Cisco Transport Manager User's Guide, 5.0
Chapter 2: Basic Concepts
Download this chapter
Chapter 2: Basic ConceptsChapter 2: Basic Concepts
Download the complete book
Cisco Transport Manager Release 5.0 User Guide (23 MB pdf file)Cisco Transport Manager Release 5.0 User Guide (23 MB pdf file) (PDF - 20 MB)
give_us_feedback

Table Of Contents

Basic Concepts

2.1  CTM Interfaces

2.1.1  Southbound Interfaces with NEs

2.1.2  Northbound Interfaces with OSSs

2.2  Data Communications Network

2.2.1  Proxy Server/Firewall Configurations

2.3  What is FCPS?

2.4  Fault Management

2.5  Configuration Management

2.5.1  Explorers

2.5.2  Network Maps

2.5.3  Wizards

2.5.4  Inventory Management

2.5.5  Double IP Address Management

2.5.6  Provisioning

2.5.7  Link Management

2.5.8  Circuit Management

2.5.9  NE Release Management

2.6  Performance Management

2.6.1  Selectable Collection of PM Data Parameters

2.6.2  PM Queries and Graphs

2.6.3  Real-Time PM Reporting

2.7  Security Management

2.7.1  Login Advisory Message

2.7.2  User Management and Profiles

2.7.3  NE Access Control

2.7.4  Audit Log


Basic Concepts

This chapter introduces some basic CTM and networking concepts, including:

CTM Interfaces

Data Communications Network

What is FCPS?

Fault Management

Configuration Management

Performance Management

Security Management

2.1  CTM Interfaces

This section describes the southbound interfaces that CTM uses to communicate with NEs and the northbound interfaces that CTM uses to communicate with OSSs.

2.1.1  Southbound Interfaces with NEs

The CTM server communicates with NEs through the data communications network (DCN) by using several protocols (CORBA, HTTP, TL1, SNMP, and so on).

2.1.1.1  ONS 15200

CTM uses SNMP as the primary management interface for the ONS 15200. The SNMP interface of the ONS 15200 is limited to read-only information and does not support provisioning. CTM also provides access to the ONS 15200 command-line interface (CLI) and craft web interfaces.

2.1.1.2  ONS 15216

The ONS 15216 product family consists of the following classes of products:

DWDM filters or multiplexer/demultiplexer units

Optical add/drop multiplexers (OADMs)

Optical amplifiers (OAs), which are also referred to as erbium-doped fiber amplifiers (EDFAs)

Dispersion compensation, including the Optical Supervisory Channel (OSC) and Dispersion Compensation Unit (DCU)

The ONS 15216 NEs are referred to as active or passive. Active NEs support a management interface; passive NEs do not. There is no communication between passive NEs and CTM; rather, all of the information is user-defined. You can use the Domain Explorer to manually add inventory information for passive NEs. You can use the NE Explorer to manually add specific information such as serial number. For passive ONS 15216 NEs with multiple slots (such as the DCU), you can use the NE Explorer to specify the content of each slot. All of the information that you define is maintained in the CTM database and propagated to an external OSS through CTM GateWay/CORBA.

Table 2-1 summarizes the management protocol support available for the ONS 15216 product family. It also identifies each NE type as active or passive.

Table 2-1 ONS 15216 Management Protocols 

ONS 15216 Product
Active or Passive NE?
Management Protocol

ONS 15216 100-GHz OADM1/2/4

Active

TL11

ONS 15216 EDFA2

Active

SNMPv2c1, TL1

ONS 15216 EDFA3

Active

SNMPv2c1, TL1

ONS 15216 100-GHz Red/Blue Filters

Passive

ONS 15216 200-GHz Red/Blue Filters

Passive

ONS 15216 200-GHz OADM1/2

Passive

ONS 15216 EDFA1

Passive

ONS 15216 OSC

Passive

ONS 15216 DCU

Passive

ONS 15216 FlexLayer

Passive

1 Protocol that CTM uses to manage the NE.


2.1.1.3  ONS 1530x

CTM uses SNMP as the primary management interface for the ONS 15302 and ONS 15305. CTM supports the use of Cisco Edge Craft to configure the ONS 1530x. Cisco Edge Craft is the local craft application used to manage ONS 15302 and ONS 15305 NEs.

2.1.1.4  ONS 15310, ONS 15327, ONS 15454 SONET, ONS 15454 SDH, ONS 15600 SONET, and ONS 15600 SDH

The ONS 15310, ONS 15327, ONS 15454 SONET, ONS 15454 SDH, and ONS 15600 SONET support TL1 and SNMP interfaces, as well as a CORBA interface for Cisco Transport Controller (CTC) and CTM management. The CORBA interface is a proprietary Cisco interface and is not published for use by customers or third parties. The ONS 15600 SDH does not support the TL1 interface, because TL1 is used mainly in ANSI/SONET markets.

Note TL1 support is not available for ONS 15454 SDH releases earlier than R5.0.

The ONS 15310, ONS 15327, ONS 15454 SONET, ONS 15454 SDH, ONS 15600 SONET, and ONS 15600 SDH also support a Cisco proprietary HTTP interface for bulk collection of performance management (PM) data. This interface is not published for customer or third-party use.

Note In general, any updates from CTC for ONS 15600-specific screens can take up to several minutes. This delay affects CTM screens that are specific to the ONS 15600 SONET and ONS 15600 SDH.

2.1.1.5  ONS 155xx

CTM uses SNMP to manage the ONS 15501, ONS 15530, and ONS 15540 NEs. For the ONS 15530 and ONS 15540, CTM also provides access to the Cisco IOS CLI interface through Telnet. The ONS 15501 does not run Cisco IOS software.

2.1.1.6  ONS 1580x

CTM uses TL1 to manage the ONS 15800, ONS 15801, and ONS 15808 NEs. Use of the TL1 Agent requires establishing a Telnet session to the Control and Monitoring Processor (CMP) module on the ONS 1580x. Table 2-2 lists the default user IDs and passwords for the ONS 1580x. After the Telnet session opens, the first command that must be entered is the Activate User TL1 command. This command initiates the TL1 session and allows you to enter subsequent TL1 commands and receive autonomous notifications.

Table 2-2 Default ONS 1580x User IDs and Passwords 

User ID
Password
Priority Level

USER_1

USER_1

1: System administrator

USER_2

USER_2

2: Complete permission

USER_3

USER_3

3: Read-only

USER_4

USER_4

4: Partial permission

USER_5

USER_5

5: Simple permission


2.1.1.7  Cisco CRS-1 and Cisco Catalyst 6509

CTM uses XML/CORBA as the primary management interface for the Cisco CRS-1. CTM uses SNMP to communicate with the Cisco Catalyst 6509.

2.1.2  Northbound Interfaces with OSSs

CTM supports three gateway modules that provide northbound EMS-to-NMS interface mediation. Not all NE types are supported by each module. Table 2-3 shows the NE types supported by each gateway module.

Table 2-3 CTM GateWay/CORBA, SNMP, and TL1 Coverage 

NE Type
CTM GateWay/CORBA Support?
CTM GateWay/SNMP Support?
CTM GateWay/TL1 Support?

ONS 15200

Yes

Yes

No

ONS 15216 EDFA2

Yes

Yes

Yes1

ONS 15216 EDFA3

Yes

Yes

Yes

ONS 15216 100-GHz OADM

No

No

Yes

ONS 15216 100-GHz Red/Blue Filters

Yes2

No

No

ONS 15216 200-GHz Red/Blue Filters

Yes

No

No

ONS 15216 200-GHz OADM1/2

Yes

No

No

ONS 15216 EDFA1

Yes

No

No

ONS 15216 OSC

Yes

No

No

ONS 15216 DCU

Yes

No

No

ONS 15216 FlexLayer

Yes

No

No

ONS 15302

Yes

Yes

No

ONS 15305

Yes

Yes

No

ONS 15310

Yes

Yes

Yes

ONS 15327

Yes

Yes

Yes

ONS 15454 SONET

Yes

Yes

Yes

ONS 15454 SDH

Yes

Yes

Yes3

ONS 15501

Yes

Yes

No

ONS 15530

Yes

Yes

Yes

ONS 15540 ESP, ESPx

Yes

Yes

Yes

ONS 15600 SONET

Yes

Yes

Yes

ONS 15600 SDH

Yes

Yes

No

ONS 1580x

Yes

No

Yes

Not Managed/Other Vendor NEs

Yes

No

No

Cisco CRS-1

No

No

No

Cisco Catalyst 6509

No

No

No

1 CTM GateWay/TL1 supports the ONS 15216 EDFA2 only for NE Software Release 2.1 and later.

2 CTM GateWay/CORBA supports only inventory management for the passive ONS 15216 NEs and Not Managed/Other Vendor NEs.

3 CTM GateWay/TL1 does not support ONS 15454 SDH releases earlier than R5.0.


See Chapter 12, "Managing Southbound and Northbound Interfaces" for detailed information about CTM GateWay/SNMP and CTM GateWay/TL1. See also Cisco Transport Manager Release 5.0 GateWay/CORBA User Guide and Programmer Manual for detailed information about CTM GateWay/CORBA.

2.2  Data Communications Network

A DCN, also known as an Operations Support Network (OSN), is the management network that provides connectivity between a service provider's operations support center applications and the NEs that they support. The DCN supports operations, administration, management, and provisioning (OAM&P) functions such as network surveillance, provisioning, service restoration, and so on. NEs that make up the provisioned services infrastructure used to deliver services to customers include SDH, SONET, add-drop multiplexers (ADMs), optical repeaters, voice switches, digital cross-connect systems, frame relay, asynchronous transfer mode (ATM) switches, routers, digital subscriber line access multiplexers (DSLAMs), digital loop transmission systems, and so on.

The DCN establishes the link between CTM and the EMS. The DCN is important to service providers because it is a vital element in getting fast, reliable management information about the network. Service providers design the DCN as a carrier-class management solution where a single failure does not jeopardize the ability to manage the network.

2.2.1  Proxy Server/Firewall Configurations

The ONS 15310, ONS 15327, ONS 15454 SONET, and ONS 15454 SDH support a proxy server configuration that allows networking ONS NEs in environments where visibility and accessibility between NEs must be restricted. In a proxy server environment, NEs are designated as gateway NEs (GNEs) or end NEs (ENEs). The GNE is LAN-connected to the DCN, while the ENEs are accessed through the proxy server feature on the GNE over the Section Data Communications Channel (SDCC). The ENEs are not directly accessible by IP address; in fact, the ENE IP addresses can be in a separate, private IP address space because they are not visible on the larger DCN. The GNE must have an IP address that is valid for the DCN LAN.

2.3  What is FCPS?

CTM's strategy is to provide a common, carrier-class fault, configuration, performance, and security (FCPS) EMS.

FCPS refers to the different types of information handled by management systems. A fifth area, accounting, is often included, making the acronym FCAPS. However, CTM does not support accounting management currently.

2.4  Fault Management

Fault management (FM) detects, isolates, corrects, and reports faults for the network and service. Fault management tracks the correlation of related services; for example, reliability, availability, survivability, quality assurance, alarm surveillance, alarm management, fault localization, fault correction, testing, and trouble administration. Fault management also maximizes the availability of the network for service delivery.

Note See Chapter 9, "Managing Faults" for more information.

The FM function is responsible for the discovery and localization of malfunctions on managed NEs. CTM supports consolidated FM by way of the following functions:

Alarm collection

Alarm and event acquisition and storage

EMS alarms for loss of communication, software download failure, memory backup failure, login security violation, server monitor thresholds, and free remaining disk space

Fault synchronization after connection loss

Maintenance mode state for suppression of alarms, events, and PM collection

Alarm display

Quick-view Dashboard window for display of alarm count, unacknowledged alarm count, and launch of EMS alarm view

Alarm indication and propagation

Color and shape coding of severity for critical, major, minor, and warning alarms

Alarm acknowledgement

Flexible alarm acknowledgment—single, multiple, all, automatic

Editable notes per alarm record

Historic alarm retrieval

Alarm sorting and filtering

Visible and audible notification of alarm reporting

Reports and exporting facilities

2.5  Configuration Management

Configuration management configures and controls NEs, identifies resources, collects information about a resource, and manages connections between NEs. Configuration management deals not only with the state of NEs, but also with the provisioning of resources and services. Generally, configuration management involves network planning, installation, service planning and negotiation, service provisioning, equipment provisioning, status and control, and network topology. Configuration management allows you to prepare the network to deliver services.

Note See Chapter 5, "Configuring Hardware" for more information.

Examples of configuration management include:

Discovering the inventory of what is installed in the network

Configuring chassis slots for cards based on desired services

Configuring cards in protected or unprotected relationships

Configuring physical (PTP) or logical (CTP) ports to support service profiles

Creating, modifying, viewing, and deleting network topologies and connections

Downloading and activating NE software

Backing up and restoring the NE configuration

CTM provides different graphical views to support configuration management. All views can be classified into three main groups: explorers, network maps, and wizards.

2.5.1  Explorers

Explorer windows are divided into two sections: a tree and a pane. The tree organizes the resources (domain, groups, nodes, network partitions, subnetworks, and modules), which are displayed in a hierarchical format. You can access information about each resource by browsing the tree section. The pane provides specific information about the selected object. There are three types of explorers in CTM:

Domain Explorer

Subnetwork Explorer

NE Explorer

2.5.2  Network Maps

Network Map windows display how the network is partitioned graphically. The Network Map is organized into a multilevel hierarchy that corresponds with the structure of Domain Explorer and Subnetwork Explorer trees. Users with the appropriate privileges can organize their own map display.

For more information, see 1.3.6  Network Map, page 1-19.

2.5.3  Wizards

Wizards are used to simplify involved configuration management tasks such as:

A-to-Z circuit provisioning

NE user access administration

Layer 2 service provisioning

VLAN provisioning

Broadcast software download

Native equipment/facility provisioning

Topology/link management

Automatic NE memory backup, on-demand restoration

General operation on multiple NEs

2.5.4  Inventory Management

Inventory information is another component of configuration management. CTM provides two levels of inventory reports:

Domain NE table—A complete list of all the NEs that belong to a specific group or to the entire domain

Equipment Inventory table—A detailed list of cards and modules installed on a specific NE

Tip For detailed information about inventory reports, see Chapter 11, "Managing Inventory."

2.5.4.1  Adding New NEs to the CTM Domain

The Add New NE wizard allows you to add a new NE, or to add several new NEs at once. The wizard allows you to enter multiple NE IP addresses one at a time, or enter a beginning and ending IP address and automatically add a range of NEs. See 3.5.2  Adding NEs, page 3-13.

2.5.4.2  NE Connectivity and Operational States

The operational state of an NE can have the following values:

Preprovisioned—The NE has been added to the database for provisioning but is not yet in service. CTM does not manage preprovisioned NEs.

Under Maintenance—The NE is temporarily under maintenance but requires monitoring. This state is the same as In Service except that CTM does not report alarms or events for under-maintenance NEs.

In Service—The NE is currently deployed and requires monitoring. CTM collects polling, FM, configuration management, and PM data from in-service NEs and stores the data in the database.

Out of Service—The NE has been marked Out of Service by a network administrator and does not require monitoring. The CTM database records the last known state of the NE when it was in service.

In Service-Initializing—The NE is marked as In Service-Initializing when CTM connects to the NE (Communication State is marked as Available) and the discovery process starts. The initialization process is completed when fault and inventory have been synchronized. The operational state changes from In Service-Initializing to In Service-Synch Configuration.

In Service-Synch Configuration—The NE is marked as In Service-Synch Configuration when CTM uploads a configuration for that NE. You can change the operational state of an NE from In Service-Synch Configuration to Out of Service.

The communication state of an NE can have the following values:

Not Applicable—The NE is Preprovisioned or Out of Service. The connection to the NE has not been established or has been dropped.

Available—The NE is In Service or Under Maintenance and CTM is connected to the NE. The NE is declared Available when the NE is reachable and supported by CTM (as defined in the Administration > Supported NE table).

Unavailable—The NE is In Service or Under Maintenance but CTM cannot establish a connection to the NE. When CTM loses the connection to the NE, an EMS alarm with a probable cause of Connection loss is generated.

2.5.5  Double IP Address Management

CTM supports double IP addresses to access ONS 1580x NEs through two gateways using Layer 3 routing instead of Layer 2 bridging. This requires DCN configuration using Network Address Translation (NAT).

CTM uses either the Primary or Secondary IP address to reach the ONS 1580x:

Active IP address—The IP address (either Primary or Secondary) currently used by CTM to reach the ONS 1580x NE.

Primary IP address—The IP address configured on and used during normal working conditions to gain IP access to the NE through the default gateway.

Secondary IP address—The IP address used during fault conditions to reach the node through the NAT router. If the secondary IP address is not used or configured, the address is the same as the primary IP address.

2.5.6  Provisioning

The CTM supports provisioning through:

NE Explorer—Shows service-provisioning information about the selected NE.

Craft interface—Depending on the NE model, CTM provides access to NE craft interfaces such as CTC, Cisco Edge Craft, CiscoView, web browsers, and the CLI. Table 2-4 lists the available craft interfaces by NE model.

Table 2-4 Craft Interface by NE Model 

NE Model
Craft Interfaces Available from CTM

ONS 15200

Web interface

CLI

ONS 15216 EDFA2

TL1 interface

CLI

ONS 15216 EDFA3

TL1 interface

ONS 15216 100-GHz OADM

TL1 interface

CLI

ONS 15302

CLI

Cisco Edge Craft

ONS 15305

CLI

Cisco Edge Craft

ONS 15310

CTC

TL1 interface

ONS 15327

CTC

TL1 interface

ONS 15454 SONET

CTC

TL1 interface

ONS 15454 SDH

CTC

TL1 interface

ONS 15501

CiscoView

CLI

ONS 15530

CiscoView

Cisco IOS CLI

TL1 interface

ONS 15540 ESP, ESPx

CiscoView

Cisco IOS CLI

TL1 interface

ONS 15600 SONET

CTC

TL1 interface

ONS 15600 SDH

CTC

ONS 1580x

TL1 interface

Cisco CRS-1

Craft web interface

Cisco Catalyst 6509


2.5.7  Link Management

A link is a connection between two termination points (TPs). CTM represents the physical connectivity between NEs in the domain by defining the physical links between NEs. CTM allows you to view, create, modify, and delete links. CTM also supports a link utilization table, which displays utilization information and overall consumption of bandwidth for the selected links.

CTM automatically discovers links between CTC-based and ONS 155xx NEs. For CTC-based NEs, links are autodiscovered only when the DCCs are created on both ends of the link. Autodiscovery requires configuration on ONS 15501, ONS 15530, and ONS 15540 NEs. For the ONS 15216, ONS 15302, ONS 15305, ONS 15800, ONS 15801, and ONS 15808 NEs, links are manually added.

Note Link autodiscovery is supported on CRS-1 platforms when Cisco Discovery Protocol (CDP) is enabled on the router or interface.

Note For all NEs that support links, you can add manually provisioned links. For example, you can define manual and patchcord links for the ONS 15454. For detailed information, see 3.6  How Do I Build Links?, page 3-23.

2.5.8  Circuit Management

A circuit represents an end-to-end connection between two or more connection termination points (CTPs). A circuit consists of an alternating series of cross-connections and link connections. In its simplest form, a circuit consists of a single cross-connection (if the circuit is defined between two CTPs on the same NE). A circuit can be bidirectional or unidirectional, point-to-point or point-to-multipoint, and protected or unprotected.

CTM allows you to create unidirectional and bidirectional circuits for CTC-based NEs. For unidirectional path switched ring (UPSR) circuits, you can create revertive or nonrevertive circuits. These circuits can route automatically or you can route them manually. For CTC-based NEs, circuits can be viewed, created, modified, traced, and deleted. For the ONS 15530 and ONS 15540, circuits can be viewed and modified.

Note Circuit information is not available for the ONS 15200, ONS 15216, ONS 15501, ONS 15800, ONS 15801, ONS 15808, Cisco CRS-1, or Cisco Catalyst 6509. For the ONS 15302 and ONS 15305, circuits can be created through CEC (Configuration > ONS 15302 or ONS 15305 > Launch Cisco Edge Craft).

CTM supports the following circuit management operations:

Find circuits

View circuits and circuit spans

Create circuits

Modify circuits

Delete circuits

Trace circuits

Display associated VLANs

Upgrade circuits

Repair circuits

Update circuits

Roll circuits

Merge circuits

Reconfigure circuits

Tip See Chapter 7, "Provisioning Services" for detailed information about circuit provisioning.

2.5.9  NE Release Management

An NE added to the CTM domain is discovered and managed by CTM only if the NE software version is defined in the Supported NE table.

Note See Release Notes for Cisco Transport Manager Release 5.0 for the NE software versions that are supported in CTM R5.0. The CTM release notes are available on the product CD and online at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/optnet/ctm/ctmreln/index.htm.

Caution Before updating the software image on an NE, check the CTM release notes to verify whether the NE software version is supported in this CTM release.

The following NE administration features are available for the ONS 15216 EDFA, ONS 15302, ONS 15305, ONS 15310, ONS 15327, ONS 15454 SONET, ONS 15454 SDH, ONS 155xx, ONS 15600 SONET, ONS 15600 SDH, ONS 1580x, and Cisco CRS-1:

Software download (not available for the Cisco CRS-1)

Memory backup and restore (not available for the ONS 1530x, ONS 15501, or ONS 1580x)

Job monitoring

NE Software table (used to commit or revert software images)

Note The commit or revert software images functionality is not available for CRS-1 platforms.

2.5.9.1  Software Download Dialog Box

Use the Software Download dialog box to download software to NEs. After the download is complete you can use the NE Software table to activate the software. The downloaded software becomes the active version, and the active version becomes the standby version. CTM stores two software versions, active and standby.

2.5.9.2  Memory Backup Dialog Box

Use the Memory Backup dialog box to back up configuration and provisioning information that resides in the flash memory of an NE. By default, the local CTM server automatically backs up the memory of NEs once a day for seven days and stores the backup files on the CTM server. After seven days, the oldest backup file is replaced by the current backup.

2.5.9.3  Memory Restore Dialog Box

Use the Memory Restore dialog box to restore provisioning and configuration information stored in the flash memory of an NE.

2.5.9.4  Job Monitor Table

The Job Monitor table provides information about scheduled administrative tasks such as task type, task owner, task status, task start and end time, and so on.

2.5.9.5  NE Software Table

The NE Software table displays the active and standby software versions for the NE. From this table, you can activate new software or revert software on NEs.

2.6  Performance Management

Performance management gathers and reports the behavior of NEs, network, and services, including quality assurance, monitoring, management control, and analysis.

Performance management ensures that the network delivers services with the promised quality. PM data is useful for fine-tuning the performance of the device and proactively monitoring for catastrophic failures before they occur. The NEs accumulate PM statistics in 15-minute and 1-day intervals.

Note See Chapter 10, "Managing Performance" for more information.

Examples of performance management include:

Collecting, storing, and forwarding data to characterize the integrity of transmission

Determining when connections fail to meet committed integrity thresholds

2.6.1  Selectable Collection of PM Data Parameters

There are two steps to setting PM collection:

1. Enable PM collection for a given NE model (in the Control Panel > PM Service window)

2. Enable PM collection for specific NEs (in the Domain Explorer or Subnetwork Explorer > NE Properties pane > Status tab > PM Collection area)

PM data cannot be collected unless the PM Service process is running. If PM data collection is enabled on an NE but the PM Service is not running, CTM displays a warning message.

You can also enable robust PM data collection (not supported by CRS-1) at the NE level. With robust collection, CTM attempts to recover from any data collection gaps that might occur due to an outage or an extended communication failure. If CTM detects a data gap, it attempts to retrieve the missing PM data from the historical registers available on the NE.

For the ONS 15530 and ONS 15540, you can use the Cisco IOS CLI or CiscoView to enable performance monitoring on each NE and module.

You can enable or disable performance monitoring for the individual modules in the ONS 1580x system. Use the ONS 1580x NE Explorer > card slot properties pane > Identification tab > PM Collection Status field. CTM also offers a wizard to enable or disable PM on multiple modules on the same ONS 1580x NE. To launch the wizard, open the ONS 1580x NE Explorer and choose Performance > Enable/Disable PM by Module. This opens a table that lists all of the NE modules and their PM collection status.

For the CRS-1, you must enter the CLI commands shown in Table 2-5 to enable PM collection on the router.

Table 2-5 CLI Commands to Configure CRS-1 PM Collection 

CLI Command
Purpose

performance-mgmt resources tftp-server <IP_address> directory <directory_name>

Defines the IP address of the TFTP server and the directory location where the CRS-1 copies PM files.

performance-mgmt statistics <entity_name> generic-counters template <template_name>

sample-size 1

sample-interval 15

Defines a template for collecting a single PM sample at 15-minute intervals. One template must be defined for each entity (interface, BGP, MPLS, and node).

performance-mgmt enable statistics <entity_name> generic-counters <template_name>

Enables PM data collection using the given sample and interval as defined in the template above. One command must be entered for each entity (interface, BGP, MPLS, and node).


2.6.2  PM Queries and Graphs

CTM offers two PM query wizards to view PM reports:

Query by NE Model—Allows you to filter PM data by NE model.

Query by PM Category—Allows you to filter PM data by PM category, which can span multiple NE models.

The PM Query by NE Model wizard allows you to specify:

NE model (ONS 15327, ONS 15454 SONET, and so on)

PM type (SONET Section, SONET Line, and so on)

15-minute or 1-day collection

Near-end or far-end collection

Time period

Module type, where applicable

Physical location, where applicable

The PM Query by Category wizard allows you to specify:

PM Category (SONET, SDH, DWDM, and so on)

PM type (SONET Section, SONET Line, and so on)

15-minute or 1-day collection

Near-end or far-end collection

Time period

Module type, where applicable

Physical location, where applicable

Note The PM Query by Category wizard is not supported for the ONS 155xx or Cisco CRS-1. Performance management in general is not supported for the ONS 15200, ONS 15216, or Cisco Catalyst 6509.

All PM tables contain a Plot tab that you can use to plot the data in a graphical view that is stored in the CTM database. CTM plots up to three parameters in one graph for comparison. The Y axis represents the selected parameter(s); the X axis shows the time. Table A-10 on page A-26 describes the toolbar icons in the PM graph window.

The CRS-1 PM tables provide additional functionality that allows you to generate an HTML report based on the data in the selected CRS-1 PM table. See 10.4.4  Generating an HTML Report for PM Tables—CRS-1, page 10-26.

2.6.3  Real-Time PM Reporting

CTM supports the ability to launch a real-time PM report from the PM Query wizard or from a single row in a PM table. This feature allows you to examine the current value of a PM parameter in granularities finer than the standard 15-minute or 1-day interval. You can view and modify the polling interval for the real-time PM reporting session. You can end a real-time PM session at any time and export the data. For more information, see 10.4.2  Managing Real-Time PM Data, page 10-23.

Note Real-time PM reporting applies only to CTC-based NEs.

2.7  Security Management

Security management prevents and detects any improper use of network resources and services as well as recovery from security violations. Aspects of security management include prevention, detection, containment, and recovery.

Security management protects the revenue-generating assets in the network.

Note See Chapter 8, "Managing Security" for more information.

Examples of security management include:

Controlling access to network management functions

Controlling access to network logical resources

Security for the CTM system can be divided into the following areas:

CTM security domain: To log into the CTM client, a username and password are required. A user profile defines the access privileges. CTM passwords are stored using MD5 one-way encryption.

OSS security domain: OSS-to-CTM sessions are configured by the CTM GateWay EMS-to-NMS interface architectural component.

NE security domain: At the NE level, a username and password are configured to enable the user to connect directly through the console port (EIA/TIA-232), through the management port (10BASE-T), or remotely through a Telnet session. NE passwords are stored using base-64 two-way encryption.

CTM server login: You must have root user privileges to log into the CTM server workstation for debugging or changing the CTM server program. A username and password are required.

Oracle database access: Access to the Oracle database requires Oracle root user authentication, as well as CTM database access authentication. The Oracle username and password are encrypted in the server configuration file.

CTM supports the following security features:

Login advisory message

User management and profiles

NE access control

Audit Log

2.7.1  Login Advisory Message

The following is the default advisory message after logging into the CTM client: 

NOTICE: This is a private computer system. Unauthorized access or use may lead to 
prosecution.

You can customize the default advisory message, or disable it altogether. See Chapter 8, "Managing Security."

2.7.2  User Management and Profiles

CTM user management includes the ability to:

Manage predefined default user profiles with different access privileges. The default user types are:

SuperUser—Users who have access to all operations.

SysAdmin—System administrators who manage CTM access.

NetworkAdmin—Typically, network operations center (NOC) supervisors who perform daily network surveillance, provisioning, and PM activities on any group or NE.

Provisioner—Users who perform daily network surveillance, provisioning, and PM activities on specific NEs. Each provisioner can have only one active session. Provisioners cannot access administrative information.

Operator—Users who perform daily network surveillance and PM activities on specific NEs. Each operator can have only one active session. Operators cannot access administrative information.

Create, delete, modify, and duplicate custom user profiles with certain privileges. Custom user profiles are grouped into categories and each category has a set of operations.

Create, delete, or modify CTM users; lock or unlock user accounts; view logged-in users; and end active user sessions.

Regulate user logins, including password aging, number of failed login attempts before an account lockout, login disable period, lockout time, and logout time.

Specify a CTC username and password.

Configure the username and password used by the CTM server and CTM GateWay/TL1 to access NEs.

View, add, modify, and delete NE user accounts on one or more NEs.

Tip For detailed information about user management, see Chapter 8, "Managing Security."

2.7.2.1  Locking and Unlocking the Client

A CTM client is locked automatically after a defined period of inactivity.

To manually lock the CTM client, select File > Lock CTM Client in the Domain Explorer. The CTM Locked window opens, indicating that the CTM client is locked.

To unlock the CTM client, enter your password in the CTM Locked window; then, click Unlock.

2.7.3  NE Access Control

NE access control includes the ability to:

Configure the username and password used by the CTM server and CTM GateWay/TL1 to access NEs and retrieve alarms, configuration, and inventory information.

Note Each username and password specified must exist on the selected NE in order for CTM to manage it. A new or modified password takes effect at the next reconnection.

Configure the username and password on multiple NEs by using the bulk NE authentication feature. With a single operation, you can specify the same username and password for NEs that belong to the same group or are assigned to the same user.

Manage NE user accounts by using the NE User Access Administration table. This feature supports the ability to view, add, modify, and delete NE user accounts on one or more NEs.

Monitor active NE users and log out selected users.

(ONS 1580x NEs only) Modify the user password of the local craft tool and create, modify, and delete TL1 users on one or more NEs (if supported by the TL1 Agent version).

Add predefined users on a selected NE.

2.7.4  Audit Log

The Audit Log contains information about significant events (user-initiated changes and activities) that occurred on the CTM server during a specific time period for the purposes of establishing accountability. It also helps in identifying remedial actions to correct an improper activity. The Audit Log is implemented in the CTM database, where each record has a time stamp, record type, and message string.

Tip See Chapter 8, "Managing Security" for a list of runtime-affecting operations that the Audit Log records for monitoring purposes.