[@Project]

[@customer]
Information and Communication Networks

Product Description

SURPASS hiQ 30 V4.1

Note:
Deliveries and services described in this
document are a binding part of the offer
only if they are specificially contained in the
List of Materials or the List of Features.

[@File-Name] PRODUCT DESCRIPTION Page 1 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

Table of Contents Page

[@File-Name] PRODUCT DESCRIPTION Page 2 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

List of Figures

[@File-Name] PRODUCT DESCRIPTION Page 3 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

1Introduction

The SURPASS hiQ 30 Directory Server is a central database for storing customer
information such as user names, user passwords, user rights, service policies etc. for
several SURPASS solutions and applications.

As a member of the SURPASS product family the SURPASS hiQ 30 Directory Server is
integrated into the NetManager’s management concept (see 5 Management).

New in Version 4.1 of SURPASS hiQ 30 is the introduction of DirX Extranet Edition as
directory server product. It is a high-end Directory Server for e-business, carriers and
service providers. This product was developed and optimized by SIEMENS specifically for
extremely fast, high-volume LDAP directories.

[@File-Name] PRODUCT DESCRIPTION Page 4 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

2Functional Description

2.1SURPASS hiQ 30 Directory Server overview

In the SURPASS network solutions and applications the SURPASS hiQ 30 Directory Server
can be accessed e.g. from the SURPASS hiQ 20 Registration and Routing Server (RRS),
the SIP Proxy Server SURPASS hiQ 6200 and the Open Service Platform of SURPASS hiE
9200. Irrespective of the SURPASS components in use, the data required by the
aforementioned servers can be loaded from one common SURPASS hiQ 30 Directory
Server. New or additional applications with application-specific data can easily be added.
Necessary user data used for SURPASS applications are stored in a single entry on the
Directory Server. Thus the operator has one unified database for all the SURPASS
applications, which allows easy management of this centralized database.

2.2Lightweight Directory Access Protocol (LDAP)

The Lightweight Directory Access Protocol (LDAP) is the protocol for accessing the data of
the SURPASS hiQ 30. LDAP is optimized for reading databases with a large number of
entries. It enables SURPASS applications located wherever in the network to retrieve data
from SURPASS hiQ 30. LDAP has been standardized by the IETF (Internet Engineering
Task Force) and is specified in RFC 1777.

LDAP directories are arranged as trees. A typical tree may have the following structure, as
shown in Figure 2-1: LDAP directory tree. Below the topmost root node, country information
appears followed by entries for companies, states or national organizations. Next come
entries for organizational units, such as branch offices and departments. Finally the
individuals are located: these can be people or shared resources.

[@File-Name] PRODUCT DESCRIPTION Page 5 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

Figure 2-1: LDAP directory tree

2.3Detailed functions

To support the necessary database access from the various servers, as described above
SURPASS hiQ 30 Directory server has implemented the following:

Pr ot ocols

• LDAP version 2 and 3, RFC 1558, 1777, 1778, 1959, and 2251.

• LDAP version 2 and version 3 operations: LDAP search filters, including presence,

• equality, inequality, sub string, approximate ("sounds like"), the Boolean operators

• and (&), or (|), and not (!).

• X.500 hierarchical naming

• all classes and objects defined in X.520 (1988) and X.521 (1988).

[@File-Name] PRODUCT DESCRIPTION Page 6 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks
Light weight Int ernet Person

• Schema (LIPS) for maximum compatibility with LDAP clients.

Funct ions f or carrier gr ade availabilit y:

• Elimination of single points of failure by directory replication

• scheduling regular times for synchronizing servers.

• a transactional data store, enabling seamless recovery from catastrophic failure

Securit y f unctions:

• Restriction of access to directory data down to the attribute level

• Control of users' ability to perform read, write, search, or compare operations

• Access control based on user identity, IP address, or domain name

• Anonymous access is optionally possible, e.g. in a secure domain

• LDAP over Secure Sockets Layer (SSL) providing privacy (encryption), integrity, and
authentication services

• Password policy management to control minimum and maximum password lengths

and password histories

• Support of Public Key Infrastructure for SURPASS hiQ 20

O &M f unctions:

• WEB based GUI for the administration of subscriber data for LDAP accessing servers
(e.g. SURPASS hiQ 10, SURPASS hiQ 20, and the Open Service Platform), SIP
users and VoxPortal user data.

• administrative operations such as backups, schema updates, and configuration

• changes of the GUI to be performed without stopping the SURPASS hiQ 30 (only in
multi server scenario)

• Predefined database schemata for LDAP accessing servers (e.g. SURPASS hiQ 20,
SURPASS hiQ 6200 and the Open Service Platform), SIP users and VoxPortal user
data.

[@File-Name] PRODUCT DESCRIPTION Page 7 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

• Self-service center for SURPASS hiQ 20 and VoxPortal: The SURPASS hiQ 30 Self-
service Center allows a user to subscribe to an application without contacting an
operator (e.g. for a free service). This can cause a steady increase in the number of
unused accounts within the database.

• Garbage collector: The SURPASS hiQ 30 Directory Server provides the optional
possibility of deleting user entries in the database if the user has not used any
services during a predefined period of time (e.g. 6 months).

Fixed IP ad dr ess( es)

To address the SURPASS hiQ 30 Directory Server fixed IP addresses are used for each
scaling unit.

[@File-Name] PRODUCT DESCRIPTION Page 8 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

3Software Architecture

The following Figure 3-2: SURPASS hiQ 30 software architecture shows the different
system components and their residing software.

OSP

Figure 3-2: SURPASS hiQ 30 software architecture

The SURPASS hiQ 30 Directory Server utilizes:

Operating system SUN Solaris 8

LDAP database DirX Extranet Edition 2.0
Web server Apache-Tomcat
Management of administration pages Servlet + JSP

The entire SURPASS hiQ 30 software is pre-installed and pre-configured via install server.

[@File-Name] PRODUCT DESCRIPTION Page 9 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

4Hardware Architecture

The SURPASS hiQ 30 consists of the following commercial carrier grade HW components:

• SUN Netra 120 server with 650 MHz UltraSPARC

• Operating System : SUN Solaris 8

• Cache: 16 KB data and 16 KB instruction on chip, secondary: 512 KB

• RAM = 1 Gbyte

• 2* hot pluggable mirrored disks HDD 36 Gbyte

• 2* Ethernet 10/100BaseT

• internal DC power supply (-40 to -75 VDC)

• 1 Unit rack mount design provides high compute density per rack

The SURPASS hiQ 30 realizes a rack mounted server farm consisting of several Sun
Netra 120 platforms, that are interconnected via a private LAN segment.

The SURPASS hiQ 30 is realized as a multithreaded application for optimized CPU usage.

normal operation: 5° C to 40°; short term 96h operation: -5° C to 55° C

[@File-Name] PRODUCT DESCRIPTION Page 10 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

5Management

5.1Management overview

The NetManager (NetM) provides management tasks for all SURPASS solutions, handling
all SURPASS network elements. The NetM comprises of the NetM Base System and NetM
Applications on network and service management level. All SURPASS components are
connected via IP to the NetManager. The SURPASS hiQ 30 is integrated into the
NetManager’s management concept.

The NetM Base System supports all necessary interfaces / protocols and operational tasks
to ensure a 100 percent operability of the solution.

The basic management of the SURPASS elements is done via GUI (Windows or web-based
by Metaframe SW).

The NetM applications automate network management and service management tasks and
reduce OA&M effort substantially. Open interfaces which are based on standard information
technologies (CORBA, XML) are provided for easy integration with higher layer
management systems.

5.2Base System Functionality

All alarms based on SNMP (Simple Network Management Protocol) generated by the
SURPASS hiQ 30 are supervised and displayed via the NetManager Network Alarm
Surveillance. Therefore no web session needs to be activated between the NetManager and
the SURPASS hiQ 30.

Containment View is an application that displays a hierarchical view (tree) of managed

SNMP agents in the network along with a status browsing functionality.

The Status Browser displays the status information of the SNMP managed nodes and of
their sub-components. The information presented contains such details as the alarm state
(e.g. critical), the operational state (e.g. up) and the reason for the last state change.
Whenever an SNMP trap arrives at the NetM, the status information is updated accordingly.
In the Containment View’s tree, the overall status at each level is also updated following a

[@File-Name] PRODUCT DESCRIPTION Page 11 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks
propagation rule.

To get more details about the SNMP alarms, the LogViewer is used. With this applications,
the single traps and its details can be retrieved. The LogViewer also supports various kinds
of filtering to reduce the amount of information presented and provide easy analysis of
occurring faults.

The connection of the SURPASS hiQ 30 to the NetManager is realized via Ethernet and
TCP/IP protocol.

The Administration, configuration and maintenance of the SURPASS hiQ 30 is handled via
the hiQ 30 WEB interface.

[@File-Name] PRODUCT DESCRIPTION Page 12 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

6Technical Data

6.1Interfaces

The interfaces of the SURPASS hiQ 30 Directory Server are, as shown in Figure 6-3:

• LDAP interface (used by each SURPASS application) for database access

• HTTP/ HTTPS interfaces for management of the user data in the Directory Server

• SNMP interface for administration of the LDAP Directory Server

Remote user
Administrator HTTP/SSL
Web
Web browser HTTP browser
Internet Subscriber
Client LA N Client
IP-Network
services

Directory Web server

LDAP
LDAP server
DirXweb

Server Host

Figure 6-3: Overview of the SURPASS hiQ 30 LDAP interfaces

Two graphical user interfaces (GUIs) are available:
 Internet User: A Web-based graphical user interface (GUI) provides a method for the
user to access data of SURPASS applications in a secure and easy way. This GUI is
called the SURPASS hiQ 30 Self-service Center. The HTML pages of this GUI are
accessible from the public Internet. It is guaranteed that users can only modify or
access the database information for which they are authorized. The GUI provides an
HTML interface for the user and an LDAP interface for accessing the database. This

[@File-Name] PRODUCT DESCRIPTION Page 13 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks
GUI is realized by using the DirXweb client (a Java servlet provided by Siemens DirX).
 Administrator: A second Web-based GUI provides the administrators with access to
the user data in the database from the private Intranet. The administrator is able to
add new users, add new services, change data, manage the LDAP tree, etc… The
GUI provides an HTML interface and an LDAP interface for accessing the database.
This GUI is realized by using the DirXweb client (a Java servlet provided by Siemens
DirX).

6.1.1Web GUI administrator interface

As an example, the following screens show the web GUI interface used for the management
of the SURPASS hiQ 30 server:

Figure 6-4: SURPASS hiQ 30 LDAP WEB GUI management

[@File-Name] PRODUCT DESCRIPTION Page 14 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

Figure 6-5: SURPASS hiQ 30 LDAP WEB GUI user creation page

6.2Performance

The SURPASS hiQ 30 LDAP server (one Netra 120 shelf) can support up to 200 LDAP
requests/sec in total for all applications, which access the LDAP server, for up to 1 million
user profiles depending on the mix of applications.

By replicating the directory tree across servers the access load on any given machine can
be reduced, thereby improving server response time.

[@File-Name] PRODUCT DESCRIPTION Page 15 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

6.3Reliability

The SURPASS Reliability concept is based on the combination of

 network reliability and
 product reliability.
This product description informs about the product reliability. For solution specific
information please refer to the respective solution description.

The reliability of SURPASS hiQ 30 LDAP is determined by the reliability of the commercial
platform SUN Netra 120. Additional reliability is achieved by the SURPASS hiQ 30 LDAP
redundancy concept with its replication mechanism.

The replication mechanism can be used as an efficient backup system in case of a Directory
Server failure. By replicating directory trees to multiple servers, it can be ensured that the
directory is available even if some hardware, software, or network problem prevents the
directory clients from accessing a given Directory Server instance.

Carrier grade parameters are also achieved by making use of shadowing and distributed
storage.

6.4Scalability

The SURPASS hiQ 30 LDAP server can be expanded by additional Netra 120 shelves in
steps of 1 (up to 18 shelves per rack), for redundancy and performance reasons a mimimum
configuration of 2 shelves is recommended as well as scaling in steps of 2.

Within the concept of a server farm, going along with an appropriate network planning there
is practically no limitation for scalability and performance.

[@File-Name] PRODUCT DESCRIPTION Page 16 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0
 [@Project]
[@customer]
Information and Communication Networks

7Abbreviations

AAA Authentication, Authorization and Accounting

AMA Automatic Message Accounting
GUI Graphical User Interface
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
HW Hardware
IP Internet Protocol
ISP Internet Service Provider
TDM Time Division Multiplex
LAN Local Area Network
LDAP Lightweight Directory Access Protocol
LRQ Location ReQuest
MGC Media Gateway Controller
MGCP Media Gateway Controller Protocol
NE Network Element
NetM Net Manager
NTP Network Time Protocol
PBX Private Branch Exchange
PCU Packet Control Unit
PSTN Pubilc Switched Telephone Network
RRQ Registration Request
RRS Routing and Registration Server
RTP Real Time Protocol
SNMP Simple Network Management Protocol
SSL Secure Sockets Layer
SW Software
TLS Transport Layer Security
SNMP Simple Network Management Protocol
SSL Secure Sockets Layer
SS7 Signaling System Number 7
SW Software
TLS Transport Layer Security
VoIP Voice over IP

[@File-Name] PRODUCT DESCRIPTION Page 17 of 17

[@Cust-Ref-No.] [@Proposal-No.] 30.9.2004
Issue 1.0