Update the XCAP server

To configure the XCAP Server for the Sentinel Authentication Gateway, you need to populate XCAP server settings and MMTel service data.

Populate XCAP server settings and MMTel service data

There are several configuration pages in REM for XCAP connectivity and MMTel service data mappings that must be populated, including the required settings to connect to the Sh Cache Microservice. his can be done using the script sentinel-volte-mappings-config. This file is located in the build/bin directory of the Sentinel Authentication Gateway SDK.

This can be executed from your Sentinel Authentication Gateway’s command line, provided the Java Runtime Environment (v 7+) is installed. The command must be given these arguments:

Argument What it specifies
-u (--username)

Your Rhino Element Manager (REM) username.

-pw (--password)

Your Rhino Element Manager (REM) password.

-h (--hostname)

The hostname or IP address of your Rhino Element Manager (REM).

-p (--port)

The port of your Rhino Element Manager (REM).

-n (--network-operator)

The network operator name.

-r (--rhino-instance-id)

The Rhino Instance ID.

-s (--serverurl-shcm)

The URL for the Sh Cache Microservice (required)

-sph (--shcm-proxy-host)

The proxy host used to connect to the Sh Cache Microservice (optional)

-sph (--shcm-proxy-port)

The proxy port used to connect to the Sh Cache Microservice (optional)

Note The hostname value must match your NAF server, e.g. naf.home1.net.
Note The rhino-instance-id value equates to the Rhino instance where your BSF is deployed, e.g. Local if you have Rhino and REM on the same host.

Here is an example command:

cd ~/sentinel-gaa/sentinel-gaa-sdk
./build/bin/sentinel-volte-mappings-config -u emadm -pw password -h naf.home1.net -p 8080 -r Local -n OpenCloud -s http://localhost:8088/shcache/v1
Tip To see a listing of the required arguments, from the command line, execute the script without any arguments.

Configure HTTP port mapping

The BSF Server receives HTTP requests via the HTTP Resource Adaptor (HTTP RA) running on Rhino. In the default BSF configuration, the HTTP RA listens on port 8001; however for a production deployment it needs to receive requests on port 80, the standard HTTP port.

On Unix systems, only processes running as the super user (root) can listen on ports below 1024. Rhino is a multi-purpose platform, running potentially many different kinds of services, so running it as root is not recommended. Instead, we can use the operating system’s port translation features to redirect traffic on port 80 to a different port where the HTTP RA is listening.

Use iptables to redirect port 80

Most Linux distributions have iptables preinstalled. This is a program for configuring the Linux kernel’s firewall, including port translation.

Below are the iptables commands for redirecting port 80 traffic to port 8001. These include procedures to:

Add rules to redirect port 80 traffic

$ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8001               1
$ sudo iptables -t nat -A OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8001    2
1 Redirects connections to port 80 from external hosts.
2 Redirects connections to port 80 from processes on the same host.

To delete these rules, simply replace -A with -D in the above commands.

Remove redirection rules

$ sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8001
$ sudo iptables -t nat -D OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8001

The Linux firewall’s nat (network address translation) tables can be viewed with the iptables -L command. With the HTTP port translation applied as above, you should see something like the example below.

View the nat tables

$ sudo iptables -t nat -L -n    1
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 8001

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  0.0.0.0/0            127.0.0.0/8          tcp dpt:80 redir ports 8001

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
1 The -n parameter disables name service lookups.

Iptables Persistence

To make the iptables rules permanent after a reboot, they will need to be persisted. There are a number of methods available for this, such as the iptables-persistent package on ubuntu, or by using run level scripts to set the rules.

Create init.d scripts

There are two init.d scripts for Ubuntu Linux which make starting and stopping Rhino and REM easier:

Note: These are illustrative and useful for Proof of concept rather than production environments.

To set these up:

1

Copy the script to the host server’s /etc/init.d/ folder:

sudo cp rhino /etc/init.d
sudo cp rem /etc/init.d

2

Make the script executable:

sudo chmod +x /etc/init.d/rhino
sudo chmod +x /etc/init.d/rem

3

Refresh, with the update-rc.d command:

sudo update-rc.d rhino defaults 99
sudo update-rc.d rem defaults 99
Previous page Next page