The CPaaS platform is built using several technologies including Kubernetes, Kamailio, MySQL and others. The platform is hosted on Google’s Cloud Platform (GCP).
This diagram shows the overall architecture of the platform.
As the documentation shows, the voice communication between the voice providers and Kamailio, and between Kamailio and the voice servers, is entirely SIP based. During regular functions, the voice servers or inflights will connect to the micro services over HTTPS or GPRC depending upon the service.
This diagram shows the flow of data and the encryption associated with each step.
Access to the CPaaS platform using the Browser Dashboard or the REST API is encrypted with a SHA256 EC-based algorithm, or RSA2048, depending on the client. Access to these items is available only using TLS 1.2 or TLS 1.3.
Voice Media (RTP) & Signaling (SIP) are not currently encrypted between Avaya CPaaS and its providers, or between CPaaS and customer SIP endpoints.
When sending recordings from the voice servers to S3 for storage, Avaya CPaaS uses HTTPS (not SFTP) to post the recordings.
Avaya CPaaS has a built-in un-subscription service. Customers are advised to use their own unsubscribe service (configure in the SMS Request URL of a number), but the native service is enabled by default. Recipients who unsubscribe from a message will be unsubscribed from the Avaya CPaaS account that sent the message, but not the “FROM” number.
DLRs (Delivery Reports/Receipts)
Level 1 DLRs are currently captured and are accessible via the logging APIs or the Logs dashboard.
DLR level 1s provide a summarized status description as shown below:
Level 2 DLRs (for SMS) are more granular and can be provided upon request.
By default, an Avaya Cloud account for CPaaS is limited to:
Note: These limitations are based upon the account, and not the phone number(s) assigned to the account.
By default, Avaya CPaaS will send out a low balance notification to the email associated with the Avaya Cloud account when the account balance reaches $2.00. The threshold amount can be adjusted upon request to email@example.com.
The following security services are provided by the various applications employed by the system.
Server Hardening (Google)
System Security (Docker)
CPaaS Application SDLC (Avaya)
Data Management (All)
Access & Control (All)
© 2018 Avaya Inc. All Rights Reserved.
10 Dec 2018