Oracle® Communications Service Broker System Administrator's Guide Release 6.1 Part Number E29444-01 |
|
|
PDF · Mobi · ePub |
This appendix contains reference information on directory structures and directory contents, along with details about the installer files, start-scripts, and JDKs.
This section specifies the authentication methods, directory structure, directory contents, and start-scripts for the Administration Server.
The Administration Server enables different authentication methods for these clients:
Administration Console
Remote JMX-client
Scripting Engine
The Administration Console supports a single user. By default the security for this user includes Digest Authentication and an SSL connection between the Administration Console and the Administration Server.
The first time you start the Administration Server you are prompted to supply a user name and password. For example:
# ./admin.sh /<Domain Path> Please enter username and password that will be required to access the web interface. Enter Username: User Enter Password: *******
These login credentials must be reentered for each Administration Console session.
To reset the user name or password, you must restart the Administration Server.
An alternative method of authentication is available by using a credential store. After product installation, but before starting the Administration Server you can configure this type of security. See the Chapter "Administering Credential Stores" in the Oracle Communications Service Broker Security Guide.
A remote JMX-client, such as JConsole, provides various options for securing its connection to the server. You use standard Java properties for remote access enabling SSL, users, passwords, and roles.
The Java documentation is located here:
http://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html
System properties that are described you can set using AXIA_OPTS environment variable.
Example A-1 Using No Security - Not Recommended
-Dcom.sun.management.jmxremote.port=1234 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
Note:
The next example requires that you create the keystore, password, and access files. The location of the keystore/truststore is configured in properties/common.propertiesAll administration server directories and contents are installed under the directory:
Linux and Solaris: Oracle_home/ocsb61/admin_server
Oracle_home is the Oracle home directory you defined when you installed the product.
Table A-1 describes the directory structure and the contents of the directory structure.
Table A-1 Directory Contents and Structure for Administration Clients Relative to Oracle_home/ocsb61
Directory | Description |
---|---|
admin_server |
Top-level directory for all administration server clients. Contains start-scripts for:
Also contains files related to log4j:
|
admin_server/applications |
Created during start-up. Empty directory. |
admin_server/extensions |
Extensions to the Administration Server specific to the features installed. |
admin_server/extensions_cef |
Extensions to the Administration Server specific to the features installed. |
admin_server/domain_configuration |
Contains these directories:
|
admin_server/modules |
Contains all OSGi bundles for the administration clients, the Processing Server and the Signaling Server. |
admin_server/osgi |
Contains OSGi-specific configuration for the Administration Server processes. |
admin_server/properties |
It contains property files used by the start-scripts for:
|
admin_server/scripts |
Contains these scripts used for domain creation:
Contains the /database directory containing scripts for configuring databases for the Service Broker features that require it. |
admin_server/utils |
Contains utilities used by the SVC and VPN features. |
admin_server/workspace |
Contains metadata for administration clients. |
Table A-2 provides information about start-scripts for Service Broker.
Table A-2 Start-scripts for the Administration Clients
Script | Description |
---|---|
script.sh |
Starts the Scripting Engine. script.sh calls common.sh. See "Using the Scripting Engine to Configure a Domain" for details. |
start.sh |
Starts the managed server. |
web.sh |
Starts the Administration Server. web.sh calls common.sh. |
host.sh |
Starts the Domain Web server. host.sh calls common.sh. See "Starting and Stopping Processing and Signaling Servers" for information on how to use the script. |
common.sh |
Starts the Administration Server, Scripting Engine, and the Domain Web server based on the environment variables set by the script that calls it. Defines the environment variables that send additional arguments to the JVM:
|
Table A-3 lists property files in
Oracle_home/admin_server/properties and their settings.
Table A-3 Property files used by the Administration Clients
Property File | Description |
---|---|
common.properties |
Defines properties common to the:
The properties specified are:
See the common.properties file and Table A-8 for details on the property settings. See Table A-9 for information on the security entries. |
create_db_table.properties |
Defines properties for the SVC and VPN applications. The properties specified are:
|
hosting.properties |
Defines properties for the Domain Web server. The properties specified are:
See hosting.properties and Table A-8 for details on the property settings. See Table A-9 for information on the security entries. |
script.properties |
Defines properties for the Domain Web server. The properties specified are:
See script.properties file and Table A-8 for details on the property settings. See Table A-9 for information on the security entries. |
admin.properties |
Defines properties for the Administration Server. The properties specified are:
See the admin.properties file and Table A-8 for details on the property settings. See Table A-9 for information on the security entries. |
This section specifies the directory structure, directory contents and start-scripts for Processing Servers and Signaling Servers.
Processing Servers and a Signaling Servers are installed under the directory:
Oracle_home/ocsb61/managed_server
Oracle_home is the Oracle home directory you defined when you installed the product.
Table A-4 describes the directory structure and the contents of the directory structure.
Table A-4 Directory Contents and Structure for Processing Servers and Signaling Servers relative to Oracle_home/ocsb61
Directory | Description |
---|---|
managed_server |
Top-level directory for a Processing Server and a Signaling Server. Contains start-scripts for the Processing Server and the Signaling Server. Contains the property file server.properties. Also contains files related to log4j:
These files are relevant up the point in the platform life cycle when the bundle for the log4j service is started. After this point, this configuration is overridden by the configuration in the log4j service itself. |
managed_server/config |
Contains configuration data. |
managed_server/modules |
Contains all necessary bundles to start the OSGi framework and bundles for:
The bundles in this directory are the minimal set necessary to initiate the server and load the contents of the domain configuration directory. |
managed_server/osgi |
A working directory for the Managed Server process. |
managed_server/ss7 |
Contains binaries for the SS7 stacks for TDM and Sigtran. |
Table A-5 gives information property files in:
Oracle_home/managed_server/properties
Table A-5 Property Files Used by Processing Servers and Signaling Servers
Property File | Description |
---|---|
server.properties |
Defines properties common for Processing Servers and Signaling Servers. The properties specified are:
See the server.properties file and Table A-8 for details on the property settings. |
This section specifies the directory structure and directory contents for domains.
Domain directories are created, one for each domain, under the domains home directory, by the domain creation script.
Domains_home/Domain_dir
Domains_home is the directory where you store all domain directories, also know as domain configuration directories. For example: /home/oracle/domains/
Domain_dir is where the domain configuration is stored
Domain directories are defined in the domain_path parameter when you run the domain creation script. Normally, all domain directories are created under the same Domains Home directory.
Table A-6 describes the directory structure and contents of the directory structure.
Table A-6 Directory Contents and Structure for Domains relative to Domains_home
Directory | Description |
---|---|
Domain_dir |
Top-lever directory for a domain. Contains the domain configuration file initial.zip. Contains the properties file domain.properties (for Oracle internal use only). This directory is passed to the server start script and this is where a server takes its configuration from. |
Domain_dir/modules |
Contains all necessary bundles to start the domain functions: processing tier modules, signaling tier modules, or both. |
Domain_dir/protected |
Contains the domain credential file and the master passwords file protecting the credential file. Both files are encrypted. |
Domain_dir/workspace |
Contains domain configuration while it is being edited either through the Administration Console or configuration MBeans. |
Table A-7 gives information about the environment variables used.
Table A-8 describes the general system properties defined for Oracle Communications Service Broker. The security-related property entries are listed in Table A-9.
Table A-8 Description of System Properties
System Property | Description |
---|---|
axia.console.log4j.server.port |
The port to use for static log4j XML logging service traffic. Set in common.properties |
axia.platform |
Defines the start mode. These default settings must not be changed:
|
diameter.watchdog.for.dynamic.peers |
Boolean. Defines whether the Diameter SSU should send Device-Watchdog-Request (DWR) commands to dynamic Diameter peers. true - Directs Diameter SSU to send DWR commands to dynamic peers. false - Stops Diameter SSU from sending DWR commands. This is the default setting. Use AXIA_OPTS to change this setting before starting the Signaling Servers server. This example sets this setting to true: export AXIA_OPTS="-Ddiameter.watchdog.for.dynamic.peers=true" The Diameter SSU applies this property only when dynamic peers are allowed. |
diameter.tcp.keepalive.for.client.peers |
Boolean. Defines whether the TCP socket option SO_KEEPALIVE for Diameter dynamic peers is enabled. true - Enables SO_KEEPALIVE. false - Disables SO_KEEPALIVE. This is the default setting. Use AXIA_OPTS to change this setting before starting the Signaling Servers server. This example sets this setting to true: export AXIA_OPTS="-Ddiameter.tcp.keepalive.for.client.peers=true" The Diameter SSU applies this property only when dynamic peers are allowed. |
log4j.configuration |
The name of the static log4j XML configuration file. Set in common.properties for the administration tools. Set in server.properties for the Processing Server and the Signaling Server. |
org.eclipse.equinox.http.jetty.http.port |
Specifies the HTTP port number the Jetty listens for HTTP traffic on if org.eclipse.equinox.http.jetty.http.enabled is set to true. Default value is 9000. Set in:
The setting in admin.properties defines the port for the Administration Server. The setting in hosting.properties defines the port for the Domain Web server. This setting must correspond to the port defined when the domain configuration was created. |
org.eclipse.equinox.http.jetty.http.enabled |
Boolean. Specifies whether HTTP is used by the Jetty server. Set this property to:
Set in:
Must always be set to false in script.properties and admin.properties. |
org.eclipse.equinox.http.jetty.https.enabled |
Boolean. Specifies if HTTPS is used by the Jetty server. Set this property to:
Set in:
Must always be set to false in script.properties and admin.properties. |
org.eclipse.equinox.http.jetty.https.port |
Specifies the HTTP port number to use for HTTP communication if org.eclipse.equinox.http.jetty.https.enabled is set to true. The default value is 9000. Set in admin.properties and hosting.properties. |
org.eclipse.equinox.http.jetty.other.info |
Specifies which help-system to use for the Administration Console. Ignored, for future use. Set in admin.properties. |
profile.db.dbname |
Specifies the name of the profile database server used by the SVC and VPN features. The default value is orcl. Set in the create_db_table.properties file. |
profile.db.port |
Specifies the port of the profile database server used by the SVC and VPN features. The default value is 1521. Set in the create_db_table.properties file. |
profile.db.server |
Specifies the IP address of the profile database server used by the SVC and VPN features. There is no default value. Set in the create_db_table.properties file. |
profile.db.user |
Specifies the database user used by the profile database server. Used by the SVC and VPN features. The default value is ocsb. Set in the create_db_table.properties file. |
Table A-9 lists the security-related property file entries. See Table A-8 for the other system property file entries.
Table A-9 System Security Properties
System Security Property | Description |
---|---|
axia.admin.verify.hostname |
Boolean. Determines whether hostname verification is required for each administrator certificate connection. Default value is true. Set in common.properties. |
axia.digest.auth |
Boolean. Specifies whether to use digest authentication which is a standard defined by an IEEE RFC, http://www.ietf.org/rfc/rfc2617.txt. You have these options for setting the type of authentication used between the Administration Console and the Administration Server:
The default value is axia.digest.auth=true. Set in admin.properties. |
axia.console.password.validation.enabled |
Boolean. Enables/disables password strength validation. If true, the restrictions in axia.console.password.validation.min_length, axia.console.password.validation.min_length, axia.console.password.validation.require_lower, axia.console.password.validation.require_upper, and axia.console.password.validation.require_digit are enforced. Default value is true. Set in common.properties. |
axia.console.password.validation.min_length |
Defines the minimum password length. Enforced if axia.console.password.validation.enabled is set to true. Default value is 6 characters. Set in common.properties. |
axia.console.password.validation.require_lower |
Boolean. Enables/disables requirement that passwords include at least one lower-case character. Enforced if axia.console.password.validation.enabled is set to true. Default is true. Set in common.properties. |
axia.console.password.validation.require_upper |
Boolean. Enables/disables requirement that passwords include at least one upper-case character. Enforced if axia.console.password.validation.enabled is set to true. Default value is true. Set in common.properties. |
axia.console.password.validation.require_digit |
Boolean. Enables/disables requirement that passwords include at least one digit. Enforced if axia.console.password.validation.enabled is set to true. Default value is true Set in common.properties. |
axia.digest.auth |
Boolean. Specifies whether to use digest access authentication when the Administration Console connects to the Administration Server. Set this property to:
The default value is false. Set in admin.properties. |
axia.ssl |
Boolean. There are two of these settings and the default value for both is true. One is in the common.properties file that controls whether the Administration Console is required to use SSL security for all traffic. The other is the master SSL switch for the managed server. If false, no traffic with the managed server is required to use SSL security. If true, SSL security is required. |
axia.ssl.cipher_suites |
Specifies the combinations of ciphers that Service Broker supports for SSL communication between the Administration Server and its clients. The choices are:
|
https.cipherSuites |
Specifies the combinations of ciphers that Service Broker supports for HTTPS communication between the Administration Server and its clients. The choices are:
|
javax.net.ssl.keyStore |
The file name of the keystore to use for Processing Servers, Signaling Servers and administration tools. The keystore is a file that contains public and private keys used to establish SSL connections. Set in common.properties for the administration tools. Set in server.properties for the Processing Server and the Signaling Server. |
javax.net.ssl.trustStore |
The file name of the truststore to use for Processing Servers, Signaling Servers and administration tools. The truststore is a file that contains public certificates used to establish SSL connections. Set in common.properties for the administration tools. Set in server.properties for the Processing Server and the Signaling Server. |
org.eclipse.equinox.http.jetty.ssl.keystore |
Specifies the keystore to use for the Jetty HTTPS connection between the Administration Console and the Administration Server. This entry is commented-out by default. If not specified, the same keystore as defined in the property javax.net.ssl.keyStore is used. Set in admin.properties. and hosting.properties. |
Table A-10 gives information about the directory structure and contents of a domain configuration.
Table A-10 Directory Structure for a Domain Configuration
Directory | Description |
---|---|
Domain_home |
Top-level directory for a domain configuration. This directory contains:
|
Domain_home/modules |
Contains binaries and configuration data for Processing Servers and Signaling Servers in the domain. |
A bundled JDK can be installed when an administration client, a Processing Server, and a Signaling Server are installed.
These files are located in under the directory:
Linux and Solaris: Oracle_home/ocsb61
Oracle_home is the Oracle home directory you defined when you installed the product.
Table A-11 describes the directory structure and the contents of the directory structure.
Table A-11 Directory Structure for JDKs Relative to Oracle_home/ocsb61
Directory | Description |
---|---|
jdkversion |
Contains Sun HotSpot JDK. version correlates to the version of the JDK, for example 1.6.0_14 This directory is created only if you specified to install Sun HotSpot JDK during the installation. |
jrrt-version |
Contains Oracle JRockit JDK. version correlates to the version of the JDK, for example 3.1.0-1.6.0 This directory is created only if you specified to install Oracle JRockit JDK during the installation. |
A set of files and directories are created by Oracle Universal Installer.
These files are located under the directory:
Oracle_home/ocsb61
Oracle_home is the Oracle home directory you defined when you installed the product.
Table A-12 describes the directory structure and the contents of the directory structure.
Safe services is a set of services that are installed and running when the platform is in state SAFE MODE. They are the bare minimum of services that needs to be running in order to fetch server services, applications, and protocol adapters for the domain configuration and start them. Table A-13 lists these services.
See "Life Cycle of Processing Servers and Signaling Servers" for details on SAFE MODE.
Service | OSGi Bundles |
---|---|
Provisioning service |
oracle.axia.platform.provisioningservice |
Logging-related |
com.bea.core.apache.log4j oracle.axia.platform.loggingservice |
Services related to Equinox OSGi Framework |
org.eclipse.osgi.services org.eclipse.osgi.services org.eclipse.equinox.ds org.eclipse.equinox.util |