It is possible to have multiple NAF filters connect to the same BSF server.

Depending on your load profile it may be necessary to balance NAF traffic across multiple NAFs. For example:

  • If you configure a short sentinel.gaa.nonce-lifetime, then you will likely receive a similar number of requests to the BSF and NAF.

  • If you configure a long sentinel.gaa.nonce-lifetime, then you may receive more requests to the NAF than the BSF.

  • If you have multiple NAF groups configured in your HSS, you will need to install a separate NAF Authentication Filter for each NAF group.

Note

This page explains how to install a second NAF Authentication Filter on a separate server.
It assumes you have already completed an initial installation of Sentinel Authentication Gateway.

Prerequisites

You need these files to install a second NAF Authentication Filter:

apache-tomcat-<version>.zip

You need to copy these files from your existing Sentinel Authentication Gateway installation:

$TOMCAT_HOME/webapps/rem.war
$TOMCAT_HOME/bin/setenv.sh
$TOMCAT_HOME/bin/rem-rmi.jar
$TOMCAT_HOME/rem_home

You also need to install the Java JDK on the new server.


Set up Tomcat

To set up Apache Tomcat for the new Sentinel Authentication Gateway installation:

1

Unzip apache-tomcat.zip:

unzip ~/Downloads/apache-tomcat.zip
cd apache-tomcat*
export TOMCAT_HOME=`pwd`

2

Enable SSL for Apache Tomcat.

Tip See the Tomcat 8 - SSL How-To docs for help setting up SSL in Apache Tomcat.

Copy files from the original install

To copy the required files:

1

Copy the file setenv.sh from your existing install to $TOMCAT_HOME/bin/setenv.sh:

mv ~/Downloads/setenv.sh $TOMCAT_HOME/bin/setenv.sh

2

Copy the file rem-rmi.jar from your existing install to $TOMCAT_HOME/bin/rem-rmi.jar:

mv ~/Downloads/rem-rmi.jar $TOMCAT_HOME/bin/rem-rmi.jar

3

Copy the file rem.war from your existing install to the webapps directory:

mv ~/Downloads/rem.war $TOMCAT_HOME/webapps/

4

Copy the rem_home directory from your existing install:

mv ~/Downloads/rem_home $TOMCAT_HOME/
Note For multiple XCAP servers to connect to the same HSS they typically need to have unique host values in VolteHssDiameterConfig.xml. Modify the file and HSS AS configuration accordingly.

4

Edit the Filter Configuration if necessary.

Connect to the remote BSF

1

Start Tomcat:

cd $TOMCAT_HOME
./bin/catalina.sh start
Tip catalina.sh start will start Tomcat as a background process. Use catalina.sh run to run Tomcat in the foreground instead. This can be useful for debugging.

2

Connect to your remote BSF server:

  1. Ensure that bsf.home1.net is resolvable from your new NAF Authentication Filter host.

  2. Login to REM.

  3. Choose View List from the Connect to…​ drop-down list.

  4. Click the Manage Instances button.

  5. Click the Add Instance button, and add a new instance for the BSF server; like this:

    adding remote bsf server to rem
  6. Click the Done button.

  7. Connect to the Remote rhino in the Connect to…​ drop-down list.

  8. When prompted, use the default credentials of admin/password.

3

Populate the XCAP host mappings for the new NAF Authentication Filter installation:

  1. Ensure that your new NAF Authentication Filter install has a resolvable hostname (such as naf2.home1.net).

  2. Populate the XCAP server settings using Remote for the Rhino Instance ID and naf2.home1.net for the hostname.

Now you can send NAF requests to either naf.home1.net or naf2.home1.net

Restart Tomcat

To restart Tomcat, as needed, run these commands:

cd $TOMCAT_HOME
./bin/catalina.sh stop
./bin/catalina.sh start
Previous page Next page