Secure the ACP Communications Link with TLS

In the absence of IPsec, for example on the Multi-Service Gateway (MSG) 10G platform, the Transport Layer Security (TLS) protocol can provide security for the Acme Communication Protocol (ACP) communications link between the Oracle® Enterprise Session Border Controller (E-SBC) and the Oracle Communications Session Delivery Manager (SDM).

To use the security protection provided by TLS, establish a successful TLS connection between the E-SBC and the SDM. A successful connection requires configuring a valid TLS profile on the E-SBC and associating the profile with the management interface on the SDM that will negotiate the TLS connection. See the Oracle Session Delivery Manager Security Guide for information about associating the TLS profile from the E-SBC with the management interface on the SDM.

To configure the E-SBC to use TLS for ACP communication, do the following:

1. Configure a TLS profile. The tls-profile object is located under security, where you add certificates, select cipher lists, and specify the TLS version in the profile.
2. Select the TLS profile in system-config. The system-config object is located under system. Use the Acp TLS profile parameter to specify the TLS profile that you want to use for ACP.

The acp-tls-profile parameter is empty by default, which means that ACP over TLS is disabled. When ACP over TLS is disabled, the SDM establishes a TCP connection with the E-SBC. When the acp-tls-profile parameter specifies TLS, the SDM negotiates a TLS connection with the E-SBC.