For detailed information about the appropriate description of the various supported CPUs and VMs, refer to
Terminology.
Before you can establish an XML session between an XML UA and a Ribbon DSC, you must configure some attributes for the following objects in the Web-based User Interface (Web UI):
Configuring the Transport Server
Execute the instructions in the following procedure to configure a Transport Server for an XML session.
Caution
It is recommended to create a new Transport Server and then modify the ADN Connection protocol for that server. If an existing Transport Server is modified, all non-XML connections to the server will be disabled.
- From the Main Menu, click DSC.
- Click DSC Nodes.
- Click the required DSC Node.
Click Transport Servers.
Create a new Transport Server.
Click the new Transport Server to select.
Tip
If the Status attribute shows UP, deactivate this Transport Server before proceeding to the next step.
Do the following:
- Set the ADN Protocol to XML.
- Activate the Transport Server
The Status should indicate UP before you can proceed with further provisioning
Establishing an ADN Connection
Some planning is required if you want to set up an XML session. It is recommended that you specify the ADN type when you create an ADN (INTERNAL, UA, DIAMETER, and UA XML). If the ADN with which you want to establish an XML session has been configured as other than a UA XML, this ADN's Type must be changed to UA XML by first deactivating and assigning the UA XML Type. Also, the respective ADN Connections and Routing Tables have to be reconfigured.
Execute the instructions in the following procedure to configure the ADN for an XML session.
- From the Main Menu, click DSC.
- Click DSC Nodes.
- Click the required DSC Node.
- Click Adjacent Diameter Nodes.
- Click Create.
- Do the following:
- Set the Type to UA XML.
Configure the other attributes as required.
If the General Configuration page does not appear, do the following:
Navigate to the Adjacent Diameter Node Selection screen
Click the ADN you created (as Type UA XML).
Configure the required attributes.
Click Continue.
Tip
The Status attribute shows DOWN until the ADN connection is established.
When creating an ADN, you are redirected to the General Configuration page where you may select options for the ADN. The 'Activate' checkbox is selected by default. Simply click 'Continue' to enable the new ADN Connection.
- From the Main Menu, click DSC.
- Click DSC Nodes.
- Click the required DSC Node.
- Click Adjacent Diameter Nodes.
- Click the required ADN.
Do one of the following:
- If required, click Create to create an ADN Connection. Go to step 7.
- Click the required ADN Connection. Go to step 10.
Enter the Process Instance.
- Navigate to the ADN Connection Selection.
- Click the ADN Connection that you just created.
Do the following:
Tip
The Status Attribute may show DOWN by default. However, if this is an already established connection, this attribute may show UP.
When creating a new ADN Connection, the 'Activate' checkbox is selected by default. Click 'Continue' to enable the new ADN Connection. For an existing ADN Connection, you must select the 'Activate' checkbox and then click 'Continue'. You may have to click 'Deactivate' first before enabling an existing ADN Connection that has been modified.
- Using the Transport Type drop-down list, select SERVER ONLY.
- Configure the other attributes as required.
- Click ACTIVATE.
Disabling and Creating a Firewall
The Firewall is enabled by default after the initial configuration procedure is executed on the Ribbon DSC. Before an XML session can be established, the Firewall must be disabled to allow the TCP ports access to the Diameter XML interface. Alternatively, to establish a connection with a Firewall enabled, an IP filter module can be created to unblock pre-determined TCP ports (see Creating a Firewall Module File). The following procedure shows how to verify the status of the Firewall on a VM (CPU).
The Firewall can be disabled using the global control in the Web UI, or a Firewall module file may be manually created to allow a connection on a remote port.
To verify the Firewall is disabled
- Click Firewall.
Select the required CPU from the drop-down menu to view the firewall status.
Click Update.
Verify the VM virtaul slot status is set to DISABLED.
Click STOP FIREWALL if the VM virtual slot status is set to ENABLED.
Creating a Firewall Module File
To establish an XML session with a remote agent when the firewall is enabled on the Ribbon DSC, you must manually create an IP filter module to allow a connection on remote ports.
The IP filter module is a text file that you create and should be stored in the /opt/cpu_ss7gw/current/data/firewall/modules directory using the following naming convention:
‘<file-name>.conn’ (for example, ssh-in.conn)
Within this file, you must specify the UNIX port number for the service type that you want to enable.
Example:
Enable IMF traffic (file “imf.conn”):
MESSAGE=”IMF Traffic”
REMOTE_PORTS=”8901”
VALID_HOSTS=”192.168.10.2”
PROTOCOL:”tcp”
or, for multiple ports:
REMOTE_PORTS=”8901 8904 8909”
or for a range of ports:
REMOTE_PORTS=”8901:8909”
or for multiple hosts:
VALID_HOSTS=”192.168.10.2 192.168.20.2”
After you have created this text file, you must copy the file to all CPUs (Management, Routing, and Application CPUs) and restart the Firewall.
For more information on configuring the Firewall and other security services, refer to the DSC - SP2000 Platform Manager User Guide.