Service Management Applications
This section describes service management applications in the SRC software and SRC application library.
SRC SOAP Gateway
The SRC SOAP Gateway (SRC-SG) allows a gateway client—an application that is not part of the SRC network—to interact with SRC components through a SOAP interface. This feature is useful for business-to-business situations, such as a wholesaler-retailer environment. Typically, the wholesaler owns and administers the SRC components, and the retailer maintains a database of subscribers. Retailers purchase services from one or more wholesalers and sell the services to their subscribers. Using information provided by the wholesaler, the retailer creates a gateway client to communicate with the components in the SRC software.
The SRC-SG offers the following Web applications:
- Dynamic Service Activator allows a gateway client to dynamically activate and deactivate SRC services for subscribers and to run scripts that manage the SAE.
- Subscriber Manager allows a gateway client to create and modify subscriber data and to manipulate the Workflow application.
Deep Packet Inspection Integration Application
The SRC software has been integrated with the Ellacoya Networks Deep Packet Inspection (DPI) platform to provide a traffic management solution that combines the advanced traffic identification and reporting features of the Ellacoya DPI with the SRC software's intelligent service policy enforcement. With this solution, providers can identify, monitor, and control traffic on a per-application or per-subscriber basis.
Application traffic such as peer-to-peer file sharing or instant messaging, which in many cases originates or terminates outside of a provider's network, can cause abusive or indiscriminate consumption of bandwidth and impact a provider's ability to deliver its own services. In particular, services that require higher, guaranteed levels of performance, such as Voice-over-IP (VoIP) or video-on-demand (VoD), can be impacted. Having visibility into applications that are transported over the network and their associated bandwidth consumption at various times is important as is the ability to control those applications.
The DPI solution allows providers to implement service control policies on specific traffic flows quickly and effectively. Such policies include throttling back, capping volume, or even enhancing bandwidth or service quality for sanctioned peer-to-peer applications.
Benefits of the DPI Integration
By identifying and effectively controlling traffic at the application level, service providers can:
- Put usage controls on applications on a subscriber basis. For example, you can put a quota limit on the amount of peer-to-peer traffic that a subscriber can consume in a month.
Once subscribers have used their quota, you can apply a policy that throttles back on or blocks a subscriber's peer-to-peer traffic, bill the subscriber for additional usage, or allow the subscriber to purchase additional quota.
- Limit the total percentage of network resources that a specific type of traffic is allowed to consume.
- Provide higher or guaranteed levels of performance for premium services by applying QoS control to application sessions. For example, two subscribers start an Xbox Live session. The Ellacoya DPI platform detects activity for this application, and sends application usage counters to the SRC software. The SRC software pushes policies that deliver a specific level of QoS for this application session to a router or other network device.
- Charge subscribers based on their usage of premium content-based services.
- Offer and charge for tiered Internet services based on both speed and application.
- Better support network planning functions by gaining an in depth understanding of traffic flows and patterns on a per subscriber and per application basis.
Enterprise Audit Plug-In
The Enterprise Service Portal audit plug-in, also referred to as the enterprise service portal IT Manager Audit Plug-In, defines a callback interface, which receives events when IT managers complete specified operations, such as subscribing to a service or changing the parameter substitutions of a subscription. The events report the type of operation, the identity of the IT manager, and other attributes.
You can write audit plug-in event listeners by implementing the callback interface. A listener performs tasks such as processing received events and then publishing the events to one or more event handlers, such as a log file, system log, or database. Events are sent after the corresponding operations have been completed.
Enterprise Manager Portal
Enterprise Manager Portal is an application that allows service providers to provision services for enterprise subscribers on JUNOSe routers and JUNOS routing platforms and that allows IT managers to manage services. This Enterprise manager Portal is a complete application that requires little customization.
Figure 8 shows a sample page in the Enterprise Manager Portal.
![]()
You can use the Enterprise Manager Portal with the NAT Address Management Portal to allow service providers to manage public IP addresses for use with NAT services on JUNOS routing platforms and to allow IT managers to make requests about public IP addresses through the Enterprise Manager Portal. The NAT Address Management Portal is a complete application that requires little customization.
IDP Integration Applications
The IDP integration applications allow you to use IDP to monitor subscriber traffic for detecting malicious network traffic sent to or received by subscribers. In addition to the actions that IDP can take in response to detected incidents, you can configure the SRC software to respond to these incidents by taking one or more of the following actions for subscribers associated with malicious traffic:
- Applying policies, such as policies that limit subscriber bandwidth, to subscriber interfaces
- Sending e-mail messages that describe the nature of an incident
- Redirecting Web requests to an IDP captive portal where a page provides the source or destination of the problem traffic and a description of the incident
The SRC application library provides robust sample data for IDP integration, a sample e-mail gateway application, and a sample IDP captive portal. You can customize the implementation provided, or create a new one based on the samples.
IVE Host Checker Integration Application
The IVE Host Checker integration application allows you to verify that the subscriber systems used to connect to a service provider comply with the service provider's policies. You can deploy IVE Host Checker in a network so that it is activated according to the service provider's requirements. Based on the host-checking results, the subscriber may be allowed full, limited, or no access to the Internet.
The SRC application library provides sample data for IVE Host Checker integration, a sample Host Check Result portal, and a sample SRC-VTA application for scheduling host checking. You can customize the implementation provided, or create a new one based on the samples.
Prepaid Service Application
The prepaid service application is a demonstration application that illustrates how to integrate prepaid service applications with the SRC software.
The demonstration application consists of two components:
- Prepaid account server—Provides the central data repository for the prepaid services demonstration application. It maintains the different accounts and provides access for the other SRC components.
- Prepaid Account Administration application—Allows you to manage prepaid accounts.
The demonstration supports two types of prepaid service applications, time based and volume based.
Sample Enterprise Service Portal
An enterprise service portal is a Web application that lets service providers supply a management interface to its customers for managing and provisioning services. The sample enterprise service portal provides is an application that illustrates how service providers can make their services available to IT managers in an enterprise and that provides developers with a starting point from which they can create their own enterprise service portals.
Sample IPTV Application
The IPTV application is a sample application that demonstrates how to use extended features of SRC-ACP and the SAE to manage network resources. You can use SRC-ACP to perform call admission control, allocate bandwidth, and initialize and execute applications. You can use the SAE to set up and manage LSP tunnels with router drivers and script service.
Sample Residential Service Selection Portals
A residential portal is a Web portal application designed for use by individual subscribers to manage their subscriptions to Internet services and to log in to and out of a subscriber session. The portal pages, which are dynamically generated from information stored for subscribers, give subscribers instant access to personalized services, without the need to interact with customer representatives for a service provider. Proprietary client software is not required; subscribers can use a standard Web browser on a workstation or a personal digital assistant (PDA).
A residential portal can locate a specific SAE by using information that is dynamically obtained when subscribers connect. Because the data-processing function of the SRC software is separate from the access function, you can easily integrate the SRC software with existing portals, regardless of the technology used to deliver the portal. If your portal environment provides schemes for checking availability of Web servers and balancing loads between Web servers, you can also take advantage of these schemes for the portal.
The SRC software provides examples of residential portals.
Figure 9 shows a residential Web portal that could be created with the SRC software.
![]()
Web-based residential portals that you develop for the SRC software are compatible with PDAs. Figure 10 shows a login page for a sample residential portal that is being accessed from a PDA.
![]()
Threat Mitigation Portal
The Threat Mitigation Portal (SRC-TMP) and application allows service providers to respond to threats on the SRC-managed network. The application for the SRC-TMP can be customized based on customer-supplied data to control the description and recommended actions for each type of threat. The application includes the ability to log all user operations to provide an audit trail of actions.
The application uses these components to respond to threats:
- Juniper Networks Intrusion Detection and Prevention (IDP) Sensors to detect the threats.
- Juniper Networks NetScreen-Security Manager to manage the IDP Sensors and to signal the SRC-TMP when a threat is detected.
- The SRC-TMP, which is the user interface for the application, to manage threats and act upon them.
Traffic-Mirroring Application
The traffic-mirroring application allows service providers to mirror subscriber traffic on any subscriber access platform supported by the SRC software. By activating traffic-mirroring services in an SRC-managed environment, service providers can set up SRC policies to:
- Monitor subscriber traffic and intercept traffic from a particular source or to a particular destination.
- Take actions for subscribers with intercepted traffic by applying policies to the subscriber traffic.
The sample data provided with the application illustrates configurations for a network that contains JUNOSe routers and JUNOS routing platforms and includes policies, services, and router definitions.
Workflow Application
The Workflow application allows a service provider to automate the provisioning process for primary access services. Typically, primary access services consist of broadband access, such as DSL or cable, Internet connectivity with a default profile, and possibly some application services, such as e-mail. Once the primary access service is set up, the subscriber can use the dynamic service selection mechanism for SAE services.
As shown in Figure 11, the Workflow application uses APIs, protocols, scripts, and external programs to communicate with the various components of the SRC software.
![]()
Java
The Java API consists of beans developed by the service provider to describe a desired workflow (for example, sending an e-mail to a technician or mail robot provisioning systems). The beans drive the Workflow application. We provide sample beans as well as template beans that help the service provider design workflow beans.
LDAP
The Workflow application can perform LDAP operations (for example, add, delete, search, and modify entries) to an external LDAP server.
Scripts and External Programs
The Workflow application can be designed to run a script or external program that can perform provisioning functions; for example:
- Execute a sequence of configuration commands or SNMP requests on a network element.
- Request an update in a subscriber database.
- Create an e-mail account.
- Allocate file space on a Web server and configure FTP access for the subscriber.
E-Mail Send/Receive Protocols
The following e-mail send and receive protocols are used in the Workflow application:
- Simple Mail Transfer Protocol (SMTP)—Used by an e-mail bean to send an e-mail to an external entity (for example, a provisioning system)
- Post Office Protocol version 3 (POP3)—Used by the Workflow application to receive e-mail responses to e-mail requests sent previously
- Internet Message Access Protocol (IMAP)—An alternative to the SMTP and POP3 protocols
HTTP
The Workflow application also uses HTTP to send and receive messages to and from external provisioning systems. These messages are usually encoded in XML.
XML
The object state manager (OSM) receives messages from the service provider's provisioning system that are encoded in XML. These messages are requests for the OSM to change the state of subscribers and subscriptions according to service provider-defined object life cycle state machines. For instance, a subscription may have several states, such as created, provisioned, and inactive. The state machine defines the valid transitions from state to state and, optionally, a workflow to carry out the provisioning steps to effect the transition between the states.
The workflows themselves can send XML requests and receive XML responses to and from the service provider's provisioning systems to carry out some of the steps in the workflow.