Architecture and Security Guide

Security and Compliance


Access to the CPaaS platform using the Browser Dashboard or the REST API is encrypted with a SHA256 EC-based algorithm, or RSA2048, depending on the client.  Access to these items is available only using TLS 1.2 or TLS 1.3.

Voice Media (RTP) & Signaling (SIP) are not currently encrypted between Avaya CPaaS and its providers, or between CPaaS and customer SIP endpoints.

When sending recordings from the voice servers to S3 for storage, Avaya CPaaS uses HTTPS (not SFTP) to post the recordings.

Un-Subscription Service

Avaya CPaaS has a built-in un-subscription service.  Customers are advised to use their own unsubscribe service (configure in the SMS Request URL of a number), but the native service is enabled by default.  Recipients who unsubscribe from a message will be unsubscribed from the Avaya CPaaS account that sent the message, but not the “FROM” number.


  • 905-707-1234 (configured on Avaya CPaaS account SID – AC12323456219834198304) sends a message to John Smith (647-123-4567).
  •  John Smith replied back with STOP, CANCEL, OR QUIT.
  •  647-123-4567 will block ALL future messages from Account SID AC12323456219834198304.


DLRs (Delivery Reports/Receipts)

Level 1 DLRs are currently captured and are accessible via the logging APIs or the Logs dashboard.

DLR level 1s provide a summarized status description as shown below:

  • View Call (queued, ringing, in-progress, completed, failed, busy, no-answer).
  • View SMS (sent, sending, queued, or failed).


Level 2 DLRs (for SMS) are more granular and can be provided upon request.


Per Account Limitations & Notifications

Account Limitations

By default, an Avaya Cloud account for CPaaS is limited to:

  • 1 SMS per second.
  • 1 Call per second.

Note:  These limitations are based upon the account, and not the phone number(s) assigned to the account.

Account Notifications

By default, Avaya CPaaS will send out a low balance notification to the email associated with the Avaya Cloud account when the account balance reaches $2.00.  The threshold amount can be adjusted upon request to support@zang.io.

Voice Specifications


  • G.711 is supported.
  • G.729 is not supported (this feature is planned for a future release).

Bandwidth Requirements

  • 87.2 Kbps per call leg.

Porting & SMS Enabling of Numbers

  1. Service supports the porting over of numbers for voice use.  This requires the customer to fill out a Letter of Authorization.  There is a one-time porting fee that varies based upon number location. There is also a recurring monthly fee (based on the number type and location).
  2. Service supports the SMS enablement of numbers for SMS use.  This requires the customer to fill out a Letter of Authorization.  A customer does NOT need to port over the voice portion of their number in order to enable SMS with the CPaaS service.  There is no setup fee, just the standard recurring monthly fee (based on number type and location).

Architecture & Connectivity

The CPaaS platform is built using several technologies including Kubernetes, Kamailio, MySQL and others.  The platform is hosted on Google’s Cloud Platform (GCP).


This diagram shows the overall architecture of the platform.



As the documentation shows, the voice communication between the voice providers and Kamailio, and between Kamailio and the voice servers, is entirely SIP based.  During regular functions, the voice servers or inflights will connect to the micro services over HTTPS or GPRC depending upon the service.

CPaaS Connectivity

This diagram shows the flow of data and the encryption associated with each step.

© 2018 Avaya Inc.  All Rights Reserved.

03 Dec 2018

Avast me hearties.