Unified Communications

So I am trying to get my head wrapped around some concepts that are still a bit new to me... (So apologize now for some rudimentary questions)

We are pathing our way to using J-Series SIP Phones and Avaya Workplaces... I understand that the interface between Avaya Workplaces and our infrastructure will pass through both the SBC/AADS (For authentication) and we have this working in a very basic fashion... I may be advising our enterprise to also look at adding the 2 Factor Authentication system we currently use as well. So I have a pretty basic understanding of this setup (No expert here), but was wondering how other enterprises have their AADS setup, and any pitfalls we need to be watching for.

But a question that keeps coming up is, how do we handle the physical J Series phones, and their SIP Passwords required to authenticate?  We know that it has to be highly complex (Because we don't want them hacked from the outside world), but we don't want the end user to have to memorize a long complex password just to get their J Series phone working (and I am talking both for Internal Users, as well as any Remote Users we may issue a J Series phone too).

In our testing of J Series phones, we have manually configured a SIP Password to assign to the phone, but to do this for a large enterprise is not sustainable, so is there any suggestions on how we should be approaching this? I know that the SMGR can generate a random password, but I missing the step on how that can be passed to the J Series phone.

Again - sorry for some very vague/basic questions here, I am learning this whole process on the fly, so it's been a little bit all over.

Thanks,

------------------------------
James Davis
Voice and Data Senior Engineer
University of Nebraska Medical Center
Omaha NE
------------------------------

Original Message:
Sent: 3/17/2022 12:09:00 PM
From: James Davis
Subject: Best Practices for SIP Passwords (Especially for Remote Workers)

So I am trying to get my head wrapped around some concepts that are still a bit new to me... (So apologize now for some rudimentary questions)

We are pathing our way to using J-Series SIP Phones and Avaya Workplaces... I understand that the interface between Avaya Workplaces and our infrastructure will pass through both the SBC/AADS (For authentication) and we have this working in a very basic fashion... I may be advising our enterprise to also look at adding the 2 Factor Authentication system we currently use as well. So I have a pretty basic understanding of this setup (No expert here), but was wondering how other enterprises have their AADS setup, and any pitfalls we need to be watching for.

But a question that keeps coming up is, how do we handle the physical J Series phones, and their SIP Passwords required to authenticate?  We know that it has to be highly complex (Because we don't want them hacked from the outside world), but we don't want the end user to have to memorize a long complex password just to get their J Series phone working (and I am talking both for Internal Users, as well as any Remote Users we may issue a J Series phone too).

In our testing of J Series phones, we have manually configured a SIP Password to assign to the phone, but to do this for a large enterprise is not sustainable, so is there any suggestions on how we should be approaching this? I know that the SMGR can generate a random password, but I missing the step on how that can be passed to the J Series phone.

Again - sorry for some very vague/basic questions here, I am learning this whole process on the fly, so it's been a little bit all over.

Thanks,

------------------------------
James Davis
Voice and Data Senior Engineer
University of Nebraska Medical Center
Omaha NE
------------------------------