Library Overview

Doc Type Name: 1551-CRA 119 1030/1 Uen A

2009, Ericsson AB. All rights reserved. Redback and SmartEdge are trademarks registered at the U.S. Patent & Trademark Office and in other countries. AOS, NetOp, SMS, and User Intelligent Networks are trademarks or service marks of Telefonaktiebolaget LM Ericsson. All other products or services mentioned are the trademarks, service marks, registered trademarks or registered service marks of their respective owners. All rights in copyright are reserved to the copyright owner. Company and product names are trademarks or registered trademarks of their respective owners. Neither the name of any third party software developer nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission of such third party.

Rights and Restrictions

All statements, specifications, recommendations, and technical information contained are current or planned as of the date of publication of this document. They are reliable as of the time of this writing and are presented without warranty of any kind, expressed or implied. In an effort to continuously improve the product and add features, Redback Networks Inc. (Redback) or Ericsson AB (Ericsson) and their affiliate companies reserve the right to change any specifications contained in this document without prior notice of any kind. Neither Redback or Ericsson nor its parent or affiliate companies shall be liable for technical or editorial errors or omissions which may occur in this document. Neither Redback or Ericsson nor its affiliate companies shall be liable for any indirect, special, incidental or consequential damages resulting from the furnishing, performance, or use of this document.

Disclaimer
No part of this document may be reproduced in any form without the written permission of the copyright owner. The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Redback or Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Rights and Restrictions

Overview

Overview
This document describes the structure of the NetOp Policy Manager (PM) Library. It also defines NetOp PM terms and describes how to order and provide feedback about the documentation.

Library Organization
The following sections describe the top-level folders, as well as the various subfolders and documents contained therein.

Safety and Environment

Regulatory Compliance and Safety Information for Redback Networks Products Presents copyrights of third-party software and international agency compliance, safety, and statutory information for Redback Networks products.

Library Overview
Library Overview (this document)

Product Overview
NetOp Policy Manager Product Overview Provides an overview of the system architecture and instructions for building service offerings and managing subscriber accounts using the NetOp client. It describes several sample service offerings provided with the NetOp PM software, including valid Remote Authentication Dial-In User Service (RADIUS) attribute values and the configuration file components required by some of the sample service offerings. It also provides detailed information about authenticating subscribers and applying and removing services from subscriber traffic.

Installation
Technical Product Description Describes the new and enhanced features that are introduced in the current release of the NetOp PM software. Resolved and Open Issues Describes the resolved and open issues in the current release of the NetOp PM software. Issues are organized by module and then in ascending order by Redback ID number. Software Upgrade for NetOp Policy Manager, Release 6.1.5 Provides information on supported upgrade paths and upgrading the NetOp PM software for your deployment.

Library Overview

Library Organization

NetOp Policy Manager Installation Guide Provides a description of hardware requirements for various deployment sizes and how to plan the system. It provides first-time installation procedures for the NetOp PM software and components, including NetOp PM database, NetOp PM RADIUS servers, NetOp PM application programming interface (API) server, NetOp PM lightweight web portal, NetOp PM service manager, and NetOp client. Also describes how to configure the basic NetOp PM system and verify that it is operational.

Operation and Maintenance

Contains the following subfolders.

Fault Management
NetOp Policy Manager Troubleshooting Guide Contains troubleshooting information and solutions for the entire NetOp PM system. Use this guide to find information and recommended actions for common system error messages, configuration problems, and performance issues.

Configuration Management
NetOp Policy Manager Configuration Guide Provides procedures describing how to complete the following tasks: Configure a node to work with SmartEdge multiservice edge routers Set up RADIUS servers (including how to enable IEEE 802.1x Extensible Authentication Protocol (EAP) authentication) Set up Lightweight Directory Access Protocol (LDAP) servers Start and stop the NetOp PM components Configure the NetOp PM system to proxy RADIUS and LDAP messages to external servers Configure EAP message handling (both local and proxied) Configure the NetOp PM components, including the admission control, and multivendor VSA support Create service offerings and service attribute variations, and configure complex services and online charging for prepaid services Customize RADIUS server behavior and customize the NetOp PM lightweight web portal for your corporate requirements

Database Management
NetOp Policy Manager Database Administration Guide Provides an overview of the NetOp PM database, describes the database schema in detail, and provides instructions for database maintenance tasks including archiving and purging data, and backing up and restoring the NetOp PM database. It also describes how to use the scripts to remove sessions from the database, check the status of a node user, remove static IP address associations, manage subscriber accounts, and synchronize the NetOp PM database with a node.

Library Overview

NetOp Policy Manager Terminology

NetOp Policy Manager Database Redundancy and Recovery Guide Describes how to configure and manage the two optional database high-availability features for the NetOp software: manual failover and fast-start failover. Both configurations use the Oracle Data Guard to allow you to replace a failed primary with a standby database. NetOp Policy Manager Database Troubleshooting Guide Contains troubleshooting information and solutions for the NetOp PM database. Use this guide to look up information and recommended actions in response to database configuration problems and performance issues.

Reference
NetOp Policy Manager Reference Describes filtering attribute and RADIUS attributes, service attributes, sample services, and the NetOp client panel.

Interface
NetOp Policy Manager API Guide Provides information about the NetOp PM architecture and background information on the Simple Object Access Protocol (SOAP). Describes SOAP client authentication and method authorization, how to create Java and Perl-based SOAP clients, and how to configure NetOp PM security. Describes the components involved with and the flow of information through the NetOp PM API server. Also provides a list of API method names and parameter types and an explanation of the web service definition language (WSDL) file. In addition, it describes how to define services and override service subscriptions. NetOp Policy Manager API (Javadoc) Guide Provides the method names and parameter types used to configure the NetOp PM system and describes how to develop a SOAP client.

NetOp Policy Manager Terminology

Table 1
Term EAP EAP MD5

Terminology for the NetOp PM System

Description Extensible Authentication Protocol. EAP message digest 5. Provides one-way client authentication (minimal security). The server sends the client a random challenge. The client proves its identity by hashing the challenge and its password with MD5. EAP Microsoft Challenge Handshake Protocol. Also known as protected EAP (PEAP). Can be used inside a TLS tunnel. It is a good fit for companies that want to reuse Microsoft user credentials and servers (for example, NT Domain Controllers or Windows Active Directories) for wireless authorization. Similar goals can also be accomplished with EAP TTLS with MSCHAPv2. EAP Transport Layer Security. Generally regarded as the strongest security available and the most expensive to deploy. Provides mutual certificate authentication between client and server, using the standard TLS protocol (a descendant of the SSL protocol used to secure most Web transactions).

EAP MSCHAPV2

EAP TLS

Library Overview

NetOp Policy Manager Terminology

Table 1
Term EAP TTLS

Terminology for the NetOp PM System (continued)

Description EAP Tunneled TLS. Balances security and deployment cost by replacing client-side certificates with legacy password authentication methods like MSCHAPv2. Requires the server to authenticate by certificate and establish a TLS tunnel through which to challenge the client. LDAP server that resides at an ISPs or carriers site and communicates with the NetOp PM system. RADIUS server that resides at an ISPs or carriers site and communicates with the NetOp PM system. Physical components, including the NetOp PM host and the NetOp PM database host. Standard communications protocol that allows mobile device users to move from one network to another while maintaining the same IP address. Network access server. Node used with the NetOp PM software. Authentication method for subscribers logging on from a wireless AP using the NetOp PM RADIUS server. GUI that runs management views that enable you to configure and monitor services and subscriber accounts. Communicates with the NetOp PM API server. NetOp Policy Manager software. Enables the NetOp PM system to guarantee a high quality of service for subscribers with bandwidth-dependant services, such as Video On Demand, while operating with fixed resources at high levels of network usage. You can enable the optional NetOp PM ACF feature by purchasing a license. Server implementing the NetOp PM API service, which implements a set of SOAP-based procedures for accessing the NetOp PM functionality. Feature that enables you to create and manage scheduled time, metered time, and metered volume services. These complex services are supported if you have purchased a license. Components of the NetOp PM system: the NetOp PM database, the NetOp PM RADIUS server, the NetOp PM API server, the NetOp PM lightweight web portal, the NetOp PM service manager, and the NetOp client. Oracle database configured to operate with the NetOp PM software. Provides a persistent repository for critical data, such as information about nodes, service offerings, service order histories, session authentication and accounting information, RADIUS flow-through attributes, and proxy configuration for external RADIUS and LDAP servers. If you have a license for it, you can configure the Oracle database high availability feature for either a manual or fast-start failover configuration. Physical machine hosting the NetOp PM database. Can support one or more NetOp PM server clusters. For medium and large deployments, the NetOp PM database host is external to the NetOp PM server clusters. For small deployments, one physical machine acts as both the NetOp PM database host and the NetOp PM host. One or more NetOp PM systems. Optional. Feature that enables you to deploy a secondary server for NetOp PM database high availability. This feature automatically replaces a failed primary NetOp PM database host without data loss. You can enable the fast-start failover database feature by purchasing a license. Physical machine hosting the NetOp PM RADIUS server, the NetOp PM API server, and the NetOp PM service manager. Optional. Feature that enables you to deploy a secondary server for NetOp PM database high availability. This feature allows you to replace a failed primary NetOp PM database host manually without data loss. You can enable the manual failover database feature by purchasing a license.

external LDAP server external RADIUS server hosts Mobile IP NAS Native EAP authentication NetOp client NetOp PM NetOp PM admission control function (ACF)

NetOp PM API server NetOp PM complex services feature NetOp PM components

NetOp PM database

NetOp PM database host

NetOp PM deployment NetOp PM fast-start failover database NetOp PM application host NetOp PM manual failover database

Library Overview

Ordering Documentation

Table 1
Term

Terminology for the NetOp PM System (continued)

Description Open Systems Radiator RADIUS server that resides on the NetOp PM host, and has been integrated into the NetOp PM software. It supports PAP, CHAP, MS-CHAP, and MS-CHAPV2 authentication using either subscribers defined in the NetOp PM system or subscribers defined in external RADIUS servers or LDAP servers. It also supports EAP authentication using either subscribers defined in the NetOp PM system or subscribers defined in external EAP-capable RADIUS servers. The NetOp PM RADIUS server supports EAP-MD5, EAP-TLS, and EAP-TTLS/MSCHAPv2 authentication.

NetOp PM RADIUS server

NetOp PM server cluster

Group of NetOp PM servers that together manage subscribers on nodes. The term servers describes a group of the following NetOp PM components: the NetOp PM RADIUS servers, the NetOp PM API server, and the NetOp PM service manager, when present. Note: In this guide, the term cluster does not refer to a group of Oracle databases that act as a virtual database or a group of Solaris hosts that act as a virtual host.

NetOp PM service manager NetOp PM system node realm

Component that monitors the NetOp PM database and determines which services are active or inactive by responding to defined events. Combination of one NetOp PM database, plus one or more server clusters. SmartEdge router, SMS devices or third-party vendor devices used with the NetOp PM software. Portion of a subscribers logon name that follows the right-most @ character. The @realm construct uses the subscriber@ctx-name format; for example, joe@isp or joe@local. To configure a realm for EAP authentication, add the eap_ prefix to the realm name. Improved performance and increased number of supported subscribers, accomplished in one of two ways: Adding additional server clusters to an existing NetOp PM system Adding additional NetOp PM systems

scalability

servers SmartEdge router

Logical components, running one or more processes, including the NetOp PM RADIUS servers, the NetOp PM API server, and the NetOp PM service manager. Network device that is a combination of IP routing and subscriber and session management with Ethernet aggregation for single, integrated networks to deliver video, voice, and data to consumers and businesses. Network device that aggregates thousands of broadband subscribers and enables you to create and deliver value-added IP services. Physical machine hosting the Apache web server and the NetOp PM lightweight web portal, which acts as a SOAP client to the NetOp PM API server. Wireless access point.

SMS device web server host wireless AP

Ordering Documentation
Redback documentation is available on a CD-ROM that ships with the following Redback products: SMS products SM Family products SmartEdge router products NetOp EMS and NetOp PM products

Library Overview

Ordering Documentation

Order Additional Copies

To order additional copies of the documentation CD-ROM or printed and bound books: 1. Log on to the Redback Networks Support web site at http://support.redback.com, enter a username and password, and click Login. If you do not have a username and password, consult your Redback Networks support representative, or send an e-mail to supportlogin@redback.com with a copy of the show hardware command output, your contact name, company name, address, and telephone number. 2. Click one of the Redback products at the bottom of the web page, click Documentation on the navigation bar, then click To Order Books on the navigation bar.

Complete the Online Redback Networks Documentation Survey

To complete the online Redback Networks Documentation Survey: 1. On the Documentation web page, click Feedback on the navigation bar. 2. Complete and submit the feedback form.

Provide Direct Feedback on Specific Product Documentation

To provide feedback on a documentation issue related to the NetOp PM product, send e-mail to netop-pm-docs@redback.com. We appreciate your comments.

Library Overview

Ordering Documentation

Library Overview