Update the XCAP server

To configure the XCAP Server for the Sentinel Authentication Gateway, you need to change the Diameter peer connection to the HSS and populate XCAP server settings and MMTel service data.

Set the Diameter peer connection to the HSS

For the Diameter peer connection to the HSS, a file called VolteHssDiameterConfig.xml must be present in a folder called rem_home in Tomcat. If this folder does not exist, create it:

1

2

Change the values for the HSS hostname and port. There are two CDATA sections in the file which contain XML. They both need adjustment.

  • The first one has an element called peer which contains an element called uri.

    • This element has a hostname and port value which must be updated to be that of the HSS server.

    • Just below that is an element called address whose hostname also needs updating.

  • The second CDATA section contains two elements called hostname. These need the same adjustment as well.

3

If necessary, modify the host and realm attribute-values to match the values in your HSS.

Note If you intend to use your REM to connect to multiple Rhino instances (e.g. AGW and VoLTE), you will need multiple profile entries in the VolteHssDiameterConfig.xml file; one for each instance. Each profile entry in the VolteHssDiameterConfig.xml should have a unique host value.

Populate XCAP server settings and MMTel service data

There are several configuration pages in REM for XCAP connectivity and MMTel service data mappings that must be populated. This can be done using the script sentinel-volte-mappings-config. This file is located in the build/bin directory of the Sentinel Authentication Gateway SDK.

This can be executed from your Sentinel Authentication Gateway’s command line, provided the Java Runtime Environment (v 7+) is installed. The command must be given these arguments:

Argument What it specifies 
-u (--username)

Your Rhino Element Manager (REM) username.

 
-pw (--password)

Your Rhino Element Manager (REM) password.

 
-h (--hostname)

The hostname or IP address of your Rhino Element Manager (REM).

 
-p (--port)

The port of your Rhino Element Manager (REM).

 
-n (--network-operator)

The network operator name.

 
-r (--rhino-instance-id)

The Rhino Instance ID.

 
-dh (--hss-destination-host)

The destination host of the HSS.

 
-dr (--hss-destination-realm)

The destination realm of the HSS.
Note The hostname value must match your NAF server, e.g. naf.home1.net.
Note The rhino-instance-id value equates to the Rhino instance where your BSF is deployed, e.g. Local if you have Rhino and REM on the same host.

Here is an example command:

cd ~/sentinel-gaa/sentinel-gaa-sdk
./build/bin/sentinel-volte-mappings-config -u emadm -pw password -h naf.home1.net -p 8080 -r Local -n OpenCloud -dh hss-instance -dr example.com
Tip To see a listing of the required arguments, from the command line, execute the script without any arguments.

Configure HTTP port mapping

The BSF Server receives HTTP requests via the HTTP Resource Adaptor (HTTP RA) running on Rhino. In the default BSF configuration, the HTTP RA listens on port 8001; however for a production deployment it needs to receive requests on port 80, the standard HTTP port.

On Unix systems, only processes running as the super user (root) can listen on ports below 1024. Rhino is a multi-purpose platform, running potentially many different kinds of services, so running it as root is not recommended. Instead, we can use the operating system’s port translation features to redirect traffic on port 80 to a different port where the HTTP RA is listening.

Use iptables to redirect port 80

Most Linux distributions have iptables preinstalled. This is a program for configuring the Linux kernel’s firewall, including port translation.

Below are the iptables commands for redirecting port 80 traffic to port 8001. These include procedures to:

Add rules to redirect port 80 traffic

$ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8001               1
$ sudo iptables -t nat -A OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8001    2
1 Redirects connections to port 80 from external hosts.
2 Redirects connections to port 80 from processes on the same host.

To delete these rules, simply replace -A with -D in the above commands.

Remove redirection rules

$ sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8001
$ sudo iptables -t nat -D OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8001

The Linux firewall’s nat (network address translation) tables can be viewed with the iptables -L command. With the HTTP port translation applied as above, you should see something like the example below.

View the nat tables

$ sudo iptables -t nat -L -n    1
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 8001

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  0.0.0.0/0            127.0.0.0/8          tcp dpt:80 redir ports 8001

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
1 The -n parameter disables name service lookups.

Iptables Persistence

To make the iptables rules permanent after a reboot, they will need to be persisted. There are a number of methods available for this, such as the iptables-persistent package on ubuntu, or by using run level scripts to set the rules.

Create init.d scripts

There are two init.d scripts for Ubuntu Linux which make starting and stopping Rhino and REM easier:

Note: These are illustrative and useful for Proof of concept rather than production environments.

To set these up:

1

Copy the script to the host server’s /etc/init.d/ folder:

sudo cp rhino /etc/init.d
sudo cp rem /etc/init.d

2

Make the script executable:

sudo chmod +x /etc/init.d/rhino
sudo chmod +x /etc/init.d/rem

3

Refresh, with the update-rc.d command:

sudo update-rc.d rhino defaults 99
sudo update-rc.d rem defaults 99
Previous page Next page