Você está na página 1de 22

OTN Manual

User Management Tool v9.2


Doc. No.: AG-M425-E-1


















COPYRIGHT AND TRADE SECRETS/LIABILITY
The present document and its contents remain the property of OTN Systems NV and shall not, without prior
written consent, be copied or transmitted or communicated to third parties, nor be used for any other pur-
pose than such as underlies their delivery to the addressee.

The present document and its contents may change in the course of time or may not be suitable in a specif-
ic situation. Consequently, they are recommended as suggested guideline only.
OTN Systems NV hereby disclaims any liability for any damages that may result fromthe use of the
present document unless it is used with respect to the operation and maintenance of equipment originally
manufactured by OTN Systems NV and covered by its standard warranty.
Open Transport Network User Management Tool v9.2
AG-M425-E-1 Page 3 of 22
Contents
1. GENERAL .................................................................................................................................................... 4
1.1 Introduction ........................................................................................................................................ 4
1.2 Menu Items ........................................................................................................................................ 4
2. USER MANAGEMENT TOOL (=UMT) ......................................................................................................... 4
2.1 Prerequisite........................................................................................................................................ 4
2.2 Start Up ............................................................................................................................................. 5
2.3 Access Profiles .................................................................................................................................. 6
2.3.1 Access Levels and Rights .................................................................................................................. 7
2.3.2 Default Access Profiles ...................................................................................................................... 9
2.3.3 View Access Profile ........................................................................................................................... 9
2.3.4 Create Access Profile ...................................................................................................................... 10
2.3.5 Modify Access Profile ...................................................................................................................... 11
2.3.6 Delete Access Profile ....................................................................................................................... 13
2.4 Users ............................................................................................................................................... 14
2.4.1 General ............................................................................................................................................ 14
2.4.2 Default Users ................................................................................................................................... 14
2.4.3 Create User ..................................................................................................................................... 14
2.4.4 Modify User...................................................................................................................................... 15
2.4.5 Delete User ...................................................................................................................................... 16
2.5 Export Users/Access Profiles........................................................................................................... 16
3. IN THE OMS GUI ........................................................................................................................................ 18
3.1 Administrator Access Profile ............................................................................................................ 18
3.2 (Default) Configurators Access Profile ............................................................................................. 19
3.3 Customized Operators Access Profile ............................................................................................. 19
3.4 Event Log View ................................................................................................................................ 21
3.5 Alarm Log View ................................................................................................................................ 21
4. ABBREVIATIONS ...................................................................................................................................... 22


User Management Tool v9.2 Open Transport Network
Page 4 of 22 AG-M425-E-1
1. GENERAL
1.1 Introduction
This document covers all the information about the login user management, security, access rights in the OMS GUI or OTN
network.
The User Management Tool (=UMT) allows to configure different Users and Access Profiles needed to operate with the
OMS-GUI and OMS-FEM. An Access Profile defines what a user can do or not do in the OTN network. Each user must be
assigned to one of the configured Access Profiles.
Who can do what in the OMS GUI or in the OTN network?
Per Access Profile, an administrator can assign access rights on:
Subnet level
Node level
Slot level
Services level
OMS-FEM usage
Each level can have one of the following access rights:
Configure (tool icon )
Monitor (eye icon )
Deny Access (prohibitory icon )
E.g a specific user can have Configure rights on a specific Subnet, but can have for example only monitor rights on a
specific node in that subnet.
The UMT is available for User and Access Profile Management on the OMS GUI. Make sure that the OMS Console and the
OMS Servers have been started.
1.2 Menu Items
Item Description
File Export Users / Access Profiles
Export users and access profiles from the current running database in
UMT into a selected destination database. Both source and destination
database must have identically the same hardware and services configu-
ration. See 2.5 for more information.
Help About Indicates the software version of the OMS User Management Tool

2. USER MANAGEMENT TOOL (=UMT)
2.1 Prerequisite
1. Managing Users and Access Profiles only makes sense when there is at least a network configured in the OMS GUI. Lets
configure a simple network first in the OMS GUI. Log on to the OMS GUI with the default administrator user:
User Name =oms
Password =oms

Open Transport Network User Management Tool v9.2
AG-M425-E-1 Page 5 of 22

2. As an example, an OTN-X3M-2500 will be created. After the creation of the network elements, your OMS treeview could
look as follows:


3. Once your network is configured in the OMS GUI, you are ready to use the UMT. Users and Access Profiles can be
managed upon the newly created network or network elements.

ATTENTION:
Future changes in the OMS GUI, e.g. adding nodes etc..., will only be visible in the UMT after having restarted the
UMT.
Future changes in the UMT, e.g. changing security, adding users.... will only be visible in the OMS GUI after having
restarted the OMS GUI.
2.2 Start Up
1. Make sure that the OMS Console has been started. Start up the servers with the correct database.
2. To start the UMT, click the Start User Management button in the OMS.



3. The figure below pops up. Only Administrator accounts can operate the UMT. Fill out the User Name and Password of an
Administrator account (default administrator account listed below, see also 2.4.1) and click Login to enter. If the login
fails, try again or click the I forgot my password (Password recovery window) link for further processing:
User Name =oms
Password =oms


User Management Tool v9.2 Open Transport Network
Page 6 of 22 AG-M425-E-1
4. After a successful login, the window below appears. It lists all the configured or created users with their User Name/ First
Name/Last Name and the assigned Access Profile (e.g. Administrators, Configurators...). The password is never
displayed in the UMT itself.
logged in
User Name




2.3 Access Profiles
Click on Access Profiles in the left-hand menu to list all the configured Access Profiles. By default, the Access Profiles
Administrators and Configurators are available. The Administrators Access Profile itself is read-only and cannot be
changed. New users can be assigned the Administrators Access Profile though.

Depending on the Access Profile, a user has access to the different tools as follows:

Tools
Access Profiles
Administrators Others
UMT Full Access No Access
OMS GUI Full Access Configured Access

Depending on the Access Profile, a user has access to the different tools as follows:
OMS GUI items
Configure (C) Monitor (M) Deny Access (--)
Administrators Others
Network Elements Full Access
Full Access except
creation of Nodes
Monitoring No Access
Services (checked) Full Access Full Access Monitoring No Access
Services (unchecked) Not applicable No Access No Access No Access
Resource Domains Full Access Monitoring Monitoring No Access
Alarms (see 3.5) Full Access Configured Access
No Clear and Ac-
knowledge, only view
No Access


Open Transport Network User Management Tool v9.2
AG-M425-E-1 Page 7 of 22
2.3.1 Access Levels and Rights
In the UMT, access rights can be assigned on Level1 (=network elements), Level2 (=services) and OMS-FEM usage. First the
Level1 access rights should be set. In addition it is possible to set the Level2 access rights. Level2 must be used to fine tune
the access rights on services level...it allows for example to exclude services from being created or configured while the entire
Level1 network element has full configuration rights.
Level1: network elements: All the network elements configured in the OMS GUI will be listed in the UMT. The
network element treeview can be expanded/collapsed, allowing to configure access rights on the hardware levels
listed below. Setting these access rights occurs top down, thus from subnet node slot. Attention: It means
that an underl ying element (=child) can never have more rights than its overl ying element (=parent).
Configure is more than Monitor which is more than Deny Access. For example, a Node cannot be in the
Configure state while its overlying Subnetwork is in the Deny Access state.
Subnet level
Node level
Slot level
Level2: services. All the services that theoretically can be configured in the OMS GUI are listed. All the services are
grouped by functionality in service groups. These groups can be expanded/collapsed to show/hide all its individual
services. It is possible to show/hide the entire service group or individual service in the OMS GUI:
Shown service/service group: access on the service/service group depend on the associated level1 access;
Hidden service/service group: no access at all on the service/service group;
The possible service groups are:
- LAN Services
- DATA Services
- VIDEO Services
- VOICE Services
OMS-FEM usage: it can be configured that an access profile has the right to use the OMS-FEM or not.

The resulting access rights on a specific element is combination of the Level1 and Level2 access rights. See figures below.
Level1
Net work Element s:
Subnet
Node
Slot, IFC
Level2
Services
Access Levels
OMS-FEM usage


Set Access on
Net work Element s
Configure
Monitor
Deny Access
Show/Hide Services
Checked =show service in OMS GUI
Result ing
Access
Access Rights
OMS-FEM usage
Checked =allow to
use OMS-FEM


User Management Tool v9.2 Open Transport Network
Page 8 of 22 AG-M425-E-1
Acces on the Network Elements must be set by clicking one of the access controller icons described in the table below.

Access
Controller
Icon
Description

Configure

Clicking this icon sets full configuration rights on the indicated network element and all its underlying elements
(if any). In the OMS-GUI, it means that the network element can be created, configured, deleted.In the
UMT, it means that underlying elements can still be set in Configure, Monitor and Deny Access state.

Subnet level: set configuration rights on the entire subnet including all the nodes and slots; Individual node
and slot access rights will be lost and overwritten (topdown).
Node level: set configuration rights on the node including all its slots; Individual slot access rights within this
node will be lost and overwritten (topdown).
Slot level: set configuration rights on the slot only;

Monitor
Clicking this icon sets monitoring rights on the indicated network element and all its underlying elements (if
any). In the OMS-GUI, it means that the network element can only be viewed, not created or configured or
deleted.In the UMT, it means that underlying elements can only be set in Monitor and Deny Access state.

Subnet level: set monitoring rights on the entire subnet including all the nodes and slots; Individual node and
slot access rights will be lost and overwritten (topdown).
Node level: set monitoring rights on the node including all its slots; Individual slot access rights will be lost
and overwritten (topdown).
Slot level: set monitoring rights on the slot only;

Deny
Access
Clicking this icon denies access on the indicated network element and all its underlying elements (if any). In
the OMS-GUI, it means that the network element is invisible for the logged on user.In the UMT, it means
that underlying elements will all be in the Deny Access state.

Subnet level: deny access on the entire subnet including all the nodes and slots; Individual node and slot
access rights will be lost and overwritten (topdown).
Node level: deny access on the node including all its slots; Individual slot access rights will be lost and over-
written (topdown).
Slot level: deny access on the slot only;
Service
Group or
Service

Service Group: Checking this checkbox allows that the access for the entire service group (=all its services)
is configured via access level 1 ( ); Checking this checkbox also checks all its included services.

Service: Checking this checkbox allows that the access for this service is configured via access level 1
( );
Service
Group or
Service

Service Group: Unchecking this checkbox denies access for the entire service group (=all its services) in the
OMS GUI; The entire service group will not be visible in the OMS GUI. Unchecking this checkbox also un-
checks all its included services.

Service: Unchecking this checkbox denies access for this service in the OMS GUI; This service will not be
visible in the OMS GUI.
Service
Group

This checkbox can only occur on a service group and indicates that its included services have a mix of
checkbox values, some checked, some unchecked. Clicking it will check this checkbox and all its included
services. As a result, will change into .
/ Click these icons to expand/collapse the network element treeview for an optimized view.

Open Transport Network User Management Tool v9.2
AG-M425-E-1 Page 9 of 22
The Resulting Access Indicators on a specific cell, as indicated in the figures above can be found in the table below.
Resulting
Access
Indicator
Description
C
The Access Profile has full Configuration rights on the
- referred network element (subnet, node or slot) including all its underlying elements, if any;
- referred service group or service;
M
The Access Profile has Monitoring rights on the
- referred network element (subnet, node or slot) including all its underlying elements, if any;
- referred service group or service;
--
The Access Profile has no access on the
- referred network element (subnet, node or slot) including all its underlying elements, if any;
- referred service group or service;
X
The Access Profile indicates a mix of access rights within the hardware (vertically): X is added when an
underlying hardware element is configured with a different access right than its parent. E.g when a subnet is
configured as C and one of its nodes is configured with M or --, the C of the subnet will turn into CX.
( )
The Access Profile indicates a mix of checkbox values in the service group (horizontally): ( ) is added in a
service group cell when a checkbox change of one its underlying services results in a mix of checkbox val-
ues for the entire service group.

The table below shows the possible combinations of the Access Control Icons, an their Resulting Access Indicators.

Service Group
(e.g. LAN Services)
Service
(e.g. ET100HX4)

Hardware

C (C) -- C --
CX (CX) -- CX --

M (M) -- M --
MX (MX) -- MX --

-- -- -- -- --

2.3.2 Default Access Profiles
See 2.3.3.
2.3.3 View Access Profile
Click on an Access Profile on the left-hand side in the figure below to view its configured access rights, e.g. click on
Administrators or Configurators. The windows below appear. You can see for example the following:
Administrators have by default full configuration rights (=C) and can use the OMS-FEM. This Access Profile cannot be
changed.
Configurators have by default no access rights at all (=--). This Access Profile can still be changed.

Compare default Access Profiles
Administrators Configurators


User Management Tool v9.2 Open Transport Network
Page 10 of 22 AG-M425-E-1
2.3.4 Create Access Profile
1. Right-click Access Profiles in the left-hand menu and select Create Access Profile.

Right-click



2. The window below appears.




3. Assign a Name to the new Access Profile, e.g Operators.

4. By default, access is denied on all the network elements ( , --) in the entire subnet and all the services are allowed to
be configured with Level 1 (=hardware) access rights (checked checboxes). By default, it is also allowed to use the OMS-
FEM.

5. First assign the necessary access to the required network elements for this Access Profile. It must be done via clicking
, or on the desired network elements, and this in topdown direction. Always start at the highest level, first
subnet, then node and last the slot security Expand the treeview where necessary to fine tune more on lower level
elements. ATTENTION: Setting the security on a network element will also overwrite the security of its underlying network
elements. For example, lets assign the following access rights on the following network elements (expand the treeview
where necessary):

Subnet X3M-2500: Configuration ( ) all the underlying nodes turn into Configuration (=C) access
Node 73: Monitoring ( )
IFC1: Access Denied ( )
Node 74: Monitoring ( )
IFC1: Access Denied ( )

6. After clicking all the access buttons in the correct order, indicated with arrows in the window below, your Access Profile
could look as follows:

Open Transport Network User Management Tool v9.2
AG-M425-E-1 Page 11 of 22


7. Click the Create button to create and save the new Access Profile.
8. Your new Access Profile will appear in the list in the figure below:



9. This Access Profile can still be modified later on, see 2.3.5.


2.3.5 Modify Access Profile
Below, an example has been worked out. Other examples or configurations can be done similarly. For example:
Modify the Operators Access Profile as follows:
Deny Access on slot IFC-3 on node 74;
Deny Access on the MGT and GET services for the entire network.
1. Click on the Operators Access Profile on the left-hand side to show its current settings.




User Management Tool v9.2 Open Transport Network
Page 12 of 22 AG-M425-E-1
2. The windows below appears:



3. Navigate to node 74 slot 3 by expanding ( ) the subnet X3M-2500 and node74 treeview. Deny access to this IFC-3 slot
by clicking its associated Deny Access button.





4. Navigate to the GET and MGT services by expanding ( ) the LAN Services. Deny access to GET and MGT services by
unchecking their associated checkboxes as indicated in the figure below.

Open Transport Network User Management Tool v9.2
AG-M425-E-1 Page 13 of 22



5. Click the Save button to save the modified Access Profile.

6. ATTENTION: Users already logged in with this Access Profile in the OMS-GUI before the modification, will not be affected
by the change. The changes will only affect OMS-GUI sessions that were started after the modification.

2.3.6 Delete Access Profile
1. In the left-hand menu, right-click on the Access Profile that must be deleted, e.g. Operators and select Delete Access
Profile.




2. In the pop-up window below, click the Delete button to delete the Access Profile or click Cancel to not delete the Access
Profile.




User Management Tool v9.2 Open Transport Network
Page 14 of 22 AG-M425-E-1
2.4 Users
2.4.1 General
User managment is needed to administrate users, which are necessary to login in the OMS GUI via the login window below. If
nothing is administrated, login is always possible via one of the default users (see 2.4.2).

2.4.2 Default Users
At first time use of the UMT, there are always two default users available, see table below. Both these default users are as-
signed to the Administrators Access Profile. There will always be at least one Administrator. The last Administrator can never
be deleted. The last Administrator does not have to be a default Administrator, it could also be a newly created Administrator.

Access Profile User Name Password
Administrators oms oms
Administrators admin adminOmse


2.4.3 Create User
1. In the left-hand menu, right-click on Users and select Create user.



2. The window below appears. Fill out all the user information. The User Name and Password will be used later on to log on
in the OMS GUI. The User Name is not casesensitive. Which network elements will be accessible by the logged on user
in the OMS GUI, is or will be configured in the Access Profile. Make sure to assign the correct Access Profile to this user.


Open Transport Network User Management Tool v9.2
AG-M425-E-1 Page 15 of 22

3. As an example, your filled out window could look as follows.



4. Click the Create button to create the new user. The new user will appear in the users list with its User Name.



2.4.4 Modify User
All user fields can be modified. As an example, we will modify the Access Profile of an existing user.
Example: Assign user J ohnW to another Access Profile e.g. from the Operators to the Administrators Access Profile.
1. Click on the User Name in the left-hand users list that needs to be modified, in this example J ohnW.



2. The window below appears. Change the Access Profile. Click the Save button to save the changes.



User Management Tool v9.2 Open Transport Network
Page 16 of 22 AG-M425-E-1
3. ATTENTION: Modified users already logged in the OMS-GUI before the modification, will not be affected by the change.
The changes will only affect OMS-GUI sessions that were started after the modification.


2.4.5 Delete User
1. In the left-hand menu, right-click on the user to be deleted, e.g. J ohnW and select Delete user.



2. In the pop-up window below, click the Delete button to delete the user or click Cancel to not delete the user.




2.5 Export Users/Access Profiles
Via the menu File Export Users/Access Profiles, an export feature is provided to export users and acccess profiles
from a source database into another destination database. This feature can be used for example when you want to apply
quickly the same users and access profiles from an older database (=source database) into a new database (=destination
database), for example after an OMS upgrade.
ATTENTION: both source and destination databases must have exactly the same hardware and services configuration !
Follow the steps below to perform the export:
1. Make sure that your destination database exists or has been created, and that it has exact the same hardware and
services configuration as your source database.This can be done e.g. after an upgrade of your OMS, by saving your
hardware from the live network (via OMS GUI Configuration Save) into the new (destination) database.

2. Stop the servers on the OMS Console via the Stop Server(s) button;

3. In the OMS Console, select your old source database, which has all the users and access profiles configured, and start
the servers via the Start Server(s) button;

4. In the OMS Console, after the servers have started up successfully, start the UMT via the Start User Management button
and login via an administrator account;

5. In the UMT, perform the export to the destination database via File Export Users/Access Profiles, ATTENTION:
both source and destination databases must have exactly the same hardware and services configuration ! Click OK.
Open Transport Network User Management Tool v9.2
AG-M425-E-1 Page 17 of 22



6. In the figure below, select the destination database, e.g. 9225x, click the refresh button if your destination database not
directly shows up in the database list:




7. Click the OK button to start the export....a result window pops up:





8. If the export was successful, stop the servers on the OMS Console via the Stop Server(s) button;

9. In the OMS Console, select your new destination database and start the servers via the Start Server(s) button;

10. In the OMS Console, after the servers have started up successfully, start the UMT via the Start User Management button
and login via an administrator account;

11. The UMT shows now the new (destination) database with the imported users and access profiles from the old (source)
database. The users and access profiles become active in the OMS GUI after a restart of the OMS GUI.





User Management Tool v9.2 Open Transport Network
Page 18 of 22 AG-M425-E-1
3. IN THE OMS GUI
3.1 Administrator Access Profile
Network Elements: All network elements (subnet, nodes, slots) are visible and can be created/configured/deleted in the
OMS GUI, see figure below.
Services: All service groups or services are visible, 4 services have been programmed. All services can be
created/configured/deleted in the OMS GUI, see second figures below.
Expert View in OMS GUI: only possible with if the logged on user has the Administrator Access Profile.

Conf igure
Administ rat or:
All Services possible
User Management Tool
OMS GUI
Conf igure


Open Transport Network User Management Tool v9.2
AG-M425-E-1 Page 19 of 22
3.2 (Default) Configurators Access Profile
Network Elements: Access denied to all network elements, see figure below.
Services: All services allowed to be access configured.

Access Denied:
nothing visible
(def ault ) Configurat ors:
No Services possible
User Management Tool OMS GUI


No Services visible


3.3 Customized Operators Access Profile
Network Elements: The Access Profile has been configured as follows:
Node 70,71,72: Configuration ( )
Node 73: Access Denied ( )
Node 74: Monitoring ( )
IFC1: Access Denied ( )
Services: LAN Services are not allowed to be configured/created. All the other services are allowed to be
configured/created.


User Management Tool v9.2 Open Transport Network
Page 20 of 22 AG-M425-E-1
Conf igure
Monit or
Access Denied:
Node 73 not visible
in OMS-GUI
Access Denied:
Slot 74-IFC1 not
visible in OMS-GUI
Conf igure
Monit or
Access Denied, not visible:
Node 73
Node 74-IFC1
User Management Tool OMS GUI


Conf igure
LAN Services not in the list
(e.g; ET100, ET100HX4....)
User Management Tool OMS GUI
LAN Services not accessible


Open Transport Network User Management Tool v9.2
AG-M425-E-1 Page 21 of 22
3.4 Event Log View
The Event Log View in the OMS GUI shows in the UserName column which logged on user has triggered which events. See
figure below:


3.5 Alarm Log View
Depending on the rights that a user has on a specific network element (via UMT), the logged on user in the OMS GUI can do
the following actions on alarms that refer to this specific network element. Alarms appear in the Alarm Log View in the OMS
GUI:
C(onfiguring): the logged on user in the OMS GUI can View, Clear and Acknowledge alarms (see first figure below);
M(onitoring): the logged on user in the OMS GUI can only View alarms (see second figure below);
-- : the logged on user has no access at all to these alarms, and as a result will not see them in the OMS GUI.


User Management Tool OMS GUI
Subnet: 87OTN600
Node: 150
IFC: 3
Al arm Handl i ng:
C Confi guri ng

User Management Tool v9.2 Open Transport Network
Page 22 of 22 AG-M425-E-1
Subnet: 87OTN600
Node: 150
IFC: 3
Al arm Handl i ng:
M Onl y moni tori ng
User Management Tool OMS GUI



4. ABBREVIATIONS
GUI Graphical User Interface
LAN Local Area Network
OMS OTN Management System
OTN Open Transport Network
UMT User Management Tool