Downloads |
Table Of Contents
SOAP Manageability Feature Module
Understanding the SOAP Session Manageability Feature
SOAP Manageability Feature Module
Revised: July 30, 2008This document describes the Simple Object Access Protocol (SOAP) Manageability (SSM) feature for Release 6.0 of the Cisco BTS 10200 Softswitch and explains how to use it.
Understanding the SOAP Session Manageability Feature
The SSM feature enhances the manageability of user sessions. It impacts four areas:
1.
SOAP Software Developer's Kit (SDK)
2.
3.
4.
The SDK changes better demonstrate the use of API changes and reflect the effects as seen on the client side of a deployment. Session information is processed as part of the existing Session Manager capabilities. SOAP session policy is a timer-controlled process to remove the policy violated sessions.
Software Developer's Kit
There are two new login APIs in the SDK client code. The first API is loginWithStatus that returns password aging status. The other API is loginResetPassword that resets a new password when an old password is aged. The SDK Programmer's Guide contains the details of session management features and the commands to display and clear client sessions in SOAP. It also explains policy behavior and how this behavior impacts login attempts.
The SOAP SDK has the following new components:
•
•
SOAP Interface Servant
This feature impacts the SOAP Interface Servant application. User security is controlled by UserSessionManager and UserAuth objects. User security is the location of password validation and tracking user attributes such as idle login and security keys.
The user security information must have its data externalized through an API. Through this API, queries are available to take snapshots of the present condition of sessions. This information is through database statistics tables in the MySQL database.
Additional message handler functions add an on-demand reporting of session information and acceptance of command requests to terminate the sessions. This interface utilizes the user security API.
The Session Control Policy is handled in a minute-based looping process to screen and remove sessions that match a record in the policy. Policy management is supplied in a new CLI command.
The bts.properties file contains the Maximum User Limit (item name: max.users) and Idle Timeout (item name: idle.timeout) that can be modified manually. The SOAP adapter relies on these numbers to decide if: (1) the maximum user limit is reached, or (2) the user session is idle timeout. The SOAP adapter dynamically reads the file upon user login and during session audit. If the maximum number of users is set to a value higher than 50, the hard limit of 50 maximum users applies.
Session and System Manager
The SOAP Manageability feature adds the following new capabilities:
User Session Display—Display current secure and nonsecure SOAP sessions using the new "show client-session" and "report client-session" commands. The returned data also includes any current CLI sessions.
Manual Session Removal—Remove a SOAP session or a CLI session using the "stop client-session" command. The present "stop session" command applies to CLI users only. Additional information clearly indicates individual sessions.
Policy-driven Smart Session Management—Includes the smart removal of idle sessions allowing new sessions to login, while allowing administrative access at all times. This does not effect idle time. The maximum duration of a session is set whether a session is idle or not. Default idle time is 10 minutes.
Password Aging Notification—Aging notification of the password for a given user when loginWithStatus API is used.
SOAP Password Reset—Users can login and reset aging password using the loginResetPassword API. If a password expires, access is denied until the password is reset.
Disable Password Aging—Set passwords to never expire when adding a new user or using the "change user" command. Set the status token to PERSIST.
Alarms and Events for Critical Session Handling—Issue warning and major alarms and events when the session threshold of usage is reached. Issue an alarm when the maximum login sessions is reached. Issue an event when a user session is terminated because of a policy violation. This behavior is managed through the Policy table.
User Security Manager
The User Security Manager (USM) has a new status. This status disables the password aging function. The status has the following attributes:
•
•
•
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0807R)
Copyright © 2008 Cisco Systems, Inc. All rights reserved.