MA4000: An Agile Approach to Maintenance and Administration

MA4000: An Agile Approach to Maintenance and Administration
Special Issue on IT/Network Integrated Solution “UNIVERGE”
Papers on UNIVERGE Software
MA4000: An Agile Approach to
Maintenance and Administration
By Rod JOHNSON*
The MA4000 Management System is NEC’s newest “Maintenance and Administration” application that is built upon the Microsoft NET framework providing secure web-based access for
performing simple moves, adds and changes. The highlighted features of MA4000 are: 1) Reduce TCO (Total
Cost of Ownership), 2) Anywhere, anytime access, 3) Event notification for proactive action, 4) Audit trails for
security & troubleshooting, 5) Meets IT expectations such as security, wizard based moves, adds and changes
that are schedulable.
ABSTRACT
KEYWORDS Maintenance, Administration, Agile, LDAP (Lightweight Directory Access Protocol), Centralized,
Notification, Scheduling, Security, Authentication
1. INTRODUTION
The trend in the IP telephony market is for the
customer to maintain their own communications systems, from anywhere and anytime through secure
web-based transactions.
The UNIVERGE MA4000 management system is
an agile, web-based product designed to manage and
configure NEC communications systems using a unified central methodology. The MA4000 management
system expands its feature set using additional applications that allow an IT Administrator to integrate
his/her NEC Enterprise Communications Platform
(ECP) into the corporate business environment.
Such an application is the MA4000 LDAP (Lightweight Directory Access Protocol) Auto Provisioning
Service module. It allows integration into any LDAP
version-3 enabled application. This integration can be
used to keep information related to MA4000 users up
to date and can automatically add new users and
phones to the IP Telephony system.
2. MA4000 IS SECURE AND FLEXIBLE
The MA4000 Management System is secure and
flexible. It supports operation within an encrypted
mode, secure socket layer (HTTPS) and allows man-
ager and desktop user access rights to be granularly
and flexibly assigned by the allocation of “roles” defined by the manager.
The MA4000 Management System is modular in
nature so that users can order and configure it to
meet their business and communication needs. Its
primary modules, at first release are:
· MA4000 Manager module.
· MA4000 Assistant module.
· LDAP Auto Provisioning module.
Each module is licensed on the basis of the number
of extensions in the network to be managed. At first
release, the MA4000 supports the UNIVERGE
SV7000. Later releases will support other NEC telephony systems, as well as other applications.
3. NEC CENTRALIZED AUTHENTICATION
SERVICE
The NEC Centralized Authentication Service
(NEC CAS) is a method of central authentication that
uses “Login Redirection” to authenticate users. This
particular method that is used by MA4000 and that
may be used by other NEC applications was developed at Yale University. It is freely licensable as long
as those using it mention that it was designed at Yale
University.
The MA4000 has made some enhancements to it to
allow it to support the following login capabilities:
*NEC Unified Solutions, Inc.
NEC Journal of Advanced Technology, Vol. 1, No. 4
335
· Active Directory (Windows authentication).
· LDAP authentication.
· Internal database password storage that is fully
encrypted.
NEC partners and customers who purchase the
MA4000 Management System and are interested in
using its NEC CAS, will be able to do so.
The NEC CAS is a single sign on method that can
be used with any browser and application that can
accept cookies and communicate with SOAP (NEC
has enhanced it to support Windows applications as
well).
The NEC CAS can reside anywhere on the customer network. The MA4000, during its install process asks the installer if they already have the NEC
CAS in operation on their network. If they do, they
specify where it is located on the network. If they do
not, the MA4000 Installation will install it. Other
NEC applications that choose to use the NEC CAS
will follow the same procedure during their installation.
4. MA4000’s THREE PRIMARY MODULES
(1) MA4000 Manager
The MA4000 Manager is the main interface for
performing moves, adds, changes, reviewing events,
setting up general characteristics of operation and
defining connections to NEC communication systems.
All functions are accessible via a menu. The
homepage displays two “grids” that allow the manager to see “at-a-glance” any events or scheduled
tasks. Whenever “grids” or “tables” present information or data within the MA4000, they can be sorted by
any column by clicking on the column heading (Fig.
1).
(2) MA4000 Assistant
The MA4000 Assistant allows organizations to
perform “decentralized” management by providing a
“desktop” interface for individual phone users. The
Assistant interface allows phone users to control and
program the functions of their phones according to
the role (access rights) assigned to them by the manager (Fig. 2). Some of these functions are as follows:
Fig. 1 MA4000 Manager. All functions are accessible via menu.
336
NEC J. of Adv. Tech., Fall 2004
Special Issue on IT/Network Integrated Solution “UNIVERGE”
· Update personal information.
· Update their phone name display.
· Update buttons on their phone for which they have
rights.
· Set or change call forwarding.
· Set or change station speed dial.
(3) LDAP Auto Provisioning Module
The LDAP Auto Provisioning module is an optional
module to automate moves, adds and changes
throughout an organization by allowing a Directory
Server or other LDAP version-3 or above application
to control the addition of new users.
This module provides the following capabilities,
which allows organizations to reduce total cost of
ownership by eliminating unnecessary labor charges
normally associated with moves, adds and changes:
·
·
·
·
Search and any additional filters that might be
desired.
It utilizes a unidirectional synchronization process
where the LDAP server is always the source and
the MA4000 is the receiver.
Multiple LDAP sources are supported and multiple definitions can be defined to each individual
source.
Based upon individual LDAP definitions specific
templates can be specified that will automatically
add specific types of phones with specific attributes
(buttons, class of service, call forwarding, etc.)
Later releases of MA4000 will allow other provisioning to be specified, such as voice mail box,
account/authorization codes, location information
and more.
This application has been tested with:
· It allows IT Administrators to automate moves,
adds and changes from an LDAP source to the
MA4000 database and to the SV7000 system.
· Administrators can select to have new users added
or merely updated based upon a single checkbox
and based upon an individual LDAP definition
that is defined based upon Base DN, Scope of
·
·
·
·
·
Microsoft’s Active Directory
Microsoft’s Exchange Server
Novell Directory Server eDirectory
Lotus Domino
OpenLDAP
Fig. 2 MA4000 Assistant. Phone users are able to control and program the functions of their
phones.
NEC Journal of Advanced Technology, Vol. 1, No. 4
337
5. LDAP AUTO PROVISIONING OPERATIONAL
CONFIGURATION
When setting up the LDAP Auto Provisioning the
user will specify connection information that includes:
· URL or IP address of the LDAP server.
· Port number to connect to (normally port 389).
· The User DN. This is the user ID used to login to
the LDAP server.
· Password.
· Synchronization time. This is how often the
MA4000 will query the LDAP server to check for
updates. It can be set in five minutes increments.
· The Base DSN to be searched.
· The Search Scope.
· Any filters that are desired to specify certain types
of users such as “Department = Administration.”
Once the LDAP connection information has been
defined, the MA4000 will automatically learn the
schema of the LDAP server. The user then selects the
appropriate fields within the schema that they are
interested in mapping to the MA4000 and SV7000
systems.
The fields selected from the LDAP server are then
placed within a simple drop-down selection boxes for
easy association to the MA4000 fields. This is referred to as “Simple” mapping. “Advanced” mapping
is also supported that allows the user to specify mapping criteria by use of VB Scripting.
Once the mapping has been defined, the user will
specify the Voice System to make additions/changes
to, the appropriate Template Package to utilize when
making additions/changes and whether or not new
users should be automatically added to the Voice System. If the user selects to not add users automatically
to the Voice System then the LDAP Auto Provisioning
module will merely update information for existing
users.
Figure 3 and Figure 4 show a few selected screen
shots regarding the LDAP Auto Provisioning Operational Configuration.
(1) Increased Security
The MA4000 (Nicknamed Agile) provides a secure
framework within which management of your
UNIVERGE system is simplified.
Security is a critical aspect of any web-based application. MA4000 has several levels of security to prevent hostile intrusions and tampering.
The first level of security is the network infrastructure itself. The MA4000 is designed to be an intranet
application protected by your enterprise firewall;
therefore only authorized network users on the internal network should have access to the Web Server. If
the IT Manager wishes to allow off-site access they
are responsible for providing the necessary security.
The second level of security is Authentication using the NEC Centralized Authentication Service
(NEC CAS). Every Manager that logs into MA4000 is
given an Authentication browser ticket that they
carry with them throughout the application. This
ticket can be thought of as an Employee ID badge. As
the Manager moves through the website this ticket
identifies the Manager automatically and MA4000
allows access. Another way to think of it is as a key
that opens all doors that the Manager walks up to.
This is also known as Single Sign On capability and is
discussed further in the section on Authentication.
6. SUMMARY OF MA4000 BENEFITS
The MA4000 Management System provides many
benefits to organizations large and small. Among
these benefits are the following:
· Increased Security.
· Reduced Total Cost of Ownership.
338
NEC J. of Adv. Tech., Fall 2004
Fig. 3 Selecting fields within the LDAP
schema to map to the MA4000 fields.
Special Issue on IT/Network Integrated Solution “UNIVERGE”
The third level of security is the Access Rights
assigned to the Manager. The Access Rights associated with a Manager determine the information presented. Access Rights determine which web pages
and which fields on the MA4000 web pages are available to the Manager.
In the MA4000 system there are several other
forms of security. These forms of security are:
· Data checking to prevent malicious activity such
as in java scripts.
· Encryption to keep passwords and sensitive data
private and secure.
· Data access limited by using stored procedures.
· Ability to operate via SSL (Secure Socket Layer)
encryption using https URLs.
· Security alarms that trigger after a set number of
failed login attempts.
· Configurable database usernames and passwords
that are not hard coded.
· Support for the latest Microsoft critical updates
and security patches.
(2) Reduced TCO (Total Cost of Ownership)
The MA4000 reduces TCO and Total Cost of
UNIVERGE System Management in several ways.
To name a few:
· Fast, easy and convenient moves, adds and
changes.
· Fast, easy and consistent moves, adds and
changes.
· Automatic moves, adds and changes.
· Automatic monitoring of SV7000 health as well as
other associated events.
· Scheduled tasks that reduce after-hour expenses.
1) Fast, Easy and Convenient: Moves, Adds &
Changes
The MA4000 Management System provides a
simple to use, wizard-based interface for performing
daily moves, adds and changes that makes the
UNIVERGE SV7000 “Fast, Easy and Convenient” to
manage.
The MA4000’s Range Programming wizard makes
it easy to perform adds, changes, copies, deletes,
moves, renumbering of extensions and swaps of
phones by utilizing a sophisticated search engine that
takes the guesswork out of management.
The MA4000 search utility works across multiple
systems and allows searches to be conducted on more
than ten different user/phone attributes. These
Fig. 4 Simple mapping, template selection, user creation & voice system selection.
NEC Journal of Advanced Technology, Vol. 1, No. 4
339
attributes include any additional manager defined
attributes that might have been added to the system
(the MA4000 Manager is able to create custom fields
within several areas of the system to allow organizational management to conform to the specific business needs of an enterprise).
2) Fast, Easy and Consistent: Moves, Adds &
Changes
The MA4000’s extensive use of individual Templates and Template Packages not only makes management and administration fast and easy but it also
makes it consistent. Such consistency reduces the
TCO and operation by:
· Reducing the training of managers who are to perform moves, adds and changes.
· Reducing the training of users who utilize the
phones.
· Reducing helpdesk calls related to some feature
that should never have been available to the user.
· Reducing the time to install or change a phone or a
group of phones because button assignments, call
forwarding assignments, class of service assignments, specific user attributes and speed dial
memory allocation can be setup once and used
repeatedly.
· Reducing the guesswork on how to setup a phone
because this was done already when the templates
were initially created.
3) Automatic Moves, Adds & Changes
The LDAP Auto Provisioning module can be utilized to perform automatic moves, adds and changes,
thus drastically reducing the cost of ownership.
4) Automatic Monitoring of SV7000 system Health
The MA4000 monitors the SV7000 for any events
that might create a degradation in service and then
immediately notifies those concerned via e-mail or PC
*Microsoft, Windows, Active Directory, and Exchange
are registered trademarks or trademarks of Microsoft Corporation in the United States and other countries.
†Novell, and eDirectory are trademarks or registered
trademarks of Novell, Inc.
‡Lotus is a registered trademark and Domino is a trademark of Lotus Development Corporation.
§Other names of companies and products in this paper
are trademarks or registered trademarks of each company.
Screen Pop to MA4000 Alarm Clients (Alarm Clients
are freely distributable). The MA4000 utilizes a
highly sophisticated notification procedure that is
simple to set up and provides cascading priority of
notifications. Cascading prioritization is the ability to
require acknowledgement of notification receipt and
specify a wait period within which “acknowledgment
of receipt” must be received or notifications will proceed to the next level. Multiple notifications may be
provided with many different wait periods.
With such automated monitoring and notification
capabilities, managers can devote themselves to more
productive efforts.
5) Scheduled Tasks that Reduce After-Hour Expenses
NEC understands that there is a time for everything and sometimes you have to take that time
whenever you can. That is why the MA4000 supports
scheduling of many different functions. Whereas at
noon you might have 15 minutes to move those 50
users and phones, it just might not be the most appropriate time to disrupt business operations. So, you
can schedule the move to take place after-hours, unattended. Not only did you avoid operational disruption but you also avoided after-hour expenses.
Some of the tasks that can be scheduled are:
·
·
·
·
·
Adds, Moves, Changes.
Swaps, Renumbering, Deletions, Copies.
SV7000 Synchronizations.
SV7000 Time Synchronization.
LDAP Server Synchronization.
Tasks can be scheduled for one-time operation or
for recurring operation.
7. CONCLUSION
Using the MA4000s fast, easy, convenient and
schedulable processes helps reduce operational expenses.
With NEC’s cost reducing capabilities and track
record of providing one of the best meantime between
failures in regards to its communication equipment,
an organization cannot go wrong with a solution from
NEC.
Received September 17, 2004
* * * * * * * * * * * * * * *
340
NEC J. of Adv. Tech., Fall 2004
Special Issue on IT/Network Integrated Solution “UNIVERGE”
Rod JOHNSON began his career with NEC in
1995, as a Field Servive Engineer for the
NEAX 2000 IPS system. He has worked as an
Applications Engineer, both for the NEAX
2400 and the NEAX 2000 and is now currently
working as a Product Manager managing
NEC’s maintenance programs. He has been in the telecommunications industry for more than 25 years and has a variety of
experience from outside cable plant to Local Area Networking.
He graduated from Northstate University in California with a
Bachelor’s of Science in Philosophy and Religion.
* * * * * * * * * * * * * * *
NEC Journal of Advanced Technology, Vol. 1, No. 4
341
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement