Nortel Networks BCM50 2.0 Chapter 4

75

BCM50 Administration Guide

Chapter 4

BCM50 Security Policies and Accounts and Privileges

BCM50 Security Policies and Accounts and Privileges allows you to establish system-wide

security policies and maintain access security on your system using settings on the Element

Manager.This chapter describes the security policies that you can configure through the Element

Manager. The BCM50 provides security capabilities such as NAT, VPN, DoS alert, data

communication, DHCP, VLAN, and PPP.

The information in this chapter is organized as follows:

•Security Policies panel on page 75 describes the fields on the Security Policies panel

•Configuring system security policies on page 80 provides procedures for setting system-level

security that applies to all configured users, for installing the web server certificate, and for

downloading the SSH key-pair

•Configuring user accou nts, user groups and privileges on page 89 provides procedures for

managing access to both the Element Manager and to the telset configuration menus.

•User account and user group management fundamentals on page 97 provides information

about user accounts, passwords, and privileges.

•Accounts and Privileges panel on page 1 1 1 describes th e fields on the Accounts and Privileges

panel.

•BCM50 security fundamentals on page 120 provides an overview of the BCM50 security

policies such as firewalls, protocols, encryption, audits, certificates, and site authentication.

Security Policies panel

The fields that make up the Security Policies panel are described in this section. When you set

security policies, they apply to the entire BCM system rather than to individual users.

!

Security Note: This symbol is used throug hout t his section to indicat e areas of possi ble

security concern, primarily in regard to default settings that could pose a security risk if

they are not changed.

Contents

Main Page Task List Using the BCM50 Hardware Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Managing BCM50 with SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Using the BCM Fault Management System . . . . . . . . . . . . . . . . . . . . . . . 147 Using the BCM50 Service Management System . . . . . . . . . . . . . . . . . . . 215 Monitoring BCM50 Status and Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Backing Up and Restoring BCM50 Data . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Managing BCM50 Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 Contents Chapter 4 BCM50 Security Policies and Accounts and Privileges . . . . . . . . . . . . . . . 75 Page Page Page Page Page Page Chapter 1 Getting started with BCM50 About this guide Purpose Organization 16 Chapter 1 Getting started with BCM50 Table 1 BCM50 Administration Guide organization Chapter Contents Audience Acronyms 18 Chapter 1 Getting started with BCM50 Table 1 List of acronyms Symbols and conventions used in this guide Related publications How to get Help Getting Help from the Nortel Web site Getting Help over the phone from a Nortel Solutions Center Getting Help from a specialist by using an Express Routing Code Page Chapter 2 Overview of BCM50 Administration About BCM50 BCM50 hardware Main units Expansion units and media bay modules (MBMs) BCM50 applications Management Model Page Page BCM50 interfaces LAN Dialup WAN Management access over dial or BRI ports Protocols Page Chapter 3 BCM50 Management Environment BCM50 web page 32 Chapter 3 BCM50 Management Environment Table 2 Applications available on BCM50 web page BCM50 Management Environment and Applications Managing BCM50 with Element Manager Managing BCM50 with Telset administration Managing BCM50 Voicemail and ContactCenter: CallPilot Manager Managing Digital Mobility Programming telephone sets: Desktop Assistant portfolio Performing initialization: Startup Profile Monitoring BCM50: BCM Monitor Managing BCM50 remotely with SNMP Element Manager Element Manager setup Installing Element Manager on a Windows operating system Page Installing Element Manager in a Citrix environment Creating folders for network elements Adding a BCM50 to the Network Element tree Finding Network Elements Connecting to a BCM50 element Disconnecting from an element Disconnecting in the Element Navigation Panel Disconnecting through the menu bar Closing the Element Manager Element Manager window attributes Initial panel details Chapter 3 BCM50 Management Environment 43 Figure 3 Element Manager Window - no defined Elements Table 3 lists and describes the initial Element Manager window. Table 3 Initial Element Manager window attributes 44 Chapter 3 BCM50 Management Environment Table 3 Initial Element Manager window attributes (Continued) Chapter 3 BCM50 Management Environment 45 Table 3 Initial Element Manager window attributes (Continued) Information displayed for unconnected elements Information displayed for connected elements Configuration task navigation panel details Chapter 3 BCM50 Management Environment 49 Table 5 Configuration task navigation panel headings (Continued) 50 Chapter 3 BCM50 Management Environment Table 5 Configuration task navigation panel headings (Continued) Administration task navigation panel details Table 6 Administration task navigation panel headings Element Manager panels Effective use of Element Manager Element Manager data features Adding, deleting, and modifying table information Copying table information Page Chapter 3 BCM50 Management Environment 55 Rearranging table information Table 7 Paste Data (Continued) Rearranging columns Rearranging lines Chapter 3 BCM50 Management Environment 57 Figure 8 Sort dialog box Table 8 Sort dialog box fields Table 9 Sort dialog box buttons Using your keyboard to move around a table Saving programming records Page Page Page Element Manager application logging BCM50 integrated launch of related applications Page BCM50 feature licensing BCM50 Help system Menu bar Help Page Page BCM50 common file input/output processes Comparison of data repositories The BCM50 Personal computer Network folder FTP servers SFTP servers USB storage device HTTP/HTTPS server Connecting to Element Manager through a router Configuring firewall settings Adding NAT rules Page Chapter 4 BCM50 Security Policies and Accounts and Privileges Security Policies panel The following table describes the fields on this panel:. Page Page Page Configuring system security policies Entry Policy tab Local Authentication Policy tab Authentication Service Policy tab Page Variable Table Setting lockout policy for failed logins To set lockout policy for failed logins Setting password expiry policy To set password expiry policy Setting password history policy To set password history Setting the authentication method To set the authentication method Configuring an authentication server To configure an authentication server in Element Manager Vendor specific attributes Page Chapter 4 BCM50 Security Policies and Accounts and Privileges 87 Table 20 Privilege levels Setting the idle session timeout To set the idle session timeout Uploading a Web Server Certificate To upload a Web Server Certificate Transferring an SSH Key-Pair Configuring user accounts, user groups and privileges Job Aid Adding a new user account To add a new user account Modifying a user account To modify a user account Adding callback for a dial-up user To add callback for a dial-up user Adding Telset access for a user To add Telset access for a user Deleting a user account To delete a user account Changing a users password To change a users password Changing the current users password To change the current users password Creating a group To create a group Deleting a group To delete a group Modifying group privileges To modify group privileges Adding a user account to a group To add a user account to a group Deleting a user account from a group To delete a user account from a group Page Enabling and disabling exclusive access To enable/disable exclusive access User account and user group management fundamentals User accounts Page Default passwords Default groups 100 Chapter 4 BCM50 Security Policies and Accounts and Privileges Table 22 Default user account groups (Continued) Default access privileges excluding set-based privileges Voice Mail & Contact Center access privileges Contact Center access privileges Security access privileges CTE Appl access privileges IP Set Registration access privileges BCMMonitor Appl access privileges CDR Appl access privileges PPP Access access privileges Guest Download access privileges Admin Download access privileges Exclusive Access access privileges Admin access privileges DATA Admins group access privileges Remote Access access privileges Guests access privileges Voice Admins access privileges Backup Operators access privileges Remote Monitoring access privileges Software Upgrade access privileges Page Page Telset access security Telset group access privileges SBA - Installer group access privileges SBA - System Coordinator+ group access privileges SBA - System Coordinator group access privileges SBA - Basic group access privileges Accounts and Privileges panel Current Account Table 24 describes each field on the Current Account context panel. Chapter 4 BCM50 Security Policies and Accounts and Privileges 113 Table 24 Current Account fields (Continued) Page Page 116 Chapter 4 BCM50 Security Policies and Accounts and Privileges View by Accounts: General View by Accounts: Remote Access Table 26 View by Accounts: General fields Table 27 View by Accounts: Remote Access Chapter 4 BCM50 Security Policies and Accounts and Privileges 117 View by Accounts: History View by Accounts: Group Membership Table 28 View by Accounts: History fields Table 29 Group membership fields View by Groups View by Groups: General Page View by Groups: Members BCM50 security fundamentals Security on other Configuration panels Security on Administration panels Security on Applications panels Secure network protocols and encryption Security audits System security considerations Considerations Firewalls Security certificate Understanding BCM50 SSL certificate properties Site authentication Chapter 5 Using the BCM50 Hardware Inventory About the BCM50 Hardware Inventory Viewing and updating information about the BCM50 system Viewing and updating information about the BCM50 main unit To view or update information about the BCM50 main chassis Viewing and updating BCM50 system expansion information To view or update BCM50 system expansion information Viewing and updating other information about the BCM50 system To view or update other information about the BCM50 main unit Viewing information about devices To view information about attached devices Viewing additional information about the BCM50 hardware inventory Page Page Chapter 6 Managing BCM50 with SNMP Overview of BCM50 support for SNMP Configuring routers to use Element Manager with SNMP Connecting through the WAN Configuring firewall settings Adding NAT rules Configuring the SNMP router port Configuring SNMP settings Configuring general SNMP settings To configure the BCM50 SNMP agent To configure BCM50 SNMP settings Adding an SNMP manager to the BCM50 SNMP manager list To add an SNMP manager to the BCM50 SNMP manager list To delete an SNMP manager Configuring SNMP community strings To add a community string To delete a community string value Configuring service access points To add a service access point To configure pass phrases for a service access point To view details associated with a service access point To delete a service access point Configuring SNMP trap destinations To add a trap destination Viewing and modifying SNMP trap destinations To modify a trap destination To delete a trap destination Auto-SNMP dial-out To configure auto-SNMP dialout Alarm severity levels Page Chapter 7 Using the BCM Fault Management System Overview of BCM fault management 148 Chapter 7 Using the BCM Fault Management System About BCM alarms Table 47 BCM components and Alarm ID ranges Alarms and log files Alarm severities Administering alarms Using the Alarms Panel To view an alarm To acknowledge an alarm Clearing the alarm log To clear the alarm log Using the Alarm Banner To include or omit acknowledged alarms in the Alarm Banner Using the alarm set To specify the alarm set To clear an alarm from the alarm set Alarms and LEDs To reset the Status LED Using SNMP traps Configuring alarm settings To enable or disable SNMP traps for alarms To enable or disable viewing of selected alarms in the Alarms table To view settings for the alarm set Chapter 7 Using the BCM Fault Management System 157 4The Enable Alarm Set column indicates whether the alarm will display on the alarm set. List of BCM alarms Table 51 List of alarms Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Chapter 8 Using the BCM50 Service Management System Overview of the BCM50 service management system BCM50 services 216 Chapter 8 Using the BCM50 Service Management System Table 52 BCM50 Services To view details about services Starting, stopping, and restarting services To stop a service To restart a service Chapter 9 Monitoring BCM50 Status and Metrics About the system status QoS Monitor Configuring the QoS Monitor To configure monitoring mode To configure logging attributes To view the QoS monitoring information To refresh the QoS monitor data UPS Status To access UPS Status Page NTP Metrics To access the NTP Metrics Telephony Metrics Trunk Module Metrics To view Trunk Module status Page Viewing Performance History information Viewing D-Channel information Disabling or enabling a B channel setting To disable or enable a B channel setting Provisioning a PRI B-channel To provision a PRI B-channel Trunk Module CSU statistics Statistics collected by the system Enabling the internal CSU To enable the internal CSU To check the performance statistics Checking trunk module alarms To check the CSU alarms To check carrier failure alarms To check bipolar violations To check short-term alarms To check defects To view CSU Alarm History CbC limit metrics To access the CbC limit metrics Chapter 9 Monitoring BCM50 Status and Metrics 235 Figure 34 Denied calls details Table 58 describes each field on the two CbC metrics panels. Hunt Group Metrics Table 58 Details for a Line Pool To access the Hunt Group metrics PSTN Fallback Metrics To access PSTN Fallback metrics Proactive Voice Quality Management To configure PVQM threshold settings Page Chapter 9 Monitoring BCM50 Status and Metrics 241 Table 64 describes the settings. 3Configure the polling interval. PVQM alarms Table 62 PVQM threshold settings Table 63 PVQM alarm information To access PVQM metrics Chapter 9 Monitoring BCM50 Status and Metrics 243 Figure 38 PVQM Metrics panel Table 64 describes each field on the panel. Table 64 PVQM Metrics fields Page Chapter 10 BCM50 Utilities About BCM Monitor Installing BCM Monitor To install BCM Monitor separately from BCM50 Element Manager To remove BCM Monitor Connecting to a BCM50 system To start BCM Monitor without the Element Manager To start BCM Monitor from the Element Manager Disconnecting BCM Monitor from a BCM50 To connect to a different BCM50 Using BCM Monitor to analyze system status Static snapshots To configure static snapshot settings To save a static snapshot Dynamic snapshots To configure dynamic snapshot settings Starting a dynamic snapshot Stopping a dynamic snapshot BCM Info tab Media Card tab Voice Ports tab IP Devices tab RTP Sessions tab UIP tab Enabling UIP message monitoring To disable monitoring of UIP messages To log UIP data To view UIP log files To configure timeout settings Viewing UIP message details To expand a UIP message To clear UIP message details Line Monitor tab To view all lines Usage Indicators tab Usage values Using statistical values Viewing minimum and maximum values Viewing the date and time of minimum and maximum values To view the date and time of minimum and maximum values Resetting minimum and maximum values To reset the minimum and maximum values for a statistic Ping To ping a device Trace Route To perform a trace route Ethernet Activity To view Ethernet activity Reset Rebooting the BCM50 system To r Performing a warm reset of BCM50 telephony services To p Performing a cold reset of BCM50 telephony services To perform a cold reset of BCM50 telephony services D To set Release Reasons Page Chapter 11 Backing Up and Restoring BCM50 Data Overview of backing up and restoring data Backup and restore options Viewing backup and restore activity About backups BCM50 backup file Backup destinations Performing immediate backups Performing an immediate backup to the BCM50 To perform an immediate backup to the BCM50 Page Performing an immediate backup to your personal computer To perform an immediate backup to your personal computer Performing an immediate backup to a network folder To perform an immediate backup to a network folder Performing an immediate backup to a USB storage device To perform an immediate backup to a USB storage device Performing an immediate backup to an FTP server To p Performing an immediate backup to an SFTP server To perform an immediate backup to an SFTP server Viewing and performing scheduled backups To view scheduled backups Performing a scheduled backup to the BCM50 To perform a scheduled backup to the BCM50 Performing a scheduled backup to a network folder To perform a scheduled backup to a network folder Performing a scheduled backup to a USB storage device To perform a scheduled backup to a USB storage device Performing a scheduled backup to an FTP server To perform a scheduled backup to an FTP server Page Performing a scheduled backup to an SFTP server To p Modifying and deleting scheduled backups Modifying a scheduled backup To m To delete a backup schedule Restoring BCM50 system data Restore options Optional components Effects on the system Restore operations and logs Restoring data from the BCM50 To restore data from the BCM50 Restoring data from your personal computer To restore data from your personal computer Restoring data from a network folder To restore data from a network folder Restoring data from a USB storage device To restore data from a USB storage device Restoring data from an FTP server To restore data from an FTP server Restoring data from an SFTP server To restore data from an SFTP server Restoring the factory configuration To restore the factory configuration Page Chapter 12 Managing BCM50 Logs Overview of BCM50 logs Log types Operational logs Diagnostic logs Sensitive logs Additional System Information Overview of transferring and extracting log files Transferring log files using the BCM50 Element Manager Performing immediate log archive transfers Performing an immediate log transfer to a USB storage device To perform an immediate log transfer to a USB storage device Performing an immediate log transfer to your personal computer To perform an immediate log transfer to your personal computer Performing an immediate log transfer to a network folder To perform an immediate log transfer to a network folder Performing an immediate log transfer to an FTP server To perform an immediate log transfer to an FTP server Performing an immediate log transfer to an SFTP server To perform an immediate log transfer to an SFTP server Performing scheduled log transfers To perform a scheduled log transfer to a storage location To modify a scheduled log transfer To delete a scheduled log transfer Transferring log files using the BCM50 Web page Using the BCM50 Web Page to transfer log files to your personal computer Page To use the BCM50 Web Page to transfer log files to other destinations Page Extracting log files To extract log files using the Element Manager Page Viewing log files using the Log Browser Retrieval Criteria area To specify retrieval criteria Retrieval Results area To filter information in the Retrieval Results table Log Details area Viewing log details for a single log record To view log details for multiple log records Viewing log files using other applications Page Chapter 13 Managing BCM50 Software Updates Overview of BCM50 software updates Obtaining software updates To obtain updates from the Nortel Technical Support Web page Viewing software updates in progress To view details about software updates in progress Applying software updates Page Applying an update from your personal computer To apply an update from your personal computer Applying a software update from a USB storage device To apply a software update from a USB storage device Applying an update from a shared folder To apply an update from a shared folder Applying an update from an FTP server To apply an update from an FTP server Applying an update from an HTTP server To apply an update from an HTTP server Creating and modifying scheduled software updates Creating a scheduled software update To create a scheduled software update Page Page Modifying a scheduled software update To modify a scheduled software update To delete a scheduled software update Viewing a history of software updates To view the software update history Removing software updates Removing a software update To remove a software update Viewing the inventory of BCM50 software To view the BCM50 software inventory Chapter 14 Accounting Management Overview of accounting management About Call Detail Recording Using Call Detail Recording CDR Toolkit Appendix A Management Information Bases About SNMP MIBs MIB file descriptions 344 Appendix A Management Information Bases Table 106 lists the file names and file descriptions of each supported standard MIB. Table 107 lists the file names and file descriptions of each supported Nortel MIB. Table 106 MIB file descriptions for standard MIBs Table 107 MIB file descriptions for Nortel MIBs Accessing, compiling, and installing MIB files To access MIB files from the BCM50 Web Page To access MIB files from the Nortel Customer Service Site Compiling and installing Nortel MIB files Compiling and installing standard MIB files Small Site MIB Small Site Event MIB Page Index A B C D E F H I K N P Q R S T U V W