Configuring Optional Features

5 Configuring Optional Features

This chapter describes configuration procedures that need to be performed one time only for various optional features.

Introduction

Other chapters in this book describe the configuration activities that you must perform to get the LSMS up and running. This chapter describes configuration procedures that need to be performed one time only for various optional features. Some optional features must be activated and configured before you perform the configuration procedures described in Completing Configuration and Starting Connections

Understanding How to Activate and Configure Optional Features

Starting with LSMS 13.0, all optional features are now customer configurable.

Some optional features do not require activation or additional configuration; those features are not described in this manual.

Increase Maximum Allowed SPID Procedure

Standard LSMS support allows you to configure up to 32 SPIDs for supported service providers; support for additional SPIDs, in groups of 16, can be enabled. To increase the maximum allowed SPID, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal MAX_SPIDS <new spid limit>.

Where <new spid limit> is a number from 32 to 512 in increments of 16.
The value of MAX_SPIDS will be updated in the database. LSMS software will allow customers to configure additional service provider IDs.

Enable Number Pooling EDR

Number Pooling Efficient Data Representation (EDR) allows ported telephone numbers to be assigned to supported service providers in blocks of 1000. To enable this feature, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal EDR <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of EDR will be updated in the database.
For each region that starts sending of EDR object, modify NPAC configuration and set NPAC platform release to 3.0 or higher. LSMS will now start requesting EDR objects as part of NPAC recovery procedure.
Shutdown the instances of the LSMS Npacagent using the command:

$ lsms stop <region Name>
LSMS is now ready to accept new EDR objects (NumberPoolBlock and NPA-NXX-X) from NPAC.
Notify NPAC region administrator to initiate sending of EDR objects.
Receive bulk data download files from NPAC for NumberPoolBlocks and use import utility to import Number pool data in to regional database
Restart the instances of the LSMS Npacagent using the command:

$ lsms start <region Name>
Repeat step 5 through 9 for each region as they become EDR capable.

Enable Remote Monitoring

Remote monitoring allows the LSMS to report certain events to up to five remote locations. To enable this feature, perform this procedure:

Note:

See Database Administrator's Guide for additional information.

Login to the ACTIVE LSMS as lsmsadm.
Issue the command dbcfginternal SNMP <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of SNMP will be updated in the database.
Use the LSMS GUI to configure the NMS. See "Configuring the SNMP Agent" in LSMS Alarms and Maintenance for more information.
Create $LSMS_DIR/../config/snmp.cfg configuration file to configure the location/address of SNMP manager application.
Issue the command:

scp $LSMS_DIR/../config/snmp.cfg lsmsadm@<STANDBY_LSMS>:$LSMS_DIR/../config/
Execute "sentry register -n1 lsmsSNMPagent -pl"

LSMS begins sending traps to the SNMP manager application when events enabled for traps occur.

Enable Automatic File Transfer

Automatic File Transfer allows the user to schedule automatic transfers of specified files. To enable this feature, perform this procedure:

Note:

See Database Administrator's Guide for additional information.

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal AFT <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of AFT will be updated in the database.

Enable Reception of WSMSC data from NPAC

Wireless Short Message Service Center (WSMSC) Support allows the LSMS to store WSMSC data received from NPACs and forward WSMSC data to network elements (NEs) that have had the equivalent feature activated. To enable this feature, perform this procedure:

Note:

In order to receive WSMSC data from the NPAC, the customer must also update their user profile with the NPAC to include transmission of WSMSC data.

Note:

See Database Administrator's Guide for additional information.

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal WSMSC <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of WSMSC will be updated in the database.
Stop and restart each NPAC Agent for each region.

LSMS is now ready to receive WSMSC data from NPAC and store it in the regional database.

Enable Sending of WSMSC data to EAGLE

Note:

See Database Administrator's Guide for additional information.

Ensure all EAGLEs connected with LSMS are capable of receiving WSMSC data.
Login to the LSMS as lsmsadm.
Issue the command dbcfginternal WSMSC_TO_EAGLE <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of WSMSC_TO_EAGLE will be updated in the database.
Stop and restart each NPAC Agent for each region.

LSMS will now forward WSMSC data to EAGLEs.

Update Maximum Supported GUI Users

Support for additional users allows up to 25 simultaneous users. This feature has a prerequisite of the Enabling IP GUI feature. To increase the maximum supported users, perform this procedure:

Note:

For more information, see Support of Multiple Users.

As "root" user, use the syscheck command to determine that the necessary hardware is available to support the new user limit.
Login to the LSMS as lsmsadm.
Issue the command dbcfginternal MAX_USERS <new user limit>.

Where <new user limit> is 8 to 25.
The value of MAX_USERS will be updated in the database.

LSMS will now allow additional GUI sessions.

Enable Enhanced Filtering

Enhanced LSMS Filters allows the user to filter data to be sent to NEs by NPAC region or by GTT group. To enable this feature, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal ENHANCED_FILTERS <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of ENHANCED_FILTERS will be updated in the database.

The user can now use the Enhanced Filtering feature as described in Database Administrator's Guide.

Update Maximum Supported EAGLE pairs

Support for additional EAGLE pairs allows up to 16 pairs. To increase the maximum supported EAGLES, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal MAX_EAGLES <new EAGLE pair limit>.

Where <new EAGLE pair limit> is a number from 8 to 16.
The value of MAX_EAGLES will be updated in the database.

LSMS will now allow configuration of additional EMSes.

Enable Report Generator

Report Generator allows the user to create a wide variety of reports beyond those available through the LSMS GUI. To enable this feature, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal REPORT_GEN <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of REPORT_GEN will be updated in the database.

The user is now capable of using the Report Generator feature as described in Database Administrator's Guide.

Enable NANC 3.2 Enhancements Feature

The NANC 3.2 Enhancements Feature enhances the recovery download functionality of the NpacAgent, providing increased flexibility and efficiency in the recovery mechanism, as well as enhanced capabilities of Bulk Data Download (BDD) and mass updates of SPIDs. To enable this feature, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal NANC_3_2_ENHANCEMENTS <Y|N>.

Use the value Y to enable the feature and N to disable the feature.

The user can now perform all NANC 3.2 functionality.

Enable Customizable Login Message Feature

The Customizable Login Message Feature supports the display of a customized login message for Linux and GUI logins. To enable this feature, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal LOGIN_MSG <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The login message text must be added to the /etc/issue file by editing this file as "root" user.

The user can now perform all functionality described in the "Logging Into the LSMS Console Window" section in Alarms and Maintenance Guide.

Enable Log Time for Successful EAGLE Response Feature

The Log Time for Successful EAGLE Response Feature supports the recording of timestamps for successful EAGLE responses. To enable this feature, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal LOG_EAGLE_SUCCESS_RESP <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of LOG_EAGLE_SUCCESS_RESP will be updated in the database.
Restart each running EAGLEagent for changes to take effect.

Now the EAGLEagent will start (for "Y") /stop (for "N") recording the timestamp for successful EAGLE response in the Translog.

Enable ResyncDB Query Server Feature

The ResyncDB Query Server feature enables the LSMS to directly host the ResyncDB Query Server. To enable this feature, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal RESYNCDB_QUERY_SERVER <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of RESYNCDB_QUERY_SERVER will be updated in the database.

After setting the values to "Y," the ResyncDB Query Server can now be configured according to procedures contained in the Query Server Feature Technical Reference, TR005579.

Configure/Update LSMS Quantity Keys

LSMS Quantity Keys support the modification of lsmsdb capacity from 120 million to 756 million. To enable this feature, perform this procedure:

Note:

The SERVDI feature will be automatically enabled upon the update of an LSMS quantity key to a value greater than 228. After SERVDI is automatically enabled, the feature will not be available within a GUI instance until the GUI is restarted.

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal MAX_RECORDS <new LSMS Quantity Limit>.

Where <new LSMS Quantity Limit> is a number from the set of 120, 132, 144, 156, 168, 180, 192, 204, 216, 228, 240, 252, 264, 276, 288, 300, 312, 324, 336, 348, 360, 372, 384, 396, 408, 420, 432, 444, 456, 568, 480, 492, 504, 516, 528, 540, 552, 564, 576, 588, 600, 612, 624, 636, 648, 660, 672, 684, 696, 708, 720, 732, 744 and 756.
If the following prompts are displayed, answer "yes" to each (these are only displayed if the LSMS Quantity Keys are being set for the first time on the system):

MAX_RECORDS does not exist. Add it?
The value of MAX_RECORDS will be updated in the database.

Enable Support ELAP Reload Via Database Image (SERVDI)

SERVDI performs BDDs that significantly reduces the time needed to reload an ELAP database. To enable this feature, perform this procedure:

Note:

Once SERVDI is activated, the feature will not be available within a GUI instance until the GUI is restarted.

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal SERVDI_ENABLED <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
If the following prompt is displayed, answer "yes" to it (this is only displayed if the SERVDI feature is being set for the first time on the system and an entry is not already in the supported database):
SERVDI_ENABLED does not exist. Add it?
The value of SERVDI_ENABLED will be updated in the database.
Stop and restart each LSMS GUI from which an SERVDI load will be initiated.

LSMS is now ready to initiate SERVDI loads to ELAP.

SERVDI Process

SERVDI has the following utilities:

lsms2ridb - the default utility invoked when SERVDI is initiated from the LSMS GUI. This utility generates the SERVDI image for the 756M schema and is only compatible with ELAP 10.2 and later. If executed with ELAP 10.1, the file generation will be successful at the LSMS, but the restoration of that SERVDI file/image will fail on ELAP.
lsms2ridb_504m - the default utility invoked when SERVDI is initiated from the LSMS GUI. This utility generates the SERVDI image for the 504M schema and is only compatible with ELAP 10.1 and later. If executed with ELAP 10.0, the file generation will be successful at the LSMS, but the restoration of that SERVDI file/image will fail on ELAP.
lsms2ridb_384m - this utility generates the SERVDI image for the 384M schema and is only compatible with ELAP 10.0. If executed with ELAP 10.1 or later, the file generation will be successful at the LSMS, but the restoration of that SERVDI file/image will fail on ELAP. The user invokes this process through the command line by executing the following command:

Login to the LSMS as lsmsadm.
Enter $ lsms2ridb_384M ---zip ---system lsms ---clli <CLLI Name> ---ofile /var/TKLC/lsms/free/data/servdi/<SERVDI file name>.

Where the SERVDI file name format is as follows:

servdiDownload_<LSMS server hostname>_<YYYYMMDDhhmmss>

Enable NANC 3.3 Feature Set

The NANC 3.3 Feature Set provides new capabilities for recovery, notifications, application level error codes, recovery of SPID, and support for the “Service Provider Type” field. To enable this feature, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal NANC_3_3_FEATURE_SET <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of NANC_3_3_FEATURE_SET will be updated in the database and, if enabled, then two features which depend only on this setting will be enabled, namely the Notifications bulk data download file (NANC 3.3 Change Order 348) and the recovery of SPID data (NANC 3.3 Change Order 352, except Canada (see Enable SPID Recovery Feature). Other features depend on this and another setting (see Enable Service Provider Type Feature, Enable SWIM Recovery Feature, Enable NANC 3.3 Error Codes Feature, and Enable SPID Recovery Feature).

Enable Service Provider Type Feature

The Service Provider Type Feature supports . To enable this feature, perform this procedure:

Note:

This feature can only be enabled if the NANC 3.3 Feature Set has already been enabled.

Contact NPAC to agree on a time for them to change the Service Provider Type LSMS Indicator.
As that time approaches, make sure there are no regions currently associated with NPAC.
Login to the LSMS as lsmsadm.
Issue the command dbcfginternal SERVICE_PROV_TYPE <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of SERVICE_PROV_TYPE will be updated in the database.
Verify with NPAC that the Service Provider Type Indicator has been changed to match that value.
Re-associate npacagents with NPAC.

LSMS can now accept the Service Provider Type field in Service Provider messages from NPAC if it is set to "Y."

Enable SWIM Recovery Feature

The SWIM Recovery Feature supports enabling the SWIM (Send What I Missed) based recovery from NPAC as an alternative to time based recovery. To enable this feature, perform this procedure:

Note:

This feature can only be enabled if the NANC 3.3 Feature Set has already been enabled.

Contact NPAC to agree on a time for them to change the SWIM Recovery Indicator.
As that time approaches, make sure all regions used by your LSMS system are associated with NPAC.
Login to the LSMS as lsmsadm.
Issue the command dbcfginternal SWIM_RECOVERY <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of SWIM_RECOVERY will be updated in the database.
Verify with NPAC that the SWIM Recovery Indicator has been changed to match that value.

Now the recovery will be SWIM-based if is is set to "Y."

Enable NANC 3.3 Error Codes Feature

The NANC 3.3 Error Codes Feature supports updating the database for the values of two sets of errors, i.e., ERROR_CODES_FOR_ACTIONS and ERROR_CODES_FOR_NON_ACTIONS. To enable this feature, perform this procedure:

Note:

This feature can only be enabled if the NANC 3.3 Feature Set has already been enabled.

Contact NPAC to agree on a time for them to change both the "Lsms Action Application Level Errors Indicator" and the "LSMS Non-Action Application Level Errors Indicator."
If this feature will be enabled, obtain the file containing the error code data from the NPAC and put the file in the /var/TKLC/lsms/free/data/npacftp directory.
As that time approaches, make sure that there are no regions currently associated with NPAC.
Login to the LSMS as lsmsadm.
Issue the command dbcfginternal NANC_3_3_ERROR_CODES <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
If you are enabling this feature, the command will prompt for the name of the file containing the error code data.
- If you are enabling this feature, enter the error code file name.
- If you are enabling this feature, enter the password of "lsmsadm" at the mate LSMS server.
The values for both ERROR_CODES_FOR_ACTIONS and ERROR_CODES_FOR_NON_ACTIONS will be updated in the database.
Verify with NPAC that both the "LSMS Action Application Level Errors Indicator" and the "LSMS Non-Action Application Level Errors Indicator" have been changed to match that value.
Restart all npacagents to use the new values and associate with NPAC. If enabled, then application level error codes will be displayed using the corresponding error text from the error code file.

Increase Verify Npacagent Timeout

Verify Npacagent Timeout allows you to configure the timeout value if data or latency on the server is in excess and npacagent cannot start within a timeout of 10 seconds (default).

To increase the timeout, perform the following procedure:

Login to LSMS as lsmsadm.
Issue the command dbcfginternal VERIFY_NPAC_AGT_TIMEOUT <new timeout vaue> where <new timeout value> is an integer from 10 to 300 in an increasing order of 1.
The value of VERIFY_NPAC_AGT_TIMEOUT is updated in the database.

Configuring a Network Time Protocol Client

Number Portability Administration Centers (NPACs) require that the system time at the LSMS be within five minutes of the NPAC time. If the times are not within five minutes of each other, the following GUI notification is likely to be posted:


[Critical]:  <Timestamp> 2003: NPAC <primary|secondary> Connection Aborted by PEER : Access Control Failure

To synchronize the time between the LSMS and NPACs, you can configure the LSMS as an industry-standard Network Time Protocol (NTP) client that communicates with one or more NTP servers elsewhere in your network. NTP is an Internet protocol used to synchronize clocks of computers to Universal Time Coordinated (UTC) as a time reference. In NTP, a time server’s clock is read, and the reading is transmitted to one or more clients, with each client adjusting its clock as required.

If you choose to implement the LSMS as an NTP client, you must set up one or more NTP servers in your own network (or synchronize with some portion of the existing NTP subnet that runs on the Internet) and configure the LSMS to contact those NTP servers. (If you prefer not to configure the LSMS as an NTP client, you can manually reset the LSMS time when it drifts out of synchronization with the NPAC time.)

Understanding Universal Time Coordinated

Universal Time Coordinated (UTC) is an official standard for determining current time. The UTC second is based on the quantum resonance of the cesium atom. UTC is more accurate than Greenwich Mean Time (GMT), which is based on solar time.

The term universal in UTC means that this time can be used anywhere in the world; it is independent of time zones. To convert UTC to your local time, add or subtract the same number of hours as is done to convert GMT to local time.

The term coordinated in UTC means that several institutions contribute their estimate of the current time, and the UTC is calculated by combining these estimates.

UTC is disseminated by various means, including radio and satellite navigation systems, telephone modems, and portable clocks. Special-purpose receivers are available for many time-dissemination services, including the Global Position System (GPS) and other services operated by various national governments.

Generally, it is too costly and inconvenient to equip every computer with a UTC receiver. However, it is possible to equip a subset of computers with receivers; these computers in turn disseminate the time to a larger number of clients connected by a common network. Some of those clients can also disseminate the time, in which case they become lower stratum servers. The industry-standard Network Time Protocol is an implementation of this time dissemination method.

Understanding the Network Time Protocol

The Network Time Protocol (NTP) is an Internet protocol used to synchronize clocks of computers using UTC as a time reference. NTP primary servers provide their clients time accurate within a millisecond on a Local Area Network (LAN) and within a few tens of milliseconds on a Wide Area Network (WAN). This first level of dissemination is called stratum-1. At each stratum, the client can also operate as a server for the next stratum.

A hierarchy of NTP servers is defined with stratums to indicate how many servers exist between the current server and the original time source external to the NTP network, as follows:

A stratum-1 server has access to an external time source that explicitly provides a standard time service, such as a UTC receiver.
A stratum-2 server receives its time from a stratum-1 server
A stratum-3 server receives its time from a stratum-2 server
And so on; the NTP supports up to 15 strata

Normally, client workstations that do not operate as NTP servers and NTP servers with a relatively small number of clients do not receive their time from a stratum-1 server. At each stratum, it is usually necessary to use redundant NTP servers and diverse network paths in order to protect against broken software, hardware, or network links.

NTP works in one or more of the following association modes:

Client/server mode, in which a client receives synchronization from one or more servers, but does not provide synchronization to the servers
Symmetric mode, in which either of two peer servers can synchronize to the other, in order to provide mutual backup
Broadcast mode, in which many clients synchronize to one or a few servers, reducing traffic in networks that contain a large number of clients. IP multicast can be used when the NTP subnet spans multiple networks.

The LSMS supports only client/server mode and functions as a client.

Obtaining an NTP Server

The most important factor in providing accurate, reliable time is the selection of modes and NTP servers to be used in your NTP configuration file. It is recommended that you configure at least three stratum-2 or stratum-3 NTP servers.

Specifying three or more NTP servers allows the protocol to apply an agreement algorithm to detect insanity on the part of any one of the servers. Normally, when all NTP servers are in agreement, the protocol chooses the best available server, where the best is determined by a number of factors, including the lowest stratum number, lowest network delay, and claimed precision.

Many public and private NTP servers are currently running on the Internet. If you do not already have an NTP server in your network, you can obtain synchronization services from some portion of the NTP subnetwork that runs on the Internet. However, you may want to consider creating your own NTP server so that you can more carefully control security and reliability. If you need to create an NTP server, refer to the following resources for more information:

The following Internet sites:
- http://docs.sun.com (search for ntp, or choose the Network Time Protocol User’s Guide)
- http://www.ntp.org

Verifying NTP Service

Use the following procedure to verify that the time server is working.

$ ntpdate -q ntpserver1

If the time server is working, output similar to the following displays:

server 198.89.40.60, stratum 2, offset 106.083658, delay 0.02632
22 May 14:23:41 ntpdate[7822]: step time server 198.89.40.60 offset 106.083658 sec

If the time server is not working or is unavailable, output similar to the following displays:

server 198.89.40.60, stratum 0, offset 0.000000, delay 0.000000
22 May 14:33:41 ntpdate[7822]: no server suitable for synchronization found

Configuring the LSMS to Use an NTP Server

To add an NTP server to the LSMS configuration, perform this procedure:

Log in to the active server with username lsmsmgr.
(For more information about logging into a server, refer to Using Login Sessions.)
From the Main Menu, select Network Configuration and press Enter.

Figure 5-1 Selecting the Network Configuration Menu
From the Network Configuration Menu, select NTP and press Enter to select the network time protocol screen.

Figure 5-2 Selecting the NTP Menu
The Time Servers screen displays the NTP servers available to the LSMS.
Examine the screen for available NTP servers. In the sample figure, ntpserver2 is available as the NTP server to select. Click the Edit button to define an NTP server for this LSMS.

Note:
Do not change any netpeer address.

Figure 5-3 Displaying NTP Time Servers Screen
To add an NTP server to the LSMS configuration, type the IP address for the available NTP server to use for your LSMS.
Choose the server with the lowest number, which provides the highest stratum of quality of time, and press the OK button.

Figure 5-4 Assigning an NTP Server to the LSMS
The Time Server screen now reappears to confirm your entry for netserver2 as assigned to the LSMS port you specified.
You can now Edit the existing routes or Exit back to the Network Configuration Menu.

Figure 5-5 Specifying a New System Route

Configuring the Service Assurance Feature

The Service Assurance feature allows an external system to access subscription version data from the LNP databases in the LSMS. This information is useful in verifying correct porting of data, and helps in troubleshooting problems. There is one LNP database for each of the NPACs associated with the LSMS.

The external system uses Service Assurance Manager (SAM) application to initiate service assurance data requests and associations. Single or multiple SAMs may exist on the external computer system. The SAM communicates with the LSMS through the Service Assurance Agent (SAA) application in the LSMS. The SAM application is not Oracle Communications software and is resides only on the external system.

The SAA decodes the queries from the SAM and then accesses the LNP database. The SAA forms the subscription version data into a message and forwards that message to the SAM making the query.

Service Assurance works in conjunction with the Surveillance feature. The Surveillance feature issues the command to start the Service Assurance agent, and it monitors the status of the Service Assurance agent. A maximum of four SAM/SAA sessions are allowed at one time.

External Network Connections

External network connections should be on physically separate network segments and address spaces. During a system switchover, IP addresses will change if used on a single subnet network configuration.

Firewall Requirements

The customer should have a firewall between the Service Assurance system and the LSMS.

Figure 5-6 Service Assurance Firewall

img/c_configuring_the_service_assurance_feature_config-fig1.jpg

Table 5-1 identifies the firewall parameters used to accept expected functions and to block unauthorized functions.

Table 5-1 Firewall Parameters for Service Assurance

Interface	TCP/IP Port	Use	Inbound	Outbound
Service Assurance to Application WAN	102	OSI - TSAP ¹	Yes	Yes
¹ The OSI stack determines the Ethernet port assignments.

The customer is responsible for setting the firewall parameters. The firewall can be alternatively located between the LSMS and the X-terminal WAN. If that is the case, the allowed functions specified in Table 5-1 should be used in addition to any other firewall parameters required for X-terminal access to the LSMS.

Configuring the LSMS for Service Assurance

To configure the LSMS for the Service Assurance feature, the LSMS system administrator must create a file that contains the systemName and the npacName of each allowed SAM/LNP database association. A single SAM can associated with more than one database, but each association must be listed in a separate line in the file. Each line of the file consists of the name of the user application (systemName) and the name of the LNP database (npacName) separated by a colon (:).

Many SAM/LNP database associations can be listed in the configuration file, but only four of these associations may be active at one time.

The configuration file must be saved as:


/usr/TKLC/lsms/config/sa.cfg

The following is an example of a configuration file using the user application names of “Service System” and “headquarters.” “Service System” is associated with one LNP database and “headquarters” is associated with two LNP databases.


Service System:Mid-Atlantic Regional NPAC SMS
headquarters:Midwest Regional NPAC SMS
headquarters:Mid-Atlantic Regional NPAC SMS

Enable Service Assurance Feature

To enable this feature, perform this procedure:

As LSMS lsmsadm user, execute "sentry register -n1 sacw-rc 190 -pl".
Execute "Saagent allow".
Create $LSMS_DIR/../config/sa.cfg file with information on Service Assurance Managers as described in this section.

Many SAM/LNP database associations can be listed in the configuration file, but only four of these associations may be active at one time.

The configuration file must be saved as:


/usr/TKLC/lsms/config/sa.cfg


Service System:Mid-Atlantic Regional NPAC SMS
headquarters:Midwest Regional NPAC SMS
headquarters:Mid-Atlantic Regional NPAC SMS

Configuring SPID Security for Locally Provisioned Data

Without this optional feature, any user is able to log in using any Service Provider Identifier (SPID) that is defined on the LSMS. The user is able to view any data for any SPID, and depending on which user privileges were assigned to that username, might even be able to change data associated with any SPID.

This optional feature allows the LSMS administrator to assign only certain usernames to be allowed to log on with a specified SPID. In addition, the LSMS administrator can assign a username to be given access to all SPIDs; such a user is called a “golden user.”

This feature is especially useful for LSMS customers that act as service bureaus, offering LSMS services to other service providers. The service bureau may administer locally provisioned data for a client and may choose to allow the client to administer or view its own data without allowing that client to view or change data belonging to other clients.

Types of Data Protected by SPID Security

Association of a username with a SPID allows the LSMS system administrator to restrict access to the following types of locally provisioned data:

Default GTT (global title translation)
Override GTT
GTT Groups
TN (telephone number) filters
Assignment of GTT groups and TN filters to an EMS (element management system). For more information, refer to Database Administrator's Guide.

Accessibility to these types of data are protected by SPID security for any access method (for example, through the GUI, through input data by file, audit, and reconcile).

Enable SPID Security Feature

Note:

For customers that have been upgraded directly from LSMS Release 4.x to Release 6.1, all EMS components created in the prior release must be deleted and recreated under its appropriate SPID.

Once the feature is activated, the following actual usernames (not user group names) are defined to be “golden users” having access to all SPID and all other usernames are defined to have no access to any SPIDs:

lsmsadm
lsmsview
lsmsall
lsmsuser
lsmsuext

After the feature has been activated, the LSMS administrator (lsmsadm) is advised to immediately define associations between usernames and SPID using a new command, spidsec, as described in the following procedure:

To enable the feature, login to the LSMS as lsmsadm.
Issue the command dbcfginternal SPID_SECURITY <new spid limit>.

Where <new spid limit> is a number from 32 to 512 in increments of 16.
The command will prompt for a "Customer Service ID:"
Enter the value 823543.
The value of SPID_SECURITY will be updated in the database. LSMS software will allow customers to configure additional service provider IDs.
The user will now be able to use the SPID Security feature as described in Configuring SPID Security for Locally Provisioned Data.
To activate the feature, log in as lsmsadm on the administrative console.
If you do not wish the username lsmsuext to have access to all SPID, enter the following command to remove the username from golden access:
$ spidsec -r -u lsmsadm -s golden
If desired, repeat 7 for usernames lsmsview, lsmsall, lsmsuser, and lsmsadm.

Note:
It is recommended that the username lsmsadm always be allowed golden access.
Use admintool to display all the usernames currently defined on the LSMS (for more information, see “Displaying All LSMS User Accounts” in any release of Alarms and Maintenance Guide).
For each displayed username, determine which SPIDs you wish to allow this user access to and enter the following command to authorize this username for the specified SPID:
$ spidsec -a -u <username> -s {<spid>|golden}
The following parameters and options apply to this command:

<username> A valid LSMS username that has been provisioned using admintool

<spid> A valid SPID defined on the LSMS (alternatively, you can enter golden to allow this username access to all SPIDs defined on the LSMS)

To authorize this username to multiple SPIDs, but not for all SPIDs, you must enter the command once for each SPID.
Repeat 10 for each user displayed in 9.

Enabling SV Type and Alternative SPID

To enable SV type and alternative SPID, perform this procedure:

Note:

These features can only be enabled with LSMS 10.0 or later. Once SV type is activated, the field is required. Therefore, it is strongly recommended that a bulk download from the NPAC be performed to obtain values for the new SV type field. Failure to perform a bulk download will result in inconsistent data between the NPAC and the LSMS. Although alternative SPID can be activated separately from SV type, it is recommended that both fields be activated at the same time so values for both fields can be obtained during one bulk download. In this procedure, it is assumed that both SV type and alternative SPID will be enabled at the same time.

Contact NPAC to arrange a time for NPAC to simultaneously update the SV type indicator and the alternative SPID indicator.
If SVType and alternative SPID are set to Y, it is strongly recommended that a bulk download be performed to obtain SV and NPBBDD files using the new settings.
Login to the LSMS as lsmsadm.
Stop each instance of the LSMS npacagent by entering the following command:
$ lsms stop <region>
For each feature being activated, issue the command: dbcfginternal <FEATURE> <Y|N>.

Use SV_TYPE or ALT_SPID for <FEATURE>

Use the value Y to enable and the value N to disable the feature
The value of SV_TYPE and/or ALT_SPID has been updated in the database.
If SV_TYPE is being set to Y, then, for each region, import the SV and NPB bulk data download files that were created using the new setting(s). This step is not required, but since the SVType is a required field (when enabled) this step is recommended. Note that completion of this bulk data import from the NPAC then also requires a bulkload from the LSMS to the ELAP.
Verify with NPAC that the NPAC Customer LSMS SV Type Indicator and/or NPAC Customer LSMS Alternative SPID Indicator has been changed to match the corresponding configuration Boolean.
Restart each instance of the LSMS npacagent by entering the following command:
$ lsms start <region>

LSMS will now require SV type data in SV and NPB objects from NPAC if SV_TYPE is set to "Y" and allow Alternative SPID data if ALT_SPID is set to "Y."

Enable SPID Recovery Feature

SPID Recovery Feature allows. To enable this feature, perform this procedure:

Note:

For Canada only, use CANADA_SPID_RECOVERY.

This feature can only be enabled if the NANC 3.3 Feature Set has already been enabled.

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal SPID_RECOVERY <new spid limit>.

Use the value Y to enable the feature and N to disable the feature.
The value of SPID_RECOVERY will be updated in the database.
For changes to take effect, restart each running Npacagent if NANC_3_3_FEATURE_SET was changed. Restart just the Canada Npacagent if only CANADA_SPID_RECOVERY was changed.
If NANC_3_3_FEATURE_SET is enabled ("Y"), then Npacagents (other than Canada) will allow recovery of SPID values, but if disabled ("N"), they will not allow recovery of SPID values. For the Canada Npacagent, if the NANC_3_3_FEATURE_SET is enabled and the CANADA_SPID_RECOVERY is also enabled ("Y") then it will support recovery of SPID values, otherwise not.

LSMS Command Class Management Overview

LSMS supports configurable GUI permission groups in addition to the five non-configurable GUI permission groups (lsmsadm, lsmsuser, lsmsview, lsmsall, and lsmsuext).

The LSMS supports the creation of 128 additional, configurable GUI permission groups that can be used to ensure a specific and secure environment. After creating the new, configurable GUI permission groups, the system administrator can assign users to the appropriate group.

The configurable GUI permission groups control access to GUI commands, the CLAA (Command Line Administration Application) equivalent, or any Linux command equivalent of GUI functions.

A method to control access to a fixed set of Linux commands is provided. Existing Linux-level LSMS commands, executables, and scripts are classified as follows:

Linux command equivalents of GUI commands (Reports and functions of CLAA)

These commands are controlled by the assignment of the corresponding GUI function.
Optional Linux command capability for Report Generator (LQL)

This command may be assigned individually, similar to GUI commands, to one or more permission groups.
Root privilege-only commands

These commands are root-only and are not assignable to any permission group.

Other commands owned by lsmsadm

These commands include those used by the LSMS application, those used to control processes, and those for setup and configuration. Commands in this category are grouped as a single set of Linux level admin commands and defined as a Linux permission group. Users may or may not be granted access to this Linux group, in addition to being assigned to the appropriate GUI group.

Some commands in this group, although owned by lsmsadm, are accessible to non-owners for limited operation, such as status. The incorporation of this feature will not have any impact on the current privileges of Linux commands for non-owners.

Example:

To set up a custom environment, system administrators should define the GUI permission groups and populate those groups with the appropriate commands (see Table 5-2):

Table 5-2 Define GUI Permission Groups and Assign Command Privileges

GUI Permission Group	Command Privileges
Custom GUI CONFIG	All Configuration Commands
Custom GUI EMS	All EMS-related Commands
Custom GUI SUPER	All GUI Commands

Optionally, assign users (for example, Mike, Sally, and Bill) to a specific Linux permission group (in this example, “lsmsadm”) or GUI permission group, as shown in Table 5-3.

Table 5-3 User Assignment Examples

User	Linux Permission Group	GUI Permission Group
Mike	`lsmsadm`	Custom GUI CONFIG
Joe	`lsmsall`	Custom GUI EMS
Sally	`lsmsadm`	lsmsadm
Bill	`lsmsadm`	Custom GUI SUPER

Note:

Secure activation is required because this is an optional feature.

After activating this feature, you can create permission groups and assign users to these new groups.

Note:

Changes in privileges do not automatically occur upon feature activation.

Permission Group Naming

The LSMS supports the ability to uniquely name each configurable GUI permission group.
A group name can consist of a minimum of one character to a maximum of 40 characters (alphanumeric characters only are permitted).

Permission Group Contents

Each configurable GUI permission group supports any or all of the LSMS GUI commands.

Note:

The GUI command represents the function, via either the GUI, CLAA, or Linux command equivalent of GUI commands.

Any GUI command may be associated with multiple GUI permission groups.
The LQL optional Linux LSMS command for the Report Generator feature can be placed in GUI permission groups.
The LSMS supports a Linux group containing the current Linux LSMS lsmsadm commands with the exception of Report, Audit, and LQL.

Permission Group Commands

The LSMS enables you to perform the following tasks:

Create and modify GUI permission groups.
Assign a user to a single GUI permission group.
Assign a user access to the Linux group in addition to a GUI permission group.
Retrieve the names of all permission groups, all the commands permitted within a permission group, and the names of all permission groups that contain a particular command.

Permission Group Processing

GUI Functions:

The LSMS allows a GUI user access to GUI commands, CLAA commands, or Linux command equivalents of GUI commands only if that user is an authorized user.

Linux-Level:

The LSMS allows a user access to Linux-level scripts and executables only if that user is an authorized user.

Enable Command Class Management

LSMS Command Class Management supports the creation of additional, configurable GUI permission groups. Also, a new report, the “Permission Group Data” report, provides a listing of all permission groups, commands authorized for each permission group, and users assigned to each permission group. To enable this feature, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal COMMAND_CLASS <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of COMMAND_CLASS will be updated in the database.

The user is now capable of creating new groups and assigning users to the groups as described in this section.

Note:

No changes in privileges will happen automatically upon feature activation. Existing users will retain the same privileges upon initial activation of this feature. Existing permission groups (lsmsuser, lsmsadm, lsmsview, lsmsuext, and lsmsall) remain non-configurable.

If this feature is disabled, all configurable permission groups created and users' assignments to them are retained. The ability to create, modify and delete permission groups and user assignments will no longer be permitted.

Admin Menu Component Information

The Admin menu, which consists of the following submenu items:

Alarm Filter - When activated, the Alarm Filter feature enables the system administrator to filter unwanted alarms from being sent to remote alarm surveillance management systems.
Users - Enables the system administrator to modify or view existing users' permission group assignment.
Permission Groups - Enables the system administrator to create, modify, view, or delete permission groups.
Inactivity Timeout - When activated, the Automatic Inactivity Logout feature logs out LSMSGUI and Linux users after a preset period of inactivity occurs.
Password Timeout - Enables the system administrator to modify password timeout intervals that are specific to individual users or user groups.
MySQL Port - Enables the system administrator to configure the MySQL port to any port between 34000 and 34099.
LNP Threshold - Enables the system administrator to configure the LNP quantity threshold.

Note:

To access the Admin menu functions, you must log in as lsmsadm or lsmsall group.

Figure 5-7 Admin Menu

img/c_admin_menu_component_information_config-fig1.jpg

The User dialog is used to modify and view permission group assignment for existing users.

When a user is initially created, the system administrator assigns that user to one of the non-configurable, default permission groups. After being initially assigned to a default permission group, the system administrator can assign a user to a different default permission group or to a configurable permission group. The permission group to which a user is assigned depends on the type of account it is and what it is to be used for. A user can only be assigned to a single permission group.

Note:

Default users of default permission groups cannot be re-assigned to another permission group. For example, an “lsmsadm” user assigned to the “lsmsadm” permission group cannot be re-assigned to the “lsmsview” permission group.

The permission group to which a user is assigned can be modified or viewed using the Modify (see Modify Users) or View User (see View Users) dialog, respectively.

Configurable permission groups can be created, modified, viewed, and deleted using the Permission Groups dialogs (see “Permission Groups Submenu”).

Note:

Permission group assignments will only effect new logins. Users that are currently logged in will retain their current group permissions until their next login.

Note:

Although the LSMS application does not impose a limit on the number of LSMS users that can be created on the system, a maximum of 128 users can be displayed in the Combo Box list of the LSMSGUI User Dialogs (when using LSMS local GUI). There is no limitation when running the LSMSGUI remotely on a Windows platform.

Alarm Filter Submenu

The Alarm Filter enables the system administrator to prevent certain alarms from being sent to remote alarm/surveillance management systems. For example, certain low priority alarms, certain alarms for known issues, or certain alarms the customer deems unnecessary, can be filtered out of notifications. Alarm filters can be created, modified, viewed, and deleted.

Enable Alarm Filtering Feature

To enable this feature, perform this procedure:

Note:

This feature can only be enabled if SNMP has already been enabled.

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal ALARM_FILTERING <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of ALARM_FILTERING will be updated in the database.

The user can now filter alarms from the LSMS GUI or Command Line.

Create Alarm Filter

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Alarm Filter , and then Create.
The Create Alarm Filter dialog appears.

Figure 5-8 Create Alarm Filter
Enter an Event Number.
Select Enable Surveillance Filtering (optional). This step is optional
Select one of the Filter Type radio buttons.
Click Apply to save the changes and remain in the current window, or skip to 7
When the Update Successful dialog appears, click OK.

Click OK to save the changes and return to the LSMS Console.

When the Update Successful dialog appears, click OK.

Table 5-4 Create Alarm Filter Dialog - Field Constraints

Field	Type	Constraints
Event Number	Text field	Range: 1 to 4 numeric characters
Enable Surveillance Filtering (optional)	Checkbox	None
Filter Type	Radio buttons	None

Table 5-5 Create Alarm Filter Dialog - Field Descriptions

Field	Description
Event Number	The event number for which you want to create a filter.
Enable Surveillance Filtering (optional)	When selected, the alarm will not be sent to the console/serial port.
Filter Type	Permanent - Filter the alarm permanently. Until Clear - Filter alarm until it clears. Until Timeout - Filter alarm until timeout.

Modify Alarm Filter

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Alarm Filter, and then Modify.
The Modify Alarm Filter dialog appears.

Figure 5-9 Modify Alarm Filter
Select an Event Number from the pulldown menu.
Select or deselect Enable Surveillance Filtering (optional).
Make the necessary changes to the Filter Type.
Click Apply to save the changes and remain in the current window, or skip to 7.
An Update Successful dialog appears. Click OK.
Click OK to save the changes and return to the LSMS Console.
An Update Successful dialog appears. Click OK.

View Alarm Filter

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Alarm Filter, and then View.
The View Alarm Filter dialog appears.

Figure 5-10 View Alarm Filter
Select an Event Number from the pulldown menu to view its details.
Click OK to return to the LSMS Console.

Delete Alarm Filter

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Alarm Filter, and then Delete.
The Delete Alarm Filter dialog appears.

Figure 5-11 Delete Alarm Filter
Select an Event Number from the pulldown menu.
Click Apply to delete the Event Number and remain in the current window, or skip to 5.
A Confirm Delete dialog appears.
1. Click Yes to delete the Event Number.
  An Update Successful dialog appears.
2. Click OK.
Click OK to delete the Event Number and return to the LSMS Console.
A Confirm Delete dialog appears.
1. Click Yes to delete the Event Number.
  An Update Successful dialog appears.
2. Click OK.

Users Submenu

The Users submenu consists of a Modify and a View function.

Modify Users

The Modify User dialog is used to modify the group assignment for an existing user, as described in the following procedure.

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Users, and then Modify.

Figure 5-12 Select Admin, and then Users, and then Modify
Click Modify, and the Modify User dialog displays.

Figure 5-13 Modify User Dialog
Select a User, and the associated permission group is automatically selected in the Permission Group list.

Note:
See Table 5-6 and Table 5-7 for information about the Modify User dialog field constraints and descriptions, respectively.

Figure 5-14 Select a User

To modify the permission group assignment for another user, click Apply.

If you try to modify permission group assignment for another user while there are unsaved changes for the current user, a confirmation dialog is displayed asking you to save the changes.

Note:

When you click OK or Apply to modify a user's permission group assignment, the permission group selection is checked to ensure that a permission group has been selected. If a permission group is not selected, an error dialog is displayed.

Figure 5-15 Confirmation Dialog

Table 5-6 Modify User Dialog - Field Constraints

Field	Type	Modifiable?	Constraints
User	Combo Box	No	Single selection only
Permission Group	List	Yes	Single selection only

Table 5-7 Modify User Dialog - Field Description

Field	Description
User	Login name used to access the LSMS.
Permission Group	List of previously defined permission groups (see Permission Groups Submenu). The user is a member of the selected permissions group.

When you are done, click OK .

You have now completed this procedure.

View Users

The View User dialog is used to view the permission group assignment for existing users, as described in the following procedure.

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Users, and then View.

Figure 5-16 Select Admin, and then Users, and then View
Click View, and the View User dialog displays.

Figure 5-17 View User Dialog
Select a user, and the associated permission group is automatically selected in the Permission Group list.
When you are done, click OK .

Permission Groups Submenu

The Permission Groups dialog is used to manage configurable permission groups. A configurable permission group is a way for the system administrator to grant a group of users access privileges for a defined set of LSMS GUI and CLAA (Command Line Administration Application) equivalent functions.

Note:

The access privileges of the five default permission groups (lsmsadm, lsmsuser, lsmsview, lsmsall, and lsmsuext) are not configurable.

The system administrator users may grant or deny command access privileges to members of a configurable permission group by selecting or deselecting menus and functions in the permissions hierarchical list by clicking on the checkbox or on its corresponding descriptive text.

A checked checkbox indicates that users assigned to that permission group will be granted access privileges for the corresponding GUI menus and/or functions and CLAA equivalent commands.
An unchecked (empty) checkbox indicates that users assigned to that permission group will not be granted access privileges for the corresponding GUI menus and/or functions and CLAA equivalent commands.
Sub-menus and functions are only available for selection when their higher-level menu's checkbox is checked.
Access privileges can be granted or revoked for every GUI menu and/or functions and CLAA equivalent commands with the exception of the User/Session menu and menu items.

Individual users are assigned to permission groups using the User dialogs (as described in Users Submenu).

Note:

Modifications made to permission groups will only effect new logins. Users that are currently logged in will retain their current permissions until their next login.

Create Permission Group

The Create Permission Group dialog is used to create a new configurable permission group. You must enter a unique name for the group and select the commands that users of the group will be authorized to access. The hierarchical list of LSMS menus and command permissions is initially unselected (no access privileges granted).

To create a permission group, use the following procedure.

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Permission Groups , and then Create.

Figure 5-18 Select Admin, and then Permission Groups , and then Create
Click Create, and the Create Permission Group dialog displays.

Figure 5-19 Create Permission Group Dialog
Type in a Group Name, and then select the items in the Permissions list that the users in that group will have access to.

Note:
See Table 5-8 and Table 5-9 for information about the Create Permission Group dialog field constraints and descriptions, respectively.

If you plan to create an additional permission group, click Apply.

If not, click OK .

Note:

When you click OK or Apply to create a configurable permission group, the group name is checked to ensure that another group has not already been defined with the same name. If the group name has already been defined, the operation will fail, and an error dialog is displayed.

Table 5-8 Create Permission Group Dialog - Field Constraints

Field	Type	Modifiable?	Constraints
Group	Text Field	Yes	Must be a unique group name Keyboard input enabled Maximum of 40 alphanumeric characters
Permissions	Tree	Yes	None

Table 5-9 Create Permission Group Dialog - Field Description

Field	Description
Group	Create a Permission Group with this name.
Permissions	A hierarchical list of LSMS GUI menus and command privileges that can be assigned to the membership of the permissions group.

Modify Permission Group

The Modify Permission Group dialog is used to modify the access privileges for existing configurable permission groups. To modify the access privileges for an existing permission group, select the group name from the group list.

To modify a permission group, use the following procedure.

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Permission Groups, and then Modify.

Figure 5-20 Select Admin, and then Permission Groups, and then Modify
Click Modify and the Modify Permission Group dialog displays.

Figure 5-21 Modify Permission Group Dialog
Select a Permission Group.
The authorized permissions of the selected group are automatically checked in the Permissions area.

Note:
See Table 5-10 and Table 5-11 for information about the Modify Permission Group dialog field constraints and descriptions, respectively.

If you plan to modify the access privileges for an additional Permission Group, click Apply. If not, click OK.

If you try to modify another Permission Group's access privileges while there are unsaved changes to the access privileges for the current group, a confirmation dialog is displayed asking you to save the changes.

Note:

The access privileges for default permission groups cannot be modified.

Note:

The name of an existing permission group cannot be modified (renamed) using the Modify User dialog. If the name of an existing permissions group needs to be modified, a new permissions group with the same permissions must be created and users re-assigned to it.

Table 5-10 Modify Permission Group Dialog - Field Constraints

Field	Type	Modifiable?	Constraints
Group	Text Field	No	None
Permissions	Tree	Yes	None

Table 5-11 Modify Permission Group Dialog - Field Description

Field	Description
Group	Modify a Permission Group with this name.
Permissions	A hierarchical list of LSMS GUI menus and command privileges that can be assigned to the membership of the permissions group.

View Permission Group

The View Permission Group dialog is used to view access privileges for existing permission groups.

To view a permission group, use the following procedure.

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Permission Groups, and then View.

Figure 5-22 Select Admin, and then Permission Groups, and then View
Click View, and the View Permission Group dialog displays.

Figure 5-23 View Permission Group Dialog
Select a Permission Group.
The access privileges of the selected group are automatically shown in the Permissions area.

Note:
See Table 5-12 and Table 5-13 for information about the View Permission Group dialog field constraints and descriptions, respectively.

If you plan to view the access privileges for an additional Permission Group, click Apply.

If not, click OK .

Table 5-12 View Permission Group Dialog - Field Constraints

Field	Type	Modifiable?	Constraints
Group	Text Field	No	None
Permissions	Tree	No	None

Table 5-13 View Permission Group Dialog - Field Description

Field	Description
Group	View a Permission Group with this name.
Permissions	A hierarchical list of LSMS GUI menus and command privileges that can be assigned to the membership of the permissions group.

Delete Permission Group

The Delete Permission Group dialog is used to delete an existing configurable permission group.

To delete a configurable permission group, use the following procedure.

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Permission Groups, and then Delete.

Figure 5-24 Select Admin, and then Permission Groups, and then Delete
Click Delete, and the Delete Permission Group dialog displays.

Figure 5-25 Delete Permission Group Dialog
Select a Permission Group.
The access privileges of the selected group are automatically shown in the Permissions area.

Note:
See Table 5-14 and Table 5-15 for information about the Delete Permission Group dialog field constraints and descriptions, respectively.

To delete an existing configurable permission group, select the name from the group list.

If you plan to delete an additional Permission Group, click Apply. If not, click OK .

Note:

When you click OK or Apply to delete a configurable permission group, the users' data is checked to ensure that there are no users currently assigned to the group. If one or more users are currently assigned, the operation will fail, and an error dialog is displayed.

Note:

Default permission groups cannot be deleted.

Table 5-14 Delete Permission Group Dialog - Field Constraints

Field	Type	Modifiable?	Constraints
Group	Text Field	No	None
Permissions	Tree	No	None

Table 5-15 Delete Permission Group Dialog - Field Description

Field	Description
Group	Delete a Permission Group with this name.
Permissions	A hierarchical list of LSMS GUI menus and command privileges that can be assigned to the membership of the permissions group.

Inactivity Timeout Submenu

The Inactivity Timeout submenu is designed to manage the Inactivity Timeout feature, which will log out users from the LSMS GUI and Linux Shell after a specified period of inactivity. This is an optional feature and must be activated.

The Inactivity Timeout submenu includes two types of customizable timers—a system timer (see System Timer) and a user timer (see User Timer). The user timeout, if specified, will override the system timeout.

Inactivity Timeout Functionality for GUI Users

For tasks of extended duration, such as audits, where the user initiates a task which continues without further user input, the task execution will not constitute user input. However, updates to the GUI from the process will continue as normal past the logout. At the completion of the process, if the timeout has expired, the log-in screen will pop up and block access to the GUI. If a user successfully logs in again, the results of the task will be available for review. Any time that user input is received during the process the timer would be reset.
Any input by the user would constitute activity and reset the timer.
Members of the lsmsadm or lsmsall default permission group (or members of any authorized configurable permission group) can modify the inactivity logout period. Values must be specified in whole minute intervals, and can range from 1 minute to a maximum value of 2147483647 minutes (which means, essentially, the logout period never expires). Specify this maximum value by using a zero (0).

Inactivity Timeout Functionality for Linux Users

Any user input or task execution would constitute activity and reset the timer.
For extended duration operations, where the user initiates a task which continues without additional user input, the operation will continue. The task execution is considered user activity in the Linux environment. The user will be logged off if the inactivity time expires.

Enable Inactivity Timeout Feature

Automatic Inactivity Logout automatically logs off GUI users and Linux users after the specified period of inactivity. This feature includes a configurable system timer and a configurable user timer. To enable this feature, perform this procedure:

Login to the LSMS as lsmsadm, or as a user of an authorized configurable permission group.
Issue the command dbcfginternal INACTIVITY_TIMEOUT <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
Restart the LSMS GUI for the feature to take effect.

The user can now perform all of the functionality described in Inactivity Timeout Submenu.

System Timer

The system timer provides an easy way to specify the same inactivity logout period, in minutes, for each LSMS GUI or Linux user. The default inactivity logout period is 15 minutes, but this logout period is configurable via the GUI.

Note:

The User Inactivity Timeout value, if set, will override the System Inactivity Timeout.

When the inactivity timer is activated, the LSMS Inactivity Timer Login window is displayed. It will accept only the username and password for the user that was last logged in.

Figure 5-26 LSMS Inactivity Timer Login Screen

View System Inactivity Timeout

To access the View System Inactivity Timeout window, perform the following steps:

Log in as a user in the lsmsadm or lsmsall group, or as a user of an authorized configurable permission group.
From the LSMS Console window, select the Admin menu item.
Select Inactivity Timeout, and then System Inactivity Timeout, and then View.

Figure 5-27 Select Timeout, and then System Inactivity Timeout, and then View
Click View, and the View System Inactivity Timeout window displays.

Figure 5-28 View System Inactivity Timeout Window
Click OK when you are done viewing.

Modify System Inactivity Timeout

To access the Modify System Inactivity Timeout window perform the following steps:

Log in as a user in the lsmsadm or lsmsall group, or as a user of an authorized configurable permission group.
From the LSMS Console window, select theAdmin menu item.
Select Inactivity Timeout, and then System Inactivity Timeout, and then Modify.

Figure 5-29 Select Inactivity Timeout, and then System Inactivity Timeout, and then Modify
Click Modify, and the Modify System Inactivity Timeout window displays.

Figure 5-30 Modify System Inactivity Timeout Window
Specify the number of minutes.

Note:
A value of 0 (zero) means the timer will never expire and the user will never be logged out.
Click Apply then click OK when you are done, and a window similar to the one shown in Figure 5-31 displays.
(Click Cancel if you do not want to make or accept any changes.)

Figure 5-31 Modify System Inactivity Timeout Change Notification Window

User Timer

The user timer provides an easy way to specify different inactivity logout periods, in minutes, for individual LSMS GUI and Linux users. The inactivity logout period is configurable via the GUI.

Note:

The User Inactivity Timeout value, if set, will override the System Inactivity Timeout.

When the inactivity timer is activated, the GUI Inactivity Timer Login Screen is displayed. It will accept only the user name and password for the user that was last logged in.

View User Timer Inactivity Timeout

To access the View User Inactivity Timeout window, perform the following steps:

Log in as a user in the lsmsadm or lsmsall group, or as a user of an authorized configurable permission group.
From the LSMS Console window, select the Admin menu item.
Select Inactivity Timeout, and then User Inactivity Timeout, and then View.

Figure 5-32 Select Inactivity Timeout, and then User Inactivity Timeout, and then View
Click View, and the View User Inactivity Timeout window displays.

Figure 5-33 View User Inactivity Timeout Window
Click OK when you are done viewing.

Modify User Inactivity Timeout

To access the Modify User Inactivity Timeout window, perform the following steps:

Log in as a user in the lsmsadm or lsmsall group, or as a user of an authorized configurable permission group.
From the LSMS Console window, select the Admin menu item.
Select Inactivity Timeout, and then User Inactivity Timeout, and then Modify.

Figure 5-34 Select Inactivity Timeout, and then User Inactivity Timeout, and then Modify
Click Modify, and the Modify User Inactivity Timeout window displays.

Figure 5-35 Modify User Inactivity Timeout Window
Do the following to make changes to the table:
- To add a timeout entry for the first time, click the On-Off checkbox (a check appears).
  A default timeout value of 15 minutes is automatically entered in the Timeout field. To change this value, double-click the value, delete it, and type in the new value.
- To change an existing timeout entry, double-click the timeout value, delete the existing value, and type in the new value.
- To deactivate an existing entry, click the On/Off checkbox (the check disappears).
  
  Note:
  A value of 0 (zero) means the timer will never expire and the user will never be logged out.
Click Apply then click OK when you are done, and a window similar to the one shown below displays.
(Click Cancel if you do not want to make or accept any changes.)

Figure 5-36 Modify User Inactivity Timeout Change Notification Window

Password Timeout Submenu

The Password Timeout dialog enables users in the permission groups lsmsadm and lsmsall to view and modify password timeout intervals at both the system and user levels. Access the Password Timeout feature by selecting Admin, and then Password Timeout.

View System Level Password Timeout

The View System Level dialog is used to view the system level password timeout interval.

To view password timeout information at the system level, use the following procedure:

Log in to the LSMS Console as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Password Timeout, and then System Level, and then View.

Figure 5-37 Select Admin, and then Password Timeout, and then System Level, and then View
Click View, and the View System Level Password Timeout dialog displays.

Figure 5-38 View System Level Password Timeout

Note:
A password timeout value of 0 indicates the password is valid for an indefinite period of time. A password timeout value of -1 indicates the password timeout has not been configured.
Click OK when you are done viewing.

Modify System Level Password Timeout Interval

The Modify System Level dialog is used to modify the system level password timeout interval.

To modify the password timeout interval at the system level, use the following procedure:

Log in to the LSMS Console as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Password Timeout, and then System Level, and then Modify.

Figure 5-39 Select Admin, and then Password Timeout, and then System Level, and then Modify
Click Modify, and the Modify System Level Password Timeout dialog displays.

Figure 5-40 Modify System Level Password Timeout
Type in the number of days for the password timeout interval, then click OK .
If you have successfully modified the password timeout, then the Update Successful dialog displays.

Figure 5-41 Update Successful
Click OK .

View User Level Password Timeout

The View User Level dialog is used to view the user level password timeout interval.

To view password timeout intervals at the user level, use the following procedure:

Log in to the LSMS Console as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Password Timeout, and then User Level, and then View.

Figure 5-42 Select Admin > Password Timeout > User Level > View
Click View, and the View User Level Password Timeout dialog displays..

Figure 5-43 View User Level Password Timeout

Note:
A password timeout value of 0 indicates the password is valid for an indefinite period of time. A password timeout value of -1 indicates the password timeout has not been configured.
Select a User, and the associated password timeout interval is automatically shown in the Password Timeout box.
Click OK when you are done viewing.

Modify User Level Password Timeout Interval

The Modify User Level dialog is used to modify the user level password timeout interval.

To modify password timeout intervals at the user level, use the following procedure:

Log in to the LSMS Console as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then Password Timeout, and then User Level, and then Modify.

Figure 5-44 Select Admin, and then Password Timeout, and then User Level, and then Modify
Click Modify, and the Modify User Level Password Timeout dialog displays.

Figure 5-45 Modify User Level Password Timeout
Select a User whose password timeout interval you want to modify.
Type in the number of days for the password timeout interval, then click OK .
If you have successfully modified the password timeout, then the Update Successful dialog displays.

Figure 5-46 Update Successful
Click OK .

MySQL Port Submenu

This optional feature enhances the security of LSMS databases by enabling the system administrator to change the MySQL port.

Through the LSMS GUI, the MySQL port can be configured to ports 34000 through 34099. The port can be maintained through the GUI, and any changes to the port setting will raise an alarm on the LSMS. The MySQL port can also be changed back to the default port, 3306.

Enable Configurable MySQL Port Feature

To enable this feature, perform this procedure:

Login to the LSMS as lsmsadm.
Issue the command dbcfginternal MYSQL_PORT <Y|N>.

Use the value Y to enable the feature and N to disable the feature.
The value of MYSQL_PORT will be updated in the database.

The user can now modify MySQL port for any valid value described in the next section.

Modify MySQL Port

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then MySQL Port, and then Modify.
The Modify MySQL Port dialog appears.

Figure 5-47 Modify MySQL Port

Note:
The default MySQL port is 3306. If the port has not been modified from the default setting, the Default MySQL Port radio button will be selected when the dialog appears.
Select the Configure New MySQL Port radio button to configure a new port.
Enter a new MySQL Port number.
Click Apply to save the changes and remain in the current window, or skip to 6.
A Confirm Modify dialog appears.
1. Click Yes to modify the MySQL port.
  A dialog box appears with the message: These changes will not be effective until the LSMS application has been stopped and restarted on both LSMS servers.
  See Stopping the Node, Starting the Node, and Updating MySQL Port on MySQL Server for more information.
2. Click Cancel to close the dialogue box. Your changes have been saved.

Click OK to save the changes and return to the LSMS Console.

A Confirm Modify dialog appears.

Click Yes to modify the MySQL port.
A dialog box appears with the message: These changes will not be effective until the LSMS application has been stopped and restarted on both LSMS servers.
See Stopping the Node, Starting the Node, and Updating MySQL Port on MySQL Server for more information.
Click OK.

Table 5-16 Modify MySQL Port Dialog - Field Constraints

Field	Type	Constraints
Default MySQL Port	Radio button	Default value: 3306
Configure New MySQL Port	Radio button	Range: 34000-34099

Stopping the Node

After you modify the MySQL port, you must stop and restart the LSMS application on both LSMS servers for the changes to take effect.

Note:

Perform this procedure on the ACTIVE LSMS server first, then on the STANDBY LSMS server.

Log in as lsmsmgr user. See Logging In to LSMS Server Command Line for more information.
The lsmsmgr text interface appears.
Select Maintenance and press Enter.
Select Stop Node and press Enter.
Select Yes to confirm the node stop and press Enter.
Select Exit and press Enter to return to the Main Menu.
Select Exit and press Enter to exit the lsmsmgr text interface.

Starting the Node

After you modify the MySQL port, you must stop and restart the LSMS application on both LSMS servers for the changes to take effect.

Note:

Perform this procedure on the ACTIVE LSMS server first, then on the STANDBY LSMS server.

Log in as lsmsmgr user. See Logging In to LSMS Server Command Line for more information.
The lsmsmgr text interface appears.
Select Maintenance and press Enter.
Select Start Node and press Enter.
Select Yes to confirm node startup and press Enter.
Select Exit and press Enter to return to the Main Menu.
Select Exit and press Enter to exit the lsmsmgr text interface.

Updating MySQL Port on MySQL Server

After you modify the MySQL port using the LSMS GUI, you must also update the MySQL server port number in the MySQL configuration file on the Query Server.

At the query server, log in as root.
Enter this command to verify the MySQL daemon is not running:
```
# ps -eaf |grep mysql
```
If the MySQL daemon is running, enter this command to shut down the MySQL server:
```
# cd /usr/mysql1/bin
# ./mysqladmin -u root -p shutdown
# Enter password:
<Query Server MySQL Root User Password>
```
Edit the /usr/mysql1/my.cnf file on the query server to reflect the new MySQL server port number:
```
master-port=<LSMS Server's MySQL Port Number>
```
Enter this command to start the MySQL daemon on the query server:
```
# ./mysqld_safe &
```

Enter this command to check the replication status:

# /usr/mysql1/bin/mysql -u root
mysql> show slave status \G
mysql> show processlist;

View MySQL Port

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then MySQL Port, and then View.
The View MySQL Port dialog appears.

Figure 5-48 View MySQL Port
Click OK to return to the LSMS Console.

LNP Threshold Submenu

The LNP quantity threshold is an alarm that is raised when the database storage capacity has been reached. LNP quantity threshold can be modified or viewed through the LSMS GUI.

Modify LNP Threshold

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then LNP Threshold, and then Modify.
The Modify LNP Quantity Threshold dialog appears.

Figure 5-49 Modify LNP Threshold
Enter the LNP_QTY_THRESHOLD percentage.
The LNP threshold is a configurable percentage of database storage capacity. An alarm is raised when the database storage capacity has been reached.
Click Apply to save the changes and remain in the current window, or skip to 5.
When the Update Successful dialog appears, click OK.
1. Click Cancel to close the dialogue box. Your changes have been saved.

Click OK to save the changes and return to the LSMS Console.

When the Update Successful dialog appears, click OK.

Table 5-17 Modify LNP Threshold - Field Constraints

Field	Type	Constraints
LNP_QTY_THRESHOLD	Text field	Range: 1 to 99 percent

View LNP Threshold

Log in as a user in the lsmsadm or lsmsall group.
From the main menu, select Admin, and then LNP Threshold, and then View.
The View LNP Quantity Threshold dialog appears.

Figure 5-50 View LNP Threshold
Click OK to return to the LSMS Console.

Switching NPAC Agent Versions

LSMS provides support for both the NPAC agent versions. The script to switch the NPAC agent versions switch_NANC528 is available at the directory path: /usr/TKLC/lsms/bin in LSMS. This script serves the purpose of switching between the older NPAC agent and newer NPAC agent. The newer agent supports NANC 528 features.

If a user needs to switch back to the older NPAC agent for some reasons, the switch_NANC528 script can be used for that purpose.

Note:

The NANC 528 interface is only used by iConectiv. It is not supported by Neustar for the Canada region.

The following sections describes the steps to switch across the NPAC agent versions:

Switching NPAC agent version - Newer to Older

Do the following steps to switch to the older npacagent version:

Login to LSMS CLI with user lsmsadm.
Shutdown both the LSMSPRI and LSMSSEC nodes.
1. Login to LSMSMGR menu on LSMSPRI and go to Maintenance Menu and then Stop Node.
  
  Figure 5-51 Main Menu
  
  Figure 5-52 Stop Node
2. Repeat the same steps to stop the node on LSMSEC server. Login to LSMSMGR menu and then go to the Maintenance Menu and then Stop Node.
Run the script with the following command on CLI:
/usr/TKLC/lsms/bin/switch_NANC528

User is prompted to enter YES/NO depending upon the requirement of switching to the older npacagent version as follows:

[lsmsadm@lsmspri ~]$ /usr/TKLC/lsms/bin/switch_NANC528
INFO: This script is used for switching between older and newer npacagent. LSMS should be stopped for this process to continue.
Checking whether LSMS is stopped...

INFO: No active node found, We can proceed...

INFO: You are going to switch to older version of npacagent that will not have NANC 528 updates.
Are you sure you want to continue? (y/n)

Enter Y to switch to the older npacagent version.
Once the user enters Y to the above prompt, npacagent will move to the older version. Below mentioned output will be observed on entering Y or YES:
```
INFO: Binary replaced successfully on local server, Replacing it on mate now.
FIPS integrity verification test failed.
INFO: Binary replaced on mate successfully
```
Start both LSMSPRI and LSMSSEC nodes.
1. Login to LSMSMGR menu on LSMSPRI and go to Maintenance Menu and then Start Node.
  
  Figure 5-53 Maintenance
2. Select Start Node from the menu.
  
  Figure 5-54 Start Node
3. Repeat step 6 to start node on the LSMSSEC server.

Switching NPAC agent version - Older to Newer

Do the following steps to switch to the newer npacagent version:

Login to LSMS CLI with user lsmsadm.
Shutdown both the LSMSPRI and LSMSSEC nodes.
1. Login to LSMSMGR menu on LSMSPRI and go to Maintenance Menu and then Stop Node.
  
  Figure 5-55 Main Menu
  
  Figure 5-56 Stop Node
2. Repeat the same steps to stop the node on LSMSEC server. Login to LSMSMGR menu and then go to the Maintenance Menu and then Stop Node.
Run the script with the following command on CLI:
/usr/TKLC/lsms/bin/switch_NANC528

User is prompted to enter YES/NO depending upon the requirement of switching to the newer npacagent version as follows:

[lsmsadm@lsmspri ~]$ /usr/TKLC/lsms/bin/switch_NANC528
INFO: This script is used for switching between older and newer npacagent. LSMS should be stopped for this process to continue.
Checking whether LSMS is stopped...

INFO: No active node found, We can proceed...

INFO: You are going to switch to newer version of npacagent that will have NANC 528 updates.
Are you sure you want to continue? (y/n)

Enter Y to switch to the newer npacagent version.
Once the user enters Y to the above prompt, npacagent will move to the newer version. Below mentioned output will be observed on entering Y or YES:
```
INFO: Binary replaced successfully on local server, Replacing it on mate now.
FIPS integrity verification test failed.
INFO: Binary replaced on mate successfully
```
Start both LSMSPRI and LSMSSEC nodes.
1. Login to LSMSMGR menu on LSMSPRI and go to Maintenance Menu and then Start Node.
  
  Figure 5-57 Maintenance
2. Select Start Node from the menu.
  
  Figure 5-58 Start Node
3. Repeat step 6 to start node on the LSMSSEC server.