[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Overview of Configuring Subscribers and Subscriptions

This section gives an overview of configuring subscribers and subscriptions for the SRC software.

LDAP Model for Subscribers

The Subscriber model provides a set of relationships between subscribers and managed services. You can view subscriber objects in the directory at o=Users, o=umc (o=Users, o=umc is the location for a default installation of the SRC software). If you install the sample data, you can see examples of subscriber configurations with SDX Admin.

For detailed information about the SRC LDAP schema, see the documentation in the SRC software distribution in the folder /SDK/doc/ldap or on the Juniper Networks Web site at

http://www.juniper.net/techpubs/software/management/sdx

Subscriber objects have the following classes:

Subscriptions

A subscription is an object in the directory that represents an enrollment to a service. Each subscription provides access to a particular service for that subscriber. A subscriber can have multiple subscriptions to a service. Table 20 shows the type of subscriptions you can configure for each type of subscriber.

Table 20: Allowable Service Subscriptions for Different Types of Subscribers  
Type of Subscriber
Service Subscriptions You Can Configure

Retailer

Outsourced service subscription

Value-added subscription

Subscriber folder

Value-added subscription

Enterprise

Access subscription

Value-added subscription

Site

Access subscription

Value-added subscription

Access

RADIUS subscription

Value-added subscription

Residential subscriber

RADIUS subscription

Value-added subscription


If the service provider uses the SRC directory to hold all their subscriber data, residential subscribers must subscribe to primary services—such as Broadband Remote Access Server (B-RAS) through Point-to-Point protocol (PPP) or B-RAS through Dynamic Host Configuration Protocol (DHCP)—before subscribing to a value-added service.

Enterprise subscribers must subscribe to an access service (that is, a leased line), either directly or in a site or subscriber folder that is subordinate to the enterprise Without an access subscription, a service session cannot run in the network.

Retailers can subscribe to outsourced services if a service provider sources the access out through tunneling (Layer 2 Tunneling Protocol [L2TP] or PPP Terminated Aggregation [PTA]).

Specifying the Activation Order for Subscriptions

Service providers and customers can specify the order in which the SAE activates subscriptions that are set up to activate on login for a particular subscriber. To specify the order, you define a numerical precedence for the activation of each subscription. The SAE activates services in ascending order of precedence; if multiple services have the same precedence, the SAE activates them in an unspecified order.

You can configure the activation order with SDX Admin (see Value-Added Subscription Fields) or the Enterprise Manager Portal.

LDAP Model for Subscriptions

The subscriber and service models provide a set of relationships between the subscribers and the managed services, including subscriptions.

When a residential or enterprise subscriber subscribes to a service, which could be either a primary service or a value-added service, a general service profile with subscriber-specific service information is assigned to the subscriber.

For example, when a residential subscriber subscribes to a primary service such as B-RAS, a RADIUS profile (umcRadiusPerson) is created and assigned to the subscriber. Value-added service profiles (sspServiceProfile) are created in case the subscriber also subscribes to a value-added service.

You can create service profiles (umcRadiusPerson, umcAccessServiceProfile, sspServiceProfile, and umcOutsourceServiceProfile) with a directory client, such as SDX Admin.

An access subscription is the same object as an access subscriber. An access has two roles:

  1. A subscription to an access service. (The subscription to an access service makes it possible to trigger workflows for the service.)
  2. A subscriber to value-added services.

For detailed information about the SRC LDAP schema and graphics of the object models, see the documentation in the SRC software distribution in the folder /SDK/doc/ldap or on the Juniper Networks Web site at

http://www.juniper.net/techpubs/software/management/sdx

Operators

This section describes operators for subscribers and subscriptions. You can also configure operators for various SRC components. For information about setting up a multilayered access control scheme for operators, see SRC-PE Integration Guide, Chapter 8, Access Control Scheme.

In relation to subscribers and subscriptions, an operator is an object in the directory that represents an IT manager in an organization. Retailers, subscriber folders, enterprises, sites, and accesses can support one or more operators.

When you add an enterprise with SDX Admin, the software creates a default operator for that enterprise. You can add additional operators for enterprises and create operators for retailers, subscriber folders, sites, and accesses.

You can also add an operator that has control over all retailers. See Operators That Control All Retailers.

Read Privileges

Operators have privileges to read:

Management Privileges

You can specify one or more management privileges for operators. If you do not specify privileges for an operator, the operator has only read privileges. The default operator that SDX Admin adds to an enterprise has the highest privilege level, called administrator. Table 21 shows the privilege levels and the privileges associated with the levels.

Table 21: Privilege Levels and Associated Tasks  
Privilege Level
Tasks That Operators with This Privilege Can Perform

Administrator

  • Add, delete and modify operators
  • Add, delete, and modify subscriptions
  • Modify subscribers, including the ability to add, delete, and modify substitutions for subscribers
  • Manually activate and deactivate subscription sessions

Subscription

  • Add, delete, and modify subscriptions
  • Manually activate and deactivate subscription sessions

Substitution

Add, delete, and modify substitutions in subscribers and subscriptions

Activation

  • Configure automatic activation of services
  • Manually activate and deactivate subscription sessions

VPNs

Modify, export, and cancel the export of VPNs


An operator has management privileges for its associated subscriber and for that subscriber's subordinate objects. For example, operators in an enterprise have control over the enterprise and all sites and accesses in the enterprise. Similarly, operators in a site have control over the site and all accesses it contains. Operators in an access have control over only that access.

For example, in the directory shown in Figure 27, the operator substitutionMgr:


Figure 27: Sample Operator Access Privileges

Operators That Control All Retailers

You can add operators that have control over all retailers and their subordinate enterprises. You add this type of operator in o=Operators, o=umc. The directory controls the operator's access to other objects in the directory.

LDAP Model for Operators

The Operator model provides a set of relationships between operators and the managed services and subscriptions. Operators have the object class umcOperator, a subclass of the object class person.

For detailed information about the SRC LDAP schema, see the documentation in the SRC software distribution in the folder /SDK/doc/ldap or on the Juniper Networks Web site at

http://www.juniper.net/techpubs/software/management/sdx

Tools for Adding Subscribers and Subscriptions

The way you add and manage subscribers depends on your SRC configuration. If you have a large base of subscribers, you will probably manage subscribers through your own database and map it to the SRC LDAP schema. If you are working with a small number of subscribers, you can use SDX Admin to add subscribers to the SRC directory. In practice, you can use SDX Admin to configure subscriber bases when you are:

Inheritance of Properties and Subscriptions

Subordinate subscribers inherit properties and value-added subscriptions from their parent subscribers, unless you specify a different value for the subordinate. Properties that a subscriber can inherit include the maximum number of concurrent logins and the session timeout. For example, if you configure a subscription to a video service for an enterprise and configure a different subscription to the same video service for a site within that enterprise, the site uses its own subscription rather than the inherited subscription. RADIUS and access subscriptions are not inherited.

Encryption Methods for Passwords

You can encrypt passwords for some types of subscribers and subscriptions. You must use an encryption method that your directory supports. Table 22 shows the encryption methods that different directories support.

Table 22: Encryption Methods Supported by Different Directories  
Encryption Method
Directory Type
UNIX crypt
md5
sha
None

DirX

Yes

No

Yes

Yes

eTrust Directory

Yes

Yes

Yes

No

Oracle Internet Directory

Yes

Yes

Yes

Yes

Sun ONE

Yes

No

Yes

Yes

OpenLdap

Yes

Yes

Yes

Yes



[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]