|
|
These release notes contain important information regarding the Cisco Subscriber Edge Services Manager (Cisco SESM) Release 3.1(7).
 |
Note For information about obtaining a license number, see the "Obtaining a License Number" section on page 7. |
These release notes discuss the following topics:
Cisco SESM provides service selection and connection management in broadband and mobile wireless environments. Cisco SESM provides the end user (the subscriber) with a web portal for accessing multiple services. The ISPs and NAPs deploying Cisco SESM can customize the content of the web pages and thereby control the subscriber experience.
SESM Release 3.1(7) supports the following deployment options:
SESM Release 3.1(7) includes the following sample web portal applications that can be installed and configured for demonstration purposes or used as a starting point for customizations:
You can optionally install the following applications to configure an SESM captive portal solution:
The SESM software includes two additional supporting applications:
Additional software components bundled in the Cisco SESM installation package are:
This section describes hardware and software requirements for SESM deployments.
You can deploy SESM using the following platforms and SSG devices.
SESM applications can run on any platform that supports the Java Runtime Environment (JRE). Verified platforms are shown in Table 1.
Cisco SESM works with any router running Cisco IOS software with the Cisco Service Selection Gateway. The following devices, when they are running the Cisco IOS Release 12.2.(4)B or later with SSG enabled, work with SESM Release 3.1(7):
The following SESM features require support on the SSG:
To use the captive portal feature in SESM to support unauthenticated user redirections:
To use the captive portal feature in SESM to support service redirections, initial logon redirections, and advertising redirections:
To use the port-bundle host key feature:
The host key feature can be enabled and disabled on both the SESM and SSG products to ensure backwards compatibility.
To use the complete ID feature for portal location awareness and branding, the SSG device must be running Cisco IOS Release 12.3(1)T or the X train for Cisco IOS Release 12.2(8)B.
This section describes new and changed features in SESM Release 3.1(7).
The following new and changed features apply to SESM running in RADIUS mode or LDAP mode.
|
Note To use the complete ID feature for portal location awareness and branding, the SSG device must be running Cisco IOS Release 12.3(1)T or the X train for Cisco IOS Release 12.2(8)B. |
The specific attributes used to determine the location, and hence the location branding, are configurable. See Chapter 10, "Configuring SESM Features," in the Cisco Subscriber Edge Services Manager Installation and Configuration Guide for more information.
This section describes new and changed features that apply to running in LDAP mode. For other new and changed features for SESM Release 3.1(7), see the preceding section, "New and Changed Features for RADIUS and LDAP Mode" section.
Filters created using the advanced page have a higher priority than those created on the basic page. Administrative filters, entered by deployers using CDAT, have the highest priority. For more information about the SESM firewall features, see Chapter 10, "Configuring SESM Features," in the Cisco Subscriber Edge Services Manager Installation and Configuration Guide.
In previous SESM releases, the SPE configuration file name was:
In SESM Release 3.1(7), the SPE configuration file names are as follows:
The SESM web-application software is enhanced in this release in the following ways:
The following sections highlight some important installation information.
See the Cisco Subscriber Edge Services Manager Installation and Configuration Guide for complete installation instructions.
The SESM installation program provides for two types of installation:
A license number is available on the License Certificate that is shipped with a purchased product. If you have purchased the product but have not yet received the CD-ROM and License Certificate, you can choose the evaluation option during installation. However, be sure to reinstall the SESM software using your license number when you receive the certificate.
The license number is important when you are requesting technical support for SESM from Cisco. After installation, the license number and the software version in the licensenum.txt file appear under the installation directory.
You can download the SESM software from the Cisco.com web site or copy it from the SESM product CD-ROM. Cisco SESM software is contained in the following packages.
If you purchased a contract that allows you to obtain the SESM software from Cisco.com, follow these procedures:
Step 2 Click the Login button. Enter your Cisco user ID and password.
To access the Cisco images from the CCO Software Center, you must have a valid Cisco user ID and password. See your Cisco account representative if you need help.
Step 3 Click Technical Support.
Step 4 In the pop-up window, click Software Center.
Step 5 Click Web Software.
Step 6 Click Cisco Subscriber Edge Services Manager.
Step 7 Download the appropriate image based on the platform you intend to use for hosting the SESM web application.
The SSG, LDAP directory, and RADIUS components do not need to be installed and configured before you execute the Cisco SESM installation program. However, the installation program prompts you for configuration information about these components, such as IP addresses, ports, shared secrets, and other information required for the SESM components to communicate with them. You should know these values before you perform the installation. Otherwise, you will need to reconfigure the solution later.
In the case of the LDAP directory, it is advantageous to install the Cisco SESM solution when the directory is running and to have update rights to the directory. The installation program can install required extensions to the LDAP directory.
If you are installing the demo, the installation program does not prompt you for configuration information about SSGs, LDAP directories, or RADIUS servers.
This section contains information about upgrading from previous releases of the software.
This section provides information on upgrading from SESM Release 3.1(3) or 3.1(5) to SESM Release 3.1(7).
To preserve your previous SESM installation, including changes to configuration files and customized web applications, install SESM Release 3.1(7) in a different directory from previous installations.
To reuse the same installation directory, perform the following steps:
Step 2 Uninstall the previous release of SESM using instructions in the "Uninstalling a Previous Installation" section.
Step 3 Install the current release of SESM.
Step 4 Migrate the SESM Release 3.1(3) or 3.1(5) set of configuration files to SESM Release 3.1(7). Use either of the following methods:
Step 5 Migrate your web portal applications to the new installation, as described in the following section.
To migrate an SESM Release 3.1(3) or 3.1(5) web portal application to SESM Release 3.1(7), perform the following steps:
|
Note Before you begin this procedure, ensure that a backup copy of your entire SESM web application is stored in a safe location. |
Step 2 Copy the NWSP web application in \install_dir\nwsp to \install_dir\mywebapp, where \install_dir is the location in which you installed SESM Release 3.1(7), and mywebapp is the name of your SESM web application. This creates an SESM web application named mywebapp under \install_dir.
Step 3 Copy these files from the install location of the SESM Release 3.1(7) software.
a. In \install_dir\jetty\bin, copy startNWSP.sh to startMYWEBAPP.sh. Edit the startMYWEBAPP.sh file and replace APP=nwsp with APP=mywebapp. (For an SESM installation on a Windows platform, the suffix of the start file is .cmd.)
b. In \install_dir\jetty\config, copy nwsp.jetty.xml to mywebapp.jetty.xml. Edit the mywebapp.jetty.xml file and replace nwspkeystore with mywebappkeystore. Also, replace any comments that refer to NWSP.
c. In \install_dir\jetty\config, copy mywebappkeystore from your previous installation into this directory.
d. In \install_dir\jetty\config, copy nwsp.web-jetty.xml to mywebapp.web-jetty.xml.
Step 4 Verify the previous steps by starting the web application mywebapp in Demo mode.
b. Log in to the web application using the user name golduser and the password cisco. You should be able to use the SESM web application in Demo mode.
|
Note To update the directory structure for a SESM web application, you usually must update only the
contents of the WEB-INF subdirectory with the customizations for your web application. Step 5
overwrites almost the entire web application directory structure with the old web application
directory. You then update certain files. If your web application consists of minimal changes to the NWSP web application components, it may be more appropriate for you to leave the new SESM web application directory as is, and then overwrite only certain subdirectories from the previous SESM directory structure, such as the pages and images directories. If web.xml has been customized, then follow the instructions in the Step 12 for updating this file. |
Step 5 Copy the following directories (and all directories and files under them) from your previous SESM web application into the \install_dir\mywebapp location of the SESM Release 3.1(7) software.
Step 6 In the install location of the SESM Release 3.1(7) software, rename the docroot directory to webapp.
Step 7 Install a second copy of the SESM Release 3.1(7) software into a location different from where you installed the first copy.
Step 8 From the second SESM install location, copy the following files into the corresponding SESM Release 3.1(7) location of your web application:
For deployments in which a WAR file will be created, copy these additional files:
For LDAP-mode deployments only, copy these additional files:
Step 9 Depending on whether your web application contains customized versions of the JSP pages in the webapp\decorators directory, do one of the following:
a. Use a diff utility to compare your web application's files in webapp\decorators with the same files in the second SESM Release 3.1(7) install location.
b. Copy all files in webapp\decorators from the second SESM Release 3.1(7) install location into the corresponding SESM Release 3.1(7) location (webapp\decorators) of your web application.
c. Using the diff output from step a, replicate any customizations in all files in webapp\decorators of your SESM Release 3.1(7) web application.
Step 10 In the SESM Release 3.1(7) location that contains your web application, change the name of the webapp\WEB-INF\web.xml file to web.xml.OLD. The file web.xml is the web application's deployment descriptor file.
Step 11 Do one of the following depending on whether you have updated jsp.jar file (using the precompile.sh script).
 |
Tip The web.recompile.xml file causes the web application's JSP pages to be used rather than any precompiled JSP pages. The web server compiles each JSP page the first time the JSP page is requested after the web application is started. For information on how to use precompiled JSP pages, see the Cisco Subscriber Edge Services Manager Web Developer Guide and the "Precompiling JavaServer Pages" section. |
Step 12 If your SESM web application's deployment descriptor file (web.xml) is customized in any way, modify the deployment descriptor file that you created in Step 10 so that it includes those customizations. For example, the number or order of user-shape dimensions that your web application uses may be different from the number or order found in the standard web.xml or web.recompile.xml file.
Step 13 In the mywebapp\config\ directory of the SESM Release 3.1(7) location, rename the file nwsp.xml to mywebapp.xml.
Step 14 In the mywebapp\config\ directory of the SESM Release 3.1(7) location, change the attribute values in mywebapp.xml file so that their values are identical to the values used in your previous SESM installation. Use either of the following methods:
a. When the application is running, use the Agent View to update attributes to the values used in the previous installation. Be sure to use the apply and store operations to persist the new values across application restarts.
b. When the application is not running, edit the mywebapp.xml file, updating attribute values to the values used in the previous SESM installation.
Step 15 After you successfully complete this procedure, you can optionally delete the files that are associated with the second SESM Release 3.1(7) installation.
Searches for Java Classes. The deployer should be aware that the SESM web portals are, by default, run in a mode that is compliant with the Java 2, Enterprise Edition (J2EE) specification. This mode is controlled by the following line in the Jetty container MBean configuration file (for example, \install_dir\jetty\config\nwsp.jetty.xml):
The preceding line has the following effects on how the web server searches for classes from JAR files:
With LDAP mode, SESM Release 3.1(7) requires SPE software Release 1.11.
You can use options in the SESM software installation program to load the new schema extensions.
|
Note If you must install SPE directory schema extensions, you must first delete the old extensions before you
install the new SPE schema extensions. If you are using the NDS eDirectory, you must export your data, reinstall the directory, and then install the new SPE schema extensions. |
When using the iPlanet Directory Server with SESM Release 3.1(7), the recommended way to load the SPE schema extensions and RBAC objects is to use the SESM software installation program.
|
Note In situations where you must manually install the schema extensions, use the following directions in place of the directions in the README.SESM.LDIF.html, which is located in the \install_dir\dess-auth\schema directory. |
For the iPlanet Directory Server, the files to use to manually install the SPE schema extensions and initial RBAC objects are located in the \install_dir\dess-auth\schema\Netscape and \install_dir\dess-auth\schema\NDS directories. The files are:
\install_dir\dess-auth\schema\Netscape\authattr.ldf
\install_dir\dess-auth\schema\Netscape\authclas.ldf
\install_dir\dess-auth\schema\Netscape\dessattr.ldf
\install_dir\dess-auth\schema\Netscape\dessclas.ldf
\install_dir\dess-auth\schema\NDS\Policy15.ldf.nds
|
Note For SESM Release 3.1(7), if you choose to manually install the schema extensions for iPlanet Directory Server, do not use the policy15.conf file from the \install_dir\dess-auth\schema\Netscape directory. In its place, use the Policy15.ldf.nds from the \install_dir\dess-auth\schema\NDS directory. |
The LDIF files must be loaded in the sequence shown in the preceding list.
Modifying the Policy15.ldf.nds File. You must edit and modify the Policy15.ldf.nds file before using it with the iPlanet Directory Server as follows:
1. Replace two occurrences of:
2. Replace two occurrences of:
Installing the Schema Extensions Example. The iPlanet example given in the README.SESM.LDIF.html file for installing the SPE schema extensions and initial RBAC objects is not correct. The iPlanet example should be as follows:
This section provides information on upgrading from SESM Release 3.1(1) to SESM Release 3.1(7). In general, the two tasks needed for this upgrade are described in these sections:
Significant improvements and changes were made to the JSP pages and other web components of the SESM web application (New World Service Provider) starting with Release 3.1(3) including:
Because of this extensive redesign, it is not practical to use JSP pages that were developed for SESM Release 3.1(1). After SESM 3.1(3), these JSP pages would need to be modified so as to replace use of the deprecated classes and methods that have now been removed. This task would be achieved by referring to the Javadoc included in the SESM installation.
Instead of modifying the JSP pages, the recommended strategy for migrating an SESM Release 3.1(1) web application is to use the SESM Release 3.1(7) software and web components, including the JSP pages and deployment descriptor file in a sample web application like NWSP. Using this approach, you would typically do the following:
1. Recreate the customizations from your SESM Release 3.1(1) web application in the set of JSP pages in the SESM Release 3.1(7) NWSP. For this step, you might need to accomplish one or more of the following changes to the sample SESM Release 3.1(7) web application:
If you use Dreamweaver UltraDev or Dreamweaver MX and the templates provided with the sample NWSP web application, the HTML customizations can be accomplished more efficiently. For detailed information on customizing and developing an SESM Release 3.1(7) web application, see the Cisco Subscriber Edge Services Manager Web Developer Guide at:
http://www.cisco.com/univercd/cc/td/doc/solution/sesm/sesm_317/webdevgd/index.htm
2. Configure the SESM Release 3.1(7) web application deployment descriptor file (web.xml) as described in the Cisco Subscriber Edge Services Manager Web Developer Guide at:
http://www.cisco.com/univercd/cc/td/doc/solution/sesm/sesm_317/webdevgd/ch3_adv.htm#xtocid35
3. Configure the customized SESM Release 3.1(7) web application as described in the Cisco Subscriber Edge Services Manager Installation and Configuration Guide at:
http://www.cisco.com/univercd/cc/td/doc/solution/sesm/sesm_317/instconf/05portal.htm#xtocid17
4. Precompile the finalized production JSP pages using the directions and script provided in the "Precompiling JavaServer Pages" section.
Use the uninstall utility provided with the SESM product to remove a previous installation. The uninstall utility is located in the following directory:
The uninstall utility does the following:
After you run the uninstall utility, you can safely reinstall one or more SESM components into the same directory.
|
Note Do not uninstall SESM by manually deleting the contents of the installation directory. If you manually remove the contents of the directory and then attempt a reinstall into the same directory, the reinstall might not be complete. |
The following sections describe some important considerations related to the Cisco SESM.
To install SESM on a Windows NT platform from the SESM product CD-ROM, copy the installation file from the CD-ROM onto a local drive and perform the installation using the local copy. For more information, see the explanation in Table 2 for caveat CSCuk27495.
The SESM portal applications use precompiled JavaServer Pages (JSP). If you modify the JSP pages in one of the SESM portal applications, you must recompile the JSP pages before the changes are visible in the application. For information on recompiling, see the Cisco Subscriber Edge Services Manager Web Developer Guide.
On Windows platforms, JRE Version 1.2.2 displays the following messages at SESM application startup:
The recommended JRE for SESM Release 3.1(7) is JRE Version 1.3.1_03, which is bundled with the SESM product.
It has been observed that the performance of the Java Runtime Environment (JRE) Version 1.3.0 on Solaris is less than optimal. Later versions of the JRE have improved performance.
SESM Release 3.1(7) does not work with JRE Version 1.4.
The Sun example JMX server includes an HTML adaptor server that produces a web-based management console. The JMX HTML adaptor server forms the basis of the remote management and configuration support provided by the CDAT application. For example, an administrator can make configuration changes and can have these changes persisted with this new support.
|
Note In an earlier release, we recommended that the JMX HTML adaptor server functionality be removed
when deployed in a production environment. Starting with SESM Release 3.1(5), the JMX HTML adaptor server is required if a deployer needs this feature as part of the CDAT application. |
To protect access to SESM application management consoles, the JMX interface prompts for a username and password. For additional security, the deployer could deploy the SESM application behind a firewall.
For information about configuring the login values for SESM application management consoles, see the "Configuring the Management Console MBean" section in the Cisco Subscriber Edge Services Manager Installation and Configuration Guide, Chapter 3, "SESM Configuration Management."
Cisco SESM Release 3.1(7) uses the following security mechanisms:
If you are using a Sun Ultra or Enterprise system, you must use Solaris Version 2.6 or later. For live deployments, we recommend using an Enterprise class server with hot-swappable components and load-balancing across multiple servers. The Cisco Content Services Switch 11000 (CSS 11000) is preferred for load balancing.
For Windows NT installations, we highly recommend that you use hardware that meets the Windows NT Hardware Compatibility List (HCL) guidelines set by Microsoft with at least 64 MB of RAM (128 MB of RAM is recommended). Memory requirements are influenced by login rates, the number of subscribers concurrently logged on, and the number of services the subscribers are subscribed to use. See Chapter 9, "Running SESM Components," in the Cisco Subscriber Edge Services Manager Installation and Configuration Guide for more details about memory requirements.
The remote-management persistence feature (the store operation) saves the current attribute values for the persisted MBean in the appropriate application XML file. The store operation writes over the existing MBean in the XML file, which has the following effects:
A known problem in iPlanet Directory Server 5.0 affects the CDAT application. The problem is that removing an attribute does not fully remove it. See Bug 554309 at this location:
http://docs.sun.com/source/816-5604-10/index.html
This issue has an impact on the CDAT application in the following situation. If InetOrgPerson=UID and an administrator changes the value of the Poolname (CiscoDESSpoolName) or Primary Service (CiscoDESSprimaryService) attribute to null, an exception is thrown. After the exception, unexpected behavior occurs in the CDAT application. The problem does not occur if the administrator changes Poolname or Primary Service to a value other than null.
Table 2 describes known problems in SESM Release 3.1(7).
| Category | Caveat | Description |
|---|---|---|
With a Netscape Version 4.7 browser, the following problems exist concerning the service list display area in the SESM application pages: |
||
When a subscriber with inherited Cisco AV Pairs from a user group creates a subaccount from the NWSP application, the subaccount does not inherit the parent's AV Pairs. If the parent account has a Local Cisco AV Pair, the subaccount inherits that AV Pair. Workaround: After a subscriber creates a subaccount, an administrator must use CDAT to set the Cisco AV Pairs either in the subaccount or in the parent account. |
||
A user group member is erroneously autoconnected to a service when the following conditions are true: When the user logs on, the service is autoconnected even though the user is not subscribed to the service group. Workaround: Do not define services in a service group as auto-logon in a user group. |
||
In a captive portal deployment, when an unauthenticated WAP subscriber tries to connect to a service, the authentication page appears. After authentication, the service list page appears and the subscriber is not connected to the original service as a non-WAP based subscriber would be. Note If the WAP subscriber is already authenticated, this issue does not arise. Workaround: The subscriber manually selects the service from the service list. |
||
When deployed with a JRE, the NWSP application does not provide support for WAP devices. This support is only provided when the NWSP application is deployed with a full JDK. |
||
Nested Service Groups are not supported in the current NWSP application. Workaround: None with the current NWSP application but a deployer could modify the NWSP application JSP pages accordingly. |
||
The SESM applications do not work and are not supported with the Sun Version 1.4.0 JVM. |
||
The Web Services Gateway (WSG) application currently does not support single sign-on or Port Bundle Host Key (PBHK) mode. |
||
During SESM web application development with the Jetty web server, compilation of JSP pages only occurs once while the web application is running. If a JSP page is modified more than once while the web application is running, the changes cannot be observed until the web server is restarted. Workaround 1: Use Java 2 SDK version 1.4.1 (JDK 1.4.1) and Demo mode for SESM web application development. The JDK 1.4.1 is available at: http://java.sun.com/j2se/1.4.1/index.html For information on what you need to do if you install a JDK after installing the SESM software, see the "Installing a Java 2 SDK After Installing SESM" section in Chapter 2 in the Cisco Subscriber Edge Services Manager Web Developer Guide. The JDK 1.4.1 should not be used for SESM deployment. Under Windows, you may find that a JSP-page file is locked for writing after pointing the browser at the page. The lock is released if you point the browser to a different page. Workaround 2: Use Dreamweaver UltraDev's Live Data window, which artificially requests different pages each time. Changes to a JSP page can be observed immediately without restarting the web server. For information on using the Live Data window, see Chapter 2 of the Cisco Subscriber Edge Services Manager Web Developer Guide. Note The use of the Live Data window feature with Dreamweaver MX for JSP-page SESM development has currently not been tested. The Live Data window feature of Dreamweaver UltraDev has been verified for use with SESM development. |
||
The SESM web application does not display the service list when a session update determines that the user has changed. The problem occurs because the account profile is not being cached. Workaround: Change the profile and session timeouts to small values (such as two and four seconds, respectively). The configuration attributes for these timeouts are in the web_app/config/web_app.xml file (for example, nwsp/config/nwsp.xml), where web_app is the name of the SESM web application. After changing the timeout values, save the file and restart the web application. The lines for the attributes that control these timeouts are as follows: |
||
If you install SESM from the SESM product CD-ROM onto a Windows NT platform, the installation application fails because it tries to write to the CD partition, which is read-only. Workaround: Copy the installation file to your Windows NT platform and execute the local copy to install SESM. |
||
During the installation procedure, if you select the Proxy mode option for the RDP configuration, the installation program presents a panel prompting you for the Proxy RADIUS server details. If you decide to return to the previous panel and uncheck the Proxy mode option, the installation program still presents the Proxy RADIUS server panel, even though it is not required. Workaround: Cancel out of the installation application and restart the process. |
||
During a custom installation, if you select only the RDP component, the installation program also selects the Jetty component. The Jetty component cannot be unselected, even though the RDP does not require it. Workaround: Proceed as normal with the installation. The Jetty component has a very small footprint. Although it is installed, it does not have an impact on the operation of the RDP component. |
||
During a custom installation in LDAP mode, if you deselect all of the choices and then reselect the Web Applications, the installation application correctly autoselects the Jetty component but does not autoselect the SPE component. Workaround: If this sequence of events occurs, be sure to manually select the SPE component, as it is required for LDAP mode. |
||
The SESM installation application requires the JDK or JRE that you wish to use in your deployment to be located in a well-known directory; otherwise, the installation program does not find your installed version and uses the bundled JRE. See the Installation Components section in the Cisco Subscriber Edge Services Manager Installation and Configuration Guide for further details, including a list of the well-known directories. |
||
The silent install option does not perform correctly for the SESM applications, unless you intend to install in Demo mode. Configuration information for the web portal applications (NWSP, PDA, WAP) is not set, although the remaining applications and components (CDAT, RDP, Captive Portal, Message Portal) are configured as expected. Workaround: The preferred workaround is to use the normal or console-based installation mode. An alternative workaround is to manually edit the incorrect configuration files: |
||
For a Linux custom installation, the installation process may lock up on the feature selection page if you make changes too soon after the page is displayed. Workaround: If the installation has locked up, use Ctrl-C on the command line, then restart the install and proceed as before to the Custom Installation page. Wait until the window is fully updated, typically indicated by a brief flicker in the window. After this occurs, it is safe to proceed with any feature selection as planned. If no flicker is noticed, it should be safe to proceed after approximately 10 seconds. This duration is dependent on the speed of the target server system. |
||
The console version of the uninstall process does not work. Workaround: Use the standard GUI-based uninstall process instead. |
||
If a subscriber has a Primary Service as a result of inheriting it from a User Group, the RDP does not pass the IP Pool associated with the Primary Service to the SSG. Workaround: For IP Pool to be passed to the SSG, the IP Pool attribute must be defined in the Local RADIUS Attributes field of the CDAT application at the User Group level. |
||
If a subscriber's profile contains an incorrect RADIUS attribute, which the RDP cannot parse, the RDP does not send any attributes back to the SSG and so the subscriber is not able log on. Workaround: Ensure that there are no incorrect RADIUS attributes in the user profile. |
||
If an administrator deletes a service from CDAT that is defined as an autoconnected service in a subscriber's profile, some service-related attributes might not be deleted from the directory. The problem occurs regardless of whether the subscriber is logged in or logged out. These redundant attributes do not have an impact on the subscriber. Workaround: There is no impact in leaving these attributes in the directory, but administrators can manually remove the attributes if they wish. |
||
CDAT cannot distinguish between local and inherited generic RADIUS attributes in a user profile when the user is a member of a group for which the generic attributes are defined. |
||
When CDAT displays subaccounts, it displays group membership and not blocked roles. Workaround: You can manipulate these values using an LDAP server administration tool such as ConsoleOne, or by using the appropriate NWSP application self-care feature to modify the roles of a subaccount. |
||
In CDAT, the Block Inheritance and Service Filters attributes are not inherited by the user from a user group. Workaround: If these attributes are required, they must be directly assigned to each user. |
||
On Windows-based installations of CDAT, the script cdatsvc.cmd, which installs the Windows service for CDAT, does not work correctly. This script is located in the install_dir\jetty\bin directory. Workaround: Use the startCDAT.cmd script to start CDAT. This script is also located in install_dir\jetty\bin. |
This section includes new and updated information about SESM Release 3.1(7) that does not appear in the current SESM documentation set. The information contained in the following sections will appear in a future revision of the respective guides.
The following information will appear in a future revision of the Cisco Subscriber Edge Services Manager Solutions Guide.
The Web Services Gateway (WSG) application provides a Simple Objects Access Protocol (SOAP)-based interface enabling third-party web portals and subscriber management systems to integrate with the SESM and SSG solution. Any client application can interface with SSG through the WSG using SOAP over HTTP communication.
The WSG installation includes a web application configured to run in a Jetty container and a command-line client script for demonstration purposes. The WSG web application runs in RADIUS and LDAP modes. It does not work in Demo mode.
In this first release, the WSG client interface enables access to the SSG for the following activities:
|
Note This first release of WSG offers a preview of future development efforts. We invite interested parties to contact us through a Cisco account representative to discuss potential uses for WSG and participate in feature planning efforts for future releases. |
1. In the SESM installation program, choose the custom installation option.
2. Check the WSG box in the list of custom installation options.
WSG is installed in the \install_dir\wsg directory.
WSG is configured by default to run in a Jetty container on port 8100.
To change the Jetty container configuration for the WSG application, edit the following file:
To change the WSG application configuration, you can either:
For explanations of the MBeans, see Chapter 5, "Configuring SESM Portals" in the Cisco Subscriber Edge Services Manager Installation and Configuration Guide.
The SESM installation process installs and configures the WSG application to run in a Jetty container. To start and stop WSG, run its startup or stop script:
This script accepts all of the options and parameters that other SESM web applications use, including the mode option, which allows you to switch between LDAP, RADIUS, and Demo modes at run time. See Chapter 9, "Running SESM Applications," in the Cisco Subscriber Edge Services Manager Installation and Configuration Guide for more information.
The installed default port for the WSG is 8100. The management console (Agent View) runs on port 8200.
|
Note The client interface is intended for demonstration purposes only. It can provide an understanding of the WSG interface and possibilities for development. Contact us through your Cisco account representative to discuss your development goals and deployment requirements regarding a WSG interface. |
The demonstration client interface script provides command line access to the WSG using SOAP remote procedure calls (RPC). The script is located in:
To start the client, enter the following command:
http:// WSGhost:8100/services/SESM
If you do not supply the endpoint, the script provides command usage help. The wsgClient command-line prompt is:
At the prompt, enter help to display available commands. At subsequent prompts, enter any of the commands.
The following examples show the WSG client command-line interface and output from various commands.
In the preceding command, 121.121.122.3 is the IP address of the subscriber. The SSG must be able to route this address. It uses the address to bind a downlink interface when it creates the edge session for the subscriber.
The following information will appear in a future revision of the Cisco Distributed Administration Tool Guide.
The Block Inheritance checkbox in the Users and Users Groups window has changed:
This section provides information about SESM web application development that is not in the Cisco Subscriber Edge Services Manager Web Developer Guide.
|
Note The precompile.sh script that is included with the SESM Release 3.1(7) software is compatible with an earlier release (SESM Release 3.1(5)) but not compatible with SESM Release 3.1(7). The precompile.sh script for SESM Release 3.1(7) and instructions for its use are contained in the "Precompiling JavaServer Pages" section that follows. |
The SESM software includes a set of precompiled JSP pages for the sample SESM web applications such as NWSP. In any production deployment, the default JSP pages require customization by the deployer. Two options are available for compiling a modified set of JSP pages.
The precompile.sh script precompiles a full set of JSP pages for the SESM web application (for example, NWSP) that you specify when you invoke the script and creates a JAR file containing the resulting compiled servlet classes. The script also makes adjustments to the SESM web application's web.xml file so that the web application uses the precompiled JSP pages.
A precompiling script is currently not available for Windows-based workstations.
|
Note Before using the precompiling script, ensure that you have a backup copy of two files that your SESM web application is currently using: the web.xml file in /install_dir/web_app_name/webapp/WEB-INF and the jsp.jar file in /install_dir/web_app_name/webapp/WEB-INF/lib. Because the precompiling script overwrites these two files, you should copy them to some other safe location where you can retrieve them if you need a copy. |
To create and execute the script needed to precompile a set of JSP pages, perform the following steps on a UNIX workstation where the SESM software is installed:
Step 2 Using a text editor, create a shell script by copying and pasting the script in Figure 1 (below) into a file. Name the file precompile.sh and save it in the tools/bin directory.
Step 3 To make the script executable, issue the following command:
Step 4 Run the script precompile.sh and wait for completion, which may take a few minutes.
|
Note The comments at the beginning of the precompile.sh script provide information on how to use
the script. The script can be run from any directory because the paths used in the script are all full path names. If you do not run the script from the recommended directory, then set the environment variable SESM_HOME to be the full path name of the SESM installation directory. |
See the following documentation regarding SESM.
The online location for SESM documentation is:
http://www.cisco.com/univercd/cc/td/doc/solution/sesm/index.htm
The following sections explain how to obtain documentation from Cisco Systems.
You can access the most current Cisco documentation on the World Wide Web at the following URL:
Translated documentation is available at the following URL:
http://www.cisco.com/public/countries_languages.shtml
Cisco documentation is available in the following ways:
http://www.cisco.com/cgi-bin/order/order_root.pl
http://www.cisco.com/go/subscription
If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Leave Feedback at the bottom of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at 408 527-0730.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:
Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to
You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL:
The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center.
Inquiries to Cisco TAC are categorized according to the urgency of the issue:
Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.
The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL:
All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register:
http://www.cisco.com/register/
If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL:
http://www.cisco.com/tac/caseopen
If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.
The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before you call, check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, have your service agreement number and your product serial number available.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Copyright © 2002, Cisco Systems, Inc.
All rights reserved.
Posted: Mon Jan 6 20:47:35 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
