Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

 A  B  C  D  E  F  I  J  L  M  N  P  R  S  T  U  V  W

 

A

action classes in the sample residential portal
application protocols, managing
architecture    
enterprise service portal
 

B

bandwidth on demand.     See BoD    
BoD (bandwidth on demand)    
services
subscriptions
 

C

callback interface
captive portal    
implementing
preventing access to resources
configuration level in Enterprise Manager Portal
conventions    
notice icons
text
CORBA (Common Object Request Broker Architecture)    
plug-in interface    
enterprise service portal
remote API
customer support    1
contacting JTAC
 

D

DCU (destination class usage)
demonstration applications
deployment scenarios    
enterprise service portal
destination class usage
devices running Junos OS    
forwarding preferences
managing traffic
policies    
basic BoD
BOD
BoD and VPNs
firewall
NAT
provisioning services    
prerequisites
routing preferences
services    1
basic BoD
BoD
BoD and VPNs
firewall
NAT    12
directory server    
deployment with remote SAE
DirX directory server    
deployment with remote SAE
documentation    
comments on
 

E

enterprise    
service parameters
Enterprise Manager Portal    
application protocols, managing
BoD subscriptions
configuration level
deployment settings
firewall exception rules    
stateful firewalls    12
stateless firewalls    12
firewall subscriptions
fixed addresses for outgoing traffic
help
NAT    
IP address    123
rules for traffic
NAT Address Management Portal
NAT rules    12
overview    12
policies
public IP addresses, configuring    
incoming traffic
outgoing traffic
schedules    12
services
Enterprise Service Portal audit plug-in
enterprise service portals    1,  See also Enterprise Manager Portal    
accessing
architecture
configuring directory connections
data, displaying
deploying
improving performance
installing
managers    12
operators, managing    12
overview
performance
planning
prerequisites    12
server description
value substitution
value substitution for policy parameters
enterprise tag library    12
equipment registration    1,  See also sample residential portal    
description
event notification    
DHCP server
IP address manager
PCMM network
RADIUS server
events, IT manager audit
example-simple
 

F

files    
WEB-INF/jboss-web.xml
WEB-INF/portalBehavior.properties
WEB-INF/struts-config.xml    123
WEB-INF/tiles-defs.xml    123
WEB-INF/web.xml
firewall ports for sample SRC-applications
firewall services    
configuring    12
description
managing in Enterprise Manager Portal
policies for
router support
folders for installed software
forwarding preferences    12
 

I

installing    
Web applications
installing software    
enterprise service portals
interfaces    
callback
IP address managers, event notification
IP addresses    
acknowledging release
assigning in NAT Address Management Portal    12
NAT services    123
IP Filter
IP-in-IP tunneling
ISP service in sample residential portal
IT manager    
audit plug-in    
events
operators, managing    1234
 

J

Jakarta Struts Web application framework
Java development environment, Tomcat    12
Javadoc documentation for sample residential portal
JSP tag library.     See enterprise tag library    
JunosE routers    
policies    
basic BoD
BOD
services    
basic BoD
BoD
 

L

listeners, defining
 

M

manuals    
comments on
Monitoring Agent    
acting as pseudo RADIUS server
configuring    
properties
pseudo RADIUS agent    12
installing
intercepting DHCP messages
intercepting RADIUS accounting messages
monitoring    12
overview
stopping
multihop environment
 

N

NAT (Network Address Translation)    1,  See also NAT Address Management Portal    
rules
services for Enterprise Manager Portal
services, IP address    123
types
NAT Address Management Portal    
acknowledging IP address release
assigning IP addresses
deployment settings
Enterprise Manager Portal
overview
Network Address Translation.     See NAT    
NIC (network information collector)    
enterprise service portals. with
notice icons
 

P

packages, Solaris.     See Solaris packages    
parameters    
acquisition path and substitutions
sample enterprise service portal
patches for Solaris
performance    
enterprise service portals
plug-ins    1,  See also Enterprise Service Portal audit plug-in    
listeners
policies    
basic BoD
BoD
BoD and VPNs
NAT
parameters
ports for sample SRC-applications
precedence    
subscriptions
prevention, use of unauthorized resources
privileges    
IT managers
properties for sample residential portal
proxy request management
public wireless LAN applications
 

R

removing    
Solaris packages
Web applications
residential portal    1
developing
overview    12
prerequisites for development
RADIUS authentication for login
security
routing instances
rules, NAT
 

S

SAE (service activation engine)    
identifying
sample applications
sample enterprise service portal    
configuring connection to directory
customizing    1
privileges
data, displaying
managing services
monitoring    
service sessions
subscriptions
networks for departments    123
overview
service parameters    12
sample residential portal    
action classes
behaviors
customizing
developing portal based on the sample    12
development tools
equipment registration    12
installing
login
model components
overview    12
personal digital assistant (PDA)
prerequisites
schedules
service activation
services    
management
schedules
subscriptions
usage    
information
view components
Web application framework
sending traffic to VPNs
service activation
service parameters, enterprise
service schedules    
Enterprise Manager Portal, in
service schedules, sample residential portal
services    1,  See also firewall services    
basic BoD
BoD    123
devices running Junos OS    1
BoD and VPNs
NAT    12
sample enterprise service portal, managing
single-hop environment
Solaris packages    
installing
removing
Solaris patches
source class usage (SCU)
SRC single-hop requirement
subscribers    
billing
subscriptions    
enterprise hierarchy
priority
sample enterprise service portal, creating
substitutions    
parameter acquisition path
use
support, technical     See technical support    
 

T

technical support    
contacting JTAC
text conventions defined
Tomcat, as Java development environment    12
 

U

uninstalling.     See removing    
 

V

value substitution
virtual portal address
virtual private networks.     See VPNs    
VPNs (virtual private networks)    
directory
identifiers
modifying    1
VPN to which router sends traffic
sending traffic
stopping router from sending traffic
 

W

WAR files
Web application server    
application deployment
installing Web applications inside
Web applications    
installing
removing
WEB-INF/jboss-web.xml
WEB-INF/portalBehavior.properties
WEB-INF/struts-config.xml    123
WEB-INF/tiles-defs.xml    123
WEB-INF/web.xml

Related Documentation

  • Parameters and Substitutions
  • Value Acquisition for Multiple Subscriptions

Substitutions and the Parameter Acquisition Path

Each parameter in a service policy requires that a value be obtained. In the example above, the denial-of-service protection policies have two parameters: port number and bandwidth percentage. Each of those parameters in a service’s network policies results in the creation of a variable. Policy configuration specifies the name of a variable.

Each of these variables must have a value assigned to it (unless it already has a default value). The enterprise service portal can obtain that value from the enterprise customer. The enterprise service portal must then call a method in the API to assign that value to the variable. The API will record this value by writing a substitution into an LDAP entry. A substitution is an LDAP entry attribute that, at its simplest, just assigns a value to a variable.

More than one substitution can exist for a given variable. Substitutions for a given variable can exist in any LDAP entry on the acquisition path. The acquisition path is a path through a sequence of LDAP entries. It begins with a most specific entry and ends with a most general entry. When the value for a given variable is specified through substitution attributes in multiple LDAP entries on this path, only the most specific entry’s substitution is actually used.

The ordering of the LDAP entries in the acquisition path is always the same. Starting from the most specific, they are the:

  1. SSP subscription entry under the access entry (if one exists for the service in question)
  2. Access entry
  3. SSP subscription entry under the site entry (if one exists for the service in question)
  4. Site entry
  5. SSP subscription entry under the enterprise entry (if one exists for the service in question)
  6. Enterprise entry
  7. Relevant localized version of the SSP service entry (if one exists)
  8. SSP service entry

The acquisition path allows values assigned to variables at a more general place in the acquisition path to be overridden by values assigned at a more specific place in the acquisition path. This method enables an enterprise to subscribe to a given service, to specify values for that service’s parameters at a more general place in the acquisition path, and then to override those values at a more specific level according to the needs of local enterprise IT managers who control a given site or access.

Note: Each session of a subscription uses a different acquisition path (because each is associated with a different access). This means that each session of a subscription may end up with different values for a given service parameter. For each session, the enterprise API exposes detailed information about the actual values used for every service parameter.

Power of Substitutions

In addition to assigning values to the variables that are used as service parameters, a substitution can declare that the value it assigns is fixed. When a fixed value is declared, substitutions for the same variable that exist in more specific places in the acquisition path are ignored (that is, the fixed value cannot be overridden). More important, a substitution can specify the value for a variable as an expression that includes other variables. A substitution can also introduce new variables. The new variables are then available for use in other substitutions at any more specific point on the acquisition path. Enterprise service portals that expose these features allow enterprises to define their own way of presenting and managing service parameters. For more detail on service parameters, the acquisition path, and the uses of substitutions, see Parameters and Substitutions and Value Acquisition for Single Subscriptions.

Substituting Values for Policy Parameters

The value substitution feature of an enterprise service portal gives the enterprise IT manager the ability to customize subscribed services in his or her sphere of control. The enterprise IT manager can be required to provide a set of substitutions that define the values for the parameters of the underlying service policies everywhere the policies are applied. Sample parameter types that might require value substitution include:

  • Network—Address/prefix length pairs that denote networks
  • Interface—Router interface specifications
  • Protocol—Eight-bit unsigned integers enumerating protocols such as IP, TCP, and UDP
  • Rate—32-bit unsigned integers used for rate-limit and burst-size calculations

For example, the service provider could offer a service to the enterprise that applies a firewall policy. The firewall policy could screen ingress traffic from a source network and redirect the screened traffic to a specific destination. The enterprise IT manager might want to specify at the time of subscription or subscription activation which source networks are involved. The service provider establishes a general policy template, in this case configuring the destination. The enterprise IT manager modifies the template by means of value substitution for the particular needs of the enterprise, such as providing a range of IP addresses for one or more source networks.

A different service might have an egress rate-limit policy with policy rules to screen egress traffic from the source network, by protocol, or according to a traffic rate limit. Value substitution for the parameters defined in the generic policy template enables the manager to define the policy to match the needs of the enterprise.

Note that parameter names provided to one customer can be renamed by the service provider to suit the needs of another customer. For example, one customer might prefer a parameter named “department” to one named “network” because that name better fits the enterprise hierarchy.

The service provider can specify whether all parameters or only certain ones can be modified in the enterprise service portal by the enterprise IT manager by means of value substitution. Likewise, an IT manager can determine whether subordinate managers have the ability to modify a given service parameter. Parameters for which values cannot be substituted at a given level are said to be fixed at some higher level. For example, in the sample portal, the enterprise service portal populates drop-down lists from which the manager at that level can select values to substitute. If a parameter substitution is fixed at a higher management level, lower-level managers will not see options for substituting for that parameter in the drop-down lists on their instance of the enterprise service portal.

Related Documentation

  • Parameters and Substitutions
  • Value Acquisition for Multiple Subscriptions

Modified: 2016-05-27