Licensing Issues

The Admin Security license key enables the various security enhancements described in the Admin Security Essentials guide.

As with any other license, an activate-config command must be executed after license installation for all changes to take effect. Certain ACLI aspects, such as login and password change prompts, change immediately after installation of the Admin Security license.

These two licenses relate as follows:

1. An Oracle Communications Session Border Controller (OCSBC) with an Admin Security license also requires the Admin Sec-Shell license for operating system access.
2. An OCSBC that has never had an Admin Security license install will have shell access enabled.
3. Removal of the Admin Security license does not re-enable operating system access (such access requires the Admin Sec-Shell license to be present). This ensures that a system cannot be compromised via the operating system by simple removing the Admin Security license.

   A bit is permanently set in the NVRAM of an OCSBC to denote that it currently has, or has previously had an Admin Security license. This bit will is checked even if the license is removed, to determine if the OCSBC should enforce the added security features.

   Should the Admin Security license be removed the following restrictions are imposed, resulting in a severely compromised OCSBC:

   • EMS (Element Management System) access is not available

   • audit log deletion is not allowed

   • ACP (Acme Control Protocol) is disabled

   • operating system access is not allowed

     When an Admin Security APC license is in place, however, removal of the Admin Security license produces near-normal OCSBC operations.

   • EMS access is available

   • a static and inaccessible audit long remains

   • ACP (Acme Control Protocol) is enabled

   • operating system access is allowed