Table Of Contents
Release Notes for the Cisco Subscriber Edge Services Manager, Release 3.1(9)
These release notes contain important information regarding the Cisco Subscriber Edge Services Manager (Cisco SESM) Release 3.1(9).
Note For information about obtaining a license number, see the "Obtaining a License Number" section.
These release notes discuss the following topics:
Cisco SESM provides service selection and connection management in broadband and mobile wireless environments. Cisco SESM provides the end user (the subscriber) with a web portal for accessing multiple services. The ISPs and NAPs deploying Cisco SESM can customize the content of the web pages and thereby control the subscriber experience.
SESM Deployment Options
SESM Release 3.1(9) supports the following deployment options:
•RADIUS—In this deployment, the SESM web application and SSG query a RADIUS database for authentication and authorization information.
•SPE—In this deployment, the Cisco Subscriber Policy Engine (SPE) provides the libraries and directory schema extensions that enable queries to an LDAP directory for authentication and authorization information.
•Demo—In Demo mode, the SESM web application simulates the actions of an SESM application without using an SSG, RADIUS server, or LDAP directory.
SESM Application Suite
SESM Release 3.1(9) includes the following sample web portal applications that can be installed and configured for demonstration purposes or used as a starting point for customizations:
•New World Service Provider (NWSP) portal—A comprehensive example of most features offered by the SESM web development kit.
•Wireless Access Protocol (WAP) portal—An application designed specifically for deployment in the mobile wireless industry.
•Personal Digital Assistant (PDA) portal—An application with web pages formatted for a PDA device.
You can optionally install the following applications to configure the SESM captive portal solution:
•Captive Portal application—A gateway application between the SSG and other applications in a captive portal solution. The default configuration for this application redirects subscriber browsers to either the Message Portal application or the NWSP application.
•Message Portal application—SESM portal application that produces sample greetings and advertising pages to demonstrate SESM captive portal features.
The SESM software includes the following additional supporting applications:
•Cisco Distributed Administration Tool (CDAT)—A web-based interface that is used to create and maintain the subscriber, service, and policy information used by SESM and the Service Selection Gateway (SSG) in an SPE/LDAP mode deployment.
•RADIUS Data Proxy (RDP) server—A RADIUS server that can proxy profile requests or use the SPE components to query the LDAP directory for profile information.
•Web Services Gateway (WSG) application—Provides a Simple Objects Access Protocol (SOAP)-based interface that allows third-party web portals and subscriber management systems to integrate with the SESM and SSG solution.
•Application Management—Java Management Extensions (JMX) based application management for all solution components.
Additional software components bundled in the Cisco SESM installation package are:
•J2EE management components.
•SPE component—For SESM running in SPE mode, this component provides the interface between SESM applications and the SPE directory.
This section describes hardware and software requirements for SESM deployments.
You can deploy SESM using the following platforms and SSG devices.
SESM applications can run on any platform that supports the Java Runtime Environment (JRE). Verified platforms are shown in Table 1.
Cisco Platforms with the SSG
Cisco SESM works with any router running Cisco IOS software with the Cisco Service Selection Gateway. The following devices, when they are running the Cisco IOS Release 12.2.(4)B or later with SSG enabled, work with SESM Release 3.1(9):
•Cisco 6400 Universal Access Concentrator (UAC)
•Cisco 7200 series high-performance multifunction routers
•Cisco 7400 series Internet routers
The following SESM features require support on the SSG:
•Port-bundle host key
Captive Portal Compatibility
To use the captive portal feature in SESM to support unauthenticated user redirections:
•The SSG device must be running Cisco IOS Release 12.2(2)B or later, or Release 12.1(5)DC1 or later.
•The SSG TCP redirect feature must be configured appropriately.
To use the captive portal feature in SESM to support service redirections, initial logon redirections, and advertising redirections:
•The SSG device must be running Cisco IOS Release 12.2(4)B or later, or Release 12.1(5)DC1 or later.
•The SSG TCP redirect feature must be configured appropriately.
Port-bundle Host Key Compatibility
To use the port-bundle host key feature:
•The SSG device must be running Cisco IOS Release 12.2(2)B or later.
•The SSG host key feature must be configured appropriately.
The host key feature can be enabled and disabled on both the SESM and SSG products to ensure backwards compatibility.
Complete ID Compatibility
To use the complete ID feature for portal location awareness and branding, the SSG device must be running Cisco IOS Release 12.3(1)T or the X train for Cisco IOS Release 12.2(8)B.
This section describes new features in SESM Release 3.1(9) for both RADIUS and SPE mode, and SPE mode only.
New Features for RADIUS and SPE Mode
•New user interfaces for CDAT management and configuration screens—This affects:
–Screens used for general administration tasks
–Screens used to control JMX MBean parameters
•RDP domain support—The RDP has been enhanced to accommodate a separate server for accounting. It has also been enhanced to handle RADIUS usernames with @<domain.name> and is able to send these requests to different RADIUS servers.
•Enhanced Captive Portal—The Captive Portal application enables unauthenticated subscribers greater leveraging of SSG 12.2(16)B features. The enhanced Captive Portal application also supports redirection for both HTTP and HTTPS.
•Message Authenticator support—Support for origin and integrity authentication for all RADIUS packets generated and accepted by SESM applications.
• Framed IP address support—Support for requests from the web portal and WSG applications to the SSG to include the remote IP address of a request. This optional address is included in the Framed IP Address field. This enables the RADIUS load balancing devices to direct requests using the value of the Framed IP Address field.
• Bulk Upload of SSG Mappings—Support for uploading a complete set of client IP configuration data to SSG mappings in the CDAT. A CDAT web page is displayed that requires authentication credentials, the location of the files to be uploaded, and the web portal instance that the configuration data will be applied to. Once applied, the new mappings only apply to new sessions, and any existing sessions are not affected.
•Web proxy support—The SESM Release 3.1(9) Captive Portal application includes features that handle subscribers with a web-proxy configured in their browsers.
–PAC file emulation. In Release 3.1(9), the Captive Portal application can recognize the PAC file request and respond with its own example PAC file as a substitute.
–Web proxy notification page. In Release 3.1(9), the Captive Portal application can recognize the difference between a proxy request and a non-proxy or regular HTTP request. You can configure the SESM Captive Portal application to react to proxy requests by redirecting the browser to a customized message page.
–Web-Proxy support. In Release 3.1(9), when the Captive Portal application recognizes that an unauthenticated subscriber has a web proxy configured, it captures the browser and proxies a login page to the browser. After authenticating and connecting to services on the SSG, the subscriber might have access to the configured web proxy and request connection to it.
New Features for SPE Mode
•User self registration—This applies to the NWSP when deployed in SPE/LDAP mode:
–New link on account logon page allows new users to create accounts for themselves, then log in in the standard way.
–Once new users are logged in, they have access to standard SPE/LDAP mode self-care features and can select from a range of services.
The following sections highlight some important installation information.
See the Cisco Subscriber Edge Services Manager Installation Guide for complete installation instructions.
Obtaining a License Number
The SESM installation program provides for two types of installation:
•Evaluation—You can install SESM using a RADIUS mode evaluation option or an SPE mode evaluation option. The evaluation options do not require a license number and do not have an expiration period. An evaluation installation provides full software functionality.
•Licensed—You need a license number before deploying SESM in a production environment.
A license number is available on the License Certificate that is shipped with a purchased product. If you have purchased the product but have not yet received the CD-ROM and License Certificate, you can choose the evaluation option during installation. However, be sure to reinstall the SESM software using your license number when you receive the certificate.
The license number is important when you are requesting technical support for SESM from Cisco. After installation, the license number and the software version in the licensenum.txt file appear under the installation directory.
Obtaining Cisco SESM Software Files
You can download the SESM software from the Cisco.com web site or copy it from the SESM product CD-ROM. Cisco SESM software is contained in the following packages.
•For Sun platforms: sesm-3.1.9-pkg-sol.tar
•For Linux platforms: sesm-3.1.9-pkg-linux.tar
•For Windows platforms: sesm-3.1.9-pkg-win32.zip
If you purchased a contract that allows you to obtain the SESM software from Cisco.com, follow these procedures:
Step 1 Open a web browser and go to:
Step 2 Click the Login button. Enter your Cisco user ID and password.
To access the Cisco images from the CCO Software Center, you must have a valid Cisco user ID and password. See your Cisco account representative if you need help.
Step 3 Click Technical Support.
Step 4 In the pop-up window, click Software Center.
Step 5 Click Web Software.
Step 6 Click Cisco Subscriber Edge Services Manager.
Step 7 Download the appropriate image based on the platform you intend to use for hosting the SESM web application.
SSG, RADIUS Server, and LDAP Server Status During Installation
The SSG, LDAP directory, and RADIUS components do not need to be installed and configured before you execute the Cisco SESM installation program. However, the installation program prompts you for configuration information about these components, such as IP addresses, ports, shared secrets, and other information required for the SESM components to communicate with them. You should know these values before you perform the installation. Otherwise, you will need to reconfigure the solution later.
In the case of the LDAP directory, it is advantageous to install the Cisco SESM solution when the directory is running and to have update rights to the directory. The installation program can install required extensions to the LDAP directory.
If you are installing the demo, the installation program does not prompt you for configuration information about SSGs, SPE databases, or RADIUS servers.
This section contains information about upgrading from previous releases of the software.
Installing SPE Schema Extensions in LDAP Mode
If you are upgrading from an earlier SESM release, you must install the new SPE schema extensions, using the SESM software installation program. Ensure that the following steps are performed:
Step 1 Export your data
Step 2 Reinstall the directory
Step 3 Install the new SPE schema extensions
Step 4 Import your data
Upgrading from SESM Release 3.1(3), 3.1(5) or 3.1(7)
This section provides information on upgrading from SESM Release 3.1(3), 3.1(5) or 3.1(7) to SESM Release 3.1(9).
To preserve your previous SESM installation, including changes to configuration files and customized web applications, install SESM Release 3.1(9) in a different directory from previous installations.
To reuse the same installation directory, perform the following steps:
Step 1 Ensure that a backup copy of your previous SESM installation is stored in a safe location.
Step 2 Uninstall the previous release of SESM using instructions in the "Uninstalling a Previous Installation" section.
Step 3 Install the current release of SESM.
Step 4 Migrate the SESM Release 3.1(3), 3.1(5) or 3.1(7) set of configuration files to SESM Release 3.1(9). Use either of the following methods:
•When the application is running, use the Agent View to update attributes to the values used in the previous installation. Be sure to use the apply and store operations to persist the new values across application restarts.
•When the application is not running, edit the XML files, updating attribute values to the values used in the previous installation.
Step 5 Migrate your web portal applications to the new installation, as described in the following section.
Migrating an SESM Release 3.1(3), 3.1(5) or 3.1(7) Web Portal Application
To migrate an SESM Release 3.1(3), 3.1(5) or 3.1(7) web portal application to SESM Release 3.1(9), perform the following steps:
Note Before you begin this procedure, ensure that a backup copy of your entire SESM web application is stored in a safe location.
Step 1 Install the SESM Release 3.1(9) software. For information on installing the software, see the Cisco Subscriber Edge Services Manager Installation Guide.
Step 2 Copy the NWSP web application in \install_dir\nwsp to \install_dir\mywebapp, where \install_dir is the location in which you installed SESM Release 3.1(9), and mywebapp is the name of your SESM web application. This creates an SESM web application named mywebapp under \install_dir.
Step 3 Copy these files from the install location of the SESM Release 3.1(9) software.
a. In \install_dir\jetty\bin, copy startNWSP.sh to startMYWEBAPP.sh. Edit the startMYWEBAPP.sh file and replace APP=nwsp with APP=mywebapp. (For an SESM installation on a Windows platform, the suffix of the start file is .cmd.)
b. In \install_dir\jetty\config, copy nwsp.jetty.xml to mywebapp.jetty.xml. Edit the mywebapp.jetty.xml file and replace nwspkeystore with mywebappkeystore. Also, replace any comments that refer to NWSP.
c. In \install_dir\jetty\config, copy mywebappkeystore from your previous installation into this directory.
d. In \install_dir\jetty\config, copy nwsp.web-jetty.xml to mywebapp.web-jetty.xml.
Step 4 Verify the previous steps by starting the web application mywebapp in Demo mode.
a. In the /jetty/bin directory, run the start script. For example, on UNIX:
startMYWEBAPP.sh -mode Demo
b. Log in to the web application using the user name golduser and the password cisco. You should be able to use the SESM web application in Demo mode.
c. Stop the server.
Note To update the directory structure for a SESM web application, you usually must update only the contents of the WEB-INF subdirectory with the customizations for your web application. Step 5 overwrites almost the entire web application directory structure with the old web application directory. You then update certain files.
If your web application consists of minimal changes to the NWSP web application components, it may be more appropriate for you to leave the new SESM web application directory as is, and then overwrite only certain subdirectories from the previous SESM directory structure, such as the pages and images directories. If web.xml has been customized, then follow the instructions in the Step 12 for updating this file.
Step 5 Copy the following directories (and all directories and files under them) from your previous SESM web application into the \install_dir\mywebapp location of the SESM Release 3.1(9) software.
Step 6 In the install location of the SESM Release 3.1(9) software, rename the docroot directory to webapp.
Step 7 Install a second copy of the SESM Release 3.1(9) software into a location different from where you installed the first copy.
Step 8 From the second SESM install location, copy the following files into the corresponding SESM Release 3.1(9) location of your web application:
For deployments in which a WAR file will be created, copy these additional files:
For SPE/LDAP mode deployments only, copy these additional files:
Step 9 Depending on whether your web application contains customized versions of the JSP pages in the webapp\decorators directory, do one of the following:
•If your web application does not contain customized JSP pages in webapp\decorators, copy all files in webapp\decorators from the second SESM Release 3.1(9) install location into the webapp\decorators directory at the SESM Release 3.1(9) location of your web application.
•If your web application does contain customized JSP pages in webapp\decorators, do the following:
a. Use a diff utility to compare your web application's files in webapp\decorators with the same files in the second SESM Release 3.1(9) install location.
b. Copy all files in webapp\decorators from the second SESM Release 3.1(9) install location into the corresponding SESM Release 3.1(9) location (webapp\decorators) of your web application.
c. Using the diff output from step a, replicate any customizations in all files in webapp\decorators of your SESM Release 3.1(9) web application.
Step 10 In the SESM Release 3.1(9) location that contains your web application, change the name of the webapp\WEB-INF\web.xml file to web.xml.OLD. The file web.xml is the web application's deployment descriptor file.
Step 11 Do one of the following depending on whether you have updated jsp.jar file (using the precompile.sh script).
•If you have updated the jsp.jar file, copy the WEB-INF\web.xml from the second SESM install location to web.xml.
•If you have not updated the jsp.jar file, copy the webapp\WEB-INF\web.recompile.xml file from the second SESM install location into the corresponding SESM Release 3.1(9) location that contains your web application, and rename the file web.xml.
Tip The web.recompile.xml file causes the web application's JSP pages to be used rather than any precompiled JSP pages. The web server compiles each JSP page the first time the JSP page is requested after the web application is started. For information on how to use precompiled JSP pages, see the Cisco Subscriber Edge Services Manager Web Developer Guide.
Step 12 If your SESM web application's deployment descriptor file (web.xml) is customized in any way, modify the deployment descriptor file that you created in Step 10 so that it includes those customizations. For example, the number or order of user-shape dimensions that your web application uses may be different from the number or order found in the standard web.xml or web.recompile.xml file.
Step 13 In the mywebapp\config\ directory of the SESM Release 3.1(9) location, rename the file nwsp.xml to mywebapp.xml.
Step 14 In the mywebapp\config\ directory of the SESM Release 3.1(9) location, change the attribute values in mywebapp.xml file so that their values are identical to the values used in your previous SESM installation. Use either of the following methods:
a. When the application is running, use the Agent View to update attributes to the values used in the previous installation. Be sure to use the apply and store operations to persist the new values across application restarts.
b. When the application is not running, edit the mywebapp.xml file, updating attribute values to the values used in the previous SESM installation.
Step 15 After you successfully complete this procedure, you can optionally delete the files that are associated with the second SESM Release 3.1(9) installation.
Searches for Java Classes. The deployer should be aware that the SESM web portals are, by default, run in a mode that is compliant with the Java 2, Enterprise Edition (J2EE) specification. This mode is controlled by the following line in the Jetty container MBean configuration file (for example, \install_dir\jetty\config\nwsp.jetty.xml):<Set name="classLoaderJava2Compliant">TRUE</Set>
The preceding line has the following effects on how the web server searches for classes from JAR files:
•If classLoaderJava2Compliant is set to TRUE, classes from any JAR files in the \web_app_name\webapp\WEB-INF\lib directory are used after classes from any JAR files in the system CLASSPATH. This mode is compliant with J2EE.
•If classLoaderJava2Compliant is set to FALSE, classes from any JAR files in the \web_app_name\webapp\WEB-INF\lib directory are used before classes from any JAR files in the system CLASSPATH. This mode is compliant with the Java 2 Servlet Specification.
Upgrading from SESM Release 3.1(1)
This section provides information on upgrading from SESM Release 3.1(1) to SESM Release 3.1(9).
Migrating an SESM Release 3.1(1) Web Portal Application
Significant improvements and changes were made to the JSP pages and other web components of the SESM web application (New World Service Provider) starting with Release 3.1(3) including:
•The SESM web components that accomplish decoration were re-engineered.
•The Java code for interactions with the SESM model was moved from the JSP pages to the SESM control servlets. This change should minimize the modifications to the JSP pages as the SESM model evolves in the future.
•Implementing these changes required that numerous Java classes and methods be deprecated for SESM Release 3.1(3). In subsequent SESM releases, these classes and methods were removed.
Because of this extensive redesign, it is not practical to use JSP pages that were developed for SESM Release 3.1(1). After SESM 3.1(3), these JSP pages would need to be modified so as to replace use of the deprecated classes and methods that have now been removed. This task would be achieved by referring to the Javadoc included in the SESM installation.
Instead of modifying the JSP pages, the recommended strategy for migrating an SESM Release 3.1(1) web application is to use the SESM Release 3.1(9) software and web components, including the JSP pages and deployment descriptor file in a sample web application like NWSP. Using this approach, you would typically do the following:
1. Recreate the customizations from your SESM Release 3.1(1) web application in the set of JSP pages in the SESM Release 3.1(9) NWSP. For this step, you might need to accomplish one or more of the following changes to the sample SESM Release 3.1(9) web application:
•Modify the functionality of the web application
•Customize the look and feel of web elements such as icons, images, background colors, and style sheets
•Localize web elements
•Code revised or new JSP-page dimension decorators for the user-shape mechanism
If you use Dreamweaver UltraDev or Dreamweaver MX and the templates provided with the sample NWSP web application, the HTML customizations can be accomplished more efficiently. For detailed information on customizing and developing an SESM Release 3.1(9) web application, see the Cisco Subscriber Edge Services Manager Web Developer Guide at:
2. Configure the SESM Release 3.1(9) web application deployment descriptor file (web.xml) as described in the Cisco Subscriber Edge Services Manager Web Developer Guide at:
3. Configure the customized SESM Release 3.1(9) web application as described in the Cisco Subscriber Edge Services Manager Installation Guide at:
4. Precompile the finalized production JSP pages using the directions and script provided in the Cisco Subscriber Edge Services Manager Web Developer Guide.
Uninstalling a Previous Installation
Use the uninstall utility provided with the SESM product to remove a previous installation. The uninstall utility is located in the following directory:installDir_uninstuninstall.bin or uninstall.exe
The uninstall utility does the following:
•Lets you choose the components to uninstall.
•Verifies the installation directory that is being uninstalled.
•Uninstalls the SESM components. It does not remove the installation directory, only the contents under the installation directory.
After you run the uninstall utility, you can safely reinstall one or more SESM components into the same directory.
Note Do not uninstall SESM by manually deleting the contents of the installation directory. If you manually remove the contents of the directory and then attempt a reinstall into the same directory, the reinstall might not be complete.
The following sections describe some important considerations related to the Cisco SESM.
Modifying Java Server Pages
The SESM portal applications use precompiled JavaServer Pages (JSP). If you modify the JSP pages in one of the SESM portal applications, you must recompile the JSP pages before the changes are visible in the application. For information on recompiling, see the Cisco Subscriber Edge Services Manager Web Developer Guide.
Recommended Java Runtime Environment
The recommended JRE for SESM Release 3.1(9) is JRE Version 1.4.1_02, which is bundled with the SESM product.
JMX Management Console
The Sun example JMX server includes an HTML adaptor server that produces a web-based management console. The JMX HTML adaptor server forms the basis of the remote management and configuration support provided by the CDAT management application. For example, an administrator can make configuration changes and can have these changes persisted with this new support.
Note In an earlier release, we recommended that the JMX HTML adaptor server functionality be removed when deployed in a production environment.
Starting with SESM Release 3.1(5), the JMX HTML adaptor server is required if a deployer needs this feature as part of the CDAT management application.
To protect access to SESM application management consoles, the JMX interface prompts for a username and password. For additional security, the deployer could deploy the SESM application behind a firewall.
For information about configuring the login values for SESM application management consoles, see the Cisco Subscriber Edge Services Manager Application Management Guide.
If you are using a Sun Ultra or Enterprise system, you must use Solaris Version 8 or later. For live deployments, we recommend using an Enterprise class server with hot-swappable components and load-balancing across multiple servers. The Cisco Content Services Switch 11000 (CSS 11000) is preferred for load balancing.
For Windows installations, we highly recommend that you use hardware that meets the Windows Hardware Compatibility List (HCL) guidelines set by Microsoft with at least 128 MB of RAM (256 MB of RAM is recommended). Memory requirements are influenced by login rates, the number of subscribers concurrently logged on, and the number of services the subscribers are subscribed to use. See the chapter "Running SESM Components," in the Cisco Subscriber Edge Services Manager Web Portal Guide for more details about memory requirements.
Sun ONE (iPlanet) Directory Server 5.0 Fails to Remove Attribute
A known problem in the Sun ONE Directory Server 5.0 affects the CDAT management application. The problem is that removing an attribute does not fully remove it. See Bug 554309 at this location:
This issue has an impact on the CDAT management application in the following situation. If InetOrgPerson=UID and an administrator changes the value of the Poolname (CiscoDESSpoolName) or Primary Service (CiscoDESSprimaryService) attribute to null, an exception is thrown. After the exception, unexpected behavior occurs in the CDAT management application. The problem does not occur if the administrator changes Poolname or Primary Service to a value other than null.
The workarounds are:
•Rather than attempting to change the attribute value for Poolname or Primary Service in CDAT to null, change the values to something other than null.
•Apply the Sun ONE Directory Server 5.0 Service Patch 1
•Upgrade to Sun ONE Directory Server 5.1
JDK Home Settings
The JVM used by the SESM applications is determined by the setting of the JDK_HOME variable in the SESM start scripts, for example .../jetty/bin/start.sh. However, the SESM start scripts give precedence to a JDK_HOME environment variable, if one is set.
Table 2 describes known problems in SESM Release 3.1(9).
This section includes new and updated information about SESM Release 3.1(9) that does not appear in the current SESM documentation set. The information contained in the following sections will appear in a future revision of the respective guides.
Cisco Subscriber Edge Services Manager Web Developer Guide
Note The instructions in the Cisco Subscriber Edge Services Manager Web Developer Guide, on page 2-7 are no longer accurate. Replace the old instructions with the instructions in this section.
SESM Class Libraries and Tag Library Descriptor Files
To successfully compile the JSP pages for an SESM web application, the Java compiler must be able to find the needed SESM-related class libraries and tag library descriptor (TLD) files:
With two exceptions, the SESM-related JAR files reside in the install_dir\web_app_name\webapp\WEB-INF\lib directory, where install_dir is the directory where the SESM software is installed, and web_app_name is a directory where a sample SESM web application, such as NWSP, is installed. The two exceptions are:
•com.cisco.sesm.erp.jar resides in the install_dir\libs\erp\lib directory.
•com.cisco.sesm.jmx.jar resides in the install_dir\libs\jmx\lib directory.
In addition, there are three non-SESM-related JAR files in the following locations:
•javax.servlet.jar resides in the install_dir\jetty\lib directory.
•org.apache.jasper.jar resides in the install_dir\jetty\lib directory.
•crimson.jar resides in the install_dir\redist\jaxp\lib directory.
To compile the class for an SESM web portal software component, the CLASSPATH environment variable must be set to the needed directory path (for example, \install_dir\web_app_name\webapp\WEB-INF\lib to tell the Java compiler the location of the SESM class libraries.
The Cisco SESM software also includes a set of TLD files for the SESM tag libraries. Each TLD file is an XML file describing a tag library. The TLD files reside in the install_dir\web_app_name\webapp\WEB-INF directory and are as follows:
For more information on the TLD files and using a tag library, see the "Configuring a Tag Library" section on page A-1.
Cisco Subscriber Edge Services Manager SDK Platform Programmer Guide
Note This section provides information about SPE related JAR files that is not in the Cisco Subscriber Edge Services Manager SDK Platform Programmer Guide. This information should be added to Table 1-3, JAR Files for an SESM Web Application, on page 1-5.
Note This section provides information about non-SESM related JAR files that is not in the Cisco Subscriber Edge Services Manager SDK Platform Programmer Guide. This information should be added to the section on page 1-5, SESM Class Libraries.
In addition, there are three non-SESM-related JAR files in the following locations:
•javax.servlet.jar resides in the install_dir\jetty\lib directory.
•org.apache.jasper.jar resides in the install_dir\jetty\lib directory.
•crimson.jar resides in the install_dir\redist\jaxp\lib directory.
Cisco Subscriber Edge Services Manager Application Management Guide
Note This section provides information about the SSG MBean attributes that are not in the Cisco Subscriber Edge Services Manager Application Management Guide. This information should be added to the empty section on page 3-6, Configuring Logon Values for the Application Manager.
Configuring Logon Values for the Application Manager
To access the Application Manager, you must enter a user ID and password.
1. User ID—Enter a user ID that you want to have access to the Application Manager. The default value is MgmtUser.
2. Password—Enter a password that will be required to access the Application Manager. The default is MgmtPassword.
Note This section provides information about the SSG MBean attributes that are not in the Cisco Subscriber Edge Services Manager Application Management Guide. This information should be added to the section on page 7-5, SESM Application Logging and Debugging.
The SSG MBean configures the SSG connections.
Cisco Subscriber Edge Services Manager Deployment Guide
Note The instructions in the Cisco Subscriber Edge Services Manager Deployment Guide, on page 4-2 are no longer accurate. Replace the old instructions with the instructions in this section.
Summary of Administrative Access to NDS
When you complete the procedures described here, the NDS directory is configured as follows:
•The following SESM container exists in the NDS directory:
–Tree name: sesm
–Server context: ou=sesm.o=cisco
•The following attribute on the SESM LDAP group object is set to true (required).
–On NDS Version 8.5, the Allow Clear Text Passwords attribute
•The following attribute on the SESM LDAP group object is set to false (required).
–On NDS Version 8.7, the Require TLS for Simple Binds with Password attribute
•Access to the SESM container through ConsoleOne is granted with the following distinguished name (dn) in the format shown:
–password: value you specified during the NDS installation
This administrative user has all required permissions to update the NDS directory schema and also to create and modify objects in the SESM container.
•When configuring SESM and SPE, use the following format for distinguished name:cn=admin,ou=sesm,o=cisco
Cisco Subscriber Edge Services Manager Installation Guide
Note This section provides information about the SPE installation screens that are not in the Cisco Subscriber Edge Services Manager Installation Guide. This information should be added to the table on page 4-12, SESM Installation and Configuration Parameters. It replaces the information in the categories Directory server information, Directory container information, and Naming attribute.
Note The instructions in the Cisco Subscriber Edge Services Manager Installation Guide, on page 2-1 are no longer accurate. Replace the old instructions with the instructions in this section.
Hardware Platform Requirements
SESM applications can run on any platform that supports the Java Runtime Environment (JRE). Table 7 lists the platforms tested in our labs.
Cisco Subscriber Edge Services Manager Web Portal Guide
Note The instructions in the Cisco Subscriber Edge Services Web Portal Guide, on page 3-2, "Container Requirement for the Port-Bundle Host Key Feature", are no longer accurate.
Replace the text:
Jetty version 4.1.0RC6 is bundled with SESM Release 3.1(7).
Jetty version 4.2.9rc2 is bundled with SESM Release 3.1(9).
Note The instructions in the Cisco Subscriber Edge Services Web Portal Guide, on page 3-2, "Creating WAR Files for Containers Other Than Jetty", are no longer accurate.
Replace the text:cd installDir/nwsp/webappjar cf0 ../nwsp.war *
with:cd installDir/nwsp/webappjar cvf ../nwsp.war *
See the following documentation regarding SESM.
•Cisco Subscriber Edge Services Manager Solutions Guide
•Cisco Subscriber Edge Services Manager Installation Guide
•Cisco Subscriber Edge Services Manager Deployment Guide
•Cisco Subscriber Edge Services Manager Web Portal Guide
•Cisco Subscriber Edge Services Manager Captive Portal Guide
•Cisco Subscriber Edge Services Manager RADIUS Data Proxy Guide
•Cisco Subscriber Edge Services Manager Troubleshooting Guide
•Cisco Subscriber Edge Services Manager Platform SDK Programmer Guide
•Cisco Subscriber Edge Services Manager Application Management Guide
•Cisco Distributed Administration Tool Guide
•Cisco Subscriber Edge Services Manager Web Developer Guide
The online location for SESM documentation is:
The following sections explain how to obtain documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at the following URL:
Translated documentation is available at the following URL:
Cisco documentation is available in the following ways:
•Registered Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace:
•Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Leave Feedback at the bottom of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at 408 527-0730.
You can e-mail your comments to firstname.lastname@example.org.
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to
•Streamline business processes and improve productivity
•Resolve technical issues with online support
•Download and test software packages
•Order Cisco learning materials and merchandise
•Register for online skill assessment, training, and certification programs
You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL:
Technical Assistance Center
The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center.
Inquiries to Cisco TAC are categorized according to the urgency of the issue:
•Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.
•Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
•Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.
•Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.
Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.
Cisco TAC Web Site
The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL:
All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register:
If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL:
If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL:
Before you call, check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, have your service agreement number and your product serial number available.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, iQ Net Readiness Scorecard, Networking Academy, and ScriptShare are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0303R)
Copyright © 2003, Cisco Systems, Inc.
All rights reserved.