This chapter describes how to install Oracle Communications Session Monitor.
Before installing Session Monitor, read the following:
You can install Session Monitor using either the ISO installer or the Red Hat Package Manager (RPM):
ISO Installer
The ISO installer installs the Oracle Linux operating system and the Session Monitor applications and components. For installation instructions, see "Installing Session Monitor Using the ISO Installer".
RPM
The RPM installer does not install Linux. The RPM requires an installation of Oracle Linux on the computer that will host your Session Monitor applications. For installation instructions, see "Installing Session Monitor Using the RPM".
The ISO installer installs Oracle Linux operating system and Session Monitor applications and components.
Note:
Oracle X7-2 server does not support Session Monitor Installation using ISO installer.Installing Session Monitor using the ISO installer requires a server with no operating system. The Session Monitor installer erases any existing files on the primary and secondary disk on which Session Monitor is installed. Back up any important files on the disk before proceeding with the installation. For more information on preparing the Session Monitor ISO installation media, see "Preparing Session Monitor Installation Media".
This section describes installing Session Monitor installation using the ISO installer.
To install Session Monitor with the ISO installer:
Download the Session Monitor ISO installer by doing the following:
Download the software pack for your operating system from the Oracle software delivery web site.
Download the Session Monitor ISO image and follow the instructions in "Preparing Session Monitor Installation Media" in a local computer.
Insert the DVD or attach the USB flash drive and restart the server that will host Session Monitor.
Ensure that the server boots from the installation media. This is usually done using a one-time boot option.
The Session Monitor installer Boot Menu screen appears.
Start the installation process by pressing Enter.
The installer verifies whether the hardware passes the minimum system requirements for Session Monitor.
The OCSM Installer - Network Configuration screen appears containing a list of supported network interfaces together with their hardware addresses (MAC).
If the minimum system requirements are not met, the installation stops and a dialogue box providing the reason for failure appears. For example, see the following message:
Problems were found:
* Found only 1 CPU threads instead of at least 8.
* Found only 1.95 GB system memory instead of at least 7 GB.
Abort the installation.
See "Session Monitor System Requirements" or contact your Oracle Customer Support for more information on the minimum system requirements.
From the Network device list, select the network interface you require for accessing the Session Monitor web interface and click OK.
From the Network type list, select the following setting that is appropriate for your network and :
To automatically configure the network port IP address with the dynamic host configuration protocol (DHCP), select dhcp.
To manually configure the network port IP address, select static.
Click OK.
When prompted, enter the IP address, netmask, and default gateway values of your network.
The OCSM Installer - Disk Configuration screen appears.
From the Primary disk list, select the primary disk or disk array on which to install Session Monitor and click OK.
The OCSM Installer - Software Installation screen appears.
(Optional) The Session Monitor operating system and database are installed on the primary disk of the server that hosts the mediation engine. If your server has more than one disk, you will receive a prompt to choose to either keep all your data on one disk or store your data on a secondary disk. To store your data on a secondary disk, click Yes.
Note:
The default size for the primary disk is between 70 GB and 2 TB. If you require a larger disk array for data storage, configure it as a secondary disk.In the Enter a password for the root user field, enter the root user password and click OK.
In the Confirm the root user password field, re-enter the root user password and click OK.
The installer prepares the disks, sets up the system, and updates the firmware required for the hardware components.
Important:
Do not power off the system during this process, as this may leave components in an unusable state.The OCSM Installer - Finished screen appears.
The installer prompts you to remove the Session Monitor flash drive installation media.
Press Enter and remove the installation media.
Verify that the installation is successful by restarting the system from the primary hard disk that you chose in step 8.
If the installation is successful, a console appears, displaying the Session Monitor secure URL.
If unsuccessful, check the /var/log/ocsm/pld-installer.log file.
See "Session Monitor Post-Installation Tasks" for the post-installation configuration steps.
You can choose to install Session Monitor using the RPM if you would like to set up the machine with the Oracle Linux operating system or if the machine on which you will install Session Monitor is already running Oracle Linux.
Note:
Session Monitor requires the yum groups @base and @core.This section describes installing the Session Monitor using RPM.
To install Session Monitor using an RPM:
Change the edition of MySQL by doing the following:
Go to the Oracle Software Delivery web site:
Read and accept the license agreement and export restrictions and click Continue.
Download the latest Enterprise edition of MySQL in version 5.5 series.
Uninstall the Community edition of MySQL by running the following command:
yum remove -y mysql-community-common
Install the Enterprise edition of MySQL by running the following command:
yum install -y mysql-commercial*.rpm
Install the yum utils by running the following command:
yum -y install yum-utils
Enable the latest Oracle Linux 7 add-on's by running the following command:
yum-config-manager --enable ol7_latest ol7_UEKR4 ol7_optional_latest ol7_addons
Install the latest epel by running the following command:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
If you have a running Oracle Linux 7 (DPDK) probe with an Oracle Communications Session Monitor version prior to 3.4.0, uninstall Session Monitor by running the following command:
yum remove ocsm
Verify that the system hosting the mediation engine is connected to the Internet.
Log on to the Mediation Engine server as the root user.
Verify that Oracle Linux 7 is installed by running the following command:
cat /etc/oracle-release
Download the Session Monitor software by doing the following:
Create a temporary directory (temp_dir) on the system that hosts the mediation engine.
Download the software pack for your operating system from the Oracle software delivery web site.
Download the Session Monitor installation software RPM ZIP file to temp_dir.
Unzip the Session Monitor installation software RPM ZIP file.
Install the Session Monitor RPM file by running the following command:
yum install ocsm-rnx86_64.rpm
where:
rn is the current Session Monitor release number.
For example, ocsm-3.4.0.0.0.x86_64.rpm.
The following partitioning options are available:
Single partition (default option)
Secondary partition for data storage
Perform the following steps to create separate partition for data (block) storage:
Create the partition for data storage
Run the following command to create a directory to mount the partition:
mkdir -pv /opt/oracle/ocsm/var/vsi
Adjust /etc/fstab to mount the data storage partition. For example:
LABEL=PLD_DATA /opt/oracle/ocsm/var/vsi ext4 defaults,nosuid,nodev,nofail 0 2
Result: During installation partition will be detected by product setup application and the system uses the separate partition.
Verify the installation by doing the following:
Navigate to /var/log/ocsm file.
Verify whether the following log file exists:
ocsm_installed_*.log
Adjust the firewalld to access the Session Monitor applications by doing the following:
Allow firewalld to access the HTTPS service (port 443) by running the following command:
firewall-cmd --permanent --zone=public --add-service=https
(Optional) If you are planning to configure the system as a mediation engine, allow the firewalld to access the probe connection by doing the following:
For SBC (embedded) probes:
firewall-cmd --permanent --zone=public --add-port=4740/tcp firewall-cmd --permanent --zone=public --add-port=4740/tcp
For standalone probes:
firewall-cmd --permanent --zone=public --add-port=4741/tcp firewall-cmd --permanent --zone=public --add-port=4742/tcp
Reload the configuration by running the following command:
firewall-cmd --reload
Note:
If you are planning to enable additional services, see the discussion about network security in Oracle Communications Session Monitor Security Guide for a complete list of services and their respective ports.Disable SELinux by running the following command:
setenforce 0 sed -i -e "s/^SELINUX=.*/SELINUX=disabled/" /etc/selinux/config
See "Session Monitor Post-Installation Tasks" for the post-installation configuration steps.
Note:
Configuring reverse proxy server is optional.The Session Monitor services are available to you through a reverse proxy web server. By default, the Session Monitor comes with a bundled copy of NGINX, the configuration files located at /opt/oracle/ocsm/etc/nginx file. However, you may choose to use another web server, such as Apache. A sample configuration file for Apache 2.4 is located at /opt/oracle/ocsm/etc/httpd/conf.d/pld.conf file.
After installing Apache, run the following commands to enable Apache as a front-end web server instead of NGINX:
systemctl stop pld-nginx.service systemctl disable pld-nginx.service ln -sf /usr/lib/systemd/system/{httpd,pld-webserver}.service cp /opt/oracle/ocsm/etc/httpd/conf.d/pld.conf /etc/httpd/conf.d/ mv /etc/httpd/conf.d/ssl.conf{,.orig} systemctl daemon-reload systemctl start httpd.service systemctl enable httpd.service
If you choose to authenticate users at the level of the reverse proxy, you must uncomment the sections in the sample Apache configuration file which configures LDAP authentication for the /me/ and /mec/ routes, and modify them as appropriate for your authentication provider. Additionally, you must enable external authentication in the Mediation Engine and the Mediation Engine Controller. See the discussion on external authentication in the Operations Monitor User's Guide.
Note:
The NGINX Web Server provided with Session Monitor does not support the external authentication. To enable external authorization you are required to have NGINX Web Server that provides external authentication and is optional.The following procedure explains configuring external authentication using Apache Web Server as it is widely used.
To configure Apache in Session Monitor for authenticating with LDAP service:
Login to Session Monitor.
Click Admin and select Settings.
Enable the setting, External authentication enabled and set it to True.
Logout from Session Monitor.
(Optional) If the current web service is NGINX, change to HTTPD by performing following steps:
Run the following commands to install the Apache Web Server and mod_ssl packages:
Note:
If you have proxy server, to complete download, edit the proxy settings for the external downloads to be successful.Important:
Install Apache Web Server and mod_ssl packages together as the httpd package executes a post-install script which uses mod_ssl for generating a localhost certificate. The certificate is required for the default httpd service configuration.If the certificate is not generated, enter the following lines in the /etc/httpd/conf.d/ssl.conf file to start httpd server:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Note:
If you have installed Session Monitor using the ISO, then httpd and mod_ssl are pre-installed.If the localhost certificates are not generated, perform the following workaround to start the Apache server:
Remove the ssl.conf file from the etc/httpd/conf.d file.
Add the line ”Listen 443” at the beginning of the file, /opt/oracle/ocsm/etc/httpd/conf.d/pld.conf which has a symbolic soft link in the same folder.
Run the following commands to install all additional packages:
$ yum groupinstall ”Development Tools” -y
Run the following commands to install the required httpd modules and to enable external authentication in Apache:
$ yum –enablerepo=ol7_optional_latest install mod_ldap
Run the following command to configure httpd to perform external authentication:
$ vi /etc/httpd/conf.d/pld.conf
Add following location section in ’< VirtualHost_default_:443 >', after RequestHeader unset X-Forwarded-User:
< Location > RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule .* - [E=RU:%1,L] AuthType basic AuthName <”LDAP authentication”> AuthBasicProvider ldap AuthLDAPURL <”ldap:///dc=LDAP_Server,dc=com?uid?one”> AuthLDAPBindDN ”cn=ldapadm,dc=LDAP_Server,dc=com” AuthLDAPBindPassword Require valid-user RequestHeader unset X-Forwarded-User RequestHeader set X-Forwarded-User %{RU}e </ Location >
Where:
LDAP_Server is your LDAP server name
<”LDAP authentication”> is the AuthName for Session Monitor LDAP authentication.
<”ldap:///dc=LDAP_Server,dc=com?uid?one”> is your LDAP server IP address to which, the authentication request is sent by Session Monitor. As DC and CN are LDAP specific, check the DC and CN values with your Local LDAP configuration.
< password > is the password for LDAP server to which authentication to the specific user is to be processed. It should be a Hashed Password.
Uncomment following parameters:
RewriteEngine On RewriteCond %{SERVER_PORT} 443 RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule .* - [E=RU:%1,L] RequestHeader set X-Forwarded-User %{RU}e
Change the AuthName directive in the Location /me/logout.html to AuthName ”LDAP authentication” or the 'AuthName' in the 'Location' tag, if in case of any change in it.
Run the following commands to stop and disable the nginx server:
$ systemctl stop pld-nginx.service $ systemctl disable pld-nginx.service
Run the following command to switch the pld-webserver link to httpd:
$ ln -sf /usr/lib/systemd/system/{httpd,pld-webserver}.service
Run the following command to reload systemd for viewing the changes:
$ systemctl daemon-reload
Run the following command to start and enable the httpd:
$ systemctl start httpd.service $ systemctl enable httpd.service
Run the following command to start/re-start httpd server to enable external authentication:
$ service httpd start $ service httpd restart
Result: The httpd server of Session Monitor has been configured for external authentication.
When you open the Session Monitor in web browser, the external authentication pop-up appears. On providing the correct LDAP user credentials, the user will be logged in successfully.
This section provides instructions for the post-installation tasks for Session Monitor.
Before starting the post-installation tasks, verify that Session Monitor installation tasks are completed and all components are installed. See "Installing Session Monitor Using the ISO Installer" or "Installing Session Monitor Using the RPM".
The Platform Setup Application guides you through the Session Monitor configuration steps, including configuring the machine type, capture settings, and simple mail transfer protocol (SMTP) settings as follows:
Accept the license agreement to proceed with the Platform Setup Application.
The menu on the right shows your progress during configuration.
The Machine Type page sets which licensed Session Monitor applications are installed. In the Server Certificate page, you can upload your signed certificate for secure HTTPS connections.
Subsequent sections configure the Session Monitor server for your network. These steps are optional.
Except for Machine Type and Extensions, you can review and change settings at any time by visiting the Platform Setup Application at https://ip_address/setup/, where ip_address is the IP address of the server that hosts a Session Monitor application. This URL is valid for any Session Monitor server.
In the final step, each selected Session Monitor application is installed.
After a successful installation, the log in page appears for each of your licensed Session Monitor application.
All the Session Monitor application interfaces are accessed through encrypted HTTPS connections. At the initial login, your web browser may not recognize the server and displays the This Connection is Untrusted warning message. Click Confirm Security Exception to proceed.
For information about how to protect connections to the system and avoid the untrusted certificate warning in the future, see Oracle Communications Session Monitor Security Guide.
This section describes how to configure Session Monitor using the Platform Setup Application.
To configure Session Monitor:
In a web browser, go to https://ip_address/setup.
The Platform Setup Application Log in page appears.
In the Username field, enter sysadmin and; in the Password field, enter oracle.
The License Terms agreement page appears.
Accept each Session Monitor application license terms agreement, by selecting the I agree to the license terms check box.
Click Proceed.
The Change Password dialog box appears.
The Platform Setup Application page appears.
Change the password by doing the following:
In the Set password field, enter a new password.
Note:
The password must have at least 8 characters. The password must contain at least one uppercase character. The password must contain a number. The password must contain a special character (@, #, -, _, .).In the Repeat password field, re-enter the password used in the previous step, which verifies that the password value was entered correctly.
Click Change.
The Machine Type page appears.
On the Machine Type page, select the machine type on which to install your licensed Session Monitor applications and components:
To install an Operations Monitor probe, select standalone Probe.
To choose different Session Monitor applications, select the MediationEngine and then select the required product (or applications) as per the license:
To install Oracle Communications Operations Monitor, select the Communications Operations Monitor check box.
To install Oracle Communications Control Plane Monitor, select the Control Plane Monitor check box.
To install an Operations Monitor embedded probe, select the Probe (embedded) check box.
Only the checked items are included in the installation.
Note:
The Machine Type page only appears the first time you configure Session Monitor prior to the products installation. Machine type cannot be changed after the PSA installation is completed.You can select only one machine type for each installation process.
Packet Inspector probe is not supported on a Session Monitor probe with SIP/RTP sniffing for the calls and VQ analysis.
The products are machine-type specific and cannot be interchanged between machine types.
For example, the Probe machine type requires a probe product, and the Mediation Engine machine type requires the Operations Monitor product.
The machine type Mediation Engine Probe (embedded) must be chosen either with Operation Monitor or with Control Plane Monitor option selected.
For more information, see "Selecting the Machine Type".
Click Continue.
The machine type and application information appear in the status panel located on the right under the navigation list.
The Configuration page appears.
Configure the Session Monitor settings for the machine type you chose in step 5 in accordance with the terms of your license as follows:
From the Capacity section in the Concurrent calls field, enter the number of concurrent calls printed on your license.
If you have licensed RTP recording, select the RTP Recording check box.
From the Capacity section in the Concurrent RTP streams field, enter the number of concurrent RTP streams printed on your license.
Note:
The number entered in the Concurrent RTP streams field can cause performance and stability issues if it is set higher than what your network hardware supports. Values above 20 are not recommended. Changes to the RTP recording setting take effect only after restarting the system.From the Extensions section, select all the product extensions you have licensed.
Note:
You cannot change the configured extensions after the installation. All Oracle Communications Session Monitor Enterprise users should select Media quality.For more information, see, "Configuring Session Monitor".
Click Continue.
The Disk Usage page appears.
On the Disk Usage page, specify the maximum disk usage partition for the Packet Inspector.
Note:
On the Disk Usage page, specify the maximum disk usage partition for the shared filesystem containing the database/data storage (single raid systems). For systems with two raid arrays you can select the usage independently for both filesystems. For Probes with Packet Inspector feature you would be able to select the maximum storage capacity.The ME Connection List page appears.
Note:
The ME Connection List page appears only if you have selected machine type as Probe or Mediation Engine and Probe.(Optional) If you selected Probe on the Machine Type page, set which mediation engines are connected to the Operations Monitor probe.
Click Add a new ME.
In the Hostname or IP field, enter the IP address of the machine that hosts the mediation engine.
In the Port field, enter the port number of the mediation engine. For a Cleartext transmission enter 4741 and for TLS enter 4742.
In the Name field, enter a name for the mediation engine.
In the TLS field, select the checkbox for TLS transmissions or leave the checkbox unchecked for Cleartext.
The Operations Monitor Probe can transmit data to one or more mediation engines with either transport layer security (TLS) encryption, or with un-encrypted Cleartext. A mediation engine can connect to more than one Operations Monitor Probe or more than one Session Border Controller Probe. Add your list of mediation engines as follows:
Click Continue.
The Trusted Certificate page appears.
In the Upload signed certificate field, select Browse and locate the signed certificate file.
Click Continue.
(Optional) By default, the mediation engine machine accepts only encrypted transmissions, (unless the mediation engine and probe are on the same machine); for Cleartext transmissions select the Accept insecure connections from remote probes check box.
Click Continue.
The Server Certificate page appears.
All Session Monitor interfaces are accessed through encrypted (secure) HTTPS connections. Each Session Monitor machine uses a unique certificate to establish secure connections and to guarantee its authenticity and protect users' data.
Do one of the following:
To use the self-signed certificate, click Continue.
To sign the server certificate with your organization's Public Key Infrastructure (PKI):
Select Download request.
Sign the certificate with the X.509 format.
In the Upload signed certificate field, select Browse and locate the signed certificate file.
Click Continue.
The SMTP Configuration page appears.
Note:
To regenerate a key and certificate on install, select Regenerate key and self-signed certificate on install and click Continue.
(Optional) Click Download current certificate to download the current self-signed certificate.
Session Monitor can send notifications and alerts directly to a user's email address. If you require notifications or alerts, select the Enable SMTP check box and fill in the relevant fields with your SMTP server details.
Click Continue.
The Capture Settings page appears.
The Capture Settings page contains a list of configured network interfaces. Monitoring can be enabled and disabled. You should have configured network devices while installing Oracle Linux 7.
For more information, see "Configuring the Capture Settings".
Click Continue.
The Data Retention page appears.
To configure Data Retention page, see "Configuring Data Retention".
Click Continue.
The Install page appears.
(Optional) Click Download Configuration, which downloads your configuration settings file in the default download location of your system.
Open the psa_conf.json configuration file and verify your settings.
Click Install.
The Did you select the right applications dialog box appears.
Verify that you have chosen the correct Session Monitor applications and components for installation; after installation is complete, the selected applications and components cannot be changed.
Click OK.
The Platform Setup Application initiates the installation and reports its progress.
The Installation Complete dialog box appears.
Do one of the following:
To go back to the Platform Setup Application, click Back to Setup.
To go to a Session Monitor application dashboard, click Go to Application.
The credentials for logging in to Session Monitor are:
For Platform Setup Application, enter the user name provided by Oracle and the password you set up in step 5.
For Operations Monitor and Control Plane Monitor, enter the login credentials provided by Oracle Sales Consultant.