Configuring an Enterprise Service Portal
Follow the configuration instructions in this section for:
- Enterprise Manager Portal
- NAT Address Management Portal
- An application that uses a configuration file based on the easp_conf template
Tasks to configure an enterprise service portal are:
- Accessing the Configuration Files
- Configuring Connections to the Subscriber Directory
- Configuring Connections to the Service Directory on Solaris Platforms
- Configuring Search Bases for Each Directory
- Configuring the Logging Properties
- (Optional) Configure a NIC proxy if you use a NIC to identify the SAEs that manage subscribers. See Configuring a NIC Proxy.
- (Optional) Configure directory eventing if you use directory eventing to identify the SAEs that manage subscribers. See Configuring Directory Eventing for SAE Identification.
- Exporting the Configuration to the Directory
If you use an enterprise service portal audit plug-in with your application, also complete the following task:
Accessing the Configuration Files
On a Solaris platform, use SDX Configuration Editor to configure properties for enterprise service portals. For information about using SDX Configuration Editor, see SRC-PE Getting Started Guide, Chapter 39, Using SDX Configuration Editor.
To access the enterprise service portal configuration:
- Start SDX Configuration Editor.
- Import the sample data from the directory.
- Open the folder called enterprise service portal.
- Open the file for the enterprise service portal that you want to configure.
Configuring Connections to the Subscriber Directory
To use SDX Configuration Editor to configure the connections to the directory that contains information about subscribers:
![]()
- Expand the entry called User Data, and configure the properties for the directory that contains information about subscribers.
- Save the file.
Server Address
- List of subscriber directories. The first entry is the primary directory, and the rest are backup directories.
- Value—Space-separated list of IP addresses or names of hosts that support subscriber directories
- Guidelines—If one directory contains both subscribers and services, be sure to use the same value for this field in both the User Data entry and the Service Data entry.
- Default—127.0.0.1
- Property name—ent.repository.ldap.subscriber.server.address
Server Port
- Port number for the subscriber directory servers. The primary host and all backup directory hosts must use this port.
- Value—TCP port
- Guidelines—If one directory contains both subscribers and services, be sure to use the same value for this field in both the User Data entry and the Service Data entry.
- Default—389
- Property name—ent.repository.ldap.subscriber.server.port
Authentication DN
- DN for authentication with the subscriber directory.
- Value—DN
- Default—cn=ent-admin, o=operators, o=umc
- Property name—ent.repository.ldap.subscriber.manager.authDN
Password
- Password for authentication with the subscriber directory.
- Value—Text string
- Default—ent
- Property name—ent.repository.ldap.subscriber.manager.password
Enable SNMP Monitoring
- Whether or not information about enterprise service portal directory connections to the SNMP directory connection table if an SRC SNMP agent is running on the same host as the enterprise service portal.
- Value
Secured LDAP Protocol
- Security protocol that the enterprise service portal uses to connect to the subscriber directory.
- Value— ldaps
- Default—ldaps
- Property name—ent.repository.ldap.subscriber.manager.security.protocol
Filter for Loading Subscriptions
- Filter that the SAE uses when it loads sample enterprise data from the subscriber directory.
- Value—One of the following filters:
- Subscriber Reference Filter—The SAE runs a search based on the subscriberRef attribute in the umcServiceProfile object class, which is the base object class of the service profile hierarchy. The subscriberRef attribute contains a DN that points to the parent of the subscriber object.
- Subscription Objectclass Filter—The SAE performs a one-level search with the directory entry, which represents the subscriber folder as the base DN. The search filter is (objectClass=sspServiceProfile). This method can be slow if you have a large number of subscription entries within the subscriber folder subtree.
- Guidelines—If you use a directory that does not search efficiently for large numbers of subscribers, specify the Subscriber Reference Filter. Otherwise, use the Subscription Objectclass Filter.
- Default—Subscription Objectclass Filter
- Property name—ent.repository.ldap.subscriber.server.loadSubscriptionFilter
Session Usage Refresh Time Interval
- How often the enterprise service portal contacts the SAE to obtain updates for usage data. The SAE obtains this data from the router.
- Value—Number of seconds in the range 0 to 2147483647
- Guidelines—If you specify a lower value than the default, you may cause a denial-of-service attack on the router.
- Default—900
- Example—1200
Configuring Connections to the Service Directory on Solaris Platforms
To configure the connections to the directory that contains information about subscribers:
![]()
- Expand the entry called Service Data, and configure the properties for the directory that contains information about subscribers.
- Save the file.
Server Address
- List of service directories. The first entry is the primary directory, and the rest are backup directories.
- Value—Space-separated list of IP addresses or names of hosts that support service directories
- Guidelines—If one directory contains both subscribers and services, be sure to use the same value for this field in both the User Data entry and the Service Data entry.
- Default—127.0.0.1
- Property name—ent.repository.ldap.service.server.address
Server Port
- Port number for the service directory servers. The primary host and all backup directory hosts must use this port.
- Value—TCP port number
- Guidelines—If one directory contains both subscribers and services, be sure to use the same value for this field in both the User Data entry and the Service Data entry.
- Default—389
- Property name—ent.repository.ldap.service.server.port
Authentication DN
- DN for authentication with the service directory.
- Value—DN
- Default—cn=ent-admin, o=operators, o=umc
- Property name—ent.repository.ldap.service.manager.authDN
Password
- Password for authentication with the service directory.
- Value—Text string
- Default—ent
- Property name—ent.repository.ldap.service.manager.password
Enable SNMP Monitoring
- Whether or not to add Information about enterprise service portal directory connections to the SNMP directory connection table if an SRC SNMP agent is running on the same host as the enterprise service portal.
- Value—Yes or No
- Default—No
- Property name—ent.repository.ldap.service.des.sysman
Secured LDAP protocol
- Whether or not the enterprise service portal uses a security protocol to connect to the service directory.
- Value—LDAPS
- Guidelines—If the connection to the directory is secure, click Enable to enforce use of LDAPS. Click Disable if the connection to the directory is not secure.
- Default—ldaps
- Property name—ent.repository.ldap.service.manager.security.protocol
Enable Directory Eventing
- Whether or not enterprise service portal uses directory eventing to identify the SAE that manages a subscriber.
- Value
- Yes—Enterprise service portal uses directory eventing to identify the SAE.
- No—Enterprise service portal does not use directory eventing to identify the SAE.
- Guidelines—Set this property to Yes if you use directory eventing to identify the SAE that manages a subscriber. Set this property to No for NAT Address Management Portal, and for other enterprise service portals if you use a NIC to identify the SAE that manages a subscriber.
- Default—Yes
- Property name—ent.repository.ldap.service.des.enable_eventing
Polling Interval
- Time between polls that the enterprise service portal sends to the directory to obtain changes to the addresses of the SAEs' external interfaces.
- Value—Number of seconds in the range 15-2147483647
- Guidelines—Use the default value unless the response time of the directory is unacceptably long. In this case, use a higher value than the default. Do not use a lower value than the default.
- Default—60
- Property name—ent.repository.ldap.service.des.pollinginterval
Configuring Search Bases for Each Directory
You configure the base DNs of information that the enterprise service portal uses in each directory.
To configure the search bases (the base DNs in the directory that store particular types of information):
![]()
Subscribers
- Base DN of subscribers in the directory.
- Value—DN
- Default—o=users, o=umc
- Property name—ent.repository.subscribers.base.dir
Services
- Base DN of services in the directory.
- Value—DN
- Default—o=services, o=umc
- Property name—ent.repository.services.base.dir
Global Parameters
- Base DN of the global parameters for policies in the directory.
- Value—DN
- Default—o=parameters, o=umc
- Property name—ent.repository.parameters.base.dir
Operators
- Base DN of operators in the directory.
- Value—DN
- Default—o=operators, o=umc
- Property name—ent.repository.managers.base.dir
Service Scopes
- Base DN of service scopes in the directory.
- Value—DN
- Default—o=scopes, o=umc
- Property name—ent.repository.scopes.base.dir
Network
- Base DN of networks in the directory.
- Value—DN
- Default—o=network, o=umc
- Property name—ent.repository.network.base.dir
Configuring the Logging Properties
To use SDX Configuration Editor to configure logging properties:
You can see default settings for logging in this file. For information about configuring logging, see SRC-PE Monitoring and Troubleshooting Guide, Chapter 4, Configuring Logging for SRC Components on a Solaris Platform.
Configuring a NIC Proxy
If you use a NIC to identify the SAEs that manage subscribers, configure a NIC proxy for the enterprise service portal. Do not configure a NIC proxy for NAT Address Management Portal, because it does not need to identify the SAEs that manage subscribers.
To use SDX Configuration Editor to configure a NIC proxy:
- Click the SAE Resolution tab in the configuration file.
- Expand the entry called NIC Proxy, and configure the properties under this entry.
For information about configuring NIC proxies, see SRC-PE Network Guide, Chapter 13, Configuring Applications to Communicate with an SAE.
Configuring Directory Eventing for SAE Identification
For SRC implementations that use five or fewer SAEs, you can configure the enterprise service portal to use directory eventing to identify the SAEs that manage subscribers. Do not configure this feature for NAT Address Management Portal, because it does not need to identify the SAEs that manage subscribers.
To use the SDX Configuration Editor to configure directory eventing for SAE identification:
- Click the SAE Resolution tab in the configuration file.
![]()
- Expand the entry called Polling-based SAE Resolution, and configure the properties under this entry.
- Save the file.
- Be sure that the property ent.feedback.urlupdateinterval is configured in the SAE configuration (see Modifying the SAE Property File).
SAE Keepalive Check Interval in Seconds
- Time interval at which the enterprise service portal polls the SAE.
- Value—Number of seconds in the range 0-2147483647
- Guidelines—Specify a value that exceeds the interval at which the SAE updates the address of its external interface (configured in the property ent.feedback.urlupdateinterval in SAE properties).
- Default—5400
- Example—6000
- Property name—ent.saewatchdog_timeout
SAE References
- DN of the subtree that contains the addresses of the external interface of remote SAEs.
- Value—DN
- Default—ou=sspadmurls, o=servers, o=umc.
- Property name—ent.feedback.admin.baseDN
Exporting the Configuration to the Directory
For information about exporting the configuration to the directory, see SRC-PE Getting Started Guide, Chapter 39, Using SDX Configuration Editor. Enterprise service portal configurations are exported to l=EASP, ou=staticConfiguration, ou=Configuration, o=Management, o=umc.