Bridgewater atp

Acceptance Test Plan

Version 1.0

April 19, 2023

The manufacturer (MFR) reserves the right to make changes to this document and the products which it describes without notice. The MFR shall not be liable for technical or editorial errors or omissions made herein; nor for incidental or consequential damages resulting from the furnishing, performance, or use of this material or of the accompanying Software or any files derived from the Software.

Bridgewater Systems Corporation

303 Terry Fox Dr.

Suite 500

Ottawa, Ontario

Canada K2K 3J1

Phone: +1 613 591-6655Fax: +1 613 591-6656

http://www.bridgewatersystems.com

Bridgewater Systems Technical Support

North America: 1-877 943-3772

Mexico: 00-1-800-514-3772

International: 1-800 943-37726

[email protected]

Bridgewater and the Bridgewater logo are trademarks of Bridgewater Systems Corporation.

Other company or product names referenced may be the trademark or registered trademark of their respective companies.

©1997-2007 Bridgewater Systems Corporation. All rights reserved.

Table 1. Revision History

Date Release Version Comments

April 19, 2023 1.0 1.0 Original

Related Bridgewater documents

AAA Service Controller API Guide

AAA Service Controller User Guide

Bridgewater Installation Guide

Bridgewater SNMP Guide

Master Glossary

Monitoring and Logging User Guide

Oracle Database Reference Guide

Resource Management Server User Guide

Revenue Collector and Formatter Administrator Guide

Service Manager User Guide

These documents are available on the Bridgewater external web site:www.bridgewatersystems.com.

Bridgewater ATP Version 1.0

Contents

Introduction....................................................................................................................4

Prerequisites.................................................................................................................. 4

Time required................................................................................................................. 4

Documentation...............................................................................................................4

Customer-specific packages.................................................................................4

Pre-installation tasks.....................................................................................................5

Jumpstart the servers.....................................................................................................5

Verify the DVD or FTP site contents...............................................................................5

Create a directory for the packages................................................................................5

Copy the packages and scripts from the DVD or FTP site...............................................5

Operating system setup check lists................................................................................6

Remote access.....................................................................................................6

Server information................................................................................................6

Install the Oracle database...........................................................................................7

Install the database package..........................................................................................7

Start or stop the daemon................................................................................................7

Verify the database type and confirm that it responds to requests...................................7

Check for broken database jobs, including replication and purging jobs...........................8

Check the log file............................................................................................................8

Install the packages.......................................................................................................9

TimesTen database.......................................................................................................9

RMS............................................................................................................................ 10

SNMP.......................................................................................................................... 10

Verify the SNMP process....................................................................................11

Check the MIBs..................................................................................................11

April 19, 2023 Page 1


Installation troubleshooting........................................................................................12

Shutting down the server..............................................................................................12

Destination for email messages....................................................................................12

BWSraddmu................................................................................................................13

BWSwsoc Oracle Client package.................................................................................13

Set up the server for testing.......................................................................................14

Configure the Provisioning Server.................................................................................14

Verify the Provisioning Server process.........................................................................17

Verify the Provisioning CLU API...................................................................................17

Configure the Accounting Framework...........................................................................18

Verify the Accounting Framework process....................................................................19

Verify the RADIUS process..........................................................................................19

Install the Service Manager..........................................................................................20

Verify access to the Service Manager...........................................................................21

Verify database replication...........................................................................................22

Test the installation.....................................................................................................23

Configure a PDSN........................................................................................................23

Create the DEFAULT Service Profile............................................................................24

Configure Profiles and a User.......................................................................................25

Create a Gold User Profile Set in the organization you just created...............................26

Create a Gold User......................................................................................................26

Configure and run tracetool..........................................................................................28

Add a tracetool client..........................................................................................28

Start tracetool.....................................................................................................28

Run radtest.................................................................................................................. 29

View accounting records...............................................................................................36

Page 2 April 19, 2023


Verify RADIUS operation using radtest.........................................................................37

Verify tracetool operation using radtest.........................................................................37

Verify radpet operation.................................................................................................38

Verify the monitoring operation.....................................................................................38

Verify the Oracle backup operation...............................................................................38

Verify accounting flat file generation.............................................................................39

Verify SNMP query functions........................................................................................39

Verify system operation after a reboot..........................................................................39

Appendix A...................................................................................................................40

Middleware Server.......................................................................................................40

Verify the Middleware process.............................................................................40

Web and FTP Server...................................................................................................41

Verify the Web server process............................................................................41

DHCP Server (Client Configuration)..............................................................................41

Application Authorization Server (AppAuth)..................................................................42

LDAP Integration..........................................................................................................42

RADIUS Proxy.............................................................................................................42

System Monitoring (Monitoring Utility – BWSbmon)......................................................42

Session State Register (SSR)......................................................................................42

Prepaid Integrator (PPI)...............................................................................................43

Prepaid operation................................................................................................43

Postpaid operation..............................................................................................44

CALEA Controller.........................................................................................................44

Calea TimesTen database..................................................................................44

Installation Acceptance Form........................................................................................45



IntroductionThe purpose of this Acceptance Test Plan (ATP) is to verify the installation and general operation of Bridgewater products. It is not intended to verify all functionality in Bridgewater products.

The ATP includes installation procedures, basic configuration procedures, and basic test tools and utilities.

PrerequisitesTo be able to successfully perform the installation, configuration, and execution of the test tools and utilities described in this ATP, the following skills are recommended:

Some familiarity with Bridgewater products (for example, a review of the documentation for the applicable products, and an understanding of the system architecture).

Common Unix commands

Solaris operating system

Time requiredExecution can be accomplished in as little as 2-4 hours but may take longer, depending on the problems encountered and the skill level and experience of the tester.

DocumentationWe recommend that you print a copy of the Bridgewater Installation Guide to assist you with the installation process. The following chapters are especially useful:

Chapter 1: Component packages

This chapter lists all the packages required for each Bridgewater component.

Chapter 4: Installation checklists

This chapter contains checklists for recording any information requested during the installation. This is especially useful if you don’t use default names and passwords and need to remember them later.

Chapter 6: Package installation

This chapter contains all known package prompts. They are listed in the order in which they should be installed, based on package and component dependencies.

Customer-specific packages

For information about installing customer-specific packages, see the applicable installation and user guides.



Pre-installation tasksThis section describes the tasks required or recommended before you start the installation.

Jumpstart the serversBefore you start the installation and test execution, you may want to clean the test platforms and install fresh copies of the operating system and recommended patches.

You can use the pre-installation script to jumpstart with a flash image, rather than installing the operating system from scratch. This takes less time and is the preferred method to guarantee a properly installed operating system.

Note: All local hard disks are erased during the jumpstart procedure. Make sure you back up any data that you want to keep before you begin.

Verify the DVD or FTP site contentsVerify that the list of packages corresponds to the release list and matches the list in the Bridgewater Installation Guide.

Create a directory for the packagesConnect to your server and create a directory for the packages and executables.

Copy the packages and scripts from the DVD or FTP siteInsert the DVD into the drive and copy the files to the directory you created on your server, or connect to the FTP server that contains the files and copy them to the directory on your server.



Operating system setup check lists

Remote access

General

VPN client

VPN username

VPN password

VPN endpoint IP address

Server access (SSH)

AAA SC 1 IP

AAA SC 1 access username

AAA SC 1 access password

AAA SC 1 root username

AAA SC 1 root password

AAA SC 2 IP

AAA SC 2 access username

AAA SC 2 access password

AAA SC 2 root username

AAA SC 2 root password

Server information

OS version

OS server model

OS CPU

OS memory

OS cluster patches

Partioning

Network interfaces

Hosts

Crontabs

NTP

Policies



Install the Oracle database

Install the database packageInstall either the Oracle Enterprise (BWSwsoe) or Oracle Standard (BWSwsos) database package. You must unzip these packages before you install them.

1. Determine the type of Oracle database to be installed, so that you can respond appropriately to the prompts: MDEF, Master, Snapshot, or Standalone.

2. Move to the directory where the database package is located:

cd /<dirctory_name>

3. Unzip the package:

gunzip <package_name>.Z

4. Install the database:

pkgadd –d <package_name>

Below are the most common commands for checking the Oracle database. For more information, see the Oracle Database Reference Guide.

Start or stop the daemon

/etc/init.d/oracle start or /etc/init.d/oracle stop

Verify the database type and confirm that it responds to requests

1. Log in as root

2. Switch to Oracle user:

su - oracle

3. Change to the Widespan scripts directory:

cd /widespan/scripts

4. Verify the Oracle database type:

./servertype.sh

The result should show the database type. For an MDEF database, it should also show the replication status, which should be NORMAL.



Check for broken database jobs, including replication and purging jobs

1. Log in as root


su - oracle

3. Access SQLPLUS:

sqlplus

r6

r6

4. At the sql prompt, type:

select count (*) from dba_jobs where broken = 'Y';

The count should be 0 for each server.

Check the log file

tail -100f /u01/app/oracle/admin/wsp/bdump/alert_wsp.log

To verify that the processes are running, type:

ps –ef|grep ora



Install the packagesThis section provides the high-level instructions.

For detailed information, see the Bridgewater Installation Guide.

1 Move to the /stage/ directory:

cd /stage/

2. Find the required packagepkgadd -d /<directory_name>

3. Do one of the following:

a If the package appears in the list, type Crt-D, then type its number and press Enter.

b For more packages, press Enter.

Note: The database script package installation may take up to an hour..

4 Repeat step 3 until all desired packages have been installed.

After each package installation, a messages is displayed stating that BWS<package_name> has been installed.

Note: In Solaris 8, after a package has been installed, the beginning of the package list is automatically displayed. The list does not appear automatically in Solaris 10.

TimesTen databaseIf you are installing the TimesTen database package, you must run the setup script after the package has been installed:

cd /TimesTenSoftware

./setup.sh –record /TimesTenSoftware/install.log

Below are the most common commands for checking the Oracle database. For more information, see the AAA Service Controller User Guide.

To start or stop the daemon, type:

/etc/init.d/tt_tt51 start or /etc/init.d/tt_tt51 stop

To check the log file, type:

tail -100f /var/adm/messages


ps –ef|grep Times



RMSThe Resource Management Server (RMS) tracks the global use of dynamic resources such as active dial-up sessions across the network.

When you install the BWSwsrms package, you will see a prompt for the size of the TimesTen database in megabytes. Valid values are between 10 and 2048. For smaller servers, you may want to keep this number at or under 128.

Below are the most common commands for checking the RMS. For more information, see the RMS User Guide.

To access the host configuration file for editing, type:

/Widespan/config/rmshosts.conf

To access the RMS configuration file for editing, type:

/Widespan/config/rms/rms.conf


/etc/init.d/wsrms start or /etc/init.d/wsrms stop




ps –ef|grep rms

SNMPBridgewater products communicate with the SNMP master agent for authentication, authorization and access control for SNMP requests, registration and deregistration of subagents and their MIB metrics, and trap event processing.

When the SNMP package, BWSsnmp, is installed, the option to run the SNMP master agent in addition to, or instead of, the standard Solaris agent is selected.

The SNMP master agent provides the same core agent services as the Solaris agent, including the agent protocol engine, authentication, authorization, privacy, and access control, plus support for some MIB objects, including the system and SNMP groups of MIB-II and the tables associated with SNMPv2* security. In addition, the SNMP master agent allows each application running on the server to register its own SNMP MIBs with the MIB browser or SNMP management system.

When you install the BWSwsrms package, you will see a prompt for the size of the TimesTen database in megabytes. Valid values are between 10 and 2048. For smaller servers, you may want to keep this number at or under 128.

Below are the most common commands for checking the SNMP functionality . For more information, see the Bridgewater SNMP Guide.

To access the SNMP configuration file for editing, type:

/Widespan/snmp/config/agt/snmpd.conf


/etc/init.d/wssnmpd start or /etc/init.d/wssnmpd stop






ps –ef|grep snmp

Verify the SNMP process

Make sure that the SNMP daemon stops and starts correctly.

1. Log in as root.

2. Stop SNMP:/etc/init.d/wshsnmpd stop

3. Open a second window to monitor the SNMP messages:tail -100f /var/adm/messages

4. In the first window, start SNMPr:/etc/init.d/wssnmpdstart

5. Confirm in the message log that the daemon starts up. You should see "SNMP Subagent successfully connected to Master Agent" in the log.

Check the MIBs

To check that the MIBs are properly installed and that metrics are properly incremented for a successful authentication request :

Stop and restart the Master Agent to reset the SNMP metrics.

Using radtest (see the section on using radtest on page 24), send an authentication request.

Using your MIB browser or SNMP management system, check that the following metrics are incremented correctly:

Metric Metric increase

radiusAuthServTotalAccessRequests 1

radiusAuthServTotalAccessAccepts 1

radiusAuthServAccessRequests 1

radiusAuthServAccessAccepts 1

radiusAccServTotalRequests 2 (1 each for acct start & stop)

radiusAccServTotalResponses 2 (1 each for acct start & stop)

radiusAccServRequests 2 (1 each for acct start & stop)

radiusAccServResponses 2 (1 each for acct start & stop)



Installation troubleshootingThis section describes some of the problems you may encounter and how to resolve them.

Shutting down the serverSolaris parameters must be updated during Solaris 8 installation of the following packages:

BWSwsoe—Oracle Enterprise

BWSwsos—Oracle Standard

BWSwstt—TimesTen database

BWSwssts—Session Director

The basic instructions are the same, but the /tmp directories are different:

cp /etc/system /etc/system.orig

cp /tmp/system.<depends on the package>/etc/system

/usr/sbin/shutdown -y -g0 -i6

Destination for email messagesSeveral times during the installation, you are asked for an email address as the recipient of alert messages. Use an appropriate address to avoid flooding an unintended email address.

T avoid a continuous stream of emails, edit crontab. Do the following after installing the BWSmon package:

csh

setenv EDITOR vi

crontab -e

Comment out (#) the line that runs monitor.pl in crontab.

The root crontab should be used to perform accounting data collection.

#

# The rtc command is run to adjust the real time clock if and when daylight savings time changes.

#

10 3 * * 0,4 /etc/cron.d/logchecker

10 3 * * 0 /usr/lib/newsyslog

15 3 * * 0 /usr/lib/fs/nfs/nfsfind



1 2 * * * [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&1

30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/ gsscred_clean

0 * * * * /usr/sbin/ntpdate time.bridgewatersys.com

0 * * * * /usr/sbin/ntpdate time.bridgewatersys.com

#1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43 ,45,47,49,51,53,55,57,59 * * * * [ -x /WideSpan/mon/ monitor.pl ] && /WideSpan/mon/monitor.pl > /de

v/null 2>&1

To save the changes and exit the vi editor, type:

:wq!

BWSraddmuThis is an optional package, required only if you are implementing the DMU feature.

Installing this package creates a number of changes in configuration files that may make it more difficult to complete the testing. Unless you know that you need this package and how to configure the files, we recommend against installing it.

BWSwsoc Oracle Client packageBWSwsoc is the Oracle Client package. Oracle Client is used to communicate with the database from a remote machine; therefore, it should not be installed on the same server as the database.

If you have installed this package on the same database, use one of the two recovery modes:

1. Jumpstart the server and start from the beginning.

2. Remove the package and clean up, using the following procedure:

a Remove the offending package:

pkgrm BWSwsoc

b Delete the following files:

— /var/opt/oracle/ora.tab

— /var/opt/bws/db.info

— /redo*

c Reboot the server.



Set up the server for testingIn this section, you will find instructions to:

configure the Provisioning Server

configure the Accounting Framework

verify the RADIUS processes

install the Service Manager

verify database replication

Configure the Provisioning ServerThe Provisioning Server is used to send and receive requests to and from the AAA Service Controller Oracle database. The Provisioning Server is configured using the service.xml file.

1. Determine if the Provisioning Server is running:ps -ef | grep provs

If the Provisioning Server process is running, one parent and two child processes should be returned. If so, proceed to “Configure the Accounting Framework”.

If no processes are returned, you must configure the Provisioning Server configuration files and start the process as described below.

2. Move to the Provisioning Server configuration file directory:cd /WideSpan/config/provserver

3. Edit the server.xml file. As the root user:

<server version=”3.0”><datasource>

<user-name>r6</user-name><password>r6</password><driver>oracle.jdbc.OracleDriver</driver><url>jdbc:oracle:oci:@localhost:6136</url><timeout>10</timeout><min-pool-size>10</min-pool-size><max-pool-size>20</max-pool-size>

</datasource></server>

a Make sure the hostname (highlighted in bold above) is correct.

b Verify that the user-name and password for the database are correct.

Note: The installation of the AAA Service Controller uses r6 and r6 as the default user and password. These values can be changed later using the changedbpass script.

c If you are using a remote Oracle database, you must change the line:

<url>jdbc:oracle:oci:hostname202</url>

to use this format:

<url>jdbc:oracle:thin:@hostname202:1521:wsp</url>



Below is an example of the server.xml file:

<server version="3.0">

<name>kansparc6136</name>

<role>Master</role>

<timeout>15</timeout>



<transport name="http">



<bind-address>*</bind-address>



<port>32000</port>



<secure-port>32001</secure-port>



<shared-secret>johnson</shared-secret>



<min-threads>10</min-threads>

<max-threads>256</max-threads>

</transport>

<datasource>

<user-name>r6</user-name>

<password>r6</password>

<driver>oracle.jdbc.OracleDriver</driver>

<url>jdbc:oracle:thin:@localhost:6136:wsp</url>

<timeout>10</timeout>

<min-pool-size>1</min-pool-size>

<max-pool-size>10</max-pool-size>

</datasource>

<access-control>

<user>

<principal>admin</principal>

<credentials>admin</credentials>

<role>Administrator</role>

<host>127.0.0.1</host>

</user>

<user>

<principal>middleware</principal>

<credentials>middleware</credentials>

<role>OSS</role>

<role>MiddlewareClient</role>

</user>

<user>

<principal>uatadmin</principal>



<credentials>uat</credentials>

<role>OSS</role>

</user>

<user>

<principal>smclient</principal>

<credentials type="secret"/>

<role>OSS</role>

</user>

</access-control>

<snmp>

<nms><host>localhost</host><

<port>162</port></nms>

</snmp>

<logging>

<log name="server">

<log-level>INFO</log-level>

</log>



<log name="server.comm.request">

<log-level>ERROR</log-level>

</log>

<log-handler

class="com.bridgewatersystems.common.logging.SyslogEventHandler">

<properties>

<property

name="syslog.name"

value="provserver"

/>

<property

name="syslog.hostname"

value="localhost"

/>

<property

name="syslog.port"

value="514"

/>

<property

name="syslog.facility"

value="local7"

/>

</properties>

</log-handler>



</logging>

</server>

Verify the Provisioning Server processWhen you have configured and verified the service.xml file, you can check the Provisioning Server process. To make sure that the Provisioning server daemon stops and starts correctly, run the following commands.

1. Log in as root.

2. Stop Provisioning:/etc/init.d/wsprovs stop

3. Open a second window to monitor the Provisioning Server messages:tail -100f /var/adm/messages

4. In the first window, start Provisioning:/etc/init.d/wsprovs start

5. Confirm in the message log that the daemon starts up. You should see "localhost provserver: server INFO ready" at the end of the log.

Verify the Provisioning CLU APITo make sure that the Provisioning server responds, use the Command Line Utilities (CLU) API:

1. Log in as root.

2. Change to the Widespan directory and send the message:cd /Widespan/vip./nasauth/Widespan/config/vipclient.conf root null root

3. The response from the API should be:OK|root||||



Configure the Accounting FrameworkThere are three basic configuration options for the Accounting Framework:

write the files locally (if you are not using RC&F)

install the RC&F server functions locally

create a stream to send to a remote RC&F server

For information about deployment options, and configuration and operation instructions, see the Revenue Collector and Formatter Administrator Guide.

The RADIUS Server must have a buffer_config.xml file in the /WideSpan/config directory before the process can start. In addition, the Accounting Framework must have a configured acctfwk.xml file in the /WideSpan/config directory. This section describes how to use the installed pre-configured files to accomplish this.

Check to see if the buffer_config.xml file is present in the /Widespan/config directory:

ls

If the file is not present, copy the standalone version of the buffer_config.xml file:

cp /WideSpan/acctfwk/config.template/ buffer_config_radius_standalone.xml /WideSpan/config/ buffer_config.xml

Change the ownership and group for the buffer_config.xml file:

chown widespan:ws buffer_config.xml

Verify the change:

ls –l buffer_config.xml

The following should be displayed:

<-rw -------- 1 widespan ws 737 <date and time> buffer_config.xml

If the output from the verification has an “x” in it, the permissions include an executable, which must be removed:

chmod 600 buffer_config.xml

Check if the acctfwk.xml file is present in the /Widespan/config directory.

ls

If the file is not present, copy the standalone version of the acctfwk.xml file:

cp /WideSpan/acctfwk/config.template/ STANDALONE_acctfwk.xml /WideSpan/config/acctfwk.xml

Change the ownership and group for the acctfwk.xml file:

chown widespan:ws acctfwk.xml

Verify the change:

ls –l acctfwk.xml

The following should be displayed:Page 18 April 19, 2023


<-rw -------- 1 widespan ws 452 <date and time> acctfwk.xml

If the output from the verification has an “x” in it, the permissions include an executable, which must be removed:

chmod 600 acctfwk.xml

Verify the Accounting Framework processAfter you have created the buffer_config.xml and the acctfwk.xml files, make sure that the Acounting Framework daemon stops and starts correctly:

1. Log in as root.

2. Stop Accounting:/etc/init.d/wsacctf stop

3. Open a second window to monitor the Accounting messages:tail -100f /var/adm/messages

4. In the first window, start Accounting:/etc/init.d/wsacctf start

5. Confirm in the message log that the daemon starts up. You should see "Accounting Framework successfully started" in the log.

Verify the RADIUS processAfter you have created the buffer_config.xml and the acctfwk.xml files, make sure that the RADIUS daemon stops and starts correctly.

1. Log in as root.

2. Stop RADIUS:/etc/init.d/wsaradius stop

3. Open a second window to monitor the RADIUS messages:tail -100f /var/adm/messages

4. In the first window, start RADIUS:/etc/init.d/wsradius start

5. Confirm in the message log that the daemon starts up. You should see "WS_ConnectToDB -- Successful Database Connection to <database_name>" in the log.

To verify that the processes are running, as the root user, type:

# ps -ef | grep radiusd

# ps -ef | grep acctfwk



Install the Service ManagerObtain the setup.exe file for Service Manager from the server. You should see the Middleware Server menu. If all you see is Apache docs, restart the provisioning server.

Double-click on the setup.exe file.

Connect to the server using the following parameters:

— Login Name = root

— Password = root

— Domain = null

— Server = <server_name or address>

— Port = 32001

If you have read-only access, replication must be turned on.

Close the Service Manager.

Check the replication status:

su - widespan

cd /database/widespan/scripts/dbutil

dbutil.sh replication_status

1. When prompted to output the results, enter y.

In the report, under Replication Group Status, you should see the following information:

Group = WSP6

Status = NORMAL

SCHEMA_COMMENT = Widespan WSP6 Replicated

2. If replication is not turned on, resume replication:

dbutil.sh replication_resume

3. Connect to Service Manager.

4. Install a license. On the main menu, select License > New.



5. Enter the following:

— Authentication Code = 73C7-AF21-3F7C-9EFE-0A63-980F-E064-9885

— Customer Name = Bridgewater

— Distributor Name = Bridgewater

— Maximum Subscribers = 100,000

6. Click OK.

Verify access to the Service ManagerAfter you have configured the Service Manager, make sure that you can access it from your PC:

1. Launch the Service Manager client from your PC.

2. Log in as username "root".

3. Log in with the password "root".

4. Set the domain to "null".

5. Type in the IP Address or name of the server.

6. Set the port to "80".



Verify database replicationIn this procedure, you will

add a user to the first server, and confirm that the user is replicated on the second server.

delete the user on the first server, and confirm that the user is deleted on the second server

These steps will confirm whether the Oracle Snapshot replication is working properly.

In a multi-master replication scenario, perform both steps in both directions.

1. Open a terminal window on each server.

2. Log in as root.

3. Check the active user count on each server (they should match).


su - oracle

5. Access SQLPLUS

sqlplus

r6

r6

6. At the sql prompt, type:

select count (*) from usr where status = 'A';

7. Start the Service Manager client from your PC and add a user:

a) Highlight the organization.

b) Click the Add User button.

c) Set the Username, Login Name, and Password to test1

d) Click Create.

e) Click OK to save the changes.

8. Confirm that the user count on the first server has been incremented by 1.

9. Confirm that the user count on the second server has been incremented by 1 also. (It may take a couple of minutes for the change to display.)

10. Delete the test1 user you just created:

a) Highlight the organization.

b) Click the Find Users button.

c) For the search criteria, use Login Name = test1 and click Search.

d) Highlight the row for user test1.

e) Right click and select Delete to delete the user.

11. Confirm that the user count on the first server has been dropped by 1.

12. Confirm that the user count on the second server has been dropped by 1 also. (It may take a couple of minutes for the change to display.)



Test the installationIn this section, you will find instructions to:

configure a PSDN

create the DEFAULT Service Profile

configure Profiles and a User

Create a Gold User Profile Set

Create a Gold User

configure and run tracetool

run radtest

view accounting records

verify RADIUS operation using radtest

verify tracetool operation using radtest

verify radpet operation

verify the monitoring operation

verify the Oracle backup operation

verify accounting flat file operation

verify the SNMP query functions

verify system operation after a reboot

Configure a PDSNUse the Service Manager to configure the PDSN for a CDMA environment:

1. Start the Service Manager and log in as root.

2. Click the System tab.

3. Select File>New>PDSN.

4. Type the following information in the fields:

Field Value

IP Address IP address of your server

Name Host name of the server

Description Leave blank

Shared Secret SECRET

Vendor Name RFC2138

Model Name Leave blank

Number of Sessions 100

Timezone GMT

5. Click OK.

6. Click Yes when the Save dialog is displayed.



7. Click Apply Changes to apply the new PDSN to the system.



Create the DEFAULT Service ProfileUse the Service Manager to create the DEFAULT Service Profile before you create the Organizational Profile Set.

1. Click the Service tab.

2. Highlight the Root Organization.

3. Select File>New>Service>Profile.

4. In the New Profile Set dialog box, use the following values:

Field Value

Service Profile Name DEFAULT

Service Class Name RADIUS Connection Service

5. Click Create.

6. In the right pane, select Root Organization>Service Profiles>Connection Services>Default.

7. In the Default Edit Mode dialog box, click the Attribute Information tab and use the following values:

Field Value

Vendor Availability tab RFC2138

Attribute Availability tab Allow All

8. Click OK.

9. Click Yes to save the changes.



Configure Profiles and a UserUse the Service Manager to create the Organization Profile set, User Profile Sets, and Users.

1. Click the Service tab.

2. Highlight the Root Organization.

3. Select File>New>Profile Set.


Field Value

Name <profile set name>

Profile Set Type Organization

5. Click Create.

6. In the New Profile Set dialog box, select DEFAULT under the Connection Services.

7. Click Add.

8. Click OK.

9. In the Save dialog box, click Yes.

10. Select File>New>Organization.

11. In the Add Organization dialog box, use the following values:

Field Value

Organization Name <name of the organization>

Association Domain Create New

New Domain Name <name of the new domain>

Profile Set <profile set name used in Step 4.

12. Click Create.

A message is displayed to indicate that the new Profile Set has been created successfully.

13. Click OK to close the dialog box.

14. In the right pane, right-click the new organization you just created and select Edit.

15. In the organization dialog box, use the following values:

Field Value

Left pane DEFAULT

Dictionary Attributes Session-Timeout

Attribute Name value 14400

16. Click Add.

17. Click OK to close the dialog box for the new organization.




Create a Gold User Profile Set in the organization you just created1. In the left pane, select the organization you created in the previous procedure.

2. Select File>New>Profile Set.


Field Value

Name Gold

Profile Set Type User

4. Click Create.

5. In the New Profile Set dialog box, select DEFAULT under the Connection Services.

6. Click Add.

7. Click OK.


9. In the Gold – Edit Mode dialog box, use the following values:

Field Value

Right pane DEFAULT

Click the Service Profile (DEFAULT) tab.

Dictionary Attributes Idle-Timeout

Attribute Name value 3600

10. Click Add.

11. From the Dictionary Attributes, select Session Timeout.

12. Set the Attribute Name value to 14400.

13. Click Add.

14. Click OK.


Create a Gold User1. In the left pane, select the organization you created.

2. Select File>New>User.

3. For the Username, Login Name, and Password, type golduser.

4. From the Profile Set dropdown menu, select Gold.

5. Click Create.

6. The New Entity dialog box is displayed with the message “golduser has been created successfully.”

7. In the left pane, select the DEFAULT Connection Service. On the right side of the display, the Attributes in Effect should show:



Idle Timeout 3600

Session Timeout 14400

Click OK to close the dialog box.



Configure and run tracetoolThe RADIUS tracetool enables you to monitor RADIUS communication with NASs and other RADIUS Servers. Use this tool to view incoming RADIUS packets.

The tracetool utility connects to the RADIUS Server as a client. You can run tracetool on the same host machine as the RADIUS Server or on a remote machine connected via TCP/IP.

Add a tracetool client

Edit the traceclients file to add a traceclient for the IP address of the machine that runs tracetool. Use the IP address of the machine where the AAA Service Controller software is installed.

The traceclients file is located in /Widespan/config/radius/traceclients.

Below is an example of a traceclients file:

#PORT 30000

#TRACEBIND 192.148.143.2

#CONNECTIONS 4

#TRACECLIENT 192.148.123.67

#TRACECLIENT 192.148.123.68

TRACECLIENT 192.168.161.36

After you have edited the traceclients file, you must send the RADIUS Server a HUP signal so that it can reread the TRACECLIENT fields:

pkill -HUP radiusd

If you changed the PORT or TRACEBIND fields, you must restart the RADIUS Server.

Start tracetool

Note: You must start tracetool before you run radtest.

1. As the widespan user, move to the tracetool directory:

su – widespan

cd /Widespan/testtools/

2. Run tracetool:

./tracetool –f filter.cfg –h <server_address>

To stop tracetool, press crtl+c.



Run radtestThe radtest utility simulates a PDSN requesting authentication from the RADIUS Server.

In this test, you will:

run the radtest utility as the gold user

run radtest to mimic a full RADIUS session

The example of radtest in this section prompts you three times to press Enter:

to send the Access-Request message

to send the Acct-Start message

to send the Acct-Stop message

Note: Use the IP Address of the machine where the AAA Service Controller software is installed.

Before you run the radtest example in this section, telnet to the AAA Service Controller server and run the following command to view the incoming logs:


This will enable you to view the logs for the Authentication Request, the Accounting Start, and the Accounting Stop records.

Open a second telnet session to complete the following steps:

Log in as the widespan user to the Solaris Server where the AAA Service Controller is installed, for example:

telnet hostname202

Move to the radtest directory:

cd /Widespan/testtools/radtest

Type the following command:

./radtest -Uv 192.168.161.36 SECRET User-Name=golduser User-Password=golduser NAS-Port=1

The following output is displayed:

RADIUS

IP address : 192.168.161.36

Auth UDP Port: 1812

Acct UDP Port: 1813

User Interact: disabled

Timeout Intvl: 120

Retry Count: 1

Acct Wait Int: 0



Press Enter to send the Authentication Request. The following output is displayed:

Sending Authentication Request (1:1) Sent

Using Request Authenticator:

e4.36.61.3e.f1.69.3c.2d.83.55.cf.c2.86.9c.3b.94

User-Name = “golduser”

User-Password = “golduser”

NAS-Port=1

ready to receive RADIUS auth response (1:1)

Access Accepted - time = 1 seconds

total time is >149< ms

Class =

"42.57.53.0.1.0.e.2f.0.16.0.2.3.7.1.0.0.0.f.7.3.0"

The following log message is generated in the /var/adm/messages file:

Aug 13 14:57:19 kansparc321 radiusd[478]: [ID 559039 local7.info] INFO RADOP(102) auth for golduser from 192.168.167.1[5=1;] accepted with service: DEFAULT

The following is the tracetool output:

========================================================== =====================

| Request Type | Req Initiator IP | R.I.Port | Req Handler IP | R.H.Port |

| Access Request| 192.168.161.36| 54022| 192.168.167.1| 1812|

========================================================== =====================

| Timestamp | Direction | Thread ID | Req ID | Vendor ID | # of Attr |

|17:13:30 27-Oct-2006| IN| 51| 1| 0| 3|

========================================================== =====================

| Authenticator | Tracking ID |

| e4.36.61.3e.f1.69.3c.2e.8e.55.cf.c2.86.9c.3b.94| 1|

========================================================== =====================

[ 1] <User-Name>=(golduser) 8Byte

---------------------------------------------------------- ---------------------



[ 2] <User-Password>=(db.32.13.bf.0a.5b.16.5c.e9.3b.f8.a0.37.9d .32.8a) 16Byte

---------------------------------------------------------- ---------------------

[ 5] <NAS-Port>=(1) 4Byte

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~

========================================================== =====================


| Access Accept| 192.168.167.1| 54022| 192.168.167.1| 1812|

========================================================== =====================


|17:13:30 27-Oct-2006| OUT| 51| 1| 0| 6|

========================================================== =====================


| de.fb.be.50.29.87.87.9f.2e.39.20.7.fc.e2.68.4d| 1|

========================================================== =====================

[ 6] <Service-Type>=(Framed) 4Byte

---------------------------------------------------------- ---------------------

[ 7] <Framed-Protocol>=(PPP) 4Byte

---------------------------------------------------------- ---------------------

[ 8] <Framed-IP-Address>=(255.255.255.254) 4Byte

---------------------------------------------------------- ---------------------

[ 25] <Class>=(42.57.53.00.01.00.0e.2f.00.16.00.02.03.07.01.00.0 0.00.59.07.03.00) 22Byte

---------------------------------------------------------- ---------------------

[ 27] <Session-Timeout>=(14400) 4Byte

---------------------------------------------------------- ---------------------



Press Enter to send the Accounting Start Request. The following output is displayed:

Sending Accounting start Request (3:1)... Sent

ready to receive RADIUS acct start response (3:1)

Received Accounting start Response - time = 0 seconds

START REQ: total time is >4< ms


Aug 13 14:46:20 <hostname>radiusd[478]: [ID 664437 local7.info] INFO RADOP(13) acct start for golduser (IP=10.168.152.2) from 192.168.167.1[5=1;] recorded OK.


========================================================== =====================


| Accounting Request| 192.168.167.1| 54022| 192.168.167.1| 1813|

========================================================== =====================


|17:14:08 27-Oct-2006| IN| 35| 3| 0| 6|

========================================================== =====================


| d9.a9.71.57.20.9f.18.73.b0.d8.af.8a.8d.80.2a.5a| 2|

========================================================== =====================


---------------------------------------------------------- ---------------------


---------------------------------------------------------- ---------------------


---------------------------------------------------------- ---------------------

[ 25] <Class>=(42.57.53.00.01.00.0e.2f.00.16.00.02.03.07.01.00.0 0.00.59.07.03.00) 22Byte



---------------------------------------------------------- ---------------------

[ 40] <Acct-Status-Type>=(Start) 4Byte

---------------------------------------------------------- ---------------------

[ 44] <Acct-Session-Id>=(45423E3A-5F49A-0-1) 18Byte

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~

========================================================== =====================


|Accounting Response| 192.168.167.1| 54022| 192.168.167.1| 1813|

========================================================== =====================


|17:14:08 27-Oct-2006| OUT| 35| 3| 0| 0|

========================================================== =====================


| 93.c4.4c.44.d8.96.5e.a3.9d.5a.a0.39.e7.8a.a7.83| 2|

========================================================== =====================



Press Enter to send the Accounting Stop Request. The following output is displayed:

Sending Accounting stop Request (4:1)... Sent

ready to receive RADIUS acct stop response (4:1)

Received Accounting stop Response - time = 0 seconds

STOP REQ: total time is >18< ms

==================== Final Result ======================

Request Rate: 0.0227273 Cycles/Sec

Call-Check(auth) : Success = 0, Failures = 0

Authentication : Success = 1, Failures = 0, Min = 149, Max = 149, Avg = 149

Accounting Start: Success = 1, Min = 4, Max = 4, Avg = 4

Accounting Stop: Success = 1, Min = 18, Max = 18, Avg = 18

Overall Cycle : Success = 1/1, Min = 171, Max = 171, Avg = 171

Cycles per Sec. : 5.8479532


Aug 13 14:58:20 <hostname> radiusd[478]: [ID 664437 local7.info] INFO RADOP(13) acct stop for golduser (IP=10.168.152.2) from 182.168.152.2[5=1;] recorded OK.


========================================================== =====================


| Accounting Request| 192.168.167.1| 54022| 192.168.167.1| 1813|

========================================================== =====================


|17:14:37 27-Oct-2006| IN| 51| 4| 0| 12|

========================================================== =====================


| a6.17.65.f6.a3.58.35.8f.a6.15.97.35.31.88.e7.61| 3|

========================================================== =====================




---------------------------------------------------------- ---------------------


---------------------------------------------------------- ---------------------


---------------------------------------------------------- ---------------------

[ 25] <Class>=(42.57.53.00.01.00.0e.2f.00.16.00.02.03.07.01.00.0 0.00.59.07.03.00) 22Byte

---------------------------------------------------------- ---------------------

[ 40] <Acct-Status-Type>=(Stop) 4Byte

---------------------------------------------------------- ---------------------

[ 44] <Acct-Session-Id>=(45423E3A-5F49A-0-1) 18Byte

---------------------------------------------------------- ---------------------

[ 46] <Acct-Session-Time>=(67) 4Byte

---------------------------------------------------------- ---------------------

[ 49] <Acct-Terminate-Cause>=(554068) 4Byte

---------------------------------------------------------- ---------------------

[ 42] <Acct-Input-Octets>=(3456) 4Byte

---------------------------------------------------------- ---------------------

[ 43] <Acct-Output-Octets>=(7345) 4Byte

---------------------------------------------------------- ---------------------

[ 47] <Acct-Input-Packets>=(101) 4Byte

---------------------------------------------------------- ---------------------

[ 48] <Acct-Output-Packets>=(202) 4Byte

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~

========================================================== =====================


|Accounting Response| 192.168.167.1| 54022| 192.168.167.1| 1813|



========================================================== =====================


|17:14:37 27-Oct-2006| OUT| 51| 4| 0| 0|

========================================================== =====================


| eb.58.d5.b5.20.db.31.c8.93.1f.b7.20.72.a9.ac.ab| 3|

========================================================== =====================

View accounting recordsAfter you have successfully run the radtest example as the gold user, you have accounting records generated into flat files. The configuration in the acctfwk.xml file indicates the location of the flat files. By default, the location is /WideSpan/acctfwk/accountingfiles.

To view the contents of the accounting flat files:

Log in as root to the Solaris Server where the Accounting Framework is installed.

Note: The Accounting Framework is installed on both the client and server side, and the exact procedure to follow depends on your system architecture and whether flat files and correlated records are created locally or remotely.

For example:

telnet hostname202

Move to the destination directory for the flat files, for example:

cd /Widespan/acctfwk/accountingfiles

The Accounting Framework creates a filename using the current date and time. You can view

this text file using a text editor. Here's an example command for viewing a file:

more 2004-08-18.13:35:33.000000



Verify RADIUS operation using radtestYou can check the proper operation of RADIUS by sending an authentication request from one server to another.

1. Add a user with login name and password set to atp to the system.

2. Open a terminal on each server for monitoring the oplog:

tail -100f /Widespan/logs/oplog

3. Open a terminal on each server for monitoring the messages log:


4. In the Service Manager, add a test user for use with radtest.

5. Open a window on the first server as root and run a radtest (using the correct IP and domain):

su - widespan

tcsh

cd /Widespan/testtools/radtest

./radtest -v -t 5 U -p 1812 x.x.x.x SECRET User-Name="[email protected]" User-Password="atp" NAS-IP-Address=3.3.3.3 Calling-Station-ID=3334445555 Framed-IP-Address=77.77.77.77

6. Make sure the radtest was successful. The oplog should show three lines:

(1) auth accepted with service DEFAULT

(2) acct start

(3) acct stop

7. Make sure there are no errors in /var/adm/messages.

8. Run the same command on the second server, pointing to the first server.

Verify tracetool operation using radtestYou can check the proper operation of tracetool by running radtest and confirming that the data can be captured using tracetool.

1. Review the traceclients configuration, which is in /Widespan/config/radius/traceclients.

2. Create a tracetool filter:su - widespan

tcsh

cd /tmp

vi filter.cfg

3. Add the following to the filter:TARGET

LOG=SCREEN

4. Start the tracetool with the following command:

/Widespan/testtools/tracetool/tracetool -f ./filter.cfg -h <server_address>

5. Also check the tracetool operation from the other server, using the same command.



6. In a separate window, run some radtests to confirm that the tracetool is capturing the data.



Verify radpet operationUse this procedure to check the proper operation of the radpet tool and the configured policy files.

Run a test for a user that should be accepted, as well as one for a user that should be rejected. Check the proper policy routing for each user.

Run the following commands on both the first and second server:

su - widespan

tcsh

cd /tmp

/Widespan/radius/radpet -i <IP_address> -t auth [email protected]

/Widespan/radius/radpet -i <IP_address> -t auth [email protected]

Verify the monitoring operationUse this procedure to check the proper operation of monitoring tool and the status of the system.

1. Log in as root.

2. Make sure the monitor runs clean and that all processes are running without errors:

/Widespan/mon/monitor.pl

Verify the Oracle backup operationUse this procedure to check that the Oracle backups are running properly.

1. Log in as root.


su - oracle

crontab -l

3. Review the following:

a) crontab entry exists for Oracle backup

b) backup type and frequency

c) backup run time (should be set to off-hours)

d) mechanism in place to trim the backups and the archive log files

e) backup config file

f) backup location

g) confirm backups exists in backup location

h) confirm trimming is operational by examining backup file dates



Verify accounting flat file generationUse this procedure to verify that CDR flat files are being generated, based on the Acounting Framework configuration file (/Widespan/config/acctfwk.xml) and the vendor configuration file (/Widespan/config/radius/vendors.xml).

1. Review the flat file configuration and generation criteria in the /Widespan/config/acctfwk.xml file.

2. Navigate to the flat file location and check that there is a flat file running.

3. Navigate to the archive location and check that there are historical flat files.

4. Review the closed flat file maintenance mechanism in the /Widespan/custom/bws_maintenance.sh file.

Verify SNMP query functionsUse this procedure to make sure that you can perform an SNMP query on each server by testing the functionality of the walkrad and getone tools.

1. Log in as root.

2. Test the walkrad tool on each server:su - widespan

tcsh

/Widespan/radius/walkrad -er -i <IP_address> -p 161 -c string

3. Test the getone tool on each server:

a. Thread count: /Widespan/snmp/bin/getone/-v1 <IP_address> string 1.3.6.1.4.1.3631.2.1.2.1.1.0

b. Thread usage: /Widespan/snmp/bin/getone/-v1 <IP_address> string 1.3.6.1.4.1.3631.2.1.2.1.2.0

c. Max thread usage: /Widespan/snmp/bin/getone/-v1 <IP_address> string 1.3.6.1.4.1.3631.2.1.2.1.3.0

Verify system operation after a reboot1. Check the logs for any boot or daemon startup errors.

2. Make sure all processes started (using the monitoring function).

3. Check that the Service Manager is accessible.

4. Make sure that RADIUS is processing data on each server (using radtest).

5. Reboot each server in turn (not simultaneously):

a. Log in as root.

b. Reboot the server: /etc/shutdown -g0 -i6 -y

c. When the server is back up, check the message directory for errors: tail -100f /var/adm/messages

d. When the server has finished rebooting and the daemons appear to be back up, run the monitor to make sure the server runs properly: /Widespan/mon/monitor.pl

6. On the first server, log in to the Service Manager and make sure that it is functioning properly.



7. Run a radtest from the second server and check that there is a proper response. Verify the logs for any errors.

8. Repeat steps 6 and 7 with the opposite server.



Appendix AThis appendix provides information for checking functionality that is optional. Use this part of the document to add functionality to be tested on an as-required basis.

Note: Delete the sections that do not apply before asking the customer to sign off on the Acceptance Test agreement.

Middleware ServerThe Middleware Service supports all Service Manager clients. The Middleware Service opens a new database connection every time a Service Manager window or form is opened. The maximum number of connections is set in the middleware-service.xml file.

When the maximum number of connections is reached, Service Manager administrators are not able to open any windows until a connection is freed. If Service Manager clients frequently use up all available connections, it may be necessary to increase the maximum number of connections.

Below are the most common commands for Middleware Server. For more information, see the Service Manager User Guide.

To access the configuration file for editing, type:

/Widespan/middleware/middleware.properties


/etc/init.d/wsmwserver start or /etc/init.d/wsmwserver stop


tail -100f /Widespan/logs/mwserver.log


ps –ef|grep mid

Verify the Middleware process

To make sure that the Middleware daemon stops and starts correctly, run the following commands.

1. Log in as root.

13. Stop Middleware:/etc/init.d/wsmwserver stop

14. Open a second window to monitor the Middleware log:tail -100f /Widespan/logs/mwserver.log

15. In the first window, start Middleware:/etc/init.d/wsmwserver start

16. Open a browser to the Web server root:http://[web_URL]

17. Confirm in the Middleware log that the daemon starts up. You should see "Listening on port 6100" at the end of the log.



Web and FTP ServerThe Web and FTP Servers are primarily intended for publishing and hosting users’ web sites.

The Web Server is also installed on AAA Service Controllers to host web-based provisioning clients, such as User Self-Administration and User Self-Registration and to support database access for the Service Manager and Delegated Administration Manager.

Below are the most common commands for Web and FTP Server. For more information, see the Web and FTP Server User Guide.


/Widespan/config/http/httpsd.conf


/etc/init.d/wshttpd start or /etc/init.d/wshttpd stop

To check the access log file, type:

tail -100f /Widespan/logs/httpsd_access_log

To check the error log file, type:

tail -100f /Widespan/logs/httpsd_error_log


ps –ef|grep http

Verify the Web server process

To make sure that the Web server stops and starts properly and is operational, run the following commands.

1. Log in as root.

18. Stop the Web server:/etc/init.d/wshttpd stop

19. Start the Web server:/etc/init.d/wshttpd start

20. Open a browser to the Web server root:http://[web_URL]

21. Confirm that you can navigate to the updater directory, and that you can download the Service Manager client (setup.exe).

DHCP Server (Client Configuration)A DHCP Client is any network device that requires an IP address, such as a personal computer. Each DHCP Client is represented by a user account in the Service Manager.

The DHCP Server can model the client using the client’s IP address, host name, or identifier (usually the MAC address). This determines how the user account models the login name.



Application Authorization Server (AppAuth)The Application Authorization Server (AppAuth) allows third-party network applications to use the central user repository in the AAA Service Controller for user authorization. These network applications can retrieve user-specific profile information from the AAA Service Controller.

The AAA Service Controller database provides a centralized repository for profile information. Using the Service Manager GUI, an administrator provisions each third-party application that a user can access

LDAP IntegrationThe LDAP Interface transfers user and service profile data automatically between the AAA Service Controller and the web browser server.

This bi-directional data flow-through allows administrators to make changes, such as adding or changing user accounts, in either system. These changes are automatically transferred from one system to the other. For example, administrators can suspend a user in the LDAP directory and this user is automatically suspended in the AAA Service Controller database.

RADIUS ProxyThe Bridgewater RADIUS Server can act as a proxy for authentication and accounting requests by forwarding messages from the NAS to a remote RADIUS server. Define separate target servers for authentication and accounting.

System Monitoring (Monitoring Utility – BWSbmon)Bridgewater provides several facilities for monitoring and troubleshooting components in the Bridgewater Systems product suite, including the:

The Monitoring Facility monitors processes and system state but can also monitor log files for specific message patterns. When the Monitoring Facility detects an exception condition, it sends an alert message by email, SNMP trap, or both.

The Logging Framework provides a consistent mechanism for handling log messages across Bridgewater application components. The Logging Framework focuses exclusively on log messages and selectively routes messages to different files, the syslog daemon, or SNMP traps, based on the source application and the message priority.

Session State Register (SSR)The Session State Register (SSR) enables network applications, such as WAP, Push-To-Talk, and MMS servers, to authenticate a user against the Bridgewater Systems AAA Service Controller, based on the user IP Address. The user is authenticated once against the AAA Service Controller when they start a data session, and the user information is stored in the SSR dynamic RMS database until such time as the session is terminated by the AAA Service Controller.

As the user accesses various applications on the network, applications can retrieve the user information by querying the SSR, which maps the user IP address to a user profile. Each application can then perform its own authentication, authorization or billing based on the retrieved user profile. The SSR supports both CDMA and GSM, as well as both IPv4 and IPv6.



Prepaid Integrator (PPI)The Prepaid Integrator, along with your billing system, the AAA Service Controller, and the Resource Management Server (RMS) enables prepaid and postpaid/ subscription services.

Below are the most common commands for Web and FTP Server. For more information, see the Prepaid Integrator Solution Guide.


/Widespan/config/prepaid/pps-config.xml


/etc/init.d/wspps start or /etc/init.d/wspps stop

To check the messages log file, type:


To check the prepaid services log file, type:

tail -100f /Widespan/logs/ppslog

To check the lightbridge log file, type:

tail -100f /Widespan/logs/lightbridge.log


ps –ef|grep pps

Prepaid operation

Typical tasks for verifying the prepaid operation are:

set up Service Profiles

set up User Profile Sets

create test Users

local authentication and accounting for test Users (using radtest)

remote authentication and accounting for test Users (using radtest)

authentication and accounting for test Users (from PDSN)

check the logs: /Widespan/logs/oplog



Postpaid operation

Typical tasks for verifying the postpaid operation are:

set up Service Profiles

set up User Profile Sets

create test Users

local authentication and accounting for test Users (using radtest)

remote authentication and accounting for test Users (using radtest)

authentication and accounting for test Users (from PDSN)

check the logs: /Widespan/logs/oplog

check accounting output to flat file (local radtest)

check accounting output to flat file (remote radtest)

check accounting output to flat file (PDSN)

CALEA ControllerThe CALEA Controller is a secure standalone server that stores and maintains information related to all intercept targets under surveillance.

The CALEA Controller integrates into your network, operating with multiple SS8 Xcipio platforms, the AAA Service Controller, and the Session State Register.

The CALEA Controller package is "BWSwscal".

Calea TimesTen database

The CALEA Controller uses a 32-bit TimesTen database (other Bridgewater products use a 64-bit one). The CALEA database package is "BWSwstt32".

The TimesTen setup script for the CALEA Controller differs slightly from the regular TimesTen setup script.

For detailed instructions about installing the CALEA Controller, see the Bridgewater Installation Guide.



Installation Acceptance FormThe undersigned hereby certifies the completion of the Installation Acceptance Test Plan and acceptance of the Bridgewater products.

It is understood that further configuration and testing will continue, but that the product has been successfully installed and is available for normal use.

Date:

Location:

Product Release:

Bridgewater Engineer:

For and on behalf of:

Organization

Name

Signature

Documents

Bridgewater atp