Release Notes for Cisco Subscriber Edge Services Manager 3.1.9 [Cisco Subscriber Edge Services Manager]

Table Of Contents

Release Notes for the Cisco Subscriber Edge Services Manager, Release 3.1(9)

Contents

Introduction

SESM Deployment Options

SESM Application Suite

System Requirements

Hardware Supported

SESM Platforms

Cisco Platforms with the SSG

Software Compatibility

Captive Portal Compatibility

Port-bundle Host Key Compatibility

Complete ID Compatibility

New Features

New Features for RADIUS and SPE Mode

New Features for SPE Mode

Installation Notes

Obtaining a License Number

Obtaining Cisco SESM Software Files

SSG, RADIUS Server, and LDAP Server Status During Installation

Upgrade Information

Installing SPE Schema Extensions in LDAP Mode

Upgrading from SESM Release 3.1(3), 3.1(5) or 3.1(7)

Preserving Customizations

Migrating an SESM Release 3.1(3), 3.1(5) or 3.1(7) Web Portal Application

Upgrading from SESM Release 3.1(1)

Migrating an SESM Release 3.1(1) Web Portal Application

Uninstalling a Previous Installation

Important Notes

Modifying Java Server Pages

Recommended Java Runtime Environment

JMX Management Console

Server Hardware

Sun ONE (iPlanet) Directory Server 5.0 Fails to Remove Attribute

JDK Home Settings

Caveats

Documentation Updates

Cisco Subscriber Edge Services Manager Web Developer Guide

SESM Class Libraries and Tag Library Descriptor Files

Cisco Subscriber Edge Services Manager SDK Platform Programmer Guide

Cisco Subscriber Edge Services Manager Application Management Guide

Configuring Logon Values for the Application Manager

SSG MBean

Cisco Subscriber Edge Services Manager Deployment Guide

Summary of Administrative Access to NDS

Cisco Subscriber Edge Services Manager Installation Guide

Hardware Platform Requirements

Cisco Subscriber Edge Services Manager Web Portal Guide

Related Documentation

Obtaining Documentation

World Wide Web

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco.com

Technical Assistance Center

Cisco TAC Web Site

Cisco TAC Escalation Center

Release Notes for the Cisco Subscriber Edge Services Manager, Release 3.1(9)

May 2003

These release notes contain important information regarding the Cisco Subscriber Edge Services Manager (Cisco SESM) Release 3.1(9).

Note For information about obtaining a license number, see the "Obtaining a License Number" section.

Contents

These release notes discuss the following topics:

•Introduction

•System Requirements

•New Features

•Installation Notes

•Upgrade Information

•Important Notes

•Caveats

•Documentation Updates

•Obtaining Documentation

•Obtaining Technical Assistance

Introduction

Cisco SESM provides service selection and connection management in broadband and mobile wireless environments. Cisco SESM provides the end user (the subscriber) with a web portal for accessing multiple services. The ISPs and NAPs deploying Cisco SESM can customize the content of the web pages and thereby control the subscriber experience.

SESM Deployment Options

SESM Release 3.1(9) supports the following deployment options:

•RADIUS—In this deployment, the SESM web application and SSG query a RADIUS database for authentication and authorization information.

•SPE—In this deployment, the Cisco Subscriber Policy Engine (SPE) provides the libraries and directory schema extensions that enable queries to an LDAP directory for authentication and authorization information.

•Demo—In Demo mode, the SESM web application simulates the actions of an SESM application without using an SSG, RADIUS server, or LDAP directory.

SESM Application Suite

SESM Release 3.1(9) includes the following sample web portal applications that can be installed and configured for demonstration purposes or used as a starting point for customizations:

•New World Service Provider (NWSP) portal—A comprehensive example of most features offered by the SESM web development kit.

•Wireless Access Protocol (WAP) portal—An application designed specifically for deployment in the mobile wireless industry.

•Personal Digital Assistant (PDA) portal—An application with web pages formatted for a PDA device.

You can optionally install the following applications to configure the SESM captive portal solution:

•Captive Portal application—A gateway application between the SSG and other applications in a captive portal solution. The default configuration for this application redirects subscriber browsers to either the Message Portal application or the NWSP application.

•Message Portal application—SESM portal application that produces sample greetings and advertising pages to demonstrate SESM captive portal features.

The SESM software includes the following additional supporting applications:

•Cisco Distributed Administration Tool (CDAT)—A web-based interface that is used to create and maintain the subscriber, service, and policy information used by SESM and the Service Selection Gateway (SSG) in an SPE/LDAP mode deployment.

•RADIUS Data Proxy (RDP) server—A RADIUS server that can proxy profile requests or use the SPE components to query the LDAP directory for profile information.

•Web Services Gateway (WSG) application—Provides a Simple Objects Access Protocol (SOAP)-based interface that allows third-party web portals and subscriber management systems to integrate with the SESM and SSG solution.

•Application Management—Java Management Extensions (JMX) based application management for all solution components.

Additional software components bundled in the Cisco SESM installation package are:

•J2EE management components.

•SPE component—For SESM running in SPE mode, this component provides the interface between SESM applications and the SPE directory.

System Requirements

This section describes hardware and software requirements for SESM deployments.

Hardware Supported

You can deploy SESM using the following platforms and SSG devices.

SESM Platforms

SESM applications can run on any platform that supports the Java Runtime Environment (JRE). Verified platforms are shown in Table 1.

Table 1 Verified Platforms

Platform

Specifications

Solaris

•Sun Ultra10 or Sun E250 (or later version)

•Solaris Version 8 (or later version) operating system

Windows

•Pentium III (or equivalent) processor

•The earliest supported OS is Windows NT Version 4.0, Service Pack 5 (or later version)

Linux

•Red Hat Linux Version 8

•SuSE Linux Version 7.3

Cisco Platforms with the SSG

Cisco SESM works with any router running Cisco IOS software with the Cisco Service Selection Gateway. The following devices, when they are running the Cisco IOS Release 12.2.(4)B or later with SSG enabled, work with SESM Release 3.1(9):

•Cisco 6400 Universal Access Concentrator (UAC)

•Cisco 7200 series high-performance multifunction routers

•Cisco 7400 series Internet routers

Software Compatibility

The following SESM features require support on the SSG:

•Captive portal

•Port-bundle host key

•Complete ID

Captive Portal Compatibility

To use the captive portal feature in SESM to support unauthenticated user redirections:

•The SSG device must be running Cisco IOS Release 12.2(2)B or later, or Release 12.1(5)DC1 or later.

•The SSG TCP redirect feature must be configured appropriately.

To use the captive portal feature in SESM to support service redirections, initial logon redirections, and advertising redirections:

•The SSG device must be running Cisco IOS Release 12.2(4)B or later, or Release 12.1(5)DC1 or later.

•The SSG TCP redirect feature must be configured appropriately.

Port-bundle Host Key Compatibility

To use the port-bundle host key feature:

•The SSG device must be running Cisco IOS Release 12.2(2)B or later.

•The SSG host key feature must be configured appropriately.

The host key feature can be enabled and disabled on both the SESM and SSG products to ensure backwards compatibility.

Complete ID Compatibility

To use the complete ID feature for portal location awareness and branding, the SSG device must be running Cisco IOS Release 12.3(1)T or the X train for Cisco IOS Release 12.2(8)B.

New Features

This section describes new features in SESM Release 3.1(9) for both RADIUS and SPE mode, and SPE mode only.

New Features for RADIUS and SPE Mode

•New user interfaces for CDAT management and configuration screens—This affects:

–Screens used for general administration tasks

–Screens used to control JMX MBean parameters

•RDP domain support—The RDP has been enhanced to accommodate a separate server for accounting. It has also been enhanced to handle RADIUS usernames with @<domain.name> and is able to send these requests to different RADIUS servers.

•Enhanced Captive Portal—The Captive Portal application enables unauthenticated subscribers greater leveraging of SSG 12.2(16)B features. The enhanced Captive Portal application also supports redirection for both HTTP and HTTPS.

•Message Authenticator support—Support for origin and integrity authentication for all RADIUS packets generated and accepted by SESM applications.

• Framed IP address support—Support for requests from the web portal and WSG applications to the SSG to include the remote IP address of a request. This optional address is included in the Framed IP Address field. This enables the RADIUS load balancing devices to direct requests using the value of the Framed IP Address field.

• Bulk Upload of SSG Mappings—Support for uploading a complete set of client IP configuration data to SSG mappings in the CDAT. A CDAT web page is displayed that requires authentication credentials, the location of the files to be uploaded, and the web portal instance that the configuration data will be applied to. Once applied, the new mappings only apply to new sessions, and any existing sessions are not affected.

•Web proxy support—The SESM Release 3.1(9) Captive Portal application includes features that handle subscribers with a web-proxy configured in their browsers.

–PAC file emulation. In Release 3.1(9), the Captive Portal application can recognize the PAC file request and respond with its own example PAC file as a substitute.

–Web proxy notification page. In Release 3.1(9), the Captive Portal application can recognize the difference between a proxy request and a non-proxy or regular HTTP request. You can configure the SESM Captive Portal application to react to proxy requests by redirecting the browser to a customized message page.

–Web-Proxy support. In Release 3.1(9), when the Captive Portal application recognizes that an unauthenticated subscriber has a web proxy configured, it captures the browser and proxies a login page to the browser. After authenticating and connecting to services on the SSG, the subscriber might have access to the configured web proxy and request connection to it.

New Features for SPE Mode

•User self registration—This applies to the NWSP when deployed in SPE/LDAP mode:

–New link on account logon page allows new users to create accounts for themselves, then log in in the standard way.

–Once new users are logged in, they have access to standard SPE/LDAP mode self-care features and can select from a range of services.

Installation Notes

The following sections highlight some important installation information.

See the Cisco Subscriber Edge Services Manager Installation Guide for complete installation instructions.

Obtaining a License Number

The SESM installation program provides for two types of installation:

•Evaluation—You can install SESM using a RADIUS mode evaluation option or an SPE mode evaluation option. The evaluation options do not require a license number and do not have an expiration period. An evaluation installation provides full software functionality.

•Licensed—You need a license number before deploying SESM in a production environment.

A license number is available on the License Certificate that is shipped with a purchased product. If you have purchased the product but have not yet received the CD-ROM and License Certificate, you can choose the evaluation option during installation. However, be sure to reinstall the SESM software using your license number when you receive the certificate.

The license number is important when you are requesting technical support for SESM from Cisco. After installation, the license number and the software version in the licensenum.txt file appear under the installation directory.

Obtaining Cisco SESM Software Files

You can download the SESM software from the Cisco.com web site or copy it from the SESM product CD-ROM. Cisco SESM software is contained in the following packages.

•For Sun platforms: sesm-3.1.9-pkg-sol.tar

•For Linux platforms: sesm-3.1.9-pkg-linux.tar

•For Windows platforms: sesm-3.1.9-pkg-win32.zip

If you purchased a contract that allows you to obtain the SESM software from Cisco.com, follow these procedures:

Step 1 Open a web browser and go to:

http://www.cisco.com

Step 2 Click the Login button. Enter your Cisco user ID and password.

To access the Cisco images from the CCO Software Center, you must have a valid Cisco user ID and password. See your Cisco account representative if you need help.

Step 3 Click Technical Support.

Step 4 In the pop-up window, click Software Center.

Step 5 Click Web Software.

Step 6 Click Cisco Subscriber Edge Services Manager.

Step 7 Download the appropriate image based on the platform you intend to use for hosting the SESM web application.

SSG, RADIUS Server, and LDAP Server Status During Installation

The SSG, LDAP directory, and RADIUS components do not need to be installed and configured before you execute the Cisco SESM installation program. However, the installation program prompts you for configuration information about these components, such as IP addresses, ports, shared secrets, and other information required for the SESM components to communicate with them. You should know these values before you perform the installation. Otherwise, you will need to reconfigure the solution later.

In the case of the LDAP directory, it is advantageous to install the Cisco SESM solution when the directory is running and to have update rights to the directory. The installation program can install required extensions to the LDAP directory.

If you are installing the demo, the installation program does not prompt you for configuration information about SSGs, SPE databases, or RADIUS servers.

Upgrade Information

This section contains information about upgrading from previous releases of the software.

Installing SPE Schema Extensions in LDAP Mode

If you are upgrading from an earlier SESM release, you must install the new SPE schema extensions, using the SESM software installation program. Ensure that the following steps are performed:

Step 1 Export your data

Step 2 Reinstall the directory

Step 3 Install the new SPE schema extensions

Step 4 Import your data

Upgrading from SESM Release 3.1(3), 3.1(5) or 3.1(7)

This section provides information on upgrading from SESM Release 3.1(3), 3.1(5) or 3.1(7) to SESM Release 3.1(9).

Preserving Customizations

To preserve your previous SESM installation, including changes to configuration files and customized web applications, install SESM Release 3.1(9) in a different directory from previous installations.

To reuse the same installation directory, perform the following steps:

Step 1 Ensure that a backup copy of your previous SESM installation is stored in a safe location.

Step 2 Uninstall the previous release of SESM using instructions in the "Uninstalling a Previous Installation" section.

Step 3 Install the current release of SESM.

Step 4 Migrate the SESM Release 3.1(3), 3.1(5) or 3.1(7) set of configuration files to SESM Release 3.1(9). Use either of the following methods:

•When the application is running, use the Agent View to update attributes to the values used in the previous installation. Be sure to use the apply and store operations to persist the new values across application restarts.

•When the application is not running, edit the XML files, updating attribute values to the values used in the previous installation.

Step 5 Migrate your web portal applications to the new installation, as described in the following section.

Migrating an SESM Release 3.1(3), 3.1(5) or 3.1(7) Web Portal Application

To migrate an SESM Release 3.1(3), 3.1(5) or 3.1(7) web portal application to SESM Release 3.1(9), perform the following steps:

Note Before you begin this procedure, ensure that a backup copy of your entire SESM web application is stored in a safe location.

Step 1 Install the SESM Release 3.1(9) software. For information on installing the software, see the Cisco Subscriber Edge Services Manager Installation Guide.

Step 2 Copy the NWSP web application in \install_dir\nwsp to \install_dir\mywebapp, where \install_dir is the location in which you installed SESM Release 3.1(9), and mywebapp is the name of your SESM web application. This creates an SESM web application named mywebapp under \install_dir.

Step 3 Copy these files from the install location of the SESM Release 3.1(9) software.

a. In \install_dir\jetty\bin, copy startNWSP.sh to startMYWEBAPP.sh. Edit the startMYWEBAPP.sh file and replace APP=nwsp with APP=mywebapp. (For an SESM installation on a Windows platform, the suffix of the start file is .cmd.)

b. In \install_dir\jetty\config, copy nwsp.jetty.xml to mywebapp.jetty.xml. Edit the mywebapp.jetty.xml file and replace nwspkeystore with mywebappkeystore. Also, replace any comments that refer to NWSP.

c. In \install_dir\jetty\config, copy mywebappkeystore from your previous installation into this directory.

d. In \install_dir\jetty\config, copy nwsp.web-jetty.xml to mywebapp.web-jetty.xml.

Step 4 Verify the previous steps by starting the web application mywebapp in Demo mode.

a. In the /jetty/bin directory, run the start script. For example, on UNIX:

startMYWEBAPP.sh -mode Demo

b. Log in to the web application using the user name golduser and the password cisco. You should be able to use the SESM web application in Demo mode.

c. Stop the server.

Note To update the directory structure for a SESM web application, you usually must update only the contents of the WEB-INF subdirectory with the customizations for your web application. Step 5 overwrites almost the entire web application directory structure with the old web application directory. You then update certain files.

If your web application consists of minimal changes to the NWSP web application components, it may be more appropriate for you to leave the new SESM web application directory as is, and then overwrite only certain subdirectories from the previous SESM directory structure, such as the pages and images directories. If web.xml has been customized, then follow the instructions in the Step 12 for updating this file.

Step 5 Copy the following directories (and all directories and files under them) from your previous SESM web application into the \install_dir\mywebapp location of the SESM Release 3.1(9) software.

•docroot

•docs

Step 6 In the install location of the SESM Release 3.1(9) software, rename the docroot directory to webapp.

Step 7 Install a second copy of the SESM Release 3.1(9) software into a location different from where you installed the first copy.

Step 8 From the second SESM install location, copy the following files into the corresponding SESM Release 3.1(9) location of your web application:

•webapp\WEB-INF\lib\com.cisco.sesm.i18nl10n.jar

•webapp\WEB-INF\lib\com.cisco.sesm.logging.jar

•webapp\WEB-INF\lib\com.cisco.sesm.model.jar

•webapp\WEB-INF\lib\com.cisco.sesm.platform.jar

•webapp\WEB-INF\lib\com.cisco.sesm.radius.jar

•webapp\WEB-INF\lib\com.cisco.sesm.types.jar

•webapp\WEB-INF\lib\com.cisco.sesm.util.jar

•webapp\WEB-INF\lib\com.cisco.sesm.webapps.jar

•webapp\WEB-INF\lib\com.cisco.sesm.dess.jar

•webapp\WEB-INF\lib\com.cisco.sesm.auth.jar

•webapp\WEB-INF\lib\com.cisco.sesm.authentication.jar

•webapp\WEB-INF\lib\com.cisco.sesm.gsal.jar

•webapp\WEB-INF\lib\com.cisco.sesm.protect.jar

•webapp\WEB-INF\lib\com.cisco.sesm.jakarta-regexp1.2.jar

•webapp\WEB-INF\lib\com.cisco.sesm.log4j-1.2.6.jar

•webapp\WEB-INF\lib\com.cisco.sesm.appmgmt.remotemgmt.jar

•webapp\WEB-INF\lib\jsp.jar

•webapp\WEB-INF\lib\*.tld

For deployments in which a WAR file will be created, copy these additional files:

•webapp\WEB-INF\lib\com.cisco.contextlib.jar

•webapp\WEB-INF\lib\nitrusri.jar

•webapp\WEB-INF\lib\nitrustools.jar

For SPE/LDAP mode deployments only, copy these additional files:

•webapp\WEB-INF\lib\dess.jar

•webapp\WEB-INF\lib\auth.jar

•webapp\WEB-INF\lib\authentication.jar

•webapp\WEB-INF\lib\protect.jar

Step 9 Depending on whether your web application contains customized versions of the JSP pages in the webapp\decorators directory, do one of the following:

•If your web application does not contain customized JSP pages in webapp\decorators, copy all files in webapp\decorators from the second SESM Release 3.1(9) install location into the webapp\decorators directory at the SESM Release 3.1(9) location of your web application.

•If your web application does contain customized JSP pages in webapp\decorators, do the following:

a. Use a diff utility to compare your web application's files in webapp\decorators with the same files in the second SESM Release 3.1(9) install location.

b. Copy all files in webapp\decorators from the second SESM Release 3.1(9) install location into the corresponding SESM Release 3.1(9) location (webapp\decorators) of your web application.

c. Using the diff output from step a, replicate any customizations in all files in webapp\decorators of your SESM Release 3.1(9) web application.

Step 10 In the SESM Release 3.1(9) location that contains your web application, change the name of the webapp\WEB-INF\web.xml file to web.xml.OLD. The file web.xml is the web application's deployment descriptor file.

Step 11 Do one of the following depending on whether you have updated jsp.jar file (using the precompile.sh script).

•If you have updated the jsp.jar file, copy the WEB-INF\web.xml from the second SESM install location to web.xml.

•If you have not updated the jsp.jar file, copy the webapp\WEB-INF\web.recompile.xml file from the second SESM install location into the corresponding SESM Release 3.1(9) location that contains your web application, and rename the file web.xml.

Tip The web.recompile.xml file causes the web application's JSP pages to be used rather than any precompiled JSP pages. The web server compiles each JSP page the first time the JSP page is requested after the web application is started. For information on how to use precompiled JSP pages, see the Cisco Subscriber Edge Services Manager Web Developer Guide.

Step 12 If your SESM web application's deployment descriptor file (web.xml) is customized in any way, modify the deployment descriptor file that you created in Step 10 so that it includes those customizations. For example, the number or order of user-shape dimensions that your web application uses may be different from the number or order found in the standard web.xml or web.recompile.xml file.

Step 13 In the mywebapp\config\ directory of the SESM Release 3.1(9) location, rename the file nwsp.xml to mywebapp.xml.

Step 14 In the mywebapp\config\ directory of the SESM Release 3.1(9) location, change the attribute values in mywebapp.xml file so that their values are identical to the values used in your previous SESM installation. Use either of the following methods:

a. When the application is running, use the Agent View to update attributes to the values used in the previous installation. Be sure to use the apply and store operations to persist the new values across application restarts.

b. When the application is not running, edit the mywebapp.xml file, updating attribute values to the values used in the previous SESM installation.

Step 15 After you successfully complete this procedure, you can optionally delete the files that are associated with the second SESM Release 3.1(9) installation.

Searches for Java Classes. The deployer should be aware that the SESM web portals are, by default, run in a mode that is compliant with the Java 2, Enterprise Edition (J2EE) specification. This mode is controlled by the following line in the Jetty container MBean configuration file (for example, \install_dir\jetty\config\nwsp.jetty.xml):
<Set name="classLoaderJava2Compliant">TRUE</Set>
The preceding line has the following effects on how the web server searches for classes from JAR files:

•If classLoaderJava2Compliant is set to TRUE, classes from any JAR files in the \web_app_name\webapp\WEB-INF\lib directory are used after classes from any JAR files in the system CLASSPATH. This mode is compliant with J2EE.

•If classLoaderJava2Compliant is set to FALSE, classes from any JAR files in the \web_app_name\webapp\WEB-INF\lib directory are used before classes from any JAR files in the system CLASSPATH. This mode is compliant with the Java 2 Servlet Specification.

Upgrading from SESM Release 3.1(1)

This section provides information on upgrading from SESM Release 3.1(1) to SESM Release 3.1(9).

Migrating an SESM Release 3.1(1) Web Portal Application

Significant improvements and changes were made to the JSP pages and other web components of the SESM web application (New World Service Provider) starting with Release 3.1(3) including:

•The SESM web components that accomplish decoration were re-engineered.

•The Java code for interactions with the SESM model was moved from the JSP pages to the SESM control servlets. This change should minimize the modifications to the JSP pages as the SESM model evolves in the future.

•Implementing these changes required that numerous Java classes and methods be deprecated for SESM Release 3.1(3). In subsequent SESM releases, these classes and methods were removed.

Because of this extensive redesign, it is not practical to use JSP pages that were developed for SESM Release 3.1(1). After SESM 3.1(3), these JSP pages would need to be modified so as to replace use of the deprecated classes and methods that have now been removed. This task would be achieved by referring to the Javadoc included in the SESM installation.

Instead of modifying the JSP pages, the recommended strategy for migrating an SESM Release 3.1(1) web application is to use the SESM Release 3.1(9) software and web components, including the JSP pages and deployment descriptor file in a sample web application like NWSP. Using this approach, you would typically do the following:

1. Recreate the customizations from your SESM Release 3.1(1) web application in the set of JSP pages in the SESM Release 3.1(9) NWSP. For this step, you might need to accomplish one or more of the following changes to the sample SESM Release 3.1(9) web application:

•Modify the functionality of the web application

•Customize the look and feel of web elements such as icons, images, background colors, and style sheets

•Localize web elements

•Code revised or new JSP-page dimension decorators for the user-shape mechanism

If you use Dreamweaver UltraDev or Dreamweaver MX and the templates provided with the sample NWSP web application, the HTML customizations can be accomplished more efficiently. For detailed information on customizing and developing an SESM Release 3.1(9) web application, see the Cisco Subscriber Edge Services Manager Web Developer Guide at:

http://www.cisco.com/univercd/cc/td/doc/solution/sesm/sesm_319/webdevgd/index.htm

2. Configure the SESM Release 3.1(9) web application deployment descriptor file (web.xml) as described in the Cisco Subscriber Edge Services Manager Web Developer Guide at:

http://www.cisco.com/univercd/cc/td/doc/solution/sesm/sesm_319/webdevgd/ch3_adv.htm

3. Configure the customized SESM Release 3.1(9) web application as described in the Cisco Subscriber Edge Services Manager Installation Guide at:

http://www.cisco.com/univercd/cc/td/doc/solution/sesm/sesm_319/instconf/05portal.htm

4. Precompile the finalized production JSP pages using the directions and script provided in the Cisco Subscriber Edge Services Manager Web Developer Guide.

Uninstalling a Previous Installation

Use the uninstall utility provided with the SESM product to remove a previous installation. The uninstall utility is located in the following directory:
installDir
_uninst
   uninstall.bin or uninstall.exe
The uninstall utility does the following:

•Lets you choose the components to uninstall.

•Verifies the installation directory that is being uninstalled.

•Uninstalls the SESM components. It does not remove the installation directory, only the contents under the installation directory.

After you run the uninstall utility, you can safely reinstall one or more SESM components into the same directory.

Note Do not uninstall SESM by manually deleting the contents of the installation directory. If you manually remove the contents of the directory and then attempt a reinstall into the same directory, the reinstall might not be complete.

Important Notes

The following sections describe some important considerations related to the Cisco SESM.

Modifying Java Server Pages

The SESM portal applications use precompiled JavaServer Pages (JSP). If you modify the JSP pages in one of the SESM portal applications, you must recompile the JSP pages before the changes are visible in the application. For information on recompiling, see the Cisco Subscriber Edge Services Manager Web Developer Guide.

Recommended Java Runtime Environment

The recommended JRE for SESM Release 3.1(9) is JRE Version 1.4.1_02, which is bundled with the SESM product.

JMX Management Console

The Sun example JMX server includes an HTML adaptor server that produces a web-based management console. The JMX HTML adaptor server forms the basis of the remote management and configuration support provided by the CDAT management application. For example, an administrator can make configuration changes and can have these changes persisted with this new support.

Note In an earlier release, we recommended that the JMX HTML adaptor server functionality be removed when deployed in a production environment.

Starting with SESM Release 3.1(5), the JMX HTML adaptor server is required if a deployer needs this feature as part of the CDAT management application.

To protect access to SESM application management consoles, the JMX interface prompts for a username and password. For additional security, the deployer could deploy the SESM application behind a firewall.

For information about configuring the login values for SESM application management consoles, see the Cisco Subscriber Edge Services Manager Application Management Guide.

Server Hardware

If you are using a Sun Ultra or Enterprise system, you must use Solaris Version 8 or later. For live deployments, we recommend using an Enterprise class server with hot-swappable components and load-balancing across multiple servers. The Cisco Content Services Switch 11000 (CSS 11000) is preferred for load balancing.

For Windows installations, we highly recommend that you use hardware that meets the Windows Hardware Compatibility List (HCL) guidelines set by Microsoft with at least 128 MB of RAM (256 MB of RAM is recommended). Memory requirements are influenced by login rates, the number of subscribers concurrently logged on, and the number of services the subscribers are subscribed to use. See the chapter "Running SESM Components," in the Cisco Subscriber Edge Services Manager Web Portal Guide for more details about memory requirements.

Sun ONE (iPlanet) Directory Server 5.0 Fails to Remove Attribute

A known problem in the Sun ONE Directory Server 5.0 affects the CDAT management application. The problem is that removing an attribute does not fully remove it. See Bug 554309 at this location:

http://docs.sun.com/source/816-5604-10/index.html

This issue has an impact on the CDAT management application in the following situation. If InetOrgPerson=UID and an administrator changes the value of the Poolname (CiscoDESSpoolName) or Primary Service (CiscoDESSprimaryService) attribute to null, an exception is thrown. After the exception, unexpected behavior occurs in the CDAT management application. The problem does not occur if the administrator changes Poolname or Primary Service to a value other than null.

The workarounds are:

•Rather than attempting to change the attribute value for Poolname or Primary Service in CDAT to null, change the values to something other than null.

•Apply the Sun ONE Directory Server 5.0 Service Patch 1

•Upgrade to Sun ONE Directory Server 5.1

JDK Home Settings

The JVM used by the SESM applications is determined by the setting of the JDK_HOME variable in the SESM start scripts, for example .../jetty/bin/start.sh. However, the SESM start scripts give precedence to a JDK_HOME environment variable, if one is set.

Caveats

Table 2 describes known problems in SESM Release 3.1(9).
Table 2 Caveats in SESM Release 3.1(9)
Category

Caveat

Description

General Issues

CSCdw50552

With a Netscape Version 4.7 browser, the following problems exist concerning the service list display area in the SESM application pages:

•Service groups or mutually exclusive services cannot be collapsed.

•When the subscriber has no subscribed services, the service list contains a white space where the Current Services folder should be.

Workaround: None

CSCuk32067

If the file tag from the Shape tag library (<shape:file name='...'/>) does not find the resource specified by the name attribute, the JSP page stops displaying. In some cases, a blank page is displayed. This is normally only an issue during development and testing, as all resources should be available in a production application.

Workaround: Replace the use of com.cisco.sesm.shape.taglib.FileTag with that of com.cisco.sesm.taglib.shape.ResourcePathTag. The ResourcePathTag is not used by default because it's increased functionality has an impact on performance.

CSCuk28056

When a subscriber with inherited Cisco AV Pairs from a user group creates a subaccount from the NWSP application, the subaccount does not inherit the parent's AV Pairs. If the parent account has a Local Cisco AV Pair, the subaccount inherits that AV Pair.

Workaround: After a subscriber creates a subaccount, an administrator must use CDAT to set the Cisco AV Pairs either in the subaccount or in the parent account.

CSCuk31287

A user group member is erroneously autoconnected to a service when the following conditions are true:

•The user group has a subscribed service which is defined as auto-logon.

•The service is a member of a service group, but the user is not subscribed to the service group.

When the user logs on, the service is autoconnected even though the user is not subscribed to the service group.

Workaround: Do not define services in a service group as auto-logon in a user group.

CSCuk32602

In a captive portal deployment, when an unauthenticated WAP subscriber tries to connect to a service, the authentication page appears. After authentication, the service list page appears and the subscriber is not connected to the original service as a non-WAP based subscriber would be.

Note If the WAP subscriber is already authenticated, this issue does not arise.

Workaround: The subscriber manually selects the service from the service list.

CSCuk34276

When deployed with a JRE, the NWSP application does not provide support for WAP or PDA devices. This support is only provided when the NWSP application is deployed with a full JDK.

Workaround: Deploy with the full JDK.

General Issues (continued)

CSCuk43787

Scenario: You have a a web-proxy configured in your browser, and you are subject to TCP Redirect on the SSG, which results in you being redirected to the SESM Captive Portal application.

If you request an HTTPS URL in your browser, then the redirection / proxy which should be performed by the Captive Portal application will fail.

Workaround: None

CSCuk45021

When trying to access the Status page on the NWSP in Demo mode, you are taken to the Messages page. A Null Pointer Exception is generated and displayed.

This does not occur on the NWSP in RADIUS or SPE mode.

Workaround: None

Installation Issues

CSCuk31428

During a custom installation, if you select only the RDP component, the installation program also selects the Jetty component. The Jetty component cannot be unselected, even though the RDP does not require it.

Workaround: Proceed as normal with the installation. The Jetty component has a very small footprint. Although it is installed, it does not have an impact on the operation of the RDP component.

CSCuk31431

During a custom installation in SPE/LDAP mode, if you deselect all of the choices and then reselect the Web Applications, the installation application correctly autoselects the Jetty component but does not autoselect the SPE component.

Workaround: If this sequence of events occurs, be sure to manually select the SPE component, as it is required for SPE/LDAP mode.

CSCuk43808

When installing SESM in SPE Mode (Typical, or Custom where the RDP is selected) in addition to the normal, documented, screen for RDP data, a second screen is displayed later during the installation.

The data requested by the second screen, RDP Host and RDP Port, is a repeat of that in the first RDP screen. Although the second screen is marked as optional, the correct data should be entered, otherwise after installation the RDP will not be configured correctly.

The RDP Host field has 2 purposes -

1. This is the address on which the RDP will listen for requests. If a request is received on a different address, as could happen when the server has more than 1 interface, it will not get a response. If it is required that the RDP responds to requests received on any address then enter 0.0.0.0

2. The address entered here will be reflected in the name listed in Application Management

Workaround: Ensure that the second screen is filled in with the correct information and is similar to that of the first screen. Or, alternatively these addresses can be modified post installation by manually editing the rdp.xml and/or AdapterFactoryInit.xml files.

Installation Issues (continued)

CSCuk31543

The silent install option does not perform correctly for the SESM applications, unless you intend to install in Demo mode. Configuration information for the web portal applications (NWSP, PDA, WAP) is not set, although the remaining applications and components (CDAT, RDP, Captive Portal, Message Portal) are configured as expected.

Workaround: The preferred workaround is to use the normal or console-based installation mode. An alternative workaround is to manually edit the incorrect configuration files:

•applicationName/config/appName.xml

•jetty/config/applicationName.jetty.xml

•jetty/bin/startapplicationName.sh or jetty\bin\startapplicationName.cmd

CSCuk39878

The windows service scripts for do not function correctly. The services appear to install correctly, but they do not start up properly.

Workaround: None
CSCuk44588
The stop scripts are not working, for example stopNWSP.sh. This is due to an error in the start.sh script.

Workaround:

Edit .../jetty/bin/start.sh and insert the line indicated:
$JAVA $SERVER -Xms64m -Xmx64m \
  -classpath $CLASSPATH \
  -Dinstall.root=$INSTALLDIR \
  -Djetty.home=$JETTYDIR \
  -Dapplication.home=$APPDIR \
  -Dapplication.portno=$PORTNO \
  -Dapplication.ssl.portno=$SSLPORTNO \
  -Dmanagement.portno=$MGMTPORTNO \
  $MODE \
  $JVMOPTIONS \
  com.cisco.sesm.jmx.Main \
  $CONFIG_FILES \
&                             <=== Add this line
CSCuk44745

SPE authentication fails if SESM is installed in SPE mode directly from a CD-ROM, when using iPlanet directory.

This is because the installer attempts to create a temporary file on the CD-ROM for modifications to the SPE. Although this is not possible, no installation errors occur unless logging is enabled during installation.

As a result, it is not possible to authenticate against the SPE after installation.

The same problem occurs if you run the installer from the hard disk but do not have write access to that location.

This problem affects all platforms.

Workaround: When installing SESM from a CD-ROM, it is recommended that the contents of the CD-ROM are copied to hard disk and the installer is run from there. Make sure that you have write access to the location of the install image.

Installation Issues (continued)

CSCuk44912

If you are installing SESM with NDS, you cannot choose a type of Password Encryption Algorithm. User passwords will only be stored SHA encrypted.

Workaround: None

CSCuk45704

The normal behavoir for extensions and modes is for the extension mechanism to override the modes mechanism. However, in release 3.1(9), in the case of service subscription changes, the modes mechanism is always used. A problem occurs if the mode does not match the extension configuration, which may happen if one of them is changed after install.

Workaround: Ensure that the mode configuration matches the extension configuration.

RDP Issues

CSCuk35196

If a subscriber has a Primary Service as a result of inheriting it from a User Group, the RDP does not pass the IP Pool associated with the Primary Service to the SSG.

Workaround: For IP Pool to be passed to the SSG, the IP Pool attribute must be defined in the Local RADIUS Attributes field of the CDAT management application at the User Group level.

CDAT Issues

CSCuk29592

If an administrator deletes a service from CDAT that is defined as an autoconnected service in a subscriber's profile, some service-related attributes might not be deleted from the directory. The problem occurs regardless of whether the subscriber is logged in or logged out. These redundant attributes do not have an impact on the subscriber.

Workaround: There is no impact in leaving these attributes in the directory, but administrators can manually remove the attributes if they wish.

CSCuk31892

CDAT cannot distinguish between local and inherited generic RADIUS attributes in a user profile when the user is a member of a group for which the generic attributes are defined.

Workaround: None

CSCuk30471

CDAT cannot distinguish between user and group pool names.

Workaround: None

CSCdv02447

When CDAT displays subaccounts, it displays group membership and not blocked roles.

Workaround: You can manipulate these values using an LDAP server administration tool such as ConsoleOne, or by using the appropriate NWSP application self-care feature to modify the roles of a subaccount.

CSCuk32178

In CDAT, the Service Filters attributes are not inherited by the user from a user group.

Workaround: If these attributes are required, they must be directly assigned to each user.
CDAT Issues (continued)

CSCuk43101
Within the SESM Application Management 'SSG' screen, it is only recommended to create and edit Subnet Attributes that have an Attribute type of 'IP' or 'SESSION_LOCATION'. Other valid Subnet Attributes are listed below, but these cannot be specified on a per-subnet basis because the 'Attribute Value' field is required to be 'IP'.

Workaround: To set any of the listed Attributes on a per-subnet basis, you are required to edit the appropriate application configuration file.

For example, if you wish to create a new mapping for the 192.168.2.0/24 client subnet and a SESSION_LOCATION attribute (or type 'london') within the NWSP web portal, you would add a line similar to the following:
<Callname="setSubnetAttribute"><Arg>192.168.2.0</Arg><Arg>255.255.255.0</
Arg>
<Arg>SESSION_LOCATION</Arg><Arg>london</Arg></Call>
For these changes to take effect, save the configuration file and restart the application.
CSCuk44032

When a subscriber creates a sub-account with the NWSP SUB-ACCOUNTS page, then when that sub-accounts logs into NWSP, the First Name field in the MY ACCOUNT page will display the name prefixed with "cn=" or "uid=", depending on the LDAP directory used. This is purely a cosmetic error and does not affect the operation at all.

Workaround: This can be corrected by the sub-account user by simply updating the value of the field, or by an administration user via the CDAT application.

CSCuk44001

A user is not able to set the 'Country' field in the SESM 'My Account' page.

Workaround: None

Note This is only an issue where SESM is installed in SPE mode, using an LDAP directory as its datastore.
CSCuk44022
After a user has logged in to the SESM CDAT Directory Management application, they are unable to access the CDAT Help page. If they attempt to do so, they will see the following error reported in the browser:
HTTP Error: 500 String index out of range: -1
RequestURI=/help
Workaround: None. For help with the CDAT Directory Management application, please refer to the online SESM Documentation.
Documentation Updates

This section includes new and updated information about SESM Release 3.1(9) that does not appear in the current SESM documentation set. The information contained in the following sections will appear in a future revision of the respective guides.

Cisco Subscriber Edge Services Manager Web Developer Guide

Note The instructions in the Cisco Subscriber Edge Services Manager Web Developer Guide, on page 2-7 are no longer accurate. Replace the old instructions with the instructions in this section.

SESM Class Libraries and Tag Library Descriptor Files

To successfully compile the JSP pages for an SESM web application, the Java compiler must be able to find the needed SESM-related class libraries and tag library descriptor (TLD) files:

Table 3 JAR Files for an SESM Web Application

JAR File

Description

com.cisco.sesm.appmgmt.remotemgmt.jar

Classes for remote management of SESM applications.

com.cisco.sesm.erp.jar

Classes for the Extensible Request Proxy framework, the foundation of the RADIUS Data Proxy (RDP).

com.cisco.sesm.jmx.jar

Classes for the SESM extensions to the Java Management Extensions (JMX) tools.

com.cisco.sesm.i18nl10n.jar

Classes for internationalization and localization.

com.cisco.sesm.logging.jar

Classes for the SESM logging utilities.

com.cisco.sesm.model.jar

Classes for the SESM core model and associated functionality.

com.cisco.sesm.platform.jar

Classes for the platform framework for extensions.

com.cisco.sesm.radius.jar

Classes for the RADIUS-related functionality.

com.cisco.sesm.types.jar

Classes for some SESM types.

com.cisco.sesm.util.jar

Classes for the SESM utilities.

com.cisco.sesm.webapps.jar

Classes for the SESM decorators and controllers, and tag libraries.

jsp.jar

Classes for the SESM precompiled JSP pages.

dess.jar
auth.jar
authentication.jar
gsal.jar
protect.jar
jakarta-regexp1.2.jar
log4j-1.2.6.jar

Classes for using Security Policy Engine (SPE). These files are needed only for SESM web applications that will be deployed in SPE mode.

With two exceptions, the SESM-related JAR files reside in the install_dir\web_app_name\webapp\WEB-INF\lib directory, where install_dir is the directory where the SESM software is installed, and web_app_name is a directory where a sample SESM web application, such as NWSP, is installed. The two exceptions are:

•com.cisco.sesm.erp.jar resides in the install_dir\libs\erp\lib directory.

•com.cisco.sesm.jmx.jar resides in the install_dir\libs\jmx\lib directory.

In addition, there are three non-SESM-related JAR files in the following locations:

•javax.servlet.jar resides in the install_dir\jetty\lib directory.

•org.apache.jasper.jar resides in the install_dir\jetty\lib directory.

•crimson.jar resides in the install_dir\redist\jaxp\lib directory.

To compile the class for an SESM web portal software component, the CLASSPATH environment variable must be set to the needed directory path (for example, \install_dir\web_app_name\webapp\WEB-INF\lib to tell the Java compiler the location of the SESM class libraries.

The Cisco SESM software also includes a set of TLD files for the SESM tag libraries. Each TLD file is an XML file describing a tag library. The TLD files reside in the install_dir\web_app_name\webapp\WEB-INF directory and are as follows:

•iterator.tld

•localization.tld

•navigator.tld

•shape.tld

For more information on the TLD files and using a tag library, see the "Configuring a Tag Library" section on page A-1.

Cisco Subscriber Edge Services Manager SDK Platform Programmer Guide

Note This section provides information about SPE related JAR files that is not in the Cisco Subscriber Edge Services Manager SDK Platform Programmer Guide. This information should be added to Table 1-3, JAR Files for an SESM Web Application, on page 1-5.

Table 4 JAR Files for an SESM Web Application

JAR File

Description

dess.jar
auth.jar
authentication.jar
gsal.jar
protect.jar
jakarta-regexp1.2.jar
log4j-1.2.6.jar

Classes for using Security Policy Engine (SPE). These files are needed only for SESM web applications that will be deployed in SPE mode.

Note This section provides information about non-SESM related JAR files that is not in the Cisco Subscriber Edge Services Manager SDK Platform Programmer Guide. This information should be added to the section on page 1-5, SESM Class Libraries.

In addition, there are three non-SESM-related JAR files in the following locations:

•javax.servlet.jar resides in the install_dir\jetty\lib directory.

•org.apache.jasper.jar resides in the install_dir\jetty\lib directory.

•crimson.jar resides in the install_dir\redist\jaxp\lib directory.

Cisco Subscriber Edge Services Manager Application Management Guide

Note This section provides information about the SSG MBean attributes that are not in the Cisco Subscriber Edge Services Manager Application Management Guide. This information should be added to the empty section on page 3-6, Configuring Logon Values for the Application Manager.

Configuring Logon Values for the Application Manager

To access the Application Manager, you must enter a user ID and password.

1. User ID—Enter a user ID that you want to have access to the Application Manager. The default value is MgmtUser.

2. Password—Enter a password that will be required to access the Application Manager. The default is MgmtPassword.

Note This section provides information about the SSG MBean attributes that are not in the Cisco Subscriber Edge Services Manager Application Management Guide. This information should be added to the section on page 7-5, SESM Application Logging and Debugging.

SSG MBean

The SSG MBean configures the SSG connections.

Table 5 SSG MBean Attributes

Attribute Name

Explanation

SSGIPPolicy Class

The class name of the SSGIPPolicy to use to determine the SSG IP address for a session. If not set, the identity mapping is used.

Installed default: com.cisco.sesm.ssg.DefaultSSGIPPolicy

attributeDescriptions

An array describing the SSG configuration. For example:

java.lang.String[0] = 10.52.199.172[255.255.255.252]IP=10.52.199.83

java.lang.String[1] = 0.0.0.0[0.0.0.0]THROTTLE=20

java.lang.String[2] = 0.0.0.0[0.0.0.0]TIMEOUTSECS=10

java.lang.String[3] = 0.0.0.0[0.0.0.0]SECRET=cisco

java.lang.String[4] = 0.0.0.0[0.0.0.0]MASK=255.255.255.255

java.lang.String[5] = 0.0.0.0[0.0.0.0]BUNDLE_LENGTH=0

java.lang.String[6] = 0.0.0.0[0.0.0.0]SEND_FRAMED_IP=false

java.lang.String[7] = 0.0.0.0[0.0.0.0]PORT=1812

java.lang.String[8] = 0.0.0.0[0.0.0.0]RETRIES=3

attributes

The attributes used internally by the persistence mechanism. For example:

Type Not Supported: [{10.52.199.172[255.255.255.252]={IP=10.52.199.83}, 0.0.0.0[0.0.0.0]={THROTTLE=20, TIMEOUTSECS=10, SECRET=cisco, MASK=255.255.255.255, BUNDLE_LENGTH=0, SEND_FRAMED_IP=false, PORT=1812, RETRIES=3}}]

generateMessageAuthenticators

Boolean type True or False. If True, message authenticators are generated for all requests according to RFC2689.

maxSSGs

The maximum number of SSGs that will be cached. This value is an integer.

numCloses

The total number of connections that have been closed. This value is an integer.

numExceptions

The total number IO exceptions handled during all requests. This value is an integer.

numOpens

The total number of connections that have been opened. This value is an integer.

numRejects

The total number of Access Rejects received. This value is an integer.

numRequests

The total number of requests made. This value is an integer.

numSSGs

The number of SSGs in the cache. This value is an integer.

numTimeouts

The total number of requests that have timed out. This value is an integer.

statistics

View the value of statistics.

throttle

The default maximum number of simultaneous requests allowed to an SSG. This value is an integer.

Cisco Subscriber Edge Services Manager Deployment Guide

Note The instructions in the Cisco Subscriber Edge Services Manager Deployment Guide, on page 4-2 are no longer accurate. Replace the old instructions with the instructions in this section.

Summary of Administrative Access to NDS

When you complete the procedures described here, the NDS directory is configured as follows:

•The following SESM container exists in the NDS directory:

–Tree name: sesm

–Server context: ou=sesm.o=cisco

•The following attribute on the SESM LDAP group object is set to true (required).

–On NDS Version 8.5, the Allow Clear Text Passwords attribute

•The following attribute on the SESM LDAP group object is set to false (required).

–On NDS Version 8.7, the Require TLS for Simple Binds with Password attribute

•Access to the SESM container through ConsoleOne is granted with the following distinguished name (dn) in the format shown:

–name: cn=admin.ou=sesm.o=cisco

–password: value you specified during the NDS installation

This administrative user has all required permissions to update the NDS directory schema and also to create and modify objects in the SESM container.

•When configuring SESM and SPE, use the following format for distinguished name:
cn=admin,ou=sesm,o=cisco 
Cisco Subscriber Edge Services Manager Installation Guide

Note This section provides information about the SPE installation screens that are not in the Cisco Subscriber Edge Services Manager Installation Guide. This information should be added to the table on page 4-12, SESM Installation and Configuration Parameters. It replaces the information in the categories Directory server information, Directory container information, and Naming attribute.
Table 6 SESM Installation and Configuration Parameters
Category

Field

Explanation

Data Store Type Selection

Data Store Type

Select the default value of Directory Server. This is the only Data Store Type that is supported for SESM Release 3.1(9).

Vendor Name

Only two Directory Server vendors are supported for Release 3.1(9):

•Novell Directory Server

•iPlanet

Password Encryption Panel

SPE Installation Type

Select the default value of Fresh SPE Installation. This is the only SPE Installation Type that is supported for SESM Release 3.1(9).

Master Password

Enter a password and verify it in the Master Password (Repeat) box. Make a note of this password for future reference.

Password Encryption Algorithm

Select one of the following options:

NONE - user passwords are stored in clear text. If you are using the NDS Directory server, this option does not currently work and user passwords will only be stored SHA encrypted. For more details, see CSCuk44912.

SHA - user passwords are stored SHA encrypted. This is the encryption used in SESM 3.1(7).

SSHA - user passwords are stored SSHA encrypted. If you are using the NDS Directory server, this option does not currently work and user passwords will only be stored SHA encrypted. For more details, see CSCuk44912.

Naming attribute

inetorgPerson

Choose the component in distinguished name (dn) that allows access to the SESM container.

•common name (cn)—NDS, for example, uses cn.

•unique identifier (uid)—Sun ONE, for example, uses uid for the SESM container. See the Cisco Subscriber Edge Services Manager Deployment Guide for more information.

Directory server information

Directory address

Enter the IP address or the host name of the system on which the directory server is running.

Directory port

Enter the port on which the directory server listens.
Directory admin user
Enter a user ID that has permissions to extend the directory schema. Use cn or uid as appropriate. For example:

•For NDS, enter:
cn=admin, ou=sesm, o=cisco
•For Sun ONE (or iPlanet), enter:
cn=Directory Manager
Note The default configuration by the Sun ONE installation process uses cn for the Directory Manager. See the Cisco Subscriber Edge Services Manager Deployment Guide for more information.
Directory admin password

Enter the password for the directory administrator. This is the password you entered during directory installation and configuration. For example:

•For NDS, enter the password you specified for the admin user during installation.

•For Sun ONE, enter the password you entered for the Directory Manager user during Sun ONE installation.
Directory container
Enter the organization and organizational unit that will hold the SESM service, subscriber, and policy information. Use the following format:
ou=orgUnit,o=org
For example, the installation program's default values are:
ou=sesm,o=cisco
The above defaults are the values used in the sample data file that comes with CDAT.
DESS AdminUser
Enter a user ID that has permissions to access and create objects in the organization and organizational unit named above. Use cn or uid as appropriate. For example:

•For NDS, the container administrator is the same as the directory administrator you entered on the previous window:
cn=admin,ou=sesm,o=cisco
•For Sun ONE (or iPlanet), the container administrator is not the same as the directory administrator. You created this container administrator after Sun ONE installation.
uid=yourAdmin,ou=sesm,o=cisco
DESS Admin Password

Enter the password associated with the DESS Admin user ID.

Note The installation program attempts to access the directory server and the container, using the information you provided. If access is unsuccessful, the installation program displays a window with the header "Warning—Please confirm these options." Verify the information you entered and also verify that the directory server is running. If the directory is not running, you can continue the installation of SPE components by clicking the Ignore button on the warning window. However, if you click Ignore, the installation program can not update the directory for SESM use. You must perform the updates at a later time before you run SESM web applications or CDAT. See the Cisco Subscriber Edge Services Manager Deployment Guide for instructions.
Note The instructions in the Cisco Subscriber Edge Services Manager Installation Guide, on page 2-1 are no longer accurate. Replace the old instructions with the instructions in this section.

Hardware Platform Requirements

SESM applications can run on any platform that supports the Java Runtime Environment (JRE). Table 7 lists the platforms tested in our labs.

Table 7 Hardware Platforms

Platform

Specifications

Solaris

•Sun Ultra10 or Sun E250 (or later version)

•Solaris Version 8 (or later version) operating system

Windows

•Pentium III (or equivalent) processor

•Lowest OS supported is Windows NT Version 4.0, Service Pack 5 (or later version)

Linux

•Red Hat Linux Version 8

•SuSE Linux Version 7.3

Cisco Subscriber Edge Services Manager Web Portal Guide

Note The instructions in the Cisco Subscriber Edge Services Web Portal Guide, on page 3-2, "Container Requirement for the Port-Bundle Host Key Feature", are no longer accurate.

Replace the text:

Jetty version 4.1.0RC6 is bundled with SESM Release 3.1(7).

with:

Jetty version 4.2.9rc2 is bundled with SESM Release 3.1(9).

Note The instructions in the Cisco Subscriber Edge Services Web Portal Guide, on page 3-2, "Creating WAR Files for Containers Other Than Jetty", are no longer accurate.

Replace the text:
cd installDir/nwsp/webapp
jar cf0 ../nwsp.war *
with:
cd installDir/nwsp/webapp
jar cvf ../nwsp.war *
Related Documentation

See the following documentation regarding SESM.

•Cisco Subscriber Edge Services Manager Solutions Guide

•Cisco Subscriber Edge Services Manager Installation Guide

•Cisco Subscriber Edge Services Manager Deployment Guide

•Cisco Subscriber Edge Services Manager Web Portal Guide

•Cisco Subscriber Edge Services Manager Captive Portal Guide

•Cisco Subscriber Edge Services Manager RADIUS Data Proxy Guide

•Cisco Subscriber Edge Services Manager Troubleshooting Guide

•Cisco Subscriber Edge Services Manager Platform SDK Programmer Guide

•Cisco Subscriber Edge Services Manager Application Management Guide

•Cisco Distributed Administration Tool Guide

•Cisco Subscriber Edge Services Manager Web Developer Guide

The online location for SESM documentation is:

http://www.cisco.com/univercd/cc/td/doc/solution/sesm/index.htm

Obtaining Documentation

The following sections explain how to obtain documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at the following URL:

http://www.cisco.com

Translated documentation is available at the following URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering Documentation

Cisco documentation is available in the following ways:

•Registered Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace:

http://www.cisco.com/cgi-bin/order/order_root.pl

•Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Leave Feedback at the bottom of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at 408 527-0730.

You can e-mail your comments to bug-doc@cisco.com.

To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:

Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.

Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to

•Streamline business processes and improve productivity

•Resolve technical issues with online support

•Download and test software packages

•Order Cisco learning materials and merchandise

•Register for online skill assessment, training, and certification programs

You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL:

http://www.cisco.com

Technical Assistance Center

The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center.

Inquiries to Cisco TAC are categorized according to the urgency of the issue:

•Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.

•Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.

•Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.

•Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.

Cisco TAC Web Site

The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL:

http://www.cisco.com/tac

All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register:

http://www.cisco.com/register/

If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL:

http://www.cisco.com/tac/caseopen

If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.

Cisco TAC Escalation Center

The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before you call, check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, have your service agreement number and your product serial number available.

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, iQ Net Readiness Scorecard, Networking Academy, and ScriptShare are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0303R)
Copyright © 2003, Cisco Systems, Inc.
All rights reserved.

Cisco Subscriber Edge Services Manager

Release Notes for Cisco Subscriber Edge Services Manager 3.1.9

Hierarchical Navigation

Downloads

Table Of Contents

Release Notes for the Cisco Subscriber Edge Services Manager, Release 3.1(9)

Contents

Introduction

SESM Deployment Options

SESM Application Suite

System Requirements

Hardware Supported

SESM Platforms

Cisco Platforms with the SSG

Software Compatibility

Captive Portal Compatibility

Port-bundle Host Key Compatibility

Complete ID Compatibility

New Features

New Features for RADIUS and SPE Mode

New Features for SPE Mode

Installation Notes

Obtaining a License Number

Obtaining Cisco SESM Software Files

SSG, RADIUS Server, and LDAP Server Status During Installation

Upgrade Information

Installing SPE Schema Extensions in LDAP Mode

Upgrading from SESM Release 3.1(3), 3.1(5) or 3.1(7)

Preserving Customizations

Migrating an SESM Release 3.1(3), 3.1(5) or 3.1(7) Web Portal Application

Upgrading from SESM Release 3.1(1)

Migrating an SESM Release 3.1(1) Web Portal Application

Uninstalling a Previous Installation

Important Notes

Modifying Java Server Pages

Recommended Java Runtime Environment

JMX Management Console

Server Hardware

Sun ONE (iPlanet) Directory Server 5.0 Fails to Remove Attribute

JDK Home Settings

Caveats

Documentation Updates

Cisco Subscriber Edge Services Manager Web Developer Guide

SESM Class Libraries and Tag Library Descriptor Files

Cisco Subscriber Edge Services Manager SDK Platform Programmer Guide

Cisco Subscriber Edge Services Manager Application Management Guide

Configuring Logon Values for the Application Manager

SSG MBean

Cisco Subscriber Edge Services Manager Deployment Guide

Summary of Administrative Access to NDS

Cisco Subscriber Edge Services Manager Installation Guide

Hardware Platform Requirements

Cisco Subscriber Edge Services Manager Web Portal Guide

Related Documentation

Obtaining Documentation

World Wide Web

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco.com

Technical Assistance Center

Cisco TAC Web Site

Cisco TAC Escalation Center

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.

All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0303R)

Copyright © 2003, Cisco Systems, Inc.All rights reserved.

Programs

Programs

Programs

Programs

Copyright © 2003, Cisco Systems, Inc.
All rights reserved.