6 Managing Alarms

This chapter describes how you can manage runtime alarms raised in Oracle Communications Evolved Communications Application Server (OCECAS) by using the Simple Network Management Protocol (SNMP) service.

About Alarms and SNMP Traps

Session Design Center generates alarms during runtime processing for the following SNMP severity levels:

• Fatal

• Critical

• Warning

• Advisory

• Informational

• Clear.

These alarms are converted to SNMP Traps and sent to a trap management application. The Oracle solution for SNMP Trap Management is Oracle Enterprise Manager. OCECAS and Oracle Enterprise Manager support SNMP v3 (RFC 3411).

Standard SNMP trap managers can process the SNMP traps that OCECAS generates. For more information, see "How Enterprise Manager Supports SNMP" in Enterprise Manager Cloud Control Administrator's Guide.

About Alarms Configuration Options

You configure the options for OCECAS alarms through the Evolved Communications node in the Administration Console for the OCECAS runtime domains in your installation.

Caution:

Configure the alarms using the OCECAS Administration Console only.

Changes that you make to alarms using any other method are temporary only. They are lost/overwritten as they are not visible in the Weblogic Administration Console.

Table 6-1 lists the general settings to configure alarms.

Table 6-1 General Settings for Alarms

Configuration Entry	Description
Store Alarms	Select this check box to store alarms received inside the platform.
Maximum Alarms Stored	The maximum number of alarms to store. The default is 0.
Trap Generation Interval	Specify (in milliseconds) the frequency to generate SNMP traps after receiving alarms. The default frequency is 0 milliseconds, causing OCECAS to generate traps immediately after receiving an alarm.
Trap OID Prefix	Provide the trap object identifier prefix.
Trap Destination Address	Enter the destination address to which an SNMP trap is sent. It can be a host name, an IPv4, or an IPv6 address. IPv6 addresses are wrapped using '[]', for instance: [::1].
Trap Destination Port	Specify the port of the destination to which an SNMP trap is sent. The default port 162.
Trap Timeout	Provide the timeout (in milliseconds) when sending traps. The default timeout value is 3000 milliseconds.
Trap Retries	Specify the number of times to attempt to send a trap when there is a failure in sending a trap. Default value 2.

Table 6-2 lists the advanced settings to configure alarms.

Table 6-2 Advanced Settings for Alarms

Configuration Entry	Description
Security Level	Select the security level for the runtime OCECAS Domain. The possible settings are: NOAUTH_NOPRIV This setting supports communication without authentication and privacy. The default setting. AUTH_NOPRIV This setting supports communication with authentication but without privacy. The protocols used for Authentication are MD5 (message-digest algorithm) and SHA (Secure Hash Algorithm). AUTH_PRIV This setting supports communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA; and for Privacy, the DES (Data Encryption Standard), and AES (Advanced Encryption Standard) protocols can be used. For privacy support, install third-party privacy packages. If you plan to use a setting other than NOAUTH_NOPRIV for the security level parameter, see "Providing Custom Security Settings".
Security Username	Enter the authorised user name on the SNMP manager/receiver.
Authorization Resource ID	This entry is required to retrieve the remote user authorization password.
Privacy Resource ID	This entry is required to retrieve the remote user privacy password.
Authentication Protocol	Select the authentication protocol from the list. The selections are: AuthMD5 MD5 Authentication protocol AuthSHA Secure Hash Authentication protocol
Privacy Protocol	Select the privacy protocol from the list. The selections are: PrivAES128 Extended encryption for Advanced Encryption Standard (AES) 128 PrivAES192 Extended encryption for Advanced Encryption Standard (AES) 192 PrivAES256 Extended encryption for Advanced Encryption Standard (AES) 256
Security Model	The version of the User-based Security Model (USM) for Simple Network Management Protocol (SNMP). The current version is 3.

Configuring the Alarms

Configure the alarms by doing the following:

1. Access the Administration Console for the domain.

2. Select Evolved Communications in the Domain Structure pane.

3. Select the Alarms configuration tab.

4. Configure the entries displayed in the top section of the page. For a description of the fields, see Table 6-1.

5. Configure the entries displayed in the Advanced section of the page. For a description of the fields, see Table 6-2.

6. Click Save.

About SNMP Traps

OCECAS uses the SNMP4J library and the Java Management Extensions (JMX) Bean to help in the generation of SNMP traps. The SNMP traps use an application-specific object ID (OID).

You configure the OID through the WebLogic Administration Console. The OID should match the OID specified in the MIB file shipped with the OCECAS software.

Providing Custom Security Settings

If the SNMP trap manager or SNMP trap receiver in your installation does not use NOAUTH_NOPRIV, configure the required parameters for secure access. Each of the runtime domains (testing, staging, and production domains) must be configured and secured.

About the Security for Passwords

If the security level is not NOAUTH_NOPRIV, ensure that the trap client or trap generator you employ provides the required security. Wrap the password in the user-based security model (USM) for SNMP, version 3. For information about user-based security model (USM) for SNMP, version 3, see RFC3411 at http://tools.ietf.org/html/rfc3411.

Configuring the Required Parameters for Secure Custom Access

Complete the following steps for each runtime domain:

1. Create a new credential mapping for the domain. See "Creating New Credential Mappings".

2. Configure the alarms with the retrieved the resource IDs. See "Configuring the Alarms with the Resource IDs".

Creating New Credential Mappings

Create a new credential security mapping by doing the following:

Creating a New Credential Mapping Entry 

1. Access the Administration Console for the runtime domain.

2. In the Domain Structure panel, select Security Realms. The Access Summary of Security realms page appears.

3. In the Realms table, click on the myrealm entry. The Settings for myrealm page is displayed.

4. Click on the Credential Mapping tab. The Default Credential Mappings table lists the user password credential mappings configured for this realm using Remote Resources.

5. Click New.

   The Creating the Remote Resource for the Security Credential Mapping page appears.

Creating the Remote Resource for the Security Credential Mapping 

1. If you are not using the cross-domain protocol to create a credential mapping for a remote domain user, complete this set of steps:

   1. Make sure that the Use cross-domain protocol attribute is disabled.

      Enter information about the remote resource to be accessed using this credential mapping. This information is used to identify the remote resource.

   2. In the Protocol field, enter the protocol to use to reach the remote resource.

   3. If the remote resource is identified by a host name and port:

      In the Remote Host field, enter the host name of the remote resource.

      In the Remote Port field, enter the port number of the remote resource.

   4. If the remote resource is identified by a path:

      In the Path field, enter the path to the remote resource.

   5. In the Method field, enter the method on the remote resource with which this credential is used.

   6. Click Next.

      The Create a New Security Credential Map Entry page appears.

   7. In the Local User field, enter the name of the local user that you are mapping from.

      This is the WebLogic user name that will be the initiator when you want to access the remote resource using this credential mapping.

   8. In the Remote User, enter the name of the remote user that you are mapping to.

      This is the user name that is authorized to access the resource using this credential mapping.

   9. In the Remote Password field, remote password required by the remote resource for the remote user you specified above.

   10. In the Confirm Password field, re-enter the password.

   11. Click Finish.

2. Complete this step for cross-domain security:

   Create a user name and password-based credential mapping for cross-domain security:

   1. Select the Use cross-domain protocol.

   2. In the Remote Domain field, enter the name of the remote domain that needs to interact with the local domain.

   3. Click Next.

      The Create a New Security Credential Map Entry page appears.

   4. In the Local User field, enter the string cross-domain.

   5. In the Remote User, enter the user name configured in the remote domain that is authorized to interact with the local domain.

   6. In the Remote Password field, enter the password for the remote user.

   7. In the Confirm Password field, re-enter the password.

   8. Click Finish.

Configuring the Alarms with the Resource IDs

After you create the credential mappings, you will see the resource identifiers in the resource mapping records on the Credential Mappings tab. Note down the resource IDs from the resource mapping records on the Credential Mappings tab.

Next, configure the alarms by doing the following:

1. Access the Administration Console for the domain.

2. Select Evolved Communications in the Domain Structure pane.

3. Select the Alarms configuration tab.

4. Verify that the entries displayed in the top section of the page are configured. For a description of the fields, see Table 6-1.

5. Configure the entries displayed in the Advanced section of the page. For a description of the fields, see Table 6-2.

   Note:

   Input the resource IDs retrieved from the Credential Mapping. For example:

   type=<remote>, protocol=SNMP, remoteHost=localhost, remotePort=162, method=auth