HTTPS Support
The EMA GUI is available via TLS-secured (https) access either directly through port 443 or indirectly through port 80 to 443. ACL rules are not applicable to prevent unsecured (http) access.
A sample X.509 certificate, which is a copy of the BMC and the EMA Platform Mode certificate, is shipped along with the
shipment. The size of this certificate is 2,000 bytes.
| Info |
|---|
|
note |
The BMC is not applicable to . |
The EMA uses the common Local Cert store of the
(used also for SIP/TLS) rather than having its own separate certificate store. The operator may replace that sample certificate at any time. The replacement mechanism is implemented with post installation/upgrade scripts.
Certificates with RSA keys up to 4,096 bits are supported.
| Info |
|---|
|
note |
Sonus recommends using only 2,048 bit certificates with release 3.1. discourages the use of 4,096 bit certificates in 3.1 due to anticipated upgrade issues with the current software. |
Enter the following URL in the browser to access the
EMA:
https://<hostname>
where, the <host name> is one of the management IP addresses of the , or the equivalent DNS name. For example, https://10.54.41.198.17
The EMA uses a self-signed certificate which may produce a warning message by Internet Explorer and Firefox. These messages may be ignored.
| Info |
|---|
|
note |
The is delivered with sample self-signed X.509 certificates. Please be aware that even though these sample certificates will allow you to use HTTPS to access the from EMA, BMC and EMA Platform Mode interfaces, using this protocol with the sample certificates is not a truly secure access method. If your organization requires a more secure access, refer to Generating PKI Certificates. |
| Infonote |
|---|
|
The supports SHA-256 for certificate verification. |
Logging In
Supported Browsers and Client Computers
See
| Link_in_new_tab |
|---|
| Text | Supported Browsers and Client Computer Requirements |
|---|
| URL | Introduction to EMA |
|---|
|
for a listing of supported browsers and client platforms when accessing EMA.
Procedure
Following are the steps to log into the Embedded Management Application (EMA):
- Launch your web browser.
Enter the
EMA URL <ip address/device name> |
note |
| Sometimes Sometimes, when using Internet Explorer/Mozilla Firefox browser, website security issue may prevent you from going directly to the SBC application login screen as shown in example below. |
Click Advanced.
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | Certificate Security Error |
|---|
|
 Image Modified
|
Click Continue to this Website (not recommended) option to access the application login screen. Add Exception.
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | Firefox Message - Self-Certified Website |
|---|
|
Image Added |
Uncheck the Permanently store this exception check-box and click Confirm Security Exception.| Caption |
|---|
| 0 | Figure |
|---|
| 1 | Firefox Message - Add Security Exception |
|---|
|
Image Added |
The Login window appears as shown below:
| Caption |
|---|
|
Image Modified |
Enter Username and Password. Your Username and the Password will be supplied along with the
installation package. Once you have successfully logged in to SBC, you temporary password expires and you are prompted to change your password.| Info |
|---|
|
note |
This change password screen appears only for the first log on of the new user. |
| Caption |
|---|
|
Image Modified |
Ensure the following criteria are met to successfully change the password:
- Minimum length of characters is 8.
- Minimum number of upper case characters is 1.
- Minimum number of lower case characters is 1.
- Minimum number of numeric digits is 1.
- Minimum number of special characters is 1.
- Maximum number of consecutive repeating characters is 3.
- Minimum number of differences compared to the old password is 4.
- Do not repeat any of the last 4 passwords.
- Once the password is successfully changed, enter the Username and the new Password and click Log In.
Incorrect Username-Password Combination
If you enter incorrect Username-Password combination, the following error message is displayed:
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | EMA Incorrect Login Credentials |
|---|
|
Image Added |
The Login window displays the following:
The following table describes the login window components.
| Caption |
|---|
| 0 | Table |
|---|
| 1 | Login Window Components |
|---|
|
Attributes | Description |
|---|
Username | Name of the user logging into the application. | Password | Password associated with the user who is logging in. |
|
| Infonote |
|---|
|
- You can also change the password in EMA without logging in to the application. The option to change password is available on the SBC Application login screen.
|
note- The Username and Password is same as that for the CLI.
|
Messages After Successful Login
After you log on to the EMA, you may get one of the following messages:
If you enter the correct login credentials:
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | Successful EMA Login |
|---|
|
Image Added |
If you make mistake, or someone had tried to unsuccessfully log on using your username but gave the wrong password:
| Anchor |
|---|
| Login Message - Previous Unsuccessful Attempts |
|---|
| Login Message - Previous Unsuccessful Attempts |
|---|
|
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | EMA Login Message - Previous Unsuccessful Message |
|---|
|
Image Added |
Last Login Display Date
The last login date of the user is displayed during the login time. When a user logs into the CLI/EMA, his/her last successful and failed login date and the IP address is displayed. The user evaluates this information to check illegal activities in the account.The information which are displayed at login:
- Last successful login date and time.
- Last successful login IP address.
- Last unsuccessful login date and time.
- Last unsuccessful login IP address.
Number of failed attempts after successful login.
| Info |
|---|
|
note |
| The Last Login Information is also displayed for a new user for the first login, as the new user is first authenticated and then allowed to change the system generated password. |
Configuring Banner in Login Screen
- On the main screen, navigate to Admin > Application Management. Click Banner chiclet on the left hand side of the page to display the Configure Login Banner window.
- Enable Show Login Banner option. You can request the user to acknowledge the Banner by enabling the Require User to Acknowledge Banner before Logging in option and also, you can request the user to acknowledge every time they login or only during the first login.
- Add your banner text in the text box next to Banner Text option to display your Banner content.
- Click Save to save your edits.
Logging Out of EMA
To log out of the EMA:
Security Enhancement - SBC Allows Only One Concurrent EMA Session
| Info |
|---|
This security enhancement is available for SBC Core version 06.02.00R000 onward. |
This enhancement enables the EMA application (including EMA in platform mode) to disable concurrent user login sessions. Once a new session is established, any existing session is terminated immediately. When an EMA user attempts to log on, the system validates for any open sessions with the same username. If any existing user session is identified, the user is immediately logged out from the application and allows the new user to log on to the system.
| Info |
|---|
|
This is applicable all the EMA users (local users, radius users, PKI Certificate based users, and CAC users). |
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | EMA User Logged Out Automatically |
|---|
|
Image Added |