Avaya Diagnostics Server
SAL Onboarding
Avaya SAL (Secure Access Link) is a software solution made up of a few components. For purposes of this document we will focus on the SAL Gateway which is an OVA that is deployed at the customer's premise and communicates with the Avaya Business Partner Remote Access Concentrator and Avaya Alarming Server.
SAL Gateway
The Avaya SAL gateway also known as the Avaya Diagnostics Server is a Linux based host that resides on the customer’s network. The SAL gateway serves 2 functions;
- relay’s any SNMP traps sent from Avaya devices
- Provide remote access to Avaya devices for intlx Solutions engineers and Avaya engineers
Avaya SAL Remote Access Concentrator
This server(s) runs at an Avaya data center and Avaya is responsible for this server and its maintenance. The remote access concentrator is used by intlx Solutions engineers and or Avaya engineers to gain remote access into a customers devices that are listed in the customer’s SAL gateway.
Avaya Alarm Concentrator
The Avaya Alarm Concentrator runs at Avaya's data center and listens to incoming messages from SAL servers running at customers premises. These alarm messages are sent from a customers SAL gateways when alerts occur within the UC environment. These alerts are then relayed into intlx Solutions CRM solution to alert our services team.
Security
All remote access connections to the Avaya devices through the SAL gateway are logged on both the Avaya SAL concentrator and the SAL gateway on site. Each time a remote access request is placed by intlx Solutions or Avaya it sits in a queue. The SAL gateway on the customer’s premise reaches out every 30 seconds to the following hosts on TCP port 443 to check for connection requests on the Avaya Remote Access Concentrator.
- Outbound to remote.sal.avaya.com tcp port 443 ip address 135.11.107.20
- Outbound to secure.alarming.avaya.com tcp port 443 ip address 198.152.220.247
The traffic for this solution is all initiated outbound from the SAL gateway so no inbound firewall rules are needed.
Depending on what devices are being monitored by the SAL gateway there may be different ports needed between the SAL gateway on the customer’s premise and the equipment being monitored. For example a Windows host will need port 3389 for remote desktop opened between the SAL gateway and the Windows host. Whereas a Linux server may only need port 22 opened between the SAL gateway and the Linux host. A list of supported SAL devices and their required ports are listed in the following document.
Supporting Documents
