other side must be on G711 or vice versa. Media can be streamed to the Recorder on the G711 codec.

11. (Optional) In the Available column, select the preferred audio and DTMF dynamic codecs that the recorder supports, and click >.

12. (Optional) If the recording tone is enabled, select the telephone-event and G729 preferred codecs.

13. Click Next.

14. (Optional) Enable BFCP, FECC, and ANAT if required.

15. Click Finish.

Create an Endpoint Policy Group

A new endpoint policy group must be created for the Recording Server.

To create an endpoint policy group for a Recording Server:

1. Log in to the EMS Web interface with administrator credentials.

2. In the left navigation pane, select Domain Policies > End Point Policy Groups. The Application pane displays the defined policy groups, and the Content pane displays the parameters of the selected policy group.

   At least one Security Rule set must be defined before a policy group can be created. If you do not create a security rule, Avaya SBCE displays a prompt to create such a rule.

3. In the left Application pane, click Add. The Policy Group window is displayed.

4. In the Group Name field, type a name for the new endpoint policy group, and click Next. The system displays the second Policy Group window, where you must set the policy group parameters.

   View image

   

5. Enter the relevant parameters, and click Finish. The Application pane displays the newly created endpoint policy group. When you click the endpoint policy group, the system displays the details in the Content pane. The endpoint policy group fields are described below.

   Field Name	Description
   Group Name	Indicates the name of the endpoint policy group.
   Application Rule	Indicates the application rule that will determine which applications use this policy group.
   Border Rule	Indicates the border rule that will determine which applications will use this policy group.
   Media Rule	Indicates the media rule that will be used to match media packets.
   Security Rule	Indicates the security rule that will determine which Avaya SBCE security policies will be applied when this policy group is activated.
   Signaling Rule	Indicates the Signaling Rule that will be used to match SIP signaling packets.

6. Click Finish.

Add a Session Flow

A session flow for the Recording Server must be added.

If you have a hairpin between a remote worker and a trunk, you must create three session flows:

• Session Flow 1 between the trunk and Session Manager1.

• Session Flow 2 between Session Manager2 and the remote worker.

• Session Flow 3 for hairpin flow between the trunk and the remote worker.

To add a session flow:

1. Verify that you have provisioned enough RTC ports for the media interface in the direction of the enterprise network.

   For example, if you require 1000 ports for calls, you must provision 2000 ports for RTP-used even ports and RTCP-used odd ports. To add SIPREC, you must provision another 4000 ports inside and outside RTP to the CXone AudioCodes SBC server.

2. Log in to the EMS Web interface with administrator credentials.

3. In the left navigation pane, select Network & Flows > Session Flows.

4. In the Application pane, click the Avaya SBCE device for which you want to create a new session flow. The Content Area displays the session flows currently defined for that Avaya SBCE device.

5. Click Add.

   View image

   

6. In the Edit Flow window, in the Flow Name field, type the name of the session flow.

7. For the URI Group #1 and URI Group # 2 fields, choose one of these options:

   • Select the URI group policy that will be used to identify the source or destination of the call and to restrict the calls recorded by Avaya SBCE.

   • Leave the default value * to record all calls.

8. For the Subnet #1 and Subnet #2 fields, choose one of these options:

   • Type the subnet addresses. You can specify the source and destination subnet addresses.

   • Leave the default value * to record all calls.

9. In the SBC IP Address field, select the network name (host name) and IP address of the Avaya SBCE.

10. In the Session Policy field, select the session policy that you created for the Recording Server in Create a Session Policy.

11. Click Finish.

Create a Server Flow

A server flow must be created for each Recording Server.

For a remote worker configuration, create a server flow for a remote worker. Verify that the remote worker A1 interface is set as the received interface and that the Avaya SBCE interface towards the recorder is set as the signaling interface for the server flow.

To create a new server flow manually:

1. Log in to the EMS Web interface with administrator credentials.

2. In the left Navigation pane, navigate to Network & Flows >End Point Flows.

3. The Application pane lists the registered Avaya SBCE security devices to which the new flow will be applied. The content area displays a specifically ordered list of Subscriber or Server call flows for the selected Avaya SBCE security devices.

4. From the Application pane, select the Avaya SBCE device for which the new Server End-Point Flow is being created. The system displays the End-Point Flows screen, showing the flows that are currently defined for that Avaya SBCE.

5. Click the Server Flows tab.

6. Click Add.

   View image

   

7. In the Edit Flow window, enter the information in the fields.

8. Click Finish.