Rhino TAS is an application server that supports the development of telecommunications applications.

It is a Java platform that implements the JAIN SLEE 1.1 specification, JSR 240. The Rhino SLEE can be used to develop and deploy carrier-grade applications that use SS7 based protocols such as INAP and CAP, IMS protocols such as ISC and Diameter and IP based protocols such as HTTP and SIP.

Production Rhino is built on carrier-grade fault-tolerant infrastructure that provides continuous availability, service logic execution and on-line management even during network outages, hardware failure, software failure and maintenance operations.

The Rhino SLEE SDK

The Rhino SLEE SDK is intended to support development of prototype and proof of concept Services and the evaluation of Rhino. The SDK runs in a single Java Virtual Machine and does not provide all of the fault tolerance capabilities of a production Rhino installation.

download Download the Rhino TAS and SDK

Security Notices

For identity and access management with Rhino TAS, follow these guidelines:

Grant least privileges.

We recommend that you adhere to the principle of least privilege when you grant permissions to user accounts. Least privilege access gives users only the permissions they need to carry out the tasks that they are responsible for. When you grant permissions in compliance with least privilege, you reduce the potential impact that a compromised account can have on your network.

By default, Rhino TAS provides two user accounts, one administration user with full permission and one additional user with read-only permission. For details, see Configure usernames and passwords.

Use secure authentication mechanisms.

  • We recommend that you use centralized LDAP authentication instead of local authentication (locally stored keypairs or passwords). This means that every appliance does not store user authentication information, and only the centralized authentication will be used. We recommend that you use multi-factor authentication (MFA) for centralized authentication.

  • If you use local authentication, we recommend that you configure user accounts to use SSH keys with passphrases (instead of username/password). If this is not possible, we recommend you use SSH keys without passphrases instead of passwords.

For details about Rhino authentication, including enabling the LDAP login module, see Authentication.

Remove unused user accounts.

We recommend that you remove user accounts from your system once they are no longer needed, for example after a user retires or leaves their role.

Adhere to strict password requirements.

We recommend that passwords/PINs adhere to the following requirements.

  • Use a minimum of eight characters.

  • Do not use more than three consecutive repeated characters.

  • Do not use common character sequences longer than three characters, for example abcd or 1234.

  • Do not use words that are common passwords, for example password or admin.

  • Do not use context-specific strings, for example a username, the name of the product, or a phone number.

We recommend that machine-to-machine passwords and other passwords that users do not enter manually adhere to the following requirements.

  • Use a minimum of 24 characters.

  • Use a mixture of uppercase, lowercase, and numeric characters.

  • Do not use more than three consecutive repeated characters.

  • Do not use common character sequences longer than three characters, for example abcd or 1234.

  • Do not use words that match dictionary attacks for common passwords, for example password or admin.

  • Do not use context-specific characters, for example a username, the name of the product, or a phone number.

Rhino TAS supports both local and centralized authentication. For local authentication, you need to provide a password during the installation. Adhere to these requirements when you create the password. If you use centralized authentication with LDAP, implement relevant password policy on the authentication server.

Use a secure password manager.

We recommend that all users store their passwords in a secure password manager. Password managers help users keep track of their different passwords and allow for more complex passwords that would be difficult to memorize.


For interface management with Rhino TAS, follow these guidelines:

Adhere to principles of Zero Trust.

We recommend that you adhere to principles of Zero Trust while designing, commissioning, and modifying your deployment. Zero Trust includes authenticating and authorizing traffic whenever possible, giving the least amount of access required to sessions and entities, and assuming that a security breach could originate from anywhere. A Zero Trust security model helps mitigate the effect of a breach if a device or network is compromised. For more information on Zero Trust principles, see Zero Trust Model - Modern Security Architecture | Microsoft Security.

This documentation uses Transport Layer Security (TLS) certificates to refer to X.509 certificates used with the TLS protocol. Outside of this product’s documentation, you may see TLS certificates referred to as SSL/TLS certificates or just SSL certificates. These terms are often used interchangeably, even though Secure Sockets Layer (SSL) is a distinct protocol from TLS.

Within Rhino TAS, connections between the server and the Rhino management console are encrypted with the TLS protocol. For details, see Authentication, Encrypted Communication with SSL, and Enabling Remote Access.

Establish trust domains and configure security controls on trust boundaries.

You must establish trust domains around your devices and network and configure security controls on the trust boundaries such as firewalls, network security groups, and rate limiting, even when you control the devices on both sides of the boundary.

Replace certificates at least once per year.

We recommend that you replace certificates at least once per year, including removing the old certificates from your system. This is known as rotating certificates. You might need to rotate your certificates more frequently if they expire after less than one year, or if organizational policies require it.

Product Documentation

Rhino Changelog
New features, improvements and bug fixes included in each software release.

Acknowledgements
Acknowledgements of third-party content used in this product.


Getting Started

Rhino SDK Getting Started Guide
Requirements, installation, and starting a Rhino SDK.

Rhino Production Getting Started Guide
Requirements, installation, and starting a production Rhino SLEE.


Administration and Development Guides

Rhino Administration and Deployment Guide
Deploying and administering Rhino and hosted applications.

Rhino Extended APIs
API-level details for developers to extend SLEE services and Metaswitch Sentinel features.

Rhino Compatibility Guide
Rhino compatibility with third-party software and Metaswitch Rhino resource adaptors.

Rhino Troubleshooting Guide
Troubleshooting problems with Rhino and other Metaswitch software.

Rhino JDK11 Deployable Unit Migration Guide
Migrating Rhino Deployable Units (DUs) to run on Rhino with JDK11.

Declarative Configuration
Schema documentation for Rhino declarative configuration.

SNMP Static OID Development Guide
Developing Rhino applications with the static OID model.

Rhino SAS API Development Guide
Developing Rhino applications with Service Assurance Server (SAS) tracing support.


Evaluation Reference

Rhino benchmarks
Rhino 3.2 performance benchmarks.


APIs

Rhino Management Extensions API
Javadoc for the Rhino Management Extensions API.

Rhino Resource Adaptor API
Javadoc for the Rhino Resource Adaptor API.

Rhino Rate Limiting API
Javadoc for the Rhino Rate Limiting API.

Rhino Remote API
Javadoc for the Rhino Remote API.

Rhino Ant Management API
Javadoc for the Rhino Ant management tasks.

Rhino Extensions API
Javadoc for the Rhino Extensions API.

Documentation for other versions of the Rhino TAS is also available.