Understanding AYAYA AURA Devise Services

Posted by David Lover on Feb 14, 2019 10:00:00 AM

Find me on:

Fourteen ConvergeOne thought leaders presented at Avaya ENGAGE 2019. They'll be sharing highlights from their sessions in a blog series over the next several weeks, so check back for the next installment.

During my sessions at Avaya ENGAGE, a technology area that generated a lot of buzz was Avaya Equinox. Equinox is Avaya’s mobile and collaboration soft client for its Aura platform. It’s a service aggregator combining things like VoIP, EC500 Dialer, point-to-point video, full voice/video/content sharing conferencing, persistent chat, presence, calendar, enterprise directory lookups, and desktop integration (e.g., Outlook/web-based click-to-call) to deliver a consistent experience on Apple iOS devices, Android devices, Windows, and Mac.

With auto-configuration and ease of use, it’s easy to see why it’s getting a lot of attention. The biggest question I got is whether Avaya Aura Device Services (AADS) is required or optional. Technically, it is not required, but AADS adds some powerful capabilities that you will probably really want. I thought it would be good to take a quick dive into AADS, covering what I think are the four major things that it can add to your Equinox deployment.

LDAP Authentication of Equinox Clients

Customers have long asked me if there was a way to let their end-users log into Avaya Clients with their regular Active Directory credentials (i.e., the same login they use to access their computer accounts). AADS gives us that ability for Equinox. With AADS, users don’t have to know their extension or their SIP password. They’re simply asked for their regular network login and password. AADS will then discover what their extension and SIP password are and pass the information along to the Equinox client so that the client can log in correctly. The important piece to know here is that AADS does not eliminate the need for good, solid, complex end-user passwords. Equinox is technically not logging in with AD credentials. It’s simply using AD to get permission to tell the Equinox Client what that user’s extension and password are.

Contact Services

Equinox has the full capability to access LDAP for directory searches without the need for AADS, but there is no security person in the world that will let that LDAP access be exposed to the Internet. Without that external access, you’d get great access to the Global Address List—as long as you’re inside the network. As soon as you leave, those lookups will fail, because there’s no firewall rules or NAT-ing that will be allowed to be put in place to provide that external access. To solve this consistent access issue, AADS provides a proxied access to LDAP. AADS sits inside the network and has access to the LDAP directory. When Equinox needs to do a Directory look up, it asks AADS to do it on its behalf. The connection between Equinox and AADS is secured with strong SHA-2 TLS certificates and is done with web service calls, not exposed LDAP queries. If secure Enterprise Directory Lookups are an important component to your Equinox deployment (both inside the network and out on the Internet), then I think AADS needs to be a required component. AADS’s Contact Services also helps users manage and store contact details, including users’ headshot pictures, and makes them available across all of the user’s devices.

Dynamic + Customized Configurations for Users + Groups

Prior to AADS, if you wanted to provide unique device settings to different groups of endpoints, you’d have to either create multiple settings files (and get really creative about how to point those specific users to the different settings files) or set up Endpoint IP Groups, and use the $GROUP variable in the settings file to apply specific settings to specific group numbers. While that would allow you to use fewer settings files, the files you’d have to create could get pretty ugly. With AADS, the parameters we typically include in a settings file can be applied to different scopes, such as Global, LDAP Group, Platform (iOS, Android, Windows, or Mac), or User. Then, AADS dynamically generates a personalized settings file, on the fly, for a specific user that is logging in. It’s no longer a static settings file. That’s a power concept in and of itself. There’s no longer a need to keep a readable settings file accessible on the Internet. Granted, we don’t typically include sensitive date in a settings file, but this gives security people the warm and fuzzies that nothing is exposed.

The other really cool aspect of this dynamic configuration, with the inherently enhanced security, is that you can now add sensitive information to the settings file. Maybe you want to pass the unique Moderator and Participant Codes for a particular user logging in—or even a user’s extension and SIP password. Hint: This is actually how AADS passes the user’s extension and SIP password to Equinox for that first “LDAP Authentication” topics we talked about. As the user logs in, AADS builds a unique settings file, securely passes it to Equinox, and then deletes the file. This is a very powerful addition to Equinox.

Web Deployment Service

It’s generally a good idea to keep end users appropriately “current” with their software. With new releases, bugs get fixed, security gets strengthened, and new features get added. For a consistent user experience, it’s important that those users are working with consistent, universally deployed software. With modern, agile application development, we’re constantly getting new versions of applications. iOS and Android versions of this model are easy. iTunes and Google Play Store are always letting you and your device know that there’s a new version available, and they make it super easy to apply the updates. With desktop platforms like Windows and Mac, however, the process is not nearly as seamless. To make this easier, AADS offers a Web Deployment model for notifying users and their devices of new versions of software. Like with the mobile platforms, the user is prompted to push the install button, and moments later they’re running the new version of Equinox. Unlike iTunes and Google Play Store, AADS lets administrators control the release and deployment of the Equinox clients.

Are there some caveats? Of course. You should know that AADS was introduced with version Avaya Aura 7.0.1, and it has a tight integration to System Manager and Session Manager, so both of those need to be on at least 7.0.1, as well. AADS was introduced to focus very much on Equinox, but last year, Avaya introduced some very basic settings file management for J100 series hard phones, as well as 9600 SIP/H.323 phones. We’re all hopeful that the full AADS support will be added for these additional hard phones.

Even though AADS is not required for an Equinox deployment, I’ve got four pretty significant reasons why it’s a really good idea to include AADS—and best of all, we’ve got some great internal expertise at ConvergeOne. Our Professional Services Team has the skill and experience to deploy the full Equinox stack, including AADS.



ConvergeOne is a 14-time Avaya Business Partner of the Year, with more than 1,500 certifications. Learn more about our partnership with Avaya.


Topics: Avaya


David Lover
David Lover  -- David is a leader in our Office of the CTO and works with every part of the business. From Sales to Professional Services, from senior leadership to end-users, from overall business strategy to nuts and bolts technical understanding, his skills at identifying, articulating, and managing our strategic technology direction to customers, partners, and employees sets ConvergeOne apart as a leader in our industry. David is a former Senior Engineer at Lucent Technologies and Avaya and has applied communications technologies in a business environment for large Fortune 500 and Enterprise multi-site corporations. David is a nationally recognized keynote speaker and presenter at numerous industry conferences, forums, and seminars across the United States. He has built tremendous, strategic relationships with analysts and manufacturers alike, insuring relevancy and the best possible “future state” outcome for ConvergeOne and its customers.