User's Manual
Avaya Branch Gateway Manager 10.0 Page 105
15-601011 Issue 29r (Friday, November 02, 2012)B5800 Branch Gateway
Menu Bar Commands: Configuration Mode: File Menu
· Secure Communications: Default = On.
When selected, any service communication from Branch Gateway Manager to the system uses the TLS protocol. This
will use the ports set for secure configuration and secure security access. It also requires the configuration and or
security service within the system's security configuration settings to have been set to support secure access.
Depending on the level of that secure access selected, it may be necessary for the Manager Certificate Checks
below to be configured to match those expected by the system for configuration and or security service. See Security
Administration .
· When Secure Communications is set to On, a padlock icon is displayed at all times in the lower right
Branch Gateway Manager status field.
· New installations of Branch Gateway Manager default to having Secure Communications enabled. This
means Branch Gateway Manager by default attempts to use secure communications when opening a
configuration.
· If no response to the use of secure communication is received after 5 seconds, Branch Gateway Manager will
offer to fallback to using unsecured communications.
· Manager Certificate Checks:
When the Secure Communications option above is used, Branch Gateway Manager will process and check the
certificate received from the system. This setting can only be changed when a configuration has been opened using a
user name and password with Administrator rights or security administration rights.
· Low
Any certificate sent by the system is accepted.
· Medium
Any certificate sent by the system is accepted if it has previously been previously saved in the Windows' certificate
store. If the certificate has not been previously saved, the user has the option to review and either accept or reject
the certificate.
· High
Any certificate sent by the system is accepted if it has previously been previously saved in the Windows' certificate
store. Any other certificate cause a log in failure.
· Certificate Offered to IP Office: Default = none
Specifies the certificate used to identify Branch Gateway Manager when the Secure Communications option is used
and the system requests a certificate. Use the Set button to change the selected certificate. Any certificate selected
must have an associated private key held within the store:
· Select from Current User certificate store - Display certificates currently in the currently logged-in user store.
· Select from Local Machine certificate store.
· Remove Selection – do not offer a Branch Gateway Manager certificate.
Security – Registry Settings
· WARNING: Changing Windows Registry Settings
Avaya accept no liability for any issues arising from the editing of a PC’s registry settings. If you are in any doubt
about how to perform this process you should not proceed. It is your responsibility to ensure that the registry is
correctly backed up before any changes are made.
NOTE: Before manually editing any registry entry, the following Microsoft support articles should be read:
· http://support.microsoft.com/kb/256986
· http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key.mspx
Branch Gateway Manager stores it’s security preferences in the Windows Registry. The following key affects manager
security operation; it’s values may only be changed by a configuration or security administrator:
· HKEY_CURRENT_USER\Software\Avaya\IP400\Manager\Security\
In order to prevent circumvention by manual editing of the Windows Registry, Regedt32.exe, the native registry editor,
allows an operator user (with Full Control permissions) to edit permissions on a per key basis.
To prevent a user from manually editing the security preferences, the HKEY_USERS\User GUID\Software\Avaya\IP400
\Manager\Security key permission should be set to ‘Read’ only for that user. Ensure that all child object permissions are
replaced as well by using the ‘Advanced’ button.
To allows the security policy of all local PC users to be fixed, a set of values in the key
HKEY_CURRENT_USER\Software\Avaya\IP400\Manager\Security\ may be created. This is tested and used in preference
to any value found under HKEY_CURRENT_USER\Software\Avaya\IP400\Manager\Security\.
This key is not created by the manager application.
65