Avaya Session Border Controller for Enterprise 7.

1
SP11 Release Notes

Release 7.1 SP11

Issue 1
July 2020

1
© 2020 Avaya Inc. All Rights Reserved.
© 2020 Avaya Inc. All Rights Reserved.

Notice

While reasonable efforts were made to ensure that the information in this document was complete and
accurate at the time of printing, Avaya Inc. can assume no liability for any errors. Changes and corrections
to the information in this document might be incorporated in future releases.
Documentation disclaimer

Avaya Inc. is not responsible for any modifications, additions, or deletions to the original published
version of this documentation unless such modifications, additions, or deletions were performed by
Avaya. Customer and/or End User agree to indemnify and hold harmless Avaya, Avaya's agents, servants
and employees against all claims, lawsuits, demands and judgments arising out of, or in connection with,
subsequent modifications, additions or deletions to this documentation to the extent made by the
Customer or End User.
Link disclaimer

Avaya Inc. is not responsible for the contents or reliability of any linked Web sites referenced elsewhere
within this documentation, and Avaya does not necessarily endorse the products, services, or information
described or offered within them. We cannot guarantee that these links will work all the time and we have
no control over the availability of the linked pages.
Warranty

Avaya Inc. provides a limited warranty on this product. Refer to your sales agreement to establish the
terms of the limited warranty. In addition, Avaya’s standard warranty language, as well as information
regarding support for this product, while under warranty, is available through the Avaya Support Web
site: http://support.avaya.com
License

USE OR INSTALLATION OF THE PRODUCT INDICATES THE END USER'S ACCEPTANCE OF THE TERMS
SET FORTH HEREIN AND THE GENERAL LICENSE TERMS AVAILABLE ON THE AVAYA WEB SITE
http://support.avaya.com/LicenseInfo/ ("GENERAL LICENSE TERMS"). IF YOU DO NOT WISH TO BE
BOUND BY THESE TERMS, YOU MUST RETURN THE PRODUCT(S) TO THE POINT OF PURCHASE WITHIN
TEN (10) DAYS OF DELIVERY FOR A REFUND OR CREDIT.

Avaya grants End User a license within the scope of the license types described below. The applicable
number of licenses and units of capacity for which the license is granted will be one (1), unless a different
number of licenses or units of capacity is specified in the Documentation or other materials available to
End User. "Designated Processor" means a single stand-alone computing device. "Server" means a
Designated Processor that hosts a software application to be accessed by multiple users. "Software"
means the computer programs in object code, originally licensed by Avaya and ultimately utilized by End
User, whether as stand-alone Products or pre-installed on Hardware. "Hardware" means the standard
hardware Products, originally sold by Avaya and ultimately utilized by End User.
License type(s)

Concurrent User License (CU). End User may install and use the Software on multiple Designated
Processors or one or more Servers, so long as only the licensed number of Units are accessing and using
the Software at any given time. A "Unit" means the unit on which Avaya, at its sole discretion, bases the
pricing of its licenses and can be, without limitation, an agent, port or user, an e-mail or voice mail account
in the name of a person or corporate function (e.g., webmaster or helpdesk), or a directory entry in the
administrative database utilized by the Product that permits one user to interface with the Software. Units
may be linked to a specific, identified Server.

2
© 2020 Avaya Inc. All Rights Reserved.
Copyright

Except where expressly stated otherwise, the Product is protected by copyright and other laws respecting
proprietary rights. Unauthorized reproduction, transfer, and or use can be a criminal, as well as a civil,
offense under the applicable law.
Third-party components

Certain software programs or portions thereof included in the Product may contain software distributed
under third party agreements ("Third Party Components"), which may contain terms that expand or limit
rights to use certain portions of the Product ("Third Party Terms"). Information identifying Third Party
Components and the Third Party Terms that apply to them is available on the Avaya Support Web site:

http://support.avaya.com/ThirdPartyLicense/
Preventing toll fraud

"Toll fraud" is the unauthorized use of your telecommunications system by an unauthorized party (for
example, a person who is not a corporate employee, agent, subcontractor, or is not working on your
company's behalf). Be aware that there can be a risk of toll fraud associated with your system and that, if
toll fraud occurs, it can result in substantial additional charges for your telecommunications services.
Avaya fraud intervention

If you suspect that you are being victimized by toll fraud and you need technical assistance or support, call
Technical Service Center Toll Fraud Intervention Hotline at +1-800-643-2353 for the United States and
Canada. For additional support telephone numbers, see the Avaya Support Web site:
http://support.avaya.com
Trademarks

Avaya and the Avaya logo are either registered trademarks or trademarks of Avaya Inc. in the United
States of America and/or other jurisdictions. All other trademarks are the property of their respective
owners.

Downloading documents
For the most current versions of documentation, see the Avaya Support Web site:
http://support.avaya.com
Avaya support

Avaya provides a telephone number for you to use to report problems or to ask questions about your
product. The support telephone number is 1-800-242-2121 in the United States. For additional support
telephone numbers, see the Avaya Support Web site: http://support.avaya.com

3
© 2020 Avaya Inc. All Rights Reserved.
Table of Contents
Overview.................................................................................................................................................. 5
Upgrade path........................................................................................................................................... 6
Rollback path ......................................................................................................................................... 11
Download files ....................................................................................................................................... 12
List of Security Updates ......................................................................................................................... 13
Known Issues ......................................................................................................................................... 13

4
© 2020 Avaya Inc. All Rights Reserved.
Overview
This document provides information about the new enhancements in ASBCE Release 7.1 Service Pack
11, and the known issues for this release. This build is only for JITC customers and supported only
using the “DoD” profile. This service pack is not supported with the “Normal” profile.

The latest documentation for the 7.1 release series is available on support.avaya.com.

No. Title Link

1. Avaya Session Border

Controller for Enterprise
Overview and Specification http://support.avaya.com/css/P8/documents/101026875

2. Deploying Avaya Session

Border Controller for
Enterprise http://support.avaya.com/css/P8/documents/101026879

3. Deploying Avaya Session

Border Controller in
Virtualized Environment http://support.avaya.com/css/P8/documents/101026877

4. Upgrading Avaya Session

Border Controller for
Enterprise http://support.avaya.com/css/P8/documents/101026883

5. Administering Avaya Session

Border Controller for
http://support.avaya.com/css/P8/documents/101026873
Enterprise

6. Troubleshooting and
Maintaining Avaya Session
http://support.avaya.com/css/P8/documents/101026881
Border Controller for
Enterprise

7. Avaya SBCE 7.x Security

Configuration and Best
https://downloads.avaya.com/css/P8/documents/101014066
Practices Guide

5
© 2020 Avaya Inc. All Rights Reserved.
Upgrade path
The following upgrade paths are supported. Both CLI- and GUI-based upgrades are supported; use of
the GUI is recommended.

1. 7.1 SP09 -> 7.1 SP11

2. 7.1 SP10 -> 7.1SP11

For information about the latest releases for 7.1, please refer to http://support.avaya.com.

Upgrade Instructions
Upgrades are supported on both hardware and VMware deployments. Please make sure that the
system being upgraded does support one of the upgrade paths mentioned above, and that all
upgrades are done during a maintenance window. If an upgrade is performed on a production
system, it is quite likely that active/ongoing calls will be dropped.

Note: Before starting with the upgrade, ensure that Avaya SBCE servers in the deployment have
unique hostnames. In case two or more servers have the same hostname, change the hostname. For
more information, see Troubleshooting and Maintaining Avaya Session Border Controller. Also,
please take a snapshot of the systems before proceeding with the upgrade.

In a multi-server deployment, the upgrade sequence for 7.1.X releases is:

1. Primary EMS
2. Secondary EMS
3. Avaya SBCE pair:
a. Avaya SBCE with lower node ID
b. Avaya SBCE with higher node ID

Note: (applicable for CLI, in GUI method lower node is selected automatically)You can find the node
IDs in /usr/local/ipcs/etc/sysinfo. Before upgrading, ensure that the EMS or Avaya SBCE with lower
node id is secondary to avoid losing ongoing calls.

Note:
Please refer to the “Upgrading Avaya Session Border Controller for Enterprise” document on the
Avaya Support site for upgrading the SBCE to the latest version.

6
© 2020 Avaya Inc. All Rights Reserved.
Upgrade EMS and SBCE using CLI:
Pre-requisites:
➢ PRE-REQ_1: If ASG is enabled on SBCE, perform below procedure before initiating upgrade.

a. Login to EMS and SBCE and switch user to root login.

b. Move /etc/asg/lacfile to /archive/backup/

mv /etc/asg/lacfile /archive/backup

c. Disable ASG Authentication.

Sbce-asg-control.py –u
d. After performing above steps from 1 to 3 and making sure other prerequisites are
checked, the upgrade can be started.

Note: To restore ASG authentication after the SBCE is upgraded to 7.1 SP11, copy the lacfile
to /etc/asg/ directory using below command while logged in as root user.
mv /archive/backup/lacfile /etc/asg/

Procedure:
1. Copy the Upgrade package, GPG signature file (ending with .asc file extension) and Key Bundle
file to /home/ipcs directory on the respective device (EMS, SBCEs) using ipcs user on port 222.
You can use SFTP or SCP tools to access the server.
2. Connect to the system using SSH client.
3. Using root login, move the upgrade tar file and GPG signature file (ending with .asc file
extension) from the /home/ipcs directory to /archive/urpackages directory.
4. Ensure that the md5sum of the upgrade tar file matches the checksum given in the name of the
file. You can use the md5sum command to verify whether the md5sum and the checksum match.
5. Create directory ‘sig’ under /home/ipcs directory.

mkdir /home/ipcs/sig

6. Copy the Key Bundle file (i.e. sbce-x.x.x.x-xx-xxxxx-signatures.tar.gz) tar ball to /home/ipcs/sig.
7. Change directory to /home/ipcs/sig and untar the key bundle file.

# cd /home/ipcs/sig

# tar -zxvf bce-7.1.0.11-26-19121-signatures.tar.gz

8. Run the below commands as root user to install the file.

# rpm --import RPM*

# cp –rf /home/ipcs/sig/RPM* /etc/pki/rpm-gpg/

7
© 2020 Avaya Inc. All Rights Reserved.
9. Check whether the /usr/local/ipcs/temp directory exists. If it does not exist, create the directory
by using the following command:

# mkdir /usr/local/ipcs/temp

10. As a root user delete the files in /usr/local/ipcs/temp directory

# rm -rf /usr/local/ipcs/temp/*

11. Untar the upgrade package to /usr/local/ipcs/temp.

# tar -zxvf /archive/urpackages/sbce-7.1.0.11-26-19121-

ac7d7d795937f3d3a4000493b1f877a7.tar.gz -C /usr/local/ipcs/temp/

The system extracts the upgrade tar file in the temporary directory.

12. Change the permission of ursbce file to make it executable

# cd /usr/local/ipcs/temp

# chmod +x ursbce.py

13. Start the upgrade using ursbce.py script.

#./ursbce.py --upgrade --daemonize

This step will reboot the system.

Upgrading EMS and SBCE using GUI

Pre-requisites:
➢ PRE-REQ_1: If ASG is enabled on SBCE, perform below procedure before initiating upgrade.
a. Login to EMS and SBCE and switch user to root login.
b. Move /etc/asg/lacfile to /archive/backup/

mv /etc/asg/lacfile /archive/backup

c. Disable ASG Authentication.

Sbce-asg-control.py –u
d. After performing above steps from 1 to 3 and making sure other prerequisites are checked,
the upgrade can be started.

Note: To restore ASG authentication after the SBCE is upgraded to 7.1 SP10, copy the lacfile
to /etc/asg/ directory using below command while logged in as root user.
mv /archive/backup/lacfile /etc/asg/

8
© 2020 Avaya Inc. All Rights Reserved.
Before you begin
Download the Upgrade package, GPG signature file (ending with .asc file extension) and Key Bundle
file i.e. sbce-x.x.x.x-xx-xxxxx-signatures.tar.gz file to a local or remote PC using Avaya Product
Licensing and Delivery System (PLDS). Please refer to Download files section for information on files
to be downloaded.

About this task

Uploading larger files using a browser can sometimes be unreliable, especially when using older
browser versions such as Internet Explorer (IE7, IE8), or Firefox 3.x. Uploading large files through a
browser might result in a failed upload or checksum error.

Upgrading EMS:

Procedure
1. Log in to the EMS web interface with administrator credentials.
2. In the left navigation pane, click System Management. The system displays the System
Management screen.
3. Click the Key Bundles tab.
4. In Upload Key Bundle, click the Choose File button to upload Key Bundle File (sbce-7.1.0.11-26-
19121-signatures.tar.gz).
5. Click Upload.
6. Click the Updates tab.
7. In System Upgrade, select Upgrade from uploaded file.
8. Upload the Upgrade package by clicking on the Choose File button. Navigate to the folder
containing the downloaded upgrade file(sbce-7.1.0.11-26-19121-
ac7d7d795937f3d3a4000493b1f877a7.tar.gz) and upload it.
9. Upload the Signature file by clicking on the Choose File button. Navigate to the folder containing
the downloaded GPG signature file(sbce-7.1.0.11-26-19121-
ac7d7d795937f3d3a4000493b1f877a7.tar.gz.asc) and upload it.
10. Click Upgrade.
The system starts uploading package and shows the status of upload in a pop-up window.
11. After the package gets uploaded successfully, click Start Upgrade.
The system displays Upgrade Status screen with the upgrade log file in a viewable window.
After the upgrade is complete, the system displays the Return to EMS tab.
12. Click Return to EMS to log back into EMS.
13. Login to EMS and verify the version to see if upgrade was successful.

Upgrading HA SBCE Pairs

Before you begin

Ensure that EMS servers are upgraded before upgrading HA pairs and status of HA SBCEs is
“Commissioned (Upgrade required)”

About this task

With this procedure, you can upgrade Avaya SBCE devices that are in HA pairs. For more than one
Avaya SBCE pair in HA, repeat the procedure for each HA pair.

Procedure
1. In the Updates tab, click System Management and then click Upgrade.
The system displays the Upgrade Devices window.
2. Select the check box for HA-SBC device to be upgraded.

9
© 2020 Avaya Inc. All Rights Reserved.
Note: SBCE automatically chooses the SBCE out of a HA SBCE pair that needs to be upgraded first
and allows the user to choose only that SBCE. The checkbox for the other SBCE in HA pair is greyed
out.
3. Click Next.
The system displays a window that states that the Device is upgraded.
4. Click Finish.
The system displays the Upgrade Devices window.
5. Select the check box for the other SBCE in HA pair to be upgraded.
6. Click Next.
The system displays the message that the Device is upgraded.
7. Click Finish.
After the EMS software has been upgraded, the system displays the following status for
SBC boxes and HA pairs on the Updates tab:
One or more devices are in an upgrade required state. If you would like to upgrade these devices
now, please click the Upgrade button below.
You may also choose to rollback your EMS at this point.
HA system pairs and all other SBC systems must be upgraded before this message is resolved.

Upgrading Avaya SBCE servers

Before you begin

Ensure that the EMS servers are upgraded before upgrading Avaya SBCE servers.
About this task
This procedure upgrades Avaya SBCE servers that are not in an HA pair. When more than one Avaya
SBCE server is available, repeat this step for each Avaya SBCE server.
Procedure
1. In the left navigation pane, click System Management > Upgrade.
The system displays the Upgrade Devices message box.
2. Select the check box next to the devices that you want to upgrade.
The devices can be upgraded one at a time or as a group. If you select more than one device, the
devices are put in a queue and upgraded one at a time.
3. Click Next.
The system displays a message box indicating that the device is upgraded.
4. Click Finish.
After the EMS software has been upgraded, the following message is displayed for SBC boxes and HA
pairs on the Updates tab:
One or more devices are in an upgrade required state. If you would like to upgrade these devices
now, please click the Upgrade button below.
You may also choose to rollback your EMS at this point.
HA system pairs and all other SBC servers must be upgraded before this message is resolved.

10
© 2020 Avaya Inc. All Rights Reserved.
Rollback path
Following rollback paths are supported:

1. Rollback from 7.1 SP11 →7.1 SP09

2. Rollback from 7.1 SP11 →7.1 SP10

For more information refer to Rollback procedure.

Note: SBCE with lower node id is rolled back first. Node id can be found in
/usr/local/ipcs/etc/sysinfo file.

Rollback sequence

In a multi-server deployment, the rollback sequence is:

1. Primary EMS
2. Secondary EMS
3. Avaya SBCE pair:
c. Avaya SBCE with lower node ID
d. Avaya SBCE with higher node ID

You can find the node IDs in /usr/local/ipcs/etc/sysinfo. Before upgrading, ensure Avaya SBCE with
lower node id is secondary to avoid losing ongoing calls in HA setup.

11
© 2020 Avaya Inc. All Rights Reserved.
Rollback from 7.1 SP11 to 7.1.x release

Procedure
1. Create a temp folder in path /usr/local/ipcs/
2. Untar the rollback package to temp directory.
cd /usr/local/ipcs/temp
tar –zxvf /archive/urpackages/<7.1 Spx package.tar.gz>
3. Run pre rollback script.
sh /usr/local/ipcs/icu/scripts/pre_rollback.sh
4. Run the ursbce.py script for rollback
./ursbce.py --rollback --daemonize

Download files
Name Description
sbce-7.1.0.11-26-19121- Upgrade file required for upgrading to 7.1 SP11.
ac7d7d795937f3d3a4000493b1f877a7.tar.gz

Download ID: SBCE0000190

md5sum: ac7d7d795937f3d3a4000493b1f877a7

This is a signatures tar file that consists of required

integrity check keys used for all packages on SBCE
sbce-7.1.0.11-26-19121-signatures.tar.gz system. It is uploaded in key bundles under System
management.
Download ID: SBCE0000192

md5sum: 8ad1ab16d1619e37a73ba5a6cd5078a1

sbce-7.1.0.11-26-19121- SHA2 Signature for Upgrade Package. This will be used

ac7d7d795937f3d3a4000493b1f877a7.tar.gz.asc to validate the upgrade package integrity.

Download ID: SBCE0000192

md5sum: 091cd1f970279b91ac5b1c45d2bb904a

12
© 2020 Avaya Inc. All Rights Reserved.
List of Security Updates
Advisory Synopsis Severity Product Publish
Date

https://access.redhat.com/errata/RHSA- tomcat6 Important Red Hat 11 Jun

2020:2529 security update Enterprise 2020
Linux
Server (6)

https://access.redhat.com/errata/RHSA- bind security Important Red Hat 03 Jun

2020:2383 update Enterprise 2020
Linux
Server (6)

https://access.redhat.com/errata/RHSA- java-1.8.0- Important Red Hat 21 Apr

2020:1506 openjdk Enterprise 2020
security update Linux
Server (6)

https://access.redhat.com/errata/RHSA- icu security Important Red Hat 19 Mar

2020:0896 updat Enterprise 2020
Linux
Server (6)

https://access.redhat.com/errata/RHSA- kernel security Moderate Red Hat 10 Jun

2020:2430 and bug fix Enterprise 2020
update Linux
Server (6)

https://access.redhat.com/errata/RHSA- microcode_ctl Moderate Red Hat 10 Jun

2020:2433 security, bug fix Enterprise 2020
and Linux
enhancement Server (6)
update

Known Issues
• For ASG enabled systems:
a. init, craft, inads, sroot login from CONSOLE works fine.
b. init, craft, inads login works fine on ssh login. We must press Enter thrice at login prompt to
get the challenge and product id.
c. init, craft, inads login works fine from the GUI, when tomcat is restarted as user root, this is a
work around with 7.1 SP11 release.

13
© 2020 Avaya Inc. All Rights Reserved.
 d. After logging in as user init with asg challenge and response, su - sroot, will not give
challenge and response. This is a known limitation. If there is a requirement to login as sroot,
please login directly as user sroot to get challenge and response from the console.

• Adding a new SBCE on 7.1 SP11 EMS fails

1. Before adding new SBCE to 7.1 EMS, upgrade new SBCE to 7.1 SP11 from CLI by using the
following steps.
2. Copy 7.1 SP11 upgrade package to new SBCE using ipcs user login on port 222.
3. Login into SBCE and switch user to root.
4. Move the 7.1 SP11 upgrade to /archive/urpackages.
mv /home/ipcs/<sbce-7.1.0.11.xxxx.tar.gz> /archive/urpackages/
5. Clear /usr/local/ipcs/temp directory and extract the 7.1 SP11 upgrade package into it.
rm –rf /usr/local/ipcs/temp
tar –xvzf <sbce-7.1.0.11.xxxx.tar.gz> -C /usr/local/ipcs/temp
cd /usr/local/ipcs/temp
6. Start the upgrade by running below command.
./ursbce_ignoreNodeId.py -U --IgnoreNodeId --daemonize"
7. After the SBCE gets upgrade successfully, add the SBCE to existing EMS.

14
© 2020 Avaya Inc. All Rights Reserved.