Ldap Server Surpass+Hiq+30+v4.1
Transcript of Ldap Server Surpass+Hiq+30+v4.1
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
1/17
[@Project][@customer]
Information and Communication Networks
[@File-Name] P R O D U C T D E S C R I P T I O N Page 1 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
Note:
Deliveries and services described in thisdocument are a binding part of the offeronly if they are specificially contained in theList of Materials or the List of Features.
Product Description
SURPASS hiQ 30 V4.1
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
2/17
[@Project][@customer]
Information and Communication Networks
Table of Contents Page
[@File-Name] P R O D U C T D E S C R I P T I O N Page 2 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
3/17
[@Project][@customer]
Information and Communication Networks
List of Figures
[@File-Name] P R O D U C T D E S C R I P T I O N Page 3 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
4/17
[@Project][@customer]
Information and Communication Networks
1Introduction
The SURPASS hiQ 30 Directory Server is a central database for storing customer
information such as user names, user passwords, user rights, service policies etc. for
several SURPASS solutions and applications.
As a member of the SURPASS product family the SURPASS hiQ 30 Directory Server is
integrated into the NetManagers management concept (see 5Management).
New in Version 4.1 of SURPASS hiQ 30 is the introduction of DirX Extranet Edition as
directory server product. It is a high-end Directory Server for e-business, carriers and
service providers. This product was developed and optimized by SIEMENS specifically for
extremely fast, high-volume LDAP directories.
[@File-Name] P R O D U C T D E S C R I P T I O N Page 4 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
5/17
[@Project][@customer]
Information and Communication Networks
2Functional Description
2.1SURPASS hiQ 30 Directory Server overview
In the SURPASS network solutions and applications the SURPASS hiQ 30 Directory Server
can be accessed e.g. from the SURPASS hiQ 20 Registration and Routing Server (RRS),
the SIP Proxy Server SURPASS hiQ 6200 and the Open Service Platform of SURPASS hiE
9200. Irrespective of the SURPASS components in use, the data required by the
aforementioned servers can be loaded from one common SURPASS hiQ 30 Directory
Server. New or additional applications with application-specific data can easily be added.
Necessary user data used for SURPASS applications are stored in a single entry on the
Directory Server. Thus the operator has one unified database for all the SURPASS
applications, which allows easy management of this centralized database.
2.2Lightweight Directory Access Protocol (LDAP)
The Lightweight Directory Access Protocol (LDAP) is the protocol for accessing the data of
the SURPASS hiQ 30. LDAP is optimized for reading databases with a large number of
entries. It enables SURPASS applications located wherever in the network to retrieve data
from SURPASS hiQ 30. LDAP has been standardized by the IETF (Internet Engineering
Task Force) and is specified in RFC 1777.
LDAP directories are arranged as trees. A typical tree may have the following structure, as
shown in Figure 2-1: LDAP directory tree. Below the topmost root node, country information
appears followed by entries for companies, states or national organizations. Next come
entries for organizational units, such as branch offices and departments. Finally the
individuals are located: these can be people or shared resources.
[@File-Name] P R O D U C T D E S C R I P T I O N Page 5 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
6/17
[@Project][@customer]
Information and Communication Networks
Figure 2-1: LDAP directory tree
2.3Detailed functions
To support the necessary database access from the various servers, as described above
SURPASS hiQ 30 Directory server has implemented the following:
Protocols
LDAP version 2 and 3, RFC 1558, 1777, 1778, 1959, and 2251.
LDAP version 2 and version 3 operations: LDAP search filters, including presence,
equality, inequality, sub string, approximate ("sounds like"), the Boolean operators
and (&), or (|), and not (!).
X.500 hierarchical naming
all classes and objects defined in X.520 (1988) and X.521 (1988).
[@File-Name] P R O D U C T D E S C R I P T I O N Page 6 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
7/17
[@Project][@customer]
Information and Communication Networks
Lightweight Internet Person
Schema (LIPS) for maximum compatibility with LDAP clients.
Functions for carr ier grade avai labi l i ty:
Elimination of single points of failure by directory replication
scheduling regular times for synchronizing servers.
a transactional data store, enabling seamless recovery from catastrophic failure
Securi ty functions:
Restriction of access to directory data down to the attribute level
Control of users' ability to perform read, write, search, or compare operations
Access control based on user identity, IP address, or domain name
Anonymous access is optionally possible, e.g. in a secure domain
LDAP over Secure Sockets Layer (SSL) providing privacy (encryption), integrity, and
authentication services
Password policy management to control minimum and maximum password lengthsand password histories
Support of Public Key Infrastructure for SURPASS hiQ 20
O&M functions:
WEB based GUI for the administration of subscriber data for LDAP accessing servers
(e.g. SURPASS hiQ 10, SURPASS hiQ 20, and the Open Service Platform), SIP
users and VoxPortal user data.
administrative operations such as backups, schema updates, and configuration
changes of the GUI to be performed without stopping the SURPASS hiQ 30 (only in
multi server scenario)
Predefined database schemata for LDAP accessing servers (e.g. SURPASS hiQ 20,
SURPASS hiQ 6200 and the Open Service Platform), SIP users and VoxPortal user
data.
[@File-Name] P R O D U C T D E S C R I P T I O N Page 7 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
8/17
[@Project][@customer]
Information and Communication Networks
Self-service center for SURPASS hiQ 20 and VoxPortal: The SURPASS hiQ 30 Self-
service Center allows a user to subscribe to an application without contacting an
operator (e.g. for a free service). This can cause a steady increase in the number of
unused accounts within the database.
Garbage collector: The SURPASS hiQ 30 Directory Server provides the optional
possibility of deleting user entries in the database if the user has not used any
services during a predefined period of time (e.g. 6 months).
Fixed IP address(es)
To address the SURPASS hiQ 30 Directory Server fixed IP addresses are used for each
scaling unit.
[@File-Name] P R O D U C T D E S C R I P T I O N Page 8 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
9/17
[@Project][@customer]
Information and Communication Networks
3Software Architecture
The following Figure 3-2: SURPASS hiQ 30 software architecture shows the different
system components and their residing software.
OSPOSP
Figure 3-2: SURPASS hiQ 30 software architecture
The SURPASS hiQ 30 Directory Server utilizes:
Operating system SUN Solaris 8
LDAP database DirX Extranet Edition 2.0
Web server Apache-Tomcat
Management of administration pages Servlet + JSP
The entire SURPASS hiQ 30 software is pre-installed and pre-configured via install server.
[@File-Name] P R O D U C T D E S C R I P T I O N Page 9 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
10/17
[@Project][@customer]
Information and Communication Networks
4Hardware Architecture
The SURPASS hiQ 30 consists of the following commercial carrier grade HW components:
SUN Netra 120 server with 650 MHz UltraSPARC
Operating System : SUN Solaris 8
Cache: 16 KB data and 16 KB instruction on chip, secondary: 512 KB
RAM = 1 Gbyte
2* hot pluggable mirrored disks HDD 36 Gbyte
2* Ethernet 10/100BaseT
internal DC power supply (-40 to -75 VDC)
1 Unit rack mount design provides high compute density per rack
The SURPASS hiQ 30 realizes a rack mounted server farm consisting of several Sun
Netra 120 platforms, that are interconnected via a private LAN segment.
The SURPASS hiQ 30 is realized as a multithreaded application for optimized CPU usage.
normal operation: 5 C to 40; short term 96h operation: -5 C to 55 C
[@File-Name] P R O D U C T D E S C R I P T I O N Page 10 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
11/17
[@Project][@customer]
Information and Communication Networks
5Management
5.1Management overview
The NetManager (NetM) provides management tasks for all SURPASS solutions, handling
all SURPASS network elements. The NetM comprises of the NetM Base System and NetM
Applications on network and service management level. All SURPASS components are
connected via IP to the NetManager. The SURPASS hiQ 30 is integrated into the
NetManagers management concept.
The NetM Base System supports all necessary interfaces / protocols and operational tasks
to ensure a 100 percent operability of the solution.
The basic management of the SURPASS elements is done via GUI (Windows or web-based
by Metaframe SW).
The NetM applications automate network management and service management tasks and
reduce OA&M effort substantially. Open interfaces which are based on standard information
technologies (CORBA, XML) are provided for easy integration with higher layer
management systems.
5.2Base System Functionality
All alarms based on SNMP (Simple Network Management Protocol) generated by the
SURPASS hiQ 30 are supervised and displayed via the NetManager Network Alarm
Surveillance. Therefore no web session needs to be activated between the NetManager and
the SURPASS hiQ 30.
Containment View is an application that displays a hierarchical view (tree) of managed
SNMP agents in the network along with a status browsing functionality.
The Status Browser displays the status information of the SNMP managed nodes and of
their sub-components. The information presented contains such details as the alarm state
(e.g. critical), the operational state (e.g. up) and the reason for the last state change.
Whenever an SNMP trap arrives at the NetM, the status information is updated accordingly.
In the Containment Views tree, the overall status at each level is also updated following a
[@File-Name] P R O D U C T D E S C R I P T I O N Page 11 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
12/17
[@Project][@customer]
Information and Communication Networks
propagation rule.
To get more details about the SNMP alarms, the LogViewer is used. With this applications,
the single traps and its details can be retrieved. The LogViewer also supports various kinds
of filtering to reduce the amount of information presented and provide easy analysis of
occurring faults.
The connection of the SURPASS hiQ 30 to the NetManager is realized via Ethernet and
TCP/IP protocol.
The Administration, configuration and maintenance of the SURPASS hiQ 30 is handled via
the hiQ 30 WEB interface.
[@File-Name] P R O D U C T D E S C R I P T I O N Page 12 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
13/17
[@Project][@customer]
Information and Communication Networks
6Technical Data
6.1Interfaces
The interfaces of the SURPASS hiQ 30 Directory Server are, as shown in Figure 6-3:
LDAP interface (used by each SURPASS application) for database access
HTTP/ HTTPS interfaces for management of the user data in the Directory Server
SNMP interface for administration of the LDAP Directory Server
IP-Network
Web server
Client
Web browser
Remote user
Administrator
InternetLAN
Subscriber
Client
services
DirXweb
Host
LDAP server
Server
Directory
Web
browserHTTP
HTTP/SSL
LDAP
Figure 6-3: Overview of the SURPASS hiQ 30 LDAP interfaces
Two graphical user interfaces (GUIs) are available: Internet User: A Web-based graphical user interface (GUI) provides a method for the
user to access data of SURPASS applications in a secure and easy way. This GUI is
called the SURPASS hiQ 30 Self-service Center. The HTML pages of this GUI are
accessible from the public Internet. It is guaranteed that users can only modify or
access the database information for which they are authorized. The GUI provides an
HTML interface for the user and an LDAP interface for accessing the database. This
[@File-Name] P R O D U C T D E S C R I P T I O N Page 13 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
14/17
[@Project][@customer]
Information and Communication Networks
GUI is realized by using the DirXweb client (a Java servlet provided by Siemens DirX).
Administrator: A second Web-based GUI provides the administrators with access to
the user data in the database from the private Intranet. The administrator is able to
add new users, add new services, change data, manage the LDAP tree, etc TheGUI provides an HTML interface and an LDAP interface for accessing the database.
This GUI is realized by using the DirXweb client (a Java servlet provided by Siemens
DirX).
6.1.1Web GUI administrator interface
As an example, the following screens show the web GUI interface used for the management
of the SURPASS hiQ 30 server:
Figure 6-4: SURPASS hiQ 30 LDAP WEB GUI management
[@File-Name] P R O D U C T D E S C R I P T I O N Page 14 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
15/17
[@Project][@customer]
Information and Communication Networks
Figure 6-5: SURPASS hiQ 30 LDAP WEB GUI user creation page
6.2Performance
The SURPASS hiQ 30 LDAP server (one Netra 120 shelf) can support up to 200 LDAP
requests/sec in total for all applications, which access the LDAP server, for up to 1 million
user profiles depending on the mix of applications.
By replicating the directory tree across servers the access load on any given machine can
be reduced, thereby improving server response time.
[@File-Name] P R O D U C T D E S C R I P T I O N Page 15 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
16/17
[@Project][@customer]
Information and Communication Networks
6.3Reliability
The SURPASS Reliability concept is based on the combination of network reliability and
product reliability.
This product description informs about the product reliability. For solution specific
information please refer to the respective solution description.
The reliability of SURPASS hiQ 30 LDAP is determined by the reliability of the commercial
platform SUN Netra 120. Additional reliability is achieved by the SURPASS hiQ 30 LDAP
redundancy concept with its replication mechanism.
The replication mechanism can be used as an efficient backup system in case of a Directory
Server failure. By replicating directory trees to multiple servers, it can be ensured that the
directory is available even if some hardware, software, or network problem prevents the
directory clients from accessing a given Directory Server instance.
Carrier grade parameters are also achieved by making use of shadowing and distributed
storage.
6.4Scalability
The SURPASS hiQ 30 LDAP server can be expanded by additional Netra 120 shelves in
steps of 1 (up to 18 shelves per rack), for redundancy and performance reasons a mimimum
configuration of 2 shelves is recommended as well as scaling in steps of 2.
Within the concept of a server farm, going along with an appropriate network planning there
is practically no limitation for scalability and performance.
[@File-Name] P R O D U C T D E S C R I P T I O N Page 16 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0
-
8/14/2019 Ldap Server Surpass+Hiq+30+v4.1
17/17
[@Project][@customer]
Information and Communication Networks
7Abbreviations
AAA Authentication, Authorization and Accounting
AMA Automatic Message AccountingGUI Graphical User InterfaceHTML Hypertext Markup LanguageHTTP Hypertext Transfer ProtocolHTTPS Hypertext Transfer Protocol SecureHW HardwareIP Internet ProtocolISP Internet Service Provider TDM Time Division MultiplexLAN Local Area NetworkLDAP Lightweight Directory Access ProtocolLRQ Location ReQuestMGC Media Gateway Controller MGCP Media Gateway Controller ProtocolNE Network ElementNetM Net Manager NTP Network Time ProtocolPBX Private Branch ExchangePCU Packet Control UnitPSTN Pubilc Switched Telephone NetworkRRQ Registration RequestRRS Routing and Registration Server RTP Real Time Protocol
SNMP Simple Network Management ProtocolSSL Secure Sockets Layer SW SoftwareTLS Transport Layer SecuritySNMP Simple Network Management ProtocolSSL Secure Sockets Layer SS7 Signaling System Number 7SW SoftwareTLS Transport Layer SecurityVoIP Voice over IP
[@File-Name] P R O D U C T D E S C R I P T I O N Page 17 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0