1. Access the EPAP GUI by opening a web browser and entering the IP address of Server A.

   Figure 3-2 EPAP Login

   
   

   

   
   
2. Login as uiadmin.

   Figure 3-3 Login Successful

   
   

   

   
   
3. On the EPAP A site, select User Administration, and then HTTP(S) Support, and then Change Configuration.

   Figure 3-4 Change Configuration Menu Option

   
4. Select the check box "HTTPS Enabled," and uncheck "HTTP Enabled."

   Figure 3-5 HTTPS Enabled

   
5. Click on the Submit Changes button to enable HTTPS. A success screen will appear.
6. Select User Administration, and then HTTP(S) Support, and then View Configuration to confirm HTTP Enabled is NO and HTTPS Enabled is YES.
7. Log out of the EPAP GUI by clicking on the Logout menu option. Then click the Logout button in response to the following message:

   Figure 3-6 EPAP GUI Logout

   
8. Access the EPAP GUI using HTTPS.

   Figure 3-7 HTTPS Address Bar

   
9. Click on "Continue to this website (not recommended)."

   Figure 3-8 Security Certificate

   
   

   

   
   
   The Login Page is displayed:

   Figure 3-9 HTTPS Login Page

   
   

   

   
   
10. Click on Certificate Error.
11. In the popup window titled "Certificate Invalid," click on the View certificates link to display the Certificate dialog box.

    Figure 3-10 Certificate

    
    

    

    
    

    If Install Certificate... is not available, execute the following steps:

    1. Select Tools, and then Internet Options.
    2. Select Security, and then Trusted Sites, and then Sites.
    3. Confirm that the URL matches, then select Add, and then Close.
    4. Close the Internet Options by selecting either OK or Cancel. Refresh the page.
    5. Follow 9 to 11, then proceed to 12.
12. Click Install Certificate... to begin the Certificate Import Wizard. The Certificate Import Wizard "Welcome" page is displayed:

    Figure 3-11 Certificate Import Wizard

    
13. Click on Next to display the Certificate Store page of the Certificate Import Wizard. The Certificate Import Wizard "Certificate Store" page is displayed:

    Figure 3-12 Certificate Store

    
14. Select the "Place all certificates in the following store" radio button, then click Browse to display the Select Certificate Store window.

    Figure 3-13 Select Certificate Store

    
15. Select the "Trusted Root Certification Authorities" option and click OK to display the Certificate dialog box.

    Figure 3-14 Certificate Store

    
16. Click Next. The Certificate Import Wizard "Completing the Certificate Import Wizard" page is displayed:

    Figure 3-15 Completing the Certificate Import Wizard

    
17. Click Finish. If a Security Warning dialog box is displayed, click Yes.

    Figure 3-16 Security Warning

    

    Figure 3-17 Import Successful

    
18. After the message box "The import was successful" is displayed, click OK to close the Certificate Import Wizard.
    1. Select Tools, and then Internet Options.
    2. Select Security, and then Trusted Sites, and then Sites.
    3. Select the URL you just added, then select Remove, and then Close.
    4. Shut down all running instances of Chromium-based Edge Browser and restart the browser.
    The site's certificate should now be trusted.
19. Log in to the EPAP GUI as uiadmin or any other user, and verify that all GUI pages are opening successfully.

1. Login to EPAP A as admusr.
2. Use uiEdit variable to set "HTTP_ENABLED" to yes.

   $ uiEdit HTTP_ENABLED Yes

3. Make sure the uiEdit variables "HTTP_ENABLED" and "HTTPS_ENABLED" both are set to "Yes".

   $ uiEdit |grep _ENABLED | grep HTTP
   "HTTP_ENABLED" is set to "Yes"
   "HTTPS_ENABLED" is set to "Yes"
   

   Note:

   HTTPS_ENABLED is not mandatory if you only want HTTP.
4. Login to EPAP A as epapdev.
5. Execute the following commands:

   $ ssh -l epapdev mate ". /etc/profile; /opt/TKLCappl/bin/httpConfig.pl both" 2> /dev/null
   $ . /etc/profile; /opt/TKLCappl/bin/httpConfig.pl both 2> /dev/null
   

6. Login as admusr again and verify that the required processes are running.

   # netstat -anp |grep http
   tcp        0      0 0.0.0.0:8002                0.0.0.0:*                   LISTEN      10116/httpd
   tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      10116/httpd
   tcp        0      0 :::8001                     :::*                        LISTEN      10116/httpd
   tcp        0      0 :::80                       :::*                        LISTEN      10116/httpd
   

   Note:

   If the above httpd processes are not listed, try the following command:

   # systemctl start httpd  Starting httpd: Syntax error on line 1090 of /etc/httpd/conf/httpd.conf: Invalid command 'f', perhaps misspelled or defined by a module not included in the server configuration                                                           [FAILED]

   If you see the error above, delete the extra line from httpd.conf. If you see any other error, contact My Oracle Support.

    #sed -i.bak -e
   '$d' /etc/httpd/conf/httpd.conf

7. Start httpd service and verify using the netstat command.

   $ sudo sytemctl start httpd 
   # netstat -anp |grep http
   tcp        0      0 0.0.0.0:8002                0.0.0.0:*                   LISTEN      10116/httpd
   tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      10116/httpd
   tcp        0      0 :::8001                     :::*                        LISTEN      10116/httpd
   tcp        0      0 :::80                       :::*                        LISTEN      10116/httpd
   

The Maintenance / RTDB Audit menu lets the user view and change the auditing of the selected EPAP.

The RTDB Audit menu provides:

• View Enabled

• Change Enabled

This screen has several different functions. This screen can be used to:

• Define the location of where the results of the automatic import are stored.

• Provide the options for enabling/disabling the Automatic Export capability.

• Provide a mechanism for testing the connection to the remote machine. This is done by using the username/ password and IP address provided to attempt to make an SFTP connection to the remote machine. The status of the connection is then displayed . This test is run anytime the data on this screen is entered or modified.

This screen consists of the following fields:

• Choice of IPv4 or IPv6 remote system address:
  • The user is allowed to configure IPv4 only remote system address
  • The user is allowed to configure IPv6 only remote system address
  • On dual stack - the user is allowed to configure IPv4 or IPv6 remote system address
• Remote System IP Address - the IP address from where the data will be exported (customer system).
• Remote System User Name - required for logging onto the customer system
• Remote System Password - required for logging onto the customer system. This password will be stored in encrypted format.
• Remote System SFTP Location - the location of the directory on the customer system.
• File Export to Remote System - this is used to return the results of the import file (default = enabled ).

The Configure File Transfer Screen is shown in Figure 3-31.

Figure 3-31 Configure File Transfer Screen

This screen is used to configure the Automatic PDB/RTDB Backup using either IPv4 or IPv6 addresses for a remote machine IP. The options for backup type are:

• Local - Backup is stored on the same EPAP server
• Mate - Backup is stored on the mate EPAP server
• Remote - Backup is stored on a remote server
• None - No backup is scheduled and cancel all previously scheduled backups. This will not affect a backup that is currently in progress.

  Note:

  Verify there is adequate disk space (approximately 17 GB of disk space is required per backup) to store backup files locally, on the mate, or on a remote server. If there is inadequate disk space to store 3 copies on the local or mate, stored backups will not be overwritten, and backup operation failure alarms will be generated.

Use Table 3-9 as a guide when populating the Automatic PDB/RTDB Backup screen. See Figure 3-32.

Oracle recommends that this Automatic PDB/RTDB Backup be performed on a daily (24 hour) basis. If the 12-hour frequency is selected, the first backup will always be created in the AM. For example, if the Time of the day to start the backup is selected as 15:00, the first backup will be created at 3 AM and then subsequent backups at 12-hour intervals.

The default file path where subdirectories are created (in the mate and locally) is /var/TKLC/epap/free/.

In the case of mate and remote backup destinations, a local copy is saved (even if the option not to save the local copy was selected) if the transfer of the file fails after the backup has been created on the local machine. This file is located at the default file path. In the case of mate and remote backup destinations, a local copy is saved (even if the option not to save the local copy was selected) if the transfer of the file fails after the backup has been created on the local machine. This file is located at the default file path.

PDB only maintains a single copy of backup file, if this backup file is already present automatic backup will fail for PDB. Therefore it is required to schedule remote transfer of PDB backup file using Configure File Transfer as described in section Configure File Transfer.

If the Automatic PDB/RTDB backups are being directed to a remote server, then before scheduling:

• The SFTP must be installed at the remote server
• The connection to the remote server must be validated
• Verify there is adequate disk space (approximately 17 GB of disk space is required per backup)
• Verify user name and password.

When using the Automatic PDB/RTDB Backup screen to configure the automatic backup, follow these semantic rules:

Backup Type - Select None to cancel Backups.

Time of the Day should be in hh:mm 24 hour (14:03) format.

File path (in remote only) should be the absolute path from root /backups/xxxx

IP address should be in xxx.yyy.zzz.aaa format (192.168.210.111).

Password entered by the user will be displayed in asterisks (*)

Figure 3-32 Automatic PDB/RTDB Backup Screen

The RTDB / Retrieve Records menu allows the user to query (from the web GUI) data that resides in the RTDB (Real-Time Database). The user can compare data in the PDB (Provisioning Database) with data in the RTDB to verify that they are consistent:

The RTDB / Retrieve Records menu contains:

• IMSI
• DN
• DN Block
• Network Entity
• IMEI
• IMEI Block

The Debug / View Logs menu allows appuser to view such logs as the Maintenance, RTDB, Provisioning, RTDB audit, and UI logs.

The View Logs submenu under the Debug menu has the following options:

• Maintenance Log
• RTDB Log
• Provisioning Log
• RTDB Audit Log
• CGI Log
• GS Log

When any of the Debug / View Logs files are chosen, the process is the same. Complete the following steps to view logs from the EPAP GUI menu:

1. Log in to the EPAP GUI
2. Expand the Debug Menu, then Select View Logs
3. Select a log file. Figure 3-42 shows the selection of the Maintenance log file:

   Figure 3-42 Maintenance Log Option

   

   Opening any log in this window displays the requested log in the log viewer window. All log view screens require an authorized password for the user appuser. All log files are viewed with the EPAP Log Viewer utility.

   Note:

   The system may ask you to change the appuser password from the CLI. If you change the password from the root user, the system will prompt you to change the password again. If the password is changed using the appuser, you will not be asked to change it an additional time.
4. Enter the password for the appuser and select the Submit button.

   Figure 3-43 Log Viewer Password Prompt

   

   When the user selects the Submit button without entering the password, the following error will display:

   Figure 3-44 Log Viewer Password Missing

   

   If the user enters an invalid password, the following error will display:

   Figure 3-45 Log Viewer Invalid Password

   

   When the GUI session expires before the user submits a valid password, the following screen will display:

   Figure 3-46 Log Viewer Session Expired

   

   On the successful submission of the appuser password, the log file contents will be visible in the work area. Figure 3-47 shows an example of the Maintenance Log:

   Figure 3-47 Maintenance Log Viewer

   

EPAP Log Viewer

Use the vertical scroll bar to scroll through the log viewer content. The Prev button will appear if the content of log file is greater than 100K lines. Initially it will be disabled for first 100K lines, as shown in Figure 3-48.

Figure 3-48 Log Viewer First Page

The Next button will appear if the content of the log file is greater than 100K lines. The first page will display the first 100k lines. The user will be able to select "Next" to view the next 100k lines (or the whole content if there are fewer than 100k lines), as seen in Figure 3-49.

Figure 3-49 Log Viewer Intermediate Page

When finished, close the Log Viewer window by clicking the Close View Window button.

The Debug /Capture Log Files screen allows the user to make a copy of the logs for the current MPS. Optionally, you can capture files with the logs.

When you click the Capture Logs button, the copy of the log files occurs, and a successful completion message.

The Debug / Manage Logs and Backups displays the captured log files and allows the user to delete the copies no longer wanted or copy the selected file to the mate. See Figure 3-50 with an example of one recorded log file on the Manage Log Files screen.

Figure 3-50 Manage Logs & Backups Screen

In the Manage Log Files screen, you can remove a log file by clicking the Delete? button and then the Delete Selected Capture File button. A successful removal message appears.

1. Log in to the EPAP GUI.
2. Expand the Debug menu.
3. Select View Any File.

   Figure 3-51 View Any File on the EPAP GUI Menu

   
   

   

   
   
4. On selecting View Any File, the user will be asked to enter the filename to be viewed. The default path for this utility is /usr/TKLC/epap/logs. The filename field is mandatory (marked with * as displayed in Figure 3-52).

   Figure 3-52 View Any File Filename Prompt

   
   

   

   
   

   When the View File button is selected without inputting the filename, the following error will be displayed:

   Figure 3-53 View Any File With Missing Filename

   
   

   

   
   

   If the user inputs a non-existing filename in the /usr/TKLC/epap/logs directory, the following error will be displayed:

   Figure 3-54 View Any File Non-Existing Filename Error

   
   

   

   
   
5. After entering a valid filename, the user will be prompted for the appuser password, as displayed in Figure 3-55:

   Figure 3-55 View Any File Password Prompt

   
   

   

   
   

   When the Submit button is selected without inputting the appuser password, the following error will be displayed:

   Figure 3-56 Log Viewer Appuser Missing Password

   
   

   

   
   

   When the user inputs an invalid appuser password, the following error will be displayed:

   Figure 3-57 Log Viewer Invalid Password Error

   
   

   

   
   

   If the user enters a password after the GUI expires and selects Submit, the following error will be displayed:

   Figure 3-58 Expired Log Viewer

   
   

   

   
   
6. After entering the valid appuser password, the log file contents will be visible in the work area, along with the log file name as its heading, as displayed in Figure 3-59:

   Figure 3-59 Log Viewer

   
   

   

   
   

Opening any file in this window displays the requested file in the file viewer window. All files are viewed with the same file viewing utility. For details about this utility, see Platform Menu.

The Debug / List EPAP Processes screen shows the EPAP processes started when the EPAP boots or with the “Start EPAP software” prompt. The /usr/ucb/ps -auxw command generates this list. The operating system's manual page for the ps command thoroughly defines the output for this command. Figure 3-60 shows an example of the format of the process list.

Figure 3-60 Example of List EPAP Processes Output

The Platform / Run Health Check screen allows the user to execute the health check routine on the selected EPAP. Alarms and Maintenance Guide describes the health check in detail.

The first screen presented in the workspace frame lets the user select the normal or verbose mode of output detail.

The EPAP system health check utility performs multiple tests of the server. For each test, check and balances verify the health of the MPS server and platform software. Refer to System Health Check in Alarms and Maintenance Guide for the functions performed and how to interpret the results of the normal outputs

The Platform / List All Processes screen lists all processes running on the selected EPAP. The /usr/ucb/ps -auxw command generates this list. The operating system's manual page for the ps command thoroughly defines the output for this command. Figure 3-61 shows an example of the process list.

Figure 3-61 List All Processes Screen

The Platform / View System Log screen allows the user to display the System Log. Each time a system maintenance activity occurs, an entry is made in the System Log. When the user chooses this menu selection, the View the System Log screen is displayed. The user is required to enter the authorized password for the user appuser.

When the user clicks the Open View Window button, the system shows the System Log in the Log Viewer window. The use of the Log Viewer is described Platform Menu.

The View System Logs - /var/log/messages is available under the Platform GUI menu.

The Platform / Reboot the MPS screen allows the user to reboot the selected EPAP. All EPAP software processes running on the selected EPAP are shut down normally.

When you click the Reboot MPS button, a cautionary message appears, informing the user that this action instructs EPAP to stop all activity and to prevent the RTDB from being updated with new subscriber data.

Click the Continue button. Another screen informs you that MPS is being rebooted and that the User Interface will be reconnected when the reboot is completed.

The Platform / SSH to MPS screen allows the user to have an SSH window to the user interface user. This uses WebStart Java technology, which works independent of the web browser once it is launched. Complete the following steps to perform SSH to MPS:

1. Log in to the EPAP.
2. Select Platform Menu, and then SSH to MPS, as displayed in Figure 3-62:

   Figure 3-62 SSH to MPS on the EPAP GUI Menu

   
   

   

   
   
3. Select Launch the JCTerm application:

   Figure 3-63 JCTerm Application Launch Window

   
   

   

   
   

   The following screen will appear:

   Figure 3-64 Launching WebStart

   
   

   

   
   
4. The JCTerm jar, along with the Jzlib jar and Jsch jar, are self-signed. Accept the security check that follows and select Run to launch the JCTerm applet for the SSH to MPS interface:

   Figure 3-65 JCTerm Security Check Window

   
   

   

   
   
5. The SSH to MPS window will be displayed. A user name and password is required. On the EPAP configured in the dual stack configuration, both the IPv4 and IPv6 addresses for Local EPAP are accepted for the SSH. The following formats are accepted:
   1. sshusername@<IPv4 IP>
   2. sshusername@<IPv4 IP>:<Port>
   3. sshusername@IPv6 IP>
   4. sshusername@[IPv6 IP>]
   5. sshusername@[IPv6 IP>]:<Port>

   Figure 3-66 SSH to MPS Log in Window

   
   

   

   
   

   After inputting a user name and local EPAP IP, the password prompt window appears, as displayed in Figure 3-67:

   Figure 3-67 SSH to MPS Password Prompt Window

   
   

   

   
   
   After a successful log in, the SSH window opens and can be used to perform SSH communications, as displayed in Figure 3-68:

   Note:

   There is no limit to the maximum number of concurrent sessions opened using the SSH to MPS utility.

   Figure 3-68 SSH to MPS Interface

   
   

   

   
   

The PDBA / Select Other PDBA is an action performed from the PDBA menu screen. It provides access to the remote PDBA GUI.

Access the user interface on the remote PDBA. From this screen, you sign on and perform the PDBA actions that you want from the remote PDBA. When the EPAP is configured in the dual stack configuration, then the user has the option to configure the remote PDBA in either IPv4 or IPv6 configuration. See PDB Configuration Menu for remote PDBA configuration details.

See Table 3-17 for the rules for the Select Other PDBA screen:

The PDBA / Switchover PDBA State screen lets you switch the active and standby PDBAs. This action toggles the states from one state to the other. When you choose the Select Other PDBA menu item, a screen requires you to confirm the switchover from the Active to the Standby PDBA, or the reverse.

Notice that if only one PDBA is available, you are warned that the action can cause synchronization problems.

The PDBA / Process Control menu lets you to start and stop the PDBA application.

The PDBA / Process Control menu provides these actions:

• Start PDBA Software
• Stop PDBA Software

Start PDBA Software

The PDBA / Process Control / Start PDBA Software screen begins the execution of the PDBA software. When you click the Start PDBA Software button, the EPAP attempts to start the software. Starting the PDBA software from this menu item also clears the indicator that keeps the software from being automatically started on a reboot.

Figure 3-69 Start PDBA Software Screen

When you choose the Start PDBA Software screen, another screen requires to confirm your choice to start the PDBA software. Click the Start PDBA Software button.

The PDBA / View PDBA Status screen is used to display the current status of the selected PDBA. The PDBA Status refresh time can be viewed and changed with this screen.

When the EPAP is configured in the dual stack configuration, the PDBA will also have both IPs. On the "View PDBA Status" screen, the PDBA IP will be in the IP version format with which the EPAP GUI is accessed. If the EPAP GUI is accessed using the IPv6 IP, then the PDBA IP will be displayed in the IPv6 format. If the EPAP GUI is accessed using the IPv4 IP, then the PDBA IP will be displayed in the IPv4 format.

See the rules for screen in Table 3-18.

Figure 3-70 View PDBA Status With IPv6 PDBA IP

Figure 3-71 View PDBA Status With IPv4 PDBA IP

The PDBA / Authorized IP List menu allows you add, modify, remove, and list the IP addresses authorized to connect to the PDBA through the Provisioning Database (PDB). Beginning with EPAP 16.1, the user is able to configure both IPv4 and IPv6 for a list of authorized IPs:

• The user is allowed to configure IPv4 only remote system address
• The user is allowed to configure IPv6 only remote system address
• On dual stack - the user is allowed to configure IPv4 or IPv6 remote system address

This menu also allows you specify whether a secure shell (SSH) tunnel should be created between the that IP address and the EPAP, and if so, specify the username, password and port number to use on the machine represented by the IP address.For more information about SSH tunneling, refer to Provisioning Database Interface User's Guide. The PDBA / Authorized IP List menu provides these actions:

• Add Authorized IP

• Modify Authorized IP

• Remove Authorized IP

• List all Authorized IPs

Add Authorized IP

The PDBA / Authorized IP List / Add Authorized PDBA Client IP screen allows you to:

• Add an IP address to the list of authorized IP addresses
• Specify a Permission Type of Read or Write for that IP address
• Decide if an SSH (secure shell) tunnel should be created between that IP address and the EPAP
• Specify a username, password, and port number to use on the machine represented by the IP address

Figure 3-93 Add Authorized PDBA Client IP

Table 3-45 describes the rules that the EPAP user interface uses to perform the Add Authorized PDBA Client IP action. The table also describes other messages generated by the EPAP user interface while performing this action.

Table 3-45 Rules for Add Authorized PDBA Client IP

Syntax Rules		Error Code
The user must enter a valid IP address.		E1002
Other Messages
Condition	Message Text
An address with read-only access was added.	IP address xxx.xxx.xxx.xxx is authorized for READ access.
An address with read-write access was added.	IP address xxx.xxx.xxx.xxx is authorized for READ/WRITE access.

Modify Authorized IP

The PDBA / Authorized IP List / Modify Authorized PDBA Client IP screen allows you to:

• Change the Permission Type of an authorized PDBA client IP address
• Decide to change SSH tunnel status
• Change username, password, and port number

Figure 3-94 Modify Authorized PDBA Client IP

Table 3-46 describes the rules that the EPAP user interface uses to perform the Add Authorized PDBA Client IP action. The table also describes other messages generated by the EPAP user interface while performing this action.

Table 3-46 Rules for Add Authorized PDBA Client IP

Syntax Rules		Error Code
The user must enter a valid IP address.		E1002
Other Messages
Condition	Message Text
An address with read-only access was added.	IP address xxx.xxx.xxx.xxx is authorized for READ access.
An address with read-write access was added.	IP address xxx.xxx.xxx.xxx is authorized for READ/WRITE access.

To modify an authorized PDBA client IP address:

1. Enter an IP address in the IP to modify field
2. Select a Permission Type
3. Make a selection for the Client User Information checkbox
4. Enter username, password, or port number
5. Click the Modify IP button

When the modification of the IP address is accepted, you see the message indicating a successful acceptance of the altered permission type.

Table 3-47 describes the rules that the EPAP user interface uses to perform the Modify Authorized PDBA Client IP action. The table also describes other messages generated by the EPAP user interface while performing this action.

Table 3-47 Rules for Modify Authorized PDBA Client IP Screen

Syntax Rules		Error Code
The user must enter a valid IP address.		E1002
Semantic Rules		Error Code
The IP address must be in the authorized IP address list.		E1021
Other Messages
Condition	Message Text
Permission downgraded to read-only.	IP address xxx.xxx.xxx.xxx is authorized for READ access.
Permission upgraded to read-write.	IP address xxx.xxx.xxx.xxx is authorized for READ/WRITE access.

Remove Authorized IP

The PDBA / Authorized IP List / Remove Authorized PDBA Client IP screen allows you remove an IP address from the list of authorized addresses. A CAUTION message informs you that removing an IP will stop any SSH tunnel that is currently connected with that IP.

Figure 3-95 Remove Authorized PDBA Client IP

Table 3-48 describes the rules that the EPAP user interface uses to perform the Add Authorized PDBA Client IP action. The table also describes other messages generated by the EPAP user interface while performing this action.

Table 3-48 Rules for Add Authorized PDBA Client IP

Syntax Rules		Error Code
The user must enter a valid IP address.		E1002
Other Messages
Condition	Message Text
An address with read-only access was added.	IP address xxx.xxx.xxx.xxx is authorized for READ access.
An address with read-write access was added.	IP address xxx.xxx.xxx.xxx is authorized for READ/WRITE access.

To remove an authorized PDBA client IP address, enter the desired IP address in the IP to remove: field, and click the Remove IP button.

When the removal of the IP address is accepted, a message appears indicating a successful completion of the action.

Table 3-49 describes the rules that the EPAP user interface uses to perform the Remove Authorized PDBA Client IP action. The table also describes other messages generated by the EPAP user interface while performing this action.

Table 3-49 Rules for Remove Authorized PDBA Client IP Screen

Syntax Rules		Error Code
The user must enter a valid IP address.		E1002
Semantic Rules		Error Code
The IP address must be in the authorized IP address list.		E1021
Other Messages
Condition	Message Text
An address was removed.	IP address xxx.xxx.xxx.xxx is removed from the authorized IP address list.

List All Authorized IPs

The PDBA / Authorized IP List / List All Authorized PDBA Client IPs screen allows you display all authorized IP addresses.

Figure 3-96 List All Authorized PDBA Client IPs Screen

Table 3-50 describes the rules that the EPAP user interface uses to perform the List All Authorized PDBA Client IPs action. The table also describes other messages generated by the EPAP user interface while performing this action.

Table 3-50 Rules for List All Authorized PDBA Client IPs Screen

Other Messages
Condition	Message Text
The authorized IP address list is empty.	There are no authorized IP addresses.

The PDBA / DSM Info menu is used to request information on the Service Module cards in the network.

The PDBA / DSM Info menu provides these actions:

• PDBA DSM Report

• PDBA DSM List

PDBA DSM Report

The PDBA / DSM Info / PDBA DSM Report screen is used request the DSM Level complete report from the PDBA. This report can be requested in two ways. The user can ask for the highest provisioned level that has been received by some provided percentage of the Service Module cards. Or the user can provide a specific level to get the percentage of cards that have received that level. A list of the Service Module cards that were behind the level mentioned in the response can be provided in the report as well. See Figure 3-97 for the PDBA DSM Report screen.

Figure 3-97 PDBA DSM Report Screen

PDBA DSM List

Table 3-51 describes the rules that the EPAP user interface uses to perform the Add Authorized PDBA Client IP action. The table also describes other messages generated by the EPAP user interface while performing this action.

Table 3-51 Rules for Add Authorized PDBA Client IP

Syntax Rules		Error Code
The user must enter a valid IP address.		E1002
Other Messages
Condition	Message Text
An address with read-only access was added.	IP address xxx.xxx.xxx.xxx is authorized for READ access.
An address with read-write access was added.	IP address xxx.xxx.xxx.xxx is authorized for READ/WRITE access.

This screen retrieves all of the information that the PDBA has on all of the Service Module cards in the network. Two fields are provided to filter the list of Service Module cards returned. A third field is provided to limit the amount of information returned for each Service Module card. Refer to Figure 3-98 for an example of the PDBA DSM Info List.

Figure 3-98 PDBA DSM Info List Screen (with Status filter pulldown)

The PDBA / Maintenance menu lets you perform various PDB maintenance operations for the Provisioning Database (PDB).

The PDBA / Maintenance menu provides these actions:

• Backup Menu

• Import File to PDB screen

• Export PDB to File screen

• Transaction Log Params

• Number Prefixes

• Logs menu

• Schedule Export

• Configure PDBA Record Delay

• PDBA / Maintenance / View License Capacity

The PDBA / List PDBI Connections screen enables EPAP GUI users to view all provisioning connections to the PDBA. This menu option provides non-persistent data about PDBI and SOG connections along with some performance data based on the totals for the entire lifetime of each connection.

The PDBA / PDBI Statistics Report screen enables EPAP GUI users to view available statistics reports. After clicking the PDBI Statistics Report menu item, a screen is displayed to select the Report Type and identify the time period for the report.

Available Report Types are:

• 5 minutes
• 1 hour
• 1 day

Click on the Generate Report button to display the report.

The reports are stated in commands per second (CPS). Reported statistics include information on provisioning patterns, degradation of performance, and performance impact due to various activities.Reports generted for a specified time period (Report Type) contain at least the following information:

• Average number of PDBI connections for the reported period
• Peak number of PDBI connections for the reported period
• Average system PDBI commands per second (CPS) for the reported period
• Peak system PDBI commands per second (CPS) for the reported period (calculated per second)
• Percentage of commands with a return code of zero that successfully updated the database for the reported period (ent/upd/dlt commands only).
• Total number of commands with a return code of zero that successfully updated the database for the reported period (ent/upd/dlt commands only; rtrv commands are not included).

Statistics related to numbers of PDBI connections are based on the number of PDBI connections at one time.

The User Administration / Users menu allows the system administrator to administer users functions such as add, modify, delete, retrieve, and reset user password.

A user is someone who has been given permission with system administrator authority to log in to the user interface. The administrator creates these user accounts and associates them with the groups to which they belong. A user automatically has access to all actions allowed to the groups he is a member. In addition to the user's groups, the administrator can set other user-specific permissions or restrictions to any user’s set of individual permissions.

The EPAP user interface comes pre-defined with user interface users in order to provide a seamless transition to the graphical user interface. This is done by duplicating the Unix user logins and permissions that existed on the original (version 1.0) text-based UI. Refer to Table 3-58 for the current login names.

The Users menu provides these capabilities:

• Add User
• Modify User
• Delete User
• Retrieve User
• Reset Password

Modify User

The User Administration / Users / Modify UI User screen is used to change a user permission profile. The administrator must first select a user name from the list of current users.

After selecting a User Name, the user permissions screen appears. In this screen, the permissions allowed to the user can viewed and specified.

You can directly specify the number of concurrent log-ins, an inactivity time limit, and a password age limit. In addition, you can modify group membership data and specific actions that the user is permitted.

After modifying any entries, click the Submit Profile Changes button. The Modify Group Membership screen appears, allowing the user to customize individual access to groups. Click Sumbit Group Membership Changes when finished. A confirmation screen will appear.

Clicking the Modify Specific Actions button displays Action Privileges to specify for the user being modified. See Figure 3-101.

Figure 3-101 Modify UI User’s Specific Actions

This screen contains many selections from which to choose. After customizing the settings, click the Submit Specific Action Changes at the bottom of the screen.

The bottom of the Modify UI User’s Special Actions screen contains these explanatory notes:

• ^A - Permission for this action has been explicitly added for this user.
• ^R - Permission for this action has been explicitly removed for this user.

These notes indicate the privileges specifically added or removed for an individual user from the groups to which he/she is a member. This allows discrete refinement of user privileges even though he/she may be a member of groups.The system will generate a confirmation of the change for the user.

The User Administration / Groups menu allows the user to administer group functions such as add, modify, delete, and retrieve.

For your convenience, actions can be grouped together. These groups can be used when assigning permissions to users. The groups can consist of whatever combinations of actions that system administrators deem reasonable. Group permissions allow any given action to be employed by more than one group.

Groups can be added, modified, deleted, and viewed through the menu items in the User Administration menu.

The EPAP user interface comes with six groups pre-defined with the same names and action permissions used in the text-based (EPAP version 1.0) user interface:

• maint

• database

• platform

• debug

• pdba

• admin

One additional pre-defined group used is introduced to EPAP (at version 2.0). This group is called readonly. The readonly group contains only actions that view status and information. The readonly group is the default group for new users.

The Groups menu allows:

• Add Group

• Modify Group

• Delete Group

• Retrieve Group

The User Administration / Authorized IP menu lets you add, remove, and list all authorized IP addresses and also change the IP address authorization status. The IP addresses are authorized for both GUI and server access. Beginning with EPAP 16.1, the user is able to add/remove both IPv4 and IPv6 addresses.

The User Administration / Authorized IP List menu provides these actions:

• Add Authorized UI IP

• Remove Authorized UI IP

• List All Authorized UI IPs

• Change UI IP Authorization Status

Add Authorized IP

The User Administration / Authorized IP / Add Authorized IP screen lets you add a new individual IP address or CIDR format to the list of authorized IP addresses. Note that a pop-up syntax box appears when the cursor is positioned over the input field.

Figure 3-102 Add Authorized IP

Enter the IP address you want authorized and press the Allow IP button.

An error notification screen appears when a duplicate IP address is entered (the address already exists), when an attempt to add more than the maximum allowable number of addresses (more than 1000) or when any internal failure is detected.

The User Administration / Terminate Active UI Sessions screen allows the administrator to selectively close individual active sessions. The Terminate UI Sessions menu option displays the active sessions with the client IP format same as the IP format used as URL to access the EPAP GUI.

The following figure shows the EPAP is configured in dual stack configuration and two EPAP GUI sessions have been opened, one using the IPv4 prov IP and other using the IPv6 prov IP. The client IP address is IPv4 for the IPv4 prov EPAP GUI session and IPv6 for the IPv6 prov EPAP GUI session.

Figure 3-103 Terminate Active UI Sessions