3 Implementing ECE Security

This chapter provides an overview of the security mechanisms offered by Oracle Communications Billing and Revenue Management (BRM) Elastic Charging Engine (ECE). For complete instructions about implementing ECE security mechanisms, see BRM Elastic Charging Engine System Administrator's Guide.

About Managing ECE Security

To manage ECE security, you perform the following tasks:

  • Set up user accounts and user groups, and grant permissions. After you have created user groups and set permissions, users can log in to the system and use ECE and manage the ECE cluster.

    You can assign permissions for users who run and manage ECE processes, manage rated event files, and manage the ECE file systems. Restrict permissions as much as possible. You may choose to create either a single administrative user with all permissions who runs ECE core processes and manages the rated event files and other directories, or create multiple users with specific permissions to carry out these tasks.

    See BRM Elastic Charging Engine System Administrator's Guide for a list of the files that you need to restrict access to.

  • Manage passwords. UNIX accounts protected by passwords must be created for ECC. Besides the UNIX accounts, you need to create non-UNIX accounts to access external applications like Oracle Communications Billing and Revenue Management (BRM) and Oracle Communications Pricing Design Center (PDC). BRM and PDC are used to load customer and pricing data respectively into ECE. For secure communication between ECE and these systems, credentials stored in ECE are encrypted and stored in the keystore (the keystore.jks file).

  • Set up cluster security. To restrict access to the ECE Coherence cluster, you must set up an authorized hosts list. You can optionally enable SSL for intra-cluster communication, in which case you must also enable Well Known Addresses (WKA).

  • Set up passwordless Secure Shell SSH between driver and server machines. You must set up passwordless SSH between driver and server machines for ECC to work. Passwordless SSH allows servers to connect to the driver and synchronize ECE files.