Академический Документы
Профессиональный Документы
Культура Документы
User’s Guide
This guide is produced and copyrighted by Camiant, Inc. Any use or reproduction of the contents of this manual without
the prior written consent of Camiant, Inc. is strictly prohibited.
NOTICE
All title and copyrights to this document are owned by Camiant, Inc. No part of the contents of this document may be
reproduced or transmitted in any form or by any means without the written permission of Camiant, Inc.
Camiant, Inc. shall not be liable for errors contained herein. Camiant, Inc. shall not be liable for any damages whatsoever,
including, without limitation, damages for loss of business profits, business interruption, loss of business information, or
other pecuniary loss arising out of the use of this documentation even if Camiant, Inc. has been made aware of the
possibility of such damages.
Information contained in this document is subject to change without notice. While every effort is made to ensure that the
information is accurate as of the publication date, users are reminded to update their use of this document with
documents published by Camiant, Inc. subsequent to this date.
Third-party product information is for informational purposes only, and constitutes neither an endorsement nor a
recommendation. Camiant, Inc. expressly disclaims any responsibility with respect to the performance of the third-party
products.
For permission to reproduce or distribute this document, please contact your Camiant account executive.
Camiant is a trademark of Camiant, Inc.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
All other trademarks mentioned in this document are property of their respective owners.
Camiant, Inc.
200 Nickerson Road
Marlborough, MA 01752 USA
508.486.9996
www.Camiant.com
Contents
About This Guide ............................................................. vii
Intended Audience ...................................................................................................... vii
Conventions ................................................................................................................ vii
Related Documentation .............................................................................................. viii
Contacting Camiant...................................................................................................... ix
Customer Comments ................................................................................................... ix
1 Introduction ...................................................................... 11
The Multimedia Policy Engine...................................................................................... 12
Overview ............................................................................................................. 12
Understanding Policy Rules.......................................................................................... 14
Overview of Major Tasks ............................................................................................. 15
The MPE Manager....................................................................................................... 16
Organizing Policy Rules ........................................................................................ 16
GUI Overview ...................................................................................................... 16
Specifications for Using the GUI........................................................................... 17
GUI Icons............................................................................................................. 17
Shortcut Selection Keys ....................................................................................... 18
3 Protocol Routing.............................................................. 53
PCMM Routing Architectures ...................................................................................... 54
Configuring PCMM Routing ........................................................................................ 55
7 Event Messaging.............................................................. 87
Overview..................................................................................................................... 88
Configuring Global Settings for Event Messaging ........................................................ 90
Configuring Local Policy Server Settings for Event Messaging............................... 92
The Record Keeping Server.......................................................................................... 94
Creating an RKS Profile........................................................................................ 94
Modifying an RKS Profile ..................................................................................... 95
Deleting an RKS Profile ........................................................................................ 95
This guide describes how to use the Multimedia Policy Engine (MPE)
Manager to configure and manage MPE devices. The information in this
guide is presented as follows:
■ “Introduction” on page 11
■ “Managing Policy Servers” on page 19
■ “Managing Network Elements” on page 57
■ “Managing Application Profiles” on page 77
■ “Event Messaging” on page 87
■ “Management Agent Servers” on page 97
■ “Managing Policy Rules” on page 109
■ “Managing Network Topology” on page 143
■ “Managing User Licenses” on page 155
■ “System Administration” on page 165
■ “Glossary” on page 197
Intended Audience
This guide is intended for the following trained and qualified service
personnel who are responsible for operating MPE devices:
■ System operators
■ System administrators
Conventions
Your view of the product may vary from the figures used as examples in
this guide; the pages that you see depend on your configuration or
application.
The MPE is the Camiant policy server. The terms policy server and MPE
are synonymous.
Related Documentation
The following guides provide additional information for the
configuration and use of Camiant products:
■ Cable Product Release Notes
■ Hardware Installation Guide
■ Software Installation Guide
■ Service User Interface User’s Guide
Contacting Camiant
Camiant Inc. maintains a site on the World Wide Web where you can find
information on our company and its products. Use the following URL:
http://www.camiant.com
http://www.camiant.com/support
Customer Comments
Customer comments are not only welcomed, they are encouraged.
Please take a moment and let us know how we are doing. To do this,
respond in one of the following ways:
Overview The core function of the MPE network is to establish service flows
between the subscribers and application servers that provide
multimedia services, as shown in Figure 1:
A service flow is activated only after the contents of its QoS request are
examined and approved by the MPE. If approved, the request is
forwarded to the intended destination network node.
You can combine policy rules to provide additional power and flexibility.
When there are multiple policy rules, the order in which the policy rules
are evaluated can also influence the policy server behavior, so the order
of evaluation is also configurable through the MPE Manager. You can also
organize policy rules into groups in order to simplify the management of
the policy rules.
The following are sample scenarios for which you might use policy rules:
■ You can modify the contents of protocol messages using policy rules.
For example, you could use a policy rule to override the requested
bandwidth parameters in a request.
■ You can create policy rules that track the use of resources for
devices in the network and implement limits on how those resources
are used. For example, some cable modems have limits on the
number of dynamic flows that they can support. Using policy rules,
you can ensure that a cable modem does not exceed this limit.
■ Some protocols allow for the provisioning of default QoS parameters
for subscribers. With these protocols, policy rules could be used to
implement subscriber tiers where different subscribers have
different bandwidth available.
■ You can configure policy rules to monitor the reservation of
bandwidth on network elements and notify operators when an
element exceeds certain threshold levels.
■ In many protocols, the policy server acts as an intermediary between
the Application Managers (AMs) and the QoS enforcement devices.
Many of these QoS enforcement devices implement proprietary
features that are activated through the use of standard (or
non-standard) fields in protocol messages. Using policy rules, you
can activate these proprietary features on behalf of the AMs, thus
allowing them to use these features without modification.
Organizing Policy Rules If you are working with multiple policy rules, the MPE Manager includes
several features to simplify the management of those rules.
The order in which rules are evaluated is important. The MPE Manager
allows you to configure the evaluation order of policies (see “Evaluating
Policy Rules” on page 111).
The MPE Manager also provides a policy grouping feature. Policies can
be organized into groups and the groups can be used to simplify the
process of deploying policies to policy servers (see “Creating a Policy
Group” on page 127).
GUI Overview The MPE Manager uses an intuitive and highly portable Graphical User
Interface (GUI) supporting industry-standard web technologies (SSL,
HTTP, HTTPS, and XML). Figure 2 shows the structure of the MPE
Manager GUI.
Work Area
Content Tree
Navigation Pane
Note: When using the MPE Manager for the first time, Camiant
recommends that you change the default username and
password to a self-assigned value. See “Changing a Password”
on page 194 for information on this procedure.
GUI Icons The MPE Manager provides easy to use icons for removing, deleting, or
changing the sequential order of the items displayed.
Note: Deleting an item from the ALL folder also deletes the
item from any associated group. A delete verification window
opens when this icon is selected.
Shortcut Selection Keys The MPE Manager uses the following standard browser techniques for
selecting multiple items from a list:
This chapter describes how to use the Multimedia Policy Engine (MPE)
Manager to configure and manage policy servers in a network.
Note: The MPE is the Camiant policy server. The terms policy server and
MPE are synonymous.
■ Logs — Displays the Policy Log, Event Log, and Alert configurations.
■ Policy Server — Lets you associate applications and network
elements with the policy server and configure protocol information.
■ EM — Lets you view and configure event messages.
■ Routing — Lets you organize large networks of policy servers into a
hierarchical configuration, applicable for network designs with
either centralized application architectures, or distributed
application architectures.
■ Policies — Lets you manage policies that are deployed on the policy
server.
■ DHCP — Lets you configure DHCP (Dynamic Host Configuration
Protocol).
3 Select the tab that contains the information you want to modify and
click Modify.
4 When you finish your modifications, click Save (or Cancel to discard
your changes).
Deleting a Policy Server Deleting a policy server profile from the ALL group also deletes it from
Profile any associated group.
3 Use one of the following methods to select the policy server profile to
delete:
■ From the work area, click the Delete icon located next to the policy
server profile you want to delete.
■ From the policy server group tree, select the policy server; the
Policy Server Administration page opens. Click the System tab; the
System tab opens. Click Delete.
You are prompted: “Are you sure you want to delete this Policy Server?”
Click OK to delete the policy server profile (or Cancel to cancel the
request).
5 When you finish, click Save (or Cancel to discard your changes). The
new group appears in the content tree.
Creating a Policy Server You can create subgroups to further organize your policy server
Subgroup network. To add a policy server subgroup to an existing policy server
group:
1 From the navigation pane, select Configuration. The content tree
displays a list of policy server groups; the initial group is ALL.
2 From the content tree, select the desired policy server group. The
Policy Server Administration page opens in the work area, displaying the
contents of the selected policy server group.
3 On the Policy Server Administration page, click Create Sub-Group. The
Create Group page opens (Figure 7).
4 Enter the name of the new subgroup. The name cannot contain
quotation marks (") or commas (,).
5 When you finish, click Save (or Cancel to discard your changes). The
subgroup is added to the selected group.
Renaming a Policy Server To modify the name assigned to a policy server group or sub-group:
Group
1 From the navigation pane, select Configuration. The content tree
displays a list of policy server groups; the initial group is ALL.
2 From the content tree, select the desired policy server group or
sub-group. The Policy Server Administration page opens in the work
area.
3 On the Policy Server Administration page, click Modify. The Modify
Group page opens (Figure 8).
4 Enter the new name in the Name field. The name cannot contain
quotation marks (") or commas (,).
5 When you finish, click Save (or Cancel to cancel the request). The group
is renamed.
Removing a Policy Server Removing a policy server from a policy server group or sub-group does
Profile from a Policy not delete the profile. To delete a policy server profile, see “Deleting a
Server Group Policy Server Profile” on page 26.
3 Remove the desired policy server profile using one of the following
methods:
■ Click the Scissors icon located next to the policy server you want to
remove.
■ From the content tree, select the policy server; the Policy Server
Administration page opens. Click the System tab; the System tab
opens. Click Remove.
The policy server is removed from the group or sub-group.
Deleting a Policy Server Deleting a policy server group also deletes any associated sub-groups.
Group However, any policy server profiles associated with the deleted groups
or sub-groups remain in the ALL group. You cannot delete the ALL group.
These steps are accomplished using the Service User Interface. For the
actual procedures needed to accomplish each step, see the Service User
Interface User’s Guide. The sections that follow provide a high-level
view of the process for each function.
Configuring Hostnames Before SSL certificates can be generated, hostnames (local) must be
and Hosts configured for both servers, and host entries must be entered for the
other (remote) server. To do this, see “Network Maintenance” in the
Service User Interface User’s Guide, and complete the following:
1 Configure a hostname for the local server.
2 Add the remote server as a host.
3 Ping both servers using the hostname command to test for connectivity.
Generating a Certificate Certificate creation is performed on each server (local and remote).
on Each Server When creating the certificate, ensure that the alias used matches the
hostname of the server the certificate is being created on. Also, the
default password of changeit must be used throughout the creation
process, or the certificates will not work. See “Create server
certificate” in the Service User Interface User’s Guide.
Exporting the Local Export the certificate to the keystore, where it will be copied via SCP to
Certificate the remote server. See “Configure SSL” in the Service User Interface
User’s Guide.
Importing the Peer Import the certificate that was previously exported from the remote
Certificate server to the local keystore. You must reboot the cluster for the new
certificate to take affect. See “Configure SSL” in the Service User
Interface User’s Guide.
■ Group View — Select ALL from the policy server content tree to view
all the defined policy servers or select a specific policy server group
or sub-group to view just the policy servers associated with the
group. The display in the work area includes a status column that
indicates if a policy server cluster is in one of the following states:
❏ On-line — Both policy server blades in the policy server cluster
are operational.
❏ Degraded — One policy server blade has failed, but the policy
server cluster continues to function with its one remaining blade.
The cluster is operating in simplex mode, that is, a stand-by
hardware blade is not available.
Note: The MPE Manager’s status for a cluster is the only reliable
indicator of a cluster’s state (such as “On-line” or “Degraded”), as
opposed to the HA status display in the SUI.
The MPE Manager also displays various statistics and counters related to
the following:
■ Cluster Information — Information about the physical components
that make up a cluster.
■ Policy Statistics — Information about the execution of policy rules.
■ Protocol Statistics — Information about the active network
protocols.
Cluster Information The fields that are displayed in the Cluster Information Report section
Report include the following:
■ Status — The status of the cluster. For a summary of the possible
status values, see “Checking the Status of a Policy Server” on
page 36.
■ Failures — The number of cluster failures that have occurred.
■ Uptime — The total uptime for the cluster.
Also within the Cluster Information Report is a listing of all the blades
contained within the cluster, including the following blade-specific
information:
■ Overall — Displays the current status, number of failures, and total
uptime for the blade.
■ Utilization — Displays the blade CPU, memory, and disk utilization
percentages.
The Service LED button activates an LED on the blade, which allows for
identification of the physical blade in the chassis of the cluster.
Blade Information Report You can select the blade identifier (MAC address) for any blade in the
Blades table to display the Blade Information Report page, showing
detailed information about that blade's physical and logical interfaces.
Figure 13 shows a sample Blade Information Report.
When you finish viewing the report, click Cancel to return to the
previous display.
Policy Statistics The Policy Statistics section summarizes policy rule activity within the
policy server. This is presented as a table of statistics for each policy
rule that is configured for the policy server.
Protocol Statistics The Protocol Statistics section summarizes the protocol activity within
the policy server. This information is presented as a table of statistics
for each protocol. In some cases, a protocol is broken down into
sub-entries to distinguish between the different types of protocol
activity.
For each entry in the Protocol Statistics table, you can select the name
of the entry to see a detailed report for that entry. For most protocols,
this report page displays a set of statistics that break down the protocol
activity by message type, message response type, errors, and so on.
Many of the protocol report pages also include a table that summarizes
the activity for each client or server with which the policy server is
communicating through that protocol. These tables also let you select a
specific entry to further examine detailed protocol statistics that are
specific to that client or server.
For example, for VoD devices, the Reports tab displays the following
information:
■ Total messages in/out — Total number of messages sent/received
from all VoD servers. This includes reserve requests, release
requests, and status (synchronization) messages.
■ Session count — Total number of session requests received by this
device, whether successful or not. A session teardown does not
decrement this value. (To see the current active session count, refer
to the network element statistics for each VoD server, which are
listed below this block of counters.)
■ Session success count — Number of successful reserve requests
(defined as a single reserve request followed by an ACK from the MPE
device) since the last reset.
■ Session failures — Number of failed session requests (defined as a
single reserve request from a VoD server followed by a NAK from the
MPE device).
The Policy Log The policy log records the activity of the Policy Rules Engine within the
selected MPE device.
To display the policy log, click Policy Log. The log appears in the work
area; Figure 17 shows an example.
To update the policy log display with the most recent data, click
Refresh. To close the display, click Cancel.
You can configure the severity of messages that are written to the policy
log. To configure the policy log display:
1 From the Logs tab, click Modify. The Modify Settings fields open in the
work area.
2 In the Policy Log Level field, select the minimum severity level to record
from the drop-down list:
■ Severe
■ Warning
■ Info
■ Config
■ Fine
■ Finer
■ Finest
3 When you finish, click Save (or Cancel to discard your changes).
The Event Log The Event Log displays the various events generated by the MPE device.
You can configure the severity as well as the destination(s) of messages
that are written to the event log.
Viewing Events To view log information using the Event Log Viewer:
1 From the navigation pane, select Configuration. The content tree
displays a list of policy server groups; the initial group is ALL.
2 From the content tree, select the policy server. The Policy Server
Administration page opens in the work area.
3 On the Policy Server Administration page, select the Logs tab. Log
information is displayed.
4 Click View Event Log. The Event Log Viewer page opens. While data is
being retrieved, an in-progress message appears. Figure 18 shows a
sample.
All events contain the following information:
■ Date/Time — Time when the event occurred. This time is relative to
the server time.
■ Blade — MAC address of the blade reporting the event.
■ Module — Name of the module reporting the event:
❏ PS — Policy Server
❏ HA — High Availability
❏ Manager — MPE Manager
❏ Scheduled Tasks — Task Manager
■ Code — The event code. For information about event codes and
messages, see the Event Log Messages Reference Guide.
■ Severity — Severity level of the event.
■ Message — The message associated with the event. If there is
additional information available, the event entry shows as a link.
Click on the link to see additional detail in the frame below.
5 You can filter the events displayed using the following:
■ Start Date/Time — Clickithe calendar icon, select the desired
starting date and time, then click Enter.
■ Event Log Timeline — If you have configured multiple log files, the
Event Log Timeline lets you select one of them. Click on a segment
to start the search within the log file represented by that segment.
■ Modules — Filter by originating module (such as DC, HA, Scheduled
Tasks, or Manager). Only events from the selected module(s) appear.
Refreshing the display Events that occur after the Event Log Viewer starts are not visible until
you refresh the display. To refresh the display, click one of the following
buttons:
■ Refresh — Applies filter settings and refreshes the display. This
displays the most recent log entries that fit the filtering criteria.
■ Refresh Default — Removes all filtering values and refreshes the
display. This displays the most recent log entries.
■ Next/Prev — Once the number of event log entries exceeds the page
limit, pagination is applied. Use the Prev and Next buttons to
navigate through the event log entries. When the Next button is not
visible, you have reached the most recent log entries.
■ Close — Closes the Event Log Viewer.
1 From the Logs tab, click Modify. The Modify Settings fields open in the
work area.
2 To modify event log settings, click Modify. The Modify Log Settings page
opens.
3 In the Modify Event Log Settings section of the page, configure the
following:
■ Event Log Level — indicates the severity of messages that are
written to the event log files. These severity levels correspond to
syslog message severities from RFC 3164. Adjusting this setting
allows any new events, at or above the configured severity, to be
recorded in the Event Log. Valid levels are:
❏ Emergency — Provides the least amount of logging, recording
only those events causing the system to be unusable.
❏ Alert — Action must be taken immediately in order to prevent an
unusable system.
❏ Critical — Events causing service impact to operations.
❏ Error — Events describing any internal, non-service impacting, or
error.
❏ Warning — Messages that, if left unattended, may cause service
impact. This is the default value.
❏ Notice — Provides messages that may be of significant interest
that occur during normal operation.
❏ Info — Informational messages that occur during normal
operation. This setting slows down MPE processing.
❏ Debug — Provides the greatest amount of logging. This setting is
not recommended except in controlled environments.
the default address of 0.0.0.0. To filter the log level sent to this
server, select a level; all messages at or above this value are
forwarded. The default level is “Warning.”
■ Event Log Forward IP Address 2— Sets the second syslog server
address. If you do not want to forward events to this server, leave
the default address of 0.0.0.0. To filter the log level sent to this
server, select a level; all messages at or above this value are
forwarded. The default level is “Warning.”
■ Event Log Forward IP Address 3 — Sets the third syslog server
address. If you do not want to forward events to this server, leave
the default address of 0.0.0.0. To filter the log level sent to this
server, select a level; all messages at or above this value are
forwarded. The default level is “Warning.”
■ Event Log Forward IP Address 4 — Sets the fourth syslog server
address. If you do not want to forward events to this server, leave
the default address of 0.0.0.0. To filter the log level sent to this
server, select a level; all messages at or above this value are
forwarded. The default level is “Warning.”
■ Event Log Forward IP Address 5 — Sets the fifth syslog server
address. If you do not want to forward events to this server, leave
the default address of 0.0.0.0. To filter the log level sent to this
server, select a level; all messages at or above this value are
forwarded. The default level is “Warning.”
■ Event Log Forward Facility — Indicates the facility to associate with
a forwarded event log message; this setting is only applicable when
one or more Event Log Forwarding IP addresses is configured.
The facility values correspond to syslog message facilities from RFC
3164:
4 When you finish, click Save (or Cancel to discard your changes).
Alerts Alerts are issued when your network topology nears or exceeds the
maximum bandwidth limits set. For information on how alerts are
displayed, see “Viewing Alerts” on page 149.
To configure alerts:
1 From the Logs tab, click Modify. The Modify Settings fields open in the
work area.
2 In the Alert Configuration area, select or deselect Enable Alerts.
This chapter describes how to manage network elements within the MPE
Manager. This chapter discusses the following topics:
■ Creating a Network Element
■ Configuring Options for Network Elements
■ Working with Network Element Groups
■ Associating a Network Element with a Policy Server
■ Adding Network Elements to the MPE Manager
There are also lower-level entities within the network that the MPE
device manages that are not considered network elements. These are
sub-elements, such as a channel within a CMTS or an interface on a
router, or devices that are connected directly to network elements,
such as a cable modem connected to a CMTS. Typically, there is no need
to define these lower-level entities because once a network element is
associated with an MPE device, the lower-level devices related to that
network element are discovered and associated automatically.
Create a network element profile for each device you are associating
with an MPE device. After defining a network element in the MPE
Manager, you must configure its protocol options. The options available
depend on the network element type.
Once you define network elements, you can combine them in network
element groups.
Deleting Network Deleting a network element from the ALL group also deletes it from any
Elements associated group.
3 From the work area, click the Delete icon located next to the network
element you want to delete.
You are prompted: “Are you sure you want to delete this Network
Element?” Click OK to delete the network element (or Cancel to cancel
the request).
1 From the navigation pane, select Network Elements. The content tree
displays a list of network element groups; the initial group is ALL.
2 From the content tree, select ALL. The Network Element Administration
page opens in the work area.
3 On the Network Element Administration page, click Bulk Delete. The
Bulk Delete Network Elements page opens. Figure 22 shows an example.
By default, the Search Pattern entry box is empty; enter an asterisk to
generate a global search.
4 Select the desired network elements or network element groups to
delete.
5 Click Bulk Delete to delete the network element or group from the MPE
Manager and all the associated policy servers, or Cancel to cancel the
request.
Finding a Network The MPE Manager Search function lets you find a specific network
Element element located within a large network element configuration. To
search the MPE Manager for a particular network element:
1 From the navigation pane, select Network Elements. The content tree
displays a list of network element groups; the initial group is ALL.
2 From the content tree, select ALL. The Network Element Administration
page opens in the work area.
3 On the Network Element Administration page, click Search. The
Network Element Search Criteria window opens (Figure 23).
5 After entering all search criteria, click Search (or Cancel to cancel the
request). The search results are displayed; for example:
CAUTION: Enable this option only if you are using DQOS in the
MPE and the CMTS is configured to accept a DQOS connection.
If this feature is enabled, and the CMTS is not configured to
accept the connection, many error messages can be written
to the policy server logs as the MPE repeatedly tries to
establish the DQOS connection.
■ Subnets
❏ Subnets Configured Manually — Within this field you can add or
delete subnets.
❏ Subnets Discovered via SNMP — This read-only field displays
subnets that were discovered using SNMP. If additional subnets
need to be added, they can be added by using the Subnets
Configured Manually field.
Creating a Network Network element groups let you organize network elements.
Element Group
To create a network element group:
1 From the navigation pane, select Network Elements. The content tree
displays a list of network element groups; the initial group is ALL.
2 From the content tree, select the ALL group. The Network Element
Administration page opens in the work area.
3 On the Network Element Administration page, click Create Group. The
Create Group editor page opens.
4 Enter the name of the new network element group. The name cannot
contain quotation marks (") or commas (,).
5 When you finish, click Save (or Cancel to discard your changes). The
new group appears in the content tree.
Adding a Network Once a network element group is created, you can add individual
Element to a Network network elements.
Element Group
To add a network element to a network element group:
1 From the navigation pane, select Network Elements. The content tree
displays a list of network element groups; the initial group is ALL.
2 From the content tree, select the desired policy server group. The
Network Element Administration page opens in the work area,
displaying the contents of the selected network element group.
3 On the Network Element Administration page, click Add Network
Element. The Add Network Element page opens, displaying the network
elements not already part of the group. Figure 25 shows an example.
4 Click on the network element you want to add; use the Ctrl or Shift keys
to select multiple network elements.
5 When you finish, click Save (or Cancel to cancel the request). The
network element is added to the selected group.
Creating a Network You can create subgroups to further organize your network element
Element Subgroup network. To add a network element subgroup to an existing network
element group:
1 From the navigation pane, select Network Elements. The content tree
displays a list of network element groups; the initial group is ALL.
2 From the content tree, select the desired network element group. The
Network Element Administration page opens in the work area,
displaying the contents of the selected network element group.
3 On the Network Element Administration page, click Create Sub-Group.
The Create Group page opens (Figure 26).
4 Enter the name of the new subgroup. The name cannot contain
quotation marks (") or commas (,).
5 When you finish, click Save (or Cancel to discard your changes). The
subgroup is added to the selected group.
Deleting a Network Removing a network element from the ALL group removes it from all
Element from a Network other groups and subgroups. Removing a network element from a
Element Group network element group or subgroup does not delete the network
element from the ALL group, from which it can be used again if needed.
Renaming a Network To modify the name assigned to a network element group or subgroup:
Element Group
1 From the navigation pane, select Network Elements. The content tree
displays a list of network element groups; the initial group is ALL.
2 From the content tree, select the network element group or subgroup.
The Network Element Administration page opens in the work area.
3 On the Network Element Administration page, click Modify. The Modify
Group page opens (Figure 27).
4 Enter the new name in the Name field. The name cannot contain
quotation marks (") or commas (,).
5 When you finish, click Save (or Cancel to cancel the request). The group
is renamed.
Deleting a Network Deleting a network element group also deletes any associated
Element Group or subgroups. However, any network elements associated with the deleted
Subgroup groups or subgroups remain in the ALL group. You cannot delete the ALL
group.
6 Select the desired network elements and click -->. To select multiple
entries, use the Ctrl and Shift keys.
7 When you finish, click OK (or Cancel to discard your changes). The
selected network elements are added to the list of network elements
managed by this MPE device.
8 To associate a network element group with the policy server, select the
group from the list of network element groups located under
Associations.
9 When you finish, click Save (or Cancel to discard your changes).
Using the OSSI XML The OSSI XML interface provides access to raw data in the system
Interface directly via HTTP. The system data is entered and returned as XML
documents in accordance with defined schemas. The schema for the
input XML is provided to specify exactly which attributes of a network
element are permitted on import, as well as the formatting for those
attributes.
You can also define network element groups as part of the XML file and
imported within the same file. Groups let you define a logical
organization of network elements within the MPE Manager at the time of
import. Group structures include not only group attributes, but also
relationships between groups, subgroups, and elements.
Importing an XML File to During the import process, network elements are read one at a time
Input Network Elements from the user-specified XML file. Each network element is then
validated and checked against the existing database for collisions.
Collisions are detected based on the network element name, which is
considered a unique key to the element. If that network element
already exists within the system, the existing element’s attributes are
updated (overwritten) by the attributes specified in the XML file being
imported. If that network element does not exist within the system, the
network element is created and imported as a new network element.
Following the import, status messages provide the total counts of all
successful imports, updates, and failures. Click Details (the button is
Exporting an XML File The Export feature outputs an XML file containing structures for all
network elements, interfaces, subnets, links, and network element
groups within the MPE Manager, in the same schema used on import.
This allows you to export to an XML file and then import that same file,
performing a restore or backup. The export file can also be transferred
to a third-party system.
When you are providing application services in your network, there are
usually one or more servers within your network that are used to
manage that service. These systems are referred to as Application
Managers or Application Servers. When these systems are establishing a
session that requires quality of service they issue a request to a policy
server.
This chapter defines how to manage traffic profiles in the MPE Manager.
This chapter discusses the following topics:
■ Creating a Traffic Profile
■ Modifying a Traffic Profile
■ Deleting a Traffic Profile
■ Working with Traffic Profile Groups
Traffic profiles are used in the MPE device under several situations; for
example:
■ They define default settings for protocol messages (see “Configuring
SSL Certificates” on page 33)
■ They modify protocol messages thus modifying the QoS for sessions
managed by those messages (see “Creating a New Policy” on
page 116)
Each traffic profile has a type associated with it. Since each protocol
supports different parameters for controlling QoS settings, the available
MPE parameters depend on the underlying protocol. Therefore, each
profile type is associated with a single protocol, but a single protocol
can support multiple profile types.
You can create multiple traffic profiles of the same type, as the values
of the parameters for each profile determine the actual QoS that is
associated with that profile.
Adding a Traffic Profile Adding traffic profiles to a traffic profile group is consistent with the
to a Traffic Profile Group addition of any other component within the MPE Manager. To add a
traffic profile to a traffic profile group, see “Adding a Policy Server to a
Policy Server Group” on page 28 for a basic understanding of the
addition process.
Deleting a Traffic Profile Deleting traffic profiles from a traffic profile group is consistent with
from a Traffic Profile the deletion of any other component within the MPE Manager. To delete
Group a traffic profile from a traffic profile group, see “Removing a Policy
Server Profile from a Policy Server Group” on page 31 for a basic
understanding of the deletion process.
Note: This procedure only removes a traffic profile from a group folder.
It does not delete the traffic profile from the ALL group folder, so it can
be used again if needed.
Modifying a Traffic Modifying a traffic profile group name is consistent with the
Profile Group Name modification of any other group name within the MPE Manager. To
modify a traffic profile group name, see “Renaming a Policy Server
Group” on page 30 for a basic understanding of the modification
process.
Deleting a Traffic Profile Deleting a traffic profile group is consistent with the deletion of any
Group other group within the MPE Manager. To delete a traffic profile group,
see “Deleting a Policy Server Group” on page 32 for a basic
understanding of the deletion process.
This chapter describes how to use the MPE Manager to configure and
manage Event Messaging and the Record Keeping Server that receives
the messages.
Overview
Event messaging is the standard mechanism (as defined in PCMM
specification PKT-SP-MM-I03) by which an external server can be
notified when certain PCMM events occur. The external server that is
notified is referred to as a Record Keeping Server (RKS). These event
messages (EMs) are then correlated by the RKS to derive service billing
information, network resource usage patterns, capacity planning, and
so on.
Event message algorithm The policy server uses an algorithm to determine if it should send event
messages. As mentioned previously, this algorithm also determines
whether the policy server will instruct the CMTS to send event
messages.
If you want to ensure that event messages are sent for every operation
that is performed, then configuring a default RKS will accomplish that.
However, there is one important limitation to this type of configuration.
When your event messages are generated by the policy server using a
default RKS, there is no BCID that is available from the AM. In this
situation, the policy server generates a unique BCID for each gate.
Consequently. it is not possible to correlate multiple gates together
when using this type of event messaging configuration.
Event messaging attributes Event messaging is configured in the MPE Manager by configuring a set
of attributes. Each of these attributes is set either globally (shared by
all policy servers) or on a per-policy-server basis. You can configure an
attribute globally and then override it for a specific policy server.
Configuring Local Policy The MPE lets you configure how event messages are handled for a
Server Settings for Event specific policy server. Local settings override global settings for event
Messaging messaging.
If you have a single server that provides both a primary and secondary
address, you can configure it as a single RKS. If you have two servers,
each of which only provides a single IP address/port, then you could
either configure both of them as a single RKS (that acts as a backup
pair) or you could configure them as two separate RKSs, each with a
Primary address/port and no Secondary address/port. However, if an
RKS does not have a Secondary address/port, then that RKS will not be
able to participate in the RKS failover mechanism as defined in the
PCMM specification.
1 From the navigation pane, select Record Keeping Server. The content
tree displays the Record Keeping Servers group.
2 Select the Record Keeping Servers group. The Record Keeping Server
Administration page opens in the work area.
3 On the Record Keeping Server Administration page, click on the RKS you
wish to modify. Configuration information for that RKS is displayed.
4 Click Modify. The Modify Record Keeping Server page opens.
5 Modify configuration information as needed.
6 When you finish, click Save (or Cancel to discard your changes).
The MA server sits between the MPE Manager and one or more MPEs. The
number of MA servers and MPEs depends on the size of the network. The
groupings that define the MPEs managed by an MA server and the MA
servers managed by the MPE Manager depends on the layout of the
network.
4 To view the status and the current execution schedule for a specific
task, click the task name. Detailed information is displayed; for
example:
4 To view the Event Log or to define event log filtering, click the View
Event Log link. The Event Log Viewer page opens. Figure 40 shows an
example.
Filtering the Event Log You can filter the events that display using the following:
■ Event Log Timeline — Narrows the time from which event logs are
displayed by allowing you to select a region in the timeline.
■ Start Date/Time — Click the calendar icon, select the date, enter
the desired time, and click Enter.
This chapter describes how to create policy rules and policy groups. This
chapter discusses the following topics:
■ Creating, Evaluating, and Deploying Policy Rules
■ Creating a New Policy
■ Policy Templates
■ Managing a Policy Group
■ Import/Export Policies, Policy Groups, Templates
■ Policy Log
Creating Policy Rules Policy rules are created (and modified) using the Policy wizard in the
MPE Manager. Understanding how a policy rule is structured is helpful in
understanding some of the other policy management concepts.
When you define a policy rule, you select from a list of available
conditions and actions. Most of the conditions and actions are
parameterized (they contain placeholders that may be replaced with
specific values to allow you to customize them as needed). For
example, consider the following policy rule:
This policy rule has two policy actions. The first action provides
parameters that let you define a specific traffic profile to be applied.
The second action instructs the policy server to evaluate the remaining
rules within the policy rules list, as opposed to immediately accepting
or rejecting the request.
Evaluating Policy Rules To write policy rules, it is important to understand how they are
evaluated by the Policy Rules Engine, and how the engine fits into the
protocol message processing within the policy server.
If you review the set of policy conditions that are available in the Policy
wizard, one thing you will discover is that there are not many
protocol-specific conditions. Although it is possible to write
protocol-specific policy rules, the Policy Rules Engine itself does not
have any protocol knowledge. Instead, it deals with a set of abstractions
that are mapped to the underlying protocol messages that are being
processed.
When the policy server receives a protocol message, the policy server
performs the initial processing of that message and then determines
whether or not the message is one that should be processed by the
Policy Rules Engine. As a general rule, protocol messages that are either
requesting bandwidth, or modifying previous requests for bandwidth,
are processed by the Policy Rules Engine. Most other protocol messages
are not. For example, a protocol message that releases bandwidth is
typically not processed by the policy rules because there is no reason to
prevent or modify that action.
After constructing these two lists, the Policy Rules Engine applies the
policy rules according to the
following algorithm:
It should be clear from this algorithm that a single message can result in
a policy rule being evaluated multiple times. This point is important to
understand to ensure that the policy rules you write operate in the way
you intended.
When there are multiple policy rules defined, they are always applied in
the same order. The only exception is when the policy actions indicate
that policy evaluation should be terminated. The policy actions are
divided into two types:
■ Optional actions
■ Required actions
You must select one, and only one, of the required actions when the
rule is created. This action determines the end result of the execution
of the policy rule. If optional actions are defined in a policy rule, they
are always performed before the required action. The required actions
are:
■ Reject message — The Policy Rules Engine aborts the normal
processing for this protocol message. For most protocols this results
in the immediate termination of policy rule processing and some
type of error response message being sent back to the originator of
the request.
The reject message can contain a numeric code (an integer between
0 and 65535) defined during policy creation that the MPE returns to
define the reason for the rejection (see “Creating, Evaluating, and
Deploying Policy Rules” on page 110).
■ Continue processing message — The Policy Rules Engine applies the
optional actions and continues processing policy rules.
■ Accept message — The Policy Rules Engine skips the rest of the
policy rules and immediately forwards the protocol message on to
the next processing step (this varies depending on the protocol).
Deploying Policy Rules Deploying a policy (or policy group) is the act of transferring the policy
from the MPE Manager to a policy server. Once deployed, the policy
rules defined within the policy or policy group are used as decision
making criteria by the policy server.
Figure 42 shows how the same library of policies can be grouped first
and then deployed as policy groups. When a policy group is created, the
policies are arranged in the order in which they are to be evaluated.
Grouping policies makes deployment of multiple policies easier and
helps to ensure consistency in how policies are applied to policy
requests on different policy servers.
When you first create a policy rule, that rule exists only within the MPE
Manager. Once the policy rule is deployed, any change to the policy rule
is automatically redeployed when you complete your changes.
Automatic redeployment also applies to policy groups as well. Any
changes to a policy group triggers automatic redeployment. If you add a
policy rule that was not previously deployed to a policy group that is
deployed to one or more policy servers, then the rule is deployed
automatically to those policy servers.
Figure 43 shows what happens when a policy (P3) is modified and then
its associated groups (PG-1 and PG-3) are redeployed automatically.
Navigate through the Policy wizard using the Back, Next, or Cancel
buttons, or by clicking on the desired option in the navigation line at the
bottom left of the window.
The following procedure describes how to create a new policy, using the
following simple policy as an example:
When you finish, click OK (or Cancel to discard your changes). The
popup window closes and the input is added to the policy condition.
8 When you finish defining policy conditions, click Next (or Cancel to
close the wizard without saving the policy). The Actions page for this
policy opens.
9 Select the required action that the MPE should execute if the policy
request matches the defined conditions of the policy; for example:
10 When you finish, click Next (or Cancel to close the wizard without
saving the policy). The Policy Name page opens:
Creating You can define policy rules that take effect either at or during time
Time-Dependent Policy periods. Time is specified in two ways: as a condition within a policy, or
Rules using a defined time period. In addition, the MPE Manager supports
time-of-day triggers.
Time Conditions Time conditions appear on the Conditions page of the Policy wizard:
Select a condition to add it to the policy rule. Selecting more than one
condition combines them as logical additions (that is, condition and
condition). You can specify the following:
■ Start and end times — For example, where the current time
is between 18:00 and 23:59.
■ Weekdays or weekend days — Weekdays are Monday, Tuesday,
Wednesday, Thursday, and Friday; weekend days are Saturday and
Sunday.
■ Day — You can select a specific day of the week (for example, where
today is Saturday).
■ Time periods — To specify a defined time period, select the
condition where the current time is within the
specified time period. Click on specified and then select
the time period from the pop-up window. You can include or exclude
the time period using the operator is or is not.
Modifying a Policy Policies can be modified and then redeployed to the desired MPEs.
When a policy that resides in multiple policy groups is modified, the
changes are propagated throughout the various groups.
Deleting a Policy Policies, policies within a policy group, and entire policy groups can be
removed from an MPE device when they are no longer needed. Because
the policy still resides on the MPE Manager, it can be redeployed at a
later date, if needed. If a policy is no longer needed by the network, it
can be deleted from the MPE Manager as well.
To delete a policy:
1 From the navigation pane, select Policy Library. The content tree
displays a list of policy groups; the initial group is ALL.
2 From the content tree, select the ALL group. The Policy Administration
page opens in the work area, displaying all defined policies.
3 Use one of the following methods to select the policy to delete:
■ From the work area, click the Delete icon located next to the policy
you want to delete.
■ From the policy group tree, select the policy; the Policy
Administration page opens. Click Delete.
You are prompted: “Are you sure you want to delete this Policy?” Click
OK to delete the policy (or Cancel to cancel the request).
Policy Templates
The MPE Manager lets you create policy templates to simplify the
creation of multiple policies that have similar conditions and actions. A
policy template is similar to a policy, except that some (or all) of the
parameters in the conditions and actions are not completely defined.
Those parameters are defined later, when you use the policy template
to create policy rules.
Modifying a Policy Modifying a policy template does not modify previously configured
Template policies.
4 Enter the name to assign to the new group, then click Save (or Cancel
to discard your changes). The new group information is saved to the MPE
Manager and displayed in the content tree.
5 Select the desired policy to add to this group and click Add (or Cancel
to cancel the request).
6 When you finish, click Save (or Cancel to discard your changes). The
added policies are displayed in the policy group tree.
Now you can deploy the policy group to the policy servers (see
“Deploying a Policy/Policy Group to Policy Servers” on page 134).
Removing a Policy from Removing a policy from a policy group that has been saved to the MPE
a Policy Group Manager only removes the policy from that selected policy group. The
policy itself remains in the ALL group, as well as any other group it had
been added to. (To remove a policy from all groups of the Policy Library,
see “Deleting a Policy” on page 122.)
■ From the content tree, select the desired policy group and the
desired policy within the group. Its profile information is displayed.
Click Modify.
Select the Scissors icon located next to the policy you want to
remove.
Changing the Sequence Policies are applied to policy requests in the order in which they are
of Policies within a deployed to a policy server. The sequential ordering of policies, both
Policy Group inside and outside of a policy group, can be modified. For procedures on
this operation, see “Changing the Sequence of Deployed Policies or
Groups” on page 137.
Note: This modified group is redeployed at this time, ensuring that the
policy servers are synchronized once again with the MPE Manager.
Deploying a Policy/Policy The basic procedure for deploying either a policy or a policy group is the
Group to Policy Servers same. The following procedure uses the example of deploying a policy
group:
1 From the navigation pane, select Policy Library. The content tree
displays a list of policy library groups; the initial group is ALL.
2 From the content tree, select the policy group to deploy. The Policy
Administration page opens in the work area.
3 On the Policy Administration page, click Deploy. The policy server tree
is displayed, listing all possible target policy servers and server groups
(you can expand the tree view if necessary).
4 Select the desired target policy servers or server groups.
5 Click Deploy (or Cancel to cancel the request). The policy information
is saved to each selected policy server. A message indicating that the
deployment process was successful is displayed.
Removing a Policy from Removing a policy from within a policy group that was deployed to a
a Policy Group on a policy server is a function of the Policy Library. The policy group is
Policy Server modified on the MPE Manager, then redeployed. (To remove the entire
policy group from a policy server, see “Removing a Policy/Policy Group
from a Policy Server” on page 136.)
To remove a policy from a policy group and then redeploy the group:
1 From the navigation pane, select Policy Library. The content tree
displays a list of policy library groups; the initial group is ALL.
2 From the content tree, select the desired policy group. The Policy
Administration page opens in the work area.
3 Remove the desired policy using one of the following methods:
■ From the Policy Library tree, select the policy. The Policy
Administration page displays the profile information. Click Remove.
■ On the Policy Administration page, click Modify and then select the
Scissors icon located next to the policy you want to remove.
Removing a Policy/Policy Removing a deployed policy or policy group from a policy server is
Group from a Policy performed using the Policy Server function of the MPE Manager.
Server
To remove a policy/policy group from a policy server:
1 From the navigation pane, select Configuration. The content tree
displays a list of policy server groups; the initial group is ALL.
2 From the content tree, select the policy or group to remove. The Policy
Server Administration page opens in the work area.
3 On the Policy Server Administration page, select the Policies tab.
4 Click Modify. The Manage Policies page opens (Figure 49).
5 Select the Scissors icon located next to the policy or policy group that
you want to remove.
6 When you finish, click Save (or Cancel to cancel the request). The
policy or policy group is redeployed to the policy server, minus the
removed policy or policy group.
Changing the Sequence Changing the sequential order of deployed policies or policy groups is
of Deployed Policies or performed directly on a policy server using the Policy Server function.
Groups
To change the sequential order:
1 From the navigation pane, select Configuration. The content tree
displays a list of policy server groups; the initial group is ALL.
2 From the content tree, select the policy to reorder. The Policy Server
Administration page opens in the work area.
3 On the Policy Server Administration page, select the Policies tab.
4 Click Modify. The Manage Policies page opens in the work area.
Figure 50 shows an example.
5 Use the Up and Down arrow icons to change the sequential positioning
of the policies and policy groups.
6 When you finish, click Save (or Cancel to cancel the request). The
policies and policy groups are redeployed to the policy server in their
new sequential order. A confirmation message displays in the work area.
For information only, exported policies are marked with policy version
numbers as well as the version number of the MPE Manager software
under which they were created. This does not affect importation of
policies created under different versions of the MPE Manager.
If you try to import an invalid file you are prompted with a validation
error: “You must correct the following error(s) before proceeding: There
is a problem with the import file. The name is required, the file must be
present, and the file must be in the correct format.”
3 Click Save (or Cancel to close the window and cancel the request). The
Save As window opens.
4 Assign a name to the policy file (the default is PolicyExport.xml), use
the browse function to map to the desired drive location, then click
Save. The Download Complete window opens, indicating the policies
were successfully exported.
5 Select Close to close the Download Complete window.
The Policy Log
This chapter describes how to manage the MPE network topology and
monitor network elements. This chapter discusses the following topics:
■ The Network Topology Map
■ Network Path Management
Note: In Cable mode, you can view network elements, access all
topology layouts, and monitor alerts; you cannot show statistics on a
node. In SPC mode, you can access all network topology options.
Network Element The network topology map uses the following icons for components:
Components
Indicates an MPE device.
Indicates a sub-group.
Note: If this is the first time you have viewed the Network
Topology, click within the map to activate the view. You are
presented with a stacked display of the network elements.
■ To view the network element name, place the cursor over the
desired network element; for example:
3 When you finish, right-click and select Layout > Save Layout. The
layout is saved. If the configuration is not saved, the map reverts back
to its last saved configuration the next time you open it.
Laying Out the Map You can arrange icons by dragging them around the map. You can also
Automatically automatically organize the map by network element layout or network
topology. To lay out the map automatically:
1 From the navigation pane, select Topology. The Network Topology page
opens.
2 Right-click, and from the pop-up menu that opens select Layout.
Figure 54 shows an example.
3 Select a layout format:
■ Layout > Random
4 When you finish, right-click and select Layout > Save Layout. The
layout is saved. If the configuration is not saved, the map reverts back
to its last saved configuration the next time you open it.
Viewing Alerts The Network Topology Map contains the network alerts that are issued
when your topology nears or exceeds the maximum bandwidth limits
set. Figure 55 shows an example.
From within the Alert Viewer you can view further details, comment on,
and resolve alerts.
Viewing Alert Details Network-based alerts can be viewed in the topology map through a
warning signal displayed next to the icon for a network element, and an
animation highlighting a path through the network.
1 From the navigation pane, select Alerts. The Alert Viewer window
opens.
2 Click on the binoculars icon to the right of the alert. The warning
symbol and animated path, highlighted, are displayed:
3 Enter the desired comment and then click Submit (or Cancel to close
the window and discard your changes).
Resolving an Alert To resolve an alert:
1 From the navigation pane, select Alerts. The Alert Viewer window
opens.
2 Click on the checkmark icon (to the right of the alert). You are
prompted, “Are you sure you want to resolve this Alert?”
3 Click OK to resolve the alert (or Cancel to leave the alert unchanged).
2 Click the trash can icon next to the path you want to delete. You are
prompted: “Are you sure you want to delete this Path?”
3 Click OK (or Cancel to close the window and cancel the request). The
path is deleted.
This chapter describes how to configure and track user licenses within
the MPE Manager.
Note: By default, only admin users can access the licensing feature (see
“Configuring System Settings” on page 166). Also, licenses are assigned
in increments of 1000 (refer to “Assigning Licenses to a Policy Server”
on page 159).
The licensing feature takes into account which applications are covered
by the licenses, gates that have run too long, and the conversion from
gates to sessions. This task also determines daily, weekly, and quarterly
maximums. When the task determines a weekly maximum, it also
calculates an interim quarterly maximum, as if it were the last week in
the quarter. If the policy server has exceeded the defined license limit,
an alert is issued through the alert tracking subsystem.
Displaying Individual There are two ways in which you can display individual licenses:
Licenses ■ Clicking on the license within the Content Tree.
■ Clicking on the license within the License Administration section.
Installing a License
You must obtain a license from Camiant before you can install one on
the MPE Manager.
To install a license:
1 From the navigation pane, select Configuration (under License). The
License Administration page opens in the work area.
2 From the content tree, select the Licenses group.
3 On the License Administration page, click Install License. The Install
License page opens (Figure 58).
4 Enter the following information exactly as defined in the Camiant
license:
■ Serial Number — The serial number assigned by Camiant.
■ Customer Name — The customer name.
■ Sessions — The number of bundled licenses.
■ Date Issued — The date that the licenses become available.
■ Key — The generated key provided.
5 When you finish, click Save (or Cancel to discard your changes).
Assigning Licenses to a Once a license is assigned to a policy server, the license cannot be
Policy Server removed. A license may be reallocated once an MPE device is deleted
from the MPE Manager.
In this example, the license with the serial number UNV-5788185 has
3000 licenses allocated, but only 1000 are assigned to a policy server.
The other 2000 licenses are unassigned.
4 Click Assign. The Assign License page opens with a drop-down menu of
available policy servers.
Tracking Licenses
Tracked licenses within the MPE are displayed in the following reports:
■ License Tracking Summary Report — displays license information for
all policy servers.
■ License Tracking Detail Report — displays license information for a
specific policy server for a specific quarter.
Viewing the License The License Tracking Summary Report displays the policy servers that
Tracking Summary are using the Camiant Licensing feature. These policy servers are
Report displayed, one per line and sorted according to the policy server name.
If an MPE exceeds its licensed sessions, its row displays red text.
Viewing the License When you select a specific policy server within the License Tracking
Tracking Detail Report Summary Report, the License Tracking Detail Report displays for the
selected policy server.
The License Tracking Detail Report displays one line for each day in the
selected quarter. For each week, there is a section break, with a line for
the week. The breaks exist for all weeks but the weekly summary lines
exist only for weeks that fall entirely within the quarter. At the bottom
of the report, the quarter's average weekly peak opens.
This report displays data for the current quarter but can be used to view
previous and next quarters, depending on the data being displayed.
In addition to the lines for the daily peaks, this report displays
information when data was missing in the data collection process. If
there is missing data for a day, the report displays a line containing the
following data:
■ Start time of data gap
■ End time of data gap
Some options are visible only when you are logged in with
administrative rights to the MPE Manager. However, the Change
Password option is available to all user privilege levels (viewer,
operator, and administrator).
Using Import/Export
“Importing an XML File to Input Network Elements” on page 74
describes the import/export process in detail.
The fields that are displayed in the Cluster Information section include:
■ Status — The status of the blades. The possible status values are:
❏ On-line — All blades in the cluster are operational.
❏ Degraded — One blade has failed, but that the cluster continues
to function with its remaining blade.
Also within the Cluster Information Report is a listing of all the blades
contained within the cluster, including the following blade-specific
information:
■ Overall — Displays the current status, number of failures, and the
total uptime for the blade.
■ Utilization — Displays the blade CPU, Memory, and Disk utilization as
percentages.
■ Service LED — This button activates an LED on the blade, which
allows for identification of the physical blade in the chassis of the
cluster.
Blade Information Report Within the Blades section of the Manager Reports page, you can select
the blade identifier (MAC address) for any blade in the Blades table.
This displays the Blade Information Report page, showing detailed
information about that blade's physical and logical interfaces. Figure 64
shows an example.
To filter search results, click Refine Search. (See “Defining Audit Log
Search Parameters” on page 176.)
Defining Audit Log To define the search parameters used for the Audit Log:
Search Parameters
1 From the navigation pane, select Audit Log. The Audit Log page opens
in the work area.
2 On the Audit Log page, click Search. The Audit Log Search Restrictions
Page opens (Figure 68):
3 Define the following items, depending on how restrictive you desire the
audit log search to be:
■ From/To — Specifies the start and end dates for this search.
■ Action by User Name(s) — Specifies the name of the user or users to
audit.
■ Action on Policy Server(s) — Specifies the name of the policy servers
to audit.
■ Audit Log Items to Show — Specifies an item to audit for display:
Policy Server, Network Element, Network Element Group, Network
Element Link, Application, Policy, Policy Group, Account, Tier, Path,
Entitlement, License, User, Audit, and OM Statistics. You can specify
three items; click More Lines to add an additional item.
■ Results Forms — Specifies the number of items per page to display,
along with which data to display (most recent or oldest items).
4 When you finish, click Search. The Audit Log displays search results.
Exporting or Purging You can export the audit log to a text file; the default filename is
Audit Log Data AuditLogExport.txt.
1 From the navigation pane, select Audit Log. The Audit Log page opens
in the work area.
2 On the Audit Log page, click Export/Purge. The Export and Purge Audit
Log Items page opens (Figure 69).
3 In the Items to Export section, select one of the following options:
■ Export All Items — Writes all audit log entries.
■ Export Through Date — Enter a date in the format mm/dd/yyyy, or
click the Calendar icon to select a date from the pop-up window.
4 When you finish, click Export. A standard File Download window opens;
you can open or save the export file.
1 From the navigation pane, select Audit Log. The Audit Log page opens
in the work area.
2 On the Audit Log page, click Export/Purge. The Export and Purge Audit
Log Items page opens
3 In the Items to Purge section, enter a date in the format mm/dd/yyyy,
or click the Calendar icon to select a date from the pop-up window.
4 When you finish, click Purge. You are prompted: “Click ‘OK’ to purge all
audit log items through: mm/dd/yyyy.”
5 Click OK (or Cancel to cancel the request). The data is purged from the
audit log.
To view the alert log file, from the navigation pane, select Alerts. The
Alert Viewer window opens. Figure 70 shows an example.
Alert details To view details for an alert, click the binoculars icon to the right of the
alert. A window opens displaying additional information; for example:
Annotation To add a comment to an alert, click the Wordpad icon to the right of the
alert. The Add Comment window opens:
Resolving an alert To resolve an alert, click the check-mark icon to the right of the alert.
You are prompted: “Are you sure you want to resolve this Alert?” Click
OK to resolve (remove) the alert or Cancel to leave the alert
unchanged.
■ Subscriber SNMP Collector — Polls, via SNMP, all CMTSs for the
configured subscribers and then stores them in the local database.
■ CMTS Distributor — Reads CMTS topology data from the MPE Manager
local database and then distributes it to the appropriate policy
servers within the system.
■ Subscriber Distributor — Reads subscriber data from the MPE
Manager local database and then distributes it to the appropriate
policy servers within the system.
■ CMTS MA Collector (optional) — Polls all of the MAs in the system for
subnet and service class data on each CMTS.
■ PCMM Routing Distribution — Detects changes in the CMTS subnet
information, and then forwards this information to any upstream
policy servers configured in a routing hierarchy.
■ Run Now — Runs the process immediately. You are prompted: “Click
‘OK’ to run this task now.” Click OK (or Cancel to cancel the
request).
■ Disable or Enable — Disables or enables this process. If you click
Disable, you are prompted: “Click ‘OK’ to disable this task.” Click
OK (or Cancel to cancel the request); the task is disabled, and the
button changes to Enable.
■ Refresh — Refreshes the page.
■ Cancel — Returns to the previous page.
User Management
The MPE Manager lets you configure the following user attributes:
■ Roles — What a user can do within the MPE Manager.
■ Scopes — Network element groups and policy server groups that
provide a context for a role.
■ User Profiles — Once you define roles and scopes, you can apply
them to user profiles.
Configuring Roles Assigning roles to the various users that access the MPE Manager lets you
control who can configure and access what within the MPE Manager. The
default roles are:
■ Viewer — Permits read-only access to functions associated with
policy server management and configuration. Access is also
permitted to limited system administration functions, such as
Change Password.
■ Operator — Permits full read/write access to all functions associated
with policy server management and configuration. Access is also
permitted to all system administration functions except user
administration.
■ Administrator — Permits full read/write access to all functions. You
cannot delete the Administrator role.
Deleting a Role
To delete a role:
1 From the navigation pane, select User Management. The content tree
displays the User Management group.
2 From the content tree, select the Roles group. The Role Administration
page opens in the work area, displaying existing roles. Figure 74 shows
an example.
3 Delete the role using one of the following methods:
■ From the work area, click the Trash Can icon located next to the role
to delete.
■ From the content tree, select the role to delete (role information
displays in the work area), then click Delete.
4 You are prompted: “Are you sure you want to delete this Role?” Select
OK to delete the role’s information from the MPE Manager (or Cancel to
cancel the request).
Creating a New Scope The MPE Manager lets you configure scopes that contain selections of
network element groups and policy server groups that provide a context
for a role. The default scope, Global, contains all items within the MPE
Manager. Once you define a scope you can apply it to a user.
1 From the navigation pane, select User Management. The content tree
displays the User Management group.
2 From the content tree, click Scopes. The Scope Administration page
opens in the work area, displaying existing scopes. Figure 76 shows an
example.
3 Delete the role using one of the following methods:
■ From the work area, click the Trash Can icon located next to the role
to delete.
■ From the content tree, select the role to delete (role information
displays in the work area), then click Delete.
4 You are prompted: “Are you sure you want to delete this Scope?” Select
OK to delete the scope from the MPE Manager (or Cancel to cancel the
request).
Creating a User Profile The User Management functions include the tools necessary to create,
modify, or delete system user profiles. See “Configuring Roles” on
page 184 for more details.
Each default user profile has an associated role assigned to it. The
Admin user is the only profile that cannot be deleted or have its
username modified. Also, the admin user is the only user who can
create, modify, or delete other users. The password assigned to the
Admin user can be changed. For security reasons, Camiant recommends
changing this value from its default value as soon as the system is
installed.
Note: When logging in, the username is not case sensitive; however the
password is case sensitive.
Note: The Log Out All Users button is visible only to the
admin user.
4 Click Create User. The New User page opens (Figure 77).
5 Define the following attributes:
■ Username — Assign a name to the user profile (this value is not case
sensitive).
■ Description/Location (optional) — Provide additional information
about the user profile.
■ Password — Assign a password to the user profile (this value is case
sensitive and must contain at least six characters; alphabetic,
numeric, and special characters are allowed).
■ Confirm Password — Re-enter the password to confirm the value
entered above.
■ Role — Assign a role to the user profile.
■ Scope — Assign a scope to the user profile.
6 When you finish, click Save (or Cancel to discard your changes).
4 Delete the desired user profile using one of the following methods:
■ From the work area, select the Trash Can icon located next to the
profile you want to delete.
■ From the Users tree, select the user profile that you want to delete
(profile information displays in the work area), then click Delete.
5 You are prompted: “Are you sure you want to delete this user?” Click OK
to delete the user profile (or Cancel to cancel the request).
Changing a Password The Change Password option lets users change their password. This
system administration function is available to all users.
Note: The Admin user can change any user’s password. See “Modifying a
User Profile” on page 192.
Locking and Unlocking A user is locked out after exceeding the login failure threshold, or if the
User Accounts Admin user locks the user out. A locked-out user sees the following
message on the login page when attempting to log in: “Your account is
locked. Please contact the Administrator.”
1 Log in as Admin.
2 From the navigation pane, select User Management. The content tree
displays the User Management group.
3 In the content tree, click Users. The User Administration page opens in
the work area, displaying existing users.
4 Click Lock. You are prompted: “Are you sure you want to lock out this
user?”
5 Click OK (or Cancel to cancel the request). The account is locked. The
page displays: “User account locked successfully.” The Lock button
becomes an Unlock button. On the User Administration page, the user’s
Locked Status changes to “Locked.”
Unlocking an Account To unlock a user account:
1 Log in as Admin.
2 From the navigation pane, select User Management.The content tree
displays the User Management group.
3 Select the desired user profile from the content tree. The User
Administration page opens.
4 Click Unlock. You are prompted: “Are you sure you want to unlock this
user?”
5 Click OK (or Cancel to cancel the request). The account is unlocked.
The page displays: “User account unlocked successfully.” The Unlock
button becomes a Lock button. On the User Administration page, the
user’s Locked Status changes to “OK.”
application manager A server within a network that is responsible for establishing and
managing subscriber sessions associated with a specific application.
Camiant application managers enable non-PCMM applications to request
QoS enhancement on a PCMM access network and also provide protocol
translation and session state history and tracking. Camiant application
managers include the SIP AM and the BoD AM. See also PacketCable
Multimedia.
cable modem A device used to connect a computer to a cable TV service that provides
Internet access. A cable modem is considered customer premises
equipment, and connects to a cable modem termination system.
COPS (Common Open An IP protocol, defined by the IETF in RPF 2748, that supports policy
Policy Service) control over QoS protocols. See also QoS.
COPS-PR (Common Open A policy provisioning standard defined by the IETF in RPF 3084. See also
Policy Service for Policy B-RAS.
Provisioning)
deep packet inspection A form of packet filtering that examines the data and/or header part of
(DPI) a packet as it passes an inspection point. The MPE uses DPI to recognize
the application for establishing QoS or managing quota. See also packet
inspection.
DHCP (Dynamic Host A client/server protocol used by network devices to obtain the
Configuration Protocol) parameters (such as an IP address) necessary for operation in an IP
network. DHCP allows devices to be added to the network with little or
no manual configuration.
DNS (Domain Name A system for converting Internet host and domain names into IP
System) addresses.
DOCSIS® (Data over This specification defines the communication protocol(s) between cable
Cable Services Interface modems and CMTSs, and was established by cable television network
Specification) operators to facilitate data traffic over existing cable networks. See
also cable modem termination system.
DQOS (Dynamic Quality A COPS-based protocol that is part of the PacketCable standards used to
of Service) communicate between a CMS and a CMTS for setting up voice calls. The
MPE can be inserted between these two entities to apply additional
policy rules as sessions are established. See also COPS, CMS, and CMTS.
edge router The router (sometimes called an “edge device”) that connects a carrier
or service provider network to a subscriber. An edge router is a policy
enforcement point.
FQDN (fully qualified The complete domain name for a specific computer on the Internet (for
domain name) example, www.camiant.com).
gate The logical representation of a policy decision that has been installed on
a CMTS. See also CMTS.
High Availability (HA) The MPE is a dual-system cluster of identical hardware platforms that
provides stateful failover in case of primary platform, disk, or Ethernet
connection failure.
LDAP (Lightweight A protocol for providing and receiving directory information in a TCP/IP
Directory Access network.
Protocol)
MGPI (Multiple Grants The ability to map multiple application flows using identical UGS
Per Interval) (Unsolicited Grant Service) traffic profiles destined for the same
subscriber into a single flow at the DOCSIS (service flow) level. Supports
applications interacting with an MPE device over a Diameter-based Rx
interface. See also Diameter, DOCSIS.
network element A high-level device (typically a router) or other entity within your
network for which you want to use the MPE to manage QoS, such as a
CMTS or PSDN.
packet inspection Packet inspection (or shallow packet inspection) is a form of packet
filtering that checks the header portion of a packet. See also deep
packet inspection.
P-CSCF (Proxy-CSCF) Several roles of SIP servers or proxies, collectively called Call Session
Control Function (CSCF), process SIP signaling packets in the IMS. A
policy rules A set of rules to administer, manage, and control access to network
resources. A Camiant policy rule is a simple if-then statement consisting
of one or more conditions that must be matched (for example, day of
week, time of day, and wireless roaming status, subscriber entitlement)
and actions to be taken (accept, reject, log, or continue to next policy).
Policy rules are evaluated within the MPE, and the results are forwarded
to the appropriate policy enforcement point.
Policy and Charging The ability to dynamically control access, services, network capacity,
Control Model (PCCM) and charges in the network.
policy and charging rules Performed within the policy server in support of wireless networks.
function (PCRF)
policy decision function A policy decision point for service-based local policy control of IP bearer
resources. Policy decisions are made within the policy server.
policy enforcement point A logical entity, usually an edge device, that enforces policy decisions
by permitting or blocking packet flow into the IP network.
policy server A network element that interfaces with an application and makes policy
decisions, such as authorization, entitlements, bandwidth, and QoS,
based on the application's requirements and cable operator rule sets.
The policy server is an element of the PCMM architecture. The Camiant
policy server is the Multimedia Policy Engine (MPE). See also
PacketCable Multimedia.
QoS (Quality of Service) A resource reservation control mechanism that provides different
priority to different applications, users, or data flows, or to guarantee a
level of performance in a congested network.
RADIUS (Remote A client/server protocol and associated software that enables remote
Authentication Dial-In access servers to communicate with a central server to authorize their
User Service) access to the requested service. The MPE functions with RADIUS servers
to authenticate messages received from remote gateways. See also
Diameter.
RKS (Record Keeping A device that collects PacketCable event messages, used for accounting
Server) management in a PCMM network. See also PacketCable Multimedia.
SCP Secure CoPy, a Linux utility for securely transferring files between host
systems.
Service User Interface A menu-based interface to the Camiant MPE, used to configure the MPE
(SUI) and manage system-level information.
Session Initiation A call-signaling IP protocol that enables Voice over IP (VoIP) and other
Protocol (SIP) text and multimedia sessions such as instant messaging, streaming
video, and online games.
SIP AM The Camiant SIP Application Manager, which acts as a SIP forwarding
proxy server with additional features to enable QoS for SIP user agents
using the PCMM framework.
SSH (Secure Shell) A network client/server protocol that allows data interchange over a
secure channel between two networked devices. Camiant supports, but
does not recommend, SSH access to the Service User Interface.
STUN (Simple Traversal A TCP protocol for assisting devices behind a NAT (Network Address
of UDP through NATS) Translation) firewall or router with packet routing. Camiant supports
STUN servers.
Universal Edge Resource A Camiant product that manages edge devices to improve bandwidth
Manager (UERM) efficiency in a QAM-based video network. See also QAM.
Video on Demand (VoD) An interactive technology that allows subscribers to view programming
in real time or download it to view later.
XML (eXtensible Markup A text-based, general-purpose specification for creating custom markup
Language) languages, designed to facilitate the sharing of structured data between
different information systems.
E
Event Generation Info object 88
Event Log 48
event log
forwarding 51
level 173
Index settings 50
viewer 48
event log file 48, 172
Event Log Timeline 48, 172
event message 22
event messages (EMs) 88
A event messaging
local settings 92
absolute mode 38
account
Account Inactivity Lockout 166
Administrator role 184 F
Alert Aging task 180 Failed status 36, 169
Alert Destination 166 FCAPS 166
alert log Financial Entity ID (FEID) 90, 92
adding comment 179
resolving alert 179
viewing 178 G
Alerts 52 GUI
AM, see application profile content tree 17
application 77 icons 17
Application Manager (AM) 14, 77 navigation pane 17
application profile 77 overview 16
creating 78 shortcut keys 18
deleting 80 work area 17
modifying 80
application server 77
audit log
displaying 174 H
exporting 177 Health Checker task 180
purging data from 177 High Availability 36
searching within 176
authorization scope 27
I
Idle Timeout 166
B invalid login threshold 166
Billing Correlation ID (BCID) 89
Blade Information Report 41
L
lockout, see user account
C log file 45
Change Password option 194 modifying 50
Cluster Information Report 40 Log Out All Users button 190
cluster report 169
CMTS Distributor task 102
content tree 17 M
MAC address 48
Management Agent (MA) server 97
D management agent Event Log Viewer 105
Degraded status 36, 169 management agent profile
configuring tasks 102
creating 98
deleting 101 O
modifying 100 Off-line status 36
reapplying configuration 101 OM Statistics task 180
Maximum Concurrent Sessions 166 On-line status 36, 169
MGPI (multiple grants per interval) 25 Operational Measurements (OM) Interface 74
MPE Manager 16 Operator role 184
Alert Log 178 OSSI Distributor task 64, 180
and policy servers 19 OSSI XML interface 74
application profiles 77
Audit Log 174 topology interface 74
checking status of policy server 36 exporting XML file 75
cluster reports 169 input network elements 74
Event Log 172 Operational Measurements (OM) Interface 74
Graphical User Interface (GUI) 16 operational measurements (OM) interface 74
MA servers 97 OSSI XML Interface (OSSI) 74
network elements 57
network topology 143
policy rules 109
supported browsers 17 P
system administration 165 password 17
system settings 166 changing your 194
traffic profiles 81 path, see network path
user management 184 policy
Multimedia Policy Engine (MPE) 11 remove policy from group 135
Event Log Viewer 48 remove policy/policy group 136
log files 45 policy group 109, 127
policy log 46, 48 adding a policy rule to 128
policy statistics 42 changing the order of policy rules in 131
protocol statistics 43 creating 127
reapplying configuration to 34 deploying 134
status 36 displaying policy rules in 133
removing 136
removing a policy rule from 129, 135
Policy Library 116
N policy log 46, 48
navigation pane 17 policy rule 14, 109
network element 57 actions 112
adding using OSSI XML interface 74 conditions 117
associating with MPE 72 creating 116
bulk delete 62 deploying 134
creating 58 deploying (example) 113
deleting 61 evaluation 111
finding 63 group 14
modifying 60 modifying 121
network element group 66 overview 110
adding network element to 67 removing 136
creating 66 template 116, 123
creating sub-group 68 time-dependent 120
deleting 71 Policy Rules Engine 12, 111
deleting network element from 69 Policy Server
renaming 70 check status 92
network element subgroup policy server
creating 68 checking status 36
network path cluster status 36
creating 152 unmanaged 20
deleting 154 see also Multimedia Policy Engine (MPE)
modifying 154 Policy Server Administration page 22, 55
network topology map 27, 144 EM tab 22
adding comment 151 Logs tab 22
alerts 151 Policies tab 22
laying out 147 Policy Server tab 22
resolving alert 151 Reports tab 22
viewing 145 Routing tab 22
Non-service Affecting Failure status 36, 169 System tab 22
V
Viewer role 184
Q
Quality of Service (QoS) 81
enforcement device 14
managing 77 W
web browsers, recommended 17
work area 17
R
Record Keeping Server (RKS) 88
configuring 94 X
related documentation viii XML bulk import process 74
role 184
creating 184
deleting 187
modifying 186
privileges 184
S
scheduled tasks
configuring 182
disabling 183
Run Now button 183
scheduled tasks, list of 180
scope 184
creating 188
modifying 189
service 77
Service Class SNMP Collector task 102
Service LED button 40, 170
SNMP Read Community String 58
SSL certificate, configuring 33
Subnet SNMP Collector task 102
Subscriber Distributor task 102, 181
Subscriber SNMP Collector task 102
system settings, defining 166
T
traffic profile 81
creating 82
www.Camiant.com