NetNumen U31 R20 Product Description

NetNumen U31 R20 Product
Description
NetNumen U31 R20 Product Description
© 2021 ZTE. All rights reserved. Confidential▲ 1

TABLE OF CONTENTS
1 Overview............................................................................................................................1
1.1 Network Operation & Maintenance Trend..................................................................... 1
1.2 Brief Introduction................................................................................................................1
1.3 Product Positioning............................................................................................................2
1.4 Manageable Fixed Access NE Type...............................................................................3
2 System Characteristics................................................................................................. 4
2.1 Integrated Network Management to Implement Efficient, Centralized O&M............4
2.2 Advanced Architecture and High Scalability..................................................................4
2.3 Standard Northbound Interfaces for Convenient Integration...................................... 5
2.4 Comprehensive Security Mechanism to Ensure System Reliability.......................... 6
2.5 Intelligent Service Deployment to Improve Commissioning Efficiency..................... 7
2.5.1 Fast End-To-End (E2E) Service Deployment............................................................... 7
2.6 Value-added Function Advantages.................................................................................7
2.6.1 Intelligent Fault Analysis and Diagnosis........................................................................ 7
2.6.2 Highly-efficient Alarm Compression................................................................................8
2.6.3 Automatic discovery of network objects......................................................................... 9
2.6.4 Centralized and remote software upgrade.................................................................... 9
2.6.5 A Variety of Statistics, Analysis and Report Management Functions....................... 9
3 System Architecture.................................................................................................... 10
3.1 System Hardware Architecture......................................................................................10
3.2 System Software Architecture....................................................................................... 12
4 System Networking & Solution................................................................................. 13

4.1 EMS Data Channel..........................................................................................................13
4.2 Networking Mode.............................................................................................................14
4.2.1 Local Networking............................................................................................................. 14
4.2.2 Remote Networking.........................................................................................................14
4.2.3 Mixed Networking............................................................................................................ 14
4.3 Server................................................................................................................................ 15
4.3.1 Centralized Deployment................................................................................................. 16
4.3.2 Distributed Deployment.................................................................................................. 16
4.3.3 Cloud Deployment........................................................................................................... 17
4.4 Client..................................................................................................................................18
4.4.1 Client Type........................................................................................................................18
4.4.2 Single-client...................................................................................................................... 20
4.4.3 Multi-client.........................................................................................................................20
4.5 Typical O&M Solution..................................................................................................... 21
2 © 2021 ZTE. All rights reserved. Confidential▲

4.5.1 Consolidated Management Across Fixed Networks.................................................. 21

4.5.2 Integrated ICT Management..........................................................................................23
4.5.3 FTTx O&M Solution.........................................................................................................26
4.5.4 NetNumen™ U31Web Access Solution.......................................................................27
5 System Interfaces......................................................................................................... 31
5.1 Interface Protocols...........................................................................................................32
5.2 Southbound Interfaces (Optional)................................................................................. 34
5.3 Northbound Interfaces.................................................................................................... 34
5.3.1 SNMP Northbound Interface..........................................................................................35
5.3.2 FTP Northbound Interface..............................................................................................35
5.3.3 TL1 Northbound Interface.............................................................................................. 36
5.3.4 WebService Northbound Interface................................................................................37
5.3.5 CORBA Northbound Interface.......................................................................................37
6 Basic Function Introduction...................................................................................... 38

6.1 Topology Management................................................................................................... 38
6.2 Fault Management...........................................................................................................41
6.2.1 Network Fault Management...........................................................................................41
6.2.2 Alarm Message Processing........................................................................................... 42
6.2.3 Failure Diagnosis and Elimination.................................................................................47
6.3 Performance Management.............................................................................................48
6.3.1 Performance Task Management...................................................................................48
6.3.2 Performance Report Output...........................................................................................49
6.3.3 Performance Threshold Management..........................................................................50
6.4 System Management...................................................................................................... 51
6.5 Task Management...........................................................................................................52
6.6 Security Management..................................................................................................... 53
6.7 Log Management.............................................................................................................54
6.8 Report Management....................................................................................................... 56
6.9 License Management......................................................................................................56
6.10 Inventory Management................................................................................................... 57
6.11 System Monitoring...........................................................................................................59
6.12 System Backup and Restore......................................................................................... 60
6.12.1 Database Backup............................................................................................................ 60
6.12.2 Database Restoration..................................................................................................... 61
6.13 System Upgrade Management......................................................................................62
6.14 EMS Process Detection..................................................................................................63
6.15 Network Patrolling Function........................................................................................... 64
6.16 Log Collection...................................................................................................................65
6.17 Configuration Management............................................................................................66

7 FTTx Network Feature Management........................................................................67

7.1 OLT Management............................................................................................................67
7.1.1 System Management...................................................................................................... 67
7.1.2 Card Management...........................................................................................................68
7.1.3 Port Management............................................................................................................ 69
7.1.4 OTDR Management........................................................................................................ 69
7.1.5 Layer-2 Protocol Management...................................................................................... 70
7.1.6 Layer-3 Protocol Management...................................................................................... 71
7.1.7 Security Management..................................................................................................... 72
7.1.8 Global PON Template Management............................................................................ 73
7.1.9 GPON Service Management......................................................................................... 73
7.1.10 EPON Service Management..........................................................................................80
7.1.11 CES Service Management.............................................................................................85
7.2 ONU Management...........................................................................................................86
7.2.1 ONU Basic Management................................................................................................86
7.2.2 VoIP Service Management............................................................................................ 86
7.2.3 ONU UNI Port Management.......................................................................................... 87
7.2.4 ONU Software Management..........................................................................................87
7.2.5 Centralized ONU Management..................................................................................... 88
7.3 PON Service Cutover......................................................................................................88
7.3.1 ONU-level Cutover.......................................................................................................... 89
7.3.2 Same-slot cutover............................................................................................................89
7.3.3 Different-slot Cutover...................................................................................................... 89
8 DPUNetwork Feature Management..........................................................................90

8.2 DPU UplinkPort Management....................................................................................... 92
8.3 G.fast Management.........................................................................................................92
8.4 Layer-2 Protocol Management...................................................................................... 93
8.5 VDSL Management......................................................................................................... 94
8.6 PMA Function...................................................................................................................94
8.7 Global and Extended Configuraiton File Management of DPU................................95
8.8 Offline DPU Configuration via TL1 Interface...............................................................96
8.9 Domain-based and Multi-FTP Server DPU Management.........................................96
8.10 Security Management..................................................................................................... 96
8.11 Reverse Power Feeding................................................................................................. 97
9 MSAN Network Feature Management..................................................................... 98

9.4 ADSL Management.......................................................................................................100

9.5 VDSL Management.......................................................................................................101

9.6 SHDSL Management....................................................................................................102
9.7 VoIP Management.........................................................................................................102
9.8 Security Management...................................................................................................103
10 System Security..........................................................................................................103
10.1 Physical Security........................................................................................................... 104
10.2 Network Security........................................................................................................... 105
10.3 System Security Reinforcement..................................................................................108
10.3.1 Background.................................................................................................................... 108
10.3.2 Principles........................................................................................................................ 108
10.3.3 Applicable Scope...........................................................................................................109
10.3.4 Implementation.............................................................................................................. 110
10.4 Security Patch and Anti-virus Protection................................................................... 111
10.4.1 Third-party Security Patch Management................................................................... 111
10.4.2 Third-party Security Patch Effect Analysis................................................................ 111
10.4.3 Release and Deployment of Third-party Security Patches.....................................112
10.4.4 Anti-virus Software and Virus Library Update...........................................................112
10.5 Application Security.......................................................................................................113
10.5.1 Security of Human-machine Interactions...................................................................114
10.5.2 Interaction Security....................................................................................................... 122
10.5.3 Northbound Interface Security.....................................................................................123
10.5.4 Centralized Security and Single Sign-On.................................................................. 125
10.6 Key Data Encryption..................................................................................................... 127
10.6.1 Data Encryption Between the U31 Server and Clients........................................... 128
10.6.2 Data Encryption for Northbound Interfaces...............................................................129
10.6.3 Data Encryption for Databases................................................................................... 129
10.6.4 One-way Encryption for Passwords........................................................................... 130
10.6.5 Data Encryption between NetNumen™ U31 and NEs............................................130
11 Reliability...................................................................................................................... 130
11.1 Reliability Design........................................................................................................... 130
11.2 Reliability Indexes......................................................................................................... 132
11.3 HA Solution.....................................................................................................................132
11.4 Disaster Recovery Solution......................................................................................... 135
11.5 Link Protection Solution................................................................................................139
11.6 Data Backup Solution................................................................................................... 139
12 Management Capacity...............................................................................................140
12.1 Environments....................................................................................错误！未定义书签。
12.2 Network Scale Managed.................................................................错误！未定义书签。
12.3 Coefficients for Wireline-LEs..........................................................错误！未定义书签。

12.3.1 Coefficients for Conversion between Other NEs and Wireline-LEs错误！未定义书签。

12.4 Hardware Configuration.................................................................. 错误！未定义书签。
12.5 Software Configuration................................................................... 错误！未定义书签。
12.6 Virtual Machine Configuration........................................................错误！未定义书签。
13 Performance Indexes.................................................................................................149
13.1 Performance Index List.................................................................................................149
13.2 Transmission Indexes...................................................................................................152
13.3 Physical Indexes............................................................................................................153
13.3.1 Dimensions.....................................................................................................................153
13.3.2 Weight............................................................................................................................. 153
13.4 Power Indexes............................................................................................................... 154
13.5 Environment Requirements......................................................................................... 154
13.5.1 Equipment Room Requirements.................................................................................154
13.5.2 Transportation Environment Requirements.............................................................. 157
13.5.3 Storage Environment Requirements.......................................................................... 159
13.5.4 Environmental Requirements...................................................................................... 161
14 Standard Compliance................................................................................................162
15 Terms & Abbreviations............................................................................................. 165

15.1 Numerics.........................................................................................................................165
15.2 A-C...................................................................................................................................166
15.3 D-F................................................................................................................................... 172
15.4 G-I.................................................................................................................................... 176
15.5 J-L.................................................................................................................................... 181
15.6 M-O..................................................................................................................................183
15.7 P-R...................................................................................................................................187
15.8 S-U...................................................................................................................................191
15.9 V-X................................................................................................................................... 199

FIGURES
Figure 1- 1 NetNumen™ U31 Location in TMN Layers................................................................... 2

Figure 2- 1 Flexible system architecture............................................................................................ 4
Figure 2- 2 Complete security management......................................................................................6
Figure 2- 3 Fault Analysis and Diagnosis...........................................................................................8
Figure 2- 4 Alarm Compression...........................................................................................................8
Figure 2- 5 Centralized and remote software upgrade.................................................................... 9
Figure 2- 6 Multiple Performance Reports.......................................................................................10
Figure 3- 1 U31 Hardware Architecture............................................................................................11
Figure 3- 2 U31 Software Architecture............................................................................................. 13
Figure 4- 1 U31Typical Networking...................................................................................................15
Figure 4- 2 NetNumen™ U31centralized deployment................................................................... 16
Figure 4- 3 Distributed Deployment Solution...................................................................................17
Figure 6- 1 Performance threshold schematic diagram.................................................................51
Figure 6- 2 Automatic Backup............................................................................................................60
Figure 6- 3 Manual Backup................................................................................................................ 61
Figure 6- 4 Database Restoration..................................................................................................... 62
Figure 8- 1 DPUNetwork Feature Management............................................................................. 91
Figure 10- 1 Typical U31 Networking Diagram.............................................................................106
Figure 10- 2 Anti-virus Software and Virus Library Update Solution.........................................113
Figure 10- 3 Security Networking for U31......................................................................................114
Figure 10- 4 Role-based Security Model for Permission/region-based, Fine-grained, Security
Control.................................................................................................................................................115
Figure 10- 5 Two-factor Authentication for Login......................................................................... 119
Figure 10- 6 U31 Authentication Service Logic............................................................................ 120
Figure 10- 7 U31 Security Center................................................................................................... 126
Figure 10- 8 Data Encryption Processes Within U31.................................................................. 128
Figure 11- 1 Dual-server System Sharing a Disk Array............................................................137
Figure 11- 2 Dual-server System Based on SAN...................................................................... 137

Figure 11- 3 Disaster Recovery Solution(1+1 mode)................................................................141
TABLES
Table 1- 1 Manageable NE Type......................................................................................................3

Table 5- 1 Comparison Between Protocols..................................................................................... 33
Table 5- 2 U31Northbound Interfaces.............................................................................................. 34
Table 5- 3 Uniform SNMP Northbound Interface............................................................................35
Table 5- 4 FTP Northbound Interface...............................................................................................35
Table 5- 5 TL1 Northbound Interface................................................................................................36
Table 5- 6 WebService Northbound Interface................................................................................. 37
Table 5- 7 CORBA Northbound Interface........................................................................................ 38
Table 6- 1 Topology Management.................................................................................................... 38
Table 6- 2 Network Fault Management............................................................................................ 41
Table 6- 3 Alarm message processing.............................................................................................42
Table 6- 4 Failure diagnosis and elimination...................................................................................47
Table 6- 5 Performance Task Management.................................................................................... 48
Table 6- 6 Performance Report Output............................................................................................ 49
Table 6- 7 System management function........................................................................................ 52
Table 6- 8 Task management function.............................................................................................52
Table 6- 9 Security management function....................................................................................... 54
Table 6- 10 Log management............................................................................................................55
Table 6- 11 Report Management Functions.................................................................................... 56
Table 6- 12 License Management Functions.................................................................................. 57
Table 6- 13 Inventory Management.................................................................................................. 58
Table 6- 14 Functions of Monitoring NM Servers and Database Servers.................................. 59
Table 6- 16- 15 NMS Upgrade Process............................................................................................62
Table 6- 16 Process Detection.......................................................................................................... 63

Table 6- 17 Patrolling Project.............................................................................................................64

Table 6- 18 Log Collection..................................................................................................................65
Table 7- 1 System Management Functions.................................................................................. 67
Table 7- 2 Card Management Functions.......................................................................................68
Table 7- 3 Port Management Functions........................................................................................ 69
Table 7- 4 OTDR Management Functions.................................................................................... 69
Table 7- 5 Layer-2 Protocol Management Functions.................................................................. 70
Table 7- 7 Security Management Functions................................................................................. 72
Table 7- 8 PON Template Management....................................................................................... 73
Table 7- 9 GPON Service Provisioning Configuration Based on PON Service Templates.. 74
Table 7- 10 ONU Configuration Management..............................................................................75
Table 7- 11 Network Element Protocol Manager......................................................................... 76
Table 7- 12 Centralized ONU Management................................................................................. 77
Table 7- 13 ONU Query................................................................................................................... 78
Table 7- 14 ONU Version Update Management.......................................................................... 79
Table 7- 15 Fault Diagnosis Management.................................................................................... 80
Table 7- 16 ONU Configuration Management..............................................................................81
Table 7- 17 Network Element Protocol Manager......................................................................... 81
Table 7- 18 Centralized ONU Management................................................................................. 82
Table 7- 19 ONU Query................................................................................................................... 83
Table 7- 20 ONU Version Update Management.......................................................................... 84
Table 7- 21 Fault Diagnosis Management.................................................................................... 85
Table 7- 22 CES Service Configuration........................................................................................ 85
Table 7- 23 ONU Management Functions.................................................................................... 86
Table 7- 24 VoIP Management Functions.................................................................................... 86
Table 7- 25 ONU UNI Port Management Functions....................................................................87
Table 7- 26 ONU Software Management Functions................................................................... 87
Table 7- 27 ONU UNI Port Management Functions....................................................................88
Table 7- 28 PON Service Cutover Functions............................................................................... 88

Table 7- 29 ONU-level Cutover Functions.................................................................................... 89

Table 7- 30 Same-Slot Cutover Functions....................................................................................89
Table 7- 31 Different-slot Cutover.................................................................................................. 89
Table 8- 1 PMA Management Functions..........................................................................................90
Table 8- 2 System Management Functions.....................................................................................91
Table 8- 3 DPU Uplink Port Management Functions.................................................................. 92
Table 8- 4 G.fast Management Functions.....................................................................................93
Table 8- 6 VDSL Management Functions..................................................................................... 94
Table 8- 7 PMA Functions............................................................................................................... 95
Table 8- 8 Global and Extended Configuraiton File Management of DPU.............................. 95
Table 8- 9 Domain-based and Multi-FTP Server DPU Management....................................... 96
Table 8- 10 Security Management Functions...............................................................................96
Table 8- 11 Reverse Power Feeding Functions...........................................................................97
Table 9- 1 System Management Functions.....................................................................................98
Table 9- 4 ADSL Management Functions...................................................................................100
Table 9- 5 VDSL Management Functions...................................................................................101
Table 9- 6 SHDSL Management Functions................................................................................102
Table 9- 7 VoIP Management Functions.................................................................................... 102
Table 9- 8 Security Management Functions...............................................................................103
Table 10- 1 Account Authentication and Password Policy..........................................................117
Table 12- 1 Management Capability................................................................. 错误！未定义书签。
Table 12- 2 Coefficients for Other NEs.............................................................错误！未定义书签。
Table 12- 3 Hardware Configurations Matching Network Scales.................错误！未定义书签。
Table 15- 1 Numerics........................................................................................................................165
Table 15- 2 A-C..................................................................................................................................166
Table 15- 3 D-F.................................................................................................................................. 172
Table 15- 4 G-I................................................................................................................................... 176

Table 15- 5 J-L................................................................................................................................... 181

Table 15- 6 M-O................................................................................................................................. 183
Table 15- 7 P-R..................................................................................................................................187
Table 15- 8 S-U..................................................................................................................................191
Table 15- 9 V-X.................................................................................................................................. 199

1 Overview
1.1 Network Operation & Maintenance Trend
With the development of the technology and the tremendous transformation in telecom
industry, broadband, mobility and convergence become the mainstream trends in
telecom network. ALL network structure requires that OAM (Operation, Administration
and Maintenance) tends to be flat to reduce OPEX and raise efficiency.
To follow the future network development trend, ZTE launched the unified network
management system NetNumen™ U31. NetNumen™ U31 manages the bearer network
equipment, fixed network equipment, VAS and microwave equipment, etc. U31 can
manage multi-domain equipment, integrate NE-layer and network-layer management,
and break hierarchical management mode to meet the requirements of flat management.
1.2 Brief Introduction
NetNumen™ U31 is an integrated element management system under ZTE

NetNumen™. NetNumen™ U31 provides centralized operation and maintenance
capabilities for ZTE devices and network, and supports end-to-end solutions. Its
management capabilities cover all products of ZTE, including wireline and wireless
products of access network, control network, transmission network, service network and
microwave network. NetNumen™ U31 adopts the modular architecture; the
management modules of different networks can be integrated conveniently to the main
framework according to operation and maintenance needs. Thus, NetNumen™ U31 has
multiple versions suitable for different scenarios and applications, such as NetNumen™
U31 R20, NetNumen™U31 (GULCN), and NetNumen™ U31 (CLCN).
NetNumen™ U31 R20, which is one of NetNumen™ U31 versions, can manage all the
NEs of ZTE fixed network, including various devices in access layer and terminal layer. It
provides multiple standard northbound interfaces to integrate with the upper layer
systems.

NetNumen™ U31 has good openness, security, scalability and stability. It provides
unified standard interfaces and powerful value-added functions. It supports
cross-network management capability and smooth upgrade for network evolution.
1.3 Product Positioning
According to TMN hierarchical division, NetNumen™ U31 is located at element

management layer and has some functions of network management layer. NetNumen™
U31 location in TMN layers is shown in Figure 1- 1.
Figure 1- 1 NetNumen™ U31 Location in TMN Layers
In addition to configuration management, performance management, fault management

and security management required by TMN, NetNumen™ U31 also provides topology
management, policy management, system management, log management, maintenance
tools, etc. It provides centralized management and detection over network elements,
helping the operators to know the actual status of the network, adjust the equipment
conveniently, and make the network in its best status.

1.4 Manageable Fixed Access NE Type
Table 1- 1 Manageable NE Type
Category Product Type Product List
ZXDSL8210, ZXDSL8220, ZXDSL8203,

ZXDSL8416, ZXDSL8426, ZXDSL9806A,
ZXDSL9806E, ZXDSL9426, ZXDSL9210,
ZXDSL9210M, ZXDSL9203, ZXDSL9800,
DSL series
ZXDSL9803, ZXDSL9806H, ZXDSL9806I,
ZXDSL9812, ZXDSL9816, ZXDSL9836,
ZXDSL9818, ZXDSL9203, ZXA10 9806V、ZXA10
9836V, ZXA10 9852V
ZXA10 S100, ZXA10 S200, ZXA10 S300, ZXA10
Access U300, ZXA10 T600, ZXMSG5200, ZXMSG5600,
gateway ZXMSG5208, ZXMSG5200V3, ZXA10 U300V4,
products ZXA10 C300M, ZXA10 C350M, ZXA10 C300MV4,
ZXA10 C350MV4
ZXA10 C100, ZXA10 C200, ZXA10 C220, ZXA10
PON OLT C300, ZXA10 C320, ZXA10 C600，ZXA10 C650，
Fixed ZXA10 C680, C610, C620
Access ZXA10 F809, ZXA10 F820, ZXA10 F821, ZXA10
F822, ZXA10 F822B, ZXA10 F823, ZXA10 F829,
ZXA10 F802, ZXA10 F803, ZXA10 F804, ZXA10
PON MDU
F402, ZXA10 F832, ZXA10 F833, ZXA10 F839,
ZXA10 F805 PB, ZXA10 F806PB, ZXA10 F831,
ZXA10 F822(PoE), ZXA10 F817, ZXA10 F819
ZXA10 D4XX series, ZXA10 F4XX series, ZXA10
PON SFU F5XX series, ZXA10 F6XX series, and ZXA10
F7XX series
DPU ZXA10 9852G, ZXA10 9819G
ZXWDM1232
CATV
ZXWDM2108
Combiner
ZXWDM2216
series
ZXWDM2116
eODN series eODN, eOMU

2 System Characteristics
2.1 Integrated Network Management to Implement

Efficient, Centralized O&M
 Unified management of multiple technologies: With all Fixed line, Bearer, Terminal,
Service and Microwave network management functions integrated, U31 R20 is
greatly satisfying the needs of network convergence.
 Unified management of IT/IP hardware&software: U31 R20 can manage IT/IP

equipment and software systems such as routers, Ethernet switches, firewalls,
servers, OS, DB, HA, implementing true full network management.
2.2 Advanced Architecture and High Scalability
Figure 2- 1 Flexible system architecture
 Carrier-class reliability enhances user satisfaction: NetNumen™U31 R20 is highly

fault-tolerant thanks to its high-availability disaster recovery solutions (local and

remote redundancy). When the active server fails to work properly, the standby
server can take over the tasks immediately and continue the services. In-band and
out-band management channels are supported and they can serve in
active/standby mode to enable non-stop management channel.
 Multiple platforms and databases provide multiple choices: JAVA-based, U31 R20
supports many types of platforms and databases such as UNIX, Windows, Linux,
MSSQL Server and Oracle.
 Modular structure gives conveniences to system expansion & upgrade: U31 R20
Server and Client are composed in the manner of “platform+ network element
manager”. Network element managers and functional modules are inbuilt in the
system platform as components. During installation, users can customize their own
systems by choosing the desired components. Moreover, U31 R20 supports new
technologies and device versions, featuring sound flexibility, compatibility and
powerful capacity upgrade capability.
 Good openness makes it easy to integrate with 3rd-party management systems:

U31 R20 supports SNMP and provides a variety of interfaces so that it can be
integrated to many 3rd-party systems like IBM Tivoli Netcool/OMNIbus and HP
TeMIP easily, helping operators to build OSS systems conveniently.
 Multiple access modes & networking methods guarantee network management

anytime and anywhere: U31 R20 provides all GUI, CLI and Web access modes. For
networking methods, local and remote choices are offered to enable both local and
centralized network maintenance.
2.3 Standard Northbound Interfaces for Convenient

Integration
 Support SNMP interface in compliance with SNMPv2 and SNMPv3.
 Support CORBA interface in compliance with TMF 814.
 Support FTP interface.

 Support TL1 interface in compliance with Bellcore GR-831.
 Support XML interface.
It has completed the integration with the third-party systems from IBM Tivoli
Netcool/OMNIbus, HP TeMIP, etc, to facilitate OSS application of carriers.
2.4 Comprehensive Security Mechanism to Ensure

System Reliability
Complete security management enables controllable and safe system: Multiple

security levels are provided to satisfy different management demands. As per different
management regions, management ranges and management functions, different
management authorities can be set to eliminate security risks. Complete security log,
operation log and system log records ensure controllable access to the system.
Single Sign On allows centralized device management & maintenance: Single Sign
On helps achieve centralized permission assignment & management, and centralized
data storage & management.
Figure 2- 2 Complete security management

 Integration with AAAA systems
 Integration with external LDAP and RADIUS authentication systems.
 TMF 615 security interfaces
 SSH/SFTP
 Integration with external TACASC+ authentication systems.
 Two-factor authentication
 Auto system security enforcement tool for EMS
2.5 Intelligent Service Deployment to Improve

Commissioning Efficiency
2.5.1 Fast End-To-End (E2E) Service Deployment
NetNumen™ U31 supports perfect service management and fast service dispatching
&management.
It supports circuit management, e.g., service configuration and maintenance

management, service adjustment and service performance alarm management. It
provides the users with fast, convenient and safe service management.
2.6 Value-added Function Advantages
2.6.1 Intelligent Fault Analysis and Diagnosis
NetNumen™ U31 has the industry-leading alarm correlation analysis system which can
automatically analyze and locate root alarm and derived alarm according to network
resources and service relations to shorten the troubleshooting time. The diverse
association and navigation between network alarms and service data help the user to
know and evaluate network conditions quickly. Meanwhile, VIP services can be

configured with independent fault prompting and processing to offer differentiated service
for different users.
Figure 2- 3 Fault Analysis and Diagnosis
2.6.2 Highly-efficient Alarm Compression
Figure 2- 4 Alarm Compression
Benefits: filter the alarms layer by layer, customize alarm report, and effectively reduce
the workload of OAM staff.

2.6.3 Automatic discovery of network objects
Automatic discovery helps OAM staff reduce their workload and guarantee the
consistency of the data.
 Automatic discovery of NEs: The network can automatically search for new devices
without manually create, to reduce the workload of manually created.
 Automatic card discovery: provide network element information upload and

automatic card discovery functions
2.6.4 Centralized and remote software upgrade
Benefits :
 Remote software upgrade, no need get to each site to upgrade.
 Centralized software management, to improve the efficiency of the upgrade.
Figure 2- 5 Centralized and remote software upgrade
2.6.5 A Variety of Statistics, Analysis and Report Management Functions
NetNumen™ U31 supports plentiful report management: Report functions includes

report template, report schedule management. User can define his own output templates
according to demand and make timing schedule to generate output report.

Figure 2- 6 Multiple Performance Reports
3 System Architecture
3.1 System Hardware Architecture
NetNumen™ U31 system adopts the client/server mode. That is, a server connects with
several clients in U31system. U31server can operate under Windows, CGSL or Linux OS,
providing NE data processing and storing functions. U31client can work at Windows OS,
with graphical user interface for the operators. The operators can operate and maintain
NEs through the client.

Figure 3- 1 U31 Hardware Architecture
U31 system hardware consists of server, disk array, client, switch, router, etc.
 Server
U31 server interacts with NEs retrieves the required results from NEs and forwards
the results to the clients. U31 server interacts with BOSS /NMS through northbound
interfaces. U31server has the functions of application and database. Generally, one
server provides all functions of application and database. These functions can also
be distributed on two or more servers for load balance. U31 also supports local or
remote cluster system, which has two or more servers for high availability.
 Client
U31 system supports multiple concurrent clients to manage NEs. Operators can
manage NEs and detect the server status through client. Clients can be classified
into local and remote clients by the location.
 Local client: The client is located in the same LAN with its server.
 Remote client: server and NEs are located in one LAN but the client is located
in a remote LAN.
 Network device

Network device is used to connect U31 server with NEs or BOSS/ NMS. It
commonly consists of switch and router.
3.2 System Software Architecture
NetNumen™ U31 system adopts a client/server working mode. Both client and server
software are independent of each other. Server software is installed in a server while the
client software is installed at a PC client. They can also be installed in the same machine
if required.
U31 system is based on J2EE platform with good expansion, flexibility and maintenance
convenience. It can operate on UNIX, Windows or Linux OS, and SQL Server or
ORACLE DB.
U31 server software is composed of multiple modules. Each module accomplishes

certain functions such as configuration management, fault management, security
management, topology management, performance management, report management,
policy management and log management, etc. U31server software provides northbound
interfaces for BOSS/NMS, and southbound interfaces for NEs.
U31 client software provides graphical user interfaces to operate and maintain NEs.
U31 system adopts load balance design, disaster recovery design, and distributed
storage structure, to ensure the system reliability.

Figure 3- 2 U31 Software Architecture
4 System Networking & Solution
4.1 EMS Data Channel
To accomplish EMS stably manages various sets of equipment, it is necessary to provide

a reliable EMS channel. NetNumen™ U31 EMS supports in-band and out-of-band EMS
modes to manage equipment.
 In-band EMS refers to configuring exclusive EMS channel such as EMS VLAN in
equipment to communicate with EMS server. EMS information and service
information can be transmitted through the equipment uplink interface
simultaneously.
 Out-of-band EMS refers to equipment connecting to IP network through exclusive

FE management interface. EMS information is transmitted to EMS server through
FE interface. In many applications, it is required to adopt an exclusive data channel
(out-of-band channel) in equipment configuration to ensure its reliability.

4.2 Networking Mode
The networking is divided into local networking, remote networking and mixed networking
according to the location between NetNumen™ U31 and NE.
4.2.1 Local Networking
LAN networking is the simplest and the most commonly used networking in the network
management system. In this networking, NetNumen™ U31 R20 server, client and NE
are in one LAN and are interconnected via Ethernet. U31and its NE are in one physical
location. LCT is in charge of local operation and maintenance of the NE, and U31
manages the devices in the entire network.
4.2.2 Remote Networking
Remote networking can be adopted when client and NetNumen™ U31 server are not in
one LAN. For remote networking, basic topologies of the network and their principles are
the same. They use specific transmission equipment to transmits data on WAN, router
for the access from WAN to LAN, and TCP/IP for the communication among NE, server
and client, so the remote communication supported by transmission equipment and
router can adopt U31remote networking. Client can be located at remote equipment
room and can divide management domain to manage local equipment. Remote terminal
is not directly oriented to the managed equipment.
As per different communications ways between remote network management systems,

U31provides different remote access solutions to support 2M private line, DDN private
line, ISDN, PSTN and Ethernet modes.
4.2.3 Mixed Networking
The actual networking sometimes uses the mixed networking which includes local
networking and remote networking.
Client is divided into local client and remote client. It operates and manages NE on GUI
and is connected to server via LAN or metro network. Two types of clients have the same
operation capability.

The following requirements should be met to implement interoperability among different

domains:
 IP connectivity
 Stable, sufficient bandwidth
 Firewall configuration that allows communication through the specified ports
 The firewall Network Address Translation (NAT) function not supported by the
networking
Figure 4- 1 U31Typical Networking
4.3 Server
The server sub-systems can apply centralized deployment, distributed deployment,

depending on different engineering environments.

4.3.1 Centralized Deployment
Figure 4- 2 NetNumen™ U31centralized deployment
As shown below, in centralized deployment, the servers running on a single host.

Centralized network management is suitable for small-scale network to meeting the
network management requirements with minimized cost.
4.3.2 Distributed Deployment
NetNumen™ U31 supports distributed deployment that allows carriers to deploy

management modules of U31on different servers. TheU31 system can consist of one
master server and multiple slave servers. The master server provides the fundamental
network management functions.
Deployment of the slave servers should take the carriers’ network scale and deployment
into consideration. U31 functions or managed domains are assigned to the servers
accordingly. The following benefits are brought: load balancing, enlarged management
scale, and improved system performance.

Figure 4- 3 Distributed Deployment Solution
As shown in the above figure,U31 components are operating on different machines.

They work with each other to implement network-wide management tasks. Distributed
deployment is applicable to a large-scale network managed. Moreover, it is applicable to
networks that will grow both in scale and complexity.
The solution enables carriers to manage an extra-large network, leverage their existing
server resources, and lower network investment.
4.3.3 Cloud Deployment
NetNumen U31 system server application can be deployed on cloud data center and
provides the same functions, no matter it’s centralized mode or distributed mode. When
the servers are deployed on the cloud, the server application will deploy on the virtual
machine as well as the OS and DB. Currently, the NetNumen U31 server can be installed
on VMware, and Oracle VM virtual machine system with linux OS. The clients of
NetNumen U31 connect to the NetNumen U31 server application in cloud data center
just same as connecting the NetNumen U31 server in PC server/Unix server. The
following figure shows the architecture of cloud deployment.

Figure 4-4 The Cloud Deployment Architecture
4.4 Client
4.4.1 Client Type
 GUI (Graphical User Interface): refers to a computer operation user interface

displayed by graphic which makes the operation much convenient to users. It is not
necessary for users to remember lots of commands but operate through windows,
menus, buttons and so on.
GUI is the main O&M interface of NetNumen™ U31.

Figure 4- 5 GUI Client
 Command Line Interface (CLI): Just as its name implies, CLI is a command line
interface. It is an ASCII-based man-machine interface, and hence it is also called
ASCII.
Along with the development of GUIs, U31 CLI has introduces the GUI EoU features, for
example, character command input help and navigation tree, while maintaining the
existing features, namely the slim client and simple characters.
Figure 4- 6 CLI Client
 WEB is a dynamic and interactive distributed information system technology which

is global, graphic and thin-client(platform independent).
AOS-Coolbit, Citrix XenApp are used to access U31.

Figure 4- 7 Web Client
4.4.2 Single-client
It is the most basically and most common application mode. The Client, Server and
Database may run either on the same computer or separately on different computers
depending on the amount of managed equipment and the process capability of the
computer.
Figure 4- 8 The single-Client and single-Server networking mode
4.4.3 Multi-client
One Server allows logon of multiple Clients. It assures the clients of data
synchronization.

This structure is usually applied in the case that multiple operation terminals (Clients) or
display terminals are required by users, and the Clients might be distributed in various
areas, so some of the Clients need to log on the Server remotely. In this way,
management of upper layer NM can also be accessed, with a northbound interface
module needed.
Figure 4- 9 The multi-Client and single-Server networking mode
4.5 Typical O&M Solution
4.5.1 Consolidated Management Across Fixed Networks
NetNumen™ U31provides the consolidated management of fixed network. It has the

following features:
 Consolidated management to support full-server operation
 Consolidated management covering the access network.
 End-to-end service configuration and management for access network

products; simple, quick commissioning and deployment are both achieved,
and O&M difficulty is reduced.

 Network-wide intelligent fault analysis and diagnosis: According to network

resources and service relationships, the system can automatically locate and
analyze the root/derivative alarms, shortening the time spent on handling
alarms.
 Fine-grained customization to lower costs significantly
 U31 employs the unique PPU component technology that allows carriers to
determine the functions integrated into the EMS. This feature enables ZTE to
customize an EMS to meet the individual business needs of a carrier.
Furthermore, a variety of deployment schemes are available, and carriers can
find the very one for their current O&M mode. ZTE aims to help carriers drive
up their ROI.
 Three access methods are available, namely GUI, Web, and CLI to support
the local and remote access requirements. O&M personnel can get access to
U31 anytime anywhere.
 Flexible system architecture for smooth evolution
 Modular design for easy rollout of new services: The modular architecture
brings good scalability to U31, which allows only small adjustments for growth
in services or changes in NE management. Investment is protected, and
customer requirements in the future can be met.
 Distributed deployment and flexible investment: Distributed deployment allows

a minimum investment when carriers are to build a network. The network
management capacity can be enlarged flexibly if the network scale is growing.
 Open interfaces for fast integration with third-party systems: A variety of

northbound interfaces are provided, which allows integration of U31 with
third-party NMS/BOSS systems, such as IBM Tivoli Netcool/OMNIbus, HP
TeMIP, and Aircom Optima.

Figure 4- 10 Consolidated Management Across Fixed Networks
Note: The products with their names in red are not managed by U31 R20.
4.5.2 Integrated ICT Management
As telecom technologies are growing rapidly, the telecom market continues to expand,
and the carriers’ networks grow to a greater scale. This brings a series of challenges,
such as increased complexity of devices in the network, a growing number of different
devices, and rollout of a great number of new services. Carriers have to deal with the
heavy burden of network management and maintenance, which consumes more
resources than before. To lower costs and boosts network O&M efficiency, the IT
management architecture has evolved to support multi-technology and multi-level
management. Moreover, various management systems in an enterprise are gradually
integrated into one system.
Under such circumstances, carriers need to firstly answer the following questions:
 How to efficiently manage IT equipment that grow rapidly in quantity should be

considered
 IT infrastructure at different levels should be managed centrally
 IT infrastructure management should be integrated to the existing telecom

management systems.

By integrating with the IT management component, NetNumen™ U31 is able to detect

and manage a variety of IT devices, achieving the integrated ICT management. The
manageable IT hardware/software is listed as follows:
 Hardware: router, switch, firewall, storage, load balancing equipment, and server (or
miniserver);
 Software: OS, database system, cluster system, storage management system, and
other application systems (for example DNS).
The ITP component supports a variety of IT management interfaces such as SNMP,

Telnet, WMI, JDBC, and Agent for the IT devices and software provided by different
vendors, which features flexible access capability and high scalability.
Figure 4- 11 Integrated IT Device Management
With multiple management layers combined together, the U31 integrated ICT
management solution can be deployed to satisfy the IT management demand that
devices of different types and at different network layers can be managed in a uniform
manner. It is a simple, convenient, economic and highly efficient solution.
 Support of multiple vendors’ IT devices and quick scalability to bring high customer
satisfaction

 Integration with the U31 system to share resources and cut down on investment
costs
 No additional system server, storage device, network device specifically for IT

device management is needed, saving greatly hardware investment costs;
 No additional cluster software system, disaster recovery system, backup

system, anti-virus system specifically for IT device management is needed,
saving greatly software investment costs;
 IT devices can be connected to the IT management component via the

telecom management network, and therefore no additional management
network specifically for IT devices is needed, saving greatly network
investment costs.
 Uniform user interface and combined management capability to ensure high

management efficiency and service quality
 Carrier-class reliability, usability and security
 The IT management component can share the same high-availability, disaster

recovery, and backup services with U31;
 The IT management component can share the same security services such as
firewalls, anti-virus systems and security gateways with U31.
 Separate and combined deployment of U31 and the IT management component to

adapt to different network sizes
 The ZTE IT management component can also be deployed as an independent

management system so as to meet different demands of carriers with different
network sizes and O&M habits.

4.5.3 FTTx O&M Solution
4.5.3.1 End to End Automatic Service Provisioning
After the integration among BOSS and EMS, the end to end automatic service
provisioning will be fulfilled.
In that case, no parameters need to be configured on site and no parameters need to be

reported to EMS.
CPE is plug & play. No cooperation is needed. And there is no frequent mutual
confirmation.
Figure 4- 12 End to End Automatic Service Provisioning
During the process, CRM, Service provision system, billing system, resource system and
installation dispatch system are involved.
Generally, the steps are as following.
Step 1. The user applies new services. The registration is accepted.
Step 2. CRM sends command to the resource system to confirm whether the resource is
available.

Step 3. If resource is available, the service-opening order will be sent to the automatic
service provision system.
Step 4. The service provision system sends command to assign the resource.
Step 5. The service provision system sends command to the automatic activation system,
which sends command to the EMS and the service control system, such as SS, IPTV and
AAA server.
Step 6. The service provision system sends command to dispatching system for field
engineering.
Step 7. The service provision system sends command to the integrated service testing
system.
Step 8. When all commands are executed, the completion order will be feedback.
Step 9. Then the charging notification is sent to the billing system.
Zero-touch Service Provisioning , and ONU Plug and Play
 Supports flexible ONU authentication modes for ONU zero-touch service

provisioning. In this way, ONU is plug and play, and easy to be changed quickly.
 Provides Standardized NBI to integrate with BOSS, which creates a smooth

process flow from BOSS to NE for automatic and fast service provisioning.
4.5.4 NetNumen™ U31Web Access Solution
More and more enterprises and organizations now are beginning to raise concerns about
remote access techniques and products as mainstream management software has
moved from a client/server to a browser/server architecture. Customers also have the
Web access demand so as to satisfy their functional requirements of flexible access and
Single Sign-on. Network operation and maintenance becomes more convenient.
Generally, customer requirements are as follows:

 Centralized application installation, deployment & management
 B/S access methods, C/S user experience
 Low hardware requirement, investment protection
 Secured, reliable authentication for remote access
 Minimized bandwidth required by remote access
 Comprehensive remote application system functions and diagnosis functions
U31 provides a secured, efficient Web access solution to meet users’ requirements for
remote access.
4.5.4.1 Citrix XenApp-based Web Access Solution
Figure 4- 13 Citrix XenApp-based Web Access Solution
NetNumen™ U31 provides the Citrix XenApp-based Web access solution that acts as
the U31 application virtualization solution, which allows web access and application
virtualization.
In this solution, U31 clients are installed on the Citrix XenApp server. Through the U31
clients, Citrix clients are connected to the U31 server. Multiple Citrix servers can form a
Farm, providing services in a joint effort. In this way, the cluster and load balancing
functions are achieved.

Users do not need to install the U31 client program on the Citrix XenApp clients. On them,
only a 2MB Citrix XenApp client component is necessary. Between Citrix XenApp clients
and Citrix XenApp servers, an ICA session is created. Via the ICA session, the Citrix
XenApp clients call the U31 clients on the Citrix XenApp servers and log in to the U31
servers.
U31 clients request many system resources. A single Citrix XenApp server, however,
allows a limited number of concurrent access requests. To solve this problem, we choose
to publish the U31 clients on all Citrix XenApp servers in a Farm. Via auto load balancing
finally, the number of concurrent users is enlarged greatly.
The solution has the following features:
 Centralized application installation, deployment & management
 B/S access methods, C/S user experience
 Low hardware requirement, investment protection
 ICA supported to reduce network traffic
 Secure access
4.5.4.2 AOS-based Web Access Solution
Figure 4- 14 AOS-based Web Access Solution

ZTE NetNumen AOS (hereinafter referred to as AOS) provides a complete uniform portal
solution to solve the problems brought by the diversity of application systems. Through
the uniform entrance and application virtualization, AOS allows users to visit applications
through one GUI. After users are authenticated, they can get access to all the
applications, without repeated authentication activities upon a switch from one
application to another. O&M efficiency is improved, and the user experience is optimized.
The AOS Web-based access solution has the following highlights:
 Uniform portal for service aggregation
 Powerful service aggregation capability: Applications are integrated in one

Web page that allows users to visit the applications flexibly. A simple, efficient
application virtualization solution is provided to users.
 Uniform user account management: User accounts of the applications are

managed in a uniform manner. Single sign-on is achieved.
 Dashboard: Users can customize their own dashboard to observe the data
from different applications intuitively.
 Application virtualization:
 Application virtualization component: Using application virtualization

technologies, the component displays the application GUI to remote users
through Web.
 Good scalability and reliability
 Scalability: Through the load balancer, access servers can be added to the
system conveniently to enlarge the system processing capability.
 High reliability: A HA solution is provided; a dual-server system or a cluster is

deployed to ensure system reliability.
 Web-based access with no need to install clients: The client applications are
not installed on users’ machines. Browsers are necessary for users to visit the
system.

 Efficient upgrade: The client applications can be upgraded on the AOS server
conveniently, which improves upgrade efficiency.
 Standard compliance
 Support for JSR168 and JSR286 Portlet specifications
 Security
 Complete log functions: After login, any user behaviors or operations are
logged down. AOS collects periodically the operation logs from the managed
application systems for centralized storage in the Portal system.
 Data security: After applications are virtualized, only the image data of the GUI
is transferred. A specific coding method is used to ensure security of service
data even if packets containing service data are captured.
 Application security: To guard the portal from illegal access, AOS provides a
role-based security model that user authorization, authentication, auditing and
security management policies are employed to achieve high security of user
operations.
 Lowered CAPEX and OPEX:
 Low-cost scalability: Good scalability allows users to deploy a cluster

consisting of low-cost servers, which provide a system capability similar to a
high-efficiency and expensive server.
 Outstanding remote access capability: AOS has a powerful application

virtualization component supporting remote access.
 Low bandwidth requirement: Users can visit AOS and perform operations
under an environment of a low bandwidth (256Kbps).
5 System Interfaces
U31 provides a variety of northbound interfaces that allow flexible integration with
superior NMS/OSS/BOSS systems. Thus fast integration of U31into carriers’ existing

systems is achieved, and O&M capability is improved as well. U31 is able to manage
different types of NEs, and meanwhile it provides uniform northbound interfaces that
allow centralized management of different types of NEs after only one mediation.
Integration and maintenance costs are both lowered.
U31provides such northbound interfaces as TL1, WebService, SNMP, CORBA, FTP.

Regarding carriers’ requirements for integration with NMS/OSS/BOSS, it is
recommended to use the uniform northbound interfaces, such as TL1(CM,FM,Realtime
PM,RM) , WebService (CM,FM, Realtime PM,RM), SNMP (FM), FTP (Historical PM,RM)
and CORBA (only FM). An activity is carried out to estimate which uniform northbound
interface can be used. If no uniform northbound interface can meet carriers’
requirements, other northbound interfaces will be used.
U31 supports these standard southbound interfaces: SNMP and FTP/SFTP.
5.1 Interface Protocols
This section introduces the commonly used northbound interfaces of NetNumen™ U31:
TL1 Interface
Transaction Language -1 (TL1) is an ASCII-based man-machine language defined by

Telcordia. It is a standard management protocol in telecommunications. It brings several
benefits: simple integration, convenient commissioning, good scalability, and good
network adaptability.
WebService Interface
WebService is an interface described in a machine-processable format (specifically Web

Services Description Language, known by the acronym WSDL). Other systems interact
with the Web Services in a manner prescribed by its description using SOAP messages,
conveyed using HTTP with an XML serialization in conjunction with other Web-related
standards.
SNMP Interface

SNMP is a set of standards defined by IETF for network management. It has gained wide
acceptance in the industry because of its simple and easy-to-understand characteristics.
SNMP is implemented based on the Manager/Agent model where the manager interacts
with agents through Management Information Base (MIB) and command sets. SNMP
provides the active reporting mechanism that allows agents to send the trap messages to
the manager.
FTP/SFTP Interface
FTP/SFTP is used by U31 to transfer data files of large sizes, such as PM and RM data
files and resources topology data files.
CORBA Interface
CORBA is a standard for distributed objects being developed by the Object Management
Group (OMG).It consists of ORB, object services, common facilities,
domain-independent interfaces, and application interfaces. ORB provides the method of
implementing transparent communications between clients and objects.
Table 5- 1 Comparison Between Protocols
Protocol Advantage Disadvantage
TL1 Simple integration,

compliance with the given
syntax, and a fixed
structure
WebService Simple integration, good Low efficiency compared

expansibility with TL1
SNMP Simple integration, Low efficiency compared

two-way operations and with TL1
management, a variety of
functions, and a plenty of
standard MIBs.
FTP/SFTP Simple integration, the

capability of transferring
mess data, and
transmission across
different OSs.

Protocol Advantage Disadvantage
Corba External interface has its It is not easy to implement

own specifications. an interoperability test for
CORBA as it is complex.
Moreover, its scalability is
low.
5.2 Southbound Interfaces (Optional)
NetNumen™ U31manages NEs through the southbound interfaces that provide the
following functions, such as fault/performance/configuration/topology/security
management. The supported southbound interfaces are listed as follows: SNMP, Syslog,
Telnet/SSH,NetConf/YANG, and FTP/SFTP.
5.3 Northbound Interfaces
Through northbound interfaces, NetNumen™ U31 can interact with external

systems.U31provides the open, standard northbound interfaces that allow U31 to
provide various network management information such as alarm, performance, and
resources data.U31can be integrated to different OSSs flexibly through northbound
interfaces.
The following tables show the northbound interfaces provided by U31.
Table 5- 2 U31Northbound Interfaces
Protocol Configuration Fault Realtime-Perf Historical-Perf Resource

Management Management Management Management Management
TL1 √ √ √ × √
WebService √ √ √ × √
SNMP × √ × × ×
FTP/SFTP × × × √ √
Corba × √ × × ×
Note: √―― Supported ×―― Not Supported

5.3.1 SNMP Northbound Interface
NetNumen™ U31 provides the uniform SNMP northbound interface for fault
management. After one mediation, U31 is able to interact with NMS/BOSS/BSS for
management of all NEs. The time spent on integration, integration costs, and
maintenance costs are all effectively reduced.U31 supports SNMP V2c and V3 versions.
Table 5- 3 Uniform SNMP Northbound Interface
Protocol Managed NEs Functions
SNMP OLT NEs The SNMP northbound interface for fault management
MDU NEs currently provides the following functions:
DPU NEs 1. Heartbeat
2. Alarm submission
MSAN NEs
3. Current alarm query
DSLAM NEs
4. Alarm acknowledgment/unacknowledgment
EODN NEs
5. Alarm clearing
EOMU NEs 6. Alarm synchronization
5.3.2 FTP Northbound Interface
NetNumen™ U31 provides the FTP northbound interface complying with the standard
FTP specifications, including the standard file format, saving path, and naming rules.
U31 can be integrated with third-party systems in a short period of time through the FTP
northbound interface.
Table 5- 4 FTP Northbound Interface
FTP for PM OLT NEs The performance module allows users to

MDU NEs customize the northbound task configuration
DPU NEs file. It periodically puts the PM data files in the
specified directory, according to the specific
MSAN NEs
generation rules, naming rules, and saving
DSLAM NEs
rules. The superior systems can get these
data files through FTP/SFTP.
FTP for RM OLT NEs The module allows users to obtain the
MDU NEs configuration information. That is, NMS gets
the attributes of all network resources through


DPU NEs this interface. The configuration query function
MSAN NEs is designed to obtain all configuration data
within a network and save the data of each
managed object to a CSV/XML file. The saved
files can be used by NMS.
5.3.3 TL1 Northbound Interface
Table 5- 5 TL1 Northbound Interface
TL1 for OLT NEs Currently, the TL1 interface provides the following
FM MDU NEs FM functions:
DPU NEs 1. Heartbeat
MSAN NEs 2. Alarm submission
DSLAM NEs 3. Query the current alarms;
EODN NEs 4. Acknowledge/unacknowledge alarms
EOMU NEs 5. Clear alarms;
TL1 for OLT NEs The module gets the real-time PM data of ports.
PM MDU NEs
DPU NEs
MSAN NEs
DSLAM NEs
TL1 for OLT NEs The module provides the service configuration
CM MDU NEs functions, for example, the port activation and
DPU NEs bandwidth parameter settings.
MSAN NEs
DSLAM NEs
EODN NEs
EOMU NEs
TL1 for OLT NEs The module provides the information of such
RM MDU NEs resources items as device, board, and port by TL1
DPU NEs command.
MSAN NEs
DSLAM NEs

5.3.4 WebService Northbound Interface
Table 5- 6 WebService Northbound Interface
WebService OLT NEs 1. Heartbeat

for FM MDU NEs 2. Alarm submission
DPU NEs 3. Query the current alarms;
MSAN NEs 4. Acknowledge/unacknowledge alarms
DSLAM NEs 5. Clear alarms;
EODN NEs
EOMU NEs
WebService OLT NEs The module gets the real-time PM data of ports.
for PM MDU NEs
DPU NEs
MSAN NEs
DSLAM NEs
WebService OLT NEs The module provides the service configuration

for CM MDU NEs functions, for example, the port activation and
DPU NEs bandwidth parameter settings.
MSAN NEs
DSLAM NEs
EODN NEs
EOMU NEs
WebService OLT NEs The module provides the information of such

for RM MDU NEs resources items as device, board, and port .
DPU NEs
MSAN NEs
DSLAM NEs
5.3.5 CORBA Northbound Interface
CORBA northbound interface in NetNumen™ U31 follows TMF814.

Table 5- 7 CORBA Northbound Interface
Protocol Managed Functions

NEs
CORBA for FM Submit alarms;

Query the current alarms;
Acknowledge/unacknowledge alarms;
Clear alarms;
6 Basic Function Introduction
6.1 Topology Management
Topology Management provides the topology view of the whole network. It enables users
to scan network key data and information on a complete and clear interface. The
topology view shows NEs, their links and their alarms. It displays all these information in
a direct way and bright colors, which makes the users get a general picture of the
network with a quick glance.
NetNumen™ U31 network management system supports hierarchical topology structure

to show the whole network. Its specific functions are as follows:
Table 6- 1 Topology Management
Functions Description
Layout of topology Topology management view interface is composed of four

management parts of views: topology tree (navigation tree), topology
interface diagram, hide legend/bird view, and alarm/performance table.

1. It supports hierarchical topology management. Users can

get linked to lower layer topology view from high layer
topology view. The contents displayed by the topology logic
view are: NE objects indicated by icons, logic relationship
between NEs indicated by lines, NE and link state indicated by
tags, bubbles, or small state icons.
Logic view of 2. Topology view filtering: it implements filtering according to

topology filtering tree based on different conditions such as name and
address.
3. Expansion and contraction of topology view and its nodes
4. Topology area provides table display
5. Links displayed on the topology view
6. Multiple management views based on different equipment
type, positions, and IP.
1. Select/move NE, zoom in/out view, undo/restore view, show

all topology, zoom in for area, lock NE position, network layout
setting (grid/ring/hub-spoke), save NE position, NE searching,
full screen, turn to/backward/forward, show in list, filter,
legend, contents setting, bird view, configuration map, and
customize interface elements.
2. Export of topology data
Operation based on
logic view of topology 3. SNMP V3 parameter configuration
4. Setting of poll parameter and automatic discovery
parameter
5. Refreshing of topology data
6. Import and export of interface style
7. Statistics of topology information
8. Import and export of topology data
1. Alarm message is shown on the topology view, which is

Alarm message correlated to NE and link.
2. The list below the view shows alarm message.
Performance
The list below the view shows performance KPI.
message

1. Create groups based on types and regions.

2. Create groups in batches or one by one.
3. Set group creating rules (based on IP/position/type)
Operation for groups
4. Set group members
5. Group information statistics
6. Duplicate and paste groups
Create, modify, delete and move NEs.

NE operation
Create NEs in batches.
Link operation Create, modify and delete links
Automatic discovery Automatic discovery of NE and links
Supports creating and modifying hotspot areas, and

automatically adding a device to a hotspot area according to
its resource attribute tag.
Hotspot area Supports setting one or more areas as hotspot areas.
management Supports simultaneous display of area views and hotspot area
views, and supports flexible switch of area views and hotspot
area views. The hotspot area view only contains the NE
belongs to it.
Supports creating engineering alarm tasks, and setting the

engineering task name, task description, beginning and end
Engineering alarm
time of the engineering, and list of NE cards and ports. During
management
the engineering period, alarm information about engineering
NE/card/port can be effectively suppressed.
Support adding the current typology diagram to Favorites,

helping the user to locate it fast.
Typology diagrams include: the current layer, scaling, view
range of typology diagram, legend display switch and
Favorites figure/table display mode. Click the Favorites menu, the
current typology window will be displayed in the style as you
collect.
Support arranging Favorites, such as creating a folder,
deleting a Favorite item and modifying the name.

6.2 Fault Management
Fault management mainly receives various realtime equipment alarm and network event
reports reported by all network elements in the whole network. It notifies the maintenance
staff in a realtime, audible, visual and direct way to let the users know about the
abnormal operation state of the network and equipment. It helps the staff to locate the
failure cause and position so that the users can discover as soon as possible, deal with
the failure and solve it as soon as possible to guarantee normal operation of the system.
Alarm management unit receives and processes the alarm reported by the equipment
and display it to the users via the interface. It can also forward it to the designated
objective by email or short message. The maintenance staff processes it when they
confirm. All the alarm reports collected are saved in the base for various alarm statistics
and query.
6.2.1 Network Fault Management
NetNumen™ U31 network management system provides perfect network management,

permitting the network provider to learn whether the network works as expected. It traces
the current state and makes the state visual to users.
Table 6- 2 Network Fault Management
Function Description
Alarm type conforms to ITU-T X.733 standard including

communication alarm, equipment alarm, quality of service
Alarm type
alarm, processing error alarm, environmental alarm, and
network management system alarm.

Alarm message is automatically reported in SNMP TRAP

message. Network management system can automatically
receive various real-time alarms reported by all network
elements with the alarm parameters including confirmed alarm
state, level, network element position, location position in
Alarm parameter network element, alarm code, occurring time, network element
type, alarm type, alarm reason, additional text, product, alarm
sign, service information, service location, alarm modification
time, additional content, acknowledge/unacknowledged user,
acknowledge/unacknowledged system, and
acknowledge/unacknowledged time.
Network management system can manage itself; generate

system alarms such as performance alarm and system
NM system alarm
management alarm based on thresholds of some preset
operation parameters.
6.2.2 Alarm Message Processing
NetNumen™ U31 network management system can collect and maintain the generated
alarms, and make alarm and network state visual to users.
Table 6- 3 Alarm message processing
Users observe realtime alarm on the network topology. There

are obvious alarm signs on the network element topology for
users to enter the next level, and down to rack state figure.
These alarm signs will automatically disappear when alarm
recovers.
When there are multiple alarms occur at one network node,
Alarm display
the icon color should be the same with the current highest
level alarm. When the alarm with the higher level is cleared,
the next higher level alarm is displayed in turn.
Alarm levels can be distinguished based on different colors.
They can be divided into critical alarm, major alarm, minor
alarm and warning alarm.

Display all detailed alarm information reported by each

network element in the alarm list and update it regularly.
Alarm list contains confirm state, alarm level, network
element, location inside network element, alarm code,
occurring time, network element type, alarm type, alarm
Alarm management cause, additional text, product, alarm sign, service
list information, service position, alarm modification time,
additional content, confirm/reconfirm user, confirm/reconfirm
system, confirm/reconfirm time, alarm notes, note user, note
system, note time, alarm No., network element IP, link,
network element group, network element agent, equipment
type, and path name. The list can be customized.
Display all detailed notification information reported by each

network element in the notification list and update it regularly.
Notification list contains network element, location inside
Notification network element, notification code, occurring time, network
management list element type, product additional text, service information,
service position, additional content, network element IP,
network element group, network element agent, and
equipment type.
Export display column, export all columns, print, alarm

sound/mute setting, full screen, refresh, display column
List operation
customization, filter based on level or confirmed state,
statistics based on level
Support alarm annotation, namely, editing the remark

Alarm annotation
information of alarms
Confirmed alarm is paid attention to and may be processed by

Alarm confirm and certain measures. But it doesn’t mean the alarm is solved or
reconfirm cleared.
Reconfirm the alarm to recover it to the state of unattended.
After manual clearing, the alarm is in cleared state; the user

Alarm clearing
can no longer care about this alarm.
After shielding configuration, the alarm will not be reported to

Alarm shielding NM. Support setting the shielding state by resource and alarm
cause to shield the specified alarms.
Support dispatching to corresponding maintenance staff by

Alarm forwarding
short message or Email.

Alarm confirming rule, alarm clearing rule, alarm filtering rule,

alarm delay rule, alarm merging rule, alarm timing rule, alarm
counting rule, alarm associating rule (based on network
Alarm rule
element), alarm associating rule (based on network element
type), alarm forwarding rule, alarm blocking rule, and alarm
filtering rule.
Based on different alarms, set expert base of processing

Suggested setting for suggestions involving specific cause, diagnosis, and
processing processing.
Support import and export of processing suggestions.
Redefining of alarm Modify levels for different types of alarms. Support four levels
severity of critical, major, minor and warning.
Fast query of all current alarms.

Fast query of unconfirmed current alarms.
Customized query: query conditions include position
(equipment, rack, frame, slot, power supply, fan and port),
Current alarm query
alarm code, alarm occurring time, alarm recovery time, alarm
confirm/reconfirm time, duration, alarm type, alarm type before
clearing, confirm state, confirm/reconfirm user name,
additional text and visibility.
Fast query of history alarm recovered during one day.

Fast query of history alarm recovered during three days.
(equipment, rack, frame, slot, power supply, fan, port), alarm
History alarm query
code, alarm occurring time, alarm recovery time, alarm
confirm/reconfirm time, duration, alarm type, alarm type before
clearing, confirm state, recovery, confirm/reconfirm user
name, clearing user, and additional text.
Fast query of history notification during one day.

Fast query of history notification during three days.
Notification query
(equipment, rack, frame, slot, power supply, fan and port),
notification code, occurring time (in section such as the latest
T week/day/hour/min), and additional text.

Statistics based on network element and network element

type.
Take statistics based on alarm frequency or average duration.
Alarm statistics Take statistics based on the objects.
Alarm statistics in busy hours.
Timing statistics task management
Timing output task management
Alarm forwarding Customize alarm forwarding short message template and

template email template.
Alarm
Actively synchronize equipment alarm
synchronization
Alarm sound and

Customize sound and color for different levels
light setting
Set alarm archiving when the alarms exceed the threshold.

The cycle and threshold of alarm archiving can be set. When
Alarm compression
the alarms exceed the cycle or threshold, they can be deleted
and dumping
from the database and compressed as external files
automatically for saving.

support configuring alarm correlation management rule to
manage alarms. All rules support activating and deactivating
operations.
 Alarm delay rule: This rule is mainly used to effectively
cancel minor alarms or alarms which do not interfere
network operation. These alarms can recover in a short
period System management personnel can use alarm
delay rule to configure the recovery period. Alarms which
recover during this period will not be reported. Otherwise,
they will be reported. Alarm delay rule can effectively
manage oscillation alarms.
 Alarm suppression rule: This rule is configured to
suppress alarms report. The alarms to suppress other
alarms report are configured as primary alarms and the
suppressed alarms are configured as secondary alarms.
When primary alarms exist or occur, secondary alarms
will not be reported. The rule can be defined to display
the secondary alarms after primary alarms recovery or
not. Either primary or secondary alarms support being
Alarm Correlation defined by subscribers.
Management  Alarm counting rule: This rule is mainly configured for
alarm frequency sample collection, which is able to verify
if the alarms occurred in specified sample collecting
period exceeds the configured threshold value. If it is over
threshold, a new alarm occurs to notify system
management personnel. The detailed information and
alarm level of this new alarm can be configured.
 Alarm timing rule: This rule is configured to calculate the
total time of certain alarms duration, which conform to
specified conditions. If the duration lasts to the configured
threshold value, such specified operations will be
implemented as alarm level upgrading or new alarm
initiation.
 Alarm grouping rule: This rule is configured to use one
alarm to take the place of certain alarms and report to
client thus the alarm number received by client keeps
small. For example, when several same alarms, which
indicate one kind of equipment fault, occur in one time,
configure the grouping rule to select one of them as a
representative to be displayed in the interface.

support monitoring and suppressing alarm storm. Alarm

storm occurs once the alarm number reported from one
alarm source in a specified period exceeds the
Alarm storm
pre-configured threshold value. When alarm storm occurs,
management
the system automatically suppresses the alarm report
caused from the same alarm source. Once the storm is
recovered, the suppression will be cancelled.
Support alarm print and export. The export formats supported
Alarm print/export
include XLS, TXT, HTML, pdf, csv and xml.
6.2.3 Failure Diagnosis and Elimination
NetNumen™ U31 network management system provides various failure diagnosis

measures and elimination processing suggestions to help the staff quickly location and
eliminate the failures.
Table 6- 4 Failure diagnosis and elimination
One failure usually causes a series of alarms. For example,

plugging out of a cable will cause interruption of routing
protocol thus lead to interruption of user service. Failure root
analysis of NetNumen™ U31 can analyze the relativity
Analysis on failure between alarms in an intelligent way, display root alarm and
relativity restrained alarms, and display affected customer and service,
make relativity through each layer, and finally locate the root
failure which causes a series of alarms. Then it provides
processing suggestions for users to make diagnosis and
elimination.

Based on long-term network operation, users can summarize

some processing experience from frequently occurred
problems for reference of similar problems in future. This
summary is expert base suggestions. NetNumenU31 network
management system provides users with functions of
Expert base importing, exporting, checking, and modifying alarm
suggestions processing suggestions to make the processing of alarms
easier.
Meanwhile, NetNumen™ U31 network management provides
detailed reason, diagnosis and processing method for each
alarm. It helps users to take in-depth diagnosis of the network
to quickly eliminate the failure.
6.3 Performance Management
Performance management module is responsible for performance management and

analysis of data network and equipment. By collecting various performance data from
network elements and generating performance reports after processing, this module
provides information for maintenance department and management department to guide
network engineering, planning and network adjustment and improve network operation
quality.
NetNumen™ U31 provides performance management with complete functions. It

manages performance of the whole network by functions like performance task
customization, performance report output and performance threshold management.
6.3.1 Performance Task Management
The users can order different performance management tasks according to the
performance variables they pay attention to. NetNumen™ U31 provides flexible task
customization modes:
Table 6- 5 Performance Task Management

Performance Task Take performance data collection by creating performance

Management measurement task. It supports management of performance
measurement task.
Create measurement task.

Supports selection of measurement object and measurement
position.
Supports setting of starting time of performance task with the
format of yyyy-mm-dd hh:mm:ss.
Supports collection granularity of 5mins/15mins.
Supports setting of valid data (week and month) and valid
period (time) within the range of starting time of the
measurement task with the format of hh:mm:ss.
Counter and index management. Users can check

performance counter defined by the system. They can
customize new index based on certain calculation formula
according to the existing measurement index.
Query template management. It can customize condition and

regular task query. It can load the template when it queries
performance history data.
Performance data integrity query. It can query performance

data collection of each network element in each period.
Fast recreation of an Allows the user to quickly create a history performance

engineering history measurement task according to the engineering scenario by
performance specifying the objects and network elements whose data is to
measurement task be collected.
6.3.2 Performance Report Output
NetNumen™ U31 collects performance data automatically according to the ordered

performance tasks, stores history data in the database and generates different
performance reports by analysis.
Table 6- 6 Performance Report Output
Performance report All collected data can be displayed by graph or table

output Performance history data query granularities include 15 mins,
30 mins, 1 hour, 1 day, and 1 week.
Performance history data query periods include 1 day, 1 week,
and 1 month, holiday query, and customizing starting time and
ending time based on the format of yyyy-mm-dd hh:mm:ss.
It supports selection based on week and month for valid query
of performance history data. It supports customized period
based on the format of hh:mm:ss.
It supports saving of history performance data report in files so

that we can check at any time. The file formats of *.xml, *.prn,
*.txt, *.htm, *.pdf, *.xls, *.xlsx, and *.csv are supported.
It supports printing of history performance data report we get.
Categorize and put the collected original performance data

into storage. It supports backup and deletion of the
performance data.
History performance data is automatically filed. It supports

automatic or manual filing of history performance data. It
supports setting of automatic filing period and threshold.
It supports TOP N packet query. In performance data query

filtering, it provides performance TOPN query.
It supports check of realtime performance. It supports two

collection granularities of 10 seconds and 1 minute. Realtime
performance data is saved in files with the format of *.txt and
*.csv.
6.3.3 Performance Threshold Management
The user can set high and low thresholds for the performance variable they are
concerned about by performance threshold management. When the collected
performance data exceeds the set threshold, the network management system will
generate threshold alarms automatically.
Besides, four levels of thresholds can be set, corresponding to four types of alarms;
threshold delta value can be set at the same time. For example, when the highest
threshold for critical alarm is set to 100 and the delta value is set to 2, the alarm is

generated only when the performance data is larger than 102, and the alarm is recovered
when the data is lower than 98.
Figure 6- 1 Performance threshold schematic diagram
6.4 System Management
System management is used to manage NetNumen™ U31 NM system functions. With

system management, the user maintains NM system better. System management offers
a unified maintenance and management platform for NMs to manage and maintain
application server and database server and manage database.
System management can manage performance indexes of application server, e.g.,

server CPU utilization rate, memory utilization rate and hard disk space, and set
performance parameter threshold. When performance index reaches the threshold, the
alarm is sent. System management can also manage resource indexes of database
server. For example, when total database space exceeds the threshold, major alarm is
sent; when the spaces of managed objects in the database exceed their threshold, the
alarms at different levels are sent; when these indexes are lower than the threshold
again, alarm information will return to normal.
System management can create database maintenance task, and regularly execute
such operations as data export, data import, and data clearance in the data table of the
database.
System management has the following common functions:

Table 6- 7 System management function
Server View server performance parameter (CPU, memory, hard disk,

performance server process, etc.), and set system threshold parameter and
management server performance alarm.
The user has the following local database management

function: database login, database resource view, database
Database
backup, database restoration, data table backup, data table
management
restoration, data table clearance, database maintenance task,
regular database maintenance task, and database logout.
System data Provide backup and restoration of such data as log, alarm and
backup and performance.
restoration Provide database and file backup.
U31 has unique “Favorite” function, which is similar to IE

“Favorite” function, to offer fast link for frequently used
Other management functions.
View the system time, print settings, system style settings,

screen lock settings, access control, window resizing, etc.
Use license to control server-side MAC address, authorized use

period, number of user interface terminals, function package
License control
module, northbound function package, device types under
management and specific function authorization.
6.5 Task Management
It is also called policy management. A task is a predefined procedure in NM system and

specifies NM system actions under special conditions. With the predefined task, NM
system can automatically execute relative operation according to current run status for
automatic dispatching and protection, and system self-management for high efficiency
and facilitation.
Table 6- 8 Task management function

Regularly execute backup and deletion task of log, performance

History data archive and alarm data to prevent large volume of data in database
influencing the system.
Regularly execute basic data backup task. Backup all the basic
data of the network management system. Just backup data
Basic data backup records excluding the history data such as table structure and
history alarms, notifications, logs, performance raw data
(history data the has individual backup function).
File and database

Regularly execute NM version file and database backup task.
backup
Detect data catalogs of different types, and regularly execute

File clearance
clearance task when the index exceeds the threshold.
Automatic
It is used to automatically confirm history alarm before the set
confirmation of
days to avoid manual way, so as to improve the maintainability.
history alarm
Regularly execute NE configuration data save and write to NE

NE configuration flash task. It supports It supports regular implementation based
write to NE flash on hour/day/week/month and one-time implementation. It
supports setting of starting time of the tasks.
Regularly execute NE configuration data(e.g. startrun.dat file)

NE configuration backup to EMS server task. It supports It supports regular
data backup implementation based on hour/day/week/month and one-time
implementation. It supports setting of starting time of the tasks.
Regularly execute NE configuration data synchronize to EMS

NE Configuration
database task. It supports It supports regular implementation
data
based on hour/day/week/month and one-time implementation.
synchronization
It supports setting of starting time of the tasks.
6.6 Security Management
Security management is used to ensure users’ legal use of system. Security

management realizes management on user, user group and role. It provides security
control for the operator to perform secure management operation by properly organizing
the relationship between user, user group and role; it prevents illegal user from entering
the system by login authentication; it provide security control for the operator to operate
by operation authentication.

Table 6- 9 Security management function
The user can create, modify, copy and delete a role set as well
as assigning roles to a role set according to his rights.
The user can create, modify, copy and delete a role as well as
Role management
assigning operation rights to a role according to his rights.
The user can set role rights according to resource and
operation set. This is decentralized multi-domain management.
The user has attributes including ID, password, user validity

period, password validity period, and department. The
management functions supported include: add/delete user,
associate user and role or role set, configure user Profile and
modify user password.
Check user lock status.
View the information of the current login user, and tick the login
user off the system if necessary.
Blacklist management: the users entering the blacklist cannot
User management log in the system.
Set validity period of user account
Set validity period of password
Set user working time and holiday, login IP range, and login
MAC binding
Set concurrent login number of the same user
Set maximal and minimal length of password
Set account lock upon login failure
Set automatic lock function
Department is a simulation of administrative department for the

convenience of user organization and management. The user
Department can create department in department management as required.
management By default there is a root department in the system; this
department is the supreme department and all other newly
created departments are its inferior sub-departments.
6.7 Log Management
Log Management:

 Log management is used to manage various logs of the system. Log is recorded
information of various events and operations of the system. By viewing logs, the
user can know whether the system is running properly, locate the cause of problem,
trace and audit important events. Log management is an effective tool of the system
administrator to trace system running status, locate system fault and trace user
operations.
Table 6- 10 Log management
Operation log record user access to the system, including

Operation log access function module, operation process, operation time,
operation result, etc.
Security log User login and logout information.
System and module run record, including system start, system

System log exit, module run process, system interruption, module
interruption, etc.
System administrator can browse and query the record in

Log query
system log.
Log output Output the log in the form of text or SYSLOG.
Log deletion The system regularly deletes system logs.
 Syslog log management can manage the operation log reported from the equipment.
Syslog message is a necessary means to ensure normal operation of the system
and is applied to the debugging and security check. Syslog management module of
NM software can fulfill the following function: Syslog filtering, receiving, resolution,
storage, query, statistics, customization deletion policy, file storage and printing,
and user receiving Syslog log from several equipments or operation systems.
Syslog message displays in GUI so that the user can easily check the logs of
different equipments or operation systems and deal with them.

6.8 Report Management
Users can know system operational status and performance through reports. Report
management system can generate reports at specified time. Users can make correct
analysis and decision through the reports.
Table 6- 11 Report Management Functions
The system provides a unified report view, including

Unified Report View
performance report and alarm report.
Report Task Report task management generates reports automatically

Management at the specified time. The time and report type can be set.
Report File Reports can be previewed, printed, and saved as Excel,

Management Html, PDF, or CSV files.
6.9 License Management
License management is an important function of NetNumen U31 R20 network

management. It is used to manage and control the network capacity and advanced
network management functions managed by the network management system. It
includes all kinds of port management license, ONU/ONT management license, NBI
management license for SNMP, TL1, webservice, SFTP, CORBA and so on. The license
is managed in the EMS and in the license center.
When the network size managed by the network management sytem (such as the
number of user ports, FTTH ONU, etc.) exceeds or will soon exceed the number of
License authorization, the network management system will generate an alarm or
notification to remind users to apply for new license in time. If the user fails to apply for
and update the license in time, after the exceedance reaches a certain extent, the new
network element or FTTH ONU will be restricted on the network management system.
Some advanced management functions of network management (such as historical

performance management of access devices, etc.) require license authorization. If a user

does not apply for a license, he will not be able to use the function, or can only be tried
for a period of time.
License management provides the functions of license file loading, license information
viewing, license overthreshold notifications and alarms, and license overthreshold
control.
Table 6- 12 License Management Functions
License file loading Loads the license file into NetNumen™ U31.
License information View the license authorization items and the number of
viewing licenses currently used.
Generates a notification when the number of licenses used

is about to reach the authorized threshold. Generates an
License overthreshold
alarm to remind the user to apply for a new license when
notifications and alarms
the number of licenses used reach the authorized
threshold.
Restricts the use of related NetNumen™ U31 functions

when the number of licenses used exceeds the authorized
License overthreshold threshold by a certain proportion. For example, when the
control number of FTTH ONUs exceeds the authorized threshold
by a certain proportion, new ONUs cannot be added on
NetNumen™ U31.
6.10 Inventory Management
NetNumen U31 periodically synchronizes configuration data with network elements. The
NetNumen U31 database stores resource data including information on network
elements, cards, ports, ONUs and VLANs.
When device configurations are changed, corresponding data in the NetNumen U31
database will be updated in time.

Resource data in NetNumen U31 can be exported as detailed records or as statistics.

Resource reports can also be generated automatically.
The resource information in the NetNumen U31 database is also the foundation of other
network management functions. For example, using a network management client to
locate network elements, ports and ONUs across the network depends on the resource
information.
Table 6- 13 Inventory Management
The detailed record of network element resources includes

Detailed record of
the locations, names, IP addresses, software versions,
network element
hardware versions, provisioning times, and last power-on
resources
times of network elements.
Network element Network elements can be counted according to their types

resource statistics and versions.
The detailed record of card resources includes the network

elements, locations, service types, models, software
Detailed record of card
versions, hardware versions, online status, sequence
resources
numbers, number of ports, number of ONUs (for PON
cards), and port usage of cards.
Cards can be counted according to their service types,

Card resource statistics
names, versions, network element types, and so on.
The detailed record of port resources includes information

on the network element and card to which a port belongs,
Detailed record of port
port type, port management status, port operation status,
resources
port description, port rate and ONU occupancy rate of PON
port.
Ports are counted according to their types. The number of

Port resource statistics
user ports already used can be counted.
The detailed record of ONU resources includes the PON

ports of the network element and card to which an ONU
Detailed record of ONU
belongs, ONU name, ONU authentication value, ONU
resources
software and hardware version, ONU status, and last online
and last offline time of an ONU.

ONUs can be counted according to their types, versions,

ONU resource statistics
installation dates, and locations.
6.11 System Monitoring
NetNumen U31 system monitoring provides a unified platform to maintain and manage
the network management system. Through this function, the user can add application
servers and database servers for management. The user can perform monitoring and
maintenance operations for the servers, which include monitoring the CPUs, memory
and hard disks of an application server, setting monitoring thresholds so that alarms are
sent when the thresholds are exceeded, monitoring the hard disk space and database
table space of a database server, and setting monitoring thresholds so that alarms are
sent when the thresholds are exceeded.
Table 6- 14 Functions of Monitoring NM Servers and Database Servers
Viewing the basic The basic information of an application server is displayed,

information of an including server name, server type, JNDI port, host IP
application server address, and version.
The user can query server performance to learn about the

Viewing server
current CPU utilization, memory utilization and hard disk
performance
occupation.
The user can set monitoring thresholds for the CPU

Configuring and utilization, memory utilization or hard disk occupation of an
managing application application server. After monitoring is enabled, the system
server performance will automatically collect the performance indexes for the
monitoring monitoring period and determine whether to generate
alarms according to the thresholds.
The basic information of a database server is displayed,

Basic information of
including server name, server type, database type,
database servers
database port, and host IP address.

The user can view the usage status of database resources,

Viewing database
including database information, data table information and
resources
process information.
The user can set monitoring thresholds for the ratio and
size of hard disks so that alarms are generated when the
Monitoring database
thresholds are reached. The user can also set monitoring
resources
thresholds for the ratio and size of data table spaceso that
alarms are generated when the thresholds are reached.
6.12 System Backup and Restore
6.12.1 Database Backup
A database can be backed up in two modes: automatically and manually. The two modes
are described below:
6.12.1.1 Automatic Backup
Automatic backup uses a policy task of the NMS to automatically, periodically back up
the database, including the database structure and basic data.
Figure 6- 2 Automatic Backup

6.12.1.2 Manual Backup
Manual backup uses an offline tool of the NMS to manually back up the database,
including the database structure and basic data.
Execute the "ums-server/utils/usf-backup/run.bat" (or "run.sh" in UNIX) script to start the

offline tool, as shown in the following figure:
Select "Backup Basic Data". Set "Target storage path of the backup file". Click "Execute"
to back up the basic data of the database. The database structure can also be backed up
in this way.
Figure 6- 3 Manual Backup
6.12.2 Database Restoration
Execute the "ums-server/utils/usf-backup/run.bat" (or "run.sh" in UNIX) script to start the

offline tool, as shown in the following figure:
Select "Restore Basic Data". Set "Select the backup file", which is the path where the
restored file is stored. Click "Execute" to restore the basic data of the database. The
database structure can also be restored in this way.

Figure 6- 4 Database Restoration
6.13 System Upgrade Management
NetNumen U31 server operations are performed in three scenarios: new installation,
version upgrade, and patch upgrade.
In the new installation mode, run the "setup" file in the version package and follow the
wizard to complete the installation. The client is also newly installed in the process. In the
upgrade mode, run the "update" file in the version package to upgrade the server. When
the client logs in to the new-version server for the first time, it will automatically download
the client upgrade package and complete the upgrade. In the patch upgrade mode, run
the patch program on the server to read the patch file, and then follow the wizard to
complete the upgrade. After the client logs in, it will automatically install the patch
program to complete the upgrade.
An EMS upgrade involves the following work:
Table 6- 16- 15 NMS Upgrade Process

System detection covers the OS, hard disk space, port

System detection occupation, database version, data table space, and
system process status.
System backup covers program files, the database

structure, and the basic data of the database. All the
backups can be used in rollbacks.
System backup
The upgrade program processes public configuration
information in a unified manner and migrates the
configuration item parameters to the new system.
A platform module upgrade covers the public files, resource

Platform module module, topology module, security module, alarm module
upgrade and performance module as well as system monitoring and
system backup.
A specialized network management module version

Specialized network upgrade covers the specialized network management
management module common file module, maintenance module, configuration
version upgrade module, resource module, topology module, alarm module,
and performance module.
When the client logs in to the new-version server for the

Client upgrade first time, it automatically downloads the client upgrade
package and completes the upgrade.
6.14 EMS Process Detection
The EMS Client can monitor the operating status of each process of the EMS Server
including the main process of the EMS, TL1 northbound interface process, interface
process, alarm process and performance process, perform statistical analysis on TL1
northbound interface process, and find the reasons that affect process operation
efficiency through analyzing the results to help the maintainers improve EMS operation
efficiency and stability.
Table 6- 16 Process Detection

In the EMS Client interface, you can detect the status of

each EMS Server process including the host where the
Server-end process
process resides, process name, process type, process
detection
startup time, process startup type, process startup result,
description, etc.
Supports TL1 session query

Supports TL1 session statistics
Supports TL1 command query
Northbound interface
Supports TL1 command number statistics
process detection
Supports TL1 command duration statistics
Supports TL1 command successful rate statistics
Supports TL1 command TOPN statistics
6.15 Network Patrolling Function
The EMS supports the task-based network patrolling function. In a patrolling task, you
can set the task name, task execution cycle, execution time and patrolling indices, and
generate a patrolling report including a list of unqualified items in the patrolling indicating
the name of the checkup item, problem level, processing suggestion, and relevant NE
information (name or IP address).
Table 6- 17 Patrolling Project
Card status check

Card temperature check
Control card CPU usage check
NE hardware status Control card memory usage check
Equipment fan check
Control card reset check
Flash remaining space check
Software version check

NE software status Protection group status check
Firewall open status check

NE detection check
NE alarm check
NE service status 10GE and GE port operating status check
MAC address aging time check
PON port error packet detection
Dual control card check

Dual power supply check
NE configuration check
NE Trap server configuration check
NE SNMP read and write community name check
Network configuration Clock check

check Upstream port ring network hidden trouble check
IP address and planned address matching check

Card-level protection switchover check
Network status check
Aggregation port protection switchover check
Operating optical power check
Information statistics of pluggable optical modules

Failed card check
Equipment and health PON port CRC error packet statistics
statistics Statistics of faulty port optical modules
Statistics of unplugged optical modules
Fan information statistics
6.16 Log Collection
When the onsite EMS function is faulty, the log or configuration files need to be provided
onsite to locate the fault. The log collection function supports precise collection of logs or
configuration files.
Table 6- 18 Log Collection
Displays the collection function and collects logs including

Log collection
process, northbound interfaces, syslogs, special items and

designated path.
6.17 Configuration Management
Configuration management is used to configure device and service attributes for network
commissioning and service provisioning. All managed NEs in the system support
configuration management.
The system supports batch configuration of terminals and central-office devices and the
import and export of configuration parameters.
The system supports the following types of configuration management:
 GUI-based configuration management

All central-office devices support configuration management through a Graphical User
Interface (GUI). For detailed management functions, see function lists of relevant products.
 Configuration management based on man-machine commands

All managed devices in the EMS support man-machine commands. Therefore, you can
configure and manage remote devices in Telnet mode.
 Configuration for various device
For the different device, EMS can set and discover different configuration data, these
configurable data include shelf information / card infromation/ port information and other
relevant information.

7 FTTx Network Feature Management
7.1 OLT Management
OLT management allows users to perform the configuration/fault/performance/security

management operations for OLT devices through GUIs.
7.1.1 System Management
System management mainly allows the user to manage the global properties of network
elements. It covers the basic information of network elements, boards, Trap server,
SNMPv3 configurations, and CLI configurations. It also provides common functions such
as saving configuration data, uploading/downloading configuration files, upgrading
versions, resetting network elements and resetting boards.
Table 7- 1 System Management Functions
Managing the
basic information Query and configure network element information such as name,
of network location, contact and runtime.
elements
Query the trap servers configured for the current network

Managing the
element. The user can configure trap servers for the network
Trap server
element, such as by adding, modifying and deleting trap servers.
Managing
Query and configure SNMPv3 access views, user groups and
SNMPv3
users.
configurations
Managing CLI Query and configure global information of CLI, user information,
configurations and session information of login users.
Overheat
protection and
Configure the overheat protection and emergency energy-saving
emergency
parameters of network elements.
energy-saving
configuration

Environment
Query and configure the environment monitoring information of
monitoring
network elements, including environment temperature alarm
configuration
thresholds and the working mode of fans.
management
Saving Save the current configuration data of a network element to the

configuration configuration file so that the configurations will not be lost in the
data case of a reboot.
Back up and restore network element configuration files. Network

Uploading/downl element configuration data can be saved to the NM server or NM
oading client, and backup network element configuration data can be
configuration files restored to network elements. This function is usually used in
configuration rollbacks and equipment replacements.
Resetting the Remotely reboot network elements. This function is used to fix
system faults, upgrade versions, restore configurations, and so on.
Manage the version files on network elements and perform

Version upgrades. This function covers uploading, downloading
management (regularly), synchronizing, and switching versions as well as
displaying the running versions and patches.
7.1.2 Card Management
Card management mainly allows the user to query card information including type, status,
hardware version, software version, CPU utilization and memory utilization. The user can
configure CPU utilization thresholds and memory utilization thresholds as well as perform
operations such as resetting and switching over cards.
Table 7- 2 Card Management Functions
Query card information including type, status, hardware version,

software version, CPU utilization and memory utilization.
Card
Configure CPU utilization thresholds and memory utilization
management
thresholds as well as perform operations such as resetting and
switching over cards.

7.1.3 Port Management
Port management mainly allows the user to manage network interfaces such as uplink
ports, P2P ports, and user ports.
Table 7- 3 Port Management Functions
Query and configure uplink port attributes including management

Uplink port status, running status, duplexing and rate. Configure bandwidth
management utilization thresholds. View the current alarms, real-time
performance, and so on of uplink ports.
U31 provides the GPON/EPON/10G EPON/XGPON port

PON port management, PON protection configuration, PON authentication
management mode configuration, PON encryption configuration, rogue ONU
detection, and PON optical module management.
Query and configure CES port attributes including management

CES port
status and running status as well as CES port attributes such as
management
anticipated type, loopback, DS1 mode and line type.
Query and configure P2P port attributes including management

P2P port
status, running status, duplexing and rate. View the current
management
alarms, real-time performance, and so on of P2P ports.
7.1.4 OTDR Management
OTDR management mainly allows the user to perform the OTDR test. Including fast test,
health database test and routine test.
Table 7- 4 OTDR Management Functions
Algorithm version query Query the algorithm version of the port.
Configure the link relationbetween OTDR port and the pon

Test link configuration
port.
Configure the device type threshold values.

Device type threshold
Using the threshold values to labeling device type, e.g. the
configuration
first-level splitter,the second-level splitter.

Configure the fault locating threshold values.

Advanced parameters
Using the threshold values to getting the fault locating
configuration
result.
Query and configure test parameter profiles including the

Test parameter profile test mode, wave length, distance, pulse width, and other
configuration parameters. The test parameters profiles will be applied to
the ports and used for fast or routine tests.
Query and configure the test parameter profiles of the

Port configuration
specified ports.
Query the fast database test results according to the
Fast test query
specified conditions.
Perform fast test on the specified ports, Querying the fault
Fast test locating information, the OTDR test curve, event
information when the port is test successfully.
Query the heath database test results according to the
Health database query
specified conditions.
Perform health database test on the specified ports,

Health database test Querying the fault locating information, the OTDR test
curve, event information when the port is test successfully.
Query the routine test results according to the specified
Routine test query
condition.
Configure the routine test, including the start time,
Routine test interval, and ports. The system will automatically execute
the test according to the parameters.
7.1.5 Layer-2 Protocol Management
Layer-2 protocol management mainly allows the user to manage Layer-2 network
protocols including VLAN, QoS, multicast and STP.
Table 7- 5 Layer-2 Protocol Management Functions
VLAN Query and configure the VLAN attributes of network elements and
management ports, including VLAN, VLAN conversion and QinQ.

Provides different QoS levels to meet different service

QoS requirements. Configurable QoS attributes include priority
configuration mapping, port mirroring, queue scheduling, rate limiting and traffic
shaping.
Query and configure IGMP, MLD and IPTV. IGMP and MLD
configurations include global parameters such as protocol
enabling, service attributes such as multicast VLAN, source port
Multicast
and receiving port, and port attributes such as enabling fast-leave
management
and limiting the maximum number of multicast groups. IPTV
configurations include preview parameter profile, channel,
package, port access control, and calling detail record.
Automatically blocks some redundant paths through the spanning

STP
tree algorithm to prevent the creation of network loops. Supports
management
SSTP, RSTP and MSTP modes.
MPLS MPLS configuration includes CIP configuration, pseudo wire

configuration configuration, related service binding, and LDP configuration.
7.1.6 Layer-3 Protocol Management
protocols including DHCP, routing, OSPF, IS-IS and BGP.
DHCP management allows network hosts to automatically obtain

DHCP
IP configurations, including DHCP relay configuration, from the
management
DHCP server.
Route Provides Layer-3 functions including Layer-3 interface and

management Layer-3 route configuration.
OSPF management allows a path to be rapidly calculated again

using only a small amount of routing traffic after the system
OSPF
discovers that the topology has changed. OSPF management
management
covers the configuration of global, interface, instance, network,
and OSPF redistribution parameters.

IS-IS is a routing protocol in which a router is also called an

Intermediate System (IS). An IS is a network node responsible for
IS-IS forwarding data packets, exchanging link overhead-based routing
management information, and determining the network topology. IS-IS
management covers global, regional, circuit, authentication, and
redistribution.
The BGP protocol is used to exchange routing information in an

Internet connecting autonomous networks. It controls route
BGP
propagation and route selection. BGP management covers the
management
configuration of the number of BGP local Autonomous System
(AS) systems and the configuration of BGP neighbor parameters.
7.1.7 Security Management
Security management provides network security measures including ACL, port

identification, DHCP snooping, anti-DoS, MAC anti-Spoofing, ARP anti-Spoofing, and
current CLI sessions.
Table 7- 7 Security Management Functions
Allows or prohibits data packets to pass through according to

ACL preset rules. The rules require matching the source IP address,
configuration destination IP address, source MAC address, destination MAC
address, source port and destination port.
Port Identification Use port Identification mechanisms such as DHCP Option 82 and
configuration PPPoE to prevent the theft of user accounts.
DHCP snooping configuration allows DHCP packets to be

DHCP snooping
listened to and monitored.
Network security configuration covers anti-DoS, MAC

Network security anti-Spoofing, ARP anti-Spoofing, protection against port
configuration loopback, port isolation, IP Source Guard (IPSG), and flooding
control.
Current CLI Manages and detects CLI login users to prevent illegal users from
Sessions locally logging in.

Authentication
Configure authentication and authorization modes including AAA,
and authorization
TACACS+, RADIUS and 802.1x.
configuration
7.1.8 Global PON Template Management
Template management allows the user to manage the template list of network elements.
The templates include ONU type templates, ONU type offline templates, ONU
energy-saving templates, VoIP templates, bandwidth-related templates, VRG templates
and WAN templates.
Table 7- 8 PON Template Management
Define the device type and port type of an ONU by configuring the
ONU type
ONU type template. The configuration for the ONU type offline
templates
template is similar.
Configurable VoIP templates include IP templates, VLAN

VoIP templates templates, MGC templates, SIP templates, media templates, and
fax templates.
Configurable bandwidth templates include bandwidth templates,

Bandwidth
offline bandwidth templates, traffic templates, remote traffic
templates
templates, and UNI bandwidth templates.
Configurable VRG templates include DHCP server templates,

VRG templates DHCP IP address pool equipment vendor templates, and DHCP
IP address pool templates.
Other configurable templates include ONU SNMP templates,

Other templates
ONU offline board templates, and WAN templates.
7.1.9 GPON Service Management
The common functions provided by NetNumen™ U31 for the configuration, operation
and maintenance of GPON service include GPON service provisioning configuration
based on PON service templates, ONU configuration management, network element
protocol manager, centralized ONU management, ONU query, ONU version update
management, template configuration management, and fault diagnosis management.

 GPON service provisioning configuration based on PON service templates
NetNumen™ U31 mainly has two GPON service configuration modes:
 GPON service configuration based on PON service templates
 GPON service configuration not based on PON service templates
GPON service provisioning based on PON service templates is easy to configure

and supports batch modification, so it is the main service configuration scheme that
ZTE promotes.
GPON service provisioning configuration based on PON service templates
Template-based GPON service provisioning configuration, which is provided by

NetNumen™ U31, is simple and efficient.
Step 1: Create PON service templates. The user can create ONU remote templates
and ONU line templates via GUI or CLI. While creating ONU remote templates and
ONU line templates, the user can use the templates created as described in Section
7.1.7 "Global PON Template Management", such as ONU type templates,
bandwidth templates and voice templates, to further simplify service configuration.
Step 2: Bind PON service templates. When create an ONU, specify the
corresponding templates or bind the templates through northbound interface
commands. After the PON service templates are bound, the service can be
activated.
In addition, ONU configurations can be batch-modified by changing the PON

service template parameters.
Table 7- 9 GPON Service Provisioning Configuration Based on PON Service

Templates

Create, modify, delete and view ONU remote templates.

View and modify the management parameters in an ONU remote
template such as ONU service attributes.
ONU remote
View and modify the ONU port parameters in an ONU remote
template
template such as ANI parameters, Ethernet UNI port parameters
configuration
and voice UNI port parameters.
View and modify the service parameters in an ONU remote
template such as ONU multicast VLAN and UNI port VLAN.
Create, modify, delete and view ONU line templates.

ONU line View and modify the physical configuration parameters in an ONU
template line template such as ONU attributes. View and modify the line
configuration configuration parameters in an ONU line template such as
T-CONT and GEM Port.
 ONU configuration management not based on PON service templates
Compared with service configuration based on PON service templates, service

configuration not based on templates provides freedom in parameter configuration
but is more complex.
 ONU configuration management
ONU configuration management provides all the configurations of ONU. The ONUs
under various PON cards are flexibly displayed as needed, and the status of the
ONUs is shown as graphs for convenient viewing.
After selecting an ONU, the user can perform management functions including
physical configuration management, port configuration, line configuration, Vport
service configuration, and service configuration management.
Table 7- 10 ONU Configuration Management
Physical ONU configuration management include adding an ONU,

configuration modifying ONU attributes, deleting an ONU, replacing an ONU,
management activating an ONU, turning off an ONU, and restarting an ONU.

Port configuration allows the user to configure the User Network

Interfaces (UNIs) of GPON ONUs, including ANIs, Ethernet UNI
Port configuration
ports, voice UNI ports, video ports, CES UNI ports, and VEIP UNI
ports.
Line configuration covers GEM ports, TCONT, Vport, and GEM

Line configuration
port mapping to VPort.
Vport service configuration allows the user to configure protocol

Vport service
services of ONUs, including ServicePort, VLAN, QoS and
configuration
multicast.
Service
Service configuration management allows the user to configure
configuration
the VLANs of services, flows and UNIs ports of ONUs.
management
 Network element protocol manager
The network element protocol manager allows the user to configure and manage
the narrowband and broadband services of network elements in a centralized
manner. In the network element protocol manager, an operation tree provides the
entries to configuration management functions, including those for VLAN, multicast
and QoS.
Table 7- 11 Network Element Protocol Manager
VLAN Configure static VLANs, port-based VLANs, and so on.
Configure Ethernet queue mapping, CFI mapping, SCB queue

QoS
mapping, and so on.
Network elements provide operable, manageable multicast

services and support IGMP v1/v2/v3 in three modes: IGMP
snooping, IGMP proxy and IGMP router. The user can enable
IGMP and configure IGMP global parameters; enable user
Multicast interface IGMP and configure IGMP interface parameters; and
configure IGMP MVLAN. An IGMP MVLAN (Multicast Virtual
Local Area Network) is a VLAN that carries IGMP multicast data,
whose parameters include service VLAN, source port, destination
port and multicast group.

 Centralized ONU management
Centralized ONU management provides an ONU query view and an ONU topology
view. In the ONU query view, the user can query ONUs according to a pre-set or
self-defined template. After that, the user can view the status, configure the services
and analyze the performance of specified ONUs. In the ONU topology view,
network elements as well as their cards or ports can be displayed. At the
corresponding topology level, the user can perform service configuration and
management for the network elements, cards or ports.
Table 7- 12 Centralized ONU Management
In the ONU query view, the user can query ONUs through the
pre-set template, view the information of the pre-set template,
create a new pre-set template through copying, create a
self-defined query template, query ONUs through the self-defined
query template, modify the self-defined query template, delete the
self-defined query template, create a new self-defined query
ONU query view
template through copying, open the ONU configuration
management window, display ONU details, display the current
alarms of ONUs, display and export the statistics of queried
ONUs, configure the attributes displayed in the ONU query view,
display the queried ONUs whose status is abnormal, manage and
configure ONUs, and so on.

In the ONU topology view, the user can

View ONUs in the ONU topology tree or view.
Use a template to filter the ONUs displayed in the ONU topology
tree or view.
Query topology nodes.
Collapse or expand topology nodes.
Move the topology view.
Zoom in or out on the topology view.
Return to the previous topology view.
ONU topology
Reset the topology view.
view
Let the topology view automatically adapt.
Zoom in on a part of the topology view.
Let the topology view be automatically laid out.
Save ONU locations
Show the legend.
Use the common right-click menus of the OLT / card / port / ODN /
ONU topology tree.
ONU topology view.
 ONU query
ONU query allows the user to query and locate ONUs across the network before
performing operation and maintenance.
Table 7- 13 ONU Query
The user can query ONUs according to their location information

such as which group or OLT they belong to. The user can also
ONU query perform a fuzzy query according to information such as ONU
name, ONU type, ONU authentication information, management
IP address or voice IP address.
After the query produces an ONU, the user can right-click it and
then locate it through shortcut menu items including ONU
ONU location
configuration management, network element topology, ONU
topology, port management, and main topology OLT.

 ONU version update management
ONU version update management allows the user to create version update tasks,
batch-upgrade ONU versions and upload/download ONU versions.
Table 7- 14 ONU Version Update Management
Uploading/downl View ONU version information on network elements, uploading

oading ONU ONU version files to network elements, and downloading ONU
versions version files from network elements.
Download ONU version upgrade files to network elements.

Managing ONU Network elements simultaneously support multiple tasks to
version update complete the version upgrades of various types of ONUs. The
tasks system allows the user to create, modify, delete, and view ONU
version upgrade tasks.
Viewing ONU
View ONU version update logs, which include such information as
version update
ONU location, update status, and version.
task logs
 Fault diagnosis management
NetNumen™ U31 provides a wide range of PON service fault diagnosis

management functions, including such common functions as PON optical module
fault diagnosis, rogue ONU detection, and signaling tracing.
PON optical module diagnosis allows the user to set the parameters of PON optical
modules. When the system detects that a parameter threshold is exceeded, it
generates an alarm.
An ONU sends data packets upstream according to a time stamp allocated by the
OLT. If an ONU sends optical signals while no time stamp has been allocated, the
signals will conflict with the optical signals and interference the communication of
the other ONUs. Such an ONU, which sends optical signals upstream not according
to an allocated time stamp, is called a rogue ONU. NetNumen™ U31 provides
rogue ONU detection and allows the user to detect and locate rogue ONUs.

The signaling tracing function of NetNumen™ U31 covers H.248 call signaling
observe ration, call data observation, and protocol control. SIP signaling tracing
allows the user to trace signaling during a call and to observe the whole signaling
process from speech path establishment to removal. SIP signaling tracing also
allows the user to locate call loss, thus facilitating troubleshooting.
Table 7- 15 Fault Diagnosis Management
Displays PON port and ONU optical module information. Set PON
PON optical
port optical module alarm thresholds. Set ONU optical module
module diagnosis
alarm thresholds.
Set whether to enable rogue ONU detection. After rogue ONU

Rogue ONU detection is enabled, set whether to enable rogue ONU location.
detection After rogue ONU detection and location is enabled, set whether to
automatically shut down detected the rogue ONUs.
H.248 signaling Observe H.248 data, observe event data, trace H.248 signaling
tracing calls, trace multiple SLNs, and perform protocol control.
Trace SIP signaling calls. Save and clear SIP signaling call
SIP signaling tracing data. Automatically saves SIP signaling call tracing data.
tracing Displays the latest records of SIP signaling call tracing. Stop SIP
signaling call tracing.
7.1.10 EPON Service Management
The common functions provided by NetNumen™ U31 for the configuration, operation
and maintenance of EPON service include ONU configuration management, network
element protocol manager, centralized ONU management, ONU query, ONU version
update management, and fault diagnosis management.
 ONU configuration management
ONU configuration management provides all the configurations of ONU. The ONUs
under various PON cards are flexibly displayed as needed, and the status of the
ONUs is shown as graphs for convenient viewing.

After selecting an ONU, the user can perform management functions including
physical configuration management, port configuration, line configuration, Vport
service configuration, and service configuration management.
Table 7- 16 ONU Configuration Management
Physical ONU configuration management includes adding an ONU,

configuration modifying ONU attributes, deleting an ONU, replacing an ONU,
management activating an ONU, turning off an ONU, and restarting an ONU.
Port configuration includes viewing and modifying parameters of

Port configuration Ethernet ports, E1 ports and VoIP ports as well as
batch-configuring all or some ONU ports.
Line configuration consists of MPCP configuration and OAM

Line configuration
query.
Vport service Vport service configuration allows the user to configure the
configuration ServicePort service of an ONU.
Service Service configuration management includes ONU bandwidth

configuration configuration, VLAN and multicast configuration, and VoIP
management configuration.
 Network element protocol manager
The network element protocol manager allows the user to configure and manage
the narrowband and broadband services of network elements in a centralized
manner. In the network element protocol manager, an operation tree provides the
entries to configuration management functions, including those for VLAN, multicast
and QoS.
Table 7- 17 Network Element Protocol Manager
VLAN Configure static VLANs, port-based VLANs, and so on.
Configure Ethernet queue mapping, CFI mapping, SCB queue

QoS
mapping, and so on.

Network elements provide operable, manageable multicast

services and support IGMP v1/v2/v3 in three modes: IGMP
snooping, IGMP proxy and IGMP router. The user can enable
IGMP and configure IGMP global parameters; enable user
Multicast interface IGMP and configure IGMP interface parameters; and
configure IGMP MVLAN. An IGMP MVLAN (Multicast Virtual
Local Area Network) is a VLAN that carries IGMP multicast data,
whose parameters include service VLAN, source port, destination
port and multicast group.
 Centralized ONU management
Centralized ONU management provides an ONU query view and an ONU topology
view. In the ONU query view, the user can query ONUs according to a pre-set or
self-defined template. After that, the user can view the status, configure the services
and analyze the performance of specified ONUs. In the ONU topology view,
network elements as well as their cards or ports can be displayed. At the
corresponding topology level, the user can perform service configuration and
management for the network elements, cards or ports.
Table 7- 18 Centralized ONU Management
In the ONU query view, the user can query ONUs through the
pre-set template, view the information of the pre-set template,
create a new query template through copying, create a
self-defined query template, query ONUs through the self-defined
query template, modify the self-defined query template, delete the
self-defined query template, create a new self-defined query
ONU query view
template through copying, open the ONU configuration
management window, display ONU details, display the current
alarms of ONUs, display and export the statistics of queried
ONUs, configure the attributes displayed in the ONU query view,
display the queried ONUs whose status is abnormal, manage and
configure ONUs, and so on.

In the ONU topology view, the user can

View ONUs in the ONU topology tree or view.
Use a template to filter the ONUs displayed in the ONU topology
tree or view.
Query topology nodes.
Collapse or expand topology nodes.
Move the topology view.
Zoom in or out on the topology view.
Return to the previous topology view.
ONU topology
Reset the topology view.
view
Let the topology view automatically adapt.
Zoom in on a part of the topology view.
Let the topology view be automatically laid out.
Save ONU locations
Show the legend.
ONU topology tree.
ONU topology view.
 ONU query
ONU query allows the user to query and locate ONUs across the network before
performing operation and maintenance.
Table 7- 19 ONU Query
The user can query ONUs according to their location information

such as which group or OLT they belong to. The user can also
ONU query perform a fuzzy query according to information such as ONU
name, ONU type, ONU authentication information, management
IP address or voice IP address.
After the query produces an ONU, the user can right-click it and
then locate it through shortcut menu items including ONU
ONU location
configuration management, network element topology, ONU
topology, port management, and main topology OLT.

 ONU version update management
ONU version update management allows the user to create version update tasks,
batch-upgrade ONU versions and upload/download ONU versions.
Table 7- 20 ONU Version Update Management
Uploading/downl View ONU version information on network elements, uploading

oading ONU ONU version files to network elements, and downloading ONU
versions version files from network elements.
Download ONU version upgrade files to network elements.

Managing ONU Network elements simultaneously support multiple tasks to
version update complete the version upgrades of various types of ONUs. The
tasks system allows the user to create, modify, delete, and view ONU
version upgrade tasks.
Viewing ONU
View ONU version update logs, which include such information as
version update
ONU location, update status, and version.
task logs
 Fault diagnosis management
NetNumen™ U31 provides a wide range of PON service fault diagnosis

management functions, including such common functions as PON optical module
fault diagnosis, rogue ONU detection, and signaling tracing.
PON optical module diagnosis allows the user to set the parameters of PON optical
modules. When the system detects that a parameter threshold is exceeded, it
generates an alarm.
An ONU sends data packets upstream according to a time stamp allocated by the
OLT. If an ONU sends optical signals while no time stamp has been allocated, the
signals will conflict with the optical signals and interference the communication of
the other ONUs. Such an ONU, which sends optical signals upstream not according
to an allocated time stamp, is called a rogue ONU. NetNumen™ U31 provides
rogue ONU detection configuration management and allows the user to detect and
locate rogue ONUs.

The signaling tracing function of NetNumen™ U31 covers H.248 call signaling
observe ration, call data observation, and protocol control. SIP signaling tracing
allows the user to trace signaling during a call and to observe the whole signaling
process from speech path establishment to removal. SIP signaling tracing also
allows the user to locate call loss, thus facilitating troubleshooting.
Table 7- 21 Fault Diagnosis Management
Displays PON port and PON optical module information. Set PON
PON optical
port and PON optical module alarm thresholds. Set ONU optical
module diagnosis
module alarm thresholds.
Set whether to enable rogue ONU detection. After rogue ONU

Rogue ONU detection is enabled, set whether to enable rogue ONU location.
detection After rogue ONU detection and location is enabled, set whether to
automatically shut down detected the rogue ONUs.
H.248 signaling Observe H.248 data, observe event data, trace H.248 signaling
tracing calls, trace multiple SLNs, and perform protocol control.
Trace SIP signaling calls. Save and clear SIP signaling call
SIP signaling tracing data. Automatically saves SIP signaling call tracing data.
tracing Displays the latest records of SIP signaling call tracing. Stop SIP
signaling call tracing.
7.1.11 CES Service Management
CES service configuration can be based on Ethernet or SDH/SONET.
Table 7- 22 CES Service Configuration
ONU-side CES
Includes CES link configuration and CES attribute template
service
configuration.
configuration
OLT-side CES Includes CES protection configuration, TDM interface

service configuration, SONET interface configuration, and PW service link
configuration configuration.

7.2 ONU Management
ONU management allows users to perform the configuration/fault/performance/security

management functions for ONU devices.
7.2.1 ONU Basic Management
ONU management includes the following functions: ONU list management, ONU
authentication and registration, and global settings. Moreover, ONU templates are
available, which simplifies ONU configuration duties.
Table 7- 23 ONU Management Functions
Users can maintain the ONU basic information, query the

ONU list
unauthenticated ONUs, and detect the ONU optical power.
management
Moreover, they can add, modify, delete, and reset ONUs.
Users can maintain the global ONU templates that simplify the
ONU template ONU configuration duties. The commonly used templates are the
management ONU type template, ONU bandwidth template, and VoIP protocol
template.
7.2.2 VoIP Service Management
VoIP management provides the management functions for voice services on ONU NEs.
Table 7- 24 VoIP Management Functions
Users can query and configure VoIP global parameters, including

VoIP protocol H.248 voice VLAN, voice IP address, IP addresses of the
management active/standby softswitches, domain name, SIP voice VLAN,
voice IP, and registration server.
Users can query and configure the VoIP user parameters,

VoIP user
including H.248 TID, SIP phone number, user name, password,
management
and port’s fax mode.

7.2.3 ONU UNI Port Management
ONU UNI port management allows the user to manage the UNI ports of ONUs. It
comprises the following functions:
Table 7- 25 ONU UNI Port Management Functions
Ethernet port The user can view and configure Ethernet port attributes,
management including management status and duplex rate mode.
Voice port The user can view and configure voice port attributes, including
management management status, impedance and gain.
Video port The user can view and configure video port attributes, including
management management status and whether power has been turned on.
7.2.4 ONU Software Management
ONU software management covers uploading/downloading ONU versions, managing

ONU version update tasks, viewing ONU version update logs, and manually updating
ONU versions.
Table 7- 26 ONU Software Management Functions
Uploading/downl
Upload ONU version files to network elements or download ONU
oading ONU
version files from network elements.
versions
Managing ONU Create offline ONU version update tasks on the NMS, and send
version update the tasks to the OLT network elements. ONU version update
tasks tasks can be executed either just once or periodically.
Viewing ONU
version update View the information on ONU version updates.
task logs
Manually
Select a single ONU or multiple ONUs under a specified PON
updating ONU
port, and then manually update the ONU version(s).
versions

7.2.5 Centralized ONU Management
Centralized ONU management covers ONU query management, ONU topology

management, and ONU service level management.
Table 7- 27 ONU UNI Port Management Functions
The user can use a template to self-define the query conditions

and then use the conditions to query ONUs across the network.
ONU query
The user can also batch-modify the attributes of the ONUs and
view the ONU statistics.
The user can view the physical topological relationship between

ONU topology
the OLT network element, boards, PON ports, optical splitters,
management
and ONUs, with. the ODN graphically displayed.
ONU service The user can configure global ONU service level templates, rules
level for automatically mapping ONU service levels, and so on, to
management achieve differentiated management of ONUs.
7.3 PON Service Cutover
To enter the PON service cutover function, click the main menu – Maintenance –PON
service cutover (MAoCut).
Table 7- 28 PON Service Cutover Functions
Supported Supported PON Services

Equipment Type
C220 (C220v1.1, Supports data cutover, same slot cutover and different slot
C220v1.2), C300, cutover of EPON, 10G-EPON and GPON ONUs.
(C300, C 300V2),
C600

7.3.1 ONU-level Cutover
Table 7- 29 ONU-level Cutover Functions
1 Supports ONU-level cutover (including the cutover between IAP1.2 and

between IAP1.2 and IAP2.0)
2 Supports cross-NE cutover and the cutover within the same NE
3 Supports deleting original PON data after the cutover
4 Supports querying detailed command execution information after the cutover
5 Supports the preference configuration function (retry time, wait time, etc.)
6 Supports viewing all failure cutover operations
7 Supports Telnet operations
8 Supports the operation of a fast designated destination PON port
9 Cross-version cutover supports command conversion
10 Supports customized functions for some areas
7.3.2 Same-slot cutover
Table 7- 30 Same-Slot Cutover Functions
SN Function Description
1 Supports same-slot card cutover
6 Supports the configuration comparison function (to check the configuration
changes before and after the cutover)
7.3.3 Different-slot Cutover
Table 7- 31 Different-slot Cutover
1 Supports different-slot card cutover (including the cutover between IAP1.2 and
between IAP1.2 and IAP2.0)
2 Supports cross-NE cutover and the cutover within the same NE

7 Cross-version cutover supports command conversion
8 Supports customized functions for some areas
8 DPUNetwork Feature Management

DPU NE management through PMA allows users to perform the
configuration/fault/performance/security management functions and the following special
functions.
Table 8- 1 PMA Management Functions
Pre-configuration file Support pre-configuration on equipment
Pure Hardware On-site workers only need to complete the equipment and
Installation link installation, no need configuration operation.
Auto-Activation of device After power on, the equipment will look for PMA
and service (NetNumen U31) automatically according to
pre-configured data, and get configuration data and active
service.
Fast provision When the equipment starts up, it will connect with PMA
and load the recent configuration data mapping that saved
locally, if there is no change in planning, the set-up rate
will be accelerated.
Protocol with PMA SNMP is adopted between PMA and ZXA10 9852G
Management Functions Firmware download and management

provided via PMA Initial provisioning
Configuration, including rate control
Statistics gathering
Event reporting(Alarm, report)

Figure 8- 1 DPUNetwork Feature Management
System management provides global attribute management for NEs, including NE basic
information, board information, and global protocol information. Moreover, users are
allowed to save configurations, download/upload configuration files, upgrade versions,
reset NEs, and reset boards.
NE basic Users are allowed to query and configure the NE basic

information information, including the NE name, location, contact, time, and
management alarm servers.
Board basic Users are allowed to query the board state and version
information information. Moreover, they can reset the boards and perform the
management switchover operation.
Global protocol
Users are allowed to query and configure the parameters of global
information
protocols, such as NTP.
management
Configuration Users are allowed to save the current configurations of NEs to the
storage configuration files to prevent a data loss upon reboot.

Users are allowed to back up and restore the NE configuration

Configuration file
files. These operations are commonly performed during the
upload/download
configuration rollback process or when devices are replaced.
Users can remotely reboot an NE. This operation is commonly

System reset performed to recover the system from faults, upgrade the version,
or restore configuration.
Version
Users can manage the version files on NEs and upgrade the NEs.
management
8.2 DPU UplinkPort Management
DPU Uplink Port management allows users to manage the network interface such as
uplink interfaces.
Table 8- 3 DPU Uplink Port Management Functions
Users are allowed to query and configure the port attributes such
Ethernet port
as the Ethernet ports’ administrative state, operational state,
management
duplex, and rate.
8.3 G.fast Management
G.fast is a digital subscriber line standard for local loops shorter than 500 m, with
performance targets between 150 Mbit/s and 1 Gbit/s, depending on loop length.
Compared to VDSL2, in G.fast, data is modulated using discrete multi-tone modulation,
as in VDSL2 and most ADSL variants.
G.fast uses time-division duplexing as opposed to ADSL2 and VDSL2, which use
frequency-division duplexing. G.fast is often used in the scenario of FTTdp, In FTTdp
deployments, a limited number of subscribers at a distance of up to 200–300 m are
attached to one fiber node, which acts as DSL access multiplexer.

ZXA10 9852G supports the G.fast technology, which provides faster Internet access
service and deployed at a closer distance to the subscribers. This procedure introduce
show to configure a G.fast line profile, which defines the parameters for G.fast services.
Table 8- 4 G.fast Management Functions
Users can query and configure the G.fast line configuration

template, including SNR Margin Profile, INP and Delay Profile,
G.fast line profile Vectoring Profile, RFI Profile, FRA Profile, RIP Profile,
Downstream Data Rate Profile, Upstream Data Rate Profile,
Spectrun Profile, UPBO Profile.
Users can query and configure the G.fast alarm configuration

G.fast alarm template, including Error Seconds, Severely Error Seconds, Loss
configuration of Signal Seconds, Loss of RMC seconds, Unavailable Seconds,
template Retransmitted Uncorrected DTUs, Retransmitted DTUs, Full
Initialization.
G.fast port Users can query and configure the port administrative state,
management operational state, rate, and user information.
8.4 Layer-2 Protocol Management
management ports, including VLAN and QinQ.

shaping.

Multicast
and receiving port, and port attributes such as enabling fast-leave
management
and limiting the maximum number of multicast groups. IPTV
configurations include preview parameter profile, channel,
package, port access control, and calling detail record.
8.5 VDSL Management
Very-high-bit-rate digital subscriber line (VDSL) is a digital subscriber line (DSL)

technology providing data transmission faster than ADSL.VDSL can reach a maximum
rate of 200Mbps within a short distance.
Table 8- 6 VDSL Management Functions
Users can query and configure the VDSL line configuration

VDSL line
template, including the upstream/downstream transmission mode,
configuration
transmitted power, configuration rate, SNR margin, the maximum
template
interleaved delay, and minimum impulse protection.
VDSL alarm Users can query and configure the VDSL alarm configuration
configuration template, including the Lof Seconds, Los Seconds, Errored
template Seconds, and Severely Errored Second.
Users can query and configure the port administrative state,

VDSL port
operational state, upstream/downstream rate, and user
management
information.
U31 provides a variety of tests for VDSL ports, including the Selt
VDSL port tests
test and Delt test.
8.6 PMA Function
NetNumen U31 as PMAA has a PMA module which provides the basic functions for
managing DPU network elements. The NMS maintains the software versions and

manages the benchmark operational data of DPU network elements to achieve zero
touch in the activation and replacement of DPUs.
Table 8- 7 PMA Functions
DPU network
The user can create, modify and delete DPU network elements on
element topology
the NM topology.
management
DPU mode When a DPU is restarted, it uses the trap to register to the PMAA
initialization trap and obtain a real management IP address.
DPU retrieving
A DPU uses the trap to periodically request synchronizing version
configuration file
and operational data with the PMAA.
trap
PMAA-DPU
The operational status of DPUs is monitored in real time.
status monitoring
8.7 Global and Extended Configuraiton File Management

of DPU
The global configuration file is used for configuring all the DPUs within the same domain.
It contains the global configurations of NEs, and can be generated in the EMS interface.
The extended configuration file is used for configuring a single DPU. It contains the
global configurations and port configurations, and can be generated in the EMS interface
and via the northbound interface.
Table 8- 8 Global and Extended Configuraiton File Management of DPU
Global The users can query and configure the global configurations of a
Configuration File domain including VLAN configurations, QoS configurations,
Management system management and G.fast management.

The users can query and configure the global and port
Extended
configurations of NEs including VLAN configurations, QoS
Configuration File
configurations, profile configurations, system management and
Management
G.fast management.
8.8 Offline DPU Configuration via TL1 Interface
When a DPU gets offline, the TL1 configurations are stored in the configuration file and
will be synchronized to the DPU when it gets online.
8.9 Domain-based and Multi-FTP Server DPU

Management
The EMS supports the domain-based and multi-FTP server DPU management.
Table 8- 9 Domain-based and Multi-FTP Server DPU Management
DPU domain
Configures and queries DPU domain information
management
DPU FTP server Configures the DPU FTP server
Security management provides network security measures including port identification,

IP and MAC address binding, restriction of the maximum number of MAC addresses
learned, port isolation, and DHCP configuration.

Port identification Use port identification mechanisms such as DHCP Option 82 and
IP and MAC Bind the IP and MAC addresses of a port to prevent use by illegal
address binding users.
Restriction of the
maximum of Restrict the maximum of MAC addresses learned to prevent MAC
MAC addresses spoofing.
learned
Configure port isolation to prevent user ports from accessing each

Port isolation
other.
Use mechanisms such as DHCP snooping, DHCP source guard,

DHCP and DHCP online users information viewing to prevent address
configuration spoofing and DoS attacks, which in turn enhances equipment
security.
8.11 Reverse Power Feeding
Reverse Power Feeding (RPF) reversely supplies 10W power for a DPU to run a single
port in a maximum range of 250 m. The core diameter of the Ethernet cable is 0.4 to 0.6
mm. The Distribution Point (DP) works with the Power Sourcing Equipment (PSE) to
perform remote RPF that provides the electricity needed by the DPU to operate. The
DPU also uses its own main control board to manage the power level of the electricity
supplied to users.
Table 8- 11 Reverse Power Feeding Functions
RPF Query and configure global and port parameters, including RPF
configuration mode, port power feeding status, and power supply status.
Query port statistics, including power usage, port-specific power

RPF statistics
usage ratio, power supply duration, and times of power outage.

9 MSAN Network Feature Management

MSAN NE management allows users to perform the
configuration/fault/performance/security management functions for MSAN devices.
System management provides global attribute management for NEs, including NE basic
information, board information, and global protocol information. Moreover, users are
allowed to save configurations, download/upload configuration files, upgrade versions,
reset NEs, and reset boards.
NE basic Users are allowed to query and configure the NE basic

information information, including the NE name, location, contact, time, and
management alarm servers.
Board basic Users are allowed to query the board state and version
information information. Moreover, they can reset the boards and perform the
management switchover operation.
Global protocol
Users are allowed to query and configure the parameters of global
information
protocols, such as NTP.
management
Configuration Users are allowed to save the current configurations of NEs to the
storage configuration files to prevent a data loss upon reboot.
Users are allowed to back up and restore the NE configuration

Configuration file
files. These operations are commonly performed during the
upload/download
configuration rollback process or when devices are replaced.
Users can remotely reboot an NE. This operation is commonly

System reset performed to recover the system from faults, upgrade the version,
or restore configuration.
Software Users can manage the software files on NEs and upgrade the
management NEs.

management ports, including VLAN, VLAN translation and QinQ.

shaping.
Multicast
and destination port, and port attributes such as enabling
management
fast-leave and limiting the maximum number of multicast groups.
IPTV configurations include parameter profile, program source,
package, port rights, and user call statistics.
Automatically blocks some redundant paths through the spanning

STP
tree algorithm to prevent the creation of network loops. Supports
management
SSTP, RSTP and MSTP modes.
MPLS MPLS configuration includes CIP configuration, pseudo wire

configuration configuration, related service binding, and LDP configuration.
protocols including DHCP, routing, OSPF, IS-IS and BGP.

DHCP management allows network hosts to automatically obtain

DHCP
IP configurations from the DHCP server, including DHCP relay
management
configuration.
Route Provides Layer-3 functions including Layer-3 interface and route

management configuration.
OSPF management allows a path to be rapidly calculated again

using only a small amount of routing traffic after the system
OSPF
discovers that the topology has changed. OSPF management
management
covers the configuration of global, interface, instance, network,
and OSPF redistribution parameters.
IS-IS is a routing protocol in which a router is also called an

Intermediate System (IS). An IS is a network node responsible for
IS-IS forwarding data packets, exchanging link overhead-based routing
management information, and determining the network topology. IS-IS
management covers global, regional, circuit, authentication, and
redistribution.
The BGP protocol is used to exchange routing information in an

Internet connecting autonomous networks. It controls route
BGP
propagation and route selection. BGP management covers the
management
configuration of the number of BGP local Autonomous System
(AS) systems and the configuration of BGP neighbor parameters.
9.4 ADSL Management
Asymmetric digital subscriber line (ADSL) is a type of technology that enables broadband
data transmission over copper telephone lines. The ADSL upstream and downstream
bandwidth requirements are asymmetrical.
Table 9- 4 ADSL Management Functions
ADSL line Users can query and configure the ADSL line configuration
configuration template, including the upstream/downstream rate, SNR margin,
template the maximum interleaved delay, and minimum impulse protection.

ADSL alarm Users can query and configure the ADSL alarm configuration
configuration template, including the upstream/downstream Lof seconds, Los
template seconds, Lpr seconds, and Errored seconds.

ADSL port operational state, upstream/downstream rate,
management upstream/downstream attenuation, upstream/downstream
reachable rate, and subscriber information.
ADSL bridge port Users can manage the ADSL ports’ PVC parameters, including
management the VPI, VCI, administrative state, VLAN, and default priority.
U31 provides a variety of tests for ADSL ports, including the Selt
ADSL port tests
test, Delt test, and F5 loopback test.
9.5 VDSL Management
Very-high-bit-rate digital subscriber line (VDSL) is a digital subscriber line (DSL)

technology providing data transmission faster than ADSL.VDSL can reach a maximum
rate of 200Mbps within a short distance.
Table 9- 5 VDSL Management Functions
Users can query and configure the VDSL line configuration

VDSL line
template, including the upstream/downstream transmission mode,
configuration
transmission power, configuration bandwidth, SNR margin, the
template
maximum interleaved delay, and minimum impulse protection.
VDSL alarm Users can query and configure the VDSL alarm configuration
configuration template, including the Lof seconds, Los seconds, errored
template seconds, and severely errored seconds.

VDSL port
operational state, upstream/downstream rate, and user
management
information.
U31 provides a variety of tests for VDSL ports, including the Selt
VDSL port tests
test and Delt test.

9.6 SHDSL Management
Single-pair high-speed digital subscriber line (SHDSL) is a form of DSL, a data

communications technology that enables faster data transmission over copper telephone
lines than a conventional voice band modem can provide. It complies with ITU-T
G.991.2.SHDSL is designed to provide equal transmit and receive (i.e. symmetric) data
rates for access networks.
Table 9- 6 SHDSL Management Functions
Users can query and configure the SHDSL line configuration

SHDSL line
template, including the minimum rate, maximum rate, power
configuration
spectral density, transmission mode, and upstream/downstream
template
SNR margin.
Users can query and configure the SHDSL alarm configuration

SHDSL alarm
template, including the loop attenuation, SNR margin, errored
configuration
seconds, severely errored Seconds, LOSW seconds, and
template
unavailable seconds.
SHDSL port Users can query and configure the port administrative state,
management operational state, rate, and user information.
9.7 VoIP Management
VoIP management provides the management functions for voice services.
Table 9- 7 VoIP Management Functions
Users can query and configure VoIP global parameters, including

VoIP protocol H.248 voice VLAN, voice IP address, IP addresses of the
management active/standby softswitches, domain name, SIP voice VLAN,
voice IP, and registration server.
Users can query and configure the VoIP port parameters,

VoIP port
including H.248 TID, SIP phone number, user name, password,
management
and the port’s fax mode.

U31 provides such fault diagnosis functions as VoIP signaling

VoIP diagnosis
trace and metallic line tests.
Security management provides network security measures including ACL, port

identification, DHCP snooping, protection against DoS attacks, protection against MAC
spoofing, protection against ARP spoofing, and CLI login users.
Allows or prohibits data packets to pass through according to

ACL preset rules. The rules require matching the source IP address,
configuration destination IP address, source MAC address, destination MAC
address, source port and destination port.
Port identification Use port identification mechanisms such as DHCP Option 82 and
DHCP snooping configuration allows DHCP packets to be

DHCP snooping
listened to and monitored.
Network security configuration covers anti-DoS, MAC

Network security anti-Spoofing, ARP anti-Spoofing, protection against port
configuration loopback, port isolation, IP Source Guard (IPSG), and flooding
control.
Current CLI Manages and detects CLI login users to prevent illegal users from
Sessions locally logging in.
Authentication
Configure authentication and authorization modes including AAA,
and authorization
TACACS+, RADIUS and 802.1x.
configuration
10 System Security
Along with the rapid development of telecom technologies and convergence of telecom
and IT domains, telecom networks are moving towards a more open era with escalating

complexity and management difficulty. Operators have to face the security problems and
risks coming after fast development. In terms of security management, operators are not
limited to the traditional simple requirements such as account management and
anti-virus software but expect to implement end-to-end security over the entire system
and cover such aspects as physical entities, all-IP network security, and security
management flow & specifications.
Security of network management systems is an important part of the overall telecom

security solution. Network management systems reside in the core location of telecom
networks, which are closely related with operators’ network management, network
planning, and network operation. Currently, telecom operators and vendors are focusing
on how to ensure security of network management systems and meet the requirements
of network operation.
The NetNumen™ U31 security solution covers every aspect of system security. The
following sections describe the solution from different aspects such as physical security,
network security, system reinforcement, application security, and data encryption.
10.1 Physical Security
Hardware and physical environment security is essential to guarantee network

management systems. If physical security cannot be ensured, attackers may get access
to sensitive data by exploiting vulnerabilities in physical security. These attacks cannot
be discovered and prevented by the software system. Therefore, the overall security
solution should include the measures for physical security that include anti-theft,
anti-physical-damage, and anti-data-snooping/stealing measures.
To tackle the above-mentioned physical threats, NetNumen™ U31 takes the following
measures:
 Physical area security: Security requirements for equipment rooms and racks are
put forward; door lock, entrance inhibition, and key management are supported. A
unique lock is installed for the equipment room and racks where U31 is located. An
access control system is provided and is able to report alarms to U31. Certain
measures are taken to keep security of keys.

 Access specifications: Permissions to enter the U31 equipment room or operate

U31 servers should be granted to people. Any person entering the equipment room
and the physical operations performed should be put on records.
 Hardware & part management: The physical parts of U31 should be managed and
their states should be traced. According to the security specifications, build the U31
system. When fixing or replacing the parts containing sensitive, obey the strict
security and confidentiality requirements. In the office, the sensitive information
should be deleted and the paper containing the information should be damaged.
Therefore, paper shredders and enterprise-level data eraser software should be
provided. Limitations on access to core entities of U31: The mobile storage devices
are not allowed to access core entities of U31 or only have certain access
permissions; the wireless access is limited also in the U31 system.
 Video detection and recording: The physical environment where U31 resides is
detected so that the possibility of intrusion and thefts can be reduced. Moreover,
security events can be traced back.
The above physical security measures should be feasible for operators; namely they are
not contradictory to the operators’ enterprise management regulations and their actual
condition. Therefore, it is necessary to provide the feasible security measures during the
system deployment process (including configuration and installation) and furthermore
work with operators to build the overall physical security measures.
10.2 Network Security
NetNumen™ U31 is operating in an all-IP network. The basic network facilities are
deployed for communications among U31 clients, U31 servers, NEs, and other related
systems. The information inputted by users and the data exchanged by systems need to
come through these network facilities. Therefore, it is necessary to ensure network
security for U31 both in design and deployment. The purpose is to protect the system
from illegal intrusions, illegal access, eavesdropping, and decryption.

Figure 10- 1 Typical U31 Networking Diagram
In the above diagram, the following network components are related to security:
IP network devices, such as switches and routers: are responsible for communications
within the network. Moreover, these devices allow the network to be divided into several
areas through such technologies as VLAN.
Firewall: provides a variety of security functions, such as network isolation, IP packet

filtering, rule settings, and access logs.
VPN gateway: controls the remote access activities and encrypts the data transferred
over the Internet.
Network security software: provides different network security services, including

intrusion detection, access log analysis, authentication, and vulnerability scanning.
In terms of design and construction, U31 complies with a series of security principles for
the purpose of improved network security. The principles are listed as follows:
Overall security
U31 is a part of the whole telecom network and also belongs to the enterprise network of
operators. Therefore, the security solution for U31 should be considered as a part of the
whole network’s security solution. Moreover, U31 should comply with the security
planning for IP addresses of the whole network to ensure overall security.

Division of the whole network into domains
The whole network is divided into different domains by function and positioning. Domains
are defined based on different service levels for easy management of network security,
which shows a clearer structure of the network. When an attack occurs, it will be isolated
in the domain. The U31 system is also divided into independent sub-domains (VLANs) by
function. Domains are isolated from each other by setting the parameters on network
devices. It will facilitate users to locate the sources of network attacks.
Strict boundary control
Security measures, such as firewall and security policies, are taken at the boundary
between U31 and other networks (for example, operators’ enterprise network or other
networks) to control the access to U31 and filter the suspicious access requests.
Moreover, attacks are not allowed from U31 to the connected external networks. These
measures are efficient in reducing the security threats and attacks, and are able to
prevent attacks from spreading to other areas.
Detailed records of network access
The firewall is configured to record detailed logs that can be exported to the dedicated
log server for further detailed analysis. With this function, network administrators can
discover network intrusion events, illegal access attempts, and vulnerabilities of the
network.
Remote access control
Remote clients are not allowed to visit U31 from Internet as it is difficult to ensure security
of the client environment and control the remote clients. If visits from remote clients are
allowed, they need to get access to U31 through the VPN tunnels where data is
encrypted. Moreover, two-factor authentication is required for the clients. After success
authentication, the remote clients are virtualized as internal clients to interact with the
U31 server(s)

10.3 System Security Reinforcement
The purpose of system security reinforcement is to ensure the secure and low-risk
operation of NetNumen™ U31 and related support software, including the U31
application, database, OS, and other support software. The primary approach of system
security reinforcement is modification of the default security settings and module
configuration. It enables users to remove the known security weakness and
vulnerabilities. Attackers cannot find any vulnerability to exploit and fail to intrude into the
system.
10.3.1 Background
The NetNumen™ U31 application and the software it relies on, such as the database,
OS, and third-party software, have multiple modules and configuration items. These
systems may not be in the secure operational state when they are installed or in use.
Moreover, the default security settings of some software cannot comply with the security
requirements of the telecom network and operators. All above-mentioned need to be
modified or corrected before the systems are delivered to operators or during the
operation of the systems. Some weak security settings and vulnerabilities are subject to
virus and malicious attacks if there is no system security reinforcement measure.
Moreover, the security measures for development and design will lose effect.
10.3.2 Principles
The system security reinforcement measures employed by NetNumen™ U31 comply

with the following principles:
Minimum installation: When the system is installed or deployed, only a minimum number
of mandatory modules and services are installed. Optional modules and services are not
installed, reducing the possibility of being the target of attacks. This principle is also
applicable to installation of functions in a module. For example, disabling unsecure ports,
terminating the unnecessary services, and removing the useless shared directories.
The minimum number of necessary accounts and strict authorization: Strict account
management and account policies are implemented. All useless accounts and user
groups are deleted from the system. After software is installed, it has the default security

permission settings. The settings that are not required or used by U31 need to be deleted
or disabled in time, for example the user Guest.
Latest version: if possible, it is recommended to upgrade the system to the latest version.
This measure can fix vulnerabilities and remove the problems that cannot be solved by
manual configuration. It should be notified that this principle is applicable only under the
condition that compatibility is ensured and functions are not changed.
Specific Role definition: Software systems may provide different functionalities according
to their original design. However, after they are deployed in U31, they play the roles only
defined in the project design.
10.3.3 Applicable Scope
System security reinforcement covers not only the NetNumen™ U31 application but also
the software related to U31 security. For example, the support software including OS and
database, and the software collaborating with U31 to provide functions and solutions,
such as remote desktop software, cluster software, and backup software. In terms of time,
system security reinforcement covers the entire lifecycle of U31 and third-party software,
from the start of the formal versions, to the following patches, and to the end of the after
sales service.
System security reinforcement for U31
After U31 is installed, it has the fundamental configurations that provide the basic
security capability. System security reinforcement is to adjust and enforce the security
policies according to the actual situation and customer requirements. The security
policies include the password policies, account policies, and permissions of the file
systems.
System security reinforcement for OS
With years of experience, ZTE provides the system security reinforcement solution for
the following OSs:
1. Windows Server 2008/2012
2. Solaris 10/11

3. CGSL Linux V4/V5
4. Redhat Linux 6.8/7.2
ZTE provides the system security reinforcement solution for the following databases:
1. Oracle 12c/11gR2
2. SQL Server 2008/2012
System security reinforcement for third-party software
Citrix, Veritas, and NetBackup are the third-party software that is a part of U31 solutions.
Security for these applications should also be guaranteed, and their security settings
should be reinforced. ZTE provides the strong password authentication and permission
modifications.
10.3.4 Implementation
The system security reinforcement solution is a typical security solution that requires
both technologies and management. System security reinforcement is a procedure
containing activities in different phases. The detailed procedure is as follows:
1. Before the system is delivered, it should be installed with the latest software. Run
the templates and scripts against the security reinforcement checklist for the OS
and database.
2. When the system is operating, perform the health check periodically and check if
system security reinforcement policies are executed successfully. Moreover,
system security reinforcement is implemented for devices that are newly deployed
in the network.
3. Update the security reinforcement policies periodically or on need upon changes of

software versions or security bulletins. After the security reinforcement policies are
updated, obtain the latest security reinforcement templates and scripts and execute
them on site, complying with the bulletins and security management specifications.
NetNumen™ U31 provides the auto-tools of system security reinforcement detection and
script execution.

10.4 Security Patch and Anti-virus Protection
The NetNumen™ U31 solution includes the third-party hardware/software systems that
can not developed by ZTE and also have security vulnerabilities. Therefore, security
patches for these systems are also managed.
10.4.1 Third-party Security Patch Management
A NetNumen™ U31 security group is founded in ZTE to take charge of security patch
management for related third-party hardware/software systems. Its responsibilities are
listed as follows:
 Working closely with the vendors on security guarantee issues, including Microsoft,
Oracle, IBM, HP, Symantec, and Citrix.
 Keeping pace with the security reports (for example CERT) released by the security
organizations in the industry, and analyzing the third-party hardware/software
security problems mentioned in the reports.
 Maintaining the lists of security patches for all third-party hardware/software.
 Analyzing the effects brought by the security patches of third-party

hardware/software; testing compatibility with U31; releasing, deploying, and
verifying the patches.
10.4.2 Third-party Security Patch Effect Analysis
It should be noticed that not all security bulletins and patches released by third parties
are all applicable to NetNumen™ U31. Therefore, the U31 security group needs to
analyze the security bulletins and the effects brought by the security patches to figure out
if the security bulletins and patches will improve security of the U31 system. The U31
security group can obtain the security patches that are necessary for improvement of
U31 security. Then the group analyzes the effects that the patches bring to U31. It lists
the patches in the trace list and tests compatibility between the patches and U31.
If they are not compatible with U31, the group needs to contact with the vendors for a
further measure, for example a new security patch or any other method. A security patch

is released and deployed on site only when it is proved to be compatible with the U31
system.
10.4.3 Release and Deployment of Third-party Security Patches
If the security patches can pass the test successfully, the NetNumen™ U31 security
group will issue a security bulletin to internal customer service & maintenance
departments and the operators. The customer service & maintenance department will
negotiate with operators on the deployment of third-party security patches. After the
deployment solution is finally designed, it can be implemented. If the effects brought to a
system do not allow smooth and timely deployment, the group will negotiate for a temp
solution.
10.4.4 Anti-virus Software and Virus Library Update
The anti-virus, anti-worm, and anti-Trojan software is installed to protect hosts in the
NetNumen™ U31 system. It focuses on the Windows hosts as these hosts are more
subject to the viruses and attacks.
ZTE works with the well-known security software companies in the industry, including
Symantec, Intel McAfee, and Trend Micro.
Generally, the virus libraries for anti-virus, anti-worm, and anti-Trojan software are
updated frequently. Several updates are available in a week. The following figure shows
the virus library update solution. A virus library server (AV Server) is deployed in the
network, which is allowed to visit the Internet. It is recommended to deploy the server in
the DMZ of the network. The application servers and clients of the U31 system are all
serving as clients to obtain updates from the virus library server. The update policy
should be updated once each week at least.

Figure 10- 2 Anti-virus Software and Virus Library Update Solution
10.5 Application Security
Application security for NetNumen™ U31 focuses on access control that identifies and
trusts users before they are allowed to visit the system, preventing misoperations and
malicious attacks aiming to obtain more permissions. Access control is committed to the
following four aims, matching the four processes respectively, authentication,
authorization, accounting, and auditing:
 Allowing users to execute the permissions granted to them and obtain the
information available for them;
 Rejecting the operations and information that are not granted to users;
 Guaranteeing information integration and privacy.
 Identifying legal users from the illegal ones, checking user permissions, and
recording user operations.

Figure 10- 3 Security Networking for U31
The application security solution covers the every aspect related to storage of EMS
information and resources. The aspects include the login process during human-machine
interactions, authentication activities between servers and clients, EMS resources
access control over northbound interfaces, support for third-party authentication servers,
centralized security, and single-sign on.
10.5.1 Security of Human-machine Interactions
Security of human-machine interactions covers the following aspects: permission model,

account management, user authentication, logs, and auditing.
10.5.1.1 Permission Model and Authorization
The permission model of NetNumen™ U31 is designed based on the RBAC model. We
design the role-based access control model for users. Role-based Security Model for
Permission is region-based and functions based. Different regions and functions
constitute different roles. Permissions are assigned to roles rather than users. Roles with

permissions are granted to users. The permission/region-based, fine-grained security

control is implemented in this way, as shown in the following figure:
Figure 10- 4 Role-based Security Model for Permission/region-based, Fine-grained,

Security Control
The permission model of U31 contains such basic elements as roles, resources,
operations, user groups, and users.
 Resources: are the targets that users want to access or change in the system.
Resources can be NEs, a feature of EMS, or templates (for example task templates
and report templates). The smallest granularity of device allocated to roles as a
resource is NE.
 Operations: are the actions where users operate resources, for example, the read,
add, delete, modify, start, and stop operations.
 Role and role set: A role consists of the operations that the role can perform for the
specified resources. A role set consists of multiple well-defined roles.
 Users: are granted the permissions by assigning roles or role sets to them. After
successful assignment, users can perform the allowed operations for resources

matching the ones defined in roles or role sets. If the actions of users are beyond
the allowed permissions or resources, they are regarded as illegal operations.
 User group: consists of users with the specific permissions. Roles or role sets can
be assigned to a user group. The permissions of the roles or role sets are granted to
the user group accordingly. If a user is assigned to the user group, he or she
automatically has all the permissions of the users or user sets granted to the group.
User groups are used for convenient authorization.
U31 provides some default roles for operators who can define other roles based on the
default ones.
10.5.1.2 Account Management
To improve security and effectiveness during user login activities, NetNumen™ U31
provides a variety of management functions for user accounts/passwords and allows
users to set the related policies; moreover, it allows users to manage the sessions. The
following lists some important policies and mechanisms for account management:
 Password policy and mechanism:
 Users are allowed to set the character types that can be contained in a
password, for example, letter, digit, and non-letter character; whether the
password is case sensitive can also be specified;
 The password cannot contain the username(s)/telephone number(s) or the

reverse-spelling of them. Moreover, it cannot contain the commonly used
words (dictionary detection and black list detection are both supported)
 Password length limitations;
 A password cannot be an old password.
 Password validity management
 Account lock policy

 When the number of consecutively failed password attempts reaches the

specified threshold, the user account is locked;
 Login control policy
 It poses limitations on the following items, the login time, IP address, MAC
address, and the number of concurrent users.
 Security alarming mechanism
 When the number of consecutive failed password attempts reaches the

threshold, the system generates alarms to notify administrators and O&M
personnel that malicious attacks may occur.
Table 10- 1 Account Authentication and Password Policy
No. Account&password Description Purpose

Policy
1 Password length A password cannot be The longer the password

null. The length of a is, the securer it is.
password should meet the
minimum length.
2 Password repetition A password cannot can It eliminates the

any of the previous possibility of using old
passwords. passwords to initiate an
attack.
3 Password validity A password should be A password can be

modified after a certain replaced by a new one
period of time. before attackers decrypt
it.
4 Password strength A password should It raises the difficulty in

contain several types of initiating an attack and
the following items: prevents the directory
upper/lower-case letters, attacks.
special symbols, digits,
and so on.

5 Account lock When the number of It prevents the password

consecutively failed guessing attacks and
password attempts exhaustive attacks.
reaches the threshold, the
user account is locked and
an alarm is generated. The
user is not allowed to log
in before the account is
unlocked.
5 Login address policy The access requests from It prevents the attacks
the specified IP from the hosts that are
addresses, MAC not managed or limited
addresses, and address by the system.
segments are allowed to
log into the system.
6 Login time policy Time periods for login can It prevents the attacks
be specified. initiated beyond the
specified time periods.
10.5.1.3 Authentication
Authentication is the simplest and most efficient security process for security guarantee.
Several authentication solutions are available for scenarios with different security
requirements.
Username/password-based login
Username/password-based authentication is the simplest and most cost-effective

security measure. Security can be ensured by using the authentication method with
perfect account management, permission assignment, and security policy. Security
requirements in most scenarios can be satisfied.
Two-factor authentication
During two-factor authentication, valid physical entities should be in position (USB keys
or smart cards storing the authentication information such as the digit certificate) in
addition to the username and password. The USB keys are inserted into the USB port of
the computer for authentication; intelligent cards require installation of smart card

readers, and they are inserted into or connected to the readers that obtain the
authentication information.
Figure 10- 5 Two-factor Authentication for Login
The purpose of two-factor authentication is to reduce the possibility of illegal intrusion

that commonly happens to single-factor authentication. As leak of passwords and loss of
the USB key/smart card rarely happen at the same time, the two-factor authentication
can effectively reduce the possibility that illegal users log in to the system using valid
user information, improving security during the authentication process.
The digital certificate in the USB key and smart card complies with the X.509 v3 format
standards. The application interface program is based on the PKCS#11 standard and
gets access to the CA server through LDAP. The smart cards supported by NetNumen™
U31 comply with the ISO7819-1/2/3/4 standards.
Integration with third-party authentication servers
As carriers’ networks become more complex than before, a large number of applications
are deployed in the networks. Maintenance complexity and costs are driven up by
independent security management for each application. Therefore, a uniform security
platform needs to be deployed for centralized management and control of these
applications. If carriers have already built a central server for security authentication, U31
can be integrated with the third-party authentication server to implement central security
management.
Presently, U31 supports such standard authentication protocols as LDAP, Radius,

TACACS+, and RSA.
Authentication

Authentication is to judge if U31 operations are illegal. The security module of U31
checks each command and operation of a login user against the authorization
information of the user. Only the authorized commands and operations are allowed. The
system will log it no matter if the command/operation is executed successfully.
The following figure shows the U31 authentication service logic.
Figure 10- 6 U31 Authentication Service Logic
The multiple clients of U31 such as GUI, command line interface, and web interface
share the security authentication server logic of U31. Correct authentication activities can
prevent misoperations and protect the system from malicious attacks such as privilege
escalation.
10.5.1.4 Log and Auditing
The log and auditing functions can record down and manage all the user activities,
including the security log collection and storage, log viewing, log query, and the functions
designed for other auditing purposes.
Log collection and storage

As logs can record the user behaviors, they are important functions that provide
non-repudiation. Log management enables NetNumen™ U31 to store the important
events that occur during operation of U31 for further reference and later analysis/auditing.
Three types of logs are available: security logs, system logs, and operation logs.
Security logs record the following events: user login/logout, user lockout/unlocking. A
record in the security logs includes the username, IP address, login time, and login result
(successful or not).
When users perform operations, the system records the operations in the operation logs.
A record in operation logs include the username, objects involved in the operation,
operation time, details, and operation result.
When system events occur, the system records them in the system logs that include the
sources and details.
Log auditing
As mentioned before, logs provide non-repudiation for user behaviors. By checking the
logs, users can find the exceptional attack behaviors and security problems in time.
Log auditing is generally used by system administrators or security management

personnel. It provides several functions such as event filtering, event statistics, and
auditing reports, which enables users to discover exceptional user login, illegal and
unauthorized operations, and exceptional information printing/export. Moreover, log
auditing facilitates users to discover system vulnerabilities and unreasonable assignment
of user permissions.
Log auditing activities need to work with maintenance management flows to implement
timely, comprehensive auditing of logs and ensure reasonable settlement of problems.
U31 logs can be exported to the standard Syslog format for third-party log analysis tools
such as Splunk and Event log Analyzer to perform further analysis.

10.5.2 Interaction Security
10.5.2.1 Authentication Activities Between the Server and Client
Authentication activities between the server and client can effectively prevent the
Man-in-the-Middle attacks. The NetNumen™ U31 authentication solution can be
implemented in different methods:
One-way authentication: The server authenticates the client.
The username and password should be entered in authentication, and they are
transferred through SSH between the client and the server.
Public key authentication: When the clients are deployed, the public and private key pair
needs to be generated on clients. Moreover, the public key is put on the server. When a
client gets access to the server through SSH, it needs to provide the public key. After the
server confirms that the public key is within the list, it sends a request to the client. The
client returns a response generated using the private key to complete the authentication.
One-way authentication: The client authenticates the server.
Host-key authentication: Clients store the host keys of the servers that they have visited.
If the host key of a server does not exist in the list on a client, the client prompts users to
authenticate the server.
Public key authentication: During server deployment and commissioning, the public and
private key pair is generated, and the public key is available for clients. When a client
visits the server, it decrypts the data from the server by using the public key.
10.5.2.2 Security Between U31 and NEs
Carriers pay much attention on end-to-end security in telecom services. Security

between NetNumen™ U31 and NEs is essential to end-to-end security, which involves
the following aspects:
Secured connections and communications between U31 and NEs: U31 needs to
authenticate NEs, and vice verse. Data is encrypted to prevent data interception and
alteration incidents.

U31 security management of NEs: U31 manages the accounts and passwords for login
into NEs, permission settings, and data certificates. Moreover, U31 provides such
functions as NE security log collection, integrity check of configuration parameters,
security patching, and identification of decrypted NEs (for example a “pseudo device”,
and alarming function for decrypted NEs.
Security guarantee during NE service processes that U31 is involved
The majority of the above problems is related to NE service protocols and is specific to
NEs. If the standards on NEs have already defined the security management methods,
the standards should take preference to act as the service security standards that U31
should comply with.
Regarding the connections between U31 and NEs, when NEs are not located in a
secured area, secure data tunnels can be established by using encryption methods. Two
methods are supported, namely IPSec tunnels and SSH/SFTP, to meet different NE
standards and user requirements.
U31 security management for NEs varies with NE types, but uses the security standards
and levels similar to those for U31 itself. Moreover, the NE service standards should also
be met.
Uniform telecom service standards should be used to guarantee security for NE services
where U31 is involved.
10.5.3 Northbound Interface Security
The northbound interface is the main channel for communications between NetNumen™
U31 and other NMSs/OSSs. The information exchanged through the northbound
interface is the important network operation information that should be secured properly.
U31 northbound interfaces provide the following security functions such as

authentication, encrypted translation, and network/firewall port control. Through
northbound interfaces, external systems are allowed to perform the operations that have
been completely defined on the interfaces.
Authentication

U31 northbound interfaces strictly limit the access from external systems to its managed
devices and services, according to the permission assignment defined already. The
following authentication control policies are provided for different northbound interfaces:
 Database interface: Database user information should be entered for authentication.

Read-only views are available, which provides limited read-only information. The
database users are allowed to visit the views where they are granted limited
permissions, and therefore they are not administrators.
 SNMP: SNMPv3 and high versions are supported, which have authentication
functions.
 CORBA interface: The user authentication method defined by the protocol is

supported.
 FTP interface: SFTP authentication is supported.
 TL1 interface: Encryption and authentication are supported to prevent illegal access
from this interface to the system.
Network access control
After U31 is integrated with other systems, the northbound interface can limit the visits
from certain IP addresses and ports. It allows users to specify the IP addresses and ports
in the network (firewall) settings and U31 server configuration. If the IP address and port
of a visit request do not fall in the specified scope, the northbound interface of U31
rejects the visit request, preventing potential malicious attacks.
Security log of northbound interfaces
U31 records all the operations that external systems perform through the northbound
interfaces. The operations include user authentication information, sources, time, and
operation information. The log is saved together with the security logs for local users for
further security auditing.
Communications data encryption
Encryption can be used during communications between the northbound interfaces and
external systems to protect sensitive data. For example, the FTP interface supports

secure SFTP encryption; the MTOSI/SOAP interface supports the HTTPS SSL
encryption; other interfaces encrypts data using SSH, but the encryption details should
be negotiated with the external systems during the integration process.
10.5.4 Centralized Security and Single Sign-On
The NetNumen™ U31 security center is the solution that provides such functions as
centralized security, single sign-on, centralized log, and auditing, which further improves
the EOU of security systems.
Generally, a telecom system may have multiple applications and devices that require
account-based authentication and implement security management. The following
problems may occur when carriers need to guarantee security for the applications and
devices:
The applications and devices have their own accounts/passwords. System

administrators often experience a hardship in managing and maintaining the accounts
and passwords, and they may make mistakes. Users find they are in trouble to
remember all the accounts and passwords. They may record the account information in a
plain text file, which brings potential security risks.
Each time a user needs to access a system, he or she is required to log in again,
lowering the efficiency in using these applications. If a user sets the same account and
password for different applications, it poses threats to overall security of the system. In
this case, overall system security is lowered to the security level of the most vulnerable
application.
Logs of these applications/devices are stored separately; the auditing process is complex
and tedious. The auditing functions vary in applications/devices.
To solve the above problems, the ZTE U31 security center provides a centralized
security management control platform that provides a variety of functions for users of
applications and devices, such as centralized management, centralized authorization,
centralized authentication, and single sign-on, and centralized log management (logs are
collected from the applications/devices; the collected log data is managed, analyzed, and
audited in a centralized, uniform manner).

Figure 10- 7 U31 Security Center
The U31 security center consists of three modules, for example, user management
service, centralized identification authentication service, and centralized log
management service. In addition, it can be integrated with external third-party
authentication servers and user management servers.
The security center enables system administrators to implement centralized user

account/password management, uniform authentication, uniform authorization, uniform
user session detection and management, and centralized log auditing. Single sign-on is
achieved for the applications, which provides uniform password management.
The security center supports the following protocols and standards:
Centralized identification authentication: It can be integrated with third-party

authentication servers through LDAP, Radius, TACACS+, and RSA.
Centralized user management: It can be integrated with third-party user management

servers through LDAP and TMF615.

Centralized log management: the system can collect the log data from
applications/devices through FTP/SFTP. Moreover, it exports log data to third-party log
management servers through FTP/SFTP and Syslog.
User login method: The system supports various authentication methods, such as
username/password-based login, two-factor authentication (with a digital certification),
and single sign-on that allows users to access all applications after they are
authenticated once.
10.6 Key Data Encryption
Data security protection is the last defense of system security. Assume that the network,
applications, and servers are all threatened; in this case, if data security is ensured,
sensitive data will not be disclosed. Therefore, data security protection is essential to
overall system security. The core functions of key data encryption are system storage
and encryption of transferred data. The purpose is to prevent malicious attacks such as
data interception, detection, decryption and alteration incidents. Even if attackers get the
encrypted data, they find it more difficult than before to obtain useful information from the
encrypted data, which increases the attack costs.
NetNumen™ U31 contains much important data. Therefore, if attackers successfully

intercept or alter the data, it will definitely bring serious effects. The following data needs
to be encrypted for high security:
 Application software files in the file system;
 U31 data in the database:
 Security-related core data, for example passwords;
 Data that is transferred between clients, servers, NEs, and northbound interfaces.
The following diagram shows the data encryption processes within the U31 system.

Figure 10- 8 Data Encryption Processes Within U31
10.6.1 Data Encryption Between the U31 Server and Clients
The data exchanged between the NetNumen™ U31 server and clients primarily includes
the authentication data, commands initiated by clients, and responses from the server.
As sensitive data is transferred between the server and clients, it is of great necessity to
encrypt the confidential data to prevent data interception and alteration incidents.
U31 clients supports the encryption methods such as SSH for login and interactions with
the server.
SSH/SFTP is used for communications between the U31 GUI/MML clients and the
server, which encrypts the data exchanged. Currently, SSH v2.9 is supported.
SSH/SFTP supports the following encryption algorithms and protocols:
 Private key exchange: Diffie-Hellman
 Public key exchange: RSA algorithm (private key length: 2048 bits)
 Encryption algorithm for data transmission: 3DES (private key length: 168 bits),
AES (128 or 256 bits), and Blowfish
 One-way encryption and abstract: MD5 and SHA1

 The CLI client supports putty (Windows) and the ssh command (Unix/Linux).
10.6.2 Data Encryption for Northbound Interfaces
The data transferred over northbound interfaces is important network service data, for
example, alarms, network performance indexes, configuration parameters, and system
assets. The sensitive data needs to be encrypted so that it will be intercepted or
decrypted. NetNumen™ U31 may be integrated with a variety of systems through
northbound interfaces, and it is unable to complete encryption by itself. Therefore, U31
needs to collaborate with the systems to encrypt the data over the entire link.
The following lists the encryption methods supported by the U31 northbound interfaces:
 FTP interface: Transferred files are encrypted by SFTP.
 Command line interface: SSH encryption is supported.
 MTOSI/SOAP interface: SSL/TSL-based HTTPS encryption is supported.
 Other interfaces: After U31 negotiates with the systems that it integrates with, they
encrypt the transferred data by using SSH.
10.6.3 Data Encryption for Databases
NetNumen™ U31 uses the encryption methods that come along with the database
software. For example, Oracle uses the TDE technology and such algorithms as 3DES
(private key length: 168 bits) and AES (private key length: 128/256 bits).The transparent
encryption methods coming along with databases enable much easier data migration
and private key management compared with application-layer encryption.
Data encryption has certain effects on data access performance of databases. It is

optional or absent, provided that databases are well managed (including database
account/password management, account authorization, and appropriate security
reinforcement).

10.6.4 One-way Encryption for Passwords
As user passwords are confidential data, they should be converted into ciphertext
through one-way when they are stored in the system, for example, in the memory, files,
or databases. During data interaction process starting from data input, then
transformation, and to storage, user passwords are all in the form of ciphertext.MD5 is
used in one-way encryption.
Passwords handled through one-way encryption cannot be reconverted into plain text.
After users enter passwords upon authentication prompts, the system performs one-way
encryption and compares the ciphertext with that in the database. Authentication is
successful if the password entered is correct; otherwise, authentication fails. During
authentication, no plaintext is involved in comparison, preventing memory sniffing
attacks.
10.6.5 Data Encryption between NetNumen™ U31 and NEs
In most network designs, connections between EMS and NEs are allocated within
dedicated networks. External devices are allowed to visit NEs through EMS rather than
visit NEs directly. Data exchanged between EMS and NEs cannot be detected or
intercepted, and needs no encryption as a result.
Along with rollout of new telecom services and emergency of different NE types, some
NEs are deployed in the networks with relative lower security, or even in the Internet. In
this case, data exchanged between EMS and NEs should be encrypted. Presently,
IPSec tunnels or SSH/SFTP is used to encrypt data between EMS and NEs.
11 Reliability
11.1 Reliability Design
Reliability design helps to improve overall performance of NetNumen™ U31 while

lowering the uncontrollable risks. It primarily includes hardware reliability design,
software reliability design, and designs of HA and disaster recovery.

Hardware reliability design:
 Disk mirroring: The data on the active disk is copied to the standby disk, and vice
verse. It lowers the risk that U31 server(s) cannot be restarted due to damage of
disks.
 Disk data protection: Raid is used to protect data on disk arrays. Raid 0, Raid 5, and
Raid 10 are all supported to achieve hardware data protection. Raid lowers the risk
that U31server(s) cannot be restarted due to damage of disk arrays.
 Others: Redundant hardware parts are deployed, for example, network interfaces,
HBA cards, and switches. The purpose is to ensure reliable and secure operation of
U31.
Software reliability design:
 U31software: U31 operation involves multiple processes. When a process exits with
error(s), U31will automatically restart the process or generate alarms to prompt
users to handle the process manually. The related operations are logged for O&M
personnel to locate faults and figure out causes.
 HA or disaster recovery: When the U31system is unable to manage NEs properly

due to breakdown of the active U31server or the database, the HA or disaster
recovery solution can take effect to start the standby U31system that assumes the
role of the active to detect and manage the network. For details, refer to 8.3 and 8.4.
 Data backup: U31 data is backed up periodically. When faults occur to U31, the
service data backed up is imported to U31 for the purpose of secure operation of
the system. It prevents the service data loss caused by U31 disk/disk array
damages or database breakdown. For details, refer to 11.6.
For the HA solution design, refer to 11.3.
For the disaster recovery design, refer to 11.4.

11.2 Reliability Indexes
NetNumen™ U31 has the following reliability indexes:
 MTBF >= 8757 hours (in a HA environment)
 MTTR <= 8 minutes (in a HA environment)
 Availability >= 99. 9985% (in a HA environment)
 HA switchover time <= 8 minutes
 U31 startup <= 5 minutes
 System exit time <= 5 minutes
11.3 HA Solution
In the NetNumen™ U31HA solution, dual redundancy is designed to deal with software
failures occurring to the U31 servers; by connecting both the two servers to the RAID
disk array or storage area network (SAN), data loss and network/service interruption
caused by equipment damages are well prevented. The two major problems that affect
the stability of O&M networks thus are solved to some extent.
According to carriers’ existing networks, U31 HA solution provides two networking

methods: When there is no SAN, configure two local servers plus a disk array to
implement high availability; otherwise connect the local dual-redundancy system directly
to the SAN. No additional disk array is necessary and carriers’ CAPEX is reduced.
The following figure shows a local dual-server system with a shared disk array, which is a
commonly used networking method. The U31server software and VCS are installed
respectively on each of the active and standby server. The database is installed on the
RAID disk array. Both the active and standby U31servers need to be powered on.
However, only the U31server program at the active server is started; the applications at
the standby server remain inactive. When VCS detects that the active server fails, it
starts automatically the U31server software at the standby server that then takes over
immediately as the active server.

Figure 11- 1 Dual-server System Sharing a Disk Array
The following figure shows the local U31 dual-server system with SAN. If the carrier’s
existing network has a SAN, simply connect the local U31dual-server system to the SAN.
Disk arrays are deployed to the SAN. The work principle is similar to the previous
networking method, namely local dual-server system with a shared disk array.
Figure 11- 2 Dual-server System Based on SAN
Currently, U31 supports such operating systems Solaris, Redhat Linux and CGSL Linux.
Under these operating systems, the cluster software Symantec VERITAS is used to
implement the dual-server system.

 Features
 Its active and backup EMS server systems are located in one equipment room
and connect with one same disk array which saves both database data and
EMS data.
 In normal situation, the active EMS provides EMS services for the integrated
network while the backup system is in hot backing up status.
 The active server and the backup server mutually monitor the other part status
through heartbeat line. When the backup system detects the active system
fault such as system breakdown, or a hardware and software fault, it will take
the place of the active system to support EMS. After the taking over, none
EMS data is changed and keeps exactly the same as before.
 The active and backup systems share one EMS virtual floating IP address
which shields the specific running EMS thus is able to provide transparent
EMS services to EMS clients.
The active and backup systems share the same database system located in disk array.
This ensures the data consistency of both systems. Disk array is configured in mode of
RAID1+0 and provides HotSpare hard disk to automatically take place of faulty hard disk.
The RAID1+0 mode adopts RAID1 mirroring method to accomplish complete data
redundancy backup and adopts RAID0 method to accomplish disk connection and
expansion to enlarge disk space and increase I / O management efficiency.
 Advantages
 HA EMS enables EMS running stably and reliably.
 Disk array being divided in RAID1+0 mode with HotSpare hard disk enable
EMS data and database data to be located in the same disk array thus ensure
data security and reliability.
 Because the active and backup EMSs share the same data in the same disk
array, the data is in complete consistency after active and backup alternation.

 The active and backup systems share one EMS virtual floating IP address
which shields the specific running EMS thus is able to provide transparent
EMS services to EMS clients.
 Because the active and backup EMSs are located in one place and use
cross-connection line as the monitoring heartbeat line, the status inspection
between dual systems is precise and free of interference caused by unstable
network thus avoids wrong alternation.
 Because the two systems keep close, database and EMS server can
respectively run in two sets of equipment in the dual-system and thus can
achieve load balance and optimize EMS performance.
 It saves costs. With less investment, it can accomplish HA of EMS.
 Disadvantages: No remote disaster recovery function
11.4 Disaster Recovery Solution
When telecom networks fail because of unplanned breakdowns (such as device failures,
software errors, network disruptions, power failures) or natural disasters (such as fire
disasters, floods, earthquakes, hurricanes), the local HA solution is unable to protect
normal operation of U31 and a disaster recovery solution is needed to ensure
NetNumen™ U31service continuity.
Disaster recovery refers that a remote redundant system has been constructed for a local
system. When the local system fails due to disasters, the remote redundant system can
take over as the active system using the data backed up so as to provide uninterrupted
service. Disaster recovery becomes more important than before because nowadays the
telecom industry focuses on network reliability and service availability.
If the active EMS is allocated in the same network segment as the backup EMS, the two
systems can share one EMS virtual floating IP address and accomplishes transparent
management for EMS clients. If they are not in one segment, the active and backup
systems provide EMS services through different IP addresses.

Because carriers have different requirements for disaster recovery functions and
different EMS investment budgets, there are three solutions to accomplish remote
dual-system disaster recovery EMS as the following lists.
 Remote dual-system disaster recovery (1+1 mode) solution: Either the active or the
backup EMS has its own server to provide EMS data remote disaster recovery
backup and EMS remote HA.
 Remote dual-system disaster recovery (2+1 mode) solution: The active EMS is
composed of a set of dual-machine EMS while the backup system consists of only
one server to provide EMS local dual-machine function at key nodes and remote
disaster recovery function.
 Remote dual-system disaster recovery (2+2 mode) solution: Either the active or the
backup system is composed of a set of dual-machine EMS to provide EMS local
dual-machine function at active and backup nodes, remote disaster recovery
function and remote HA function.
Remote dual-system disaster recovery (2+2 mode) solution is designed especially for
high-end EMSs. So it is recommended to use remote dual-system disaster recovery
EMS in Unix environment not to use EMS in Windows environment.
The most frequently used solution is the 1+1 mode disaster recovery solution which is
introduced below. In this solution, either the active or the backup EMS has its own server.
Normally, the EMS is composed of one main EMS server, dual-system disaster recovery
software and one backup EMS server. It adopts VPN network to connect the active
system with the backup system. Its networking is shown in figure below.

Figure 11- 3 Disaster Recovery Solution(1+1 mode)
Currently, U31 supports such operating systems as Solaris, Redhat Linux and CGSL
Linux. Disaster recovery is not supported by Windows. Solaris, Redhat Linux and CGSL
Linux supports the disaster recovery solution implemented by Symantec VERITAS.
 Features:
 In normal running situation, the active EMS provides EMS services for the
integrated network while the backup system is in hot backing up status. The
active EMS synchronizes database data and EMS related data with the
backup EMS.
 In normally, We support the geograpgical resilience solution, whereby a

primary and secondary EMS is physically located at separate Data
Centres. Veritas Cluster Server is used as HA software in the geographic
resilience solution. The VCS provide the protect from Linux OS Failure,Oracle
DB Failure,EMS Failure ,VM Host , Host Hardware Failure, Mgmt Network
Failure, Storage Connectivity Issues .
 The data will be replicated between data centers at an application level using
Veritas Cluster Server VVR component. The data will be replicated between
servers by VVR real-time. There are primary and secondary heartbeats in our
solution which help to monitor the servers running status. It’s able to configure
enable or disable an automiatc failover from Hot Standby Primary to
Secondary EMS server by setting the ClusterFailOverPolicy attribute to Auto.
When the ClusterFailOverPolicy attribute is configured to Auto, if there is a
failure detected in the active server, it will automatically switch to the remote

standby server. When the ClusterFailOverPolicy attribute is configured to

Manual, there will be no switchover. Manual operation is required to
switchover.
 The active server and the backup server mutually monitor the other part status
through heartbeat line.
 When the backup system detects the active system fault such as system
breakdown, or a hardware and software fault, it will take the place of the active
system to support EMS and get synchronized with previous active system.
After the taking over, the previous active EMS becomes the current backup
system and the previous backup system becomes the active system.
 Advantages
 EMS data remote disaster recovery function makes EMS data safe and
reliable.
 EMS remote HA enables EMS running stably and reliably.
 It saves costs. With less investment, it can accomplish remote disaster

recovery and HA functions of EMS.
 Disadvantages
 The active and backup EMS data synchronization is accomplished by a

remote network. The network delay or fault can result in the active and backup
EMS data synchronization problem thus interfere the active and backup
system data consistency.
 If they are not in one network segment, the active and backup EMSs use
different IP addresses to provide EMS services.
 Due to the long distance between the active and backup systems, it is hard to
achieve load balance between database and EMS server.

11.5 Link Protection Solution
The links between NetNumen™ U31 and NEs go through the gateways. If gateways are
faulty, the NEs will be disconnected from U31 and cannot be managed properly. Active
and standby gateways are deployed. If the active gateway is faulty, U31 is able to interact
with NEs through the standby. This measure improves the U31 management
effectiveness and lowers the risk that NEs are disconnected from U31 due to a faulty
gateway and its broken link.
11.6 Data Backup Solution
NetNumen™ U31 provides the data backup functions that improve system reliability. The
data backup functions allow users to back up the U31 NE configurations, Topo
configurations, alarm rules, performance tasks, policy tasks, historical alarms, logs,
performance data …. These data are exported form database with a customized
frequency and saved as compressed files on hardware storage devices such as disks
and tapes. Even if the server hardware is damaged, the above-mentioned data will not
be lost. When needed, the backup data can be imported to U31 for system and data
restoration and other use. The supported functions are listed as follows:
 Database backup: supports the complete backup of U31 databases, including the
database table structure and basic data (for example the topology links and
configuration data).
 Log backup: backs up and stores the system logs, operation logs, and security logs.
 History alarm backup: backs up and stores the history alarms in U31.
 History performance data backup: backs up and stores the history performance
data in U31.

12 Management Capacity
12.1 Environments
Based on JAVA, NetNumen™ U31 supports multiple operating systems, including:
 Windows: Windows Server2003/2008/2012
 Linux: CGS Linux V4/V5/Redhat Linux7.2
 UNIX: Solaris 10/11
U31 supports the following databases:
 ORACLE 11gR2/12c
 MS SQL Server 2012
U31 clients support the following operating systems: Windows 7
12.2 Network Scale Managed
The concept of “wireline-LE” is introduced for easy calculation as the different types of
NEs vary greatly in management model complexity.
Currently, the traffic volume of AM, PM, and CM within a certain period (namely, tpmc is
7) is regarded as that of a wireline-LE. A physical NE is converted to wireline-LEs
accordingly. Different types of NEs and the number of ports are converted into a number
of wireline-LEs according to the system resources occupied by them, which are easy for
further calculation. For details about the coefficient of wireline-LEs, refer to the next part
of this chapter.
U31 servers can be deployed on different hardware products. Its management capability
vary in the hardware products..

If NetNumen™ U31 is deployed on an X86 server, it is able to manage the following

scales of networks:
 Small-scale network: 300 wireline-LEs or less
 Common network: 300 – 4,000 wireline-LEs
 Middle-scale network: 4,000 – 13,000 wireline-LEs
 Large-scale network: 13,000 – 25,000 wireline-LEs
 Extra-large-scale network: 25,000 – 40,000 wireline-LEs
For the corresponding hardware platforms of different network scales,please refor to the
hardware configuration of this chapter.
12.3 Coefficients for Wireline-LEs
12.3.1 Coefficients for Conversion between Other NEs and Wireline-LEs
<The number of wireline-NEs in other domains>=

the number of NEs (type 1)*the coefficient 1+……+the number of NEs (type n)*the
coefficient n.
Table 12- 1 Coefficients for Other NEs
Number of
Category NE TPMC
Wireline-LEs
ZXDSL
8210/8220/8203/921
30 (512 lines) 3
0/9210M/9203/9800/
9803
Fixed access devices ZXDSL

(DSL series) 8416/8426/9426/980
15 1.5
6A/9806E/9806I/980
6H
ZXDSL9836,
1.5 (24 lines) 0.15
ZXDSL9816

Number of
Category NE TPMC
Wireline-LEs
ZXA10 T600 60 6
ZXA10 U300 30 3
S100, S200, S300 15 1.5

Fixed access
devices(MSAG ZXA10 C300M 60（1024Lines） 6
devices) ZXA10 C350M 15（256Lines） 1.5
ZXMSG 5200 30（512Lines） 3
ZXMSG 5600 60（1024Lines） 6
ZXA10 C200/C320 30 3
ZXA10 C220 60 6
ZXA10 C300 120 12
ZXA10 C600 180 18
ZXA10 C610 20 2
ZXA10 C620 30 3
ZXA10 C650 90 9
ZXA10 C680 360 36
ZXA10 C6XX slice 30 3
FTTB ONU devices

1.5 (24 Lines) 0.15
(ZXA10 F8XX series)
Fixed access devices
(PON devices) FTTH ONT devices
(ZXA10 F4XX series,
ZXA10 D4XX series,
ZXA10 F5XX series,
ZXA10 F6XX series,
ZXA10 F7XX series,
ZXA10 F1XXX
0.05 0.005
series, ZXHN F4XX
series, ZXHN F6XX
series, ZXHN F1XX
series, ZXHN F2XX
series, ZXHN F1XXX
series, ZXHN F2XXX
series)
Fixed access devices ZXA10 9852G

4(16 Lines) 0.4
(DPU devices) ZXA10 9819G

Number of
Category NE TPMC
Wireline-LEs
Fixed access devices

ZXWDM1232 4(32 Lines) 0.4
(WDM devices)
Fixed access devices eOMU 210 30 3
(eOMU devices) eOMU 510 120 12
12.4 Hardware Configuration
This section introduces the hardware configuration requirements for NetNumen™ U31
servers.
The following principles should be followed when server hardware planning is made:
 If the network contains less than 25,000 wireline-LEs and the carrier expects to
save costs, it is recommended to deploy the U31 server on the X86 PC server.
The following table shows the available hardware configurations appropriate for different
network scales.
Table 12- 2 Hardware Configurations Matching Network Scales
Network PC Server (Support for Windows and

Scale CGSL,Minimum Configuration Requirements)
300 CPU:
wireline-LEs Frequency: 2.0GHZ or higher
CORE:4cores or higher
Memory: 16GB or higher
Hard disk:300GB
4000wirelin CPU:
e-LEs Frequency: 2.0GHZ or higher
CORE: 8 cores or higher
Quantity: 2
Memory: 32GB or higher
Hard disk:600GB or higher,Quantity: 2
13000wireli CPU

Network PC Server (Support for Windows and

Scale CGSL,Minimum Configuration Requirements)
ne-LEs Frequency: 2.3GHZ or higher
Quantity: 2
Memory:48GB or higher
Hard disk
Capacity: 600GB or higher
Quantity: 4
25000wireli CPU
Quantity: 4
Memory
64GB or higher
Hard disk
Quantity: 4
40000wireli CPU
Quantity: 4
Memory
96GB or higher
Hard disk
Quantity: 8
Disk Array
Hard disk：10*900GB or higher
The following table shows the client configuration.
Table 12- 3 Client Configuration
Network PC VM or server(used to
Scale estimate AOS or Citrix server
resources)

Network PC VM or server(used to
Scale estimate AOS or Citrix server
resources)
4000wirelin CPU: CPU:

e-LEs Frequency: 2.0GHZ or higher Frequency: 2.0GHZ or higher
Memory: 2GB or higher Memory: 2GB or higher
Hard disk:50GB or higher Hard disk:50GB or higher
Network Bandwidth: >=4Mbit/s (The number of active alarms is less than

10,000. 4 M bandwidth is added for every 10,000 active alarms.)
13000wireli CPU: CPU:

ne-LEs Frequency: 2.0GHZ or higher Frequency: 2.0GHZ or higher
Memory: 4GB or higher Memory: 4GB or higher
Hard disk:50GB or higher Hard disk:50GB or higher


ne-LEs Frequency: 2.6GHZ or higher Frequency: 2.2GHZ or higher
Memory: 4GB or higher vCore: >=2
Hard disk:50GB or higher Memory: 4GB or higher
Hard disk:50GB or higher


ne-LEs Frequency: 3.0GHZ or higher, 64-bit Frequency: 2.4GHZ or higher
Memory: 8GB or higher vCore: >=3
Hard disk:50GB or higher Memory: 8GB or higher
Hard disk:50GB or higher
Network Bandwidth: >=12Mbit/s (The number of active alarms is less

than 30,000. 4 M bandwidth is added for every 10,000 active alarms.)
Table 12- 4 Client Configuration(Related Configurations)
Configuration Technical Parameters
Network interface At least 1 FE interface
CD-ROM DVD driver
Monitor 19” LCD

12.5 Software Configuration
This section introduces the software configuration including the server and clients.
It lists the software available for the server, including the system software and EMS
software.
The following lists the software installed on the U31 server:
 System software: primarily includes OS and database software.U31 can operate

under the Windows, CGSL Linux, and Solaris. The following table shows the
matching databases for the OSs.
 HA software: VERITAS
 EMS software: NetNumen™ U31 software
Table 12- 5 System Software Configuration
Software OS Database
Platform
X86(Windows Microsoft Windows Server 2012 Microsoft SQL Server 2012 R2

64bit) Standard
X86(Linux 64bit) CGSL Linux V4/V5 64bit Oracle11gR2/Oracle 12c

Redhat Linux V7.2 64bit
The following table shows the HA software configuration.
Table 12- 6 HA Software
Software Platform HA Software
Solaris VERITAS 6.x for Solaris
CGSL\Redhat Linux VERITAS 6.x for Linux
The following table shows the client software configuration.

Table 12- 7 Client Software Configuration
Configuration Technical Parameter
OS Windows 7 Professional
Anti-virus software Trend, McAfee, or Norton
12.6 Virtual Machine Configuration
This section introduces the virtual machine configuration requirements for NetNumen
U31 servers. In the virtual machine situation, the operator will deploy the cloud data
center, and all the related IT systems are deployed on the cloud data center. Then in this
situation, only virtual machine configuration requirements are needed to be indicated.
The software configuration requirement is same as the standalone configuration
environment, including OS , database and HA systems.
The following tables show the available configurations appropriate for different network
scales.
Table 12- 8 Virtual machine configuration requirement according network

scales(Database and U31 co-located)
Equivalent Wireline Virtual Machine Requirement

Element (Database and U31 co-located)
CPU: >=2.0GHz, >=8vCore

≤ 300 wireline-LEs RAM: >=16G
Storage:300G

Storage:600G

Storage:900G

≤ 25000 wireline-LEs RAM: 64G
Storage:1.2T (Disk Array is Recommended)
>25000 wireline-LEs Distributed deployment is recommended.

Table 12- 9 Virtual machine configuration requirement according network

scales(Database and U31 deployed separately)
Equivalent Wireline Virtual Machine Requirement

Element (Database and U31 deployed separately)
U31 server:
RAM: >=24G
Storage:200G
≤ 4000 wireline-LEs
Database:
RAM: >=24G
Storage:400G
U31 server:
RAM: >=32G
Storage:300G
Database:
RAM: >=32G
Storage:600G(Disk Array is Recommended)
U31 server:
RAM: >=48G
Storage:300G
Database:
RAM: >=48G
Storage:900G(Disk Array is Recommended)
> 25000 wireline-LEs Distributed deployment is recommended.

13 Performance Indexes
13.1 Performance Index List
Table 13- 1 System Performance Indexes
Category Index Value
Capacity Max number of 40,000 Wireline-LEs

Indexes managed NEs (a single
server)
Number of managed The maximum of managed MDUs(24 lines)

physical nodes in access networks is 110,000
Number of managed Maximum: 3,000,000 ONTs

ONTs
Alarm processing  Centralized Deployment:

capacity (alarm count/s) The average alarm processing capability is
150 pieces/second; the peak processing
capability is 250pieces/second and can last
for 15 minutes with no loss of alarms.
 Distributed Deployment:
The peak processing capability is
1000pieces/second and can last for 15
minutes with no loss of alarms.
Performance data 400

storage capacity
(counter count/s)
Max number of login 200

clients
Max number of 200

concurrent clients
System System software ≤30 minutes

Indexes installation time
System software ≤30 minutes

upgrade time
Time to roll back upon ≤4 hours


upgrade failure
Patch upgrade time ≤30 minutes
Startup Client startup delay (s) ≤3 seconds

Speed Client login delay (s) ≤7 seconds
Delay in opening client ≤3 seconds

views (s)
Server hot startup time ≤5 minutes

(s)
Operation Current alarm query ≤2seconds

Performanc delay (s)
e History alarm query ≤5 seconds (it takes 5 seconds to display
delay (s) the first page; 50,000 records are prepared
in 30 seconds)
Alarm submission delay ≤2seconds

(s)
Delay in transferring ≤10seconds

alarms through
northbound interfaces
(s)
Performance data query ≤5 seconds (it takes 5 seconds to display

delay (s) the first page; 100,000 records are prepared
in 60 seconds)
Batch data export delay ≤10seconds

(s)
Log query delay (s) ≤2seconds
Storage Max number of the 10,000,000

Capacity alarm records stored
Max size of the alarm 60GB (one alarm record data size is 6KB)
data stored
History alarm and log 365 days (Max)

retention period(Max) 180 days (default)
Raw performance data 3 months (for a collection granularity of 15

retention period minutes)
Report data retention 3 month

period

Operation log capacity 1,000,000
Max number of the 17,000,000

log(Operation log,
security log and system
log) records stored
Max size of the 170GB (one log record data size is 10KB)
log(Operation log,
security log and system
log) data stored
NBI Max number of 50 TL1sessions

Indexes concurrent TL1
Northbound Interface
sessions
Max number of 50 TL1 commands

processing commands
of TL1 Northbound
Interface per second
Max number of 50 Webservice sessions

concurrent Webservice
sessions
Max number of 50 Webservice commands

processing commands
of Webservice
per second
HA Switchover between <= 8 minutes

switchover remote active and
time standby servers
Stability Mean time between >= 8757 hours

failures(MTBF)
Mean time to <= 8 minutes (in a HA environment),

repair(MTTR) <= 3 hours(in a single server environment)
0.999985 (in an HA environment) ,
Availability 0.999657(in a single server environment)
(availability=MTBF/<MTBF+MTTR>)
Downtime ≤42 minutes (in an HA environment, the


formula is 24*365*0.00008*60=42 minutes)
Configuration data ≤10 minutes (for recovering application-level
recovery time configuration data)
≤40 minutes (for recovering application-level
All data recovery time data, excluding historical alarm and performance
data)
Database and NM software
≤1.5 hours
recovery time
Processing Performance collection Maximum performance records that can be

capability capability collected within 15 minutes in each
collection mode:
 SNMP collection:
600,000
 BULK collection:
1200,000
13.2 Transmission Indexes
Table 13- 2 Transmission Indexes
Bandwidth Requirement
Bandwidth 2M at least
between
U31
servers
Bandwidth 2M at least
between a
U31 client
and the
server
Bandwidth When the management communication is out-of-band management,

between the bandwidth can be fixed as 100 Mbps. The out of bandwidth will not
NEs and
share the bandwidth with the service and will not impact the service.
the U31
When the management communication is in-band management, the
server
bandwidth will be assured and best effort.The configuration, alarm
reporting, performance collecting, polling operations requires about

Bandwidth Requirement
200kbps bandwidth. The backup and upgrade requires 10Mbps. So the

bandwidth planning for a single NE is as follow.
Committed Information Rate: 200kbps
Peak Information Rate: 10Mbps
The bandwidth between EMS and NEs depends on the number of NEs
and the concurrent ratio, which are scale in non-liner manner. The
bandwidth planning for between EMS and NE is as follow.
• Committed Information Rate (CIR)
‐ N×P<10: 2Mbps
‐ N×P>=10: C=2048k+ (N×P-10) × 200kbps
• Peak Information Rate (PIR)
‐ N×P<10: C=N×P×10240kbps
‐ N×P>=10: 100Mbps
C: indicates the bandwidth needed to ensure service quality and
prevent congestion during normal network operation.
N: indicates the number of physical NEs.
P: indicates the proportion of concurrently operated NEs to all NEs.
If there are 200 NEs, and the concurrent ratio is 20%, then the CIR is
7.85 Mbps and PIR is 100Mbps.
13.3 Physical Indexes
The NetNumen™ U31 server and disk array are rack mounted and will be installed in a
19-inch B6080-22 rack. A U31 client can be a desktop PC or workstation.
13.3.1 Dimensions
W×D×H: 600mm×800mm×2200mm
13.3.2 Weight
An empty rack weighs about 110kg. The weight of a full rack depends on its
configuration.

13.4 Power Indexes
The equipment room must be equipped with a UPS or an inverter, together with a
generation set.
Different power sockets in the equipment room must be strikingly marked.
AC power supply indexes are as follows:
 Three-phase power supply: 380 V±10%, 50 Hz±5%, wave shape distortion<5%
 Single-phase power supply: 220 V±10%, 50 Hz±5%, wave shape distortion<5%
 Voltage wave shape distortion of the standby generator<10%
13.5 Environment Requirements
13.5.1 Equipment Room Requirements
13.5.1.1 Temperature and Humidity Requirements
Table 13- 3 Temperature and Humidity Requirements
Temperature Relative Humidity
Long term Short term Long term Short term
15 ℃ - 30 ℃ 0 ℃ - 40 ℃ 20% - 80% 20% - 90%
Note:
The temperature and humidity are measured at the place 1.5m above the floor and
0.4m in front of the rack without front or rear protective boards.
Short term refers to a time period within 48 hours and the accumulated time should not
exceed 15 days.
Table 13- 4 Other Climate Requirements
Climate Index Requirement
Height above sea level ≤4000 m

Climate Index Requirement
Air pressure 70 k Pa - 106 k Pa
Temp. Change Rate ≤2 ℃/min
Sun radiation ≤700 W/m²
Heat radiation ≤600 W/m²
Wind speed ≤1 m/s
13.5.1.2 Air Sanitary Requirements
 No blast, magnetism, electricity, or causticity
 Mechanical active substantial deepness requirements must be compliant with

following table.
Table 13- 5 Mechanical Deepness Requirements
Mechanical Active Unit Requirement

Substance
Dust particle X/m³ ≤3×104

(no visible dust in 3 days)
Note: diameter ≥5 μm
 Chemical active substantial deepness must be comply with following table:
Table 13- 6 Chemical Deepness Requirements
Chemical Active Unit Requirement

Substance
SO2 mg/m³ ≤0.20
H2S mg/m³ ≤0.006
NH3 mg/m³ ≤0.05
Cl2 mg/m³ ≤0.01
13.5.1.3 Biological Environment Requirements
 Protection from epiphyte, leaf mold, and any other bacteria.

 Protection from rodent animals like mouse.
13.5.1.4 Mechanical Stress Requirements
Table 13- 7 Mechanical Stress Requirements
Index Sub-index Requirement
Sine vibration displacement ≤3.5 mm -
acceleration - ≤10.0 m/s²
frequency 2 Hz - 9 Hz 9 Hz - 200 Hz
Non-steady Impact responseII ≤100 m/s²

impact Static load 0
Note:
Impact response: Max. response curve of acceleration in the appointed impact. Impact
responseII represents that the time for half-sine impact response is 6ms.
Static load: The pressure on the equipment package box when it is placed by the
appointed pile mode.
13.5.1.5 Illumination Requirements
The following illumination requirements should be satisfied:
 No blinking, no glaring, high lightness, and an even distribution of light;
 No light beam strikes a smooth surface; especially, as the monitors and control
panels are at a place 0.8m above the floor, the brightness there should be equal to
or greater than 400Lx.
13.5.1.6 Grounding Requirements
 Grounding Modes
 Up grounding for the cabinet
 Down grounding for the cabinet
 Grounding Resistance:

 Joined resistance for the cabinet: 0.1 Ω~ 0.3 Ω
 Grounding resistance for the equipment room: <1 Ω
13.5.2 Transportation Environment Requirements
The following standards should be followed during transportation:
 GB 4798 Environmental conditions existing in the application of electric and

electronic products
 ETS 300019 Equipment Engineering (EE); Environmental conditions and

environmental tests for telecommunications equipment
 IEC 60721 Classification of environmental conditions
13.5.2.1 Temperature and Humidity Requirements
The climate during transportation should comply with the requirements below.
Table 13- 8 Transportation Climate Requirements
Index Requirement
Temperature 0 ℃ - 40 ℃
Relative humidity 5% - 95%
Sun radiation ≤1120 W/s²
Heat radiation ≤600 W/s²
Wind speed ≤30 m/s
13.5.2.2 Sanitary Requirements
 No blast, magnetism, electricity, or causticity

following table.

Table 13- 9 Transportation Mechanical Deepness Requirements

Substance
Suspend dust mg/m³ N/A
Drop dust mg/m²·h ≤3.0
Sand mg/m³ ≤100
Note:
Suspend dust: diameter ≤75 μm
Drop dust: 75 μm≤diameter≤150 μm
Sand: 150 μm≤diameter≤1000 μm
 Chemical active substantial deepness must be compliant with following table:
Table 13- 10 Transportation Chemical Deepness Requirements

Substance
SO2 mg/m³ ≤0.30
H2S mg/m³ ≤0.10
NO2 mg/m³ ≤0.50
NH3 mg/m³ ≤1.00
Cl2 mg/m³ ≤0.10
HCl mg/m³ ≤0.10
HF mg/m³ ≤0.01
O3 mg/m³ ≤0.05
13.5.2.3 Biological Environment Requirements
The mechanical stress during transportation should comply with the requirements below.

Table 13- 11 Transportation Mechanical Stress Requirements
Sine displacement ≤7.5 mm - -

vibration acceleration - ≤20.0 m/s² ≤40.0 m/s²
frequency 2 Hz - 9 Hz 9 Hz - 200 Hz 200 Hz - 500 Hz
Random Acceleration 10 m²/s³ 3 m²/s³ 1 m²/s³

vibration density
frequency 2 Hz - 9 Hz 9 Hz - 200 Hz 200 Hz - 500 Hz
Non-steady Impact ≤300 m/s²

impact responseII
Static load ≤10 k Pa
Note:
response II represents that the time for half-sine impact response is 6ms.
Static load: The pressure on the equipments package box when it is placed by the
13.5.2.5 Waterproof Requirements
The following conditions must be satisfied during the transportation procedure:
 The packing case must be intact.
 The vehicle should provide rain shelter measures to ensure that no rain water
enters the packing case.
 There is no accumulated water in the vehicle.
13.5.3 Storage Environment Requirements
The following standards should be followed during storage:
 GB 4798 Environmental conditions existing in the application of electric and

electronic products
 ETS 300019 Equipment Engineering (EE); Environmental conditions and

environmental tests for telecommunications equipment

 IEC 60721 Classification of environmental conditions
13.5.3.1 Climate Requirements
The climate for storage should comply with the requirements below.
Table 13- 12 Storage Climate Requirements
Index Requirement
Temperature 0 ℃ - 40 ℃
Relative humidity 10% - 90%
Sunlight radiation ≤1120 W/s²
Heat radiation ≤600 W/s²
Wind speed ≤30 m/s
13.5.3.2 Air Sanitary Requirements
 No blast, magnetism, electricity, causticity

following table.
Table 13- 13 Storage Mechanical Deepness Requirements

Substance
Suspend dust mg/m³ ≤5.00
Drop dust mg/m²·h ≤20.0
Sand mg/m³ ≤300
Note:
Suspend dust: diameter ≤75 μm
Drop dust: 75 μm≤diameter≤150 μm


Substance
Sand: 150 μm≤diameter≤1000 μm
 Chemical active substantial deepness must be compliant with following table:
Table 13- 14 Storage Chemical Deepness Requirements

Substance
SO2 mg/m³ ≤0.30
H2S mg/m³ ≤0.10
NO2 mg/m³ ≤0.50
NH3 mg/m³ ≤1.00
Cl2 mg/m³ ≤0.10
HCl mg/m³ ≤0.10
HF mg/m³ ≤0.01
O3 mg/m³ ≤0.05
13.5.4 Environmental Requirements
The mechanical stress during storage should comply with the requirements below.
Table 13- 15 Storage Mechanical Stress Requirement
Sine vibration displacement ≤7.0 mm -
acceleration - ≤20.0 m/s²
frequency 2 Hz - 9 Hz 9 Hz - 200Hz
Non-steady Impact response II ≤250 m/s²


impact Static load ≤5 k Pa
Note:
response II represents that the time for half-sine impact response is 6ms.
Static load: The pressure on the equipments package box when it is placed by the
13.5.4.2 Waterproof Requirements
 Customer local storage requirement: indoor placement
 No accumulated water on the ground in the room, and no water leaking onto
packing cases
 Equipment should be placed away from the automatic fire protection facility,
heating apparatus, and any another places where water leakage may happen.
 If the equipment needs to be placed outdoor, the following should be satisfied:
 The packing case must be intact.
 The vehicle should provide rain shelter measures to ensure that no rain water
enters the packing case.
 There is no accumulated water in the vehicle.
 The packing case is kept from sun exposure.
14 Standard Compliance
 ITU-T recommendations about TMN concepts and functions:
ITU-T M.3000 Overview of TMN Recommendations
ITU-T M.3010 Principles for a telecommunications management network
ITU-T M.3013 Considerations for a Telecommunications Management Network

ITU-T M.3017 Framework for the integrated management of hybrid circuit/packet

networks
ITU-T M.3020 TMN interface specification methodology
ITU-T M.3100 Generic network information model
ITU-T M.3200 TMN management services overview
ITU-T M.3300 F Interface Requirements
ITU-T M.3400 TMN management functions .
 ITU-T recommendations about the communication protocol stack:
ITU-T X.200 Reference Model for OSI
ITU-T X.700 Management Framework for OSI
ITU-T X.702 Application Context for Systems Management with OSI Transaction
Processing
ITU-T X.703 Open Distributed Management Architecture
ITU-T X.710 Common management information service .
ITU-T X.711 Common management information protocol .
 RFC standards about interface protocols:
RFC 793 Transmission Control Protocol (Darpa Internet Program Protocol Specification)
RFC1155 Structure and Identification of Management Information for TCP/IP-based

Internets
RFC1212 Concise MIB Definitions
RFC1213 Management Information Base for Network Management of TCP/IP-based

internets: MIB-II
RFC1215 A Convention for Defining Traps for use with the SNMP

RFC 3411 An Architecture for Describing Simple Network Management Protocol(SNMP)

Management Frameworks
RFC 3412 Message Processing and Dispatching for the Simple Network Management
Protocol (SNMP)
RFC 3413 Simple Network Management Protocol (SNMP) Applications
RFC3414 User-based Security Model (USM) for version 3 of the Simple Network
Management Protocol (SNMPv3)
RFC3415 View-based Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP)
RFC3416 Version 2 of the Protocol Operations for the Simple Network Management
Protocol (SNMP)
RFC3417 Transport Mappings for the Simple Network Management Protocol (SNMP)
RFC3418 Management Information Base (MIB) for the Simple Network Management
Protocol (SNMP)
 ITU-T recommendations about the syntax and definitions of information models:
ITU-T X.720 Information technology- Open System Interconnection- Structure of

management information: Management information model.
ITU-T X.721 Information technology - Open System Interconnection - Structure of

management information: Definition of management information.
ITU-T X.722 Information Technology- Open System Interconnection- Structure of

management information: Guidelines for the definition of managed objects.
 ITU-T recommendations about the information model definitions and system

management functionality:
ITU-T M.3100 Generic network information model..
ITU-T X.730 Object management function .

ITU-T X.731 State management function .
ITU-T X.733 Alarm reporting function .
ITU-T X.734 Event report management function .
ITU-T X.735 Log control function .
 CORBA Specifications about OMG:
OMG, The Common Object Request Broker: Architecture and Specification ,version
2.3.1, October 1999
OMG, CORBA services: Common Object Services Specification, December 1998
OMG, Interworking Between CORBA and TMN System Specification V1.0
15 Terms & Abbreviations
15.1 Numerics
Table 15- 1 Numerics
Glossary Description
Established in December 1998, the 3rd Generation

Partnership Project (3GPP) is a collaboration between
groups of telecommunications associations, known as the
3GPP
Organizational Partners. Presently, the partners include ETSI
(Europe), ARIB and TTC (Japan), CCSA (China), TTA
(Korea), and ATIS (USA).
Established in December 1998, the 3rd Generation

Partnership Project 2 (3GPP2) is a collaboration between
telecommunications associations to make a globally
3GPP2 applicable third generation (3G) mobile phone system
specification within the scope of the ITU’s IMT-2000 project.
In practice, 3GPP2 is the standardization group for
CDMA2000, the set of 3G standards based on the earlier

cdmaOne 2G CDMA technology.
The partners include TIA (North America), CCSA (China),
ARIB/TTC (Japan), and TTA (Korea).
802.1ab IEEE Link Layer Discovery Protocol
802.1ad IEEE standard for Provider Bridge Networks
802.1ag IEEE standard for Connectivity Fault Management
802.1ah IEEE standard for MAC-in-MAC
802.1q IEEE standard for virtual LANs
15.2 A-C
Table 15- 2 A-C
AAAA Authentication, authorization, accounting, and auditing
AC Accessing Controller
ACL Access control list
Association Control Service Element (ACSE) is the OSI

method for establishing a call between two application
ACSE programs. ACSE checks the identities and contexts of the
application entities, and could apply an authentication
security check.
An access gateway (AG) provides the analog subscriber line

interface for the purpose of directly connecting common
telephone subscribers to the softswitch network. All the
AG services of PSTN are available for the subscribers, for
example, the telephone service and dial-up Internet service.
An AG encapsulates the subscriber data and subscriber line
signaling messages into IP packages.
AGCF Access Gateway Control Function
Agent is actually an NE agent. They are part of the NE

devices physically, but logically they belong to the TMN as
Agent the extension of telecom network management functions to
devices. In terms of implementation, they can be either
distributed or centralized.

AGW Access Service Network GateWay
Advanced Interactive eXecutive (AIX) IX is a UNIX operating

AIX
system developed by IBM.
AP Accessing Point
An Access Point Name (APN) is the name of a gateway

between a GPRS (or 3G, etc) mobile network and another
computer network, frequently the public Internet. Two types
APN
services are available, namely CMWAP (access to WAP
through GPRS) and CMNET (access to services except
WAP, for example connecting to the Internet).
APS Automatic Protection Switching
Address Resolution Protocol (ARP) is a telecommunications

protocol used for resolution of network layer addresses into
ARP
link layer addresses, a critical function in multiple-access
networks.
AS Application Server
AS Authentication Server
A-SBC Access-Session Border Control
The American Standard Code for Information Interchange

ASCII (ASCII) is a character-encoding scheme originally based on
the English alphabet.
ASON (Automatically Switched Optical Network) is a concept

for the evolution of transport networks which allows for
ASON dynamic policy-driven control of an optical or SDH network
based on signaling between a user and components of the
network.
Asynchronous Transfer Mode (ATM) is, according to the ATM

Forum, "a telecommunications concept defined by ANSI and
ITU (formerly CCITT) standards for carriage of a complete
ATM range of user traffic, including voice, data, and video signals,"
and is designed to unify telecommunication and computer
networks. It uses asynchronous time-division multiplexing,
and it encodes data into small, fixed-sized (53 bytes) cells.
ATPC Adaptive Transmit Power Control
B/S Browser/Server (B/S) structure, with the rise of Internet

technology, is a variation of the C/S structure or improvement
of the structure.
BBE Background Block Error
BER Bit Errored Ratio
Bidirectional Forwarding Detection (BFD) is a network

BFD protocol used to detect faults between two forwarding
engines connected by a link.
BFD Bidirectional Forwarding Detection
Border Gateway Protocol (BGP) is the protocol which is used

to make core routing decisions on the Internet; it involves a
table of IP networks or "prefixes" which designate network
BGP
reachability among autonomous systems (AS). BGP is a path
vector protocol or a variant of a Distance-vector routing
protocol.
Business & Operation Support System (BOSS) integrates the

business support system (BSS) and the operation support
BOSS
system (OSS), which serves as a comprehensive service
operation and management platform.
In telecommunications, bits per second (Bps) is the average

number of bits, characters, or blocks per unit time passing
Bps between equipment in a data transmission system. For
example, 1 bps indicates that 1 bit data can be transferred
during a second.
BS Billing System
The base station controller (BSC) provides, classically, the

intelligence behind the BTSs. Typically a BSC has tens or
even hundreds of BTSs under its control. The BSC handles
allocation of radio channels, receives measurements from the
mobile phones, and controls handovers from BTS to BTS
(except in the case of an inter-BSC handover in which case
control is in part the responsibility of the anchor MSC). A key
BSC
function of the BSC is to act as a concentrator where many
different low capacity connections to BTSs (with relatively low
utilization) become reduced to a smaller number of
connections towards the mobile switching center (MSC) (with
a high level of utilization). Overall, this means that networks
are often structured to have many BSCs distributed into
regions near their BTSs which are then connected to large

centralized MSC sites.
Business support systems (BSS) are the components that a

BSS telephone operator or telco uses to run its business
operations towards customers.
A base transceiver station (BTS) is a piece of equipment that

facilitates wireless communication between user equipment
(UE) and a network. UEs are devices like mobile phones
(handsets), WLL phones, computers with wireless internet
BTS
connectivity, WiFi and WiMAX devices and others. The
network can be that of any of the wireless communication
technologies like GSM, CDMA, Wireless local loop, WAN,
WiFi, WiMAX, etc.
The client/server (C/S) model is a distributed application

structure in computing that partitions tasks or workloads
between the providers of a resource or service, called
servers, and service requesters, called clients. Often clients
and servers communicate over a computer network on
separate hardware, but both client and server may reside in
C/S
the same system. A server is a host that is running one or
more server programs which share their resources with
clients. A client does not share any of its resources, but
requests a server's content or service function. Clients
therefore initiate communication sessions with servers which
await incoming requests.
Capital Expenditure (CAPEX)is used by a company to

CAPEX acquire or upgrade physical assets such as equipment,
property, or industrial buildings.
Code Division Multiple Access (CDMA) is a channel access

method used by various radio communication technologies.
CDMA employs spread-spectrum technology and a special
CDMA
coding scheme (where each transmitter is assigned a code)
to allow multiple users to be multiplexed over the same
physical channel.
CE Carrier-class Ethernet
Customer Experience Management Center (CEMC) is an

CEMC end-to-end user experience management that assesses the
overall quality of user experience (QoE) in a multi-technology

environment.
Along with the increasing number of services over the

Internet, a higher standard is posed on the carrier-class
network fault detection and management. According to
operators’ requirements, the switching devices and optical
network devices should support the Operations,
Administration, and Maintenance (OAM) functions to ensure
CFM(Connectivity
that the Ethernet can provide carrier-class functions, such as
Fault Management)
the timely detection, recovery, and management of network
exceptions (for example, service degrading and failure).
IEEE 802.1ag Connectivity Fault Management (CFM) is a
standard defined by IEEE. It defines protocols and practices
for OAM for paths through 802.1 bridges and local area
networks (LANs).
CGSL Carrier-class Linux server
Committed information rate or CIR in a Frame relay network

is the average bandwidth for a virtual circuit guaranteed by an
CIR ISP to work under normal conditions. At any given time, the
bandwidth should not fall below this committed figure. The
bandwidth is usually expressed in kilobits per second (kbit/s).
Citrix, which is a world-leading software provider, has put

forwards the digital independence technology that is capable
CITRIX
of releasing any application to a client device through any
network connection.
A command-line interface (CLI) is a means of interacting with

a computer program where the user (or client) issues
CLI
commands to the program in the form of successive lines of
text (command lines).
The client of a network management system provides the

Client graphical user interfaces and includes a workstation
functional module.
Configuration Management (CM) is to prepare, initialize, and

start the interactive services by collecting the data from open
CM
systems and setting the data, and it enables consecutive
operation of the services and termination of them.
The Common Management Information Protocol (CMIP)

CMIP allows communication between network management
applications and management agents.

A core network, or network core, is the central part of a

CN telecommunication network that provides various services to
customers who are connected by the access network.
A community string is used in authentication, access control,

Community and conversion agent services between an SNMP agent and
multiple managers.
The Common Object Request Broker Architecture (CORBA)

is a standard defined by the Object Management Group
CORBA (OMG) that enables software components written in multiple
computer languages and running on multiple computers to
work together.
CoS Classes of Service
A cyclic redundancy check (CRC) is an error-detecting code

CRC commonly used in digital networks and storage devices to
detect accidental changes to raw data.
Circuit switching is a methodology of implementing a

telecommunications network in which two network nodes
CS
establish a dedicated communications channel (circuit)
through the network before the nodes may communicate.
CSF Client Signal Fail
A comma-separated values (CSV) file stores tabular data

CSV
(numbers and text) in plain-text form.
Call Trace System (CTS) is an independent functional

subsystem of OSS that implements the network-wide call
CTS
trace functions. It interacts with and collects the necessary
signaling messages from ZTE 2/3G RAN, CN, and IMS NEs.
Connection Verification (CV) is to enable the ingress LSR to

send the testing packets (the CV packets) periodically (for
example, per second) to the egress LSR. The packets have
CV
the same ingress LSR ID and source LSP. The egress LSR
resolves the ID information of the received CV packets to
determine if connection verification failed.
Coarse Wavelength Division Multiplexing (CWDM) is a

CWDM low-cost WDM transmission technology employed over the
access layer of MAN.

15.3 D-F
Table 15- 3 D-F
Database (DB) interface is an interface used by carriers to

DB Interface access the local network management systems and get
needed data through database links.
The data communication network (DCN) transfers the

information for network management systems. The network
consists of the following nodes: SDH NEs (actually the main
control boards or main control units of SDH devices), routers,
DCN
switches, hubs; it also includes the transmission devices, for
example, SDH devices, other transmission devices, and
modems; the involved transmission media are cables and
optical fibers.
Digital Data Network (DDN) is a data transmission network

designed to transmit data through digital channels. It provides
permanent and semi-permanent digital transmission
channels for communications between computers and also
for transmission of digital fax data, digital voice data, digital
graphic data, and other digital data. A permanent digital
transmission channel is a fixed circuit established between
DDN users with a dedicated bandwidth, which transfers data in an
unchanged rate. A semi-permanent digital data channel is a
non-switching connection for users. Users can submit
applications for network maintainers to modify the
transmission rate, the destination, and the routes accordingly.
Carriers provide the flexible, convenient digital circuit lease
service that allows customers to build their own dedicated
network.
DEM Demodulator
DEMUX Demultiplexer
The Dynamic Host Configuration Protocol (DHCP) is a

network protocol used to configure devices that are
connected to a network (known as hosts) so they can
DHCP
communicate on that network using the Internet Protocol (IP).
It involves clients and a server (or a group of servers)
operating in a client-server model.

A Domain Name Server (DNS) stores the domain names of

all hosts in the network as well as their matching ID
DNS
addresses. Moreover, the server is capable of translating
domain names into IP addresses.
A denial-of-service attack (DoS attack) is an attempt to make

a machine or network resources unavailable to its intended
users. In general terms, DoS attacks are implemented by
either forcing the targeted computer(s) to reset, or consuming
DoS
its resources by sending a great number of specific requests
so that it can no longer provide its intended service or
obstructing the communication media between the intended
users and the victim.
Deep Packet Inspection (DPI) is a form of computer network

packet filtering that examines the data part (and possibly also
the header) of a packet as it passes an inspection point,
DPI searching for protocol non-compliance, viruses, spam,
intrusions, or defined criteria to decide whether the packet
may pass or if it needs to be routed to a different destination,
or, for the purpose of collecting statistical information.
Disaster Recovery (DR) is the process, policies and

procedures that are related to preparing for recovery or
continuation of technology infrastructure which are vital to an
organization after a natural or human-induced disaster. Two
or more sets of IT systems with the same functions are built
DR respectively in different places that are distant from each
other. These systems can detect the state of each other and
allows switchover between/among them. When a system is
down due to exceptions (such as fires and earthquakes),
another system will take the role of it to ensure non-stopped
services.
Disaster Recovery Planning (DRP) is a documented process

DRP or set of procedures to recover and protect a business IT
infrastructure in the event of a disaster.
Digital Subscriber Line (DSL) is a family of technologies that

provide Internet access by transmitting digital data over the
DSL
wires of a local telephone network. For example, there are
such broadband access technologies as ADSL and VDSL.
DSLAM A Digital Subscriber Line Access Multiplexer (DSLAM) is a

network device, often located in the telephone exchanges of
the telecommunications operators. It connects multiple
customer digital subscriber line (DSL) interfaces to a
high-speed digital communications channel using
multiplexing techniques.
Dense Wavelength Division Multiplexing (DWDM) is a

fiber-optic transmission technique that employs light
DWDM
wavelengths to transmit data parallel- by-bit or serial-
by-character.
EAP Extensible Authentication Protocol
EAPOL Extensible Authentication Protocol over Wireless LAN
EAPS Ethernet Automatic Protection Switching
Embedded Control Channel (ECC) is a logical path between

ECC SDH NEs. Data Communications Channel (DCC) serves as
the physical layer for ECC.
EDI External Data Interface
EFS Errored Free Second
EIR Excess Information Rate
Enterprise JavaBeans (EJB) is a managed, server-side

component architecture for modular construction of
EJB enterprise applications. The EJB specification is one of
several Java APIs in the Java EE specification. It features the
network service support and SDK.
Enterprise Management Bus (ZTE internal interface

EMB
standard)
EMC Electro Magnetic Compatibility
Equipment Management Information System (EMIS) is the IT

system that manages customer device information. It records
and manages the following key data: basic information of
EMIS customer devices, warranty information, stock information,
engineering and maintenance archive information. The
system is oriented to contracts, customers, equipment,
networks, and engineering archives.
EML Element management Layer

Located between OMM (NEs in the fixed network) and NMS,

an element management system (EMS) is a manager to
focus on a particular type of network elements and implement
EMS centralized management of them. On one hand, it interacts
with NMS for further network management; on the other
hand, it implements centralized management of OMMs and
NEs in the domain.
Ethernet Private Line (EPL) is a data service providing a

point-to-point Ethernet Virtual Connection (EVC) between a
EPL
pair of dedicated User–network interfaces (UNIs), with a high
degree of transparency.
Ethernet Private LAN (EPLAN) provides multiple UNIs, each

of which is for the services of a single customer. It
EPLAN implements the multipoint-to-multipoint Ethernet connection
for customers. Its basic feature is the dedicated transmission
bandwidth for a user rather than shared by users.
An Ethernet Passive Optical Network (EPON) is an emerging

access network technology that provides a low-cost method
EPON of deploying optical access lines between a carrier's central
office and customer sites. Ethernet-based services can run
over EPON, such as broadband, VoIP, and IPTV.
ERPS Ethernet Ring Protection Switching
ETCA Enhanced Tele-Communication Computing Architecture
Ethernet Continuity Check (ETH-CC) is an Ethernet OAM

ETH-CC
detection technology.
Ethernet Loopback (ETH-LB) is an Ethernet OAM detection

ETH-LB
technology.
Ethernet Link Trace (ETH-LT) is an Ethernet OAM detection

ETH-LT
technology.
eTOM (enhanced Enhanced Telecom Operations Map (eTOM) is the most

Telecom Operations widely adopted standard of telecom business and functional
Map) processes required by service providers.
ETSI European Telecommunications Standards Institute
EVPL Ethernet Virtual Private Line
Ethernet Virtual Private LAN (EVP-LAN) or E-LAN is a

EVP-LAN multipoint-to-multipoint Ethernet Virtual Connection defined
by the Metro Ethernet Forum — a Carrier Ethernet equivalent

of Virtual Private LAN Service (VPLS) or Transparent LAN
Services.
The F interface, an internal interface of EMS, is generally

located between the EMS server and various clients.
Generally, centralized deployment is used for EMS, where
F Interface the EMS server acts as the Manager. The clients can be in
different forms, such as implementation of G interfaces and
even the northbound interfaces between EMS and NMS. An
F interface is the one between the server and these clients.
Fault Management, Configuration Management, Accounting

FCAPS Management, Performance Management, and Security
Management
FES Far end Errored Seconds
Fault Management (FM) is an important component of U31,

which primarily collects and manages different alarms
generated during operation of devices. Through fault
FM
management, users can learn the operational status of
networks and take measures accordingly if alarms are sent
from devices.
FRR Fast Re-Route
File Transfer Protocol (FTP) is a standard network protocol

FTP used to transfer files from one host to another host over a
TCP-based network, such as the Internet.
FTTB Fiber To The Building
FTTH Fiber To The Home
15.4 G-I
Table 15- 4 G-I
The G interface is the man-machine interface (MMI) that

G Interface EMS provides to O&M personnel. It can be a web interface
based on the B/S architecture, the Java Swing and Delphi

based on the C/S architecture, and the CLI.
GbE Giga bit Ethernet
The General Communication Channel (GCC) defined by

G.709 is an in-band side channel used to carry transmission
GCC
management and signaling information within Optical
Transport Network elements.
As an extended product for the cluster-based disaster

recovery solution, Global Cluster Option (GCO) provides the
GCO
cluster and duplication technologies, which minimizes the
planned and unplanned system downtime.
The Guidelines for the Definition of Managed Objects

(GDMO) is a specification for defining managed objects of
interest to the Telecommunications Management Network. It
GDMO uses a standard language to describe such objects as
workstations, LAN servers, and switches; furthermore it
controls and listens to the status of NEs in the whole
network through programs.
Gateway Network Elements (GNEs) are the network

GNE elements (NEs) that the provide links to other NEs in the
telecom systems and networks such as SONET/SDH/DLC.
The Graphical User Interface (GUI) is one of the most

GUI commonly used clients. Almost all the network management
systems provide clients of GUIs.
High Availability (HA) is a system design approach and

associated service implementation that ensures a
prearranged level of operational performance will be met
HA
during a contractual measurement period. The downtime
due to planned and unplanned events is shortened while
system/application availability is improved.
Health Check can be performed for EMSs and managed

NEs. For EMSs, it checks the operational state of the
Health Check systems, the table space, and the hard disk space.
Moreover, it checks the operational status of links to
managed NEs.
A Home Gateway (HGW) is the intelligent gateway deployed

HGW
between information devices in a house and the intelligent

broadband access network.
HSB Hot Standby
The Home Subscriber Server (HSS), or User Profile Server

Function (UPSF), is a master user database that supports
the IMS network entities that actually handle calls. It
HSS contains the subscription-related information (subscriber
profiles), performs authentication and authorization of the
user, and can provide information about the subscriber's
location and IP information.
HyperText Markup Language (HTML) is the main markup

HTML language for creating web pages and other information that
can be displayed in a web browser.
The Hypertext Transfer Protocol (HTTP) is an application

protocol for distributed, collaborative, hypermedia
information systems. HTTP is the foundation of data
communication for the World Wide Web.
HTTP
Hypertext is a multi-linear set of objects, building a network
by using logical links (the so-called hyperlinks) between the
nodes (e.g. text or words). HTTP is the protocol to exchange
or transfer hypertext.
An Integrated Access Device (IAD) is a customer premise

device that provides access to wide area networks and the
Internet. Specifically, it aggregates multiple channels of
IAD
information including voice and data across a single shared
access link to a carrier or service provider PoP (Point of
Presence).
The Internet Control Message Protocol (ICMP) is one of the

core protocols of the Internet Protocol Suite. It is used by the
operating systems of networked computers to send error
ICMP
messages indicating, for example, that a requested service
is not available or that a host or router could not be reached.
ICMP can also be used to relay query messages.
An interface description language (or alternatively, interface

definition language), or IDL for short, is a specification
IDL language used to describe a software component's
interface. IDLs describe an interface in a
language-independent way, enabling communication

between software components that do not share a language.
CORBA uses an interface definition language (IDL) to
specify the interfaces which objects present to the outer
world. CORBA then specifies a mapping from IDL to a
specific implementation language like C++ or Java.
An intrusion detection system (IDS) is a device or software

application that manages network or system activities for
IDS
malicious activities or policy violations and produces reports
to a management station.
IDU Indoor Unit
Institute of Electrical and Electronics Engineers (IEEE), an

association dedicated to advancing innovation and
technological excellence for the benefit of humanity, is the
IEEE world’s largest technical professional society. It is designed
to serve professionals involved in all aspects of the
electrical, electronic and computing fields and related areas
of science and technology that underlie modern civilization.
The Internet Engineering Task Force (IETF) develops and

promotes Internet standards, cooperating closely with the
W3C and ISO/IEC standards bodies and dealing in
IETF
particular with standards of the Internet protocol suite
(TCP/IP). It is an open standards organization, with no
formal membership or membership requirements.
The Internet Group Management Protocol (IGMP) is a

communications protocol used by hosts and adjacent
routers on IP networks to establish multicast group
IGMP
memberships. IGMP is an integral part of IP multicast. IGMP
messages are carried in bare IP packets with IP protocol
number 2.
Inventory Management (IM) is designed to manage the

inventory (namely the software/hardware) for carriers, for
example, the NE board information includes the rack
IM number, shelf number and slot number, sequence number,
mother board type, inventory type, inventory management
status, electronic label, board name, and equipment
manufacture date.
The IP Multimedia Subsystem (IMS) is an architectural

IMS
framework for delivering IP multimedia services. To ease the

integration with the Internet, IMS uses IETF protocols
wherever possible, e.g., SIP. According to the 3GPP, IMS is
not intended to standardize applications, but rather to aid the
access of multimedia and voice applications from wireless
and wireline terminals, i.e., to create a form of fixed-mobile
convergence (FMC). This is done by having a horizontal
control layer that isolates the access network from the
service layer. From a logical architecture perspective,
services need not have their own control functions, as the
control layer is a common horizontal layer. However in
implementation this does not necessarily map into greater
reduced cost and complexity.
Intrusion prevention systems (IPS), also known as intrusion

detection and prevention systems (IDPS), are network
security appliances that manage network and/or system
IPS activities for malicious activity. The main functions of
intrusion prevention systems are to identify malicious
activity, log information about this activity, attempt to
block/stop it, and report it.
Internet Protocol television (IPTV) is a system through which

television services are delivered using the Internet protocol
IPTV suite over a packet-switched network such as the Internet,
instead of being delivered through traditional terrestrial,
satellite signal, and cable television formats.
Integrated Services Digital Network (ISDN) is a set of

communication standards for simultaneous digital
ISDN transmission of voice, video, data, and other network
services over the traditional circuits of the public switched
telephone network.
ITU International Telecommunication Union
ITU-R Radio standardization sector of ITU
The ITU Telecommunication Standardization Sector (ITU-T)

is one of the three sectors (divisions or units) of the
ITU-T
International Telecommunication Union (ITU); it coordinates
standards for telecommunications.

15.5 J-L
Table 15- 5 J-L
Java Platform, Enterprise Edition or Java EE is Oracle's

enterprise Java computing platform. The platform provides
an API and runtime environment for developing and running
Java EE
enterprise software, including network and web services,
and other large-scale, multi-tiered, scalable, reliable, and
secure network applications.
Java Data Base Connectivity (JDBC) is a Java-based data

access technology (Java Standard Edition platform) from
JDBC Oracle Corporation. This technology is an API for the Java
programming language that defines how a client may
access a database.
JavaServer Pages (JSP) is a technology that helps software

developers create dynamically generated web pages based
JSP on HTML, XML, or other document types. Released in 1999
by Sun Microsystems, JSP is similar to PHP, but it uses the
Java programming language.
A Java Virtual Machine (JVM) is a program which executes

certain other programs, namely those containing Java
bytecode instructions. JVM's are most often implemented to
run on an existing operating system, but can also be
implemented to run directly on hardware. A JVM provides a
run-time environment in which Java byte code can be
executed, enabling features such as automated exception
JVM
handling, which provides root-cause debugging information
for every software error (exception). A JVM is distributed
along with Java Class Library, a set of standard class
libraries (in Java bytecode) that implement the Java
application programming interface (API). These libraries,
bundled together with the JVM, form the Java Runtime
Environment (JRE).
A key performance indicator (KPI) is a type of performance

KPI measurement. An organization may use KPIs to evaluate its
success, or to evaluate the success of a particular activity in

which it is engaged.
Within the IEEE specification the Link Aggregation Control Protocol

(LACP) provides a method to control the bundling of several
physical ports together to form a single logical channel. LACP
LACP
allows a network device to negotiate an automatic bundling of links
by sending LACP packets to the peer (directly connected device
that also implements LACP).
LAG Link aggregation
LAN Local Area Network
A local craft terminal (LCT) is connected to the

SDN/PTM/OTN devices through the COM or LCT port of
LCT
switches. It maintains and configures the parameters/data in
the system.
The Lightweight Directory Access Protocol (LDAP) is an application
LDAP protocol for accessing and maintaining distributed directory
information services over an Internet Protocol (IP) network.
A license refers to the permission that someone needs to

purchase for the purpose of ownership. Regarding software,
License
inventors employ the license software to ensure their rights
and interests.
The Link Layer Discovery Protocol (LLDP) is a

vendor-neutral link layer protocol in the Internet Protocol
LLDP Suite used by network devices for advertising their identity,
capabilities, and neighbors on an IEEE 802 local area
network, principally wired Ethernet.
A local maintenance terminal (LMT) is connected to the

LMT managed NEs through their ports. It maintains and
configures the parameters/data in the system.
LOF Loss Of Frame
LOS Loss Of Input Signal
In MPLS networking, a label-switched path (LSP) is a path

through an MPLS network, set up by a signaling protocol
LSP
such as LDP, RSVP-TE, BGP or CR-LDP. The path is set up
based on criteria in the forwarding equivalence class (FEC).
LTE Long Term Evolution (LTE), marketed as 4G LTE, is a

standard for wireless communication of high-speed data for
mobile phones and data terminals. It is based on the
GSM/EDGE and UMTS/HSPA network technologies,
increasing the capacity and speed using a different radio
interface together with core network improvements. The
standard is developed by the 3rd Generation Partnership
Project (3GPP) and is specified in its Release 8 document
series, with minor enhancements described in Release 9.
15.6 M-O
Table 15- 6 M-O
MA The maintenance association (MA) defined in Ethernet OAM
In the seven-layer OSI model of computer networking, media

access control (MAC) data communication protocol is a
sublayer of the data link layer, which itself is layer 2. The MAC
MAC sublayer provides addressing and channel access control
mechanisms that make it possible for several terminals or
network nodes to communicate within a multiple access
network that incorporates a shared medium, e.g. Ethernet.
MD Maintenance Domain
A Medium Dependent Interface (MDI) describes the interface

(both physical and electrical) in a computer network from a
MDI/MDI-X physical layer implementation to the physical medium used to
carry the transmission. Ethernet over twisted pair also defines
a Medium Dependent Interface Crossover (MDIX) interface.
MDU Multi Dwelling Unit for FTTB
MEP Maintenance association End Point
MG Media Gateway
A management information base (MIB) is a virtual database

used for managing the entities in a communications network.
MIB Most often associated with the Simple Network Management
Protocol (SNMP), the term is also used more generically in
contexts such as in OSI/ISO Network management model.

A man-machine language (MML) is the command line tool

provided by EMSs. It allows users to execute a single
MML
command or batch commands to implement management
operations for managed objects.
A managed object (MO) is the abstract representation of a

managed NE’s resources related to management functions,
MO
no matter whether the resources are physical, logic, dynamic
or static.
In telecommunications, Multi-Technology Operations System

Interface (MTOSI) is a standard for implementing interfaces
between OSSs. MTOSI standard is a unified open interface
MTOSI
that can be used among multiple types of management
systems to provide network and service management. MTOSI
uses eXtended Mark-Up Language (XML) based messaging.
Multiprotocol Label Switching (MPLS) is a mechanism in

high-performance telecommunications networks that directs
data from one network node to the next based on short path
MPLS
labels rather than long network addresses, avoiding complex
lookups in a routing table. The labels identify virtual links
(paths) between distant nodes rather than endpoints.
MRFC Multimedia Resource Function Controller
The Multi-Service Access Network (MSAN) supports the NEs

MSAN
of different services.
MSP Multiplex Section Protection
The Multi-Service Transfer Platform (MSTP), based on SDH,

MSTP is designed to access, process, and transmit TDM, ATM, and
Ethernet services.
Mean Time Between Failures (MTBF) is the predicted elapsed

time between inherent failures of a system during operation.
MTBF
MTBF can be calculated as the arithmetic mean (average)
time between failures of a system.
Mean Time to Repair (MTTR) is a basic measure of the

MTTR maintainability of repairable items. It represents the average
time required to repair a failed component or device.
MUX Multiplexing

NAAP Network Access Authentication Protocol
NAPT Network Address and Port Translation
In computer networking, Network Address Translation (NAT)

NAT is the process of modifying IP address information in IPv4
headers while in transit across a traffic routing device.
A northbound interface (NBI) is provided for integration of

NBI EMSs to the superior NMSs/OSSs of other vendors or the
carriers for further management.
Symantec NetBackup (NBU) is an enterprise level

heterogeneous backup and recovery suite. It provides
NBU
cross-platform backup functionality to a large variety of
Windows, UNIX and Linux operating systems.
A network element (NE) is usually defined as a manageable

logical entity uniting one or more physical devices. This allows
NE
distributed devices to be managed in a unified way using one
management system.
NetNumen™ series is a portfolio of network management

products designed for telecom networks. NetNumen™ series
NetNumen can be deployed to centrally manage and maintain ZTE
products of different networks, including switched, access,
transport, mobile, and data networks.
The Next Generation Operation System and Software

NGOSS (NGOSS) is a business-oriented solution framework
developed by TMF for defining a next-generation OSS/BSS.
A Network Management System (NMS) is a multi-technology,

NMS multi-domain, multi-vendor network management system for
telecom networks and services.
A network operation center (NOC) is an electronic O&M

NOC center where carriers can manage their network devices and
resources.
Network Time Protocol (NTP) is a networking protocol for

NTP clock synchronization between computer systems over
packet-switched, variable-latency data networks.
According to the actual network O&M needs of carriers, the

OAM network management work is divided into three categories,
namely Operation, Administration, and Maintenance (OAM).A

variety of operations are supported, for example, analyzing,
forecasting, planning, and configuring network and service
data. Maintenance activities include the tests and the fault
management tasks for carriers’ networks and services.
Optical channel (OCH) is a layer defined in the OTN

OCH
architecture.
ODU Outdoor Unit
OFDMA Orthogonal Frequency Division Multiple Access
An object identifier (OID) is a group of integers separated by

OID periods, which identifies the accurate location of an IRP in the
MIB tree.
On-Line Analysis Processing (OLAP) analyzes and

consolidates the thousands of records in multiple tables.
OLAP
Third-party reports can provide data analysis for multiple NEs
and cells.
An optical line terminal (OLT) is a device which serves as the

OLT
service provider endpoint of a passive optical network.
Object Management Group (OMG) is an international, open

membership, not-for-profit computer industry standards
consortium. OMG Task Forces develop enterprise integration
OMG standards for a wide range of technologies and an even wider
range of industries. OMG's modeling standards enable
powerful visual design, execution and maintenance of
software and other processes.
The operation maintenance module (OMM) is connected

directly to an NE. It collects NE data and executes
OMM
maintenance commands for NEs. Generally, an OMM
manages one NE.
OMMP Operation Maintenance Module Platform
Optical Multiplexing Section (OMS) is a layer defined in the

OMS
OTN architecture.
An Optical Network Unit (ONU) is a generic term denoting a

device that terminates any one of the endpoints of a fiber to
ONU the premises network, implements a passive optical network
(PON) protocol, and adapts PON PDUs to subscriber service
interfaces.
OPEX Operating Expenditure (OPEX) = Maintenance cost +

marketing cost + manpower cost (+ depreciation)
OS Operating System
The Open Systems Interconnection (OSI) model (ISO/IEC

7498-1) is a conceptual model that characterizes and
standardizes the internal functions of a communications
OSI
system by partitioning it into abstraction layers. The model is a
product of the Open Systems Interconnection project at the
International Organization for Standardization (ISO).
Open Shortest Path First (OSPF) is a link-state routing

protocol for Internet Protocol (IP) networks. It uses a link state
OSPF
routing algorithm and falls into the group of interior routing
protocols, operating within a single autonomous system (AS).
Operation Support System (OSS) is composed of network

management, system management, charging, business,
OSS
accounting and customer care, implementing information
resources integration and sharing via an information bus.
Optical Transport Network (OTN) as a set of Optical Network

Elements (ONE) connected by optical fiber links, able to
OTN provide functionality of transport, multiplexing, switching,
management, supervision and survivability of optical channels
carrying client signals.
Optical Transport System (OTS) is a layer defined in the OTN

OTS
architecture.
15.7 P-R
Table 15- 7 P-R
PBS Peak Burst Size
A Proxy-Call Session Control Function (P-CSCF) is a SIP

proxy that is the first point of contact for the IMS terminal. It
can be located either in the visited network (in full IMS
P-CSCF
networks) or in the home network (when the visited network
is not IMS compliant yet).
It provides subscriber authentication and may establish an

IPsec or TLS security association with the IMS terminal. This
prevents spoofing attacks and replay attacks and protects
the privacy of the subscriber. It can also compress and
decompress SIP messages using SigComp, which reduces
the round-trip over slow radio links.
It may include a Policy Decision Function (PDF), which
authorizes media plane resources e.g., quality of service
(QoS) over the media plane.
It is used for policy control, bandwidth management, etc.
The PDF can also be a separate function.
PDH Plesiochronous Digital Hierarchy
PIR Peak Information Rate
In performance Management (PM), EMS collects the

performance data from managed devices; it analyzes the
PM collected data to discover deterioration in network quality
and server performance. PM provides network performance
indexes for further network optimization and maintenance.
A Passive Optical Network (PON) is a point-to-multipoint,

fiber to the premises network architecture in which
unpowered optical splitters are used to enable a single
optical fiber to serve multiple premises, typically 16-128. A
PON consists of an optical line terminal (OLT) at the service
PON
provider's central office and a number of optical network
units (ONUs) near end users. A PON reduces the amount of
fiber and central office equipment required compared with
point-to-point architectures. A passive optical network is a
form of fiber-optic access network.
Packet per second (PPS) is the unit measuring the speed of

PPS
data transmission.
A packet switch (PS) is a mode in a network which uses the

packet switching paradigm for data communication. Packet
switching features delivery of variable-bit-rate data streams
(sequences of packets) over a shared network. When
PS
traversing network adapters, switches, routers and other
network nodes, packets are buffered and queued, resulting
in variable delay and throughput depending on the traffic
load in the network.
PTN The Packet Transport Network (PTN) technology includes

Transport Multi-Protocol Label Switching (T-MPLS) and
Provider Backbone Transport (PBT). T-MPLS is the
simplified and reformed Multi-Protocol Label Switching
(MPLS). It drops MPLS’ connectionless features and its
transport-unrelated forwarding processing, but adds the
network model of the transport layer, protection switching
and Operation, Administration and Maintenance (OAM)
functionality. PBT enforces both OAM and protection
functions, adds Time Division Multiplexing (TDM) business
simulation and clock functions, and strengthens
multi-service support capability. But PBT has no functions of
traditional Ethernet address learning, address broadcast and
Spanning Tree Protocol (STP). Both T-MPLS and PBT can
well satisfy the requirements of packet transport. Compared
to PBT, T-MPLS has better OAM functions.
PTP Precision Time Protocol
In computer networking and telecommunications, a pseudo

PW Wire (PW) is an emulation of a point-to-point connection
over a packet-switching network (PSN).
The Q3 interface is a part of the TMN defined by ITU.

Implemented by telecom vendors, the Q3 interface serves
as a management interface through which data is collected
Q3
and operations are performed. Although the interface
specifications are complex, it is the industry standard that all
telecom devices should comply with.
QAM Quadrature Amplitude Modulation
The quality of service (QoS) refers to several related

QoS aspects of telephony and computer networks that allow the
transport of traffic with special requirements.
Quadrature Phase Shift Keying (QPSK) is a form of Phase

Shift Keying in which two bits are modulated at once,
QPSK
selecting one of four possible carrier phase shifts (0, 90,
180, or 270 degrees).
RADIUS Remote Authentication Dial In User Service
RAID Redundant Array of Independent Disk (RAID) is a storage

technology that combines multiple disk drive components
into a logical unit. Data is distributed across the drives in one
of several ways called"RAID levels", depending on the level
of redundancy and performance required.
A Request for Comments (RFC) is a publication of the

Internet Engineering Task Force (IETF) and the Internet
RFC
Society, the principal technical development and
standards-setting bodies for the Internet.
Remote Method Invocation (RMI) is a way that a

programmer, using the Java programming language and
RMI development environment, can write object-oriented
programming in which objects on different computers can
interact in a distributed network.
Remote Monitoring (RMON) is a standard management

specification that enables various network managers
(probes) and console systems to exchange network
detection data. RMON provides network administrators with
more freedom in selecting network management probes and
consoles with features that meet their particular networking
needs. An RMON implementation typically operates in a
RMON client/server model. Management devices (commonly called
"probes" in this context) contain RMON software agents that
collect information and analyze packets. These probes act
as servers and the Network Management applications that
communicate with them act as clients. While both agent
configuration and data collection use SNMP, RMON is
designed to operate differently than other SNMP-based
systems.
In fiberoptics, a reconfigurable optical add-drop multiplexer

(ROADM) is a form of optical add-drop multiplexer that adds
the ability to remotely switch traffic from a
wavelength-division multiplexing (WDM) system at the
wavelength layer. This is achieved through the use of a
ROADM
wavelength selective switching module. This allows
individual or multiple wavelengths carrying data channels to
be added and/or dropped from a transport fiber without the
need to convert the signals on all of the WDM channels to
electronic signals and back again to optical signals.
RPO The Recovery Point Objective (RPO) is the maximum

tolerable period in which data might be lost from an IT
service due to a major incident.
RSTP Rapid Spanning Tree Protocol
The Resource Reservation Protocol (RSVP) is a Transport

Layer protocol designed to reserve resources across a
network for an integrated services Internet. RSVP operates
over an IPv4 or IPv6 Internet Layer and provides
RSVP receiver-initiated setup of resource reservations for multicast
or unicast data flows with scaling and robustness. RSVP can
be used by either hosts or routers to request or deliver
specific levels of quality of service (QoS) for application data
streams or flows.
The Recovery Time Objective (RTO) is the duration of time

and a service level within which a business process must be
RTO restored after a disaster (or disruption) in order to avoid
unacceptable consequences associated with a break in
business continuity.
15.8 S-U
Table 15- 8 S-U
A storage area network (SAN) is a dedicated network that

provides access to consolidated, block level data storage.
SANs are primarily used to make storage devices, such as
disk arrays, tape libraries, and optical jukeboxes,
accessible to servers so that the devices appear like
locally attached devices to the operating system. A SAN
SAN
typically has its own network of storage devices that are
generally not accessible through the local area network by
other devices. SANs often utilize a Fibre Channel fabric
topology - an infrastructure specially designed to handle
storage communications. It provides faster and more
reliable access than higher-level protocols used in NAS.
Serial Attached SCSI (SAS) is a point-to-point serial

SAS
protocol that moves data to and from computer storage

devices such as hard drives and tape drives. SAS replaces
the older Parallel SCSI (pronounced "scuzzy") bus
technology that first appeared in the mid-1980s. SAS, like
its predecessor, uses the standard SCSI command set.
SBC Session Border Control
A southbound interface (SBI) is the management interface

SBI that NEL provides to EML, namely the interface between
NEs and EMS.
Synchronous Digital Hierarchy (SDH) is a standardized

protocol that transfers multiple digital bit streams over
optical fiber using lasers or highly coherent light from
light-emitting diodes (LEDs). At low transmission rates
SDH data can also be transferred via an electrical interface. The
method was developed to replace the Plesiochronous
Digital Hierarchy (PDH) system for transporting large
amounts of telephone calls and data traffic over the same
fiber without synchronization problems.
The server needs to communicate with managed NEs. It

sends commands to NEs and obtains NE information; it
Server manages the NE ports and receives the messages that
NEs send in real time; furthermore, the received or
obtained NE information can be saved to the database.
SFTP Secure File Transfer Protocol
SFU Single Family Unit for FTTH
A Signaling Gateway (SGW) is a network component

responsible for transferring signaling messages (i.e.
information related to call establishment, billing, location,
short messages, address conversion, and other services)
SGW
between Common Channel Signaling (CCS) nodes that
communicate using different protocols and transports.
Transport conversion is often from SS7 to IP.
A Smart Home Location Register (SHLR) is the intelligent

SHLR
user database and data center of the network.
The Session Initiation Protocol (SIP) is a signaling

SIP communications protocol, widely used for controlling
multimedia communication sessions such as voice and

video calls over Internet Protocol (IP) networks. It is an
application layer protocol designed to be independent of
the underlying transport layer; it can run on Transmission
Control Protocol (TCP), User Datagram Protocol (UDP), or
Stream Control Transmission Protocol (SCTP).
A service-level agreement (SLA) is a part of a service

contract where a service is formally defined. It contains the
SLA
terms about the service type, service quality, and customer
payment.
Security Management (SM) is an important module of

EMS. It enables carriers to implement
SM
permission/region-based management, which ensures
reliable, continuous operation of EMS.
SML Service Management Layer
SNCP Sub-Network Connection Protection
SNML Sub-Network Management Layer
Simple Network Management Protocol (SNMP) is an

"Internet-standard protocol for managing devices on IP
networks". Devices that typically support SNMP include
SNMP routers, switches, servers, workstations, printers, modem
racks, and more. It is used mostly in network management
systems to manage network-attached devices for
conditions that warrant administrative attention.
Simple Network Management Protocol (SNMP) is an

"Internet-standard protocol for managing devices on IP
networks". Devices that typically support SNMP include
routers, switches, servers, workstations, printers, modem
racks, and more. It is used mostly in network management
systems to manage network-attached devices for
SNMP
conditions that warrant administrative attention. SNMP is a
component of the Internet Protocol Suite as defined by the
Internet Engineering Task Force (IETF). It consists of a set
of standards for network management, including an
application layer protocol, a database schema, and a set
of data objects.
Simple Network Time Protocol (SNTP) is a less complex

SNTP
implementation of NTP that is a networking protocol for

clock synchronization between computer systems over
packet-switched, variable-latency data networks.
Compared with NTP, SNMP uses the same protocol but
without requiring the storage of state over extended
periods of time. It is used in some embedded devices and
in applications where high accuracy timing is not required.
Simple Object Access Protocol (SOAP) is a protocol

specification for exchanging structured information in the
implementation of Web Services in computer networks. It
SOAP(Simple Object relies on XML Information Set for its message format, and
Access Protocol) usually relies on other Application Layer protocols, most
notably Hypertext Transfer Protocol (HTTP) or Simple Mail
Transfer Protocol (SMTP), for message negotiation and
transmission.
Solaris is the operating system developed by Sun

Solaris Microsystems, which is regarded as one OS version
derived from UNIX.
A Self-Organizing Network (SON) is an automation

technology designed to make the planning, configuration,
management, optimization and healing of mobile radio
SON access networks simpler and faster. SON functionalities
are commonly divided into three major sub-functional
groups, namely self-configuration functions,
self-optimization functions, and self-healing functions.
Structured Query Language (SQL) is a special-purpose

programming language designed for managing data held
in a relational database management system (RDBMS).
SQL
The scope of SQL includes data insert, query, update and
delete, schema creation and modification, and data access
control.
A softswitch (SS), short for software switch, is a central

device in a telecommunications network which connects
telephone calls from one phone line to another, across a
SS
telecommunication network or the public Internet, entirely
by means of software running on a general-purpose
computer system.
Secure Shell (SSH) is a cryptographic network protocol for

SSH
secure data communication, remote shell services or

command execution and other secure network services
between two networked computers that connects, via a
secure channel over an insecure network, a server and a
client (running SSH server and SSH client programs,
respectively). The protocol specification distinguishes
between two major versions that are referred to as SSH-1
and SSH-2.
SSID Service Set Identification
Secure Sockets Layer (SSL) is a cryptographic protocol

that provides communication security over the Internet. It
SSL uses asymmetric cryptography for authentication of key
exchange, symmetric encryption for confidentiality and
message authentication codes for message integrity.
Supplementary Service Server (SSS) is located at SIP AS

of IMS network application layer, providing rich voice
SSS
communication services for subscribers together with IMS
network.
STM Synchronous Transmission Mode
The Spanning Tree Protocol (STP) is a network protocol

that ensures a loop-free topology for any bridged Ethernet
local area network. The basic function of STP is to prevent
bridge loops and the broadcast radiation that results from
STP them. Spanning tree also allows a network design to
include spare (redundant) links to provide automatic
backup paths if an active link fails, without the danger of
bridge loops, or the need for manual enabling/disabling of
these backup links.
Synchronous data transmission is a data transfer method

in which a continuous stream of data signals is
accompanied by timing signals (generated by an electronic
clock) to ensure that the transmitter and the receiver are in
Synchronous data step (synchronized) with one another. The data is sent in
transmission blocks (called frames or packets) spaced by fixed time
intervals. The data blocks are grouped and spaced in
regular intervals and are preceded by special characters
called syn. When gaps appear between data
transmissions, the transmission line is in a mark state.

Transmission Control Protocol/Internet Protocol (TCP/IP)

is the basic communication language or protocol of the
TCP/IP
Internet. It can also be used as a communications protocol
in a private network (either an intranet or an extranet).
TDD Time Division Duplex
There are two modes of operation for LTE technology:

TDD and FDD. Time-division duplexing (TDD) is a method
for emulating full-duplex communication over a half-duplex
communication link. The transmitter and receiver both use
TD-LTE, FDD-LTE the same frequency but transmit and receive traffic is
switched in time. Frequency-division duplexing (FDD) is a
method for establishing a full-duplex communications link
that uses two different radio frequencies for transmitter and
receiver operation.
TDM Time Division Multiplexing
Transaction Language -1 (TL1) is an ASCII-based

TL1 man-machine language. It is a widely used management
protocol in telecommunications.
Topology Management (TM) uses graphical views to

present the topology relationships between all NEs in the
system. The topology management view consists of two
TM
parts, the left navigation tree and the right topology view.
The NEs in the topology view match the ones listed in the
navigation tree.
A T-MPLS Channel (TMC) serves as the path for services

of the transport network. A TMC transfers a customer
TMC
service entity (including a single customer service or a
group of customer services).
Telecom Management Forum (TMF) is a global, non-profit

industry association focused on simplifying the complexity
TMF of running a service provider's business through a wealth
of knowledge, intellectual capital, collaboration and
standards.
The Telecommunications Management Network (TMN) is

a protocol model defined by ITU-T for managing open
TMN systems in a communications network. It is part of the
ITU-T Recommendation series M.3000 and is based on
the OSI management specifications in ITU-T

Recommendation series X.700.
T-MPLS Path (T-MPLS Path) provides the transport

network trunks. A TMP connection transmits one or
TMP
several TMC signals between the boundaries of TMP
domains.
The T-MPLS section (TMS) layer is used for managing the

connectivity between each two adjacent nodes (using
TMS
T-MPLS OAM mechanisms) and transmitting the APS
information.
TPC has rolled out four basemark programs, namely

TPC-A, TPC-B, TPC-C, and TPC-D. Currently, A and B are
outdated. TPC-C is an online transaction processing
(OLTP) benchmark; TPC-D represents a broad range of
decision support (DS) applications. TPC is going to release
TPC-E as the benchmark for enterprise information
service. TPC-C performance is measured in new-order
tpmC
transactions per minute. The primary metrics are the
transaction rate (tpmC), the associated price per
transaction ($/tpmC), and the availability date of the priced
configuration. Here, tmp is the abbreviation of transactions
per minute, and C indicates the TPC-C benchmark. It
defines the number of new orders that the system handles
in a minute.
Technical Report 069 (TR-069) is a DSL Forum (which

was later renamed as Broadband Forum) technical
TR069 specification entitled CPE WAN Management Protocol
(CWMP). It defines an application layer protocol for remote
management of end-user devices.
U31 is the ZTE EMS system that manages ZTE wireline

and wireless NEs. As the competitive product of ZTE
NetNumen™ series, NetNumen™ U31 is a unified element
management system (UEMS) that manages ZTE devices
U31 and networks in a centralized manner. It provides
end-to-end network management solutions, covering
wireless, wireline, access network, core network,
transmission network, VAS, and multimedia terminal
devices. The componentized architecture of NetNumen™

U31 enables a convenient integration of management
modules into the mainframe. Moreover, flexible integration
is supported: only selected management modules for the
target technology networks are integrated into the system
to meet the O&M needs. Therefore under NetNumen™
U31, there can be many O&M scenarios and versions such
as NetNumen™ U31 (GULCN), NetNumen™ U31
R20,and NetNumen™ U31 (CLCN), etc..
User-centered design (UCD) is a design philosophy where

the end-user’s needs, wants and limitations are a focus at
all stages within the design process and development
lifecycle. Products developed using the UCD methodology
are optimized for end-users and emphasis is placed on
UCD how the end-users need or want to use a product instead
of forcing the end user to change his behavior to use the
product. User-centered design is a common process in
software development where typical UCD activities are
broken down into four phases in the development lifecycle:
analysis, design, implementation and deployment.
The User Datagram Protocol (UDP) is one of the core

members of the Internet protocol suite (the set of network
protocols used for the Internet). With UDP, computer
UDP applications can send messages, in this case referred to
as datagrams, to other hosts on an Internet Protocol (IP)
network without prior communications to set up special
transmission channels or data paths.
UEMS Unified EMS
The ZTE Unified Element Management Platform (UEP) is

designed to provide the following functionalities: O&M
management, NE management system, network
UEP
management system, and service management system. It
provides standard interfaces and shared modules, which
speeds up system development and reduces investment.
Unified Modeling Language (UML) is a standardized,

general-purpose modeling language in the field of software
engineering. The UML includes a set of graphic notation
UML
techniques to create visual models of object-oriented
software-intensive systems.
Unified Modeling Language (UML) combines techniques

from data modeling (entity relationship diagrams),
business modeling (work flows), object modeling, and
component modeling. It can be used with all processes,
throughout the software development life cycle, and across
different implementation technologies.
The Universal Mobile Telecommunications System

(UMTS) is a third generation mobile cellular system for
networks based on the GSM standard. Developed and
maintained by the 3GPP (3rd Generation Partnership
Project), UMTS is a component of the International
UMTS Telecommunications Union IMT-2000 standard set and
compares with the CDMA2000 standard set for networks
based on the competing cdmaOne technology. UMTS
uses wideband code division multiple access (W-CDMA)
radio access technology to offer greater spectral efficiency
and bandwidth to mobile network operators.
User Network Interface (UNI) connects ATM end systems

UNI (such as hosts and routers) or user equipment and ATM
equipment for example a workstation and the ATM switch.
15.9 V-X
Table 15- 9 V-X
VAS Value Added Service
Veritas Cluster Server (also known as VCS and also sold

bundled in the SFHA product) is a High-availability cluster
software, for Unix, Linux and Microsoft Windows computer
VCS systems, created by Veritas Software (now part of
Symantec). It provides application cluster capabilities to
systems running other applications, including databases,
network file sharing, and electronic commerce websites.
In computer networking, a single layer-2 network may be

partitioned to create multiple distinct broadcast domains,
VLAN
which are mutually isolated so that packets can only pass
between them via one or more routers; such a domain is

referred to as a Virtual Local Area Network (VLAN).
Virtual Private LAN Service (VPLS) is a way to provide

Ethernet based multipoint to multipoint communication
over IP/MPLS networks. It allows geographically dispersed
VPLS sites to share an Ethernet broadcast domain by
connecting sites through pseudo-wires. The technologies
that can be used as pseudo-wire can be Ethernet over
MPLS, L2TPv3 or even GRE.
A virtual private network (VPN) extends a private network

across public networks like the Internet. It enables a host
computer to send and receive data across shared or public
networks as if they were an integral part of the private
VPN network with all the functionality, security and
management policies of the private network. This is done
by establishing a virtual point-to-point connection through
the use of dedicated connections, encryption, or a
combination of the two.
The Virtual Router Redundancy Protocol (VRRP) is a

computer networking protocol that provides for automatic
assignment of available Internet Protocol (IP) routers to
VRRP
participating hosts. This increases the availability and
reliability of routing paths via automatic default gateway
selections on an IP subnetwork.
Veritas Volume Replicator (VVR) provides continuous

data replication enabling rapid recovery of critical
VVR applications at remote recovery sites across any distance
using IP networks. It supports both synchronous and
asynchronous modes.
WLAN Authentication and Privacy Infrastructure (WAPI) is

WAPI a Chinese National Standard for Wireless LANs to ensure
LAN security.
In fiber-optic communications, wavelength-division

multiplexing (WDM) is a technology which multiplexes a
number of optical carrier signals onto a single optical fiber
WDM
by using different wavelengths (i.e. colors) of laser light.
This technique enables bidirectional communications over
one strand of fiber, as well as multiplication of capacity.

WLAN Wireless Local Access Network
The WorkStation Function (WSF) converts the

management information sent through the F interface into
the format to be transferred through the G interface. Users
can understand the information that they get from the G
WSF
interface. The function provides import/export approaches
for TMN management information. WSF supports the
interface for users and provides data import/export
functions for end-users.
WTR Wait-to-Restore
Extensible Markup Language (XML) is a markup language

that defines a set of rules for encoding documents in a
format that is both human-readable and
machine-readable. The design goals of XML emphasize
simplicity, generality, and usability over the Internet. It is a
XML
textual data format with strong support via Unicode for the
languages of the world. Although the design of XML
focuses on documents, it is widely used for the
representation of arbitrary data structures, for example in
web services.

NetNumen U31 R20 Product Description

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NetNumen U31 R20 Product Description

Uploaded by

Copyright:

Available Formats

NetNumen U31 R20 Product

NetNumen U31 R20 Product Description

© 2021 ZTE. All rights reserved. Confidential▲ 1

4 System Networking & Solution................................................................................. 13

2 © 2021 ZTE. All rights reserved. Confidential▲

4.5.1 Consolidated Management Across Fixed Networks.................................................. 21

6 Basic Function Introduction...................................................................................... 38

© 2021 ZTE. All rights reserved. Confidential▲ 3

7 FTTx Network Feature Management........................................................................67

8 DPUNetwork Feature Management..........................................................................90

9 MSAN Network Feature Management..................................................................... 98

4 © 2021 ZTE. All rights reserved. Confidential▲

9.5 VDSL Management.......................................................................................................101

© 2021 ZTE. All rights reserved. Confidential▲ 5

12.3.1 Coefficients for Conversion between Other NEs and Wireline-LEs错误！未定义书签。

15 Terms & Abbreviations............................................................................................. 165

6 © 2021 ZTE. All rights reserved. Confidential▲

Figure 1- 1 NetNumen™ U31 Location in TMN Layers................................................................... 2

© 2021 ZTE. All rights reserved. Confidential▲ 7

Figure 11- 3 Disaster Recovery Solution(1+1 mode)................................................................141

Table 1- 1 Manageable NE Type......................................................................................................3

8 © 2021 ZTE. All rights reserved. Confidential▲

Table 6- 17 Patrolling Project.............................................................................................................64

© 2021 ZTE. All rights reserved. Confidential▲ 9

Table 7- 29 ONU-level Cutover Functions.................................................................................... 89

10 © 2021 ZTE. All rights reserved. Confidential▲

Table 15- 5 J-L................................................................................................................................... 181

© 2021 ZTE. All rights reserved. Confidential▲ 11

1.1 Network Operation & Maintenance Trend

1.2 Brief Introduction

NetNumen™ U31 is an integrated element management system under ZTE

© 2021 ZTE. All rights reserved. Confidential▲ 1

1.3 Product Positioning

According to TMN hierarchical division, NetNumen™ U31 is located at element

Figure 1- 1 NetNumen™ U31 Location in TMN Layers

In addition to configuration management, performance management, fault management

2 © 2021 ZTE. All rights reserved. Confidential▲

1.4 Manageable Fixed Access NE Type

Table 1- 1 Manageable NE Type

Category Product Type Product List

ZXDSL8210, ZXDSL8220, ZXDSL8203,

© 2021 ZTE. All rights reserved. Confidential▲ 3

2.1 Integrated Network Management to Implement

 Unified management of IT/IP hardware&software: U31 R20 can manage IT/IP

2.2 Advanced Architecture and High Scalability

Figure 2- 1 Flexible system architecture

 Carrier-class reliability enhances user satisfaction: NetNumen™U31 R20 is highly

4 © 2021 ZTE. All rights reserved. Confidential▲

 Good openness makes it easy to integrate with 3rd-party management systems:

 Multiple access modes & networking methods guarantee network management

2.3 Standard Northbound Interfaces for Convenient

 Support SNMP interface in compliance with SNMPv2 and SNMPv3.

 Support CORBA interface in compliance with TMF 814.

 Support FTP interface.

© 2021 ZTE. All rights reserved. Confidential▲ 5

 Support TL1 interface in compliance with Bellcore GR-831.

 Support XML interface.

2.4 Comprehensive Security Mechanism to Ensure

Complete security management enables controllable and safe system: Multiple

Figure 2- 2 Complete security management

6 © 2021 ZTE. All rights reserved. Confidential▲

 Integration with AAAA systems

 Integration with external LDAP and RADIUS authentication systems.

 TMF 615 security interfaces