Академический Документы
Профессиональный Документы
Культура Документы
[@customer]
Information and Communication Networks
Product Description
Note:
Deliveries and services described in this
document are a binding part of the offer
only if they are specificially contained in the
List of Materials or the List of Features.
List of Figures
1Introduction
The SURPASS hiQ 30 Directory Server is a central database for storing customer
information such as user names, user passwords, user rights, service policies etc. for
several SURPASS solutions and applications.
As a member of the SURPASS product family the SURPASS hiQ 30 Directory Server is
integrated into the NetManager’s management concept (see 5 Management).
New in Version 4.1 of SURPASS hiQ 30 is the introduction of DirX Extranet Edition as
directory server product. It is a high-end Directory Server for e-business, carriers and
service providers. This product was developed and optimized by SIEMENS specifically for
extremely fast, high-volume LDAP directories.
2Functional Description
In the SURPASS network solutions and applications the SURPASS hiQ 30 Directory Server
can be accessed e.g. from the SURPASS hiQ 20 Registration and Routing Server (RRS),
the SIP Proxy Server SURPASS hiQ 6200 and the Open Service Platform of SURPASS hiE
9200. Irrespective of the SURPASS components in use, the data required by the
aforementioned servers can be loaded from one common SURPASS hiQ 30 Directory
Server. New or additional applications with application-specific data can easily be added.
Necessary user data used for SURPASS applications are stored in a single entry on the
Directory Server. Thus the operator has one unified database for all the SURPASS
applications, which allows easy management of this centralized database.
The Lightweight Directory Access Protocol (LDAP) is the protocol for accessing the data of
the SURPASS hiQ 30. LDAP is optimized for reading databases with a large number of
entries. It enables SURPASS applications located wherever in the network to retrieve data
from SURPASS hiQ 30. LDAP has been standardized by the IETF (Internet Engineering
Task Force) and is specified in RFC 1777.
LDAP directories are arranged as trees. A typical tree may have the following structure, as
shown in Figure 2-1: LDAP directory tree. Below the topmost root node, country information
appears followed by entries for companies, states or national organizations. Next come
entries for organizational units, such as branch offices and departments. Finally the
individuals are located: these can be people or shared resources.
2.3Detailed functions
To support the necessary database access from the various servers, as described above
SURPASS hiQ 30 Directory server has implemented the following:
Pr ot ocols
• LDAP version 2 and 3, RFC 1558, 1777, 1778, 1959, and 2251.
• LDAP version 2 and version 3 operations: LDAP search filters, including presence,
• equality, inequality, sub string, approximate ("sounds like"), the Boolean operators
• all classes and objects defined in X.520 (1988) and X.521 (1988).
Securit y f unctions:
• LDAP over Secure Sockets Layer (SSL) providing privacy (encryption), integrity, and
authentication services
O &M f unctions:
• WEB based GUI for the administration of subscriber data for LDAP accessing servers
(e.g. SURPASS hiQ 10, SURPASS hiQ 20, and the Open Service Platform), SIP
users and VoxPortal user data.
• changes of the GUI to be performed without stopping the SURPASS hiQ 30 (only in
multi server scenario)
• Predefined database schemata for LDAP accessing servers (e.g. SURPASS hiQ 20,
SURPASS hiQ 6200 and the Open Service Platform), SIP users and VoxPortal user
data.
• Self-service center for SURPASS hiQ 20 and VoxPortal: The SURPASS hiQ 30 Self-
service Center allows a user to subscribe to an application without contacting an
operator (e.g. for a free service). This can cause a steady increase in the number of
unused accounts within the database.
• Garbage collector: The SURPASS hiQ 30 Directory Server provides the optional
possibility of deleting user entries in the database if the user has not used any
services during a predefined period of time (e.g. 6 months).
To address the SURPASS hiQ 30 Directory Server fixed IP addresses are used for each
scaling unit.
3Software Architecture
The following Figure 3-2: SURPASS hiQ 30 software architecture shows the different
system components and their residing software.
OSP
The entire SURPASS hiQ 30 software is pre-installed and pre-configured via install server.
4Hardware Architecture
The SURPASS hiQ 30 consists of the following commercial carrier grade HW components:
• RAM = 1 Gbyte
• 2* Ethernet 10/100BaseT
• 1 Unit rack mount design provides high compute density per rack
The SURPASS hiQ 30 realizes a rack mounted server farm consisting of several Sun
Netra 120 platforms, that are interconnected via a private LAN segment.
The SURPASS hiQ 30 is realized as a multithreaded application for optimized CPU usage.
5Management
5.1Management overview
The NetManager (NetM) provides management tasks for all SURPASS solutions, handling
all SURPASS network elements. The NetM comprises of the NetM Base System and NetM
Applications on network and service management level. All SURPASS components are
connected via IP to the NetManager. The SURPASS hiQ 30 is integrated into the
NetManager’s management concept.
The NetM Base System supports all necessary interfaces / protocols and operational tasks
to ensure a 100 percent operability of the solution.
The basic management of the SURPASS elements is done via GUI (Windows or web-based
by Metaframe SW).
The NetM applications automate network management and service management tasks and
reduce OA&M effort substantially. Open interfaces which are based on standard information
technologies (CORBA, XML) are provided for easy integration with higher layer
management systems.
All alarms based on SNMP (Simple Network Management Protocol) generated by the
SURPASS hiQ 30 are supervised and displayed via the NetManager Network Alarm
Surveillance. Therefore no web session needs to be activated between the NetManager and
the SURPASS hiQ 30.
The Status Browser displays the status information of the SNMP managed nodes and of
their sub-components. The information presented contains such details as the alarm state
(e.g. critical), the operational state (e.g. up) and the reason for the last state change.
Whenever an SNMP trap arrives at the NetM, the status information is updated accordingly.
In the Containment View’s tree, the overall status at each level is also updated following a
To get more details about the SNMP alarms, the LogViewer is used. With this applications,
the single traps and its details can be retrieved. The LogViewer also supports various kinds
of filtering to reduce the amount of information presented and provide easy analysis of
occurring faults.
The connection of the SURPASS hiQ 30 to the NetManager is realized via Ethernet and
TCP/IP protocol.
The Administration, configuration and maintenance of the SURPASS hiQ 30 is handled via
the hiQ 30 WEB interface.
6Technical Data
6.1Interfaces
The interfaces of the SURPASS hiQ 30 Directory Server are, as shown in Figure 6-3:
• HTTP/ HTTPS interfaces for management of the user data in the Directory Server
Remote user
Administrator HTTP/SSL
Web
Web browser HTTP browser
Internet Subscriber
Client LA N Client
IP-Network
services
LDAP
LDAP server
DirXweb
Server Host
As an example, the following screens show the web GUI interface used for the management
of the SURPASS hiQ 30 server:
Figure 6-5: SURPASS hiQ 30 LDAP WEB GUI user creation page
6.2Performance
The SURPASS hiQ 30 LDAP server (one Netra 120 shelf) can support up to 200 LDAP
requests/sec in total for all applications, which access the LDAP server, for up to 1 million
user profiles depending on the mix of applications.
By replicating the directory tree across servers the access load on any given machine can
be reduced, thereby improving server response time.
6.3Reliability
The reliability of SURPASS hiQ 30 LDAP is determined by the reliability of the commercial
platform SUN Netra 120. Additional reliability is achieved by the SURPASS hiQ 30 LDAP
redundancy concept with its replication mechanism.
The replication mechanism can be used as an efficient backup system in case of a Directory
Server failure. By replicating directory trees to multiple servers, it can be ensured that the
directory is available even if some hardware, software, or network problem prevents the
directory clients from accessing a given Directory Server instance.
Carrier grade parameters are also achieved by making use of shadowing and distributed
storage.
6.4Scalability
The SURPASS hiQ 30 LDAP server can be expanded by additional Netra 120 shelves in
steps of 1 (up to 18 shelves per rack), for redundancy and performance reasons a mimimum
configuration of 2 shelves is recommended as well as scaling in steps of 2.
Within the concept of a server farm, going along with an appropriate network planning there
is practically no limitation for scalability and performance.
7Abbreviations