Core product capabilities#
These are the base core product features that are part of the platform, and are applicable across all solutions/vendors.
General Product Interfaces#
Interfaces and capabilities to provide integration to a range of non-UC applications. Includes configurable ability to integrate to new applications with code releases.
LDAP#
Read and write interfaces for Microsoft Active Directory and OpenLDAP
Ability to support multiple LDAP servers, multi-forest and multi-OU setups
menu_book LDAP management
Generic Driver#
Ability to create additional integrations to external devices through configuration; API (REST) or GUI orchestration possible where API doesn’t exist. These can then be included in workflows for provisioning, etc.
ServiceNOW Integration#
Interface to read-write to ServiceNow tables. Used to sync tasks assigned to Automate and execute MACDs automatically. Write ability can be used to update with required data (status, assigned service details, etc)
menu_book Automate Cloudv1 (SaaS)
PowerShell Driver#
Interface to execute commands via PowerShell within the system; includes custom PowerShell integrations
menu_book Introduction to Microsoft UC integration
UC Application Provisioning#
Integration to provide management support for a wide, quickly expanding range of Multi Vendor applications. VOSS can quickly generate new provisioning drivers and add them into workflow to support the latest applications and devices. Note: See the Automate documentation for the compatibility matrix showing the latest validated versions.
Cisco Unified Communications Manager#
Includes UCM Cloud deployments, Session Manager and BE6K Editions
Versions 10.X and later:
AXL API (CM Administration GUI Interface) all capabilities supported
Change Notification support for Sync of changes
Serviceability interface for phone and login status
menu_book Cisco UCM Change Notification (CNF) alerts
Cisco Unity Connection#
Versions 10.X and later:
CUPI API full coverage (Note: While this covers most of the CUCx admin GUI, not all CUCx capabilities are available via the CUPI API.
Includes Tenant capability for Multi-tenant Unity Connection
menu_book Cisco Unity Connection
Cisco Hosted WebEx#
Cisco Hosted WebEx Cloud. Ability to create user accounts and meetings using WebEx version 27.x and 29.x API.
menu_book Webex servers
Cisco Webex Teams#
Read and write interface to Cisco Spark Cloud Service via direct connection or via Proxy to cloud
menu_book Add Automate over an existing Webex organization with configuration already in place
menu_book Cisco Webex App users
Cisco Expressway#
GUI orchestration to manage configuration in Expressway
Cisco Contact Center Enterprise#
Configure UCCE via CCMP/CCDM for agent management and related services
Cisco Contact Center Express#
Configure UCCX for agent management and related services
Cisco IOS Local Gateways (LBO), SRST, and Analog Gateways#
Setup local break out with analog and SIP gateways.
IOS Device, Local Gateway - SIP, Analog Gateway - SCCP and MGCP
Command Builders to generate the appropriate IOS commands
Cisco HCM-F#
Integration and workflow management for Cisco HCM-F in a HCS environment (provider mode). This is optional
Microsoft Exchange Online#
Read and Write interface for Microsoft Exchange Online via PowerShell.
menu_book Microsoft Exchange
Microsoft Teams#
Read and Write interface for Microsoft Teams
Microsoft Online (Office365)#
Read and Write interface for Microsoft Online Services
Imagicle Directory Connector#
Support for this directory connector and initiating syncs
Zoom#
API integration to Zoom to manage Zoom IM, Meeting, and Phone Services
PexIP#
API integration to manage PexIP virtual meeting room (user) accounts and settings
VOSS Phone Server#
Integrated SIP Registrar Server including full management from the VOSS Portal. Provides a low cost solution for basic telephony handset requirements with any UC system. Includes full management of device configurations, call routing, trunking, etc. Enables the user of a wide range of handset vendors, giving far more choice in terms of cost and functionality in addition to reduced license costs.
menu_book Introduction to VOSS phone server
Flexibility Configuration Tools#
These tools allow flexibility to control various aspects of the feature behavior and experience (e.g defaults and business logic) to tailor the system to your specific needs.
Configuration Template#
The ability to define values for attributes of any model (can be fixed values or existing supported macros). Useful way to define default values for items or values for fields not exposed. Can be applied via the menu layout by customers
menu_book Configuration templates
Field Display Policies#
Fine grained controls for how attributes for a form are displayed, such as visibility, field names, related help text, ordering and layout. Can be applied via the menu layout by customers.
menu_book Field display policies
Import#
The ability via the platform CLI to import VOSS signed packages/files into the system.
menu_book Introduction to import
Macros#
Macros are used for various capabilities in the system, from looking up data, map data from, or utilizing a wide range of functions to apply business logic within the system. An extensive set of reference macros are available for use or configuration of your own within configuration templates are possible.
menu_book Named macro reference
Portal Customization#
These tools allow flexibility to control various aspects of the portal experience (e.g. menus, branding, navigation) to suit your specific needs.
Theme/Branding#
Provides the ability to change the look and feel of the GUI interface to reflect required company branding, logos, fonts, etc., including the Login page.
menu_book Themes
Landing Page#
The Landing page is fully configurable and provides a home page mechanism to provide access directly to areas of the application, such as the most used items for a role.
Data Synchronization#
VOSS Automate can pull data from underlying UC applications, which can be used to meet a number of needs including overlaying an existing deployment, automatically initiating workflows based on changes in the network (flow through), and ensuring data consistency (bi-directional sync).
Data Sync#
This provides a mechanism to pull data from various devices. This can import everything from the external system or have various filters applied to limit the sync scope. A number of default sync setups provided in the system to be used.
menu_book Introduction to data sync
Events#
This provides the ability to trigger workflows based on any transaction operation in the system as well as on data sync activity.
Adaptation effort to make use off this capability today.
Scheduling#
The data sync action can be setup to run on a schedule as needed.
menu_book Sync Scheduling
Cache Control Policy#
Ability to define data source behavior for transaction and GUI display for each entity (fetch latest, block overwrite, etc.)
menu_book Default cache control policy
Overbuild/Brownfield#
Ability to sync and process the existing environment to introduce management tool in phases or for a whole environment.
menu_book Overbuild
Data Partitioning#
A fully flexible structure that works with role-based access to provide secure data partitioning to match the business structure. Create hierarchy structure for use in a multi-tenant environment or to keep areas of a business separate. You can also partition applications to allow customers to share single application instances.
Hierarchy Structure#
Ability to define the logical grouping of various business resources and infrastructure in the system by creating hierarchy nodes, rules and models. Flexible mechanism to define as many levels as needed. Default feature packages define a provider, customer, and site hierarchy type as well as a Intermediate node capability.
menu_book Introduction to hierarchies
Hierarchy Rules#
Provides a mechanism to define the rules around the hierarchy, such as dependencies between level and dependencies for other entities in the system.
Management/Assignment#
Entities in the system can be assigned to the required hierarchy instance for ownership and partitioning as required.
Role-Based Access Controls#
Role-based access controls provide a flexible mechanism to define and securely assign user access rights and privileges, which drive dynamic GUI generation. These user access rights are not dictated by the software so you can update them as needed and mirror your current hierarchy regardless of the number of levels or roles.
User Roles#
Roles required by the business structure can be defined and managed within the system and defines the permissions and GUI customization elements.
menu_book User roles
Access Profiles#
Granular permissions control to define the entities that may be accessed and the actions that are permitted. It defines the models that may be accessed (specific data or device models, domain models, views, and relations). This applies to all user interfaces (GUI, loader, API).
menu_book Introduction to access profiles
Bulk Administration#
VOSS Automate provides the ability to complete bulk MACDs in the system, making bulk changes quick and simple.
Bulk Loading#
File-based (Excel spreadsheet) mechanism to perform various bulk operations to various entities in the system.
menu_book Bulk load
System Integration#
A secure and comprehensive REST API interface that provides a single point for rapid integration by external systems to access information or drive workflows. This can be used to integrate with other business systems in the solution, such as reporting, billing, inventory, and integration into external portals to provide the widest possible business process automation.
REST API Interface#
A secure and comprehensive REST API interface that provides a single point of integration for external systems to access information or utilize functionality in the product.
menu_book API Introduction
Northbound Notifications#
Mechanism to trigger on any transaction or data synchronization operating and define any workflow to send notification to external systems via HTTP/S in the format and with the data required.
Ability to build integrations, workflows, and customize the format and structure of northbound notifications using macro functions to allow the body of HTTP requests to be templated.
menu_book Northbound Notifications
Portal Integration#
Links to an external applications can be included in the GUI to launch in a new window/tab.
Reporting Interface#
The REST API enables external reporting, billing, and service assurance systems to extract comprehensive sets of up to date information.
Subscriber Data Extract#
Ability to create define files of extracted data for subscribers and related services ad hoc or on a schedule. Used for external reporting or billing.
menu_book Subscriber Data Export
Authentication#
The ability to support for multiple authentication methods, including VOSS Local Authentication, LDAP Authentication, and Single sign-on (SSO) with SAML version 2.0 identity providers.
VOSS Local Authentication#
Authentication for a user accessing the system is done using a local password.
menu_book User authentication
LDAP Authentication#
Support for authentication of users against LDAP directory stores. The system supports multiple servers and assignment of users to the appropriate server for authentication.
menu_book LDAP users and login
Single Sign-on (SSO) and Single Log-off (SLO)#
Support for integration with SAML version 2.0 identity providers (IDPs) for the authentication of users into the system. The system supports the integration with multiple IDPs and assignment of users to the appropriate IDP for authentication
Support a single assertion consumer service and single logout service across the system.
Support for IDP initiated login.
menu_book SSO users and login
Transaction Engine#
The Transaction Engine in VOSS Automate provides a robust mechanism for managing configuration changes reliably with full rollback support.
Rollback#
In the event of a transaction failure or error, the system ensures any changes that occurred during the transaction are rolled back, leaving the system in a state preceding the failed transaction.
menu_book Transaction logging and audit
Transaction Logging/Audit#
All transactions and their details are logged for auditing and to allow deeper views of system activity.
Transaction Log#
The transaction log provides a history of all transactions and their details executed in the system. Ability to view and search transaction history - also RBAC aware so admins see transactions relevant to their area of the system.
Ability to cancel, and replay, or edit and replay (reload the form with the data populated for easy correction). Ability to link transactions to the relevant data in the input file that initiated it.
menu_book Transaction logging and audit
External Identifier#
Able to set up to two external identifiers and view them in the portal when submitting transactions via the API.
Transaction Log Streaming#
Streaming of transaction log updates via syslog to a remote system - for external audit or transaction recording
General Tools#
Clone#
The ability to create a new instance of an entity based on an existing instance. Limited to menu layout, config templates, FDPs.
Move#
The ability to move a device model instance from one place in the hierarchy to another.
Hardware Allocation and Bundling#
The ability to group hardware instances and assign to relevant hierarchy structures to determine hardware use/partitioning.
Network Device Lists (NDL)#
The ability to group hardware instances together in a group to be used by workflows. Can be assigned to hierarchy instances to drive hardware selection for workflows in that hierarchy and lower. A single hardware instance is selected from the list.
menu_book Network Device Lists (NDLs)
Search#
Provides search capabilities across the system.
Global Search#
A search field is always available on the GUI to quickly search for items. The context is the whole product and the search will return any instances of entities in the system that match the request, and which the user is permitted to access. Can access the entity from the results or delete from the search results as needed.
menu_book Search in Automate
Filter Lists#
Can filter any list view in the system with a column specific search. Can also reorder lists by any of the columns.
menu_book Working with lists
Export#
From search results or any list view in the system, it is possible to select the entities required and export them with all attributes into a JSON or Excel file for external use.
Online Help#
Extensive product documentation provided through the application online help and can be tailored through configuration to specific solutions needs.
Context Sensitive Help#
Page-specific help, with details for the page and settings visible.
menu_book Online help
On Screen Help#
Tooltips for immediate help in the GUI.
GUI Capabilities#
General GUI capabilities
Browser Support#
List ready for sign-off. Includes OS and commonly used browsers. See release notes for latest versions.
Accessibility#
W3 Web Content Accessibility Guidelines (WCAG) 2.0 level A compliant Portal
Internationalization#
Full capabilities to support the localization needs of various languages, including unicode characters, right to left orientation, etc. Tools to extract and upload localization for customization of translations. Support for multiple concurrent language packs with user assignment of language.
Localization#
Off the shelf language packs providing localization for all capabilities shipped in the product. New languages released independent of software releases as language packs. See language pack guide for latest list of languages.
Application Platform#
VOSS Automate provides a robust, secure, and scalable platform with flexible deployment models to meet the varying solution requirements. VOSS Automate platform components can be deployed in a centralized or distributed manner, which facilitates improved security and performance scaling options.
Deployment Models#
The solution can be consumed in a couple of models:
On-prem deployment local: this would be managed in a customer-managed data center (on-prem or private cloud)
On-prem deployment cloud: this would be customer-managed, but in a cloud service such as Amazon AWS
VOSS-hosted MaaS: VOSS hosted SaaS model and consumed from the cloud, MaaS (Management as a Service)
Multiple deployment architectures for on-prem, depending on requirements from standalone to full DR/HA.
Virtualized Appliance#
The VOSS Automate platform and software is delivered as a virtualized appliance in OVA (Open Virtualisation Architecture) format and runs on VMWare ESXi/vSphere, meaning a wide range of hardware options. This can also be deployed in cloud environments such as AWS, Azure.
Install and Upgrade#
The system supports upgrades with minimal downtime. The VOSS Automate platform interface provides a menu driven interface to allow partner admins and professional services engineers to upgrade the system.
Role-Based Management Interface#
Platform CLI with RBAC. The VOSS Automate platform supports configuration of multiple administrators with role-based access to define what each administrator is allowed to do.
Backup and Restore#
VOSS Automate platform supports manual and scheduled backups of all data and configuration in the system. Backups can be transferred to remote destinations using a variety of configurable mechanisms. Backups are encrypted to protect confidential information.
Geo-Redundancy#
For production deployments we recommend a full geo-redundant deployment model with full support for load balancing across the cluster. All nodes are active during normal operation and failover in case of outage is automatic and transparent to users of system.
Proxy#
A reverse proxy, which is an optional part of the architecture (own proxy can be used), and which provides:
Hosting static content (HTML, CSS, Javascript), configurable load balancing requests across application nodes, and security/encryption between the proxy and the application servers (including separation of traffic types, for example, Admin vs Self-service.
Monitoring Interfaces#
The VOSS Automate platform supports monitoring using industry standard interfaces, such as SNMP v2 / v3 and syslog in addition to custom tooling to support scripted data collection and reports. SNMP support includes polling and pre-configured traps for specific error conditions.
System Health/Usage Report#
The VOSS Automate Platform supports a range of health and usage reports to provide details on a number of metrics:
Service status (online/offline)
Replication state
Backup and Restore history and status
System utilisation, including CPU, Memory and IO metrics
Security#
VOSS Automate is developed to the strictest security standards covering encryption, authentication, data partitioning, attack prevention, and much more to keep your data safe. It has been subjected to and passed multiple 3rd party audits in partner environments, including as part of a FedRamp certified UC solution.
Secure Processes and Practices#
Install scripts and templates are signed using FIPS validated cryptography
Software images are hashed using SHA256
Application is protected against error handling vulnerabilities
Hardened Base System#
Minimal number of packages installed and minimal set of services started. Additional tuning of permissions and policies to harden Operation System and platform
Strict OS policies and file permissions of sensitive OS files
Disable unused communication protocols, for example, IPv6, SCTP
Hardened NTP and Mail
Restrict Core Memory Dumps
Strict filesystem and partition permissions
Boot loader authentication
Use of Linux Security Module (SELinux)
Strict firewall policies
File integrity baseline is kept by hashing OS configuration files and storing as metadata
Root owned library files
File System Access#
Each application is deployed in a separate container with no access to filesystem of other services.
Firewall#
Host-based firewall to restrict access to specific services to authorized systems on network only. Internal services are only visible to nodes within the cluster.
Secure Communication & Encryption#
All communication is encrypted using SSL or HTTPS
openssl-fips 2.0.9 validated to FIPS 140-2 certificate #1747
All passwords and credentials are transmitted using FIPS 140-2 validated encryption hashed and stored using a FIPS 140-2 validated cryptographic module
Session IDs are generated using FIPS 140-2 validated random number generators
User authentication is done using FIPS 140-2 validated encryption modules
Encrypted key exchange between multi-node members
SSO communication with Identity Provider uses secure tag configurations
Ability to upload private SSL keys and certificates
RBAC#
Role-based access is used throughout the system to restrict admin access to the minimum.
Security Updates#
Mechanism is provided to perform security updates of software dependencies at regular intervals.
Attack Prevention#
Specific protection against standard attacks include Cross Site Scripting (XSS)
Audit Log Capability#
Configurable Audit Logging
Log locally or remotely (encrypted communication) using syslog
The following events are monitored and logged:
Log processing failures
User privilege modifications and account creations/deletions
User Login Activity (Successful/Unsuccessful login attempts, Session start/end times, Concurrent logins from different workstations)
Privileged activities for e.g. Platform CLI
Attempts to bypass controls
Use of ‘auditd’ to monitor all console commands
Login Rate Limiting / Credential Policy#
User login rate limiting and credential policy management
User Credential and Access Policies#
User account lockout on unsuccessful login attempts
Disable inactive accounts
Password update/complexity rules
Configurable banner text displayed on user login
FedRamp#
The system has been certified as part of FedRamp certified Cloud UC solutions.
Adaptation Framework#
These advanced configuration tools are part of the adaptation framework and limited to VOSS Services and adaptation certified partners.
Data Model#
The ability to define persistent storage of new entities and it’s attributes stored in the VOSS Automate database.
Device Model#
An entity exposed from a supported application for configuration, for example, an API entity and it’s attributes. Can also be used directly from the GUI for access to features/settings not exposed in the feature packages.
Domain Model#
Ability to tie together data models, device models, other domain models, and provisioning workflows.
GUI Rules#
GUI rules can be used to define the initial state and field values/behaviour of different fields in the GUI based on user actions on different fields in the GUI. GUI rules are exposed in the schema to allow external applications to develop a dynamic user interface that makes use of GUI rules defined in the system.
Provisioning Workflows#
Provisioning workflows are a combination of one or more: operations on entities, scripts, and other workflows in a sequence. Operations include add, delete, update, and execute. A Configuration Template can also be associated with a workflow step, which can provide default values or calculated values (by macros) to the entity during the workflow execution.
Provisioning workflows can be strung together in add predefined steps to the execution sequence.
Views#
A “view” is a model type that is used to provide an input form for a domain model. A view can also be used on its own, and execute an associated workflow.
Relations#
Relations link groups of resource types, such as device models, data models, or other domain models. A relation provides a model type that groups together related models in order to carry out operations on them. A relation will show all the attributes of its model types by default. Unwanted attributes are hidden using a Field Display Policy, and default values of hidden attributes can be assigned using a Configuration Template. Operations are added to Relations.
Configuration Template#
Also provides a mechanism for mapping data from data input via the GUI or device model events to other data elements or provisioning workflows in the system. Applicable to workflows or other areas beside the menu, which are customer configurable.
Field Display Policies#
Fine grained field display policies control how attributes for a form are displayed, such as visibility, field names, related help text, ordering, and layout.
Upgrades#
Versioning#
Ability to define and store a version reference of individual models in the system.
Import#
The ability to use JSON format to add/mod anything in the system via the GUI. The import will add the entity defined in the file and if the identifying data matches an existing entity, it will update based on the values in the file.