Ldap Server Surpass+Hiq+30+v4.1

8/14/2019 Ldap Server Surpass+Hiq+30+v4.1

1/17

[@Project][@customer]

Information and Communication Networks

[@File-Name] P R O D U C T D E S C R I P T I O N Page 1 of 17[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004Issue 1.0

Note:

Deliveries and services described in thisdocument are a binding part of the offeronly if they are specificially contained in theList of Materials or the List of Features.

Product Description

SURPASS hiQ 30 V4.1


2/17



Table of Contents Page



3/17



List of Figures



4/17



1Introduction

The SURPASS hiQ 30 Directory Server is a central database for storing customer

information such as user names, user passwords, user rights, service policies etc. for

several SURPASS solutions and applications.

As a member of the SURPASS product family the SURPASS hiQ 30 Directory Server is

integrated into the NetManagers management concept (see 5Management).

New in Version 4.1 of SURPASS hiQ 30 is the introduction of DirX Extranet Edition as

directory server product. It is a high-end Directory Server for e-business, carriers and

service providers. This product was developed and optimized by SIEMENS specifically for

extremely fast, high-volume LDAP directories.



5/17



2Functional Description

2.1SURPASS hiQ 30 Directory Server overview

In the SURPASS network solutions and applications the SURPASS hiQ 30 Directory Server

can be accessed e.g. from the SURPASS hiQ 20 Registration and Routing Server (RRS),

the SIP Proxy Server SURPASS hiQ 6200 and the Open Service Platform of SURPASS hiE

9200. Irrespective of the SURPASS components in use, the data required by the

aforementioned servers can be loaded from one common SURPASS hiQ 30 Directory

Server. New or additional applications with application-specific data can easily be added.

Necessary user data used for SURPASS applications are stored in a single entry on the

Directory Server. Thus the operator has one unified database for all the SURPASS

applications, which allows easy management of this centralized database.

2.2Lightweight Directory Access Protocol (LDAP)

The Lightweight Directory Access Protocol (LDAP) is the protocol for accessing the data of

the SURPASS hiQ 30. LDAP is optimized for reading databases with a large number of

entries. It enables SURPASS applications located wherever in the network to retrieve data

from SURPASS hiQ 30. LDAP has been standardized by the IETF (Internet Engineering

Task Force) and is specified in RFC 1777.

LDAP directories are arranged as trees. A typical tree may have the following structure, as

shown in Figure 2-1: LDAP directory tree. Below the topmost root node, country information

appears followed by entries for companies, states or national organizations. Next come

entries for organizational units, such as branch offices and departments. Finally the

individuals are located: these can be people or shared resources.



6/17



Figure 2-1: LDAP directory tree

2.3Detailed functions

To support the necessary database access from the various servers, as described above

SURPASS hiQ 30 Directory server has implemented the following:

Protocols

LDAP version 2 and 3, RFC 1558, 1777, 1778, 1959, and 2251.

LDAP version 2 and version 3 operations: LDAP search filters, including presence,

equality, inequality, sub string, approximate ("sounds like"), the Boolean operators

and (&), or (|), and not (!).

X.500 hierarchical naming

all classes and objects defined in X.520 (1988) and X.521 (1988).



7/17



Lightweight Internet Person

Schema (LIPS) for maximum compatibility with LDAP clients.

Functions for carr ier grade avai labi l i ty:

Elimination of single points of failure by directory replication

scheduling regular times for synchronizing servers.

a transactional data store, enabling seamless recovery from catastrophic failure

Securi ty functions:

Restriction of access to directory data down to the attribute level

Control of users' ability to perform read, write, search, or compare operations

Access control based on user identity, IP address, or domain name

Anonymous access is optionally possible, e.g. in a secure domain

LDAP over Secure Sockets Layer (SSL) providing privacy (encryption), integrity, and

authentication services

Password policy management to control minimum and maximum password lengthsand password histories

Support of Public Key Infrastructure for SURPASS hiQ 20

O&M functions:

WEB based GUI for the administration of subscriber data for LDAP accessing servers

(e.g. SURPASS hiQ 10, SURPASS hiQ 20, and the Open Service Platform), SIP

users and VoxPortal user data.

administrative operations such as backups, schema updates, and configuration

changes of the GUI to be performed without stopping the SURPASS hiQ 30 (only in

multi server scenario)

Predefined database schemata for LDAP accessing servers (e.g. SURPASS hiQ 20,

SURPASS hiQ 6200 and the Open Service Platform), SIP users and VoxPortal user

data.



8/17



Self-service center for SURPASS hiQ 20 and VoxPortal: The SURPASS hiQ 30 Self-

service Center allows a user to subscribe to an application without contacting an

operator (e.g. for a free service). This can cause a steady increase in the number of

unused accounts within the database.

Garbage collector: The SURPASS hiQ 30 Directory Server provides the optional

possibility of deleting user entries in the database if the user has not used any

services during a predefined period of time (e.g. 6 months).

Fixed IP address(es)

To address the SURPASS hiQ 30 Directory Server fixed IP addresses are used for each

scaling unit.



9/17



3Software Architecture

The following Figure 3-2: SURPASS hiQ 30 software architecture shows the different

system components and their residing software.

OSPOSP

Figure 3-2: SURPASS hiQ 30 software architecture

The SURPASS hiQ 30 Directory Server utilizes:

Operating system SUN Solaris 8

LDAP database DirX Extranet Edition 2.0

Web server Apache-Tomcat

Management of administration pages Servlet + JSP

The entire SURPASS hiQ 30 software is pre-installed and pre-configured via install server.



10/17



4Hardware Architecture

The SURPASS hiQ 30 consists of the following commercial carrier grade HW components:

SUN Netra 120 server with 650 MHz UltraSPARC

Operating System : SUN Solaris 8

Cache: 16 KB data and 16 KB instruction on chip, secondary: 512 KB

RAM = 1 Gbyte

2* hot pluggable mirrored disks HDD 36 Gbyte

2* Ethernet 10/100BaseT

internal DC power supply (-40 to -75 VDC)

1 Unit rack mount design provides high compute density per rack

The SURPASS hiQ 30 realizes a rack mounted server farm consisting of several Sun

Netra 120 platforms, that are interconnected via a private LAN segment.

The SURPASS hiQ 30 is realized as a multithreaded application for optimized CPU usage.

normal operation: 5 C to 40; short term 96h operation: -5 C to 55 C



11/17



5Management

5.1Management overview

The NetManager (NetM) provides management tasks for all SURPASS solutions, handling

all SURPASS network elements. The NetM comprises of the NetM Base System and NetM

Applications on network and service management level. All SURPASS components are

connected via IP to the NetManager. The SURPASS hiQ 30 is integrated into the

NetManagers management concept.

The NetM Base System supports all necessary interfaces / protocols and operational tasks

to ensure a 100 percent operability of the solution.

The basic management of the SURPASS elements is done via GUI (Windows or web-based

by Metaframe SW).

The NetM applications automate network management and service management tasks and

reduce OA&M effort substantially. Open interfaces which are based on standard information

technologies (CORBA, XML) are provided for easy integration with higher layer

management systems.

5.2Base System Functionality

All alarms based on SNMP (Simple Network Management Protocol) generated by the

SURPASS hiQ 30 are supervised and displayed via the NetManager Network Alarm

Surveillance. Therefore no web session needs to be activated between the NetManager and

the SURPASS hiQ 30.

Containment View is an application that displays a hierarchical view (tree) of managed

SNMP agents in the network along with a status browsing functionality.

The Status Browser displays the status information of the SNMP managed nodes and of

their sub-components. The information presented contains such details as the alarm state

(e.g. critical), the operational state (e.g. up) and the reason for the last state change.

Whenever an SNMP trap arrives at the NetM, the status information is updated accordingly.

In the Containment Views tree, the overall status at each level is also updated following a



12/17



propagation rule.

To get more details about the SNMP alarms, the LogViewer is used. With this applications,

the single traps and its details can be retrieved. The LogViewer also supports various kinds

of filtering to reduce the amount of information presented and provide easy analysis of

occurring faults.

The connection of the SURPASS hiQ 30 to the NetManager is realized via Ethernet and

TCP/IP protocol.

The Administration, configuration and maintenance of the SURPASS hiQ 30 is handled via

the hiQ 30 WEB interface.



13/17



6Technical Data

6.1Interfaces

The interfaces of the SURPASS hiQ 30 Directory Server are, as shown in Figure 6-3:

LDAP interface (used by each SURPASS application) for database access

HTTP/ HTTPS interfaces for management of the user data in the Directory Server

SNMP interface for administration of the LDAP Directory Server

IP-Network

Web server

Client

Web browser

Remote user

Administrator

InternetLAN

Subscriber

Client

services

DirXweb

Host

LDAP server

Server

Directory

Web

browserHTTP

HTTP/SSL

LDAP

Figure 6-3: Overview of the SURPASS hiQ 30 LDAP interfaces

Two graphical user interfaces (GUIs) are available: Internet User: A Web-based graphical user interface (GUI) provides a method for the

user to access data of SURPASS applications in a secure and easy way. This GUI is

called the SURPASS hiQ 30 Self-service Center. The HTML pages of this GUI are

accessible from the public Internet. It is guaranteed that users can only modify or

access the database information for which they are authorized. The GUI provides an

HTML interface for the user and an LDAP interface for accessing the database. This



14/17



GUI is realized by using the DirXweb client (a Java servlet provided by Siemens DirX).

Administrator: A second Web-based GUI provides the administrators with access to

the user data in the database from the private Intranet. The administrator is able to

add new users, add new services, change data, manage the LDAP tree, etc TheGUI provides an HTML interface and an LDAP interface for accessing the database.

This GUI is realized by using the DirXweb client (a Java servlet provided by Siemens

DirX).

6.1.1Web GUI administrator interface

As an example, the following screens show the web GUI interface used for the management

of the SURPASS hiQ 30 server:

Figure 6-4: SURPASS hiQ 30 LDAP WEB GUI management



15/17



Figure 6-5: SURPASS hiQ 30 LDAP WEB GUI user creation page

6.2Performance

The SURPASS hiQ 30 LDAP server (one Netra 120 shelf) can support up to 200 LDAP

requests/sec in total for all applications, which access the LDAP server, for up to 1 million

user profiles depending on the mix of applications.

By replicating the directory tree across servers the access load on any given machine can

be reduced, thereby improving server response time.



16/17



6.3Reliability

The SURPASS Reliability concept is based on the combination of network reliability and

product reliability.

This product description informs about the product reliability. For solution specific

information please refer to the respective solution description.

The reliability of SURPASS hiQ 30 LDAP is determined by the reliability of the commercial

platform SUN Netra 120. Additional reliability is achieved by the SURPASS hiQ 30 LDAP

redundancy concept with its replication mechanism.

The replication mechanism can be used as an efficient backup system in case of a Directory

Server failure. By replicating directory trees to multiple servers, it can be ensured that the

directory is available even if some hardware, software, or network problem prevents the

directory clients from accessing a given Directory Server instance.

Carrier grade parameters are also achieved by making use of shadowing and distributed

storage.

6.4Scalability

The SURPASS hiQ 30 LDAP server can be expanded by additional Netra 120 shelves in

steps of 1 (up to 18 shelves per rack), for redundancy and performance reasons a mimimum

configuration of 2 shelves is recommended as well as scaling in steps of 2.

Within the concept of a server farm, going along with an appropriate network planning there

is practically no limitation for scalability and performance.



17/17



7Abbreviations

AAA Authentication, Authorization and Accounting

AMA Automatic Message AccountingGUI Graphical User InterfaceHTML Hypertext Markup LanguageHTTP Hypertext Transfer ProtocolHTTPS Hypertext Transfer Protocol SecureHW HardwareIP Internet ProtocolISP Internet Service Provider TDM Time Division MultiplexLAN Local Area NetworkLDAP Lightweight Directory Access ProtocolLRQ Location ReQuestMGC Media Gateway Controller MGCP Media Gateway Controller ProtocolNE Network ElementNetM Net Manager NTP Network Time ProtocolPBX Private Branch ExchangePCU Packet Control UnitPSTN Pubilc Switched Telephone NetworkRRQ Registration RequestRRS Routing and Registration Server RTP Real Time Protocol

SNMP Simple Network Management ProtocolSSL Secure Sockets Layer SW SoftwareTLS Transport Layer SecuritySNMP Simple Network Management ProtocolSSL Secure Sockets Layer SS7 Signaling System Number 7SW SoftwareTLS Transport Layer SecurityVoIP Voice over IP


Ldap Server Surpass+Hiq+30+v4.1

Documents

Transcript of Ldap Server Surpass+Hiq+30+v4.1