AVAYA AIC DEPLOYMENT PLAN – PART 3

AVAYA AIC DEPLOYMENT
Network Topology and Configuration Guidelines –Introduction
General guidelines for network topology and configuration will be discussed for the following aspects:
?Network security
?Avaya IC 7.2 communication protocol
?WAN and LAN connections
?Multiple network cards

?Firewall guidelines

Network topology and configuration have a direct impact on the performance of Avaya IC client-server communications.
You can consult with network specialists to determine the optimal network configuration. General guidelines are discussed for network topology and configuration that typically result in good performance and reliability for Avaya IC for the following aspects:
Network security
Avaya IC 7.2 communication protocol
WAN and LAN connections
Multiple network cards
Firewall guidelines

Network security

 Make sure that the network provides a minimum of the following security measures for all computers that host Avaya IC servers and applications:
?Secure physical location
?Properly-administered user IDs and permissions
?Protection from network-based attacks
?Regular review of program logs

Avaya IC Communication Protocol

Avaya IC components use TCP/IP to communicate across the network. Consult the documentation for your network to determine the bestconfiguration to support this communication protocol.

WAN and LAN connections
In comparison to WAN connectivity, LAN connectivity has:
?Higher bandwidth
?Lower delay
?More stability
If your Avaya IC system includes multiple sites that are connected by WANs, Avaya IC assumes and requires reliable WAN connections for proper operation and performance.

In general, LAN connectivity has higher bandwidth, lower delay, and is more stable than WAN connectivity.
If your Avaya IC system includes multiple sites that are connected by WANs, Avaya IC assumes and requires reliable WAN connections for proper operation and performance. Avaya IC requires that backup services be configured on the same LAN. This helps to avoid the increased latency and limited bandwidth when failover occurs across a WAN.

Multiple Network Interface Cards

When you plan the deployment of your Avaya IC system, consider the following guidelines:
?First physical NIC
?ORB server and multiple NICs
?Multiple NICson Web chat computer
?Communication Manager switches and software
?Telephony licensing keys

Plan the assignment of your Network Interface Cards (NICs) if the servers in your Avaya IC configuration include a supported Windows operating system.
If you do not configure the correct NIC for Avaya IC, your system may have problems with NIC driver conflicts, Windows operating system errors, and Avaya IC errors.
When you plan the deployment of your Avaya IC system, consider the following guidelines:
First physical NIC: WebLM supports all the NICs that are available on the computer. The license file could have the MAC address associated with any of the NICs available on the server. WebLM accepts the license file if either of the MAC addresses on the server match the MAC address in the license file. It is recommended that the first physical NIC on the computer be used for:
The NIC closest to the central processor and is connected to the LAN or WAN
The system default NIC in the registry of a Windows computer

Information: To verify the location and the physical address of the first physical NIC on the computer that hosts the Web License Manager, see “Troubleshooting for license files” in IC Installation Planning and Prerequisites.
You must exercise caution when you add a NIC to the computer that hosts Web License Manager, or if you replace a NIC on that computer. Avaya IC license files are defined with the physical address of the NIC. If the physical address changes, the Web License Manager and the Avaya IC system cannot function.

ORB server and multiple NICs: If an ORB server runs on a computer with multiple NICs, you must configure Avaya IC with the IP address for the first network interface card on the computer. The ORB server cannot run on any other NIC.

Multiple NICs on Web chat computer: If the computer that hosts Web Chat has multiple NICs, assign a different DNS to each NIC. For example, the computer that hosts Web Chat usually has two interfaces: one for external access from the internet, and one for internal access from the intranet. If both NICs have the same DNS, an agent connection for a Web Chat can result in the SSL connection airpinning through the external firewall.

Communication Manager switches and software: If your Avaya IC system includes a Telephony server that will communicate with Communication Manager switch and software: If the Telephony server connects to an AE Services computer, the computer that hosts the Telephony Server does not require a secondary NIC. You can use the public network for communication between the Telephony server and the Communication Manager switch and software.

Telephony licensing keys: Telephony licensing keys are written to the registry of the computer that hosts the Telephony server. If you change the IP address of the primary NIC or change the primary NIC on that computer, the licensing will be void and your Telephony server will not function properly

Firewall Guidelines for Avaya Agent
To provide security for the network, Avaya IC assumes that the customer Web site for Web Management is located in the DMZ of the network, between thefollowing two firewalls:
?Firewall between the Web site computer and the internal network where the Avaya IC servers are deployed
?Firewall between the Web site computer and the internet

The firewall is a hardware and software component of the network infrastructure. Firewalls can:
Block certain network traffic in each direction
Perform IP address translation in both directions
Unexpectedly break connections
To provide security for the network, Avaya IC assumes that the customer Web site for Web Management is located in the DMZ of the network, between the following two firewalls:
Firewall between the Web site computer and the internal network where the Avaya IC servers are deployed
Firewall between the Web site computer and the internet
The firewall policy and design have a direct impact on the deployment and performance of Avaya IC components, such as Web Management servers

Firewall Guidelines for Avaya Agent (Continued)

DNS domains: In your network, servers outside the firewall may be in a different DNS domain from servers inside the firewall.
Deployment of Avaya IC components outside firewall: To make sure that customers do not have direct access to your network, deploy the Web site outside the firewall.Communication through the firewall: Web Management and Email Management

DNS domains: In your network, servers outside the firewall may be in a different DNS domain from servers inside the firewall. Typically, DNS domains outside the firewall cannot resolve the names of DNS domains inside the firewall.

Deployment of Avaya IC components outside firewall: Customers require direct access to the Web Management Web site to search the Web Self-Service database, or initiate chat contacts with agents in your contact center. Customers can also initiate e-mail contacts from the Web site. To make sure that customers do not have direct access to your network, deploy the Web site outside the firewall.

Communication through the firewall: Web Management and Email Management components on the Web site must communicate with components inside the firewall. This communication might require additional configuration of the operating system on computers that host these components. For example, you might need to add IP addresses to the Hosts table of the operating system on each computer.

Network and Firewall Requirements for Avaya Agent Web Client

If there is a firewall between the agent computers that run Avaya Agent Web Client and the computer that hosts Webconnector, you must open two configurable ports:
?The first port allows incoming HTTP traffic to the server
?The second port permits the server to notify the client of events

For Avaya Agent Web Application deployments, the agent desktop, HTTP server, and application server must be on the same network. The Avaya Agent Web Client does not work across the public internet that might include proxy or network address translation (NAT) devices. Avaya IC 7.2 does not support network address translation for agent desktops. Remote agent desktops must be connected to the network hosting the application server by means of a VPN.
If there is a firewall between the agent computers that run Avaya Agent Web Client and the computer that hosts Webconnector, you must open two configurable ports. The two ports are required because Avaya Agent Web Client receives data in real-time rather than by polling. The first port allows incoming HTTP traffic to the server. The second port permits the server to notify the client of events. If there is a proxy server, Avaya Agent Web Client can use the proxy server. However, the IP address of the Avaya Agent Web Client must be identifiable and reachable from the computer that hosts Webconnector