Cisco CNS Subscriber Edge Services Manager Solutions Configuration Guide, 3.1.9
SESM Introduction
Downloads: This chapterpdf (PDF - 302.0KB) The complete bookPDF (PDF - 1.97MB) | Feedback

SESM Introduction

Table Of Contents

SESM Introduction

SESM Overview

SESM Value-Added Services

SESM Applications

SESM Architecture

SESM Component Descriptions

Application Manager

CDAT

RDP Server

Web Development Kit

Sample Portal Applications

Sample Captive Portal Solution

Bundled SESM RADIUS Server

Bundled J2EE Components

Related Software

J2EE Components

J2EE Server Requirements

JMX Server Requirements

Cisco Security Policy Engine

Introduction to Cisco SPE

SPE Software

Cisco Service Selection Gateway

RADIUS Server

LDAP Directory

Supported Platforms

Application Servers

Browsers

SESM Packages

Subscriber and Service Profiles

SESM Reference Network Diagram

SESM Application Management

SESM Documentation Map


SESM Introduction


This chapter introduces the Cisco Subscriber Edge Services Manager (SESM). The chapter includes the following topics:

SESM Overview

SESM Component Descriptions

Related Software

Supported Platforms

SESM Packages

Subscriber and Service Profiles

SESM Reference Network Diagram

SESM Application Management

SESM Documentation Map

SESM Overview

The Cisco Subscriber Edge Services Manager (SESM) is an extensible set of applications for providing on-demand value-added services and access control at the network edge. Internet service providers (ISPs) and network access providers (NAPs) deploy SESM solutions to provide value-added services to their subscriber base or management capabilities to their administrators.

SESM solutions consist of customized web portals that implement the deployer's business model, show branded identities, offer customized and branded web page content, and control the subscriber experience with personalized web page content based on subscriber attributes such as location, access device, browser preferences, language, and interests. Captive portal features can further control subscriber experiences by capturing subscriber requests and redirecting browsers.

SESM Value-Added Services

Some examples of value-added services that can be offered through SESM portal applications are:

One-stop, on-demand service selection—SESM supports service selection by issuing connection requests to a cooperating network access device.

Network and service access control.

Messaging and advertising—These services can be incorporated with other SESM solutions, such as service selection, or they can stand alone, for example, for a subscriber base whose only service is automatically connected Internet access.

Subscriber account self-management and service self-subscription—These services allow individual subscribers to control and manage their account information. In SESM Release 3.1(5), these self-care applications require a deployment using an LDAP directory and the extensions provided by the Cisco Security/Subscriber Policy Engine (SPE) software. Self-care services can be incorporated with other SESM solutions or stand alone.

Firewall provisioning—SESM provides the interface for subscribers to control traffic to and from their connection. The deployer can also issue traffic filters, which take precedence over the personal filters entered by subscribers.

Profile provisioning—A customized SESM portal could act as an administrative tool to provision subscribers and push profiles or selected profile information to a RADIUS database or other operational support system (OSS).

SESM Applications

SESM is an extensible Java2 Enterprise Edition (J2EE) compliant suite of applications and components for developing, deploying, and managing customized and branded web portal applications. SESM includes the following applications:

Application Manager—A web-based tool from which administrators can view and change configuration attributes for running applications. Most changes are persisted across restarts.

Cisco Distributed Administration Tool (CDAT)—A web-based tool from which administrators can maintain data in the SESM container in an LDAP directory

RADIUS Data Proxy (RDP) server—A multipurpose RADIUS server that can transform RADIUS requests into SPE API calls to work with SPE extensions.

Sample portal applications that you can install and configure for demonstration purposes or as a starting point for customizations:

New World Service Provider (NWSP) portal—A comprehensive example of most features offered by the SESM web development kit.

Wireless Access Protocol (WAP) portal—Designed specifically for deployment in the mobile wireless industry.

Personal Digital Assistant (PDA) portal—Shows web pages formatted for a PDA device.

Sample captive portal solution—Includes the following applications:

Captive Portal application—A gateway application for use with the SSG and other applications in a captive portal solution. The default configuration for this application redirects subscriber browsers to either the Message Portal application or the NWSP application.

Message Portal application—Produces sample greetings and advertising pages to demonstrate SESM captive portal features.

Bundled SESM RADIUS server—A RADIUS server that reads and processes profiles in Merit format. This server is useful for developing and testing SESM customizations.

Web Services Gateway (WSG)—The Web Services Gateway (WSG) application enables third-party web portals and subscriber management systems to integrate with the SESM and SSG solution.

Figure 1-1 shows the software included with SESM.

Figure 1-1 SESM Package Contents

SESM Architecture

SESM solutions can be deployed independently of the access network, access type and access device. Subscribers access SESM portals using any Internet browser on any access device. They do not need to download any software or plug-ins. Supported access technologies include:

Laptop and pocket organizer access over 802.11b

Mobile phone access over General Packet Radio Service (GPRS)

Digital Subscriber Line (DSL) modems

Desktop system access over leased lines

Supported protocols include:

Point-to-Point Protocol (PPP) over ATM or Ethernet

Routed or Bridged Ethernet

RFC 1483 (Multiprotocol Encapsulation over ATM)

Wireless LANs

SESM is inherently scalable with a stateless architecture to support transparent load balancing and failover. SESM applications can run on any platform that supports the Java Runtime Environment (JRE). Platforms tested in our labs include Sun Solaris, Windows NT, Windows 2000, Red Hat Linux, and SuSE Linux.

SESM Component Descriptions

This section describes the SESM applications.

Application Manager

The SESM Application Manager is a web application that remotely manages SESM applications. It can manage multiple instances of SESM web portal and captive portal applications, RDP, CDAT, WSG, and other Application Manager instances. From a web-based GUI interface, administrators can view and change values for most attributes in the configuration files for these applications. They can also monitor application status.

CDAT

The Cisco Distributed Administration Tool (CDAT) is a web-based management tool for administrators. CDAT is a J2EE web application. It runs in a J2EE container and uses the services of a JMX server for configuration.

With CDAT, administrators can manage data in the SPE extensions to an LDAP directory. CDAT provides the means for creating and maintaining users, services, user groups, service groups, roles, and policy rules for the RBAC model.

RDP Server

The RADIUS Data Proxy (RDP) server is a RADIUS server that you can configure to:

Map RADIUS protocol requests to LDAP protocol requests with SPE extensions—The RDP configured in this manner is a required element in any SESM deployment that includes an LDAP directory.

Proxy RADIUS requests to another RADIUS server—The RDP sends user authentication requests to a specified RADIUS server, rather than to the LDAP directory. This option allows service providers with large RADIUS authentication and accounting services already deployed to continue to use the existing RADIUS database for authenticating subscribers. However, RDP obtains all service profile and service authorization information from an LDAP directory.

RDP is a Java2 application that uses the services of a JMX server for configuration. It is not a web application and therefore does not run in a J2EE container.

Web Development Kit

When you install the SESM sample portal applications, the SESM libraries and other components required to build your own customized portal application are also installed. The installation provides the following items:

SESM core component class libraries

API documentation for the SESM libraries

Code for each sample portal application

Images and JSPs for each sample portal application

Configuration and startup files for each sample portal application

Sample data files containing profiles appropriate for each sample portal application. The sample data can be used to run the sample application in Demo mode.

Sample Portal Applications

The first step toward developing a customized SESM portal is to install and configure the sample portals in a development environment. You can create the desired look and branded aspects of a customized SESM portal by altering one of these sample applications or writing your own application using one of the samples as an example.

The SESM sample applications are fully functioning web applications that were built using the SESM development library. These applications use the services of the Jetty web server and the JMX management server.

The sample portals installed with SESM are:

The New World Service Provider (NWSP) portal is a comprehensive example of SESM features and capabilities. It serves as the main reference and example for all of the programming options offered by SESM web development components.

The Wireless Access Protocol (WAP) portal is designed specifically for deployment in the mobile wireless industry. It has much of the same look and feel and subscriber options as the NWSP application, but it returns pages only in WML format designed for WAP devices. It illustrates service selection with account and service logon and off.

Deployers can customize this application to detect the type and make of various WAP devices used by their subscribers, and tailor the pages to the features of each device.

The Personal Digital Assistant (PDA) portal illustrates web pages formatted for a PDA device. Service self-subscription features (usable only in SPE mode) are included.

Deployers can customize this application to detect the type and make of various PDA devices used by their subscribers, and tailor the pages to the features of each device.

The Cisco Subscriber Edge Services Manager Web Developer Guide provides detailed information about each of these sample portal applications.

Sample Captive Portal Solution

The sample captive portal solution installed with SESM works in conjunction with the SSG TCP redirect feature to provide enhanced user experiences in the case of unauthenticated network access or unauthenticated or unauthorized service access. Rather than simply being rejected, the subscriber sees a portal page with opportunities for logging on or gaining service authorization. The captive portal features also provide a way to present messages and advertisements to subscribers at initial logon and at timed intervals.

A sample captive portal solution is included with SESM that illustrates all supported types of redirection. The sample solution includes the following applications:

Captive Portal application—This application handles all TCP redirections from the SSG for HTTP requests and determines, based on configuration parameters, which other application should handle the request. The Captive Portal application does not provide content to subscribers; rather it issues HTTP redirections to other appropriate portal applications.

Message Portal application—This application is a sample messaging application. It illustrates an initial greetings page to which the browser is redirected after the subscriber successfully authenticates. The Message Portal application also illustrates timed advertisements. It is an SESM web portal application, developed using the SESM development components.

NWSP—The captive portal solution uses pages within the NWSP portal application to illustrate unauthenticated user and unconnected service redirections.

Most deployers will use the captive portal application as installed but provide their own content applications for the HTTP redirections. The content applications can be any web application. When they are SESM web portals, they can use all of the features in the SESM web development kit, including the device and locale awareness features.

Bundled SESM RADIUS Server

All of the SESM packages include the bundled SESM RADIUS server. The SESM RADIUS server is suitable for developing, testing, and demonstrating SESM deployments. It reads and updates profiles in a Merit flat file format.

The bundled SESM RADIUS server comes with the following attributes internally predefined:

Standard RADIUS attributes

Cisco SSG VSAs

A configuration feature, the RADIUSDictionary MBean, lets you easily define additional attributes.

Bundled J2EE Components

The following J2EE components are bundled with SESM:

Sun example Java Management Extensions (JMX) server—This is a fully functional JMX server from Sun Microsystems. SESM depends on the JMX server for internal object configuration. For more information about JMX technology and its related JMX MBean standards, see:

http://java.sun.com/products/JavaManagement/

The sample SESM portal applications and CDAT are installed with configuration files and startup scripts that are ready to run using the Jetty web server and the Sun example JMX server. RDP is installed with configuration files and a startup script that is ready to run using the JMX server.

Jetty web server—Jetty is a J2EE-compliant server package from Mort Bay Consulting that is released under an open source license. The license puts few restrictions on usage of Jetty. For more information about the Jetty server, see:

http://jetty.mortbay.org/

JSP engine—The Jasper Java Server Pages (JSP) engine from Apache Software Foundation, Servlets Version 2.3 and JSP Version 1.2.

Related Software

This section describes the software components, in addition to the SESM applications, that might be required in SESM deployments. Each SESM solution has its own requirements regarding these components.

J2EE Components

The SESM applications require J2EE-compliant servers. The SESM packages bundle suitable J2EE components required for running the SESM applications.


Note The SESM packages do not include a Java Software Development Kit (JSDK), which is required for SESM development. See the Cisco Subscriber Edge Services Manager Web Developer Guide for recommended JSDK version numbers.


J2EE Server Requirements

The SESM portal applications and CDAT are J2EE applications. They require an HTTP (or HTTPS) listener and must run in a J2EE-compliant server container. RDP does not run in a J2EE server container.

During SESM installation, the sample portal applications and CDAT and their corresponding configuration files and startup scripts are set up to use the Jetty server components from Mort Bay Consulting. If desired, web developers at your site can deploy a J2EE-compliant server other than the Jetty server.


Note Before deploying a J2EE server other than the Jetty server, determine whether your SESM solution requires the port-bundle host key feature on the Cisco Service Selection Gateway. The Jetty server is currently the only server that supports this feature. See the Cisco Subscriber Edge Services Manager Deployment Guide for more information.


JMX Server Requirements

All of the SESM applications (portals, RDP, and CDAT) require the services of a Java Management Extensions (JMX) server.

The installed sample applications, the configuration files, and the startup scripts are set up to use the Sun example JMX server from Sun Microsystems. The SESM installation program installs the JMX server along with the Jetty server. If desired, web developers at your site can deploy a JMX-compliant server other than the Sun example server.

Cisco Security Policy Engine

The Cisco Security Policy Engine (SPE) is required in solutions that incorporate:

Subscriber self-care features

Profile management in an LDAP directory

SPE software is bundled in the SESM-SPE package.

Introduction to Cisco SPE

The Cisco Subscriber Policy Engine (SPE) is a policy server specifically customized to provide granular subscriber service policy. SPE combines role-based access control (RBAC) functionality with an open policy server. Service providers can create differentiated subscriber groups. Service and content providers can use the SPE to provide value added and differentiated services to the subscriber population.

SPE is required when SESM is deployed in SPE mode to provide the following enhanced features and capabilities:

Use of an LDAP directory to manage subscriber, service profile, and policy information

Subscriber account self-care

Subscriber sub-account management

Subscriber self-subscription to services

Bulk administration of large subscriber populations

Delegated administration

Allow service publishers and business partners access to service creation and management

Allow service providers and business partners to publish services to targeted subscribers

Figure 1-2 shows the relationship between the SESM and SPE products.

Figure 1-2 SESM Components in SPE mode

SPE Software

The SESM-SPE package includes SPE. When you install applications in SPE mode using the SESM-SPE package, the installation includes the following items:

Cisco SPE AUTH library—The AUTH library implements a role-based access control (RBAC) authorization model. The RBAC model allows administrators to manage groups of subscribers, rather than individuals. Using the RBAC model, administrators define roles, which have specific privileges, and groups, which have assigned roles. Individual subscribers are then assigned to a group and inherit the roles of that group.

Cisco SPE DESS library—The directory-enabled service selection (DESS) library provides the framework for using the RBAC model in an LDAP directory.

Files containing the directory schema extensions. The install program can optionally apply these extensions to your LDAP directory.

Files containing sample RBAC data.

See the Cisco Distributed Administration Tool Guide for information about the RBAC model, the DESS and AUTH extensions to an LDAP directory, and how to develop subscriber and service profile information in the RBAC model.

Cisco Service Selection Gateway

The Cisco Service Selection Gateway (SSG) is a software feature module embedded in the Cisco IOS software. SESM solutions that perform service connection require the SSG. SSG can operate in standalone mode to provide Layer 2 service connection support, or it can be configured to work with SESM, which offers enhanced service-related features to subscribers.

In SESM deployments, SSG performs authentication and service connection tasks on behalf of the SESM portal. Other SSG features important in SESM deployments include:

SSG Port-Bundle Host Key—Uniquely identifies each subscriber, which provides SESM with the following benefits:

Supports subscribers using overlapping and shared IP addresses

Eases SESM configuration by eliminating SSG to SESM server mapping requirements

SSG TCP Redirect for Services—Enables providers to implement a captive portal, own the user experience, build a brand experience, and provide:

User authentication without the user needing to know the SESM URL

Advertising and messaging features

SSG Open Gardens—Enables providers to specify domains that subscribers can access without service subscription (free services).

SSG Hierarchical Policing—Ensures that a subscriber does not utilize additional bandwidth for overall service or for a specific service that is outside the bounds of the subscriber's contract with the service provider.

SSG Prepaid—Enables real-time billing with maximum flexibility, regardless of the type of service and billing scheme. Users can be billed on a flat rate, air-time, or volume basis.

SSG Auto logoff—Enables per-minute billing plans for services. SSG auto logoff also prevents subscribers from being charged for services that they are not able to access.

See the following SSG documentation for descriptions of these and other SSG features:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122b/122b_4/

The SSG runs on a Cisco router or other Cisco device. The Cisco SSG feature is currently supported on the following platforms:

Cisco 7200 Series high-performance multifunction routers

Cisco 7400 Series Internet routers

Cisco 6400 Universal Access Concentrator (UAC). Each node route processor (NRP) on the Cisco 6400 UAC runs its own Cisco IOS Software and can be an SSG host device.

RADIUS Server

SESM works with any RADIUS server that accepts vendor-specific attributes (VSAs). Cisco VSAs define the subscriber and service profile information required in the SESM deployments. One RADIUS server to consider in your deployment is the Cisco Access Registrar, a carrier class RADIUS platform that is fully tested with SESM.

The Cisco Subscriber Edge Services Manager Deployment Guide describes the Cisco VSAs used in SESM deployments. The guide also describes how to configure a RADIUS server for SESM deployment, including specific information regarding the Cisco Access Registrar.

LDAP Directory

SESM portal applications deployed in SPE mode require access to an LDAP-compliant directory or relational database management system.

Some LDAP directories to consider in your deployment are:

iPlanet Directory Server Version 5.0 (Also known as Sun ONE) from Sun Microsystems.

Network Directory Service (NDS) eDirectory Version 8.5 from Novell, Inc.

The Cisco Subscriber Edge Services Manager Deployment Guide describes how to configure an LDAP server for SESM deployments, including specific information regarding iPlanet and NDS.

Supported Platforms

This section describes the application servers and browsers for SESM deployments.

Application Servers

SESM applications can run on any platform that supports the Java Runtime Environment (JRE). Table 1-1 lists the platforms tested in our labs.


Note The SESM applications include the web portal applications, the Captive Portal application, RDP, and CDAT.


Table 1-1 Server Systems for the SESM Applications

Platform
Specifications

Solaris

Sun Ultra10 or Sun E250 (or later version)

Solaris Version 2.6 (or later version) operating system

Windows NT

Pentium III (or equivalent) processor

Windows NT Version 4.0, Service Pack 5 (or later version)

Windows 2000

Pentium III (or equivalent) processor

Linux

Red Hat Linux Version 7.l

SuSE Linux


Browsers

Subscribers can use any type of web browser to access SESM portal applications. However, each web browser and access device has its own limitations, such as differences in display capabilities. Developers of SESM portals must consider the end users of a deployed application and design the application to accommodate their subscribers' media and browser versions.

Table 1-2 lists the browsers and devices for which the SESM sample portal applications are designed. The Cisco Subscriber Edge Services Manager Web Developer Guide includes information about obtaining and configuring simulators.


Note These browser limitations apply only to the sample applications and are listed to ensure predictable results during demonstrations.


Table 1-2 Browsers for the SESM Sample Portal Applications

SESM Portal Application
Device
Other Requirements

NWSP
Message Portal

Desktop browsers

Netscape Release 4.x and later

Internet Explorer Release 5.x and later

WAP devices and simulators

PDA devices and simulators

Java script enabled

WAP

WAP devices and simulators

PDA

PDA devices and simulators


SESM Packages

The SESM software is available in the following packages.

SESM-SPE—This package integrates the Cisco Subscriber Policy Engine (SPE) product with the SESM product. SPE provides access to an LDAP compliant directory or relational database management system (RDBMS) for maintaining subscriber and service information. In addition, the SPE role-based access control (RBAC) model facilitates bulk administration of large subscriber populations.

SPE also provides self-care functionality for SESM web applications, including:

Subscriber account registration

Subscriber account self-care

Subscriber subaccount management

Subscriber self-subscription to services

Various proxy options available with the SESM RADIUS Data Proxy (RDP) component permit the integration of existing RADIUS infrastructure. Domain-based proxying can proxy to multiple servers, based on the IP domain in subscriber and service names.

SESM-RADIUS—This package installs SESM to obtain subscriber and service information using the RADIUS protocol.

This package does not support the self-care features listed above and firewall provisioning. To combine those features with existing RADIUS infrastructure, use a SESM-SPE package with proxy options.

Each package is available in versions appropriate for the Sun Solaris, Linux, or Windows platforms.

Subscriber and Service Profiles

SESM solutions require detailed data about subscribers and the services they are authorized to use. We refer to this data as profiles:

Subscriber profiles—Define authentication information, subscribed services, and information about connection and service options and preferences for each subscriber.

Service profiles—Define connection information for the services that subscribers can subscribe and connect to.

The SESM solution integrates with any one or a combination of the following options to obtain subscriber and service data:

An AAA database managed and accessed by a RADIUS server.

An SPE database (an LDAP directory or RDBMS) accessed through the Cisco SPE application programming interface (API). In SESM deployments, the Cisco Distributed Administration Tool (CDAT) manages the subscriber and service profiles in the database.

A flat file in Merit format, accessed by an appropriately configured RDP application or SESM portals running in Demo mode.

SESM Reference Network Diagram

The following figure shows SESM applications in a hypothetical deployment. Actual deployments might not use all of the components shown.

Figure 1-3 SESM Network Diagram

      

            

1

Subscriber access media—SESM applications and solutions are independent of the access media.

2

Service Selection Gateway (SSG)— Most SESM solutions work with and require a Cisco gateway such as the SSG. The SSG is a feature in the Cisco IOS software running on a Cisco device. The SSG provides authentication, service connection, connection management, and SESM session capabilities. The SESM portals provide the subscriber's interface to SSG for those services.

Content Services Gateway (CSG)—An optional gateway that provides content billing services to the SESM solution.

3

Open garden—The open garden is an SSG feature that allows subscriber access to preconfigured networks without authentication. Packets destined for open garden networks are not accounted for nor subject to access control by the SSG.

4

Default network—The SESM applications must run on systems on the SSG default network. The default network (and open gardens, if configured) are always accessible to subscribers.

5

SESM web portals—Subscribers access the SESM portal using a web browser. The portal provides the following features: subscriber interface to SSG; one-stop access to services; location-based branding; firewall provisioning; access to the Cisco Subscriber Policy Engine (SPE) self-care features such as registration, service subscription, account maintenance, and subaccount management. The access provider (the SESM deployer) presents these features on personalized browser pages shaped by dimensions such as access device, language preference, and location. The SESM packages include three sample web portal applications: New World Service Provider (NWSP), Wireless Access Protocol (WAP), and Personal Digital Assistant (PDA). The captive portal applications are also SESM web portals.

6

Captive portals—Captive portal applications are specialized SESM web portals that work with the SSG and other SESM web portals to capture, analyze, and redirect packets for various purposes, including messaging, advertising, or displaying logon pages in response to unauthenticated access attempts and unconnected service requests.

7

Profiles—SESM solutions are based on subscriber and service data stored in RADIUS or SPE databases.

8

SESM RADIUS Data Proxy (RDP)—The RDP application is a RADIUS server compliant with RFC 2865 and is the required RADIUS server for SESM SPE-mode deployments. RDP provides access to profiles on the SPE database. Deployers can configure RDP to proxy requests to other RADIUS servers or flat files. Domain-based proxying forwards requests to multiple RADIUS servers based on the IP domain in subscriber and service names.

9

Cisco Distributed Administration Tool (CDAT)—CDAT is a web-based GUI tool for managing the SPE extensions in an LDAP directory. CDAT provides the means for creating and maintaining user (subscriber) and service profiles, user groups, service groups, roles, and policy rules for the RBAC model.

Application Manager—The Application Manager is a web-based GUI for remotely managing SESM applications in a distributed deployment. The managed applications can be SESM web portals, captive portals, RDP, CDAT, WSG, and the Application Manager itself. Administrators use the Application Manager to access the configuration attributes in the Java Management Extensions (JMX) MBeans used by these SESM applications.

10

Web Services Gateway (WSG)—The SESM WSG application provides a Simple Objects Access Protocol (SOAP)-based interface enabling third-party web portals and subscriber management systems to integrate with the SESM and SSG solution. Any client application can interface with SSG through the WSG using SOAP over HTTP communication.

11

Billing server—A third-party billing server is required if the SSG Prepaid feature is included in the solution.

12

Services—SESM applications work in conjunction with the Cisco gateway components to provide a one-stop interface for activating multiple services. SESM can provide the activation interface for any service type supported by the gateway component. Service information exists in the service profiles.


 

SESM Application Management

SESM uses the Java Management Extensions (JMX) specification and its related JMX MBean standards for application configuration. For descriptions of these standards, go to:


A brief introduction to JMX terminology and its relationship to SESM application management follows:

JMX manageable resources—Java objects instrumented to allow spontaneous management by any JMX compliant agent. Each SESM application contains JMX manageable resources.

JMX agent— A management entity implemented in accordance with the JMX Agent Specification. For SESM, the agent is the Cisco ConfigAgent.

Managed beans (MBeans)—Java objects that represent a JMX manageable resource. MBeans for each SESM application are specified in XML files installed in the application's config directory under the SESM installation directory.

JMX server ( also called the MBean server)—A registry for objects that are exposed to management operations by an agent. Any object that is registered with the JMX server becomes visible to the agent. In SESM applications, MBeans are registered by the ConfigAgent or by other MBeans.

Administrators can change SESM application configuration by changing the attribute values in MBeans. In SESM Release 3.1(9), use any of these ways to change MBean attribute values:

Use the Application Manager, a web-based GUI tool. This is the preferred way to manage running SESM applications. The tool includes:

Operational scenarios that present the most-used attributes for quick access and adjustments.

Advanced screens that present all attributes.

A bulk upload feature for importing large mappings of subscriber subnets to SSGs.

Manually edit the XML files associated with the application. XML files are located in the application's config directory (for example, nwsp/config/nwsp.xml). If you use this method, you must stop and restart the application before the changes take effect.

Use the SESM Agent View, a web-based view of managed resources and associated MBeans. The Agent View is an adaptation of the Management Console provided by the HTML adaptor server, which is included with the Sun example JMX server. The Cisco adaptations add persistence features to the server.


Note The Application Manager replaces the SESM Agent View. The Agent View is included in SESM Release 3.1(9) to provide convenience and continuity during migrations from previous releases.


SESM Documentation Map

Figure 1-4 can help you to locate information in the SESM documentation set. Go to the following URL to access the online version of the SESM documentation:

http://www.cisco.com/univercd/cc/td/doc/solution/sesm/index.htm

Figure 1-4 SESM Documentation Map