Cisco Prime Optical User Guide, 9.6
Chapter 2: Basic Concepts
Download this chapter
Chapter 2: Basic ConceptsChapter 2: Basic Concepts
Download the complete book
Cisco Prime Optical User Guide, 9.6Cisco Prime Optical User Guide, 9.6 (PDF - 49 MB)
 Feedback

Table Of Contents

Basic Concepts

2.1  Prime Optical Interfaces

2.1.1  Southbound Interfaces with NEs

2.1.2  Northbound Interfaces with OSSs

2.2  Data Communications Network

2.2.1  Proxy Server/Firewall Configurations

2.3  What is FCPS?

2.4  Fault Management

2.5  Configuration Management

2.5.1  Explorers

2.5.2  Network Maps

2.5.3  Wizards

2.5.4  Inventory Management

2.5.5  Provisioning

2.5.6  Link Management

2.5.7  Circuit Management

2.5.8  NE Release Management

2.6  Performance Management

2.6.1  Selectable Collection of PM Data Parameters

2.6.2  PM Query and Graphs

2.6.3  Real-Time PM Reporting

2.7  Security Management

2.7.1  Login Advisory Message

2.7.2  Network Partitioning

2.7.3  User Management and Profiles

2.7.4  NE Access Control

2.7.5  Audit Log


Basic Concepts

This chapter introduces some basic Cisco Prime Optical and networking concepts, including:

Prime Optical Interfaces

Data Communications Network

What is FCPS?

Fault Management

Configuration Management

Performance Management

Security Management

2.1  Prime Optical Interfaces

This section describes the southbound interfaces that Prime Optical uses to communicate with NEs and the northbound interfaces that Prime Optical uses to communicate with Operations Support Systems (OSSs).

2.1.1  Southbound Interfaces with NEs

The Prime Optical server communicates with NEs through the data communications network (DCN) by using several protocols (CORBA, HTTP, SNMP, TL1, and so on).

2.1.1.1  ONS 15216

The ONS 15216 product family consists of the following classes of products:

DWDM filters or multiplexer/demultiplexer units

Optical add/drop multiplexers (OADMs)

Optical amplifiers (OAs), which are also referred to as erbium-doped fiber amplifiers (EDFAs)

Dispersion compensation, including the Optical Supervisory Channel (OSC) and Dispersion Compensation Unit (DCU)

The ONS 15216 NEs are referred to as active or passive. Active NEs support a management interface; passive NEs do not. There is no communication between passive NEs and Prime Optical; rather, all of the information is user-defined. You can use the Domain Explorer to manually add inventory information for passive NEs. You can use the NE Explorer to manually add specific information such as serial number. For passive ONS 15216 NEs with multiple slots (such as the DCU), you can use the NE Explorer to specify the content of each slot. All of the information that you define is maintained in the Prime Optical database and propagated to an external OSS through Prime Optical GateWay/CORBA.

The following table summarizes the management protocol support available for the ONS 15216 product family. It also identifies each NE type as active or passive.

Table 2-1 ONS 15216 Management Protocols 

ONS 15216 Product
Active or Passive NE?
Management Protocol

ONS 15216 100-GHz OADM1/2/4

Active

TL11

ONS 15216 EDFA2

Active

SNMPv2c1, TL1

ONS 15216 EDFA3

Active

SNMPv2c1, TL1

ONS 15216 100-GHz Red/Blue Filters

Passive

ONS 15216 200-GHz Red/Blue Filters

Passive

ONS 15216 200-GHz OADM1/2

Passive

ONS 15216 EDFA1

Passive

ONS 15216 OSC

Passive

ONS 15216 DCU

Passive

ONS 15216 FlexLayer

Passive

1 Protocol that Prime Optical uses to manage the NE.


2.1.1.2  ONS 15305

Prime Optical uses SNMP as the primary management interface for the ONS 15305. Prime Optical supports the use of Cisco Edge Craft to configure the ONS 1530x. Cisco Edge Craft is the local craft application used to manage ONS 15305 NEs.

2.1.1.3  ONS 15310 CL, ONS 15310 MA SONET, ONS 15310 MA SDH, ONS 15327, ONS 15454 SONET, ONS 15454 SDH, ONS 15600 SONET, and ONS 15600 SDH

The ONS 15310 CL, ONS 15310 MA SONET, ONS 15310 MA SDH, ONS 15327, ONS 15454 SONET, ONS 15454 SDH, ONS 15600 SONET, and ONS 15600 SDH support TL1 and SNMP interfaces, as well as a CORBA interface for Cisco Transport Controller (CTC) and Prime Optical management. The CORBA interface is a proprietary Cisco interface and is not published for use by customers or third parties.

Note TL1 support is not available for ONS 15305 CTC, ONS 15454 SDH releases earlier than R5.0, or ONS 15600 SDH releases earlier than R8.0.

The ONS 15310 CL, ONS 15310 MA SONET, ONS 15310 MA SDH, ONS 15327, ONS 15454 SONET, ONS 15454 SDH, ONS 15600 SONET, and ONS 15600 SDH also support a Cisco proprietary HTTP interface for bulk collection of performance management (PM) data. This interface is not published for customer or third-party use.

Note The ONS 15305 R3.0 does not support the Cisco proprietary HTTP interface for bulk collection of PM data. Instead, the ONS 1530x PM Service collects PM data by using the SNMP protocol.

Note In general, any updates from CTC for ONS 15600-specific screens can take up to several minutes. This delay affects Prime Optical screens that are specific to the ONS 15600 SONET and ONS 15600 SDH.

2.1.1.4  ONS 155xx

Prime Optical uses SNMP to manage the ONS 15530 and ONS 15540 NEs. For the ONS 15530 and ONS 15540, Prime Optical also provides access to the Cisco IOS command-line interface (CLI) through Telnet.

2.1.2  Northbound Interfaces with OSSs

Prime Optical supports three gateway modules that provide northbound EMS-to-NMS interface mediation. Not all NE types are supported by each module. The following table shows the NE types supported by each gateway module.

Table 2-2 Prime Optical GateWay/CORBA and SNMP Coverage 

NE Type
GateWay/CORBA Support?
GateWay/SNMP Support?

ONS 15216 EDFA2

Yes

Yes

ONS 15216 EDFA3

Yes

Yes

ONS 15216 100-GHz OADM

No

No

ONS 15216 100-GHz Red/Blue Filters

Yes1

No

ONS 15216 200-GHz Red/Blue Filters

Yes

No

ONS 15216 200-GHz OADM1/2

Yes

No

ONS 15216 EDFA1

Yes

No

ONS 15216 OSC

Yes

No

ONS 15216 DCU

Yes

No

ONS 15216 FlexLayer

Yes

No

ONS 15305 2.0.x

Yes

Yes

ONS 15305 CTC

Yes

Yes

ONS 15310 CL

Yes

Yes

ONS 15310 MA SONET

Yes

Yes

ONS 15310 MA SDH

Yes

Yes

ONS 15327

Yes

Yes

ONS 15454 SONET

Yes

Yes

ONS 15454 SDH

Yes

Yes

ONS 15530

Yes

Yes

ONS 15540 ESP, ESPx

Yes

Yes

ONS 15600 SONET

Yes

Yes

ONS 15600 SDH

Yes

Yes

Not Managed/Other Vendor NEs

Yes

No

1 Prime Optical GateWay/CORBA supports only inventory management for the passive ONS 15216 NEs and Not Managed/Other Vendor NEs.


See Chapter 12 "Managing Southbound and Northbound Interfaces" for detailed information about Prime Optical GateWay/SNMP. See also Cisco Prime Optical 9.6 GateWay/CORBA User Guide and Programmer Manual for detailed information about Prime Optical GateWay/CORBA.

2.2  Data Communications Network

A DCN, also known as an Operations Support Network (OSN), is the management network that provides connectivity between a service provider's operations support center applications and the NEs that they support. The DCN supports operations, administration, management, and provisioning (OAM&P) functions such as network surveillance, provisioning, service restoration, and so on. NEs that make up the provisioned services infrastructure used to deliver services to customers include SDH, SONET, add-drop multiplexers (ADMs), optical repeaters, voice switches, digital cross-connect systems, frame relay, asynchronous transfer mode (ATM) switches, digital subscriber line access multiplexers (DSLAMs), digital loop transmission systems, and so on.

The DCN establishes the link between Prime Optical and the EMS. The DCN is important to service providers because it is a vital element in getting fast, reliable management information about the network. Service providers design the DCN as a carrier-class management solution where a single failure does not jeopardize the ability to manage the network.

2.2.1  Proxy Server/Firewall Configurations

The ONS 15310 CL, ONS 15310 MA SONET, ONS 15310 MA SDH, ONS 15327, ONS 15454 SONET, ONS 15454 SDH, ONS 15600 SONET, and ONS 15600 SDH support a proxy server configuration that allows networking ONS NEs in environments where visibility and accessibility between NEs must be restricted. In a proxy server environment, NEs are designated as gateway NEs (GNEs) or end NEs (ENEs). The GNE is LAN-connected to the DCN, while the ENEs are accessed through the proxy server feature on the GNE over the section data communications channel (SDCC). The ENEs are not directly accessible by IP address; in fact, the ENE IP addresses can be in a separate, private IP address space because they are not visible on the larger DCN. The GNE must have an IP address that is valid for the DCN LAN.

2.3  What is FCPS?

Prime Optical's strategy is to provide a common, carrier-class fault, configuration, performance, and security (FCPS) EMS.

FCPS refers to the different types of information handled by management systems. A fifth area, accounting, is often included, making the acronym FCAPS. However, Prime Optical does not support accounting management.

2.4  Fault Management

Fault management (FM) detects, isolates, and reports faults for the network and service. Fault management tracks the correlation of related services; for example, reliability, availability, survivability, quality assurance, alarm surveillance, alarm management, fault localization, fault correction, testing, and trouble administration. Fault management also maximizes the availability of the network for service delivery.

The Alarm Browser, Alarm Log, and Dashboard provide information on fault management. Fault management tools are described in the following table.

Table 2-3 Fault Management Tools 

Name
Description

Alarm Management

Identifies network problems and failures. For more information, see Chapter 9 "Managing Faults."

Alarm Browser

Displays standing alarms and conditions in the managed domain. The Alarm Browser window lists the conditions that are assigned a severity level of critical, major, minor, or warning. It also shows cleared alarms that are not acknowledged.

For more information, see Chapter 9 "Managing Faults."

Alarm Log

The Alarm Log window contains alarms that have transitioned from the Alarm Browser. Cleared alarms are transitioned when you acknowledge them or when automatic acknowledgment has been enabled (in the Control Panel > UI Properties pane). In addition, the Alarm Log shows a history of cleared and acknowledged alarms and all transient conditions (also known as events or autonomous nonalarmed messages).

For more information, see Chapter 9 "Managing Faults."

Dashboard

The Dashboard shows useful alarm and NE information in one easily accessible location. See Figure 1-2.


The FM function is responsible for the discovery and localization of malfunctions on managed NEs. Prime Optical supports consolidated FM by way of the following functions:

Alarm collection

Alarm and event acquisition and storage

EMS alarms for loss of communication, software download failure, memory backup failure, login security violation, server monitor thresholds, and free remaining disk space

Fault synchronization after connection loss

Maintenance mode state for suppression of alarms, events, and PM collection

Alarm display

Quick-view Dashboard window for display of alarm count and unacknowledged alarm count, and launch of EMS alarm view

Alarm indication and propagation

Color and shape coding of severity for critical, major, minor, and warning alarms

Alarm acknowledgement

Flexible alarm acknowledgment—single, multiple, all, automatic

Editable notes per alarm record

Historic alarm retrieval

Alarm sorting and filtering

Visible and audible notification of alarm reporting

Reports and exporting facilities

2.5  Configuration Management

With configuration management, you set and control NEs, identify resources, collect information about a resource, and manage connections between NEs. Configuration management deals not only with the state of NEs, but also with the provisioning of resources and services. Generally, configuration management involves network planning, installation, service planning and negotiation, service provisioning, equipment provisioning, status and control, and network topology. Configuration management allows you to prepare the network to deliver services.

Examples of configuration management include:

Discovering the inventory of what is installed in the network

Configuring chassis slots for cards based on desired services

Managing intra-chassis connections between NEs

Configuring cards in protected or unprotected relationships

Configuring physical (PTP) or logical (CTP) ports to support service profiles

Creating, modifying, viewing, and deleting network topologies and connections

Downloading and activating NE software

Backing up and restoring the NE configuration

Prime Optical provides different graphical views to support configuration management. All views can be classified into three main groups: explorers, network maps, and wizards.

2.5.1  Explorers

Explorer windows are divided into two sections: a tree and a pane. The tree organizes the resources (domain, groups, nodes, network partitions, subnetworks, and modules), which are displayed in a hierarchical format. You can access information about each resource by browsing the tree section. The pane provides specific information about the selected object. There are three types of explorers:

Domain Explorer

Subnetwork Explorer

NE Explorer

2.5.2  Network Maps

Network Map windows display how the network is partitioned graphically. The Network Map is organized into a multilevel hierarchy that corresponds with the structure of Domain Explorer and Subnetwork Explorer trees. Users with the appropriate privileges can organize their own map display.

For more information, see Network Map.

2.5.3  Wizards

Wizards are used to simplify involved configuration management tasks such as:

A-to-Z circuit provisioning

NE user access administration

Layer 2 service provisioning

VLAN and SVLAN provisioning

Software download

Native equipment/facility provisioning

Topology/link management

Automatic NE memory backup, on-demand restoration

General operation on multiple NEs

2.5.4  Inventory Management

Inventory information is another component of configuration management. Prime Optical provides two levels of inventory reports:

Domain NE table—A complete list of all the NEs that belong to a specific group or to the entire domain

Equipment Inventory table—A detailed list of cards and modules installed on a specific NE

Note For detailed information about inventory reports, see Chapter 11 "Managing Inventory."

2.5.4.1  Adding New NEs to the Prime Optical Domain

The Add New NE wizard allows you to add a new NE, or to add several new NEs at once. The wizard allows you to enter multiple NE IP addresses one at a time, or enter a beginning and ending IP address and automatically add a range of NEs. See Adding NEs.

2.5.4.2  NE Connectivity and Operational States

The operational state of an NE can have the following values:

Preprovisioned—The NE has been added to the database for provisioning but is not yet in service. Prime Optical does not manage preprovisioned NEs.

Under Maintenance—The NE is temporarily under maintenance but requires monitoring. This state is the same as In Service except that Prime Optical does not report alarms or events for under-maintenance NEs.

In Service—The NE is currently deployed and requires monitoring. Prime Optical collects polling, FM, configuration management, and PM data from in-service NEs and stores the data in the database.

Out of Service—The NE has been marked Out of Service by a network administrator and does not require monitoring. The Prime Optical database records the last known state of the NE when it was in service.

In Service-Initializing—The NE is marked as In Service-Initializing when Prime Optical connects to the NE (Communication State is marked as Available) and the discovery process starts. The initialization process is completed when fault and inventory have been synchronized. The operational state changes from In Service-Initializing to In Service-Synch Configuration.

In Service-Synch Configuration—The NE is marked as In Service-Synch Configuration when Prime Optical uploads a configuration for that NE. You can change the operational state of an NE from In Service-Synch Configuration to Out of Service.

The communication state of an NE can have the following values:

Not Applicable—The NE is Preprovisioned or Out of Service. The connection to the NE has not been established or has been dropped.

Available—The NE is In Service or Under Maintenance and Prime Optical is connected to the NE. The NE is declared Available when it is reachable and supported by Prime Optical (as defined in Administration > Supported NE Table).

Unavailable—The NE is In Service or Under Maintenance but Prime Optical cannot establish a connection to the NE. When Prime Optical loses the connection to the NE, an EMS alarm with a probable cause of Connection loss is generated.

Initialization Failed—The NE software version is not listed in the Supported NE table.

2.5.5  Provisioning

Prime Optical supports provisioning through:

NE Explorer—Shows service-provisioning information about the selected NE.

Craft interface—Depending on the NE model, Prime Optical provides access to NE craft interfaces such as CTC, Cisco Edge Craft, web browsers, and the CLI.

Note A CLI session might not have a scroll bar depending on the operating system you are using. To enable the scroll bar on Solaris, hold down the Ctrl key, click the middle button of your mouse, and select enable scroll bar.

The following table lists the available craft interfaces by NE model.

Table 2-4 Craft Interface by NE Model 

NE Model
Craft Interfaces Available from Prime Optical

ONS 15216 EDFA2

TL1 interface

CLI

ONS 15216 EDFA3

TL1 interface

ONS 15216 100-GHz OADM

TL1 interface

ONS 15305

CLI

CTC (available only for the ONS 15305 R3.0)

Cisco Edge Craft

ONS 15310 CL

CTC

TL1 interface

ONS 15310 MA SONET

CTC

TL1 interface

ONS 15310 MA SDH

CTC

TL1 interface

ONS 15327

CTC

TL1 interface

ONS 15454 SONET

CTC

TL1 interface

ONS 15454 SDH

CTC

TL1 interface

ONS 15530

Cisco IOS CLI

TL1 interface

ONS 15540 ESP, ESPx

Cisco IOS CLI

TL1 interface

ONS 15600 SONET

CTC

TL1 interface

ONS 15600 SDH

CTC

TL1 interface


2.5.6  Link Management

A link is a connection between two termination points (TPs). Prime Optical represents the physical connectivity between NEs in the domain by defining the physical links between NEs. Prime Optical allows you to view, create, modify, and delete links. Prime Optical also supports a Link Utilization table, which displays utilization information and overall consumption of bandwidth for the selected links.

Note For all NEs that support links, you can add manually provisioned links. For example, you can define manual and patchcord links for the ONS 15454. For detailed information, see How Do I Build Links?.

2.5.7  Circuit Management

A circuit represents an end-to-end connection between two or more connection termination points (CTPs). A circuit consists of an alternating series of cross-connections and link connections. In its simplest form, a circuit consists of a single cross-connection (if the circuit is defined between two CTPs on the same NE). A circuit can be bidirectional or unidirectional, point-to-point or point-to-multipoint, and protected or unprotected.

Prime Optical supports the following circuit management operations:

Find circuits

View circuits and circuit spans

Create circuits

Modify circuits

Delete circuits

Trace circuits

Display associated VLANs

Upgrade circuits

Repair circuits

Update circuits

Roll circuits

Merge circuits

Reconfigure circuits

Note See Chapter 7 "Provisioning Services and Connections" for detailed information about circuit provisioning.

2.5.8  NE Release Management

An NE added to the Prime Optical domain is discovered and managed by Prime Optical only if the NE software version is defined in the Supported NE table.

Note See Release Notes for Cisco Prime Optical 9.6 for the NE software versions that are supported in Prime Optical 9.3.1.

Caution Before updating the software image on an NE, check the Prime Optical release notes to verify whether the NE software version is supported in this Prime Optical release.

The following NE administration features are available for ONS 15216 EDFA, ONS 15305, ONS 15310 CL, ONS 15310 MA SONET, ONS 15310 MA SDH, ONS 15327, ONS 15454 SONET, ONS 15454 SDH, ONS 155xx, ONS 15600 SONET, and ONS 15600 SDH NEs:

Software download (not available for the ONS 15305 R3.0)

Memory backup and restore (not available for the ONS 15305)

Job monitoring

NE Software table (used to commit or revert software images)

2.5.8.1  Software Download Wizard

Use the Software Download wizard to download software to NEs. After the download is complete you can use the NE Software table to activate the software. The downloaded software becomes the active version, and the active version becomes the standby version. Prime Optical stores two software versions: active and standby.

2.5.8.2  Memory Backup Dialog Box

Use the Memory Backup dialog box to back up configuration and provisioning information that resides in the flash memory of an NE. By default, the local Prime Optical server automatically backs up the memory of NEs once a day for seven days and stores the backup files on the Prime Optical server. After seven days, the oldest backup file is replaced by the current backup.

2.5.8.3  Memory Restore Dialog Box

Use the Memory Restore dialog box to restore provisioning and configuration information stored in the flash memory of an NE.

2.5.8.4  Job Monitor Table

The Job Monitor table provides information about scheduled administrative tasks such as task type, task owner, task status, task start and end time, and so on.

2.5.8.5  NE Software Table

The NE Software table displays the active and standby software versions for the NE. From this table, you can activate new software or revert software on NEs.

2.6  Performance Management

Performance management (PM) involves gathering and reporting information on the behavior of NEs, networks, and services, including quality assurance, monitoring, management control, and analysis. It also involves the system's ability to collect and store massive amounts of statistical data for network activity.

Performance management ensures that the network delivers services with the promised quality. PM data is useful for fine-tuning the performance of the device and proactively monitoring for catastrophic failures before they occur. The NEs accumulate PM statistics in 15-minute and 1-day intervals.

Note See Chapter 10 "Managing Performance" for more information.

Examples of performance management include:

Collecting, storing, and forwarding data to characterize the integrity of transmission

Determining when connections fail to meet committed integrity thresholds

2.6.1  Selectable Collection of PM Data Parameters

There are two steps to setting PM collection:

1. Enable PM collection for a given NE model (in the Control Panel > PM Service pane)

2. Enable PM collection for specific NEs (in the Domain Explorer or Subnetwork Explorer > NE Properties pane > Status tab > PM Collection area)

PM data cannot be collected unless the PM Service process is running. If PM data collection is enabled on an NE but the PM Service is not running, Prime Optical displays a warning message.

For certain NEs, you can also enable robust PM data collection at the NE level. With robust collection, Prime Optical attempts to recover from any data collection gaps that might occur due to an outage or an extended communication failure. If Prime Optical detects a data gap, it attempts to retrieve the missing PM data from the historical registers available on the NE.

For the ONS 15530 and ONS 15540, you can use the Cisco IOS CLI to enable performance monitoring on each NE and module.

Note See Enabling or Disabling PM Data Collection on an Individual NE and Enabling or Disabling PM Data Collection by PM Category for CTC-Based NEs for information on enabling and disabling PM data collection.

2.6.2  PM Query and Graphs

Prime Optical offers two PM query wizards to view PM reports:

Query by NE Model—Allows you to filter PM data by non-CTC-based NE models

Query by PM Category—Allows you to filter PM data by PM category, which can span multiple NE models

The PM Query by NE Model wizard allows you to specify:

Non-CTC-based NE model (ONS 15530, ONS 15305, and so on)

PM type (SONET Section, SONET Line, and so on)

15-minute, 1-day, or real-time collection

Near-end or far-end collection

Time period

Module type (valid only for real-time PM data collection)

Physical location, where applicable

The PM Query by Category wizard allows you to specify:

PM category (SONET, SDH, DWDM, and so on)

PM type (SONET Section, SONET Line, and so on)

15-minute, 1-day, or real-time collection

Near-end or far-end collection

Time period

Module type (valid only for real-time PM data collection)

Physical location, where applicable

Note Performance management is not supported for the ONS 15216.

All PM tables contain a Plot tab that you can use to plot the data in a graphical view that is stored in the Prime Optical database. Prime Optical plots up to three parameters in one graph for comparison. The Y axis represents the selected parameter(s); the X axis shows the time.

2.6.3  Real-Time PM Reporting

Prime Optical supports the ability to launch a real-time PM report from the PM Query wizard or from a single row in a PM table. This feature allows you to examine the current value of a PM parameter in granularities finer than the standard 15-minute or 1-day interval. You can view and modify the polling interval for the real-time PM reporting session. You can end a real-time PM session at any time and export the data. For more information, see Managing Real-Time PM Data.

Note Real-time PM reporting applies only to CTC-based NEs.

2.7  Security Management

Security management prevents and detects any improper use of network resources and services. Aspects of security management include prevention, detection, containment, and recovery.

Security management protects the revenue-generating assets in the network. Examples of security management include:

Controlling access to network management functions

Controlling access to network logical resources

Security for the Prime Optical system can be divided into the following areas:

Prime Optical security domain: To log into the Prime Optical client, a username and password are required. A user profile defines the access privileges. Prime Optical passwords are stored using MD5 one-way encryption. DES 64-bit encrypted passwords are stored in MD5 on the Prime Optical server. A password entered on the Prime Optical client is converted to DES-64 before being sent to the Prime Optical server. If the password matches the password on the server that the SuperUser or SysAdmin configured for the user, or if the user changed his or her password when prompted, that password is stored on the server. Passwords are not stored on the user's local workstation.

OSS security domain: OSS-to-Prime Optical sessions are configured by the Prime Optical GateWay EMS-to-NMS interface architectural component.

NE security domain: At the NE level, a username and password are configured to enable the user to connect directly through the console port (EIA/TIA-232), through the management port (10BASE-T), or remotely through a Telnet session. NE passwords are stored using base-64 two-way encryption.

Prime Optical server login: You must have root user privileges to log into the Prime Optical server workstation for debugging or changing the Prime Optical server program. A username and password are required.

Oracle database access: Access to the Oracle database requires Oracle root user authentication, as well as Prime Optical database access authentication. The Oracle username and password are encrypted in the server configuration file.

Prime Optical supports the following security features:

Login advisory message

User management and profiles

NE access control

Audit Log

2.7.1  Login Advisory Message

The following is the default advisory message after logging into the Prime Optical client: 

Cisco Prime Optical is a carrier-class, multitechnology management system that integrates 
the end-to-end management of legacy transport networks and packet optical transport 
networks. Cisco Prime Optical helps communication service providers (CSPs) deliver the 
capacity and quality of service (QoS) required to support the delivery of 
rich-content-based services and high-bandwidth applications.

Note The login advisory message is not shown if you login to Prime Optical through Prime Central.

You can customize the default advisory message, or disable it altogether. See Chapter 8 "Managing Security."

2.7.2  Network Partitioning

You can configure for network partitioning by dividing the network into logical areas. You can then access only the areas that are specified under your security profile. The nodes and elements must fall under the area or areas that fit your security profile for each Prime Optical application.

You can:

Define the network partitions from the associated list of nodes.

Define, modify, and view the areas within your network.

Manage only the areas under your security profile.

Manage connections that originate and terminate within the assigned area(s). The domain can include multiple areas.

2.7.3  User Management and Profiles

Prime Optical user management includes the ability to:

Manage predefined default user profiles with different access privileges. The default user types are:

SuperUser—Users who have access to all operations.

SysAdmin—System administrators who manage Prime Optical access.

NetworkAdmin—Typically, network operations center (NOC) supervisors who perform daily network surveillance, provisioning, and PM activities on any group or NE.

Provisioner—Users who perform daily network surveillance, provisioning, and PM activities on specific NEs. Each provisioner can have only one active session. Provisioners cannot access administrative information.

Operator—Users who perform daily network surveillance and PM activities on specific NEs. Each operator can have only one active session. Operators cannot access administrative information.

Create, delete, modify, and duplicate custom user profiles with certain privileges. Custom user profiles are grouped into categories and each category has a set of operations.

Create, delete, or modify Prime Optical users; view logged-in users; and end active user sessions.

Regulate user logins, including password aging, login disable period, and logout time.

Specify a CTC username and password.

Note Prime Optical can connect to a CTC-based NE only if that NE is configured with a CTC user who has SuperUser privileges.

Configure the username and password used by the Prime Optical server to access NEs.

View, add, modify, and delete NE user accounts on one or more NEs.

Note For detailed information about user management, see Chapter 8 "Managing Security."

2.7.4  NE Access Control

NE access control includes the ability to:

Configure the username and password used by the Prime Optical server to access NEs and retrieve alarms, configuration, and inventory information.

Note Each username and password specified must exist on the selected NE in order for Prime Optical to manage it. A new or modified password takes effect at the next reconnection.

Configure the username and password on multiple NEs by using the bulk NE authentication feature. With a single operation, you can specify the same username and password for NEs that belong to the same group or are assigned to the same user.

Manage NE user accounts by using the NE User Access Administration table. This feature supports the ability to view, add, modify, and delete NE user accounts on one or more NEs.

Monitor active NE users and log out selected users.

Add predefined users on a selected NE.

2.7.5  Audit Log

The Audit Log contains information about significant events (user-initiated changes and activities) that occurred on the Prime Optical server during a specific time period for the purposes of establishing accountability. It also helps in identifying remedial actions to correct an improper activity. The Audit Log is implemented in the Prime Optical database, where each record has a time stamp, record type, and message string.

Note See Chapter 8 "Managing Security" for a list of runtime-affecting operations that the Audit Log records for monitoring purposes.