DO NOT SHARE THESE DOCS WITH CUSTOMERS!
This is an LA release that will only be provided to a select number of PLM-sanctioned customers (PDFs only). Contact PLM for details.
In this section:
Related articles:
The EMA GUI is available via TLS-secured (https) access either directly through port 443 or indirectly through port 80 to 443. ACL rules are not applicable to prevent unsecured (http) access.
A sample X.509 certificate, which is a copy of the BMC and the EMA Platform Mode certificate, is shipped along with the SBC shipment. The size of this certificate is 2,000 bytes.
The BMC is not applicable to SBC SWe.
The EMA uses the common Local Cert store of the SBC Core (used also for SIP/TLS) rather than having its own separate certificate store. The operator may replace that sample certificate at any time. The replacement mechanism is implemented with post installation/upgrade scripts.
Certificates with RSA keys up to 4,096 bits are supported.
Enter the following URL in the browser to access the SBC EMA:
https://<hostname>
where <host name>
is one of the management IP addresses of the SBC, or the equivalent DNS name. For example, https://10.54.41.8
.
EMA uses a self-signed certificate which may produce a warning message from Internet Explorer and Firefox. These messages may be ignored.
The SBC Core is delivered with sample self-signed X.509 certificates. Be aware that even though these sample certificates will allow you to use HTTPS to access the SBC from EMA, BMC and EMA Platform Mode interfaces, using this protocol with the sample certificates is not a truly secure access method. If your organization requires more secure access, refer to Generating PKI Certificates.
The SBC Core supports SHA-256 for certificate verification.
Refer to
for a list of supported browsers and client platforms for accessing EMA.To log into the Embedded Management Application (EMA):
Enter the SBC EMA URL <ip address/device name>
When using Internet Explorer/Mozilla Firefox browser, a website security issue may prevent you from going directly to the SBC application login screen, as shown in example below.
Figure 1: Certificate Security Error
Click Advanced.
Figure 2: Firefox Message - Self-Certified Website
Click Add Exception.
Figure 3: Firefox Message - Add Security Exception
Uncheck the Permanently store this exception check-box and click Confirm Security Exception. The Login window appears as shown below.
Login
Enter your Username and Password. Your username and password will be supplied along with the SBC installation package. Once you have successfully logged into the SBC, your temporary password expires and you are prompted to change your password.
This change password screen appears only for the first login of the new user.
Change Password
Ensure your new password meets the following criteria:
7. Once your password is successfully changed, enter your username and new password on the Login screen and click Log In.
When a user logs into either the CLI or EMA, information on the last successful and failed login attempts is displayed. The information shown includes:
Number of failed attempts after successful login.
Items 3, 4 and 5 display only when the last successful login date is older than the last unsuccessful login date. See the figure Login Message - Previous Unsuccessful Attempts.
The Last Login Information also displays for a new user for the first login. The new user is first authenticated and then allowed to change the system-generated password.
To log out of EMA:
Hover the mouse pointer over <your_username> on the menu bar. and click Log Out.
Log Out
This security enhancement is available beginning with SBC Core version 06.02.00R000.
This enhancement enables the EMA application (including EMA in platform mode) to disable concurrent user sessions. Once a new session is established, any existing session is terminated immediately. When an EMA user attempts to log in, the system checks for any open sessions with the same username. If any existing user session is identified, that user is immediately logged out from the application and allows the new user to log in to the system.
This feature is applicable to all EMA users (local users, radius users, PKI certificate-based users, and CAC users).