SDX 6.4.x Application Library Guide > Table of Contents
Table of Contents
-
About This Guide
- Objectives
- Audience
- Documentation Conventions
- Related Juniper Networks Documentation
- Obtaining Documentation
- Documentation Feedback
- Requesting Support
-
Installing the SDX Applications
- Software CDs
- Before You Install the Applications
- Installation Prerequisites
- Solaris Patches
- ACP
- Workflow
- Installing Application Packages
- Uninstalling Packages
- Installing Sample Data
- Installing Web Applications
- Installing Web Applications Inside JBoss
- Removing Web Applications
- Removing a Web Application from JBoss
- Reviewing Port Settings
-
Overview of the Advanced Services Gateway
- Overview of the ASG
- Terminology
-
Activating Services Through SOAP
- Overview of Dynamic Service Activator
- Dynamic Service Activator Operation
- Dynamic Service Activator in a Redundant Environment
- Before You Install Dynamic Service Activator
- Installing Dynamic Service Activator on a Web Application Server
- Bootstrap Properties for Dynamic Service Activator
- Configuring Dynamic Service Activator
- Configuring Security for Gateway Clients
- Configuring General Properties for Dynamic Service Activator
- Dynamic Service Activation General Properties
- Configuring Subscriber Types for Dynamic Service Activator
- Subscriber Type Fields
- Configuring the NIC Proxies
- Configuring Access to Methods and Scripts
- Method and Scripts Fields
- Configuring Access Constraints
- Deleting Subscriber Types, NIC Proxies, Methods, Scripts, and Clients
- Configuring the Logging Properties
- Sample Data for Dynamic Service Activator
- Methods, Scripts, and Clients
- PCMM Available Services
- Monitoring Dynamic Service Activator
- Monitoring the Performance of Dynamic Service Activator
- Monitoring the SOAP Operations
- Monitoring the NIC Proxies
- Testing Dynamic Service Activator
- Web Application Gateway Client
- Installing the Gateway Client
- Starting the Gateway Client
- Connecting to the Gateway
- Running Methods and Scripts
- Gateway Client for PCs
- Requirements
- Installing the Gateway Client
- Starting the Gateway Client
- Customizing the Default Settings
- Using the Gateway SOAP Client
- Sample Scripts
- API for Dynamic Service Activator
- Public SOAP Interfaces of Web Applications
- Methods for the Dynamic Service Activator SOAP Interface
- Format of the Subscriber's URI
- Subscription Attributes
- SOAP Fault Codes for Dynamic Service Activator
- Web Service Interface for PCMM
- SDX PCMM Web Service Interface Methods
- Configuring PCMM Policies and Parameter Substitutions
- Configuring Classify-Traffic Conditions for Dynamic Service Activator
- Configuring FlowSpec Actions for Dynamic Service Activator
- Service Class Name Action
- DOCSIS Action
- Configuring Username Token Profile
- Configuring Services That Are Available for PCMM Clients
- PCMM Available Services Fields
-
Managing Subscribers Through SOAP
- Overview of Subscriber Manager
- Subscriber Manager Operation
- Interactions Between Subscriber Manager and OSMW
- Configuring and Installing Subscriber Manager
- Before You Use Subscriber Manager
- Configuring Subscriber Manager
- Subscriber Manager Properties
- Installing Subscriber Manager
- Sample Data for the Subscriber Manager
- Testing Subscriber Manager
- Developing Gateway Clients
- Trace Requests
- Managing Gateway Clients
- Error Codes That Subscriber Manager Returns
- Results from OSMW Actions
- Error Codes for Trace Requests
-
Mirroring Subscriber Traffic in the SDX Network
- Overview of Traffic Mirroring
- Traffic-Mirroring Application
- Configuring Traffic Mirroring
- Configuring Scopes
- Configuring Services for Mirroring
- Configuring Services
- Subscribing to the Aggregate Service
- Configuring Subscriber Sessions
- Subscriber Classification Scripts
- Interface Classification Scripts
- Managing Traffic Mirroring
- Overview of the Traffic Mirroring Administration Portal
- Accessing the Portal
- Starting New Mirroring Tasks
- Managing Mirroring Tasks
- Configuring the Traffic Mirroring Administration Portal
- Deploying the Traffic Mirroring Administration Portal
- Configuring the Traffic-Mirroring Application
- Configuring NIC Proxy
- Configuring Logging
-
Providing Endpoint Security with IVE
- Overview of IVE Host Checker Integration
- Before You Integrate IVE into an SDX Environment
- Sample Implementation for Integrating IVE Host Checker
- Configuring Host Checking in an SDX Network
- Configuring the Host Check Result Portal
- Overview of the Sample Host Check Result Portal
- Configuring Properties for the Sample Host Check Result Portal
- Deploying the Sample Host Check Result Portal
- Accessing the Portal
- Configuring the Redirect Server to Redirect Traffic to the Captive Portal
- Configuring SDX Services for Subscribers
- Scheduling Subscriber Host Checking
-
Providing Threat Mitigation Services with the Threat Mitigation Application
- Overview of the Threat Mitigation Application
- Before You Install the Threat Mitigation Application
- Sample Implementation
- Installing and Initially Configuring the Threat Mitigation Application
- Before You Start
- Installing and Initially Configuring the Threat Mitigation Application Software
- Configuring Threat Mitigation
- Configuring a Database to Store Attack and Response Data
- Configuring Attack Types in the Database
- Configuring Actions in the Database
- Configuring Candidate Actions in the Database
- Configuring the Threat Mitigation Application
- Configuring Connections to the Directory
- Configuring Logging
- Configuring the Threat Mitigation Portal
- Deploying the Threat Mitigation Application
- Applying SDX Services to Manage Threats
- Classifying Subscribers and Interfaces
- Example: Subscriber Classification Scripts
- Example: Interface Classification Scripts for JUNOS Routing Platforms
- Example: Interface Classification Scripts for JUNOSe Routers
- Managing Threats with the Threat Mitigation Portal
- Overview of the Threat Mitigation Portal
- About the Record Servlet
- Configuring and Deploying the Threat Mitigation Portal
- Using the NIC Resolver for the Threat Mitigation Portal
- Accessing the Threat Mitigation Portal
- Managing Attacks Requiring Action
- Managing Attacks Pending Service Activation
- Managing Attacks Pending Service Deactivation
- Managing Attacks with Activated Services
- Enabling SDX Actions from NetScreen-Security Manager
- Before You Configure Scripts
- Configuring Scripts
-
Overview of IDP Integration
- Overview of IDP Integration
- Before You Integrate IDP into an SDX Environment
- Example: Integrating IDP into an SDX Environment
- Sample Network Topologies
- Components in Sample Data
- Directing Subscriber Traffic to IDP for Monitoring
- Surveillance Director
- Router and Interface Subscriber Sessions
- Subscriber Session to Host an Aggregate Service
- Subscriber Session to Host a Core Interface Fragment Service
- Subscriber Session to Host a Router Interface Fragment Service
- Integrating IDP into an SDX Environment
-
Configuring Services and Subscriptions to Integrate IDP
- Configuring Services and Subscriptions to Send Traffic to an IDP Sensor
- Configuring Services to Policy-Route Traffic to IDP
- Configuring Scopes When You Use Policy-Based Routing
- Defining Services for Policy-Based Routing on JUNOSe Routers
- Configuring a Subscriber Interface Service
- Configuring a Core Interface Service
- Configuring an Aggregate Service
- Configuring Services to Mirror Traffic to IDP
- Configuring Scopes When Mirroring Traffic
- Defining Services for Mirroring on JUNOS Routing Platforms
- Subscribing to an Aggregate Service from a JUNOSe Router
- Classifying Subscribers for IDP Integration
- Example: Router Subscriber Session to Host an Aggregate Service
- Example: Interface Subscriber Session to Policy-Route Traffic to IDP
- Example: Router Subscriber Session to Mirror Traffic to IDP
- Classifying Interfaces for IDP Integration
- Example: Interface Classification for Core Interfaces on a JUNOSe Router
- Example: Interface Classification for the Forwarding Interface on a JUNOS Routing Platform
-
Sending E-Mail to Subscribers
- Overview of IDP E-Mailer
- How IDP E-Mailer Responds to Incidents Reported by IDP
- Configuring Deployment Properties for IDP E-Mailer
- Configuring Application Properties for IDP E-Mailer
- Configuring General Properties for IDP E-Mailer
- IDP E-Mailer Fields
- Configuring a NIC Proxy for IDP E-Mailer
- Configuring Logging for IDP E-Mailer
- Configuring E-Mail Properties for IDP E-Mailer
- E-Mailer Configurations Fields
- Deploying IDP E-Mailer
-
Monitoring Subsets of Subscriber Traffic
- Overview of Surveillance Director
- Configuring Initial Properties for the Surveillance Director
- General Properties for Surveillance Director
- Java Properties for Surveillance DIrector
- Customizing How to Monitor Subsets of Subscriber Traffic
- Configuring Directory Properties for the Surveillance Director
- Network Field
- Configuring Logging for the Surveillance Director
- Configuring an Instance of the Surveillance Director
- Surveillance Director Fields
-
Defining Actions to Be Taken for Subscriber Traffic
- Actions to Be Taken for Subscriber Traffic
- Redirecting Web Requests to an IDP Captive Portal
- Sequence for Redirecting Traffic
- About the Record Servlet
- Developing and Customizing the Sample IDP Captive Portal
- Configuring Properties for the Sample IDP Captive Portal
- Basic Portal Properties
- Locator Properties
- Deploying the Updated WAR File
- Accessing the IDP Captive Portal
- Configuring the Redirect Server to Redirect Traffic to the IDP Captive Portal
- Applying SDX Services to Subscribers Associated with Problem Traffic
-
Enabling SDX Actions from IDP Manager
- Overview of How to Enable SDX Actions from IDP Manager
- Configuring SDX Scripts
- Before You Configure Scripts
- Configuring Scripts
- Properties in the idpsdx.py File
- Sample idpsdx.py Script
-
Providing Admission Control with ACP
- Overview of ACP
- Deriving Congestion Points Automatically
- Deriving Edge Congestion Points
- Deriving Congestion Points from a Profile
- Deriving Backbone Congestion Points
- Allocating Bandwidth to Applications Not Controlled by ACP
- Use of Multiple ACPs
- Interactions Between ACP and Other Components
- Redundancy
- Fault Recovery
- State Synchronization
- Installing ACP
- Local Properties for ACP
- Configuring ACP
- Configuring the SAE for ACP
- Configuring ACP as an External Plug-In
- Configuring Event Publishers
- Configuring the SAE to Monitor Interfaces for Congestion Points
- Configuring ACP Properties
- Configuring Logging
- Configuring ACP Operation
- Configuring CORBA Interfaces
- Configuring ACP Redundancy
- Configuring State Synchronization
- Configuring Connections to the Subscribers' Directory
- Configuring Connections to the Services' Directory
- Configuring Eventing Properties for Databases
- Working with Partitioned Directories
- Configuring ACP Scripts and Classification
- Configuring ACP to Manage the Edge Network
- Configuring Network Interfaces in the Directory
- Configuring Bandwidths for Subscribers
- Assigning Network Interfaces to Subscribers
- Configuring Bandwidths for Services
- Configuring ACP to Manage the Backbone Network
- Configuring Network Interfaces in the Directory
- Extending ACP Congestion Points
- Configuring Action Congestion Points
- Configuring Bandwidths for Services
- Configuring Congestion Points for Services
- Configuring Congestion Points in the Directory
- Assigning Interfaces to Congestion Points
- Defining a Congestion Point Profile
- Congestion Point Expressions
- Examples of Congestion Profiles
- Changing and Removing a Congestion Point Profile
- Starting ACP
- Stopping ACP
- Monitoring and Managing ACP
- Displaying Information About the Edge Network
- Displaying Information About Subscriber Sessions
- Displaying Information About Congestion Points
- Displaying Information About the Backbone Network
- Displaying Information About Services
- Displaying Information About Congestion Points
- Displaying Information About Action Congestion Points
- Displaying Information About the Configuration
- Displaying Information About Redundancy
- Displaying Information Obtained from External Applications
- Displaying Information About Subscribers
- Displaying Information About Congestion Points
- Reorganizing the File That Contains ACP Data
- Updating Congestion Point References
- Modifying Congestion Points
- API for ACP
-
Providing Application-Level Session Tracking and QoS Control
- Overview of Application-Level Session Tracking and QoS Control
- Benefits of Application-Level Session Tracking and QoS Control
- Integration of the SDX Software and the Ellacoya DPI Platform
- Ellacoya Networks DPI Platform
- Juniper Networks Platforms
- IPSCS Service Offers and Service Bundles
- Mapping Service Offers and Service Bundles to SDX Concepts
- Synchronization Between the SDX Software and the Ellacoya System
- Collecting Accounting Data
- Subscriber Login and Logout in a DPI Environment
- Service Activation and Deactivation in a DPI Environment
- Loading the Sample Data for the DPI
- Configuring the SDX Software for DPI Integration
- Setting Up Script Services for DPI
- Adding a Service Scope
- Creating a DPI Script Service
- Configuring the Script Service
- Configuring a Virtual Router Object for DPI
- Configuring Subscriptions to DPI Services
- Configuring the Ellacoya DPI Platform for SDX Integration
- Provisioning the IPSCS
- Service Bundles
- Service Offers
- Traffic-Accounting Profiles
- Configuring the SLE
- Synchronizing System Clocks
-
Overview of Controlling Volume Usage with the VTA
- Overview of the VTA
- Types of VTAs
- Terminology
- VTA Service and Subscriber Accounts
- VTA Sessions
- Managing Subscriber Accounts with Portals
- Volume-Based Services
- VTA Architecture and Connections to SDX Components
- How the VTA Works
- Events
- Event Attributes
- Event Handlers
- Actions
- VTA Processors
- Database Engine Processor
- Mail Processor
- SAE Proxy Processor
- Script Runner Processor
- VTA Operation
- Identifying Subscribers, SAEs, and Sessions
- Managing VTA Accounts and Sessions
- Managing Subscriber Sessions and Service Sessions
- Example: Limiting Subscriber Access Based on Account Balances
-
Installing and Initially Configuring the VTA
- Before You Install the VTA
- Installing the VTA and Running the VTA Configuration Script
- Using JavaScript Programs in VTA Configurations
- Related Configuration Tasks
- Configuring a Database to Store Account and Session Data
- Configuring the J2EE Application Server
- Creating Deployment Descriptors
- Troubleshooting Database Deadlocks
- Configuring VTA Services and Policies
- Configuring Subscribers and Subscriptions to VTA Services
- Accessing the J2EE Application Server's Client Libraries
- Specifying How the VTA Loads Configurations from the Directory
- Properties in ejb-jar.xml file
- Configuring the SAE to Send Tracking Events to the VTA
- EJB Adapter Plug-In Fields
- Specifying Tracking Plug-Ins for Enterprise Subscribers on JUNOS Routing Platforms
- Using NICs with the VTA
- Configuring a NIC
- Configuring NIC Proxies for the VTA
- Renaming a VTA
- Renaming the VTA
- Modifying the Renaming Rules
-
Configuring the VTA with VTA Configuration Manager
- Installing VTA Configuration Manager
- Running VTA Configuration Manager
- Loading and Importing VTA Configurations
- Loading a Configuration from a Directory
- Inheritance of Properties in Parent and Child Nodes
- Connecting to the Directory Fields
- Importing a VTA Configuration from a Local File
- Accessing the VTA Configuration
- Configuring the VTA to Manage Database Accounts
- Configuring Scripts That Update Accounts
- Configuring the VTA to Manage Subscriber Accounts
- Configuring a Usage Metric for Service Accounts
- Defining a Formula for Determining Network Resource Usage
- Sample Formulas for Usage Metrics
- Configuring an Interim Accounting Interval for Service Accounts
- Adjusting the Interim Accounting Interval for a Service
- Configuring Actions for the Database Engine Processor
- Action Fields for the Database Engine Processor
- Setting Up the VTA to Send E-Mail Notifications
- Configuring the VTA to Send E-Mail Notifications
- Configuring the SAE Proxy Processor
- Configuring Actions for the SAE Proxy Processor
- Configuring the VTA to Run Scripts
- Configuring JavaScript Programs
- JavaScript Fields
- Configuring External Scripts
- External Script Fields
- Configuring VTA Actions to Run Scripts
- Configuring Events
- Configuring Event Handlers
- Event Handler Fields
- Configuring Identifiers for Subscribers and Sessions
- Subscriber ID and Lookup Fields
- Using One VTA Account for Multiple Subscriber Sessions
- Logging Event Messages for the VTA
- Logging Events Messages to a Text File
- File Logging Fields
- Logging Events Messages to a System Logging Server
- System Logging Fields
- Validating VTA Configurations
- Saving VTA Configurations to a Directory or Local File
- Committing a VTA Configuration to a Directory
- Exporting a VTA Configuration to a Local File
-
Managing Subscriber Accounts with VTA Portals
- Overview of Managing Subscriber Accounts with VTA Portals
- Automatic Login of Subscribers
- Configuring Web Applications for the VTA
- Properties for VTA Portals
- Managing Subscriber Accounts with the Administrator Portal
- Accessing the Administrator Portal
- Viewing Subscriber Accounts
- Replenishing Periodic Accounts
- Deleting Information from the VTA's Database
- Testing the VTA Configuration
- Allowing Subscribers to Manage Their Accounts with the Subscriber Portal
- Accessing the Subscriber Portal
- Viewing Information About the Account
- Purchasing a Periodic Account
- Suspending a Periodic Account
- Purchasing Extra Bandwidth
-
Example of a Bucket VTA
- Overview of Bucket VTA Example
- Events for Bucket VTA
- Event Handlers for Bucket VTA
- GetBucket Event Handler
- RefillBucketWithBehavingRate Event Handler
- UpdateBehavingUsage Event Handler
- ToMisbehaving Event Handler
- Database Engine Processor for Bucket VTA
- Account Update Scripts
- Subscriber Account
- Service Accounts
- SAE Proxy Processor for Bucket VTA
- Actions for Bucket VTA
- GetBucketBalance Action
- CalcUsage Action
- UpdateBucketForBehaving Action
- RefillBucketWithBehavingRate Action
- StartMisbehavingService Action
- StopBehavingService Action
-
Integrating IP Address Managers with the SAE
- Overview of IP Address Manager Integration
- Monitoring DHCP Messages
- Monitoring RADIUS Messages
- Installing Monitoring Agent
- Configuring Monitoring Agent
- Configuring Properties
- Configuring NIC Proxy
- Managing Monitoring Agent
- Starting Monitoring Agent
- Stopping Monitoring Agent
- Displaying Monitoring Agent Status
- Cleaning Monitoring Agent Logs
-
Workflow Overview
- Workflow Execution
- Workflow Language
- Workflow Framework Classes and Types of Work Items
- LDAP Model for Workflow
- Persistent Storage
- Work Item Life Cycle
-
Planning a Workflow Application Deployment
- Basic Deployment
- Centralized Deployment
- High-Availability Deployment
- Externalized Deployment
- Distributed Deployment
- Web-Based Deployment
- Mixed Deployment
-
Configuring the Workflow Application
- Configuring the SDX Workflow Application
- Execution Control Tab
- EC—Event Adapters Tab
- Library Tab
- Persistent Store Tab
- Repository Tab
- R-LDAP Tab
- R-Reporter Tab
- Other Tab
- Configuring the Object State Manager
- Request Tab
- Report Tab
- LDAP Tab
- Workflow Engines Tab
- Other Tab
- Configuring the Object State Manager for the Web
- Request Tab
- Report Tab
- LDAP Tab
- Workflow Engines Tab
-
Building Workflows
- Before You Begin
- Creating a Simple Workflow
- Building the Workflow
- Creating a Parameter List
- Deploying the Workflow via the Directory
- Implementing the Workflow
-
Work Item Library
- Start State and End State Work Items
- Synchronization Work Items
- Token Processor Work Items
- Token Value Checker Work Item
- Token Value Assigner Work Item
- Filter/Pass Work Item
- MIME Form Encoder Work Item
- Token Logger Work Item
- Regular Work Items
- Send E-Mail Work Item
- Receive E-Mail Work Item
- Logger Work Items
- Directory Lookup Work Item
- Directory Update Work Item
- Directory Query Work Item
- Directory Modify Work Item
- External Program Work Item
- HTTP Work Item
- Script Work Item
- Status Logger Work Item
- XML Decoder Work Item
- XML Encoder Work Item
-
Workflow Translation Table
-
Sample Workflows
- Test E-Mail Workflow
- Test Compound Workflow
- Fred Workflow
- Test Script Workflow
- ADSL Workflow
- Test Directory Workflow
- Other Available Examples
-
Available Workflow Event Descriptors
- Class EMailEventDescriptor
- Class ProcessEventDescriptor
- Class TimerEventDescriptor
-
Object State Manager for the Web
- Overview
- Target URI
- Observer URI
- Process States
- CorrelationData Tag
- ContextData and ResultData Tags
- Results and the Exception Codes
- Operations Specifics
- CreateProcess Instance
- GetProcess InstanceData
- ChangeProcess InstanceState
- Process InstanceState Changed
- Architecture
- Servlet 2.2 API Compatible
- Standard HTTP Authentication
- Example: Executing a Transaction Using the OSMW
-
Object State Manager Functionality
- Object Life Cycle Management
- Transactions
- Executing Transactions
- Socket Interface
- Web Interface
- State Machine
- Transaction Execution Example
- Creating a State Machine
- Locking a Workflow Transaction
-
Workflow Engine Functionality
- Workflow Engine
- Workflow Execution
- How a Workflow Is Started
- Event (Notification)
- Workflow Manager
- Workflow Manager GUI
- Library Tab
- Execution Control Tab
- Maintenance Tab
- Using the Workflow Probe
-
Index