OperationOne-NDS 8.0User Manual (NetAct/SM variant)A50016-E4103-Q801-1-7619 Nokia Siemens Networks is continually striving to reduce the adverse environmental effects of its products and services. We would like to encourage you as our customers and users to join us in working towards a cleaner, safer environment. Please recycle product packaging and follow the recommendations for power use and proper disposal of our products and their compo-nents.If you should have questions regarding our Environmental Policy or any of the environmental services we offer, please contact us at Nokia Siemens Networks for any additional information.2 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d805809bc78eThe information in this document is subject to change without notice and describes only the product defined in the introduction of this documentation. This documentation is intended for the use of Nokia Siemens Networks customers only for the purposes of the agreement under which the document is submitted, and no part of it may be used, reproduced, modified or transmitted in any form or means without the prior written permission of Nokia Siemens Networks. The documentation has been prepared to be used by professional and properly trained personnel, and the customer assumes full responsibility when using it. Nokia Siemens Networks welcomes customer comments as part of the process of continuous development and improvement of the documentation.The information or statements given in this documentation concerning the suitability, capacity, or performance of the mentioned hardware or software products are given "as is" and all liability arising in connection with such hardware or software products shall be defined conclusively and finally in a separate agreement between Nokia Siemens Networks and the customer. However, Nokia Siemens Networks has made all reasonable efforts to ensure that the instructions contained in the document are adequate and free of material errors and omissions. Nokia Siemens Networks will, if deemed necessary by Nokia Siemens Networks, explain issues which may not be covered by the document.Nokia Siemens Networks will correct errors in this documentation as soon as possible. IN NO EVENT WILL Nokia Siemens Networks BE LIABLE FOR ERRORS IN THIS DOCUMENTA-TION OR FOR ANY DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, DIRECT, INDI-RECT, INCIDENTAL OR CONSEQUENTIAL OR ANY LOSSES, SUCH AS BUT NOT LIMITED TO LOSS OF PROFIT, REVENUE, BUSINESS INTERRUPTION, BUSINESS OPPORTUNITY OR DATA,THAT MAY ARISE FROM THE USE OF THIS DOCUMENT OR THE INFORMATION IN IT.This documentation and the product it describes are considered protected by copyrights and other intellectual property rights according to the applicable laws.The wave logo is a trademark of Nokia Siemens Networks Oy. Nokia is a registered trademark of Nokia Corporation. Siemens is a registered trademark of Siemens AG.Other product names mentioned in this document may be trademarks of their respective owners, and they are mentioned for identification purposes only.Copyright Nokia Siemens Networks 2013. All rights reservedf Important Notice on Product SafetyThis product may present safety risks due to laser, electricity, heat, and other sources of danger.Only trained and qualified personnel may install, operate, maintain or otherwise handle this product and only after having carefully read the safety information applicable to this product.The safety information is provided in the Safety Information section in the Legal, Safety and Environmental Information part of this document or documentation set.The same text in German:f Wichtiger Hinweis zur Produktsicherheit Von diesem Produkt knnen Gefahren durch Laser, Elektrizitt, Hitzeentwicklung oder andere Gefahrenquellen ausgehen.Installation, Betrieb, Wartung und sonstige Handhabung des Produktes darf nur durch geschultes und qualifiziertes Personal unter Beachtung der anwendbaren Sicherheits-anforderungen erfolgen.Die Sicherheitsanforderungen finden Sie unter Sicherheitshinweise im Teil Legal, Safety and Environmental Information dieses Dokuments oder dieses Dokumentations-satzes.A50016-E4103-Q801-1-7619 3User Manual (NetAct/SM variant)Id:0900d805809bc78eTable of ContentsThis document has 102 pages.Change History. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91.1 Managed One-NDS Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91.2 OAM System and Data Provisioning Tools . . . . . . . . . . . . . . . . . . . . . .101.3 OAM and Data Provisioning Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . .111.4 Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112 Fault Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132.1 SM-based OAM Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132.1.1 SM-internal Processing Functions for FM-related Information. . . . . . . .132.1.2 NetAct based Fault Management Process on Monitor. . . . . . . . . . . . .162.1.2.1 Monitor Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162.1.2.2 FM Process Flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172.1.3 NMS-related OAM Functions for FM-related Information. . . . . . . . . . .172.2 Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173 Performance Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183.1 SM-based OAM Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183.1.1 SM-internal Processing Functions for PM-related Information. . . . . . .183.1.2 NetAct-based Performance Management . . . . . . . . . . . . . . . . . . . . . . .203.1.2.1 Performance Management Process. . . . . . . . . . . . . . . . . . . . . . . . . . .203.1.2.2 Reporter Tool Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203.1.3 NMS-related OAM Functions for PM-related Information. . . . . . . . . . .213.2 Performance Measurements or Counters . . . . . . . . . . . . . . . . . . . . . . .214 Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224.1 One-NDS Administrator (ADM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234.1.1 Configuration Management Tasks for the ADM Administration. . . . . . .234.1.2 Configuration Management Tasks for the One-NDS Directory . . . . . . .244.1.2.1 One-NDS Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264.1.2.2 Complete One-NDS Setup in One Step. . . . . . . . . . . . . . . . . . . . . . . . .274.1.2.3 Site Planning Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .274.1.2.4 DSA Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284.1.2.5 LDAP User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324.1.2.6 Tenant/Application Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374.1.2.7 Extension Packages Management. . . . . . . . . . . . . . . . . . . . . . . . . . . .384.1.2.8 Data Model (DM) Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .404.1.2.9 Data Distribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .444.1.2.10 PGW Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .464.1.2.11 Notification Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .474.1.2.12 System Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .474.1.2.13 Application Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484.1.2.14 Consistency Check - For Ensuring Inter-DSA Consistency. . . . . . . . . .484.1.2.15 Subscriber Data Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .494.1.2.16 Emergency Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .494 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d805809bc78e4.1.2.17 Job Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504.1.2.18 Log Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504.1.2.19 ADM Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504.1.3 Non-Configuration Management-oriented Tasks for One-NDS Directory514.1.3.1 Application Management Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514.1.3.2 Job Management Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534.1.3.3 Log Management Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544.1.3.4 Emergency Actions Management Details . . . . . . . . . . . . . . . . . . . . . . . . 544.1.4 Configuration Management Tasks for the PGW. . . . . . . . . . . . . . . . . . . 574.1.4.1 PGW Management Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574.1.4.2 PGW Plug-in Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614.1.5 Configuration Management Tasks for the NTF. . . . . . . . . . . . . . . . . . . . 624.1.5.1 Notification Manager (NTF) Management. . . . . . . . . . . . . . . . . . . . . . . . 625 Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685.1 Security Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685.2 Credential Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685.3 User Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695.3.1 LDAP User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695.3.2 PGW User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695.3.3 ADM User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705.3.4 PGW Bulk sFTP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 706 Log Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 716.1 Directory Server Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 716.2 Notification Manager (NTF) Log Management . . . . . . . . . . . . . . . . . . . . 736.3 PGW Log Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 746.4 ADM Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 777 Data Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797.1 SPML Interface for the Transfer of Application-Service-Related and Non-Subscriber-Related Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 807.2 SPML Interface for the Transfer of Bulk Files . . . . . . . . . . . . . . . . . . . . . 818 Backup and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 848.1 Backup Concept for One-NDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 848.2 Backup to External B&R Server using NetWorker. . . . . . . . . . . . . . . . . 878.2.1 Enabling or Disabling the Backup Scheduler. . . . . . . . . . . . . . . . . . . . . 888.2.2 Modifying Backup Scheduler Settings. . . . . . . . . . . . . . . . . . . . . . . . . . 908.2.2.1 Modifying Browse and Retention Policies. . . . . . . . . . . . . . . . . . . . . . . . 908.2.2.2 Modifying Backup Schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 918.2.2.3 Modifying Start Time of Scheduled Backups. . . . . . . . . . . . . . . . . . . . . 928.2.2.4 Checking Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 928.2.3 Starting Non-Scheduled Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 938.2.4 Checking Success of Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 938.3 Restore Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 948.3.1 Restore Procedures for DSAs/DSs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 948.3.2 Restore Procedure for the ADM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 978.3.3 Restore Procedure for PGW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 988.3.4 Restore Procedure for the Linux Install Server . . . . . . . . . . . . . . . . . . . . 98A50016-E4103-Q801-1-7619 5User Manual (NetAct/SM variant)Id:0900d805809bc78e9 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .996 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d805809bc78eList of FiguresFigure 1 SM-internal architecture for processing FM-related information. . . . . . . 14Figure 2 SM-internal architecture for processing PM-related information. . . . . . . 19Figure 3 NetWorker Management Console Window. . . . . . . . . . . . . . . . . . . . . . . 88A50016-E4103-Q801-1-7619 7User Manual (NetAct/SM variant)Id:0900d805809bc78eList of TablesTable 1 Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11Table 2 Severity Levels of Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13Table 3 Overview of all relevant LDAP user attributes to handle all types of LDAP users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34Table 4 List of NTF Error Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66Table 5 Bulk file size examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81Table 6 Preconfigured Browse and Retention Policies for One-NDS Backup . .91Table 7 Preconfigured Schedules for One-NDS Backup . . . . . . . . . . . . . . . . . .92Table 8 Geneneral Failure Scenarios and Restore Processes for DS, DSA and One-NDS Outages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .948 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d805809bc78fChange HistoryChange HistoryIssue 1 (03/2013)Initial release for One-NDS 8.0 MP8.A50016-E4103-Q801-1-7619 9User Manual (NetAct/SM variant) IntroductionId:0900d805809265051 IntroductionThe operation, administration and maintenance (OAM), and data provisioning in con-junction with one network directory server (One-NDS) entails managing individual network elements/components and application-related data.Network management/NetAct for Core (NAC), which involves monitoring interactions between network elements/components, is positioned on a higher management level. However Network Managment is not within the scope of this manual. It is assumed that these higher management level operations (network, services) are handled by the cus-tomers operations support system (OSS).NAC mediates alarm and performance counter events of all One-NDS components. NetAct Monitor handles the alarms from the One-NDS, besides allowing the effective monitoring of the One-NDS. NetAct Reporter handles the Performance management that involves monitoring the performance of directory read and update operations and comparing these with response time limits.This manual gives an overview of the management tasks for One-NDS components. Detailed step-by-step instructions are not part of this manual.Detailed instructions for configuring One-NDS components are found: In the help system for One-NDS Administrator (ADM) graphical user interface (GUI), which includes management of the System Monitor component to connect it to the other One-NDS components (see section 4.1.2.8), database management, and Pro-visioning Gateway (PGW) administration. In the System Monitor User Guide, which provides information required for changes to configuration of the System Monitor (SM). SM enables fault management (FM) and performance management (PM) mediation tasks between the other One-NDS components and a Network Management System (NMS)/ NetAct for Core (NAC). These configuration tasks relate to FM, PM, and correlating NMS/NetAct migration. The System Monitor User Guide also contains information on maintenance tasks.More information on NMS and NetAct can be found in the NMS and NetAct manuals.1.1 Managed One-NDS ComponentsThe following One-NDS components are managed: One-NDS Directory with directory system agents (DSA)Each DSA consists of several directory server (DS) components. The different DSA variants are: The routing DSA (formally known as the front-end DSA). It stores the keys used to access specific One-NDS Directory entries. The back-end (BE) DSA which contains the One-NDS Directory. Provisioning Gateway (PGW)The PGW enables administrators to provision subscriber and global service data stored in the One-NDS Directory. The PGW is also responsible for distributing One-NDS Directory subscriber objects that are created. Provisioning Gateway DSA (PGW DSA)The PGW is configured in a separate PGW configuration DSA (PGW DSA) server which also stores the configuration data.10 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d80580926505Introduction Notification manager (NTF)The NTF is implemented either on the PGW DSA function or as stand-alone server (unavailable with the current version). NTF forwards trigger update information to the application servers. One-NDS Administrator (ADM)The ADM provides functions for managing the One-NDS Directory and administer-ing the PGW and the NTF. ADM consists of a DB management, a PGW administra-tion, and an NTF administration. System Monitor (SM)SM is an integral part of One-NDS that mediates alarm and performance counter events of all One-NDS components and provides an interface to Network Manage-ment Systems (NMSs)/NetAct for fault and performance management.1.2 OAM System and Data Provisioning ToolsNokia Siemens Networks SM software is used to bridge the gap between One-NDS components and network management systems (NMS) and NetAct. Fault Management (FM) and Performance Management (PM) data is collected from One-NDS components by SM, aggregated and filtered based on dynamic configuration and finally reported via industry standard interfaces to the NMS a customer has deployed.Its main functions are: to collect monitoring data from all geographically distributed servers of the monitored One-NDS components (listed in section 1.1), to apply specialised aggregation and filtering to create an aggregate system view of the information it has collected, to make the resulting alarms and performance data available to the NMS.SM is deployed as a client/server application with the client part of SM installed on the the One-NDS component servers (that is, DSA servers, PGW server, PGW DSA/NTF server, ADM server) and the server part of SM installed on dedicated SM servers within a customers network. A proprietary protocol between the client and server parts of the SM provides a reliable and optimized communication channel from the One-NDS com-ponent servers to the SM servers. It offers standard interfaces that can be integrated to a third party NMS/NetAct.gSystem Monitor cannot act as a substitute for an Element Manager or Network Manage-ment System (NMS). It has no GUI to display the alarms and statistics that it provides to the NMS. The redundancy feature in SM ensures that all FM and PM data collected from the One-NDS components is delivered reliably to the SM servers. Under normal operation, each One-NDS component server sends its FM and PM data to the master SM server. If a failure occurs at the master SM server, a heartbeat mechanism between the master and slave SM serves enables the slave SM server to detect this failure and to assume the role of the master SM server.Data Provisioning ToolsFor the provisioning of application-related data, provisioning GUIs can, for example, be provided in a Customer Care Center (CCC) used for customer relationship management (CRM). These GUIs are connected over SOAP/HTTP-based SPML interfaces with the A50016-E4103-Q801-1-7619 11User Manual (NetAct/SM variant) IntroductionId:0900d80580926505PGW. The sFTP-based SPML interface is used for the transfer of bulk data to the PGW. Over the SPML interfaces, command-level operation is also possible.1.3 OAM and Data Provisioning TasksTo maintain the efficient and effective operation of the One-NDS system, various tasks are necessary. A summary of these tasks is provided in the following chapters: Fault Management (FM, see chapter 2) Performance Management (PM, see chapter 3) Configuration Management (CM, see chapter 4) Security Management (SM, see chapter 5) Log Management (see chapter 6) Data Provisioning (see chapter 7)1.4 Notational ConventionsConvention Definition and ExamplesBold Items on the GUI and keysExamples:Press Enter.Select true from the list of offered values.Click on the Password field.Courier Fixed components which are input or output in precisely this form, such as keywords, URLs, file and directory names, and commands.Example:/opt/dsauthority/binItalics Special emphasisExample:This name must not be deleted.Brackets Variable components which are replaced with real specifica-tions, for example, in error messagesExample:An application connection has been requested by the remote host . Menu sequenceExample:Domain Group SubsystemsgAdditional informationTable 1 Notational Conventions12 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d80580926505IntroductionwWarning of critical points in a process or important notifications concerning product safetyConvention Definition and ExamplesTable 1 Notational Conventions (Cont.)A50016-E4103-Q801-1-7619 13User Manual (NetAct/SM variant) Fault ManagementId:0900d805809265072 Fault ManagementThe main goal of fault management (FM) is to ensure that every deviation from the expected behavior of the One-NDS components is detected immediately and repaired as soon as possible. Therefore, it is necessary that every DSA, PGW (including PGW DSA), NTF, and ADM in One-NDS is monitored. For this purpose, an OAM client FM probe runs on each of these network components and forwards events or a series of events alarms to SM for further processing which may result in an alarm being raised to the NMS/NetAct. FM enables the: Identification of failures Detection of their cause and origin Reporting of failures and other relevant information to the NMS/NetAct Initiation of appropriate actions/reactions, if necessaryThe Element Manager or NMS GUIs for FM classifies failures as alarms with a certain severity level (see Table 2).2.1 SM-based OAM ProceduresFor fault management, SM provides an interface to Network Management Systems (NMSs) and NetAct.2.1.1 SM-internal Processing Functions for FM-related InformationThe SM-internal processing functions for FM-related information comprise as follows: Monitoring of system events Processing by using thresholds Reporting to the NetAct or external NMSSeverity MeaningNormal This label marks an automatic clear alarm. No action is required.Warning No immediate action is required by maintenance personnel. It should be handled along with regular maintenance procedures.Minor An action is required by maintenance personnel during typical working hours when there are no service-affecting conditions.Major An immediate action is also required by maintenance person-nel during typical working hours when there is another service-affecting condition.Critical An immediate action is also required by maintenance person-nel at any time when there is another service-affecting condi-tion. Additionally, the loss of the system fault tolerance can be classified as critical.Table 2 Severity Levels of Alarms14 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d80580926507Fault Management Forwarding by a protocol (SNMP) notificationThe interface from the SM Servers to a third party NMS is a limited northbound SNMP v2c, based on a Netzwert MIB and is provided by the SAMD/ALARMD com-ponent of the SM Server. The interface from the SM Servers to NetAct OSS 5.x is NE3S, an extended SNMP interface. For One-NDS 8.0 EP5 and later versions, the interface is to NetAct Core (NAC) 6 EP2 and is identified as NE3S/WS, which is a Web Services interface. In both cases, the interface is supported by the NetAct O&M Agent Esymac component of the SM Server.Figure 1 SM-internal architecture for processing FM-related informationFM Client ProbesTo provide support to FM, the System Monitor offers a probe that runs on each node in the One-NDS deployment, that is NDS (including PGW-DSA), ADM, PGW and NTF servers. The probe collects event data from the syslog (or syslog-ng) output and forwards any information that is of interest to the SM Server currently in Master mode.A50016-E4103-Q801-1-7619 15User Manual (NetAct/SM variant) Fault ManagementId:0900d80580926507The event data comprises Status events, which indicate that the server has a changed state, for example an intra-DSA link may have failed or returned to service, whilst the remainder is treated as Counter events.All Status events are transmitted immediately to the SM Server for processing while the Counter events are cached locally to reduce the probability of alarm flow, and forwarded at the end of the cache period, which by default is 10 seconds.If an event matches another one that was collected earlier in the same period, they are combined. To match, it must be of the same type and it must pertain to the same entity of the system.Repeated events are amalgamated even before they leave the server that generated them. Communication to the SM server is establised via an internal IP-based protocol. Delivery is guaranteed, and events are buffered until they have been received by the SM server. The SM server aggregates the data sent to it from each server in the deploy-ment.SM-internal Alarm Aggregating, Filtering, and ProcessingThe incoming events from each of the FM probes are processed at the SM Server. Each received eventcontributes to the possible raising or clearing of an alarm.'Status' events indicating a 'Raise' cause an alarm to be sent, if the unique event, identified by a combination of the event type, source and additional information, is not already in a raised state. Conversely, if a Status event indicating a 'Clear' is received, then an appropriate alarm with a clear state is sent, if the unique event is currently in a 'raised' state.For 'Counter' events, the total number of instances of the unique event, received within a specified interval, may trigger a 'Raise' alarm if it breaches the thresholds spec-ified for the alarm severity levels. Over a period of time, if no further instances are received the thresholds are no longer exceeded and it triggers the sending of a Clear alarm.When integrated to a third party NMS, these alarms are sent via an SNMP interface provided by the SAMD/ALARMD components of the SM Server.When integrating to NetAct, the alarms are sent via NE3WS protocol from the NetAct O&M Agent Esymac component.gStatus alarms may be hardware alarms or One-NDS component application alarms. Event alarms are the most common One-NDS components alarms generated on a server. They record a particular event, for example, operation X failed on entity Y. They describe the systems history rather than a current condition that can be rectified; they can never be followed by a corresponding clear event.In fact, much of the monitoring information available from individual servers reports specific events that have occurred, rather than persistent alarm conditions. This data cannot be passed directly to an NMS. It must be analyzed and converted into alarms that are raised and cleared against entities of the system.The SM server is configured with rules for all monitored One-NDS components. These rules specify the amalgamation logic, the system counters that are maintained, and the system counter thresholds at which alarms are raised and cleared.System counters are used to aggregate event alarms. Event counters retain events only for a specified length of time. The value of a counter rises as events occur, and it later falls when those same events are retired. At any time, the counter therefore states the number of events that have occurred in that period up to the present. For example, if events are retained for 30 minutes, the system counter simply states the number of 16 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d80580926507Fault Managementevents that have occurred in the last 30 minutes. If a system counter reaches a defined threshold, an alarm is raised. If the same system counter goes on to reach a higher threshold, the same alarm may be raised again with a higher severity. When the system counter falls below a corresponding clear threshold, the alarm is cleared. The raise and clear thresholds are not necessarily identical, to avoid alarms being alternately raised and cleared.The SM server optimizes the throughput when the monitored One-NDS components generate very large numbers of events in failure scenarios. For that, the SM has several mechanisms to maximize its capacity and to minimize the load on the NMS. The SM server does not amalgamate duplicates between servers, so that not all alarm events are raised based on thresholds. Event alarms are raised immediately. It is particularly effective at reducing the severity of alarm storms in failure scenarios.A large part of the reduction is achieved by converting reports of events that occurred into threshold-based alarms. This approach also ensures that the total final alarms are of a much higher quality than would otherwise be the case. Alarms indicate abnormali-ties in the current condition of the system; they are cleared when no longer applicable.2.1.2 NetAct based Fault Management Process on MonitorNetAct related Fault Mangement is processed on Monitor that has a desktop and a suite of tools for monitoring the tasks. The tool inculdes Managed Objects and Monitoring Desktop.2.1.2.1 Monitor ToolsNetAct Monitor tools are integrated into the Desktop Framework. The tool utilisation principles are the same for all the tools.NetAct Monitor works with the help of following suite of tools.1.Managed Objects The Managed Objects (MO) allows you to create, modify, and managee the network topology data. The desktop includes a set of integrated tools to administrate and configure the monitored objects. The MO comprises: Object Explorer View Explorer Object Search Working Set Manager Network View Editor Object Search and Working Set Manager Properties Notes2.Mointoring Desktop Tools Alarm List Alarm History Warming List Alarm Details Alarm Filter Explorer Rule Explorer FM Pipe StatusA50016-E4103-Q801-1-7619 17User Manual (NetAct/SM variant) Fault ManagementId:0900d805809265072.1.2.2 FM Process FlowThe fault management work flow usually begins with the routine monitoring and the finding of a fault or faults in the system, which triggers an alarm or a series of alarms. The workflow combines the typical monitoring workflow and services from the Alarm List, Network View, Trouble Ticket List, Object Explorer, and Trouble Ticket Details.Alarms are displayed in the Alarm List tool. You can select an alarm from Alarm List to display the existing trouble tickets for the managed object or the site. The Find function in the Trouble Ticket List tool provides this output directly from the selected alarm. To display further object attributes, you can navigate to the object properties in Object Explorer. From there you can navigate to views that include the object and investigate the connectivity or status of the object and environment. After you have all the required information, you can create a new ticket, if needed, or attach the alarm information to an existing ticket in one single step.2.1.3 NMS-related OAM Functions for FM-related InformationBeyond SM, on the NMS/NetAct level, the OAM GUI is used to monitor alarm events.Monitoring provides a network-wide view of the network infrastructure and enables real-time traffic monitoring. The monitoring tasks can be organized on both regional and global level, and tasks can be distributed based on various aspects, for example, on geography, network technology, or time. Regional network monitoring concentrates on basic monitoring of one management region, and in global network monitoring the entire network is monitored on one screen.gThe ADM GUI can be launched from NMS by an HTTP web-browser.2.2 AlarmsDetailed specific SM-internal events are described in the Appendix of System Monitor User Guide with corresponding alarm mapping tables.18 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d80580926509Performance Management3 Performance ManagementPerformance Management (PM) is the most appropriate tool to ensure the quality of service of the managed telecommunication network. With the PM tool, you can display, monitor, and manage performance data of network components online.PM data is collected from nodes in the One-NDS deployment via two mechanisms. The NDS Directory component is integrated with the EMF statistics reporting library compo-nent of System Monitor, which provides an API for PM reporting. This API allows the NDS directory to periodically report all of its stored statistics at the same time as it produces af03 statistics log file on each node. The advantage of this API is that it utilises the SM interface protocol and transfers the data to the centralised SM server. For those components which are not integrated using the statistics library a separate probe is available and it uses an xml data file as its source. Each application component may periodically produce a suitably formatted xml file containing the statistics and the probe may be similarly configured to periodically collect these files, process them and transmit them to the SM Server using the SM interface protocol.At the SM Server, the SAMD component aggregates the data from all reporting nodes producing a set of csv files for onward processing. A new set of csv files are created for each statistics interval, with previous instances being archived on the server. A separate utility under the control of cron will periodically compress and move these files to a holding area where they will be removed after a configurable period..This allows a third party NMS to access the files via sftp or other mechanism as required. Since the NDS is configured by default to produce its statistics every 15 minutes the SM Server matches that period and the files may be accessed shortly after those intervals.While integrating to NAC, the NetAct O&M Agent Esymac reads the csv files and trans-forms them into OMeS xml files, notifies NAC via the NE3WS protocol, which can request that the files are transmitted over the NE3WS interface 3.1 SM-based OAM ProceduresFor performance management, SM provides an interface to Network Management Systems (NMSs) and NetAct.3.1.1 SM-internal Processing Functions for PM-related InformationThe SM-internal processing functions for PM-related information comprises: Monitoring of system events either in the form of XML files at the One-NDS compo-nents or from the EMF statistics reporting library. Processing Reporting at the SM server by means of the CSV files Forwarding to NMS/NetActThe interface from the SM Servers to a third party NMS is through the production of csv files, transferred by sftp.The csv files are generated periodically by the SAMD component of the SM Server. The interface from the SM Servers for One-NDS 8.0 EP5 and the later versions is to NetAct for Core 6 (NAC) EP 2 and is identified as NE3/WS, which is a Web Ser-vices interface. The csv files generated by the SAMD are processed by the O&M Agent to produce OMeS (Open Measurement Standard) xml files. When the files are A50016-E4103-Q801-1-7619 19User Manual (NetAct/SM variant) Performance ManagementId:0900d80580926509ready a notification is sent to the NAC system which may then request that they are transmitted.Figure 2 shows the SM-internal architecture for processing PM-related informationFigure 2 SM-internal architecture for processing PM-related informationPM Client ProbesSystem Monitor's PM client probes run on each server in the deployment (that is, One-NDS components, ADM, PGW, PGW DSA, NTF). They collect themonitoring informa-tion in the form of XML files which conform to a defined XML schema.SM-internal Events or Statistic Counter Aggregating and ProcessingThe SM server receives PM data from the PM probes at the monitored One-NDS com-ponents, counts and aggregates the events, and records the results at periodic intervals as comma separated value (CSV) format files. For all ADM deployments of One-NDS 8.0, the default is 15 minutes. Ideally, this interval should be set to the same value as 20 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d80580926509Performance Managementthe interval at which the application reports its data. This data can easily be uploaded, either automatically or manually in to a variety of tools for further analysis.Each item of PM data that is generated by the SM software, based on the PM data obtained by the underlying monitored One-NDS components, is presented in a CSV format in a series of files stored on the SM Servers. The name and number of the CSV files is dependant on the monitored One-NDS component generating the original PM data. Typically an One-NDS component will produce a number of CSV files with the name of the CSV file matching the measurement family of the individual counters.A measurement family is used to group a number of individual counters together. For example, One-NDS has a measurement group called LDAP Success (and an equiva-lent CSV files called LDAPsucc.csv). Within the CSV file, columns are used to report the individual counters and rows are used to report the PM data for the individual One-NDS component servers.A CSV file containing PM data is archived automatically by the SM server software. A new file is automatically created for each measurement period. A script controlled by Linux cron application is used to automatically add old archive files to a TAR archive (also GZIPed) after a configurable number of days. Finally, after a further configurable period, files are deleted from the file-system. This ensures that the disk usage is kept to a minimum whilst still preserving files that can be used later for debug purposes or other analysis.In case of NetAct NMS, the O&M agent reads the csv files and processes them into OMES files.3.1.2 NetAct-based Performance Management Performance management is processed through Reporter in the NetAct-based environ-ment. The NetAct based Reporting tool suite contains Report Editor, Report Explorer, KPI Editor, DB Purging Administration, and Alarm Reports Dashboard tools.Performance reporting applications rely on performance indicators and produce reports which can be used for the troubleshooting, planning, or optimizing the network.3.1.2.1 Performance Management ProcessPerformance management process involves the following processes: Defining or revising Quality of Service goals Defining reports Monitoring network performance Generating and distributing reports Analyzing the results Using performance data Analyzing measurement data3.1.2.2 Reporter Tool SuiteNetAct-based reporinting tool suite contains:Reporter functions with the help of following tools:A50016-E4103-Q801-1-7619 21User Manual (NetAct/SM variant) Performance ManagementId:0900d80580926509 Administration of MeasurementsTo configure measurement plans in types of network network element or measured objects. Alarm Reports DashboardTo get online report for fault management related activities. ReporterProvides performance management and reporting solution for telecom and IT/IP networks and services.Through Reporter you can access... Report Explorer Report Editor KPI Editor Scheduler Admin3.1.3 NMS-related OAM Functions for PM-related InformationBeyond SM, on the NMS level, the OAM GUI can be used to monitor event statistics.Monitoring provides a network-wide view of the network infrastructure and enables real-time traffic monitoring. The monitoring tasks can be organized on both regional and global level, and tasks can be distributed based on various aspects, for example, on geography, network technology, or time. Regional network monitoring concentrates on basic monitoring of one management region, and in global network monitoring the entire network is monitored on one screen.3.2 Performance Measurements or CountersDetailed specific SM-internal events are described in the appendix of System Monitor User Guide with corresponding measurement mapping tables.22 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d8058092650aConfiguration Management4 Configuration ManagementAll configuration data of a network element/component is stored locally at the particular network element/component. The configuration management (CM) tool for the DB man-agement, PGW administration, and NTF administration are accessed using a Web-based ADM GUI. This ADM GUI can be launched from SM-based NMS.The ADM GUI includes the following: Configuration management tasks for the ADM administration (see section 4.1.1 for more details) ADM administration Configuration management tasks for the One-NDS Directory (see section 4.1.2 for more details) One-NDS structure DSA management Complete One-NDS set up in one step Consistency check for ensuring inter-DSA consistency Data model (DM) management Subscriber data distribution LDAP user management System Monitor The configuration data of the One-NDS Directory (routing DSA, BE DSA) is stored in a directory sub-tree and at run time it can be accessed with LDAP requests over the LDAP interface.For detailed step-by-step instructions, refer to the ADM online help. Non-configuration management-oriented tasks for the One-NDS Directory (see section 4.1.3 for more details) Application management Job management Log management Emergency actions managementFor detailed step-by-step instructions, refer to the ADM online help. Configuration management tasks for the PGW (see section 4.1.4 for more details) PGW control PGW configuration data Project & office data PGW user management General functions on the PGW configuration management menus (for example, changing passwords) PGW modularization managementFor detailed step-by-step instructions, refer to the online help for the ADM GUI. Configuration management tasks for the NTF (see section 4.1.5 for more details) NTF control NTF configuration data NTF Registration data RegistrationFor detailed step-by-step instructions, refer to the online help for the ADM GUI.A50016-E4103-Q801-1-7619 23User Manual (NetAct/SM variant) Configuration ManagementId:0900d8058092650a4.1 One-NDS Administrator (ADM)ADM is the central network component for management of One-NDS network compo-nents. It is used for configuration management of: One-NDS Directory (that is, routing DSA and BE DSA) Provisioning Gateway (PGW) Notification Manager (NTF)Multi-user handling in the ADMTo completely implement a combined functionality covered by the ADM, the ADM GUI offers different menu entries (ADM users) at the ADM network component icon, such as: DB management (DBM user, already known from previous versions), obtains all functions (for example, One-NDS Directory management, PGW management, NTF management, general ADM administration). PGW administration (PGW admin user, previously handled on the PGW), obtains PGW-related functions (PGW management, LDAP user management, log manage-ment). One-NDS administration (DBM admin user on the ADM), obtains administrative functions (general ADM administration). Super user (super user), is allowed to do everything (should be used restrictively). However, currently the super user is the only user who has the right to delete direc-tory server agents (DSAs) and to modify One-NDS Directory server control data.gThe availability of distinct menu entries can be dependent on the customer project, but at least the menu entries "DB management" and "PGW admin" should be available. Permission for One-NDS Directory access is grouped into roles. Each user is assigned one or more roles, which constitute their privileges to execute certain operational tasks. The entries that are offered depend on the role of the current Web-browser user. The Web-browser-related direct request is initiated with different users to allow differentiat-ing between the users on the ADM side. Depending on the received user, the ADM Web GUI is rendered to provide the requested functionality to the operator.gDepending on which dedicated menu is initiated from, the encrypted request is different.The appropriate role for the user is indicated on the top of the ADM Web GUI. DB Management: uid:dbmanager + loginId PGW Admin: uid:pgwadmin + loginId One-NDS Admin: uid:dbmadmin + loginId Super user: uid:superuser + loginIdgYou can login through a web browser as a user dbmanager, pgwadmin, dbmadmin and as a superuser.4.1.1 Configuration Management Tasks for the ADM AdministrationOver the ADM GUI, the following configuration management tasks for ADM manage-ment can be carried out.24 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d8058092650aConfiguration ManagementADM Configuration DataThe following configuration data of ADM is pre-configured with default values: LDAP configuration dataThis configuration data consists of an LDAP user name and password for One-NDS Directory access, or LDAP user name and password for ADM to perform streamed search requests (for the application reset functionality), or TLS options (that is, TLS methods), or a LDAP root name of the subscriber directory, or relative distinguished name (RDN) of temporary saved user ID during relocation. SSH configuration data for ADM access to the One-NDS Directory over SSHThis configuration data consists of the directory location of the SSH private key on ADM for the communication with the DSs.gSSH access is provided to all the servers from the NetAct. ADM user dataThis configuration data consists of the ADM user password. DSA configuration dataThis configuration data consists of host names of root/routing DSA servers which are part of the subscriber directory (only if the ADM is to be connected to an already existing One-NDS Directory must the host names be configured accordingly), or shared memory size for set up of new subscriber directory servers, that is, combined root/routing DSA (there is only one routing DSA that also acts as root-DSA, that is, it is used as a central entry point to the One-NDS Directory) and BE DSA), or host-names of PGW DSA server, or shared memory size for set up of new PGW DSA servers.gWhen installing for the first time the host names are mainly determined during the setup of the appropriate DSA. Only if the ADM is to be connected to an already existing One-NDS Directory must the host names be configured accordingly. ADM synchronizationThis configuration data enables the activation and deactivation of the nightly syn-chronization of ADM with standby-ADM ("ADM Nightly Sync") that is performed at 1.59 o'clock. ADM software infoThe ADM software enables RedHat Package Manager (RPM) packages that are currently installed at the ADM to be checked. The software provides information about the package name, version, and release of the RPM packages. RPM packages can serve different purposes: for ADM software installation, for hotfix installation, PGW-DSA software installation. Environment dataThis configuration data enables the values of the operating system environment variables set up during the installation of ADM to be viewed. This configuration data includes, for example, information about location and names of data templates or schema files for the One-NDS Directory and the PGW DSA.4.1.2 Configuration Management Tasks for the One-NDS DirectorygThe configuration management tasks for One-NDS Directory are available over ADM Admin login (dbmadmin) or DB Management login (dbmanager).A50016-E4103-Q801-1-7619 25User Manual (NetAct/SM variant) Configuration ManagementId:0900d8058092650aADM GUI is used to display or change the One-NDS Directory configuration data. ADM offers the possibility of defining all components of the One-NDS Directory (routing DSA, BE DSA) one by one on a single GUI window and to execute the setup of the configu-ration itself afterwards in one step. The operator can verify the complete entered data before applying them to the One-NDS Directory. This saves time, particularly for the first installation.The GUI window indicates proposals for the definition of the data. These proposals are taken form the file network.xml describing all network related stuff for installing the com-ponents of the One-NDS Directory (routing/BE DSAs). This file resides on the install servers and needs to be copied to ADM when ADM is installed. All required data for the One-NDS Directory (routing/BE DSAs) servers collected over the GUI is stored in the One-NDS Directory.Over the ADM GUI, the following configuration management tasks for DB Management can be carried out: One-NDS Structure Site Planning Management DSA Management DSA Administration DS Compatibility Level NDS Control Data LDAP Client Mgmt DSA Defaults One-NDS Setup LDAP User Management LDAP User Groups LDAP Groups QoS Profiles Tenant/Application Management Tenant Tab Application Tab Tenant Log Extension Packages Management Data Model (DM) Management DM package administration DSA database (schema database for schema packages) Data template export Data Distribution Configuration Relocation Relocaton Status Migration PGW Management PGW Control Configuration Data Project & Office Data User Management PGW Counter Audit26 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d8058092650aConfiguration Management Plug-In Management Notification Manager Server Control Configuration Data Registration Data Registration System Monitor Application Management MSI/MSISDN Overview Application Reset HLR Timestamps LDAP Application Upgrade v2 -> v80 Consistency Check - For Ensuring Inter-DSA Consistency Subscriber Data Storage SDS Monitoring SDS Monitoring - Details SDS Configuration Emergency Actions Disaster Recovery Software Fallback Dual Primary Recovery Job Management Log Management Log Files Overview Log Files Filter ADM Administration LDAP Configuration SSH Configuration User Management Root Servers ADM Synchronization ADM SW Info Environment DatagRefer to ADM online help for the step-by-step instructions.4.1.2.1 One-NDS StructureThe One-NDS structure window allows you to display all important One-NDS system information at a glance by using a tree view which provides quick navigation to the DSA Administration windows. All available DSAs/DSs in the One-NDS Directory (rout-ing/BE DSAs) and their status can be displayed in a tree view.The Site Shutdown / Start Up window allows you to shutdown or start all DSs, all routing DSs, and all BE DSs of one geographical site in parallel.A50016-E4103-Q801-1-7619 27User Manual (NetAct/SM variant) Configuration ManagementId:0900d8058092650a4.1.2.2 Complete One-NDS Setup in One StepUsing the new feature One-NDS setup in one step, all components (that is, DAs and DSAs) of One-NDS can be defined one by one on a single page and the setup of the configuration itself can be executed, all in one step. This reduces the time needed for the first installation, and the operator can verify all of the data entered before applying the data to the One-NDS Directory.gThis new feature can be started within the DSA Management windows. It is named One-NDS setup (see section 4.1.2.4 DSA Management).With this setup type a previously defined One-NDS setup configuration data based on a XML file (network.xml) is loaded transferred from the Install Server. The network.xml file was generated on the basis of the particular technical project data (TPD) sheet.The process to perform a One-NDS setup in one step can be divided into three phases: Loading the setup data from the network.xml file. Adapting the predefined settings determined by network.xml manually according to your needs (if requested). If necessary adding DSAs to the configuration data or removing DSAs from config-uration. The same is with modifying the configuration data of DSAs or of DSs or removing a DS from a DSA. Starting the One-NDS setup in one step.After starting the setup procedure, all prepared configuration data is validated. If there are hints, they are displayed in a separate message area. You can decide whether to continue or not. If the validation failed in a way that it is impossible to continue, only an error message is displayed. If the One-NDS setup ends successfully, the job ID is dis-played in a separate message area. The corresponding job progress can be observed in the Job Management window. To view the One-NDS setup job status and its results see Checking job status and Logs.gFurthermore, after setting up all directory servers that build up One-NDS, the operator has to activate a schema for the DSAs and to import LDIF files.Under normal circumstances this XML-file-controlled One-NDS setup function is used only once for initial setup of following One-NDS components: One-NDS Directory component for the subscriber directory (routing DSA and BE DSA) PGW DSA componentAfter using this XML-file-controlled One-NDS setup function, One-NDS can be extended using the DSA management functions (add DSA, add DS, and delete DS) as described in the following section.4.1.2.3 Site Planning ManagementThe geographical sites of the network element can be managed through the Site Planning window. Jobs of displaying the details of a site, adding a site and deleting a site can be administered through the Site Planning window.28 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d8058092650aConfiguration ManagementSite Planning Displaying Site detailsThe Site Planning window displays the details of a site - whether a site is regional or core, ID, and name. Adding a site On the Site Planning window, click Add to open the Site Adding window and provide Site Name, Site ID, and select or clear Core Site option check box details before pro-ceeding further. Deleting a siteOn the Site Planning window, the site deletion job can be administered while select-ing the required site and clicking Delete button.gDeletion of sites is possible only when a site is not assigned to a DS node.4.1.2.4 DSA ManagementThis section describes the case that the One-NDS is setup manually in several steps after the manual installation of the directory servers (DS), and maybe after the finished XML-file-controlled One-NDS setup described above. In both cases some initial or addi-tional configuration is required in order to assign the newly installed system to a logical directory server agent (DSA).1. DSA AdministrationThe DSA Administration window is used to set up a new DSA with a first DS and to administer a DSAs directory servers. Administering DSs includes adding or removing a DS to/from existing DSAs, changing the DS state or starting/stopping DSs.The main single management steps belonging to a DSA management or One-NDS setup are described below:Setting Up a DSAThe number of directory servers (DS) in a DSA and the number of DSAs depend on the tasks of the respective DSA and on the operators system configuration. The routing DSA is a cluster of N servers, whereby N depends on the number of sub-scribers which are to be served. To ensure redundancy, k additional servers are deployed. The recommended number of DSs in a BE DSA is three. In two-site system config-urations, four DSs are recommended in order to protect the One-NDS Directory against the high risk of data loss after an outage of the other site. The number of BE DSAs depends on the number of subscribers to be served. The PGW DSA is a cluster of N servers, whereby N is the number of servers that are necessary to provide the desired performance. For redundancy reasons, three PGW DSAs are deployed in the standard three-site configuration, each on a differ-ent local site.When a directory is set up from scratch, the sequence in which the DSAs should be created is first the combined root/routing DSA and second the BE DSAs. To create a root/routing DSA or PGW DSA, the configuration data for the root servers of the selected directory (One-NDS Directory/PGW DSA) must be empty. If not, the ADM assumes that there is already a directory and it tries to explore it over the configured servers. Root servers created with the ADM are added automatically to the configuration.A50016-E4103-Q801-1-7619 29User Manual (NetAct/SM variant) Configuration ManagementId:0900d8058092650aTo set up a new DSA, first add the ADM with its OAM IP address as LDAP client without distributing to the DS. Then, configure the first DS. The ADM sets up the first DS as the primary DS.Adding a Directory Server to a DSATo increase the transaction capacity, the routing DSA and the PGW DSA are scalable. This means additional DSs can be added as required.gThe capacity of the subscriber directory is enlarged by adding additional BE DSAsTo add a new DS to a DSA, the new DS must first of all be installed. If the schema was already active on the primary server, no further user action is required and the schema is automatically replicated within the DSA.Changing DS StatesDSA administration enables you to change a DSs state using the ADM GUI. The follow-ing state change operations are possible: ChangeoverMakes a selected secondary synchronized primary standby DS the primary DS for the respective DSA. Force preferred primary standbyMakes a secondary synchronized server the primary standby DS for the respective DSA. SynchronizeSynchronizes an unsynchronized secondary server. If synchronizing fails, the DS must be restarted from a backup (see the following topic starting and stopping directory servers) DesynchronizeDesynchronizes either a secondary synchronized primary standby or a secondary synchronized server.State changes are not applicable to the primary DS.DSA or DS DetailsThe DSA Details window allows you to change the DS state and to add or remove a directory server (DS) to or from the selected directory server agent (DSA).When a DS has to be taken out of service, it must be removed from the DSA. A DS can only be removed, when the DSA contains at least one other server, namely the primary server. If the deleted DS was the primary server, the secondary synchronized server takes over the primary server role. To restore the original system constellation, after removing a DS, a new DS must be added.The DS Details window allows you to view parameters and link status information for a specific directory server (DS), to start or stop the DS, and to restart the DS using a backup from a synchronized server, that is, either from a primary DS or a secondary syn-chronized DS.Furthermore, the DSA Details window allows you to display large memory pages. After changing the Linux kernel configuration, it may be necessary to reboot the system. The reboot button is placed in the DS Details window and it is only activated with the corre-sponding permissions.30 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d8058092650aConfiguration ManagementA One-NDS structure view allows you to display all important One-NDS system infor-mation at a glance by using a tree view. Furthermore, among other DS s the DSA identity (ID)/DS identity (ID) and transaction IDs (TIDs), that is, start TID and last TID of a particular DS is displayed.gAll the changes of user mappings must be be started one dsaId=1, because of automat-icaly mappings compares, caused by ADM.Starting and stopping directory servers (start up/shutdown): Using the ADM GUI, you can either start a directory server (DS) or restart a DS using a backup from a synchronized server. In the later case a backup from a synchronized DS is used if the selected DS cannot synchronize itself during start up. Furthermore, you can stop a directory server (DS). However, if a DSA contains only the primary DS you cannot stop this DS.2. DS Compatibility LevelEach DSA of a directory has a compatibility level to enable the inter-working with former One-NDS version 7.1. The level affects NDS 8.0 features, the backup format and the replication and synchronization mechanism between the nodes (DSs) of DSA. Each DSA of a directory can operate with a different compatibility level.The DS Compatibility Level window allows you to select a directory, to display the DSAs of this directory with its compatibility levels and to open the DS Compatibility Level - Modify window to modify the compatibility level within the DSAs. The DS Com-patibility Level - Modify window allows you to modify the compatibility level within a DSA.3. NDS Control DataThe NDS Control Data, which influences the operation of the One-NDS directory server, is to manage control data of the NDS (Network Directory Server). Control data is specific for each DSA, which means that you must select a directory and a DSA for which youwant to manage this data. The Apply to DSA window allows you to set the attribute values from the NDS Control Data window to more than one DSA.4. LDAP Client ManagementThe Add LDAP Client window allows you to add LDAP clients to the One-NDS Direc-tory over the ADM server, to delete LDAP clients from the ADM server and to apply them to all directory servers (DSs) in the subscriber directory and in the PGW DSA. LDAP application clients must authenticate themselves before they receive access to the data-base. LDAP clients have to authenticate themselves before they receive access to the One-NDS Directory. This means that the DSs of the One-NDS Directory must know the LDAP clients. Therefore, when a new LDAP client is added, the operator must configure the clients host name and IP address. The data of the LDAP client is then stored in the ADM database and the client can access the database.gThe LDAP client can be found at the DSA management menu in the ADM GUI (see also section 4.1.2.4).A50016-E4103-Q801-1-7619 31User Manual (NetAct/SM variant) Configuration ManagementId:0900d8058092650a5. DSA DefaultsThe DSA Defaults window allows you to modify settings for the different types of One-NDS directory DSAs and the PGW DSA if values other than the default values are required.These settings are as follows: Shared memory (SHM) size per DSA or DSA typeEnables the SHM size to be assigned to DSAs and specifies the size in megabytes (M) or gigabytes (G). In-memory journal size per DSA or DSA typeEnables the in-memory journal size to be assigned to DSAs and specifies the size in megabytes (M) or gigabytes (G). The shared memory (SHM) size and the in-memory journal size may differ for the different DSA types, but they must be identical for all DSAs of the same DSA type. Inter-DSA routing methodThe inter-DSA routing method parameter helps to balance the traffic load across the servers in the new DSA. The following methods can be used: Least primary (sends a fixed percentage of queries to the primary DS in the new DSA and balances the remaining queries to secondary nodes), Least util (operates in the same way as Least primary but without sending the fixed percentage to the primary DS), and Same site (sends queries to the DS used least on the same geographical site). Max. SOAP message rate to be sent towards the trigger receivers One-NDS Directory trigger defaults can also be set. Here, the maximum number of SOAP messages per second can be configured to be sent towards the trigger receivers (NTF). Settings in the NTF for the SOAP clients are also available. These settings can be made in the NTF Registration Data window. Size of segments to which the SHM of the DSAs shall be portionedEnables the size of the segments to be specified. The SHM of the DSAs is partioned to fit this size. The selected segment size is then used for all DSA types. Method to split the DSAs into segmentsIn the Shared memory segmentation method field, one of the following values can be selected: MAXIMUM (divides the memory into segments that correspond to the selected segment size and accepts one additional smaller segment for the remain-ing memory), EVEN (divides the memory into segments that correspond to the selected segment size and distributes the remaining memory among these seg-ments. Some of the segments can be slightly larger as a result). Compression level for the periodical backup of the DSsIn the Backup compression level field, enter values from 0 (best trade-off between size reduction and performance degradation) to 9 (maximum size reduction but maximum performance degradation). Support of Huge Memory Page ConfigurationThe ADM enables to set huge memory pages attributes for each DS node (routing DS, BE DS, PGW DS) based on the shared memory size. These settings are performed during the DS configuration (Add DS or DSA Default). The huge memory pages are depending both on these ADM settings and on technical project data (TPD) settings. After changing the huge memory pages attributes/parameters, the operator is prompted to reboot the node. This can be done using a button of the DS Details window.gThe virtual memory manager (VM) of the Linux kernel deals with memory pages. Normal pages can be swapped out to disk. The Linux kernel can be configured to provide large 32 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d8058092650aConfiguration Managementpages, also called huge pages, which can be allocated by an application. These large pages will not be swapped out by the VM. If the NDS database uses only these large pages, swapping out the database is avoided. The large pages feature of the VM and especially the possible page sizes are architecture-specific. On the X86_64 architec-ture, the page size is always 2 MByte for large pages.6. One-NDS SetupThis task is used to start the One-NDS setup in one step. For further information see section 4.1.2.2 Complete One-NDS Setup in One Step.Small DSA ConfigurationThe Small DSA Configuration feature allows the deployment and configuration of a single subscriber Directory DSA, combining the roles of both Routing DSA and BE DSA.This feature enables you to: Create a One-NDS configuration containing a single subscriber directory DSA with separate PGW DSA. Migrate from a single subscriber DSA configuration to a two-tier topology containing a separate Routing DSA and one or more Back-End DSAs.gRefer to One-NDS 8.0 EP 6 Online Help for step-by-step procedures for managing the Small DSA configuration process.4.1.2.5 LDAP User ManagementAn LDAP user is any application that accesses the One-NDS Directory over LDAP. That is, any application that accesses the One-NDS Directory over LDAP needs an LDAP user account. Administrators can create, modify, or delete an LDAP user as well as retrieve and modify an LDAP user group, besides QoS profile. Access rights are managed by assigning each LDAP user to an existing LDAP group, which defines a certain set of access rights for its members.LDAP User Management window allows you to manage the creation of LDAP users. The LDAP User Group window displays existing LDAP user groups and the users assigned to these groups. You can modify user assignments to groups. The QoS Profiles window displays the available QoS profiles. You can create a new QoS profile, modify an existing QoS profile, or delete a QoS profile using the QoS Profiles window.LDAP user management is particularly necessary for the routing/BE DSAs. LDAP users are part of the DS configuration and control data and are stored in the DS itself. For access control and user authentication, entries for groups, users, permission, and access control information (ACI) are available.The support of an extended LDAP user management by the ADM offers the possibility of administering all relevant LDAP user attributes needed to handle each category of LDAP user. The LDAP user management is extended in such a way that the assignment of stream search capabilities is possible also at a later point in time, not only during first time creation.Using the ADM, the following LDAP User management tasks can be executed: Creating LDAP usersCreate LDAP users for the PGW or the HLR. LDAP users are defined for One-NDS Directory access control and user authentication of applications. To determine which access control rights the new LDAP user has, assign the user to an existing A50016-E4103-Q801-1-7619 33User Manual (NetAct/SM variant) Configuration ManagementId:0900d8058092650aLDAP group. When creating an LDAP user, you can specify whether this LDAP user is allowed to perform the streamed search. A streamed search allows ADM applica-tions to send large search requests to the One-NDS Directory. In response, the One-NDS Directory returns data streams to the requesting application client with a specific data rate, which can be configured over the ADM GUI.gIt is recommended that the streamed search function is only started by official operator GUIs, for example, with implicit SPML provisioning GUI requests. Duplicating LDAP usersAn LDAP user can be created based on an existing LDAP user. In this way, already defined parameters such as group assignments can be copied. Displaying LDAP usersThe table of LDAP users displays user names, user IDs, streamed search proper-ties, and group assignments. Modifying LDAP user passwordsIf the password of an existing LDAP user in the ADM is changed, it must also be changed for the application on the LDAP client. Otherwise requests from this LDAP user will be rejected. Assigning LDAP users to groupsWhen users are assigned to groups, they must also be authorized for the LDAP One-NDS Directory access rights which are assigned to this group. Removing LDAP users from groupsWhen an LDAP user is removed from a group, this users One-NDS Directory access rights, which are specific for this group, must also be removed. Deleting LDAP usersWhen an LDAP user is deleted, applications using this user profile can no longer access the One-NDS Directory. Displaying LDAP user groupsWhen LDAP user groups are displayed, the users assigned to these groups can also be seen. Assigning LDAP users to groupsThis task is used to authorize users for LDAP One-NDS Directory access by assign-ing them to predefined groups. Removing LDAP users from groupsUsed to authorize users for LDAP One-NDS Directory access by assigning them to predefined groups. Creating QoS profilesUsed to create new QoS profiles, besides naming a profile and assigning a QoS level to a profile. Modifying QoS profilesUsed to modify the QoS profile level, the QoS behavior, or delete an existing QoS level map. You can also add new QoS level maps to the existing QoS profile. Displaying QoS profilesUsed to adisplay the details of the selected QoS profile.gLDAP Users, their properties, groups etc can also be changed using the ADM DM Management (Schema Management) function. Whenever such changes are made these schema changes have to be incorporated in DSA1 or in all DSA. Activation in one BE DSA (DSAid > 1) will be overwritten by the automatic LDAP user and group synchronization feature of the ADM. This ADM feature guarantees, that all LDAP 34 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d8058092650aConfiguration Managementuser properties, profiles, mappings and access control are always synchronized from FE-DSA to all other DSA of the subscriber directory after every schema change. The following Table 3 gives an overview of all relevant LDAP user attributes to handle all types of LDAP users.Attribute Name Description Attribute types for exampleLDAP SyntaxuserName The unique ID by which the user entry is known.Mandatory 20 characters (printable string)userId A unique ID that identifies the user.Mandatory 4-byte object IDuseAliasHiding A value that determines whether alias hiding will be applied for this user.Mandatory Enumeration type: values: never, upda-teOnly, alwayspassword The user encrypted pass-word.Optional 13 characters (printable string)classLibrary The name of the schema class library which this item belongs to.OptionaladaptNameMappings A list of adaptive name mappings applied to LDAP operations when this user is bound.OptionalattrAdaptMappings A list of attribute adaptation mappings applied to LDAP operations when this user is bound.OptionaladaptNameRevMap-pingsA list of adaptive name mappings applied to LDAP responses received from the database when this user is bound.OptionaldsUserAdaptMappings A list of user name adapta-tion mappings applied to operations requested by this user (each mapping value must be the RDN of a dsUserAdaptMap entry).OptionaldsLdapMaxUpdateRate A list of validation ranges. MandatoryTable 3 Overview of all relevant LDAP user attributes to handle all types of LDAP usersA50016-E4103-Q801-1-7619 35User Manual (NetAct/SM variant) Configuration ManagementId:0900d8058092650aThe LDAP users are automatically distributed across the directory when they are first created. In case a DSA has been added after the LDAP users were created, the users will not be available on this new DSA by default. Error messages and faulty situations can be prevented because every time the operator calls the ADMs GUI for LDAP user management, it finds out whether all LDAP users are available on all DSAs. If there is a mismatch, the LDAP users are automatically synchronized across the directory, which is initiated invisible by the ADM when navigating to the LDAP user management in the ADM GUI.Overload ProtectionWhen the traffic coming into the NDS exceeds the maximum rates configured by the administrator, or it exceeds the automatic maximum rate, the NDS rejects incoming operations with a 'busy' response. The Quality of Service (QoS) feature is to protect the system against traffic overload in a more effective way. The Quality of Service feature relies on Rate Control and QoS based gapping. Rate Control mechanism is responsible for identifying and taking action when a node in the One-NDS deployment is in an overloaded state. When a node is in an overloaded state, this mechanism identifies which operations to reject based on the calculated QoS for that operation.dsLdapMaxQueryRate A list of validation ranges. Mandato-ryldsLdapMaxOpRate A list of validation ranges. MandatorydsQoSProfileName The unique id by which the dsQoSProfile is known. Its value shouldmatch the dsQoSProfileName attri-bute of a dsQoSProfile object.OptionaldsQosLevelThe QoS level given to any user which uses this profile.OptionalInteger dsQosLevelMap Defines a map from a QoS preference name to a numerical QoS value.Optional Sequence of a printableString (max 20 chars)and an integer (1-10)dsQoSBusyBehaviour Specifies how NDS responds to operation requests that will not be processed due to system overloadOptionalAttribute Name Description Attribute types for exampleLDAP SyntaxTable 3 Overview of all relevant LDAP user attributes to handle all types of LDAP users (Cont.)36 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d8058092650aConfiguration Management Rate ControlThe Rate Control mechanism controls the maximum operation processing rate per One-NDS database node. This ensures that the response time remains within the required limits and that system stability. The Rate Control mechanism is applied through: The Maximum rate calculation - the mechanism maintains a maximum support-edrate per node for query operations, update operations, and total operations. Application of Rate Control - The Rate Control mechanism monitors the inbound traffic rates against the maximum calculated rates, and accepts operations up to the calculated maximum, above the calculated maximum operations are rejected. It includes a mechanism that allows very short spikes of traffic to be handled without unnecessarily pushing the system into overload Quality of ServiceThe Quality of Service (QoS) feature provides stable and predictable behaviour when One-NDS is overloaded by unusually high resource demands, and ensures that themost important traffic is given the highest priority while rejecting the lower level of requests.A QoS mechanism allows the administrators and the clients to supply the informa-tion needed to select which operations to reject when a node is overloaded. Different LDAP users can be configured to have different QoS levels, which means that high priority applications get the precendence over low priority applications.QoS Configuration - The QoS configuration is managed and applied across the system using the ADM GUI - QoS Profiles and QoS Profile Display.gRefer to the ADM Online Help for step-by-step instructions over configuration ofQoS.Nomadic Subscriber Configuration on LDAP Proxy The LDAP Proxy forwards the nomadic events to the ADM, which analyzes the events and performs the relocation job. The Nomadic Subscriber component applies the filter-ing rules for the relocation. However, the Nomadic Subscriber object is visible on LDAP Proxy only when it is configured in the TPD file. Broadly, following are the steps to configure LDAP Proxy:1.Select the proxies from the LDAP Proxy Administration window.2.Select an LDAP instance.3.Save the changes and restart the LDAP proxy to apply the changes on LDAP Proxy Admin - Configuration window.4.Set the relocation parameters on the Relocation Blacklists window.5.Select an LDAP user priority, whether a relocation request is to be executedThe priority details, which are stored in directory, are used for the nomadic sub-scriber functionality.g The LDAP Users window displays the Relocaton Priority column only when the Nomadic Subscriber (NOMADIC_SUBSCRIBER) derived from the TPD is not set to y.Refer to the One-NDS 8.0 EP 6 Online Help for the detailed configuration process.When the Nomadic Subscriber feature is ported to One-NDS, the configuration is divided into core and ExP parts. One-NDS Core medium contains dummy values for these application specific parts. In case of fresh/scratch installation, only after an ExP is A50016-E4103-Q801-1-7619 37User Manual (NetAct/SM variant) Configuration ManagementId:0900d8058092650ainstalled these values are configured manually by the operator using ADM GUI. For an upgrade, this configuration is taken a back-up (using upgrade support package) before the upgrade and restored later. Additional proxy configuration changes like MaxLDAPServerConnections are required in the core medium.Only on explicit TPD inputs, the LDAP proxy is installed during Core Media Installation.Once an extension package is installed, if the Nomadic Subscriber functionality is required, thenthe bind users that need to be monitored by the LDAP Proxy has to con-figured from the LDAP Proxy page of ADM GUI. LDAP Proxy Enhancements: Removing Single Bind Session: Since NDS is supporting the higher number of server connections, the bind verification is directly done on a live server connection. Multi-accept: Depending on the pending connections, the multi-accept behavior of proxy periodically attempts to accept the multiple connections to speed up the con-nection establishment.4.1.2.6 Tenant/Application ManagementThe Tenant/Application function provides the prerequisites for using the multi tenancy feature. This feature enables operators to host partners securely for company business units (tenants) in a single instance of One-NDS by limiting or restricting access by the users of one tenant to the logical partitions or sub-domains of the One-NDS assigned to other tenants. Therefore it is assumed that the subscriber data (or any other data) has been partitioned such that access control at the sub-tree level is valid. The multi tenancy feature is based on applications performing the access. An application in this context is a system node in the One-NDS architecture acting as a client that interfaces the One-NDS to use various services offered by the One-NDS. Examples of applications are HLR, and AAA.To manage/administer Tenant/Application window, the following tasks are available: Tenant or corresponding application configuration (multi tenancy)The feature multi tenancy provides a mechanism for assigning different levels of access to different parts of the directory based upon the application performing the access; and therefore assumes that the subscriber data (or any other data) has been partitioned such that access control at the sub-tree level is valid. The ADM also offers the creation of a new tenant within the directory. The adaptation of user names enables multi tenancy.The key aspects of the feature are as follows: Each user may have a number of user name adaptations assigned to it. User name adaptation rules are assigned to users by a system administrator user who has up to date access to the directorys adaptation configuration area. A user name adaptation consists of a match distinguished name (DN) and an effective user. If the final target DN of an application request matches the match DN of one of the user name adaptation rules assigned to the application user, then the appli-cation user is switched to the effective user for the remainder of the operation, which means that the application is granted a different level of access. DN matching is performed in exactly the same way as the existing adaptation handling, that is, same number of relative distinguished name (RDNs), RDNs 38 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d8058092650aConfiguration Managementmust match in order, an RDN of * at the start of the match DN matches zero or more RDNs at the start of the target DN and only the best matching rule is used for the adaptation. The final target DN for an application request is the post name resolution DN, that is, when all chaining and alias de-referencing has been performed.Assumptions/constraints: Target data is split logically into distinct sub-trees within the directory. Applications are identified and suitably distinguished by their LDAP user name and this, along with the name of the group the user belongs to, determines the applications usual access levels. The DN match processing that is performed after name resolution incurs a small performance impact at the final target One-NDS node. This is affected by the number of user name adaptation rules assigned to a user along with the depth of the match DN value within each rule. User name adaptation must be carefully configured by the administrator in order to ensure that appropriate access controls are applied in all cases, whether or not user name adaptation applies.Tenant Application Management via ADMFrom the Tenant/Application window, you can manage the applications and tenants. The Tenant/Application window displays all the applications and tenants that are regis-tered with the ADM database.The Application tab allows you to display and modify existing applications registered in the internal database of the ADM.You must have applications before creating tenants, and then you can select applica-tions for the tenants. You cannot create the applications as their existence is directly linked to the presence of at least one associated Extension Package. The application which a particular Extension Package represents is the one that specified in the root element of its package descriptor (values 'application' and optionally 'subapplication'). The Application window displays: Display mode: For displaying the existing application. Modification mode: Adding Trigger Packages and URLs to the existing applicationsThrough the Tenant tab, new tenants are created and the applications are selected to register for the newly created tenants. Even additional tenants are assigned to the already existing tenant.The tenant window displays three modes: Display mode (default): For displaying the existing tenants and their properties. Creation mode: For creating new tenants. Modification mode: For adding applications to the existing tenants. 4.1.2.7 Extension Packages ManagementThe Extension Package (ExP) management is a process through which various compo-nents are delivered, installed, and activated in OneNDS. All the components of an appli-cation are bundled into a single Extension package and delivered in the form a of tarball (.tar.gz file).A50016-E4103-Q801-1-7619 39User Manual (NetAct/SM variant) Configuration ManagementId:0900d8058092650aTo deploy an application in One-NDS, at least one version of its ExP needs to be acti-vated. ADM GUI shows Extension Packages for which valid descriptors exist (either as a part of the ExP or provided on the core medium for ExPs that are released previously). gThe Application strings from the Extension Packages GUI are also consistently used on other ADM windows: Tenant/Application window, which allows assignment of trigger packages and end-points to each application and assignment of applications to tenants. DM Package Admin window, which allows individual activation of schema, data and trigger packages. PGW Plugin Management window, which allows installation of individual PGW plugins on PGW hosts.Summary of the ExP installation steps: Initial ExPs after a Full Core Medium InstallationInitial step of every ExP installation on One-NDS is to import the ExP and/or its indi-vidual extension components to ADM. Trigger processing for the initial set of appli-cations is controlled by the TPD variables Application_List, Tenant_List and _hostTriggerTenantEndpointList. Installing Additional ExPsAn additional Extension Package (whose application is not listed in the TPD variable Application_List) can be installed on One-NDS anytime after the initial ExPs. Updating the Installed ExPTo update an already installed ExP version.From the Extension Package window, you can perform the following functions: Displaying all the extension packages along with the datamodel packages that are available in the ADM database. Discover job displays the ExPs, their ExPDescs, and stores the new ones in ADM database. Details functionality displays all the details of a selected Extension Package. The ExP Import job imports the selected ExP from the Install Server to the ADM Server. This requires the tarball of the ExP to be transferred to ADM and installed by using the /opt/exp-tools/install-extension-package.sh script. This is done in an ExP Import job. The activation job activates the all data and schema packages of the ExP. The tenant specific parts of those are also activated for all tenants using the application of this ExP. The deletion job deletes the selected ExPs.Importing Extension Packages to ADMThe initial step of every ExP installation on One-NDS is to import the ExP and/or its indi-vidual extension components to the ADM. Importing a complete ExP TarballThe options to import the schema, data, trigger, and PGW plugin/module packages for the entire ExP tarball: Automatic Discovery and Import of ExPs from INS Manual Installation of ExP Tarballs on ADM40 A50016-E4103-Q801-1-7619User Manual (NetAct/SM variant)Id:0900d8058092650aConfiguration Management Manual Import of Individual Extension components to ADMActivating ExP Schema and Data PackagesADM GUI has the following options to activate the schema and data packages of an Extension Package. One-click activationThe One-click activation option on the Extension Packages GUI enables you to activate all the schema and data packages for both subscriber and PGW directories belonging to a selected ExP. This option is used for the activation of a new ExP, as well as for the activation of a newer version of an already activated ExP.From the ExP GUI, perform the following steps:1.Select the required ExP, with status imported.2.Click Activate3.Viewing activation job detailsDetails of the corresponding ExP activation job is accessed using a relevant dis-played in the status column of the corresponding ExP row.gActivation job started from the ExP GUI covers the activation of only schema and data packages, using the currently assigned set of tenants. However, the typical ExP activation scenario involves: Assigning individual tenants. Activating the trigger data. Manually configuring the application-specific settings. Activating PGW plug-ins. Individual package activationFrom the DM Package Admin GUI, you can select the required schema and data packages, and activate them. Activation of manually imported schemas/data packagesManually imported schema or data packages are not included in the ExP activation procedure since they are not related to any particular ExP or application. They are activated individually from the DM Package Admin GUI.gRefer to the One-NDS 8.0 EP 6 Installation Manual for the further details on the instal-lation and activation of ExPs. 4.1.2.8 Data Model (DM) ManagementThe DM management functions are used to administer server-specific data model (DM) packages for the individual DSAs in the One-NDS.A data model (DM) package handled by the ADM can be a: Schema pa