M425 1 User Management A4 E Screen

OTN Manual

User Management Tool v9.2 Doc. No.: AG-M425-E-1

COPYRIGHT AND TRADE SECRETS/LIABILITY The present document and its contents remain the property of OTN Systems NV and shall not, without prior written consent, be copied or transmitted or communicated to third parties, nor be used for any other pur-pose than such as underlies their delivery to the addressee. The present document and its contents may change in the course of time or may not be suitable in a specif-ic situation. Consequently, they are recommended as suggested guideline only. OTN Systems NV hereby disclaims any liability for any damages that may result from the use of the present document unless it is used with respect to the operation and maintenance of equipment originally manufactured by OTN Systems NV and covered by its standard warranty.

Open Transport Network User Management Tool v9.2

AG-M425-E-1 Page 3 of 22

Contents

1. GENERAL .................................................................................................................................................... 4 1.1 Introduction ........................................................................................................................................ 4 1.2 Menu Items ........................................................................................................................................ 4

2. USER MANAGEMENT TOOL (=UMT) ......................................................................................................... 4 2.1 Prerequisite........................................................................................................................................ 4 2.2 Start Up ............................................................................................................................................. 5 2.3 Access Profiles .................................................................................................................................. 6 2.3.1 Access Levels and Rights .................................................................................................................. 7 2.3.2 Default Access Profiles ...................................................................................................................... 9 2.3.3 View Access Profile ........................................................................................................................... 9 2.3.4 Create Access Profile ...................................................................................................................... 10 2.3.5 Modify Access Profile ...................................................................................................................... 11 2.3.6 Delete Access Profile ....................................................................................................................... 13 2.4 Users ............................................................................................................................................... 14 2.4.1 General ............................................................................................................................................ 14 2.4.2 Default Users ................................................................................................................................... 14 2.4.3 Create User ..................................................................................................................................... 14 2.4.4 Modify User...................................................................................................................................... 15 2.4.5 Delete User ...................................................................................................................................... 16 2.5 Export Users/Access Profiles........................................................................................................... 16

3. IN THE OMS GUI ........................................................................................................................................ 18 3.1 Administrator Access Profile ............................................................................................................ 18 3.2 (Default) Configurators Access Profile ............................................................................................. 19 3.3 Customized Operators Access Profile ............................................................................................. 19 3.4 Event Log View ................................................................................................................................ 21 3.5 Alarm Log View ................................................................................................................................ 21

4. ABBREVIATIONS ...................................................................................................................................... 22

User Management Tool v9.2 Open Transport Network

Page 4 of 22 AG-M425-E-1

1. GENERAL

1.1 Introduction

This document covers all the information about the login user management, security, access rights in the OMS GUI or OTN network.

The User Management Tool (=UMT) allows to configure different Users and Access Profiles needed to operate with the OMS-GUI and OMS-FEM. An Access Profile defines what a user can do or not do in the OTN network. Each user must be assigned to one of the configured Access Profiles.

Who can do what in the OMS GUI or in the OTN network?

Per Access Profile, an administrator can assign access rights on:

Subnet level Node level Slot level Services level OMS-FEM usage

Each level can have one of the following access rights:

Configure (tool icon ) Monitor (eye icon ) Deny Access (prohibitory icon )

E.g a specific user can have Configure rights on a specific Subnet, but can have for example only monitor rights on a specific node in that subnet.

The UMT is available for User and Access Profile Management on the OMS GUI. Make sure that the OMS Console and the OMS Servers have been started.

1.2 Menu Items

Item Description

File Export Users / Access Profiles Export users and access profiles from the current running database in UMT into a selected destination database. Both source and destination database must have identically the same hardware and services configu-ration. See 2.5 for more information.

Help About Indicates the software version of the OMS User Management Tool

2. USER MANAGEMENT TOOL (=UMT)

2.1 Prerequisite

1. Managing Users and Access Profiles only makes sense when there is at least a network configured in the OMS GUI. Lets configure a simple network first in the OMS GUI. Log on to the OMS GUI with the default administrator user: User Name = oms Password = oms



2. As an example, an OTN-X3M-2500 will be created. After the creation of the network elements, your OMS treeview could look as follows:

3. Once your network is configured in the OMS GUI, you are ready to use the UMT. Users and Access Profiles can be managed upon the newly created network or network elements.

ATTENTION:

Future changes in the OMS GUI, e.g. adding nodes etc..., will only be visible in the UMT after having restarted the UMT.

Future changes in the UMT, e.g. changing security, adding users.... will only be visible in the OMS GUI after having restarted the OMS GUI.

2.2 Start Up

1. Make sure that the OMS Console has been started. Start up the servers with the correct database. 2. To start the UMT, click the Start User Management button in the OMS.

3. The figure below pops up. Only Administrator accounts can operate the UMT. Fill out the User Name and Password of an Administrator account (default administrator account listed below, see also 2.4.1) and click Login to enter. If the login fails, try again or click the I forgot my password (Password recovery window) link for further processing:

User Name = oms Password = oms



4. After a successful login, the window below appears. It lists all the configured or created users with their User Name/ First Name/Last Name and the assigned Access Profile (e.g. Administrators, Configurators...). The password is never displayed in the UMT itself.

logged in User Name

2.3 Access Profiles

Click on Access Profiles in the left-hand menu to list all the configured Access Profiles. By default, the Access Profiles Administrators and Configurators are available. The Administrators Access Profile itself is read-only and cannot be changed. New users can be assigned the Administrators Access Profile though.

Depending on the Access Profile, a user has access to the different tools as follows:

Tools Access Profiles

Administrators Others

UMT Full Access No Access

OMS GUI Full Access Configured Access

Depending on the Access Profile, a user has access to the different tools as follows:

OMS GUI items Configure (C) Monitor (M) Deny Access (--)

Administrators Others

Network Elements Full Access Full Access except creation of Nodes Monitoring No Access

Services (checked) Full Access Full Access Monitoring No Access

Services (unchecked) Not applicable No Access No Access No Access

Resource Domains Full Access Monitoring Monitoring No Access

Alarms (see 3.5) Full Access Configured Access No Clear and Ac-knowledge, only view No Access



2.3.1 Access Levels and Rights

In the UMT, access rights can be assigned on Level1 (=network elements), Level2 (=services) and OMS-FEM usage. First the Level1 access rights should be set. In addition it is possible to set the Level2 access rights. Level2 must be used to fine tune the access rights on services level...it allows for example to exclude services from being created or configured while the entire Level1 network element has full configuration rights.

Level1: network elements: All the network elements configured in the OMS GUI will be listed in the UMT. The network element treeview can be expanded/collapsed, allowing to configure access rights on the hardware levels listed below. Setting these access rights occurs top down, thus from subnet node slot. Attention: It means that an underlying element (=child) can never have more rights than its overlying element (=parent). Configure is more than Monitor which is more than Deny Access. For example, a Node cannot be in the Configure state while its overlying Subnetwork is in the Deny Access state. Subnet level Node level Slot level

Level2: services. All the services that theoretically can be configured in the OMS GUI are listed. All the services are grouped by functionality in service groups. These groups can be expanded/collapsed to show/hide all its individual services. It is possible to show/hide the entire service group or individual service in the OMS GUI: Shown service/service group: access on the service/service group depend on the associated level1 access; Hidden service/service group: no access at all on the service/service group; The possible service groups are: - LAN Services - DATA Services - VIDEO Services - VOICE Services

OMS-FEM usage: it can be configured that an access profile has the right to use the OMS-FEM or not.

The resulting access rights on a specific element is combination of the Level1 and Level2 access rights. See figures below.

Level1Network Elements: Subnet Node Slot, IFC

Level2Services

Access Levels

OMS-FEM usage

Set Access on Network Elements Configure Monitor Deny Access

Show/Hide ServicesChecked = show service in OMS GUI

ResultingAccess

Access Rights

OMS-FEM usageChecked = allow to use OMS-FEM



Acces on the Network Elements must be set by clicking one of the access controller icons described in the table below.

Access Controller

Icon Description

Configure

Clicking this icon sets full configuration rights on the indicated network element and all its underlying elements (if any). In the OMS-GUI, it means that the network element can be created, configured, deleted.In the UMT, it means that underlying elements can still be set in Configure, Monitor and Deny Access state. Subnet level: set configuration rights on the entire subnet including all the nodes and slots; Individual node and slot access rights will be lost and overwritten (topdown). Node level: set configuration rights on the node including all its slots; Individual slot access rights within this node will be lost and overwritten (topdown). Slot level: set configuration rights on the slot only;

Monitor

Clicking this icon sets monitoring rights on the indicated network element and all its underlying elements (if any). In the OMS-GUI, it means that the network element can only be viewed, not created or configured or deleted.In the UMT, it means that underlying elements can only be set in Monitor and Deny Access state. Subnet level: set monitoring rights on the entire subnet including all the nodes and slots; Individual node and slot access rights will be lost and overwritten (topdown). Node level: set monitoring rights on the node including all its slots; Individual slot access rights will be lost and overwritten (topdown). Slot level: set monitoring rights on the slot only;

Deny

Access

Clicking this icon denies access on the indicated network element and all its underlying elements (if any). In the OMS-GUI, it means that the network element is invisible for the logged on user.In the UMT, it means that underlying elements will all be in the Deny Access state. Subnet level: deny access on the entire subnet including all the nodes and slots; Individual node and slot access rights will be lost and overwritten (topdown). Node level: deny access on the node including all its slots; Individual slot access rights will be lost and over-written (topdown). Slot level: deny access on the slot only;

Service Group or Service

Service Group: Checking this checkbox allows that the access for the entire service group (=all its services) is configured via access level 1 ( ); Checking this checkbox also checks all its included services. Service: Checking this checkbox allows that the access for this service is configured via access level 1 ( );

Service Group or Service

Service Group: Unchecking this checkbox denies access for the entire service group (=all its services) in the OMS GUI; The entire service group will not be visible in the OMS GUI. Unchecking this checkbox also un-checks all its included services. Service: Unchecking this checkbox denies access for this service in the OMS GUI; This service will not be visible in the OMS GUI.

Service Group

This checkbox can only occur on a service group and indicates that its included services have a mix of checkbox values, some checked, some unchecked. Clicking it will check this checkbox and all its included services. As a result, will change into .

/ Click these icons to expand/collapse the network element treeview for an optimized view.



The Resulting Access Indicators on a specific cell, as indicated in the figures above can be found in the table below.

Resulting Access

Indicator Description

C The Access Profile has full Configuration rights on the - referred network element (subnet, node or slot) including all its underlying elements, if any; - referred service group or service;

M The Access Profile has Monitoring rights on the - referred network element (subnet, node or slot) including all its underlying elements, if any; - referred service group or service;

-- The Access Profile has no access on the - referred network element (subnet, node or slot) including all its underlying elements, if any; - referred service group or service;

X The Access Profile indicates a mix of access rights within the hardware (vertically): X is added when an underlying hardware element is configured with a different access right than its parent. E.g when a subnet is configured as C and one of its nodes is configured with M or --, the C of the subnet will turn into CX.

( ) The Access Profile indicates a mix of checkbox values in the service group (horizontally): ( ) is added in a service group cell when a checkbox change of one its underlying services results in a mix of checkbox val-ues for the entire service group.

The table below shows the possible combinations of the Access Control Icons, an their Resulting Access Indicators.

Service Group

(e.g. LAN Services) Service

(e.g. ET100HX4)

Hardware

C (C) -- C --

CX (CX) -- CX --

M (M) -- M --

MX (MX) -- MX --

-- -- -- -- --

2.3.2 Default Access Profiles

See 2.3.3.

2.3.3 View Access Profile

Click on an Access Profile on the left-hand side in the figure below to view its configured access rights, e.g. click on Administrators or Configurators. The windows below appear. You can see for example the following:

Administrators have by default full configuration rights (=C) and can use the OMS-FEM. This Access Profile cannot be changed.

Configurators have by default no access rights at all (=--). This Access Profile can still be changed.

Compare default Access ProfilesAdministrators Configurators



2.3.4 Create Access Profile

1. Right-click Access Profiles in the left-hand menu and select Create Access Profile.

Right-click

2. The window below appears.

3. Assign a Name to the new Access Profile, e.g Operators.

4. By default, access is denied on all the network elements ( , --) in the entire subnet and all the services are allowed to be configured with Level 1 (=hardware) access rights (checked checboxes). By default, it is also allowed to use the OMS-FEM.

5. First assign the necessary access to the required network elements for this Access Profile. It must be done via clicking

, or on the desired network elements, and this in topdown direction. Always start at the highest level, first subnet, then node and last the slot security Expand the treeview where necessary to fine tune more on lower level elements. ATTENTION: Setting the security on a network element will also overwrite the security of its underlying network elements. For example, lets assign the following access rights on the following network elements (expand the treeview where necessary):

Subnet X3M-2500: Configuration ( ) all the underlying nodes turn into Configuration (=C) access Node 73: Monitoring ( )

IFC1: Access Denied ( ) Node 74: Monitoring ( )

IFC1: Access Denied ( )

6. After clicking all the access buttons in the correct order, indicated with arrows in the window below, your Access Profile could look as follows:



7. Click the Create button to create and save the new Access Profile. 8. Your new Access Profile will appear in the list in the figure below:

9. This Access Profile can still be modified later on, see 2.3.5.

2.3.5 Modify Access Profile

Below, an example has been worked out. Other examples or configurations can be done similarly. For example:

Modify the Operators Access Profile as follows:

Deny Access on slot IFC-3 on node 74; Deny Access on the MGT and GET services for the entire network.

1. Click on the Operators Access Profile on the left-hand side to show its current settings.



2. The windows below appears:

3. Navigate to node 74 slot 3 by expanding ( ) the subnet X3M-2500 and node74 treeview. Deny access to this IFC-3 slot by clicking its associated Deny Access button.

4. Navigate to the GET and MGT services by expanding ( ) the LAN Services. Deny access to GET and MGT services by unchecking their associated checkboxes as indicated in the figure below.



5. Click the Save button to save the modified Access Profile. 6. ATTENTION: Users already logged in with this Access Profile in the OMS-GUI before the modification, will not be affected

by the change. The changes will only affect OMS-GUI sessions that were started after the modification.

2.3.6 Delete Access Profile

1. In the left-hand menu, right-click on the Access Profile that must be deleted, e.g. Operators and select Delete Access Profile.

2. In the pop-up window below, click the Delete button to delete the Access Profile or click Cancel to not delete the Access Profile.



2.4 Users

2.4.1 General

User managment is needed to administrate users, which are necessary to login in the OMS GUI via the login window below. If nothing is administrated, login is always possible via one of the default users (see 2.4.2).

2.4.2 Default Users

At first time use of the UMT, there are always two default users available, see table below. Both these default users are as-signed to the Administrators Access Profile. There will always be at least one Administrator. The last Administrator can never be deleted. The last Administrator does not have to be a default Administrator, it could also be a newly created Administrator.

Access Profile User Name Password

Administrators oms oms

Administrators admin adminOmse 2.4.3 Create User

1. In the left-hand menu, right-click on Users and select Create user.

2. The window below appears. Fill out all the user information. The User Name and Password will be used later on to log on

in the OMS GUI. The User Name is not casesensitive. Which network elements will be accessible by the logged on user in the OMS GUI, is or will be configured in the Access Profile. Make sure to assign the correct Access Profile to this user.



3. As an example, your filled out window could look as follows.

4. Click the Create button to create the new user. The new user will appear in the users list with its User Name.

2.4.4 Modify User

All user fields can be modified. As an example, we will modify the Access Profile of an existing user.

Example: Assign user JohnW to another Access Profile e.g. from the Operators to the Administrators Access Profile.

1. Click on the User Name in the left-hand users list that needs to be modified, in this example JohnW.

2. The window below appears. Change the Access Profile. Click the Save button to save the changes.



3. ATTENTION: Modified users already logged in the OMS-GUI before the modification, will not be affected by the change. The changes will only affect OMS-GUI sessions that were started after the modification.

2.4.5 Delete User

1. In the left-hand menu, right-click on the user to be deleted, e.g. JohnW and select Delete user.

2. In the pop-up window below, click the Delete button to delete the user or click Cancel to not delete the user.

2.5 Export Users/Access Profiles

Via the menu File Export Users/Access Profiles, an export feature is provided to export users and acccess profiles from a source database into another destination database. This feature can be used for example when you want to apply quickly the same users and access profiles from an older database (=source database) into a new database (=destination database), for example after an OMS upgrade.

ATTENTION: both source and destination databases must have exactly the same hardware and services configuration !

Follow the steps below to perform the export:

1. Make sure that your destination database exists or has been created, and that it has exact the same hardware and services configuration as your source database.This can be done e.g. after an upgrade of your OMS, by saving your hardware from the live network (via OMS GUI Configuration Save) into the new (destination) database.

2. Stop the servers on the OMS Console via the Stop Server(s) button; 3. In the OMS Console, select your old source database, which has all the users and access profiles configured, and start

the servers via the Start Server(s) button; 4. In the OMS Console, after the servers have started up successfully, start the UMT via the Start User Management button

and login via an administrator account; 5. In the UMT, perform the export to the destination database via File Export Users/Access Profiles, ATTENTION:

both source and destination databases must have exactly the same hardware and services configuration ! Click OK.



6. In the figure below, select the destination database, e.g. 9225x, click the refresh button if your destination database not directly shows up in the database list:

7. Click the OK button to start the export....a result window pops up:

8. If the export was successful, stop the servers on the OMS Console via the Stop Server(s) button; 9. In the OMS Console, select your new destination database and start the servers via the Start Server(s) button; 10. In the OMS Console, after the servers have started up successfully, start the UMT via the Start User Management button

and login via an administrator account; 11. The UMT shows now the new (destination) database with the imported users and access profiles from the old (source)

database. The users and access profiles become active in the OMS GUI after a restart of the OMS GUI.



3. IN THE OMS GUI

3.1 Administrator Access Profile

Network Elements: All network elements (subnet, nodes, slots) are visible and can be created/configured/deleted in the OMS GUI, see figure below.

Services: All service groups or services are visible, 4 services have been programmed. All services can be created/configured/deleted in the OMS GUI, see second figures below.

Expert View in OMS GUI: only possible with if the logged on user has the Administrator Access Profile.

Configure

Administrator:All Services possible

User Management Tool OMS GUI

Configure



3.2 (Default) Configurators Access Profile

Network Elements: Access denied to all network elements, see figure below.

Services: All services allowed to be access configured.

Access Denied:nothing visible

(default) Configurators:No Services possible


No Services visible

3.3 Customized Operators Access Profile

Network Elements: The Access Profile has been configured as follows:

Node 70,71,72: Configuration ( ) Node 73: Access Denied ( ) Node 74: Monitoring ( )

IFC1: Access Denied ( )

Services: LAN Services are not allowed to be configured/created. All the other services are allowed to be configured/created.



Configure

Monitor

Access Denied:Node 73 not visible in OMS-GUI

Access Denied: Slot 74-IFC1 not visible in OMS-GUI

Configure

Monitor

Access Denied, not visible: Node 73 Node 74-IFC1


Configure

LAN Services not in the list (e.g; ET100, ET100HX4....)


LAN Services not accessible



3.4 Event Log View

The Event Log View in the OMS GUI shows in the UserName column which logged on user has triggered which events. See figure below:

3.5 Alarm Log View

Depending on the rights that a user has on a specific network element (via UMT), the logged on user in the OMS GUI can do the following actions on alarms that refer to this specific network element. Alarms appear in the Alarm Log View in the OMS GUI:

C(onfiguring): the logged on user in the OMS GUI can View, Clear and Acknowledge alarms (see first figure below); M(onitoring): the logged on user in the OMS GUI can only View alarms (see second figure below); -- : the logged on user has no access at all to these alarms, and as a result will not see them in the OMS GUI.


Subnet: 87OTN600Node: 150IFC: 3

Alarm Handling: C Configuring



Subnet: 87OTN600Node: 150IFC: 3

Alarm Handling: M Only monitoring


4. ABBREVIATIONS

GUI Graphical User Interface

LAN Local Area Network

OMS OTN Management System

OTN Open Transport Network

UMT User Management Tool

1. GENERAL1.1 Introduction2.1 Prerequisite2.2 Start Up2.3 Access Profiles2.3.1 Access Levels and Rights2.3.2 Default Access Profiles2.3.3 View Access Profile2.3.4 Create Access Profile2.3.5 Modify Access Profile2.3.6 Delete Access Profile

2.4 Users2.4.1 General2.4.2 Default Users2.4.3 Create User2.4.4 Modify User2.4.5 Delete User

2.5 Export Users/Access Profiles

3. IN THE OMS GUI 3.1 Administrator Access Profile3.2 (Default) Configurators Access Profile3.3 Customized Operators Access Profile3.4 Event Log View3.5 Alarm Log View

4. ABBREVIATIONS

Documents

M425 1 User Management A4 E Screen