Avaya Clients Take Action: SAL Gateway
Upcoming industry changes in SHA encryption standards will affect remote operations for the Avaya Aura Communication Manager family of products. To maintain remote services provided by either Avaya or SPS, most existing implementations of Secure Access Link (SAL) gateway capabilities will require updates and upgrades.
Existing SAL capabilities are provided by client-premises implementations of SAL Gateway, Secure Services Gateway (SSG), and virtualized SAL capabilities. Each enables Avaya and SPS to remotely connect to Avaya products for:
- Monitoring of mission-critical solution elements
- Alarm response services
- Ability to remotely troubleshoot and resolve incidents
- Remote administration
Older releases of these applications depend on the Secure Hash Algorithm 1 (SHA-1) standard to ensure the security of remote-access connections. The industry’s move to the more-secure SHA-2 standard has prompted Avaya to announce End of Service for applications dependent on SHA-1. SHA resolution strategies for Avaya products have been announced by the manufacturer.
To maintain the service levels that they have come to expect from SPS, clients will need to select and implement a remediation strategy by December 31, 2016. Common SAL Gateway configurations are listed below, with remediation steps for each product:
|Secure Services Gateway||Avaya is moving all releases and associated material codes to End of Support status, effective October 1, 2016. Without remedial action, covered Avaya systems will “go dark” to Avaya and SPS on December 31, 2016, degrading the service level for these products.||
Upgrade and update SAL Gateway to:
|SAL Gateway 1.x|
|SAL Gateway 2.x||All systems will require an upgrade to software release 2.5 with SP2.*|
|System Platform, vSAL||
Avaya System Platform is an application virtualization suite that can be deployed to a client-sourced virtualization server or the embedded server provided by Avaya.
System Platform supports SHA-2 with releases 6.3.1 and higher.*
Upgrade and update System Platform as follows:
|System Platform, Embedded|
*NOTE: Implementation of minor, “dot” releases is covered by SPS service offer “Minor Software Release Management”, if ordered.
For some companies, the most effective response to this upgrade event may be to migrate from an existing Embedded System Platform or vSAL to a stand-alone SAL Gateway that serves the client’s entire Avaya implementation. Others may find the best value by upgrading to Avaya Aura Communication Manager release 7, which includes SHA-2 support.
If clients choose not to remediate the SHA-1 expiration issue, SPS and Avaya will continue to provide client-initiated phone support as provided under existing support contracts. Without a SHA-2 certified SAL connection, remote monitoring, alarming, troubleshooting and remediation capabilities will be lost.
To explore any of the above options, clients should contact their SPS representative and request a proposal for the option best suited to their business. SPS has also prepared a new Q&A video to provide background on SAL Gateway and the options that SPS recommends to our clients: SPS TechBeat: SHA Encryption Standards.